PageRenderTime 44ms CodeModel.GetById 18ms RepoModel.GetById 1ms app.codeStats 0ms

/public_html/phorum/common.php

https://gitlab.com/thejuskrishna/xmec
PHP | 472 lines | 434 code | 19 blank | 19 comment | 4 complexity | 2b3bd272713b01cafc12c83367326fba MD5 | raw file
  1. <?php
  2. if ( defined( "_COMMON_PHP" ) ) return;
  3. define("_COMMON_PHP", 1 );
  4. // These variables may be altered as needed:
  5. // location where settings are stored
  6. $settings_dir="/usr163/home/x/m/xmec/settings/phorum_settings"; // no ending slash
  7. // If you have dynamic vars for GET and POST to pass on:
  8. // AddGetPostVars("dummy", $dummy);
  9. // Get all XMEC stuff...
  10. $no_left_side = 1;
  11. include_once ("../xmec.inc");
  12. XMEC::authenticate_user();
  13. $xmec_user =& XMEC::getUser();
  14. if ($xmec_user->isLoggedIn()) {
  15. $phorum_auth = $xmec_user->get('id');
  16. } else {
  17. $phorum_auth = NULL;
  18. }
  19. //////////////////////////////////////////////////////////////////////////////////////////
  20. // End of normally user-defined variables
  21. //////////////////////////////////////////////////////////////////////////////////////////
  22. // See the FAQ on what this does. Normally not important.
  23. // **TODO: make this a define and figure out where we really need it.
  24. $cutoff = 800;
  25. $phorumver="3.3.2a";
  26. // all available db-files
  27. $dbtypes = array(
  28. 'mysql' => "MySQL",
  29. 'postgresql65' => "PostgreSQL 6.5 or newer",
  30. 'postgresql' => "PostgreSQL (older than 6.5)"
  31. );
  32. // handle configs that have register_globals turned off.
  33. // we use $PHP_SELF as the test since it should always be there.
  34. // We might need to consider not using globals soon.
  35. if(!isset($PHP_SELF)) {
  36. include ("./include/register_globals.php");
  37. }
  38. // *** Some Defines ***
  39. // security
  40. define("SEC_NONE", 0);
  41. define("SEC_OPTIONAL", 1);
  42. define("SEC_POST", 2);
  43. define("SEC_ALL", 3);
  44. // signature
  45. define("PHORUM_SIG_MARKER", "[%sig%]");
  46. // **TODO: move all this into the admin
  47. $GetVars="";
  48. $PostVars="";
  49. function AddGetPostVars($var, $value){
  50. global $GetVars;
  51. global $PostVars;
  52. $var=urlencode($var);
  53. $value=urlencode($value);
  54. $GetVars.="&";
  55. $GetVars.="$var=$value";
  56. $PostVars.="<input type=\"hidden\" name=\"$var\" value=\"$value\">\n";
  57. }
  58. function AddPostVar($var, $value){
  59. AddGetPostVars($var, $value);
  60. }
  61. function AddGetVar($var, $value){
  62. AddGetPostVars($var, $value);
  63. }
  64. // **TODO: switch to get_html_translation_table
  65. function undo_htmlspecialchars($string){
  66. $string = str_replace("&amp;", "&", $string);
  67. $string = str_replace("&quot;", "\"", $string);
  68. $string = str_replace("&lt;", "<", $string);
  69. $string = str_replace("&gt;", ">", $string);
  70. return $string;
  71. }
  72. function htmlencode($string){
  73. $ret_string="";
  74. $len=strlen($string);
  75. for($x=0;$x<$len;$x++){
  76. $ord=ord($string[$x]);
  77. $ret_string .= "&#$ord;";
  78. }
  79. return $ret_string;
  80. }
  81. function my_nl2br($str){
  82. return str_replace("><br />", ">", nl2br($str));
  83. }
  84. function bgcolor($color){
  85. return ($color!="") ? " bgcolor=\"".$color."\"" : "";
  86. }
  87. // **TODO: replace with wordwrap soon. Will require some changes to the calls.
  88. function textwrap ($String, $breaksAt = 78, $breakStr = "\n", $padStr="") {
  89. $newString="";
  90. $lines=explode($breakStr, $String);
  91. $cnt=count($lines);
  92. for($x=0;$x<$cnt;$x++){
  93. if(strlen($lines[$x])>$breaksAt){
  94. $str=$lines[$x];
  95. while(strlen($str)>$breaksAt){
  96. $pos=strrpos(chop(substr($str, 0, $breaksAt)), " ");
  97. if ($pos == false) {
  98. break;
  99. }
  100. $newString.=$padStr.substr($str, 0, $pos).$breakStr;
  101. $str=trim(substr($str, $pos));
  102. }
  103. $newString.=$padStr.$str.$breakStr;
  104. }
  105. else{
  106. $newString.=$padStr.$lines[$x].$breakStr;
  107. }
  108. }
  109. return $newString;
  110. } // end textwrap()
  111. // **TODO: replace with a better function that optionally checks the MX record
  112. function is_email($email){
  113. $ret=false;
  114. if(function_exists("preg_match") && preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$/i", $email)){
  115. $ret=true;
  116. }
  117. elseif(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$", $email)){
  118. $ret=true;
  119. }
  120. return $ret;
  121. }
  122. // passed to array_walk in read.php and list.php
  123. // **TODO: replace using array_flip
  124. function explode_haveread($var){
  125. global $haveread;
  126. $haveread[$var]=true;
  127. }
  128. // these two function would be better served as a class.
  129. function addnav(&$var, $text, $url){
  130. $var[$text]=$url;
  131. }
  132. function getnav($var, $splitter="&nbsp;&nbsp;|&nbsp;&nbsp;", $usefont=true){
  133. global $default_nav_font_color, $ForumNavFontColor;
  134. if(isset($ForumNavFontColor)){
  135. $color=$ForumNavFontColor;
  136. }
  137. else{
  138. $color=$default_nav_font_color;
  139. }
  140. $menu=array();
  141. while(list($text, $url)=each($var)){
  142. if($usefont) $text="<FONT color='$color' class=\"PhorumNav\">$text</font>";
  143. $menu[]="<a href=\"$url\">$text</a>";
  144. }
  145. $nav=implode($splitter, $menu);
  146. if($usefont)
  147. $nav="<FONT color='$color' class=\"PhorumNav\">&nbsp;".$nav."&nbsp;</font>";
  148. return $nav;
  149. }
  150. // These functions exist in PHP 4.0.3 and up.
  151. // **TODO: This will go away when we move to PHP4 only.
  152. if(!function_exists("is_uploaded_file")){
  153. function is_uploaded_file($filename) {
  154. $ret=false;
  155. if(dirname($filename)==dirname(tempnam(get_cfg_var("upload_tmp_dir"), ''))){
  156. $ret=true;
  157. }
  158. return $ret;
  159. }
  160. function move_uploaded_file($old_filename, $new_filename) {
  161. $ret=false;
  162. if(is_uploaded_file($old_filename) && rename($old_filename,$new_filename)) {
  163. $ret=true;
  164. }
  165. return $ret;
  166. }
  167. }
  168. /* ***********************
  169. * removed as part of xmec changes
  170. * *********************************
  171. function phorum_login_user($sessid, $userid=0){
  172. global $DB, $q, $pho_main, $HTTP_COOKIE_VARS;
  173. if(!isset($HTTP_COOKIE_VARS["phorum_auth"])){
  174. AddGetPostVars("phorum_auth", "$sessid");
  175. }
  176. // **TODO: We should make this time configurable
  177. SetCookie("phorum_auth", "$sessid", time()+86400*365);
  178. if($userid){
  179. $SQL="update $pho_main"."_auth set sess_id='$sessid' where id=$userid";
  180. $q->query($DB, $SQL);
  181. }
  182. }
  183. * xmec changes - END
  184. ************************/
  185. function phorum_get_file_name($type)
  186. {
  187. global $PHORUM;
  188. settype($PHORUM["ForumConfigSuffix"], "string");
  189. switch($type){
  190. case "css":
  191. $file="phorum.css";
  192. $custom="phorum_$PHORUM[ForumConfigSuffix].css";
  193. break;
  194. case "header":
  195. #$file="$PHORUM[include]/header.php";
  196. $file="$PHORUM[include]/../../header.php";
  197. $custom="$PHORUM[include]/header_$PHORUM[ForumConfigSuffix].php";
  198. break;
  199. case "footer":
  200. $file="$PHORUM[include]/../../footer.php";
  201. #$file="$PHORUM[include]/footer.php";
  202. $custom="$PHORUM[include]/footer_$PHORUM[ForumConfigSuffix].php";
  203. break;
  204. }
  205. return (file_exists($custom)) ? $custom : $file;
  206. }
  207. /* ***********************
  208. * removed as part of xmec changes
  209. * *********************************
  210. function phorum_check_login($user, $pass)
  211. {
  212. global $q, $DB, $PHORUM;
  213. if(!get_magic_quotes_gpc()) $user=addslashes($user);
  214. $md5_pass=md5($pass);
  215. $id=0;
  216. $SQL="Select id from $PHORUM[auth_table] where username='$user' and password='$md5_pass'";
  217. $q->query($DB, $SQL);
  218. if($q->numrows()==0 && function_exists("crypt")){
  219. // check for old crypt system
  220. $crypt_pass=crypt($pass, substr($pass, 0, CRYPT_SALT_LENGTH));
  221. $SQL="Select id from $PHORUM[auth_table] where username='$user' and password='$crypt_pass'";
  222. $q->query($DB, $SQL);
  223. if($q->numrows()>0){
  224. // update password to md5.
  225. $SQL="Update $PHORUM[auth_table] set password='$md5_pass' where username='$user'";
  226. $q->query($DB, $SQL);
  227. }
  228. }
  229. if($q->numrows()>0){
  230. $id=$q->field("id", 0);
  231. }
  232. return $id;
  233. }
  234. function phorum_session_id($username, $password)
  235. {
  236. return md5($username.$password.microtime());
  237. }
  238. * xmec changes - END
  239. *****************************/
  240. // variable initialization function
  241. // **TODO: need to scrap this function and just use settype()
  242. function initvar($varname, $value=''){
  243. global $$varname;
  244. if(!isset($$varname))
  245. $$varname=$value;
  246. return $$varname;
  247. }
  248. function xmec_user_to_phorum_user($xuser)
  249. {
  250. global $q, $DB, $PHORUM;
  251. $phorum_user = array();
  252. $phorum_user["id"] = $xuser->get('id');
  253. $phorum_user["sess_id"] = "Not Used";
  254. $phorum_user["name"] = $xuser->get('full_name');
  255. $phorum_user["username"] = $xuser->get('id');
  256. $phorum_user["password"] = "Needed ???";
  257. $phorum_user["email"] = $xuser->get('personal_email');
  258. $phorum_user["email1"] = $xuser->get('official_email');
  259. if (empty($phorum_user["email"]))
  260. $phorum_user["email"] = "noemail@xmec.net";
  261. $phorum_user["webpage"] = $xuser->get('webpage');
  262. if (empty($phorum_user["webpage"]))
  263. $phorum_user["webpage"] =
  264. "http://www.xmec.net/".$xuser->get('alias');
  265. $phorum_user["image"] = $xuser->get('image');
  266. $phorum_user["icq"] = $xuser->get('icq');
  267. $phorum_user["aol"] = $xuser->get('aol');
  268. $phorum_user["yahoo"] = $xuser->get('yahoo');
  269. $phorum_user["msn"] = $xuser->get('msn');
  270. $phorum_user["jabber"] = $xuser->get('jabber');
  271. $phorum_user["signature"] = $xuser->get('signature');
  272. if ($xuser->isAdmin())
  273. $phorum_user["forums"][0]=true;
  274. $SQL="Select forum_id from $PHORUM[mod_table] where user_id='".$phorum_user["id"]."'";
  275. $q->query($DB, $SQL);
  276. while($rec=$q->getrow()){
  277. $phorum_user["forums"][$rec["forum_id"]]=true;
  278. }
  279. if(is_array($phorum_user["forums"])){
  280. $phorum_user["moderator"] = true;
  281. }
  282. return $phorum_user;
  283. }
  284. // set a sensible error level for including some stuff:
  285. $old_err_level = error_reporting (E_ERROR | E_WARNING | E_PARSE);
  286. // go ahead and unset/check these to evade hack attempts.
  287. unset($phorum_user);
  288. unset($PHORUM);
  289. settype($f, "integer");
  290. settype($num, "integer");
  291. $num = (empty($num)) ? $f : $num;
  292. $f = (empty($f)) ? $num : $f;
  293. // include forums.php
  294. // the most important variables
  295. $PHORUM["settings"]="$settings_dir/forums.php";
  296. $PHORUM["settings_backup"]="$settings_dir/forums.bak.php";
  297. if(!file_exists($PHORUM["settings"])){
  298. echo "<html><head><title>Phorum Error</title></head><body>Phorum could not load the settings file ($PHORUM[settings]).<br />If you are just installing Phorum, please go to the admin to complete the install. Otherwise, see the faq for other reasons you could see this message.</body></html>";
  299. exit();
  300. }
  301. include ($PHORUM["settings"]);
  302. // set some PHORUM vars
  303. $PHORUM["auth_table"]=$PHORUM["main_table"]."_auth";
  304. $PHORUM["mod_table"]=$PHORUM["main_table"]."_moderators";
  305. $PHORUM["settings_dir"]=$settings_dir;
  306. $PHORUM["include"]="./include";
  307. // **TODO: remove legacy code
  308. $include_path=$PHORUM["include"];
  309. $pho_main=$PHORUM['main_table'];
  310. // include abstraction layer and check if its defined
  311. if(!defined("PHORUM_ADMIN") && (empty($PHORUM["dbtype"]) || !file_exists("./db/$PHORUM[dbtype].php"))){
  312. echo "<html><head><title>Phorum Error</title></head><body>Something is wrong. You need to edit common.php and select a database.</body></html>";
  313. exit();
  314. }
  315. include ("./db/$dbtype.php");
  316. // create database classes
  317. $DB = new phorum_db();
  318. // check if database is already configured or if we are in the admin
  319. if ( defined( "_DB_LAYER" ) && $PHORUM["DatabaseName"]!=''){
  320. // this code below has to be this way for some weird reason. Otherwise\n";
  321. // connecting on a different port won't work.\n";
  322. $DB->open($PHORUM["DatabaseName"], implode(':', explode(':', $PHORUM["DatabaseServer"])), $PHORUM["DatabaseUser"], $PHORUM["DatabasePassword"]);
  323. } elseif(!defined("PHORUM_ADMIN")) {
  324. echo "<html><head><title>Phorum Error</title></head><body>You need to go to the admin and fix your database settings.</body></html>";
  325. exit();
  326. }
  327. //dummy query for generic operations
  328. $q = new query($DB);
  329. if(!is_object($q)){
  330. echo "<html><head><title>Phorum Error</title></head><body>Unkown error creating $q.</body></html>";
  331. exit();
  332. }
  333. if(!empty($f)){
  334. if(file_exists("$PHORUM[settings_dir]/$f.php")){
  335. include "$PHORUM[settings_dir]/$f.php";
  336. if($ForumLang!=""){
  337. include ("./".$ForumLang);
  338. } else {
  339. include ("./".$default_lang);
  340. }
  341. }
  342. else{
  343. header("Location: $forum_url/$forum_page.$ext");
  344. exit();
  345. }
  346. }
  347. else {
  348. include ("./".$default_lang);
  349. include ($include_path."/blankset.php");
  350. }
  351. if(!$PHORUM["started"] && !defined("PHORUM_ADMIN")){
  352. Header("Location: $forum_url/$down_page.$ext");
  353. exit();
  354. }
  355. if(!defined("PHORUM_ADMIN") && $DB->connect_id){
  356. // check security
  357. if($ForumFolder==1){
  358. $SQL="Select max(security) as sec from $pho_main";
  359. $q->query($DB, $SQL);
  360. $max_sec=$q->field("sec", 0);
  361. }
  362. if(($ForumSecurity!=SEC_NONE || (($ForumFolder==1 || $f==0) && $max_sec>0)) && $xmec_user->isLoggedIn()){
  363. $phorum_user = xmec_user_to_phorum_user($xmec_user);
  364. }
  365. // if(!isset($phorum_user["id"]) && isset($phorum_auth)) unset($phorum_auth);
  366. if($ForumSecurity==SEC_ALL && (!$xmec_user->isLoggedIn())){
  367. header("Location: $forum_url/login.$ext?target=".urlencode($REQUEST_URI));
  368. exit();
  369. }
  370. // load plugins
  371. unset($plugins);
  372. $plugins = array(
  373. "read_body" => array(),
  374. "read_header" => array()
  375. );
  376. if(isset($PHORUM["plugins"])){
  377. $dir = opendir("./plugin/");
  378. while($plugindirname = readdir($dir)) {
  379. if($plugindirname[0] != "." && @file_exists("./plugin/$plugindirname/plugin.php") && !empty($PHORUM["plugins"][$plugindirname])){
  380. include("./plugin/$plugindirname/plugin.php");
  381. }
  382. }
  383. }
  384. }
  385. // set the error level back to what it was.
  386. error_reporting ($old_err_level);
  387. ?>