[Sommaire] [Imprimer]

   1  <?php
   2  /***************************************************************************
   3   *                                common.php
   4   *                            -------------------
   5   *   begin                : Saturday, Feb 23, 2001
   6   *   copyright            : (C) 2001 The phpBB Group
   7   *   email                : support@phpbb.com
   8   *
   9   *   $Id: common.php,v 1.74.2.3 2002/05/13 13:18:17 psotfx Exp $
  10   *
  11   *
  12   ***************************************************************************/
  13  /***************************************************************************
  14  * phpbb2 forums port version 2.1 (c) 2003 - Nuke Cops (http://nukecops.com)
  15  *
  16  * Ported by Paul Laudanski (Zhen-Xjell) to phpbb2 standalone 2.0.4. Test
  17  * and debugging completed by the Elite Nukers at Nuke Cops: ArtificialIntel,
  18  * Chatserv, MikeM, sixonetonoffun, Zhen-Xjell. Thanks to some heavy debug
  19  * work by AI in Nuke 6.5.
  20  *
  21  * You run this package at your sole risk. Nuke Cops and affiliates cannot
  22  * be held liable if anything goes wrong. You are advised to test this
  23  * package on a development system. Backup everything before implementing
  24  * in a production environment. If something goes wrong, you can always
  25  * backout and restore your backups.
  26  *
  27  * Installing and running this also means you agree to the terms of the AUP
  28  * found at Nuke Cops.
  29  *
  30  * This is version 2.1 of the phpbb2 forum port for PHP-Nuke. Work is based
  31  * on Tom Nitzschner's forum port version 2.0.6. Tom's 2.0.6 port was based
  32  * on the phpbb2 standalone version 2.0.3. Our version 2.1 from Nuke Cops is
  33  * now reflecting phpbb2 standalone 2.0.4 that fixes some major SQL
  34  * injection exploits.
  35  ***************************************************************************/
  36  /***************************************************************************
  37   *   This file is part of the phpBB2 port to Nuke 6.0 (c) copyright 2002
  38   *   by Tom Nitzschner (tom@toms-home.com)
  39   *   http://bbtonuke.sourceforge.net (or http://www.toms-home.com)
  40   *
  41   *   As always, make a backup before messing with anything. All code
  42   *   release by me is considered sample code only. It may be fully
  43   *   functual, but you use it at your own risk, if you break it,
  44   *   you get to fix it too. No waranty is given or implied.
  45   *
  46   *   Please post all questions/request about this port on http://bbtonuke.sourceforge.net first,
  47   *   then on my site. All original header code and copyright messages will be maintained
  48   *   to give credit where credit is due. If you modify this, the only requirement is
  49   *   that you also maintain all original copyright messages. All my work is released
  50   *   under the GNU GENERAL PUBLIC LICENSE. Please see the README for more information.
  51   *
  52   ***************************************************************************/
  53  
  54  /***************************************************************************
  55   *
  56   *   This program is free software; you can redistribute it and/or modify
  57   *   it under the terms of the GNU General Public License as published by
  58   *   the Free Software Foundation; either version 2 of the License, or
  59   *   (at your option) any later version.
  60   *
  61   ***************************************************************************/
  62  $forum_admin = "1";
  63  if ( !defined('IN_PHPBB') )
  64  {
  65      die("Hacking attempt");
  66  }
  67  $root_path = "./../../../";
  68  error_reporting  (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
  69  set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
  70  
  71  //
  72  // addslashes to vars if magic_quotes_gpc is off
  73  // this is a security precaution to prevent someone
  74  // trying to break out of a SQL statement.
  75  //
  76  if( !get_magic_quotes_gpc() )
  77  {
  78      if( is_array($HTTP_GET_VARS) )
  79      {
  80          while( list($k, $v) = each($HTTP_GET_VARS) )
  81          {
  82              if( is_array($HTTP_GET_VARS[$k]) )
  83              {
  84                  while( list($k2, $v2) = each($HTTP_GET_VARS[$k]) )
  85                  {
  86                      $HTTP_GET_VARS[$k][$k2] = addslashes($v2);
  87                  }
  88                  @reset($HTTP_GET_VARS[$k]);
  89              }
  90              else
  91              {
  92                  $HTTP_GET_VARS[$k] = addslashes($v);
  93              }
  94          }
  95          @reset($HTTP_GET_VARS);
  96      }
  97  
  98      if( is_array($HTTP_POST_VARS) )
  99      {
 100          while( list($k, $v) = each($HTTP_POST_VARS) )
 101          {
 102              if( is_array($HTTP_POST_VARS[$k]) )
 103              {
 104                  while( list($k2, $v2) = each($HTTP_POST_VARS[$k]) )
 105                  {
 106                      $HTTP_POST_VARS[$k][$k2] = addslashes($v2);
 107                  }
 108                  @reset($HTTP_POST_VARS[$k]);
 109              }
 110              else
 111              {
 112                  $HTTP_POST_VARS[$k] = addslashes($v);
 113              }
 114          }
 115          @reset($HTTP_POST_VARS);
 116      }
 117  
 118      if( is_array($HTTP_COOKIE_VARS) )
 119      {
 120          while( list($k, $v) = each($HTTP_COOKIE_VARS) )
 121          {
 122              if( is_array($HTTP_COOKIE_VARS[$k]) )
 123              {
 124                  while( list($k2, $v2) = each($HTTP_COOKIE_VARS[$k]) )
 125                  {
 126                      $HTTP_COOKIE_VARS[$k][$k2] = addslashes($v2);
 127                  }
 128                  @reset($HTTP_COOKIE_VARS[$k]);
 129              }
 130              else
 131              {
 132                  $HTTP_COOKIE_VARS[$k] = addslashes($v);
 133              }
 134          }
 135          @reset($HTTP_COOKIE_VARS);
 136      }
 137  }
 138  
 139  //
 140  // Define some basic configuration arrays this also prevents
 141  // malicious rewriting of language and otherarray values via
 142  // URI params
 143  //
 144  $board_config = array();
 145  $userdata = array();
 146  $theme = array();
 147  $images = array();
 148  $lang = array();
 149  $gen_simple_header = FALSE;
 150  
 151  include($phpbb_root_path . 'config.'.$phpEx);
 152  
 153  if( !defined("PHPBB_INSTALLED") )
 154  {
 155      header("Location: modules.php?name=Forums&file=install");
 156      exit;
 157  }
 158  
 159  include($root_path . 'includes/constants.'.$phpEx);
 160  include($root_path . 'includes/template.'.$phpEx);
 161  include($root_path . 'includes/sessions.'.$phpEx);
 162  include($root_path . 'includes/auth.'.$phpEx);
 163  include($root_path . 'includes/functions.'.$phpEx);
 164  include($root_path . 'includes/db.'.$phpEx);
 165  
 166  //
 167  // Mozilla navigation bar
 168  // Default items that should be valid on all pages.
 169  // Defined here and not in page_header.php so they can be redefined in the code
 170  //
 171  $nav_links['top'] = array (
 172      'url' => append_sid($phpbb_root_dir."index.".$phpEx),
 173      'title' => sprintf($lang['Forum_Index'], $board_config['sitename'])
 174  );
 175  $nav_links['search'] = array (
 176      'url' => append_sid($phpbb_root_dir."search.".$phpEx),
 177      'title' => $lang['Search']
 178  );
 179  $nav_links['help'] = array (
 180      'url' => append_sid($phpbb_root_dir."faq.".$phpEx),
 181      'title' => $lang['FAQ']
 182  );
 183  $nav_links['author'] = array (
 184      'url' => append_sid($phpbb_root_dir."memberlist.".$phpEx),
 185      'title' => $lang['Memberlist']
 186  );
 187  
 188  //
 189  // Obtain and encode users IP
 190  //
 191  if( getenv('HTTP_X_FORWARDED_FOR') != '' )
 192  {
 193      $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
 194  
 195      if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", getenv('HTTP_X_FORWARDED_FOR'), $ip_list) )
 196      {
 197          $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10..*/', '/^224..*/', '/^240..*/');
 198          $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]);
 199      }
 200  }
 201  else
 202  {
 203      $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : $REMOTE_ADDR );
 204  }
 205  $user_ip = encode_ip($client_ip);
 206  
 207  //
 208  // Setup forum wide options, if this fails
 209  // then we output a CRITICAL_ERROR since
 210  // basic forum information is not available
 211  //
 212  $sql = "SELECT *
 213      FROM " . CONFIG_TABLE;
 214  if( !($result = $db->sql_query($sql)) )
 215  {
 216      message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql);
 217  }
 218  
 219  while ( $row = $db->sql_fetchrow($result) )
 220  {
 221      $board_config[$row['config_name']] = $row['config_value'];
 222  }
 223  
 224  //
 225  // Show 'Board is disabled' message if needed.
 226  //
 227  if( $board_config['board_disable'] && !defined("IN_ADMIN") && !defined("IN_LOGIN") )
 228  {
 229      message_die(GENERAL_MESSAGE, 'Board_disable', 'Information');
 230  }
 231  
 232  ?>