/* Main script for Intellect Board 2 Project (C) 2004, XXXX Pro, United Open Project Visit us online: http://intboard.ru */ $IBOARD=1; error_reporting(E_ERROR | E_WARNING | E_PARSE |E_CORE_ERROR | E_CORE_WARNING); set_error_handler("err_handler"); set_magic_quotes_runtime(0); $start_time = microtime(); require("xaphpi.php"); require("common.php"); require("config/database.php"); require("config/iboard.php"); require("db/$DBdriver.php"); require("addons.php"); if (get_magic_quotes_gpc()) { strips($_GET); strips($_POST); strips($_COOKIE); } $forum = getvar("f"); $topic = getvar("t"); $module = getvar("m"); $action = getvar("a"); $start = getvar('st'); $step = getvar('step'); if (!$forum) $forum=0; if (!$topic) $topic=0; if ($opt_gzip) ob_start("ob_gzhandler"); if (strpos($module,"/")!==false || strpos($module,"\\")!==false || strpos($module,".")!==false) global_error("Hack attempt! Module: ".$module); if (!is_numeric($forum)) global_error("Hack attempt! Forum: ".$forum); if (!is_numeric($topic)) global_error("Hack attempt! Topic: ".$topic); if ($start && !is_numeric($start) && $start!="all" && $start!="new") global_error("Hack attempt! Start: ".$start); $order = getvar('o'); if (preg_match("/\W+/",$order)) global_error("HACK ATTEMPT: order=$order"); if ($DBpersist) $link=db_pconnect($DBhost,$DBusername,$DBpassword); else $link=db_connect($DBhost,$DBusername,$DBpassword); db_select_db($DBname,$link); if ($step=="next") { $sql = "SELECT t_id FROM ".$GLOBALS['DBprefix']."Topic WHERE t_fid=$forum AND t_id>$topic ORDER BY t_id LIMIT 1"; $res=db_query($sql,$link); if (db_num_rows($res)==0) header("Location: ".$GLOBALS['opt_url']."/index.php?t=$topic"); list($topic)=db_fetch_row($res); db_free_result($res); header("Location: ".$GLOBALS['opt_url']."/index.php?t=$topic"); exit(); } if ($step=="prev") { $sql = "SELECT t_id FROM ".$GLOBALS['DBprefix']."Topic WHERE t_fid=$forum AND t_id<$topic ORDER BY t_id DESC LIMIT 1"; $res=db_query($sql,$link); if (db_num_rows($res)==0) header("Location: ".$GLOBALS['opt_url']."/index.php?t=$topic"); list($topic)=db_fetch_row($res); db_free_result($res); header("Location: ".$GLOBALS['opt_url']."/index.php?t=$topic"); exit(); } $curtime=time(); session_name("IB2XP".$GLOBALS['DBprefix']); $mode=$_COOKIE['IB2XP_mode'.$GLOBALS['DBprefix']]; if ($mode==1) session_set_cookie_params(date("r",time()+30*60)); session_start(); if (isset($_COOKIE['IB2XP_long'.$GLOBALS['DBprefix']])) { $cookiedata=unserialize($_COOKIE['IB2XP_long'].$GLOBALS['DBprefix']); if ($mode==2) setcookie("IB2XP_long",$_COOKIE['IB2XP_long'.$GLOBALS['DBprefix']],time()+180*24*60*60); if (is_array($cookiedata)) $_SESSION=array_merge($_SESSION,$cookiedata); } if ($GLOBALS['opt_secbrowser']) $useragent=$_SERVER['HTTP_USER_AGENT']; $lang = getvar("lang"); if ($lang) { if (file_exists($GLOBALS['opt_dir']."/langs/$lang/main.php")) $_SESSION['lang']=$lang; else $lang=""; } if (!$lang && $_SESSION['lang']) { if (file_exists($GLOBALS['opt_dir']."/langs/".$_SESSION['lang']."/main.php")) $lang=$_SESSION['lang']; else $lang=""; } if (!$lang && !$_SESSION['uid'] && $langlist=$_SERVER['HTTP_ACCEPT_LANGUAGE']) { $langs=explode(",",$langlist); foreach ($langs as $curlang) { list($langname,$langprior)=explode(";",$curlang); if (!$langprior) $langprior=1; if (file_exists($GLOBALS['opt_dir']."/langs/$langname/main.php") && $curprior>$langprior) { $lang=$langname; $langprior=$curprior; } } } if (strpos($lang,".")!==false || strpos($lang,"\\")!==false || strpos($lang,"/")!==false) unset($lang); if ($lang) $sqldata = "ln.ln_file=\"".db_slashes($lang)."\""; else $sqldata="ln.ln_id=u.u_lnid"; $inusername = getvar("inusername"); $inpassword = getvar("inpassword"); $sqlbase="SELECT u.*, lv.*, ln.*, st.*, u__pmcount AS pmcount, u__warnings AS uw_count ". "FROM ".$GLOBALS['DBprefix']."User u, ".$GLOBALS['DBprefix']."Language ln, ".$GLOBALS['DBprefix']."StyleSet st ". "LEFT JOIN ".$GLOBALS['DBprefix']."LastVisit lv ON (u.u_id=lv.uid AND lv.fid=\"$forum\") ". "WHERE $sqldata AND st.st_id=u.u_stid "; if ($inusername) { $sql=$sqlbase."AND u.u__name=\"$inusername\" GROUP BY u.u_id"; $insalt = rand(); } elseif ($_SESSION['uid'] && $_SESSION['uid']!=1) { $inuserid = db_slashes($_SESSION['uid']); if (!$inuserid) $inuserid="1"; $inpassword = db_slashes($_SESSION['password']); $insalt = db_slashes($_SESSION['salt']); $sql=$sqlbase."AND u_id=\"$inuserid\""; } else $sql=$sqlbase."AND u_id=\"1\""; $res = db_query($sql,$link); if (db_num_rows($res)==0) { db_free_result($res); $sql = $sqlbase." AND u_id=1"; $res = db_query($sql,$link); $inuserid = 1; $_SESSION['uid']=1; $_SESSION['password']=""; $_SESSION['salt']=0; } if (substr($action,0,3)!="do_" || getvar("preview") || getvar("more")) $do_mode=1; else $do_mode=0; $inuser = db_fetch_array($res); $inuserid = $inuser['u_id']; db_free_result($res); if ($inuserid>3) { $inuser['uw_count']=check_warnings($udata); } load_lang("main.php"); if (!$do_mode || getvar('preview')) load_style("message.php"); load_lang("format.php"); load_lang("addons.php"); if ($do_mode) { load_style("main.php"); load_style("common.php"); } //setlocale(LC_ALL,$inuser['ln_locale']); if ($inuserid>3 && intval($_COOKIE['IB2XP_mode'])==1 && !getvar('inusername') && getip()!=$_SESSION['ipaddr']) { $_SESSION['uid']=1; $_SESSION['password']=""; $_SESSION['salt']=0; error(MSG_e_u_ipchanged); } if ($inuser['u__active']!=1) { $_SESSION['uid']=1; $_SESSION['password']=""; $_SESSION['salt']=0; error(MSG_e_u_inactive); } if ($inuser['u_id']!=1) { if (!$inusername) { if (!$inuser['u_encrypted']) { $rightpass = crypt($inuser['u__key'].$useragent.md5($inuser['u__password']),$insalt); } else $rightpass = crypt($inuser['u__key'].$useragent.$inuser['u__password'],$insalt); } else { if ($inuser['u__lastlogin']>$curtime-$GLOBALS['opt_brutetimeout']) $nologin=1; $rightpass=$inuser['u__password']; if ($inuser['u_encrypted']) $inpassword = md5($inpassword); } if ($inpassword!=$rightpass || $nologin==1) { $sql = "UPDATE ".$GLOBALS['DBprefix']."User SET u__lastlogin=$curtime WHERE u_id=".$inuser['u_id']; $res = db_query($sql,$link); $_SESSION['uid']=1; $_SESSION['password']=""; $_SESSION['salt']=0; error(MSG_e_badpassword); } } if ($inusername && $_SESSION['uid']<=3) { $_SESSION['uid'] = $inuser['u_id']; if (!$inuser['u_encrypted']) $inpassword = md5($inpassword); $_SESSION['password'] = crypt($inuser['u__key'].$useragent.$inpassword,$insalt); $_SESSION['salt'] = $insalt; } $inuserbasic = $inuser['u__level']; if ($GLOBALS['opt_warnstoban'] && intval($inuser['uw_count'])<=-intval($GLOBALS['opt_warnstoban'])) $inuserbasic=-1; if ($GLOBALS['inuserbasic']==1024) { header("Location: ".$GLOBALS['opt_url']."/admin/index.php"); exit(); } if ($GLOBALS['opt_status'] && $module!="profile" && $action!="do_login" && $action!="login" && $inuserlevel<1000) error($GLOBALS['opt_closetext']); if (!$action && !$module && !$forum && !$topic && !getvar('ct') && $GLOBALS['opt_mainpage']) $forum=$GLOBALS['opt_mainpage']; if ($topic) { $sql = "SELECT t.*, pl.*, t__ratingsum/t__ratingcount AS trating, t__pcount AS pcount, p.p__time AS lasttime, p2.p_uid AS t_author, bm.tid>0 AS bmk, sb.tid>0 AS subscr, ". "v.pvid>0 AS voted, IFNULL(tv.tid,0)!=0 AS visited, lv_markall, lv_markcount ". " FROM ".$GLOBALS['DBprefix']."Topic t, ".$GLOBALS['DBprefix']."Post p, ".$GLOBALS['DBprefix']."Post p2 ". "LEFT JOIN ".$GLOBALS['DBprefix']."Poll pl ON (pl_tid=t_id) ". "LEFT JOIN ".$GLOBALS['DBprefix']."Bookmark bm ON (bm.uid=$inuserid AND bm.tid=t.t_id) ". "LEFT JOIN ".$GLOBALS['DBprefix']."Subscription sb ON (t.t_id=sb.tid AND sb.uid=$inuserid) ". "LEFT JOIN ".$GLOBALS['DBprefix']."TopicView tv ON (tv.tid=t.t_id AND tv.uid=".$GLOBALS['inuserid'].") ". "LEFT JOIN ".$GLOBALS['DBprefix']."Vote v ON (v.tid=$topic AND v.uid=$inuserid) ". "LEFT JOIN ".$GLOBALS['DBprefix']."LastVisit lv ON (lv.fid=t.t_fid AND lv.uid=".$GLOBALS['inuserid'].") ". "WHERE t_id=\"$topic\" AND p.p_id=t.t__lastpostid AND p2.p_id=t.t__startpostid"; // db_explain($sql); $res = db_query($sql,$link); if (db_num_rows($res)==0) error(MSG_e_t_notexists); $intopic = db_fetch_array($res); db_free_result($res,$link); $forum = $intopic['t_fid']; $GLOBALS['inuser']['lv_markall']=$intopic['lv_markall']; $GLOBALS['inuser']['lv_markcount']=$intopic['lv_markcount']; } if ($forum>0) { $sql = "SELECT f.*, ct.*, tp.*, ua_level, p__time AS lasttime FROM ".$GLOBALS['DBprefix']."Forum f, ".$GLOBALS['DBprefix']."ForumType tp, ".$GLOBALS['DBprefix']."Category ct ". "LEFT JOIN ".$GLOBALS['DBprefix']."Post p ON (p_id=f__lastpostid) ". "LEFT JOIN ".$GLOBALS['DBprefix']."UserAccess ua ON (ua.uid=".$GLOBALS['inuserid']." AND ua.fid=\"$forum\") ". "WHERE f.f_tpid=tp.tp_id AND f.f_ctid=ct.ct_id AND ". "f_lview<=IFNULL(ua_level,$inuserbasic) AND f.f_id=\"$forum\" "; $res = db_query($sql,$link); if (db_num_rows($res)==0 && !$topic) error(MSG_e_f_notexists); if (db_num_rows($res)==0 && $topic) error(MSG_e_t_notexists); $inforum = db_fetch_array($res); db_free_result($res,$link); if ($inforum['ua_level']>$inuserbasic && $inuserbasic!=-1) $inuserlevel=$inforum['ua_level']; else $inuserlevel=$inuserbasic; if (!$module || $module==$inforum['tp_library']) { $module = $inforum['tp_library']; } $flevel=$inforum['f_lmoderate']; build_mod_list($forum,$flevel); } else $inuserlevel=$inuserbasic; if (!$module) $module = "main"; if ($inuserid>3) { $userlast1=$inuser['lv_time1']; $userlast2=$inuser['lv_time2']; if ($userlast1<$curtime-$opt_heretime*60) $userlast2=$userlast1; $userlast1=$curtime; if (!$userlast2) $userlast2=0; $sql = "REPLACE ".$GLOBALS['DBprefix']."LastVisit SET uid=$inuserid, fid=$forum, lv_time1=$userlast1, lv_time2=$userlast2, lv_markall=".intval($GLOBALS['inuser']['lv_markall']).", lv_markcount=".intval($GLOBALS['inuser']['lv_markcount']); $res = db_query($sql,$link); } if (!$action && !$forum) $action = "view"; elseif (!$action && $forum) $action = $inforum['tp_template']."_view"; if ($action=="link_view") header("Location: ".$inforum['f_url']); if ($module!="main" || $_GET['ct'] || $_GET['f']) $locations=array("$opt_title"); else $locations=array(); if (!is_file($opt_dir."/".$module.".php")) global_error(MSG_e_nomodule." ".$module.".php"); load_style("$module.php"); require ($opt_dir."/".$module.".php"); if ($module==$inforum['tp_template']) $locations=call_user_func($module."_locations",$locations); else $locations=locations($locations); if ($topic) $lasttime=$intopic['lasttime']; elseif ($forum && !$topic) $lasttime=$inforum['lasttime']; else { $sql = "SELECT p__time FROM ".$GLOBALS['DBprefix']."Post, ".$GLOBALS['DBprefix']."Forum WHERE p_id=f__lastpostid ORDER BY p_id DESC LIMIT 1"; $res=db_query($sql,$link); list($lasttime)=db_fetch_row($res); db_free_result($res); } $lasttime=max($lasttime,$inuser['u__pmtime'],$inuser['u__profileupdate']); if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) { $condtime = strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']); if ($condtime>0 && $condtime>$lasttime && $lasttime<($curtime-30*24*60*60)) { header("HTTP/1.1 304 Not Modified"); exit(); } } header("Content-type: text/html; charset=".$GLOBALS['inuser']['ln_charset']); if ($GLOBALS['inuserid']<3) header("Cache-Control: public"); else header("Cache-Control: private"); header("Last-Modified: ".date("r",$lasttime)); //header("Expires: ",date("r",time()+60)); if ($do_mode) require($opt_dir."/config/tmplate1.php"); else require($opt_dir."/config/tmplate2.php"); if ($opt_log==2 || ($opt_log==1 && $inuserid>3)) { if ($inuserid==1) $mode=0; elseif ($inuserid>3 && $inuser['u_hidden']) $mode=2; else $mode=1; $sid = session_id(); $ip = iptonum(getip()); $sid_num=$_SESSION['sid_num']; if (!$sid_num) { $sql = "INSERT INTO ".$GLOBALS['DBprefix']."LogSession SET sid=\"$sid\", uo_ip=$ip, uo_curid=".$GLOBALS['inuserid'].", uo_maxuid=".$GLOBALS['inuserid'].", uo_lasttime=$curtime"; $res=db_query($sql,$GLOBALS['link']); $_SESSION['sid_num'] = db_insert_id($res); $sid_num=$_SESSION['sid_num']; } else { if ($GLOBALS['inuserid']>3) $sqldata=", uo_maxuid=".$GLOBALS['inuserid']; else $sqldata=""; $sql = "UPDATE ".$GLOBALS['DBprefix']."LogSession SET uo_curid=".$GLOBALS['inuserid'].", uo_lasttime=$curtime $sqldata WHERE sid_id=$sid_num"; $res=db_query($sql,$link); } $sql = "INSERT INTO ".$GLOBALS['DBprefix']."LogEntry (uo_id,uo_tid,uo_fid,uo_action,uo_mode,uo_module,uo_time) ". "VALUES (\"$sid_num\",".$GLOBALS['topic'].",".$GLOBALS['forum'].",\"".$GLOBALS['action']."\",$mode,\"".$GLOBALS['module']."\",$curtime)"; $res=db_query($sql,$link); if ($GLOBALS['opt_logclean']<$GLOBALS['curtime']-24*60*60) { $sql = "DELETE FROM ".$GLOBALS['DBprefix']."LogSession WHERE uo_lasttime<".intval($GLOBALS['curtime']-$GLOBALS['opt_keeplogs']*24*60*60-$GLOBALS['opt_heretime']*60); $res=db_query($sql,$GLOBALS['link']); $sql = "DELETE FROM ".$GLOBALS['DBprefix']."LogEntry WHERE uo_time<".intval($GLOBALS['curtime']-$GLOBALS['opt_keeplogs']*24*60*60-$GLOBALS['opt_heretime']*60); $res=db_query($sql,$GLOBALS['link']); $GLOBALS['opt_logclean']=$GLOBALS['curtime']; options_save(); } } list_checks(); exit(); function main_action() { $funcs = get_defined_functions(); if (array_search($GLOBALS['action'],$funcs['user'])===false) global_error("Undefined action: ".$GLOBALS['action']); call_user_func($GLOBALS['action']); } function time_diff() { $curtime = microtime(); $tdif = gettimedif($GLOBALS['start_time'],$curtime); main_time_diff(sprintf("%.4f",$tdif),$GLOBALS['query_count'],sprintf("%.4f",$GLOBALS['query_time'])); } function menu() { $link = $GLOBALS['link']; if ($GLOBALS['opt_submenu']) $menusql="AND tp_menu=1"; else $menusql="AND f_parent=0"; $sql = "SELECT ct.ct_name,ct.ct_id,f.f_title,f.f_id FROM ".$GLOBALS['DBprefix']."Category ct, ".$GLOBALS['DBprefix']."Forum f, ".$GLOBALS['DBprefix']."ForumType tp ". "LEFT JOIN ".$GLOBALS['DBprefix']."UserAccess ua ON (ua.uid=".$GLOBALS['inuserid']." AND ua.fid=f.f_id) ". "WHERE f.f_ctid=ct.ct_id AND f_tpid=tp_id $menusql AND ". "f.f_lview<=IFNULL(ua.ua_level,".$GLOBALS['inuserbasic'].") ". "ORDER BY ct_sortfield,f_sortfield"; $res = db_query($sql,$link); menu_start(); while ($fdata=db_fetch_array($res)) { if ($fdata['ct_name']!=$oldcat) { if ($oldcat) menu_cat_end(); menu_cat_entry($fdata); $oldcat=$fdata['ct_name']; } menu_entry($fdata); } menu_cat_end(); menu_end(); } function announce() { if ($GLOBALS['opt_announce']==2 || ($GLOBALS['opt_announce']==1 && $GLOBALS['module']=="main" && $GLOBALS['action']=="view")) { announce_form(); } } function err_handler($errno, $errstr, $errfile, $errline) { if ($errno & (E_ALL ^ E_NOTICE)) { $errfile = substr($errfile,strrpos($errfile,"/")+1); global_error("$errfile (line $errline)"." - ".$errstr); } } function global_error($errtext) { $fh=fopen("config/error.log","a"); $errtext=str_replace("\r","",$errtext); $str="Date: ".date("r",time()).", IP: ". $_SERVER['REMOTE_ADDR'].",".$_SERVER['HTTP_X_FORWARDED_FOR']; $str.=", User".$GLOBALS['inuserid']." - ".$GLOBALS['inuser']['u__name']; $str.=", Module: ".$GLOBALS['module'].", Action: ".$GLOBALS['action']."\n".$errtext."\n\n"; fputs($fh,$str); fclose($fh); ?>
GLOBAL FORUM ERROR: =htmlspecialchars($errtext);?> |