/** * OcCLE entry script. */ function occle_script() { $cli = php_sapi_name() == 'cli' && empty($_SERVER['REMOTE_ADDR']); // Closed site if (!$cli) { $site_closed = get_option('site_closed'); if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) { header('Content-Type: text/plain'); @exit(get_option('closed')); } if (get_file_base() != get_custom_file_base()) { warn_exit(do_lang_tempcode('SHARED_INSTALL_PROHIBIT')); } if (!has_actual_page_access(get_member(), 'admin_occle')) { fatal_exit(do_lang_tempcode('ACCESS_DENIED__PAGE_ACCESS', escape_html($GLOBALS['FORUM_DRIVER']->get_username(get_member())))); } } // Check the action convert_data_encodings(true); $action = get_param('action', 'occle'); if ($action == 'message') { // We're receiving an OcCLEchat message $url = get_param('base_url') . '/data/occle.php?action=confirm&message=' . urlencode(get_param('message')); $return = http_download_file($url, NULL, false); if ($return == '1') { if (ocp_srv('HTTP_USER_AGENT') == 'ocPortal') { $GLOBALS['SITE_DB']->query_insert('occlechat', array('c_message' => get_param('message'), 'c_url' => get_param('base_url'), 'c_incoming' => 1, 'c_timestamp' => time())); echo '1'; } else { echo '0'; } } else { echo '0'; } } elseif ($action == 'confirm') { // We're confirming a received message if (ocp_srv('HTTP_USER_AGENT') == 'ocPortal') { $results = $GLOBALS['SITE_DB']->query_value_null_ok('occlechat', 'COUNT(*)', array('c_message' => get_param('message'), 'c_incoming' => false)); if (!is_null($results)) { echo '1'; } else { echo '0'; } } else { echo '0'; } } else { // Executing a command from the command-line $command = post_param('command', $cli ? NULL : false); if (is_null($command)) { require_code('comcode_from_html'); require_code('mail'); $stdin = @fopen('php://stdin', 'rt'); $stderr = @fopen('php://stderr', 'wt'); $stdout = @fopen('php://stdout', 'wt'); while (true) { fwrite($stdout, "\n> "); $command = fgets($stdin, 102400); if (trim($command) == 'exit') { break; } $temp = new virtual_bash(trim($command)); if (trim($temp->output[STREAM_STDHTML]) != '') { fwrite($stdout, trim(comcode_to_clean_text(semihtml_to_comcode(preg_replace('#<(\\w+) [^<>]*>#', '<${1}>', $temp->output[STREAM_STDHTML]))))); } if (trim($temp->output[STREAM_STDOUT]) != '') { fwrite($stdout, trim($temp->output[STREAM_STDOUT])); } if (trim($temp->output[STREAM_STDERR]) != '') { fwrite($stderr, trim($temp->output[STREAM_STDERR])); } } fclose($stdin); fclose($stderr); fclose($stdout); } else { $temp = new virtual_bash(trim($command)); $temp->output_xml(); } if (get_option('occle_chat_announce') == '1') { http_download_file('http://ocportal.com/data_custom/occle.php?title=' . urlencode(get_site_name()) . '&url=' . urlencode(get_custom_base_url()), NULL, false, true); } } }
/** * Standard code module initialisation function. */ function init__global2() { global $BOOTSTRAPPING, $CHECKING_SAFEMODE, $BAD_WORD_CHARS, $FIXED_WORD_CHARS, $FIXED_WORD_CHARS_HTML, $BROWSER_DECACHEING, $CHARSET, $TEMP_CHARSET, $RELATIVE_PATH, $CURRENTLY_HTTPS, $RUNNING_SCRIPT_CACHE, $SERVER_TIMEZONE, $HAS_SET_ERROR_HANDLER, $DYING_BADLY, $XSS_DETECT, $SITE_INFO, $JAVASCRIPTS, $JAVASCRIPT, $CSSS, $IN_MINIKERNEL_VERSION, $EXITING, $FILE_BASE, $MOBILE, $CACHE_TEMPLATES, $BASE_URL_HTTP, $BASE_URL_HTTPS, $WORDS_TO_FILTER, $FIELD_RESTRICTIONS, $VALID_ENCODING, $CONVERTED_ENCODING, $MICRO_BOOTUP, $MICRO_AJAX_BOOTUP, $QUERY_LOG, $_CREATED_FILES, $CURRENT_SHARE_USER, $CACHE_FIND_SCRIPT; if (str_replace(array('on', 'true', 'yes'), array('1', '1', '1'), strtolower(ini_get('output_buffering'))) == '1') { @ob_end_clean(); } if (array_key_exists('HTTP_X_REWRITE_URL', $_SERVER)) { foreach ($_GET as $key => $val) { if ($key[0] == '?') { unset($_GET[$key]); $_GET[substr($key, 1)] = $val; } } $_SERVER['REQUEST_URI'] = $_SERVER['HTTP_X_REWRITE_URL']; } elseif (!array_key_exists('REQUEST_URI', $_SERVER) && !array_key_exists('REQUEST_URI', $_ENV)) { $_SERVER['REQUEST_URI'] = $_SERVER['PHP_SELF']; $first = true; foreach ($_GET as $key => $val) { $_SERVER['REQUEST_URI'] .= $first ? '?' : '&'; $_SERVER['REQUEST_URI'] .= urlencode($key) . '=' . urlencode($val); $first = false; } } if (array_key_exists('SCRIPT_FILENAME', $_SERVER) && !array_key_exists('PHP_SELF', $_SERVER)) { $_SERVER['PHP_SELF'] = $_SERVER['SCRIPT_FILENAME']; } elseif (array_key_exists('SCRIPT_NAME', $_SERVER) && defined('HIPHOP_PHP')) { $_SERVER['PHP_SELF'] = $_SERVER['SCRIPT_NAME']; } @header('Expires: Mon, 20 Dec 1998 01:00:00 GMT'); @header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); @header('Cache-Control: no-cache, max-age=0'); @header('Pragma: no-cache'); // for proxies, and also IE if (is_file('closed.html') && get_param_integer('keep_force_open', 0) == 0) { if (strpos($_SERVER['PHP_SELF'], 'upgrader.php') === false && strpos($_SERVER['PHP_SELF'], 'execute_temp.php') === false && (!isset($SITE_INFO['no_extra_closed_file']) || $SITE_INFO['no_extra_closed_file'] == '0')) { if (@strpos($_SERVER['SERVER_SOFTWARE'], 'IIS') === false) { header('HTTP/1.0 503 Service Temporarily Unavailable'); } header('Location: ' . (is_file($RELATIVE_PATH . 'closed.html') ? 'closed.html' : '../closed.html')); exit; } } // Cover up holes in old PHP versions functionality if (!function_exists('str_word_count')) { /** * Isolate the words in the input string. * * @param string String to count words in * @param integer The format * @set 0 1 2 * @return mixed Typically a list - the words of the input string */ function str_word_count($input, $format = 0) { //count words $pattern = "/[^(\\w|\\d|\\'|\"|\\.|\\!|\\?|;|,|\\|\\/|\\-\\-|:|\\&|@)]+/"; $all_words = trim(preg_replace($pattern, ' ', $input)); $a = array(); $pos = 0; while (true) { $old_pos = $pos; $pos = strpos($all_words, ' ', $pos); if ($pos === false) { $a[$old_pos] = substr($all_words, $old_pos); break; } $a[$old_pos] = substr($all_words, $old_pos, $pos - $old_pos); } if ($format == 0) { return count($a); } return $a; } } if (!function_exists('html_entity_decode')) { /** * Decode the HTML entitity encoded input string. * * @param string The text to decode * @param integer The quote style code * @param ?string Character set to decode to (NULL: default) * @return string The decoded text */ function html_entity_decode($input, $quote_style, $charset = NULL) { unset($quote_style); unset($charset); /* // NB:   does not go to <space>. It's not something you use with html escaping, it's for hard-space-formatting. URL's don't contain spaces, but that's due to URL escaping (%20) $replace_array=array( '&'=>'&', '>'=>'>', '<'=>'<', '''=>'\'', '"'=>'"', ); foreach ($replace_array as $from=>$to) { $input=str_replace($from,$to,$input); } return $input;*/ $trans_tbl = get_html_translation_table(HTML_ENTITIES); $trans_tbl = array_flip($trans_tbl); return strtr($input, $trans_tbl); } } if (version_compare(phpversion(), '4.3.0') >= 0) { if (!function_exists('unichrm_hex')) { /** * Convert a unicode character number to a unicode string. Callback for preg_replace. * * @param array Regular expression match array. * @return ~string Converted data (false: could not convert). */ function unichrm_hex($matches) { return unichr(hexdec($matches[1])); } } if (!function_exists('unichrm')) { /** * Convert a unicode character number to a unicode string. Callback for preg_replace. * * @param array Regular expression match array. * @return ~string Converted data (false: could not convert). */ function unichrm($matches) { return unichr(intval($matches[1])); } } if (!function_exists('unichr')) { /** * Convert a unicode character number to a HTML-entity enabled string, using lower ASCII characters where possible. * * @param integer Character number. * @return ~string Converted data (false: could not convert). */ function unichr($c) { if ($c <= 0x7f) { return chr($c); } else { return '#&' . strval($c) . ';'; } } } } $BOOTSTRAPPING = 1; $CHECKING_SAFEMODE = false; $BAD_WORD_CHARS = array(chr(128), chr(130), chr(131), chr(132), chr(133), chr(134), chr(135), chr(136), chr(137), chr(138), chr(139), chr(140), chr(142), chr(145), chr(146), chr(147), chr(148), chr(149), chr(150), chr(151), chr(152), chr(153), chr(154), chr(155), chr(156), chr(158), chr(159)); $FIXED_WORD_CHARS = array('(EUR-)', ',', '{f.}', '"', '...', '-|-', '=|=', '^', '{%o}', '{~S}', '<', 'CE', '{~Z}', "'", "'", '"', '"', '-', '-', '--', '~', '(TM)', '{~s}', '>', 'ce', '{~z}', '{.Y.}'); // some of these are Comcode shortcuts. We can't use entities as we can't assume we're converting into Comcode. $FIXED_WORD_CHARS_HTML = array('€', '‚', 'ƒ', '„', '…', '†', '‡', 'ˆ', '‰', 'Š', '‹', 'Œ', 'Ž', "‘", "’", '“', '”', '•', '–', '—', '˜', '™', 'š', '›', 'œ', 'ž', 'Ÿ'); $RUNNING_SCRIPT_CACHE = array(); $BROWSER_DECACHEING = NULL; $CHARSET = NULL; $TEMP_CHARSET = NULL; $CURRENTLY_HTTPS = NULL; $CACHE_FIND_SCRIPT = array(); error_reporting(E_ALL); @ini_set('html_errors', '1'); @ini_set('docref_root', 'http://www.php.net/manual/en/'); @ini_set('docref_ext', '.php'); $SERVER_TIMEZONE = function_exists('date_default_timezone_get') ? @date_default_timezone_get() : ini_get('date.timezone'); @ini_set('date.timezone', 'UTC'); if (function_exists('date_default_timezone_set')) { date_default_timezone_set('UTC'); } // Needed for HPHP $HAS_SET_ERROR_HANDLER = false; $DYING_BADLY = false; // If ocPortal is bailing out uncontrollably, setting this will make sure the error hander does not try and suppress $XSS_DETECT = function_exists('ocp_mark_as_escaped'); $GLOBALS['DEBUG_MODE'] = (!array_key_exists('debug_mode', $SITE_INFO) || $SITE_INFO['debug_mode'] == '1') && (is_dir(get_file_base() . '/.svn') || is_dir(get_file_base() . '/.git') || function_exists('ocp_mark_as_escaped')) && (!array_key_exists('keep_no_debug_mode', $_GET) || $_GET['keep_no_debug_mode'] == '0'); $GLOBALS['SEMI_DEBUG_MODE'] = (!array_key_exists('debug_mode', $SITE_INFO) || $SITE_INFO['debug_mode'] == '1') && (is_dir(get_file_base() . '/.svn') || is_dir(get_file_base() . '/.git') || function_exists('ocp_mark_as_escaped')); if (function_exists('set_time_limit')) { @set_time_limit(60); } if ($GLOBALS['DEBUG_MODE']) { if (function_exists('set_time_limit')) { @set_time_limit(10); } @ini_set('ocproducts.type_strictness', '1'); @ini_set('ocproducts.xss_detect', '1'); } if ($GLOBALS['DEBUG_MODE']) { require_code('developer_tools'); } $JAVASCRIPTS = array('javascript' => 1, 'javascript_thumbnails' => 1); if ($GLOBALS['CURRENT_SHARE_USER'] !== NULL || get_domain() == 'myocp.com') { $JAVASCRIPTS['javascript_ajax'] = 1; } $CSSS = array('no_cache' => 1, 'global' => 1); // Try and make the PHP environment as we need it if (function_exists('set_magic_quotes_runtime')) { @set_magic_quotes_runtime(0); } // @'d because it's deprecated and PHP 5.3 may give an error @ini_set('auto_detect_line_endings', '0'); @ini_set('include_path', ''); @ini_set('default_socket_timeout', '60'); @ini_set('allow_url_fopen', '0'); @ini_set('suhosin.executor.disable_emodifier', '1'); // Extra security if suhosin is available @ini_set('suhosin.executor.multiheader', '1'); // Extra security if suhosin is available @ini_set('suhosin.executor.disable_eval', '0'); @ini_set('suhosin.executor.eval.whitelist', ''); @ini_set('suhosin.executor.func.whitelist', ''); // Load most basic config $IN_MINIKERNEL_VERSION = 0; $EXITING = 0; if (array_key_exists('use_ocf', $_GET) && running_script('upgrader')) { $SITE_INFO['forum_type'] = 'ocf'; $SITE_INFO['ocf_table_prefix'] = $SITE_INFO['table_prefix']; } $CACHE_TEMPLATES = true; // The URL to our install (no trailing /) $BASE_URL_HTTP = NULL; $BASE_URL_HTTPS = NULL; $WORDS_TO_FILTER = NULL; $FIELD_RESTRICTIONS = NULL; $VALID_ENCODING = false; $CONVERTED_ENCODING = false; if (!isset($MICRO_BOOTUP)) { $MICRO_BOOTUP = 0; } if (!isset($MICRO_AJAX_BOOTUP)) { $MICRO_AJAX_BOOTUP = 0; } require_code_no_override('version'); if ($MICRO_BOOTUP == 0 && $MICRO_AJAX_BOOTUP == 0) { //@header('X-Powered-By: ocPortal '.ocp_version_full().' (PHP '.phpversion().')'); @header('X-Powered-By: ocPortal'); // Better to keep it vague, for security reasons $QUERY_LOG = false; if (isset($_REQUEST['special_page_type']) && $_REQUEST['special_page_type'] == 'query') { $QUERY_LOG = true; } } // Most critical things require_code('support'); // A lot of support code is present in this srand(make_seed()); mt_srand(make_seed()); if ($MICRO_BOOTUP == 0 && $MICRO_AJAX_BOOTUP == 0) { if (running_script('index') && count($_POST) == 0) { $bot_type = get_bot_type(); if ($bot_type !== NULL && isset($SITE_INFO['fast_spider_cache']) && $SITE_INFO['fast_spider_cache'] != '0') { fast_spider_cache(true); } } } require_code('caches'); // Recently taken out of 'support' so makes sense to load it here require_code('database'); // There's nothing without the database if ((!isset($SITE_INFO['known_suexec']) || $SITE_INFO['known_suexec'] == '0') && !is_writable_wrap(get_file_base() . '/.htaccess')) { require_code('support2'); if (ip_banned(get_ip_address())) { critical_error('BANNED'); } } if (running_script('messages') && get_param('action', 'new') == 'new' && get_param_integer('routine_refresh', 0) == 0) { require_code('chat_poller'); chat_poller(); } if ($MICRO_BOOTUP == 0) { load_user_stuff(); } // For any kind of niceness we need these. The order is chosen for complex dependency reasons - don't mess with it if ($MICRO_AJAX_BOOTUP == 0) { require_code('themes'); // Output needs to know about themes require_code('templates'); // So that we can do error templates require_code('tempcode'); // Output is done with tempcode if ($MICRO_BOOTUP == 0) { require_code('comcode'); // Much output goes through comcode } } require_code('zones'); // Zone is needed because zones are where all ocPortal pages reside require_code('config'); // Config is needed for much active stuff if (get_option('collapse_user_zones', true) === '1' && $RELATIVE_PATH == 'site') { get_base_url(); /*force calculation first*/ $RELATIVE_PATH = ''; } require_code('users'); // Users are important due to permissions if ($MICRO_BOOTUP == 0 && $MICRO_AJAX_BOOTUP == 0) { if (running_script('index') && count($_POST) == 0) { if (isset($SITE_INFO['any_guest_cached_too']) && $SITE_INFO['any_guest_cached_too'] == '1' && is_guest(NULL, true)) { fast_spider_cache(false); } } } $CACHE_TEMPLATES = (get_option('is_on_template_cache') == '1' || get_param_integer('keep_cache', 0) == 1 || get_param_integer('cache', 0) == 1) && get_param_integer('keep_cache', NULL) !== 0 && get_param_integer('cache', NULL) !== 0; if ($MICRO_AJAX_BOOTUP == 0) { require_code('temporal'); // Date/time functions require_code('files'); // Contains fix_permissions, needed for 'lang' require_code('lang'); // So that we can do language stuff (e.g. errors) convert_data_encodings(); if ($MICRO_BOOTUP == 0) { require_code('permissions'); // So we can check access } } // At this point we can display errors nicely $GLOBALS['SUPPRESS_ERROR_DEATH'] = false; set_error_handler('ocportal_error_handler'); if (function_exists('error_get_last')) { register_shutdown_function('catch_fatal_errors'); } $HAS_SET_ERROR_HANDLER = true; if ($MICRO_BOOTUP == 0) { if (method_exists($GLOBALS['FORUM_DRIVER'], 'forum_layer_initialise')) { $GLOBALS['FORUM_DRIVER']->forum_layer_initialise(); } } if ($MICRO_AJAX_BOOTUP == 0) { $JAVASCRIPT = new ocp_tempcode(); } if ($MICRO_BOOTUP == 0) { if ($IN_MINIKERNEL_VERSION != 1 && $MICRO_AJAX_BOOTUP == 0) { has_cookies(); // Will determine at early point whether we have cookie support get_num_users_site(); // Will kill site if there are too many users } } require_code('urls'); // URL building is crucial @header('Content-type: text/html; charset=' . get_charset()); if ($MICRO_AJAX_BOOTUP == 0 && $MICRO_BOOTUP == 0) { // Before anything gets outputted handle_logins(); require_code('site'); // This powers the site (top level page generation) // Are we installed? get_option('site_name'); } // Our logging (change false to true for temporarily changing it so staff get logging) if (get_option('log_php_errors') == '1') { @ini_set('log_errors', '1'); if (addon_installed('errorlog')) { @ini_set('error_log', get_custom_file_base() . '/data_custom/errorlog.php'); } } if ($MICRO_BOOTUP == 0 && $MICRO_AJAX_BOOTUP == 0 && (get_option('display_php_errors') == '1' || running_script('upgrader') || has_specific_permission(get_member(), 'see_php_errors'))) { @ini_set('display_errors', '1'); } elseif (!$GLOBALS['DEBUG_MODE']) { @ini_set('display_errors', '0'); } // G-zip? @ini_set('zlib.output_compression', get_option('gzip_output') == '1' ? 'On' : 'Off'); if (function_exists('setlocale') && $MICRO_AJAX_BOOTUP == 0) { $locales = explode(',', do_lang('locale')); setlocale(LC_ALL, $locales[0]); @setlocale(LC_ALL, $locales); unset($locales); } if ($MICRO_AJAX_BOOTUP == 0 && $MICRO_BOOTUP == 0 && (!isset($SITE_INFO['no_installer_checks']) || $SITE_INFO['no_installer_checks'] == '0')) { if (is_file(get_file_base() . '/install.php') && !is_file(get_file_base() . '/install_ok') && running_script('index')) { warn_exit(do_lang_tempcode('MUST_DELETE_INSTALLER')); } } if ($MICRO_AJAX_BOOTUP == 0 && $MICRO_BOOTUP == 0) { $changed_base_url = !array_key_exists('base_url', $SITE_INFO) && get_long_value('last_base_url') !== get_base_url(false); if (running_script('index') && (is_browser_decacheing() || $changed_base_url)) { require_code('view_modes'); erase_tempcode_cache(); erase_cached_templates(!$changed_base_url); erase_comcode_cache(); erase_cached_language(); persistant_cache_empty(); if ($changed_base_url) { require_lang('zones'); require_code('zones3'); erase_comcode_page_cache(); set_long_value('last_base_url', get_base_url(false)); } } if (has_zone_access(get_member(), 'adminzone')) { $JAVASCRIPTS['javascript_staff'] = 1; $JAVASCRIPTS['javascript_ajax'] = 1; if (addon_installed('occle')) { $JAVASCRIPTS['javascript_button_occle'] = 1; } } if (addon_installed('realtime_rain') && get_option('bottom_show_realtime_rain_button', true) === '1') { $JAVASCRIPTS['javascript_button_realtime_rain'] = 1; } } /*ocp_memory_profile('startup'); $func=get_defined_functions(); print_r($func['user']);*/ if (tacit_https() || is_page_https(get_zone_name(), get_page_name())) { @header('Cache-Control: private'); @header('Pragma: private'); } $BOOTSTRAPPING = 0; if ($GLOBALS['SEMI_DEBUG_MODE'] && $MICRO_AJAX_BOOTUP == 0) { if ($GLOBALS['SEMI_DEBUG_MODE']) { /*if ((mt_rand(0,2)==1) && ($GLOBALS['DEBUG_MODE']) && (running_script('index'))) We know this works now, so let's stop messing up our development speed { require_code('view_modes'); erase_cached_templates(true); // Stop anything trying to read a template cache item (E.g. CSS, JS) that might not exist! }*/ if (strpos(ocp_srv('HTTP_REFERER'), ocp_srv('HTTP_HOST')) !== false && strpos(ocp_srv('HTTP_REFERER'), 'keep_devtest') !== false && !running_script('attachment') && !running_script('upgrader') && strpos(ocp_srv('HTTP_REFERER'), 'login') === false && is_null(get_param('keep_devtest', NULL))) { $_GET['keep_devtest'] = '1'; fatal_exit('URL not constructed properly: development mode in use but keep_devtest was not specified. This indicates that links have been made without build_url (in PHP) or keep_stub (in Javascript). Whilst not fatal this time, failure to use these functions can cause problems when your site goes live. See the ocPortal codebook for more details.'); } else { $_GET['keep_devtest'] = '1'; } } if (browser_matches('true_xhtml') && get_value('html5') !== '1' && get_value('html5') !== '_true' && get_param_integer('keep_no_xhtml', 0) == 0 && !running_script('upgrader')) { @header('Content-type: application/xhtml+xml; charset=' . get_charset()); } if (isset($_CREATED_FILES)) { /** * Run after-tests for debug mode, to make sure coding standards are met. */ function debug_mode_aftertests() { global $_CREATED_FILES, $_MODIFIED_FILES; // Use the info from ocProduct's custom PHP version to make sure that all files that were created/modified got synched as they should have been. foreach ($_CREATED_FILES as $file) { if (substr($file, 0, strlen(get_file_base())) == get_file_base() && substr($file, -4) != '.log' && basename($file) != 'permissioncheckslog.php') { @exit(escape_html('File not permission-synched: ' . $file)); } } foreach ($_MODIFIED_FILES as $file) { if (strpos($file, '_cache') === false && substr($file, 0, strlen(get_file_base())) == get_file_base() && substr($file, -4) != '.log' && basename($file) != 'permissioncheckslog.php') { @exit(escape_html('File not change-synched: ' . $file)); } } global $TITLE_CALLED, $SCREEN_TEMPLATE_CALLED, $EXITING; if (is_null($SCREEN_TEMPLATE_CALLED) && $EXITING == 0 && strpos(ocp_srv('PHP_SELF'), 'index.php') !== false) { @exit(escape_html('No screen template called.')); } if (!$TITLE_CALLED && (is_null($SCREEN_TEMPLATE_CALLED) || $SCREEN_TEMPLATE_CALLED != '') && $EXITING == 0 && strpos(ocp_srv('PHP_SELF'), 'index.php') !== false) { @exit(escape_html('No title used on screen.')); } } register_shutdown_function('debug_mode_aftertests'); } if (ocp_srv('SCRIPT_FILENAME') != '' && $GLOBALS['DEBUG_MODE'] && strpos(ocp_srv('SCRIPT_FILENAME'), 'data_custom') === false) { if (@strlen(file_get_contents(ocp_srv('SCRIPT_FILENAME'), FILE_TEXT)) > 4500) { fatal_exit('Entry scripts (front controllers) should not be shoved full of code.'); } } } // FirePHP console support, only for administrators if ((get_param_integer('keep_firephp', 0) == 1 || get_param_integer('keep_queries', 0) == 1) && ($GLOBALS['FORUM_DRIVER']->is_super_admin(get_member()) || $GLOBALS['IS_ACTUALLY_ADMIN'])) { require_code('firephp'); } $default_memory_limit = get_value('memory_limit'); if (is_null($default_memory_limit) || $default_memory_limit == '' || $default_memory_limit == '0' || $default_memory_limit == '-1') { $default_memory_limit = '64M'; } @ini_set('memory_limit', $default_memory_limit); if (isset($GLOBALS['FORUM_DRIVER']) && $GLOBALS['FORUM_DRIVER']->is_super_admin(get_member())) { if (get_param_integer('keep_avoid_memory_limit', 0) == 1) { disable_php_memory_limit(); } $memory_test = get_param_integer('keep_memory_limit_test', 0); if ($memory_test != 0 && $memory_test <= 32) { @ini_set('memory_limit', strval($memory_test) . 'M'); } } if (get_option('sitewide_im', true) === '1' && running_script('index') && get_param('type', 'misc', true) != 'room') { require_code('chat'); enter_chat_lobby(); } // Startup hooks if (!running_script('upgrader')) { $startup_hooks = find_all_hooks('systems', 'startup'); foreach (array_keys($startup_hooks) as $hook) { require_code('hooks/systems/startup/' . filter_naughty_harsh($hook)); $ob = object_factory('Hook_startup_' . filter_naughty_harsh($hook), true); if ($ob === NULL) { continue; } $ob->run($MICRO_BOOTUP, $MICRO_AJAX_BOOTUP, 0); } if ($CURRENT_SHARE_USER !== NULL && float_to_raw_string(ocp_version_number()) != get_value('version')) { require_code('upgrade'); clear_caches_2(); version_specific(); upgrade_modules(); ocf_upgrade(); } } }
/** * AJAX script for dynamically extended selection tree. */ function ajax_tree_script() { // Closed site $site_closed = get_option('site_closed'); if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) { header('Content-Type: text/plain'); @exit(get_option('closed')); } header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past header('Content-Type: text/xml'); $hook = filter_naughty_harsh(get_param('hook')); require_code('hooks/systems/ajax_tree/' . $hook); $object = object_factory('Hook_' . $hook); convert_data_encodings(true); $id = get_param('id', '', true); if ($id == '') { $id = NULL; } @ini_set('ocproducts.xss_detect', '0'); $html_mask = get_param_integer('html_mask', 0) == 1; if (!$html_mask) { echo '<?xml version="1.0" encoding="' . get_charset() . '"?' . '>'; } echo $html_mask ? '<html>' : '<request>'; $_options = get_param('options', '', true); if ($_options == '') { $_options = serialize(array()); } secure_serialized_data($_options); $options = @unserialize($_options); if ($options === false) { warn_exit(do_lang_tempcode('INTERNAL_ERROR')); } $val = $object->run($id, $options, get_param('default', NULL, true)); echo str_replace('</body>', '<br id="ended" /></body>', $val); echo $html_mask ? '</html>' : '</request>'; }
/** * Convert some data from one encoding to the internal encoding. * * @param string Data to convert. * @param ?string Charset to convert from (NULL: that read by the last http_download_file call). * @param ?string Charset to convert to (NULL: current encoding). * @return string Converted data. */ function convert_to_internal_encoding($data, $input_charset = NULL, $internal_charset = NULL) { global $VALID_ENCODING; convert_data_encodings(); // In case it hasn't run yet. We need $VALID_ENCODING to be set. if (is_null($input_charset)) { $input_charset = $GLOBALS['HTTP_CHARSET']; } if ($input_charset === '' || is_null($input_charset)) { return $data; } if (is_null($internal_charset)) { $internal_charset = get_charset(); } if ((version_compare(phpversion(), '4.3.0') >= 0 || strtolower($internal_charset) == 'iso-8859-1') && strtolower($input_charset) == 'utf-8' && will_be_unicode_neutered($data) && in_array(strtolower($internal_charset), array('iso-8859-1', 'iso-8859-15', 'koi8-r', 'big5', 'gb2312', 'big5-hkscs', 'shift_jis', 'euc-jp'))) { $test = entity_utf8_decode($data, $internal_charset); if ($test !== false) { $data = $test; } } elseif (function_exists('unicode_decode') && $internal_charset != 'utf-8' && $input_charset == 'utf-8' && $VALID_ENCODING) { $test = @unicode_decode($data, $input_charset); if ($test !== false) { $data = $test; } } elseif (function_exists('unicode_encode') && $internal_charset == 'utf-8' && $input_charset != 'utf-8' && $VALID_ENCODING) { $test = @unicode_encode($data, $input_charset); if ($test !== false) { $data = $test; } } elseif (function_exists('iconv') && $VALID_ENCODING && get_value('disable_iconv') !== '1') { $test = @iconv($input_charset, $internal_charset . '//TRANSLIT', $data); if ($test !== false) { $data = $test; } } elseif (function_exists('mb_convert_encoding') && $VALID_ENCODING && get_value('disable_mbstring') !== '1') { if (function_exists('mb_list_encodings')) { $good_encoding = in_array(strtolower($input_charset), array_map('strtolower', mb_list_encodings())); } else { $good_encoding = true; } if ($good_encoding) { $test = @mb_convert_encoding($data, $internal_charset, $input_charset); if ($test !== false) { $data = $test; } } } elseif (strtolower($input_charset) == 'utf-8' && strtolower(substr($internal_charset, 0, 3)) != 'utf') { $test = utf8_decode($data); // Imperfect as it assumes ISO-8859-1, but it's our last resort. if ($test !== false) { $data = $test; } } elseif (strtolower($internal_charset) == 'utf-8' && strtolower(substr($input_charset, 0, 3)) != 'utf') { $test = utf8_encode($data); // Imperfect as it assumes ISO-8859-1, but it's our last resort. if ($test !== false) { $data = $test; } } return $data; }
/** * High-level messages script handling */ function messages_script() { get_page_title('', false); // Force session time to be updated // Closed site $site_closed = get_option('site_closed'); if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) { header('Content-Type: text/plain'); @exit(get_option('closed')); } // Check we are allowed here //if (!has_actual_page_access(get_member(),'chat')) access_denied('PAGE_ACCESS'); Actually we'll use room permissions for that; don't want to block the shoutbox // Check the action $action = get_param('action', 'new'); if ($action == 'all') { // Getting all messages (i.e. up to five minutes ago) _chat_messages_script_ajax(either_param_integer('room_id'), true); } elseif ($action == 'post') { // Posting a message convert_data_encodings(true); $message = either_param('message'); _chat_post_message_ajax(either_param_integer('room_id'), $message, post_param('font', ''), post_param('colour', ''), post_param_integer('first_message', 0)); } elseif ($action == 'start_im') { require_lang('chat'); $people = get_param('people'); if ($people == '') { exit; } require_code('chat2'); if (strpos($people, ',') === false) { $room_name = $GLOBALS['FORUM_DRIVER']->get_username(get_member()); } else { $room_name = do_lang('IM_MULTI', $GLOBALS['FORUM_DRIVER']->get_username(get_member())); } add_chatroom('', $room_name, get_member(), filter_invites_for_blocking(strval(get_member()) . ',' . $people), '', '', '', user_lang(), 1); // Send response of new messages, so we get instant result _chat_messages_script_ajax(-2, false, either_param_integer('message_id'), either_param_integer('event_id')); } elseif ($action == 'join_im') { $room_id = get_param_integer('room_id'); $room_check = $GLOBALS['SITE_DB']->query_select('chat_rooms', array('id', 'is_im', 'c_welcome', 'allow_list_groups', 'disallow_list_groups', 'allow_list', 'disallow_list', 'room_owner'), array('id' => $room_id), '', 1); if (!array_key_exists(0, $room_check)) { warn_exit(do_lang_tempcode('MISSING_RESOURCE')); } if (!check_chatroom_access($room_check[0], true, NULL, true)) { return; } // Possibly the room was closed already $event_id = $GLOBALS['SITE_DB']->query_insert('chat_events', array('e_type_code' => 'JOIN_IM', 'e_member_id' => get_member(), 'e_room_id' => $room_id, 'e_date_and_time' => time()), true); $myfile = @fopen(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat', 'wb') or intelligent_write_error(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat'); fwrite($myfile, strval($event_id)); fclose($myfile); sync_file(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat'); // Catch up the current user so that they know who else is in the room just joined... $events_output = ''; $peoplea = explode(',', $room_check[0]['allow_list']); foreach ($peoplea as $person) { $person = trim($person); if ($person == '') { continue; } $member_id = intval($person); if ($member_id != get_member()) { $username = $GLOBALS['FORUM_DRIVER']->get_username($member_id); $avatar_url = $GLOBALS['FORUM_DRIVER']->get_member_avatar_url($member_id); if (!is_null($username)) { $events_output .= '<chat_event event_type="PREINVITED_TO_IM" away="' . (chatter_active($member_id) ? '0' : '1') . '" member_id="' . strval($member_id) . '" username="******" avatar_url="' . xmlentities($avatar_url) . '" room_id="' . strval($room_id) . '"></chat_event>'; } } } _chat_messages_script_ajax(-1, false, -1, either_param_integer('event_id'), $events_output); } elseif ($action == 'deinvolve_im') { $room_id = get_param_integer('room_id'); $room_check = $GLOBALS['SITE_DB']->query_select('chat_rooms', array('id', 'is_im', 'c_welcome', 'allow_list_groups', 'disallow_list_groups', 'allow_list', 'disallow_list', 'room_owner'), array('id' => $room_id), '', 1); if (!array_key_exists(0, $room_check)) { warn_exit(do_lang_tempcode('MISSING_RESOURCE')); } if (!check_chatroom_access($room_check[0], true, NULL, true)) { return; } // Possibly the room was closed already $allow_list = str_replace(',' . strval(get_member()) . ',', ',', ',' . $room_check[0]['allow_list'] . ','); $allow_list = substr($allow_list, 1, strlen($allow_list) - 2); $event_id = $GLOBALS['SITE_DB']->query_insert('chat_events', array('e_type_code' => 'DEINVOLVE_IM', 'e_member_id' => get_member(), 'e_room_id' => $room_id, 'e_date_and_time' => time()), true); $myfile = @fopen(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat', 'wb') or intelligent_write_error(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat'); fwrite($myfile, strval($event_id)); fclose($myfile); sync_file(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat'); if ($allow_list == '') { require_code('chat2'); delete_chatroom($room_id); } else { $peoplea = explode(',', $allow_list); $room_owner = $room_check[0]['room_owner']; if ($room_owner == get_member()) { $room_owner = intval($peoplea[0]); } $GLOBALS['SITE_DB']->query_update('chat_rooms', array('room_owner' => $room_owner, 'allow_list' => $allow_list), array('id' => $room_id), '', 1); } } elseif ($action == 'invite_im') { $room_id = get_param_integer('room_id'); $people = get_param('people'); if ($people == '') { exit; } foreach (explode(',', $people) as $person) { $person = trim($person); if ($person == '') { continue; } $event_id = $GLOBALS['SITE_DB']->query_insert('chat_events', array('e_type_code' => 'PREINVITED_TO_IM', 'e_member_id' => intval($person), 'e_room_id' => $room_id, 'e_date_and_time' => time()), true); $myfile = @fopen(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat', 'wb') or intelligent_write_error(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat'); fwrite($myfile, strval($event_id)); fclose($myfile); sync_file(get_custom_file_base() . '/data_custom/modules/chat/chat_last_event.dat'); } $room_check = $GLOBALS['SITE_DB']->query_select('chat_rooms', array('id', 'is_im', 'c_welcome', 'allow_list_groups', 'disallow_list_groups', 'allow_list', 'disallow_list', 'room_owner'), array('id' => $room_id), '', 1); if (!array_key_exists(0, $room_check)) { warn_exit(do_lang_tempcode('MISSING_RESOURCE')); } if (!check_chatroom_access($room_check[0], true, NULL, true)) { return; } // Possibly the room was closed already $allow_list = $room_check[0]['allow_list']; $_people = $allow_list . ',' . filter_invites_for_blocking($people); $GLOBALS['SITE_DB']->query_update('chat_rooms', array('allow_list' => $_people), array('id' => $room_id), '', 1); } else { // Getting all new messages (i.e. up to our last refresh time) _chat_messages_script_ajax(either_param_integer('room_id'), false, either_param_integer('message_id'), either_param_integer('event_id')); } }