array(
"tid", "pid", "uid",
"eid", "pmid", "fid",
"aid", "rid", "sid",
"vid", "cid", "bid",
"hid", "gid", "mid",
"wid", "lid", "iid",
"did", "qid", "id"
),
"pos" => array(
"page", "perpage"
),
"a-z" => array(
"sortby", "order"
)
);
/**
* Variables that are to be ignored from cleansing process
*
* @var array
*/
public $ignore_clean_variables = array();
/**
* Using built in shutdown functionality provided by register_shutdown_function for < PHP 5?
*
* @var bool
*/
public $use_shutdown = true;
/**
* Debug mode?
*
* @var bool
*/
public $debug_mode = false;
/**
* Binary database fields need to be handled differently
*
* @var array
*/
public $binary_fields = array(
'adminlog' => array('ipaddress' => true),
'adminsessions' => array('ip' => true),
'maillogs' => array('ipaddress' => true),
'moderatorlog' => array('ipaddress' => true),
'pollvotes' => array('ipaddress' => true),
'posts' => array('ipaddress' => true),
'privatemessages' => array('ipaddress' => true),
'searchlog' => array('ipaddress' => true),
'sessions' => array('ip' => true),
'threadratings' => array('ipaddress' => true),
'users' => array('regip' => true, 'lastip' => true),
'spamlog' => array('ipaddress' => true),
);
/**
* The cache instance to use.
*
* @var datacache
*/
public $cache;
/**
* The base URL to assets.
*
* @var string
*/
public $asset_url = null;
/**
* @var array
*/
public $session = array();
/**
* @var string
*/
public $post_code;
/**
* @var array
*/
public $admin;
/**
* String input constant for use with get_input().
*
* @see get_input
*/
const INPUT_STRING = 0;
/**
* Integer input constant for use with get_input().
*
* @see get_input
*/
const INPUT_INT = 1;
/**
* Array input constant for use with get_input().
*
* @see get_input
*/
const INPUT_ARRAY = 2;
/**
* Float input constant for use with get_input().
*
* @see get_input
*/
const INPUT_FLOAT = 3;
/**
* Boolean input constant for use with get_input().
*
* @see get_input
*/
const INPUT_BOOL = 4;
/**
* Constructor of class.
*/
function __construct()
{
// Set up MyBB
$protected = array("_GET", "_POST", "_SERVER", "_COOKIE", "_FILES", "_ENV", "GLOBALS");
foreach($protected as $var)
{
if(isset($_POST[$var]) || isset($_GET[$var]) || isset($_COOKIE[$var]) || isset($_FILES[$var]))
{
die("Hacking attempt");
}
}
if(defined("IGNORE_CLEAN_VARS"))
{
if(!is_array(IGNORE_CLEAN_VARS))
{
$this->ignore_clean_variables = array(IGNORE_CLEAN_VARS);
}
else
{
$this->ignore_clean_variables = IGNORE_CLEAN_VARS;
}
}
// Determine Magic Quotes Status (< PHP 6.0)
if(version_compare(PHP_VERSION, '6.0', '<'))
{
if(@get_magic_quotes_gpc())
{
$this->magicquotes = 1;
$this->strip_slashes_array($_POST);
$this->strip_slashes_array($_GET);
$this->strip_slashes_array($_COOKIE);
}
@set_magic_quotes_runtime(0);
@ini_set("magic_quotes_gpc", 0);
@ini_set("magic_quotes_runtime", 0);
}
// Determine input
$this->parse_incoming($_GET);
$this->parse_incoming($_POST);
if($_SERVER['REQUEST_METHOD'] == "POST")
{
$this->request_method = "post";
}
else if($_SERVER['REQUEST_METHOD'] == "GET")
{
$this->request_method = "get";
}
// If we've got register globals on, then kill them too
if(@ini_get("register_globals") == 1)
{
$this->unset_globals($_POST);
$this->unset_globals($_GET);
$this->unset_globals($_FILES);
$this->unset_globals($_COOKIE);
}
$this->clean_input();
$safe_mode_status = @ini_get("safe_mode");
if($safe_mode_status == 1 || strtolower($safe_mode_status) == 'on')
{
$this->safemode = true;
}
// Are we running on a development server?
if(isset($_SERVER['MYBB_DEV_MODE']) && $_SERVER['MYBB_DEV_MODE'] == 1)
{
$this->dev_mode = 1;
}
// Are we running in debug mode?
if(isset($this->input['debug']) && $this->input['debug'] == 1)
{
$this->debug_mode = true;
}
if(isset($this->input['action']) && $this->input['action'] == "mybb_logo")
{
require_once dirname(__FILE__)."/mybb_group.php";
output_logo();
}
if(isset($this->input['intcheck']) && $this->input['intcheck'] == 1)
{
die("MYBB");
}
}
/**
* Parses the incoming variables.
*
* @param array $array The array of incoming variables.
*/
function parse_incoming($array)
{
if(!is_array($array))
{
return;
}
foreach($array as $key => $val)
{
$this->input[$key] = $val;
}
}
/**
* Parses the incoming cookies
*
*/
function parse_cookies()
{
if(!is_array($_COOKIE))
{
return;
}
$prefix_length = strlen($this->settings['cookieprefix']);
foreach($_COOKIE as $key => $val)
{
if($prefix_length && substr($key, 0, $prefix_length) == $this->settings['cookieprefix'])
{
$key = substr($key, $prefix_length);
// Fixes conflicts with one board having a prefix and another that doesn't on the same domain
// Gives priority to our cookies over others (overwrites them)
if(isset($this->cookies[$key]))
{
unset($this->cookies[$key]);
}
}
if(empty($this->cookies[$key]))
{
$this->cookies[$key] = $val;
}
}
}
/**
* Strips slashes out of a given array.
*
* @param array $array The array to strip.
*/
function strip_slashes_array(&$array)
{
foreach($array as $key => $val)
{
if(is_array($array[$key]))
{
$this->strip_slashes_array($array[$key]);
}
else
{
$array[$key] = stripslashes($array[$key]);
}
}
}
/**
* Unsets globals from a specific array.
*
* @param array $array The array to unset from.
*/
function unset_globals($array)
{
if(!is_array($array))
{
return;
}
foreach(array_keys($array) as $key)
{
unset($GLOBALS[$key]);
unset($GLOBALS[$key]); // Double unset to circumvent the zend_hash_del_key_or_index hole in PHP <4.4.3 and <5.1.4
}
}
/**
* Cleans predefined input variables.
*
*/
function clean_input()
{
foreach($this->clean_variables as $type => $variables)
{
foreach($variables as $var)
{
// If this variable is in the ignored array, skip and move to next.
if(in_array($var, $this->ignore_clean_variables))
{
continue;
}
if(isset($this->input[$var]))
{
switch($type)
{
case "int":
$this->input[$var] = $this->get_input($var, MyBB::INPUT_INT);
break;
case "a-z":
$this->input[$var] = preg_replace("#[^a-z\.\-_]#i", "", $this->get_input($var));
break;
case "pos":
if(($this->input[$var] < 0 && $var != "page") || ($var == "page" && $this->input[$var] != "last" && $this->input[$var] < 0))
$this->input[$var] = 0;
break;
}
}
}
}
}
/**
* Checks the input data type before usage.
*
* @param string $name Variable name ($mybb->input)
* @param int $type The type of the variable to get. Should be one of MyBB::INPUT_INT, MyBB::INPUT_ARRAY or MyBB::INPUT_STRING.
*
* @return int|float|array|string Checked data. Type depending on $type
*/
function get_input($name, $type = MyBB::INPUT_STRING)
{
switch($type)
{
case MyBB::INPUT_ARRAY:
if(!isset($this->input[$name]) || !is_array($this->input[$name]))
{
return array();
}
return $this->input[$name];
case MyBB::INPUT_INT:
if(!isset($this->input[$name]) || !is_numeric($this->input[$name]))
{
return 0;
}
return (int)$this->input[$name];
case MyBB::INPUT_FLOAT:
if(!isset($this->input[$name]) || !is_numeric($this->input[$name]))
{
return 0.0;
}
return (float)$this->input[$name];
case MyBB::INPUT_BOOL:
if(!isset($this->input[$name]) || !is_scalar($this->input[$name]))
{
return false;
}
return (bool)$this->input[$name];
default:
if(!isset($this->input[$name]) || !is_scalar($this->input[$name]))
{
return '';
}
return $this->input[$name];
}
}
/**
* Get the path to an asset using the CDN URL if configured.
*
* @param string $path The path to the file.
* @param bool $use_cdn Whether to use the configured CDN options.
*
* @return string The complete URL to the asset.
*/
public function get_asset_url($path = '', $use_cdn = true)
{
$path = (string) $path;
$path = ltrim($path, '/');
if(substr($path, 0, 4) != 'http')
{
if(substr($path, 0, 2) == './')
{
$path = substr($path, 2);
}
if($use_cdn && $this->settings['usecdn'] && !empty($this->settings['cdnurl']))
{
$base_path = rtrim($this->settings['cdnurl'], '/');
}
else
{
$base_path = rtrim($this->settings['bburl'], '/');
}
$url = $base_path;
if(!empty($path))
{
$url = $base_path . '/' . $path;
}
}
else
{
$url = $path;
}
return $url;
}
/**
* Triggers a generic error.
*
* @param string $code The error code.
*/
function trigger_generic_error($code)
{
global $error_handler;
switch($code)
{
case "cache_no_write":
$message = "The data cache directory (cache/) needs to exist and be writable by the web server. Change its permissions so that it is writable (777 on Unix based servers).";
$error_code = MYBB_CACHE_NO_WRITE;
break;
case "install_directory":
$message = "The install directory (install/) still exists on your server and is not locked. To access MyBB please either remove this directory or create an empty file in it called 'lock'.";
$error_code = MYBB_INSTALL_DIR_EXISTS;
break;
case "board_not_installed":
$message = "Your board has not yet been installed and configured. Please do so before attempting to browse it.";
$error_code = MYBB_NOT_INSTALLED;
break;
case "board_not_upgraded":
$message = "Your board has not yet been upgraded. Please do so before attempting to browse it.";
$error_code = MYBB_NOT_UPGRADED;
break;
case "sql_load_error":
$message = "MyBB was unable to load the SQL extension. Please contact the MyBB Group for support. MyBB Website";
$error_code = MYBB_SQL_LOAD_ERROR;
break;
case "apc_load_error":
$message = "APC needs to be configured with PHP to use the APC cache support.";
$error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
break;
case "apcu_load_error":
$message = "APCu needs to be configured with PHP to use the APCu cache support.";
$error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
break;
case "eaccelerator_load_error":
$message = "eAccelerator needs to be configured with PHP to use the eAccelerator cache support.";
$error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
break;
case "memcache_load_error":
$message = "Your server does not have memcache support enabled.";
$error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
break;
case "memcached_load_error":
$message = "Your server does not have memcached support enabled.";
$error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
break;
case "xcache_load_error":
$message = "Xcache needs to be configured with PHP to use the Xcache cache support.";
$error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
break;
case "redis_load_error":
$message = "Your server does not have redis support enabled.";
$error_code = MYBB_CACHEHANDLER_LOAD_ERROR;
break;
default:
$message = "MyBB has experienced an internal error. Please contact the MyBB Group for support. MyBB Website";
$error_code = MYBB_GENERAL;
}
$error_handler->trigger($message, $error_code);
}
function __destruct()
{
// Run shutdown function
if(function_exists("run_shutdown"))
{
run_shutdown();
}
}
}
/**
* Do this here because the core is used on every MyBB page
*/
$grouppermignore = array("gid", "type", "title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
$groupzerogreater = array(
'maxposts',
'attachquota',
'edittimelimit',
'maxreputationsperthread',
'maxreputationsperuser',
'maxreputationsday',
'maxwarningsday',
'pmquota',
'maxpmrecipients',
'maxemails',
);
$groupzerolesser = array(
'canusesigxposts',
'emailfloodtime',
);
$groupxgreater = array(
'reputationpower' => 0,
);
$grouppermbyswitch = array(
'maxposts' => array('canpostthreads', 'canpostreplys'),
'attachquota' => 'canpostattachments',
'edittimelimit' => 'caneditposts',
'canusesigxposts' => 'canusesig',
'reputationpower' => 'cangivereputations',
'maxreputationsperthread' => 'cangivereputations',
'maxreputationsperuser' => 'cangivereputations',
'maxreputationsday' => 'cangivereputations',
'maxwarningsday' => 'canwarnusers',
'pmquota' => 'canusepms',
'maxpmrecipients' => 'canusepms',
'maxemails' => 'cansendemail',
'emailfloodtime' => 'cansendemail',
);
$displaygroupfields = array("title", "description", "namestyle", "usertitle", "stars", "starimage", "image");
// These are fields in the usergroups table that are also forum permission specific.
$fpermfields = array(
'canview',
'canviewthreads',
'candlattachments',
'canpostthreads',
'canpostreplys',
'canpostattachments',
'canratethreads',
'caneditposts',
'candeleteposts',
'candeletethreads',
'caneditattachments',
'canviewdeletionnotice',
'modposts',
'modthreads',
'modattachments',
'mod_edit_posts',
'canpostpolls',
'canvotepolls',
'cansearch'
);