}
break;
case 'pm_check_messages':
if (!session::logged_in()) {
break;
}
cache_disable();
if (($pm_notification_data = pm_check_messages()) === false) {
header_status(500, 'Internal Server Error');
exit;
}
header('Content-Type: application/json');
$content = json_encode($pm_notification_data);
break;
case 'get_forum_stats':
cache_check_last_modified(time() + 300);
if (!($content = stats_get_html())) {
header_status(500, 'Internal Server Error');
exit;
}
break;
case 'reload_captcha':
$text_captcha = new captcha(6, 15, 25, 9, 30);
if (!$text_captcha->generate_keys()) {
header_status(500, 'Internal Server Error');
exit;
}
if (!($text_captcha_image = $text_captcha->make_image())) {
header_status(500, 'Internal Server Error');
exit;
}
require_once BH_INCLUDE_PATH . 'session.inc.php';
// End Required includes
// Guests can't do different font sizes.
if (!session::logged_in()) {
exit;
}
// User's font size.
if (isset($_SESSION['FONT_SIZE']) && is_numeric($_SESSION['FONT_SIZE'])) {
$font_size = max(min($_SESSION['FONT_SIZE'], 15), 5);
} else {
$font_size = 10;
}
// Make sure the font size is positive and an integer.
$font_size = floor(abs($font_size));
// Output in text/css.
header("Content-type: text/css; charset=UTF-8");
// Check the cache
cache_check_last_modified(time(), md5($font_size . $_SESSION['UID'] . $_SESSION['LOGON']));
// Check the user's font size.
if ($font_size < 5) {
$font_size = 5;
}
if ($font_size > 15) {
$font_size = 15;
}
// Array of different font sizes
$css_selectors = array('body' => 0.8, '.navpage' => 0.65);
// Output the CSS
foreach ($css_selectors as $css_selector => $css_font_ratio) {
printf("%s {\n font-size: %d%%;\n}\n\n", $css_selector, $font_size * $css_font_ratio * 10);
}
======================================================================*/
// Bootstrap
require_once 'boot.php';
// Required includes
require_once BH_INCLUDE_PATH . 'cache.inc.php';
require_once BH_INCLUDE_PATH . 'constants.inc.php';
require_once BH_INCLUDE_PATH . 'forum.inc.php';
require_once BH_INCLUDE_PATH . 'html.inc.php';
require_once BH_INCLUDE_PATH . 'messages.inc.php';
// End Required includes
// Get the start page
if (($start_page = forum_get_setting('start_page', 'strlen', false)) !== false) {
// Get the start page CSS
if (($start_page_css = forum_get_setting('start_page_css', 'strlen', false)) !== false) {
// Check for cached page.
cache_check_last_modified(time(), md5($start_page . $start_page_css));
html_draw_top(array('inline_css' => $start_page_css));
echo message_apply_formatting($start_page);
html_draw_bottom();
} else {
// Check for cached page.
cache_check_last_modified(time(), md5($start_page));
html_draw_top();
echo message_apply_formatting($start_page);
html_draw_bottom();
}
} else {
html_draw_top();
echo "<h1>", gettext("You can edit this page from the admin interface"), "</h1>\n";
html_draw_bottom();
}
$file_path = "{$attachment_dir}/{$attachment_details['hash']}";
// Increment the view count only if the attachment
// isn't being used as an avatar or profile picture.
if (!isset($_GET['profile_picture']) && !isset($_GET['avatar_picture'])) {
attachments_inc_download_count($hash);
}
}
// Check the mimetype is allowed. If it's not, send a 404 error.
if (sizeof($attachment_mime_types) > 0 && !in_array($attachment_details['mimetype'], $attachment_mime_types)) {
html_draw_error(gettext('Attachment type is not permitted.'));
}
// Use the filename quite a few times, so assign it to a variable to save some time.
$file_name = rawurldecode(basename($attachment_details['filename']));
// Check the filepath is set and exists.
if (!isset($file_path) || !@file_exists($file_path)) {
header_status('404', 'File Not Found');
exit;
}
// Turn off all output buffers
while (@ob_end_clean()) {
}
// Filesize for Content-Length header.
$file_size = filesize($file_path);
// Last Modified Header for cache control
cache_check_last_modified(filemtime($file_path), md5_file($file_path));
// Send remaining headers for length and filename.
header("Content-length: {$file_size}");
header("Content-type: {$attachment_details['mimetype']}");
header("Content-disposition: inline; filename=\"{$file_name}\"");
// Output the file directly to the browser.
readfile($file_path);
function cache_check_request_throttle($amount)
{
if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') {
return false;
}
if (browser_check(BROWSER_AOL)) {
return false;
}
if (headers_sent()) {
return false;
}
$request = get_request_uri();
if (isset($_SESSION['THROTTLE'][$request]) && $_SESSION['THROTTLE'][$request] > time()) {
$throttle_timestamp = $_SESSION['THROTTLE'][$request];
} else {
$throttle_timestamp = time() + $amount;
}
$_SESSION['THROTTLE'][$request] = $throttle_timestamp;
$etag = md5($_SESSION['UID'] . $_SESSION['LOGON']);
return cache_check_last_modified($throttle_timestamp, $etag, time() + $amount);
}
if (isset($_SESSION['LEFT_FRAME_WIDTH']) && is_numeric($_SESSION['LEFT_FRAME_WIDTH'])) {
$left_frame_width = max(100, $_SESSION['LEFT_FRAME_WIDTH']);
} else {
$left_frame_width = 280;
}
// Get the attachment max file size (default: 2MB)
if (($attachment_size_limit = forum_get_setting('attachment_size_limit', 'is_numeric', false)) === false) {
$attachment_size_limit = convert_shorthand_filesize(ini_get('upload_max_filesize'));
}
// Construct the Javascript / JSON array
$json_data = array('webtag' => $webtag, 'uid' => $_SESSION['UID'], 'lang' => array('loadingdotdotdot' => gettext("Loading..."), 'imageresized' => gettext("This image has been resized (original size %dx%d). To view the full-size image click here."), 'deleteattachmentconfirmation' => gettext("Are you sure you want to delete the selected attachments?"), 'deletemessagesconfirmation' => gettext("Are you sure you want to delete all of the selected messages?"), 'unquote' => gettext("Unquote"), 'quote' => gettext("Quote"), 'searchsuccessfullycompleted' => gettext("Search successfully completed."), 'confirmmarkasread' => gettext("Are you sure you want to mark the selected threads as read?"), 'waitdotdotdot' => gettext("Wait..."), 'more' => gettext("More"), 'pollquestion' => gettext("Poll Question"), 'deletequestion' => gettext("Delete question"), 'allowmultipleoptions' => gettext("Allow multiple options to be selected"), 'addnewoption' => gettext("Add new option"), 'deleteoption' => gettext("Delete option"), 'code' => gettext('Code'), 'retry' => gettext('Retry'), 'cancel' => gettext('Cancel'), 'delete' => gettext('Delete'), 'upload' => gettext('Upload'), 'preferencesnotsaved' => gettext('Your preferences have not been saved')), 'font_size' => $font_size, 'user_style' => $user_style, 'emoticons' => $user_emoticons, 'top_frame' => html_get_top_page(), 'left_frame_width' => max(100, $left_frame_width), 'forum_path' => server_get_forum_path(), 'use_mover_spoiler' => isset($_SESSION['USE_MOVER_SPOILER']) && $_SESSION['USE_MOVER_SPOILER'] == 'Y' ? 'Y' : 'N', 'show_share_links' => isset($_SESSION['SHOW_SHARE_LINKS']) && $_SESSION['SHOW_SHARE_LINKS'] == 'Y' ? 'Y' : 'N', 'auto_scroll_messages' => isset($_SESSION['AUTO_SCROLL_MESSAGES']) && $_SESSION['AUTO_SCROLL_MESSAGES'] == 'Y' ? 'Y' : 'N', 'attachment_size_limit' => $attachment_size_limit, 'frames' => array('index' => html_get_frame_name('index'), 'admin' => html_get_frame_name('admin'), 'start' => html_get_frame_name('start'), 'discussion' => html_get_frame_name('discussion'), 'user' => html_get_frame_name('user'), 'pm' => html_get_frame_name('pm'), 'main' => html_get_frame_name('main'), 'ftop' => html_get_frame_name('ftop'), 'fnav' => html_get_frame_name('fnav'), 'left' => html_get_frame_name('left'), 'right' => html_get_frame_name('right'), 'pm_folders' => html_get_frame_name('pm_folders'), 'pm_messages' => html_get_frame_name('pm_messages')));
// Decide on the correct Content-Type and encoding
// of the content. This allows Beehive to reload the
// JSON data via the same script, either for use
// in a <script> tag or via AJAX.
if (isset($_GET['json'])) {
$content_type = 'application/json';
$content = json_encode($json_data);
} else {
$content_type = 'text/javascript';
$content = sprintf('top.window.beehive = $.extend({}, top.window.beehive, %s);
$(document).ready(function() {
$(top.window.beehive).trigger("init");
});', json_encode($json_data));
}
// Send correct Content-Type header
header(sprintf('Content-type: %s; charset=UTF-8', $content_type), true);
// Check the cache of the file.
cache_check_last_modified(time(), md5($_SESSION['UID'] . $_SESSION['LOGON'] . $content));
// Output the content
echo $content;