<?php/**************************************************************************** common.php* -------------------* begin : Saturday, Feb 23, 2001* copyright : (C) 2001 The phpBB Group* email : support@phpbb.com** $Id: common.php,v 1.74.2.25 2006/05/26 17:46:59 grahamje Exp $****************************************************************************//***************************************************************************** This program is free software; you can redistribute it and/or modify* it under the terms of the GNU General Public License as published by* the Free Software Foundation; either version 2 of the License, or* (at your option) any later version.****************************************************************************/if ( !defined('IN_PHPBB') ){die("Hacking attempt");}//error_reporting (E_ERROR | E_WARNING | E_PARSE); // This will NOT report uninitialized variablesset_magic_quotes_runtime(0); // Disable magic_quotes_runtime// The following code (unsetting globals)// Thanks to Matt Kavanagh and Stefan Esser for providing feedback as well as patch files// PHP5 with register_long_arrays off?if (@phpversion() >= '5.0.0' && (!@ini_get('register_long_arrays') || @ini_get('register_long_arrays') == '0' || strtolower(@ini_get('register_long_arrays')) == 'off')){$HTTP_POST_VARS = $_POST;$HTTP_GET_VARS = $_GET;$HTTP_SERVER_VARS = $_SERVER;$HTTP_COOKIE_VARS = $_COOKIE;$HTTP_ENV_VARS = $_ENV;$HTTP_POST_FILES = $_FILES;// _SESSION is the only superglobal which is conditionally setif (isset($_SESSION)){$HTTP_SESSION_VARS = $_SESSION;}}// Protect against GLOBALS tricksif (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS']) || isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS'])){die("Hacking attempt");}// Protect against HTTP_SESSION_VARS tricksif (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS)){die("Hacking attempt");}if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on'){// PHP4+ path$not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path');// Not only will array_merge give a warning if a parameter// is not an array, it will actually fail. So we check if// HTTP_SESSION_VARS has been initialised.if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS)){$HTTP_SESSION_VARS = array();}// Merge all into one extremely huge array; unset// this later$input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);unset($input['input']);unset($input['not_unset']);while (list($var,) = @each($input)){if (in_array($var, $not_unset)){die('Hacking attempt!');}unset($$var);}unset($input);}//// addslashes to vars if magic_quotes_gpc is off// this is a security precaution to prevent someone// trying to break out of a SQL statement.//if( !get_magic_quotes_gpc() ){if( is_array($HTTP_GET_VARS) ){while( list($k, $v) = each($HTTP_GET_VARS) ){if( is_array($HTTP_GET_VARS[$k]) ){while( list($k2, $v2) = each($HTTP_GET_VARS[$k]) ){$HTTP_GET_VARS[$k][$k2] = addslashes($v2);}@reset($HTTP_GET_VARS[$k]);}else{$HTTP_GET_VARS[$k] = addslashes($v);}}@reset($HTTP_GET_VARS);}if( is_array($HTTP_POST_VARS) ){while( list($k, $v) = each($HTTP_POST_VARS) ){if( is_array($HTTP_POST_VARS[$k]) ){while( list($k2, $v2) = each($HTTP_POST_VARS[$k]) ){$HTTP_POST_VARS[$k][$k2] = addslashes($v2);}@reset($HTTP_POST_VARS[$k]);}else{$HTTP_POST_VARS[$k] = addslashes($v);}}@reset($HTTP_POST_VARS);}if( is_array($HTTP_COOKIE_VARS) ){while( list($k, $v) = each($HTTP_COOKIE_VARS) ){if( is_array($HTTP_COOKIE_VARS[$k]) ){while( list($k2, $v2) = each($HTTP_COOKIE_VARS[$k]) ){$HTTP_COOKIE_VARS[$k][$k2] = addslashes($v2);}@reset($HTTP_COOKIE_VARS[$k]);}else{$HTTP_COOKIE_VARS[$k] = addslashes($v);}}@reset($HTTP_COOKIE_VARS);}}//// Define some basic configuration arrays this also prevents// malicious rewriting of language and otherarray values via// URI params//$board_config = array();$userdata = array();$theme = array();$images = array();$lang = array();$nav_links = array();$dss_seeded = false;$gen_simple_header = FALSE;include($phpbb_root_path . 'config.'.$phpEx);if( !defined("PHPBB_INSTALLED") ){header('Location: ' . $phpbb_root_path . 'install/install.' . $phpEx);exit;}include($phpbb_root_path . 'includes/constants.'.$phpEx);include($phpbb_root_path . 'includes/template.'.$phpEx);include($phpbb_root_path . 'includes/sessions.'.$phpEx);include($phpbb_root_path . 'includes/auth.'.$phpEx);include($phpbb_root_path . 'includes/functions.'.$phpEx);include($phpbb_root_path . 'includes/db.'.$phpEx);// We do not need this any longer, unset for safety purposesunset($dbpasswd);//// Obtain and encode users IP//// I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such as// private range IP's appearing instead of the guilty routable IP, tough, don't// even bother complaining ... go scream and shout at the idiots out there who feel// "clever" is doing harm rather than good ... karma is a great thing ... :)//$client_ip = ( !empty($HTTP_SERVER_VARS['REMOTE_ADDR']) ) ? $HTTP_SERVER_VARS['REMOTE_ADDR'] : ( ( !empty($HTTP_ENV_VARS['REMOTE_ADDR']) ) ? $HTTP_ENV_VARS['REMOTE_ADDR'] : getenv('REMOTE_ADDR') );$user_ip = encode_ip($client_ip);//// Setup forum wide options, if this fails// then we output a CRITICAL_ERROR since// basic forum information is not available//$sql = "SELECT *FROM " . CONFIG_TABLE;if( !($result = $db->sql_query($sql)) ){message_die(CRITICAL_ERROR, "Could not query config information", "", __LINE__, __FILE__, $sql);}while ( $row = $db->sql_fetchrow($result) ){$board_config[$row['config_name']] = $row['config_value'];}if (file_exists('install') || file_exists('contrib')){message_die(GENERAL_MESSAGE, 'Please_remove_install_contrib');}//// Show 'Board is disabled' message if needed.//if( $board_config['board_disable'] && !defined("IN_ADMIN") && !defined("IN_LOGIN") ){message_die(GENERAL_MESSAGE, 'Board_disable', 'Information');}?>