XMB PHP Cross Reference Discussion Forums

Source: /header.php - 790 lines - 26373 bytes - Summary - Text - Print

Description: eXtreme Message Board XMB 1.9.11

   1  <?php
   2  /**
   3   * eXtreme Message Board
   4   * XMB 1.9.11
   5   *
   6   * Developed And Maintained By The XMB Group
   7   * Copyright (c) 2001-2012, The XMB Group
   8   * http://www.xmbforum2.com/
   9   *
  10   * This program is free software; you can redistribute it and/or
  11   * modify it under the terms of the GNU General Public License
  12   * as published by the Free Software Foundation; either version 2
  13   * of the License, or (at your option) any later version.
  14   *
  15   * This program is distributed in the hope that it will be useful,
  16   * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18   * GNU General Public License for more details.
  19   *
  20   * You should have received a copy of the GNU General Public License
  21   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22   *
  23   **/
  24  
  25  
  26  /* Front Matter */
  27  
  28  if (!defined('X_SCRIPT')) {
  29      header('HTTP/1.0 403 Forbidden');
  30      exit("Not allowed to run this file directly.");
  31  }
  32  if (!defined('ROOT')) define('ROOT', './');
  33  error_reporting(-1); // Report all errors until config.php loads successfully.
  34  define('IN_CODE', TRUE);
  35  require  ROOT.'include/global.inc.php';
  36  
  37  
  38  /* Global Constants and Initialized Values */
  39  
  40  $versioncompany = 'The XMB Group';
  41  $versionshort = '1.9.11';
  42  $versiongeneral = 'XMB 1.9.11';
  43  $copyright = '2001-2012';
  44  $alpha = '';
  45  $beta = '';
  46  $gamma = '';
  47  $service_pack = '';
  48  $versionbuild = 20120202;
  49  $mtime = explode(" ", microtime());
  50  $starttime = $mtime[1] + $mtime[0];
  51  $onlinetime = time();
  52  $time = $onlinetime;
  53  $selHTML = 'selected="selected"';
  54  $cheHTML = 'checked="checked"';
  55  $server = substr($_SERVER['SERVER_SOFTWARE'], 0, 3);
  56  $url = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';
  57  $onlineip = $_SERVER['REMOTE_ADDR'];
  58  
  59  $canonical_link = '';
  60  $cookiepath = '';
  61  $cookiedomain = '';
  62  $bbcodescript = '';
  63  $database = '';
  64  $threadSubject = '';
  65  $filesize = 0;
  66  $filename = '';
  67  $filetype = '';
  68  $full_url = '';
  69  $navigation = '';
  70  $newu2umsg = '';
  71  $othertid = '';
  72  $pluglink = '';
  73  $quickjump = '';
  74  $searchlink = '';
  75  $smiliesnum = 0;
  76  $status = '';
  77  $wordsnum = 0;
  78  $xmbuser = '';
  79  $xmbpw = '';
  80  
  81  $SETTINGS = array();
  82  $THEME = array();
  83  $censorcache = array();
  84  $footerstuff = array();
  85  $links = '';
  86  $lang = array();
  87  $mailer = array();
  88  $plugadmin = array();
  89  $plugimg = array();
  90  $plugname = array();
  91  $plugurl = array();
  92  $smiliecache = array();
  93  $tables = array(
  94  'attachments',
  95  'banned',
  96  'buddys',
  97  'captchaimages',
  98  'favorites',
  99  'forums',
 100  'lang_base',
 101  'lang_keys',
 102  'lang_text',
 103  'logs',
 104  'members',
 105  'posts',
 106  'ranks',
 107  'restricted',
 108  'settings',
 109  'smilies',
 110  'templates',
 111  'themes',
 112  'threads',
 113  'u2u',
 114  'whosonline',
 115  'words',
 116  'vote_desc',
 117  'vote_results',
 118  'vote_voters'
 119  );
 120  
 121  define('X_CACHE_GET', 1);
 122  define('X_CACHE_PUT', 2);
 123  define('X_NONCE_AYS_EXP', 300); // Yes/no prompt expiration, in seconds.
 124  define('X_NONCE_FORM_EXP', 3600); // Form expiration, in seconds.
 125  define('X_NONCE_MAX_AGE', 86400); // CAPTCHA expiration, in seconds.
 126  define('X_NONCE_KEY_LEN', 12); // Size of captchaimages.imagestring.
 127  define('X_ONLINE_TIMER', 600); // Visitors are offline after this many seconds.
 128  define('X_REDIRECT_HEADER', 1);
 129  define('X_REDIRECT_JS', 2);
 130  define('X_SET_HEADER', 1);
 131  define('X_SET_JS', 2);
 132  define('X_SHORTEN_SOFT', 1);
 133  define('X_SHORTEN_HARD', 2);
 134  // permissions constants
 135  define('X_PERMS_COUNT', 4); //Number of raw bit sets stored in postperm setting.
 136  // indexes used in permissions arrays
 137  define('X_PERMS_RAWPOLL', 0);
 138  define('X_PERMS_RAWTHREAD', 1);
 139  define('X_PERMS_RAWREPLY', 2);
 140  define('X_PERMS_RAWVIEW', 3);
 141  define('X_PERMS_POLL', 40);
 142  define('X_PERMS_THREAD', 41);
 143  define('X_PERMS_REPLY', 42);
 144  define('X_PERMS_VIEW', 43); //View is now = Rawview || Userlist
 145  define('X_PERMS_USERLIST', 44);
 146  define('X_PERMS_PASSWORD', 45);
 147  // status string to bit field assignments
 148  $status_enum = array(
 149  'Super Administrator' => 1,
 150  'Administrator'       => 2,
 151  'Super Moderator'     => 4,
 152  'Moderator'           => 8,
 153  'Member'              => 16,
 154  'Guest'               => 32,
 155  ''                    => 32,
 156  'Reserved-Future-Use' => 64,
 157  'Banned'              => (1 << 30)
 158  ); //$status['Banned'] == 2^30
 159  // status bit to $lang key assignments
 160  $status_translate = array(
 161  1         => 'superadmin',
 162  2         => 'textadmin',
 163  4         => 'textsupermod',
 164  8         => 'textmod',
 165  16        => 'textmem',
 166  32        => 'textguest1',
 167  (1 << 30) => 'textbanned'
 168  );
 169  
 170  // discover the most likely browser
 171  // so we can use bbcode specifically made for it
 172  $browser = 'opera'; // default to opera
 173  if (isset($_SERVER['HTTP_USER_AGENT'])) {
 174      if (false !== strpos($_SERVER['HTTP_USER_AGENT'], 'Gecko') && false === strpos($_SERVER['HTTP_USER_AGENT'], 'Safari')) {
 175          $browser = 'mozilla';
 176      }
 177      if (false !== strpos($_SERVER['HTTP_USER_AGENT'], 'Opera')) {
 178          $browser = 'opera';
 179      }
 180      if (false !== strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE')) {
 181          $browser = 'ie';
 182      }
 183  }
 184  define('IS_MOZILLA', ($browser == 'mozilla'));
 185  define('IS_OPERA', ($browser == 'opera'));
 186  define('IS_IE', ($browser == 'ie'));
 187  
 188  assertEmptyOutputStream('header.php or global.inc.php');
 189  
 190  
 191  /* Load the Configuration Created by Install */
 192  
 193  require  ROOT.'config.php';
 194  assertEmptyOutputStream('config.php');
 195  
 196  if (!$show_full_info) {
 197      $versionshort = '';
 198      $versiongeneral = 'XMB';
 199      $alpha = '';
 200      $beta = '';
 201      $gamma = '';
 202      $service_pack = '';
 203      $versionbuild = '[HIDDEN]';
 204  } else {
 205      $versiongeneral .= ' ';
 206  }
 207  $versionlong = 'Powered by '.$versiongeneral.$alpha.$beta.$gamma.$service_pack;
 208  
 209  if (!defined('DEBUG')) define('DEBUG', FALSE);
 210  if (!defined('LOG_MYSQL_ERRORS')) define('LOG_MYSQL_ERRORS', FALSE);
 211  
 212  if (DEBUG) {
 213      require (ROOT.'include/debug.inc.php');
 214      assertEmptyOutputStream('debug.inc.php');
 215  } else {
 216      error_reporting(E_ERROR | E_PARSE | E_COMPILE_ERROR | E_USER_ERROR);
 217  }
 218  
 219  $config_array = array(
 220  'dbname' => 'DB/NAME',
 221  'dbuser' => 'DB/USER',
 222  'dbpw' => 'DB/PW',
 223  'dbhost' => 'DB_HOST',
 224  'database' => 'DB_TYPE',
 225  'tablepre' => 'TABLE/PRE',
 226  'full_url' => 'FULLURL',
 227  'ipcheck' => 'IPCHECK',
 228  'allow_spec_q' => 'SPECQ',
 229  'show_full_info' => 'SHOWFULLINFO',
 230  'comment_output' => 'COMMENTOUTPUT'
 231  );
 232  foreach($config_array as $key => $value) {
 233      if (${$key} === $value) {
 234          header('HTTP/1.0 500 Internal Server Error');
 235          if (file_exists(ROOT.'install/')) {
 236              exit('<h1>Error:</h1><br />The installation files ("./install/") have been found on the server. Please remove them as soon as possible. If you have not yet installed XMB, please do so at this time. Just <a href="./install/index.php">click here</a>.');
 237          }
 238          exit('Configuration Problem: XMB noticed that your config.php has not been fully configured.<br />The $'.$key.' has not been configured correctly.<br /><br />Please configure config.php before continuing.<br />Refresh the browser after uploading the new config.php (when asked if you want to resubmit POST data, click the \'OK\'-button).');
 239      }
 240  }
 241  unset($config_array);
 242  
 243  
 244  /* Validate URL Configuration and Security */
 245  
 246  if (empty($full_url)) {
 247      header('HTTP/1.0 500 Internal Server Error');
 248      exit('<b>ERROR: </b><i>Please fill the $full_url variable in your config.php!</i>');
 249  } else {
 250      $array = parse_url($full_url);
 251  
 252      $cookiesecure = ($array['scheme'] == 'https');
 253  
 254      $cookiedomain = $array['host'];
 255      if (strpos($cookiedomain, '.') === FALSE || preg_match("/^([0-9]{1,3}\.){3}[0-9]{1,3}$/", $cookiedomain)) {
 256          $cookiedomain = '';
 257      } elseif (substr($cookiedomain, 0, 4) === 'www.') {
 258          $cookiedomain = substr($cookiedomain, 3);
 259      }
 260  
 261      if (!isset($array['path'])) {
 262          $array['path'] = '/';
 263      }
 264      $cookiepath = $array['path'];
 265  
 266      if (DEBUG) {
 267          debugURLsettings($cookiesecure, $cookiedomain, $cookiepath);
 268      } elseif (0 == strlen($url)) {
 269          header('HTTP/1.0 500 Internal Server Error');
 270          exit('Error: URL Not Found.  Set DEBUG to TRUE in config.php to see diagnostic details.');
 271      }
 272      unset($array);
 273  }
 274  
 275  // Common XSS Protection: XMB disallows '<' and unencoded ':/' in all URLs.
 276  if (X_SCRIPT != 'search.php') {
 277      $url_check = Array('%3c', '<', ':/');
 278      foreach($url_check as $name) {
 279          if (strpos(strtolower($url), $name) !== FALSE) {
 280              header('HTTP/1.0 403 Forbidden');
 281              exit('403 Forbidden - URL rejected by XMB');
 282          }
 283      }
 284      unset($url_check);
 285  }
 286  
 287  // Check for double-slash problems in REQUEST_URI
 288  if (substr($url, 0, strlen($cookiepath)) != $cookiepath Or substr($url, strlen($cookiepath), 1) == '/') {
 289      $fixed_url = str_replace('//', '/', $url);
 290      if (substr($fixed_url, 0, strlen($cookiepath)) != $cookiepath Or substr($fixed_url, strlen($cookiepath), 1) == '/' Or $fixed_url != preg_replace('/[^\x20-\x7e]/', '', $fixed_url)) {
 291          header('HTTP/1.0 404 Not Found');
 292          exit('XMB detected an invalid URL.  Set DEBUG to TRUE in config.php to see diagnostic details.');
 293      } else {
 294          $fixed_url = $full_url.substr($fixed_url, strlen($cookiepath));
 295          header('HTTP/1.0 301 Moved Permanently');
 296          header("Location: $fixed_url");
 297          exit('XMB detected an invalid URL');
 298      }
 299  }
 300  
 301  //Checks the IP-format, if it's not a IPv4 type, it will be blocked, safe to remove....
 302  if ($ipcheck == 'on') {
 303      if (1 != preg_match('@^(\\d{1,3}\\.){3}\\d{1,3}$@', $onlineip)) {
 304          header('HTTP/1.0 403 Forbidden');
 305          exit("Access to this website is currently not possible as your hostname/IP appears suspicous.");
 306      }
 307  }
 308  
 309  
 310  /* Load Common Files and Establish Database Connection */
 311  
 312  define('X_PREFIX', $tablepre); // Secured table prefix constant
 313  
 314  require ROOT.'db/'.$database.'.php';
 315  assertEmptyOutputStream('db/'.$database.'.php');
 316  
 317  require  ROOT.'include/validate.inc.php';
 318  assertEmptyOutputStream('validate.inc.php');
 319  
 320  require  ROOT.'include/functions.inc.php';
 321  assertEmptyOutputStream('functions.inc.php');
 322  
 323  $db = new dbstuff;
 324  $db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, TRUE);
 325  
 326  // Make all settings global, and put them in the $SETTINGS[] array
 327  // This is the first query, so do not panic unless query logging is enabled.
 328  $squery = $db->query("SELECT * FROM ".X_PREFIX."settings", (DEBUG and LOG_MYSQL_ERRORS));
 329  // Assume XMB is not installed if first query fails.
 330  if (FALSE === $squery) {
 331      header('HTTP/1.0 500 Internal Server Error');
 332      if (file_exists(ROOT.'install/')) {
 333          exit('XMB is not yet installed. Please do so at this time. Just <a href="./install/index.php">click here</a>.');
 334      }
 335      exit('Fatal Error: XMB is not installed. Please upload the /install/ directory to begin.');
 336  }
 337  if ($db->num_rows($squery) == 0) {
 338      header('HTTP/1.0 500 Internal Server Error');
 339      exit('Fatal Error: The XMB settings table is empty.');
 340  }
 341  foreach($db->fetch_array($squery) as $key => $val) {
 342      $$key = $val;
 343      $SETTINGS[$key] = $val;
 344  }
 345  $db->free_result($squery);
 346  
 347  if ($postperpage < 5) {
 348      $postperpage = 30;
 349      $SETTINGS['postperpage'] = 30;
 350  }
 351  
 352  if ($topicperpage < 5) {
 353      $topicperpage = 30;
 354      $SETTINGS['topicperpage'] = 30;
 355  }
 356  
 357  if ($memberperpage < 5) {
 358      $memberperpage = 30;
 359      $SETTINGS['memberperpage'] = 30;
 360  }
 361  
 362  if ($onlinetodaycount < 5) {
 363      $onlinetodaycount = 30;
 364      $SETTINGS['onlinetodaycount'] = 30;
 365  }
 366  
 367  if ($SETTINGS['smcols'] < 1) {
 368      $smcols = 4;
 369      $SETTINGS['smcols'] = 4;
 370  }
 371  
 372  if ($SETTINGS['captcha_code_length'] < 3 or $SETTINGS['captcha_code_length'] >= X_NONCE_KEY_LEN) {
 373      $captcha_code_length = 8;
 374      $SETTINGS['captcha_code_length'] = 8;
 375  }
 376  
 377  // Validate maxattachsize with PHP configuration.
 378  $inimax = phpShorthandValue('upload_max_filesize');
 379  if ($inimax < $SETTINGS['maxattachsize']) {
 380      $maxattachsize = $inimax;
 381      $SETTINGS['maxattachsize'] = $inimax;
 382  }
 383  unset($inimax);
 384  
 385  
 386  /* Set Global HTTP Headers */
 387  
 388  if (X_SCRIPT != 'files.php') {
 389      header("Cache-Control: no-store, no-cache, must-revalidate");  // HTTP/1.1
 390      header("Cache-Control: post-check=0, pre-check=0", false);
 391      header("Pragma: no-cache");
 392  }
 393  
 394  // Fix annoying bug in windows... *sigh*
 395  $action = postedVar('action', '', FALSE, FALSE, FALSE, 'g');
 396  if ($action != 'attachment' && !($action == 'templates' && isset($download)) && !($action == 'themes' && isset($download))) {
 397      header("Content-type: text/html");
 398  }
 399  
 400  ini_set('user_agent', "XMB-eXtreme-Message-Board/1.9; $full_url");
 401  
 402  // Update last visit cookies
 403  $xmblva = getInt('xmblva', 'c'); // Last visit
 404  $xmblvb = getInt('xmblvb', 'c'); // Duration of this visit (considered to be up to 600 seconds)
 405  
 406  if ($xmblvb > 0) {
 407      $thetime = $xmblvb;     // lvb will expire in 600 seconds, so if it's there, we're in a current session
 408  } else if ($xmblva > 0) {
 409      $thetime = $xmblva;     // Not currently logged in, so let's get the time from the last visit
 410  } else {
 411      $thetime = $onlinetime; // no cookie at all, so this is your first visit
 412  }
 413  
 414  put_cookie('xmblva', $onlinetime, ($onlinetime + (86400*365)), $cookiepath, $cookiedomain); // lva == now
 415  put_cookie('xmblvb', $thetime, ($onlinetime + X_ONLINE_TIMER), $cookiepath, $cookiedomain); // lvb =
 416  
 417  $lastvisit = $thetime;
 418  
 419  if (isset($oldtopics)) {
 420      put_cookie('oldtopics', $oldtopics, ($onlinetime + X_ONLINE_TIMER), $cookiepath, $cookiedomain);
 421  }
 422  
 423  
 424  /* Authorize User, Set Up Session, and Load Language Translation */
 425  
 426  $serror = '';
 427  
 428  // Check if the client is ip-banned
 429  if ($SETTINGS['ip_banning'] == 'on') {
 430      $ips = explode(".", $onlineip);
 431      $query = $db->query("SELECT id FROM ".X_PREFIX."banned WHERE ((ip1='$ips[0]' OR ip1='-1') AND (ip2='$ips[1]' OR ip2='-1') AND (ip3='$ips[2]' OR ip3='-1') AND (ip4='$ips[3]' OR ip4='-1')) AND NOT (ip1='-1' AND ip2='-1' AND ip3='-1' AND ip4='-1')");
 432      $result = $db->num_rows($query);
 433      $db->free_result($query);
 434      if ($result > 0) {
 435          // Block all non-admins
 436          $serror = 'ip';
 437      }
 438  }
 439  
 440  // Check if the board is offline
 441  if ($SETTINGS['bbstatus'] == 'off' And $serror == '') {
 442      if (($action == 'login' Or $action == 'lostpw') And X_SCRIPT == 'misc.php') {
 443          // Allow login
 444      } elseif ($SETTINGS['regstatus'] == 'on' And ($action == 'reg' Or $action == 'coppa' Or $action == 'captchaimage') And (X_SCRIPT == 'misc.php' Or X_SCRIPT == 'member.php')) {
 445          // Allow registration
 446      } else {
 447          // Block all non-admins
 448          $serror = 'bstatus';
 449      }
 450  }
 451  
 452  // Check if the board is set to 'reg-only'
 453  if ($SETTINGS['regviewonly'] == 'on' And $serror == '') {
 454      if (($action == 'login' Or $action == 'lostpw') And X_SCRIPT == 'misc.php') {
 455          // Allow login
 456      } elseif ($SETTINGS['regstatus'] == 'on' And ($action == 'reg' Or $action == 'coppa' Or $action == 'captchaimage') And (X_SCRIPT == 'misc.php' Or X_SCRIPT == 'member.php')) {
 457          // Allow registration
 458      } else {
 459          // Block all guests
 460          $serror = 'guest';
 461      }
 462  }
 463  
 464  $uinput = postedVar('xmbuser', '', FALSE, TRUE, FALSE, 'c');
 465  $pinput = postedVar('xmbpw', '', FALSE, FALSE, FALSE, 'c');
 466  if (!elevateUser($uinput, $pinput, FALSE, $serror)) {
 467      // Delete cookies when authentication fails.
 468      if ($uinput != '') {
 469          put_cookie("xmbuser", '', 0, $cookiepath, $cookiedomain);
 470          put_cookie("xmbpw", '', 0, $cookiepath, $cookiedomain);
 471      }
 472  }
 473  unset($uinput, $pinput);
 474  if (X_SCRIPT == 'upgrade.php') return;
 475  
 476  
 477  /* Set Up HTML Templates and Themes */
 478  
 479  // Create a base element so that links aren't broken if scripts are accessed using unexpected paths.
 480  // XMB expects all links to be relative to $full_url + script name + query string.
 481  $querystring = strstr($url, '?');
 482  if ($querystring === FALSE) {
 483      $querystring = '';
 484  }
 485  $querystring = preg_replace('/[^\x20-\x7e]/', '', $querystring);
 486  if ($url == $cookiepath) {
 487      $baseelement = '<base href="'.$full_url.'" />';
 488  } else {
 489      $baseelement = '<base href="'.$full_url.X_SCRIPT.attrOut($querystring).'" />';
 490  }
 491  
 492  // login/logout links
 493  if (X_MEMBER) {
 494      if (X_ADMIN) {
 495          $cplink = ' - <a href="cp.php">'.$lang['textcp'].'</a>';
 496      } else {
 497          $cplink = '';
 498      }
 499      $loginout = '<a href="misc.php?action=logout">'.$lang['textlogout'].'</a>';
 500      $memcp = '<a href="memcp.php">'.$lang['textusercp'].'</a>';
 501      $u2ulink = "<a href=\"u2u.php\" onclick=\"Popup(this.href, 'Window', 700, 450); return false;\">{$lang['banu2u']}</a> - ";
 502      $notify = $lang['loggedin'].' <a href="member.php?action=viewpro&amp;member='.recodeOut($xmbuser).'">'.$xmbuser.'</a><br />['.$loginout.' - '.$u2ulink.''.$memcp.''.$cplink.']';
 503  
 504      // Update lastvisit in the header shown
 505      $theTime = $xmblva + ($self['timeoffset'] * 3600) + ($SETTINGS['addtime'] * 3600);
 506      $lastdate = gmdate($dateformat, $theTime);
 507      $lasttime = gmdate($timecode, $theTime);
 508      $lastvisittext = $lang['lastactive'].' '.$lastdate.' '.$lang['textat'].' '.$lasttime;
 509  } else {
 510      // Checks for the possibility to register
 511      if ($SETTINGS['regstatus'] == 'on') {
 512          $reglink = '- <a href="member.php?action=coppa">'.$lang['textregister'].'</a>';
 513      } else {
 514          $reglink = '';
 515      }
 516      $loginout = '<a href="misc.php?action=login">'.$lang['textlogin'].'</a>';
 517      $notify = $lang['notloggedin'].' ['.$loginout.' '.$reglink.']';
 518      $lastvisittext = '';
 519  }
 520  
 521  // Get themes, [fid, [tid]]
 522  $forumtheme = 0;
 523  $fid = getInt('fid', 'r');
 524  $tid = getInt('tid', 'r');
 525  if ($tid > 0 && $action != 'templates') {
 526      $query = $db->query("SELECT f.fid, f.theme FROM ".X_PREFIX."forums f RIGHT JOIN ".X_PREFIX."threads t USING (fid) WHERE t.tid=$tid");
 527      $locate = $db->fetch_array($query);
 528      $db->free_result($query);
 529      $fid = $locate['fid'];
 530      $forumtheme = $locate['theme'];
 531  } else if ($fid > 0) {
 532      $forum = getForum($fid);
 533      if (($forum['type'] != 'forum' && $forum['type'] != 'sub') || $forum['status'] != 'on') {
 534          $forumtheme = 0;
 535      } else {
 536          $forumtheme = $forum['theme'];
 537      }
 538  }
 539  
 540  // Check what theme to use
 541  $validtheme = FALSE;
 542  if (!$validtheme And (int) $themeuser > 0) {
 543      $theme = (int) $themeuser;
 544      $query = $db->query("SELECT * FROM ".X_PREFIX."themes WHERE themeid=$theme");
 545      if (!$validtheme = ($db->num_rows($query) > 0)) {
 546          $themeuser = 0;
 547          $db->query("UPDATE ".X_PREFIX."members SET theme=0 WHERE uid={$self['uid']}");
 548      }
 549  }
 550  if (!$validtheme And (int) $forumtheme > 0) {
 551      $theme = (int) $forumtheme;
 552      $query = $db->query("SELECT * FROM ".X_PREFIX."themes WHERE themeid=$theme");
 553      if (!$validtheme = ($db->num_rows($query) > 0)) {
 554          $themeuser = 0;
 555          $db->query("UPDATE ".X_PREFIX."forums SET theme=0 WHERE fid=$fid");
 556      }
 557  }
 558  if (!$validtheme) {
 559      $theme = (int) $SETTINGS['theme'];
 560      $query = $db->query("SELECT * FROM ".X_PREFIX."themes WHERE themeid=$theme");
 561      $validtheme = ($db->num_rows($query) > 0);
 562  }
 563  if (!$validtheme) {
 564      $query = $db->query("SELECT * FROM ".X_PREFIX."themes LIMIT 1");
 565      if ($validtheme = ($db->num_rows($query) > 0)) {
 566          $row = $db->fetch_array($query);
 567          $SETTINGS['theme'] = $row['themeid'];
 568          $db->query("UPDATE ".X_PREFIX."settings SET theme={$SETTINGS['theme']}");
 569          $db->data_seek($query, 0);
 570      }
 571  }
 572  if (!$validtheme) {
 573      header('HTTP/1.0 500 Internal Server Error');
 574      exit('Fatal Error: The XMB themes table is empty.');
 575  }
 576  
 577  // Make theme-vars semi-global
 578  foreach($db->fetch_array($query) as $key=>$val) {
 579      if ($key != "name") {
 580          $$key = $val;
 581      }
 582      $THEME[$key] = $val;
 583  }
 584  $db->free_result($query);
 585  
 586  // additional CSS to load?
 587  if (file_exists(ROOT.$imgdir.'/theme.css')) {
 588      $cssInclude = '<style type="text/css">'."\n"."@import url('".$imgdir."/theme.css');"."\n".'</style>';
 589  } else {
 590      $cssInclude = '';
 591  }
 592  
 593  // Alters certain visibility-variables
 594  if (false === strpos($bgcolor, '.')) {
 595      $bgcode = "background-color: $bgcolor;";
 596  } else {
 597      $bgcode = "background-image: url('$imgdir/$bgcolor');";
 598  }
 599  
 600  if (false === strpos($catcolor, '.')) {
 601      $catbgcode = "bgcolor=\"$catcolor\"";
 602      $catcss = 'background-color: '.$catcolor.';';
 603  } else {
 604      $catbgcode = "style=\"background-image: url($imgdir/$catcolor)\"";
 605      $catcss = 'background-image: url('.$imgdir.'/'.$catcolor.');';
 606  }
 607  
 608  if (false === strpos($top, '.')) {
 609      $topbgcode = "bgcolor=\"$top\"";
 610  } else {
 611      $topbgcode = "style=\"background-image: url($imgdir/$top)\"";
 612  }
 613  
 614  if (false !== strpos($boardimg, ',')) {
 615      $flashlogo = explode(",",$boardimg);
 616      //check if it's an URL or just a filename
 617      $l = array();
 618      $l = parse_url($flashlogo[0]);
 619      if (!isset($l['scheme']) || !isset($l['host'])) {
 620          $flashlogo[0] = $imgdir.'/'.$flashlogo[0];
 621      }
 622      $logo = '<object type="application/x-shockwave-flash" data="'.$flashlogo[0].'" width="'.$flashlogo[1].'" height="'.$flashlogo[2].'"><param name="movie" value="'.$flashlogo[0].'" /><param name="AllowScriptAccess" value="never" /></object>';
 623  } else {
 624      $l = array();
 625      $l = parse_url($boardimg);
 626      if (!isset($l['scheme']) || !isset($l['host'])) {
 627          $boardimg = $imgdir.'/'.$boardimg;
 628      }
 629      $logo = '<a href="./"><img src="'.$boardimg.'" alt="'.$bbname.'" border="0" /></a>';
 630  }
 631  
 632  // Font stuff...
 633  $fontedit = preg_replace('#(\D)#', '', $fontsize);
 634  $fontsuf = preg_replace('#(\d)#', '', $fontsize);
 635  $font1 = $fontedit-1 . $fontsuf;
 636  $font3 = $fontedit+2 . $fontsuf;
 637  
 638  // Set Extra Theme Keys
 639  $THEME['bgcode'] = $bgcode;
 640  $THEME['font1'] = $font1;
 641  $THEME['font3'] = $font3;
 642  
 643  
 644  /* Theme Ready.  Make pretty errors. */
 645  
 646  switch ($serror) {
 647  case 'ip':
 648      if (!X_ADMIN) {
 649          header('HTTP/1.0 403 Forbidden');
 650          error($lang['bannedmessage']);
 651      }
 652      break;
 653  case 'bstatus':
 654      if (!X_ADMIN) {
 655          header('HTTP/1.0 503 Service Unavailable');
 656          header('Retry-After: 3600');
 657          if ($bboffreason != '') {
 658              message(nl2br($bboffreason));
 659          } else {
 660              message($lang['textbstatusdefault']);
 661          }
 662      }
 663      break;
 664  case 'guest':
 665      if (X_GUEST) {
 666          if ($SETTINGS['regstatus'] == 'on') {
 667              $message = $lang['reggedonly'].' '.$reglink.' '.$lang['textor'].' <a href="misc.php?action=login">'.$lang['textlogin'].'</a>';
 668          } else {
 669              $message = $lang['reggedonly'].' <a href="misc.php?action=login">'.$lang['textlogin'].'</a>';
 670          }
 671          message($message);
 672      }
 673      break;
 674  }
 675  
 676  
 677  /* Finish HTML Templates */
 678  
 679  if ((X_ADMIN Or $SETTINGS['bbstatus'] == 'on') And (X_MEMBER Or $SETTINGS['regviewonly'] == 'off')) {
 680  
 681      $links = array();
 682  
 683      // Search-link
 684      $searchlink = makeSearchLink();
 685  
 686      // Faq-link
 687      if ($SETTINGS['faqstatus'] == 'on') {
 688          $links[] = '<img src="'.$imgdir.'/top_faq.gif" alt="'.$lang['altfaq'].'" border="0" /> <a href="faq.php"><font class="navtd">'.$lang['textfaq'].'</font></a>';
 689      }
 690  
 691      // Memberlist-link
 692      if ($SETTINGS['memliststatus'] == 'on') {
 693          $links[] = '<img src="'.$imgdir.'/top_memberslist.gif" alt="'.$lang['altmemberlist'].'" border="0" /> <a href="misc.php?action=list"><font class="navtd">'.$lang['textmemberlist'].'</font></a>';
 694      }
 695  
 696      // Today's posts-link
 697      if ($SETTINGS['todaysposts'] == 'on') {
 698          $links[] = '<img src="'.$imgdir.'/top_todaysposts.gif" alt="'.$lang['alttodayposts'].'" border="0" /> <a href="today.php"><font class="navtd">'.$lang['navtodaysposts'].'</font></a>';
 699      }
 700  
 701      // Stats-link
 702      if ($SETTINGS['stats'] == 'on') {
 703          $links[] = '<img src="'.$imgdir.'/top_stats.gif" alt="'.$lang['altstats'].'" border="0" /> <a href="stats.php"><font class="navtd">'.$lang['navstats'].'</font></a>';
 704      }
 705  
 706      // 'Forum Rules'-link
 707      if ($SETTINGS['bbrules'] == 'on') {
 708          $links[] = '<img src="'.$imgdir.'/top_bbrules.gif" alt="'.$lang['altrules'].'" border="0" /> <a href="faq.php?page=forumrules"><font class="navtd">'.$lang['textbbrules'].'</font></a>';
 709      }
 710  
 711      $links = implode(' &nbsp; ', $links);
 712  
 713      // Show all plugins
 714      $pluglinks = array();
 715      foreach($plugname as $plugnum => $item) {
 716          if (!empty($plugurl[$plugnum]) && !empty($plugname[$plugnum])) {
 717              if (trim($plugimg[$plugnum]) != '') {
 718                  $img = '&nbsp;<img src="'.$plugimg[$plugnum].'" border="0" alt="'.$plugname[$plugnum].'" />&nbsp;';
 719              } else {
 720                  $img = '';
 721              }
 722  
 723              if ($plugadmin[$plugnum] != true || X_ADMIN) {
 724                  $pluglinks[] = $img.'<a href="'.$plugurl[$plugnum].'"><font class="navtd">'.$plugname[$plugnum].'</font></a>&nbsp;';
 725              }
 726          }
 727      }
 728  
 729      if (count($pluglinks) == 0) {
 730          $pluglink = '';
 731      } else {
 732          $pluglink = implode('&nbsp;', $pluglinks);
 733      }
 734  
 735      // create forum jump
 736      if ($SETTINGS['quickjump_status'] == 'on') {
 737          $quickjump = forumJump();
 738      }
 739  
 740      // check for new u2u's
 741      if (X_MEMBER) {
 742          $query = $db->query("SELECT COUNT(*) FROM ".X_PREFIX."u2u WHERE owner='$xmbuser' AND folder='Inbox' AND readstatus='no'");
 743          $newu2unum = $db->result($query, 0);
 744          $db->free_result($query);
 745          if ($newu2unum > 0) {
 746              $newu2umsg = "<a href=\"u2u.php\" onclick=\"Popup(this.href, 'Window', 700, 450); return false;\">{$lang['newu2u1']} $newu2unum {$lang['newu2u2']}</a>";
 747              // Popup Alert
 748              if ($self['u2ualert'] == 2 Or ($self['u2ualert'] == 1 And X_SCRIPT == 'index.php')) {
 749                  $newu2umsg .= '<script language="JavaScript" type="text/javascript">function u2uAlert() { ';
 750                  if ($newu2unum == 1) {
 751                      $newu2umsg .= 'u2uAlertMsg = "'.$lang['newu2u1'].' '.$newu2unum.$lang['u2ualert5'].'"; ';
 752                  } else {
 753                      $newu2umsg .= 'u2uAlertMsg = "'.$lang['newu2u1'].' '.$newu2unum.$lang['u2ualert6'].'"; ';
 754                  }
 755                  $newu2umsg .= "if (confirm(u2uAlertMsg)) { Popup('u2u.php', 'testWindow', 700, 450); } } setTimeout('u2uAlert();', 10);</script>";
 756              }
 757          }
 758      }
 759  }
 760  
 761  
 762  /* Perform HTTP Connection Maintenance */
 763  
 764  assertEmptyOutputStream('header.php');
 765  
 766  // Gzip-compression
 767  if ($SETTINGS['gzipcompress'] == 'on'
 768   && $action != 'captchaimage'
 769   && X_SCRIPT != 'files.php'
 770   && !DEBUG) {
 771      if (($res = @ini_get('zlib.output_compression')) > 0) {
 772          // leave it
 773      } else if ($res === false) {
 774          // ini_get not supported. So let's just leave it
 775      } else {
 776          if (function_exists('gzopen')) {
 777              $r = @ini_set('zlib.output_compression', 4096);
 778              $r2 = @ini_set('zlib.output_compression_level', '3');
 779              if (FALSE === $r || FALSE === $r2) {
 780                  ob_start('ob_gzhandler');
 781              }
 782          } else {
 783              ob_start('ob_gzhandler');
 784          }
 785      }
 786  }
 787  
 788  assertEmptyOutputStream('header.php');
 789  return;
 790  ?>

title

Description

title

Description

title

Description

title

title

Body