<? /*

Main script for Intellect Board 2 Project

(C) 2004, XXXX Pro, United Open Project
Visit us online: http://iboard.xxxxpro.ru

*/

$IBOARD=1;

error_reporting(E_ERROR | E_WARNING | E_PARSE |E_CORE_ERROR | E_CORE_WARNING);
set_error_handler("err_handler");
$start_time = microtime();

require("xaphpi.php");
require("common.php");
require("config/database.php");
require("config/iboard.php");
require("db/$DBdriver.php");
require("addons.php");

$forum = htmlspecialchars(getvar("f"));
$topic = htmlspecialchars(getvar("t"));
$module = htmlspecialchars(getvar("m"));
$action = htmlspecialchars(getvar("a"));
$start = getvar('st');
$step = getvar('step');
if (!$forum) $forum=0;
if (!$topic) $topic=0;

if ($opt_gzip) ob_start("ob_gzhandler");

if (strpos($module,"/")!==false || strpos($module,"\\")!==false) global_error("Hack attempt! Module: ".$module);
if (!is_numeric($forum)) global_error("Hack attempt! Forum: ".$forum);
if (!is_numeric($topic)) global_error("Hack attempt! Topic: ".$topic);
if ($start && !is_numeric($start) && $start!="all" && $start!="new") global_error("Hack attempt! Start: ".$start);

$order = getvar('o');
if (preg_match("/\W+/",$order)) global_error("HACK ATTEMPT: order=$order");

if ($DBpersist) $link=db_pconnect($DBhost,$DBusername,$DBpassword);
else $link=db_connect($DBhost,$DBusername,$DBpassword);
db_select_db($DBname,$link);

if ($step=="next") {
  $sql = "SELECT t_id FROM ".$GLOBALS['DBprefix']."Topic WHERE t_fid=$forum AND t_id>$topic ORDER BY t_id LIMIT 1";
  $res=db_query($sql,$link);
  if (db_num_rows($res)==0) header("Location: ".$GLOBALS['opt_url']."/index.php?t=$topic");
  list($topic)=db_fetch_row($res);
  db_free_result($res);
  header("Location: ".$GLOBALS['opt_url']."/index.php?t=$topic");
  exit();
}

if ($step=="prev") {
  $sql = "SELECT t_id FROM ".$GLOBALS['DBprefix']."Topic WHERE t_fid=$forum AND t_id<$topic ORDER BY t_id DESC LIMIT 1";
  $res=db_query($sql,$link);
  if (db_num_rows($res)==0) header("Location: ".$GLOBALS['opt_url']."/index.php?t=$topic");
  list($topic)=db_fetch_row($res);
  db_free_result($res);
  header("Location: ".$GLOBALS['opt_url']."/index.php?t=$topic");
  exit();  
}

$curtime=time();
session_name("IB2XP");
$mode=$_COOKIE['IB2XP_mode'];
if ($mode==1) session_set_cookie_params(date("r",time()+30*60));
session_start();
if ($mode==2) {
  setcookie("IB2XP_long",stripslashes($_COOKIE['IB2XP_long']),time()+180*24*60*60);
  $cookiedata=unserialize(stripslashes($_COOKIE['IB2XP_long']));
  if (is_array($cookiedata)) $_SESSION=array_merge($_SESSION,$cookiedata);
}
if ($GLOBALS['opt_secbrowser']) $useragent=$_SERVER['HTTP_USER_AGENT'];

$lang = getvar("lang");
if ($lang) {
  if (file_exists($GLOBALS['opt_dir']."/langs/$lang/main.php")) $_SESSION['lang']=$lang;
  else $lang="";
}
if (!$lang && $_SESSION['lang']) {
  if (file_exists($GLOBALS['opt_dir']."/langs/".$_SESSION['lang']."/main.php")) $lang=$_SESSION['lang'];
  else $lang="";
}
if (!$lang && !$_SESSION['uid'] && $langlist=$_SERVER['HTTP_ACCEPT_LANGUAGE']) {
  $langs=explode(",",$langlist);
  foreach ($langs as $curlang) {
    list($langname,$langprior)=explode(";",$curlang);
    if (!$langprior) $langprior=1;
    if (file_exists($GLOBALS['opt_dir']."/langs/$langname/main.php") && $curprior>$langprior) {
      $lang=$langname;
      $langprior=$curprior;
    }
  }
}
if ($lang) $sqldata = "ln.ln_file=\"".db_slashes($lang)."\"";
else $sqldata="ln.ln_id=u.u_lnid";

$inusername = getvar("inusername");
$inpassword = getvar("inpassword");
$sqlbase="SELECT u.*, lv.*, ln.*, st.*, u__pmcount AS pmcount, u__warnings AS uw_count ".
"FROM ".$GLOBALS['DBprefix']."User u, ".$GLOBALS['DBprefix']."Language ln, ".$GLOBALS['DBprefix']."StyleSet st ".
"LEFT JOIN ".$GLOBALS['DBprefix']."LastVisit lv ON (u.u_id=lv.uid AND lv.fid=\"$forum\") ".
"WHERE $sqldata AND st.st_id=u.u_stid ";

if ($inusername) {
  $sql=$sqlbase."AND u.u__name=\"$inusername\" GROUP BY u.u_id";
  $insalt = rand();
}
elseif ($_SESSION['uid'] && $_SESSION['uid']!=1) {
  $inuserid = db_slashes($_SESSION['uid']);
  if (!$inuserid) $inuserid="1";
  $inpassword = db_slashes($_SESSION['password']);
  $insalt = db_slashes($_SESSION['salt']);
  $sql=$sqlbase."AND u_id=\"$inuserid\"";
}
else $sql=$sqlbase."AND u_id=\"1\"";

$res = db_query($sql,$link);

if (db_num_rows($res)==0) {
  db_free_result($res);
  $sql = $sqlbase." AND u_id=1";
  $res = db_query($sql,$link);
  $inuserid = 1;
  $_SESSION['uid']=1;
  $_SESSION['password']="";
  $_SESSION['salt']=0;
}

if (substr($action,0,3)!="do_" || getvar("preview") || getvar("more")) $do_mode=1;
else $do_mode=0;

$inuser = db_fetch_array($res);
$inuserid = $inuser['u_id'];
db_free_result($res);

if ($inuserid>3) {
  $inuser['uw_count']=check_warnings($udata);
}

load_lang("main.php");
if (!$do_mode) load_style("message.php");
load_lang("format.php");
load_lang("addons.php");
if ($do_mode) {
  load_style("main.php");
  load_style("common.php");
}
//setlocale(LC_ALL,$inuser['ln_locale']);

if ($inuserid>3 && intval($_COOKIE['IB2XP_mode'])==1 && !getvar('inusername') &&  getip()!=$_SESSION['ipaddr']) {
  $_SESSION['uid']=1;
  $_SESSION['password']="";
  $_SESSION['salt']=0;
  error(MSG_e_u_ipchanged);
}

if ($inuser['u__active']!=1) {
  $_SESSION['uid']=1;
  $_SESSION['password']="";
  $_SESSION['salt']=0;
  error(MSG_e_u_inactive);
}

if ($inuser['u_id']!=1) {
  if (!$inusername) {
    if (!$inuser['u_encrypted']) { $rightpass = crypt($inuser['u__key'].$useragent.md5($inuser['u__password']),$insalt); }
    else $rightpass = crypt($inuser['u__key'].$useragent.$inuser['u__password'],$insalt);
  }
  else {
    if ($inuser['u__lastlogin']>$curtime-$GLOBALS['opt_brutetimeout']) $nologin=1;
    $rightpass=$inuser['u__password'];
    if ($inuser['u_encrypted']) $inpassword = md5($inpassword);
  }
  if ($inpassword!=$rightpass || $nologin==1) {
    $sql = "UPDATE ".$GLOBALS['DBprefix']."User SET u__lastlogin=$curtime WHERE u_id=".$inuser['u_id'];
    $res = db_query($sql,$link);
    $_SESSION['uid']=1;
    $_SESSION['password']="";
    $_SESSION['salt']=0;
    error(MSG_e_badpassword);
   }
}

if ($inusername && $_SESSION['uid']<=3) {
  $_SESSION['uid'] = $inuser['u_id'];
  if (!$inuser['u_encrypted']) $inpassword = md5($inpassword);
  $_SESSION['password'] = crypt($inuser['u__key'].$useragent.$inpassword,$insalt);
  $_SESSION['salt'] = $insalt;
}

$inuserbasic = $inuser['u__level'];
if ($GLOBALS['opt_warnstoban'] && intval($inuser['uw_count'])<=-intval($GLOBALS['opt_warnstoban'])) $inuserbasic=-1;

if ($GLOBALS['inuserbasic']==1024) { header("Location: ".$GLOBALS['opt_url']."/admin/index.php"); exit(); }
if ($GLOBALS['opt_status'] && $module!="profile" && $action!="do_login" &&
    $action!="login" && $inuserlevel<1000) error($GLOBALS['opt_closetext']);

if (!$action && !$module && !$forum && !$topic && !getvar('ct') && $GLOBALS['opt_mainpage']) $forum=$GLOBALS['opt_mainpage'];

if ($topic) {
  $sql = "SELECT t.*, pl.*, t__ratingsum/t__ratingcount AS trating, t__pcount AS pcount, p.p__time AS lasttime, bm.tid>0 AS bmk, sb.tid>0 AS subscr, ".
  "v.pvid>0 AS voted, IFNULL(tv.tid,0)!=0 AS visited  ".
  " FROM ".$GLOBALS['DBprefix']."Topic t, ".$GLOBALS['DBprefix']."Post p ".
  "LEFT JOIN ".$GLOBALS['DBprefix']."Poll pl ON (pl_tid=t_id) ".
  "LEFT JOIN ".$GLOBALS['DBprefix']."Bookmark bm ON (bm.uid=$inuserid AND bm.tid=t.t_id) ".
  "LEFT JOIN ".$GLOBALS['DBprefix']."Subscription sb ON (t.t_id=sb.tid AND sb.uid=$inuserid) ".
  "LEFT JOIN ".$GLOBALS['DBprefix']."TopicView tv ON (tv.tid=t.t_id AND tv.uid=".$GLOBALS['inuserid'].") ".
  "LEFT JOIN ".$GLOBALS['DBprefix']."Vote v ON (v.tid=$topic AND v.uid=$inuserid) ".
  "WHERE t_id=\"$topic\" AND p.p_id=t.t__lastpostid";
//  db_explain($sql);
  $res = db_query($sql,$link);
  if (db_num_rows($res)==0) error(MSG_e_t_notexists);
  $intopic = db_fetch_array($res);
  db_free_result($res,$link);
  $forum = $intopic['t_fid'];
}

if ($forum>0) {
  $sql = "SELECT f.*, ct.*, tp.*, ua_level, p__time AS lasttime FROM ".$GLOBALS['DBprefix']."Forum f, ".$GLOBALS['DBprefix']."ForumType tp, ".$GLOBALS['DBprefix']."Category ct ".
  "LEFT JOIN ".$GLOBALS['DBprefix']."Post p ON (p_id=f__lastpostid) ".
  "LEFT JOIN ".$GLOBALS['DBprefix']."UserAccess ua ON (ua.uid=".$GLOBALS['inuserid']." AND ua.fid=\"$forum\") ".
  "WHERE f.f_tpid=tp.tp_id AND f.f_ctid=ct.ct_id AND ".
  "f_lview<=IFNULL(ua_level,$inuserbasic) AND f.f_id=\"$forum\" ";
  $res = db_query($sql,$link);
  if (db_num_rows($res)==0 && !$topic) error(MSG_e_f_notexists);
  if (db_num_rows($res)==0 && $topic) error(MSG_e_t_notexists);
  $inforum = db_fetch_array($res);
  db_free_result($res,$link);

  if ($inforum['ua_level']>$inuserbasic && $inuserbasic!=-1) $inuserlevel=$inforum['ua_level'];
  else $inuserlevel=$inuserbasic;
  if (!$module || $module==$inforum['tp_library']) {
    $module = $inforum['tp_library'];
  }
  $flevel=$inforum['f_lmoderate'];
  build_mod_list($forum,$flevel);
}
else $inuserlevel=$inuserbasic;

if (!$module) $module = "main";

if ($inuserid>3) {
  $userlast1=$inuser['lv_time1'];
  $userlast2=$inuser['lv_time2'];
  if ($userlast1<$curtime-$opt_heretime*60) $userlast2=$userlast1;
  $userlast1=$curtime;
  if (!$userlast2) $userlast2=0;
  
  $sql = "UPDATE ".$GLOBALS['DBprefix']."LastVisit SET lv_time1=$userlast1, lv_time2=$userlast2 WHERE uid=$inuserid AND fid=$forum";
  $res = db_query($sql,$link);
  if (db_affected_rows($res)==0) {
    $sql = "INSERT INTO ".$GLOBALS['DBprefix']."LastVisit (uid,fid,lv_time1,lv_time2) VALUES (".$GLOBALS['inuserid'].",".$GLOBALS['forum'].",".$userlast1.",".$userlast2.")";
    $res=db_query($sql,$link);
  }
}

if (!$action && !$forum) $action = "view";
elseif (!$action && $forum) $action = $inforum['tp_template']."_view";
if ($action=="link_view") header("Location: ".$inforum['f_url']);

if ($module!="main" || $_GET['ct'] || $_GET['f']) $locations=array("<a href=\"index.php\">$opt_title</a>");

if (!is_file($opt_dir."/".$module.".php")) global_error(MSG_e_nomodule." ".$module.".php");

load_style("$module.php");
require ($opt_dir."/".$module.".php");

if ($module==$inforum['tp_template']) $locations=call_user_func($module."_locations",$locations);
else $locations=locations($locations);

if ($topic) $lasttime=$intopic['lasttime'];
elseif ($forum && !$topic) $lasttime=$inforum['lasttime'];
else $lasttime=$curtime;

header("Content-type: text/html; charset=".$GLOBALS['inuser']['ln_charset']);
if ($GLOBALS['inuserid']<3) header("Cache-Control: public");
else header("Cache-Control: private");
header("Last-Modified: ",date("r",$lasttime));
header("Expires: ",date("r",$GLOBALS['curtime']+365*24*60*60));

if ($do_mode) require($opt_dir."/config/tmplate1.php");
else require($opt_dir."/config/tmplate2.php");

if ($opt_log==2 || ($opt_log==1 && $inuserid>3)) {
  if ($inuserid==1) $mode=0;
  elseif ($inuserid>3 && $inuser['u_hidden']) $mode=2;
  else $mode=1;

  $sid = session_id();
  $ip = iptonum(getip());
  $sid_num=$_SESSION['sid_num'];
  if (!$sid_num) {
    $sql = "INSERT INTO ".$GLOBALS['DBprefix']."LogSession SET sid=\"$sid\", uo_ip=$ip, uo_curid=".$GLOBALS['inuserid'].", uo_maxuid=".$GLOBALS['inuserid'].", uo_lasttime=$curtime";
    $res=db_query($sql,$GLOBALS['link']);
    $_SESSION['sid_num'] = db_insert_id($res);
    $sid_num=$_SESSION['sid_num'];
  }
  else {
    if ($GLOBALS['inuserid']>3) $sqldata=", uo_maxuid=".$GLOBALS['inuserid'];
    else $sqldata="";
    $sql = "UPDATE ".$GLOBALS['DBprefix']."LogSession SET uo_curid=".$GLOBALS['inuserid'].", uo_lasttime=$curtime $sqldata WHERE sid_id=$sid_num";
    $res=db_query($sql,$link);
  }

  $sql = "INSERT INTO ".$GLOBALS['DBprefix']."LogEntry (uo_id,uo_tid,uo_fid,uo_action,uo_mode,uo_module,uo_time) ".
  "VALUES (\"$sid_num\",".$GLOBALS['topic'].",".$GLOBALS['forum'].",\"".$GLOBALS['action']."\",$mode,\"".$GLOBALS['module']."\",$curtime)";
  $res=db_query($sql,$link);

  if ($GLOBALS['opt_logclean']<$GLOBALS['curtime']-24*60*60) {
    $sql = "DELETE FROM ".$GLOBALS['DBprefix']."LogSession WHERE uo_lasttime<".intval($GLOBALS['curtime']-$GLOBALS['opt_keeplogs']*24*60*60-$GLOBALS['opt_heretime']*60);
    $res=db_query($sql,$GLOBALS['link']);

    $sql = "DELETE FROM ".$GLOBALS['DBprefix']."LogEntry WHERE uo_time<".intval($GLOBALS['curtime']-$GLOBALS['opt_keeplogs']*24*60*60-$GLOBALS['opt_heretime']*60);
    $res=db_query($sql,$GLOBALS['link']);

    $GLOBALS['opt_logclean']=$GLOBALS['curtime'];
    options_save();
  }
}


list_checks();

exit();

function main_action() {
  call_user_func($GLOBALS['action']);
}

function time_diff() {
  $curtime = microtime();
  $tdif = gettimedif($GLOBALS['start_time'],$curtime);
  main_time_diff(sprintf("%.4f",$tdif),$GLOBALS['query_count'],sprintf("%.4f",$GLOBALS['query_time']));
}

function menu() {
  $link = $GLOBALS['link'];
  if ($GLOBALS['opt_submenu']) $menusql="AND tp_menu=1";
  else $menusql="AND f_parent=0";
  $sql = "SELECT ct.ct_name,ct.ct_id,f.f_title,f.f_id FROM ".$GLOBALS['DBprefix']."Category ct, ".$GLOBALS['DBprefix']."Forum f, ".$GLOBALS['DBprefix']."ForumType tp ".
  "LEFT JOIN ".$GLOBALS['DBprefix']."UserAccess ua ON (ua.uid=".$GLOBALS['inuserid']." AND ua.fid=f.f_id) ".
  "WHERE f.f_ctid=ct.ct_id AND f_tpid=tp_id $menusql AND ".
  "f.f_lview<=IFNULL(ua.ua_level,".$GLOBALS['inuserbasic'].") ".
  "ORDER BY ct_sortfield,f_sortfield";
  $res = db_query($sql,$link);
  menu_start();
  while ($fdata=db_fetch_array($res)) {
    if ($fdata['ct_name']!=$oldcat) {
      if ($oldcat) menu_cat_end();
      menu_cat_entry($fdata);
      $oldcat=$fdata['ct_name'];
    }
    menu_entry($fdata);
  }
  menu_cat_end();
  menu_end();
}

function announce() {
  if ($GLOBALS['opt_announce']==2 || ($GLOBALS['opt_announce']==1 && $GLOBALS['module']=="main" && $GLOBALS['action']=="view")) {
    announce_form();
  }
}

function err_handler($errno, $errstr, $errfile, $errline) {
  if ($errno & (E_ALL ^ E_NOTICE)) {
    $errfile = substr($errfile,strrpos($errfile,"/")+1);
    global_error("$errfile (line $errline)"." - ".$errstr);
  }
}

function global_error($errtext) {
  $fh=fopen("config/error.log","a");
  $errtext=str_replace("\r","",$errtext);
  $str="Date: ".date("r",time()).", IP: ". $_SERVER['REMOTE_ADDR'].",".$_SERVER['HTTP_X_FORWARDED_FOR'];
  $str.=", User".$GLOBALS['inuserid']." - ".$GLOBALS['inuser']['u__name'];
  $str.=", Module: ".$GLOBALS['module'].", Action: ".$GLOBALS['action']."\n".$errtext."\n\n";
  fputs($fh,$str);
  fclose($fh); ?>
<html><head><title><?=$opt_title;?></title>
<link rel="stylesheet" href="styles/abstract/abstract.css" type="text/css">
</head>
<body bgcolor="#DCDCDC">
<table border="0" cellspacing="1" class="innertable" align=center border=1 width=90%><tr>
<td class="tablehead">GLOBAL FORUM ERROR: <?=htmlspecialchars($errtext);?></td>
</tr><tr>
<td class="basictable"><ul><li><a href="<?=$_SERVER['HTTP_REFERER'];?>">Goto previous page</a>
<li><a href="index.php">Goto main page</a></li></td>
</tr></table></body></html>
<? exit();
}

function check_point($name) {
  $GLOBALS['checkpoints'][$name]=sprintf("%.4f",gettimedif($GLOBALS['start_time'],microtime()));
}

function list_checks() {
  if (is_array($GLOBALS['checkpoints'])) {
    foreach ($GLOBALS['checkpoints'] as $name=>$value) echo "$name - $value<br>";
  }
}

function gettimedif($start,$stop) {
    list($startusec,$startsec) = explode(" ",$start);
    list($stopusec,$stopsec) = explode(" ",$stop);
    return ($stopsec-$startsec)+($stopusec-$startusec);
}