| [ Index ] |
|
Code source de PHP NUKE 7.9 |
1 <?php 2 /*************************************************************************** 3 * common.php 4 * ------------------- 5 * begin : Saturday, Feb 23, 2001 6 * copyright : (C) 2001 The phpBB Group 7 * email : support@phpbb.com 8 * 9 * Id: common.php,v 1.74.2.17 2005/02/21 19:29:30 acydburn Exp 10 * 11 ***************************************************************************/ 12 13 /*************************************************************************** 14 * 15 * This program is free software; you can redistribute it and/or modify 16 * it under the terms of the GNU General Public License as published by 17 * the Free Software Foundation; either version 2 of the License, or 18 * (at your option) any later version. 19 * 20 ***************************************************************************/ 21 22 if ( !defined('IN_PHPBB') ) 23 { 24 die("Hacking attempt"); 25 } 26 27 // 28 error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables 29 set_magic_quotes_runtime(0); // Disable magic_quotes_runtime 30 31 // The following code (unsetting globals) was contributed by Matt Kavanagh 32 33 // PHP5 with register_long_arrays off? 34 if (!isset($HTTP_POST_VARS) && isset($_POST)) 35 { 36 $HTTP_POST_VARS = $_POST; 37 $HTTP_GET_VARS = $_GET; 38 $HTTP_SERVER_VARS = $_SERVER; 39 $HTTP_COOKIE_VARS = $_COOKIE; 40 $HTTP_ENV_VARS = $_ENV; 41 $HTTP_POST_FILES = $_FILES; 42 43 // _SESSION is the only superglobal which is conditionally set 44 if (isset($_SESSION)) 45 { 46 $HTTP_SESSION_VARS = $_SESSION; 47 } 48 } 49 50 if (@phpversion() < '4.0.0') 51 { 52 // PHP3 path; in PHP3, globals are _always_ registered 53 54 // We 'flip' the array of variables to test like this so that 55 // we can validate later with isset($test[$var]) (no in_array()) 56 $test = array('HTTP_GET_VARS' => NULL, 'HTTP_POST_VARS' => NULL, 'HTTP_COOKIE_VARS' => NULL, 'HTTP_SERVER_VARS' => NULL, 'HTTP_ENV_VARS' => NULL, 'HTTP_POST_FILES' => NULL, 'phpEx' => NULL, 'phpbb_root_path' => NULL); 57 58 // Loop through each input array 59 @reset($test); 60 while (list($input,) = @each($test)) 61 { 62 while (list($var,) = @each($$input)) 63 { 64 // Validate the variable to be unset 65 if (!isset($test[$var]) && $var != 'test' && $var != 'input') 66 { 67 unset($$var); 68 } 69 } 70 } 71 } 72 else if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') 73 { 74 // PHP4+ path 75 $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path', 'name', 'admin', 'nukeuser', 'user', 'no_page_header', 'cookie', 'db', 'prefix'); 76 77 // Not only will array_merge give a warning if a parameter 78 // is not an array, it will actually fail. So we check if 79 // HTTP_SESSION_VARS has been initialised. 80 if (!isset($HTTP_SESSION_VARS)) 81 { 82 $HTTP_SESSION_VARS = array(); 83 } 84 85 // Merge all into one extremely huge array; unset 86 // this later 87 $input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES); 88 89 unset($input['input']); 90 unset($input['not_unset']); 91 92 while (list($var,) = @each($input)) 93 { 94 if (!in_array($var, $not_unset)) 95 { 96 unset($$var); 97 } 98 } 99 100 unset($input); 101 } 102 103 // 104 // addslashes to vars if magic_quotes_gpc is off 105 // this is a security precaution to prevent someone 106 // trying to break out of a SQL statement. 107 // 108 if( !get_magic_quotes_gpc() ) 109 { 110 if( is_array($HTTP_GET_VARS) ) 111 { 112 while( list($k, $v) = each($HTTP_GET_VARS) ) 113 { 114 if( is_array($HTTP_GET_VARS[$k]) ) 115 { 116 while( list($k2, $v2) = each($HTTP_GET_VARS[$k]) ) 117 { 118 $HTTP_GET_VARS[$k][$k2] = addslashes($v2); 119 } 120 @reset($HTTP_GET_VARS[$k]); 121 } 122 else 123 { 124 $HTTP_GET_VARS[$k] = addslashes($v); 125 } 126 } 127 @reset($HTTP_GET_VARS); 128 } 129 130 if( is_array($HTTP_POST_VARS) ) 131 { 132 while( list($k, $v) = each($HTTP_POST_VARS) ) 133 { 134 if( is_array($HTTP_POST_VARS[$k]) ) 135 { 136 while( list($k2, $v2) = each($HTTP_POST_VARS[$k]) ) 137 { 138 $HTTP_POST_VARS[$k][$k2] = addslashes($v2); 139 } 140 @reset($HTTP_POST_VARS[$k]); 141 } 142 else 143 { 144 $HTTP_POST_VARS[$k] = addslashes($v); 145 } 146 } 147 @reset($HTTP_POST_VARS); 148 } 149 150 if( is_array($HTTP_COOKIE_VARS) ) 151 { 152 while( list($k, $v) = each($HTTP_COOKIE_VARS) ) 153 { 154 if( is_array($HTTP_COOKIE_VARS[$k]) ) 155 { 156 while( list($k2, $v2) = each($HTTP_COOKIE_VARS[$k]) ) 157 { 158 $HTTP_COOKIE_VARS[$k][$k2] = addslashes($v2); 159 } 160 @reset($HTTP_COOKIE_VARS[$k]); 161 } 162 else 163 { 164 $HTTP_COOKIE_VARS[$k] = addslashes($v); 165 } 166 } 167 @reset($HTTP_COOKIE_VARS); 168 } 169 } 170 171 // 172 // Define some basic configuration arrays this also prevents 173 // malicious rewriting of language and otherarray values via 174 // URI params 175 // 176 $board_config = array(); 177 $userdata = array(); 178 $theme = array(); 179 $images = array(); 180 $lang = array(); 181 $nav_links = array(); 182 $gen_simple_header = FALSE; 183 184 include($phpbb_root_path . 'config.'.$phpEx); 185 186 if( !defined("PHPBB_INSTALLED") ) 187 { 188 header("Location: modules.php?name=Forums&file=install"); 189 exit; 190 } 191 192 if (defined('FORUM_ADMIN')) { 193 //include("../../../db/db.php"); 194 include("../../../includes/constants.php"); 195 include("../../../includes/template.php"); 196 include("../../../includes/sessions.php"); 197 include("../../../includes/auth.php"); 198 include("../../../includes/functions.php"); 199 } else { 200 include ("includes/constants.php"); 201 include ("includes/template.php"); 202 include ("includes/sessions.php"); 203 include ("includes/auth.php"); 204 include ("includes/functions.php"); 205 include ("db/db.php"); 206 } 207 208 // 209 // Obtain and encode users IP 210 // 211 // I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as 212 // private range IP's appearing instead of the guilty routable IP, tough, don't 213 // even bother complaining ... go scream and shout at the idiots out there who feel 214 // "clever" is doing harm rather than good ... karma is a great thing ... :) 215 // 216 $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') ); 217 $user_ip = encode_ip($client_ip); 218 219 // 220 // Setup forum wide options, if this fails 221 // then we output a CRITICAL_ERROR since 222 // basic forum information is not available 223 // 224 $sql = "SELECT * 225 FROM " . CONFIG_TABLE; 226 if( !($result = $db->sql_query($sql)) ) 227 { 228 message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql); 229 } 230 231 while ( $row = $db->sql_fetchrow($result) ) 232 { 233 $board_config[$row['config_name']] = $row['config_value']; 234 } 235 236 237 // 238 // Show 'Board is disabled' message if needed. 239 // 240 if( $board_config['board_disable'] && !defined("IN_ADMIN") && !defined("IN_LOGIN") ) 241 { 242 message_die(GENERAL_MESSAGE, 'Board_disable', 'Information'); 243 } 244 245 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Apr 1 11:11:59 2007 | par Balluche grâce à PHPXref 0.7 |