-
-
Notifications
You must be signed in to change notification settings - Fork 213
/
class2.php
executable file
·2436 lines (1995 loc) · 64.1 KB
/
class2.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?php
/*
* e107 website system
*
* Copyright (C) 2008-2020 e107 Inc (e107.org)
* Released under the terms and conditions of the
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*
* General purpose file
*
* $URL$
* $Id$
*
*/
//
// *** Code sequence for startup ***
// IMPORTANT: These items are in a carefully constructed order. DO NOT REARRANGE
// without checking with experienced devs! Various subtle things WILL break.
//
// A Get the current CPU time so we know how long all of this takes
// B Remove output buffering so we are in control of text sent to user
// C Remove registered globals (SECURITY for all following code)
// D Setup PHP error handling (now we can see php errors ;))
// E Setup other PHP essentials
// F Grab e107_config to get directory paths
// G Retrieve Query from URI (i.e. what are the request parameters?!)
// H Initialize debug handling (NOTE: A-G cannot use debug tools!)
// I: Sanity check to ensure e107_config is ok
// J: MYSQL setup (NOTE: A-I cannot use database!)
// K: Compatibility mode
// L: Retrieve core prefs
// M: Subdomain and language selection
// N: Other misc setups (NOTE: Put most 'random' things here that don't require user session or theme
// O: Start user session
// P: Load theme
// Q: Other setups
/**
* @package e107
*/
//
// A: Honest global beginning point for processing time
//
$eTimingStart = microtime(); // preserve these when destroying globals in step C
if ( function_exists( 'getrusage' ) ) { $eTimingStartCPU = getrusage(); }
$oblev_before_start = ob_get_level();
//
// B: Remove all output buffering
//
if(!isset($_E107) || !is_array($_E107)) { $_E107 = array(); }
if(isset($_E107['cli'], $_SERVER["HTTP_USER_AGENT"]) && !isset($_E107['debug']))
{
exit();
}
if(function_exists('utf8_encode') === false)
{
echo "e107 requires the PHP <a href='http://php.net/manual/en/dom.setup.php'>XML</a> package. Please install it to use e107. ";
exit();
}
if(!isset($_E107['cli']))
{
while (ob_get_length() !== false) // destroy all ouput buffering
{
ob_end_clean();
}
ob_start(); // start our own.
$oblev_at_start = ob_get_level(); // preserve when destroying globals in step C
}
if(!empty($_E107['minimal']))
{
$_E107['no_prunetmp'] = true;
$_E107['no_menus'] = true;
$_E107['no_theme'] = true;
$_E107['no_online'] = true;
$_E107['no_lan'] = true;
$_E107['no_module'] = true;
$_E107['no_maintenance'] = true;
$_E107['no_forceuserupdate'] = true;
$_E107['no_event'] = true;
// $_E107['no_session'] = true;
// $_E107['no_parser'] = true;
$_E107['no_override'] = true;
$_E107['no_log'] = true;
// $_E107['no_autoload'] = true;
}
//
// C: Find out if register globals is enabled and destroy them if so
// Set Absolute file-path of directory containing class2.php
if(!defined('e_ROOT'))
{
$e_ROOT = realpath(__DIR__ . '/');
if ((substr($e_ROOT,-1) !== '/') && (substr($e_ROOT,-1) !== '\\') )
{
$e_ROOT .= DIRECTORY_SEPARATOR; // Should function correctly on both windows and Linux now.
}
define('e_ROOT', $e_ROOT);
unset($e_ROOT);
}
//
// D: Setup PHP error handling
// (Now we can see PHP errors) -- but note that DEBUG is not yet enabled!
//
global $error_handler;
$error_handler = new error_handler();
//
// E: Setup other essential PHP parameters
//
const e107_INIT = true;
// DEPRECATED, use e107::getConfig() and e107::getPlugConfig()
if(isset($retrieve_prefs) && is_array($retrieve_prefs))
{
foreach ($retrieve_prefs as $key => $pref_name)
{
$retrieve_prefs[$key] = preg_replace("/\W/", '', $pref_name);
}
}
else
{
unset($retrieve_prefs);
}
$config = include(e_ROOT.'e107_config.php');
if(!defined('e_POWEREDBY_DISABLE'))
{
define('e_POWEREDBY_DISABLE', false);
}
if(!empty($CLASS2_INCLUDE))
{
require_once(e_ROOT.$CLASS2_INCLUDE);
}
if(empty($HANDLERS_DIRECTORY))
{
$HANDLERS_DIRECTORY = 'e107_handlers/';
}
if(empty($PLUGINS_DIRECTORY))
{
$PLUGINS_DIRECTORY = 'e107_plugins/';
}
//define("MPREFIX", $mySQLprefix); moved to $e107->set_constants()
if(empty($mySQLdefaultdb) && empty($config))
{
// e107_config.php is either empty, not valid or doesn't exist so redirect to installer..
header('Location: install.php');
exit();
}
// Upgrade Compatibility - Disable CL_WIDGETS before e107_class.php is loaded.
$tmpPlugDir = e_ROOT.$PLUGINS_DIRECTORY;
if(is_dir($tmpPlugDir. '/cl_widgets'))
{
rename($tmpPlugDir. '/cl_widgets',$tmpPlugDir. '/cl_widgets__');
}
unset($tmpPlugDir);
//
// clever stuff that figures out where the paths are on the fly.. no more need for hard-coded e_HTTP :)
//
$tmp = e_ROOT.$HANDLERS_DIRECTORY;
//Core functions - now API independent
@require_once($tmp.'/core_functions.php');
e107_require_once($tmp.'/e107_class.php');
unset($tmp);
if(empty($config['paths'])) // old e107_config.php format.
{
$dirNames = ['ADMIN_DIRECTORY', 'FILES_DIRECTORY', 'IMAGES_DIRECTORY', 'THEMES_DIRECTORY', 'PLUGINS_DIRECTORY', 'HANDLERS_DIRECTORY', 'LANGUAGES_DIRECTORY', 'HELP_DIRECTORY', 'DOWNLOADS_DIRECTORY','UPLOADS_DIRECTORY','SYSTEM_DIRECTORY', 'MEDIA_DIRECTORY','CACHE_DIRECTORY','LOGS_DIRECTORY', 'CORE_DIRECTORY', 'WEB_DIRECTORY'];
$e107_paths = [];
foreach ($dirNames as $name)
{
if (isset($$name))
{
$e107_paths[$name] = $$name;
}
}
$legacy_sql_info = compact('mySQLserver', 'mySQLuser', 'mySQLpassword', 'mySQLdefaultdb', 'mySQLprefix');
if(isset($mySQLport))
{
$legacy_sql_info['mySQLport'] = $mySQLport;
}
$sql_info = array_combine(array_map(function($k) {
return str_replace('mySQL', '', $k);
}, array_keys($legacy_sql_info)),
$legacy_sql_info
);
}
else // New e107_config.php format. v2.4+
{
$e107_paths = $config['paths'];
$sql_info = $config['database'];
$E107_CONFIG = $config['other'] ?? [];
unset($config);
}
$e107 = e107::getInstance()->initCore($e107_paths, e_ROOT, $sql_info, varset($E107_CONFIG, array()));
e107::getSingleton('eIPHandler'); // This auto-handles bans etc
unset($dirPaths,$e107_paths);
/**
* NEW - system security levels
* Could be overridden by e107_config.php OR $CLASS2_INCLUDE script (if not set earlier)
*
* 0 disabled
* 5 safe mode (balanced)
* 7 high
* 9 paranoid
* 10 insane
* for more detailed info see e_session SECURITY_LEVEL_* constants
* default is e_session::SECURITY_LEVEL_BALANCED (5)
*/
if(!defined('e_SECURITY_LEVEL'))
{
require_once(e_HANDLER.'session_handler.php');
define('e_SECURITY_LEVEL', e_session::SECURITY_LEVEL_BALANCED);
}
//
// Start the parser; use it to grab the full query string
//
if(!isset($_E107['no_parser']))
{
$tp = e107::getParser(); //TODO - find & replace $tp, $e107->tp
}
//
// H: Initialize debug handling
// (NO E107 DEBUG CONSTANTS OR CODE ARE AVAILABLE BEFORE THIS POINT)
// All debug objects and constants are defined in the debug handler
// i.e. from here on you can use E107_DEBUG_LEVEL or any
// E107_DBG_* constant for debug testing.
//
require_once(e_HANDLER.'debug_handler.php');
e107_debug::init(); // defines E107_DEBUG_LEVEL
/** @var e107_db_debug $dbg */
$dbg = e107::getDebug();
if(E107_DEBUG_LEVEL)
{
$dbg->active(true);
/** @deprecated $db_debug */
$db_debug = $dbg;
$dbg->logTime('Init ErrHandler');
}
//
// J: MYSQL INITIALIZATION
//
e107::getSingleton('e107_traffic'); // We start traffic counting ASAP
//$eTraffic->Calibrate($eTraffic);
//DEPRECATED, BC, $e107->sql caught by __get()
/** @var e_db $sql */
$sql = e107::getDb(); //TODO - find & replace $sql, $e107->sql
$sql->db_SetErrorReporting(false);
$dbg->logTime('SQL Connect');
$merror=$sql->db_Connect($sql_info['server'], $sql_info['user'], $sql_info['password'], $sql_info['defaultdb']);
unset($sql_info);
// create after the initial connection.
//DEPRECATED, BC, call the method only when needed
$sql2 = e107::getDb('sql2'); //TODO find & replace all $sql2 calls
//DEPRECATED, BC, call the method only when needed, $e107->admin_log caught by __get()
if(!isset($_E107['no_log']))
{
$admin_log = e107::getLog(); //TODO - find & replace $admin_log, $e107->admin_log
}
if($merror === 'e1')
{
message_handler('CRITICAL_ERROR', 6, ': generic, ', 'class2.php');
exit;
}
if ($merror === 'e2')
{
message_handler("CRITICAL_ERROR", 7, ': generic, ', 'class2.php');
exit;
}
//
// K: Load compatability mode.
//
/* PHP Compatabilty should *always* be on. */
$dbg->logTime('Php compatibility handler');
e107_require_once(e_HANDLER.'php_compatibility_handler.php');
// SITEURL constant depends on the database
// See https://github.com/e107inc/e107/issues/3033 for details.
$dbg->logTime('Set urlsdeferred');
$e107->set_urls_deferred();
//
// L: Extract core prefs from the database
//
// TODO - remove it from here, auto-loaded when required
$dbg->logTime('Load Cache Handler');
e107_require_once(e_HANDLER.'cache_handler.php');
//DEPRECATED, BC, call the method only when needed, $e107->arrayStorage caught by __get()
$dbg->logTime('Load Array Storage Handler');
e107_require_once(e_HANDLER.'arraystorage_class.php'); // ArrayData(); BC Fix only.
$eArrayStorage = e107::getArrayStorage(); //TODO - find & replace $eArrayStorage with e107::getArrayStorage();
//DEPRECATED, BC, call the method only when needed, $e107->e_event caught by __get()
$dbg->logTime('Load Event Handler');
if(!isset($_E107['no_event']))
{
$e_event = e107::getEvent(); //TODO - find & replace $e_event, $e107->e_event
}
$dbg->logTime('Load Core Prefs');
// Check core preferences
//FIXME - message_handler is dying after message_handler(CRITICAL_ERROR) call
e107::getConfig()->load(); // extra load, required if mysql handler already called e107::getConfig()
if(!e107::getConfig()->hasData())
{
// Core prefs error - admin log
e107::getLog()->add('CORE_LAN8', 'CORE_LAN7', E_LOG_WARNING);
// Try for the automatic backup..
if(e107::getConfig('core_backup')->hasData())
{
// auto backup found, use backup to restore the core
e107::getConfig()->loadData(e107::getConfig('core_backup')->getPref(), false)
->save(false, true);
message_handler('CRITICAL_ERROR', 3, __LINE__, __FILE__);
}
else
{
// No auto backup, try for the 'old' prefs system.
if(!e107::getConfig('core_old')->hasData())
{
// Core could not restore from automatic backup. Execution halted.
e107::getLog()->add('CORE_LAN8', 'CORE_LAN9', E_LOG_FATAL);
message_handler('CRITICAL_ERROR', 3, __LINE__, __FILE__);
// No old system, so point in the direction of resetcore :(
message_handler('CRITICAL_ERROR', 4, __LINE__, __FILE__); //this will never appear till message_handler() is fixed
exit;
}
// resurrect core from old prefs
e107::getConfig()->loadData(e107::getConfig('core_old')->getPref(), false)
->save(false, true);
// resurrect core_backup from old prefs
e107::getConfig('core_backup')->loadData(e107::getConfig('core_old')->getPref(), false)
->save(false, true);
}
}
$pref = e107::getPref(); // include pref class.
// e107_require_once(e_HANDLER. 'pref_class.php');
// TODO - DEPRECATED - remove
$sysprefs = new prefs;
//DEPRECATED, BC, call e107::getPref/findPref() instead
//DEPRECATED, BC, call e107::getConfig('menu')->get('pref_name') only when needed
if(!isset($_E107['no_menus']))
{
$dbg->logTime('Load Menu Prefs');
$menu_pref = e107::getConfig('menu')->getPref(); //extract menu prefs
}
// NEW - force ssl
if(empty($_E107['cli']) && e107::getPref('ssl_enabled') && !deftrue('e_SSL_DISABLE') )
{
// NOTE: e_SSL_DISABLE check is here to help webmasters fix 'ssl_enabled'
// if set by accident on site with no SSL support - just define it in e107_config.php
if(strncmp(e_REQUEST_URL, 'http://', 7) === 0)
{
// e_REQUEST_URL and e_REQUEST_URI introduced
$url = 'https://'.substr(e_REQUEST_URL, 7);
e107::redirect($url);
exit;
}
}
// $dbg->logTime('(Extracting Core Prefs Done)');
if(!isset($_E107['no_lan']))
{
$dbg->logTime('Init Language and detect changes');
$lng = e107::getLanguage(); // required for v1.0 BC.
$lng->detect();
}
else
{
define('e_LAN', 'en');
}
//
// M: Subdomain and Language Selection
//
// if a cookie name pref isn't set, make one :)
// e_COOKIE used as unique session cookie name now (see session handler)
if (!$pref['cookie_name']) { $pref['cookie_name'] = 'e107cookie'; }
define('e_COOKIE', $pref['cookie_name']);
// MOVED TO $e107->set_urls()
//define('SITEURLBASE', ($pref['ssl_enabled'] == '1' ? 'https://' : 'http://').$_SERVER['HTTP_HOST']);
//define('SITEURL', SITEURLBASE.e_HTTP);
// if the option to force users to use a particular url for the site is enabled, redirect users there as needed
// Now matches RFC 2616 (sec 3.2): case insensitive, https/:443 and http/:80 are equivalent.
// And, this is robust against hack attacks. Malignant users can put **anything** in HTTP_HOST!
if(!empty($pref['redirectsiteurl']) && !empty($pref['siteurl'])) {
if(isset($pref['multilanguage_subdomain']) && $pref['multilanguage_subdomain'])
{
if(substr(e_REQUEST_URL, 7, 4) === 'www.' || substr(e_REQUEST_URL, 8, 4) === 'www.')
{
$self = e_REQUEST_URL;
//if(e_QUERY){ $self .= '?'.e_QUERY; }
$location = str_replace('://www.', '://', $self);
if(defined('e_DEBUG') && e_DEBUG === true)
{
echo 'Redirecting to location: ' .$location;
}
e107::getRedirect()->go($location,true,301);
// header("Location: {$location}", true, 301); // send 301 header, not 302
exit();
}
}
elseif(deftrue('e_DOMAIN'))
{
// Find domain and port from user and from pref
list($urlbase,$urlport) = explode(':',$_SERVER['HTTP_HOST'].':');
if(!$urlport)
{
$urlport = (int) $_SERVER['SERVER_PORT'];
}
if(!$urlport)
{
$urlport = 80;
}
$aPrefURL = explode('/',$pref['siteurl'],4);
if (count($aPrefURL) > 2) // we can do this -- there's at least http[s]://dom.ain/whatever
{
$PrefRoot = $aPrefURL[2];
list($PrefSiteBase,$PrefSitePort) = explode(':',$PrefRoot.':');
if (!$PrefSitePort)
{
$PrefSitePort = ( $aPrefURL[0] === 'https:' ) ? 443 : 80; // no port so set port based on 'scheme'
}
// Redirect only if
// -- ports do not match (http <==> https)
// -- base domain does not match (case-insensitive)
// -- NOT admin area
if (($urlport !== $PrefSitePort || stripos($PrefSiteBase, $urlbase) === false) && strpos(e_REQUEST_SELF, ADMINDIR) === false)
{
$aeSELF = explode('/', e_REQUEST_SELF, 4);
$aeSELF[0] = $aPrefURL[0]; // Swap in correct type of query (http, https)
$aeSELF[1] = ''; // Defensive code: ensure http:// not http:/<garbage>/
$aeSELF[2] = $aPrefURL[2]; // Swap in correct domain and possibly port
$location = implode('/',$aeSELF).($_SERVER['QUERY_STRING'] ? '?'.$_SERVER['QUERY_STRING'] : '');
$location = filter_var($location, FILTER_SANITIZE_URL);
//
// header("Location: {$location}", true, 301); // send 301 header, not 302
if(defined('e_DEBUG') && e_DEBUG === true)
{
echo "DEBUG INFO: site-redirect preference enabled.<br />Redirecting to: <a hre='".$location."'>".$location. '</a>';
echo '<br />e_DOMAIN: ' .e_DOMAIN;
echo '<br />e_SUBDOMAIN: ' .e_SUBDOMAIN;
}
else
{
e107::getRedirect()->go($location,true,301);
}
exit();
}
}
}
}
/**
* Set the User's Language
*/
// SESSION Needs to be started after:
// - Site preferences are available
// - Language detection (because of session.cookie_domain)
// to avoid multi-language 'access-denied' issues.
//session_start(); see e107::getSession() above
if(!isset($_E107['no_session']) && !isset($_E107['no_lan']))
{
$dbg->logTime('Load Session Handler');
e107::getSession(); //init core _SESSION - actually here for reference only, it's done by language handler set() method
$dbg->logTime('Set User Language Session');
e107::getLanguage()->set(); // set e_LANGUAGE, USERLAN, Language Session / Cookies etc. requires $pref;
}
else
{
define('e_LANGUAGE', 'English');
}
if(!empty($pref['multilanguage']) && (e_LANGUAGE !== $pref['sitelanguage']))
{
$sql->mySQLlanguage = e_LANGUAGE;
$sql2->mySQLlanguage = e_LANGUAGE;
}
//do it only once and with the proper function
// e107_include_once(e_LANGUAGEDIR.e_LANGUAGE.'/'.e_LANGUAGE.'.php');
// e107_include_once(e_LANGUAGEDIR.e_LANGUAGE.'/'.e_LANGUAGE.'_custom.php');
// v1 Custom language File Path.
if(!isset($_E107['no_lan']))
{
$dbg->logTime('Include Global Core Language Files');
if((e_ADMIN_AREA === true) && !empty($pref['adminlanguage']))
{
include(e_LANGUAGEDIR.$pref['adminlanguage'].'/'.$pref['adminlanguage'].'.php');
}
else
{
include(e_LANGUAGEDIR.e_LANGUAGE.'/'.e_LANGUAGE.'.php'); // FASTEST - ALWAYS load
}
$customLan = e_LANGUAGEDIR.e_LANGUAGE.'/'.e_LANGUAGE.'_custom.php';
if(is_readable($customLan)) // FASTER - if exist, should be done 'once' by the core
{
include($customLan);
}
// v2 Custom language File Path.
$customLan2 = e_SYSTEM.'/lans/'.e_LANGUAGE.'_custom.php';
if(is_readable($customLan2)) // FASTER - if exist, should be done 'once' by the core
{
include($customLan2);
}
unset($customLan, $customLan2);
$lng->bcDefs(); // defined v1.x definitions for old templates.
$dbg->logTime('Include Global Plugin Language Files');
if(isset($pref['lan_global_list']))
{
foreach($pref['lan_global_list'] as $path)
{
if(e107::plugLan($path, 'global', true) === false)
{
e107::plugLan($path, 'global');
}
}
}
}
if(!isset($_E107['no_session']))
{
$dbg->logTime('CHAP challenge');
$die = e_AJAX_REQUEST !== true;
e107::getSession()
->challenge() // Make sure there is a unique challenge string for CHAP login
->check($die); // Token protection
unset($die);
}
//
// N: misc setups: online user tracking, cache
//
$dbg->logTime('Misc resources. Online user tracking, cache');
/**
* @deprecated BC, call the method only when needed, $e107->ecache caught by __get()
*/
$e107cache = e107::getCache(); //TODO - find & replace $e107cache, $e107->ecache
//DEPRECATED, BC, call the method only when needed, $e107->override caught by __get()
if(!isset($_E107['no_override']))
{
$override = e107::getSingleton('override');
}
//DEPRECATED, BC, call the method only when needed, $e107->user_class caught by __get()
if(!isset($_E107['no_session']))
{
$e_userclass = e107::getUserClass(); //TODO - find & replace $e_userclass, $e107->user_class
}
if(!isset($_E107['no_event']))
{
$dbg->logTime('Init Event Handler');
e107::getEvent()->init();
$dbg->logTime('Register Core Events');
e107::getNotify()->registerEvents();
}
if(!defined('SITENAME')) // Allow override by English_custom.php or English_global.php plugin files.
{
define('SITENAME', trim($tp->toHTML($pref['sitename'], '', 'USER_TITLE,er_on,defs')));
}
//
// O: Start user session
//
if(!isset($_E107['no_session']))
{
$dbg->logTime('User session');
init_session(); // Set up a lot of the user-related constants
}
else
{
define('ADMIN', false);
define('USER', true);
define('USERCLASS_LIST', '0');
}
$developerMode = (vartrue($pref['developer'],false) || E107_DEBUG_LEVEL > 0);
// for multi-language these definitions needs to come after the language loaded.
if(!defined('SITEDESCRIPTION')) // Allow override by English_custom.php or English_global.php plugin files.
{
define('SITEDESCRIPTION', $tp->toHTML($pref['sitedescription'], '', 'emotes_off,defs'));
}
define('SITEBUTTON', $tp->replaceConstants($pref['sitebutton'],'abs'));
define('SITETAG', $tp->toHTML($pref['sitetag'], false, 'emotes_off,defs'));
define('SITEADMIN', $pref['siteadmin']);
define('SITEADMINEMAIL', $pref['siteadminemail']);
define('SITEDISCLAIMER', $tp->toHTML($pref['sitedisclaimer'], '', 'emotes_off,defs'));
define('SITECONTACTINFO', (!empty($pref['sitecontactinfo']) ? $tp->toHTML($pref['sitecontactinfo'], true, 'emotes_off,defs') : ''));
define('SITEEMAIL', vartrue($pref['replyto_email'],$pref['siteadminemail']));
define('USER_REGISTRATION', vartrue($pref['user_reg'],false)); // User Registration System Active or Not.
define('e_DEVELOPER', $developerMode);
define('e_VERSION', varset($pref['version']));
unset($developerMode);
if(!empty($pref['xurl']) && is_array($pref['xurl']))
{
define('XURL_FACEBOOK', vartrue($pref['xurl']['facebook'], false));
define('XURL_TWITTER', vartrue($pref['xurl']['twitter'], false));
define('XURL_YOUTUBE', vartrue($pref['xurl']['youtube'], false));
define('XURL_GOOGLE', vartrue($pref['xurl']['google'], false));
define('XURL_LINKEDIN', vartrue($pref['xurl']['linkedin'], false));
define('XURL_GITHUB', vartrue($pref['xurl']['github'], false));
define('XURL_FLICKR', vartrue($pref['xurl']['flickr'], false));
define('XURL_INSTAGRAM', vartrue($pref['xurl']['instagram'], false));
define('XURL_PINTEREST', vartrue($pref['xurl']['pinterest'], false));
define('XURL_STEAM', vartrue($pref['xurl']['steam'], false));
define('XURL_VIMEO', vartrue($pref['xurl']['vimeo'], false));
define('XURL_TWITCH', vartrue($pref['xurl']['twitch'], false));
define('XURL_VK', vartrue($pref['xurl']['vk'], false));
}
else
{
define('XURL_FACEBOOK',false);
define('XURL_TWITTER', false);
define('XURL_YOUTUBE', false);
define('XURL_GOOGLE', false);
define('XURL_LINKEDIN', false);
define('XURL_GITHUB', false);
define('XURL_FLICKR', false);
define('XURL_INSTAGRAM', false);
define('XURL_PINTEREST', false);
define('XURL_STEAM', false);
define('XURL_VIMEO', false);
define('XURL_TWITCH', false);
define('XURL_VK', false);
}
if(!defined('MAIL_IDENTIFIER'))
{
define('MAIL_IDENTIFIER', 'X-e107-id');
}
/* Withdrawn 0.8
// legacy module.php file loading.
if (isset($pref['modules']) && $pref['modules']) {
$mods=explode(",", $pref['modules']);
foreach ($mods as $mod) {
if (is_readable(e_PLUGIN."{$mod}/module.php")) {
require_once(e_PLUGIN."{$mod}/module.php");
}
}
}
*/
$dbg->logTime('Load Plugin Modules');
$js_body_onload = array(); // Initialise this array in case a module wants to add to it
// Load e_modules after all the constants, but before the themes, so they can be put to use.
if(!isset($_E107['no_module']))
{
if(isset($pref['e_module_list']) && $pref['e_module_list'])
{
foreach ($pref['e_module_list'] as $mod)
{
if (is_readable(e_PLUGIN."{$mod}/e_module.php"))
{
$dbg->logTime('[e_module in '.$mod.']');
require_once(e_PLUGIN."{$mod}/e_module.php");
}
}
}
}
//
// P: THEME LOADING
//
if(!defined('USERTHEME') && !isset($_E107['no_theme']))
{
$dbg->logTime('Load Theme');
$userSiteTheme = e107::getUser()->getPref('sitetheme');
if (
empty($userSiteTheme) ||
(defined('e_MENUMANAGER_ACTIVE') && e_MENUMANAGER_ACTIVE === true) ||
!file_exists(e_THEME.$userSiteTheme. '/theme.php')
)
$userSiteTheme = false;
define('USERTHEME', $userSiteTheme);
}
//
// Q: ALL OTHER SETUP CODE
//
$dbg->logTime('Misc Setup');
//------------------------------------------------------------------------------------------------------------------------------------//
if(!isset($_E107['no_theme']))
{
$ns = e107::getRender(); // load theme render class.
if (!class_exists('e107table', false)) // BC Fix.
{
class e107table extends e_render
{
}
}
}
// EONE-134 - bad e_module could destroy e107 instance
$e107 = e107::getInstance(); // Is this needed now?
$dbg->logTime('IP Handler and Ban Check');
e107::getIPHandler()->ban();
if(USER && !isset($_E107['no_forceuserupdate']) && $_SERVER['QUERY_STRING'] !== 'logout' && varset($pref['force_userupdate']))
{
if(isset($currentUser) && force_userupdate($currentUser))
{
header('Location: '.SITEURL.'usersettings.php?update');
exit();
}
}
$dbg->logTime('Signup/splash/admin');
if(($pref['membersonly_enabled'] && !isset($_E107['allow_guest'])) || ($pref['maintainance_flag'] && empty($_E107['cli']) && empty($_E107['no_maintenance'])))
{
//XXX move force_userupdate() also?
e107::getRedirect()->checkMaintenance();
e107::getRedirect()->checkMembersOnly();
}
// ------------------------------------------------------------------------
if(!isset($_E107['no_prunetmp']))
{
$sql->delete('tmp', 'tmp_time < '.(time() - 300)." AND tmp_ip!='data' AND tmp_ip!='submitted_link'");
}
$dbg->logTime('Login/logout/ban/tz');
if (isset($_POST['userlogin']) || isset($_POST['userlogin_x']))
{
e107::getUser()->login($_POST['username'], $_POST['userpass'], $_POST['autologin'], varset($_POST['hashchallenge']), false);
// e107_require_once(e_HANDLER.'login.php');
// $usr = new userlogin($_POST['username'], $_POST['userpass'], $_POST['autologin'], varset($_POST['hashchallenge'],''));
}
// $_SESSION['ubrowser'] check not needed anymore - see session handler
// e_QUERY not defined in single entry mod
if (($_SERVER['QUERY_STRING'] === 'logout')/* || (($pref['user_tracking'] == 'session') && isset($_SESSION['ubrowser']) && ($_SESSION['ubrowser'] != $ubrowser))*/)
{
if (USER)
{
if (check_class(varset($pref['user_audit_class']))) // Need to note in user audit trail
{
e107::getLog()->user_audit(USER_AUDIT_LOGOUT, null, USERID, USERNAME);
}
}
// $ip = e107::getIPHandler()->getIP(false); Appears to not be used, so removed
$udata = (USER === true ? USERID.'.'.USERNAME : '0');
// TODO - should be done inside online handler, more core areas need it (session handler for example)
if (isset($pref['track_online']) && $pref['track_online'])
{
$sql->update('online', "online_user_id = 0, online_pagecount=online_pagecount+1 WHERE online_user_id = '{$udata}'");
}
// earlier event trigger with user data still available
e107::getEvent()->trigger('logout');
$go = e107::getRedirect();
$prev = $go->getPreviousUrl();
// first model logout and session destroy..
e107::getUser()->logout();
// it might be removed soon
if ($pref['user_tracking'] === 'session')
{
session_destroy();
$_SESSION[e_COOKIE]='';
// @TODO: Need to destroy the session cookie as well (not done by session_destroy()
}
cookie(e_COOKIE, '', (time() - 2592000));
if($prev) // allow scripts to set the logged out URL via setPreviousUrl()
{
$go->redirect($prev);
}
else
{
$go->redirect(SITEURL);
}
exit();
}
/**
* @addtogroup timezone
* @{
*/
/**
* Generate an array of time zones.
*
* @return array
* Array of time zones.
*/
function systemTimeZones()
{
// Never do something time consuming twice if you can hold onto the results
// and re-use them. So we re-use the statically cached value to save time
// and memory.
static $zones = array();
// If Timezone list is not populated yet.
if(empty($zones))
{
$zonelist = timezone_identifiers_list();
$timeNow = date('m/d/Y H:i', $_SERVER['REQUEST_TIME']);
/*
$zonelist = DateTimeZone::listIdentifiers(
DateTimeZone::AFRICA |
DateTimeZone::AMERICA |
DateTimeZone::ANTARCTICA |
DateTimeZone::ASIA |
DateTimeZone::ATLANTIC |
DateTimeZone::AUSTRALIA |
DateTimeZone::EUROPE |
DateTimeZone::INDIAN |
DateTimeZone::PACIFIC |
DateTimeZone::UTC
);*/
foreach($zonelist as $zone)
{
// Because many time zones exist in PHP only for backward compatibility
// reasons and should not be used, the list is filtered by a regular
// expression.
if(preg_match('!^((Africa|America|Antarctica|Arctic|Asia|Atlantic|Australia|Europe|Indian|Pacific)/|UTC$)!', $zone))
{
$dateTimeZone = new DateTimeZone($zone);
$dateTime = new DateTime($timeNow, $dateTimeZone);
$offset = $dateTime->format('O');
$offset = chunk_split($offset, 3, ':');
$zones[$zone] = str_replace('_', ' ', $zone) . ' (' . rtrim($offset, ':') . ')';
}
}
// Sort time zones alphabetically.
asort($zones);
}
return $zones;
}
/**
* Validate a timezone.
*
* @param string $zone
* Timezone.
*
* @return bool
*/
function systemTimeZoneIsValid($zone = '')
{
$zones = systemTimeZones();
$zoneKeys = array_keys($zones);
if(in_array($zone, $zoneKeys, true))
{
return true;
}
return false;
}
$e_deltaTime = 0;
if (isset($_COOKIE['e107_tdOffset']))
{
// Actual seconds of delay. See e107.js and footer_default.php
$e_deltaTime = (15*floor(((int) $_COOKIE['e107_tdOffset'] /60)/15))*60; // Delay in seconds rounded to the lowest quarter hour
}
if (isset($_COOKIE['e107_tzOffset']))
{
// Relative client-to-server time zone offset in seconds.
$e_deltaTime += (-((int)$_COOKIE['e107_tzOffset'] * 60 + date('Z')));
}
define('TIMEOFFSET', $e_deltaTime);
/**
* @} End of "addtogroup timezone".
*/
// ----------------------------------------------------------------------------