[354] | 1 | <?php |
---|
| 2 | // +-----------------------------------------------------------------------+ |
---|
[362] | 3 | // | common.inc.php | |
---|
[354] | 4 | // +-----------------------------------------------------------------------+ |
---|
| 5 | // | application : PhpWebGallery <http://phpwebgallery.net> | |
---|
[362] | 6 | // | branch : BSF (Best So Far) | |
---|
[354] | 7 | // +-----------------------------------------------------------------------+ |
---|
| 8 | // | file : $RCSfile$ |
---|
| 9 | // | last update : $Date: 2004-02-11 23:20:38 +0000 (Wed, 11 Feb 2004) $ |
---|
| 10 | // | last modifier : $Author: z0rglub $ |
---|
| 11 | // | revision : $Revision: 362 $ |
---|
| 12 | // +-----------------------------------------------------------------------+ |
---|
| 13 | // | This program is free software; you can redistribute it and/or modify | |
---|
| 14 | // | it under the terms of the GNU General Public License as published by | |
---|
| 15 | // | the Free Software Foundation | |
---|
| 16 | // | | |
---|
| 17 | // | This program is distributed in the hope that it will be useful, but | |
---|
| 18 | // | WITHOUT ANY WARRANTY; without even the implied warranty of | |
---|
| 19 | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
---|
| 20 | // | General Public License for more details. | |
---|
| 21 | // | | |
---|
| 22 | // | You should have received a copy of the GNU General Public License | |
---|
| 23 | // | along with this program; if not, write to the Free Software | |
---|
| 24 | // | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
---|
| 25 | // | USA. | |
---|
| 26 | // +-----------------------------------------------------------------------+ |
---|
[359] | 27 | |
---|
| 28 | // determine the initial instant to indicate the generation time of this |
---|
| 29 | // page |
---|
[354] | 30 | $t1 = explode( ' ', microtime() ); |
---|
| 31 | $t2 = explode( '.', $t1[0] ); |
---|
| 32 | $t2 = $t1[1].'.'.$t2[1]; |
---|
| 33 | |
---|
| 34 | set_magic_quotes_runtime(0); // Disable magic_quotes_runtime |
---|
| 35 | |
---|
| 36 | // |
---|
[359] | 37 | // addslashes to vars if magic_quotes_gpc is off this is a security |
---|
| 38 | // precaution to prevent someone trying to break out of a SQL statement. |
---|
[354] | 39 | // |
---|
| 40 | if( !get_magic_quotes_gpc() ) |
---|
| 41 | { |
---|
[359] | 42 | if( is_array( $_GET ) ) |
---|
[354] | 43 | { |
---|
[359] | 44 | while( list($k, $v) = each($_GET) ) |
---|
[354] | 45 | { |
---|
[359] | 46 | if( is_array($_GET[$k]) ) |
---|
| 47 | { |
---|
| 48 | while( list($k2, $v2) = each($_GET[$k]) ) |
---|
[354] | 49 | { |
---|
[359] | 50 | $_GET[$k][$k2] = addslashes($v2); |
---|
| 51 | } |
---|
| 52 | @reset($_GET[$k]); |
---|
| 53 | } |
---|
| 54 | else |
---|
| 55 | { |
---|
| 56 | $_GET[$k] = addslashes($v); |
---|
| 57 | } |
---|
| 58 | } |
---|
| 59 | @reset($_GET); |
---|
[354] | 60 | } |
---|
| 61 | |
---|
[359] | 62 | if( is_array($_POST) ) |
---|
[354] | 63 | { |
---|
[359] | 64 | while( list($k, $v) = each($_POST) ) |
---|
| 65 | { |
---|
| 66 | if( is_array($_POST[$k]) ) |
---|
| 67 | { |
---|
| 68 | while( list($k2, $v2) = each($_POST[$k]) ) |
---|
| 69 | { |
---|
| 70 | $_POST[$k][$k2] = addslashes($v2); |
---|
| 71 | } |
---|
| 72 | @reset($_POST[$k]); |
---|
| 73 | } |
---|
| 74 | else |
---|
| 75 | { |
---|
| 76 | $_POST[$k] = addslashes($v); |
---|
| 77 | } |
---|
[354] | 78 | } |
---|
[359] | 79 | @reset($_POST); |
---|
[354] | 80 | } |
---|
| 81 | |
---|
[359] | 82 | if( is_array($_COOKIE) ) |
---|
[354] | 83 | { |
---|
[359] | 84 | while( list($k, $v) = each($_COOKIE) ) |
---|
[354] | 85 | { |
---|
[359] | 86 | if( is_array($_COOKIE[$k]) ) |
---|
| 87 | { |
---|
| 88 | while( list($k2, $v2) = each($_COOKIE[$k]) ) |
---|
| 89 | { |
---|
| 90 | $_COOKIE[$k][$k2] = addslashes($v2); |
---|
| 91 | } |
---|
| 92 | @reset($_COOKIE[$k]); |
---|
| 93 | } |
---|
| 94 | else |
---|
| 95 | { |
---|
| 96 | $_COOKIE[$k] = addslashes($v); |
---|
| 97 | } |
---|
[354] | 98 | } |
---|
[359] | 99 | @reset($_COOKIE); |
---|
[354] | 100 | } |
---|
| 101 | } |
---|
| 102 | |
---|
| 103 | // |
---|
[359] | 104 | // Define some basic configuration arrays this also prevents malicious |
---|
| 105 | // rewriting of language and otherarray values via URI params |
---|
[354] | 106 | // |
---|
| 107 | $conf = array(); |
---|
| 108 | $page = array(); |
---|
| 109 | $user = array(); |
---|
| 110 | $lang = array(); |
---|
| 111 | |
---|
| 112 | if( !defined("PHPWG_INSTALLED") ) |
---|
| 113 | { |
---|
[359] | 114 | header( 'Location: install.php' ); |
---|
| 115 | exit; |
---|
[354] | 116 | } |
---|
| 117 | |
---|
[359] | 118 | include( $phpwg_root_path.'include/constants.php' ); |
---|
| 119 | include( $phpwg_root_path.'include/functions.inc.php' ); |
---|
| 120 | include( $phpwg_root_path.'include/template.php' ); |
---|
| 121 | include( $phpwg_root_path.'include/vtemplate.class.php' ); |
---|
| 122 | include( $phpwg_root_path.'include/config.inc.php' ); |
---|
[354] | 123 | |
---|
| 124 | // |
---|
| 125 | // Database connection |
---|
| 126 | // |
---|
| 127 | |
---|
| 128 | mysql_connect( $cfgHote, $cfgUser, $cfgPassword ) |
---|
[359] | 129 | or die ( "Could not connect to server" ); |
---|
[354] | 130 | mysql_select_db( $cfgBase ) |
---|
[359] | 131 | or die ( "Could not connect to database" ); |
---|
[354] | 132 | |
---|
| 133 | // |
---|
| 134 | // Obtain and encode users IP |
---|
| 135 | // |
---|
[359] | 136 | if ( getenv( 'HTTP_X_FORWARDED_FOR' ) != '' ) |
---|
[354] | 137 | { |
---|
[359] | 138 | $client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR ); |
---|
[354] | 139 | |
---|
[359] | 140 | if ( preg_match("/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/", |
---|
| 141 | getenv('HTTP_X_FORWARDED_FOR'), $ip_list) ) |
---|
[354] | 142 | { |
---|
[359] | 143 | $private_ip = array( '/^0\./' |
---|
| 144 | ,'/^127\.0\.0\.1/' |
---|
| 145 | ,'/^192\.168\..*/' |
---|
| 146 | ,'/^172\.16\..*/' |
---|
| 147 | ,'/^10.\.*/' |
---|
| 148 | ,'/^224.\.*/' |
---|
| 149 | ,'/^240.\.*/' |
---|
| 150 | ); |
---|
[354] | 151 | $client_ip = preg_replace($private_ip, $client_ip, $ip_list[1]); |
---|
| 152 | } |
---|
| 153 | } |
---|
| 154 | else |
---|
| 155 | { |
---|
[359] | 156 | $client_ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : ( ( !empty($_ENV['REMOTE_ADDR']) ) ? $_ENV['REMOTE_ADDR'] : $REMOTE_ADDR ); |
---|
[354] | 157 | } |
---|
| 158 | $user_ip = encode_ip($client_ip); |
---|
| 159 | |
---|
| 160 | // |
---|
[359] | 161 | // Setup forum wide options, if this fails then we output a CRITICAL_ERROR |
---|
| 162 | // since basic forum information is not available |
---|
[354] | 163 | // |
---|
[359] | 164 | $sql = 'SELECT * FROM '.CONFIG_TABLE; |
---|
[354] | 165 | if( !($result = mysql_query($sql)) ) |
---|
| 166 | { |
---|
| 167 | die("Could not query config information"); |
---|
| 168 | } |
---|
| 169 | |
---|
| 170 | $row =mysql_fetch_array($result); |
---|
| 171 | // rertieving the configuration informations for site |
---|
| 172 | // $infos array is used to know the fields to retrieve in the table "config" |
---|
| 173 | // Each field becomes an information of the array $conf. |
---|
| 174 | // Example : |
---|
| 175 | // prefix_thumbnail --> $conf['prefix_thumbnail'] |
---|
| 176 | $infos = array( 'prefix_thumbnail', 'webmaster', 'mail_webmaster', 'access', |
---|
| 177 | 'session_id_size', 'session_keyword', 'session_time', |
---|
| 178 | 'max_user_listbox', 'show_comments', 'nb_comment_page', |
---|
| 179 | 'upload_available', 'upload_maxfilesize', 'upload_maxwidth', |
---|
| 180 | 'upload_maxheight', 'upload_maxwidth_thumbnail', |
---|
| 181 | 'upload_maxheight_thumbnail','log','comments_validation', |
---|
| 182 | 'comments_forall','authorize_cookies','mail_notification' ); |
---|
| 183 | // affectation of each field of the table "config" to an information of the |
---|
| 184 | // array $conf. |
---|
| 185 | foreach ( $infos as $info ) { |
---|
| 186 | if ( isset( $row[$info] ) ) $conf[$info] = $row[$info]; |
---|
| 187 | else $conf[$info] = ''; |
---|
| 188 | // If the field is true or false, the variable is transformed into a boolean |
---|
| 189 | // value. |
---|
| 190 | if ( $conf[$info] == 'true' or $conf[$info] == 'false' ) |
---|
| 191 | { |
---|
| 192 | $conf[$info] = get_boolean( $conf[$info] ); |
---|
| 193 | } |
---|
| 194 | } |
---|
| 195 | |
---|
| 196 | //--------------- |
---|
| 197 | // A partir d'ici il faudra dispatcher le code dans d'autres fichiers |
---|
| 198 | //--------------- |
---|
| 199 | |
---|
| 200 | include($phpwg_root_path . 'include/user.inc.php'); |
---|
| 201 | |
---|
| 202 | // displaying the username in the language of the connected user, instead of |
---|
| 203 | // "guest" as you can find in the database |
---|
| 204 | if ( $user['is_the_guest'] ) $user['username'] = $lang['guest']; |
---|
| 205 | include_once( './template/'.$user['template'].'/htmlfunctions.inc.php' ); |
---|
| 206 | define('PREFIX_TABLE', $table_prefix); |
---|
[362] | 207 | ?> |
---|