IP : 3.133.122.16Hostname : host45.registrar-servers.comKernel : Linux host45.registrar-servers.com 4.18.0-513.18.1.lve.2.el8.x86_64 #1 SMP Sat Mar 30 15:36:11 UTC 2024 x86_64Disable Function : None :) OS : Linux
PATH:
/
home/
../
../
var/
./
./
./
softaculous/
myadmin49/
../
mantis/
../
fud/
index.php/
/
<?php /** * copyright : (C) 2001-2019 Advanced Internet Designs Inc. * email : forum@prohost.org * $Id$ * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; version 2 of the License. **/
if (function_exists('mb_internal_encoding')) { mb_internal_encoding('utf-8'); } require('./GLOBALS.php');
function db_locked() { return isset($GLOBALS['__DB_INC_INTERNALS__']['db_locked']); }
function db_affected() { return db::$db->affected_rows; }
function uq($query) { return q($query); }
if (!defined('fud_query_stats')) { function q($query) { // Assume master DB, route SELECT's to slave DB. // Force master if DB is locked (in transaction) or 'SELECT /* USE MASTER */'. $db = db::$db; if (!empty(db::$slave) && !db_locked() && !strncasecmp($query, 'SELECT', 6) && strncasecmp($query, 'SELECT /* USE MASTER */', 23)) { $db = db::$slave; }
if (!isset($GLOBALS['__DB_INC_INTERNALS__']['total_sql_time'])) { $GLOBALS['__DB_INC_INTERNALS__']['total_sql_time'] = 0; }
// Assume master DB, route SELECT's to slave DB. // Force master if DB is locked (in transaction) or 'SELECT /* USE MASTER */'. $db = db::$db; if (!empty(db::$slave) && !db_locked() && !strncasecmp($query, 'SELECT', 6) && strncasecmp($query, 'SELECT /* USE MASTER */', 23)) { $db = db::$slave; }
function q_concat($arg) { // MySQL badly breaks the SQL standard by redefining || to mean OR. $tmp = func_get_args(); return 'CONCAT('. implode(',', $tmp) .')'; }
function q_rownum() { q('SET @seq=0'); // For simulating rownum. return '(@seq:=@seq+1)'; }
function ses_get($id=0) { if (!$id) { /* Cookie or URL session? If not, check for known bots. */ if (!empty($_COOKIE[$GLOBALS['COOKIE_NAME']])) { /* Have cookie */ $q_opt = 's.ses_id='. _esc($_COOKIE[$GLOBALS['COOKIE_NAME']]); } else if ((isset($_GET['S']) || isset($_POST['S'])) && $GLOBALS['FUD_OPT_1'] & 128) { /* Have session string */ $url_session = 1; $q_opt = 's.ses_id='. _esc((isset($_GET['S']) ? (string) $_GET['S'] : (string) $_POST['S'])); /* Do not validate against expired URL sessions. */ $q_opt .= ' AND s.time_sec > '. (__request_timestamp__ - $GLOBALS['SESSION_TIMEOUT']); } else { /* Unknown user, maybe bot? */ // Auto login authorized bots. // To test: wget --user-agent="Googlebot 1.2" http://127.0.0.1:8080/forum $spider_session = 0; $my_ip = get_ip();
include $GLOBALS['FORUM_SETTINGS_PATH'] .'spider_cache'; foreach ($spider_cache as $spider_id => $spider) { if (preg_match('/'. $spider['useragent'] .'/i', $_SERVER['HTTP_USER_AGENT'])) { if (empty($spider['bot_ip'])) { $spider_session = 1; // Agent matched, no IPs to check. break; } else { foreach (explode(',', $spider['bot_ip']) as $bot_ip) { if (!($bot_ip = trim($bot_ip))) { continue; } if (strpos($bot_ip, $my_ip) === 0) { $spider_session = 1; // Agent and an IP matched. break; } } } } } if ($spider_session) { if ($spider['bot_opts'] & 2) { // Access blocked. die('Go away!'); } if ($id = db_li('INSERT INTO fud30_ses (ses_id, time_sec, sys_id, ip_addr, useragent, user_id) VALUES (\''. $spider['botname'] .'\', '. __request_timestamp__ .', '. _esc(ses_make_sysid()) .', '. _esc($my_ip) .', '. _esc(substr($_SERVER['HTTP_USER_AGENT'], 0, 64)) .', '. $spider['user_id'] .')', $ef, 1)) { $q_opt = 's.id='. $id; } else { $q_opt = 's.ses_id='. _esc($spider['botname']); } $GLOBALS['FUD_OPT_1'] ^= 128; // Disable URL sessions for user. } else { /* NeXuS: What is this? Return if user unknown? Function should return only after the query is run. */ //return;
// Check sys_id, ip_addr and useragent for a possible match $q_opt = 's.sys_id= '._esc(ses_make_sysid()). ' AND s.ip_addr='._esc(get_ip()). ' AND s.useragent='._esc(substr($_SERVER['HTTP_USER_AGENT'], 0, 64)); } }
/* ENABLE_REFERRER_CHECK */ if ($GLOBALS['FUD_OPT_3'] & 4 && isset($_SERVER['HTTP_REFERER']) && strncmp($_SERVER['HTTP_REFERER'], $GLOBALS['WWW_ROOT'], strlen($GLOBALS['WWW_ROOT']))) { /* More checks, we need those because some proxies mangle referer field. */ $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']; /* $p > 8 https:// or http:// */ if (($p = strpos($_SERVER['HTTP_REFERER'], $host)) === false || $p > 8) { $q_opt .= ' AND s.user_id > 2000000000 '; // Different referrer, force anonymous. } } } else { $q_opt = 's.id='. $id; }
$u = db_sab('SELECT s.id AS sid, s.ses_id, s.data, s.returnto, s.sys_id, t.id AS theme_id, t.lang, t.name AS theme_name, t.locale, t.theme, t.pspell_lang, t.theme_opt, u.alias, u.posts_ppg, u.time_zone, u.sig, u.last_visit, u.last_read, u.cat_collapse_status, u.users_opt, u.posted_msg_count, u.topics_per_page, u.ignore_list, u.ignore_list, u.buddy_list, u.id, u.group_leader_list, u.email, u.login, u.sq, u.ban_expiry, u.ban_reason, u.flag_cc FROM fud30_ses s INNER JOIN fud30_users u ON u.id=(CASE WHEN s.user_id>2000000000 THEN 1 ELSE s.user_id END) LEFT OUTER JOIN fud30_themes t ON t.id=u.theme WHERE '. $q_opt);
/* Anon user, no session or login. */ if (!$u || $u->id == 1 || $id) { return $u; }
if ($u->sys_id == ses_make_sysid()) { return $u; } else if ($GLOBALS['FUD_OPT_3'] & 16 || isset($url_session)) { /* URL sessions must validate sys_id check and SESSION_IP_CHECK must be disabled */ return; }
/* Try doing a strict SQ match in last-ditch effort to make things 'work'. */ if (isset($_POST['SQ']) && $_POST['SQ'] == $u->sq) { return $u; }
/* When we have an anon user, we set a special cookie allowing us to see who referred this user. */ if (isset($_GET['rid']) && !isset($_COOKIE['frm_referer_id']) && $GLOBALS['FUD_OPT_2'] & 8192) { setcookie($GLOBALS['COOKIE_NAME'] .'_referer_id', $_GET['rid'], __request_timestamp__+31536000, $GLOBALS['COOKIE_PATH'], $GLOBALS['COOKIE_DOMAIN']); }
if (empty($data)) { q('UPDATE fud30_ses SET data=NULL WHERE '. $cond); } else { q('UPDATE fud30_ses SET data='. _esc(serialize($data)) .' WHERE '. $cond); } }
/** Destroy a session. */ function ses_delete($ses_id) { // Delete all forum sessions. // Regardless of MULTI_HOST_LOGIN, all sessions will be terminated. q('DELETE FROM fud30_ses WHERE id='. $ses_id); setcookie($GLOBALS['COOKIE_NAME'], '', __request_timestamp__-100000, $GLOBALS['COOKIE_PATH'], $GLOBALS['COOKIE_DOMAIN']);
return 1; }
function ses_anonuser_auth($id, $error) { if (!empty($_POST)) { $_SERVER['QUERY_STRING'] = ''; } q('UPDATE fud30_ses SET data='. _esc(serialize($error)) .', returnto='. ssn($_SERVER['QUERY_STRING']) .' WHERE id='. $id); if ($GLOBALS['FUD_OPT_2'] & 32768) { // USE_PATH_INFO header('Location: [[relativeurl]]/index.php/l/'. _rsidl); } else { header('Location: [[relativeurl]]/index.php?t=login&'. _rsidl); } exit; }function &init_user() { $o1 =& $GLOBALS['FUD_OPT_1']; $o2 =& $GLOBALS['FUD_OPT_2'];
/* We need to parse S & rid right away since they are used during user init. */ if ($o2 & 32768 && !empty($_SERVER['PATH_INFO']) && empty($_GET['t'])) { // USE_PATH_INFO $pb = $p = explode('/', trim($_SERVER['PATH_INFO'], '/')); if ($o1 & 128) { // SESSION_USE_URL $_GET['S'] = array_pop($p); } if ($o2 & 8192) { // TRACK_REFERRALS $_GET['rid'] = array_pop($p); } $_SERVER['QUERY_STRING'] = htmlspecialchars($_SERVER['PATH_INFO']) .'?'. $_SERVER['QUERY_STRING'];
/* Default to index page. */ if (!isset($p[0])) { $p[0] = 'i'; } /* Notice prevention code. */ for ($i = 1; $i < 5; $i++) { if (!isset($p[$i])) { $p[$i] = null; } }
switch ($p[0]) { case 'm': /* goto specific message */ $_GET['t'] = 0; $_GET['goto'] = $p[1]; if (isset($p[2])) { $_GET['th'] = $p[2]; if (isset($p[3]) && is_numeric($p[3])) { $_GET['start'] = $p[3]; if ($p[3]) { $_GET['t'] = 'msg'; unset($_GET['goto']); }
if (isset($p[$i])) { $_GET['rev'] = $p[$i]; if (isset($p[$i+1])) { $_GET['reveal'] = $p[$i+1]; } } } } } break;
case 't': /* view thread */ $_GET['t'] = 0; $_GET['th'] = $p[1]; if (isset($p[2]) && is_numeric($p[2])) { // START is not currently used for thread paging. // Set to 0, but keep code for possible future implementation. // $_GET['start'] = $p[2]; $_GET['start'] = 0; if (!empty($p[3])) { $_GET[$p[3]] = 1; } } break;
case 'f': /* view forum */ $_GET['t'] = 1; $_GET['frm_id'] = $p[1]; if (isset($p[2])) { $_GET['start'] = $p[2]; if (isset($p[3])) { if ($p[3] === '0') { $_GET['sub'] = 1; } else { $_GET['unsub'] = 1; } } } break;
case 'r': $_GET['t'] = 'post'; $_GET[$p[1]] = $p[2]; if (isset($p[3])) { $_GET['reply_to'] = $p[3]; if (isset($p[4])) { if ($p[4]) { $_GET['quote'] = 'true'; } if (isset($p[5])) { $_GET['start'] = $p[5]; } } } break;
case 'u': /* view user's info */ $_GET['t'] = 'usrinfo'; $_GET['id'] = $p[1]; break;
case 'i': $_GET['t'] = 'index'; if (isset($p[1])) { $_GET['cat'] = (int) $p[1]; } break;
case 'fa': $_GET['t'] = 'getfile'; $_GET['id'] = isset($p[1]) ? $p[1] : $pb[1]; if (!empty($p[2])) { $_GET['private'] = 1; } break;
case 'sp': /* show posts */ $_GET['t'] = 'showposts'; $_GET['id'] = $p[1]; if (isset($p[2])) { $_GET['so'] = $p[2]; if (isset($p[3])) { $_GET['start'] = $p[3]; } } break;
case 'l': /* login/logout */ $_GET['t'] = 'login'; if (isset($p[1])) { $_GET['logout'] = 1; } break;
case 'pl': /* poll list */ $_GET['t'] = 'polllist'; if (isset($p[1])) { $_GET['uid'] = $p[1]; if (isset($p[2])) { $_GET['start'] = $p[2]; if (isset($p[3])) { $_GET['oby'] = $p[3]; } } } break;
case 'ml': /* member list */ $_GET['t'] = 'finduser'; if (isset($p[1])) { switch ($p[1]) { case 1: case 2: $_GET['pc'] = $p[1]; break; case 3: case 4: $_GET['us'] = $p[1]; break; case 5: case 6: $_GET['rd'] = $p[1]; break; case 7: case 8: $_GET['fl'] = $p[1]; break; case 9: case 10: $_GET['lv'] = $p[1]; break; } if (isset($p[2])) { $_GET['start'] = $p[2]; if (isset($p[3])) { $_GET['usr_login'] = urldecode($p[3]); if (isset($p[4])) { $_GET['js_redr'] = $p[5]; } } } } break;
case 'h': /* help */ $_GET['t'] = 'help_index'; if (isset($p[1])) { $_GET['section'] = $p[1]; } break;
case 'pv': $_GET['t'] = 0; if (isset($p[1])) { $_GET['goto'] = q_singleval('SELECT id FROM fud30_msg WHERE poll_id='.(int)$p[1]); $_GET['pl_view'] = empty($p[2]) ? 0 : (int)$p[2]; } break;
/* Define theme path, may already be set by a plugin. */ defined('fud_theme') or define('fud_theme', 'theme/'. ($u->theme_name ? $u->theme_name : 'default') .'/');
/* Define _uid, which, will tell us if this is a 'real' user or not. */ define('__fud_real_user__', ($u->id != 1 ? $u->id : 0)); define('_uid', __fud_real_user__ && ($uo & 131072) && !($uo & 2097152) ? $u->id : 0);
/* Allow user to set their own topics per page value, as long as it is smaller then the max. */ if (__fud_real_user__ && $GLOBALS['THREADS_PER_PAGE'] > $u->topics_per_page) { $GLOBALS['THREADS_PER_PAGE'] = (int) $u->topics_per_page; }
function user_register_forum_view($frm_id) { if (__dbtype__ == 'mysql') { // MySQL optimization. q('INSERT INTO fud30_forum_read (forum_id, user_id, last_view) VALUES ('. $frm_id .', '. _uid .', '. __request_timestamp__ .') ON DUPLICATE KEY UPDATE last_view=VALUES(last_view)'); return; }
if (!db_li('INSERT INTO fud30_forum_read (forum_id, user_id, last_view) VALUES ('. $frm_id .', '. _uid .', '. __request_timestamp__ .')', $ef)) { q('UPDATE fud30_forum_read SET last_view='. __request_timestamp__ .' WHERE forum_id='. $frm_id .' AND user_id='. _uid); } }
function user_register_thread_view($thread_id, $tm=__request_timestamp__, $msg_id=0) { if (__dbtype__ == 'mysql') { // MySQL optimization. q('INSERT INTO fud30_read (last_view, msg_id, thread_id, user_id) VALUES('. $tm .', '. $msg_id .', '. $thread_id .', '. _uid .') ON DUPLICATE KEY UPDATE last_view=VALUES(last_view), msg_id=VALUES(msg_id)'); return; }
if (!db_li('INSERT INTO fud30_read (last_view, msg_id, thread_id, user_id) VALUES('. $tm .', '. $msg_id .', '. $thread_id .', '. _uid .')', $ef)) { q('UPDATE fud30_read SET last_view='. $tm .', msg_id='. $msg_id .' WHERE thread_id='. $thread_id .' AND user_id='. _uid); } }
function user_set_post_count($uid) { $pd = db_saq('SELECT MAX(id), count(*) FROM fud30_msg WHERE poster_id='. $uid .' AND apr=1'); $level_id = (int) q_singleval(q_limit('SELECT id FROM fud30_level WHERE post_count <= '. $pd[1] .' ORDER BY post_count DESC', 1)); q('UPDATE fud30_users SET u_last_post_id='. (int)$pd[0] .', posted_msg_count='. (int)$pd[1] .', level_id='. $level_id .' WHERE id='. $uid); }
function user_mark_all_read($id) { q('UPDATE fud30_users SET last_read='. __request_timestamp__ .' WHERE id='. $id); q('DELETE FROM fud30_read WHERE user_id='. $id); q('DELETE FROM fud30_forum_read WHERE user_id='. $id); }
function user_mark_forum_read($id, $fid, $last_view) { if (__dbtype__ == 'mysql') { // MySQL optimization. q('INSERT INTO fud30_read (user_id, thread_id, msg_id, last_view) SELECT '. $id .', id, last_post_id, '. __request_timestamp__ .' FROM fud30_thread WHERE forum_id='. $fid .' AND last_post_date > '. $last_view .' ON DUPLICATE KEY UPDATE last_view=VALUES(last_view), msg_id=VALUES(msg_id)'); } else if (__dbtype__ == 'sqlite') { // SQLite optimization. q('REPLACE INTO fud30_read (user_id, thread_id, msg_id, last_view) SELECT '. $id .', id, last_post_id, '. __request_timestamp__ .' FROM fud30_thread WHERE forum_id='. $fid .' AND last_post_date > '. $last_view); } else { // Other databases. if (!db_li('INSERT INTO fud30_read (user_id, thread_id, msg_id, last_view) SELECT '. $id .', id, last_post_id, '. __request_timestamp__ .' FROM fud30_thread WHERE forum_id='. $fid .' AND last_post_date > '. $last_view, $ef)) { q('UPDATE fud30_read SET user_id='. $id .', msg_id=t.last_post_id, last_view='. __request_timestamp__ .' FROM (SELECT id, last_post_id FROM fud30_thread WHERE forum_id='. $fid .' AND last_post_date > '. $last_view .') t WHERE user_id='. $id .' AND thread_id=t.id'); } } user_register_forum_view($fid); }
function sq_check($post, &$sq, $uid=__fud_real_user__, $ses=s) { /* No sequence # check for anonymous users. */ if (!$uid) { return 1; }