The installation files ("./install/") have been found on the server. Please remove them as soon as possible. If you have not yet installed XMB, please do so at this time. Just click here.');
}
exit('Configuration Problem: XMB noticed that your config.php has not been fully configured. The $'.$key.' has not been configured correctly.
Please configure config.php before continuing. Refresh the browser after uploading the new config.php (when asked if you want to resubmit POST data, click the \'OK\'-button).');
}
}
unset($config_array);
/* Validate URL Configuration and Security */
if (empty($full_url)) {
header('HTTP/1.0 500 Internal Server Error');
exit('ERROR: Please fill the $full_url variable in your config.php!');
} else {
$array = parse_url($full_url);
$cookiesecure = ($array['scheme'] == 'https');
$cookiedomain = $array['host'];
if (strpos($cookiedomain, '.') === FALSE || preg_match("/^([0-9]{1,3}\.){3}[0-9]{1,3}$/", $cookiedomain)) {
$cookiedomain = '';
} elseif (substr($cookiedomain, 0, 4) === 'www.') {
$cookiedomain = substr($cookiedomain, 3);
}
if (!isset($array['path'])) {
$array['path'] = '/';
}
$cookiepath = $array['path'];
if (DEBUG) {
debugURLsettings($cookiesecure, $cookiedomain, $cookiepath);
} elseif (0 == strlen($url)) {
header('HTTP/1.0 500 Internal Server Error');
exit('Error: URL Not Found. Set DEBUG to TRUE in config.php to see diagnostic details.');
}
unset($array);
}
// Common XSS Protection: XMB disallows '<' and unencoded ':/' in all URLs.
if (X_SCRIPT != 'search.php') {
$url_check = Array('%3c', '<', ':/');
foreach($url_check as $name) {
if (strpos(strtolower($url), $name) !== FALSE) {
header('HTTP/1.0 403 Forbidden');
exit('403 Forbidden - URL rejected by XMB');
}
}
unset($url_check);
}
// Check for double-slash problems in REQUEST_URI
if (substr($url, 0, strlen($cookiepath)) != $cookiepath Or substr($url, strlen($cookiepath), 1) == '/') {
$fixed_url = str_replace('//', '/', $url);
if (substr($fixed_url, 0, strlen($cookiepath)) != $cookiepath Or substr($fixed_url, strlen($cookiepath), 1) == '/' Or $fixed_url != preg_replace('/[^\x20-\x7e]/', '', $fixed_url)) {
header('HTTP/1.0 404 Not Found');
exit('XMB detected an invalid URL. Set DEBUG to TRUE in config.php to see diagnostic details.');
} else {
$fixed_url = $full_url.substr($fixed_url, strlen($cookiepath));
header('HTTP/1.0 301 Moved Permanently');
header("Location: $fixed_url");
exit('XMB detected an invalid URL');
}
}
//Checks the IP-format, if it's not a IPv4 type, it will be blocked, safe to remove....
if ($ipcheck == 'on') {
if (1 != preg_match('@^(\\d{1,3}\\.){3}\\d{1,3}$@', $onlineip)) {
header('HTTP/1.0 403 Forbidden');
exit("Access to this website is currently not possible as your hostname/IP appears suspicous.");
}
}
/* Load Common Files and Establish Database Connection */
define('X_PREFIX', $tablepre); // Secured table prefix constant
require ROOT.'db/'.$database.'.php';
assertEmptyOutputStream('db/'.$database.'.php');
require ROOT.'include/validate.inc.php';
assertEmptyOutputStream('validate.inc.php');
require ROOT.'include/functions.inc.php';
assertEmptyOutputStream('functions.inc.php');
$db = new dbstuff;
$db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, TRUE);
// Make all settings global, and put them in the $SETTINGS[] array
// This is the first query, so do not panic unless query logging is enabled.
$squery = $db->query("SELECT * FROM ".X_PREFIX."settings", (DEBUG and LOG_MYSQL_ERRORS));
// Assume XMB is not installed if first query fails.
if (FALSE === $squery) {
header('HTTP/1.0 500 Internal Server Error');
if (file_exists(ROOT.'install/')) {
exit('XMB is not yet installed. Please do so at this time. Just click here.');
}
exit('Fatal Error: XMB is not installed. Please upload the /install/ directory to begin.');
}
if ($db->num_rows($squery) == 0) {
header('HTTP/1.0 500 Internal Server Error');
exit('Fatal Error: The XMB settings table is empty.');
}
foreach($db->fetch_array($squery) as $key => $val) {
$$key = $val;
$SETTINGS[$key] = $val;
}
$db->free_result($squery);
if ($postperpage < 5) {
$postperpage = 30;
$SETTINGS['postperpage'] = 30;
}
if ($topicperpage < 5) {
$topicperpage = 30;
$SETTINGS['topicperpage'] = 30;
}
if ($memberperpage < 5) {
$memberperpage = 30;
$SETTINGS['memberperpage'] = 30;
}
if ($onlinetodaycount < 5) {
$onlinetodaycount = 30;
$SETTINGS['onlinetodaycount'] = 30;
}
if ($SETTINGS['smcols'] < 1) {
$smcols = 4;
$SETTINGS['smcols'] = 4;
}
if ($SETTINGS['captcha_code_length'] < 3 or $SETTINGS['captcha_code_length'] >= X_NONCE_KEY_LEN) {
$captcha_code_length = 8;
$SETTINGS['captcha_code_length'] = 8;
}
// Validate maxattachsize with PHP configuration.
$inimax = phpShorthandValue('upload_max_filesize');
if ($inimax < $SETTINGS['maxattachsize']) {
$maxattachsize = $inimax;
$SETTINGS['maxattachsize'] = $inimax;
}
unset($inimax);
/* Set Global HTTP Headers */
if (X_SCRIPT != 'files.php') {
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
}
// Fix annoying bug in windows... *sigh*
$action = postedVar('action', '', FALSE, FALSE, FALSE, 'g');
if ($action != 'attachment' && !($action == 'templates' && isset($download)) && !($action == 'themes' && isset($download))) {
header("Content-type: text/html");
}
// Update last visit cookies
$xmblva = getInt('xmblva', 'c'); // Last visit
$xmblvb = getInt('xmblvb', 'c'); // Duration of this visit (considered to be up to 600 seconds)
if ($xmblvb > 0) {
$thetime = $xmblvb; // lvb will expire in 600 seconds, so if it's there, we're in a current session
} else if ($xmblva > 0) {
$thetime = $xmblva; // Not currently logged in, so let's get the time from the last visit
} else {
$thetime = $onlinetime; // no cookie at all, so this is your first visit
}
put_cookie('xmblva', $onlinetime, ($onlinetime + (86400*365)), $cookiepath, $cookiedomain); // lva == now
put_cookie('xmblvb', $thetime, ($onlinetime + X_ONLINE_TIMER), $cookiepath, $cookiedomain); // lvb =
$lastvisit = $thetime;
if (isset($oldtopics)) {
put_cookie('oldtopics', $oldtopics, ($onlinetime + X_ONLINE_TIMER), $cookiepath, $cookiedomain);
}
/* Authorize User, Set Up Session, and Load Language Translation */
$serror = '';
// Check if the client is ip-banned
if ($SETTINGS['ip_banning'] == 'on') {
$ips = explode(".", $onlineip);
$query = $db->query("SELECT id FROM ".X_PREFIX."banned WHERE ((ip1='$ips[0]' OR ip1='-1') AND (ip2='$ips[1]' OR ip2='-1') AND (ip3='$ips[2]' OR ip3='-1') AND (ip4='$ips[3]' OR ip4='-1')) AND NOT (ip1='-1' AND ip2='-1' AND ip3='-1' AND ip4='-1')");
$result = $db->num_rows($query);
$db->free_result($query);
if ($result > 0) {
// Block all non-admins
$serror = 'ip';
}
}
// Check if the board is offline
if ($SETTINGS['bbstatus'] == 'off' And $serror == '') {
if (($action == 'login' Or $action == 'lostpw') And X_SCRIPT == 'misc.php') {
// Allow login
} elseif ($SETTINGS['regstatus'] == 'on' And ($action == 'reg' Or $action == 'coppa' Or $action == 'captchaimage') And (X_SCRIPT == 'misc.php' Or X_SCRIPT == 'member.php')) {
// Allow registration
} else {
// Block all non-admins
$serror = 'bstatus';
}
}
// Check if the board is set to 'reg-only'
if ($SETTINGS['regviewonly'] == 'on' And $serror == '') {
if (($action == 'login' Or $action == 'lostpw') And X_SCRIPT == 'misc.php') {
// Allow login
} elseif ($SETTINGS['regstatus'] == 'on' And ($action == 'reg' Or $action == 'coppa' Or $action == 'captchaimage') And (X_SCRIPT == 'misc.php' Or X_SCRIPT == 'member.php')) {
// Allow registration
} else {
// Block all guests
$serror = 'guest';
}
}
$uinput = postedVar('xmbuser', '', FALSE, TRUE, FALSE, 'c');
$pinput = postedVar('xmbpw', '', FALSE, FALSE, FALSE, 'c');
if (!elevateUser($uinput, $pinput, FALSE, $serror)) {
// Delete cookies when authentication fails.
if ($uinput != '') {
put_cookie("xmbuser", '', 0, $cookiepath, $cookiedomain);
put_cookie("xmbpw", '', 0, $cookiepath, $cookiedomain);
}
}
unset($uinput, $pinput);
if (X_SCRIPT == 'upgrade.php') return;
/* Set Up HTML Templates and Themes */
// Create a base element so that links aren't broken if scripts are accessed using unexpected paths.
// XMB expects all links to be relative to $full_url + script name + query string.
$querystring = strstr($url, '?');
if ($querystring === FALSE) {
$querystring = '';
}
$querystring = preg_replace('/[^\x20-\x7e]/', '', $querystring);
if ($url == $cookiepath) {
$baseelement = '';
} else {
$baseelement = '';
}
// login/logout links
if (X_MEMBER) {
if (X_ADMIN) {
$cplink = ' - '.$lang['textcp'].'';
} else {
$cplink = '';
}
$loginout = ''.$lang['textlogout'].'';
$memcp = ''.$lang['textusercp'].'';
$u2ulink = "{$lang['banu2u']} - ";
$notify = $lang['loggedin'].' '.$xmbuser.' ['.$loginout.' - '.$u2ulink.''.$memcp.''.$cplink.']';
// Update lastvisit in the header shown
$theTime = $xmblva + ($self['timeoffset'] * 3600) + ($SETTINGS['addtime'] * 3600);
$lastdate = gmdate($dateformat, $theTime);
$lasttime = gmdate($timecode, $theTime);
$lastvisittext = $lang['lastactive'].' '.$lastdate.' '.$lang['textat'].' '.$lasttime;
} else {
// Checks for the possibility to register
if ($SETTINGS['regstatus'] == 'on') {
$reglink = '- '.$lang['textregister'].'';
} else {
$reglink = '';
}
$loginout = ''.$lang['textlogin'].'';
$notify = $lang['notloggedin'].' ['.$loginout.' '.$reglink.']';
$lastvisittext = '';
}
// Get themes, [fid, [tid]]
$forumtheme = 0;
$fid = getInt('fid', 'r');
$tid = getInt('tid', 'r');
if ($tid > 0 && $action != 'templates') {
$query = $db->query("SELECT f.fid, f.theme FROM ".X_PREFIX."forums f RIGHT JOIN ".X_PREFIX."threads t USING (fid) WHERE t.tid=$tid");
$locate = $db->fetch_array($query);
$db->free_result($query);
$fid = $locate['fid'];
$forumtheme = $locate['theme'];
} else if ($fid > 0) {
$forum = getForum($fid);
if (($forum['type'] != 'forum' && $forum['type'] != 'sub') || $forum['status'] != 'on') {
$forumtheme = 0;
} else {
$forumtheme = $forum['theme'];
}
}
// Check what theme to use
$validtheme = FALSE;
if (!$validtheme And (int) $themeuser > 0) {
$theme = (int) $themeuser;
$query = $db->query("SELECT * FROM ".X_PREFIX."themes WHERE themeid=$theme");
if (!$validtheme = ($db->num_rows($query) > 0)) {
$themeuser = 0;
$db->query("UPDATE ".X_PREFIX."members SET theme=0 WHERE uid={$self['uid']}");
}
}
if (!$validtheme And (int) $forumtheme > 0) {
$theme = (int) $forumtheme;
$query = $db->query("SELECT * FROM ".X_PREFIX."themes WHERE themeid=$theme");
if (!$validtheme = ($db->num_rows($query) > 0)) {
$themeuser = 0;
$db->query("UPDATE ".X_PREFIX."forums SET theme=0 WHERE fid=$fid");
}
}
if (!$validtheme) {
$theme = (int) $SETTINGS['theme'];
$query = $db->query("SELECT * FROM ".X_PREFIX."themes WHERE themeid=$theme");
$validtheme = ($db->num_rows($query) > 0);
}
if (!$validtheme) {
$query = $db->query("SELECT * FROM ".X_PREFIX."themes LIMIT 1");
if ($validtheme = ($db->num_rows($query) > 0)) {
$row = $db->fetch_array($query);
$SETTINGS['theme'] = $row['themeid'];
$db->query("UPDATE ".X_PREFIX."settings SET theme={$SETTINGS['theme']}");
$db->data_seek($query, 0);
}
}
if (!$validtheme) {
header('HTTP/1.0 500 Internal Server Error');
exit('Fatal Error: The XMB themes table is empty.');
}
// Make theme-vars semi-global
foreach($db->fetch_array($query) as $key=>$val) {
if ($key != "name") {
$$key = $val;
}
$THEME[$key] = $val;
}
$db->free_result($query);
// additional CSS to load?
if (file_exists(ROOT.$imgdir.'/theme.css')) {
$cssInclude = '';
} else {
$cssInclude = '';
}
// Alters certain visibility-variables
if (false === strpos($bgcolor, '.')) {
$bgcode = "background-color: $bgcolor;";
} else {
$bgcode = "background-image: url('$imgdir/$bgcolor');";
}
if (false === strpos($catcolor, '.')) {
$catbgcode = "bgcolor=\"$catcolor\"";
$catcss = 'background-color: '.$catcolor.';';
} else {
$catbgcode = "style=\"background-image: url($imgdir/$catcolor)\"";
$catcss = 'background-image: url('.$imgdir.'/'.$catcolor.');';
}
if (false === strpos($top, '.')) {
$topbgcode = "bgcolor=\"$top\"";
} else {
$topbgcode = "style=\"background-image: url($imgdir/$top)\"";
}
if (false !== strpos($boardimg, ',')) {
$flashlogo = explode(",",$boardimg);
//check if it's an URL or just a filename
$l = array();
$l = parse_url($flashlogo[0]);
if (!isset($l['scheme']) || !isset($l['host'])) {
$flashlogo[0] = $imgdir.'/'.$flashlogo[0];
}
$logo = '';
} else {
$l = array();
$l = parse_url($boardimg);
if (!isset($l['scheme']) || !isset($l['host'])) {
$boardimg = $imgdir.'/'.$boardimg;
}
$logo = '';
}
// Font stuff...
$fontedit = preg_replace('#(\D)#', '', $fontsize);
$fontsuf = preg_replace('#(\d)#', '', $fontsize);
$font1 = $fontedit-1 . $fontsuf;
$font3 = $fontedit+2 . $fontsuf;
// Set Extra Theme Keys
$THEME['bgcode'] = $bgcode;
$THEME['font1'] = $font1;
$THEME['font3'] = $font3;
/* Theme Ready. Make pretty errors. */
switch ($serror) {
case 'ip':
if (!X_ADMIN) {
header('HTTP/1.0 403 Forbidden');
error($lang['bannedmessage']);
}
break;
case 'bstatus':
if (!X_ADMIN) {
header('HTTP/1.0 503 Service Unavailable');
header('Retry-After: 3600');
if ($bboffreason != '') {
message(nl2br($bboffreason));
} else {
message($lang['textbstatusdefault']);
}
}
break;
case 'guest':
if (X_GUEST) {
if ($SETTINGS['regstatus'] == 'on') {
$message = $lang['reggedonly'].' '.$reglink.' '.$lang['textor'].' '.$lang['textlogin'].'';
} else {
$message = $lang['reggedonly'].' '.$lang['textlogin'].'';
}
message($message);
}
break;
}
/* Finish HTML Templates */
if ((X_ADMIN Or $SETTINGS['bbstatus'] == 'on') And (X_MEMBER Or $SETTINGS['regviewonly'] == 'off')) {
$links = array();
require ROOT.'chat/ChattingCount.php';
// Search-link
$searchlink = makeSearchLink();
// 'Forum Rules'-link
if ($SETTINGS['bbrules'] == 'on') {
$links[] = ' '.$lang['textbbrules'].'';
}
// Memberlist-link
if ($SETTINGS['memliststatus'] == 'on') {
$links[] = ' '.$lang['textmemberlist'].'';
}
// Search link moved from heade template to header.php
if ( !empty($searchlink) ) {
$links[] = $searchlink;
}
// Faq-link
if ($SETTINGS['faqstatus'] == 'on') {
$links[] = ' '.$lang['textfaq'].'';
}
// Stats-link
if ($SETTINGS['stats'] == 'on') {
$links[] = ' '.$lang['navstats'].'';
}
// Today's posts-link
if ($SETTINGS['todaysposts'] == 'on') {
$links[] = ' '.$lang['navtodaysposts'].'';
}
// 'Avatar Gallery'-link
if (X_STAFF && $SETTINGS['avatargal'] == 'on') {
$links[] = ' '.$lang['avatargallery'].'';
}
// 'Flashchat' link
if($xmbuser && $xmbuser != '') {
$numberOfUsers = numusers();
if ($numberOfUsers > 0)
{ $chatusage = "Chatroom In Use - Click to Chat";
$links[] = ' '.$chatusage.'';
}
else
{ $chatusage = "Chatroom Idle - Click to Start";
$links[] = ' '.$chatusage.'';
}
}
$links = implode(' ', $links);
// Show all plugins
$pluglinks = array();
foreach($plugname as $plugnum => $item) {
if (!empty($plugurl[$plugnum]) && !empty($plugname[$plugnum])) {
if (trim($plugimg[$plugnum]) != '') {
$img = ' ';
} else {
$img = '';
}
if ($plugadmin[$plugnum] != true || X_ADMIN) {
$pluglinks[] = $img.''.$plugname[$plugnum].' ';
}
}
}
if (count($pluglinks) == 0) {
$pluglink = '';
} else {
$pluglink = implode(' ', $pluglinks);
}
// create forum jump
if ($SETTINGS['quickjump_status'] == 'on') {
$quickjump = forumJump();
}
// check for new u2u's
if (X_MEMBER) {
$query = $db->query("SELECT COUNT(*) FROM ".X_PREFIX."u2u WHERE owner='$xmbuser' AND folder='Inbox' AND readstatus='no'");
$newu2unum = $db->result($query, 0);
$db->free_result($query);
if ($newu2unum > 0) {
$newu2umsg = "{$lang['newu2u1']} $newu2unum {$lang['newu2u2']}";
// Popup Alert
if ($self['u2ualert'] == 2 Or ($self['u2ualert'] == 1 And X_SCRIPT == 'index.php')) {
$newu2umsg .= '";
}
}
}
}
/* Perform HTTP Connection Maintenance */
assertEmptyOutputStream('header.php');
// Gzip-compression
if ($SETTINGS['gzipcompress'] == 'on'
&& $action != 'captchaimage'
&& X_SCRIPT != 'files.php'
&& !DEBUG) {
if (($res = @ini_get('zlib.output_compression')) > 0) {
// leave it
} else if ($res === false) {
// ini_get not supported. So let's just leave it
} else {
if (function_exists('gzopen')) {
$r = @ini_set('zlib.output_compression', 4096);
$r2 = @ini_set('zlib.output_compression_level', '3');
if (FALSE === $r || FALSE === $r2) {
ob_start('ob_gzhandler');
}
} else {
ob_start('ob_gzhandler');
}
}
}
assertEmptyOutputStream('header.php');
return;
?>