[ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 <?php 2 /*************************************************************************** 3 * common.php 4 * ------------------- 5 * begin : Saturday, Feb 23, 2001 6 * copyright : (C) 2001 The phpBB Group 7 * email : support@phpbb.com 8 * 9 * $Id: common.php 5970 2006-05-26 17:46:59Z grahamje $ 10 * 11 ***************************************************************************/ 12 13 /*************************************************************************** 14 * 15 * This program is free software; you can redistribute it and/or modify 16 * it under the terms of the GNU General Public License as published by 17 * the Free Software Foundation; either version 2 of the License, or 18 * (at your option) any later version. 19 * 20 ***************************************************************************/ 21 22 if ( !defined('IN_PHPBB') ) 23 { 24 die("Hacking attempt"); 25 } 26 27 // 28 error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables 29 set_magic_quotes_runtime(0); // Disable magic_quotes_runtime 30 31 // The following code (unsetting globals) 32 // Thanks to Matt Kavanagh and Stefan Esser for providing feedback as well as patch files 33 34 // PHP5 with register_long_arrays off? 35 if (@phpversion() >= '5.0.0' && (!@ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off')) 36 { 37 $HTTP_POST_VARS = $_POST; 38 $HTTP_GET_VARS = $_GET; 39 $HTTP_SERVER_VARS = $_SERVER; 40 $HTTP_COOKIE_VARS = $_COOKIE; 41 $HTTP_ENV_VARS = $_ENV; 42 $HTTP_POST_FILES = $_FILES; 43 44 // _SESSION is the only superglobal which is conditionally set 45 if (isset($_SESSION)) 46 { 47 $HTTP_SESSION_VARS = $_SESSION; 48 } 49 } 50 51 // Protect against GLOBALS tricks 52 if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS'])) 53 { 54 die("Hacking attempt"); 55 } 56 57 // Protect against HTTP_SESSION_VARS tricks 58 if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS)) 59 { 60 die("Hacking attempt"); 61 } 62 63 if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on') 64 { 65 // PHP4+ path 66 $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path'); 67 68 // Not only will array_merge give a warning if a parameter 69 // is not an array, it will actually fail. So we check if 70 // HTTP_SESSION_VARS has been initialised. 71 if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS)) 72 { 73 $HTTP_SESSION_VARS = array(); 74 } 75 76 // Merge all into one extremely huge array; unset 77 // this later 78 $input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES); 79 80 unset($input['input']); 81 unset($input['not_unset']); 82 83 while (list($var,) = @each($input)) 84 { 85 if (in_array($var, $not_unset)) 86 { 87 die('Hacking attempt!'); 88 } 89 unset($$var); 90 } 91 92 unset($input); 93 } 94 95 // 96 // addslashes to vars if magic_quotes_gpc is off 97 // this is a security precaution to prevent someone 98 // trying to break out of a SQL statement. 99 // 100 if( !get_magic_quotes_gpc() ) 101 { 102 if( is_array($HTTP_GET_VARS) ) 103 { 104 while( list($k, $v) = each($HTTP_GET_VARS) ) 105 { 106 if( is_array($HTTP_GET_VARS[$k]) ) 107 { 108 while( list($k2, $v2) = each($HTTP_GET_VARS[$k]) ) 109 { 110 $HTTP_GET_VARS[$k][$k2] = addslashes($v2); 111 } 112 @reset($HTTP_GET_VARS[$k]); 113 } 114 else 115 { 116 $HTTP_GET_VARS[$k] = addslashes($v); 117 } 118 } 119 @reset($HTTP_GET_VARS); 120 } 121 122 if( is_array($HTTP_POST_VARS) ) 123 { 124 while( list($k, $v) = each($HTTP_POST_VARS) ) 125 { 126 if( is_array($HTTP_POST_VARS[$k]) ) 127 { 128 while( list($k2, $v2) = each($HTTP_POST_VARS[$k]) ) 129 { 130 $HTTP_POST_VARS[$k][$k2] = addslashes($v2); 131 } 132 @reset($HTTP_POST_VARS[$k]); 133 } 134 else 135 { 136 $HTTP_POST_VARS[$k] = addslashes($v); 137 } 138 } 139 @reset($HTTP_POST_VARS); 140 } 141 142 if( is_array($HTTP_COOKIE_VARS) ) 143 { 144 while( list($k, $v) = each($HTTP_COOKIE_VARS) ) 145 { 146 if( is_array($HTTP_COOKIE_VARS[$k]) ) 147 { 148 while( list($k2, $v2) = each($HTTP_COOKIE_VARS[$k]) ) 149 { 150 $HTTP_COOKIE_VARS[$k][$k2] = addslashes($v2); 151 } 152 @reset($HTTP_COOKIE_VARS[$k]); 153 } 154 else 155 { 156 $HTTP_COOKIE_VARS[$k] = addslashes($v); 157 } 158 } 159 @reset($HTTP_COOKIE_VARS); 160 } 161 } 162 163 // 164 // Define some basic configuration arrays this also prevents 165 // malicious rewriting of language and otherarray values via 166 // URI params 167 // 168 $board_config = array(); 169 $userdata = array(); 170 $theme = array(); 171 $images = array(); 172 $lang = array(); 173 $nav_links = array(); 174 $dss_seeded = false; 175 $gen_simple_header = FALSE; 176 177 include($phpbb_root_path . 'config.'.$phpEx); 178 179 if( !defined("PHPBB_INSTALLED") ) 180 { 181 header('Location: ' . $phpbb_root_path . 'install/install.' . $phpEx); 182 exit; 183 } 184 185 include($phpbb_root_path . 'includes/constants.'.$phpEx); 186 include($phpbb_root_path . 'includes/template.'.$phpEx); 187 include($phpbb_root_path . 'includes/sessions.'.$phpEx); 188 include($phpbb_root_path . 'includes/auth.'.$phpEx); 189 include($phpbb_root_path . 'includes/functions.'.$phpEx); 190 include($phpbb_root_path . 'includes/db.'.$phpEx); 191 192 // We do not need this any longer, unset for safety purposes 193 unset($dbpasswd); 194 195 // 196 // Obtain and encode users IP 197 // 198 // I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as 199 // private range IP's appearing instead of the guilty routable IP, tough, don't 200 // even bother complaining ... go scream and shout at the idiots out there who feel 201 // "clever" is doing harm rather than good ... karma is a great thing ... :) 202 // 203 $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') ); 204 $user_ip = encode_ip($client_ip); 205 206 // 207 // Setup forum wide options, if this fails 208 // then we output a CRITICAL_ERROR since 209 // basic forum information is not available 210 // 211 $sql = "SELECT * 212 FROM " . CONFIG_TABLE; 213 if( !($result = $db->sql_query($sql)) ) 214 { 215 message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql); 216 } 217 218 while ( $row = $db->sql_fetchrow($result) ) 219 { 220 $board_config[$row['config_name']] = $row['config_value']; 221 } 222 223 if (file_exists('install') || file_exists('contrib')) 224 { 225 message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib'); 226 } 227 228 // 229 // Show 'Board is disabled' message if needed. 230 // 231 if( $board_config['board_disable'] && !defined("IN_ADMIN") && !defined("IN_LOGIN") ) 232 { 233 message_die(GENERAL_MESSAGE, 'Board_disable', 'Information'); 234 } 235 236 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Mon Jan 14 19:21:40 2013 | Cross-referenced by PHPXref 0.7.1 |