293 lines
19 KiB
PHP
293 lines
19 KiB
PHP
<?php
|
|
if (!defined('IN_INDEX')) {
|
|
header('Location: ../index.php');
|
|
exit;
|
|
}
|
|
|
|
// database connection:
|
|
$connid = connect_db($db_settings['host'], $db_settings['user'], $db_settings['password'], $db_settings['database']);
|
|
|
|
// set current timestamp:
|
|
list($timestamp) = mysqli_fetch_row(mysqli_query($connid, "SELECT UNIX_TIMESTAMP(NOW())"));
|
|
define('TIMESTAMP', $timestamp);
|
|
|
|
// get settings:
|
|
$settings = get_settings();
|
|
|
|
// CSRF protection token
|
|
if (!isset($_SESSION['csrf_token'])) {
|
|
$_SESSION['csrf_token'] = $uniqid = uniqid('', true);
|
|
}
|
|
|
|
// auto login:
|
|
if (!isset($_SESSION[$settings['session_prefix'].'user_id']) && isset($_COOKIE[$settings['session_prefix'].'auto_login']) && isset($settings['autologin']) && $settings['autologin'] == 1) {
|
|
include('includes/auto_login.inc.php');
|
|
}
|
|
|
|
// access permission checks for not registered users:
|
|
if ($settings['access_permission_checks'] == 1 && !isset($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
// look if IP or user agent is banned:
|
|
$ip_result = mysqli_query($connid, "SELECT name, list FROM ".$db_settings['banlists_table']." WHERE name = 'ips' OR name = 'user_agents'") or raise_error('database_error', mysqli_error($connid));
|
|
while ($data = mysqli_fetch_array($ip_result)) {
|
|
if ($data['name'] == 'ips') $ips = $data['list'];
|
|
if ($data['name'] == 'user_agents') $user_agents = $data['list'];
|
|
}
|
|
mysqli_free_result($ip_result);
|
|
if (isset($ips) && !empty($ips) && trim($ips) != '') {
|
|
$banned_ips = explode("\n",$ips);
|
|
if (is_ip_banned($_SERVER['REMOTE_ADDR'], $banned_ips)) raise_error('403');
|
|
}
|
|
if (isset($user_agents) && !empty($user_agents) && trim($user_agents) != '') {
|
|
$banned_user_agents = explode("\n", $user_agents);
|
|
if (is_user_agent_banned($_SERVER['HTTP_USER_AGENT'], $banned_user_agents)) raise_error('403');
|
|
}
|
|
}
|
|
|
|
// look if user blocked:
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
$block_result = mysqli_query($connid, "SELECT user_lock FROM ".$db_settings['userdata_table']." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id']) ." LIMIT 1") or raise_error('database_error', mysqli_error($connid));
|
|
$data = mysqli_fetch_array($block_result);
|
|
mysqli_free_result($block_result);
|
|
if ($data['user_lock'] == 1) {
|
|
log_out($_SESSION[$settings['session_prefix'].'user_id'], 'account_locked');
|
|
}
|
|
}
|
|
|
|
// set time zone:
|
|
if (function_exists('date_default_timezone_set')) {
|
|
if (isset($_SESSION[$settings['session_prefix'].'usersettings']['time_zone']) && $_SESSION[$settings['session_prefix'].'usersettings']['time_zone'] != '') {
|
|
date_default_timezone_set($_SESSION[$settings['session_prefix'].'usersettings']['time_zone']);
|
|
$forum_time_zone = $_SESSION[$settings['session_prefix'].'usersettings']['time_zone'];
|
|
if (isset($_SESSION[$settings['session_prefix'].'usersettings']['time_difference']) && $_SESSION[$settings['session_prefix'].'usersettings']['time_difference'] != 0) {
|
|
if ($_SESSION[$settings['session_prefix'].'usersettings']['time_difference'] > 0) $uds = '+'; else $uds = '-';
|
|
$udm = abs($_SESSION[$settings['session_prefix'].'usersettings']['time_difference']);
|
|
$udh = floor($udm / 60);
|
|
$udmr = $udm - $udh * 60;
|
|
if ($udmr < 10) $udmr = '0'.$udmr;
|
|
$udf = $uds.$udh.':'.$udmr;
|
|
$forum_time_zone = $_SESSION[$settings['session_prefix'].'usersettings']['time_zone'].' '.$udf;
|
|
} else {
|
|
$forum_time_zone = $_SESSION[$settings['session_prefix'].'usersettings']['time_zone'];
|
|
}
|
|
} elseif($settings['time_zone'] != '') {
|
|
date_default_timezone_set($settings['time_zone']);
|
|
$forum_time_zone = $settings['time_zone'];
|
|
} else {
|
|
date_default_timezone_set('UTC');
|
|
$forum_time_zone = 'UTC';
|
|
}
|
|
}
|
|
|
|
// do daily actions:
|
|
//daily_actions(TIMESTAMP);
|
|
|
|
$categories = get_categories();
|
|
$category_ids = get_category_ids($categories);
|
|
if ($category_ids != false) $category_ids_query = implode(', ', $category_ids);
|
|
if (empty($category)) $category = 0;
|
|
|
|
// user settings:
|
|
if (isset($_COOKIE[$settings['session_prefix'].'usersettings'])) {
|
|
$usersettings_cookie = explode('.', $_COOKIE[$settings['session_prefix'].'usersettings']);
|
|
}
|
|
|
|
if (empty($_SESSION[$settings['session_prefix'].'usersettings'])) {
|
|
if (isset($usersettings_cookie[0])) {
|
|
$usersettings['user_view'] = $usersettings_cookie[0] == 1 ? 1 : 0;
|
|
} else {
|
|
$usersettings['user_view'] = $settings['default_view'];
|
|
}
|
|
$usersettings['thread_order'] = isset($usersettings_cookie[1]) && $usersettings_cookie[1] == 1 ? 1 : 0;
|
|
$usersettings['sidebar'] = isset($usersettings_cookie[2]) && $usersettings_cookie[2] == 0 ? 0 : 1;
|
|
if(isset($usersettings_cookie[3])) {
|
|
$usersettings['fold_threads'] = $usersettings_cookie[3] == 1 ? 1 : 0;
|
|
} else {
|
|
$usersettings['fold_threads'] = $settings['fold_threads'];
|
|
}
|
|
$usersettings['thread_display'] = isset($usersettings_cookie[4]) && $usersettings_cookie[4] == 1 ? 1 : 0;
|
|
$usersettings['page'] = 1;
|
|
$usersettings['category'] = 0;
|
|
$_SESSION[$settings['session_prefix'].'usersettings'] = $usersettings;
|
|
setcookie($settings['session_prefix'].'usersettings', $_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'], cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
|
|
}
|
|
|
|
if (isset($_REQUEST['toggle_sidebar'])) {
|
|
if (empty($_SESSION[$settings['session_prefix'].'usersettings']['sidebar'])) $_SESSION[$settings['session_prefix'].'usersettings']['sidebar'] = 1;
|
|
else $_SESSION[$settings['session_prefix'].'usersettings']['sidebar'] = 0;
|
|
setcookie($settings['session_prefix'].'usersettings', $_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'], cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
|
|
// update database for registered users:
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login = last_login, last_logout = last_logout, registered = registered, sidebar = ". intval($_SESSION[$settings['session_prefix'].'usersettings']['sidebar']) ." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id']));
|
|
}
|
|
|
|
if (isset($_POST['toggle_sidebar'])) exit; // AJAX request
|
|
|
|
if (isset($_GET['category']) && isset($_GET['page']) && isset($_GET['order'])) $q = '?page='.$_GET['page'].'&category='.$_GET['category'].'&order='.$_GET['order']; else $q = '';
|
|
header('location: index.php'.$q);
|
|
exit;
|
|
}
|
|
|
|
if (isset($_GET['thread_order']) && isset($_SESSION[$settings['session_prefix'].'usersettings']['thread_order'])) {
|
|
$page = 1;
|
|
if ($_GET['thread_order'] == 1) $thread_order = 1;
|
|
else $thread_order = 0;
|
|
if ($thread_order != $_SESSION[$settings['session_prefix'].'usersettings']['thread_order']) {
|
|
$_SESSION[$settings['session_prefix'].'usersettings']['page'] = 1;
|
|
$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'] = $thread_order;
|
|
setcookie($settings['session_prefix'].'usersettings', $_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$thread_order.'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'], cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id'])) @mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login = last_login, last_logout = last_logout, registered = registered, thread_order = ". intval($thread_order) ." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id']));
|
|
}
|
|
}
|
|
if (isset($_SESSION[$settings['session_prefix'].'usersettings']) && isset($_GET['toggle_view']) && in_array($_GET['toggle_view'], array(0, 1))) {
|
|
$_SESSION[$settings['session_prefix'].'usersettings']['user_view'] = intval($_GET['toggle_view']);
|
|
setcookie($settings['session_prefix'].'usersettings', $_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'], cookie_options(TIMESTAMP+(3600*24*$settings['cookie_validity_days'])));
|
|
// update database for registered users:
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login = last_login, last_logout = last_logout, registered = registered, user_view = ". intval($_SESSION[$settings['session_prefix'].'usersettings']['user_view']) ." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id'])) or die(mysqli_error($connid));
|
|
}
|
|
if (isset($_GET['category']) && isset($_GET['page']) && isset($_GET['order'])) $q = '&page='.$_GET['page'].'&category='.$_GET['category'].'&order='.$_GET['order']; else $q = '';
|
|
header('location: index.php?mode=index'.$q);
|
|
exit;
|
|
}
|
|
if (isset($_SESSION[$settings['session_prefix'].'usersettings']) && isset($_GET['toggle_thread_display']) && in_array($_GET['toggle_thread_display'], array(0, 1)) && isset($_GET['id'])) {
|
|
$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'] = intval($_GET['toggle_thread_display']);
|
|
setcookie($settings['session_prefix'].'usersettings', $_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'], cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
|
|
// update database for registered users:
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login = last_login, last_logout = last_logout, registered = registered, thread_display = ". intval($_SESSION[$settings['session_prefix'].'usersettings']['thread_display']) ." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id'])) or die(mysqli_error($connid));
|
|
}
|
|
header('location: index.php?mode=thread&id='.intval($_GET['id']));
|
|
exit;
|
|
}
|
|
|
|
if (isset($_SESSION[$settings['session_prefix'].'usersettings']) && isset($_GET['fold_threads']) && in_array($_GET['fold_threads'], array(0, 1))) {
|
|
$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'] = intval($_GET['fold_threads']);
|
|
setcookie($settings['session_prefix'].'usersettings', $_SESSION[$settings['session_prefix'].'usersettings']['user_view'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_order'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['sidebar'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['fold_threads'].'.'.$_SESSION[$settings['session_prefix'].'usersettings']['thread_display'], cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
|
|
// update database for registered users:
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id'])) {
|
|
@mysqli_query($connid, "UPDATE ".$db_settings['userdata_table']." SET last_login = last_login, last_logout = last_logout, registered = registered, fold_threads = ". intval($_SESSION[$settings['session_prefix'].'usersettings']['fold_threads']) ." WHERE user_id = ". intval($_SESSION[$settings['session_prefix'].'user_id'])) or die(mysqli_error($connid));
|
|
}
|
|
if (isset($_GET['category']) && isset($_GET['page']) && isset($_GET['order'])) $q = '&page='.$_GET['page'].'&category='.$_GET['category'].'&order='.$_GET['order']; else $q = '';
|
|
if (isset($_GET['ajax'])) exit;
|
|
header('Location: index.php?mode=index'.$q);
|
|
exit;
|
|
}
|
|
|
|
if(isset($_GET['refresh'])) {
|
|
if (isset($_SESSION[$settings['session_prefix'].'usersettings']['newtime'])) {
|
|
$_SESSION[$settings['session_prefix'].'usersettings']['newtime'] = TIMESTAMP;
|
|
}
|
|
setcookie($settings['session_prefix'].'last_visit', TIMESTAMP.".".TIMESTAMP, cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
|
|
setcookie($settings['session_prefix'].'read', '', cookie_options(0));
|
|
header('location: index.php?mode=index');
|
|
exit;
|
|
}
|
|
|
|
if (isset($_GET['show_spam']) && isset($_SESSION[$settings['session_prefix'].'user_id']) && $_SESSION[$settings['session_prefix'].'user_id'] > 0) {
|
|
if (isset($_SESSION[$settings['session_prefix'].'usersettings']['show_spam'])) unset($_SESSION[$settings['session_prefix'].'usersettings']['show_spam']);
|
|
else $_SESSION[$settings['session_prefix'].'usersettings']['show_spam'] = true;
|
|
header('location: index.php?mode=index');
|
|
exit;
|
|
}
|
|
|
|
// determine last visit:
|
|
if (empty($_SESSION[$settings['session_prefix'].'user_id']) && $settings['remember_last_visit'] == 1) {
|
|
if (isset($_COOKIE[$settings['session_prefix'].'last_visit'])) {
|
|
$c_last_visit = explode(".", $_COOKIE[$settings['session_prefix'].'last_visit']);
|
|
if (isset($c_last_visit[0])) $c_last_visit[0] = intval(trim($c_last_visit[0])); else $c_last_visit[0] = TIMESTAMP;
|
|
if (isset($c_last_visit[1])) $c_last_visit[1] = intval(trim($c_last_visit[1])); else $c_last_visit[1] = TIMESTAMP;
|
|
if ($c_last_visit[1] < (TIMESTAMP - 600)) {
|
|
$c_last_visit[0] = $c_last_visit[1];
|
|
$c_last_visit[1] = TIMESTAMP;
|
|
setcookie($settings['session_prefix'].'last_visit', $c_last_visit[0].".".$c_last_visit[1], cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
|
|
}
|
|
}
|
|
else
|
|
setcookie($settings['session_prefix'].'last_visit', TIMESTAMP.".".TIMESTAMP, cookie_options(TIMESTAMP + (3600 * 24 * $settings['cookie_validity_days'])));
|
|
}
|
|
|
|
if (isset($c_last_visit)) $last_visit = intval($c_last_visit[0]); else $last_visit = TIMESTAMP;
|
|
|
|
if (isset($_GET['category'])) {
|
|
$category = intval($_GET['category']);
|
|
$_SESSION[$settings['session_prefix'].'usersettings']['category'] = $category;
|
|
$_SESSION[$settings['session_prefix'].'usersettings']['page'] = 1;
|
|
}
|
|
|
|
if (isset($category_ids) && isset($_SESSION[$settings['session_prefix'].'usersettings']['category_selection'])) {
|
|
$category_selection = filter_category_selection($_SESSION[$settings['session_prefix'].'usersettings']['category_selection'], $category_ids);
|
|
if (!empty($category_selection)) $category_selection_query = implode(', ', $category_selection);
|
|
}
|
|
|
|
// count spam:
|
|
$count_spam_sql =
|
|
"SELECT COUNT(*) FROM " . $db_settings['forum_table'] . " AS ft INNER JOIN (SELECT eid FROM " . $db_settings['akismet_rating_table'] . " WHERE " . $db_settings['akismet_rating_table'] . ".spam = 1 UNION SELECT eid FROM " . $db_settings['b8_rating_table'] . " WHERE " . $db_settings['b8_rating_table'] . ".spam = 1) AS spam_list ON spam_list.eid = ft.id";
|
|
|
|
$count_spam_result = mysqli_query($connid, $count_spam_sql);
|
|
list($total_spam) = mysqli_fetch_row($count_spam_result);
|
|
mysqli_free_result($count_spam_result);
|
|
|
|
// show spam? NOTE: variables are used in several php files, i.e. index.inc.php, thread.inc.php, entry.inc.php
|
|
$show_spam = false;
|
|
$spam_sql_and = " AND spam_list.id IS NULL";
|
|
|
|
if ($total_spam > 0 && isset($_SESSION[$settings['session_prefix'].'usersettings']['show_spam'])) {
|
|
$show_spam = true;
|
|
$spam_sql_and = " AND spam_list.id IS NOT NULL";
|
|
}
|
|
|
|
// count postings, threads, users and users online:
|
|
$total_threads_postings_body =
|
|
"SELECT COUNT(DISTINCT ft.id) FROM " . $db_settings['forum_table'] . " AS ft LEFT JOIN (SELECT ".$db_settings['forum_table'].".id, ".$db_settings['forum_table'].".tid FROM ".$db_settings['forum_table']." INNER JOIN " . $db_settings['akismet_rating_table'] . " ON ".$db_settings['forum_table'].".id = " . $db_settings['akismet_rating_table'] . ".eid WHERE " . $db_settings['akismet_rating_table'] . ".spam = 1 UNION SELECT ".$db_settings['forum_table'].".id, ".$db_settings['forum_table'].".tid FROM ".$db_settings['forum_table']." INNER JOIN " . $db_settings['b8_rating_table'] . " ON ".$db_settings['forum_table'].".id = " . $db_settings['b8_rating_table'] . ".eid WHERE " . $db_settings['b8_rating_table'] . ".spam = 1)";
|
|
$threads_check_sql = " AND pid = 0";
|
|
if ($show_spam) {
|
|
$spam_totals = " AS spam_list ON spam_list.tid = ft.tid WHERE spam_list.id IS NOT NULL";
|
|
} else {
|
|
$spam_totals = " AS spam_list ON spam_list.id = ft.id WHERE spam_list.id IS NULL";
|
|
}
|
|
if ($categories == false) {
|
|
$total_postings_category = "";
|
|
} else {
|
|
// there are categories
|
|
$total_postings_category = " AND category IN (" . $category_ids_query . ")";
|
|
}
|
|
$total_threads_sql = $total_threads_postings_body . $spam_totals . $total_postings_category . $threads_check_sql;
|
|
$count_result = mysqli_query($connid, $total_threads_sql);
|
|
list($total_threads) = mysqli_fetch_row($count_result);
|
|
mysqli_free_result($count_result);
|
|
|
|
$total_postings_sql = $total_threads_postings_body . $spam_totals . $total_postings_category;
|
|
$count_result = mysqli_query($connid, $total_postings_sql);
|
|
list($total_postings) = mysqli_fetch_row($count_result);
|
|
mysqli_free_result($count_result);
|
|
|
|
$count_result = mysqli_query($connid, "SELECT COUNT(*) FROM " . $db_settings['userdata_table'] . " WHERE activate_code = ''");
|
|
list($registered_users) = mysqli_fetch_row($count_result);
|
|
|
|
if ($settings['count_users_online'] > 0) {
|
|
user_online($settings['count_users_online']);
|
|
$count_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['useronline_table']." WHERE user_id > 0");
|
|
list($registered_users_online) = mysqli_fetch_row($count_result);
|
|
$count_result = mysqli_query($connid, "SELECT COUNT(*) FROM ".$db_settings['useronline_table']." WHERE user_id = 0");
|
|
list($unregistered_users_online) = mysqli_fetch_row($count_result);
|
|
$total_users_online = $unregistered_users_online + $registered_users_online;
|
|
}
|
|
mysqli_free_result($count_result);
|
|
|
|
if (isset($settings['time_difference'])) $time_difference = intval($settings['time_difference']);
|
|
else $time_difference = 0;
|
|
if (isset($_SESSION[$settings['session_prefix'].'usersettings']['time_difference'])) $time_difference = $_SESSION[$settings['session_prefix'].'usersettings']['time_difference'] + $time_difference;
|
|
|
|
// page menu:
|
|
if (isset($_SESSION[$settings['session_prefix'].'user_id'])) $menu_result = @mysqli_query($connid, "SELECT id, menu_linkname FROM ".$db_settings['pages_table']." WHERE menu_linkname != '' ORDER BY order_id ASC") or raise_error('database_error', mysqli_error($connid));
|
|
else $menu_result = @mysqli_query($connid, "SELECT id, menu_linkname FROM ".$db_settings['pages_table']." WHERE menu_linkname != '' AND access = 0 ORDER BY order_id ASC") or raise_error('database_error', mysqli_error($connid));
|
|
if (mysqli_num_rows($menu_result) > 0) {
|
|
$i = 0;
|
|
while ($pages_data = mysqli_fetch_array($menu_result)) {
|
|
$menu[$i]['id'] = $pages_data['id'];
|
|
$menu[$i]['linkname'] = $pages_data['menu_linkname'];
|
|
$i++;
|
|
}
|
|
}
|
|
mysqli_free_result($menu_result);
|
|
?>
|