/** * The main dispatcher. * This delegates to each area. */ function elk_main() { global $modSettings, $user_info, $topic, $board_info, $context; // Special case: session keep-alive, output a transparent pixel. if (isset($_GET['action']) && $_GET['action'] == 'keepalive') { header('Content-Type: image/gif'); die("GIF89a€!ù,D;"); } // We should set our security headers now. frameOptionsHeader(); securityOptionsHeader(); // Load the user's cookie (or set as guest) and load their settings. loadUserSettings(); // Load the current board's information. loadBoard(); // Load the current user's permissions. loadPermissions(); // Load BadBehavior before we go much further loadBadBehavior(); // Attachments don't require the entire theme to be loaded. if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'dlattach' && (!empty($modSettings['allow_guestAccess']) && $user_info['is_guest'])) { detectBrowser(); } else { loadTheme(); } // Check if the user should be disallowed access. is_not_banned(); // If we are in a topic and don't have permission to approve it then duck out now. if (!empty($topic) && empty($board_info['cur_topic_approved']) && !allowedTo('approve_posts') && ($user_info['id'] != $board_info['cur_topic_starter'] || $user_info['is_guest'])) { fatal_lang_error('not_a_topic', false); } $no_stat_actions = array('dlattach', 'findmember', 'jsoption', 'requestmembers', 'jslocale', 'xmlpreview', 'suggest', '.xml', 'xmlhttp', 'verificationcode', 'viewquery', 'viewadminfile'); call_integration_hook('integrate_pre_log_stats', array(&$no_stat_actions)); // Do some logging, unless this is an attachment, avatar, toggle of editor buttons, theme option, XML feed etc. if (empty($_REQUEST['action']) || !in_array($_REQUEST['action'], $no_stat_actions)) { // I see you! writeLog(); // Track forum statistics and hits...? if (!empty($modSettings['hitStats'])) { trackStats(array('hits' => '+')); } } unset($no_stat_actions); // What shall we do? require_once SOURCEDIR . '/SiteDispatcher.class.php'; $dispatcher = new Site_Dispatcher(); // Show where we came from, and go $context['site_action'] = $dispatcher->site_action(); $context['site_action'] = !empty($context['site_action']) ? $context['site_action'] : (isset($_REQUEST['action']) ? $_REQUEST['action'] : ''); $dispatcher->dispatch(); }
$_SESSION['session_var'] = substr(md5(mt_rand() . session_id() . mt_rand()), 0, rand(7, 12)); $_SESSION['session_value'] = md5(session_id() . mt_rand()); } $sc = $_SESSION['session_value']; } // Get rid of $board and $topic... do stuff loadBoard would do. unset($board, $topic); $user_info['is_mod'] = false; $context['user']['is_mod'] =& $user_info['is_mod']; $context['linktree'] = array(); // Load the user and their cookie, as well as their settings. loadUserSettings(); // Load the current user's permissions.... loadPermissions(); // Load BadBehavior functions loadBadBehavior(); // Load the current or SSI theme. (just use $ssi_theme = id_theme;) loadTheme(isset($ssi_theme) ? (int) $ssi_theme : 0); // @todo: probably not the best place, but somewhere it should be set... if (!headers_sent()) { header('Content-Type: text/html; charset=UTF-8'); } // Take care of any banning that needs to be done. if (isset($_REQUEST['ssi_ban']) || isset($ssi_ban) && $ssi_ban === true) { is_not_banned(); } // Do we allow guests in here? if (empty($ssi_guest_access) && empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && basename($_SERVER['PHP_SELF']) != 'SSI.php') { require_once CONTROLLERDIR . '/Auth.controller.php'; $controller = new Auth_Controller(); $controller->action_kickguest();