PageRenderTime 27ms CodeModel.GetById 10ms app.highlight 12ms RepoModel.GetById 1ms app.codeStats 0ms

/test_new/new/phorum/common.php

https://gitlab.com/thejuskrishna/xmecorg
PHP | 472 lines | 434 code | 19 blank | 19 comment | 4 complexity | 2b3bd272713b01cafc12c83367326fba MD5 | raw file
  1<?php
  2  if ( defined( "_COMMON_PHP" ) ) return;
  3  define("_COMMON_PHP", 1 );
  4
  5  // These variables may be altered as needed:
  6
  7  // location where settings are stored
  8  $settings_dir="/usr163/home/x/m/xmec/settings/phorum_settings";  // no ending slash
  9
 10  // If you have dynamic vars for GET and POST to pass on:
 11  // AddGetPostVars("dummy", $dummy);
 12
 13  // Get all XMEC stuff...
 14	$no_left_side = 1;
 15  
 16  include_once ("../xmec.inc");
 17  XMEC::authenticate_user();
 18  $xmec_user =& XMEC::getUser();
 19  if ($xmec_user->isLoggedIn()) {
 20	$phorum_auth = $xmec_user->get('id');
 21  } else {
 22	$phorum_auth = NULL;
 23  }
 24
 25//////////////////////////////////////////////////////////////////////////////////////////
 26// End of normally user-defined variables
 27//////////////////////////////////////////////////////////////////////////////////////////
 28
 29
 30  // See the FAQ on what this does.  Normally not important.
 31  // **TODO: make this a define and figure out where we really need it.
 32  $cutoff = 800;
 33
 34  $phorumver="3.3.2a";
 35
 36  // all available db-files
 37  $dbtypes = array(
 38           'mysql' => "MySQL",
 39           'postgresql65' => "PostgreSQL 6.5 or newer",
 40           'postgresql' => "PostgreSQL (older than 6.5)"
 41           );
 42
 43  // handle configs that have register_globals turned off.
 44  // we use $PHP_SELF as the test since it should always be there.
 45  // We might need to consider not using globals soon.
 46  if(!isset($PHP_SELF)) {
 47     include ("./include/register_globals.php");
 48  }
 49
 50  // *** Some Defines ***
 51
 52  // security
 53  define("SEC_NONE", 0);
 54  define("SEC_OPTIONAL", 1);
 55  define("SEC_POST", 2);
 56  define("SEC_ALL", 3);
 57
 58  // signature
 59  define("PHORUM_SIG_MARKER", "[%sig%]");
 60
 61  // **TODO: move all this into the admin
 62  $GetVars="";
 63  $PostVars="";
 64  function AddGetPostVars($var, $value){
 65    global $GetVars;
 66    global $PostVars;
 67    $var=urlencode($var);
 68    $value=urlencode($value);
 69    $GetVars.="&";
 70    $GetVars.="$var=$value";
 71    $PostVars.="<input type=\"hidden\" name=\"$var\" value=\"$value\">\n";
 72  }
 73
 74  function AddPostVar($var, $value){
 75    AddGetPostVars($var, $value);
 76  }
 77
 78  function AddGetVar($var, $value){
 79    AddGetPostVars($var, $value);
 80  }
 81
 82  // **TODO: switch to get_html_translation_table
 83  function undo_htmlspecialchars($string){
 84
 85    $string = str_replace("&amp;", "&", $string);
 86    $string = str_replace("&quot;", "\"", $string);
 87    $string = str_replace("&lt;", "<", $string);
 88    $string = str_replace("&gt;", ">", $string);
 89
 90    return $string;
 91  }
 92
 93  function htmlencode($string){
 94    $ret_string="";
 95    $len=strlen($string);
 96    for($x=0;$x<$len;$x++){
 97      $ord=ord($string[$x]);
 98      $ret_string .= "&#$ord;";
 99    }
100    return $ret_string;
101  }
102
103  function my_nl2br($str){
104    return str_replace("><br />", ">", nl2br($str));
105  }
106
107  function bgcolor($color){
108    return ($color!="") ? " bgcolor=\"".$color."\"" : "";
109  }
110
111  // **TODO: replace with wordwrap soon. Will require some changes to the calls.
112  function textwrap ($String, $breaksAt = 78, $breakStr = "\n", $padStr="") {
113
114    $newString="";
115    $lines=explode($breakStr, $String);
116    $cnt=count($lines);
117    for($x=0;$x<$cnt;$x++){
118      if(strlen($lines[$x])>$breaksAt){
119        $str=$lines[$x];
120        while(strlen($str)>$breaksAt){
121          $pos=strrpos(chop(substr($str, 0, $breaksAt)), " ");
122          if ($pos == false) {
123            break;
124          }
125          $newString.=$padStr.substr($str, 0, $pos).$breakStr;
126          $str=trim(substr($str, $pos));
127        }
128        $newString.=$padStr.$str.$breakStr;
129      }
130      else{
131        $newString.=$padStr.$lines[$x].$breakStr;
132      }
133    }
134    return $newString;
135
136  } // end textwrap()
137
138  // **TODO: replace with a better function that optionally checks the MX record
139  function is_email($email){
140    $ret=false;
141    if(function_exists("preg_match") && preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$/i", $email)){
142      $ret=true;
143    }
144    elseif(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*$", $email)){
145      $ret=true;
146    }
147
148    return $ret;
149  }
150
151  // passed to array_walk in read.php and list.php
152  // **TODO: replace using array_flip
153  function explode_haveread($var){
154    global $haveread;
155    $haveread[$var]=true;
156  }
157
158  // these two function would be better served as a class.
159  function addnav(&$var, $text, $url){
160    $var[$text]=$url;
161  }
162
163  function getnav($var, $splitter="&nbsp;&nbsp;|&nbsp;&nbsp;", $usefont=true){
164    global $default_nav_font_color, $ForumNavFontColor;
165    if(isset($ForumNavFontColor)){
166      $color=$ForumNavFontColor;
167    }
168    else{
169      $color=$default_nav_font_color;
170    }
171    $menu=array();
172    while(list($text, $url)=each($var)){
173      if($usefont) $text="<FONT color='$color' class=\"PhorumNav\">$text</font>";
174      $menu[]="<a href=\"$url\">$text</a>";
175    }
176    $nav=implode($splitter, $menu);
177    if($usefont)
178      $nav="<FONT color='$color' class=\"PhorumNav\">&nbsp;".$nav."&nbsp;</font>";
179    return $nav;
180  }
181
182  // These functions exist in PHP 4.0.3 and up.
183  // **TODO: This will go away when we move to PHP4 only.
184  if(!function_exists("is_uploaded_file")){
185
186    function is_uploaded_file($filename) {
187      $ret=false;
188      if(dirname($filename)==dirname(tempnam(get_cfg_var("upload_tmp_dir"), ''))){
189        $ret=true;
190      }
191      return $ret;
192    }
193
194    function move_uploaded_file($old_filename, $new_filename) {
195      $ret=false;
196      if(is_uploaded_file($old_filename) && rename($old_filename,$new_filename)) {
197        $ret=true;
198      }
199      return $ret;
200    }
201
202  }
203
204/*  ***********************
205 *  removed as part of xmec changes
206 *  *********************************
207
208  function phorum_login_user($sessid, $userid=0){
209    global $DB, $q, $pho_main, $HTTP_COOKIE_VARS;
210    if(!isset($HTTP_COOKIE_VARS["phorum_auth"])){
211      AddGetPostVars("phorum_auth", "$sessid");
212    }
213    // **TODO: We should make this time configurable
214    SetCookie("phorum_auth", "$sessid", time()+86400*365);
215    if($userid){
216      $SQL="update $pho_main"."_auth set sess_id='$sessid' where id=$userid";
217      $q->query($DB, $SQL);
218    }
219  }
220
221 * xmec changes - END
222 ************************/ 
223
224
225  function phorum_get_file_name($type)
226  {
227    global $PHORUM;
228    settype($PHORUM["ForumConfigSuffix"], "string");
229    switch($type){
230        case "css":
231            $file="phorum.css";
232            $custom="phorum_$PHORUM[ForumConfigSuffix].css";
233            break;
234        case "header":
235            #$file="$PHORUM[include]/header.php";
236            $file="$PHORUM[include]/../../header.php";
237            $custom="$PHORUM[include]/header_$PHORUM[ForumConfigSuffix].php";
238            break;
239        case "footer":
240            $file="$PHORUM[include]/../../footer.php";
241            #$file="$PHORUM[include]/footer.php";
242            $custom="$PHORUM[include]/footer_$PHORUM[ForumConfigSuffix].php";
243            break;
244    }
245
246    return (file_exists($custom)) ? $custom : $file;
247  }
248
249/*  ***********************
250 *  removed as part of xmec changes
251 *  *********************************
252
253  function phorum_check_login($user, $pass)
254  {
255    global $q, $DB, $PHORUM;
256
257    if(!get_magic_quotes_gpc()) $user=addslashes($user);
258
259    $md5_pass=md5($pass);
260
261    $id=0;
262    $SQL="Select id from $PHORUM[auth_table] where username='$user' and password='$md5_pass'";
263    $q->query($DB, $SQL);
264    if($q->numrows()==0 && function_exists("crypt")){
265        // check for old crypt system
266        $crypt_pass=crypt($pass, substr($pass, 0, CRYPT_SALT_LENGTH));
267        $SQL="Select id from $PHORUM[auth_table] where username='$user' and password='$crypt_pass'";
268        $q->query($DB, $SQL);
269        if($q->numrows()>0){
270            // update password to md5.
271            $SQL="Update $PHORUM[auth_table] set password='$md5_pass' where username='$user'";
272            $q->query($DB, $SQL);
273        }
274    }
275
276    if($q->numrows()>0){
277        $id=$q->field("id", 0);
278    }
279
280    return $id;
281  }
282
283
284
285  function phorum_session_id($username, $password)
286  {
287    return md5($username.$password.microtime());
288  }
289
290  * xmec changes - END
291  *****************************/
292
293  // variable initialization function
294  // **TODO: need to scrap this function and just use settype()
295  function initvar($varname, $value=''){
296    global $$varname;
297    if(!isset($$varname))
298      $$varname=$value;
299    return $$varname;
300  }
301
302function xmec_user_to_phorum_user($xuser)
303{
304      global $q, $DB, $PHORUM;
305
306      $phorum_user = array();
307
308      $phorum_user["id"] = $xuser->get('id');
309      $phorum_user["sess_id"] = "Not Used";
310      $phorum_user["name"] = $xuser->get('full_name');
311      $phorum_user["username"] = $xuser->get('id');
312      $phorum_user["password"] = "Needed ???";
313      $phorum_user["email"] = $xuser->get('personal_email');
314      $phorum_user["email1"] = $xuser->get('official_email');
315      if (empty($phorum_user["email"]))
316          $phorum_user["email"] = "noemail@xmec.net";
317      $phorum_user["webpage"] = $xuser->get('webpage');
318      if (empty($phorum_user["webpage"]))
319          $phorum_user["webpage"] =
320                           "http://www.xmec.net/".$xuser->get('alias');
321      $phorum_user["image"] = $xuser->get('image');
322      $phorum_user["icq"] = $xuser->get('icq');
323      $phorum_user["aol"] = $xuser->get('aol');
324      $phorum_user["yahoo"] = $xuser->get('yahoo');
325      $phorum_user["msn"] = $xuser->get('msn');
326      $phorum_user["jabber"] = $xuser->get('jabber');
327      $phorum_user["signature"] = $xuser->get('signature');
328
329      if ($xuser->isAdmin())
330          $phorum_user["forums"][0]=true;
331
332      $SQL="Select forum_id from $PHORUM[mod_table] where user_id='".$phorum_user["id"]."'";
333      $q->query($DB, $SQL);
334      while($rec=$q->getrow()){
335      	$phorum_user["forums"][$rec["forum_id"]]=true;
336      }
337 
338      if(is_array($phorum_user["forums"])){
339        $phorum_user["moderator"] = true;
340      }
341	return $phorum_user;
342} 
343
344
345 // set a sensible error level for including some stuff:
346  $old_err_level = error_reporting (E_ERROR | E_WARNING | E_PARSE);
347
348  // go ahead and unset/check these to evade hack attempts.
349  unset($phorum_user);
350  unset($PHORUM);
351  settype($f, "integer");
352  settype($num, "integer");
353  $num = (empty($num)) ? $f : $num;
354  $f = (empty($f)) ? $num : $f;
355
356  // include forums.php
357
358  // the most important variables
359  $PHORUM["settings"]="$settings_dir/forums.php";
360  $PHORUM["settings_backup"]="$settings_dir/forums.bak.php";
361
362  if(!file_exists($PHORUM["settings"])){
363    echo "<html><head><title>Phorum Error</title></head><body>Phorum could not load the settings file ($PHORUM[settings]).<br />If you are just installing Phorum, please go to the admin to complete the install.  Otherwise, see the faq for other reasons you could see this message.</body></html>";
364    exit();
365  }
366
367  include ($PHORUM["settings"]);
368
369  // set some PHORUM vars
370  $PHORUM["auth_table"]=$PHORUM["main_table"]."_auth";
371  $PHORUM["mod_table"]=$PHORUM["main_table"]."_moderators";
372  $PHORUM["settings_dir"]=$settings_dir;
373  $PHORUM["include"]="./include";
374
375  // **TODO: remove legacy code
376  $include_path=$PHORUM["include"];
377  $pho_main=$PHORUM['main_table'];
378
379  // include abstraction layer and check if its defined
380  if(!defined("PHORUM_ADMIN") && (empty($PHORUM["dbtype"]) || !file_exists("./db/$PHORUM[dbtype].php"))){
381    echo "<html><head><title>Phorum Error</title></head><body>Something is wrong.  You need to edit common.php and select a database.</body></html>";
382    exit();
383  }
384
385  include ("./db/$dbtype.php");
386
387
388  // create database classes
389  $DB = new phorum_db();
390
391  // check if database is already configured or if we are in the admin
392  if ( defined( "_DB_LAYER" ) && $PHORUM["DatabaseName"]!=''){
393    // this code below has to be this way for some weird reason.  Otherwise\n";
394    // connecting on a different port won't work.\n";
395    $DB->open($PHORUM["DatabaseName"], implode(':', explode(':', $PHORUM["DatabaseServer"])), $PHORUM["DatabaseUser"], $PHORUM["DatabasePassword"]);
396  } elseif(!defined("PHORUM_ADMIN")) {
397    echo "<html><head><title>Phorum Error</title></head><body>You need to go to the admin and fix your database settings.</body></html>";
398    exit();
399  }
400
401  //dummy query for generic operations
402  $q = new query($DB);
403  if(!is_object($q)){
404    echo "<html><head><title>Phorum Error</title></head><body>Unkown error creating $q.</body></html>";
405    exit();
406  }
407
408
409  if(!empty($f)){
410    if(file_exists("$PHORUM[settings_dir]/$f.php")){
411      include "$PHORUM[settings_dir]/$f.php";
412      if($ForumLang!=""){
413        include ("./".$ForumLang);
414      } else {
415        include ("./".$default_lang);
416      }
417    }
418    else{
419      header("Location: $forum_url/$forum_page.$ext");
420      exit();
421    }
422  }
423  else {
424    include ("./".$default_lang);
425    include ($include_path."/blankset.php");
426  }
427
428  if(!$PHORUM["started"] && !defined("PHORUM_ADMIN")){
429    Header("Location: $forum_url/$down_page.$ext");
430    exit();
431  }
432
433  if(!defined("PHORUM_ADMIN") && $DB->connect_id){
434     // check security
435    if($ForumFolder==1){
436        $SQL="Select max(security) as sec from $pho_main";
437        $q->query($DB, $SQL);
438        $max_sec=$q->field("sec", 0);
439    }
440
441    if(($ForumSecurity!=SEC_NONE || (($ForumFolder==1 || $f==0) && $max_sec>0)) && $xmec_user->isLoggedIn()){
442      $phorum_user = xmec_user_to_phorum_user($xmec_user);
443    }
444
445//    if(!isset($phorum_user["id"]) && isset($phorum_auth))  unset($phorum_auth);
446
447    if($ForumSecurity==SEC_ALL && (!$xmec_user->isLoggedIn())){
448      header("Location: $forum_url/login.$ext?target=".urlencode($REQUEST_URI));
449      exit();
450    }
451
452    // load plugins
453    unset($plugins);
454    $plugins = array(
455             "read_body"   => array(),
456             "read_header" => array()
457             );
458
459    if(isset($PHORUM["plugins"])){
460      $dir = opendir("./plugin/");
461      while($plugindirname = readdir($dir)) {
462        if($plugindirname[0] != "." && @file_exists("./plugin/$plugindirname/plugin.php") && !empty($PHORUM["plugins"][$plugindirname])){
463          include("./plugin/$plugindirname/plugin.php");
464        }
465      }
466    }
467  }
468
469  // set the error level back to what it was.
470  error_reporting ($old_err_level);
471
472?>