// // ------------------------------------------------------------------------ // // This program is free software; you can redistribute it and/or modify // // it under the terms of the GNU General Public License as published by // // the Free Software Foundation; either version 2 of the License, or // // (at your option) any later version. // // // // You may not change or alter any portion of this comment or credits // // of supporting developers from this source code or any supporting // // source code which is considered copyrighted (c) material of the // // original comment or credit authors. // // // // This program is distributed in the hope that it will be useful, // // but WITHOUT ANY WARRANTY; without even the implied warranty of // // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // // GNU General Public License for more details. // // // // You should have received a copy of the GNU General Public License // // along with this program; if not, write to the Free Software // // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // // ------------------------------------------------------------------------ // if (!defined("XOOPS_MAINFILE_INCLUDED")) { exit(); } else { foreach (array('GLOBALS', '_SESSION', 'HTTP_SESSION_VARS', '_GET', 'HTTP_GET_VARS', '_POST', 'HTTP_POST_VARS', '_COOKIE', 'HTTP_COOKIE_VARS', '_REQUEST', '_SERVER', '_ENV', '_FILES', 'xoopsDB', 'xoopsUser', 'xoopsUserId', 'xoopsUserGroups', 'xoopsUserIsAdmin', 'xoopsConfig', 'xoopsOption', 'xoopsModule', 'xoopsModuleConfig') as $bad_global) { if (isset($_REQUEST[$bad_global])) { header('Location: '.XOOPS_URL.'/'); exit(); } } // ############## Activate error handler ############## include_once XOOPS_ROOT_PATH . '/class/errorhandler.php'; $xoopsErrorHandler =& XoopsErrorHandler::getInstance(); // Turn on error handler by default (until config value obtained from DB) $xoopsErrorHandler->activate(true); define("XOOPS_SIDEBLOCK_LEFT",0); define("XOOPS_SIDEBLOCK_RIGHT",1); define("XOOPS_SIDEBLOCK_BOTH",2); define("XOOPS_CENTERBLOCK_LEFT",3); define("XOOPS_CENTERBLOCK_RIGHT",4); define("XOOPS_CENTERBLOCK_CENTER",5); define("XOOPS_CENTERBLOCK_ALL",6); define("XOOPS_BLOCK_INVISIBLE",0); define("XOOPS_BLOCK_VISIBLE",1); define("XOOPS_MATCH_START",0); define("XOOPS_MATCH_END",1); define("XOOPS_MATCH_EQUAL",2); define("XOOPS_MATCH_CONTAIN",3); define("SMARTY_DIR", XOOPS_ROOT_PATH."/class/smarty/"); define("XOOPS_CACHE_PATH", XOOPS_ROOT_PATH."/cache"); define("XOOPS_UPLOAD_PATH", XOOPS_ROOT_PATH."/uploads"); define("XOOPS_THEME_PATH", XOOPS_ROOT_PATH."/themes"); define("XOOPS_COMPILE_PATH", XOOPS_ROOT_PATH."/templates_c"); define("XOOPS_THEME_URL", XOOPS_URL."/themes"); define("XOOPS_UPLOAD_URL", XOOPS_URL."/uploads"); set_magic_quotes_runtime(0); include_once XOOPS_ROOT_PATH.'/class/logger.php'; $xoopsLogger =& XoopsLogger::instance(); $xoopsLogger->startTime(); if (!defined('XOOPS_XMLRPC')) { define('XOOPS_DB_CHKREF', 1); } else { define('XOOPS_DB_CHKREF', 0); } // ############## Include common functions file ############## include_once XOOPS_ROOT_PATH.'/include/functions.php'; // #################### Connect to DB ################## require_once XOOPS_ROOT_PATH.'/class/database/databasefactory.php'; if ($_SERVER['REQUEST_METHOD'] != 'POST' || !xoops_refcheck(XOOPS_DB_CHKREF)) { define('XOOPS_DB_PROXY', 1); } $xoopsDB =& XoopsDatabaseFactory::getDatabaseConnection(); // ################# Include required files ############## require_once XOOPS_ROOT_PATH.'/kernel/object.php'; require_once XOOPS_ROOT_PATH.'/class/criteria.php'; // #################### Include text sanitizer ################## include_once XOOPS_ROOT_PATH."/class/module.textsanitizer.php"; // ################# Load Config Settings ############## $config_handler =& xoops_gethandler('config'); $xoopsConfig =& $config_handler->getConfigsByCat(XOOPS_CONF); // #################### Error reporting settings ################## error_reporting(0); if ($xoopsConfig['debug_mode'] == 1) { error_reporting(E_ALL); } else { // Turn off error handler $xoopsErrorHandler->activate(false); } if ($xoopsConfig['enable_badips'] == 1 && isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] != '') { foreach ($xoopsConfig['bad_ips'] as $bi) { if (!empty($bi) && preg_match("/".$bi."/", $_SERVER['REMOTE_ADDR'])) { exit(); } } } unset($bi); unset($bad_ips); unset($xoopsConfig['badips']); // ################# Include version info file ############## include_once XOOPS_ROOT_PATH."/include/version.php"; // for older versions...will be DEPRECATED! $xoopsConfig['xoops_url'] = XOOPS_URL; $xoopsConfig['root_path'] = XOOPS_ROOT_PATH."/"; /**#@+ * Host abstraction layer */ if ( !isset($_SERVER['PATH_TRANSLATED']) && isset($_SERVER['SCRIPT_FILENAME']) ) { $_SERVER['PATH_TRANSLATED'] =& $_SERVER['SCRIPT_FILENAME']; // For Apache CGI } elseif ( isset($_SERVER['PATH_TRANSLATED']) && !isset($_SERVER['SCRIPT_FILENAME']) ) { $_SERVER['SCRIPT_FILENAME'] =& $_SERVER['PATH_TRANSLATED']; // For IIS/2K now I think :-( } if ( empty( $_SERVER[ 'REQUEST_URI' ] ) ) { // GIJ modified thx okuhiki // Under some configs, IIS makes SCRIPT_NAME point to php.exe :-( if ( !( $_SERVER[ 'REQUEST_URI' ] = @$_SERVER['PHP_SELF'] ) ) { $_SERVER[ 'REQUEST_URI' ] = $_SERVER['SCRIPT_NAME']; } if ( isset( $_SERVER[ 'QUERY_STRING' ] ) ) { $_SERVER[ 'REQUEST_URI' ] .= '?' . $_SERVER[ 'QUERY_STRING' ]; } } $xoopsRequestUri = $_SERVER[ 'REQUEST_URI' ]; // Deprecated (use the corrected $_SERVER variable now) /**#@-*/ // ############## Login a user with a valid session ############## $xoopsUser = ''; $xoopsUserIsAdmin = false; $member_handler =& xoops_gethandler('member'); $sess_handler =& xoops_gethandler('session'); if ($xoopsConfig['use_ssl'] && isset($_POST[$xoopsConfig['sslpost_name']]) && $_POST[$xoopsConfig['sslpost_name']] != '') { session_id($_POST[$xoopsConfig['sslpost_name']]); } elseif ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') { if (isset($_COOKIE[$xoopsConfig['session_name']])) { session_id($_COOKIE[$xoopsConfig['session_name']]); } else { // no custom session cookie set, destroy session if any $_SESSION = array(); //session_destroy(); } ini_set( 'session.gc_maxlifetime' , $xoopsConfig['session_expire'] * 60 ) ; // GIJ fixed the bug /* if (function_exists('session_cache_expire')) { session_cache_expire($xoopsConfig['session_expire']); } */ } session_set_save_handler(array(&$sess_handler, 'open'), array(&$sess_handler, 'close'), array(&$sess_handler, 'read'), array(&$sess_handler, 'write'), array(&$sess_handler, 'destroy'), array(&$sess_handler, 'gc')); session_start(); //autologin //if(empty($_SESSION['xoopsUserId']) && isset($_COOKIE['autologin_uname']) && isset($_COOKIE['autologin_pass'])) { // $myts =& MyTextSanitizer::getInstance(); // $uname = $myts->stripSlashesGPC($_COOKIE['autologin_uname']); // $pass = $myts->stripSlashesGPC($_COOKIE['autologin_pass']); // $myts =& MyTextsanitizer::getInstance(); // $user =& $member_handler->loginUserMd5(addslashes($uname), addslashes($pass)); // if (false != $user && $user->getVar('level') > 0) { // update time of last login // $user->setVar('last_login', time()); // if (!$member_handler->insertUser($user, true)) { // } //$_SESSION = array(); // $_SESSION['xoopsUserId'] = $user->getVar('uid'); // $_SESSION['xoopsUserGroups'] = $user->getGroups(); // update autologin cookies // $expire = time() + $xoopsConfig['session_expire'] * 60 ; // setcookie('autologin_uname', $uname, $expire, '/', '', 0); // setcookie('autologin_pass', $pass, $expire, '/', '', 0); // } else { // setcookie('autologin_uname', '', time() - 3600, '/', '', 0); // setcookie('autologin_pass', '', time() - 3600, '/', '', 0); // } //} // end of older autologin // autologin hack GIJ if(empty($_SESSION['xoopsUserId']) && isset($_COOKIE['autologin_uname']) && isset($_COOKIE['autologin_pass'])) { // redirect to XOOPS_URL/ when query string exists (anti-CSRF) if( ! empty( $_SERVER['QUERY_STRING'] ) ) { redirect_header( XOOPS_URL . '/' , 0 , 'Now, logging in automatically' ) ; exit ; } $myts =& MyTextSanitizer::getInstance(); $uname = $myts->stripSlashesGPC($_COOKIE['autologin_uname']); $pass = $myts->stripSlashesGPC($_COOKIE['autologin_pass']); $user =& $member_handler->loginUserMd5(addslashes($uname), addslashes($pass)); $xoops_cookie_path = defined('XOOPS_COOKIE_PATH') ? XOOPS_COOKIE_PATH : preg_replace( '?http://[^/]+(/.*)$?' , "$1" , XOOPS_URL ) ; if( $xoops_cookie_path == XOOPS_URL ) $xoops_cookie_path = '/' ; if (false != $user && $user->getVar('level') > 0) { // update time of last login $user->setVar('last_login', time()); if (!$member_handler->insertUser($user, true)) { } //$_SESSION = array(); $_SESSION['xoopsUserId'] = $user->getVar('uid'); $_SESSION['xoopsUserGroups'] = $user->getGroups(); // begin newly added in 2004-11-30 $user_theme = $user->getVar('theme'); if (in_array($user_theme, $xoopsConfig['theme_set_allowed'])) { $_SESSION['xoopsUserTheme'] = $user_theme; } // end newly added in 2004-11-30 // update autologin cookies $expire = time() + ( defined('XOOPS_AUTOLOGIN_LIFETIME') ? XOOPS_AUTOLOGIN_LIFETIME : 604800 ) ; // 1 week default setcookie('autologin_uname', $uname, $expire, $xoops_cookie_path, '', 0); setcookie('autologin_pass', $pass, $expire, $xoops_cookie_path, '', 0); } else { setcookie('autologin_uname', '', time() - 3600, $xoops_cookie_path, '', 0); setcookie('autologin_pass', '', time() - 3600, $xoops_cookie_path, '', 0); } } // end of autologin hack GIJ if (!empty($_SESSION['xoopsUserId'])) { $xoopsUser =& $member_handler->getUser($_SESSION['xoopsUserId']); if (!is_object($xoopsUser)) { $xoopsUser = ''; $_SESSION = array(); } else { if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') { setcookie($xoopsConfig['session_name'], session_id(), time()+(60*$xoopsConfig['session_expire']), '/', '', 0); } $xoopsUser->setGroups($_SESSION['xoopsUserGroups']); $xoopsUserIsAdmin = $xoopsUser->isAdmin(); } } /** * Modify for The Easiest MultiLanguag Hack Enhancement for XOOPS by nobunobu * Original is XOOPS Multilanguages by marcan * Set the languages files, language cookie, etc... **/ // Validation to be sure that no malicious code is include in sel_lang function validateLanguage($easiestml_lang = '') { include_once XOOPS_ROOT_PATH."/class/xoopslists.php"; $easiestml_langs = explode(',', EASIESTML_LANGS); $idx = array_search($easiestml_lang, $easiestml_langs); $easiestml_langnames = explode(',', EASIESTML_LANGNAMES); $easiestml_langname = $easiestml_langnames[$idx]; $lang_available = XoopsLists::getLangList(); If ( ($easiestml_langname != '') && (in_array($easiestml_langname, $lang_available)) ) { return $easiestml_langname; } return false; } // If user just switched language, do the change if ((!empty($_GET['easiestml_lang'])) && ($easiestml_langname = validateLanguage($_GET['easiestml_lang']))) { $xoopsConfig['language'] = $easiestml_langname; // Save this preference in a cookie, for when user is not logged in yet $xoops_cookie_path = defined('XOOPS_COOKIE_PATH') ? XOOPS_COOKIE_PATH : preg_replace( '?http://[^/]+(/.*)$?' , "$1" , XOOPS_URL ) ; if( $xoops_cookie_path == XOOPS_URL ) $xoops_cookie_path = '/' ; setcookie('easiestml_langname', $easiestml_langname, time() + EASIESTML_COOKIELIFETIME, $xoops_cookie_path, '' , 0); $_SERVER['QUERY_STRING'] = preg_replace('/(^|&)easiestml_lang\=.*$/','',$_SERVER['QUERY_STRING']); $_SERVER['argv'][0] = preg_replace('/(^|&)easiestml_lang\=.*$/','',$_SERVER['argv'][0]);; } else { // The user is anonymous, retreive the selected language from the cookie if (!empty($_COOKIE['easiestml_langname'])) { $xoopsConfig['language'] = $_COOKIE['easiestml_langname']; } /** End of The Easiest ML enhancement Hack by nobunobu **/ } // #################### Include site-wide lang file ################## if ( file_exists(XOOPS_ROOT_PATH."/language/".$xoopsConfig['language']."/global.php") ) { include_once XOOPS_ROOT_PATH."/language/".$xoopsConfig['language']."/global.php"; } else { include_once XOOPS_ROOT_PATH."/language/english/global.php"; } // ################ Include page-specific lang file ################ if (isset($xoopsOption['pagetype']) && false === strpos($xoopsOption['pagetype'], '.')) { if ( file_exists(XOOPS_ROOT_PATH."/language/".$xoopsConfig['language']."/".$xoopsOption['pagetype'].".php") ) { include_once XOOPS_ROOT_PATH."/language/".$xoopsConfig['language']."/".$xoopsOption['pagetype'].".php"; } else { include_once XOOPS_ROOT_PATH."/language/english/".$xoopsOption['pagetype'].".php"; } } $xoopsOption = array(); if ( !defined("XOOPS_USE_MULTIBYTES") ) { define("XOOPS_USE_MULTIBYTES",0); } if (!empty($_POST['xoops_theme_select']) && in_array($_POST['xoops_theme_select'], $xoopsConfig['theme_set_allowed'])) { $xoopsConfig['theme_set'] = $_POST['xoops_theme_select']; $_SESSION['xoopsUserTheme'] = $_POST['xoops_theme_select']; } elseif (!empty($_SESSION['xoopsUserTheme']) && in_array($_SESSION['xoopsUserTheme'], $xoopsConfig['theme_set_allowed'])) { $xoopsConfig['theme_set'] = $_SESSION['xoopsUserTheme']; } if ($xoopsConfig['closesite'] == 1) { $allowed = false; if (is_object($xoopsUser)) { foreach ($xoopsUser->getGroups() as $group) { if (in_array($group, $xoopsConfig['closesite_okgrp']) || XOOPS_GROUP_ADMIN == $group) { $allowed = true; break; } } } elseif (!empty($_POST['xoops_login'])) { include_once XOOPS_ROOT_PATH.'/include/checklogin.php'; exit(); } if (!$allowed) { include_once XOOPS_ROOT_PATH.'/class/template.php'; $xoopsTpl = new XoopsTpl(); $xoopsTpl->assign(array('sitename' => $xoopsConfig['sitename'], 'xoops_themecss' => xoops_getcss(), 'xoops_imageurl' => XOOPS_THEME_URL.'/'.$xoopsConfig['theme_set'].'/', 'lang_login' => _LOGIN, 'lang_username' => _USERNAME, 'lang_password' => _PASSWORD, 'lang_siteclosemsg' => $xoopsConfig['closesite_text'])); $xoopsTpl->xoops_setCaching(1); $xoopsTpl->display('db:system_siteclosed.html'); exit(); } unset($allowed, $group); } if (file_exists('./xoops_version.php')) { $url_arr = explode('/',strstr($xoopsRequestUri,'/modules/')); $module_handler =& xoops_gethandler('module'); $xoopsModule =& $module_handler->getByDirname($url_arr[2]); unset($url_arr); if (!$xoopsModule || !$xoopsModule->getVar('isactive')) { include_once XOOPS_ROOT_PATH."/header.php"; echo "