index.php 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395
  1. <?php
  2. /**
  3. * This, as you have probably guessed, is the crux on which SMF functions.
  4. * Everything should start here, so all the setup and security is done
  5. * properly. The most interesting part of this file is the action array in
  6. * the smf_main() function. It is formatted as so:
  7. * 'action-in-url' => array('Source-File.php', 'FunctionToCall'),
  8. *
  9. * Then, you can access the FunctionToCall() function from Source-File.php
  10. * with the URL index.php?action=action-in-url. Relatively simple, no?
  11. *
  12. * Simple Machines Forum (SMF)
  13. *
  14. * @package SMF
  15. * @author Simple Machines http://www.simplemachines.org
  16. * @copyright 2014 Simple Machines and individual contributors
  17. * @license http://www.simplemachines.org/about/smf/license.php BSD
  18. *
  19. * @version 2.1 Alpha 1
  20. */
  21. $forum_version = 'SMF 2.1 Alpha 1';
  22. $software_year = '2014';
  23. // Get everything started up...
  24. define('SMF', 1);
  25. if (function_exists('set_magic_quotes_runtime'))
  26. @set_magic_quotes_runtime(0);
  27. error_reporting(defined('E_STRICT') ? E_ALL | E_STRICT : E_ALL);
  28. $time_start = microtime();
  29. // This makes it so headers can be sent!
  30. ob_start();
  31. // Do some cleaning, just in case.
  32. foreach (array('db_character_set', 'cachedir') as $variable)
  33. if (isset($GLOBALS[$variable]))
  34. unset($GLOBALS[$variable], $GLOBALS[$variable]);
  35. // Load the settings...
  36. require_once(dirname(__FILE__) . '/Settings.php');
  37. // Make absolutely sure the cache directory is defined.
  38. if ((empty($cachedir) || !file_exists($cachedir)) && file_exists($boarddir . '/cache'))
  39. $cachedir = $boarddir . '/cache';
  40. // Without those we can't go anywhere
  41. require_once($sourcedir . '/QueryString.php');
  42. require_once($sourcedir . '/Subs.php');
  43. require_once($sourcedir . '/Errors.php');
  44. require_once($sourcedir . '/Load.php');
  45. // If $maintenance is set specifically to 2, then we're upgrading or something.
  46. if (!empty($maintenance) && $maintenance == 2)
  47. display_maintenance_message();
  48. // Create a variable to store some SMF specific functions in.
  49. $smcFunc = array();
  50. // Initiate the database connection and define some database functions to use.
  51. loadDatabase();
  52. // Load the settings from the settings table, and perform operations like optimizing.
  53. $context = array();
  54. reloadSettings();
  55. // Clean the request variables, add slashes, etc.
  56. cleanRequest();
  57. // Seed the random generator.
  58. if (empty($modSettings['rand_seed']) || mt_rand(1, 250) == 69)
  59. smf_seed_generator();
  60. // Browser cache variable
  61. if(empty($modSettings['browser_cache']))
  62. reset_browser_cache();
  63. // Before we get carried away, are we doing a scheduled task? If so save CPU cycles by jumping out!
  64. if (isset($_GET['scheduled']))
  65. {
  66. require_once($sourcedir . '/ScheduledTasks.php');
  67. AutoTask();
  68. }
  69. // Displaying attached avatars, legacy.
  70. elseif (isset($_GET['action']) && $_GET['action'] == 'dlattach' && isset($_GET['type']) && $_GET['type'] == 'avatar')
  71. {
  72. require_once($sourcedir. '/Avatar.php');
  73. showAvatar();
  74. }
  75. // And important includes.
  76. require_once($sourcedir . '/Session.php');
  77. require_once($sourcedir . '/Errors.php');
  78. require_once($sourcedir . '/Logging.php');
  79. require_once($sourcedir . '/Security.php');
  80. require_once($sourcedir . '/Class-BrowserDetect.php');
  81. // Using an pre-PHP 5.1 version?
  82. if (version_compare(PHP_VERSION, '5.1', '<'))
  83. require_once($sourcedir . '/Subs-Compat.php');
  84. // Check if compressed output is enabled, supported, and not already being done.
  85. if (!empty($modSettings['enableCompressedOutput']) && !headers_sent())
  86. {
  87. // If zlib is being used, turn off output compression.
  88. if (ini_get('zlib.output_compression') >= 1 || ini_get('output_handler') == 'ob_gzhandler')
  89. $modSettings['enableCompressedOutput'] = '0';
  90. else
  91. {
  92. ob_end_clean();
  93. ob_start('ob_gzhandler');
  94. }
  95. }
  96. // Register an error handler.
  97. set_error_handler('error_handler');
  98. // Start the session. (assuming it hasn't already been.)
  99. loadSession();
  100. // Determine if this is using WAP, WAP2, or imode. Technically, we should check that wap comes before application/xhtml or text/html, but this doesn't work in practice as much as it should.
  101. if (isset($_REQUEST['wap']) || isset($_REQUEST['wap2']) || isset($_REQUEST['imode']))
  102. unset($_SESSION['nowap']);
  103. elseif (isset($_REQUEST['nowap']))
  104. $_SESSION['nowap'] = true;
  105. elseif (!isset($_SESSION['nowap']))
  106. {
  107. if (isset($_SERVER['HTTP_ACCEPT']) && strpos($_SERVER['HTTP_ACCEPT'], 'application/vnd.wap.xhtml+xml') !== false)
  108. $_REQUEST['wap2'] = 1;
  109. elseif (isset($_SERVER['HTTP_ACCEPT']) && strpos($_SERVER['HTTP_ACCEPT'], 'text/vnd.wap.wml') !== false)
  110. {
  111. if (strpos($_SERVER['HTTP_USER_AGENT'], 'DoCoMo/') !== false || strpos($_SERVER['HTTP_USER_AGENT'], 'portalmmm/') !== false)
  112. $_REQUEST['imode'] = 1;
  113. else
  114. $_REQUEST['wap'] = 1;
  115. }
  116. }
  117. if (!defined('WIRELESS'))
  118. define('WIRELESS', isset($_REQUEST['wap']) || isset($_REQUEST['wap2']) || isset($_REQUEST['imode']));
  119. // Some settings and headers are different for wireless protocols.
  120. if (WIRELESS)
  121. {
  122. define('WIRELESS_PROTOCOL', isset($_REQUEST['wap']) ? 'wap' : (isset($_REQUEST['wap2']) ? 'wap2' : (isset($_REQUEST['imode']) ? 'imode' : '')));
  123. // Some cellphones can't handle output compression...
  124. // @todo shouldn't the phone handle that?
  125. $modSettings['enableCompressedOutput'] = '0';
  126. // @todo Do we want these hard coded?
  127. $modSettings['defaultMaxMessages'] = 5;
  128. $modSettings['defaultMaxTopics'] = 9;
  129. // Wireless protocol header.
  130. if (WIRELESS_PROTOCOL == 'wap')
  131. header('Content-Type: text/vnd.wap.wml');
  132. }
  133. // Restore post data if we are revalidating OpenID.
  134. if (isset($_GET['openid_restore_post']) && !empty($_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]['post']) && empty($_POST))
  135. {
  136. $_POST = $_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]['post'];
  137. unset($_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]);
  138. }
  139. // What function shall we execute? (done like this for memory's sake.)
  140. call_user_func(smf_main());
  141. // Call obExit specially; we're coming from the main area ;).
  142. obExit(null, null, true);
  143. /**
  144. * The main dispatcher.
  145. * This delegates to each area.
  146. */
  147. function smf_main()
  148. {
  149. global $modSettings, $settings, $user_info, $board, $topic, $board_info, $maintenance, $sourcedir;
  150. // Special case: session keep-alive, output a transparent pixel.
  151. if (isset($_GET['action']) && $_GET['action'] == 'keepalive')
  152. {
  153. header('Content-Type: image/gif');
  154. die("\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B");
  155. }
  156. // We should set our security headers now.
  157. frameOptionsHeader();
  158. // Load the user's cookie (or set as guest) and load their settings.
  159. loadUserSettings();
  160. // Load the current board's information.
  161. loadBoard();
  162. // Load the current user's permissions.
  163. loadPermissions();
  164. // Attachments don't require the entire theme to be loaded.
  165. if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'dlattach' && (!empty($modSettings['allow_guestAccess']) && $user_info['is_guest']))
  166. detectBrowser();
  167. // Load the current theme. (note that ?theme=1 will also work, may be used for guest theming.)
  168. else
  169. loadTheme();
  170. // Check if the user should be disallowed access.
  171. is_not_banned();
  172. // If we are in a topic and don't have permission to approve it then duck out now.
  173. if (!empty($topic) && empty($board_info['cur_topic_approved']) && !allowedTo('approve_posts') && ($user_info['id'] != $board_info['cur_topic_starter'] || $user_info['is_guest']))
  174. fatal_lang_error('not_a_topic', false);
  175. $no_stat_actions = array('clock', 'dlattach', 'findmember', 'jsoption', 'likes', 'loadeditorlocale', 'modifycat', 'requestmembers', 'smstats', 'suggest', 'about:unknown', '.xml', 'xmlhttp', 'verificationcode', 'viewquery', 'viewsmfile');
  176. call_integration_hook('integrate_pre_log_stats', array(&$no_stat_actions));
  177. // Do some logging, unless this is an attachment, avatar, toggle of editor buttons, theme option, XML feed etc.
  178. if (empty($_REQUEST['action']) || !in_array($_REQUEST['action'], $no_stat_actions))
  179. {
  180. // Log this user as online.
  181. writeLog();
  182. // Track forum statistics and hits...?
  183. if (!empty($modSettings['hitStats']))
  184. trackStats(array('hits' => '+'));
  185. }
  186. unset($no_stat_actions);
  187. // Is the forum in maintenance mode? (doesn't apply to administrators.)
  188. if (!empty($maintenance) && !allowedTo('admin_forum'))
  189. {
  190. // You can only login.... otherwise, you're getting the "maintenance mode" display.
  191. if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'login2' || $_REQUEST['action'] == 'logout'))
  192. {
  193. require_once($sourcedir . '/LogInOut.php');
  194. return $_REQUEST['action'] == 'login2' ? 'Login2' : 'Logout';
  195. }
  196. // Don't even try it, sonny.
  197. else
  198. {
  199. require_once($sourcedir . '/Subs-Auth.php');
  200. return 'InMaintenance';
  201. }
  202. }
  203. // If guest access is off, a guest can only do one of the very few following actions.
  204. elseif (empty($modSettings['allow_guestAccess']) && $user_info['is_guest'] && (!isset($_REQUEST['action']) || !in_array($_REQUEST['action'], array('coppa', 'login', 'login2', 'register', 'register2', 'reminder', 'activate', 'help', 'helpadmin', 'smstats', 'mailq', 'verificationcode', 'openidreturn'))))
  205. {
  206. require_once($sourcedir . '/Subs-Auth.php');
  207. return 'KickGuest';
  208. }
  209. elseif (empty($_REQUEST['action']))
  210. {
  211. // Action and board are both empty... BoardIndex! Unless someone else wants to do something different.
  212. if (empty($board) && empty($topic))
  213. {
  214. $defaultActions = call_integration_hook('integrate_default_action');
  215. foreach ($defaultActions as $defaultAction)
  216. {
  217. $call = strpos($defaultAction, '::') !== false ? explode('::', $defaultAction) : $defaultAction;
  218. if (!empty($call) && is_callable($call))
  219. return $call;
  220. }
  221. require_once($sourcedir . '/BoardIndex.php');
  222. return 'BoardIndex';
  223. }
  224. // Topic is empty, and action is empty.... MessageIndex!
  225. elseif (empty($topic))
  226. {
  227. require_once($sourcedir . '/MessageIndex.php');
  228. return 'MessageIndex';
  229. }
  230. // Board is not empty... topic is not empty... action is empty.. Display!
  231. else
  232. {
  233. require_once($sourcedir . '/Display.php');
  234. return 'Display';
  235. }
  236. }
  237. // Here's the monstrous $_REQUEST['action'] array - $_REQUEST['action'] => array($file, $function).
  238. $actionArray = array(
  239. 'activate' => array('Register.php', 'Activate'),
  240. 'admin' => array('Admin.php', 'AdminMain'),
  241. 'announce' => array('Post.php', 'AnnounceTopic'),
  242. 'attachapprove' => array('ManageAttachments.php', 'ApproveAttach'),
  243. 'buddy' => array('Subs-Members.php', 'BuddyListToggle'),
  244. 'calendar' => array('Calendar.php', 'CalendarMain'),
  245. 'clock' => array('Calendar.php', 'clock'),
  246. 'collapse' => array('BoardIndex.php', 'CollapseCategory'),
  247. 'coppa' => array('Register.php', 'CoppaForm'),
  248. 'credits' => array('Who.php', 'Credits'),
  249. 'deletemsg' => array('RemoveTopic.php', 'DeleteMessage'),
  250. 'dlattach' => array('Display.php', 'Download'),
  251. 'editpoll' => array('Poll.php', 'EditPoll'),
  252. 'editpoll2' => array('Poll.php', 'EditPoll2'),
  253. 'emailuser' => array('SendTopic.php', 'EmailUser'),
  254. 'findmember' => array('Subs-Auth.php', 'JSMembers'),
  255. 'groups' => array('Groups.php', 'Groups'),
  256. 'help' => array('Help.php', 'ShowHelp'),
  257. 'helpadmin' => array('Help.php', 'ShowAdminHelp'),
  258. 'jsmodify' => array('Post.php', 'JavaScriptModify'),
  259. 'jsoption' => array('Themes.php', 'SetJavaScript'),
  260. 'likes' => array('Likes.php', 'Likes'),
  261. 'loadeditorlocale' => array('Subs-Editor.php', 'loadLocale'),
  262. 'lock' => array('Topic.php', 'LockTopic'),
  263. 'lockvoting' => array('Poll.php', 'LockVoting'),
  264. 'login' => array('LogInOut.php', 'Login'),
  265. 'login2' => array('LogInOut.php', 'Login2'),
  266. 'logout' => array('LogInOut.php', 'Logout'),
  267. 'markasread' => array('Subs-Boards.php', 'MarkRead'),
  268. 'mergetopics' => array('SplitTopics.php', 'MergeTopics'),
  269. 'mlist' => array('Memberlist.php', 'Memberlist'),
  270. 'moderate' => array('ModerationCenter.php', 'ModerationMain'),
  271. 'modifycat' => array('ManageBoards.php', 'ModifyCat'),
  272. 'modifykarma' => array('Karma.php', 'ModifyKarma'),
  273. 'movetopic' => array('MoveTopic.php', 'MoveTopic'),
  274. 'movetopic2' => array('MoveTopic.php', 'MoveTopic2'),
  275. 'notify' => array('Notify.php', 'Notify'),
  276. 'notifyboard' => array('Notify.php', 'BoardNotify'),
  277. 'openidreturn' => array('Subs-OpenID.php', 'smf_openID_return'),
  278. 'pm' => array('PersonalMessage.php', 'MessageMain'),
  279. 'post' => array('Post.php', 'Post'),
  280. 'post2' => array('Post.php', 'Post2'),
  281. 'printpage' => array('Printpage.php', 'PrintTopic'),
  282. 'profile' => array('Profile.php', 'ModifyProfile'),
  283. 'quotefast' => array('Post.php', 'QuoteFast'),
  284. 'quickmod' => array('MessageIndex.php', 'QuickModeration'),
  285. 'quickmod2' => array('Display.php', 'QuickInTopicModeration'),
  286. 'recent' => array('Recent.php', 'RecentPosts'),
  287. 'register' => array('Register.php', 'Register'),
  288. 'register2' => array('Register.php', 'Register2'),
  289. 'reminder' => array('Reminder.php', 'RemindMe'),
  290. 'removepoll' => array('Poll.php', 'RemovePoll'),
  291. 'removetopic2' => array('RemoveTopic.php', 'RemoveTopic2'),
  292. 'reporttm' => array('SendTopic.php', 'ReportToModerator'),
  293. 'requestmembers' => array('Subs-Auth.php', 'RequestMembers'),
  294. 'restoretopic' => array('RemoveTopic.php', 'RestoreTopic'),
  295. 'search' => array('Search.php', 'PlushSearch1'),
  296. 'search2' => array('Search.php', 'PlushSearch2'),
  297. 'sendactivation' => array('Register.php', 'SendActivation'),
  298. 'smstats' => array('Stats.php', 'SMStats'),
  299. 'suggest' => array('Subs-Editor.php', 'AutoSuggestHandler'),
  300. 'spellcheck' => array('Subs-Post.php', 'SpellCheck'),
  301. 'splittopics' => array('SplitTopics.php', 'SplitTopics'),
  302. 'stats' => array('Stats.php', 'DisplayStats'),
  303. 'sticky' => array('Topic.php', 'Sticky'),
  304. 'theme' => array('Themes.php', 'ThemesMain'),
  305. 'trackip' => array('Profile-View.php', 'trackIP'),
  306. 'about:unknown' => array('Likes.php', 'BookOfUnknown'),
  307. 'unread' => array('Recent.php', 'UnreadTopics'),
  308. 'unreadreplies' => array('Recent.php', 'UnreadTopics'),
  309. 'unwatchtopic' => array('Notify.php', 'TopicUnwatch'),
  310. 'verificationcode' => array('Register.php', 'VerificationCode'),
  311. 'viewprofile' => array('Profile.php', 'ModifyProfile'),
  312. 'vote' => array('Poll.php', 'Vote'),
  313. 'viewquery' => array('ViewQuery.php', 'ViewQuery'),
  314. 'viewsmfile' => array('Admin.php', 'DisplayAdminFile'),
  315. 'who' => array('Who.php', 'Who'),
  316. '.xml' => array('News.php', 'ShowXmlFeed'),
  317. 'xmlhttp' => array('Xml.php', 'XMLhttpMain'),
  318. );
  319. // Allow modifying $actionArray easily.
  320. call_integration_hook('integrate_actions', array(&$actionArray));
  321. // Get the function and file to include - if it's not there, do the board index.
  322. if (!isset($_REQUEST['action']) || !isset($actionArray[$_REQUEST['action']]))
  323. {
  324. // Catch the action with the theme?
  325. if (!empty($settings['catch_action']))
  326. {
  327. require_once($sourcedir . '/Themes.php');
  328. return 'WrapAction';
  329. }
  330. $fallbackActions = call_integration_hook('integrate_fallback_action');
  331. foreach ($fallbackActions as $fallbackAction)
  332. {
  333. $call = strpos($defaultAction, '::') !== false ? explode('::', $fallbackAction) : $fallbackAction;
  334. if (!empty($call) && is_callable($call))
  335. return $call;
  336. }
  337. // Fall through to the board index then...
  338. require_once($sourcedir . '/BoardIndex.php');
  339. return 'BoardIndex';
  340. }
  341. // Otherwise, it was set - so let's go to that action.
  342. require_once($sourcedir . '/' . $actionArray[$_REQUEST['action']][0]);
  343. return $actionArray[$_REQUEST['action']][1];
  344. }
  345. ?>