"Fossies" - the Fresh Open Source Software Archive

Member "Upload/inc/class_core.php" (6 Aug 2020, 14359 Bytes) of package /linux/www/mybb_1824.zip:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PHP source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "class_core.php" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 1823_vs_1824.

    1 <?php
    2 /**
    3  * MyBB 1.8
    4  * Copyright 2014 MyBB Group, All Rights Reserved
    5  *
    6  * Website: http://www.mybb.com
    7  * License: http://www.mybb.com/about/license
    8  *
    9  */
   10 
   11 class MyBB {
   12     /**
   13      * The friendly version number of MyBB we're running.
   14      *
   15      * @var string
   16      */
   17     public $version = "1.8.24";
   18 
   19     /**
   20      * The version code of MyBB we're running.
   21      *
   22      * @var integer
   23      */
   24     public $version_code = 1824;
   25 
   26     /**
   27      * The current working directory.
   28      *
   29      * @var string
   30      */
   31     public $cwd = ".";
   32 
   33     /**
   34      * Input variables received from the outer world.
   35      *
   36      * @var array
   37      */
   38     public $input = array();
   39 
   40     /**
   41      * Cookie variables received from the outer world.
   42      *
   43      * @var array
   44      */
   45     public $cookies = array();
   46 
   47     /**
   48      * Information about the current user.
   49      *
   50      * @var array
   51      */
   52     public $user = array();
   53 
   54     /**
   55      * Information about the current usergroup.
   56      *
   57      * @var array
   58      */
   59     public $usergroup = array();
   60 
   61     /**
   62      * MyBB settings.
   63      *
   64      * @var array
   65      */
   66     public $settings = array();
   67 
   68     /**
   69      * Whether or not magic quotes are enabled.
   70      *
   71      * @var int
   72      */
   73     public $magicquotes = 0;
   74 
   75     /**
   76      * Whether or not MyBB supports SEO URLs
   77      *
   78      * @var boolean
   79      */
   80     public $seo_support = false;
   81 
   82     /**
   83      * MyBB configuration.
   84      *
   85      * @var array
   86      */
   87     public $config = array();
   88 
   89     /**
   90      * The request method that called this page.
   91      *
   92      * @var string
   93      */
   94     public $request_method = "";
   95 
   96     /**
   97      * Whether or not PHP's safe_mode is enabled
   98      *
   99      * @var boolean
  100      */
  101     public $safemode = false;
  102 
  103     /**
  104      * Loads templates directly from the master theme and disables the installer locked error
  105      *
  106      * @var boolean
  107      */
  108     public $dev_mode = false;
  109 
  110     /**
  111      * Variables that need to be clean.
  112      *
  113      * @var array
  114      */
  115     public $clean_variables = array(
  116         "int" => array(
  117             "tid", "pid", "uid",
  118             "eid", "pmid", "fid",
  119             "aid", "rid", "sid",
  120             "vid", "cid", "bid",
  121             "hid", "gid", "mid",
  122             "wid", "lid", "iid",
  123             "did", "qid", "id"
  124         ),
  125         "pos" => array(
  126             "page", "perpage"
  127         ),
  128         "a-z" => array(
  129             "sortby", "order"
  130         )
  131     );
  132 
  133     /**
  134      * Variables that are to be ignored from cleansing process
  135      *
  136      * @var array
  137      */
  138     public $ignore_clean_variables = array();
  139 
  140     /**
  141      * Using built in shutdown functionality provided by register_shutdown_function for < PHP 5?
  142      *
  143      * @var bool
  144      */
  145     public $use_shutdown = true;
  146 
  147     /**
  148      * Debug mode?
  149      *
  150      * @var bool
  151      */
  152     public $debug_mode = false;
  153 
  154     /**
  155      * Binary database fields need to be handled differently
  156      *
  157      * @var array
  158      */
  159     public $binary_fields = array(
  160         'adminlog' => array('ipaddress' => true),
  161         'adminsessions' => array('ip' => true),
  162         'maillogs' => array('ipaddress' => true),
  163         'moderatorlog' => array('ipaddress' => true),
  164         'pollvotes' => array('ipaddress' => true),
  165         'posts' => array('ipaddress' => true),
  166         'privatemessages' => array('ipaddress' => true),
  167         'searchlog' => array('ipaddress' => true),
  168         'sessions' => array('ip' => true),
  169         'threadratings' => array('ipaddress' => true),
  170         'users' => array('regip' => true, 'lastip' => true),
  171         'spamlog' => array('ipaddress' => true),
  172     );
  173 
  174     /**
  175      * The cache instance to use.
  176      *
  177      * @var datacache
  178      */
  179     public $cache;
  180 
  181     /**
  182      * The base URL to assets.
  183      *
  184      * @var string
  185      */
  186     public $asset_url = null;
  187     /**
  188      * String input constant for use with get_input().
  189      *
  190      * @see get_input
  191      */
  192     const INPUT_STRING = 0;
  193     /**
  194      * Integer input constant for use with get_input().
  195      *
  196      * @see get_input
  197      */
  198     const INPUT_INT = 1;
  199     /**
  200      * Array input constant for use with get_input().
  201      *
  202      * @see get_input
  203      */
  204     const INPUT_ARRAY = 2;
  205     /**
  206      * Float input constant for use with get_input().
  207      *
  208      * @see get_input
  209      */
  210     const INPUT_FLOAT = 3;
  211     /**
  212      * Boolean input constant for use with get_input().
  213      *
  214      * @see get_input
  215      */
  216     const INPUT_BOOL = 4;
  217 
  218     /**
  219      * Constructor of class.
  220      */
  221     function __construct()
  222     {
  223         // Set up MyBB
  224         $protected = array("_GET", "_POST", "_SERVER", "_COOKIE", "_FILES", "_ENV", "GLOBALS");
  225         foreach($protected as $var)
  226         {
  227             if(isset($_POST[$var]) || isset($_GET[$var]) || isset($_COOKIE[$var]) || isset($_FILES[$var]))
  228             {
  229                 die("Hacking attempt");
  230             }
  231         }
  232 
  233         if(defined("IGNORE_CLEAN_VARS"))
  234         {
  235             if(!is_array(IGNORE_CLEAN_VARS))
  236             {
  237                 $this->ignore_clean_variables = array(IGNORE_CLEAN_VARS);
  238             }
  239             else
  240             {
  241                 $this->ignore_clean_variables = IGNORE_CLEAN_VARS;
  242             }
  243         }
  244 
  245         // Determine Magic Quotes Status (< PHP 6.0)
  246         if(version_compare(PHP_VERSION, '6.0', '<'))
  247         {
  248             if(@get_magic_quotes_gpc())
  249             {
  250                 $this->magicquotes = 1;
  251                 $this->strip_slashes_array($_POST);
  252                 $this->strip_slashes_array($_GET);
  253                 $this->strip_slashes_array($_COOKIE);
  254             }
  255             @set_magic_quotes_runtime(0);
  256             @ini_set("magic_quotes_gpc", 0);
  257             @ini_set("magic_quotes_runtime", 0);
  258         }
  259 
  260         // Determine input
  261         $this->parse_incoming($_GET);
  262         $this->parse_incoming($_POST);
  263 
  264         if($_SERVER['REQUEST_METHOD'] == "POST")
  265         {
  266             $this->request_method = "post";
  267         }
  268         else if($_SERVER['REQUEST_METHOD'] == "GET")
  269         {
  270             $this->request_method = "get";
  271         }
  272 
  273         // If we've got register globals on, then kill them too
  274         if(@ini_get("register_globals") == 1)
  275         {
  276             $this->unset_globals($_POST);
  277             $this->unset_globals($_GET);
  278             $this->unset_globals($_FILES);
  279             $this->unset_globals($_COOKIE);
  280         }
  281         $this->clean_input();
  282 
  283         $safe_mode_status = @ini_get("safe_mode");
  284         if($safe_mode_status == 1 || strtolower($safe_mode_status) == 'on')
  285         {
  286             $this->safemode = true;
  287         }
  288 
  289         // Are we running on a development server?
  290         if(isset($_SERVER['MYBB_DEV_MODE']) && $_SERVER['MYBB_DEV_MODE'] == 1)
  291         {
  292             $this->dev_mode = 1;
  293         }
  294 
  295         // Are we running in debug mode?
  296         if(isset($this->input['debug']) && $this->input['debug'] == 1)
  297         {
  298             $this->debug_mode = true;
  299         }
  300 
  301         if(isset($this->input['action']) && $this->input['action'] == "mybb_logo")
  302         {
  303             require_once dirname(__FILE__)."/mybb_group.php";
  304             output_logo();
  305         }
  306 
  307         if(isset($this->input['intcheck']) && $this->input['intcheck'] == 1)
  308         {
  309             die("&#077;&#089;&#066;&#066;");
  310         }
  311     }
  312 
  313     /**
  314      * Parses the incoming variables.
  315      *
  316      * @param array $array The array of incoming variables.
  317      */
  318     function parse_incoming($array)
  319     {
  320         if(!is_array($array))
  321         {
  322             return;
  323         }
  324 
  325         foreach($array as $key => $val)
  326         {
  327             $this->input[$key] = $val;
  328         }
  329     }
  330 
  331     /**
  332      * Parses the incoming cookies
  333      *
  334      */
  335     function parse_cookies()
  336     {
  337         if(!is_array($_COOKIE))
  338         {
  339             return;
  340         }
  341 
  342         $prefix_length = strlen($this->settings['cookieprefix']);
  343 
  344         foreach($_COOKIE as $key => $val)
  345         {
  346             if($prefix_length && substr($key, 0, $prefix_length) == $this->settings['cookieprefix'])
  347             {
  348                 $key = substr($key, $prefix_length);
  349 
  350                 // Fixes conflicts with one board having a prefix and another that doesn't on the same domain
  351                 // Gives priority to our cookies over others (overwrites them)
  352                 if($this->cookies[$key])
  353                 {
  354                     unset($this->cookies[$key]);
  355                 }
  356             }
  357 
  358             if(empty($this->cookies[$key]))
  359             {
  360                 $this->cookies[$key] = $val;
  361             }
  362         }
  363     }
  364 
  365     /**
  366      * Strips slashes out of a given array.
  367      *
  368      * @param array $array The array to strip.
  369      */
  370     function strip_slashes_array(&$array)
  371     {
  372         foreach($array as $key => $val)
  373         {
  374             if(is_array($array[$key]))
  375             {
  376                 $this->strip_slashes_array($array[$key]);
  377             }
  378             else
  379             {
  380                 $array[$key] = stripslashes($array[$key]);
  381             }
  382         }
  383     }
  384 
  385     /**
  386      * Unsets globals from a specific array.
  387      *
  388      * @param array $array The array to unset from.
  389      */
  390     function unset_globals($array)
  391     {
  392         if(!is_array($array))
  393         {
  394             return;
  395         }
  396 
  397         foreach(array_keys($array) as $key)
  398         {
  399             unset($GLOBALS[$key]);
  400             unset($GLOBALS[$key]); // Double unset to circumvent the zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4
  401         }
  402     }
  403 
  404     /**
  405      * Cleans predefined input variables.
  406      *
  407      */
  408     function clean_input()
  409     {
  410         foreach($this->clean_variables as $type => $variables)
  411         {
  412             foreach($variables as $var)
  413             {
  414                 // If this variable is in the ignored array, skip and move to next.
  415                 if(in_array($var, $this->ignore_clean_variables))
  416                 {
  417                     continue;
  418                 }
  419 
  420                 if(isset($this->input[$var]))
  421                 {
  422                     switch($type)
  423                     {
  424                         case "int":
  425                             $this->input[$var] = $this->get_input($var, MyBB::INPUT_INT);
  426                             break;
  427                         case "a-z":
  428                             $this->input[$var] = preg_replace("#[^a-z\.\-_]#i", "", $this->get_input($var));
  429                             break;
  430                         case "pos":
  431                             if(($this->input[$var] < 0 && $var != "page") || ($var == "page" && $this->input[$var] != "last" && $this->input[$var] < 0))
  432                                 $this->input[$var] = 0;
  433                             break;
  434                     }
  435                 }
  436             }
  437         }
  438     }
  439 
  440     /**
  441      * Checks the input data type before usage.
  442      *
  443      * @param string $name Variable name ($mybb->input)
  444      * @param int $type The type of the variable to get. Should be one of MyBB::INPUT_INT, MyBB::INPUT_ARRAY or MyBB::INPUT_STRING.
  445      *
  446      * @return int|float|array|string Checked data. Type depending on $type
  447      */
  448     function get_input($name, $type = MyBB::INPUT_STRING)
  449     {
  450         switch($type)
  451         {
  452             case MyBB::INPUT_ARRAY:
  453                 if(!isset($this->input[$name]) || !is_array($this->input[$name]))
  454                 {
  455                     return array();
  456                 }
  457                 return $this->input[$name];
  458             case MyBB::INPUT_INT:
  459                 if(!isset($this->input[$name]) || !is_numeric($this->input[$name]))
  460                 {
  461                     return 0;
  462                 }
  463                 return (int)$this->input[$name];
  464             case MyBB::INPUT_FLOAT:
  465                 if(!isset($this->input[$name]) || !is_numeric($this->input[$name]))
  466                 {
  467                     return 0.0;
  468                 }
  469                 return (float)$this->input[$name];
  470             case MyBB::INPUT_BOOL:
  471                 if(!isset($this->input[$name]) || !is_scalar($this->input[$name]))
  472                 {
  473                     return false;
  474                 }
  475                 return (bool)$this->input[$name];
  476             default:
  477                 if(!isset($this->input[$name]) || !is_scalar($this->input[$name]))
  478                 {
  479                     return '';
  480                 }
  481                 return $this->input[$name];
  482         }
  483     }
  484 
  485     /**
  486      * Get the path to an asset using the CDN URL if configured.
  487      *
  488      * @param string $path    The path to the file.
  489      * @param bool   $use_cdn Whether to use the configured CDN options.
  490      *
  491      * @return string The complete URL to the asset.
  492      */
  493     public function get_asset_url($path = '', $use_cdn = true)
  494     {
  495         $path = (string) $path;
  496         $path = ltrim($path, '/');
  497 
  498         if(substr($path, 0, 4) != 'http')
  499         {
  500             if(substr($path, 0, 2) == './')
  501             {
  502                 $path = substr($path, 2);
  503             }
  504 
  505             if($use_cdn && $this->settings['usecdn'] && !empty($this->settings['cdnurl']))
  506             {
  507                 $base_path = rtrim($this->settings['cdnurl'], '/');
  508             }
  509             else
  510             {
  511                 $base_path = rtrim($this->settings['bburl'], '/');
  512             }
  513 
  514             $url = $base_path;
  515 
  516             if(!empty($path))
  517             {
  518                 $url = $base_path . '/' . $path;
  519             }
  520         }
  521         else
  522         {
  523             $url = $path;
  524         }
  525 
  526         return $url;
  527     }
  528 
  529     /**
  530      * Triggers a generic error.
  531      *
  532      * @param string $code The error code.
  533      */
  534     function trigger_generic_error($code)
  535     {
  536         global $error_handler;
  537 
  538         switch($code)
  539         {
  540             case "cache_no_write":
  541                 $message = "The data cache directory (cache/) needs to exist and be writable by the web server. Change its permissions so that it is writable (777 on Unix based servers).";
  542                 $error_code = MYBB_CACHE_NO_WRITE;
  543                 break;
  544             case "install_directory":
  545                 $message = "The install directory (install/) still exists on your server and is not locked. To access MyBB please either remove this directory or create an empty file in it called 'lock'.";
  546                 $error_code = MYBB_INSTALL_DIR_EXISTS;
  547                 break;
  548             case "board_not_installed":
  549                 $message = "Your board has not yet been installed and configured. Please do so before attempting to browse it.";
  550                 $error_code = MYBB_NOT_INSTALLED;
  551                 break;
  552             case "board_not_upgraded":
  553                 $message = "Your board has not yet been upgraded. Please do so before attempting to browse it.";
  554                 $error_code = MYBB_NOT_UPGRADED;
  555                 break;
  556             case "sql_load_error":
  557                 $message = "MyBB was unable to load the SQL extension. Please contact the MyBB Group for support. <a href=\"https://mybb.com\">MyBB Website</a>";
  558                 $error_code = MYBB_SQL_LOAD_ERROR;
  559                 break;
  560             case "apc_load_error":
  561                 $message = "APC needs to be configured with PHP to use the APC cache support.";
  562                 $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
  563                 break;
  564             case "apcu_load_error":
  565                 $message = "APCu needs to be configured with PHP to use the APCu cache support.";
  566                 $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
  567                 break;
  568             case "eaccelerator_load_error":
  569                 $message = "eAccelerator needs to be configured with PHP to use the eAccelerator cache support.";
  570                 $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
  571                 break;
  572             case "memcache_load_error":
  573                 $message = "Your server does not have memcache support enabled.";
  574                 $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
  575                 break;
  576             case "memcached_load_error":
  577                 $message = "Your server does not have memcached support enabled.";
  578                 $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
  579                 break;
  580             case "xcache_load_error":
  581                 $message = "Xcache needs to be configured with PHP to use the Xcache cache support.";
  582                 $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
  583                 break;
  584             case "redis_load_error":
  585                 $message = "Your server does not have redis support enabled.";
  586                 $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
  587                 break;
  588             default:
  589                 $message = "MyBB has experienced an internal error. Please contact the MyBB Group for support. <a href=\"https://mybb.com\">MyBB Website</a>";
  590                 $error_code = MYBB_GENERAL;
  591         }
  592         $error_handler->trigger($message, $error_code);
  593     }
  594 
  595     function __destruct()
  596     {
  597         // Run shutdown function
  598         if(function_exists("run_shutdown"))
  599         {
  600             run_shutdown();
  601         }
  602     }
  603 }
  604 
  605 /**
  606  * Do this here because the core is used on every MyBB page
  607  */
  608 
  609 $grouppermignore = array("gid", "type", "title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
  610 $groupzerogreater = array("pmquota", "maxpmrecipients", "maxreputationsday", "attachquota", "maxemails", "maxposts", "edittimelimit", "maxreputationsperuser", "maxreputationsperthread", "emailfloodtime");
  611 $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
  612 
  613 // These are fields in the usergroups table that are also forum permission specific.
  614 $fpermfields = array(
  615     'canview',
  616     'canviewthreads',
  617     'candlattachments',
  618     'canpostthreads',
  619     'canpostreplys',
  620     'canpostattachments',
  621     'canratethreads',
  622     'caneditposts',
  623     'candeleteposts',
  624     'candeletethreads',
  625     'caneditattachments',
  626     'canviewdeletionnotice',
  627     'modposts',
  628     'modthreads',
  629     'modattachments',
  630     'mod_edit_posts',
  631     'canpostpolls',
  632     'canvotepolls',
  633     'cansearch'
  634 );