root/dev/common/index.php @ 195

Revision 192, 5.0 KB (checked in by exi, 15 years ago)

Fixed several potential security issues with unchecked variables.
Added .htaccess files to common/ and mods/.
Modified the sync module to not send item data anymore.

Line 
1<?php
2
3/**
4 * The EVE-Development Network Killboard
5 * based on eve-killboard.net created by rig0r
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * any later version.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15 * General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
20 *
21 */
22
23// many ppl had issues with pear and relative paths
24require_once('common/includes/db.php');
25require_once('common/includes/class.killboard.php');
26require_once('common/includes/class.page.php');
27require_once('common/includes/class.event.php');
28require_once('common/includes/class.roles.php');
29#require_once('common/includes/class.titles.php');
30require_once('common/includes/class.user.php');
31require_once('common/includes/class.session.php');
32require_once('common/smarty/Smarty.class.php');
33
34// smarty doesnt like it
35@set_magic_quotes_runtime(0);
36
37// remove some chars from the request string to avoid 'hacking'-attempts
38$page = str_replace('.', '', $_GET['a']);
39$page = str_replace('/', '', $page);
40if ($page == '' || $page == 'index')
41{
42    $page = 'home';
43}
44
45// check for the igb
46if (substr($_SERVER['HTTP_USER_AGENT'], 0, 15) == 'EVE-minibrowser')
47{
48    define('IS_IGB', true);
49    if (!isset($_GET['a']))
50    {
51        $page = 'igb';
52    }
53}
54else
55{
56    define('IS_IGB', false);
57}
58
59// killboard is instantiated by class::Page
60//$killboard = new Killboard(KB_SITE);
61
62// load the config from the database
63$config = new Config(KB_SITE);
64
65// setting up smarty and feed it with some config
66$smarty = new Smarty();
67$smarty->template_dir = './templates';
68$smarty->compile_dir = './cache/templates_c';
69$smarty->cache_dir = './cache/data';
70$smarty->assign('style_url', STYLE_URL);
71$smarty->assign('img_url', IMG_URL);
72$smarty->assign_by_ref('config', $config);
73
74// set up titles/roles
75role::init();
76#title::init();
77
78// start session management
79Session::init();
80
81// this is to make sure that smarty is able to create output
82if (!is_dir('./cache/templates_c'))
83{
84    if (mkdir('./cache/templates_c'))
85    {
86        chmod('./cache/templates_c', 0777);
87    }
88    else
89    {
90        exit('please create cache/templates_c and chmod it 777');
91    }
92}
93
94// all admin files are now in the admin directory and preload the menu
95if (substr($page, 0, 5) == 'admin')
96{
97    require_once('common/admin/admin_menu.php');
98    $page = 'admin/'.$page;
99}
100
101// old modcode for loading settings
102if (substr($page, 0, 9) == 'settings_')
103{
104    $settingsPage = true;
105}
106else
107{
108    $settingsPage = false;
109}
110$mods_active = explode(',', config::get('mods_active'));
111$modOverrides = false;
112foreach ($mods_active as $mod)
113{
114    // load all active modules which need initialization
115    if (file_exists('mods/'.$mod.'/init.php'))
116    {
117        include('mods/'.$mod.'/init.php');
118    }
119    if (file_exists('mods/'.$mod.'/'.$page.'.php'))
120    {
121        if ($modOverrides)
122        {
123            die('Error: Two or more of the mods you have activated are conflicting');
124        }
125        $modOverrides = true;
126        $modOverride = $mod;
127    }
128}
129if (!$settingsPage && !file_exists('common/'.$page.'.php') && !$modOverrides)
130{
131    $page = 'home';
132}
133
134if (KB_CACHE == 1 && count($_POST) == 0 && !in_array($page, $cacheignore))
135{
136    $docache = true;
137}
138else
139{
140    $docache = false;
141}
142
143if ($docache)
144{
145    if (!file_exists(KB_CACHEDIR.'/'.KB_SITE))
146    {
147        @mkdir(KB_CACHEDIR.'/'.KB_SITE);
148    }
149
150    if ($cachetimes[$page])
151    {
152        $cachetime = $cachetimes[$page];
153    }
154    else
155    {
156        $cachetime = 5;
157    }
158
159    $cachetime = $cachetime * 60;
160
161    $cachefile = KB_CACHEDIR.'/'.KB_SITE.'/'.md5($_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']).'.cache';
162    $timestamp = ((@file_exists($cachefile))) ? @filemtime($cachefile) : 0;
163
164    if (time() - $cachetime < $timestamp)
165    {
166        ob_start('ob_gzhandler');
167        @readfile($cachefile);
168        ob_end_flush();
169        exit();
170    }
171
172    ob_start();
173}
174
175if ($settingsPage)
176{
177    if (!Session::isAdmin())
178    {
179        header('Location: ?a=login');
180        echo '<a href="?a=login">Login</a>';
181        exit;
182    }
183
184    include('mods/'.substr($page, 9, strlen($page)-9).'/settings.php');
185}
186elseif ($modOverrides)
187{
188    include('mods/'.$modOverride.'/'.$page.'.php');
189}
190else
191{
192    include('common/'.$page.'.php');
193}
194
195if ($docache)
196{
197    $fp = @fopen($cachefile, 'w');
198    @fwrite($fp, ob_get_contents());
199    @fwrite($fp, '<!-- Generated from cache -->');
200    @fclose($fp);
201    ob_end_flush();
202}
203?>
Note: See TracBrowser for help on using the browser.