-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathcommon.php
More file actions
247 lines (216 loc) · 6.79 KB
/
common.php
File metadata and controls
247 lines (216 loc) · 6.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
<?php
/**
*
* @package Icy Phoenix
* @version $Id$
* @copyright (c) 2008 Icy Phoenix
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
*
* @Icy Phoenix is based on phpBB
* @copyright (c) 2008 phpBB Group
*
*/
if (!defined('IN_ICYPHOENIX'))
{
die('Hacking attempt');
}
$starttime = explode(' ', microtime());
$starttime = $starttime[1] + $starttime[0];
error_reporting(E_ALL ^ E_NOTICE); // Report all errors, except notices
//@ini_set('memory_limit', '24M');
// MIGHTY GORGON - DEBUG - BEGIN
@define('DEBUG', true); // Debugging ON/OFF => TRUE/FALSE
@define('DEBUG_EXTRA', true); // Extra Debugging ON/OFF => TRUE/FALSE
if (defined('DEBUG_EXTRA') && DEBUG_EXTRA)
{
$base_memory_usage = 0;
if (function_exists('memory_get_usage'))
{
$base_memory_usage = @memory_get_usage();
}
}
// MIGHTY GORGON - DEBUG - END
/*
* Remove variables created by register_globals from the global scope
* Thanks to Matt Kavanagh
*/
function deregister_globals()
{
$not_unset = array(
'GLOBALS' => true,
'_GET' => true,
'_POST' => true,
'_COOKIE' => true,
'_REQUEST' => true,
'_SERVER' => true,
'_SESSION' => true,
'_ENV' => true,
'_FILES' => true,
'no_page_header' => true,
'starttime' => true,
'base_memory_usage' => true,
);
// Not only will array_merge and array_keys give a warning if a parameter is not an array, array_merge will actually fail.
// So we check if _SESSION has been initialised.
if (!isset($_SESSION) || !is_array($_SESSION))
{
$_SESSION = array();
}
// Merge all into one extremely huge array; unset this later
$input = array_merge(
array_keys($_GET),
array_keys($_POST),
array_keys($_COOKIE),
array_keys($_SERVER),
array_keys($_SESSION),
array_keys($_ENV),
array_keys($_FILES)
);
foreach ($input as $varname)
{
if (isset($not_unset[$varname]))
{
// Hacking attempt. No point in continuing unless it's a COOKIE
if (($varname !== 'GLOBALS') || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
{
exit;
}
else
{
$cookie = &$_COOKIE;
while (isset($cookie['GLOBALS']))
{
foreach ($cookie['GLOBALS'] as $registered_var => $value)
{
if (!isset($not_unset[$registered_var]))
{
unset($GLOBALS[$registered_var]);
}
}
$cookie = &$cookie['GLOBALS'];
}
}
}
unset($GLOBALS[$varname]);
}
unset($input);
}
// If we are on PHP >= 6.0.0 we do not need some code
if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
{
define('STRIP', false);
}
else
{
@set_magic_quotes_runtime(0); // Disable magic_quotes_runtime
if (@ini_get('register_globals') == '1' || (strtolower(@ini_get('register_globals')) == 'on') || !function_exists('ini_get'))
{
deregister_globals();
}
define('STRIP', (@get_magic_quotes_gpc()) ? true : false);
}
// Load Extensions
if (!empty($load_extensions))
{
$load_extensions = explode(',', $load_extensions);
foreach ($load_extensions as $extension)
{
@dl(trim($extension));
}
}
// Initialize some basic configuration arrays this also prevents malicious rewriting of language and other array values via URI params
$config = array();
$cms_config_layouts = array();
$user = array();
$theme = array();
$images = array();
$lang = array();
$tree = array();
$nav_links = array();
$gen_simple_header = false;
$breadcrumbs = array();
require(IP_ROOT_PATH . 'config.' . PHP_EXT);
if(!defined('IP_INSTALLED') && !defined('IN_INSTALL'))
{
die('<p>config.' . PHP_EXT . ' could not be found.</p><p><a href="' . IP_ROOT_PATH . 'install/install.' . PHP_EXT . '">Click here to install Icy Phoenix</a></p>');
//header('Location: ' . IP_ROOT_PATH . 'install/install.' . PHP_EXT);
exit;
}
require(IP_ROOT_PATH . 'includes/constants.' . PHP_EXT);
require(IP_ROOT_PATH . 'includes/template.' . PHP_EXT);
require(IP_ROOT_PATH . 'includes/sessions.' . PHP_EXT);
require(IP_ROOT_PATH . 'includes/auth.' . PHP_EXT);
require(IP_ROOT_PATH . 'includes/class_auth.' . PHP_EXT);
require(IP_ROOT_PATH . 'includes/class_cache.' . PHP_EXT);
require(IP_ROOT_PATH . 'includes/class_cache_extends.' . PHP_EXT);
require(IP_ROOT_PATH . 'includes/functions.' . PHP_EXT);
require(IP_ROOT_PATH . 'includes/utf/utf_tools.' . PHP_EXT);
require(IP_ROOT_PATH . 'includes/class_cms.' . PHP_EXT);
require(IP_ROOT_PATH . 'includes/class_settings.' . PHP_EXT);
if (defined('IN_ADMIN'))
{
require_once(IP_ROOT_PATH . 'includes/functions_admin.' . PHP_EXT);
}
// We need to instantiate Cache Class before DB to correctly initialize DB Connection
$cache = new ip_cache();
$class_settings = new class_settings();
$user = new user();
$auth = new auth();
$ip_cms = new ip_cms();
$ip_cms->init_vars();
require(IP_ROOT_PATH . 'includes/db.' . PHP_EXT);
// We do not need these any longer, unset for safety purpose
unset($dbuser);
unset($dbpasswd);
unset($db->password);
unset($message);
unset($highlight);
unset($sql);
// Set PHP error handler to ours
set_error_handler(defined('IP_MSG_HANDLER') ? IP_MSG_HANDLER : 'msg_handler');
// Check if we are in ACP
if ((defined('IN_ADMIN') || defined('IN_CMS')) && !defined('ACP_MODULES'))
{
define('NEED_SID', true);
$cache->destroy('config');
}
else
{
if (!defined('IN_POSTING') && defined('TIME_LIMIT'))
{
@set_time_limit(TIME_LIMIT);
}
}
$config = $cache->obtain_config();
$config['default_style_row'] = $cache->obtain_default_style(false);
$config['gzip_compress_runtime'] = $config['gzip_compress'];
// Obtain and encode users IP
// Removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as private range IP's appearing instead of the guilty routable IP, tough, don't even bother complaining ... go scream and shout at the idiots out there who feel "clever" is doing harm rather than good ... karma is a great thing ... :)
$user_ip = (!empty($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : ((!empty($_ENV['REMOTE_ADDR'])) ? $_ENV['REMOTE_ADDR'] : getenv('REMOTE_ADDR'));
$user_ip = (!empty($user_ip) && ($user_ip != '::1')) ? $user_ip : '127.0.0.1';
// CMS Pages Config - BEGIN
if (!defined('SKIP_CMS_CONFIG') && !defined('IN_ADMIN') && !defined('IN_CMS'))
{
//$cms_config_layouts = get_layouts_config(true);
$cms_config_layouts = $cache->obtain_cms_layouts_config();
}
// CMS Pages Config - END
foreach ($cache->obtain_plugins_config() as $k => $plugin)
{
$config['plugins'][$k]['enabled'] = !empty($plugin['plugin_enabled']) ? true : false;
$config['plugins'][$k]['dir'] = !empty($plugin['plugin_dir']) ? ($plugin['plugin_dir'] . '/') : '';
}
if (!empty($config['url_rw']) || !empty($config['url_rw_guests']))
{
@include_once(IP_ROOT_PATH . 'includes/functions_rewrite.' . PHP_EXT);
}
/*
foreach ($cache->obtain_hooks() as $hook)
{
@include(IP_ROOT_PATH . 'includes/hooks/' . $hook . '.' . PHP_EXT);
}
*/
?>