0)
{
$nucleus['version'] .= '/' . getNucleusPatchLevel();
}
/*
Indicates when Nucleus should display startup errors. Set to 1 if you want
the error enabled (default), false otherwise
alertOnHeadersSent
Displays an error when visiting a public Nucleus page and headers have
been sent out to early. This usually indicates an error in either a
configuration file or a language file, and could cause Nucleus to
malfunction
alertOnSecurityRisk
Displays an error only when visiting the admin area, and when one or
more of the installation files (install.php, install.sql, upgrades/
directory) are still on the server.
*/
$CONF['alertOnHeadersSent'] = 1;
$CONF['alertOnSecurityRisk'] = 1;
/**
* returns the currently used version (100 = 1.00, 101 = 1.01, etc...)
*/
function getNucleusVersion() {
return 320;
}
/**
* power users can install patches in between nucleus releases. These patches
* usually add new functionality in the plugin API and allow those to
* be tested without having to install CVS.
*/
function getNucleusPatchLevel() {
return 0;
}
if ($CONF['debug']) {
error_reporting(E_ALL & ~E_NOTICE); // report almost all errors!
// (no uninitialized vars and such)
} else {
error_reporting(E_ERROR | E_WARNING | E_PARSE);
}
// we will use postVar, getVar, ... methods instead of HTTP_GET_VARS or _GET
if ($CONF['installscript']!=1){ // vars were already included in install.php
if (phpversion() >= '4.1.0')
include_once($DIR_LIBS . 'vars4.1.0.php');
else
include_once($DIR_LIBS . 'vars4.0.6.php');
}
function intPostVar($name) { return intval(postVar($name));}
function intGetVar($name) { return intval(getVar($name));}
function intRequestVar($name) { return intval(requestVar($name)); }
function intCookieVar($name) { return intval(cookieVar($name)); }
// get all variables that can come from the request and put them in the global scope
$blogid = requestVar('blogid');
$itemid = intRequestVar('itemid');
$catid = intRequestVar('catid');
$skinid = requestVar('skinid');
$memberid = requestVar('memberid');
$archivelist = requestVar('archivelist');
$imagepopup = requestVar('imagepopup');
$archive = requestVar('archive');
$query = requestVar('query');
$highlight = requestVar('highlight');
$amount = requestVar('amount');
$action = requestVar('action');
$nextaction = requestVar('nextaction');
$maxresults = requestVar('maxresults');
$startpos = intRequestVar('startpos');
$errormessage = '';
$error = '';
if (!headers_sent())
header('Generator: Nucleus CMS ' . $nucleus['version']);
// include core classes that are needed for login & plugin handling
include($DIR_LIBS . 'MEMBER.php');
include($DIR_LIBS . 'ACTIONLOG.php');
include($DIR_LIBS . 'MANAGER.php');
include($DIR_LIBS . 'PLUGIN.php');
$manager =& MANAGER::instance();
// make sure there's no unnecessary escaping:
set_magic_quotes_runtime(0);
// only needed when updating logs
if ($CONF['UsingAdminArea']) {
include($DIR_LIBS . 'xmlrpc.inc.php'); // XML-RPC client classes
include_once($DIR_LIBS . 'ADMIN.php');
}
// connect to sql
sql_connect();
// makes sure database connection gets closed on script termination
register_shutdown_function('sql_disconnect');
// read config
getConfig();
// automatically use simpler toolbar for mozilla
if (($CONF['DisableJsTools'] == 0) && strstr(serverVar('HTTP_USER_AGENT'),'Mozilla/5.0') && strstr(serverVar('HTTP_USER_AGENT'),'Gecko'))
$CONF['DisableJsTools'] = 2;
// login if cookies set
$member =& new MEMBER();
// login/logout when required or renew cookies
if ($action == 'login') {
// Form Authentication
$login = postVar('login');
$pw = postVar('password');
$shared = intPostVar('shared'); // shared computer or not
if ($member->login($login,$pw)) {
$member->newCookieKey();
$member->setCookies($shared);
// allows direct access to parts of the admin area after logging in
if ($nextaction)
$action = $nextaction;
$manager->notify('LoginSuccess',array('member' => &$member));
ACTIONLOG::add(INFO, "Login successful for $login (sharedpc=$shared)");
} else {
$manager->notify('LoginFailed',array('username' => $login));
ACTIONLOG::add(INFO, 'Login failed for ' . $login);
}
/*
Backed out for now: See http://forum.nucleuscms.org/viewtopic.php?t=3684 for details
} elseif (serverVar('PHP_AUTH_USER') && serverVar('PHP_AUTH_PW')) {
// HTTP Authentication
$login = serverVar('PHP_AUTH_USER');
$pw = serverVar('PHP_AUTH_PW');
if ($member->login($login,$pw)) {
$manager->notify('LoginSuccess',array('member' => &$member));
ACTIONLOG::add(INFO, "HTTP authentication successful for $login");
} else {
$manager->notify('LoginFailed',array('username' => $login));
ACTIONLOG::add(INFO, 'HTTP authentication failed for ' . $login);
//Since bad credentials, generate an apropriate error page
header("WWW-Authenticate: Basic realm=\"Nucleus CMS {$nucleus['version']}\"");
header('HTTP/1.0 401 Unauthorized');
echo 'Invalid username or password';
exit;
}
*/
} elseif (($action == 'logout') && (!headers_sent()) && cookieVar($CONF['CookiePrefix'] . 'user')){
// remove cookies on logout
setcookie($CONF['CookiePrefix'] .'user','',(time()-2592000),$CONF['CookiePath'],$CONF['CookieDomain'],$CONF['CookieSecure']);
setcookie($CONF['CookiePrefix'] .'loginkey','',(time()-2592000),$CONF['CookiePath'],$CONF['CookieDomain'],$CONF['CookieSecure']);
$manager->notify('Logout',array('username' => cookieVar($CONF['CookiePrefix'] .'user')));
} elseif (cookieVar($CONF['CookiePrefix'] .'user')) {
// Cookie Authentication
$res = $member->cookielogin(cookieVar($CONF['CookiePrefix'] .'user'), cookieVar($CONF['CookiePrefix'] .'loginkey'));
// renew cookies when not on a shared computer
if ($res && (cookieVar($CONF['CookiePrefix'] .'sharedpc') != 1) && (!headers_sent()))
$member->setCookies();
}
// login completed
$manager->notify('PostAuthentication',array('loggedIn' => $member->isLoggedIn()));
// first, let's see if the site is disabled or not
if ($CONF['DisableSite'] && !$member->isAdmin()) {
redirect($CONF['DisableSiteURL']);
exit;
}
// load other classes
include($DIR_LIBS . 'PARSER.php');
include($DIR_LIBS . 'SKIN.php');
include($DIR_LIBS . 'TEMPLATE.php');
include($DIR_LIBS . 'BLOG.php');
include($DIR_LIBS . 'COMMENTS.php');
include($DIR_LIBS . 'COMMENT.php');
//include($DIR_LIBS . 'ITEM.php');
include($DIR_LIBS . 'NOTIFICATION.php');
include($DIR_LIBS . 'BAN.php');
include($DIR_LIBS . 'PAGEFACTORY.php');
include($DIR_LIBS . 'SEARCH.php');
// set lastVisit cookie (if allowed)
if (!headers_sent()) {
if ($CONF['LastVisit'])
setcookie($CONF['CookiePrefix'] .'lastVisit',time(),time()+2592000,$CONF['CookiePath'],$CONF['CookieDomain'],$CONF['CookieSecure']);
else
setcookie($CONF['CookiePrefix'] .'lastVisit','',(time()-2592000),$CONF['CookiePath'],$CONF['CookieDomain'],$CONF['CookieSecure']);
}
// read language file, only after user has been initialized
$language = getLanguageName();
include($DIR_LANG . ereg_replace( '[\\|/]', '', $language) . '.php');
/*
Backed out for now: See http://forum.nucleuscms.org/viewtopic.php?t=3684 for details
// To remove after v2.5 is released and language files have been updated.
// Including this makes sure that language files for v2.5beta can still be used for v2.5final
// without having weird _SETTINGS_EXTAUTH string showing up in the admin area.
if (!defined('_MEMBERS_BYPASS'))
{
define('_SETTINGS_EXTAUTH', 'Enable External Authentication');
define('_WARNING_EXTAUTH', 'Warning: Enable only if needed.');
define('_MEMBERS_BYPASS', 'Use External Authentication');
}
*/
// make sure the archivetype skinvar keeps working when _ARCHIVETYPE_XXX not defined
if (!defined('_ARCHIVETYPE_MONTH'))
{
define('_ARCHIVETYPE_DAY','day');
define('_ARCHIVETYPE_MONTH','month');
}
// decode path_info
if ($CONF['URLMode'] == 'pathinfo') {
$data = explode("/",serverVar('PATH_INFO'));
for ($i=0;$i
Could not select database: '. mysql_error().'
', 'Connect Error'); return $connection; } /** * returns a prefixed nucleus table name */ function sql_table($name) { global $MYSQL_PREFIX; if ($MYSQL_PREFIX) return $MYSQL_PREFIX . 'nucleus_' . $name; else return 'nucleus_' . $name; } function sendContentType($contenttype, $pagetype = '', $charset = _CHARSET) { global $manager, $CONF; if (!headers_sent()) { // if content type is application/xhtml+xml, only send it to browsers // that can handle it (IE6 cannot). Otherwise, send text/html // v2.5: For admin area pages, keep sending text/html (unless it's a debug version) // application/xhtml+xml still causes too much problems with the javascript implementations if ( ($contenttype == 'application/xhtml+xml') && (($CONF['UsingAdminArea'] && !$CONF['debug']) || !stristr(serverVar('HTTP_ACCEPT'),'application/xhtml+xml')) ) { $contenttype = 'text/html'; } $manager->notify( 'PreSendContentType', array( 'contentType' => &$contenttype, 'charset' => &$charset, 'pageType' => $pagetype ) ); // strip strange characters $contenttype = preg_replace('|[^a-z0-9-+./]|i', '', $contenttype); $charset = preg_replace('|[^a-z0-9-_]|i', '', $charset); header('Content-Type: ' . $contenttype . '; charset=' . $charset); } } /** * Errors before the database connection has been made */ function startUpError($msg, $title) { ?>'.$hsFile.'
line '.$hsLine.'
';
} else {
$extraInfo = '';
}
startUpError(
'The page headers have already been sent out'.$extraInfo.'. This could cause Nucleus not to work in the expected way.
Usually, this is caused by spaces or newlines at the end of the config.php
file, at the end of the language file or at the end of a plugin file. Please check this and try again.
If you don\'t want to see this error message again, without solving the problem, set $CONF[\'alertOnHeadersSent\']
in globalfunctions.php
to 0
' . $msg . "
\n"; } // shortcut function addToLog($level, $msg) { ACTIONLOG::add($level, $msg); } // shows a link to help file function help($id) { echo helpHtml($id); } function helpHtml($id) { return helplink($id) . ''; } function helplink($id) { return ''; } function getMailFooter() { $message = "\n\n-----------------------------"; $message .= "\n Powered by Nucleus CMS"; $message .= "\n(http://www.nucleuscms.org/)"; return $message; } /** * Returns the name of the language to use * preference priority: member - site * defaults to english when no good language found * * checks if file exists, etc... */ function getLanguageName() { global $CONF, $member; if ($member) { // try to use members language $memlang = $member->getLanguage(); if (($memlang != '') && (checkLanguage($memlang))) return $memlang; } // use default language if (checkLanguage($CONF['Language'])) return $CONF['Language']; else return 'english'; } /** * Includes a PHP file. This method can be called while parsing templates and skins */ function includephp($filename) { // make predefined variables global, so most simple scripts can be used here // apache (names taken from PHP doc) global $GATEWAY_INTERFACE, $SERVER_NAME, $SERVER_SOFTWARE, $SERVER_PROTOCOL; global $REQUEST_METHOD, $QUERY_STRING, $DOCUMENT_ROOT, $HTTP_ACCEPT; global $HTTP_ACCEPT_CHARSET, $HTTP_ACCEPT_ENCODING, $HTTP_ACCEPT_LANGUAGE; global $HTTP_CONNECTION, $HTTP_HOST, $HTTP_REFERER, $HTTP_USER_AGENT; global $REMOTE_ADDR, $REMOTE_PORT, $SCRIPT_FILENAME, $SERVER_ADMIN; global $SERVER_PORT, $SERVER_SIGNATURE, $PATH_TRANSLATED, $SCRIPT_NAME; global $REQUEST_URI; // php (taken from PHP doc) global $argv, $argc, $PHP_SELF, $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS; global $HTTP_POST_FILES, $HTTP_ENV_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS; // other global $PATH_INFO, $HTTPS, $HTTP_RAW_POST_DATA, $HTTP_X_FORWARDED_FOR; if (@file_exists($filename)) include($filename); } /** * Checks if a certain language/plugin exists */ function checkLanguage($lang) { global $DIR_LANG ; return file_exists($DIR_LANG . ereg_replace( '[\\|/]', '', $lang) . '.php'); } function checkPlugin($plug) { global $DIR_PLUGINS; return file_exists($DIR_PLUGINS . ereg_replace( '[\\|/]', '', $plug) . '.php'); } $CONF['ItemURL'] = $CONF['Self']; $CONF['ArchiveURL'] = $CONF['Self']; $CONF['ArchiveListURL'] = $CONF['Self']; $CONF['MemberURL'] = $CONF['Self']; $CONF['SearchURL'] = $CONF['Self']; $CONF['BlogURL'] = $CONF['Self']; $CONF['CategoryURL'] = $CONF['Self']; // switch URLMode back to normal when $CONF['Self'] ends in .php // this avoids urls like index.php/item/13/index.php/item/15 if ( ($CONF['URLMode'] == 'pathinfo') && (substr($CONF['Self'], strlen($CONF['Self']) - 4) == '.php') ) { $CONF['URLMode'] = 'normal'; } /** * Centralisation of the functions that generate links */ function createItemLink($itemid, $extra = '') { global $CONF; if ($CONF['URLMode'] == 'pathinfo') $link = $CONF['ItemURL'] . '/item/' . $itemid; else $link = $CONF['ItemURL'] . '?itemid=' . $itemid; return addLinkParams($link, $extra); } function createMemberLink($memberid, $extra = '') { global $CONF; if ($CONF['URLMode'] == 'pathinfo') $link = $CONF['MemberURL'] . '/member/' . $memberid; else $link = $CONF['MemberURL'] . '?memberid=' . $memberid; return addLinkParams($link, $extra); } function createCategoryLink($catid, $extra = '') { global $CONF; if ($CONF['URLMode'] == 'pathinfo') $link = $CONF['CategoryURL'] . '/category/' . $catid; else $link = $CONF['CategoryURL'] . '?catid=' . $catid; return addLinkParams($link, $extra); } function createArchiveListLink($blogid = '', $extra = '') { global $CONF; if (!$blogid) $blogid = $CONF['DefaultBlog']; if ($CONF['URLMode'] == 'pathinfo') $link = $CONF['ArchiveListURL'] . '/archives/' . $blogid; else $link = $CONF['ArchiveListURL'] . '?archivelist=' . $blogid; return addLinkParams($link, $extra); } function createArchiveLink($blogid, $archive, $extra = '') { global $CONF; if ($CONF['URLMode'] == 'pathinfo') $link = $CONF['ArchiveURL'] . '/archive/'.$blogid.'/' . $archive; else $link = $CONF['ArchiveURL'] . '?blogid='.$blogid.'&archive=' . $archive; return addLinkParams($link, $extra); } function createBlogLink($url, $params) { return addLinkParams($url . '?', $params); } function createBlogidLink($blogid, $params = '') { global $CONF; if ($CONF['URLMode'] == 'pathinfo') $link = $CONF['BlogURL'] . '/blog/' . $blogid; else $link = $CONF['BlogURL'] . '?blogid=' . $blogid; return addLinkParams($link, $params); } function addLinkParams($link, $params) { global $CONF; if (is_array($params)) { if ($CONF['URLMode'] == 'pathinfo') { foreach ($params as $param => $value) { $link .= '/' . $param . '/' . urlencode($value); } } else { foreach ($params as $param => $value) { $link .= '&' . $param . '=' . urlencode($value); } } } return $link; } /** * @param $querystr * querystring to alter (e.g. foo=1&bar=2&x=y) * @param $param * name of parameter to change (e.g. 'foo') * @param $value * New value for that parameter (e.g. 3) * @result * altered query string (for the examples above: foo=3&bar=2&x=y) */ function alterQueryStr($querystr, $param, $value) { $vars = explode("&", $querystr); $set = false; for ($i=0;$i