phpBB2_old/common.php

   1 <?php
   2 /***************************************************************************
   3  *                                common.php
   4  *                            -------------------
   5  *   begin                : Saturday, Feb 23, 2001
   6  *   copyright            : (C) 2001 The phpBB Group
   7  *   email                : support@phpbb.com
   8  *
   9  *   $Id: common.php,v 1.74.2.14 2004/11/18 17:49:34 acydburn Exp $
  10  *
  11  ***************************************************************************/
  12
  13 /***************************************************************************
  14  *
  15  *   This program is free software; you can redistribute it and/or modify
  16  *   it under the terms of the GNU General Public License as published by
  17  *   the Free Software Foundation; either version 2 of the License, or
  18  *   (at your option) any later version.
  19  *
  20  ***************************************************************************/
  21
  22 if ( !defined('IN_PHPBB') )
  23 {
  24         die("Hacking attempt");
  25 }
  26
  27 //
  28 error_reporting  (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
  29 set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
  30
  31 // The following code (unsetting globals) was contributed by Matt Kavanagh
  32
  33 // PHP5 with register_long_arrays off?
  34 if (!isset($HTTP_POST_VARS) && isset($_POST))
  35 {
  36         $HTTP_POST_VARS = $_POST;
  37         $HTTP_GET_VARS = $_GET;
  38         $HTTP_SERVER_VARS = $_SERVER;
  39         $HTTP_COOKIE_VARS = $_COOKIE;
  40         $HTTP_ENV_VARS = $_ENV;
  41         $HTTP_POST_FILES = $_FILES;
  42
  43         // _SESSION is the only superglobal which is conditionally set
  44         if (isset($_SESSION))
  45         {
  46                 $HTTP_SESSION_VARS = $_SESSION;
  47         }
  48 }
  49
  50 if (@phpversion() < '4.0.0')
  51 {
  52         // PHP3 path; in PHP3, globals are _always_ registered
  53
  54         // We 'flip' the array of variables to test like this so that
  55         // we can validate later with isset($test[$var]) (no in_array())
  56         $test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL);
  57
  58         // Loop through each input array
  59         @reset($test);
  60         while (list($input,) = @each($test))
  61         {
  62                 while (list($var,) = @each($$input))
  63                 {
  64                         // Validate the variable to be unset
  65                         if (!isset($test[$var]) && $var != 'test' && $var != 'input')
  66                         {
  67                                 unset($$var);
  68                         }
  69                 }
  70         }
  71 }
  72 else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
  73 {
  74         // PHP4+ path
  75
  76         // Not only will array_merge give a warning if a parameter
  77         // is not an array, it will actually fail. So we check if
  78         // HTTP_SESSION_VARS has been initialised.
  79         if (!isset($HTTP_SESSION_VARS))
  80         {
  81                 $HTTP_SESSION_VARS = array();
  82         }
  83
  84         // Merge all into one extremely huge array; unset
  85         // this later
  86         $input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);
  87
  88         unset($input['input']);
  89
  90         while (list($var,) = @each($input))
  91         {
  92                 unset($$var);
  93         }
  94
  95         unset($input);
  96 }
  97
  98 //
  99 // addslashes to vars if magic_quotes_gpc is off
 100 // this is a security precaution to prevent someone
 101 // trying to break out of a SQL statement.
 102 //
 103 if( !get_magic_quotes_gpc() )
 104 {
 105         if( is_array($HTTP_GET_VARS) )
 106         {
 107                 while( list($k, $v) = each($HTTP_GET_VARS) )
 108                 {
 109                         if( is_array($HTTP_GET_VARS[$k]) )
 110                         {
 111                                 while( list($k2, $v2) = each($HTTP_GET_VARS[$k]) )
 112                                 {
 113                                         $HTTP_GET_VARS[$k][$k2] = addslashes($v2);
 114                                 }
 115                                 @reset($HTTP_GET_VARS[$k]);
 116                         }
 117                         else
 118                         {
 119                                 $HTTP_GET_VARS[$k] = addslashes($v);
 120                         }
 121                 }
 122                 @reset($HTTP_GET_VARS);
 123         }
 124
 125         if( is_array($HTTP_POST_VARS) )
 126         {
 127                 while( list($k, $v) = each($HTTP_POST_VARS) )
 128                 {
 129                         if( is_array($HTTP_POST_VARS[$k]) )
 130                         {
 131                                 while( list($k2, $v2) = each($HTTP_POST_VARS[$k]) )
 132                                 {
 133                                         $HTTP_POST_VARS[$k][$k2] = addslashes($v2);
 134                                 }
 135                                 @reset($HTTP_POST_VARS[$k]);
 136                         }
 137                         else
 138                         {
 139                                 $HTTP_POST_VARS[$k] = addslashes($v);
 140                         }
 141                 }
 142                 @reset($HTTP_POST_VARS);
 143         }
 144
 145         if( is_array($HTTP_COOKIE_VARS) )
 146         {
 147                 while( list($k, $v) = each($HTTP_COOKIE_VARS) )
 148                 {
 149                         if( is_array($HTTP_COOKIE_VARS[$k]) )
 150                         {
 151                                 while( list($k2, $v2) = each($HTTP_COOKIE_VARS[$k]) )
 152                                 {
 153                                         $HTTP_COOKIE_VARS[$k][$k2] = addslashes($v2);
 154                                 }
 155                                 @reset($HTTP_COOKIE_VARS[$k]);
 156                         }
 157                         else
 158                         {
 159                                 $HTTP_COOKIE_VARS[$k] = addslashes($v);
 160                         }
 161                 }
 162                 @reset($HTTP_COOKIE_VARS);
 163         }
 164 }
 165
 166 //
 167 // Define some basic configuration arrays this also prevents
 168 // malicious rewriting of language and otherarray values via
 169 // URI params
 170 //
 171 $board_config = array();
 172 $userdata = array();
 173 $theme = array();
 174 $images = array();
 175 $lang = array();
 176 $nav_links = array();
 177 $gen_simple_header = FALSE;
 178
 179 include($phpbb_root_path . 'config.'.$phpEx);
 180
 181 if( !defined("PHPBB_INSTALLED") )
 182 {
 183         header("Location: install/install.$phpEx");
 184         exit;
 185 }
 186
 187 include($phpbb_root_path . 'includes/constants.'.$phpEx);
 188 include($phpbb_root_path . 'includes/template.'.$phpEx);
 189 include($phpbb_root_path . 'includes/sessions.'.$phpEx);
 190 include($phpbb_root_path . 'includes/auth.'.$phpEx);
 191 include($phpbb_root_path . 'includes/functions.'.$phpEx);
 192 include($phpbb_root_path . 'includes/db.'.$phpEx);
 193
 194 //
 195 // Obtain and encode users IP
 196 //
 197 // I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as
 198 // private range IP's appearing instead of the guilty routable IP, tough, don't
 199 // even bother complaining ... go scream and shout at the idiots out there who feel
 200 // "clever" is doing harm rather than good ... karma is a great thing ... :)
 201 //
 202 $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
 203 $user_ip = encode_ip($client_ip);
 204
 205 //
 206 // Setup forum wide options, if this fails
 207 // then we output a CRITICAL_ERROR since
 208 // basic forum information is not available
 209 //
 210 $sql = "SELECT *
 211         FROM " . CONFIG_TABLE;
 212 if( !($result = $db->sql_query($sql)) )
 213 {
 214         message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql);
 215 }
 216
 217 while ( $row = $db->sql_fetchrow($result) )
 218 {
 219         $board_config[$row['config_name']] = $row['config_value'];
 220 }
 221
 222 if (file_exists('install') || file_exists('contrib'))
 223 {
 224         message_die(GENERAL_MESSAGE, 'Please ensure both the install/ and contrib/ directories are deleted');
 225 }
 226
 227 //
 228 // Show 'Board is disabled' message if needed.
 229 //
 230 if( $board_config['board_disable'] && !defined("IN_ADMIN") && !defined("IN_LOGIN") )
 231 {
 232         message_die(GENERAL_MESSAGE, 'Board_disable', 'Information');
 233 }
 234
 235 ?>