Source of trunk/cwbmulti.php at revision HEAD (04/21/2009 8:04:49, 10285 bytes, 335 lines, language: php) [download]:

1
<?php
2
3
/*
4
** CodewiseBlog Multi-User
5
**
6
** by William R. Fraser <wrf@codewise.org>
7
** Copyright (c) 2005-2008 Codewise.org
8
*/
9
10
/*
11
** CodewiseBlog is free software; you can redistribute it and/or modify
12
** it under the terms of the GNU General Public License as published by
13
** the Free Software Foundation; either version 2 of the License, or
14
** (at your option) any later version.
15
**
16
** CodewiseBlog is distributed in the hope that it will be useful,
17
** but WITHOUT ANY WARRANTY; without even the implied warranty of
18
** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19
** GNU General Public License for more details.
20
**
21
** You should have received a copy of the GNU General Public License
22
** along with CodewiseBlog; if not, write to the Free Software
23
** Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
24
*/
25
26
// start execution timer
27
list($usec,$sec) = explode(" ",microtime());
28
$starttime = (string) $sec $usec;
29
unset($sec$usec);
30
31
// define version string
32
define("SETTINGS_FILE""settings.php");
33
34
// Unique ID for this request
35
define("UNIQ"md5(uniqid(mt_rand(), true)));
36
37
require(SETTINGS_FILE);
38
39
chdir(FSPATH);
40
41
// define version strings
42
require("version.php");
43
44
/*
45
** Set up environment
46
*/
47
48
// deal with errors properly
49
ini_set("track_errors"true);
50
error_reporting(E_ALL E_NOTICE);
51
52
// fire up a session
53
ini_set("session.name""codewiseblog");
54
ini_set("session.cookie_lifetime"60*60*24*365);
55
//ini_set("session.cookie_domain", BASE_DOMAIN);
56
session_start();
57
58
// clean out this crap - it's never used
59
unset($HTTP_POST_VARS$HTTP_GET_VARS$HTTP_COOKIE_VARS$HTTP_SERVER_VARS$HTTP_ENV_VARS$HTTP_POST_FILES$HTTP_SESSION_VARS);
60
61
// cache of skin data
62
$SKIN_CACHE = array();
63
64
// functions
65
require_once "skinvoodoo2.php";
66
require_once "main_functions.php";
67
require_once "misc.php";
68
require_once "postcalendar.php";
69
require_once "sidebar.php";
70
require_once "topic.php";
71
require_once "shoutbox.php";
72
require_once "stats.php";
73
require_once "reply.php";
74
require_once "subscribe.php";
75
require_once "controlpanel.php";
76
require_once "imageverify.php";
77
require_once "antispam.php";
78
require_once "parseurl.php";
79
80
require_once "l1_mysql.php";
81
$db = new L1_MySQL(SQL_HOSTSQL_USERSQL_PASS);
82
83
// all functions are now defined, so init safe_eval
84
require_once "safe_eval.php";
85
86
// custom error handler to mail the admin as well as print any errors
87
$db->error_callback $db->warning_callback "mail_db_error";
88
89
$db->database(SQL_DB);
90
91
/*
92
** Who are we running for?
93
*/
94
95
// first of all, on some servers, mod_rewrite doesn't set the request uri
96
// correctly. Fix!
97
if (isset($_SERVER['REDIRECT_URL']))
98
    $_SERVER['REQUEST_URI'] = $_SERVER['REDIRECT_URL'];
99
100
$q $db->issue_query("SELECT blogid,name,custom_url,status FROM blogs");
101
$blogdata $db->fetch_all($qL1SQL_ASSOC"name");
102
103
// set ?subdomain_mode=0 to pass the username by path anyways.
104
// Useful when using mod_rewrite
105
if(isset($_GET['subdomain_mode']) ? $_GET['subdomain_mode'] : SUBDOMAIN_MODE)
106
{
107
    $who preg_replace("/\." quotemeta(BASE_DOMAIN) . "$/"""$_SERVER['HTTP_HOST']);
108
    if($who == DEFAULT_SUBDOMAIN || $who == BASE_DOMAIN)
109
        $who "";
110
} else {
111
    $preg_path str_replace("/""\\/"quotemeta(INSTALLED_PATH));
112
    $who preg_replace("/^$preg_path(rdf\.php\/)?/"""$_SERVER['REQUEST_URI']);
113
    $who preg_replace("/\\?.*$/"""$who);
114
    $who preg_replace("/\\/.*$/"""$who);
115
}
116
117
/*
118
** Keep https:// if we're using it
119
*/
120
if($_SERVER['HTTPS'] == "on")
121
{
122
    define("HTTP""https://");
123
} else {
124
    define("HTTP""http://");
125
}
126
127
if($who == "")
128
{
129
    /*
130
    ** No user
131
    */
132
    define("BLOGID"1);
133
    define("BLOGNAME""");
134
    define("SKINID"DEFAULT_SKINID);
135
    if(DEFAULT_SUBDOMAIN == "")
136
        define("INDEX_URL"HTTP BASE_DOMAIN INSTALLED_PATH);
137
    else
138
        define("INDEX_URL"HTTP DEFAULT_SUBDOMAIN "." BASE_DOMAIN INSTALLED_PATH);
139
} elseif(!isset($blogdata[$who])) {
140
141
    /*
142
    ** Check to see if the request is a custom url
143
    ** This is needed when non-proxying RewriteRule directives are used
144
    */
145
    $path substr($_SERVER['REQUEST_URI'], 0strpos($_SERVER['REQUEST_URI'].'?''?'));
146
    $q $db->issue_query("SELECT name FROM blogs WHERE custom_url = ".$db->prepare_value(HTTP.$_SERVER['HTTP_HOST'].$path));
147
148
    if($db->num_rows[$q] > 0)
149
    {
150
        $who $db->fetch_var($q);
151
    } else {
152
        /*
153
        ** Bogus user
154
        */
155
        die( "<html><head><title>".SITE_TITLE." :: Invalid User</title><link rel=\"stylesheet\" href=\"stylesheet.php?id=1\" /></head>"
156
            "<body><b>Invalid User \"$who\"</b><br /><br /><a href=\"" HTTP DEFAULT_SUBDOMAIN BASE_DOMAIN INSTALLED_PATH "\">...go back</a></body></html>" );
157
    }
158
}
159
160
if($blogdata[$who]['status'] == "closed")
161
    $_GET['skinid'] = CLOSED_SKINID;
162
163
define("BLOGID"$blogdata[$who]['blogid']);
164
define("BLOGNAME"$who);
165
166
if(isset($_GET['skinid'])
167
    && $db->num_rows$db->issue_query("SELECT skinid FROM skins WHERE skinid = ".$db->prepare_value($_GET['skinid'])) ] > 0)
168
{
169
    define("SKINID"$db->prepare_value($_GET['skinid'], FALSE));
170
} else if (array_psearch($_GET"/^controlpanel:?/") !== FALSE) {
171
    // always use the CP Skin when accessing the CP.
172
    define("SKINID"CONTROLPANEL_SKINID);
173
} else {
174
    define("SKINID"$db->fetch_var($db->issue_query("SELECT skinid FROM blogs WHERE blogid = '".BLOGID."'")));
175
}
176
177
if($blogdata[$who]['custom_url'] != NULL && CUSTOM_URL_ENABLED)
178
{
179
    define("INDEX_URL"$blogdata[$who]['custom_url']);
180
} elseif(SUBDOMAIN_MODE) {
181
    define("INDEX_URL"HTTP BLOGNAME "." BASE_DOMAIN INSTALLED_PATH);
182
} else {
183
    define("INDEX_URL"HTTP BASE_DOMAIN INSTALLED_PATH BLOGNAME "/");
184
}
185
186
/*
187
** Set up the $BLOGINFO global var with some useful stuff
188
*/
189
190
$q $db->issue_query("SELECT blogid,name,email,realname,birthday,location,interests,links,photo,homepage,title FROM blogs WHERE blogid = '" BLOGID "'");
191
$BLOGINFO $db->fetch_row($q0L1SQL_ASSOC);
192
193
define("ADMIN_EMAIL"$BLOGINFO['email']);
194
define("BLOG_TITLE"$BLOGINFO['title']);
195
196
if($BLOGINFO['birthday'])
197
{
198
    list($month,$day,$year) = explode("/"$BLOGINFO['birthday']);
199
    $BLOGINFO['birthday_month'] = $month;
200
    $BLOGINFO['birthday_day'] = $day;
201
    $BLOGINFO['birthday_year'] = $year;
202
    $BLOGINFO['age'] = ($month date("m") || ($month == date("m") && $day date("d"))) ? date("Y") - $year date("Y") - $year;
203
} else {
204
    $BLOGINFO['age'] = $BLOGINFO['birthday_month'] = $BLOGINFO['birthday_day'] = $BLOGINFO['birthday_year'] = "";
205
}
206
207
$BLOGINFO['index_url'] = INDEX_URL;
208
$BLOGINFO['ucp_url'] = INDEX_URL "?controlpanel";
209
if(!SUBDOMAIN_MODE$BLOGINFO['rdf_url'] = HTTP.DEFAULT_SUBDOMAIN.BASE_DOMAIN.INSTALLED_PATH
210
                        ."rdf.php/".BLOGNAME;
211
else                $BLOGINFO['rdf_url'] = HTTP.DEFAULT_SUBDOMAIN.BASE_DOMAIN.INSTALLED_PATH
212
                        .BLOGNAME."rdf.php";
213
214
$BLOGINFO['css_url'] = HTTP.BASE_DOMAIN.INSTALLED_PATH."stylesheet.php?id=" SKINID;
215
216
$BLOGINFO['interests'] = nl2br($BLOGINFO['interests']);
217
$BLOGINFO['links'] = nl2br($BLOGINFO['links']);
218
$BLOGINFO['version'] = CWBVERSION;
219
$BLOGINFO['anonymous_name'] = ANONYMOUS_NAME;
220
221
$BLOGINFO['multiuser_root'] = HTTP DEFAULT_SUBDOMAIN BASE_DOMAIN INSTALLED_PATH;
222
223
if(isset($_GET['login']))
224
{
225
    // don't define them yet - we'll define them in controlpanel.php:cplogin()
226
} elseif(isset($_GET['delsession'])) {
227
    define('LOGGED_IN'FALSE);
228
    define('ADMIN''FALSE');
229
} elseif($_SESSION['controlpanel'] === 1) {
230
    define('LOGGED_IN'TRUE);
231
    define('ADMIN'TRUE);
232
} elseif($_SESSION['controlpanel'] == BLOGID) {
233
    define('LOGGED_IN'TRUE);
234
    define('ADMIN'FALSE);
235
} else {
236
    define('LOGGED_IN'FALSE);
237
    define('ADMIN'FALSE);
238
}
239
240
if(!defined("NO_ACTION"))
241
{
242
    /*
243
    ** Let's light this candle!
244
    */
245
246
    // new URL scheme hax
247
    path_parse_url();
248
249
    // control panel
250
    foreach(array_keys($_GET) as $key)
251
    {
252
        if(preg_match("/^controlpanel:?/"$key))
253
        {
254
            echo controlpanel();
255
            exit;
256
        }
257
    }
258
259
    if(isset($_GET['register']))
260
    {
261
        require("register.php");
262
        exit;
263
    }
264
265
    // special front page
266
    if(BLOGID == && !isset($_GET['login'])) // allow admin controlpanel login from front page
267
    {
268
        require("front_page.php");
269
        exit;
270
    }
271
272
    if(isset($_GET['util_js']))
273
    {
274
        header("Content-Type: text/javascript");
275
        readfile("cwb/util.js");
276
        exit;
277
    }
278
279
    if(!is_numeric($_GET['page']))
280
        $_GET['page'] = 1;
281
282
    if(is_numeric($_GET['tid']))
283
    {
284
        $body show_topic($_GET['tid'], $_GET['page']);
285
    } elseif(is_numeric($_GET['month']) && is_numeric($_GET['year'])) {
286
        $body show_month((int) $_GET['month'], (int) $_GET['year'], $_GET['page']);
287
    } elseif(is_numeric($_GET['reply'])) {
288
        $body show_reply_form($_GET['reply']);
289
    } elseif(is_numeric($_GET['do_reply'])) {
290
        $body process_reply_form($_GET['do_reply']);
291
    } elseif(isset($_GET['delsession'])) {
292
        $body delete_session();
293
    } elseif(isset($_GET['subscribe'])) {
294
        $body process_subscribe_form();
295
    } elseif(isset($_GET['unsubscribe'])) {
296
        $body do_unsubscribe();
297
    } elseif(isset($_GET['shoutbox'])) {
298
        $body shoutbox_process();
299
    } elseif(isset($_GET['login'])) {
300
        $body cplogin();
301
    } elseif(isset($_GET['notloggedin'])) {
302
        $NOTIFY "You are not logged in to the control panel.";
303
        $body main_page(1);
304
    } else {
305
        $body main_page($_GET['page']);
306
    }
307
308
    $out skinvoodoo("main");
309
310
/*
311
    if($blogdata[$who]['status'] == "closed")
312
    {
313
        $q = $db->issue_query("SELECT tid FROM topics WHERE blogid = '".BLOGID."' ORDER BY tid DESC LIMIT 1");
314
        $farewell_tid = $db->fetch_var($q);
315
        $out = str_replace("<!-- #CWB_BODY# -->", show_topic($farewell_tid,0), $out);
316
    }
317
*/
318
319
    $out str_replace("<!-- #CWB_BODY# -->"$body$out);
320
321
    $db->disconnect();
322
323
    if($TITLE == "")
324
        $TITLE $BLOGINFO['title'];
325
    $out str_replace("%{".UNIQ."titletag}"$TITLE$out);
326
    $out str_replace("%{".UNIQ."querycount}"querycount(), $out);
327
    $out str_replace("%{".UNIQ."runtime}"runtime(), $out);
328
329
    echo $out;
330
}
331
332
// and we're out. :)
333
334
?>
335
powered by Codewise Manager v0.1-DEV :: 75.62ms, 6 ops, 3 queries