Gazelle/classes/script_start.php

395 lines
13 KiB
PHP
Raw Normal View History

2013-07-10 00:08:53 +00:00
<?php
2011-03-28 14:21:28 +00:00
/*-- Script Start Class --------------------------------*/
/*------------------------------------------------------*/
2012-10-27 08:00:09 +00:00
/* This isnt really a class but a way to tie other */
2011-03-28 14:21:28 +00:00
/* classes and functions used all over the site to the */
2012-10-27 08:00:09 +00:00
/* page currently being displayed. */
2011-03-28 14:21:28 +00:00
/*------------------------------------------------------*/
/* The code that includes the main php files and */
/* generates the page are at the bottom. */
/*------------------------------------------------------*/
/********************************************************/
require 'config.php'; //The config contains all site wide configuration information
//Deal with dumbasses
2013-05-16 16:15:57 +00:00
if (isset($_REQUEST['info_hash']) && isset($_REQUEST['peer_id'])) {
die('d14:failure reason40:Invalid .torrent, try downloading again.e');
}
2011-03-28 14:21:28 +00:00
2013-05-27 08:00:58 +00:00
require(SERVER_ROOT.'/classes/proxies.class.php');
2012-10-11 08:00:15 +00:00
// Get the user's actual IP address if they're proxied.
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])
&& proxyCheck($_SERVER['REMOTE_ADDR'])
&& filter_var($_SERVER['HTTP_X_FORWARDED_FOR'],
FILTER_VALIDATE_IP,
FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
2011-03-28 14:21:28 +00:00
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
2012-10-11 08:00:15 +00:00
$SSL = (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443);
if (!isset($argv) && !empty($_SERVER['HTTP_HOST'])) {
//Skip this block if running from cli or if the browser is old and shitty
if (!$SSL && $_SERVER['HTTP_HOST'] == 'www.'.NONSSL_SITE_URL) {
header('Location: http://'.NONSSL_SITE_URL.$_SERVER['REQUEST_URI']); die();
}
if ($SSL && $_SERVER['HTTP_HOST'] == 'www.'.NONSSL_SITE_URL) {
header('Location: https://'.SSL_SITE_URL.$_SERVER['REQUEST_URI']); die();
}
if (SSL_SITE_URL != NONSSL_SITE_URL) {
if (!$SSL && $_SERVER['HTTP_HOST'] == SSL_SITE_URL) {
header('Location: https://'.SSL_SITE_URL.$_SERVER['REQUEST_URI']); die();
}
if ($SSL && $_SERVER['HTTP_HOST'] == NONSSL_SITE_URL) {
header('Location: https://'.SSL_SITE_URL.$_SERVER['REQUEST_URI']); die();
}
}
if ($_SERVER['HTTP_HOST'] == 'www.m.'.NONSSL_SITE_URL) {
header('Location: http://m.'.NONSSL_SITE_URL.$_SERVER['REQUEST_URI']); die();
2011-03-28 14:21:28 +00:00
}
}
2012-10-30 08:00:18 +00:00
$ScriptStartTime = microtime(true); //To track how long a page takes to create
if (!defined('PHP_WINDOWS_VERSION_MAJOR')) {
$RUsage = getrusage();
2013-05-27 08:00:58 +00:00
$CPUTimeStart = $RUsage['ru_utime.tv_sec'] * 1000000 + $RUsage['ru_utime.tv_usec'];
2012-10-30 08:00:18 +00:00
}
2011-03-28 14:21:28 +00:00
ob_start(); //Start a buffer, mainly in case there is a mysql error
2013-05-27 08:00:58 +00:00
require(SERVER_ROOT.'/classes/debug.class.php'); //Require the debug class
require(SERVER_ROOT.'/classes/mysql.class.php'); //Require the database wrapper
require(SERVER_ROOT.'/classes/cache.class.php'); //Require the caching class
require(SERVER_ROOT.'/classes/encrypt.class.php'); //Require the encryption class
require(SERVER_ROOT.'/classes/time.class.php'); //Require the time class
require(SERVER_ROOT.'/classes/search.class.php'); //Require the searching class
require(SERVER_ROOT.'/classes/paranoia.class.php'); //Require the paranoia check_paranoia function
2011-03-28 14:21:28 +00:00
require(SERVER_ROOT.'/classes/regex.php');
2012-10-11 08:00:15 +00:00
require(SERVER_ROOT.'/classes/util.php');
2011-03-28 14:21:28 +00:00
$Debug = new DEBUG;
$Debug->handle_errors();
$Debug->set_flag('Debug constructed');
2011-03-28 14:21:28 +00:00
$DB = new DB_MYSQL;
2012-10-03 08:00:16 +00:00
$Cache = new CACHE($MemcachedServers);
2011-03-28 14:21:28 +00:00
$Enc = new CRYPT;
$SS = new SPHINX_SEARCH;
2012-10-11 08:00:15 +00:00
// Autoload classes.
2013-07-17 08:00:52 +00:00
require(SERVER_ROOT.'/classes/classloader.php');
2012-10-11 08:00:15 +00:00
2011-03-28 14:21:28 +00:00
//Begin browser identification
2013-06-20 08:01:00 +00:00
$Browser = UserAgent::browser($_SERVER['HTTP_USER_AGENT']);
$OperatingSystem = UserAgent::operating_system($_SERVER['HTTP_USER_AGENT']);
//$Mobile = UserAgent::mobile($_SERVER['HTTP_USER_AGENT']);
2011-03-28 14:21:28 +00:00
$Mobile = in_array($_SERVER['HTTP_HOST'], array('m.'.NONSSL_SITE_URL, 'm.'.NONSSL_SITE_URL));
$Debug->set_flag('start user handling');
2012-10-11 08:00:15 +00:00
// Get classes
// TODO: Remove these globals, replace by calls into Users
list($Classes, $ClassLevels) = Users::get_classes();
2011-03-28 14:21:28 +00:00
2012-10-11 08:00:15 +00:00
//-- Load user information
2011-03-28 14:21:28 +00:00
// User info is broken up into many sections
// Heavy - Things that the site never has to look at if the user isn't logged in (as opposed to things like the class, donor status, etc)
// Light - Things that appear in format_user
// Stats - Uploaded and downloaded - can be updated by a script if you want super speed
// Session data - Information about the specific session
// Enabled - if the user's enabled or not
// Permissions
2013-06-06 08:01:03 +00:00
if (isset($_COOKIE['session'])) {
$LoginCookie = $Enc->decrypt($_COOKIE['session']);
}
2012-10-11 08:00:15 +00:00
if (isset($LoginCookie)) {
2013-07-10 00:08:53 +00:00
list($SessionID, $LoggedUser['ID']) = explode('|~|', $Enc->decrypt($LoginCookie));
2011-03-28 14:21:28 +00:00
$LoggedUser['ID'] = (int)$LoggedUser['ID'];
2013-06-06 08:01:03 +00:00
$UserID = $LoggedUser['ID']; //TODO: UserID should not be LoggedUser
2011-03-28 14:21:28 +00:00
if (!$LoggedUser['ID'] || !$SessionID) {
logout();
}
2012-10-11 08:00:15 +00:00
2013-07-10 00:08:53 +00:00
$UserSessions = $Cache->get_value("users_sessions_$UserID");
2012-10-11 08:00:15 +00:00
if (!is_array($UserSessions)) {
2013-05-16 16:15:57 +00:00
$DB->query("
SELECT
SessionID,
Browser,
OperatingSystem,
IP,
LastUpdate
2011-03-28 14:21:28 +00:00
FROM users_sessions
2013-07-10 00:08:53 +00:00
WHERE UserID = '$UserID'
2013-05-16 16:15:57 +00:00
AND Active = 1
2011-03-28 14:21:28 +00:00
ORDER BY LastUpdate DESC");
$UserSessions = $DB->to_array('SessionID',MYSQLI_ASSOC);
2013-07-10 00:08:53 +00:00
$Cache->cache_value("users_sessions_$UserID", $UserSessions, 0);
2011-03-28 14:21:28 +00:00
}
2013-06-06 08:01:03 +00:00
if (!array_key_exists($SessionID, $UserSessions)) {
2011-03-28 14:21:28 +00:00
logout();
}
2012-10-11 08:00:15 +00:00
2011-03-28 14:21:28 +00:00
// Check if user is enabled
$Enabled = $Cache->get_value('enabled_'.$LoggedUser['ID']);
2012-10-11 08:00:15 +00:00
if ($Enabled === false) {
2013-06-06 08:01:03 +00:00
$DB->query("
SELECT Enabled
FROM users_main
2013-07-10 00:08:53 +00:00
WHERE ID = '$LoggedUser[ID]'");
2013-05-16 16:15:57 +00:00
list($Enabled) = $DB->next_record();
2011-03-28 14:21:28 +00:00
$Cache->cache_value('enabled_'.$LoggedUser['ID'], $Enabled, 0);
}
2013-05-16 16:15:57 +00:00
if ($Enabled == 2) {
2011-03-28 14:21:28 +00:00
logout();
}
// Up/Down stats
$UserStats = $Cache->get_value('user_stats_'.$LoggedUser['ID']);
2012-10-11 08:00:15 +00:00
if (!is_array($UserStats)) {
2013-05-16 16:15:57 +00:00
$DB->query("
SELECT Uploaded AS BytesUploaded, Downloaded AS BytesDownloaded, RequiredRatio
FROM users_main
2013-07-10 00:08:53 +00:00
WHERE ID = '$LoggedUser[ID]'");
2011-03-28 14:21:28 +00:00
$UserStats = $DB->next_record(MYSQLI_ASSOC);
$Cache->cache_value('user_stats_'.$LoggedUser['ID'], $UserStats, 3600);
}
// Get info such as username
2012-10-11 08:00:15 +00:00
$LightInfo = Users::user_info($LoggedUser['ID']);
$HeavyInfo = Users::user_heavy_info($LoggedUser['ID']);
2011-03-28 14:21:28 +00:00
// Get user permissions
2012-10-11 08:00:15 +00:00
$Permissions = Permissions::get_permissions($LightInfo['PermissionID']);
2011-03-28 14:21:28 +00:00
// Create LoggedUser array
$LoggedUser = array_merge($HeavyInfo, $LightInfo, $Permissions, $UserStats);
2013-07-10 00:08:53 +00:00
$LoggedUser['RSS_Auth'] = md5($LoggedUser['ID'] . RSS_HASH . $LoggedUser['torrent_pass']);
2011-03-28 14:21:28 +00:00
2013-05-16 16:15:57 +00:00
// $LoggedUser['RatioWatch'] as a bool to disable things for users on Ratio Watch
2011-03-28 14:21:28 +00:00
$LoggedUser['RatioWatch'] = (
2013-07-10 00:08:53 +00:00
$LoggedUser['RatioWatchEnds'] != '0000-00-00 00:00:00'
&& time() < strtotime($LoggedUser['RatioWatchEnds'])
&& ($LoggedUser['BytesDownloaded'] * $LoggedUser['RequiredRatio']) > $LoggedUser['BytesUploaded']
2011-03-28 14:21:28 +00:00
);
2012-10-11 08:00:15 +00:00
if (!isset($LoggedUser['ID'])) {
2011-10-31 08:00:12 +00:00
$Debug->log_var($LightInfo, 'LightInfo');
$Debug->log_var($HeavyInfo, 'HeavyInfo');
$Debug->log_var($Permissions, 'Permissions');
$Debug->log_var($UserStats, 'UserStats');
}
2011-03-28 14:21:28 +00:00
2013-05-16 16:15:57 +00:00
// Load in the permissions
2012-10-11 08:00:15 +00:00
$LoggedUser['Permissions'] = Permissions::get_permissions_for_user($LoggedUser['ID'], $LoggedUser['CustomPermissions']);
2013-05-16 16:15:57 +00:00
// Change necessary triggers in external components
2011-03-28 14:21:28 +00:00
$Cache->CanClear = check_perms('admin_clear_cache');
2012-10-11 08:00:15 +00:00
2011-03-28 14:21:28 +00:00
// Because we <3 our staff
2013-07-10 00:08:53 +00:00
if (check_perms('site_disable_ip_history')) {
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
}
2011-03-28 14:21:28 +00:00
// Update LastUpdate every 10 minutes
2013-05-16 16:15:57 +00:00
if (strtotime($UserSessions[$SessionID]['LastUpdate']) + 600 < time()) {
$DB->query("
UPDATE users_main
2013-07-10 00:08:53 +00:00
SET LastAccess = '".sqltime()."'
WHERE ID = '$LoggedUser[ID]'");
2013-05-16 16:15:57 +00:00
$DB->query("
UPDATE users_sessions
SET
2013-07-10 00:08:53 +00:00
IP = '".$_SERVER['REMOTE_ADDR']."',
Browser = '$Browser',
OperatingSystem = '$OperatingSystem',
LastUpdate = '".sqltime()."'
WHERE UserID = '$LoggedUser[ID]'
AND SessionID = '".db_string($SessionID)."'");
$Cache->begin_transaction("users_sessions_$UserID");
2011-03-28 14:21:28 +00:00
$Cache->delete_row($SessionID);
$Cache->insert_front($SessionID,array(
2013-07-10 00:08:53 +00:00
'SessionID' => $SessionID,
'Browser' => $Browser,
'OperatingSystem' => $OperatingSystem,
'IP' => $_SERVER['REMOTE_ADDR'],
'LastUpdate' => sqltime()
2011-03-28 14:21:28 +00:00
));
$Cache->commit_transaction(0);
}
2012-10-11 08:00:15 +00:00
2011-03-28 14:21:28 +00:00
// Notifications
2012-10-11 08:00:15 +00:00
if (isset($LoggedUser['Permissions']['site_torrents_notify'])) {
2011-03-28 14:21:28 +00:00
$LoggedUser['Notify'] = $Cache->get_value('notify_filters_'.$LoggedUser['ID']);
2012-10-11 08:00:15 +00:00
if (!is_array($LoggedUser['Notify'])) {
2013-06-06 08:01:03 +00:00
$DB->query("
SELECT ID, Label
FROM users_notify_filters
2013-07-10 00:08:53 +00:00
WHERE UserID = '$LoggedUser[ID]'");
2011-03-28 14:21:28 +00:00
$LoggedUser['Notify'] = $DB->to_array('ID');
$Cache->cache_value('notify_filters_'.$LoggedUser['ID'], $LoggedUser['Notify'], 2592000);
}
}
2012-10-11 08:00:15 +00:00
2011-03-28 14:21:28 +00:00
// We've never had to disable the wiki privs of anyone.
if ($LoggedUser['DisableWiki']) {
unset($LoggedUser['Permissions']['site_edit_wiki']);
}
2012-10-11 08:00:15 +00:00
2011-03-28 14:21:28 +00:00
// IP changed
2013-05-16 16:15:57 +00:00
2012-10-11 08:00:15 +00:00
if ($LoggedUser['IP'] != $_SERVER['REMOTE_ADDR'] && !check_perms('site_disable_ip_history')) {
2013-05-16 16:15:57 +00:00
2012-10-11 08:00:15 +00:00
if (Tools::site_ban_ip($_SERVER['REMOTE_ADDR'])) {
2013-05-16 16:15:57 +00:00
error('Your IP address has been banned.');
2011-03-28 14:21:28 +00:00
}
$CurIP = db_string($LoggedUser['IP']);
$NewIP = db_string($_SERVER['REMOTE_ADDR']);
2013-05-16 16:15:57 +00:00
$DB->query("
UPDATE users_history_ips
2013-07-10 00:08:53 +00:00
SET EndTime = '".sqltime()."'
2013-05-16 16:15:57 +00:00
WHERE EndTime IS NULL
2013-07-10 00:08:53 +00:00
AND UserID = '$LoggedUser[ID]'
AND IP = '$CurIP'");
2013-05-16 16:15:57 +00:00
$DB->query("
INSERT IGNORE INTO users_history_ips
(UserID, IP, StartTime)
VALUES
('$LoggedUser[ID]', '$NewIP', '".sqltime()."')");
2012-10-11 08:00:15 +00:00
$ipcc = Tools::geoip($NewIP);
2013-06-06 08:01:03 +00:00
$DB->query("
UPDATE users_main
2013-07-10 00:08:53 +00:00
SET IP = '$NewIP', ipcc = '$ipcc'
WHERE ID = '$LoggedUser[ID]'");
$Cache->begin_transaction('user_info_heavy_'.$LoggedUser['ID']);
$Cache->update_row(false, array('IP' => $_SERVER['REMOTE_ADDR']));
$Cache->commit_transaction(0);
2013-05-16 16:15:57 +00:00
2011-03-28 14:21:28 +00:00
}
2012-10-11 08:00:15 +00:00
2011-03-28 14:21:28 +00:00
// Get stylesheets
$Stylesheets = $Cache->get_value('stylesheets');
if (!is_array($Stylesheets)) {
2013-06-06 08:01:03 +00:00
$DB->query('
SELECT
ID,
2013-07-10 00:08:53 +00:00
LOWER(REPLACE(Name, " ", "_")) AS Name,
2013-06-06 08:01:03 +00:00
Name AS ProperName
FROM stylesheets');
2011-03-28 14:21:28 +00:00
$Stylesheets = $DB->to_array('ID', MYSQLI_BOTH);
$Cache->cache_value('stylesheets', $Stylesheets, 600);
}
//A9 TODO: Clean up this messy solution
2013-05-16 08:00:10 +00:00
$LoggedUser['StyleName'] = $Stylesheets[$LoggedUser['StyleID']]['Name'];
2012-10-11 08:00:15 +00:00
if (empty($LoggedUser['Username'])) {
2011-03-28 14:21:28 +00:00
logout(); // Ghost
}
}
2013-07-17 08:00:52 +00:00
G::initialize();
2011-03-28 14:21:28 +00:00
$Debug->set_flag('end user handling');
$Debug->set_flag('start function definitions');
2012-04-03 08:00:22 +00:00
/**
* Log out the current session
*/
2011-03-28 14:21:28 +00:00
function logout() {
global $SessionID, $LoggedUser, $DB, $Cache;
2013-05-16 08:00:10 +00:00
setcookie('session', '', time() - 60 * 60 * 24 * 365, '/', '', false);
setcookie('keeplogged', '', time() - 60 * 60 * 24 * 365, '/', '', false);
setcookie('session', '', time() - 60 * 60 * 24 * 365, '/', '', false);
2012-10-11 08:00:15 +00:00
if ($SessionID) {
2013-05-16 16:15:57 +00:00
2013-06-06 08:01:03 +00:00
$DB->query("
DELETE FROM users_sessions
2013-07-10 00:08:53 +00:00
WHERE UserID = '$LoggedUser[ID]'
AND SessionID = '".db_string($SessionID)."'");
2013-05-16 16:15:57 +00:00
2011-03-28 14:21:28 +00:00
$Cache->begin_transaction('users_sessions_'.$LoggedUser['ID']);
$Cache->delete_row($SessionID);
$Cache->commit_transaction(0);
}
$Cache->delete_value('user_info_'.$LoggedUser['ID']);
$Cache->delete_value('user_stats_'.$LoggedUser['ID']);
$Cache->delete_value('user_info_heavy_'.$LoggedUser['ID']);
header('Location: login.php');
2012-10-11 08:00:15 +00:00
2011-03-28 14:21:28 +00:00
die();
}
function enforce_login() {
global $SessionID, $LoggedUser;
if (!$SessionID || !$LoggedUser) {
2013-05-16 08:00:10 +00:00
setcookie('redirect', $_SERVER['REQUEST_URI'], time() + 60 * 30, '/', '', false);
2011-03-28 14:21:28 +00:00
logout();
}
}
2012-04-03 08:00:22 +00:00
/**
* Make sure $_GET['auth'] is the same as the user's authorization key
* Should be used for any user action that relies solely on GET.
*
* @param Are we using ajax?
* @return authorisation status. Prints an error message to LAB_CHAN on IRC on failure.
*/
function authorize($Ajax = false) {
2011-03-28 14:21:28 +00:00
global $LoggedUser;
2012-10-11 08:00:15 +00:00
if (empty($_REQUEST['auth']) || $_REQUEST['auth'] != $LoggedUser['AuthKey']) {
2011-03-28 14:21:28 +00:00
send_irc("PRIVMSG ".LAB_CHAN." :".$LoggedUser['Username']." just failed authorize on ".$_SERVER['REQUEST_URI']." coming from ".$_SERVER['HTTP_REFERER']);
error('Invalid authorization key. Go back, refresh, and try again.', $Ajax);
2011-03-28 14:21:28 +00:00
return false;
}
return true;
}
$Debug->set_flag('ending function definitions');
//Include /sections/*/index.php
$Document = basename(parse_url($_SERVER['SCRIPT_FILENAME'], PHP_URL_PATH), '.php');
2013-05-16 08:00:10 +00:00
if (!preg_match('/^[a-z0-9]+$/i', $Document)) {
error(404);
}
2011-03-28 14:21:28 +00:00
2013-07-03 08:01:01 +00:00
$Cache->cache_value('php_' . getmypid(), array(
'start' => sqltime(),
'document' => $Document,
'query' => $_SERVER['QUERY_STRING'],
'get' => $_GET,
'post' => $_POST), 600);
2011-03-28 14:21:28 +00:00
require(SERVER_ROOT.'/sections/'.$Document.'/index.php');
$Debug->set_flag('completed module execution');
2012-10-11 08:00:15 +00:00
/* Required in the absence of session_start() for providing that pages will change
2012-09-09 08:00:26 +00:00
upon hit rather than being browser cached for changing content.
2012-08-25 08:00:15 +00:00
2012-09-09 08:00:26 +00:00
Old versions of Internet Explorer choke when downloading binary files over HTTPS with disabled cache.
2012-08-25 08:00:15 +00:00
Define the following constant in files that handle file downloads */
2013-08-22 08:00:54 +00:00
if (!defined('SKIP_NO_CACHE_HEADERS')) {
2012-08-25 08:00:15 +00:00
header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0');
header('Pragma: no-cache');
}
2011-03-28 14:21:28 +00:00
//Flush to user
ob_end_flush();
$Debug->set_flag('set headers and send to user');
//Attribute profiling
$Debug->profile();