[ Index ]

PHP Cross Reference of MyBB 1.8.21

title

Body

[close]

/inc/ -> class_core.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  class MyBB {
  12      /**
  13       * The friendly version number of MyBB we're running.
  14       *
  15       * @var string
  16       */
  17      public $version = "1.8.21";
  18  
  19      /**
  20       * The version code of MyBB we're running.
  21       *
  22       * @var integer
  23       */
  24      public $version_code = 1821;
  25  
  26      /**
  27       * The current working directory.
  28       *
  29       * @var string
  30       */
  31      public $cwd = ".";
  32  
  33      /**
  34       * Input variables received from the outer world.
  35       *
  36       * @var array
  37       */
  38      public $input = array();
  39  
  40      /**
  41       * Cookie variables received from the outer world.
  42       *
  43       * @var array
  44       */
  45      public $cookies = array();
  46  
  47      /**
  48       * Information about the current user.
  49       *
  50       * @var array
  51       */
  52      public $user = array();
  53  
  54      /**
  55       * Information about the current usergroup.
  56       *
  57       * @var array
  58       */
  59      public $usergroup = array();
  60  
  61      /**
  62       * MyBB settings.
  63       *
  64       * @var array
  65       */
  66      public $settings = array();
  67  
  68      /**
  69       * Whether or not magic quotes are enabled.
  70       *
  71       * @var int
  72       */
  73      public $magicquotes = 0;
  74  
  75      /**
  76       * Whether or not MyBB supports SEO URLs
  77       *
  78       * @var boolean
  79       */
  80      public $seo_support = false;
  81  
  82      /**
  83       * MyBB configuration.
  84       *
  85       * @var array
  86       */
  87      public $config = array();
  88  
  89      /**
  90       * The request method that called this page.
  91       *
  92       * @var string
  93       */
  94      public $request_method = "";
  95  
  96      /**
  97       * Whether or not PHP's safe_mode is enabled
  98       *
  99       * @var boolean
 100       */
 101      public $safemode = false;
 102  
 103      /**
 104       * Loads templates directly from the master theme and disables the installer locked error
 105       *
 106       * @var boolean
 107       */
 108      public $dev_mode = false;
 109  
 110      /**
 111       * Variables that need to be clean.
 112       *
 113       * @var array
 114       */
 115      public $clean_variables = array(
 116          "int" => array(
 117              "tid", "pid", "uid",
 118              "eid", "pmid", "fid",
 119              "aid", "rid", "sid",
 120              "vid", "cid", "bid",
 121              "hid", "gid", "mid",
 122              "wid", "lid", "iid",
 123              "did", "qid", "id"
 124          ),
 125          "pos" => array(
 126              "page", "perpage"
 127          ),
 128          "a-z" => array(
 129              "sortby", "order"
 130          )
 131      );
 132  
 133      /**
 134       * Variables that are to be ignored from cleansing process
 135       *
 136       * @var array
 137       */
 138      public $ignore_clean_variables = array();
 139  
 140      /**
 141       * Using built in shutdown functionality provided by register_shutdown_function for < PHP 5?
 142       *
 143       * @var bool
 144       */
 145      public $use_shutdown = true;
 146  
 147      /**
 148       * Debug mode?
 149       *
 150       * @var bool
 151       */
 152      public $debug_mode = false;
 153  
 154      /**
 155       * Binary database fields need to be handled differently
 156       *
 157       * @var array
 158       */
 159      public $binary_fields = array(
 160          'adminlog' => array('ipaddress' => true),
 161          'adminsessions' => array('ip' => true),
 162          'maillogs' => array('ipaddress' => true),
 163          'moderatorlog' => array('ipaddress' => true),
 164          'pollvotes' => array('ipaddress' => true),
 165          'posts' => array('ipaddress' => true),
 166          'privatemessages' => array('ipaddress' => true),
 167          'searchlog' => array('ipaddress' => true),
 168          'sessions' => array('ip' => true),
 169          'threadratings' => array('ipaddress' => true),
 170          'users' => array('regip' => true, 'lastip' => true),
 171          'spamlog' => array('ipaddress' => true),
 172      );
 173  
 174      /**
 175       * The cache instance to use.
 176       *
 177       * @var datacache
 178       */
 179      public $cache;
 180  
 181      /**
 182       * The base URL to assets.
 183       *
 184       * @var string
 185       */
 186      public $asset_url = null;
 187      /**
 188       * String input constant for use with get_input().
 189       *
 190       * @see get_input
 191       */
 192      const INPUT_STRING = 0;
 193      /**
 194       * Integer input constant for use with get_input().
 195       *
 196       * @see get_input
 197       */
 198      const INPUT_INT = 1;
 199      /**
 200       * Array input constant for use with get_input().
 201       *
 202       * @see get_input
 203       */
 204      const INPUT_ARRAY = 2;
 205      /**
 206       * Float input constant for use with get_input().
 207       *
 208       * @see get_input
 209       */
 210      const INPUT_FLOAT = 3;
 211      /**
 212       * Boolean input constant for use with get_input().
 213       *
 214       * @see get_input
 215       */
 216      const INPUT_BOOL = 4;
 217  
 218      /**
 219       * Constructor of class.
 220       */
 221  	function __construct()
 222      {
 223          // Set up MyBB
 224          $protected = array("_GET", "_POST", "_SERVER", "_COOKIE", "_FILES", "_ENV", "GLOBALS");
 225          foreach($protected as $var)
 226          {
 227              if(isset($_POST[$var]) || isset($_GET[$var]) || isset($_COOKIE[$var]) || isset($_FILES[$var]))
 228              {
 229                  die("Hacking attempt");
 230              }
 231          }
 232  
 233          if(defined("IGNORE_CLEAN_VARS"))
 234          {
 235              if(!is_array(IGNORE_CLEAN_VARS))
 236              {
 237                  $this->ignore_clean_variables = array(IGNORE_CLEAN_VARS);
 238              }
 239              else
 240              {
 241                  $this->ignore_clean_variables = IGNORE_CLEAN_VARS;
 242              }
 243          }
 244  
 245          // Determine Magic Quotes Status (< PHP 6.0)
 246          if(version_compare(PHP_VERSION, '6.0', '<'))
 247          {
 248              if(@get_magic_quotes_gpc())
 249              {
 250                  $this->magicquotes = 1;
 251                  $this->strip_slashes_array($_POST);
 252                  $this->strip_slashes_array($_GET);
 253                  $this->strip_slashes_array($_COOKIE);
 254              }
 255              @set_magic_quotes_runtime(0);
 256              @ini_set("magic_quotes_gpc", 0);
 257              @ini_set("magic_quotes_runtime", 0);
 258          }
 259  
 260          // Determine input
 261          $this->parse_incoming($_GET);
 262          $this->parse_incoming($_POST);
 263  
 264          if($_SERVER['REQUEST_METHOD'] == "POST")
 265          {
 266              $this->request_method = "post";
 267          }
 268          else if($_SERVER['REQUEST_METHOD'] == "GET")
 269          {
 270              $this->request_method = "get";
 271          }
 272  
 273          // If we've got register globals on, then kill them too
 274          if(@ini_get("register_globals") == 1)
 275          {
 276              $this->unset_globals($_POST);
 277              $this->unset_globals($_GET);
 278              $this->unset_globals($_FILES);
 279              $this->unset_globals($_COOKIE);
 280          }
 281          $this->clean_input();
 282  
 283          $safe_mode_status = @ini_get("safe_mode");
 284          if($safe_mode_status == 1 || strtolower($safe_mode_status) == 'on')
 285          {
 286              $this->safemode = true;
 287          }
 288  
 289          // Are we running on a development server?
 290          if(isset($_SERVER['MYBB_DEV_MODE']) && $_SERVER['MYBB_DEV_MODE'] == 1)
 291          {
 292              $this->dev_mode = 1;
 293          }
 294  
 295          // Are we running in debug mode?
 296          if(isset($this->input['debug']) && $this->input['debug'] == 1)
 297          {
 298              $this->debug_mode = true;
 299          }
 300  
 301          if(isset($this->input['action']) && $this->input['action'] == "mybb_logo")
 302          {
 303              require_once dirname(__FILE__)."/mybb_group.php";
 304              output_logo();
 305          }
 306  
 307          if(isset($this->input['intcheck']) && $this->input['intcheck'] == 1)
 308          {
 309              die("&#077;&#089;&#066;&#066;");
 310          }
 311      }
 312  
 313      /**
 314       * Parses the incoming variables.
 315       *
 316       * @param array $array The array of incoming variables.
 317       */
 318  	function parse_incoming($array)
 319      {
 320          if(!is_array($array))
 321          {
 322              return;
 323          }
 324  
 325          foreach($array as $key => $val)
 326          {
 327              $this->input[$key] = $val;
 328          }
 329      }
 330  
 331      /**
 332       * Parses the incoming cookies
 333       *
 334       */
 335  	function parse_cookies()
 336      {
 337          if(!is_array($_COOKIE))
 338          {
 339              return;
 340          }
 341  
 342          $prefix_length = strlen($this->settings['cookieprefix']);
 343  
 344          foreach($_COOKIE as $key => $val)
 345          {
 346              if($prefix_length && substr($key, 0, $prefix_length) == $this->settings['cookieprefix'])
 347              {
 348                  $key = substr($key, $prefix_length);
 349  
 350                  // Fixes conflicts with one board having a prefix and another that doesn't on the same domain
 351                  // Gives priority to our cookies over others (overwrites them)
 352                  if($this->cookies[$key])
 353                  {
 354                      unset($this->cookies[$key]);
 355                  }
 356              }
 357  
 358              if(empty($this->cookies[$key]))
 359              {
 360                  $this->cookies[$key] = $val;
 361              }
 362          }
 363      }
 364  
 365      /**
 366       * Strips slashes out of a given array.
 367       *
 368       * @param array $array The array to strip.
 369       */
 370  	function strip_slashes_array(&$array)
 371      {
 372          foreach($array as $key => $val)
 373          {
 374              if(is_array($array[$key]))
 375              {
 376                  $this->strip_slashes_array($array[$key]);
 377              }
 378              else
 379              {
 380                  $array[$key] = stripslashes($array[$key]);
 381              }
 382          }
 383      }
 384  
 385      /**
 386       * Unsets globals from a specific array.
 387       *
 388       * @param array $array The array to unset from.
 389       */
 390  	function unset_globals($array)
 391      {
 392          if(!is_array($array))
 393          {
 394              return;
 395          }
 396  
 397          foreach(array_keys($array) as $key)
 398          {
 399              unset($GLOBALS[$key]);
 400              unset($GLOBALS[$key]); // Double unset to circumvent the zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4
 401          }
 402      }
 403  
 404      /**
 405       * Cleans predefined input variables.
 406       *
 407       */
 408  	function clean_input()
 409      {
 410          foreach($this->clean_variables as $type => $variables)
 411          {
 412              foreach($variables as $var)
 413              {
 414                  // If this variable is in the ignored array, skip and move to next.
 415                  if(in_array($var, $this->ignore_clean_variables))
 416                  {
 417                      continue;
 418                  }
 419  
 420                  if(isset($this->input[$var]))
 421                  {
 422                      switch($type)
 423                      {
 424                          case "int":
 425                              $this->input[$var] = $this->get_input($var, MyBB::INPUT_INT);
 426                              break;
 427                          case "a-z":
 428                              $this->input[$var] = preg_replace("#[^a-z\.\-_]#i", "", $this->get_input($var));
 429                              break;
 430                          case "pos":
 431                              if(($this->input[$var] < 0 && $var != "page") || ($var == "page" && $this->input[$var] != "last" && $this->input[$var] < 0))
 432                                  $this->input[$var] = 0;
 433                              break;
 434                      }
 435                  }
 436              }
 437          }
 438      }
 439  
 440      /**
 441       * Checks the input data type before usage.
 442       *
 443       * @param string $name Variable name ($mybb->input)
 444       * @param int $type The type of the variable to get. Should be one of MyBB::INPUT_INT, MyBB::INPUT_ARRAY or MyBB::INPUT_STRING.
 445       *
 446       * @return int|float|array|string Checked data. Type depending on $type
 447       */
 448  	function get_input($name, $type = MyBB::INPUT_STRING)
 449      {
 450          switch($type)
 451          {
 452              case MyBB::INPUT_ARRAY:
 453                  if(!isset($this->input[$name]) || !is_array($this->input[$name]))
 454                  {
 455                      return array();
 456                  }
 457                  return $this->input[$name];
 458              case MyBB::INPUT_INT:
 459                  if(!isset($this->input[$name]) || !is_numeric($this->input[$name]))
 460                  {
 461                      return 0;
 462                  }
 463                  return (int)$this->input[$name];
 464              case MyBB::INPUT_FLOAT:
 465                  if(!isset($this->input[$name]) || !is_numeric($this->input[$name]))
 466                  {
 467                      return 0.0;
 468                  }
 469                  return (float)$this->input[$name];
 470              case MyBB::INPUT_BOOL:
 471                  if(!isset($this->input[$name]) || !is_scalar($this->input[$name]))
 472                  {
 473                      return false;
 474                  }
 475                  return (bool)$this->input[$name];
 476              default:
 477                  if(!isset($this->input[$name]) || !is_scalar($this->input[$name]))
 478                  {
 479                      return '';
 480                  }
 481                  return $this->input[$name];
 482          }
 483      }
 484  
 485      /**
 486       * Get the path to an asset using the CDN URL if configured.
 487       *
 488       * @param string $path    The path to the file.
 489       * @param bool   $use_cdn Whether to use the configured CDN options.
 490       *
 491       * @return string The complete URL to the asset.
 492       */
 493  	public function get_asset_url($path = '', $use_cdn = true)
 494      {
 495          $path = (string) $path;
 496          $path = ltrim($path, '/');
 497  
 498          if(substr($path, 0, 4) != 'http')
 499          {
 500              if(substr($path, 0, 2) == './')
 501              {
 502                  $path = substr($path, 2);
 503              }
 504  
 505              if($use_cdn && $this->settings['usecdn'] && !empty($this->settings['cdnurl']))
 506              {
 507                  $base_path = rtrim($this->settings['cdnurl'], '/');
 508              }
 509              else
 510              {
 511                  $base_path = rtrim($this->settings['bburl'], '/');
 512              }
 513  
 514              $url = $base_path;
 515  
 516              if(!empty($path))
 517              {
 518                  $url = $base_path . '/' . $path;
 519              }
 520          }
 521          else
 522          {
 523              $url = $path;
 524          }
 525  
 526          return $url;
 527      }
 528  
 529      /**
 530       * Triggers a generic error.
 531       *
 532       * @param string $code The error code.
 533       */
 534  	function trigger_generic_error($code)
 535      {
 536          global $error_handler;
 537  
 538          switch($code)
 539          {
 540              case "cache_no_write":
 541                  $message = "The data cache directory (cache/) needs to exist and be writable by the web server. Change its permissions so that it is writable (777 on Unix based servers).";
 542                  $error_code = MYBB_CACHE_NO_WRITE;
 543                  break;
 544              case "install_directory":
 545                  $message = "The install directory (install/) still exists on your server and is not locked. To access MyBB please either remove this directory or create an empty file in it called 'lock'.";
 546                  $error_code = MYBB_INSTALL_DIR_EXISTS;
 547                  break;
 548              case "board_not_installed":
 549                  $message = "Your board has not yet been installed and configured. Please do so before attempting to browse it.";
 550                  $error_code = MYBB_NOT_INSTALLED;
 551                  break;
 552              case "board_not_upgraded":
 553                  $message = "Your board has not yet been upgraded. Please do so before attempting to browse it.";
 554                  $error_code = MYBB_NOT_UPGRADED;
 555                  break;
 556              case "sql_load_error":
 557                  $message = "MyBB was unable to load the SQL extension. Please contact the MyBB Group for support. <a href=\"https://mybb.com\">MyBB Website</a>";
 558                  $error_code = MYBB_SQL_LOAD_ERROR;
 559                  break;
 560              case "apc_load_error":
 561                  $message = "APC needs to be configured with PHP to use the APC cache support.";
 562                  $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
 563                  break;
 564              case "eaccelerator_load_error":
 565                  $message = "eAccelerator needs to be configured with PHP to use the eAccelerator cache support.";
 566                  $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
 567                  break;
 568              case "memcache_load_error":
 569                  $message = "Your server does not have memcache support enabled.";
 570                  $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
 571                  break;
 572              case "memcached_load_error":
 573                  $message = "Your server does not have memcached support enabled.";
 574                  $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
 575                  break;
 576              case "xcache_load_error":
 577                  $message = "Xcache needs to be configured with PHP to use the Xcache cache support.";
 578                  $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
 579                  break;
 580              default:
 581                  $message = "MyBB has experienced an internal error. Please contact the MyBB Group for support. <a href=\"https://mybb.com\">MyBB Website</a>";
 582                  $error_code = MYBB_GENERAL;
 583          }
 584          $error_handler->trigger($message, $error_code);
 585      }
 586  
 587  	function __destruct()
 588      {
 589          // Run shutdown function
 590          if(function_exists("run_shutdown"))
 591          {
 592              run_shutdown();
 593          }
 594      }
 595  }
 596  
 597  /**
 598   * Do this here because the core is used on every MyBB page
 599   */
 600  
 601  $grouppermignore = array("gid", "type", "title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
 602  $groupzerogreater = array("pmquota", "maxpmrecipients", "maxreputationsday", "attachquota", "maxemails", "maxposts", "edittimelimit", "maxreputationsperuser", "maxreputationsperthread", "emailfloodtime");
 603  $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
 604  
 605  // These are fields in the usergroups table that are also forum permission specific.
 606  $fpermfields = array(
 607      'canview',
 608      'canviewthreads',
 609      'candlattachments',
 610      'canpostthreads',
 611      'canpostreplys',
 612      'canpostattachments',
 613      'canratethreads',
 614      'caneditposts',
 615      'candeleteposts',
 616      'candeletethreads',
 617      'caneditattachments',
 618      'canviewdeletionnotice',
 619      'modposts',
 620      'modthreads',
 621      'modattachments',
 622      'mod_edit_posts',
 623      'canpostpolls',
 624      'canvotepolls',
 625      'cansearch'
 626  );


2005 - 2019 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref 0.7.1