<?php

/*
	[Discuz!] (C)2001-2007 Comsenz Inc.
	This is NOT a freeware, use is subject to license terms

	$RCSfile: common.inc.php,v $
	$Revision: 1.112.2.13 $
	$Date: 2007/07/24 13:16:52 $
*/
error_reporting(0);
set_magic_quotes_runtime(0);
$mtime = explode(' ', microtime());
$discuz_starttime = $mtime[1] + $mtime[0];

define('IN_DISCUZ', TRUE);
define('DISCUZ_ROOT', substr(dirname(__FILE__), 0, -7));
define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());

if(PHP_VERSION < '4.1.0') {
	$_GET = &$HTTP_GET_VARS;
	$_POST = &$HTTP_POST_VARS;
	$_COOKIE = &$HTTP_COOKIE_VARS;
	$_SERVER = &$HTTP_SERVER_VARS;
	$_ENV = &$HTTP_ENV_VARS;
	$_FILES = &$HTTP_POST_FILES;
}

if (isset($_REQUEST['GLOBALS']) OR isset($_FILES['GLOBALS'])) {
	exit('Request tainting attempted.');
}

/* Parasy || Core Files */
require_once DISCUZ_ROOT.'./parasy/ParasySettings.inc.php';
require_once DISCUZ_ROOT.'./parasy/ParasyCore.php';
require_once DISCUZ_ROOT.'./parasy/ParasyCache.php';
if (PARASY_FEATURE_GEO){
	require_once DISCUZ_ROOT.'./parasy/Geo.func.php';
}
require_once DISCUZ_ROOT.'./include/global.func.php';

define('ISROBOT', getrobot());
if(defined('NOROBOT') && ISROBOT) {
	exit(header("HTTP/1.1 403 Forbidden"));
}

foreach(array('_COOKIE', '_POST', '_GET') as $_request) {
	foreach($$_request as $_key => $_value) {
		$_key{0} != '_' && $$_key = daddslashes($_value);
	}
}
if (!MAGIC_QUOTES_GPC && $_FILES) {
	$_FILES = daddslashes($_FILES);
}

$charset = $dbcharset = $forumfounders = $metakeywords = $extrahead = $seodescription = '';
$plugins = $hooks = $admincp = $jsmenu = $forum = $thread = $language = $actioncode = $modactioncode = $lang = array();

require_once DISCUZ_ROOT.'./config.inc.php';

$_DCOOKIE = $_DSESSION = $_DCACHE = $_DPLUGIN = $advlist = array();

$prelength = strlen($cookiepre);
foreach($_COOKIE as $key => $val) {
	if(substr($key, 0, $prelength) == $cookiepre) {
		$_DCOOKIE[(substr($key, $prelength))] = MAGIC_QUOTES_GPC ? $val : daddslashes($val);
	}
}
unset($prelength, $_request, $_key, $_value, $_request, $protected);

$inajax = !empty($inajax);
$timestamp = time();

if($attackevasive) {
	require_once DISCUZ_ROOT.'./include/security.inc.php';
}

require_once DISCUZ_ROOT.'./include/db_'.$database.'.class.php';


$PHP_SELF = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
$SCRIPT_FILENAME = str_replace('\\\\', '/', (isset($_SERVER['PATH_TRANSLATED']) ? $_SERVER['PATH_TRANSLATED'] : $_SERVER['SCRIPT_FILENAME']));
$boardurl = htmlspecialchars('http://'.$_SERVER['HTTP_HOST'].preg_replace("/\/+(api|archiver|wap)?\/*$/i", '', substr($PHP_SELF, 0, strrpos($PHP_SELF, '/'))).'/');

if(getenv('HTTP_CLIENT_IP') && strcasecmp(getenv('HTTP_CLIENT_IP'), 'unknown')) {
	$onlineip = getenv('HTTP_CLIENT_IP');
} elseif(getenv('HTTP_X_FORWARDED_FOR') && strcasecmp(getenv('HTTP_X_FORWARDED_FOR'), 'unknown')) {
	$onlineip = getenv('HTTP_X_FORWARDED_FOR');
} elseif(getenv('REMOTE_ADDR') && strcasecmp(getenv('REMOTE_ADDR'), 'unknown')) {
	$onlineip = getenv('REMOTE_ADDR');
} elseif(isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], 'unknown')) {
	$onlineip = $_SERVER['REMOTE_ADDR'];
}

preg_match("/[\d\.]{7,15}/", $onlineip, $onlineipmatches);
$onlineip = $onlineipmatches[0] ? $onlineipmatches[0] : 'unknown';
unset($onlineipmatches);

$cachelost = (@include DISCUZ_ROOT.'./forumdata/cache/cache_settings.php') ? '' : 'settings';
@extract($_DCACHE['settings']);

if($gzipcompress && function_exists('ob_gzhandler') && CURSCRIPT != 'wap') {
	ob_start('ob_gzhandler');
} else {
	$gzipcompress = 0;
	ob_start();
}

if(!empty($loadctrl) && substr(PHP_OS, 0, 3) != 'WIN') {
	if($fp = @fopen('/proc/loadavg', 'r')) {
		list($loadaverage) = explode(' ', fread($fp, 6));
		fclose($fp);
		if($loadaverage > $loadctrl) {
			header("HTTP/1.0 503 Service Unavailable");
			include DISCUZ_ROOT.'./include/serverbusy.htm';
			exit();
		}
	}
}

if(defined('CURSCRIPT') && in_array(CURSCRIPT, array('index', 'forumdisplay', 'viewthread', 'post', 'blog', 'pm', 'topicadmin', 'register', 'archiver'))) {
	$cachelost .= (@include DISCUZ_ROOT.'./forumdata/cache/cache_'.CURSCRIPT.'.php') ? '' : ' '.CURSCRIPT;
}

$db = new dbstuff;
$db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect, true, $dbcharset);
$dbuser = $dbpw = $dbname = $pconnect = NULL;

$sid = daddslashes(($transsidstatus || (defined('CURSCRIPT') && CURSCRIPT == 'wap'))&& (isset($_GET['sid']) || isset($_POST['sid'])) ?
	(isset($_GET['sid']) ? $_GET['sid'] : $_POST['sid']) :
	(isset($_DCOOKIE['sid']) ? $_DCOOKIE['sid'] : ''));

$discuz_auth_key = md5($_DCACHE['settings']['authkey'].$_SERVER['HTTP_USER_AGENT']);
list($discuz_pw, $discuz_secques, $discuz_uid) = empty($_DCOOKIE['auth']) ? array('', '', 0) : daddslashes(explode("\t", authcode($_DCOOKIE['auth'], 'DECODE')), 1);

$newpm = $newpmexists = $sessionexists = $seccode = $bloguid = 0;
$membertablefields = 'm.uid AS discuz_uid, m.username AS discuz_user,m.usr_geo AS discuz_user_geo, m.password AS discuz_pw, m.secques AS discuz_secques,m.now_img AS discuz_now_img,m.idx_cloud AS show_cloud,m.side_buddy AS show_side_buddy,
	m.adminid, m.groupid, m.groupexpiry, m.extgroupids, m.email, m.timeoffset, m.tpp, m.ppp, m.posts, m.digestposts,
	m.oltime, m.pageviews, m.credits, m.extcredits1, m.extcredits2, m.extcredits3, m.extcredits4, m.extcredits5,
	m.extcredits6, m.extcredits7, m.extcredits8, m.timeformat, m.dateformat, m.pmsound, m.sigstatus, m.invisible,
	m.lastvisit, m.lastactivity, m.lastpost, m.newpm, m.accessmasks, m.xspacestatus, m.editormode, m.customshow';
if($sid) {
	if($discuz_uid) {
		$query = $db->query("SELECT s.sid, s.styleid, s.groupid='6' AS ipbanned, s.pageviews AS spageviews, s.lastolupdate, s.seccode, $membertablefields
			FROM {$tablepre}sessions s, {$tablepre}members m
			WHERE m.uid=s.uid AND s.sid='$sid' AND CONCAT_WS('.',s.ip1,s.ip2,s.ip3,s.ip4)='$onlineip' AND m.uid='$discuz_uid'
			AND m.password='$discuz_pw' AND m.secques='$discuz_secques'");
	} else {
		$query = $db->query("SELECT sid, uid AS sessionuid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, lastolupdate, seccode
			FROM {$tablepre}sessions WHERE sid='$sid' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='$onlineip'");
	}
	if($_DSESSION = $db->fetch_array($query)) {
		$sessionexists = 1;
		if(!empty($_DSESSION['sessionuid'])) {
			$_DSESSION = array_merge($_DSESSION, $db->fetch_first("SELECT $membertablefields
				FROM {$tablepre}members m WHERE uid='$_DSESSION[sessionuid]'"));
		}
	} else {
		if($_DSESSION = $db->fetch_first("SELECT sid, groupid, groupid='6' AS ipbanned, pageviews AS spageviews, styleid, lastolupdate, seccode
			FROM {$tablepre}sessions WHERE sid='$sid' AND CONCAT_WS('.',ip1,ip2,ip3,ip4)='$onlineip'")) {
			clearcookies();
			$sessionexists = 1;
		}
	}
}

if(!$sessionexists) {
	if($discuz_uid) {
		if(!($_DSESSION = $db->fetch_first("SELECT $membertablefields, m.styleid
			FROM {$tablepre}members m WHERE m.uid='$discuz_uid' AND m.password='$discuz_pw' AND m.secques='$discuz_secques'"))) {
			clearcookies();
		}
	}

	if(ipbanned($onlineip)) $_DSESSION['ipbanned'] = 1;

	$_DSESSION['sid'] = random(6);
	$_DSESSION['seccode'] = random(6, 1);
}
$_DSESSION['dateformat'] = empty($_DSESSION['dateformat']) ? $_DCACHE['settings']['dateformat'] : $_DSESSION['dateformat'];
$_DSESSION['timeformat'] = empty($_DSESSION['timeformat']) ? $_DCACHE['settings']['timeformat'] : ($_DSESSION['timeformat'] == 1 ? 'h:i A' : 'H:i');
$_DSESSION['timeoffset'] = isset($_DSESSION['timeoffset']) && $_DSESSION['timeoffset'] != 9999 ? $_DSESSION['timeoffset'] : $_DCACHE['settings']['timeoffset'];

$membertablefields = '';
@extract($_DSESSION);

$lastvisit = empty($lastvisit) ? $timestamp - 86400 : $lastvisit;
$timenow = array('time' => gmdate("$dateformat $timeformat", $timestamp + 3600 * $timeoffset),
	'offset' => ($timeoffset >= 0 ? ($timeoffset == 0 ? '' : '+'.$timeoffset) : $timeoffset));

if(PHP_VERSION > '5.1') {
	@date_default_timezone_set('Etc/GMT'.($timeoffset > 0 ? '-' : '+').(abs($timeoffset)));
}

$accessadd1 = $accessadd2 = $modadd1 = $modadd2 = '';

if(empty($discuz_uid) || empty($discuz_user)) {
	$show_cloud = 0;
	$discuz_user = $extgroupids = '';
	$discuz_uid = $adminid = $posts = $digestposts = $pageviews = $oltime = $invisible
		= $credits = $extcredits1 = $extcredits2 = $extcredits3 = $extcredits4
		= $extcredits5 = $extcredits6 = $extcredits7 = $extcredits8 = 0;
	$groupid = empty($groupid) || $groupid != 6 ? 7 : 6;

} else {
	$show_side_buddy = $show_side_buddy;
	$show_cloud = $show_cloud;
	$discuz_userss = $discuz_user;
	$now_img_select = $discuz_now_img;
	$geo_user = $discuz_user_geo;
	$geo_user_md5 = md5($discuz_user_geo);
	$discuz_user = addslashes($discuz_user);


	if($accessmasks) {
		$accessadd1 = ', a.allowview, a.allowpost, a.allowreply, a.allowgetattach, a.allowpostattach';
		$accessadd2 = "LEFT JOIN {$tablepre}access a ON a.uid='$discuz_uid' AND a.fid=f.fid";
	}

	if($adminid == 3) {
		$modadd1 = ', m.uid AS ismoderator';
		$modadd2 = "LEFT JOIN {$tablepre}moderators m ON m.uid='$discuz_uid' AND m.fid=f.fid";
	}
}

if($errorreport == 2 || ($errorreport == 1 && $adminid > 0)) {
	error_reporting(E_ERROR | E_WARNING | E_PARSE);
}

define('FORMHASH', formhash());

$statstatus && !$inajax && require_once DISCUZ_ROOT.'./include/counter.inc.php';

$extra = isset($extra) && @preg_match("/^[&=;a-z0-9]+$/i", $extra) ? $extra : '';

$rsshead = $navtitle = $navigation = '';


$_DSESSION['groupid'] = $groupid = empty($ipbanned) ? (empty($groupid) ? 7 : intval($groupid)) : 6;
if(!@include DISCUZ_ROOT.'./forumdata/cache/usergroup_'.$groupid.'.php') {
	$grouptype = $db->result_first("SELECT type FROM {$tablepre}usergroups WHERE groupid='$groupid'");
	if(!empty($grouptype)) {
		$cachelost .= ' usergroup_'.$groupid;
	} else {
		$grouptype = 'member';
	}
}

if($passport_status && ($passport_status != 'shopex' || !$passport_shopex)) {
	$passport_forward = rawurlencode('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
	$link_login = $passport_url.$passport_login_url.(strpos($passport_login_url, '?') === FALSE ? '?' : '&amp;').'forward='.$passport_forward;
	$link_logout = $passport_url.$passport_logout_url.(strpos($passport_logout_url, '?') === FALSE ? '?' : '&amp;').'forward='.$passport_forward;
	$link_register = $passport_url.$passport_register_url.(strpos($passport_register_url, '?') === FALSE ? '?' : '&amp;').'forward='.$passport_forward;
} else {
	$link_login = 'logging.php?action=login';
	$link_logout = 'logging.php?action=logout&amp;formhash='.FORMHASH;
	$link_register = 'register.php';
}

if($discuz_uid && $_DSESSION) {
	if(!empty($groupexpiry) && $groupexpiry < $timestamp && (!defined('CURSCRIPT') || (CURSCRIPT != 'wap' && CURSCRIPT != 'member'))) {
		dheader("Location: {$boardurl}member.php?action=groupexpiry");
	} elseif($grouptype && $groupid != getgroupid($discuz_uid, array
		(
		'type' => $grouptype,
		'creditshigher' => $groupcreditshigher,
		'creditslower' => $groupcreditslower
		), $_DSESSION)) {
		@extract($_DSESSION);
		$cachelost .= (@include DISCUZ_ROOT.'./forumdata/cache/usergroup_'.intval($groupid).'.php') ? '' : ' usergroup_'.$groupid;
	}
}

$tpp = intval(empty($_DSESSION['tpp']) ? $topicperpage : $_DSESSION['tpp']);
$ppp = intval(empty($_DSESSION['ppp']) ? $postperpage : $_DSESSION['ppp']);

if(!in_array($adminid, array(1, 2, 3))) {
	$alloweditpost = $alloweditpoll = $allowstickthread = $allowmodpost = $allowdelpost = $allowmassprune
		= $allowrefund = $allowcensorword = $allowviewip = $allowbanip = $allowedituser = $allowmoduser
		= $allowbanuser = $allowpostannounce = $allowviewlog = $disablepostctrl = $supe_allowpushthread = 0;
} elseif(isset($radminid) && $adminid != $radminid && $adminid != $groupid) {
	$cachelost .= (@include DISCUZ_ROOT.'./forumdata/cache/admingroup_'.intval($adminid).'.php') ? '' : ' admingroup_'.$groupid;
}

$forum = array();
$auditstatuson = !empty($mod) && $mod == 'edit' && in_array($adminid, array(1, 2, 3)) && $allowmodpost ? true : false;

$tid = isset($tid) && is_numeric($tid) ? $tid : 0;
$fid = isset($fid) && is_numeric($fid) ? $fid : 0;
$typeid = isset($typeid) ? intval($typeid) : 0;

if(!empty($tid) || !empty($fid) || !empty($name)) {
	if($fid) {
		$forum = $db->fetch_first("SELECT f.fid, f.*, ff.* $accessadd1 $modadd1, f.fid AS fid
			FROM {$tablepre}forums f
			LEFT JOIN {$tablepre}forumfields ff ON ff.fid=f.fid $accessadd2 $modadd2
			WHERE f.fid='$fid'");
	} elseif($name) {
			$name = strtolower(trim($name));
			$forum = $db->fetch_first("SELECT f.fid, f.board_name,f.*, ff.* $accessadd1 $modadd1, f.fid AS fid
				FROM {$tablepre}forums f
				LEFT JOIN {$tablepre}forumfields ff ON ff.fid=f.fid $accessadd2 $modadd2
				WHERE f.board_name='{$name}'");
	} else {
		$forum = $db->fetch_first("SELECT t.tid, t.closed,".(defined('SQL_ADD_THREAD') ? SQL_ADD_THREAD : '')." f.*, ff.* $accessadd1 $modadd1, f.fid AS fid
			FROM {$tablepre}threads t
			INNER JOIN {$tablepre}forums f ON f.fid=t.fid
			LEFT JOIN {$tablepre}forumfields ff ON ff.fid=f.fid $accessadd2 $modadd2
			WHERE t.tid='$tid'".($auditstatuson ? '' : " AND t.displayorder>='0'")." LIMIT 1");
		$tid = $forum['tid'];
	}

	if($forum) {
		$fid = $forum['fid'];
		$forum['ismoderator'] = !empty($forum['ismoderator']) || $adminid == 1 || $adminid == 2 ? 1 : 0;
		foreach(array('postcredits', 'replycredits', 'threadtypes', 'digestcredits', 'postattachcredits', 'getattachcredits', 'supe_pushsetting') as $key) {
			$forum[$key] = !empty($forum[$key]) ? unserialize($forum[$key]) : array();
		}
	} else {
		$fid = 0;
	}
}

$styleid = intval(!empty($_GET['styleid']) ? $_GET['styleid'] :
		(!empty($_POST['styleid']) ? $_POST['styleid'] :
		(!empty($_DSESSION['styleid']) ? $_DSESSION['styleid'] :
		$_DCACHE['settings']['styleid'])));

$styleid = intval(isset($stylejump[$styleid]) ? $styleid : $_DCACHE['settings']['styleid']);

if(@!include DISCUZ_ROOT.'./forumdata/cache/style_'.intval(!empty($forum['styleid']) ? $forum['styleid'] : $styleid).'.php') {
	$cachelost .= (@include DISCUZ_ROOT.'./forumdata/cache/style_'.($styleid = $_DCACHE['settings']['styleid']).'.php') ? '' : ' style_'.$styleid;
}

if($cachelost) {
	require_once DISCUZ_ROOT.'./include/cache.func.php';
	updatecache();
	dexit('Cache List: '.$cachelost.'<br>Caches successfully created, please refresh.');
}

if(!defined('CURSCRIPT') || CURSCRIPT != 'wap') {
	if($nocacheheaders) {
		@dheader("Expires: 0");
		@dheader("Cache-Control: private, post-check=0, pre-check=0, max-age=0", FALSE);
		@dheader("Pragma: no-cache");
	}
	if($headercharset) {
		@dheader('Content-Type: text/html; charset='.$charset);
	}
	if (CURSCRIPT != 'touch') {
		if(empty($_DCOOKIE['sid']) || $sid != $_DCOOKIE['sid']) {
			dsetcookie('sid', $sid, 604800);
		}
	}
}

if($cronnextrun && $cronnextrun <= $timestamp) {
	require_once DISCUZ_ROOT.'./include/cron.func.php';
	runcron();
}
if(isset($plugins['include']) && is_array($plugins['include'])) {
	foreach($plugins['include'] as $include) {
		if(!$include['adminid'] || ($include['adminid'] && $include['adminid'] >= $adminid)) {
			@include_once DISCUZ_ROOT.'./plugins/'.$include['script'].'.inc.php';
		}
	}
}

if((!empty($_DCACHE['advs']) || $globaladvs || $redirectadvs) && !defined('IN_ADMINCP')) {
	require_once DISCUZ_ROOT.'./include/advertisements.inc.php';
}

if(isset($allowvisit) && $allowvisit == 0 && !(defined('CURSCRIPT') && CURSCRIPT == 'member' && $action == 'groupexpiry')) {
	showmessage('user_banned', NULL, 'HALTED');
} elseif(!((defined('CURSCRIPT') && in_array(CURSCRIPT, array('logging', 'wap', 'seccode'))) || $adminid == 1)) {
	if($bbclosed) {
		clearcookies();
		$closedreason = $db->result($db->query("SELECT value FROM {$tablepre}settings WHERE variable='closedreason'"), 0);
		showmessage($closedreason ? $closedreason : 'board_closed', NULL, 'NOPERM');
	}
	periodscheck('visitbanperiods');
}

if((!empty($fromuid) || !empty($fromuser)) && ($creditspolicy['promotion_visit'] || $creditspolicy['promotion_register'])) {
	require_once DISCUZ_ROOT.'/include/promotion.inc.php';
}

$rssauth = $rssstatus && $discuz_uid ? rawurlencode(authcode("$discuz_uid\t".($fid ? $fid : '')."\t".substr(md5($discuz_pw.$discuz_secques), 0, 8), 'ENCODE', md5($_DCACHE['settings']['authkey']))) : '0';

@include DISCUZ_ROOT.'./parasy/ParasyInit.php';

?>