[ Index ]

PHP Cross Reference of MyBB 1.8.38

title

Body

[close]

/inc/ -> class_core.php (source)

   1  <?php
   2  /**
   3   * MyBB 1.8
   4   * Copyright 2014 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://www.mybb.com
   7   * License: http://www.mybb.com/about/license
   8   *
   9   */
  10  
  11  class MyBB {
  12      /**
  13       * The friendly version number of MyBB we're running.
  14       *
  15       * @var string
  16       */
  17      public $version = "1.8.38";
  18  
  19      /**
  20       * The version code of MyBB we're running.
  21       *
  22       * @var integer
  23       */
  24      public $version_code = 1838;
  25  
  26      /**
  27       * The current working directory.
  28       *
  29       * @var string
  30       */
  31      public $cwd = ".";
  32  
  33      /**
  34       * Input variables received from the outer world.
  35       *
  36       * @var array
  37       */
  38      public $input = array();
  39  
  40      /**
  41       * Cookie variables received from the outer world.
  42       *
  43       * @var array
  44       */
  45      public $cookies = array();
  46  
  47      /**
  48       * Information about the current user.
  49       *
  50       * @var array
  51       */
  52      public $user = array();
  53  
  54      /**
  55       * Information about the current usergroup.
  56       *
  57       * @var array
  58       */
  59      public $usergroup = array();
  60  
  61      /**
  62       * MyBB settings.
  63       *
  64       * @var array
  65       */
  66      public $settings = array();
  67  
  68      /**
  69       * Whether or not magic quotes are enabled.
  70       *
  71       * @var int
  72       */
  73      public $magicquotes = 0;
  74  
  75      /**
  76       * Whether or not MyBB supports SEO URLs
  77       *
  78       * @var boolean
  79       */
  80      public $seo_support = false;
  81  
  82      /**
  83       * MyBB configuration.
  84       *
  85       * @var array
  86       */
  87      public $config = array();
  88  
  89      /**
  90       * The request method that called this page.
  91       *
  92       * @var string
  93       */
  94      public $request_method = "";
  95  
  96      /**
  97       * Whether or not PHP's safe_mode is enabled
  98       *
  99       * @var boolean
 100       */
 101      public $safemode = false;
 102  
 103      /**
 104       * Loads templates directly from the master theme and disables the installer locked error
 105       *
 106       * @var boolean
 107       */
 108      public $dev_mode = false;
 109  
 110      /**
 111       * Variables that need to be clean.
 112       *
 113       * @var array
 114       */
 115      public $clean_variables = array(
 116          "int" => array(
 117              "tid", "pid", "uid",
 118              "eid", "pmid", "fid",
 119              "aid", "rid", "sid",
 120              "vid", "cid", "bid",
 121              "hid", "gid", "mid",
 122              "wid", "lid", "iid",
 123              "did", "qid", "id"
 124          ),
 125          "pos" => array(
 126              "page", "perpage"
 127          ),
 128          "a-z" => array(
 129              "sortby", "order"
 130          )
 131      );
 132  
 133      /**
 134       * Variables that are to be ignored from cleansing process
 135       *
 136       * @var array
 137       */
 138      public $ignore_clean_variables = array();
 139  
 140      /**
 141       * Using built in shutdown functionality provided by register_shutdown_function for < PHP 5?
 142       *
 143       * @var bool
 144       */
 145      public $use_shutdown = true;
 146  
 147      /**
 148       * Debug mode?
 149       *
 150       * @var bool
 151       */
 152      public $debug_mode = false;
 153  
 154      /**
 155       * Binary database fields need to be handled differently
 156       *
 157       * @var array
 158       */
 159      public $binary_fields = array(
 160          'adminlog' => array('ipaddress' => true),
 161          'adminsessions' => array('ip' => true),
 162          'maillogs' => array('ipaddress' => true),
 163          'moderatorlog' => array('ipaddress' => true),
 164          'pollvotes' => array('ipaddress' => true),
 165          'posts' => array('ipaddress' => true),
 166          'privatemessages' => array('ipaddress' => true),
 167          'searchlog' => array('ipaddress' => true),
 168          'sessions' => array('ip' => true),
 169          'threadratings' => array('ipaddress' => true),
 170          'users' => array('regip' => true, 'lastip' => true),
 171          'spamlog' => array('ipaddress' => true),
 172      );
 173  
 174      /**
 175       * The cache instance to use.
 176       *
 177       * @var datacache
 178       */
 179      public $cache;
 180  
 181      /**
 182       * The base URL to assets.
 183       *
 184       * @var string
 185       */
 186      public $asset_url = null;
 187  
 188      /**
 189       * @var array
 190       */
 191      public $session = array();
 192  
 193      /**
 194       * @var string
 195       */
 196      public $post_code;
 197  
 198      /**
 199       * @var array
 200       */
 201      public $admin;
 202  
 203      /**
 204       * String input constant for use with get_input().
 205       *
 206       * @see get_input
 207       */
 208      const INPUT_STRING = 0;
 209      /**
 210       * Integer input constant for use with get_input().
 211       *
 212       * @see get_input
 213       */
 214      const INPUT_INT = 1;
 215      /**
 216       * Array input constant for use with get_input().
 217       *
 218       * @see get_input
 219       */
 220      const INPUT_ARRAY = 2;
 221      /**
 222       * Float input constant for use with get_input().
 223       *
 224       * @see get_input
 225       */
 226      const INPUT_FLOAT = 3;
 227      /**
 228       * Boolean input constant for use with get_input().
 229       *
 230       * @see get_input
 231       */
 232      const INPUT_BOOL = 4;
 233  
 234      /**
 235       * Constructor of class.
 236       */
 237  	function __construct()
 238      {
 239          // Set up MyBB
 240          $protected = array("_GET", "_POST", "_SERVER", "_COOKIE", "_FILES", "_ENV", "GLOBALS");
 241          foreach($protected as $var)
 242          {
 243              if(isset($_POST[$var]) || isset($_GET[$var]) || isset($_COOKIE[$var]) || isset($_FILES[$var]))
 244              {
 245                  die("Hacking attempt");
 246              }
 247          }
 248  
 249          if(defined("IGNORE_CLEAN_VARS"))
 250          {
 251              if(!is_array(IGNORE_CLEAN_VARS))
 252              {
 253                  $this->ignore_clean_variables = array(IGNORE_CLEAN_VARS);
 254              }
 255              else
 256              {
 257                  $this->ignore_clean_variables = IGNORE_CLEAN_VARS;
 258              }
 259          }
 260  
 261          // Determine Magic Quotes Status (< PHP 6.0)
 262          if(version_compare(PHP_VERSION, '6.0', '<'))
 263          {
 264              if(@get_magic_quotes_gpc())
 265              {
 266                  $this->magicquotes = 1;
 267                  $this->strip_slashes_array($_POST);
 268                  $this->strip_slashes_array($_GET);
 269                  $this->strip_slashes_array($_COOKIE);
 270              }
 271              @set_magic_quotes_runtime(0);
 272              @ini_set("magic_quotes_gpc", 0);
 273              @ini_set("magic_quotes_runtime", 0);
 274          }
 275  
 276          // Determine input
 277          $this->parse_incoming($_GET);
 278          $this->parse_incoming($_POST);
 279  
 280          if($_SERVER['REQUEST_METHOD'] == "POST")
 281          {
 282              $this->request_method = "post";
 283          }
 284          else if($_SERVER['REQUEST_METHOD'] == "GET")
 285          {
 286              $this->request_method = "get";
 287          }
 288  
 289          // If we've got register globals on, then kill them too
 290          if(@ini_get("register_globals") == 1)
 291          {
 292              $this->unset_globals($_POST);
 293              $this->unset_globals($_GET);
 294              $this->unset_globals($_FILES);
 295              $this->unset_globals($_COOKIE);
 296          }
 297          $this->clean_input();
 298  
 299          $safe_mode_status = @ini_get("safe_mode");
 300          if($safe_mode_status == 1 || strtolower($safe_mode_status) == 'on')
 301          {
 302              $this->safemode = true;
 303          }
 304  
 305          // Are we running on a development server?
 306          if(isset($_SERVER['MYBB_DEV_MODE']) && $_SERVER['MYBB_DEV_MODE'] == 1)
 307          {
 308              $this->dev_mode = 1;
 309          }
 310  
 311          // Are we running in debug mode?
 312          if(isset($this->input['debug']) && $this->input['debug'] == 1)
 313          {
 314              $this->debug_mode = true;
 315          }
 316  
 317          if(isset($this->input['action']) && $this->input['action'] == "mybb_logo")
 318          {
 319              require_once dirname(__FILE__)."/mybb_group.php";
 320              output_logo();
 321          }
 322  
 323          if(isset($this->input['intcheck']) && $this->input['intcheck'] == 1)
 324          {
 325              die("&#077;&#089;&#066;&#066;");
 326          }
 327      }
 328  
 329      /**
 330       * Parses the incoming variables.
 331       *
 332       * @param array $array The array of incoming variables.
 333       */
 334  	function parse_incoming($array)
 335      {
 336          if(!is_array($array))
 337          {
 338              return;
 339          }
 340  
 341          foreach($array as $key => $val)
 342          {
 343              $this->input[$key] = $val;
 344          }
 345      }
 346  
 347      /**
 348       * Parses the incoming cookies
 349       *
 350       */
 351  	function parse_cookies()
 352      {
 353          if(!is_array($_COOKIE))
 354          {
 355              return;
 356          }
 357  
 358          $prefix_length = strlen($this->settings['cookieprefix']);
 359  
 360          foreach($_COOKIE as $key => $val)
 361          {
 362              if($prefix_length && substr($key, 0, $prefix_length) == $this->settings['cookieprefix'])
 363              {
 364                  $key = substr($key, $prefix_length);
 365  
 366                  // Fixes conflicts with one board having a prefix and another that doesn't on the same domain
 367                  // Gives priority to our cookies over others (overwrites them)
 368                  if(isset($this->cookies[$key]))
 369                  {
 370                      unset($this->cookies[$key]);
 371                  }
 372              }
 373  
 374              if(empty($this->cookies[$key]))
 375              {
 376                  $this->cookies[$key] = $val;
 377              }
 378          }
 379      }
 380  
 381      /**
 382       * Strips slashes out of a given array.
 383       *
 384       * @param array $array The array to strip.
 385       */
 386  	function strip_slashes_array(&$array)
 387      {
 388          foreach($array as $key => $val)
 389          {
 390              if(is_array($array[$key]))
 391              {
 392                  $this->strip_slashes_array($array[$key]);
 393              }
 394              else
 395              {
 396                  $array[$key] = stripslashes($array[$key]);
 397              }
 398          }
 399      }
 400  
 401      /**
 402       * Unsets globals from a specific array.
 403       *
 404       * @param array $array The array to unset from.
 405       */
 406  	function unset_globals($array)
 407      {
 408          if(!is_array($array))
 409          {
 410              return;
 411          }
 412  
 413          foreach(array_keys($array) as $key)
 414          {
 415              unset($GLOBALS[$key]);
 416              unset($GLOBALS[$key]); // Double unset to circumvent the zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4
 417          }
 418      }
 419  
 420      /**
 421       * Cleans predefined input variables.
 422       *
 423       */
 424  	function clean_input()
 425      {
 426          foreach($this->clean_variables as $type => $variables)
 427          {
 428              foreach($variables as $var)
 429              {
 430                  // If this variable is in the ignored array, skip and move to next.
 431                  if(in_array($var, $this->ignore_clean_variables))
 432                  {
 433                      continue;
 434                  }
 435  
 436                  if(isset($this->input[$var]))
 437                  {
 438                      switch($type)
 439                      {
 440                          case "int":
 441                              $this->input[$var] = $this->get_input($var, MyBB::INPUT_INT);
 442                              break;
 443                          case "a-z":
 444                              $this->input[$var] = preg_replace("#[^a-z\.\-_]#i", "", $this->get_input($var));
 445                              break;
 446                          case "pos":
 447                              if(($this->input[$var] < 0 && $var != "page") || ($var == "page" && $this->input[$var] != "last" && $this->input[$var] < 0))
 448                                  $this->input[$var] = 0;
 449                              break;
 450                      }
 451                  }
 452              }
 453          }
 454      }
 455  
 456      /**
 457       * Checks the input data type before usage.
 458       *
 459       * @param string $name Variable name ($mybb->input)
 460       * @param int $type The type of the variable to get. Should be one of MyBB::INPUT_INT, MyBB::INPUT_ARRAY or MyBB::INPUT_STRING.
 461       *
 462       * @return int|float|array|string Checked data. Type depending on $type
 463       */
 464  	function get_input($name, $type = MyBB::INPUT_STRING)
 465      {
 466          switch($type)
 467          {
 468              case MyBB::INPUT_ARRAY:
 469                  if(!isset($this->input[$name]) || !is_array($this->input[$name]))
 470                  {
 471                      return array();
 472                  }
 473                  return $this->input[$name];
 474              case MyBB::INPUT_INT:
 475                  if(!isset($this->input[$name]) || !is_numeric($this->input[$name]))
 476                  {
 477                      return 0;
 478                  }
 479                  return (int)$this->input[$name];
 480              case MyBB::INPUT_FLOAT:
 481                  if(!isset($this->input[$name]) || !is_numeric($this->input[$name]))
 482                  {
 483                      return 0.0;
 484                  }
 485                  return (float)$this->input[$name];
 486              case MyBB::INPUT_BOOL:
 487                  if(!isset($this->input[$name]) || !is_scalar($this->input[$name]))
 488                  {
 489                      return false;
 490                  }
 491                  return (bool)$this->input[$name];
 492              default:
 493                  if(!isset($this->input[$name]) || !is_scalar($this->input[$name]))
 494                  {
 495                      return '';
 496                  }
 497                  return $this->input[$name];
 498          }
 499      }
 500  
 501      /**
 502       * Get the path to an asset using the CDN URL if configured.
 503       *
 504       * @param string $path    The path to the file.
 505       * @param bool   $use_cdn Whether to use the configured CDN options.
 506       *
 507       * @return string The complete URL to the asset.
 508       */
 509  	public function get_asset_url($path = '', $use_cdn = true)
 510      {
 511          $path = (string) $path;
 512          $path = ltrim($path, '/');
 513  
 514          if(substr($path, 0, 4) != 'http')
 515          {
 516              if(substr($path, 0, 2) == './')
 517              {
 518                  $path = substr($path, 2);
 519              }
 520  
 521              if($use_cdn && $this->settings['usecdn'] && !empty($this->settings['cdnurl']))
 522              {
 523                  $base_path = rtrim($this->settings['cdnurl'], '/');
 524              }
 525              else
 526              {
 527                  $base_path = rtrim($this->settings['bburl'], '/');
 528              }
 529  
 530              $url = $base_path;
 531  
 532              if(!empty($path))
 533              {
 534                  $url = $base_path . '/' . $path;
 535              }
 536          }
 537          else
 538          {
 539              $url = $path;
 540          }
 541  
 542          return $url;
 543      }
 544  
 545      /**
 546       * Triggers a generic error.
 547       *
 548       * @param string $code The error code.
 549       */
 550  	function trigger_generic_error($code)
 551      {
 552          global $error_handler;
 553  
 554          switch($code)
 555          {
 556              case "cache_no_write":
 557                  $message = "The data cache directory (cache/) needs to exist and be writable by the web server. Change its permissions so that it is writable (777 on Unix based servers).";
 558                  $error_code = MYBB_CACHE_NO_WRITE;
 559                  break;
 560              case "install_directory":
 561                  $message = "The install directory (install/) still exists on your server and is not locked. To access MyBB please either remove this directory or create an empty file in it called 'lock'.";
 562                  $error_code = MYBB_INSTALL_DIR_EXISTS;
 563                  break;
 564              case "board_not_installed":
 565                  $message = "Your board has not yet been installed and configured. Please do so before attempting to browse it.";
 566                  $error_code = MYBB_NOT_INSTALLED;
 567                  break;
 568              case "board_not_upgraded":
 569                  $message = "Your board has not yet been upgraded. Please do so before attempting to browse it.";
 570                  $error_code = MYBB_NOT_UPGRADED;
 571                  break;
 572              case "sql_load_error":
 573                  $message = "MyBB was unable to load the SQL extension. Please contact the MyBB Group for support. <a href=\"https://mybb.com\">MyBB Website</a>";
 574                  $error_code = MYBB_SQL_LOAD_ERROR;
 575                  break;
 576              case "apc_load_error":
 577                  $message = "APC needs to be configured with PHP to use the APC cache support.";
 578                  $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
 579                  break;
 580              case "apcu_load_error":
 581                  $message = "APCu needs to be configured with PHP to use the APCu cache support.";
 582                  $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
 583                  break;
 584              case "eaccelerator_load_error":
 585                  $message = "eAccelerator needs to be configured with PHP to use the eAccelerator cache support.";
 586                  $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
 587                  break;
 588              case "memcache_load_error":
 589                  $message = "Your server does not have memcache support enabled.";
 590                  $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
 591                  break;
 592              case "memcached_load_error":
 593                  $message = "Your server does not have memcached support enabled.";
 594                  $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
 595                  break;
 596              case "xcache_load_error":
 597                  $message = "Xcache needs to be configured with PHP to use the Xcache cache support.";
 598                  $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
 599                  break;
 600              case "redis_load_error":
 601                  $message = "Your server does not have redis support enabled.";
 602                  $error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
 603                  break;
 604              default:
 605                  $message = "MyBB has experienced an internal error. Please contact the MyBB Group for support. <a href=\"https://mybb.com\">MyBB Website</a>";
 606                  $error_code = MYBB_GENERAL;
 607          }
 608          $error_handler->trigger($message, $error_code);
 609      }
 610  
 611  	function __destruct()
 612      {
 613          // Run shutdown function
 614          if(function_exists("run_shutdown"))
 615          {
 616              run_shutdown();
 617          }
 618      }
 619  }
 620  
 621  /**
 622   * Do this here because the core is used on every MyBB page
 623   */
 624  
 625  $grouppermignore = array("gid", "type", "title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
 626  $groupzerogreater = array(
 627      'maxposts',
 628      'attachquota',
 629      'edittimelimit',
 630      'maxreputationsperthread',
 631      'maxreputationsperuser',
 632      'maxreputationsday',
 633      'maxwarningsday',
 634      'pmquota',
 635      'maxpmrecipients',
 636      'maxemails',
 637  );
 638  $groupzerolesser = array(
 639      'canusesigxposts',
 640      'emailfloodtime',
 641  );
 642  $groupxgreater = array(
 643      'reputationpower' => 0,
 644  );
 645  $grouppermbyswitch = array(
 646      'maxposts' => array('canpostthreads', 'canpostreplys'),
 647      'attachquota' => 'canpostattachments',
 648      'edittimelimit' => 'caneditposts',
 649      'canusesigxposts' => 'canusesig',
 650      'reputationpower' => 'cangivereputations',
 651      'maxreputationsperthread' => 'cangivereputations',
 652      'maxreputationsperuser' => 'cangivereputations',
 653      'maxreputationsday' => 'cangivereputations',
 654      'maxwarningsday' => 'canwarnusers',
 655      'pmquota' => 'canusepms',
 656      'maxpmrecipients' => 'canusepms',
 657      'maxemails' => 'cansendemail',
 658      'emailfloodtime' => 'cansendemail',
 659  );
 660  
 661  $displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
 662  
 663  // These are fields in the usergroups table that are also forum permission specific.
 664  $fpermfields = array(
 665      'canview',
 666      'canviewthreads',
 667      'candlattachments',
 668      'canpostthreads',
 669      'canpostreplys',
 670      'canpostattachments',
 671      'canratethreads',
 672      'caneditposts',
 673      'candeleteposts',
 674      'candeletethreads',
 675      'caneditattachments',
 676      'canviewdeletionnotice',
 677      'modposts',
 678      'modthreads',
 679      'modattachments',
 680      'mod_edit_posts',
 681      'canpostpolls',
 682      'canvotepolls',
 683      'cansearch'
 684  );


2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup Cross-referenced by PHPXref