/hosting_project/ws_versions/ws1/_settings.php
PHP | 323 lines | 32 code | 17 blank | 274 comment | 8 complexity | 851163bce04e0153d522a5b5f4f5bcd2 MD5 | raw file
- <?php
- /*
- ##########################################################################
- # #
- # Version 4 / / / #
- # -----------__---/__---__------__----__---/---/- #
- # | /| / /___) / ) (_ ` / ) /___) / / #
- # _|/_|/__(___ _(___/_(__)___/___/_(___ _/___/___ #
- # Free Content / Management System #
- # / #
- # #
- # #
- # Copyright 2005-2010 by webspell.org #
- # #
- # visit webSPELL.org, webspell.info to get webSPELL for free #
- # - Script runs under the GNU GENERAL PUBLIC LICENSE #
- # - It's NOT allowed to remove this copyright-tag #
- # -- http://www.fsf.org/licensing/licenses/gpl.html #
- # #
- # Code based on WebSPELL Clanpackage (Michael Gruber - webspell.at), #
- # Far Development by Development Team - webspell.org #
- # #
- # visit webspell.org #
- # #
- ##########################################################################
-
- ##########################################################################
- # #
- # Version 4 / / / #
- # -----------__---/__---__------__----__---/---/- #
- # | /| / /___) / ) (_ ` / ) /___) / / #
- # _|/_|/__(___ _(___/_(__)___/___/_(___ _/___/___ #
- # Society / Edition #
- # / #
- # #
- # modified by webspell|k3rmit (Stefan Giesecke) in 2009 #
- # #
- # - Modifications are released under the GNU GENERAL PUBLIC LICENSE #
- # - It is NOT allowed to remove this copyright-tag #
- # - http://www.fsf.org/licensing/licenses/gpl.html #
- # #
- ##########################################################################
- */
-
- ini_set('session.use_trans_sid', 0);
- ini_set('session.use_cookies', 1);
- ini_set('session.use_only_cookie', 1);
-
- // -- ERROR REPORTING -- //
-
- define('DEBUG', "OFF");
- error_reporting(0); // 0 = public mode, E_ALL = development-mode
-
- // -- SET ENCODING FOR MB-FUNCTIONS -- //
-
- mb_internal_encoding("UTF-8");
-
- // -- SET ENCODING
-
- header('content-type: text/html; charset=utf-8');
-
- // -- CONNECTION TO MYSQL -- //
-
- mysql_connect($host, $user, $pwd) or system_error('ERROR: Can not connect to MySQL-Server');
- mysql_select_db($db) or system_error('ERROR: Can not connect to database "'.$db.'"');
-
- mysql_query("SET NAMES 'utf8'");
-
- // -- GENERAL PROTECTIONS -- //
-
- function globalskiller() { // kills all non-system variables
-
- $global = array('GLOBALS', '_POST', '_GET', '_COOKIE', '_FILES', '_SERVER', '_ENV', '_REQUEST', '_SESSION');
- foreach ($GLOBALS as $key=>$val) {
- if(!in_array($key, $global)) {
- if(is_array($val)) unset_array($GLOBALS[$key]);
- else unset($GLOBALS[$key]);
- }
- }
- }
-
- function unset_array($array) {
-
- foreach($array as $key) {
- if(is_array($key)) unset_array($key);
- else unset($key);
- }
- }
-
- globalskiller();
-
- if(isset($_GET['site'])) $site=$_GET['site'];
- else $site= null;
- if($site!="search") {
- $request=strtolower(urldecode($_SERVER['QUERY_STRING']));
- $protarray=array("union","select","into","where","update ","from","/*","set ",PREFIX."user ",PREFIX."user(",PREFIX."user`",PREFIX."user_groups","phpinfo",
- "escapeshellarg","exec","fopen","fwrite","escapeshellcmd","passthru","proc_close","proc_get_status","proc_nice",
- "proc_open","proc_terminate","shell_exec","system","telnet","ssh","cmd","mv","chmod","chdir","locate","killall",
- "passwd","kill","script","bash","perl","mysql","~root",".history","~nobody","getenv"
- );
- $check=str_replace($protarray, '*', $request);
- if($request != $check) system_error("Invalid request detected.");
- }
-
- function security_slashes(&$array) {
- foreach($array as $key => $value) {
- if(is_array($array[$key])) {
- security_slashes($array[$key]);
- }
- else {
- if(get_magic_quotes_gpc()) {
- $tmp = stripslashes($value);
- }
- else {
- $tmp = $value;
- }
- if(function_exists("mysql_real_escape_string")) {
- $array[$key] = mysql_real_escape_string($tmp);
- }
- else {
- $array[$key] = addslashes($tmp);
- }
- unset($tmp);
- }
- }
- }
-
- security_slashes($_POST);
- security_slashes($_COOKIE);
- security_slashes($_GET);
- security_slashes($_REQUEST);
-
- // -- MYSQL QUERY FUNCTION -- //
-
- $_mysql_querys = array();
- function safe_query($query="") {
- if(stristr(str_replace(' ', '', $query), "unionselect")===FALSE AND stristr(str_replace(' ', '', $query), "union(select")===FALSE){
- if(empty($query)) return false;
- if(DEBUG == "OFF") $result = mysql_query($query) or die('Query failed!');
- else {
- $result = mysql_query($query) or die('Query failed: '
- .'<li>errorno='.mysql_errno()
- .'<li>error='.mysql_error()
- .'<li>query='.$query);
- }
- return $result;
- }
- else die();
- }
-
- // -- SYSTEM ERROR DISPLAY -- //
-
- function system_error($text,$system=1) {
- if($system) {
- include('version.php');
- $info='webSPELL Version: '.$version.'<br />PHP Version: '.phpversion().'<br />MySQL Version: '.mysql_get_server_info().'<br />';
- } else {
- $info = '';
- }
- die('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
- <meta name="description" content="Website using webSPELL 4 CMS - Society Edition" />
- <meta name="author" content="webspell.org" />
- <meta name="keywords" content="webspell, webspell4, cms, society, edition" />
- <meta name="copyright" content="Copyright © 2005 - 2009 by webspell.org" />
- <meta name="generator" content="webSPELL" />
- <title>webSPELL</title>
- </head>
- <body>
- <center>
- <table border="0" cellpadding="1" cellspacing="1" bgcolor="#eeeeee">
- <tr>
- <td><a href="http://www.webspell.org" target="_blank"><img src="images/banner.gif" style="border:none;" alt="webSPELL.org" title="webSPELL.org" /></a></td>
- </tr>
- <tr bgcolor="#ffffff">
- <td><div style="color:#333333;font-family:Tahoma,Verdana,Arial;font-size:11px;padding:5px;">'.$info.'<br /><font color="red">'.$text.'</font><br /> </div></td>
- </tr>
- <tr bgcolor="#ffffff">
- <td><div style="color:#333333;font-family:Tahoma,Verdana,Arial;font-size:11px;padding:5px;">For support visit <a href="http://webspell.org" target="_blank">webspell.org</a></div></td>
- </tr>
- </table>
- </center>
- </body>
- </html>');
- }
-
- // -- BOX MODULES INCLUDE -- //
- function boxinclude($placeholder){
- global $index_language, $_language, $latestarticles, $userID, $maxlatesttopics, $border, $maxlatesttopicchars, $maxposts, $loggedin, $topnewsID, $maxheadlines, $maxtopnewschars, $maxheadlinechars, $maxresults, $maxupcoming, $sbrefresh, $bg1, $useraccessgroups;
-
- $_language_box = new Language;
- $_language_box->set_language($_language->language);
- $_language_box->db_read_module('boxmodule');
-
- $result=safe_query("SELECT modules_boxedID, filename, placeholder, activated, access FROM ".PREFIX."modules_boxed WHERE placeholder=".$placeholder);
- $any=mysql_num_rows($result);
- if($any){ //box module definition is available
- $row=mysql_fetch_array($result);
- if($row['activated']==1){ //module is activated
- if(file_exists($row['filename'])){ //given file in box module definition exists
- if(hasaccess($row['access'], $useraccessgroups)){
- $boxmodulename=$_language_box->module[$row['modules_boxedID']];
- eval("\$boxmodule_head = \"".gettemplate("boxmodule_head")."\";");
- echo $boxmodule_head;
-
- include($row['filename']);
-
- eval("\$boxmodule_foot = \"".gettemplate("boxmodule_foot")."\";");
- echo $boxmodule_foot;
- }
- }
- else{ //given file in box module definition does not exist
- echo $index_language['modbox_not_available'];
- eval("\$boxmodule_foot = \"".gettemplate("boxmodule_foot")."\";");
- echo $boxmodule_foot;
- }
- }
- else{ //module is not activated
-
- }
- }
- else{ //box module definition is not available
-
- }
- }
-
- // -- SYSTEM FILE INCLUDE -- //
-
- function systeminc($file) {
- if(!include('src/'.$file.'.php')) system_error('Could not get system file for '.$file);
- }
-
- // -- IGNORED USERS -- //
-
- function isignored($userID, $buddy) {
- $anz=mysql_num_rows(safe_query("SELECT userID FROM ".PREFIX."buddys WHERE buddy='$buddy' AND userID='$userID' "));
- if($anz) {
- $ergebnis=safe_query("SELECT * FROM ".PREFIX."buddys WHERE buddy='$buddy' AND userID='$userID' ");
- $ds=mysql_fetch_array($ergebnis);
- if($ds['banned']==1) return 1;
- else return 0;
- }
- else return 0;
- }
-
- // -- GLOBAL SETTINGS -- //
-
- $ds = mysql_fetch_array(safe_query("SELECT * FROM ".PREFIX."settings"));
-
- $maxshownnews = $ds['news']; if(empty($maxshownnews)) $maxshownnews = 10;
- $maxnewsarchiv = $ds['newsarchiv']; if(empty($maxnewsarchiv)) $maxnewsarchiv = 20;
- $maxheadlines = $ds['headlines']; if(empty($maxheadlines)) $maxheadlines = 10;
- $maxheadlinechars = $ds['headlineschars']; if(empty($maxheadlinechars)) $maxheadlinechars = 18;
- $maxtopnewschars = $ds['topnewschars']; if(empty($maxtopnewschars)) $maxtopnewschars = 200;
- $maxarticles = $ds['articles']; if(empty($maxarticles)) $maxarticles = 20;
- $latestarticles = $ds['latestarticles']; if(empty($latestarticles)) $latestarticles = 5;
- $articleschars = $ds['articleschars']; if(empty($articleschars)) $articleschars = 18;
- $maxguestbook = $ds['guestbook']; if(empty($maxguestbook)) $maxguestbook = 20;
- $maxshoutbox = $ds['shoutbox']; if(empty($maxshoutbox)) $maxshoutbox = 5;
- $maxsball = $ds['sball']; if(empty($latestarticles)) $latestarticles = 5;
- $sbrefresh = $ds['sbrefresh']; if(empty($sbrefresh)) $sbrefresh = 60;
- $maxtopics = $ds['topics']; if(empty($maxtopics)) $maxtopics = 20;
- $maxposts = $ds['posts']; if(empty($maxposts)) $maxposts = 10;
- $maxlatesttopics = $ds['latesttopics']; if(empty($maxlatesttopics)) $maxlatesttopics = 10;
- $maxlatesttopicchars = $ds['latesttopicchars']; if(empty($maxlatesttopicchars)) $maxlatesttopicchars = 18;
- $maxfeedback = $ds['feedback']; if(empty($maxfeedback)) $maxfeedback = 5;
- $maxmessages = $ds['messages']; if(empty($maxmessages)) $maxmessages = 5;
- $maxusers = $ds['users']; if(empty($maxusers)) $maxusers = 5;
- $maxboxmodules = $ds['maxboxmodules'];
- $hp_url = $ds['hpurl'];
- $admin_name = $ds['adminname'];
- $admin_email = $ds['adminemail'];
- $myclantag = $ds['clantag'];
- $myclanname = $ds['clanname'];
- $maxarticles = $ds['articles']; if(empty($maxarticles)) $maxarticles = 5;
- $profilelast = $ds['profilelast']; if(empty($profilelast)) $profilelast = 20;
- $topnewsID = $ds['topnewsID'];
- $sessionduration = $ds['sessionduration']; if(empty($sessionduration)) $sessionduration = 24;
- $closed = (int)$ds['closed'];
- $gb_info = $ds['gb_info'];
- $imprint_type = $ds['imprint'];
- $picsize_l = $ds['picsize_l']; if(empty($picsize_l)) $picsize_l = 9999;
- $picsize_h = $ds['picsize_h']; if(empty($picsize_h)) $picsize_h = 9999;
- $gallerypictures = $ds['pictures'];
- $publicadmin = $ds['publicadmin'];
- $thumbwidth = $ds['thumbwidth']; if(empty($thumbwidth)) $thumbwidth = 120;
- $usergalleries = $ds['usergalleries'];
- $maxusergalleries = $ds['maxusergalleries'];
- $default_language = $ds['default_language']; if(empty($default_language)) $default_language = 'uk';
- $rss_default_language = $ds['default_language']; if(empty($rss_default_language)) $rss_default_language = 'uk';
- $search_min_len = $ds['search_min_len']; if(empty($search_min_len)) $search_min_len = '4';
- $autoresize = $ds['autoresize']; if(empty($autoresize)) $autoresize = 2;
- $max_wrong_pw = $ds['max_wrong_pw']; if(empty($max_wrong_pw)) $max_wrong_pw = 3;
- $lastBanCheck = $ds['bancheck'];
- $insertlinks = $ds['insertlinks'];
- $new_chmod = 0666;
-
- // -- STYLES -- //
-
- $ergebnis=safe_query("SELECT * FROM ".PREFIX."styles");
- $ds=mysql_fetch_array($ergebnis);
-
- define('PAGEBG', $ds['bgpage']);
- define('BORDER', $ds['border']);
- define('BGHEAD', $ds['bghead']);
- define('BGCAT', $ds['bgcat']);
- define('BG_1', $ds['bg1']);
- define('BG_2', $ds['bg2']);
- define('BG_3', $ds['bg3']);
- define('BG_4', $ds['bg4']);
-
- $hp_title = stripslashes($ds['title']);
- $pagebg = PAGEBG;
- $border = BORDER;
- $bghead = BGHEAD;
- $bgcat = BGCAT;
-
- $wincolor = $ds['win'];
- $loosecolor = $ds['loose'];
- $drawcolor = $ds['draw'];
- ?>