<?php
define('ROOT', dirname(__FILE__));
if (!isset($con)) {
require ROOT . '/config.php';
}
if (!isset($titles)) {
require ROOT . '/lang/' . $language . '.php';
}
if (!function_exists('getSetting')) {
require ROOT . '/includes/functions.php';
}
@session_set_cookie_params(0, '/', getCurrentDomain());
@session_start();
// Log the user out
logout();
function allowedLevels($levels)
{
global $con;
global $script_path;
$uid = mysqli_real_escape_string($con, $_SESSION['uid']);
$getuser = mysqli_query($con, "SELECT * FROM users WHERE id='{$uid}'");
$gu = mysqli_fetch_array($getuser);
$permid = $gu['permission'];
$gperm = mysqli_query($con, "SELECT * FROM permissions WHERE id='{$permid}'");
$gp = mysqli_fetch_array($gperm);
$level = explode(",", $levels);
// Separate the levels from the commas
$found = 0;
// Check if the level of the user is one of the specified levels
foreach ($level as $l) {
$l = trim($l);
if ($l == $gp['level']) {
$found++;
// Count 1 to $found if the levels match
}
}
// If user does not have one of the specified levels, he will be redirected to a no permission link
if ($found == 0) {
if (getSetting("use_redirect_nopermission", "text") == "true") {
header('Location: ' . getSetting("redirect_nopermission", "text"));
} else {
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != "off") {
header('Location: https://www.' . getCurrentDomain() . $script_path . 'profile.php?m=1');
} else {
header('Location: http://www.' . getCurrentDomain() . $script_path . 'profile.php?m=1');
}
}
exit;
}
}
// Check if remember last page is enabled
$last_url = $_COOKIE['last_url'];
setcookie("last_url", "", time() - 3600);
unset($_COOKIE['last_url']);
// Delete last URL cookie to avoid infinite redirections if the user is not allowed to visit the URL
echo "link|||" . $last_url;
} elseif (!empty($gp['on_login'])) {
// Check if the user's permission has a logged in redirect URL
echo "link|||" . $gp['on_login'];
} elseif (getSetting("use_redirect_login", "text") == "true") {
// Check if on login redirect is enabled
if (getSetting("use_redirect_login", "text") != "") {
// Extra check if the URL is filled in
echo "link|||" . getSetting("redirect_login", "text");
} else {
echo "link|||http://www." . getCurrentDomain();
}
} else {
if (getSetting("message_login", "text") != "") {
// Check if there is a custom message filled in, else display default message
echo "text|||<h5 class='text-center green'>" . nl2br(getSetting("message_login", "text")) . "</h5>";
} else {
echo "text|||<h5 class='text-center green'>" . $m['successful_login'] . "</h5>";
}
}
// Check if log successful logins is enabled, if so, log this login try
if (getSetting("log_successful_logins", "text") == "true") {
addLog("1", $_SERVER['REMOTE_ADDR'], $uid, $loginname, "website");
}
}
}
// Initialize Facebook
$returnurl = "http://www." . getCurrentDomain() . $script_path . "social.php?return=facebook";
// Create callback URL
$params = array("redirect_uri" => $returnurl, "scope" => "public_profile, email");
header('Location: ' . $facebook->getLoginUrl($params));
// Request login URL and redirect to it
}
// Check if login method is twitter
if ($_GET['login'] == "twitter" && getSetting("enable_twitter", "text") == "true") {
unset($_SESSION['oauth_token']);
// Remove old oauth_token session, just to make sure it won't use them
unset($_SESSION['oauth_token_secret']);
// Same
$twitter = twitter();
// Initialize Twitter
$callback = "http://www." . getCurrentDomain() . $script_path . "social.php?return=twitter";
// Create callback URL
$request_token = $twitter->oauth('oauth/request_token', array('oauth_callback' => $callback));
// Request request token
$_SESSION['oauth_token'] = $request_token['oauth_token'];
// Save oauth_token in session, for callback
$_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];
// Same
try {
$url = $twitter->url('oauth/authenticate', array('oauth_token' => $request_token['oauth_token']));
// Request login URL
header('Location: ' . $url);
// Redirect to login URL
} catch (Abraham\TwitterOAuth\TwitterOAuthException $e) {
// Something went wrong
?>
$stop['lang'] = microtime(true);
// Check if install.php still exists
if (file_exists('./install.php') && $config->get('core', 'debug') == 0) {
$notify->add('Critical Error', $lang->get('install_php_error'));
}
// Force disable magic quotes if required
if ($config->get('core', 'disable-magic-quotes') == '1') {
disable_magic_quotes();
}
// Module Engine
$start['initialize::mod'] = microtime(true);
include './core/mod.core.php';
$mod = new Mod();
$stop['initialize::mod'] = microtime(true);
// +++++++++++ Domains +++++++++++++ //
$domain = getCurrentDomain();
@($d_id = (int) $domain['domainid']);
if (@$d_id > 0) {
$debug->add('core::domain', $domain['name'] . ' [ ' . $domain['domainid'] . ' ]');
$template = $domain['template'];
if ($domain['language'] != '') {
$current_language = $domain['language'];
$debug->add('core::domain', 'Domain forced language to ' . strtoupper($current_language));
}
} else {
$debug->add('core::domain', '[ NONE ]');
}
// Finally, set language after all checks have been made.
$lang->set($current_language, $mobile);
// +++++++++++ Check Login +++++++++++++ //
$start['login'] = microtime(true);
/**
* Set a cookie that expires in one year.
* @param $name Name of cookie
* @param $value Value of cookie
*/
function sendCookie($name, $value)
{
if (!headers_sent()) {
setcookie($name, $value, time() + 31104000, "/", "." . getCurrentDomain());
}
}
function getCurrentDomainIndex()
{
$domain = getCurrentDomain();
return (int) $domain['domainid'];
}
<?php
// Set Catmis version number
define("productName", "Catmis");
define("productLink", "http://code.google.com/p/catmis/");
define("version", "0.5");
define("databaseVersion", "3");
// Check whether to load extensions
if (!isset($noExtensions)) {
$noExtensions = false;
}
// Include utility functions
require_once "functions.php";
// Make sure session variables are set for main domain and all subdomains
session_set_cookie_params(3600, '/', "." . getCurrentDomain());
// Start session
session_start();
// Set default separator for PHP to avoid breaking XHTML standard
ini_set("arg_separator.output", "&");
// Include configuration
(int) @(include_once dirname(__FILE__) . "/config.php") or die("Configuration file can not be read. Check that the file 'include/config.php' exists.");
// Check if session is valid?
$checkSession = !isset($checkSession) ? true : $checkSession;
// Check if values in configuration file has been set
if (empty($scriptUrl) || empty($scriptPath) || empty($filePath) || empty($dbHost) || empty($dbName) || empty($dbUserId) || empty($dbPassword)) {
// Display welcome message
if (file_exists("install/welcome.php")) {
header("Location: install/welcome.php");
exit;
} else {
echo "Please go to the root directory of your " . productName . " installation.";
