| [ Index ] |
PHP Cross Reference of MyBB 1.8.38 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 class MyBB { 12 /** 13 * The friendly version number of MyBB we're running. 14 * 15 * @var string 16 */ 17 public $version = "1.8.38"; 18 19 /** 20 * The version code of MyBB we're running. 21 * 22 * @var integer 23 */ 24 public $version_code = 1838; 25 26 /** 27 * The current working directory. 28 * 29 * @var string 30 */ 31 public $cwd = "."; 32 33 /** 34 * Input variables received from the outer world. 35 * 36 * @var array 37 */ 38 public $input = array(); 39 40 /** 41 * Cookie variables received from the outer world. 42 * 43 * @var array 44 */ 45 public $cookies = array(); 46 47 /** 48 * Information about the current user. 49 * 50 * @var array 51 */ 52 public $user = array(); 53 54 /** 55 * Information about the current usergroup. 56 * 57 * @var array 58 */ 59 public $usergroup = array(); 60 61 /** 62 * MyBB settings. 63 * 64 * @var array 65 */ 66 public $settings = array(); 67 68 /** 69 * Whether or not magic quotes are enabled. 70 * 71 * @var int 72 */ 73 public $magicquotes = 0; 74 75 /** 76 * Whether or not MyBB supports SEO URLs 77 * 78 * @var boolean 79 */ 80 public $seo_support = false; 81 82 /** 83 * MyBB configuration. 84 * 85 * @var array 86 */ 87 public $config = array(); 88 89 /** 90 * The request method that called this page. 91 * 92 * @var string 93 */ 94 public $request_method = ""; 95 96 /** 97 * Whether or not PHP's safe_mode is enabled 98 * 99 * @var boolean 100 */ 101 public $safemode = false; 102 103 /** 104 * Loads templates directly from the master theme and disables the installer locked error 105 * 106 * @var boolean 107 */ 108 public $dev_mode = false; 109 110 /** 111 * Variables that need to be clean. 112 * 113 * @var array 114 */ 115 public $clean_variables = array( 116 "int" => array( 117 "tid", "pid", "uid", 118 "eid", "pmid", "fid", 119 "aid", "rid", "sid", 120 "vid", "cid", "bid", 121 "hid", "gid", "mid", 122 "wid", "lid", "iid", 123 "did", "qid", "id" 124 ), 125 "pos" => array( 126 "page", "perpage" 127 ), 128 "a-z" => array( 129 "sortby", "order" 130 ) 131 ); 132 133 /** 134 * Variables that are to be ignored from cleansing process 135 * 136 * @var array 137 */ 138 public $ignore_clean_variables = array(); 139 140 /** 141 * Using built in shutdown functionality provided by register_shutdown_function for < PHP 5? 142 * 143 * @var bool 144 */ 145 public $use_shutdown = true; 146 147 /** 148 * Debug mode? 149 * 150 * @var bool 151 */ 152 public $debug_mode = false; 153 154 /** 155 * Binary database fields need to be handled differently 156 * 157 * @var array 158 */ 159 public $binary_fields = array( 160 'adminlog' => array('ipaddress' => true), 161 'adminsessions' => array('ip' => true), 162 'maillogs' => array('ipaddress' => true), 163 'moderatorlog' => array('ipaddress' => true), 164 'pollvotes' => array('ipaddress' => true), 165 'posts' => array('ipaddress' => true), 166 'privatemessages' => array('ipaddress' => true), 167 'searchlog' => array('ipaddress' => true), 168 'sessions' => array('ip' => true), 169 'threadratings' => array('ipaddress' => true), 170 'users' => array('regip' => true, 'lastip' => true), 171 'spamlog' => array('ipaddress' => true), 172 ); 173 174 /** 175 * The cache instance to use. 176 * 177 * @var datacache 178 */ 179 public $cache; 180 181 /** 182 * The base URL to assets. 183 * 184 * @var string 185 */ 186 public $asset_url = null; 187 188 /** 189 * @var array 190 */ 191 public $session = array(); 192 193 /** 194 * @var string 195 */ 196 public $post_code; 197 198 /** 199 * @var array 200 */ 201 public $admin; 202 203 /** 204 * String input constant for use with get_input(). 205 * 206 * @see get_input 207 */ 208 const INPUT_STRING = 0; 209 /** 210 * Integer input constant for use with get_input(). 211 * 212 * @see get_input 213 */ 214 const INPUT_INT = 1; 215 /** 216 * Array input constant for use with get_input(). 217 * 218 * @see get_input 219 */ 220 const INPUT_ARRAY = 2; 221 /** 222 * Float input constant for use with get_input(). 223 * 224 * @see get_input 225 */ 226 const INPUT_FLOAT = 3; 227 /** 228 * Boolean input constant for use with get_input(). 229 * 230 * @see get_input 231 */ 232 const INPUT_BOOL = 4; 233 234 /** 235 * Constructor of class. 236 */ 237 function __construct() 238 { 239 // Set up MyBB 240 $protected = array("_GET", "_POST", "_SERVER", "_COOKIE", "_FILES", "_ENV", "GLOBALS"); 241 foreach($protected as $var) 242 { 243 if(isset($_POST[$var]) || isset($_GET[$var]) || isset($_COOKIE[$var]) || isset($_FILES[$var])) 244 { 245 die("Hacking attempt"); 246 } 247 } 248 249 if(defined("IGNORE_CLEAN_VARS")) 250 { 251 if(!is_array(IGNORE_CLEAN_VARS)) 252 { 253 $this->ignore_clean_variables = array(IGNORE_CLEAN_VARS); 254 } 255 else 256 { 257 $this->ignore_clean_variables = IGNORE_CLEAN_VARS; 258 } 259 } 260 261 // Determine Magic Quotes Status (< PHP 6.0) 262 if(version_compare(PHP_VERSION, '6.0', '<')) 263 { 264 if(@get_magic_quotes_gpc()) 265 { 266 $this->magicquotes = 1; 267 $this->strip_slashes_array($_POST); 268 $this->strip_slashes_array($_GET); 269 $this->strip_slashes_array($_COOKIE); 270 } 271 @set_magic_quotes_runtime(0); 272 @ini_set("magic_quotes_gpc", 0); 273 @ini_set("magic_quotes_runtime", 0); 274 } 275 276 // Determine input 277 $this->parse_incoming($_GET); 278 $this->parse_incoming($_POST); 279 280 if($_SERVER['REQUEST_METHOD'] == "POST") 281 { 282 $this->request_method = "post"; 283 } 284 else if($_SERVER['REQUEST_METHOD'] == "GET") 285 { 286 $this->request_method = "get"; 287 } 288 289 // If we've got register globals on, then kill them too 290 if(@ini_get("register_globals") == 1) 291 { 292 $this->unset_globals($_POST); 293 $this->unset_globals($_GET); 294 $this->unset_globals($_FILES); 295 $this->unset_globals($_COOKIE); 296 } 297 $this->clean_input(); 298 299 $safe_mode_status = @ini_get("safe_mode"); 300 if($safe_mode_status == 1 || strtolower($safe_mode_status) == 'on') 301 { 302 $this->safemode = true; 303 } 304 305 // Are we running on a development server? 306 if(isset($_SERVER['MYBB_DEV_MODE']) && $_SERVER['MYBB_DEV_MODE'] == 1) 307 { 308 $this->dev_mode = 1; 309 } 310 311 // Are we running in debug mode? 312 if(isset($this->input['debug']) && $this->input['debug'] == 1) 313 { 314 $this->debug_mode = true; 315 } 316 317 if(isset($this->input['action']) && $this->input['action'] == "mybb_logo") 318 { 319 require_once dirname(__FILE__)."/mybb_group.php"; 320 output_logo(); 321 } 322 323 if(isset($this->input['intcheck']) && $this->input['intcheck'] == 1) 324 { 325 die("MYBB"); 326 } 327 } 328 329 /** 330 * Parses the incoming variables. 331 * 332 * @param array $array The array of incoming variables. 333 */ 334 function parse_incoming($array) 335 { 336 if(!is_array($array)) 337 { 338 return; 339 } 340 341 foreach($array as $key => $val) 342 { 343 $this->input[$key] = $val; 344 } 345 } 346 347 /** 348 * Parses the incoming cookies 349 * 350 */ 351 function parse_cookies() 352 { 353 if(!is_array($_COOKIE)) 354 { 355 return; 356 } 357 358 $prefix_length = strlen($this->settings['cookieprefix']); 359 360 foreach($_COOKIE as $key => $val) 361 { 362 if($prefix_length && substr($key, 0, $prefix_length) == $this->settings['cookieprefix']) 363 { 364 $key = substr($key, $prefix_length); 365 366 // Fixes conflicts with one board having a prefix and another that doesn't on the same domain 367 // Gives priority to our cookies over others (overwrites them) 368 if(isset($this->cookies[$key])) 369 { 370 unset($this->cookies[$key]); 371 } 372 } 373 374 if(empty($this->cookies[$key])) 375 { 376 $this->cookies[$key] = $val; 377 } 378 } 379 } 380 381 /** 382 * Strips slashes out of a given array. 383 * 384 * @param array $array The array to strip. 385 */ 386 function strip_slashes_array(&$array) 387 { 388 foreach($array as $key => $val) 389 { 390 if(is_array($array[$key])) 391 { 392 $this->strip_slashes_array($array[$key]); 393 } 394 else 395 { 396 $array[$key] = stripslashes($array[$key]); 397 } 398 } 399 } 400 401 /** 402 * Unsets globals from a specific array. 403 * 404 * @param array $array The array to unset from. 405 */ 406 function unset_globals($array) 407 { 408 if(!is_array($array)) 409 { 410 return; 411 } 412 413 foreach(array_keys($array) as $key) 414 { 415 unset($GLOBALS[$key]); 416 unset($GLOBALS[$key]); // Double unset to circumvent the zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4 417 } 418 } 419 420 /** 421 * Cleans predefined input variables. 422 * 423 */ 424 function clean_input() 425 { 426 foreach($this->clean_variables as $type => $variables) 427 { 428 foreach($variables as $var) 429 { 430 // If this variable is in the ignored array, skip and move to next. 431 if(in_array($var, $this->ignore_clean_variables)) 432 { 433 continue; 434 } 435 436 if(isset($this->input[$var])) 437 { 438 switch($type) 439 { 440 case "int": 441 $this->input[$var] = $this->get_input($var, MyBB::INPUT_INT); 442 break; 443 case "a-z": 444 $this->input[$var] = preg_replace("#[^a-z\.\-_]#i", "", $this->get_input($var)); 445 break; 446 case "pos": 447 if(($this->input[$var] < 0 && $var != "page") || ($var == "page" && $this->input[$var] != "last" && $this->input[$var] < 0)) 448 $this->input[$var] = 0; 449 break; 450 } 451 } 452 } 453 } 454 } 455 456 /** 457 * Checks the input data type before usage. 458 * 459 * @param string $name Variable name ($mybb->input) 460 * @param int $type The type of the variable to get. Should be one of MyBB::INPUT_INT, MyBB::INPUT_ARRAY or MyBB::INPUT_STRING. 461 * 462 * @return int|float|array|string Checked data. Type depending on $type 463 */ 464 function get_input($name, $type = MyBB::INPUT_STRING) 465 { 466 switch($type) 467 { 468 case MyBB::INPUT_ARRAY: 469 if(!isset($this->input[$name]) || !is_array($this->input[$name])) 470 { 471 return array(); 472 } 473 return $this->input[$name]; 474 case MyBB::INPUT_INT: 475 if(!isset($this->input[$name]) || !is_numeric($this->input[$name])) 476 { 477 return 0; 478 } 479 return (int)$this->input[$name]; 480 case MyBB::INPUT_FLOAT: 481 if(!isset($this->input[$name]) || !is_numeric($this->input[$name])) 482 { 483 return 0.0; 484 } 485 return (float)$this->input[$name]; 486 case MyBB::INPUT_BOOL: 487 if(!isset($this->input[$name]) || !is_scalar($this->input[$name])) 488 { 489 return false; 490 } 491 return (bool)$this->input[$name]; 492 default: 493 if(!isset($this->input[$name]) || !is_scalar($this->input[$name])) 494 { 495 return ''; 496 } 497 return $this->input[$name]; 498 } 499 } 500 501 /** 502 * Get the path to an asset using the CDN URL if configured. 503 * 504 * @param string $path The path to the file. 505 * @param bool $use_cdn Whether to use the configured CDN options. 506 * 507 * @return string The complete URL to the asset. 508 */ 509 public function get_asset_url($path = '', $use_cdn = true) 510 { 511 $path = (string) $path; 512 $path = ltrim($path, '/'); 513 514 if(substr($path, 0, 4) != 'http') 515 { 516 if(substr($path, 0, 2) == './') 517 { 518 $path = substr($path, 2); 519 } 520 521 if($use_cdn && $this->settings['usecdn'] && !empty($this->settings['cdnurl'])) 522 { 523 $base_path = rtrim($this->settings['cdnurl'], '/'); 524 } 525 else 526 { 527 $base_path = rtrim($this->settings['bburl'], '/'); 528 } 529 530 $url = $base_path; 531 532 if(!empty($path)) 533 { 534 $url = $base_path . '/' . $path; 535 } 536 } 537 else 538 { 539 $url = $path; 540 } 541 542 return $url; 543 } 544 545 /** 546 * Triggers a generic error. 547 * 548 * @param string $code The error code. 549 */ 550 function trigger_generic_error($code) 551 { 552 global $error_handler; 553 554 switch($code) 555 { 556 case "cache_no_write": 557 $message = "The data cache directory (cache/) needs to exist and be writable by the web server. Change its permissions so that it is writable (777 on Unix based servers)."; 558 $error_code = MYBB_CACHE_NO_WRITE; 559 break; 560 case "install_directory": 561 $message = "The install directory (install/) still exists on your server and is not locked. To access MyBB please either remove this directory or create an empty file in it called 'lock'."; 562 $error_code = MYBB_INSTALL_DIR_EXISTS; 563 break; 564 case "board_not_installed": 565 $message = "Your board has not yet been installed and configured. Please do so before attempting to browse it."; 566 $error_code = MYBB_NOT_INSTALLED; 567 break; 568 case "board_not_upgraded": 569 $message = "Your board has not yet been upgraded. Please do so before attempting to browse it."; 570 $error_code = MYBB_NOT_UPGRADED; 571 break; 572 case "sql_load_error": 573 $message = "MyBB was unable to load the SQL extension. Please contact the MyBB Group for support. <a href=\"https://mybb.com\">MyBB Website</a>"; 574 $error_code = MYBB_SQL_LOAD_ERROR; 575 break; 576 case "apc_load_error": 577 $message = "APC needs to be configured with PHP to use the APC cache support."; 578 $error_code = MYBB_CACHEHANDLER_LOAD_ERROR; 579 break; 580 case "apcu_load_error": 581 $message = "APCu needs to be configured with PHP to use the APCu cache support."; 582 $error_code = MYBB_CACHEHANDLER_LOAD_ERROR; 583 break; 584 case "eaccelerator_load_error": 585 $message = "eAccelerator needs to be configured with PHP to use the eAccelerator cache support."; 586 $error_code = MYBB_CACHEHANDLER_LOAD_ERROR; 587 break; 588 case "memcache_load_error": 589 $message = "Your server does not have memcache support enabled."; 590 $error_code = MYBB_CACHEHANDLER_LOAD_ERROR; 591 break; 592 case "memcached_load_error": 593 $message = "Your server does not have memcached support enabled."; 594 $error_code = MYBB_CACHEHANDLER_LOAD_ERROR; 595 break; 596 case "xcache_load_error": 597 $message = "Xcache needs to be configured with PHP to use the Xcache cache support."; 598 $error_code = MYBB_CACHEHANDLER_LOAD_ERROR; 599 break; 600 case "redis_load_error": 601 $message = "Your server does not have redis support enabled."; 602 $error_code = MYBB_CACHEHANDLER_LOAD_ERROR; 603 break; 604 default: 605 $message = "MyBB has experienced an internal error. Please contact the MyBB Group for support. <a href=\"https://mybb.com\">MyBB Website</a>"; 606 $error_code = MYBB_GENERAL; 607 } 608 $error_handler->trigger($message, $error_code); 609 } 610 611 function __destruct() 612 { 613 // Run shutdown function 614 if(function_exists("run_shutdown")) 615 { 616 run_shutdown(); 617 } 618 } 619 } 620 621 /** 622 * Do this here because the core is used on every MyBB page 623 */ 624 625 $grouppermignore = array("gid", "type", "title", "description", "namestyle", "usertitle", "stars", "starimage", "image"); 626 $groupzerogreater = array( 627 'maxposts', 628 'attachquota', 629 'edittimelimit', 630 'maxreputationsperthread', 631 'maxreputationsperuser', 632 'maxreputationsday', 633 'maxwarningsday', 634 'pmquota', 635 'maxpmrecipients', 636 'maxemails', 637 ); 638 $groupzerolesser = array( 639 'canusesigxposts', 640 'emailfloodtime', 641 ); 642 $groupxgreater = array( 643 'reputationpower' => 0, 644 ); 645 $grouppermbyswitch = array( 646 'maxposts' => array('canpostthreads', 'canpostreplys'), 647 'attachquota' => 'canpostattachments', 648 'edittimelimit' => 'caneditposts', 649 'canusesigxposts' => 'canusesig', 650 'reputationpower' => 'cangivereputations', 651 'maxreputationsperthread' => 'cangivereputations', 652 'maxreputationsperuser' => 'cangivereputations', 653 'maxreputationsday' => 'cangivereputations', 654 'maxwarningsday' => 'canwarnusers', 655 'pmquota' => 'canusepms', 656 'maxpmrecipients' => 'canusepms', 657 'maxemails' => 'cansendemail', 658 'emailfloodtime' => 'cansendemail', 659 ); 660 661 $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image"); 662 663 // These are fields in the usergroups table that are also forum permission specific. 664 $fpermfields = array( 665 'canview', 666 'canviewthreads', 667 'candlattachments', 668 'canpostthreads', 669 'canpostreplys', 670 'canpostattachments', 671 'canratethreads', 672 'caneditposts', 673 'candeleteposts', 674 'candeletethreads', 675 'caneditattachments', 676 'canviewdeletionnotice', 677 'modposts', 678 'modthreads', 679 'modattachments', 680 'mod_edit_posts', 681 'canpostpolls', 682 'canvotepolls', 683 'cansearch' 684 );
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |