]> git.vanrenterghem.biz Git - www.vanrenterghem.biz.git/blob - phpBB2_old/common.php
Baseline
[www.vanrenterghem.biz.git] / phpBB2_old / common.php
1 <?php
2 /***************************************************************************
3  *                                common.php
4  *                            -------------------
5  *   begin                : Saturday, Feb 23, 2001
6  *   copyright            : (C) 2001 The phpBB Group
7  *   email                : support@phpbb.com
8  *
9  *   $Id: common.php,v 1.74.2.14 2004/11/18 17:49:34 acydburn Exp $
10  *
11  ***************************************************************************/
13 /***************************************************************************
14  *
15  *   This program is free software; you can redistribute it and/or modify
16  *   it under the terms of the GNU General Public License as published by
17  *   the Free Software Foundation; either version 2 of the License, or
18  *   (at your option) any later version.
19  *
20  ***************************************************************************/
22 if ( !defined('IN_PHPBB') )
23 {
24         die("Hacking attempt");
25 }
27 //
28 error_reporting  (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
29 set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
31 // The following code (unsetting globals) was contributed by Matt Kavanagh
33 // PHP5 with register_long_arrays off?
34 if (!isset($HTTP_POST_VARS) && isset($_POST))
35 {
36         $HTTP_POST_VARS = $_POST;
37         $HTTP_GET_VARS = $_GET;
38         $HTTP_SERVER_VARS = $_SERVER;
39         $HTTP_COOKIE_VARS = $_COOKIE;
40         $HTTP_ENV_VARS = $_ENV;
41         $HTTP_POST_FILES = $_FILES;
43         // _SESSION is the only superglobal which is conditionally set
44         if (isset($_SESSION))
45         {
46                 $HTTP_SESSION_VARS = $_SESSION;
47         }
48 }
50 if (@phpversion() < '4.0.0')
51 {
52         // PHP3 path; in PHP3, globals are _always_ registered
53         
54         // We 'flip' the array of variables to test like this so that
55         // we can validate later with isset($test[$var]) (no in_array())
56         $test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL);
58         // Loop through each input array
59         @reset($test);
60         while (list($input,) = @each($test))
61         {
62                 while (list($var,) = @each($$input))
63                 {
64                         // Validate the variable to be unset
65                         if (!isset($test[$var]) && $var != 'test' && $var != 'input')
66                         {
67                                 unset($$var);
68                         }
69                 }
70         }
71 }
72 else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
73 {
74         // PHP4+ path
75         
76         // Not only will array_merge give a warning if a parameter
77         // is not an array, it will actually fail. So we check if
78         // HTTP_SESSION_VARS has been initialised.
79         if (!isset($HTTP_SESSION_VARS))
80         {
81                 $HTTP_SESSION_VARS = array();
82         }
84         // Merge all into one extremely huge array; unset
85         // this later
86         $input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);
88         unset($input['input']);
89         
90         while (list($var,) = @each($input))
91         {
92                 unset($$var);
93         }
94    
95         unset($input);
96 }
98 //
99 // addslashes to vars if magic_quotes_gpc is off
100 // this is a security precaution to prevent someone
101 // trying to break out of a SQL statement.
102 //
103 if( !get_magic_quotes_gpc() )
105         if( is_array($HTTP_GET_VARS) )
106         {
107                 while( list($k, $v) = each($HTTP_GET_VARS) )
108                 {
109                         if( is_array($HTTP_GET_VARS[$k]) )
110                         {
111                                 while( list($k2, $v2) = each($HTTP_GET_VARS[$k]) )
112                                 {
113                                         $HTTP_GET_VARS[$k][$k2] = addslashes($v2);
114                                 }
115                                 @reset($HTTP_GET_VARS[$k]);
116                         }
117                         else
118                         {
119                                 $HTTP_GET_VARS[$k] = addslashes($v);
120                         }
121                 }
122                 @reset($HTTP_GET_VARS);
123         }
125         if( is_array($HTTP_POST_VARS) )
126         {
127                 while( list($k, $v) = each($HTTP_POST_VARS) )
128                 {
129                         if( is_array($HTTP_POST_VARS[$k]) )
130                         {
131                                 while( list($k2, $v2) = each($HTTP_POST_VARS[$k]) )
132                                 {
133                                         $HTTP_POST_VARS[$k][$k2] = addslashes($v2);
134                                 }
135                                 @reset($HTTP_POST_VARS[$k]);
136                         }
137                         else
138                         {
139                                 $HTTP_POST_VARS[$k] = addslashes($v);
140                         }
141                 }
142                 @reset($HTTP_POST_VARS);
143         }
145         if( is_array($HTTP_COOKIE_VARS) )
146         {
147                 while( list($k, $v) = each($HTTP_COOKIE_VARS) )
148                 {
149                         if( is_array($HTTP_COOKIE_VARS[$k]) )
150                         {
151                                 while( list($k2, $v2) = each($HTTP_COOKIE_VARS[$k]) )
152                                 {
153                                         $HTTP_COOKIE_VARS[$k][$k2] = addslashes($v2);
154                                 }
155                                 @reset($HTTP_COOKIE_VARS[$k]);
156                         }
157                         else
158                         {
159                                 $HTTP_COOKIE_VARS[$k] = addslashes($v);
160                         }
161                 }
162                 @reset($HTTP_COOKIE_VARS);
163         }
166 //
167 // Define some basic configuration arrays this also prevents
168 // malicious rewriting of language and otherarray values via
169 // URI params
170 //
171 $board_config = array();
172 $userdata = array();
173 $theme = array();
174 $images = array();
175 $lang = array();
176 $nav_links = array();
177 $gen_simple_header = FALSE;
179 include($phpbb_root_path . 'config.'.$phpEx);
181 if( !defined("PHPBB_INSTALLED") )
183         header("Location: install/install.$phpEx");
184         exit;
187 include($phpbb_root_path . 'includes/constants.'.$phpEx);
188 include($phpbb_root_path . 'includes/template.'.$phpEx);
189 include($phpbb_root_path . 'includes/sessions.'.$phpEx);
190 include($phpbb_root_path . 'includes/auth.'.$phpEx);
191 include($phpbb_root_path . 'includes/functions.'.$phpEx);
192 include($phpbb_root_path . 'includes/db.'.$phpEx);
194 //
195 // Obtain and encode users IP
196 //
197 // I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as
198 // private range IP's appearing instead of the guilty routable IP, tough, don't
199 // even bother complaining ... go scream and shout at the idiots out there who feel
200 // "clever" is doing harm rather than good ... karma is a great thing ... :)
201 //
202 $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
203 $user_ip = encode_ip($client_ip);
205 //
206 // Setup forum wide options, if this fails
207 // then we output a CRITICAL_ERROR since
208 // basic forum information is not available
209 //
210 $sql = "SELECT *
211         FROM " . CONFIG_TABLE;
212 if( !($result = $db->sql_query($sql)) )
214         message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql);
217 while ( $row = $db->sql_fetchrow($result) )
219         $board_config[$row['config_name']] = $row['config_value'];
222 if (file_exists('install') || file_exists('contrib'))
224         message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted');
227 //
228 // Show 'Board is disabled' message if needed.
229 //
230 if( $board_config['board_disable'] && !defined("IN_ADMIN") && !defined("IN_LOGIN") )
232         message_die(GENERAL_MESSAGE, 'Board_disable', 'Information');
235 ?>