Context Navigation

source: temp/test-xoops.ec-cube.net/html/include/common.php @ 405

Visit:

Revision 405, 16.5 KB checked in by root, 20 years ago (diff)

Line
1	<?php
2	// $Id: common.php,v 1.6.2.1 2005/08/25 03:16:50 minahito Exp $
3	// ------------------------------------------------------------------------ //
4	// XOOPS - PHP Content Management System //
5	// Copyright (c) 2000 XOOPS.org //
6	// <http://www.xoops.org/> //
7	// ------------------------------------------------------------------------ //
8	// This program is free software; you can redistribute it and/or modify //
9	// it under the terms of the GNU General Public License as published by //
10	// the Free Software Foundation; either version 2 of the License, or //
11	// (at your option) any later version. //
12	// //
13	// You may not change or alter any portion of this comment or credits //
14	// of supporting developers from this source code or any supporting //
15	// source code which is considered copyrighted (c) material of the //
16	// original comment or credit authors. //
17	// //
18	// This program is distributed in the hope that it will be useful, //
19	// but WITHOUT ANY WARRANTY; without even the implied warranty of //
20	// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
21	// GNU General Public License for more details. //
22	// //
23	// You should have received a copy of the GNU General Public License //
24	// along with this program; if not, write to the Free Software //
25	// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
26	// ------------------------------------------------------------------------ //
27
28	if (!defined("XOOPS_MAINFILE_INCLUDED")) {
29	exit();
30	} else {
31	foreach (array('GLOBALS', '_SESSION', 'HTTP_SESSION_VARS', '_GET', 'HTTP_GET_VARS', '_POST', 'HTTP_POST_VARS', '_COOKIE', 'HTTP_COOKIE_VARS', '_REQUEST', '_SERVER', 'HTTP_SERVER_VARS', '_ENV', 'HTTP_ENV_VARS', '_FILES', 'HTTP_POST_FILES', 'xoopsDB', 'xoopsUser', 'xoopsUserId', 'xoopsUserGroups', 'xoopsUserIsAdmin', 'xoopsConfig', 'xoopsOption', 'xoopsModule', 'xoopsModuleConfig') as $bad_global) {
32	if (isset($_REQUEST[$bad_global])) {
33	header('Location: '.XOOPS_URL.'/');
34	exit();
35	}
36	}
37	// ############## Activate error handler ##############
38	include_once XOOPS_ROOT_PATH . '/class/errorhandler.php';
39	$xoopsErrorHandler =& XoopsErrorHandler::getInstance();
40	// Turn on error handler by default (until config value obtained from DB)
41	$xoopsErrorHandler->activate(true);
42
43	define("XOOPS_SIDEBLOCK_LEFT",0);
44	define("XOOPS_SIDEBLOCK_RIGHT",1);
45	define("XOOPS_SIDEBLOCK_BOTH",2);
46	define("XOOPS_CENTERBLOCK_LEFT",3);
47	define("XOOPS_CENTERBLOCK_RIGHT",4);
48	define("XOOPS_CENTERBLOCK_CENTER",5);
49	define("XOOPS_CENTERBLOCK_ALL",6);
50	define("XOOPS_BLOCK_INVISIBLE",0);
51	define("XOOPS_BLOCK_VISIBLE",1);
52	define("XOOPS_MATCH_START",0);
53	define("XOOPS_MATCH_END",1);
54	define("XOOPS_MATCH_EQUAL",2);
55	define("XOOPS_MATCH_CONTAIN",3);
56	define("SMARTY_DIR", XOOPS_ROOT_PATH."/class/smarty/");
57	define("XOOPS_CACHE_PATH", XOOPS_ROOT_PATH."/cache");
58	define("XOOPS_UPLOAD_PATH", XOOPS_ROOT_PATH."/uploads");
59	define("XOOPS_THEME_PATH", XOOPS_ROOT_PATH."/themes");
60	define("XOOPS_COMPILE_PATH", XOOPS_ROOT_PATH."/templates_c");
61	define("XOOPS_THEME_URL", XOOPS_URL."/themes");
62	define("XOOPS_UPLOAD_URL", XOOPS_URL."/uploads");
63	set_magic_quotes_runtime(0);
64	include_once XOOPS_ROOT_PATH.'/class/logger.php';
65	$xoopsLogger =& XoopsLogger::instance();
66	$xoopsLogger->startTime();
67	if (!defined('XOOPS_XMLRPC')) {
68	define('XOOPS_DB_CHKREF', 1);
69	} else {
70	define('XOOPS_DB_CHKREF', 0);
71	}
72
73	// ############## Include common functions file ##############
74	include_once XOOPS_ROOT_PATH.'/include/functions.php';
75
76	// #################### Connect to DB ##################
77	require_once XOOPS_ROOT_PATH.'/class/database/databasefactory.php';
78	if ($_SERVER['REQUEST_METHOD'] != 'POST' \|\| !xoops_refcheck(XOOPS_DB_CHKREF)) {
79	define('XOOPS_DB_PROXY', 1);
80	}
81	$xoopsDB =& XoopsDatabaseFactory::getDatabaseConnection();
82
83	// ################# Include required files ##############
84	require_once XOOPS_ROOT_PATH.'/kernel/object.php';
85	require_once XOOPS_ROOT_PATH.'/class/criteria.php';
86	require_once XOOPS_ROOT_PATH.'/class/token.php';
87
88	// for xoops.org 2.0.10 compatibility
89	require_once XOOPS_ROOT_PATH.'/class/xoopssecurity.php';
90	$xoopsSecurity = new XoopsSecurity();
91
92	// #################### Include text sanitizer ##################
93	include_once XOOPS_ROOT_PATH."/class/module.textsanitizer.php";
94
95	// ################# Load Config Settings ##############
96	$config_handler =& xoops_gethandler('config');
97	$xoopsConfig =& $config_handler->getConfigsByCat(XOOPS_CONF);
98
99	// #################### Error reporting settings ##################
100	error_reporting(0);
101
102	if ($xoopsConfig['debug_mode'] == 1) {
103	error_reporting(E_ALL);
104	} else {
105	// Turn off error handler
106	$xoopsErrorHandler->activate(false);
107	}
108
109	if ($xoopsConfig['enable_badips'] == 1 && isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] != '') {
110	foreach ($xoopsConfig['bad_ips'] as $bi) {
111	if (!empty($bi) && preg_match("/".$bi."/", $_SERVER['REMOTE_ADDR'])) {
112	exit();
113	}
114	}
115	}
116	unset($bi);
117	unset($bad_ips);
118	unset($xoopsConfig['badips']);
119
120	// ################# Include version info file ##############
121	include_once XOOPS_ROOT_PATH."/include/version.php";
122
123	// for older versions...will be DEPRECATED!
124	$xoopsConfig['xoops_url'] = XOOPS_URL;
125	$xoopsConfig['root_path'] = XOOPS_ROOT_PATH."/";
126
127
128	// #################### Include site-wide lang file ##################
129	if ( file_exists(XOOPS_ROOT_PATH."/language/".$xoopsConfig['language']."/global.php") ) {
130	include_once XOOPS_ROOT_PATH."/language/".$xoopsConfig['language']."/global.php";
131	} else {
132	include_once XOOPS_ROOT_PATH."/language/english/global.php";
133	}
134
135	// ################ Include page-specific lang file ################
136	if (isset($xoopsOption['pagetype']) && false === strpos($xoopsOption['pagetype'], '.')) {
137	if ( file_exists(XOOPS_ROOT_PATH."/language/".$xoopsConfig['language']."/".$xoopsOption['pagetype'].".php") ) {
138	include_once XOOPS_ROOT_PATH."/language/".$xoopsConfig['language']."/".$xoopsOption['pagetype'].".php";
139	} else {
140	include_once XOOPS_ROOT_PATH."/language/english/".$xoopsOption['pagetype'].".php";
141	}
142	}
143	$xoopsOption = array();
144
145	if ( !defined("XOOPS_USE_MULTIBYTES") ) {
146	define("XOOPS_USE_MULTIBYTES",0);
147	}
148
149	/**#@+
150	* Host abstraction layer
151	*/
152	if ( !isset($_SERVER['PATH_TRANSLATED']) && isset($_SERVER['SCRIPT_FILENAME']) ) {
153	$_SERVER['PATH_TRANSLATED'] =& $_SERVER['SCRIPT_FILENAME']; // For Apache CGI
154	} elseif ( isset($_SERVER['PATH_TRANSLATED']) && !isset($_SERVER['SCRIPT_FILENAME']) ) {
155	$_SERVER['SCRIPT_FILENAME'] =& $_SERVER['PATH_TRANSLATED']; // For IIS/2K now I think :-(
156	}
157
158	if (empty($_SERVER['REQUEST_URI'])) { // Not defined by IIS
159	// Under some configs, IIS makes SCRIPT_NAME point to php.exe :-(
160	if ( !( $_SERVER[ 'REQUEST_URI' ] = @$_SERVER['PHP_SELF'] ) ) {
161	$_SERVER[ 'REQUEST_URI' ] = $_SERVER['SCRIPT_NAME'];
162	}
163	if ( isset( $_SERVER[ 'QUERY_STRING' ] ) ) {
164	$_SERVER[ 'REQUEST_URI' ] .= '?' . $_SERVER[ 'QUERY_STRING' ];
165	}
166
167	// Guard for XSS string of PHP_SELF
168	if(preg_match("/[\<\>\"\'\(\)]/",$_SERVER['REQUEST_URI']))
169	die();
170	}
171	$xoopsRequestUri = $_SERVER[ 'REQUEST_URI' ]; // Deprecated (use the corrected $_SERVER variable now)
172	/*#@-/
173
174	// ############## Login a user with a valid session ##############
175	$xoopsUser = '';
176	$xoopsUserIsAdmin = false;
177	$member_handler =& xoops_gethandler('member');
178	$sess_handler =& xoops_gethandler('session');
179	if ($xoopsConfig['use_ssl'] && isset($_POST[$xoopsConfig['sslpost_name']]) && $_POST[$xoopsConfig['sslpost_name']] != '') {
180	session_id($_POST[$xoopsConfig['sslpost_name']]);
181	} elseif ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
182	if (isset($_COOKIE[$xoopsConfig['session_name']])) {
183	session_id($_COOKIE[$xoopsConfig['session_name']]);
184	} else {
185	// no custom session cookie set, destroy session if any
186	$_SESSION = array();
187	//session_destroy();
188	}
189	@ini_set('session.gc_maxlifetime', $xoopsConfig['session_expire'] * 60);
190	}
191	session_set_save_handler(array(&$sess_handler, 'open'), array(&$sess_handler, 'close'), array(&$sess_handler, 'read'), array(&$sess_handler, 'write'), array(&$sess_handler, 'destroy'), array(&$sess_handler, 'gc'));
192	session_start();
193
194	// autologin hack GIJ
195	if(empty($_SESSION['xoopsUserId']) && isset($_COOKIE['autologin_uname']) && isset($_COOKIE['autologin_pass'])) {
196
197	// autologin V2 GIJ
198	if( ! empty( $_POST ) ) {
199	$_SESSION['AUTOLOGIN_POST'] = $_POST ;
200	$_SESSION['AUTOLOGIN_REQUEST_URI'] = $_SERVER['REQUEST_URI'] ;
201	redirect_header( XOOPS_URL . '/session_confirm.php' , 0 , ' ' ) ;
202	} else if( ! empty( $_SERVER['QUERY_STRING'] ) && substr( $_SERVER['SCRIPT_NAME'] , -19 ) != 'session_confirm.php') {
203	$_SESSION['AUTOLOGIN_REQUEST_URI'] = $_SERVER['REQUEST_URI'] ;
204	redirect_header( XOOPS_URL . '/session_confirm.php' , 0 , ' ' ) ;
205	}
206	// end of autologin V2
207
208	// redirect to XOOPS_URL/ when query string exists (anti-CSRF) V1 code
209	/* if( ! empty( $_SERVER['QUERY_STRING'] ) ) {
210	redirect_header( XOOPS_URL . '/' , 0 , 'Now, logging in automatically' ) ;
211	exit ;
212	}*/
213
214	$myts =& MyTextSanitizer::getInstance();
215	$uname = $myts->stripSlashesGPC($_COOKIE['autologin_uname']);
216	$pass = $myts->stripSlashesGPC($_COOKIE['autologin_pass']);
217	if( empty( $uname ) \|\| is_numeric( $pass ) ) $user = false ;
218	else {
219	// V3
220	$uname4sql = addslashes( $uname ) ;
221	$criteria = new CriteriaCompo(new Criteria('uname', $uname4sql ));
222	$user_handler =& xoops_gethandler('user');
223	$users =& $user_handler->getObjects($criteria, false);
224	if( empty( $users ) \|\| count( $users ) != 1 ) $user = false ;
225	else {
226	// V3.1 begin
227	$user = $users[0] ;
228	$old_limit = time() - ( defined('XOOPS_AUTOLOGIN_LIFETIME') ? XOOPS_AUTOLOGIN_LIFETIME : 604800 ) ; // 1 week default
229	list( $old_Ynj , $old_encpass ) = explode( ':' , $pass ) ;
230	if( strtotime( $old_Ynj ) < $old_limit \|\| md5( $user->getVar('pass') . XOOPS_DB_PASS . XOOPS_DB_PREFIX . $old_Ynj ) != $old_encpass ) $user = false ;
231	// V3.1 end
232	}
233	unset( $users ) ;
234	}
235	$xoops_cookie_path = defined('XOOPS_COOKIE_PATH') ? XOOPS_COOKIE_PATH : preg_replace( '?http://[^/]+(/.*)$?' , "$1" , XOOPS_URL ) ;
236	if( $xoops_cookie_path == XOOPS_URL ) $xoops_cookie_path = '/' ;
237	if (false != $user && $user->getVar('level') > 0) {
238	// update time of last login
239	$user->setVar('last_login', time());
240	if (!$member_handler->insertUser($user, true)) {
241	}
242	//$_SESSION = array();
243	$_SESSION['xoopsUserId'] = $user->getVar('uid');
244	$_SESSION['xoopsUserGroups'] = $user->getGroups();
245	// begin newly added in 2004-11-30
246	$user_theme = $user->getVar('theme');
247	if (in_array($user_theme, $xoopsConfig['theme_set_allowed'])) {
248	$_SESSION['xoopsUserTheme'] = $user_theme;
249	}
250	// end newly added in 2004-11-30
251	// update autologin cookies
252	$expire = time() + ( defined('XOOPS_AUTOLOGIN_LIFETIME') ? XOOPS_AUTOLOGIN_LIFETIME : 604800 ) ; // 1 week default
253	setcookie('autologin_uname', $uname, $expire, $xoops_cookie_path, '', 0);
254	// V3.1
255	$Ynj = date( 'Y-n-j' ) ;
256	setcookie('autologin_pass', $Ynj . ':' . md5( $user->getVar('pass') . XOOPS_DB_PASS . XOOPS_DB_PREFIX . $Ynj ) , $expire, $xoops_cookie_path, '', 0);
257	} else {
258	setcookie('autologin_uname', '', time() - 3600, $xoops_cookie_path, '', 0);
259	setcookie('autologin_pass', '', time() - 3600, $xoops_cookie_path, '', 0);
260	}
261	}
262	// end of autologin hack GIJ
263
264	if (!empty($_SESSION['xoopsUserId'])) {
265	$xoopsUser =& $member_handler->getUser($_SESSION['xoopsUserId']);
266	if (!is_object($xoopsUser)) {
267	$xoopsUser = '';
268	$_SESSION = array();
269	} else {
270	if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
271	setcookie($xoopsConfig['session_name'], session_id(), time()+(60*$xoopsConfig['session_expire']), '/', '', 0);
272	}
273	$xoopsUser->setGroups($_SESSION['xoopsUserGroups']);
274	$xoopsUserIsAdmin = $xoopsUser->isAdmin();
275	}
276	}
277	if (!empty($_POST['xoops_theme_select']) && in_array($_POST['xoops_theme_select'], $xoopsConfig['theme_set_allowed'])) {
278	$xoopsConfig['theme_set'] = $_POST['xoops_theme_select'];
279	$_SESSION['xoopsUserTheme'] = $_POST['xoops_theme_select'];
280	} elseif (!empty($_SESSION['xoopsUserTheme']) && in_array($_SESSION['xoopsUserTheme'], $xoopsConfig['theme_set_allowed'])) {
281	$xoopsConfig['theme_set'] = $_SESSION['xoopsUserTheme'];
282	}
283
284	if ($xoopsConfig['closesite'] == 1) {
285	$allowed = false;
286	if (is_object($xoopsUser)) {
287	foreach ($xoopsUser->getGroups() as $group) {
288	if (in_array($group, $xoopsConfig['closesite_okgrp']) \|\| XOOPS_GROUP_ADMIN == $group) {
289	$allowed = true;
290	break;
291	}
292	}
293	} elseif (!empty($_POST['xoops_login'])) {
294	include_once XOOPS_ROOT_PATH.'/include/checklogin.php';
295	exit();
296	}
297	if (!$allowed) {
298	include_once XOOPS_ROOT_PATH.'/class/template.php';
299	$xoopsTpl = new XoopsTpl();
300	$xoopsTpl->assign(array('xoops_sitename' => htmlspecialchars($xoopsConfig['sitename']), 'xoops_themecss' => xoops_getcss(), 'xoops_imageurl' => XOOPS_THEME_URL.'/'.$xoopsConfig['theme_set'].'/', 'lang_login' => _LOGIN, 'lang_username' => _USERNAME, 'lang_password' => _PASSWORD, 'lang_siteclosemsg' => $xoopsConfig['closesite_text']));
301	$xoopsTpl->xoops_setCaching(1);
302	$xoopsTpl->display('db:system_siteclosed.html');
303	exit();
304	}
305	unset($allowed, $group);
306	}
307
308	if (file_exists('./xoops_version.php')) {
309	$url_arr = explode('/',strstr($xoopsRequestUri,'/modules/'));
310	$module_handler =& xoops_gethandler('module');
311	$xoopsModule =& $module_handler->getByDirname($url_arr[2]);
312	unset($url_arr);
313	if (!$xoopsModule \|\| !$xoopsModule->getVar('isactive')) {
314	include_once XOOPS_ROOT_PATH."/header.php";
315	echo "<h4>"._MODULENOEXIST."</h4>";
316	include_once XOOPS_ROOT_PATH."/footer.php";
317	exit();
318	}
319	$moduleperm_handler =& xoops_gethandler('groupperm');
320	if ($xoopsUser) {
321	if (!$moduleperm_handler->checkRight('module_read', $xoopsModule->getVar('mid'), $xoopsUser->getGroups())) {
322	redirect_header(XOOPS_URL."/user.php",1,_NOPERM);
323	exit();
324	}
325	$xoopsUserIsAdmin = $xoopsUser->isAdmin($xoopsModule->getVar('mid'));
326	} else {
327	if (!$moduleperm_handler->checkRight('module_read', $xoopsModule->getVar('mid'), XOOPS_GROUP_ANONYMOUS)) {
328	redirect_header(XOOPS_URL."/user.php",1,_NOPERM);
329	exit();
330	}
331	}
332	if ( file_exists(XOOPS_ROOT_PATH."/modules/".$xoopsModule->getVar('dirname')."/language/".$xoopsConfig['language']."/main.php") ) {
333	include_once XOOPS_ROOT_PATH."/modules/".$xoopsModule->getVar('dirname')."/language/".$xoopsConfig['language']."/main.php";
334	} else {
335	if ( file_exists(XOOPS_ROOT_PATH."/modules/".$xoopsModule->getVar('dirname')."/language/english/main.php") ) {
336	include_once XOOPS_ROOT_PATH."/modules/".$xoopsModule->getVar('dirname')."/language/english/main.php";
337	}
338	}
339	if ($xoopsModule->getVar('hasconfig') == 1 \|\| $xoopsModule->getVar('hascomments') == 1 \|\| $xoopsModule->getVar( 'hasnotification' ) == 1) {
340	$xoopsModuleConfig =& $config_handler->getConfigsByCat(0, $xoopsModule->getVar('mid'));
341	}
342	} elseif($xoopsUser) {
343	$xoopsUserIsAdmin = $xoopsUser->isAdmin(1);
344	}
345	}
346	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: