$vbulletin->input->clean_array_gpc('p', array('vb_login_username' => TYPE_STR, 'vb_login_password' => TYPE_STR, 'vb_login_md5password' => TYPE_STR, 'vb_login_md5password_utf' => TYPE_STR, 'postvars' => TYPE_BINARY, 'cookieuser' => TYPE_BOOL, 'logintype' => TYPE_STR, 'cssprefs' => TYPE_STR));
// can the user login?
$strikes = verify_strike_status($vbulletin->GPC['vb_login_username']);
if ($vbulletin->GPC['vb_login_username'] == '') {
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
}
// make sure our user info stays as whoever we were (for example, we might be logged in via cookies already)
$original_userinfo = $vbulletin->userinfo;
if (!verify_authentication($vbulletin->GPC['vb_login_username'], $vbulletin->GPC['vb_login_password'], $vbulletin->GPC['vb_login_md5password'], $vbulletin->GPC['vb_login_md5password_utf'], $vbulletin->GPC['cookieuser'], true)) {
($hook = vBulletinHook::fetch_hook('login_failure')) ? eval($hook) : false;
// check password
exec_strike_user($vbulletin->userinfo['username']);
if ($vbulletin->GPC['logintype'] === 'cplogin' or $vbulletin->GPC['logintype'] === 'modcplogin') {
// log this error if attempting to access the control panel
require_once DIR . '/includes/functions_log_error.php';
log_vbulletin_error($vbulletin->GPC['vb_login_username'], 'security');
}
$vbulletin->userinfo = $original_userinfo;
if ($vbulletin->options['usestrikesystem']) {
eval(standard_error(fetch_error('badlogin_strikes', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'], $strikes)));
} else {
eval(standard_error(fetch_error('badlogin', $vbulletin->options['bburl'], $vbulletin->session->vars['sessionurl'])));
}
}
exec_unstrike_user($vbulletin->GPC['vb_login_username']);
// create new session
process_new_login($vbulletin->GPC['logintype'], $vbulletin->GPC['cookieuser'], $vbulletin->GPC['cssprefs']);
// do redirect
do_login_redirect();
} else {
if ($_GET['do'] == 'login') {
/**
* Halts execution of the entire system and displays an error message
*
* @param string Text of the error message. Leave blank to use $this->sql as error text.
*
* @return integer
*/
function halt($errortext = '')
{
global $vbulletin;
if ($this->connection_recent) {
$this->error = $this->error($this->connection_recent);
$this->errno = $this->errno($this->connection_recent);
}
if ($this->reporterror) {
if ($errortext == '') {
$this->sql = "Invalid SQL:\r\n" . chop($this->sql) . ';';
$errortext =& $this->sql;
}
if (!headers_sent()) {
if (SAPI_NAME == 'cgi' or SAPI_NAME == 'cgi-fcgi') {
header('Status: 503 Service Unavailable');
} else {
header('HTTP/1.1 503 Service Unavailable');
}
}
$vboptions =& $vbulletin->options;
$technicalemail =& $vbulletin->config['Database']['technicalemail'];
$bbuserinfo =& $vbulletin->userinfo;
$requestdate = date('l, F jS Y @ h:i:s A', TIMENOW);
$date = date('l, F jS Y @ h:i:s A');
$scriptpath = str_replace('&', '&', $vbulletin->scriptpath);
$referer = REFERRER;
$ipaddress = IPADDRESS;
$classname = get_class($this);
if ($this->connection_recent) {
$this->hide_errors();
list($mysqlversion) = $this->query_first("SELECT VERSION() AS version", DBARRAY_NUM);
$this->show_errors();
}
$display_db_error = (VB_AREA == 'Upgrade' or VB_AREA == 'Install' or $vbulletin->userinfo['usergroupid'] == 6 or $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions);
// Hide the MySQL Version if its going in the source
if (!$display_db_error) {
$mysqlversion = '';
}
eval('$message = "' . str_replace('"', '\\"', file_get_contents(DIR . '/includes/database_error_message.html')) . '";');
require_once DIR . '/includes/functions_log_error.php';
if (function_exists('log_vbulletin_error')) {
log_vbulletin_error($message, 'database');
}
if ($technicalemail != '' and !$vbulletin->options['disableerroremail'] and verify_email_vbulletin_error($this->errno, 'database')) {
// If vBulletinHook is defined then we know that options are loaded, so we can then use vbmail
if (class_exists('vBulletinHook')) {
@vbmail($technicalemail, $this->appshortname . ' Database Error!', $message, true, $technicalemail);
} else {
@mail($technicalemail, $this->appshortname . ' Database Error!', preg_replace("#(\r\n|\r|\n)#s", @ini_get('sendmail_path') === '' ? "\r\n" : "\n", $message), "From: {$technicalemail}");
}
}
if ($display_db_error) {
// display error message on screen
$message = '<form><textarea rows="15" cols="70" wrap="off" id="message">' . htmlspecialchars_uni($message) . '</textarea></form>';
} else {
// display hidden error message
$message = "\r\n<!--\r\n" . htmlspecialchars_uni($message) . "\r\n-->\r\n";
}
if ($vbulletin->options['bburl']) {
$imagepath = $vbulletin->options['bburl'];
} else {
// this might not work with too many slashes in the archive
$imagepath = VB_AREA == 'Forum' ? '.' : '..';
}
eval('$message = "' . str_replace('"', '\\"', file_get_contents(DIR . '/includes/database_error_page.html')) . '";');
// This is needed so IE doesn't show the pretty error messages
$message .= str_repeat(' ', 512);
die($message);
} else {
if (!empty($errortext)) {
$this->error = $errortext;
}
}
}
/**
* Loops through local $_template_injections and applies them
*
*/
public function do_template_injections()
{
if (sizeof($this->_template_injections)) {
$checked = "checked=\"checked\"";
$marked = 0;
if ($this->fetch_disabled_flag()) {
$checked = "";
$marked = 1;
}
foreach ($this->_template_injections as $value) {
if ($value['type'] == 'cache' || !$value['type']) {
$before_patch = $this->_registry->templatecache[$value['name']];
$this->_registry->templatecache["{$value['name']}"] = $result = str_replace($value['search'], sprintf($value['replace'], $marked, $checked), $this->_registry->templatecache["{$value['name']}"]);
if ($before_patch == $this->_registry->templatecache[$value['name']]) {
$err_message = sprintf("Product '%s', error in hook %s : can't modify template '%s'", 'AME', 'parse_templates', $value['name']);
error_log($err_message);
// Send to PHP error log
if ($this->_registry->debug) {
trigger_error($err_message, E_USER_WARNING);
// Display on page
require_once DIR . '/includes/functions_log_error.php';
log_vbulletin_error($err_message, 'php');
// Send to vB error log
}
unset($err_message, $before_patch);
}
}
}
}
}
/**
* Login a user
*
* @param string $username
* @param string $password
* @param string $md5password
* @param string $md5passwordutf
* @param string $logintype
*
* @return array
* 'userid' => int the id of the vbulletin user logged in
* 'password' => string "remeber me token". A value that can be used to create a new
* session without the user explicitly logging in
* 'lastvisit'
* 'lastactivity'
* 'sessionhash' => the session value used to authenticate the user on subsequent page loads
* 'cpsessionhash' => value needed to access the admincp. Defines being logged in "as an admin"
*/
public function login($username, $password = null, $md5password = null, $md5passwordutf = null, $logintype = null)
{
$username = vB_String::htmlSpecialCharsUni($username);
// require_once(DIR . '/includes/functions_login.php');
$vboptions = vB::getDatastore()->getValue('options');
if (!$username) {
throw new vB_Exception_Api('badlogin', vB5_Route::buildUrl('lostpw'));
}
$strikes = vB_User::verifyStrikeStatus($username);
if ($strikes === false) {
// todo: check for missing args
throw new vB_Exception_Api('strikes', vB5_Route::buildUrl('lostpw'));
}
$auth = vB_User::verifyAuthentication($username, $password, $md5password, $md5passwordutf);
if (!$auth) {
// check password
vB_User::execStrikeUser($username);
if ($logintype === 'cplogin') {
// log this error if attempting to access the control panel
require_once DIR . '/includes/functions_log_error.php';
log_vbulletin_error($username, 'security');
}
// TODO: we need to add missing parameters for 'forgot password'
if ($vboptions['usestrikesystem']) {
throw new vB_Exception_Api('badlogin_strikes_passthru', array(vB5_Route::buildUrl('lostpw'), $strikes + 1));
} else {
throw new vB_Exception_Api('badlogin_passthru', array(vB5_Route::buildUrl('lostpw'), $strikes + 1));
}
}
vB_User::execUnstrikeUser($username);
// create new session
$res = vB_User::processNewLogin($auth, $logintype);
return $res;
}
/**
* Halts execution of the entire system and displays an error message
*
* @param string Text of the error message. Leave blank to use $this->sql as error text.
*
* @return integer
*/
function halt($errortext = '')
{
static $called = false;
/* if ($this->inTransaction)
{
$this->rollbackTransaction();
}
*/
if ($called) {
if (!empty($errortext)) {
$this->error = $errortext;
}
return $this->error;
} else {
$called = true;
}
if ($this->connection_recent) {
$this->error = $this->error($this->connection_recent);
$this->errno = $this->errno($this->connection_recent);
}
if ($this->errno == -1) {
throw new exception('no_vb5_database');
}
if ($this->reporterror) {
if ($errortext == '') {
$this->sql = "Invalid SQL:\r\n" . chop($this->sql) . ';';
$errortext =& $this->sql;
if (strlen($errortext) > 2048) {
$truncated_errortext = "\r\n[Showing truncated query, original length: " . strlen($this->sql) . "]\r\n[First 500 chars]\r\n" . substr($errortext, 0, 500) . "\r\n[Last 500 chars]\r\n" . substr($errortext, -500);
$errortext = $truncated_errortext;
unset($truncated_errortext);
}
}
$session = vB::getCurrentSession();
if ($session) {
$userinfo = $session->fetch_userinfo();
}
//TODO -- need to clean up VB_AREA stuff
if (defined('VB_AREA') and (VB_AREA == 'Upgrade' or VB_AREA == 'Install')) {
$display_db_error = true;
} else {
$userContext = vB::getUserContext();
$display_db_error = $userContext ? $userContext->isAdministrator() : false;
}
// Hide the MySQL Version if its going in the source
if (!$display_db_error) {
$mysqlversion = '';
} else {
if ($this->connection_recent) {
$this->hide_errors();
list($mysqlversion) = $this->query_first("SELECT VERSION() AS version", self::DBARRAY_NUM);
$this->show_errors();
}
}
$vb5_config = vB::getConfig();
$request = vB::getRequest();
if ($request) {
$timeNow = $request->getTimeNow();
$scriptpath = 'unknown';
$ipAddress = 'unknown';
$scriptpath = $request->getScriptPath();
$ipAddress = $request->getIpAddress();
$referer = $request->getReferrer();
} else {
$timeNow = time();
$scriptpath = '';
$ipAddress = '';
$referer = '';
}
$vboptions = vB::getDatastore()->getValue('options');
$technicalemail =& $vb5_config['Database']['technicalemail'];
$data = array();
$data['error'] = $this->error;
$data['errno'] = $this->errno;
$data['requestdate'] = date('l, F jS Y @ h:i:s A', $timeNow);
$data['date'] = date('l, F jS Y @ h:i:s A');
$data['host'] = "";
//todo figure this out for non http requests
$data['scriptpath'] = str_replace('&', '&', $scriptpath);
$data['referer'] = $referer;
$data['ipaddress'] = $ipAddress;
$data['username'] = isset($userinfo['username']) ? $userinfo['username'] : "";
$data['classname'] = get_class($this);
$data['mysqlversion'] = $mysqlversion;
$data['technicalemail'] = $technicalemail;
$data['appname'] = $this->appname;
$data['templateversion'] = $vboptions['templateversion'];
if ($vb5_config['Misc']['debug']) {
$data['trace'] = debug_backtrace();
}
$dbexception = new vB_Exception_Database($errortext, $data);
//log message
require_once DIR . '/includes/functions_log_error.php';
if (function_exists('log_vbulletin_error')) {
log_vbulletin_error($dbexception->getMessage(), 'database');
}
if ($this->reporterror) {
throw $dbexception;
}
} else {
if (!empty($errortext)) {
$this->error = $errortext;
}
}
}
/**
* Halts execution of the entire system and displays an error message
*
* @param string Text of the error message. Leave blank to use $this->sql as error text.
*
* @return integer
*/
function halt($errortext = '')
{
global $vbulletin;
if ($this->connection_recent) {
$this->error = $this->error($this->connection_recent);
$this->errno = $this->errno($this->connection_recent);
}
if ($this->reporterror) {
if ($errortext == '') {
$this->sql = "Invalid SQL:\r\n" . chop($this->sql) . ';';
$errortext =& $this->sql;
}
// Try and stop e-mail flooding.
if (!$vbulletin->options['disableerroremail']) {
if (!$vbulletin->options['safeupload']) {
$tempdir = ini_get('upload_tmp_dir');
} else {
$tempdir = $vbulletin->options['tmppath'] . '/';
}
$unique = md5(COOKIE_SALT);
$tempfile = $tempdir . "zdberr{$unique}.dat";
/* If its less than a minute since the last e-mail
and the error code is the same as last time, disable e-mail */
if ($data = @file_get_contents($tempfile)) {
$errc = intval(substr($data, 10));
$time = intval(substr($data, 0, 10));
if ($time and TIMENOW - $time < 60 and intval($this->errno) == $errc) {
$vbulletin->options['disableerroremail'] = true;
} else {
$data = TIMENOW . intval($this->errno);
@file_put_contents($tempfile, $data);
}
} else {
$data = TIMENOW . intval($this->errno);
@file_put_contents($tempfile, $data);
}
}
$vboptions =& $vbulletin->options;
$technicalemail =& $vbulletin->config['Database']['technicalemail'];
$bbuserinfo =& $vbulletin->userinfo;
$requestdate = date('l, F jS Y @ h:i:s A', TIMENOW);
$date = date('l, F jS Y @ h:i:s A');
$scriptpath = str_replace('&', '&', $vbulletin->scriptpath);
$referer = REFERRER;
$ipaddress = IPADDRESS;
$classname = get_class($this);
if ($this->connection_recent) {
$this->hide_errors();
list($mysqlversion) = $this->query_first("SELECT VERSION() AS version", DBARRAY_NUM);
$this->show_errors();
}
$display_db_error = (VB_AREA == 'Upgrade' or VB_AREA == 'Install' or $vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions['cancontrolpanel']);
// Hide the MySQL Version if its going in the source
if (!$display_db_error) {
$mysqlversion = '';
}
eval('$message = "' . str_replace('"', '\\"', file_get_contents(DIR . '/includes/database_error_message.html')) . '";');
// add a backtrace to the message
if ($vbulletin->debug) {
$trace = debug_backtrace();
$trace_output = "\n";
foreach ($trace as $index => $trace_item) {
$param = in_array($trace_item['function'], array('require', 'require_once', 'include', 'include_once')) ? $trace_item['args'][0] : '';
// remove path
$param = str_replace(DIR, '[path]', $param);
$trace_item['file'] = str_replace(DIR, '[path]', $trace_item['file']);
$trace_output .= "#{$index} {$trace_item['class']}{$trace_item['type']}{$trace_item['function']}({$param}) called in {$trace_item['file']} on line {$trace_item['line']}\n";
}
$message .= "\n\nStack Trace:\n{$trace_output}\n";
}
require_once DIR . '/includes/functions_log_error.php';
if (function_exists('log_vbulletin_error')) {
log_vbulletin_error($message, 'database');
}
if ($technicalemail != '' and !$vbulletin->options['disableerroremail'] and verify_email_vbulletin_error($this->errno, 'database')) {
// If vBulletinHook is defined then we know that options are loaded, so we can then use vbmail
if (class_exists('vBulletinHook', false)) {
@vbmail($technicalemail, $this->appshortname . ' Database Error!', $message, true, $technicalemail);
} else {
@mail($technicalemail, $this->appshortname . ' Database Error!', preg_replace("#(\r\n|\r|\n)#s", @ini_get('sendmail_path') === '' ? "\r\n" : "\n", $message), "From: {$technicalemail}");
}
}
if (defined('STDIN')) {
echo $message;
exit;
}
// send ajax reponse after sending error email
if ($vbulletin->GPC['ajax']) {
require_once DIR . '/includes/class_xml.php';
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$error = '<p>Database Error</p>';
if ($vbulletin->debug or VB_AREA == 'Upgrade') {
$error .= "\r\n\r\n{$errortext}";
$error .= "\r\n\r\n{$this->error}";
}
eval('$ajaxmessage = "' . str_replace('"', '\\"', file_get_contents(DIR . '/includes/database_error_message_ajax.html')) . '";');
$xml->add_group('errors');
$xml->add_tag('error', $error);
$xml->add_tag('error_html', $ajaxmessage);
$xml->close_group('errors');
$xml->print_xml();
}
if (!headers_sent()) {
if (SAPI_NAME == 'cgi' or SAPI_NAME == 'cgi-fcgi') {
header('Status: 503 Service Unavailable');
} else {
header($_SERVER['SERVER_PROTOCOL'] . ' 503 Service Unavailable');
}
}
if ($display_db_error) {
// display error message on screen
$message = '<form><textarea rows="15" cols="70" wrap="off" id="message">' . htmlspecialchars_uni($message) . '</textarea></form>';
} else {
if ($vbulletin->debug) {
// display hidden error message
$message = "\r\n<!--\r\n" . htmlspecialchars_uni($message) . "\r\n-->\r\n";
} else {
$message = '';
}
}
if ($vbulletin->options['bburl']) {
$imagepath = $vbulletin->options['bburl'];
} else {
// this might not work with too many slashes in the archive
$imagepath = VB_AREA == 'Forum' ? '.' : '..';
}
eval('$message = "' . str_replace('"', '\\"', file_get_contents(DIR . '/includes/database_error_page.html')) . '";');
// This is needed so IE doesn't show the pretty error messages
$message .= str_repeat(' ', 512);
die($message);
} else {
if (!empty($errortext)) {
$this->error = $errortext;
}
}
}
/**
* Halts execution of the entire system and displays an error message
*
* @param string Text of the error message. Leave blank to use $this->sql as error text.
*
* @return integer
*/
function halt($errortext = '')
{
global $vbulletin;
if ($this->connection_recent)
{
$this->error = $this->error($this->connection_recent);
$this->errno = $this->errno($this->connection_recent);
}
if ($this->reporterror)
{
if ($errortext == '')
{
$this->sql = "Invalid SQL:\r\n" . chop($this->sql) . ';';
$errortext =& $this->sql;
}
$vboptions =& $vbulletin->options;
$technicalemail =& $vbulletin->config['Database']['technicalemail'];
$bbuserinfo =& $vbulletin->userinfo;
$requestdate = date('l, F jS Y @ h:i:s A', TIMENOW);
$date = date('l, F jS Y @ h:i:s A');
$scriptpath = str_replace('&', '&', $vbulletin->scriptpath);
$referer = REFERRER;
$ipaddress = IPADDRESS;
$classname = get_class($this);
if ($this->connection_recent)
{
$this->hide_errors();
list($mysqlversion) = $this->query_first("SELECT VERSION() AS version", DBARRAY_NUM);
$this->show_errors();
}
$display_db_error = (VB_AREA == 'Upgrade' OR VB_AREA == 'Install' OR $vbulletin->userinfo['usergroupid'] == 6 OR ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions));
// Hide the MySQL Version if its going in the source
if (!$display_db_error)
{
$mysqlversion = '';
}
eval('$message = "' . str_replace('"', '\"', file_get_contents(DIR . '/includes/database_error_message.html')) . '";');
// add a backtrace to the message
if ($vbulletin->debug)
{
$trace = debug_backtrace();
$trace_output = "\n";
foreach ($trace AS $index => $trace_item)
{
$param = (in_array($trace_item['function'], array('require', 'require_once', 'include', 'include_once')) ? $trace_item['args'][0] : '');
// remove path
$param = str_replace(DIR, '[path]', $param);
$trace_item['file'] = str_replace(DIR, '[path]', $trace_item['file']);
$trace_output .= "#$index $trace_item[class]$trace_item[type]$trace_item[function]($param) called in $trace_item[file] on line $trace_item[line]\n";
}
$message .= "\n\nStack Trace:\n$trace_output\n";
}
require_once(DIR . '/includes/functions_log_error.php');
if (function_exists('log_vbulletin_error'))
{
log_vbulletin_error($message, 'database');
}
if ($technicalemail != '' AND !$vbulletin->options['disableerroremail'] AND verify_email_vbulletin_error($this->errno, 'database'))
{
// If vBulletinHook is defined then we know that options are loaded, so we can then use vbmail
if (class_exists('vBulletinHook', false))
{
@vbmail($technicalemail, $this->appshortname . ' Database Error!', $message, true, $technicalemail);
}
else
{
@mail($technicalemail, $this->appshortname . ' Database Error!', preg_replace("#(\r\n|\r|\n)#s", (@ini_get('sendmail_path') === '') ? "\r\n" : "\n", $message), "From: $technicalemail");
}
}
// send ajax reponse after sending error email
if ($vbulletin->GPC['ajax'])
{
require_once(DIR . '/includes/class_xml.php');
$xml = new vB_AJAX_XML_Builder($vbulletin, 'text/xml');
$error = 'Database Error';
if ($vbulletin->debug)
{
$error .= "\n";
$error .= $this->sql;
$error .= "\n";
$error .= $error_text;
}
$xml->add_tag('error', $error);
$xml->print_xml();
}
if (!headers_sent())
{
if (SAPI_NAME == 'cgi' OR SAPI_NAME == 'cgi-fcgi')
{
header('Status: 503 Service Unavailable');
}
else
{
header('HTTP/1.1 503 Service Unavailable');
}
}
if ($display_db_error)
{
// display error message on screen
$message = '<form><textarea rows="15" cols="70" wrap="off" id="message">' . htmlspecialchars_uni($message) . '</textarea></form>';
}
else
{
// display hidden error message
$message = "\r\n<!--\r\n" . htmlspecialchars_uni($message) . "\r\n-->\r\n";
}
if ($vbulletin->options['bburl'])
{
$imagepath = $vbulletin->options['bburl'];
}
else
{
// this might not work with too many slashes in the archive
$imagepath = (VB_AREA == 'Forum' ? '.' : '..');
}
eval('$message = "' . str_replace('"', '\"', file_get_contents(DIR . '/includes/database_error_page.html')) . '";');
// This is needed so IE doesn't show the pretty error messages
$message .= str_repeat(' ', 512);
die($message);
}
else if (!empty($errortext))
{
$this->error = $errortext;
}
}
public static function log_errors($message)
{
error_log($err_message);
// Send to PHP error log
require_once DIR . '/includes/functions_log_error.php';
log_vbulletin_error($message, 'php');
// Send to vB error log
}
public static function handleError($errno, $errstr, $errfile, $errline)
{
//we should honor the error reporting settings (which the error handler
//system does *not* do by default -- we get everything here. We return
//false so that the default error handler triggers. It won't display
//anything either, but it will correctly exit so we don't need to figure
//out if we have to.
//php changed the way dispay_errors is reported in version 5.2. We probably don't
//have to care about the old way, but this covers all of the bases.
$display_errors = in_array(strtolower(ini_get('display_errors')), array('on', '1'));
if (!(error_reporting() & $errno) or !$display_errors) {
return false;
}
//Note that not all of these error codes are trappable and therefore
//many cannot actually occur here. They are listed for completeness
//and possible future proofing if that changes.
$label = "";
$fatal = false;
switch ($errno) {
case E_STRICT:
$label = "Strict standards";
break;
case E_DEPRECATED:
case E_USER_DEPRECATED:
$label = "Notice";
break;
case E_WARNING:
case E_CORE_WARNING:
case E_USER_WARNING:
case E_COMPILE_WARNING:
$label = "Warning";
break;
case E_NOTICE:
case E_USER_NOTICE:
$label = "Notice";
break;
case E_ERROR:
case E_PARSE:
case E_CORE_ERROR:
case E_COMPILE_ERROR:
case E_USER_ERROR:
case E_RECOVERABLE_ERROR:
$label = "Fatal error";
$fatal = true;
break;
//if we don't know what the error type is, php added it after 5.6
//we'll punt to the system error handler because we simply don't know
//what we are dealing with. This risks leaking the path on files, but
//that's not as bad as exiting on a warning or not exiting on a fatal error
//if we don't know what the error type is, php added it after 5.6
//we'll punt to the system error handler because we simply don't know
//what we are dealing with. This risks leaking the path on files, but
//that's not as bad as exiting on a warning or not exiting on a fatal error
default:
return false;
break;
}
if (!defined('DIR')) {
//if we don't have DIR defined yet, let's show the error and live
//with the potential path exposure. Things are really borked.
$safe_errfile = $errfile;
$safe_errstr = $errstr;
} else {
//make the output safe for public consumption
$safe_errfile = str_replace(DIR, '...', $errfile);
$safe_errstr = str_replace(DIR, '...', $errstr);
}
$safe_message = "{$label}: {$safe_errstr} in {$safe_errfile} on line {$errline}\n";
$message = "{$label}: {$errstr} in {$errfile} on line {$errline}";
//echo the error
echo $safe_message;
//try to mimic the logging behavior of the default function
if (ini_get('log_errors')) {
error_log($message);
}
if ($fatal) {
//log the error
if (defined('DIR')) {
require_once DIR . '/includes/functions_log_error.php';
log_vbulletin_error($message, 'php');
}
$usercontext = vB::getUserContext();
if (function_exists('debug_print_backtrace') and $usercontext and $usercontext->isAdministrator()) {
// This is needed so IE doesn't show the pretty error messages
echo str_repeat(' ', 512);
echo vB_Utilities::getStackTrace();
}
//return a 500 error
if (!headers_sent()) {
if (PHP_SAPI == 'cgi' or PHP_SAPI == 'cgi-fcgi') {
header('Status: 500 Internal Server Error');
} else {
header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error');
}
}
exit;
}
//we've got this -- no need to bother the default handler
return true;
}
