phpBB/style.php

   1 <?php
   2 /**
   3 *
   4 * @package phpBB3
   5 * @version $Id$
   6 * @copyright (c) 2005 phpBB Group
   7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
   8 *
   9 */
  10
  11 /**
  12 * @ignore
  13 */
  14 define('IN_PHPBB', true);
  15 $phpbb_root_path = './';
  16 $phpEx = substr(strrchr(__FILE__, '.'), 1);
  17 require($phpbb_root_path . 'config.' . $phpEx);
  18
  19 if (version_compare(PHP_VERSION, '6.0.0-dev', '<'))
  20 {
  21         set_magic_quotes_runtime(0);
  22 }
  23
  24 // Load Extensions
  25 if (!empty($load_extensions))
  26 {
  27         $load_extensions = explode(',', $load_extensions);
  28
  29         foreach ($load_extensions as $extension)
  30         {
  31                 @dl(trim($extension));
  32         }
  33 }
  34
  35
  36 $sid = (isset($_GET['sid'])) ? htmlspecialchars($_GET['sid']) : '';
  37 $id = (isset($_GET['id'])) ? intval($_GET['id']) : 0;
  38
  39 if (strspn($sid, 'abcdefABCDEF0123456789') !== strlen($sid))
  40 {
  41         $sid = '';
  42 }
  43
  44 // This is a simple script to grab and output the requested CSS data stored in the DB
  45 // We include a session_id check to try and limit 3rd party linking ... unless they
  46 // happen to have a current session it will output nothing. We will also cache the
  47 // resulting CSS data for five minutes ... anything to reduce the load on the SQL
  48 // server a little
  49 if ($id && $sid)
  50 {
  51         if (empty($acm_type) || empty($dbms))
  52         {
  53                 die('Hacking attempt');
  54         }
  55
  56         // Include files
  57         require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.' . $phpEx);
  58         require($phpbb_root_path . 'includes/cache.' . $phpEx);
  59         require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
  60         require($phpbb_root_path . 'includes/constants.' . $phpEx);
  61
  62         $db = new $sql_db();
  63         $cache = new cache();
  64
  65         // Connect to DB
  66         if (!@$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, false))
  67         {
  68                 exit;
  69         }
  70         unset($dbpasswd);
  71
  72         $config = $cache->obtain_config();
  73
  74         $sql = 'SELECT s.session_id, u.user_lang
  75                 FROM ' . SESSIONS_TABLE . ' s, ' . USERS_TABLE . " u
  76                 WHERE s.session_id = '" . $db->sql_escape($sid) . "'
  77                         AND s.session_user_id = u.user_id";
  78         $result = $db->sql_query($sql);
  79         $user = $db->sql_fetchrow($result);
  80         $db->sql_freeresult($result);
  81
  82         if ($user)
  83         {
  84                 $sql = 'SELECT s.style_id, c.theme_data, c.theme_path, c.theme_name, c.theme_mtime, i.*, t.template_path
  85                         FROM ' . STYLES_TABLE . ' s, ' . STYLES_TEMPLATE_TABLE . ' t, ' . STYLES_THEME_TABLE . ' c, ' . STYLES_IMAGESET_TABLE . ' i
  86                         WHERE s.style_id = ' . $id . '
  87                                 AND t.template_id = s.template_id
  88                                 AND c.theme_id = s.theme_id
  89                                 AND i.imageset_id = s.imageset_id';
  90                 $result = $db->sql_query($sql, 300);
  91                 $theme = $db->sql_fetchrow($result);
  92                 $db->sql_freeresult($result);
  93
  94                 $sql = 'SELECT *
  95                         FROM ' . STYLES_IMAGESET_DATA_TABLE . '
  96                         WHERE imageset_id = ' . $theme['imageset_id'] . "
  97                         AND image_lang IN('" . $db->sql_escape($user['user_lang']) . "', '')";
  98                 $result = $db->sql_query($sql, 3600);
  99
 100                 $img_array = array();
 101
 102                 while ($row = $db->sql_fetchrow($result))
 103                 {
 104                         $img_array[$row['image_name']] = $row;
 105                 }
 106
 107                 if (!$theme)
 108                 {
 109                         exit;
 110                 }
 111
 112                 // Re-cache stylesheet data if necessary
 113                 if ($config['load_tplcompile'] && $theme['theme_mtime'] < @filemtime("{$phpbb_root_path}styles/" . $theme['theme_path'] . '/theme/stylesheet.css'))
 114                 {
 115                         include_once($phpbb_root_path . 'includes/acp/acp_styles.' . $phpEx);
 116
 117                         $theme['theme_data'] = acp_styles::db_theme_data($theme);
 118                         $theme['theme_mtime'] = @filemtime("{$phpbb_root_path}styles/" . $theme['theme_path'] . '/theme/stylesheet.css');
 119
 120                         // Save CSS contents
 121                         $sql_ary = array(
 122                                 'theme_mtime'   => $theme['theme_mtime'],
 123                                 'theme_data'    => $theme['theme_data']
 124                         );
 125
 126                         $sql = 'UPDATE ' . STYLES_THEME_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . "
 127                                 WHERE theme_id = $id";
 128                         $db->sql_query($sql);
 129
 130                         $cache->destroy('sql', STYLES_THEME_TABLE);
 131
 132                         header('Expires: 0');
 133                 }
 134                 else
 135                 {
 136                         header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', time() + 3600));
 137                 }
 138
 139                 header('Content-type: text/css');
 140
 141                 // Parse Theme Data
 142                 $replace = array(
 143                         '{T_THEME_PATH}'                        => "{$phpbb_root_path}styles/" . $theme['theme_path'] . '/theme',
 144                         '{T_TEMPLATE_PATH}'                     => "{$phpbb_root_path}styles/" . $theme['template_path'] . '/template',
 145                         '{T_IMAGESET_PATH}'                     => "{$phpbb_root_path}styles/" . $theme['imageset_path'] . '/imageset',
 146                         '{T_IMAGESET_LANG_PATH}'        => "{$phpbb_root_path}styles/" . $theme['imageset_path'] . '/imageset/' . $user['user_lang'],
 147                         '{T_STYLESHEET_NAME}'           => $theme['theme_name'],
 148                         '{S_USER_LANG}'                         => $user['user_lang']
 149                 );
 150
 151                 $theme['theme_data'] = str_replace(array_keys($replace), array_values($replace), $theme['theme_data']);
 152
 153                 $matches = array();
 154                 preg_match_all('#\{IMG_([A-Za-z0-9_]*?)_(WIDTH|HEIGHT|SRC)\}#', $theme['theme_data'], $matches);
 155
 156                 $imgs = $find = $replace = array();
 157                 if (isset($matches[0]) && sizeof($matches[0]))
 158                 {
 159                         foreach ($matches[1] as $i => $img)
 160                         {
 161                                 $img = strtolower($img);
 162                                 if (!isset($img_array[$img]))
 163                                 {
 164                                         continue;
 165                                 }
 166
 167                                 if (!isset($imgs[$img]))
 168                                 {
 169                                         $img_data = &$img_array[$img];
 170                                         $imgsrc = ($img_data['image_lang'] ? $img_data['image_lang'] . '/' : '') . $img_data['image_filename'];
 171                                         $imgs[$img] = array(
 172                                                 'src'           => $phpbb_root_path . 'styles/' . $theme['imageset_path'] . '/imageset/' . $imgsrc,
 173                                                 'width'         => $img_data['image_width'],
 174                                                 'height'        => $img_data['image_height'],
 175                                         );
 176                                 }
 177
 178                                 switch ($matches[2][$i])
 179                                 {
 180                                         case 'SRC':
 181                                                 $replace[] = $imgs[$img]['src'];
 182                                         break;
 183
 184                                         case 'WIDTH':
 185                                                 $replace[] = $imgs[$img]['width'];
 186                                         break;
 187
 188                                         case 'HEIGHT':
 189                                                 $replace[] = $imgs[$img]['height'];
 190                                         break;
 191
 192                                         default:
 193                                                 continue;
 194                                 }
 195                                 $find[] = $matches[0][$i];
 196                         }
 197
 198                         if (sizeof($find))
 199                         {
 200                                 $theme['theme_data'] = str_replace($find, $replace, $theme['theme_data']);
 201                         }
 202                 }
 203
 204                 echo $theme['theme_data'];
 205         }
 206
 207         if (!empty($cache))
 208         {
 209                 $cache->unload();
 210         }
 211         $db->sql_close();
 212 }
 213
 214 ?>