<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin 3.8.7 Patch Level 2
|| # ---------------------------------------------------------------- # ||
|| # Copyright ©2000-2011 vBulletin Solutions, Inc. All Rights Reserved. ||
|| # This file may not be redistributed in whole or significant part. # ||
|| # ---------------- VBULLETIN IS NOT FREE SOFTWARE ---------------- # ||
|| # http://www.vbulletin.com | http://www.vbulletin.com/license.html # ||
|| #################################################################### ||
\*======================================================================*/
define('FILE_VERSION', '3.8.7'); // this should match install.php
define('SIMPLE_VERSION', '387'); // see vB_Datastore::check_options()
define('YUI_VERSION', '2.9.0'); // define the YUI version we bundle, used for external YUI
/**#@+
* The maximum sizes for the "small" profile avatars
*/
define('FIXED_SIZE_AVATAR_WIDTH', 60);
define('FIXED_SIZE_AVATAR_HEIGHT', 80);
/**#@-*/
/**#@+
* These make up the bit field to disable specific types of BB codes.
*/
define('ALLOW_BBCODE_BASIC', 1);
define('ALLOW_BBCODE_COLOR', 2);
define('ALLOW_BBCODE_SIZE', 4);
define('ALLOW_BBCODE_FONT', 8);
define('ALLOW_BBCODE_ALIGN', 16);
define('ALLOW_BBCODE_LIST', 32);
define('ALLOW_BBCODE_URL', 64);
define('ALLOW_BBCODE_CODE', 128);
define('ALLOW_BBCODE_PHP', 256);
define('ALLOW_BBCODE_HTML', 512);
define('ALLOW_BBCODE_IMG', 1024);
define('ALLOW_BBCODE_QUOTE', 2048);
define('ALLOW_BBCODE_CUSTOM', 4096);
/**#@-*/
/**#@+
* These make up the bit field to control what "special" BB codes are found in the text.
*/
define('BBCODE_HAS_IMG', 1);
define('BBCODE_HAS_ATTACH', 2);
define('BBCODE_HAS_SIGPIC', 4);
/**#@-*/
/**#@+
* Bitfield values for the inline moderation javascript selector which should be self-explanitory
*/
define('POST_FLAG_INVISIBLE', 1);
define('POST_FLAG_DELETED', 2);
define('POST_FLAG_ATTACH', 4);
define('POST_FLAG_GUEST', 8);
// #############################################################################
// MySQL Database Class
/**#@+
* The type of result set to return from the database for a specific row.
*/
define('DBARRAY_BOTH', 0);
define('DBARRAY_ASSOC', 1);
define('DBARRAY_NUM', 2);
/**#@-*/
/**
* Class to interface with a database
*
* This class also handles data replication between a master and slave(s) servers
*
* @package vBulletin
* @version $Revision: 43870 $
* @date $Date: 2011-05-26 14:52:39 -0700 (Thu, 26 May 2011) $
*/
class vB_Database
{
/**
* Array of function names, mapping a simple name to the RDBMS specific function name
*
* @var array
*/
var $functions = array(
'connect' => 'mysql_connect',
'pconnect' => 'mysql_pconnect',
'select_db' => 'mysql_select_db',
'query' => 'mysql_query',
'query_unbuffered' => 'mysql_unbuffered_query',
'fetch_row' => 'mysql_fetch_row',
'fetch_array' => 'mysql_fetch_array',
'fetch_field' => 'mysql_fetch_field',
'free_result' => 'mysql_free_result',
'data_seek' => 'mysql_data_seek',
'error' => 'mysql_error',
'errno' => 'mysql_errno',
'affected_rows' => 'mysql_affected_rows',
'num_rows' => 'mysql_num_rows',
'num_fields' => 'mysql_num_fields',
'field_name' => 'mysql_field_name',
'insert_id' => 'mysql_insert_id',
'escape_string' => 'mysql_escape_string',
'real_escape_string' => 'mysql_real_escape_string',
'close' => 'mysql_close',
'client_encoding' => 'mysql_client_encoding',
);
/**
* The vBulletin registry object
*
* @var vB_Registry
*/
var $registry = null;
/**
* Array of constants for use in fetch_array
*
* @var array
*/
var $fetchtypes = array(
DBARRAY_NUM => MYSQL_NUM,
DBARRAY_ASSOC => MYSQL_ASSOC,
DBARRAY_BOTH => MYSQL_BOTH
);
/**
* Full name of the system
*
* @var string
*/
var $appname = 'vBulletin';
/**
* Short name of the system
*
* @var string
*/
var $appshortname = 'vBulletin';
/**
* Database name
*
* @var string
*/
var $database = null;
/**
* Link variable. The connection to the master/write server.
*
* @var string
*/
var $connection_master = null;
/**
* Link variable. The connection to the slave/read server(s).
*
* @var string
*/
var $connection_slave = null;
/**
* Link variable. The connection last used.
*
* @var string
*/
var $connection_recent = null;
/**
* Whether or not we will be using different connections for read and write queries
*
* @var boolean
*/
var $multiserver = false;
/**
* Array of queries to be executed when the script shuts down
*
* @var array
*/
var $shutdownqueries = array();
/**
* The contents of the most recent SQL query string.
*
* @var string
*/
var $sql = '';
/**
* Whether or not to show and halt on database errors
*
* @var boolean
*/
var $reporterror = true;
/**
* The text of the most recent database error message
*
* @var string
*/
var $error = '';
/**
* The error number of the most recent database error message
*
* @var integer
*/
var $errno = '';
/**
* SQL Query String
*
* @var integer The maximum size of query string permitted by the master server
*/
var $maxpacket = 0;
/**
* Track lock status of tables. True if a table lock has been issued
*
* @var bool
*/
var $locked = false;
/**
* Number of queries executed
*
* @var integer The number of SQL queries run by the system
*/
var $querycount = 0;
/**
* Constructor. If x_real_escape_string() is available, switches to use that
* function over x_escape_string().
*
* @param vB_Registry Registry object
*/
function vB_Database(&$registry)
{
if (is_object($registry))
{
$this->registry =& $registry;
}
else
{
trigger_error("vB_Database::Registry object is not an object", E_USER_ERROR);
}
}
/**
* Connects to the specified database server(s)
*
* @param string Name of the database that we will be using for select_db()
* @param string Name of the master (write) server - should be either 'localhost' or an IP address
* @param integer Port for the master server
* @param string Username to connect to the master server
* @param string Password associated with the username for the master server
* @param boolean Whether or not to use persistent connections to the master server
* @param string (Optional) Name of the slave (read) server - should be either left blank or set to 'localhost' or an IP address, but NOT the same as the servername for the master server
* @param integer (Optional) Port of the slave server
* @param string (Optional) Username to connect to the slave server
* @param string (Optional) Password associated with the username for the slave server
* @param boolean (Optional) Whether or not to use persistent connections to the slave server
* @param string (Optional) Parse given MySQL config file to set options
* @param string (Optional) Connection Charset MySQLi / PHP 5.1.0+ or 5.0.5+ / MySQL 4.1.13+ or MySQL 5.1.10+ Only
*
* @return none
*/
function connect($database, $w_servername, $w_port, $w_username, $w_password, $w_usepconnect = false, $r_servername = '', $r_port = 3306, $r_username = '', $r_password = '', $r_usepconnect = false, $configfile = '', $charset = '')
{
$this->database = $database;
$w_port = $w_port ? $w_port : 3306;
$r_port = $r_port ? $r_port : 3306;
$this->connection_master = $this->db_connect($w_servername, $w_port, $w_username, $w_password, $w_usepconnect, $configfile, $charset);
$this->multiserver = false;
$this->connection_slave =& $this->connection_master;
if ($this->connection_master)
{
$this->select_db($this->database);
}
}
/**
* Initialize database connection(s)
*
* Connects to the specified master database server, and also to the slave server if it is specified
*
* @param string Name of the database server - should be either 'localhost' or an IP address
* @param integer Port of the database server (usually 3306)
* @param string Username to connect to the database server
* @param string Password associated with the username for the database server
* @param boolean Whether or not to use persistent connections to the database server
* @param string Not applicable; config file for MySQLi only
* @param string Force connection character set (to prevent collation errors)
*
* @return boolean
*/
function db_connect($servername, $port, $username, $password, $usepconnect, $configfile = '', $charset = '')
{
if (function_exists('catch_db_error'))
{
set_error_handler('catch_db_error');
}
// catch_db_error will handle exiting, no infinite loop here
do
{
$link = $this->functions[$usepconnect ? 'pconnect' : 'connect']("$servername:$port", $username, $password);
}
while ($link == false AND $this->reporterror);
restore_error_handler();
if (!empty($charset))
{
if (function_exists('mysql_set_charset'))
{
mysql_set_charset($charset);
}
else
{
$this->sql = "SET NAMES $charset";
$this->execute_query(true, $link);
}
}
return $link;
}
/**
* Selects a database to use
*
* @param string The name of the database located on the database server(s)
*
* @return boolean
*/
function select_db($database = '')
{
if ($database != '')
{
$this->database = $database;
}
if ($check_write = @$this->select_db_wrapper($this->database, $this->connection_master))
{
$this->connection_recent =& $this->connection_master;
return true;
}
else
{
$this->connection_recent =& $this->connection_master;
$this->halt('Cannot use database ' . $this->database);
return false;
}
}
/**
* Simple wrapper for select_db(), to allow argument order changes
*
* @param string Database name
* @param integer Link identifier
*
* @return boolean
*/
function select_db_wrapper($database = '', $link = null)
{
return $this->functions['select_db']($database, $link);
}
/**
* Forces the sql_mode varaible to a specific mode. Certain modes may be
* incompatible with vBulletin. Applies to MySQL 4.1+.
*
* @param string The mode to set the sql_mode variable to
*/
function force_sql_mode($mode)
{
$reset_errors = $this->reporterror;
if ($reset_errors)
{
$this->hide_errors();
}
$this->query_write("SET @@sql_mode = '" . $this->escape_string($mode) . "'");
if ($reset_errors)
{
$this->show_errors();
}
}
/**
* Executes an SQL query through the specified connection
*
* @param boolean Whether or not to run this query buffered (true) or unbuffered (false). Default is unbuffered.
* @param string The connection ID to the database server
*
* @return string
*/
function &execute_query($buffered = true, &$link)
{
$this->connection_recent =& $link;
$this->querycount++;
if ($queryresult = $this->functions[$buffered ? 'query' : 'query_unbuffered']($this->sql, $link))
{
// unset $sql to lower memory .. this isn't an error, so it's not needed
$this->sql = '';
return $queryresult;
}
else
{
$this->halt();
// unset $sql to lower memory .. error will have already been thrown
$this->sql = '';
}
}
/**
* Executes a data-writing SQL query through the 'master' database connection
*
* @param string The text of the SQL query to be executed
* @param boolean Whether or not to run this query buffered (true) or unbuffered (false). Default is buffered.
*
* @return string
*/
function query_write($sql, $buffered = true)
{
$this->sql =& $sql;
return $this->execute_query($buffered, $this->connection_master);
}
/**
* Executes a data-reading SQL query through the 'master' database connection
* we don't know if the 'read' database is up to date so be on the safe side
*
* @param string The text of the SQL query to be executed
* @param boolean Whether or not to run this query buffered (true) or unbuffered (false). Default is buffered.
*
* @return string
*/
function query_read($sql, $buffered = true)
{
$this->sql =& $sql;
return $this->execute_query($buffered, $this->connection_master);
}
/**
* Executes a data-reading SQL query through the 'slave' database connection
*
* @param string The text of the SQL query to be executed
* @param boolean Whether or not to run this query buffered (true) or unbuffered (false). Default is buffered.
*
* @return string
*/
function query_read_slave($sql, $buffered = true)
{
$this->sql =& $sql;
return $this->execute_query($buffered, $this->connection_master);
}
/**
* Executes an SQL query, using either the write connection
*
* @deprecated Deprecated as of 3.6. Use query_(read/write)
*
* @param string The text of the SQL query to be executed
* @param boolean Whether or not to run this query buffered (true) or unbuffered (false). Default is unbuffered.
*
* @return string
*/
function query($sql, $buffered = true)
{
$this->sql =& $sql;
return $this->execute_query($buffered, $this->connection_master);
}
/**
* Executes a data-reading SQL query, then returns an array of the data from the first row from the result set
*
* @param string The text of the SQL query to be executed
* @param string One of (NUM, ASSOC, BOTH)
*
* @return array
*/
function &query_first($sql, $type = DBARRAY_ASSOC)
{
$this->sql =& $sql;
$queryresult = $this->execute_query(true, $this->connection_master);
$returnarray = $this->fetch_array($queryresult, $type);
$this->free_result($queryresult);
return $returnarray;
}
/**
* Executes a FOUND_ROWS query to get the results of SQL_CALC_FOUND_ROWS
*
* @return integer
*/
function found_rows()
{
$this->sql = "SELECT FOUND_ROWS()";
$queryresult = $this->execute_query(true, $this->connection_recent);
$returnarray = $this->fetch_array($queryresult, DBARRAY_NUM);
$this->free_result($queryresult);
return intval($returnarray[0]);
}
/**
* Executes a data-reading SQL query against the slave server, then returns an array of the data from the first row from the result set
*
* @param string The text of the SQL query to be executed
* @param string One of (NUM, ASSOC, BOTH)
*
* @return array
*/
function &query_first_slave($sql, $type = DBARRAY_ASSOC)
{
$returnarray = $this->query_first($sql, $type);
return $returnarray;
}
/**
* Executes an INSERT INTO query, using extended inserts if possible
*
* @param string Name of the table into which data should be inserted
* @param string Comma-separated list of the fields to affect
* @param array Array of SQL values
* @param boolean Whether or not to run this query buffered (true) or unbuffered (false). Default is unbuffered.
*
* @return mixed
*/
function &query_insert($table, $fields, &$values, $buffered = true)
{
return $this->insert_multiple("INSERT INTO $table $fields VALUES", $values, $buffered);
}
/**
* Executes a REPLACE INTO query, using extended inserts if possible
*
* @param string Name of the table into which data should be inserted
* @param string Comma-separated list of the fields to affect
* @param array Array of SQL values
* @param boolean Whether or not to run this query buffered (true) or unbuffered (false). Default is unbuffered.
*
* @return mixed
*/
function &query_replace($table, $fields, &$values, $buffered = true)
{
return $this->insert_multiple("REPLACE INTO $table $fields VALUES", $values, $buffered);
}
/**
* Executes an INSERT or REPLACE query with multiple values, splitting large queries into manageable chunks based on $this->maxpacket
*
* @param string The text of the first part of the SQL query to be executed - example "INSERT INTO table (field1, field2) VALUES"
* @param mixed The values to be inserted. Example: (0 => "('value1', 'value2')", 1 => "('value3', 'value4')")
* @param boolean Whether or not to run this query buffered (true) or unbuffered (false). Default is unbuffered.
*
* @return mixed
*/
function insert_multiple($sql, &$values, $buffered)
{
if ($this->maxpacket == 0)
{
// must do a READ query on the WRITE link here!
$vars = $this->query_write("SHOW VARIABLES LIKE 'max_allowed_packet'");
$var = $this->fetch_row($vars);
$this->maxpacket = $var[1];
$this->free_result($vars);
}
$i = 0;
$num_values = sizeof($values);
$this->sql = $sql;
while ($i < $num_values)
{
$sql_length = strlen($this->sql);
$value_length = strlen("\r\n" . $values["$i"] . ",");
if (($sql_length + $value_length) < $this->maxpacket)
{
$this->sql .= "\r\n" . $values["$i"] . ",";
unset($values["$i"]);
$i++;
}
else
{
$this->sql = (substr($this->sql, -1) == ',') ? substr($this->sql, 0, -1) : $this->sql;
$this->execute_query($buffered, $this->connection_master);
$this->sql = $sql;
}
}
if ($this->sql != $sql)
{
$this->sql = (substr($this->sql, -1) == ',') ? substr($this->sql, 0, -1) : $this->sql;
$this->execute_query($buffered, $this->connection_master);
}
if (sizeof($values) == 1)
{
return $this->insert_id();
}
else
{
return true;
}
}
/**
* Registers an SQL query to be executed at shutdown time. If shutdown functions are disabled, the query is run immediately.
*
* @param string The text of the SQL query to be executed
* @param mixed (Optional) Allows particular shutdown queries to be labelled
*
* @return boolean
*/
function shutdown_query($sql, $arraykey = -1)
{
if ($arraykey === -1)
{
$this->shutdownqueries[] = $sql;
return true;
}
else
{
$this->shutdownqueries["$arraykey"] = $sql;
return true;
}
}
/**
* Returns the number of rows contained within a query result set
*
* @param string The query result ID we are dealing with
*
* @return integer
*/
function num_rows($queryresult)
{
return @$this->functions['num_rows']($queryresult);
}
/**
* Returns the number of fields contained within a query result set
*
* @param string The query result ID we are dealing with
*
* @return integer
*/
function num_fields($queryresult)
{
return @$this->functions['num_fields']($queryresult);
}
/**
* Returns the name of a field from within a query result set
*
* @param string The query result ID we are dealing with
* @param integer The index position of the field
*
* @return string
*/
function field_name($queryresult, $index)
{
return @$this->functions['field_name']($queryresult, $index);
}
/**
* Returns the ID of the item just inserted into an auto-increment field
*
* @return integer
*/
function insert_id()
{
return @$this->functions['insert_id']($this->connection_master);
}
/**
* Returns the name of the character set
*
* @return string
*/
function client_encoding()
{
return @$this->functions['client_encoding']($this->connection_master);
}
/**
* Closes the connection to the database server
*
* @return integer
*/
function close()
{
return @$this->functions['close']($this->connection_master);
}
/**
* Escapes a string to make it safe to be inserted into an SQL query
*
* @param string The string to be escaped
*
* @return string
*/
function escape_string($string)
{
if ($this->functions['escape_string'] == $this->functions['real_escape_string'])
{
return $this->functions['escape_string']($string, $this->connection_master);
}
else
{
return $this->functions['escape_string']($string);
}
}
/**
* Escapes a string using the appropriate escape character for the RDBMS for use in LIKE conditions
*
* @param string The string to be escaped
*
* @return string
*/
function escape_string_like($string)
{
return str_replace(array('%', '_') , array('\%' , '\_') , $this->escape_string($string));
}
/**
* Takes a piece of data and prepares it to be put into an SQL query by adding quotes etc.
*
* @param mixed The data to be used
*
* @return mixed The prepared data
*/
function sql_prepare($value)
{
if (is_string($value))
{
return "'" . $this->escape_string($value) . "'";
}
else if (is_numeric($value) AND $value + 0 == $value)
{
return $value;
}
else if (is_bool($value))
{
return $value ? 1 : 0;
}
else
{
return "'" . $this->escape_string($value) . "'";
}
}
/**
* Fetches a row from a query result and returns the values from that row as an array
*
* The value of $type defines whether the array will have numeric or associative keys, or both
*
* @param string The query result ID we are dealing with
* @param integer One of DBARRAY_ASSOC / DBARRAY_NUM / DBARRAY_BOTH
*
* @return array
*/
function fetch_array($queryresult, $type = DBARRAY_ASSOC)
{
return @$this->functions['fetch_array']($queryresult, $this->fetchtypes["$type"]);
}
/**
* Fetches a row from a query result and returns the values from that row as an array with numeric keys
*
* @param string The query result ID we are dealing with
*
* @return array
*/
function fetch_row($queryresult)
{
return @$this->functions['fetch_row']($queryresult);
}
/**
* Fetches a row information from a query result and returns the values from that row as an array
*
* @param string The query result ID we are dealing with
*
* @return array
*/
function fetch_field($queryresult)
{
return @$this->functions['fetch_field']($queryresult);
}
/**
* Moves the internal result pointer within a query result set
*
* @param string The query result ID we are dealing with
* @param integer The position to which to move the pointer (first position is 0)
*
* @return boolean
*/
function data_seek($queryresult, $index)
{
return @$this->functions['data_seek']($queryresult, $index);
}
/**
* Frees all memory associated with the specified query result
*
* @param string The query result ID we are dealing with
*
* @return boolean
*/
function free_result($queryresult)
{
$this->sql = '';
return @$this->functions['free_result']($queryresult);
}
/**
* Retuns the number of rows affected by the most recent insert/replace/update query
*
* @return integer
*/
function affected_rows()
{
$this->rows = $this->functions['affected_rows']($this->connection_recent);
return $this->rows;
}
/**
* Lock tables
*
* @param mixed List of tables to lock
* @param string Type of lock to perform
*
*/
function lock_tables($tablelist)
{
if (!empty($tablelist) AND is_array($tablelist))
{
// Don't lock tables if we know we might get stuck with them locked (pconnect = true)
// mysqli doesn't support pconnect! YAY!
if (strtolower($this->registry->config['Database']['dbtype']) != 'mysqli' AND $this->registry->config['MasterServer']['usepconnect'])
{
return;
}
$sql = '';
foreach($tablelist AS $name => $type)
{
$sql .= (!empty($sql) ? ', ' : '') . TABLE_PREFIX . $name . " " . $type;
}
$this->query_write("LOCK TABLES $sql");
$this->locked = true;
}
}
/**
* Unlock tables
*
*/
function unlock_tables()
{
# must be called from exec_shutdown as tables can get stuck locked if pconnects are enabled
# note: the above case never actually happens as we skip the lock if pconnects are enabled (to be safe) =)
if ($this->locked)
{
$this->query_write("UNLOCK TABLES");
}
}
/**
* Returns the text of the error message from previous database operation
*
* @return string
*/
function error()
{
if ($this->connection_recent === null)
{
$this->error = '';
}
else
{
$this->error = $this->functions['error']($this->connection_recent);
}
return $this->error;
}
/**
* Returns the numerical value of the error message from previous database operation
*
* @return integer
*/
function errno()
{
if ($this->connection_recent === null)
{
$this->errno = 0;
}
else
{
$this->errno = $this->functions['errno']($this->connection_recent);
}
return $this->errno;
}
/**
* Switches database error display ON
*/
function show_errors()
{
$this->reporterror = true;
}
/**
* Switches database error display OFF
*/
function hide_errors()
{
$this->reporterror = false;
}
/**
* Halts execution of the entire system and displays an error message
*
* @param string Text of the error message. Leave blank to use $this->sql as error text.
*
* @return integer
*/
function halt($errortext = '')
{
global $vbulletin;
if ($this->connection_recent)
{
$this->error = $this->error($this->connection_recent);
$this->errno = $this->errno($this->connection_recent);
}
if ($this->reporterror)
{
if ($errortext == '')
{
$this->sql = "Invalid SQL:\r\n" . chop($this->sql) . ';';
$errortext =& $this->sql;
}
if (!headers_sent())
{
if (SAPI_NAME == 'cgi' OR SAPI_NAME == 'cgi-fcgi')
{
header('Status: 503 Service Unavailable');
}
else
{
header('HTTP/1.1 503 Service Unavailable');
}
}
$vboptions =& $vbulletin->options;
$technicalemail =& $vbulletin->config['Database']['technicalemail'];
$bbuserinfo =& $vbulletin->userinfo;
$requestdate = date('l, F jS Y @ h:i:s A', TIMENOW);
$date = date('l, F jS Y @ h:i:s A');
$scriptpath = str_replace('&', '&', $vbulletin->scriptpath);
$referer = REFERRER;
$ipaddress = IPADDRESS;
$classname = get_class($this);
if ($this->connection_recent)
{
$this->hide_errors();
list($mysqlversion) = $this->query_first("SELECT VERSION() AS version", DBARRAY_NUM);
$this->show_errors();
}
$display_db_error = (VB_AREA == 'Upgrade' OR VB_AREA == 'Install' OR $vbulletin->userinfo['usergroupid'] == 6 OR ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions));
// Hide the MySQL Version if its going in the source
if (!$display_db_error)
{
$mysqlversion = '';
}
eval('$message = "' . str_replace('"', '\"', file_get_contents(DIR . '/includes/database_error_message.html')) . '";');
require_once(DIR . '/includes/functions_log_error.php');
if (function_exists('log_vbulletin_error'))
{
log_vbulletin_error($message, 'database');
}
if ($technicalemail != '' AND !$vbulletin->options['disableerroremail'] AND verify_email_vbulletin_error($this->errno, 'database'))
{
// If vBulletinHook is defined then we know that options are loaded, so we can then use vbmail
if (class_exists('vBulletinHook'))
{
@vbmail($technicalemail, $this->appshortname . ' Database Error!', $message, true, $technicalemail);
}
else
{
@mail($technicalemail, $this->appshortname . ' Database Error!', preg_replace("#(\r\n|\r|\n)#s", (@ini_get('sendmail_path') === '') ? "\r\n" : "\n", $message), "From: $technicalemail");
}
}
if ($display_db_error)
{
// display error message on screen
$message = '<form><textarea rows="15" cols="70" wrap="off" id="message">' . htmlspecialchars_uni($message) . '</textarea></form>';
}
else
{
// display hidden error message
$message = "\r\n<!--\r\n" . htmlspecialchars_uni($message) . "\r\n-->\r\n";
}
if ($vbulletin->options['bburl'])
{
$imagepath = $vbulletin->options['bburl'];
}
else
{
// this might not work with too many slashes in the archive
$imagepath = (VB_AREA == 'Forum' ? '.' : '..');
}
eval('$message = "' . str_replace('"', '\"', file_get_contents(DIR . '/includes/database_error_page.html')) . '";');
// This is needed so IE doesn't show the pretty error messages
$message .= str_repeat(' ', 512);
die($message);
}
else if (!empty($errortext))
{
$this->error = $errortext;
}
}
}
// #############################################################################
// MySQLi Database Class
/**
* Class to interface with a MySQL 4.1 database
*
* This class also handles data replication between a master and slave(s) servers
*
* @package vBulletin
* @version $Revision: 43870 $
* @date $Date: 2011-05-26 14:52:39 -0700 (Thu, 26 May 2011) $
*/
class vB_Database_MySQLi extends vB_Database
{
/**
* Array of function names, mapping a simple name to the RDBMS specific function name
*
* @var array
*/
var $functions = array(
'connect' => 'mysqli_real_connect',
'pconnect' => 'mysqli_real_connect', // mysqli doesn't support persistent connections THANK YOU!
'select_db' => 'mysqli_select_db',
'query' => 'mysqli_query',
'query_unbuffered' => 'mysqli_unbuffered_query',
'fetch_row' => 'mysqli_fetch_row',
'fetch_array' => 'mysqli_fetch_array',
'fetch_field' => 'mysqli_fetch_field',
'free_result' => 'mysqli_free_result',
'data_seek' => 'mysqli_data_seek',
'error' => 'mysqli_error',
'errno' => 'mysqli_errno',
'affected_rows' => 'mysqli_affected_rows',
'num_rows' => 'mysqli_num_rows',
'num_fields' => 'mysqli_num_fields',
'field_name' => 'mysqli_field_tell',
'insert_id' => 'mysqli_insert_id',
'escape_string' => 'mysqli_real_escape_string',
'real_escape_string' => 'mysqli_real_escape_string',
'close' => 'mysqli_close',
'client_encoding' => 'mysqli_client_encoding',
);
/**
* Array of constants for use in fetch_array
*
* @var array
*/
var $fetchtypes = array(
DBARRAY_NUM => MYSQLI_NUM,
DBARRAY_ASSOC => MYSQLI_ASSOC,
DBARRAY_BOTH => MYSQLI_BOTH
);
/**
* Initialize database connection(s)
*
* Connects to the specified master database server, and also to the slave server if it is specified
*
* @param string Name of the database server - should be either 'localhost' or an IP address
* @param integer Port of the database server - usually 3306
* @param string Username to connect to the database server
* @param string Password associated with the username for the database server
* @param string Persistent Connections - Not supported with MySQLi
* @param string Configuration file from config.php.ini (my.ini / my.cnf)
* @param string Mysqli Connection Charset PHP 5.1.0+ or 5.0.5+ / MySQL 4.1.13+ or MySQL 5.1.10+ Only
*
* @return object Mysqli Resource
*/
function db_connect($servername, $port, $username, $password, $usepconnect, $configfile = '', $charset = '')
{
if (function_exists('catch_db_error'))
{
set_error_handler('catch_db_error');
}
$link = mysqli_init();
# Set Options Connection Options
if (!empty($configfile))
{
mysqli_options($link, MYSQLI_READ_DEFAULT_FILE, $configfile);
}
// this will execute at most 5 times, see catch_db_error()
do
{
$connect = $this->functions['connect']($link, $servername, $username, $password, '', $port);
}
while ($connect == false AND $this->reporterror);
restore_error_handler();
if (!empty($charset))
{
if (function_exists('mysqli_set_charset'))
{
mysqli_set_charset($link, $charset);
}
else
{
$this->sql = "SET NAMES $charset";
$this->execute_query(true, $link);
}
}
return (!$connect) ? false : $link;
}
/**
* Executes an SQL query through the specified connection
*
* @param boolean Whether or not to run this query buffered (true) or unbuffered (false). Default is unbuffered.
* @param string The connection ID to the database server
*
* @return string
*/
function &execute_query($buffered = true, &$link)
{
$this->connection_recent =& $link;
$this->querycount++;
if ($queryresult = mysqli_query($link, $this->sql, ($buffered ? MYSQLI_STORE_RESULT : MYSQLI_USE_RESULT)))
{
// unset $sql to lower memory .. this isn't an error, so it's not needed
$this->sql = '';
return $queryresult;
}
else
{
$this->halt();
// unset $sql to lower memory .. error will have already been thrown
$this->sql = '';
}
}
/**
* Simple wrapper for select_db(), to allow argument order changes
*
* @param string Database name
* @param integer Link identifier
*
* @return boolean
*/
function select_db_wrapper($database = '', $link = null)
{
return $this->functions['select_db']($link, $database);
}
/**
* Escapes a string to make it safe to be inserted into an SQL query
*
* @param string The string to be escaped
*
* @return string
*/
function escape_string($string)
{
return $this->functions['real_escape_string']($this->connection_master, $string);
}
/**
* Returns the name of a field from within a query result set
*
* @param string The query result ID we are dealing with
* @param integer The index position of the field
*
* @return string
*/
function field_name($queryresult, $index)
{
$field = @$this->functions['fetch_field']($queryresult);
return $field->name;
}
}
// #############################################################################
// datastore class
/**
* Class for fetching and initializing the vBulletin datastore from the database
*
* @package vBulletin
* @version $Revision: 43870 $
* @date $Date: 2011-05-26 14:52:39 -0700 (Thu, 26 May 2011) $
*/
class vB_Datastore
{
/**
* Default items that are always loaded by fetch();
*
* @var array
*/
var $defaultitems = array(
'options',
'bitfields',
'attachmentcache',
'forumcache',
'usergroupcache',
'stylecache',
'languagecache',
'products',
'pluginlist',
'cron',
'profilefield',
'loadcache',
'noticecache'
);
/**
* This variable contains a list of all items to be returned from the datastore
*
* @var array
*/
var $itemarray = array();
/**
* This variable should be set to be a reference to the registry object
*
* @var vB_Registry
*/
var $registry = null;
/**
* This variable should be set to be a reference to the database object
*
* @var vB_Database
*/
var $dbobject = null;
/**
* Unique prefix for item's title, required for multiple forums on the same server using the same classes that read/write to memory
*
* @var string
*/
var $prefix = '';
/**
* Constructor - establishes the database object to use for datastore queries
*
* @param vB_Registry The registry object
* @param vB_Database The database object
*/
function vB_Datastore(&$registry, &$dbobject)
{
$this->registry =& $registry;
$this->dbobject =& $dbobject;
$this->prefix =& $this->registry->config['Datastore']['prefix'];
if (defined('SKIP_DEFAULTDATASTORE'))
{
$this->defaultitems = array('options', 'bitfields', 'pluginlist');
}
if (!is_object($registry))
{
trigger_error('<strong>vB_Datastore</strong>: $this->registry is not an object', E_USER_ERROR);
}
if (!is_object($dbobject))
{
trigger_error('<strong>vB_Datastore</strong>: $this->dbobject is not an object!', E_USER_ERROR);
}
}
/**
* Sorts the data returned from the cache and places it into appropriate places
*
* @param string The name of the data item to be processed
* @param mixed The data associated with the title
* @param integer If the data needs to be unserialized, 0 = no, 1 = yes, 2 = auto detect
*
* @return boolean
*/
function register($title, $data, $unserialize_detect = 2)
{
// specifies whether or not $data should be an array
$try_unserialize = (($unserialize_detect == 2) AND ($data[0] == 'a' AND $data[1] == ':'));
if ($try_unserialize OR $unserialize_detect == 1)
{
// unserialize returned an error so return false
if (($data = unserialize($data)) === false)
{
return false;
}
}
if ($title == 'bitfields')
{
$registry =& $this->registry;
foreach (array_keys($data) AS $group)
{
$registry->{'bf_' . $group} =& $data["$group"];
$group_prefix = 'bf_' . $group . '_';
$group_info =& $data["$group"];
foreach (array_keys($group_info) AS $subgroup)
{
$registry->{$group_prefix . $subgroup} =& $group_info["$subgroup"];
}
}
}
else if (!empty($title))
{
$this->registry->$title = $data;
}
return true;
}
/**
* Fetches the contents of the datastore from the database
*
* @param array Array of items to fetch from the datastore
*
* @return void
*/
function fetch($itemarray)
{
$db =& $this->dbobject;
$itemlist = "''";
foreach ($this->defaultitems AS $item)
{
$itemlist .= ",'" . $db->escape_string($item) . "'";
}
if (is_array($itemarray))
{
foreach ($itemarray AS $item)
{
$itemlist .= ",'" . $db->escape_string($item) . "'";
}
}
$this->do_db_fetch($itemlist);
$this->check_options();
// set the version number variable
$this->registry->versionnumber =& $this->registry->options['templateversion'];
}
/**
* Performs the actual fetching of the datastore items for the database, child classes may use this
*
* @param string title of the datastore item
*
* @return void
*/
function do_db_fetch($itemlist)
{
$db =& $this->dbobject;
$dataitems = $db->query_read("
SELECT *
FROM " . TABLE_PREFIX . "datastore
WHERE title IN ($itemlist)
");
while ($dataitem = $db->fetch_array($dataitems))
{
$this->register($dataitem['title'], $dataitem['data'], (isset($dataitem['unserialize']) ? $dataitem['unserialize'] : 2));
}
$db->free_result($dataitems);
}
/**
* Checks that the options item has come out of the datastore correctly
* and sets the 'versionnumber' variable
*/
function check_options()
{
if (!isset($this->registry->options['templateversion']))
{
// fatal error - options not loaded correctly
require_once(DIR . '/includes/adminfunctions.php');
require_once(DIR . '/includes/functions.php');
$this->register('options', build_options(), 0);
}
// set the short version number
$this->registry->options['simpleversion'] = SIMPLE_VERSION . $this->registry->config['Misc']['jsver'];
}
}
// #############################################################################
// input handler class
/**#@+
* Ways of cleaning input. Should be mostly self-explanatory.
*/
define('TYPE_NOCLEAN', 0); // no change
define('TYPE_BOOL', 1); // force boolean
define('TYPE_INT', 2); // force integer
define('TYPE_UINT', 3); // force unsigned integer
define('TYPE_NUM', 4); // force number
define('TYPE_UNUM', 5); // force unsigned number
define('TYPE_UNIXTIME', 6); // force unix datestamp (unsigned integer)
define('TYPE_STR', 7); // force trimmed string
define('TYPE_NOTRIM', 8); // force string - no trim
define('TYPE_NOHTML', 9); // force trimmed string with HTML made safe
define('TYPE_ARRAY', 10); // force array
define('TYPE_FILE', 11); // force file
define('TYPE_BINARY', 12); // force binary string
define('TYPE_NOHTMLCOND', 13); // force trimmed string with HTML made safe if determined to be unsafe
define('TYPE_ARRAY_BOOL', 101);
define('TYPE_ARRAY_INT', 102);
define('TYPE_ARRAY_UINT', 103);
define('TYPE_ARRAY_NUM', 104);
define('TYPE_ARRAY_UNUM', 105);
define('TYPE_ARRAY_UNIXTIME', 106);
define('TYPE_ARRAY_STR', 107);
define('TYPE_ARRAY_NOTRIM', 108);
define('TYPE_ARRAY_NOHTML', 109);
define('TYPE_ARRAY_ARRAY', 110);
define('TYPE_ARRAY_FILE', 11); // An array of "Files" behaves differently than other <input> arrays. TYPE_FILE handles both types.
define('TYPE_ARRAY_BINARY', 112);
define('TYPE_ARRAY_NOHTMLCOND',113);
define('TYPE_ARRAY_KEYS_INT', 202);
define('TYPE_ARRAY_KEYS_STR', 207);
define('TYPE_CONVERT_SINGLE', 100); // value to subtract from array types to convert to single types
define('TYPE_CONVERT_KEYS', 200); // value to subtract from array => keys types to convert to single types
/**#@-*/
// temporary
define('INT', TYPE_INT);
define('STR', TYPE_STR);
define('STR_NOHTML', TYPE_NOHTML);
define('FILE', TYPE_FILE);
/**
* Class to handle and sanitize variables from GET, POST and COOKIE etc
*
* @package vBulletin
* @version $Revision: 43870 $
* @date $Date: 2011-05-26 14:52:39 -0700 (Thu, 26 May 2011) $
*/
class vB_Input_Cleaner
{
/**
* Translation table for short name to long name
*
* @var array
*/
var $shortvars = array(
'f' => 'forumid',
't' => 'threadid',
'p' => 'postid',
'u' => 'userid',
'a' => 'announcementid',
'c' => 'calendarid',
'e' => 'eventid',
'q' => 'query',
'pp' => 'perpage',
'page' => 'pagenumber',
'sort' => 'sortfield',
'order' => 'sortorder',
);
/**
* Translation table for short superglobal name to long superglobal name
*
* @var array
*/
var $superglobal_lookup = array(
'g' => '_GET',
'p' => '_POST',
'r' => '_REQUEST',
'c' => '_COOKIE',
's' => '_SERVER',
'e' => '_ENV',
'f' => '_FILES'
);
/**
* System state. The complete URL of the current page, without sessionhash
*
* @var string
*/
var $scriptpath = '';
/**
* Reload URL. Complete URL of the current page including sessionhash
*
* @var string
*/
var $reloadurl = '';
/**
* System state. The complete URL of the page for Who's Online purposes
*
* @var string
*/
var $wolpath = '';
/**
* System state. The complete URL of the referring page
*
* @var string
*/
var $url = '';
/**
* System state. The IP address of the current visitor
*
* @var string
*/
var $ipaddress = '';
/**
* System state. An attempt to find a second IP for the current visitor (proxy etc)
*
* @var string
*/
var $alt_ip = '';
/**
* A reference to the main registry object
*
* @var vB_Registry
*/
var $registry = null;
/**
* Keep track of variables that have already been cleaned
*
* @var array
*/
var $cleaned_vars = array();
/**
* Constructor
*
* First, reverses the effects of magic quotes on GPC
* Second, translates short variable names to long (u --> userid)
* Third, deals with $_COOKIE[userid] conflicts
*
* @param vB_Registry The instance of the vB_Registry object
*/
function vB_Input_Cleaner(&$registry)
{
$this->registry =& $registry;
if (!is_array($GLOBALS))
{
die('<strong>Fatal Error:</strong> Invalid URL.');
}
// overwrite GET[x] and REQUEST[x] with POST[x] if it exists (overrides server's GPC order preference)
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
foreach (array_keys($_POST) AS $key)
{
if (isset($_GET["$key"]))
{
$_GET["$key"] = $_REQUEST["$key"] = $_POST["$key"];
}
}
}
// deal with session bypass situation
if (!defined('SESSION_BYPASS'))
{
define('SESSION_BYPASS', !empty($_REQUEST['bypass']));
}
// reverse the effects of magic quotes if necessary
if (function_exists('get_magic_quotes_gpc') AND get_magic_quotes_gpc())
{
$this->stripslashes_deep($_REQUEST); // needed for some reason (at least on php5 - not tested on php4)
$this->stripslashes_deep($_GET);
$this->stripslashes_deep($_POST);
$this->stripslashes_deep($_COOKIE);
if (is_array($_FILES))
{
foreach ($_FILES AS $key => $val)
{
$_FILES["$key"]['tmp_name'] = str_replace('\\', '\\\\', $val['tmp_name']);
}
$this->stripslashes_deep($_FILES);
}
}
set_magic_quotes_runtime(0);
@ini_set('magic_quotes_sybase', 0);
foreach (array('_GET', '_POST') AS $arrayname)
{
if (isset($GLOBALS["$arrayname"]['do']))
{
$GLOBALS["$arrayname"]['do'] = trim($GLOBALS["$arrayname"]['do']);
}
$this->convert_shortvars($GLOBALS["$arrayname"]);
}
// set the AJAX flag if we have got an AJAX submission
if ($_SERVER['REQUEST_METHOD'] == 'POST' AND $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
{
$_POST['ajax'] = $_REQUEST['ajax'] = 1;
}
// reverse the effects of register_globals if necessary
if (@ini_get('register_globals') OR !@ini_get('gpc_order'))
{
foreach ($this->superglobal_lookup AS $arrayname)
{
$registry->superglobal_size["$arrayname"] = sizeof($GLOBALS["$arrayname"]);
foreach (array_keys($GLOBALS["$arrayname"]) AS $varname)
{
// make sure we dont unset any global arrays like _SERVER
if (!in_array($varname, $this->superglobal_lookup))
{
unset($GLOBALS["$varname"]);
}
}
}
}
else
{
foreach ($this->superglobal_lookup AS $arrayname)
{
$registry->superglobal_size["$arrayname"] = sizeof($GLOBALS["$arrayname"]);
}
}
// deal with cookies that may conflict with _GET and _POST data, and create our own _REQUEST with no _COOKIE input
foreach (array_keys($_COOKIE) AS $varname)
{
unset($_REQUEST["$varname"]);
if (isset($_POST["$varname"]))
{
$_REQUEST["$varname"] =& $_POST["$varname"];
}
else if (isset($_GET["$varname"]))
{
$_REQUEST["$varname"] =& $_GET["$varname"];
}
}
// fetch client IP address
$registry->ipaddress = $this->fetch_ip();
define('IPADDRESS', $registry->ipaddress);
// attempt to fetch IP address from behind proxies - useful, but don't rely on it...
$registry->alt_ip = $this->fetch_alt_ip();
define('ALT_IP', $registry->alt_ip);
// defines if the current page was visited via SSL or not
define('REQ_PROTOCOL', (($_SERVER['HTTPS'] == 'on' OR $_SERVER['HTTPS'] == '1') ? 'https' : 'http'));
// fetch complete url of current page
$registry->scriptpath = $this->fetch_scriptpath();
define('SCRIPTPATH', $registry->scriptpath);
// fetch url of current page without the variable string
$quest_pos = strpos($registry->scriptpath, '?');
if ($quest_pos !== false)
{
$registry->script = substr($registry->scriptpath, 0, $quest_pos);
}
else
{
$registry->script = $registry->scriptpath;
}
define('SCRIPT', $registry->script);
// fetch url of current page for Who's Online
$registry->wolpath = $this->fetch_wolpath();
define('WOLPATH', $registry->wolpath);
// define session constants
define('SESSION_HOST', substr($registry->ipaddress, 0, 15));
// define some useful contants related to environment
define('USER_AGENT', $_SERVER['HTTP_USER_AGENT']);
define('REFERRER', $_SERVER['HTTP_REFERER']);
}
/**
* Makes data in an array safe to use
*
* @param array The source array containing the data to be cleaned
* @param array Array of variable names and types we want to extract from the source array
*
* @return array
*/
function &clean_array(&$source, $variables)
{
$return = array();
foreach ($variables AS $varname => $vartype)
{
$return["$varname"] =& $this->clean($source["$varname"], $vartype, isset($source["$varname"]));
}
return $return;
}
/**
* Makes GPC variables safe to use
*
* @param string Either, g, p, c, r or f (corresponding to get, post, cookie, request and files)
* @param array Array of variable names and types we want to extract from the source array
*
* @return array
*/
function clean_array_gpc($source, $variables)
{
$sg =& $GLOBALS[$this->superglobal_lookup["$source"]];
foreach ($variables AS $varname => $vartype)
{
// clean a variable only once unless its a different type
if (!isset($this->cleaned_vars["$varname"]) OR $this->cleaned_vars["$varname"] != $vartype)
{
$this->registry->GPC_exists["$varname"] = isset($sg["$varname"]);
$this->registry->GPC["$varname"] =& $this->clean(
$sg["$varname"],
$vartype,
isset($sg["$varname"])
);
$this->cleaned_vars["$varname"] = $vartype;
}
}
}
/**
* Makes a single GPC variable safe to use and returns it
*
* @param array The source array containing the data to be cleaned
* @param string The name of the variable in which we are interested
* @param integer The type of the variable in which we are interested
*
* @return mixed
*/
function &clean_gpc($source, $varname, $vartype = TYPE_NOCLEAN)
{
// clean a variable only once unless its a different type
if (!isset($this->cleaned_vars["$varname"]) OR $this->cleaned_vars["$varname"] != $vartype)
{
$sg =& $GLOBALS[$this->superglobal_lookup["$source"]];
$this->registry->GPC_exists["$varname"] = isset($sg["$varname"]);
$this->registry->GPC["$varname"] =& $this->clean(
$sg["$varname"],
$vartype,
isset($sg["$varname"])
);
$this->cleaned_vars["$varname"] = $vartype;
}
return $this->registry->GPC["$varname"];
}
/**
* Makes a single variable safe to use and returns it
*
* @param mixed The variable to be cleaned
* @param integer The type of the variable in which we are interested
* @param boolean Whether or not the variable to be cleaned actually is set
*
* @return mixed The cleaned value
*/
function &clean(&$var, $vartype = TYPE_NOCLEAN, $exists = true)
{
if ($exists)
{
if ($vartype < TYPE_CONVERT_SINGLE)
{
$this->do_clean($var, $vartype);
}
else if (is_array($var))
{
if ($vartype >= TYPE_CONVERT_KEYS)
{
$var = array_keys($var);
$vartype -= TYPE_CONVERT_KEYS;
}
else
{
$vartype -= TYPE_CONVERT_SINGLE;
}
foreach (array_keys($var) AS $key)
{
$this->do_clean($var["$key"], $vartype);
}
}
else
{
$var = array();
}
return $var;
}
else
{
if ($vartype < TYPE_CONVERT_SINGLE)
{
switch ($vartype)
{
case TYPE_INT:
case TYPE_UINT:
case TYPE_NUM:
case TYPE_UNUM:
case TYPE_UNIXTIME:
{
$var = 0;
break;
}
case TYPE_STR:
case TYPE_NOHTML:
case TYPE_NOTRIM:
case TYPE_NOHTMLCOND:
{
$var = '';
break;
}
case TYPE_BOOL:
{
$var = 0;
break;
}
case TYPE_ARRAY:
case TYPE_FILE:
{
$var = array();
break;
}
case TYPE_NOCLEAN:
{
$var = null;
break;
}
default:
{
$var = null;
}
}
}
else
{
$var = array();
}
return $var;
}
}
/**
* Does the actual work to make a variable safe
*
* @param mixed The data we want to make safe
* @param integer The type of the data
*
* @return mixed
*/
function &do_clean(&$data, $type)
{
static $booltypes = array('1', 'yes', 'y', 'true');
switch ($type)
{
case TYPE_INT: $data = intval($data); break;
case TYPE_UINT: $data = ($data = intval($data)) < 0 ? 0 : $data; break;
case TYPE_NUM: $data = strval($data) + 0; break;
case TYPE_UNUM: $data = strval($data) + 0;
$data = ($data < 0) ? 0 : $data; break;
case TYPE_BINARY: $data = strval($data); break;
case TYPE_STR: $data = trim(strval($data)); break;
case TYPE_NOTRIM: $data = strval($data); break;
case TYPE_NOHTML: $data = htmlspecialchars_uni(trim(strval($data))); break;
case TYPE_BOOL: $data = in_array(strtolower($data), $booltypes) ? 1 : 0; break;
case TYPE_ARRAY: $data = (is_array($data)) ? $data : array(); break;
case TYPE_NOHTMLCOND:
{
$data = trim(strval($data));
if (strcspn($data, '<>"') < strlen($data) OR (strpos($data, '&') !== false AND !preg_match('/&(#[0-9]+|amp|lt|gt|quot);/si', $data)))
{
// data is not htmlspecialchars because it still has characters or entities it shouldn't
$data = htmlspecialchars_uni($data);
}
break;
}
case TYPE_FILE:
{
// perhaps redundant :p
if (is_array($data))
{
if (is_array($data['name']))
{
$files = count($data['name']);
for ($index = 0; $index < $files; $index++)
{
$data['name']["$index"] = trim(strval($data['name']["$index"]));
$data['type']["$index"] = trim(strval($data['type']["$index"]));
$data['tmp_name']["$index"] = trim(strval($data['tmp_name']["$index"]));
$data['error']["$index"] = intval($data['error']["$index"]);
$data['size']["$index"] = intval($data['size']["$index"]);
}
}
else
{
$data['name'] = trim(strval($data['name']));
$data['type'] = trim(strval($data['type']));
$data['tmp_name'] = trim(strval($data['tmp_name']));
$data['error'] = intval($data['error']);
$data['size'] = intval($data['size']);
}
}
else
{
$data = array(
'name' => '',
'type' => '',
'tmp_name' => '',
'error' => 0,
'size' => 4, // UPLOAD_ERR_NO_FILE
);
}
break;
}
case TYPE_UNIXTIME:
{
if (is_array($data))
{
$data = $this->clean($data, TYPE_ARRAY_UINT);
if ($data['month'] AND $data['day'] AND $data['year'])
{
require_once(DIR . '/includes/functions_misc.php');
$data = vbmktime($data['hour'], $data['minute'], $data['second'], $data['month'], $data['day'], $data['year']);
}
else
{
$data = 0;
}
}
else
{
$data = ($data = intval($data)) < 0 ? 0 : $data;
}
break;
}
// null actions should be deifned here so we can still catch typos below
case TYPE_NOCLEAN:
{
break;
}
default:
{
if ($this->registry->debug)
{
trigger_error('vB_Input_Cleaner::do_clean() Invalid data type specified', E_USER_WARNING);
}
}
}
// strip out characters that really have no business being in non-binary data
switch ($type)
{
case TYPE_STR:
case TYPE_NOTRIM:
case TYPE_NOHTML:
case TYPE_NOHTMLCOND:
$data = str_replace(chr(0), '', $data);
}
return $data;
}
/**
* Removes HTML characters and potentially unsafe scripting words from a string
*
* @param string The variable we want to make safe
*
* @return string
*/
function xss_clean($var)
{
static
$preg_find = array('#^javascript#i', '#^vbscript#i'),
$preg_replace = array('java script', 'vb script');
return preg_replace($preg_find, $preg_replace, htmlspecialchars(trim($var)));
}
/**
* Reverses the effects of magic_quotes on an entire array of variables
*
* @param array The array on which we want to work
*/
function stripslashes_deep(&$value, $depth = 0)
{
if (is_array($value))
{
foreach ($value AS $key => $val)
{
if (is_string($val))
{
$value["$key"] = stripslashes($val);
}
else if (is_array($val) AND $depth < 10)
{
$this->stripslashes_deep($value["$key"], $depth + 1);
}
}
}
}
/**
* Turns $_POST['t'] into $_POST['threadid'] etc.
*
* @param array The name of the array
*/
function convert_shortvars(&$array)
{
// extract long variable names from short variable names
foreach ($this->shortvars AS $shortname => $longname)
{
if (isset($array["$shortname"]) AND !isset($array["$longname"]))
{
$array["$longname"] =& $array["$shortname"];
$GLOBALS['_REQUEST']["$longname"] =& $array["$shortname"];
}
}
}
/**
* Strips out the s=gobbledygook& rubbish from URLs
*
* @param string The URL string from which to remove the session stuff
*
* @return string
*/
function strip_sessionhash($string)
{
$string = preg_replace('/(s|sessionhash)=[a-z0-9]{32}?&?/', '', $string);
return $string;
}
/**
* Fetches the 'scriptpath' variable - ie: the URI of the current page
*
* @return string
*/
function fetch_scriptpath()
{
if ($this->registry->scriptpath != '')
{
return $this->registry->scriptpath;
}
else
{
if ($_SERVER['REQUEST_URI'] OR $_ENV['REQUEST_URI'])
{
$scriptpath = $_SERVER['REQUEST_URI'] ? $_SERVER['REQUEST_URI'] : $_ENV['REQUEST_URI'];
}
else
{
if ($_SERVER['PATH_INFO'] OR $_ENV['PATH_INFO'])
{
$scriptpath = $_SERVER['PATH_INFO'] ? $_SERVER['PATH_INFO'] : $_ENV['PATH_INFO'];
}
else if ($_SERVER['REDIRECT_URL'] OR $_ENV['REDIRECT_URL'])
{
$scriptpath = $_SERVER['REDIRECT_URL'] ? $_SERVER['REDIRECT_URL'] : $_ENV['REDIRECT_URL'];
}
else
{
$scriptpath = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
}
if ($_SERVER['QUERY_STRING'] OR $_ENV['QUERY_STRING'])
{
$scriptpath .= '?' . ($_SERVER['QUERY_STRING'] ? $_SERVER['QUERY_STRING'] : $_ENV['QUERY_STRING']);
}
}
// in the future we should set $registry->script here too
$quest_pos = strpos($scriptpath, '?');
if ($quest_pos !== false)
{
$script = urldecode(substr($scriptpath, 0, $quest_pos));
$scriptpath = $script . substr($scriptpath, $quest_pos);
}
else
{
$scriptpath = urldecode($scriptpath);
}
// store a version that includes the sessionhash
$this->registry->reloadurl = $this->xss_clean($scriptpath);
$scriptpath = $this->strip_sessionhash($scriptpath);
$scriptpath = $this->xss_clean($scriptpath);
$this->registry->scriptpath = $scriptpath;
return $scriptpath;
}
}
/**
* Fetches the 'wolpath' variable - ie: the same as 'scriptpath' but with a handler for the POST request method
*
* @return string
*/
function fetch_wolpath()
{
$wolpath = $this->fetch_scriptpath();
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
// Tag the variables back on to the filename if we are coming from POST so that WOL can access them.
$tackon = '';
if (is_array($_POST))
{
foreach ($_POST AS $varname => $value)
{
switch ($varname)
{
case 'forumid':
case 'threadid':
case 'postid':
case 'userid':
case 'eventid':
case 'calendarid':
case 'do':
case 'method': // postings.php
case 'dowhat': // private.php
{
$tackon .= ($tackon == '' ? '' : '&') . $varname . '=' . $value;
break;
}
}
}
}
if ($tackon != '')
{
$wolpath .= (strpos($wolpath, '?') !== false ? '&' : '?') . "$tackon";
}
}
return $wolpath;
}
/**
* Fetches the 'url' variable - usually the URL of the previous page in the history
*
* @return string
*/
function fetch_url()
{
$temp_url = $_REQUEST['url'];
$scriptpath = $this->fetch_scriptpath();
if (empty($temp_url))
{
$url = $_SERVER['HTTP_REFERER'];
}
else
{
if ($temp_url == $_SERVER['HTTP_REFERER'])
{
$url = 'index.php';
}
else
{
$url = $temp_url;
}
}
if ($url == $scriptpath OR empty($url))
{
$url = 'index.php';
}
// if $url is set to forum home page, check it against options
if ($url == 'index.php' AND $this->registry->options['forumhome'] != 'index')
{
$url = $this->registry->options['forumhome'] . '.php';
}
$url = $this->xss_clean($url);
return $url;
}
/**
* Fetches the IP address of the current visitor
*
* @return string
*/
function fetch_ip()
{
return $_SERVER['REMOTE_ADDR'];
}
/**
* Fetches an alternate IP address of the current visitor, attempting to detect proxies etc.
*
* @return string
*/
function fetch_alt_ip()
{
$alt_ip = $_SERVER['REMOTE_ADDR'];
if (isset($_SERVER['HTTP_CLIENT_IP']))
{
$alt_ip = $_SERVER['HTTP_CLIENT_IP'];
}
else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches))
{
// try to avoid using an internal IP address, its probably a proxy
$ranges = array(
'10.0.0.0/8' => array(ip2long('10.0.0.0'), ip2long('10.255.255.255')),
'127.0.0.0/8' => array(ip2long('127.0.0.0'), ip2long('127.255.255.255')),
'169.254.0.0/16' => array(ip2long('169.254.0.0'), ip2long('169.254.255.255')),
'172.16.0.0/12' => array(ip2long('172.16.0.0'), ip2long('172.31.255.255')),
'192.168.0.0/16' => array(ip2long('192.168.0.0'), ip2long('192.168.255.255')),
);
foreach ($matches[0] AS $ip)
{
$ip_long = ip2long($ip);
if ($ip_long === false OR $ip_long == -1)
{
continue;
}
$private_ip = false;
foreach ($ranges AS $range)
{
if ($ip_long >= $range[0] AND $ip_long <= $range[1])
{
$private_ip = true;
break;
}
}
if (!$private_ip)
{
$alt_ip = $ip;
break;
}
}
}
else if (isset($_SERVER['HTTP_FROM']))
{
$alt_ip = $_SERVER['HTTP_FROM'];
}
return $alt_ip;
}
}
// #############################################################################
// data registry class
/**
* Class to store commonly-used variables
*
* @package vBulletin
* @version $Revision: 43870 $
* @date $Date: 2011-05-26 14:52:39 -0700 (Thu, 26 May 2011) $
*/
class vB_Registry
{
// general objects
/**
* Datastore object.
*
* @var vB_Datastore
*/
var $datastore;
/**
* Input cleaner object.
*
* @var vB_Input_Cleaner
*/
var $input;
/**
* Database object.
*
* @var vB_Database
*/
var $db;
// user/session related
/**
* Array of info about the current browsing user. In the case of a registered
* user, this will be results of fetch_userinfo(). A guest will have slightly
* different entries.
*
* @var array
*/
var $userinfo;
/**
* Session object.
*
* @var vB_Session
*/
var $session;
/**
* Array of do actions that are exempt from checks
*
* @var array
*/
var $csrf_skip_list = array();
// configuration
/**
* Array of data from config.php.
*
* @var array
*/
var $config;
// GPC input
/**
* Array of data that has been cleaned by the input cleaner.
*
* @var array
*/
var $GPC = array();
/**
* Array of booleans. When cleaning a variable, you often lose the ability
* to determine if it was specified in the user's input. Entries in this
* array are true if the variable existed before cleaning.
*
* @var array
*/
var $GPC_exists = array();
/**
* The size of the super global arrays.
*
* @var array
*/
var $superglobal_size = array();
// single variables
/**
* IP Address of the current browsing user.
*
* @var string
*/
var $ipaddress;
/**
* Alternate IP for the browsing user. This attempts to use various HTTP headers
* to find the real IP of a user that may be behind a proxy.
*
* @var string
*/
var $alt_ip;
/**
* The URL of the currently browsed page.
*
* @var string
*/
var $scriptpath;
/**
* Similar to the URL of the current page, but expands some items and includes
* data submitted via POST. Used for Who's Online purposes.
*
* @var string
*/
var $wolpath;
/**
* The URL of the current page, without anything after the '?'.
*
* @var string
*/
var $script;
/**
* Generally the URL of the referring page if there is one, though it is often
* set in various places of the code. Used to determine the page to redirect
* to, if necessary.
*
* @var string
*/
var $url;
// usergroup permission bitfields
/**#@+
* Bitfield arrays for usergroup permissions.
*
* @var array
*/
var $bf_ugp;
// $bf_ugp_x is a reference to $bf_ugp['x']
var $bf_ugp_adminpermissions;
var $bf_ugp_calendarpermissions;
var $bf_ugp_forumpermissions;
var $bf_ugp_genericoptions;
var $bf_ugp_genericpermissions;
var $bf_ugp_pmpermissions;
var $bf_ugp_wolpermissions;
var $bf_ugp_visitormessagepermissions;
/**#@-*/
// misc bitfield arrays
/**#@+
* Bitfield arrays for miscellaneous permissions and options.
*
* @var array
*/
var $bf_misc;
// $bf_misc_x is a reference to $bf_misc['x']
var $bf_misc_calmoderatorpermissions;
var $bf_misc_forumoptions;
var $bf_misc_intperms;
var $bf_misc_languageoptions;
var $bf_misc_moderatorpermissions;
var $bf_misc_useroptions;
var $bf_misc_hvcheck;
/**#@-*/
/**#@+
* Results for specific entries in the datastore.
*
* @var mixed Mixed, though mostly arrays.
*/
var $options = null;
var $attachmentcache = null;
var $avatarcache = null;
var $birthdaycache = null;
var $eventcache = null;
var $forumcache = null;
var $iconcache = null;
var $markupcache = null;
var $stylecache = null;
var $languagecache = null;
var $smiliecache = null;
var $usergroupcache = null;
var $bbcodecache = null;
var $socialsitecache = null;
var $cron = null;
var $mailqueue = null;
var $banemail = null;
var $maxloggedin = null;
var $pluginlist = null;
var $products = null;
var $ranks = null;
var $statement = null;
var $userstats = null;
var $wol_spiders = null;
var $loadcache = null;
var $noticecache = null;
var $prefixcache = null;
/**#@-*/
/**#@+
* Miscellaneous variables
*
* @var mixed
*/
var $bbcode_style = array('code' => -1, 'html' => -1, 'php' => -1, 'quote' => -1);
var $templatecache = array();
var $iforumcache = array();
var $versionnumber;
var $nozip;
var $debug;
var $noheader;
var $shutdown;
/**#@-*/
/**
* Constructor - initializes the nozip system,
* and calls and instance of the vB_Input_Cleaner class
*/
function vB_Registry()
{
// variable to allow bypassing of gzip compression
$this->nozip = defined('NOZIP') ? true : (@ini_get('zlib.output_compression') ? true : false);
// variable that controls HTTP header output
$this->noheader = defined('NOHEADER') ? true : false;
// initialize the input handler
$this->input =& new vB_Input_Cleaner($this);
// initialize the shutdown handler
$this->shutdown = vB_Shutdown::init();
$this->csrf_skip_list = (defined('CSRF_SKIP_LIST') ? explode(',', CSRF_SKIP_LIST) : array());
}
/**
* Fetches database/system configuration
*/
function fetch_config()
{
// parse the config file
$config = array();
include(CWD . '/includes/config.php');
if (sizeof($config) == 0)
{
if (file_exists(CWD. '/includes/config.php'))
{
// config.php exists, but does not define $config
die('<br /><br /><strong>Configuration</strong>: includes/config.php exists, but is not in the 3.6+ format. Please convert your config file via the new config.php.new.');
}
else
{
die('<br /><br /><strong>Configuration</strong>: includes/config.php does not exist. Please fill out the data in config.php.new and rename it to config.php');
}
}
$this->config =& $config;
// if a configuration exists for this exact HTTP host, use it
if (isset($this->config["$_SERVER[HTTP_HOST]"]))
{
$this->config['MasterServer'] = $this->config["$_SERVER[HTTP_HOST]"];
}
// define table and cookie prefix constants
define('TABLE_PREFIX', trim($this->config['Database']['tableprefix']));
define('COOKIE_PREFIX', (empty($this->config['Misc']['cookieprefix']) ? 'bb' : $this->config['Misc']['cookieprefix']));
// set debug mode
$this->debug = !empty($this->config['Misc']['debug']);
define('DEBUG', $this->debug);
}
/**
* Takes the contents of an array and recursively uses each title/data
* pair to create a new defined constant.
*/
function array_define($array)
{
foreach ($array AS $title => $data)
{
if (is_array($data))
{
vB_Registry::array_define($data);
}
else
{
define(strtoupper($title), $data);
}
}
}
}
// #############################################################################
// session management class
/**
* Class to handle sessions
*
* Creates, updates, and validates sessions; retrieves user info of browsing user
*
* @package vBulletin
* @version $Revision: 43870 $
* @date $Date: 2011-05-26 14:52:39 -0700 (Thu, 26 May 2011) $
*/
class vB_Session
{
/**
* The individual session variables. Equivalent to $session from the past.
*
* @var array
*/
var $vars = array();
/**
* A list of variables in the $vars member that are in the database. Includes their types.
*
* @var array
*/
var $db_fields = array(
'sessionhash' => TYPE_STR,
'userid' => TYPE_INT,
'host' => TYPE_STR,
'idhash' => TYPE_STR,
'lastactivity' => TYPE_INT,
'location' => TYPE_STR,
'styleid' => TYPE_INT,
'languageid' => TYPE_INT,
'loggedin' => TYPE_INT,
'inforum' => TYPE_INT,
'inthread' => TYPE_INT,
'incalendar' => TYPE_INT,
'badlocation' => TYPE_INT,
'useragent' => TYPE_STR,
'bypass' => TYPE_INT,
'profileupdate' => TYPE_INT,
);
/**
* An array of changes. Used to prevent superfluous updates from being made.
*
* @var array
*/
var $changes = array();
/**
* Whether the session was created or existed previously
*
* @var bool
*/
var $created = false;
/**
* Reference to a vB_Registry object that keeps various data we need.
*
* @var vB_Registry
*/
var $registry = null;
/**
* Information about the user that this session belongs to.
*
* @var array
*/
var $userinfo = null;
/**
* Is the sessionhash to be passed through URLs?
*
* @var boolean
*/
var $visible = true;
/**
* Constructor. Attempts to grab a session that matches parameters, but will create one if it can't.
*
* @param vB_Registry Reference to a registry object
* @param string Previously specified sessionhash
* @param integer User ID (passed in through a cookie)
* @param string Password, must arrive in cookie format: md5(md5(md5(password) . salt) . 'abcd1234')
* @param integer Style ID for this session
* @param integer Language ID for this session
*/
function vB_Session(&$registry, $sessionhash = '', $userid = 0, $password = '', $styleid = 0, $languageid = 0)
{
$userid = intval($userid);
$styleid = intval($styleid);
$languageid = intval($languageid);
$this->registry =& $registry;
$db =& $this->registry->db;
$gotsession = false;
if (!defined('SESSION_IDHASH'))
{
define('SESSION_IDHASH', md5($_SERVER['HTTP_USER_AGENT'] . $this->fetch_substr_ip($registry->alt_ip))); // this should *never* change during a session
}
// sessionhash specified, so see if it already exists
if ($sessionhash AND !defined('SKIP_SESSIONCREATE'))
{
if ($session = $db->query_first_slave("
SELECT *
FROM " . TABLE_PREFIX . "session
WHERE sessionhash = '" . $db->escape_string($sessionhash) . "'
AND lastactivity > " . (TIMENOW - $registry->options['cookietimeout']) . "
AND idhash = '" . $this->registry->db->escape_string(SESSION_IDHASH) . "'
") AND $this->fetch_substr_ip($session['host']) == $this->fetch_substr_ip(SESSION_HOST))
{
$gotsession = true;
$this->vars =& $session;
$this->created = false;
// found a session - get the userinfo
if ($session['userid'] != 0)
{
$useroptions = (defined('IN_CONTROL_PANEL') ? 16 : 0) + (defined('AVATAR_ON_NAVBAR') ? 2 : 0);
$userinfo = fetch_userinfo($session['userid'], $useroptions, (!empty($languageid) ? $languageid : $session['languageid']));
$this->userinfo =& $userinfo;
}
}
}
// or maybe we can use a cookie..
if (($gotsession == false OR empty($session['userid'])) AND $userid AND $password AND !defined('SKIP_SESSIONCREATE'))
{
$useroptions = (defined('IN_CONTROL_PANEL') ? FETCH_USERINFO_ADMIN : 0) + (defined('AVATAR_ON_NAVBAR') ? FETCH_USERINFO_AVATAR : 0);
$userinfo = fetch_userinfo($userid, $useroptions, $languageid);
if (md5($userinfo['password'] . COOKIE_SALT) == $password)
{
$gotsession = true;
// combination is valid
if (!empty($session['sessionhash']))
{
// old session still exists; kill it
$db->shutdown_query("
DELETE FROM " . TABLE_PREFIX . "session
WHERE sessionhash = '" . $this->registry->db->escape_string($session['sessionhash']). "'
");
}
$this->vars = $this->fetch_session($userinfo['userid']);
$this->created = true;
$this->userinfo =& $userinfo;
}
}
// at this point, we're a guest, so lets try to *find* a session
// you can prevent this check from being run by passing in a userid with no password
if ($gotsession == false AND $userid == 0 AND !defined('SKIP_SESSIONCREATE'))
{
if ($session = $db->query_first_slave("
SELECT *
FROM " . TABLE_PREFIX . "session
WHERE userid = 0
AND host = '" . $this->registry->db->escape_string(SESSION_HOST) . "'
AND idhash = '" . $this->registry->db->escape_string(SESSION_IDHASH) . "'
LIMIT 1
"))
{
$gotsession = true;
$this->vars =& $session;
$this->created = false;
}
}
// well, nothing worked, time to create a new session
if ($gotsession == false)
{
$gotsession = true;
$this->vars = $this->fetch_session(0);
$this->created = true;
}
$this->vars['dbsessionhash'] = $this->vars['sessionhash'];
$this->set('styleid', $styleid);
$this->set('languageid', $languageid);
if ($this->created == false)
{
$this->set('useragent', USER_AGENT);
$this->set('lastactivity', TIMENOW);
if (!defined('LOCATION_BYPASS'))
{
$this->set('location', WOLPATH);
}
$this->set('bypass', SESSION_BYPASS);
}
}
/**
* Saves the session into the database by inserting it or updating an existing one.
*/
function save()
{
if (defined('SKIP_SESSIONCREATE'))
{
return;
}
$cleaned = $this->build_query_array();
// since the sessionhash can be blanked out, lets make sure we pull from "dbsessionhash"
$cleaned['sessionhash'] = "'" . $this->registry->db->escape_string($this->vars['dbsessionhash']) . "'";
if ($this->created == true)
{
/*insert query*/
$this->registry->db->query_write("
INSERT IGNORE INTO " . TABLE_PREFIX . "session
(" . implode(', ', array_keys($cleaned)) . ")
VALUES
(" . implode(', ', $cleaned) . ")
");
}
else
{
// update query
unset($this->changes['sessionhash']); // the sessionhash is not updateable
$update = array();
foreach ($cleaned AS $key => $value)
{
if (!empty($this->changes["$key"]))
{
$update[] = "$key = $value";
}
}
if (sizeof($update) > 0)
{
// note that $cleaned['sessionhash'] has been escaped as necessary above!
$this->registry->db->query_write("
UPDATE " . TABLE_PREFIX . "session
SET " . implode(', ', $update) . "
WHERE sessionhash = $cleaned[sessionhash]
");
}
}
$this->changes = array();
}
/**
* Builds an array that can be used to build a query to insert/update the session
*
* @return array Array of column name => prepared value
*/
function build_query_array()
{
$return = array();
foreach ($this->db_fields AS $fieldname => $cleantype)
{
switch ($cleantype)
{
case TYPE_INT:
$cleaned = intval($this->vars["$fieldname"]);
break;
case TYPE_STR:
default:
$cleaned = "'" . $this->registry->db->escape_string($this->vars["$fieldname"]) . "'";
}
$return["$fieldname"] = $cleaned;
}
return $return;
}
/**
* Sets a session variable and updates the change list.
*
* @param string Name of session variable to update
* @param string Value to update it with
*/
function set($key, $value)
{
if (!isset($this->vars["$key"]) OR $this->vars["$key"] != $value)
{
$this->vars["$key"] = $value;
$this->changes["$key"] = true;
}
}
/**
* Sets the session visibility (whether session info shows up in a URL). Updates are put in the $vars member.
*
* @param bool Whether the session elements should be visible.
*/
function set_session_visibility($invisible)
{
$this->visible = !$invisible;
if ($invisible)
{
$this->vars['sessionhash'] = '';
$this->vars['sessionurl'] = '';
$this->vars['sessionurl_q'] = '';
$this->vars['sessionurl_js'] = '';
}
else
{
$this->vars['sessionurl'] = 's=' . $this->vars['dbsessionhash'] . '&';
$this->vars['sessionurl_q'] = '?s=' . $this->vars['dbsessionhash'];
$this->vars['sessionurl_js'] = 's=' . $this->vars['dbsessionhash'] . '&';
}
}
/**
* Fetches a valid sessionhash value, not necessarily the one tied to this session.
*
* @return string 32-character sessionhash
*/
function fetch_sessionhash()
{
return md5(uniqid(microtime(), true));
}
/**
* Returns the IP address with the specified number of octets removed
*
* @param string IP address
*
* @return string truncated IP address
*/
function fetch_substr_ip($ip, $length = null)
{
if ($length === null OR $length > 3)
{
$length = $this->registry->options['ipcheck'];
}
return implode('.', array_slice(explode('.', $ip), 0, 4 - $length));
}
/**
* Fetches a default session. Used when creating a new session.
*
* @param integer User ID the session should be for
*
* @return array Array of session variables
*/
function fetch_session($userid = 0)
{
$sessionhash = $this->fetch_sessionhash();
if (!defined('SKIP_SESSIONCREATE'))
{
vbsetcookie('sessionhash', $sessionhash, false, false, true);
}
return array(
'sessionhash' => $sessionhash,
'dbsessionhash' => $sessionhash,
'userid' => intval($userid),
'host' => SESSION_HOST,
'idhash' => SESSION_IDHASH,
'lastactivity' => TIMENOW,
'location' => defined('LOCATION_BYPASS') ? '' : WOLPATH,
'styleid' => 0,
'languageid' => 0,
'loggedin' => intval($userid) ? 1 : 0,
'inforum' => 0,
'inthread' => 0,
'incalendar' => 0,
'badlocation' => 0,
'profileupdate' => 0,
'useragent' => USER_AGENT,
'bypass' => SESSION_BYPASS
);
}
/**
* Returns appropriate user info for the owner of this session.
*
* @return array Array of user information.
*/
function &fetch_userinfo()
{
if ($this->userinfo)
{
// we already calculated this
return $this->userinfo;
}
else if ($this->vars['userid'] AND !defined('SKIP_USERINFO'))
{
// user is logged in
$useroptions = (defined('IN_CONTROL_PANEL') ? FETCH_USERINFO_ADMIN : 0) + (defined('AVATAR_ON_NAVBAR') ? FETCH_USERINFO_AVATAR : 0);
$this->userinfo = fetch_userinfo($this->vars['userid'], $useroptions, $this->vars['languageid']);
return $this->userinfo;
}
else
{
// guest setup
$this->userinfo = array(
'userid' => 0,
'usergroupid' => 1,
'username' => (!empty($_REQUEST['username']) ? htmlspecialchars_uni($_REQUEST['username']) : ''),
'password' => '',
'email' => '',
'styleid' => $this->vars['styleid'],
'languageid' => $this->vars['languageid'],
'lastactivity' => $this->vars['lastactivity'],
'daysprune' => 0,
'timezoneoffset' => $this->registry->options['timeoffset'],
'dstonoff' => $this->registry->options['dstonoff'],
'showsignatures' => 1,
'showavatars' => 1,
'showimages' => 1,
'showusercss' => 1,
'dstauto' => 0,
'maxposts' => -1,
'startofweek' => 1,
'threadedmode' => $this->registry->options['threadedmode'],
'securitytoken' => 'guest',
'securitytoken_raw' => 'guest'
);
$this->userinfo['options'] =
$this->registry->bf_misc_useroptions['showsignatures'] | $this->registry->bf_misc_useroptions['showavatars'] |
$this->registry->bf_misc_useroptions['showimages'] | $this->registry->bf_misc_useroptions['dstauto'] |
$this->registry->bf_misc_useroptions['showusercss'];
if (!defined('SKIP_USERINFO'))
{
// get default language
$phraseinfo = $this->registry->db->query_first_slave("
SELECT languageid" . fetch_language_fields_sql(0) . "
FROM " . TABLE_PREFIX . "language
WHERE languageid = " . (!empty($this->vars['languageid']) ? $this->vars['languageid'] : intval($this->registry->options['languageid'])) . "
");
if (empty($phraseinfo))
{ // can't phrase this since we can't find the language
trigger_error('The requested language does not exist, reset via tools.php.', E_USER_ERROR);
}
foreach($phraseinfo AS $_arrykey => $_arryval)
{
$this->userinfo["$_arrykey"] = $_arryval;
}
unset($phraseinfo);
}
return $this->userinfo;
}
}
/**
* Updates the last visit and last activity times for guests and registered users (differently).
* Last visit is set to the last activity time (before it's updated) only when a certain
* time has lapsed. Last activity is always set to the specified time.
*
* @param integer Time stamp for last visit time (guest only)
* @param integer Time stamp for last activity time (guest only)
*/
function do_lastvisit_update($lastvisit = 0, $lastactivity = 0)
{
// update last visit/activity stuff
if ($this->vars['userid'] == 0)
{
// guest -- emulate last visit/activity for registered users by cookies
if ($lastvisit)
{
// we've been here before
$this->userinfo['lastvisit'] = intval($lastvisit);
$this->userinfo['lastactivity'] = ($lastvisit ? intval($lastvisit) : TIMENOW);
// here's the emulation
if (TIMENOW - $this->userinfo['lastactivity'] > $this->registry->options['cookietimeout'])
{
$this->userinfo['lastvisit'] = $this->userinfo['lastactivity'];
vbsetcookie('lastvisit', $this->userinfo['lastactivity']);
}
}
else
{
// first visit!
$this->userinfo['lastactivity'] = TIMENOW;
$this->userinfo['lastvisit'] = TIMENOW;
vbsetcookie('lastvisit', TIMENOW);
}
vbsetcookie('lastactivity', $lastactivity);
}
else
{
// registered user
if (!SESSION_BYPASS)
{
if (TIMENOW - $this->userinfo['lastactivity'] > $this->registry->options['cookietimeout'])
{
// see if session has 'expired' and if new post indicators need resetting
$this->registry->db->shutdown_query("
UPDATE " . TABLE_PREFIX . "user
SET
lastvisit = lastactivity,
lastactivity = " . TIMENOW . "
WHERE userid = " . $this->userinfo['userid'] . "
", 'lastvisit');
$this->userinfo['lastvisit'] = $this->userinfo['lastactivity'];
}
else
{
// if this line is removed (say to be replaced by a cron job, you will need to change all of the 'online'
// status indicators as they use $userinfo['lastactivity'] to determine if a user is online which relies
// on this to be updated in real time.
$this->registry->db->shutdown_query("
UPDATE " . TABLE_PREFIX . "user
SET lastactivity = " . TIMENOW . "
WHERE userid = " . $this->userinfo['userid'] . "
", 'lastvisit');
}
}
}
}
}
/**
* Class to handle shutdown
*
* @package vBulletin
* @version $Revision: 43870 $
* @author Scott
* @date $Date: 2011-05-26 14:52:39 -0700 (Thu, 26 May 2011) $
*/
class vB_Shutdown
{
var $shutdown = array();
/**
* Constructor. Empty.
*/
function vB_Shutdown()
{
}
/**
* Singleton emulation - use this function to instantiate the class
*
* @return vB_Shutdown
*/
function &init()
{
static $instance;
if (!$instance)
{
$instance = new vB_Shutdown();
// we register this but it might not be used
if (phpversion() < '5.0.5')
{
register_shutdown_function(array(&$instance, '__destruct'));
}
}
return $instance;
}
/**
* Add function to be executed at shutdown
*
* @param string Name of function to be executed on shutdown
*/
function add($function)
{
$obj =& vB_Shutdown::init();
if (function_exists($function) AND !in_array($function, $obj->shutdown))
{
$obj->shutdown[] = $function;
}
}
// only called when an object is destroyed, so $this is appropriate
function __destruct()
{
if (!empty($this->shutdown))
{
foreach ($this->shutdown AS $key => $funcname)
{
$funcname();
unset($this->shutdown[$key]);
}
}
}
// called if unserialized
function __wakeup()
{
$this->shutdown = array();
}
}
// #############################################################################
// misc functions
// #############################################################################
/**
* Feeds database connection errors into the halt() method of the vB_Database class.
*
* @param integer Error number
* @param string PHP error text string
* @param strig File that contained the error
* @param integer Line in the file that contained the error
*/
function catch_db_error($errno, $errstr, $errfile, $errline)
{
global $db;
static $failures;
if (strstr($errstr, 'Lost connection') AND $failures < 5)
{
$failures++;
return;
}
if (is_object($db))
{
$db->halt("$errstr\r\n$errfile on line $errline");
}
else
{
vb_error_handler($errno, $errstr, $errfile, $errline);
}
}
// #############################################################################
/**
* Removes the full path from being disclosed on any errors
*
* @param integer Error number
* @param string PHP error text string
* @param strig File that contained the error
* @param integer Line in the file that contained the error
*/
function vb_error_handler($errno, $errstr, $errfile, $errline)
{
global $vbulletin;
switch ($errno)
{
case E_WARNING:
case E_USER_WARNING:
/* Don't log warnings due to to the false bug reports about valid warnings that we suppress, but still appear in the log
require_once(DIR . '/includes/functions_log_error.php');
$message = "Warning: $errstr in $errfile on line $errline";
log_vbulletin_error($message, 'php');
*/
if (!error_reporting() OR !ini_get('display_errors'))
{
return;
}
$errfile = str_replace(DIR, '[path]', $errfile);
$errstr = str_replace(DIR, '[path]', $errstr);
echo "<br /><strong>Warning</strong>: $errstr in <strong>$errfile</strong> on line <strong>$errline</strong><br />";
break;
case E_USER_ERROR:
require_once(DIR . '/includes/functions_log_error.php');
$message = "Fatal error: $errstr in $errfile on line $errline";
log_vbulletin_error($message, 'php');
if (!headers_sent())
{
if (SAPI_NAME == 'cgi' OR SAPI_NAME == 'cgi-fcgi')
{
header('Status: 500 Internal Server Error');
}
else
{
header('HTTP/1.1 500 Internal Server Error');
}
}
if (error_reporting() OR ini_get('display_errors'))
{
$errfile = str_replace(DIR, '[path]', $errfile);
$errstr = str_replace(DIR, '[path]', $errstr);
echo "<br /><strong>Fatal error:</strong> $errstr in <strong>$errfile</strong> on line <strong>$errline</strong><br />";
if (function_exists('debug_print_backtrace') AND ($vbulletin->userinfo['usergroupid'] == 6 OR ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions)))
{
// This is needed so IE doesn't show the pretty error messages
echo str_repeat(' ', 512);
debug_print_backtrace();
}
}
exit;
break;
}
}
// #############################################################################
/**
* Unicode-safe version of htmlspecialchars()
*
* @param string Text to be made html-safe
*
* @return string
*/
function htmlspecialchars_uni($text, $entities = true)
{
return str_replace(
// replace special html characters
array('<', '>', '"'),
array('<', '>', '"'),
preg_replace(
// translates all non-unicode entities
'/&(?!' . ($entities ? '#[0-9]+|shy' : '(#[0-9]+|[a-z]+)') . ';)/si',
'&',
$text
)
);
}
/*======================================================================*\
|| ####################################################################
|| #
|| # CVS: $RCSfile$ - $Revision: 43870 $
|| ####################################################################
\*======================================================================*/
?>
