_settings.php | searchcode

/hosting_project/ws_versions/ws1/_settings.php

https://github.com/WeMake-IT/Hosting-Service
PHP | 323 lines | 32 code | 17 blank | 274 comment | 8 complexity | 851163bce04e0153d522a5b5f4f5bcd2 MD5 | raw file

<?php

/*

##########################################################################

#                                                                        #

#           Version 4       /                        /   /               #

#          -----------__---/__---__------__----__---/---/-               #

#           | /| /  /___) /   ) (_ `   /   ) /___) /   /                 #

#          _|/_|/__(___ _(___/_(__)___/___/_(___ _/___/___               #

#                       Free Content / Management System                 #

#                                   /                                    #

#                                                                        #

#                                                                        #

#   Copyright 2005-2010 by webspell.org                                  #

#                                                                        #

#   visit webSPELL.org, webspell.info to get webSPELL for free           #

#   - Script runs under the GNU GENERAL PUBLIC LICENSE                   #

#   - It's NOT allowed to remove this copyright-tag                      #

#   -- http://www.fsf.org/licensing/licenses/gpl.html                    #

#                                                                        #

#   Code based on WebSPELL Clanpackage (Michael Gruber - webspell.at),   #

#   Far Development by Development Team - webspell.org                   #

#                                                                        #

#   visit webspell.org                                                   #

#                                                                        #

##########################################################################



##########################################################################

#                                                                        #

#           Version 4       /                        /   /               #

#          -----------__---/__---__------__----__---/---/-               #

#           | /| /  /___) /   ) (_ `   /   ) /___) /   /                 #

#          _|/_|/__(___ _(___/_(__)___/___/_(___ _/___/___               #

#                            Society / Edition                           #

#                                   /                                    #

#                                                                        #

#   modified by webspell|k3rmit (Stefan Giesecke) in 2009                #

#                                                                        #

#   - Modifications are released under the GNU GENERAL PUBLIC LICENSE    #

#   - It is NOT allowed to remove this copyright-tag                     #

#   - http://www.fsf.org/licensing/licenses/gpl.html                     #

#                                                                        #

##########################################################################

*/



ini_set('session.use_trans_sid', 0);  

ini_set('session.use_cookies', 1); 

ini_set('session.use_only_cookie', 1); 

 

// -- ERROR REPORTING -- //



define('DEBUG', "OFF");

error_reporting(0); // 0 = public mode, E_ALL = development-mode



// -- SET ENCODING FOR MB-FUNCTIONS -- //



mb_internal_encoding("UTF-8");



// -- SET ENCODING



header('content-type: text/html; charset=utf-8');



// -- CONNECTION TO MYSQL -- //



mysql_connect($host, $user, $pwd) or system_error('ERROR: Can not connect to MySQL-Server');

mysql_select_db($db) or system_error('ERROR: Can not connect to database "'.$db.'"');



mysql_query("SET NAMES 'utf8'");



// -- GENERAL PROTECTIONS -- //



function globalskiller() {		// kills all non-system variables



  $global = array('GLOBALS', '_POST', '_GET', '_COOKIE', '_FILES', '_SERVER', '_ENV',  '_REQUEST', '_SESSION');

  foreach ($GLOBALS as $key=>$val) {

  	if(!in_array($key, $global)) {

  		if(is_array($val)) unset_array($GLOBALS[$key]);

  		else unset($GLOBALS[$key]);

  	}

  }

}



function unset_array($array) {



	foreach($array as $key) {

		if(is_array($key)) unset_array($key);

		else unset($key);

	}

}



globalskiller();



if(isset($_GET['site'])) $site=$_GET['site'];

else $site= null;

if($site!="search") {

	$request=strtolower(urldecode($_SERVER['QUERY_STRING']));

	$protarray=array("union","select","into","where","update ","from","/*","set ",PREFIX."user ",PREFIX."user(",PREFIX."user`",PREFIX."user_groups","phpinfo",

	"escapeshellarg","exec","fopen","fwrite","escapeshellcmd","passthru","proc_close","proc_get_status","proc_nice",

	"proc_open","proc_terminate","shell_exec","system","telnet","ssh","cmd","mv","chmod","chdir","locate","killall",

	"passwd","kill","script","bash","perl","mysql","~root",".history","~nobody","getenv"

	);

	$check=str_replace($protarray, '*', $request);

	if($request != $check) system_error("Invalid request detected.");

}



function security_slashes(&$array) {

	foreach($array as $key => $value) {

		if(is_array($array[$key])) {

			security_slashes($array[$key]);

		}

		else {

			if(get_magic_quotes_gpc()) {

				$tmp = stripslashes($value);

			}

			else {

				$tmp = $value;

			}

			if(function_exists("mysql_real_escape_string")) {

				$array[$key] = mysql_real_escape_string($tmp);

			}

			else {

				$array[$key] = addslashes($tmp);

			}

			unset($tmp);

		}

	}

}



security_slashes($_POST);

security_slashes($_COOKIE);

security_slashes($_GET);

security_slashes($_REQUEST);



// -- MYSQL QUERY FUNCTION -- //



$_mysql_querys = array();

function safe_query($query="") {

	if(stristr(str_replace(' ', '', $query), "unionselect")===FALSE AND stristr(str_replace(' ', '', $query), "union(select")===FALSE){

		if(empty($query)) return false;

		if(DEBUG == "OFF") $result = mysql_query($query) or die('Query failed!');

		else {

			$result = mysql_query($query) or die('Query failed: '

			.'<li>errorno='.mysql_errno()

			.'<li>error='.mysql_error()

			.'<li>query='.$query);

		}

		return $result;

	}

	else die();

}



// -- SYSTEM ERROR DISPLAY -- //



function system_error($text,$system=1) {

	if($system) {

		include('version.php');

		$info='webSPELL Version: '.$version.'<br />PHP Version: '.phpversion().'<br />MySQL Version: '.mysql_get_server_info().'<br />';

	} else {

		$info = '';

	}

	die('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

  <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

  <head>

	  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

	  <meta name="description" content="Website using webSPELL 4 CMS - Society Edition" />

	  <meta name="author" content="webspell.org" />

	  <meta name="keywords" content="webspell, webspell4, cms, society, edition" />

	  <meta name="copyright" content="Copyright &copy; 2005 - 2009 by webspell.org" />

	  <meta name="generator" content="webSPELL" />

	  <title>webSPELL</title>

  </head>

  <body>

  <center>

  <table border="0" cellpadding="1" cellspacing="1" bgcolor="#eeeeee">

    <tr>

      <td><a href="http://www.webspell.org" target="_blank"><img src="images/banner.gif" style="border:none;" alt="webSPELL.org" title="webSPELL.org" /></a></td>

    </tr>

    <tr bgcolor="#ffffff">

      <td><div style="color:#333333;font-family:Tahoma,Verdana,Arial;font-size:11px;padding:5px;">'.$info.'<br /><font color="red">'.$text.'</font><br />&nbsp;</div></td>

    </tr>

    <tr bgcolor="#ffffff">

      <td><div style="color:#333333;font-family:Tahoma,Verdana,Arial;font-size:11px;padding:5px;">For support visit <a href="http://webspell.org" target="_blank">webspell.org</a></div></td>

    </tr>

  </table>

  </center>

  </body>

  </html>');

}



// -- BOX MODULES INCLUDE -- //

function boxinclude($placeholder){

	global $index_language, $_language, $latestarticles, $userID, $maxlatesttopics, $border, $maxlatesttopicchars, $maxposts, $loggedin, $topnewsID, $maxheadlines, $maxtopnewschars, $maxheadlinechars, $maxresults, $maxupcoming, $sbrefresh, $bg1, $useraccessgroups;

	

	$_language_box = new Language;

	$_language_box->set_language($_language->language);

	$_language_box->db_read_module('boxmodule');

	

	$result=safe_query("SELECT modules_boxedID, filename, placeholder, activated, access FROM ".PREFIX."modules_boxed WHERE placeholder=".$placeholder);

	$any=mysql_num_rows($result);

	if($any){ //box module definition is available

		$row=mysql_fetch_array($result);

		if($row['activated']==1){ //module is activated

			if(file_exists($row['filename'])){ //given file in box module definition exists

				if(hasaccess($row['access'], $useraccessgroups)){

				  $boxmodulename=$_language_box->module[$row['modules_boxedID']];

					eval("\$boxmodule_head = \"".gettemplate("boxmodule_head")."\";");

		      echo $boxmodule_head;

		      

		      include($row['filename']);

		      

		      eval("\$boxmodule_foot = \"".gettemplate("boxmodule_foot")."\";");

		      echo $boxmodule_foot;

				}

			}

			else{ //given file in box module definition does not exist

				echo $index_language['modbox_not_available'];

				eval("\$boxmodule_foot = \"".gettemplate("boxmodule_foot")."\";");

	      echo $boxmodule_foot;

			}

		}

		else{ //module is not activated

			

		}

	}

	else{ //box module definition is not available

		

	}

}



// -- SYSTEM FILE INCLUDE -- //



function systeminc($file) {

	if(!include('src/'.$file.'.php')) system_error('Could not get system file for '.$file);

}



// -- IGNORED USERS -- //



function isignored($userID, $buddy) {

	$anz=mysql_num_rows(safe_query("SELECT userID FROM ".PREFIX."buddys WHERE buddy='$buddy' AND userID='$userID' "));

	if($anz) {

		$ergebnis=safe_query("SELECT * FROM ".PREFIX."buddys WHERE buddy='$buddy' AND userID='$userID' ");

		$ds=mysql_fetch_array($ergebnis);

		if($ds['banned']==1) return 1;

		else return 0;

	}

	else return 0;

}



// -- GLOBAL SETTINGS -- //



$ds = mysql_fetch_array(safe_query("SELECT * FROM ".PREFIX."settings"));



$maxshownnews				=	$ds['news']; 				if(empty($maxshownnews)) $maxshownnews = 10;

$maxnewsarchiv				=	$ds['newsarchiv']; 			if(empty($maxnewsarchiv)) $maxnewsarchiv = 20;

$maxheadlines				=	$ds['headlines']; 			if(empty($maxheadlines)) $maxheadlines = 10;

$maxheadlinechars			=	$ds['headlineschars']; 		if(empty($maxheadlinechars)) $maxheadlinechars = 18;

$maxtopnewschars			=	$ds['topnewschars']; 		if(empty($maxtopnewschars)) $maxtopnewschars = 200;

$maxarticles				=	$ds['articles']; 			if(empty($maxarticles)) $maxarticles = 20;

$latestarticles				=	$ds['latestarticles']; 		if(empty($latestarticles)) $latestarticles = 5;

$articleschars				=	$ds['articleschars']; 		if(empty($articleschars)) $articleschars = 18;

$maxguestbook				=	$ds['guestbook']; 			if(empty($maxguestbook)) $maxguestbook = 20;

$maxshoutbox				=	$ds['shoutbox']; 			if(empty($maxshoutbox)) $maxshoutbox = 5;

$maxsball					=	$ds['sball']; 				if(empty($latestarticles)) $latestarticles = 5;

$sbrefresh					=	$ds['sbrefresh']; 			if(empty($sbrefresh)) $sbrefresh = 60;

$maxtopics					=	$ds['topics']; 				if(empty($maxtopics)) $maxtopics = 20;

$maxposts					=	$ds['posts']; 				if(empty($maxposts)) $maxposts = 10;

$maxlatesttopics			=	$ds['latesttopics']; 		if(empty($maxlatesttopics)) $maxlatesttopics = 10;

$maxlatesttopicchars		=	$ds['latesttopicchars']; 	if(empty($maxlatesttopicchars)) $maxlatesttopicchars = 18;

$maxfeedback				=	$ds['feedback']; 			if(empty($maxfeedback)) $maxfeedback = 5;

$maxmessages				=	$ds['messages']; 			if(empty($maxmessages)) $maxmessages = 5;

$maxusers					=	$ds['users']; 				if(empty($maxusers)) $maxusers = 5;

$maxboxmodules		= $ds['maxboxmodules'];

$hp_url						=	$ds['hpurl'];

$admin_name					=	$ds['adminname'];

$admin_email				=	$ds['adminemail'];

$myclantag					=	$ds['clantag'];

$myclanname					=	$ds['clanname'];

$maxarticles				=	$ds['articles']; 			if(empty($maxarticles)) $maxarticles = 5;

$profilelast				=	$ds['profilelast']; 		if(empty($profilelast)) $profilelast = 20;

$topnewsID					=	$ds['topnewsID'];

$sessionduration			=	$ds['sessionduration']; 	if(empty($sessionduration)) $sessionduration = 24;

$closed						=	(int)$ds['closed'];

$gb_info					=	$ds['gb_info'];

$imprint_type				=	$ds['imprint'];

$picsize_l					=	$ds['picsize_l'];			if(empty($picsize_l)) $picsize_l = 9999;

$picsize_h					=	$ds['picsize_h'];			if(empty($picsize_h)) $picsize_h = 9999;

$gallerypictures			=	$ds['pictures'];

$publicadmin				=	$ds['publicadmin'];

$thumbwidth					=	$ds['thumbwidth'];  		if(empty($thumbwidth)) $thumbwidth = 120;

$usergalleries				=	$ds['usergalleries'];

$maxusergalleries			=	$ds['maxusergalleries'];

$default_language			=	$ds['default_language']; 	if(empty($default_language)) $default_language = 'uk';

$rss_default_language		=	$ds['default_language']; 	if(empty($rss_default_language)) $rss_default_language = 'uk';

$search_min_len				=	$ds['search_min_len']; 		if(empty($search_min_len)) $search_min_len = '4';

$autoresize 				= 	$ds['autoresize']; 			if(empty($autoresize)) $autoresize = 2;

$max_wrong_pw 				= 	$ds['max_wrong_pw']; 		if(empty($max_wrong_pw)) $max_wrong_pw = 3;

$lastBanCheck 				= 	$ds['bancheck']; 

$insertlinks				=	$ds['insertlinks'];

$new_chmod = 0666;



// -- STYLES -- //



$ergebnis=safe_query("SELECT * FROM ".PREFIX."styles");

$ds=mysql_fetch_array($ergebnis);



define('PAGEBG', $ds['bgpage']);

define('BORDER', $ds['border']);

define('BGHEAD', $ds['bghead']);

define('BGCAT', $ds['bgcat']);

define('BG_1', $ds['bg1']);

define('BG_2', $ds['bg2']);

define('BG_3', $ds['bg3']);

define('BG_4', $ds['bg4']);



$hp_title = stripslashes($ds['title']);

$pagebg = PAGEBG;

$border = BORDER;

$bghead = BGHEAD;

$bgcat  = BGCAT;



$wincolor = $ds['win'];

$loosecolor = $ds['loose'];

$drawcolor = $ds['draw'];

?>