1
|
|
|
<?php |
2
|
|
|
/** |
3
|
|
|
* XOOPS common initialization file |
4
|
|
|
* |
5
|
|
|
* You may not change or alter any portion of this comment or credits |
6
|
|
|
* of supporting developers from this source code or any supporting source code |
7
|
|
|
* which is considered copyrighted (c) material of the original comment or credit authors. |
8
|
|
|
* This program is distributed in the hope that it will be useful, |
9
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
10
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
11
|
|
|
* |
12
|
|
|
* @copyright (c) 2000-2016 XOOPS Project (www.xoops.org) |
13
|
|
|
* @license GNU GPL 2 (http://www.gnu.org/licenses/gpl-2.0.html) |
14
|
|
|
* @package kernel |
15
|
|
|
*/ |
16
|
|
|
defined('XOOPS_MAINFILE_INCLUDED') || die('Restricted access'); |
17
|
|
|
|
18
|
|
|
global $xoops, $xoopsPreload, $xoopsLogger, $xoopsErrorHandler, $xoopsSecurity, $sess_handler; |
19
|
|
|
|
20
|
|
|
/** |
21
|
|
|
* BC Polyfill for PHP 8 |
22
|
|
|
* |
23
|
|
|
* Please remove these functions from your code |
24
|
|
|
*/ |
25
|
|
|
if (!function_exists('get_magic_quotes_gpc')) { |
26
|
|
|
function get_magic_quotes_gpc() { return false; } |
27
|
|
|
} |
28
|
|
|
if (!function_exists('get_magic_quotes_runtime')) { |
29
|
|
|
function get_magic_quotes_runtime() { return false; } |
30
|
|
|
} |
31
|
|
|
/* end BC polyfill |
32
|
|
|
|
33
|
|
|
/** |
34
|
|
|
* YOU SHOULD NEVER USE THE FOLLOWING TO CONSTANTS, THEY WILL BE REMOVED |
35
|
|
|
*/ |
36
|
|
|
defined('DS') or define('DS', DIRECTORY_SEPARATOR); |
37
|
|
|
defined('NWLINE') or define('NWLINE', "\n"); |
38
|
|
|
|
39
|
|
|
/** |
40
|
|
|
* Include files with definitions |
41
|
|
|
*/ |
42
|
|
|
include_once XOOPS_ROOT_PATH . '/include/defines.php'; |
43
|
|
|
include_once XOOPS_ROOT_PATH . '/include/version.php'; |
44
|
|
|
include_once XOOPS_ROOT_PATH . '/include/license.php'; |
45
|
|
|
|
46
|
|
|
/** |
47
|
|
|
* Include XoopsLoad |
48
|
|
|
*/ |
49
|
|
|
require_once XOOPS_ROOT_PATH . '/class/xoopsload.php'; |
50
|
|
|
|
51
|
|
|
/** |
52
|
|
|
* YOU SHOULD BE CAREFUL WITH THE PRELOAD METHODS IN 2.4*, THEY WILL BE DEPRECATED AND IMPLEMENTED IN A DIFFERENT WAY |
53
|
|
|
*/ |
54
|
|
|
/** |
55
|
|
|
* Create Instance of Preload Object |
56
|
|
|
*/ |
57
|
|
|
XoopsLoad::load('preload'); |
58
|
|
|
$xoopsPreload = XoopsPreload::getInstance(); |
59
|
|
|
$xoopsPreload->triggerEvent('core.include.common.start'); |
60
|
|
|
|
61
|
|
|
/** |
62
|
|
|
* YOU SHOULD BE CAREFUL WITH THE {@xos_kernel_Xoops2}, MOST METHODS WILL BE DEPRECATED |
63
|
|
|
*/ |
64
|
|
|
/** |
65
|
|
|
* Create Instance of xos_kernel_Xoops2 Object |
66
|
|
|
* Atention, not all methods can be used at this point |
67
|
|
|
*/ |
68
|
|
|
XoopsLoad::load('xoopskernel'); |
69
|
|
|
$xoops = new xos_kernel_Xoops2(); |
70
|
|
|
$xoops->pathTranslation(); |
71
|
|
|
$xoopsRequestUri =& $_SERVER['REQUEST_URI'];// Deprecated (use the corrected $_SERVER variable now) |
72
|
|
|
|
73
|
|
|
/** |
74
|
|
|
* Create Instance of xoopsSecurity Object and check Supergolbals |
75
|
|
|
*/ |
76
|
|
|
XoopsLoad::load('xoopssecurity'); |
77
|
|
|
$xoopsSecurity = new XoopsSecurity(); |
78
|
|
|
$xoopsSecurity->checkSuperglobals(); |
79
|
|
|
|
80
|
|
|
/** |
81
|
|
|
* Create Instantance XoopsLogger Object |
82
|
|
|
*/ |
83
|
|
|
XoopsLoad::load('xoopslogger'); |
84
|
|
|
$xoopsLogger = XoopsLogger::getInstance(); |
85
|
|
|
$xoopsErrorHandler = XoopsLogger::getInstance(); |
86
|
|
|
$xoopsLogger->startTime(); |
87
|
|
|
$xoopsLogger->startTime('XOOPS Boot'); |
88
|
|
|
|
89
|
|
|
/** |
90
|
|
|
* Include Required Files |
91
|
|
|
*/ |
92
|
|
|
include_once $xoops->path('kernel/object.php'); |
93
|
|
|
include_once $xoops->path('class/criteria.php'); |
94
|
|
|
include_once $xoops->path('class/module.textsanitizer.php'); |
95
|
|
|
include_once $xoops->path('include/functions.php'); |
96
|
|
|
|
97
|
|
|
/* new installs should create this in mainfile */ |
98
|
|
|
if (!defined('XOOPS_COOKIE_DOMAIN')) { |
99
|
|
|
define('XOOPS_COOKIE_DOMAIN', xoops_getBaseDomain(XOOPS_URL)); |
100
|
|
|
} |
101
|
|
|
|
102
|
|
|
/** |
103
|
|
|
* Check Proxy; |
104
|
|
|
* Requires functions |
105
|
|
|
*/ |
106
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !$xoopsSecurity->checkReferer(XOOPS_DB_CHKREF)) { |
107
|
|
|
define('XOOPS_DB_PROXY', 1); |
108
|
|
|
} |
109
|
|
|
|
110
|
|
|
/** |
111
|
|
|
* Get database for making it global |
112
|
|
|
* Requires XoopsLogger, XOOPS_DB_PROXY; |
113
|
|
|
*/ |
114
|
|
|
include_once $xoops->path('class/database/databasefactory.php'); |
115
|
|
|
/* @var XoopsMySQLDatabase $xoopsDB */ |
116
|
|
|
$xoopsDB = XoopsDatabaseFactory::getDatabaseConnection(); |
117
|
|
|
|
118
|
|
|
/** |
119
|
|
|
* Get xoops configs |
120
|
|
|
* Requires functions and database loaded |
121
|
|
|
*/ |
122
|
|
|
/* @var XoopsConfigHandler $config_handler */ |
123
|
|
|
$config_handler = xoops_getHandler('config'); |
124
|
|
|
$xoopsConfig = $config_handler->getConfigsByCat(XOOPS_CONF); |
125
|
|
|
|
126
|
|
|
/** |
127
|
|
|
* Merge file and db configs. |
128
|
|
|
*/ |
129
|
|
|
if (file_exists($file = $GLOBALS['xoops']->path('var/configs/xoopsconfig.php'))) { |
130
|
|
|
$fileConfigs = include $file; |
131
|
|
|
$xoopsConfig = array_merge($xoopsConfig, (array)$fileConfigs); |
132
|
|
|
unset($fileConfigs, $file); |
133
|
|
|
} else { |
134
|
|
|
trigger_error('File Path Error: ' . 'var/configs/xoopsconfig.php' . ' does not exist.'); |
135
|
|
|
} |
136
|
|
|
|
137
|
|
|
/** |
138
|
|
|
* clickjack protection - Add option to HTTP header restricting using site in an iframe |
139
|
|
|
*/ |
140
|
|
|
$xFrameOptions = isset($xoopsConfig['xFrameOptions']) ? $xoopsConfig['xFrameOptions'] : 'sameorigin'; |
141
|
|
|
if (!headers_sent() && !empty($xFrameOptions)) { |
142
|
|
|
header('X-Frame-Options: ' . $xFrameOptions); |
143
|
|
|
} |
144
|
|
|
|
145
|
|
|
//check if user set a local timezone (from XavierS) |
146
|
|
|
// $xoops_server_timezone="Etc/GMT"; |
147
|
|
|
// if ($xoopsConfig["server_TZ"]>0) { |
148
|
|
|
// $xoops_server_timezone .="+".$xoopsConfig["server_TZ"]; } else{ |
149
|
|
|
// $xoops_server_timezone .=$xoopsConfig["server_TZ"]; } date_default_timezone_set($xoops_server_timezone); |
150
|
|
|
|
151
|
|
|
//check if 'date.timezone' is set in php.ini |
152
|
|
|
if (!ini_get('date.timezone')) { |
153
|
|
|
date_default_timezone_set('UTC'); |
154
|
|
|
} |
155
|
|
|
|
156
|
|
|
/** |
157
|
|
|
* Enable Gzip compression, r |
158
|
|
|
* Requires configs loaded and should go before any output |
159
|
|
|
*/ |
160
|
|
|
$xoops->gzipCompression(); |
161
|
|
|
|
162
|
|
|
/** |
163
|
|
|
* Start of Error Reportings. |
164
|
|
|
*/ |
165
|
|
|
if ($xoopsConfig['debug_mode'] == 1 || $xoopsConfig['debug_mode'] == 2) { |
166
|
|
|
xoops_loadLanguage('logger'); |
167
|
|
|
error_reporting(E_ALL); |
168
|
|
|
$xoopsLogger->enableRendering(); |
169
|
|
|
$xoopsLogger->usePopup = ($xoopsConfig['debug_mode'] == 2); |
170
|
|
|
} else { |
171
|
|
|
error_reporting(0); |
172
|
|
|
$xoopsLogger->activated = false; |
173
|
|
|
} |
174
|
|
|
|
175
|
|
|
/** |
176
|
|
|
* Check Bad Ip Addressed against database and block bad ones, requires configs loaded |
177
|
|
|
*/ |
178
|
|
|
$xoopsSecurity->checkBadips(); |
179
|
|
|
|
180
|
|
|
/** |
181
|
|
|
* Load Language settings and defines |
182
|
|
|
*/ |
183
|
|
|
$xoopsPreload->triggerEvent('core.include.common.language'); |
184
|
|
|
xoops_loadLanguage('global'); |
185
|
|
|
xoops_loadLanguage('errors'); |
186
|
|
|
xoops_loadLanguage('pagetype'); |
187
|
|
|
|
188
|
|
|
/** |
189
|
|
|
* User Sessions |
190
|
|
|
*/ |
191
|
|
|
$xoopsUser = ''; |
192
|
|
|
$xoopsUserIsAdmin = false; |
193
|
|
|
/* @var XoopsMemberHandler $member_handler */ |
194
|
|
|
$member_handler = xoops_getHandler('member'); |
195
|
|
|
$sess_handler = xoops_getHandler('session'); |
196
|
|
|
if ($xoopsConfig['use_ssl'] && isset($_POST[$xoopsConfig['sslpost_name']]) && $_POST[$xoopsConfig['sslpost_name']] != '') { |
197
|
|
|
session_id($_POST[$xoopsConfig['sslpost_name']]); |
198
|
|
|
} elseif ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '' && $xoopsConfig['session_expire'] > 0) { |
199
|
|
|
session_name($xoopsConfig['session_name']); |
200
|
|
|
session_cache_expire($xoopsConfig['session_expire']); |
201
|
|
|
@ini_set('session.gc_maxlifetime', $xoopsConfig['session_expire'] * 60); |
|
|
|
|
202
|
|
|
} |
203
|
|
|
session_set_save_handler( |
204
|
|
|
array($sess_handler, 'open'), |
205
|
|
|
array($sess_handler, 'close'), |
206
|
|
|
array($sess_handler, 'read'), |
207
|
|
|
array($sess_handler, 'write'), |
208
|
|
|
array($sess_handler, 'destroy'), |
209
|
|
|
array($sess_handler, 'gc') |
210
|
|
|
); |
211
|
|
|
|
212
|
|
|
if (function_exists('session_status')) { |
213
|
|
|
if (session_status() !== PHP_SESSION_ACTIVE) { |
214
|
|
|
session_start(); |
215
|
|
|
} |
216
|
|
|
} else { |
217
|
|
|
// this should silently fail if session has already started (for PHP 5.3) |
218
|
|
|
@session_start(); |
|
|
|
|
219
|
|
|
} |
220
|
|
|
$xoopsPreload->triggerEvent('core.behavior.session.start'); |
221
|
|
|
/** |
222
|
|
|
* Remove expired session for xoopsUserId |
223
|
|
|
*/ |
224
|
|
|
if ($xoopsConfig['use_mysession'] |
225
|
|
|
&& $xoopsConfig['session_name'] != '' |
226
|
|
|
&& !isset($_COOKIE[$xoopsConfig['session_name']]) |
227
|
|
|
&& !empty($_SESSION['xoopsUserId']) |
228
|
|
|
) { |
229
|
|
|
unset($_SESSION['xoopsUserId']); |
230
|
|
|
} |
231
|
|
|
|
232
|
|
|
/** |
233
|
|
|
* Load xoopsUserId from cookie if "Remember me" is enabled. |
234
|
|
|
*/ |
235
|
|
|
$rememberClaims = false; |
236
|
|
|
if (empty($_SESSION['xoopsUserId']) |
237
|
|
|
&& !empty($GLOBALS['xoopsConfig']['usercookie']) |
238
|
|
|
) { |
239
|
|
|
$rememberClaims = \Xmf\Jwt\TokenReader::fromCookie('rememberme', $GLOBALS['xoopsConfig']['usercookie']); |
240
|
|
|
if (false !== $rememberClaims && !empty($rememberClaims->uid)) { |
241
|
|
|
$_SESSION['xoopsUserId'] = $rememberClaims->uid; |
242
|
|
|
} else { |
243
|
|
|
setcookie($GLOBALS['xoopsConfig']['usercookie'], null, time() - 3600, '/', XOOPS_COOKIE_DOMAIN, 0, true); |
244
|
|
|
setcookie($GLOBALS['xoopsConfig']['usercookie'], null, time() - 3600); |
245
|
|
|
} |
246
|
|
|
} |
247
|
|
|
|
248
|
|
|
/** |
249
|
|
|
* Log user in and deal with Sessions and Cookies |
250
|
|
|
*/ |
251
|
|
|
if (!empty($_SESSION['xoopsUserId'])) { |
252
|
|
|
$xoopsUser = $member_handler->getUser($_SESSION['xoopsUserId']); |
253
|
|
|
if (!is_object($xoopsUser)) { |
254
|
|
|
$xoopsUser = ''; |
255
|
|
|
$_SESSION = array(); |
256
|
|
|
session_destroy(); |
257
|
|
|
setcookie($GLOBALS['xoopsConfig']['usercookie'], null, time() - 3600, '/', XOOPS_COOKIE_DOMAIN, 0, true); |
258
|
|
|
setcookie($GLOBALS['xoopsConfig']['usercookie'], null, time() - 3600); |
259
|
|
|
} else { |
260
|
|
|
if (((int)$xoopsUser->getVar('last_login') + 60 * 5) < time()) { |
261
|
|
|
$sql = 'UPDATE ' . $xoopsDB->prefix('users') . " SET last_login = '" . time() |
262
|
|
|
. "' WHERE uid = " . $_SESSION['xoopsUserId']; |
263
|
|
|
@$xoopsDB->queryF($sql); |
|
|
|
|
264
|
|
|
} |
265
|
|
|
$sess_handler->update_cookie(); |
266
|
|
|
if (isset($_SESSION['xoopsUserGroups'])) { |
267
|
|
|
$xoopsUser->setGroups($_SESSION['xoopsUserGroups']); |
268
|
|
|
} else { |
269
|
|
|
$_SESSION['xoopsUserGroups'] = $xoopsUser->getGroups(); |
270
|
|
|
} |
271
|
|
|
if (is_object($rememberClaims)) { // only do during a 'remember me' login |
272
|
|
|
$user_theme = $xoopsUser->getVar('theme'); |
273
|
|
|
if ($user_theme != $xoopsConfig['theme_set'] && in_array($user_theme, $xoopsConfig['theme_set_allowed'])) { |
274
|
|
|
$_SESSION['xoopsUserTheme'] = $user_theme; |
275
|
|
|
} |
276
|
|
|
// update our remember me cookie |
277
|
|
|
$claims = array( |
278
|
|
|
'uid' => $_SESSION['xoopsUserId'], |
279
|
|
|
); |
280
|
|
|
$rememberTime = 60*60*24*30; |
281
|
|
|
$token = \Xmf\Jwt\TokenFactory::build('rememberme', $claims, $rememberTime); |
282
|
|
|
setcookie( |
283
|
|
|
$GLOBALS['xoopsConfig']['usercookie'], |
284
|
|
|
$token, |
285
|
|
|
time() + $rememberTime, |
286
|
|
|
'/', |
287
|
|
|
XOOPS_COOKIE_DOMAIN, |
288
|
|
|
(XOOPS_PROT === 'https://'), |
289
|
|
|
true |
290
|
|
|
); |
291
|
|
|
} |
292
|
|
|
$xoopsUserIsAdmin = $xoopsUser->isAdmin(); |
293
|
|
|
} |
294
|
|
|
} |
295
|
|
|
|
296
|
|
|
/** |
297
|
|
|
* *#@+ |
298
|
|
|
* Debug level for XOOPS |
299
|
|
|
* Check /xoops_data/configs/xoopsconfig.php for details |
300
|
|
|
* |
301
|
|
|
* Note: temporary solution only. Will be re-designed in XOOPS 3.0 |
302
|
|
|
*/ |
303
|
|
|
if ($xoopsLogger->activated) { |
304
|
|
|
$level = isset($xoopsConfig['debugLevel']) ? (int)$xoopsConfig['debugLevel'] : 0; |
305
|
|
|
if (($level == 2 && empty($xoopsUserIsAdmin)) || ($level == 1 && !$xoopsUser)) { |
306
|
|
|
error_reporting(0); |
307
|
|
|
$xoopsLogger->activated = false; |
308
|
|
|
} |
309
|
|
|
unset($level); |
310
|
|
|
} |
311
|
|
|
|
312
|
|
|
/** |
313
|
|
|
* YOU SHOULD NEVER USE THE FOLLOWING METHOD, IT WILL BE REMOVED |
314
|
|
|
*/ |
315
|
|
|
/** |
316
|
|
|
* Theme Selection |
317
|
|
|
*/ |
318
|
|
|
$xoops->themeSelect(); |
319
|
|
|
xoops_load('XoopsFormRendererInterface'); |
320
|
|
|
xoops_load('XoopsFormRenderer'); |
321
|
|
|
|
322
|
|
|
/** |
323
|
|
|
* Closed Site |
324
|
|
|
*/ |
325
|
|
|
if ($xoopsConfig['closesite'] == 1) { |
326
|
|
|
include_once $xoops->path('include/site-closed.php'); |
327
|
|
|
} |
328
|
|
|
|
329
|
|
|
/** |
330
|
|
|
* Load Xoops Module |
331
|
|
|
*/ |
332
|
|
|
if (file_exists('./xoops_version.php')) { |
333
|
|
|
$url_arr = explode('/', strstr($_SERVER['PHP_SELF'], '/modules/')); |
334
|
|
|
/* @var XoopsModuleHandler $module_handler */ |
335
|
|
|
$module_handler = xoops_getHandler('module'); |
336
|
|
|
$xoopsModule = $module_handler->getByDirname($url_arr[2]); |
337
|
|
|
unset($url_arr); |
338
|
|
|
|
339
|
|
|
if (!$xoopsModule || !$xoopsModule->getVar('isactive')) { |
340
|
|
|
include_once $xoops->path('header.php'); |
341
|
|
|
echo '<h4>' . _MODULENOEXIST . '</h4>'; |
342
|
|
|
include_once $xoops->path('footer.php'); |
343
|
|
|
exit(); |
344
|
|
|
} |
345
|
|
|
/* @var XoopsGroupPermHandler $moduleperm_handler */ |
346
|
|
|
$moduleperm_handler = xoops_getHandler('groupperm'); |
347
|
|
|
if ($xoopsUser) { |
348
|
|
|
if (!$moduleperm_handler->checkRight('module_read', $xoopsModule->getVar('mid'), $xoopsUser->getGroups())) { |
349
|
|
|
redirect_header(XOOPS_URL, 1, _NOPERM, false); |
350
|
|
|
} |
351
|
|
|
$xoopsUserIsAdmin = $xoopsUser->isAdmin($xoopsModule->getVar('mid')); |
352
|
|
|
} else { |
353
|
|
|
if (!$moduleperm_handler->checkRight('module_read', $xoopsModule->getVar('mid'), XOOPS_GROUP_ANONYMOUS)) { |
354
|
|
|
redirect_header(XOOPS_URL . '/user.php?from=' . $xoopsModule->getVar('dirname', 'n'), 1, _NOPERM); |
355
|
|
|
} |
356
|
|
|
} |
357
|
|
|
|
358
|
|
|
if ($xoopsModule->getVar('dirname', 'n') !== 'system') { |
359
|
|
|
if (file_exists($file = $xoops->path('modules/' . $xoopsModule->getVar('dirname', 'n') . '/language/' . $xoopsConfig['language'] . '/main.php'))) { |
360
|
|
|
include_once $file; |
361
|
|
|
} elseif (file_exists($file = $xoops->path('modules/' . $xoopsModule->getVar('dirname', 'n') . '/language/english/main.php'))) { |
362
|
|
|
include_once $file; |
363
|
|
|
} |
364
|
|
|
unset($file); |
365
|
|
|
} |
366
|
|
|
|
367
|
|
|
if ($xoopsModule->getVar('hasconfig') == 1 || $xoopsModule->getVar('hascomments') == 1 || $xoopsModule->getVar('hasnotification') == 1) { |
368
|
|
|
$xoopsModuleConfig = $config_handler->getConfigsByCat(0, $xoopsModule->getVar('mid')); |
369
|
|
|
} |
370
|
|
|
} elseif ($xoopsUser) { |
371
|
|
|
$xoopsUserIsAdmin = $xoopsUser->isAdmin(1); |
372
|
|
|
} |
373
|
|
|
|
374
|
|
|
/** |
375
|
|
|
* YOU SHOULD AVOID USING THE FOLLOWING FUNCTION, IT WILL BE REMOVED |
376
|
|
|
*/ |
377
|
|
|
//Creates 'system_modules_active' cache file if it has been deleted. |
378
|
|
|
xoops_getActiveModules(); |
379
|
|
|
|
380
|
|
|
$xoopsLogger->stopTime('XOOPS Boot'); |
381
|
|
|
$xoopsLogger->startTime('Module init'); |
382
|
|
|
|
383
|
|
|
$xoopsPreload->triggerEvent('core.include.common.end'); |
384
|
|
|
|
If you suppress an error, we recommend checking for the error condition explicitly: