Verzeichnisstruktur phpBB-2.0.0
- Veröffentlicht
- 03.04.2002
So funktioniert es
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
common.php
001 <?php
002 /***************************************************************************
003 * common.php
004 * -------------------
005 * begin : Saturday, Feb 23, 2001
006 * copyright : (C) 2001 The phpBB Group
007 * email : support@phpbb.com
008 *
009 * $Id$
010 *
011 ***************************************************************************/
012
013 /***************************************************************************
014 *
015 * This program is free software; you can redistribute it and/or modify
016 * it under the terms of the GNU General Public License as published by
017 * the Free Software Foundation; either version 2 of the License, or
018 * (at your option) any later version.
019 *
020 ***************************************************************************/
021
022 if ( !defined('IN_PHPBB') )
023 {
024 die("Hacking attempt");
025 }
026
027 //
028 error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variables
029 set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
030
031 // The following code (unsetting globals)
032 // Thanks to Matt Kavanagh and Stefan Esser for providing feedback as well as patch files
033
034 // PHP5 with register_long_arrays off?
035 if (@phpversion() >= '5.0.0' && (!@ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off'))
036 {
037 $HTTP_POST_VARS = $_POST;
038 $HTTP_GET_VARS = $_GET;
039 $HTTP_SERVER_VARS = $_SERVER;
040 $HTTP_COOKIE_VARS = $_COOKIE;
041 $HTTP_ENV_VARS = $_ENV;
042 $HTTP_POST_FILES = $_FILES;
043
044 // _SESSION is the only superglobal which is conditionally set
045 if (isset($_SESSION))
046 {
047 $HTTP_SESSION_VARS = $_SESSION;
048 }
049 }
050
051 // Protect against GLOBALS tricks
052 if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS']))
053 {
054 die("Hacking attempt");
055 }
056
057 // Protect against HTTP_SESSION_VARS tricks
058 if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS))
059 {
060 die("Hacking attempt");
061 }
062
063 if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on')
064 {
065 // PHP4+ path
066 $not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path');
067
068 // Not only will array_merge give a warning if a parameter
069 // is not an array, it will actually fail. So we check if
070 // HTTP_SESSION_VARS has been initialised.
071 if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS))
072 {
073 $HTTP_SESSION_VARS = array();
074 }
075
076 // Merge all into one extremely huge array; unset
077 // this later
078 $input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);
079
080 unset($input['input']);
081 unset($input['not_unset']);
082
083 while (list($var,) = @each($input))
084 {
085 if (in_array($var, $not_unset))
086 {
087 die('Hacking attempt!');
088 }
089 unset($$var);
090 }
091
092 unset($input);
093 }
094
095 //
096 // addslashes to vars if magic_quotes_gpc is off
097 // this is a security precaution to prevent someone
098 // trying to break out of a SQL statement.
099 //
100 if( !get_magic_quotes_gpc() )
101 {
102 if( is_array($HTTP_GET_VARS) )
103 {
104 while( list($k, $v) = each($HTTP_GET_VARS) )
105 {
106 if( is_array($HTTP_GET_VARS[$k]) )
107 {
108 while( list($k2, $v2) = each($HTTP_GET_VARS[$k]) )
109 {
110 $HTTP_GET_VARS[$k][$k2] = addslashes($v2);
111 }
112 @reset($HTTP_GET_VARS[$k]);
113 }
114 else
115 {
116 $HTTP_GET_VARS[$k] = addslashes($v);
117 }
118 }
119 @reset($HTTP_GET_VARS);
120 }
121
122 if( is_array($HTTP_POST_VARS) )
123 {
124 while( list($k, $v) = each($HTTP_POST_VARS) )
125 {
126 if( is_array($HTTP_POST_VARS[$k]) )
127 {
128 while( list($k2, $v2) = each($HTTP_POST_VARS[$k]) )
129 {
130 $HTTP_POST_VARS[$k][$k2] = addslashes($v2);
131 }
132 @reset($HTTP_POST_VARS[$k]);
133 }
134 else
135 {
136 $HTTP_POST_VARS[$k] = addslashes($v);
137 }
138 }
139 @reset($HTTP_POST_VARS);
140 }
141
142 if( is_array($HTTP_COOKIE_VARS) )
143 {
144 while( list($k, $v) = each($HTTP_COOKIE_VARS) )
145 {
146 if( is_array($HTTP_COOKIE_VARS[$k]) )
147 {
148 while( list($k2, $v2) = each($HTTP_COOKIE_VARS[$k]) )
149 {
150 $HTTP_COOKIE_VARS[$k][$k2] = addslashes($v2);
151 }
152 @reset($HTTP_COOKIE_VARS[$k]);
153 }
154 else
155 {
156 $HTTP_COOKIE_VARS[$k] = addslashes($v);
157 }
158 }
159 @reset($HTTP_COOKIE_VARS);
160 }
161 }
162
163 //
164 // Define some basic configuration arrays this also prevents
165 // malicious rewriting of language and otherarray values via
166 // URI params
167 //
168 $board_config = array();
169 $userdata = array();
170 $theme = array();
171 $images = array();
172 $lang = array();
173 $nav_links = array();
174 $dss_seeded = false;
175 $gen_simple_header = FALSE;
176
177 include($phpbb_root_path . 'config.'.$phpEx);
178
179 if( !defined("PHPBB_INSTALLED") )
180 {
181 header('Location: ' . $phpbb_root_path . 'install/install.' . $phpEx);
182 exit;
183 }
184
185 include($phpbb_root_path . 'includes/constants.'.$phpEx);
186 include($phpbb_root_path . 'includes/template.'.$phpEx);
187 include($phpbb_root_path . 'includes/sessions.'.$phpEx);
188 include($phpbb_root_path . 'includes/auth.'.$phpEx);
189 include($phpbb_root_path . 'includes/functions.'.$phpEx);
190 include($phpbb_root_path . 'includes/db.'.$phpEx);
191
192 // We do not need this any longer, unset for safety purposes
193 unset($dbpasswd);
194
195 //
196 // Obtain and encode users IP
197 //
198 // I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as
199 // private range IP's appearing instead of the guilty routable IP, tough, don't
200 // even bother complaining ... go scream and shout at the idiots out there who feel
201 // "clever" is doing harm rather than good ... karma is a great thing ... :)
202 //
203 $client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') );
204 $user_ip = encode_ip($client_ip);
205
206 //
207 // Setup forum wide options, if this fails
208 // then we output a CRITICAL_ERROR since
209 // basic forum information is not available
210 //
211 $sql = "SELECT *
212 FROM " . CONFIG_TABLE;
213 if( !($result = $db->sql_query($sql)) )
214 {
215 message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql);
216 }
217
218 while ( $row = $db->sql_fetchrow($result) )
219 {
220 $board_config[$row['config_name']] = $row['config_value'];
221 }
222
223 if (file_exists('install') || file_exists('contrib'))
224 {
225 message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib');
226 }
227
228 //
229 // Show 'Board is disabled' message if needed.
230 //
231 if( $board_config['board_disable'] && !defined("IN_ADMIN") && !defined("IN_LOGIN") )
232 {
233 message_die(GENERAL_MESSAGE, 'Board_disable', 'Information');
234 }
235
236 ?>