PageRenderTime 8ms CodeModel.GetById 21ms app.highlight 21ms RepoModel.GetById 1ms app.codeStats 0ms

/public_html/old/phorum/common.php

https://gitlab.com/thejuskrishna/xmec
PHP | 469 lines | 431 code | 19 blank | 19 comment | 4 complexity | 08709e635febfe6b8ce073583a3cec16 MD5 | raw file
  1<?php
  2  if ( defined( "_COMMON_PHP" ) ) return;
  3  define("_COMMON_PHP", 1 );
  4
  5  // These variables may be altered as needed:
  6
  7  // location where settings are stored
  8  $settings_dir="/usr163/home/x/m/xmec/settings/phorum_settings";  // no ending slash
  9
 10  // If you have dynamic vars for GET and POST to pass on:
 11  // AddGetPostVars("dummy", $dummy);
 12
 13  // Get all XMEC stuff...
 14  
 15  include_once ("../xmec.inc");
 16  XMEC::authenticate_user();
 17  $xmec_user =& XMEC::getUser();
 18  if ($xmec_user->isLoggedIn()) {
 19	$phorum_auth = $xmec_user->get('id');
 20  } else {
 21	$phorum_auth = NULL;
 22  }
 23
 24//////////////////////////////////////////////////////////////////////////////////////////
 25// End of normally user-defined variables
 26//////////////////////////////////////////////////////////////////////////////////////////
 27
 28
 29  // See the FAQ on what this does.  Normally not important.
 30  // **TODO: make this a define and figure out where we really need it.
 31  $cutoff = 800;
 32
 33  $phorumver="3.3.2a";
 34
 35  // all available db-files
 36  $dbtypes = array(
 37           'mysql' => "MySQL",
 38           'postgresql65' => "PostgreSQL 6.5 or newer",
 39           'postgresql' => "PostgreSQL (older than 6.5)"
 40           );
 41
 42  // handle configs that have register_globals turned off.
 43  // we use $PHP_SELF as the test since it should always be there.
 44  // We might need to consider not using globals soon.
 45  if(!isset($PHP_SELF)) {
 46     include ("./include/register_globals.php");
 47  }
 48
 49  // *** Some Defines ***
 50
 51  // security
 52  define("SEC_NONE", 0);
 53  define("SEC_OPTIONAL", 1);
 54  define("SEC_POST", 2);
 55  define("SEC_ALL", 3);
 56
 57  // signature
 58  define("PHORUM_SIG_MARKER", "[%sig%]");
 59
 60  // **TODO: move all this into the admin
 61  $GetVars="";
 62  $PostVars="";
 63  function AddGetPostVars($var, $value){
 64    global $GetVars;
 65    global $PostVars;
 66    $var=urlencode($var);
 67    $value=urlencode($value);
 68    $GetVars.="&";
 69    $GetVars.="$var=$value";
 70    $PostVars.="<input type=\"hidden\" name=\"$var\" value=\"$value\">\n";
 71  }
 72
 73  function AddPostVar($var, $value){
 74    AddGetPostVars($var, $value);
 75  }
 76
 77  function AddGetVar($var, $value){
 78    AddGetPostVars($var, $value);
 79  }
 80
 81  // **TODO: switch to get_html_translation_table
 82  function undo_htmlspecialchars($string){
 83
 84    $string = str_replace("&amp;", "&", $string);
 85    $string = str_replace("&quot;", "\"", $string);
 86    $string = str_replace("&lt;", "<", $string);
 87    $string = str_replace("&gt;", ">", $string);
 88
 89    return $string;
 90  }
 91
 92  function htmlencode($string){
 93    $ret_string="";
 94    $len=strlen($string);
 95    for($x=0;$x<$len;$x++){
 96      $ord=ord($string[$x]);
 97      $ret_string .= "&#$ord;";
 98    }
 99    return $ret_string;
100  }
101
102  function my_nl2br($str){
103    return str_replace("><br />", ">", nl2br($str));
104  }
105
106  function bgcolor($color){
107    return ($color!="") ? " bgcolor=\"".$color."\"" : "";
108  }
109
110  // **TODO: replace with wordwrap soon. Will require some changes to the calls.
111  function textwrap ($String, $breaksAt = 78, $breakStr = "\n", $padStr="") {
112
113    $newString="";
114    $lines=explode($breakStr, $String);
115    $cnt=count($lines);
116    for($x=0;$x<$cnt;$x++){
117      if(strlen($lines[$x])>$breaksAt){
118        $str=$lines[$x];
119        while(strlen($str)>$breaksAt){
120          $pos=strrpos(chop(substr($str, 0, $breaksAt)), " ");
121          if ($pos == false) {
122            break;
123          }
124          $newString.=$padStr.substr($str, 0, $pos).$breakStr;
125          $str=trim(substr($str, $pos));
126        }
127        $newString.=$padStr.$str.$breakStr;
128      }
129      else{
130        $newString.=$padStr.$lines[$x].$breakStr;
131      }
132    }
133    return $newString;
134
135  } // end textwrap()
136
137  // **TODO: replace with a better function that optionally checks the MX record
138  function is_email($email){
139    $ret=false;
140    if(function_exists("preg_match") && preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$/i", $email)){
141      $ret=true;
142    }
143    elseif(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$", $email)){
144      $ret=true;
145    }
146
147    return $ret;
148  }
149
150  // passed to array_walk in read.php and list.php
151  // **TODO: replace using array_flip
152  function explode_haveread($var){
153    global $haveread;
154    $haveread[$var]=true;
155  }
156
157  // these two function would be better served as a class.
158  function addnav(&$var, $text, $url){
159    $var[$text]=$url;
160  }
161
162  function getnav($var, $splitter="&nbsp;&nbsp;|&nbsp;&nbsp;", $usefont=true){
163    global $default_nav_font_color, $ForumNavFontColor;
164    if(isset($ForumNavFontColor)){
165      $color=$ForumNavFontColor;
166    }
167    else{
168      $color=$default_nav_font_color;
169    }
170    $menu=array();
171    while(list($text, $url)=each($var)){
172      if($usefont) $text="<FONT color='$color' class=\"PhorumNav\">$text</font>";
173      $menu[]="<a href=\"$url\">$text</a>";
174    }
175    $nav=implode($splitter, $menu);
176    if($usefont)
177      $nav="<FONT color='$color' class=\"PhorumNav\">&nbsp;".$nav."&nbsp;</font>";
178    return $nav;
179  }
180
181  // These functions exist in PHP 4.0.3 and up.
182  // **TODO: This will go away when we move to PHP4 only.
183  if(!function_exists("is_uploaded_file")){
184
185    function is_uploaded_file($filename) {
186      $ret=false;
187      if(dirname($filename)==dirname(tempnam(get_cfg_var("upload_tmp_dir"), ''))){
188        $ret=true;
189      }
190      return $ret;
191    }
192
193    function move_uploaded_file($old_filename, $new_filename) {
194      $ret=false;
195      if(is_uploaded_file($old_filename) && rename($old_filename,$new_filename)) {
196        $ret=true;
197      }
198      return $ret;
199    }
200
201  }
202
203/*  ***********************
204 *  removed as part of xmec changes
205 *  *********************************
206
207  function phorum_login_user($sessid, $userid=0){
208    global $DB, $q, $pho_main, $HTTP_COOKIE_VARS;
209    if(!isset($HTTP_COOKIE_VARS["phorum_auth"])){
210      AddGetPostVars("phorum_auth", "$sessid");
211    }
212    // **TODO: We should make this time configurable
213    SetCookie("phorum_auth", "$sessid", time()+86400*365);
214    if($userid){
215      $SQL="update $pho_main"."_auth set sess_id='$sessid' where id=$userid";
216      $q->query($DB, $SQL);
217    }
218  }
219
220 * xmec changes - END
221 ************************/ 
222
223
224  function phorum_get_file_name($type)
225  {
226    global $PHORUM;
227    settype($PHORUM["ForumConfigSuffix"], "string");
228    switch($type){
229        case "css":
230            $file="phorum.css";
231            $custom="phorum_$PHORUM[ForumConfigSuffix].css";
232            break;
233        case "header":
234            $file="$PHORUM[include]/header.php";
235            $custom="$PHORUM[include]/header_$PHORUM[ForumConfigSuffix].php";
236            break;
237        case "footer":
238            $file="$PHORUM[include]/footer.php";
239            $custom="$PHORUM[include]/footer_$PHORUM[ForumConfigSuffix].php";
240            break;
241    }
242
243    return (file_exists($custom)) ? $custom : $file;
244  }
245
246/*  ***********************
247 *  removed as part of xmec changes
248 *  *********************************
249
250  function phorum_check_login($user, $pass)
251  {
252    global $q, $DB, $PHORUM;
253
254    if(!get_magic_quotes_gpc()) $user=addslashes($user);
255
256    $md5_pass=md5($pass);
257
258    $id=0;
259    $SQL="Select id from $PHORUM[auth_table] where username='$user' and password='$md5_pass'";
260    $q->query($DB, $SQL);
261    if($q->numrows()==0 && function_exists("crypt")){
262        // check for old crypt system
263        $crypt_pass=crypt($pass, substr($pass, 0, CRYPT_SALT_LENGTH));
264        $SQL="Select id from $PHORUM[auth_table] where username='$user' and password='$crypt_pass'";
265        $q->query($DB, $SQL);
266        if($q->numrows()>0){
267            // update password to md5.
268            $SQL="Update $PHORUM[auth_table] set password='$md5_pass' where username='$user'";
269            $q->query($DB, $SQL);
270        }
271    }
272
273    if($q->numrows()>0){
274        $id=$q->field("id", 0);
275    }
276
277    return $id;
278  }
279
280
281
282  function phorum_session_id($username, $password)
283  {
284    return md5($username.$password.microtime());
285  }
286
287  * xmec changes - END
288  *****************************/
289
290  // variable initialization function
291  // **TODO: need to scrap this function and just use settype()
292  function initvar($varname, $value=''){
293    global $$varname;
294    if(!isset($$varname))
295      $$varname=$value;
296    return $$varname;
297  }
298
299function xmec_user_to_phorum_user($xuser)
300{
301      global $q, $DB, $PHORUM;
302
303      $phorum_user = array();
304
305      $phorum_user["id"] = $xuser->get('id');
306      $phorum_user["sess_id"] = "Not Used";
307      $phorum_user["name"] = $xuser->get('full_name');
308      $phorum_user["username"] = $xuser->get('id');
309      $phorum_user["password"] = "Needed ???";
310      $phorum_user["email"] = $xuser->get('personal_email');
311      $phorum_user["email1"] = $xuser->get('official_email');
312      if (empty($phorum_user["email"]))
313          $phorum_user["email"] = "noemail@xmec.net";
314      $phorum_user["webpage"] = $xuser->get('webpage');
315      if (empty($phorum_user["webpage"]))
316          $phorum_user["webpage"] =
317                           "http://www.xmec.net/".$xuser->get('alias');
318      $phorum_user["image"] = $xuser->get('image');
319      $phorum_user["icq"] = $xuser->get('icq');
320      $phorum_user["aol"] = $xuser->get('aol');
321      $phorum_user["yahoo"] = $xuser->get('yahoo');
322      $phorum_user["msn"] = $xuser->get('msn');
323      $phorum_user["jabber"] = $xuser->get('jabber');
324      $phorum_user["signature"] = $xuser->get('signature');
325
326      if ($xuser->isAdmin())
327          $phorum_user["forums"][0]=true;
328
329      $SQL="Select forum_id from $PHORUM[mod_table] where user_id='".$phorum_user["id"]."'";
330      $q->query($DB, $SQL);
331      while($rec=$q->getrow()){
332      	$phorum_user["forums"][$rec["forum_id"]]=true;
333      }
334 
335      if(is_array($phorum_user["forums"])){
336        $phorum_user["moderator"] = true;
337      }
338	return $phorum_user;
339} 
340
341
342 // set a sensible error level for including some stuff:
343  $old_err_level = error_reporting (E_ERROR | E_WARNING | E_PARSE);
344
345  // go ahead and unset/check these to evade hack attempts.
346  unset($phorum_user);
347  unset($PHORUM);
348  settype($f, "integer");
349  settype($num, "integer");
350  $num = (empty($num)) ? $f : $num;
351  $f = (empty($f)) ? $num : $f;
352
353  // include forums.php
354
355  // the most important variables
356  $PHORUM["settings"]="$settings_dir/forums.php";
357  $PHORUM["settings_backup"]="$settings_dir/forums.bak.php";
358
359  if(!file_exists($PHORUM["settings"])){
360    echo "<html><head><title>Phorum Error</title></head><body>Phorum could not load the settings file ($PHORUM[settings]).<br />If you are just installing Phorum, please go to the admin to complete the install.  Otherwise, see the faq for other reasons you could see this message.</body></html>";
361    exit();
362  }
363
364  include ($PHORUM["settings"]);
365
366  // set some PHORUM vars
367  $PHORUM["auth_table"]=$PHORUM["main_table"]."_auth";
368  $PHORUM["mod_table"]=$PHORUM["main_table"]."_moderators";
369  $PHORUM["settings_dir"]=$settings_dir;
370  $PHORUM["include"]="./include";
371
372  // **TODO: remove legacy code
373  $include_path=$PHORUM["include"];
374  $pho_main=$PHORUM['main_table'];
375
376  // include abstraction layer and check if its defined
377  if(!defined("PHORUM_ADMIN") && (empty($PHORUM["dbtype"]) || !file_exists("./db/$PHORUM[dbtype].php"))){
378    echo "<html><head><title>Phorum Error</title></head><body>Something is wrong.  You need to edit common.php and select a database.</body></html>";
379    exit();
380  }
381
382  include ("./db/$dbtype.php");
383
384
385  // create database classes
386  $DB = new phorum_db();
387
388  // check if database is already configured or if we are in the admin
389  if ( defined( "_DB_LAYER" ) && $PHORUM["DatabaseName"]!=''){
390    // this code below has to be this way for some weird reason.  Otherwise\n";
391    // connecting on a different port won't work.\n";
392    $DB->open($PHORUM["DatabaseName"], implode(':', explode(':', $PHORUM["DatabaseServer"])), $PHORUM["DatabaseUser"], $PHORUM["DatabasePassword"]);
393  } elseif(!defined("PHORUM_ADMIN")) {
394    echo "<html><head><title>Phorum Error</title></head><body>You need to go to the admin and fix your database settings.</body></html>";
395    exit();
396  }
397
398  //dummy query for generic operations
399  $q = new query($DB);
400  if(!is_object($q)){
401    echo "<html><head><title>Phorum Error</title></head><body>Unkown error creating $q.</body></html>";
402    exit();
403  }
404
405
406  if(!empty($f)){
407    if(file_exists("$PHORUM[settings_dir]/$f.php")){
408      include "$PHORUM[settings_dir]/$f.php";
409      if($ForumLang!=""){
410        include ("./".$ForumLang);
411      } else {
412        include ("./".$default_lang);
413      }
414    }
415    else{
416      header("Location: $forum_url/$forum_page.$ext");
417      exit();
418    }
419  }
420  else {
421    include ("./".$default_lang);
422    include ($include_path."/blankset.php");
423  }
424
425  if(!$PHORUM["started"] && !defined("PHORUM_ADMIN")){
426    Header("Location: $forum_url/$down_page.$ext");
427    exit();
428  }
429
430  if(!defined("PHORUM_ADMIN") && $DB->connect_id){
431     // check security
432    if($ForumFolder==1){
433        $SQL="Select max(security) as sec from $pho_main";
434        $q->query($DB, $SQL);
435        $max_sec=$q->field("sec", 0);
436    }
437
438    if(($ForumSecurity!=SEC_NONE || (($ForumFolder==1 || $f==0) && $max_sec>0)) && $xmec_user->isLoggedIn()){
439      $phorum_user = xmec_user_to_phorum_user($xmec_user);
440    }
441
442//    if(!isset($phorum_user["id"]) && isset($phorum_auth))  unset($phorum_auth);
443
444    if($ForumSecurity==SEC_ALL && (!$xmec_user->isLoggedIn())){
445      header("Location: $forum_url/login.$ext?target=".urlencode($REQUEST_URI));
446      exit();
447    }
448
449    // load plugins
450    unset($plugins);
451    $plugins = array(
452             "read_body"   => array(),
453             "read_header" => array()
454             );
455
456    if(isset($PHORUM["plugins"])){
457      $dir = opendir("./plugin/");
458      while($plugindirname = readdir($dir)) {
459        if($plugindirname[0] != "." && @file_exists("./plugin/$plugindirname/plugin.php") && !empty($PHORUM["plugins"][$plugindirname])){
460          include("./plugin/$plugindirname/plugin.php");
461        }
462      }
463    }
464  }
465
466  // set the error level back to what it was.
467  error_reporting ($old_err_level);
468
469?>