phpBB/common.php

   1 <?php
   2 /**
   3 *
   4 * @package phpBB3
   5 * @version $Id$
   6 * @copyright (c) 2005 phpBB Group
   7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
   8 *
   9 * Minimum Requirement: PHP 5.2.0+
  10 */
  11
  12 /**
  13 */
  14 if (!defined('IN_PHPBB'))
  15 {
  16         exit;
  17 }
  18
  19 $starttime = explode(' ', microtime());
  20 $starttime = $starttime[1] + $starttime[0];
  21
  22 // Report all errors, except notices
  23 error_reporting(E_ALL ^ E_NOTICE);
  24 date_default_timezone_set('UTC');
  25
  26 /*
  27 * Remove variables created by register_globals from the global scope
  28 * Thanks to Matt Kavanagh
  29 */
  30 function deregister_globals()
  31 {
  32         $not_unset = array(
  33                 'GLOBALS'       => true,
  34                 '_GET'          => true,
  35                 '_POST'         => true,
  36                 '_COOKIE'       => true,
  37                 '_REQUEST'      => true,
  38                 '_SERVER'       => true,
  39                 '_SESSION'      => true,
  40                 '_ENV'          => true,
  41                 '_FILES'        => true,
  42                 'phpEx'         => true,
  43                 'phpbb_root_path'       => true
  44         );
  45
  46         // Not only will array_merge and array_keys give a warning if
  47         // a parameter is not an array, array_merge will actually fail.
  48         // So we check if _SESSION has been initialised.
  49         if (!isset($_SESSION) || !is_array($_SESSION))
  50         {
  51                 $_SESSION = array();
  52         }
  53
  54         // Merge all into one extremely huge array; unset this later
  55         $input = array_merge(
  56                 array_keys($_GET),
  57                 array_keys($_POST),
  58                 array_keys($_COOKIE),
  59                 array_keys($_SERVER),
  60                 array_keys($_SESSION),
  61                 array_keys($_ENV),
  62                 array_keys($_FILES)
  63         );
  64
  65         foreach ($input as $varname)
  66         {
  67                 if (isset($not_unset[$varname]))
  68                 {
  69                         // Hacking attempt. No point in continuing unless it's a COOKIE
  70                         if ($varname !== 'GLOBALS' || isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_SERVER['GLOBALS']) || isset($_SESSION['GLOBALS']) || isset($_ENV['GLOBALS']) || isset($_FILES['GLOBALS']))
  71                         {
  72                                 exit;
  73                         }
  74                         else
  75                         {
  76                                 $cookie = &$_COOKIE;
  77                                 while (isset($cookie['GLOBALS']))
  78                                 {
  79                                         foreach ($cookie['GLOBALS'] as $registered_var => $value)
  80                                         {
  81                                                 if (!isset($not_unset[$registered_var]))
  82                                                 {
  83                                                         unset($GLOBALS[$registered_var]);
  84                                                 }
  85                                         }
  86                                         $cookie = &$cookie['GLOBALS'];
  87                                 }
  88                         }
  89                 }
  90
  91                 unset($GLOBALS[$varname]);
  92         }
  93
  94         unset($input);
  95 }
  96
  97 // If we are on PHP >= 6.0.0 we do not need some code
  98 if (version_compare(PHP_VERSION, '6.0.0-dev', '>='))
  99 {
 100         /**
 101         * @ignore
 102         */
 103         define('STRIP', false);
 104 }
 105 else
 106 {
 107         @set_magic_quotes_runtime(0);
 108
 109         // Be paranoid with passed vars
 110         if (@ini_get('register_globals') == '1' || strtolower(@ini_get('register_globals')) == 'on' || !function_exists('ini_get'))
 111         {
 112                 deregister_globals();
 113         }
 114
 115         define('STRIP', (get_magic_quotes_gpc()) ? true : false);
 116 }
 117
 118 if (defined('IN_CRON'))
 119 {
 120         @define('PHPBB_ROOT_PATH', dirname(__FILE__) . DIRECTORY_SEPARATOR);
 121 }
 122
 123 if (!file_exists(PHPBB_ROOT_PATH . 'config.' . PHP_EXT))
 124 {
 125         die('<p>The config.' . PHP_EXT . ' file could not be found.</p><p><a href="' . PHPBB_ROOT_PATH . 'install/index.' . PHP_EXT . '">Click here to install phpBB</a></p>');
 126 }
 127
 128 require(PHPBB_ROOT_PATH . 'config.' . PHP_EXT);
 129
 130 if (!defined('PHPBB_INSTALLED'))
 131 {
 132         // Redirect the user to the installer
 133         // We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information
 134         // available as used by the redirect function
 135         $server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
 136         $server_port = (!empty($_SERVER['SERVER_PORT'])) ? (int) $_SERVER['SERVER_PORT'] : (int) getenv('SERVER_PORT');
 137         $secure = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 1 : 0;
 138
 139         $script_name = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : getenv('PHP_SELF');
 140         if (!$script_name)
 141         {
 142                 $script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
 143         }
 144
 145         // Replace any number of consecutive backslashes and/or slashes with a single slash
 146         // (could happen on some proxy setups and/or Windows servers)
 147         $script_path = trim(dirname($script_name)) . '/install/index.' . PHP_EXT;
 148         $script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path);
 149
 150         $url = (($secure) ? 'https://' : 'http://') . $server_name;
 151
 152         if ($server_port && (($secure && $server_port <> 443) || (!$secure && $server_port <> 80)))
 153         {
 154                 // HTTP HOST can carry a port number...
 155                 if (strpos($server_name, ':') === false)
 156                 {
 157                         $url .= ':' . $server_port;
 158                 }
 159         }
 160
 161         $url .= $script_path;
 162         header('Location: ' . $url);
 163         exit;
 164 }
 165
 166 if (defined('DEBUG_EXTRA'))
 167 {
 168         $base_memory_usage = 0;
 169         if (function_exists('memory_get_usage'))
 170         {
 171                 $base_memory_usage = memory_get_usage();
 172         }
 173 }
 174
 175 // Load Extensions
 176 if (!empty($load_extensions))
 177 {
 178         $load_extensions = explode(',', $load_extensions);
 179
 180         foreach ($load_extensions as $extension)
 181         {
 182                 @dl(trim($extension));
 183         }
 184 }
 185
 186 // Include files
 187 require(PHPBB_ROOT_PATH . 'includes/acm/acm_' . $acm_type . '.' . PHP_EXT);
 188 require(PHPBB_ROOT_PATH . 'includes/cache.' . PHP_EXT);
 189 require(PHPBB_ROOT_PATH . 'includes/template.' . PHP_EXT);
 190 require(PHPBB_ROOT_PATH . 'includes/session.' . PHP_EXT);
 191 require(PHPBB_ROOT_PATH . 'includes/auth.' . PHP_EXT);
 192
 193 require(PHPBB_ROOT_PATH . 'includes/functions.' . PHP_EXT);
 194 require(PHPBB_ROOT_PATH . 'includes/functions_content.' . PHP_EXT);
 195
 196 require(PHPBB_ROOT_PATH . 'includes/constants.' . PHP_EXT);
 197 require(PHPBB_ROOT_PATH . 'includes/db/' . $dbms . '.' . PHP_EXT);
 198 require(PHPBB_ROOT_PATH . 'includes/utf/utf_tools.' . PHP_EXT);
 199
 200 // Set PHP error handler to ours
 201 set_error_handler(defined('PHPBB_MSG_HANDLER') ? PHPBB_MSG_HANDLER : 'msg_handler');
 202
 203 // Instantiate some basic classes
 204 $user           = new user();
 205 $auth           = new auth();
 206 $template       = new template();
 207 $cache          = new acm();
 208 $db                     = new $sql_db();
 209
 210 // Connect to DB
 211 $db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false, defined('PHPBB_DB_NEW_LINK') ? PHPBB_DB_NEW_LINK : false);
 212
 213 // We do not need this any longer, unset for safety purposes
 214 unset($dbpasswd);
 215
 216 // Grab global variables, re-cache if necessary
 217 $config = cache::obtain_config();
 218
 219 // Add own hook handler
 220 require(PHPBB_ROOT_PATH . 'includes/hooks/index.' . PHP_EXT);
 221 $phpbb_hook = new phpbb_hook(array('exit_handler', 'phpbb_user_session_handler', 'append_sid', array('template', 'display')));
 222
 223 foreach (cache::obtain_hooks() as $hook)
 224 {
 225         @include(PHPBB_ROOT_PATH . 'includes/hooks/' . $hook . '.' . PHP_EXT);
 226 }
 227
 228 ?>