<?php
/*
+--------------------------------------------------------------------------
| NovaBoard
| ========================================
| By The NovaBoard team
| Released under the Artistic License 2.0
| http://www.novaboard.net
| ========================================
|+--------------------------------------------------------------------------
| header.php - displays header and sets out global variables
*/
if (!defined('NOVA_RUN')){
echo "<h1>ACCESS DENIED</h1>You cannot access this file directly.";
exit();
}
#----------------------
# Get modules
#----------------------
$query29 = "select id, module_name from {$db_prefix}modules ORDER BY id DESC";
$result29 = mysql_query($query29) or die("modules.php - Error in query: $query");
$modules = array();
while ($row = mysql_fetch_assoc($result29))
$modules[$row['id']] = $row;
$content = '<?php' . "\n";
if (!empty($modules))
$content .= '$cache = ' . var_export($modules, true) . ';';
else
$content .= '$cache = array();';
$content .= "\n" . '?>';
$handle = fopen('cache/modules.php', 'w');
fwrite($handle, $content);
fclose($handle);
// get site information
$Settings = $Cache->load('settings');
$site_name = strip_slashes($Settings['site_name']);
$site_desc = strip_slashes($Settings['site_desc']);
$list_topics = $Settings['list_topics'];
$list_posts = $Settings['list_posts'];
$hot_topic = $Settings['hot_topic'];
$allow_attachments = $Settings['allow_attachments'];
$attach_img_size = strip_slashes($Settings['attach_img_size']);
$attach_avatar_size = strip_slashes($Settings['attach_avatar_size']);
$show_rss = $Settings['show_rss'];
$show_rss_limit = $Settings['show_rss_limit'];
$show_gamer_tags = $Settings['show_gamer_tags'];
$max_guest_clicks = $Settings['max_guest_clicks'];
$max_warn_level = $Settings['max_warn'];
$max_warn = $Settings['max_warn'];
$time_offset = $Settings['time_offset'];
$sef_urls = $Settings['sef_urls'];
$online_yesterday = $Settings['online_yesterday'];
$board_offline = $Settings['board_offline'];
$board_offline_reason = strip_slashes($Settings['board_offline_reason']);
$guest_register = $Settings['guest_register'];
$rules = strip_slashes($Settings['rules']);
$change_pass_time = $Settings['change_pass_time'];
$home = strip_slashes($Settings['home']);
$store_post_history = $Settings['store_post_history'];
$quick_edit = $Settings['quick_edit'];
$board_lang = strip_slashes($Settings['board_lang']);
$nova_version = $Settings['nova_version'];
$stats_topics = $Settings['stats_topics'];
$stats_posts = $Settings['stats_posts'];
$stats_members = $Settings['stats_members'];
$stats_member_id = $Settings['stats_member_id'];
$stats_member_name = strip_slashes($Settings['stats_member_name']);
$stats_post_id = $Settings['stats_post_id'];
$stats_post_title = $Settings['stats_post_title'];
$stats_post_forum = $Settings['stats_post_forum'];
$stats_post_time = $Settings['stats_post_time'];
$stats_post_topic = $Settings['stats_post_topic'];
$default_board_email = strip_slashes($Settings['board_email']);
$register_bar = $Settings['register_bar'];
$module_order = $Settings['module_order'];
$module_limit = $Settings['module_limit'];
$module_method = strip_slashes($Settings['module_method']);
$theme_order = $Settings['theme_order'];
$theme_limit = $Settings['theme_limit'];
$theme_method = strip_slashes($Settings['theme_method']);
$auto_merge = $Settings['auto_merge'];
$akismet_key = strip_slashes($Settings['akismet_key']);
$recaptcha_private = strip_slashes($Settings['recaptcha_private']);
$recaptcha_public = strip_slashes($Settings['recaptcha_public']);
$username_length = $Settings['username_length'];
$usertitle_length = $Settings['usertitle_length'];
$trashcan_enabled = $Settings['trashcan_enabled'];
$trashcan_forum = $Settings['trashcan_forum'];
$trashcan_delete_time = $Settings['trashcan_delete_time'];
$trashcan_delete_ran = $Settings['trashcan_delete_ran'];
// set default email address
$board_email = "noreply@" . preg_replace('/^www\./', '', $_SERVER['HTTP_HOST'], 1);
// remove .domain.com problem email address
$board_email = str_replace("hide@address.com", "noreply@", $board_email);
// now set it as default address
ini_set('sendmail_from', $board_email);
// unset home
if ($home==''){
unset($home);
}
// check .htaccess exists. If it doesn't, don't use sef_url's
if (!file_exists(".htaccess")){
$sef_urls="0";
}
// Check their login details match what we've got held in the database
// and if they are guff, chuck them off...
if (isset($_COOKIE['nova_name'])){
$nova_name = escape_string($_COOKIE['nova_name']);
$nova_name = str_replace("'", "", $nova_name);
if (!preg_match('|^[a-zA-Z0-9!@#$%^&*();:_.\\\\ /\t-]+$|', $nova_name) ) {
setcookie("nova_name", $name, time() -1);
setcookie("nova_password", $password, time() -1);
nova_redirect("index.php?page=error&error=32","error/32");
}
$nova_password = escape_string($_COOKIE['nova_password']);
// get member details...
$fields = array(
'm.id', 'm.role', 'm.warn_level', 'm.suspend_date', 'm.verified', 'm.password_time', 'm.read_all_posts', 'm.board_lang',
'm.banned', 'm.register_date', 'm.new_pms', 'm.nationality', 'm.moderate', 'm.time_offset', 'm.show_fast_reply'
);
$tables = array(
'default' => array(
0 => array(
'name' => 'members',
'short' => 'm'
)
)
);
$where = array('name = "' . $name . '"', 'password = "' . $password . '"');
$limit = array();
$order = array();
/*
Allow modules to select extra stuff
*/
if ($code = $Plugin->hook('header', 'member_info_query'))
{
eval($code);
}
$query_member_stuff = buildQuery($fields, $tables, $where, $order, $limit);
$result_member_stuff = mysql_query($query_member_stuff) or die("header.php - Error in query: $query_member_stuff") ;
$secure = mysql_num_rows($result_member_stuff);
$results_member_stuff = mysql_fetch_assoc($result_member_stuff);
$role = $results_member_stuff['role'];
$my_id = $results_member_stuff['id'];
$warn_level = $results_member_stuff['warn_level'];
$suspend_date = $results_member_stuff['suspend_date'];
$verified = $results_member_stuff['verified'];
$read_all_posts = $results_member_stuff['read_all_posts'];
$member_lang = $results_member_stuff['board_lang'];
$member_banned = $results_member_stuff['banned'];
$password_time = $results_member_stuff['password_time'];
$register_date = $results_member_stuff['register_date'];
$new_pms = $results_member_stuff['new_pms'];
$nationality = $results_member_stuff['nationality'];
$moderated = $results_member_stuff['moderate'];
$member_offset = $results_member_stuff['time_offset'];
$time_offset = $member_offset;
$show_fast_reply = $results_member_stuff['show_fast_reply'];
$password_time = $password_time + ((24*60*60)*$change_pass_time);
$current_time = time();
// are they a guest? If so, set member group accordingly...
if ($my_id < '0'){
$role="4";
}
// check if paypal subscription is still valid...
$query219 = "select SUBSCRIPTION, EXPIRES from {$db_prefix}group_upgrade_details WHERE MEMBER ='$my_id'" ;
$result219 = mysql_query($query219) or die("members.php - Error in query: $query219");
$subscribe_number = mysql_num_rows($result219);
if ($subscribe_number!='0'){
while ($results219 = mysql_fetch_array($result219)){
$subscription = $results219['SUBSCRIPTION'];
$expires = $results219['EXPIRES'];
}
if ($current_time >= $expires){
// downgrade them....
$query29 = "select UPGRADE_FROM from {$db_prefix}group_upgrade WHERE UPGRADE_ID='$subscription'" ;
$result29 = mysql_query($query29) or die("upgrade.php - Error in query: $query29") ;
$upgrade_from = mysql_result($result29, 0);
mysql_query("UPDATE {$db_prefix}members SET role = '$upgrade_from' WHERE role = '$upgrade_to' AND ID='$my_id'");
mysql_query("DELETE from {$db_prefix}group_upgrade_details WHERE member='$my_id' AND subscription='$subscription'");
}
}
// if the member info is wrong, remove cookie and redirect
if ($secure=='0'){
setcookie("nova_name", $name, time() -1);
setcookie("nova_password", $password, time() -1);
if ($_GET['page']!='login'){
template_hook("header.template.php", "form_1");
nova_redirect("index.php?page=login","login");
}
}
// still to verify?
elseif($verified=='0'){
setcookie("nova_name", $name, time() -1);
setcookie("nova_password", $password, time() -1);
if ($_GET['page']!='verify'){
template_hook("header.template.php", "form_2");
nova_redirect("index.php?page=verify","verify");
}
}
// has their password expired?
elseif($password_time < $current_time){
if ($_GET['page']!='myoptions' && $_GET['act']!='password'){
template_hook("header.template.php", "form_3");
nova_redirect("index.php?page=myoptions&act=password","myoptions/password");
}
}
else{
// do nothing
}
}
// not logged in? guest alert!
elseif (!isset($_COOKIE['nova_name'])){
$role="4";
}
// set language
if (isset($member_lang) && $member_lang!=''){
$board_lang="$member_lang";
}
// Do you speekee english cookie?
if (isset($_COOKIE['nova_lang']) && (!isset($_COOKIE['nova_name']))){
$board_lang = escape_string($_COOKIE['nova_lang']);
}
// Prepare all images to use...
include "scripts/php/image_check.php";
// Get global permissions...
include "includes/pages/permissions.php";
// Check in case themember is suspended...
$current_date_and_time = time();
if (isset($suspend_date)){
if ($current_date_and_time <= $suspend_date){
if ($_GET['page']!='suspended' && $_GET['page']!='logout'){
template_hook("header.template.php", "form_4");
nova_redirect("index.php?page=suspended","suspended");
}
}
}
// are they banned?
if (isset($warn_level) && isset($member_banned)){
if ($max_warn_level <= $warn_level OR $member_banned=='1'){
if ($_GET['page']!='banned' && $_GET['page']!='logout'){
template_hook("header.template.php", "form_5");
nova_redirect("index.php?page=banned","banned");
}
}
}
// is this a forum?
if (isset($_GET['forum']) && !isset($_GET['page'])){
$forum = (int) $_GET['forum'];
$query22 = "select NAME from {$db_prefix}categories WHERE ID ='$forum'" ;
$result22 = mysql_query($query22) or die("header.php - Error in query: $query22") ;
while ($results22 = mysql_fetch_array($result22)){
$location_name = $results22['NAME'];
$location_name=strip_slashes($location_name);
}
}
// or is it a topic?
elseif(isset($_GET['topic']) && !isset($_GET['page'])){
$topic = (int) $_GET['topic'];
$query22 = "select TITLE from {$db_prefix}posts WHERE TOPIC_ID ='$topic' AND TITLE!=''" ;
$result22 = mysql_query($query22) or die("header.php - Error in query: $query22") ;
while ($results22 = mysql_fetch_array($result22)){
$location_name = $results22['TITLE'];
$location_name = strip_slashes($location_name);
}
}
// Check the set time offset...
if(isset($_COOKIE['nova_name'])){
$name=escape_string($_COOKIE['nova_name']);
}
if(isset($_COOKIE['nova_password'])){
$password=escape_string($_COOKIE['nova_password']);
}
// check for the existance of private messages, moderated members
// and reported posts
if (isset($my_id)){
$messages_number=$new_pms;
if ($can_pm=='0'){
$messages_number="0";
}
$query26 = "select ID from {$db_prefix}report" ;
$result26 = mysql_query($query26) or die("header.php - Error in query: $query26");
$report_number = mysql_num_rows($result26);
$query26 = "select ID from {$db_prefix}moderate" ;
$result26 = mysql_query($query26) or die("header.php - Error in query: $query26");
$moderate_number = mysql_num_rows($result26);
}
if (!isset($_COOKIE['nova_name'])){
$new_posts="";
$messages_number="";
}
// find out the number of unread posts
if (isset($nova_name)){
$unread_posts="0";
// Now go through each forum...
$query211 = "select FORUM_ID from {$db_prefix}permissions WHERE GROUP_ID='$role' AND CAN_READ_TOPICS='1' ORDER BY FORUM_ID desc" ;
$result211 = mysql_query($query211) or die("header.php - Error in query: $query211");
while ($results211 = mysql_fetch_array($result211)){
$forum_id = $results211['FORUM_ID'];
$query212 = "select TOPIC_ID from {$db_prefix}posts WHERE FORUM_ID='$forum_id' AND LAST_POST_TIME > '$read_all_posts' AND LAST_POST_TIME > '$register_date' AND APPROVED='1' AND TITLE!='' ORDER BY TOPIC_ID desc" ;
$result212 = mysql_query($query212) or die("header.php - Error in query: $query212");
while ($results212 = mysql_fetch_array($result212)){
$topic_check_id = $results212['TOPIC_ID'];
$query2118 = "select READ_TIME from {$db_prefix}posts_read WHERE MEMBER_ID='$my_id' AND TOPIC_ID='$topic_check_id'";
$result2118 = mysql_query($query2118) or die("header.php - Error in query: $query2118");
$read_count = mysql_num_rows($result2118);
if ($read_count=='0'){
$read_results="0";
}
else{
$read_results = mysql_result($result2118, 0);
}
// now check posts...
$query2129 = "select ID from {$db_prefix}posts WHERE TOPIC_ID='$topic_check_id' AND TIME > '$read_results' AND TIME > '$read_all_posts' AND APPROVED='1' AND MEMBER!='$my_id'";
$result2129 = mysql_query($query2129) or die("header.php - Error in query: $query2129");
while ($results2129 = mysql_fetch_array($result2129)){
$post_id = $results2129['ID'];
$unread_posts = $unread_posts + 1;
}
}
}
$new_posts=number_format($unread_posts);
}
else{
$unread_posts="0";
}
// Get language files...
include "lang/$board_lang/lang_forum.php";
if (isset($_GET['page']) && $_GET['page'] == 'admin'){
include "lang/$board_lang/lang_admin.php";
}
if (isset($_GET['page']) && $_GET['page'] == 'error'){
include "lang/$board_lang/lang_error.php";
}
if (isset($_GET['page']) && $_GET['page'] == 'myoptions'){
include "lang/$board_lang/lang_myoptions.php";
}
if (isset($_GET['page']) && $_GET['page'] == 'help'){
include "lang/$board_lang/lang_help.php";
}
// Set variables for some date things (trust me, we need this)
$format_time = $lang['date_format'];
$date_today = $lang['date_today'];
$date_yesterday = $lang['date_yesterday'];
$date_minute = $lang['date_minute'];
$date_minutes = $lang['date_minutes'];
$date_hour = $lang['date_hour'];
$date_hours = $lang['date_hours'];
// Get the script that handles locations
include "scripts/php/location.php";
$location_name = location_page("header");
$location_text = "$site_name, $site_desc, $location_name";
// prepare the SEO meta for topics
if (isset($_GET['topic']) && ($_GET['page']!='search')){
$location_text = '';
$topic = (int) $topic;
$query211 = "select CONTENT from {$db_prefix}posts WHERE TOPIC_ID='$topic' AND TITLE!=''";
$result211 = mysql_query($query211) or die("topic.php - Error in query: $query211");
$location_results = mysql_num_rows($result211);
if ($location_results!='0'){
$location_text_string = strip_slashes(mysql_result($result211, 0));
$location_text_string = explode(" ", $location_text_string);
for ($wordCounter=0; $wordCounter<30; $wordCounter++) {
$location_text .= $location_text_string[$wordCounter]." ";
}
$location_text = $location_text."...";
$location_text = str_replace(" ...", "...", $location_text);
$location_text = str_replace("<br />", "", $location_text);
$location_text = str_replace("\r\n", " ", $location_text);
function stripBBCode($text_to_search) {
$pattern = '|[[\/\!]*?[^\[\]]*?]|si';
$replace = '';
return preg_replace($pattern, $replace, $text_to_search);
}
$location_text = stripBBCode($location_text);
$location_text = strip_tags($location_text);
}
}
// prepare the SEO meta for forums
elseif (isset($_GET['forum']) && ($_GET['page']!='search')){
$location_text = '';
$forum = (int) $forum;
$query211 = "select DESCRIPTION from {$db_prefix}categories WHERE ID='$forum'";
$result211 = mysql_query($query211) or die("topic.php - Error in query: $query211");
$location_results = mysql_num_rows($result211);
if ($location_results!='0'){
$location_text_string = strip_slashes(mysql_result($result211, 0));
$location_text_string = explode(" ", $location_text_string);
for ($wordCounter=0; $wordCounter<30; $wordCounter++) {
$location_text .= $location_text_string[$wordCounter]." ";
}
$location_text = $location_text."...";
$location_text = str_replace(" ...", "...", $location_text);
$location_text = str_replace("<br />", "", $location_text);
$location_text = str_replace("\r\n", " ", $location_text);
function stripBBCode($text_to_search) {
$pattern = '|[[\/\!]*?[^\[\]]*?]|si';
$replace = '';
return preg_replace($pattern, $replace, $text_to_search);
}
$location_text = stripBBCode($location_text);
$location_text = strip_tags($location_text);
}
}
/*
If trashcan is running, delete any posts older than the cut-off point
*/
if ($trashcan_enabled && ($trashcan_delete_ran <= time() - (60 * 60 * 24)))
{
/*
Change delete frequency into timestamp value
*/
$multiplier = 60 * 60 * 24;
$trashcan_delete = explode(';', $trashcan_delete_time);
switch ($trashcan_delete[1])
{
case 0:
default:
$trashcan_time = 0;
break;
case 1:
$trashcan_time = $trashcan_delete[0] * $multiplier;
break;
case 2:
$trashcan_time = $trashcan_delete[0] * $multiplier * 7;
break;
case 3:
$trashcan_time = $trashcan_delete[0] * $multiplier * 30;
break;
case 4:
$trashcan_time = $trashcan_delete[0] * $multiplier * 365;
break;
}
$currentTime = time();
if ($trashcan_time != 0)
{
$query = mysql_query('
SELECT id, topic_id
FROM ' . $db_prefix . 'posts
WHERE trashcan_time <= (' . ($currentTime - $trashcan_time) . ') AND title != "" AND forum_id = ' . $trashcan_forum
);
$found = mysql_num_rows($query);
while ($row = mysql_fetch_assoc($query))
{
$query2 = mysql_query('SELECT id FROM ' . $db_prefix . 'posts WHERE topic_id = ' . $row['topic_id']);
while ($row2 = mysql_fetch_assoc($query2))
{
$query3 = mysql_query('SELECT filename FROM ' . $db_prefix . 'attachments WHERE postid = ' . $row['id']);
while ($row3 = mysql_fetch_assoc($query2))
{
unlink($nova_root . 'uploads/attachments/' . $row3['filename']);
unlink($nova_root . 'uploads/attachments/t_' . $row3['filename']);
}
mysql_query('DELETE FROM ' . $db_prefix . 'attachments WHERE postid = ' . $row2['id']);
mysql_query('DELETE FROM ' . $db_prefix . 'moderate WHERE postid = ' . $row2['id']);
}
/*
Remove the posts and any edits made to them
*/
mysql_query('DELETE FROM ' . $db_prefix . 'posts WHERE topic_id = ' . $row['topic_id']);
mysql_query('DELETE FROM ' . $db_prefix . 'posts_edit WHERE topic = ' . $row['topic_id']);
}
if ($found > 0)
{
require $nova_root . 'scripts/php/auto_cache.php';
}
}
mysql_query('UPDATE ' . $db_prefix . 'settings SET trashcan_delete_ran = ' . $currentTime);
}
template_hook("header.template.php", "start");
template_hook("header.template.php", "1");
// sort some cache control
header("Cache-Control: private");
header("Pragma: private");
// pull in some clever templates
template_hook("header.template.php", "before_body");
template_hook("header.template.php", "after_body");
// parse lang file to show number of new messages
$lang['navbar_message_new'] = str_replace("<%1>",$messages_number, $lang['navbar_message_new']);
// now even more templates
template_hook("nav_bar.template.php", "start");
template_hook("nav_bar.template.php", "1");
template_hook("nav_bar.template.php", "2");
template_hook("nav_bar.template.php", "3");
template_hook("nav_bar.template.php", "end");
template_hook("member_bar.template.php", "start");
template_hook("member_bar.template.php", "1");
template_hook("member_bar.template.php", "2");
template_hook("member_bar.template.php", "end");
template_hook("header.template.php", "2");
// Now include the members session information
include "includes/forums/session.php";
// if the board is offline, redirect if not admin
if ($can_change_site_settings!='1' && $board_offline=='1' && $_GET['page']!='offline' && $_GET['page']!='login' && $_GET['page']!='verify'){
template_hook("header.template.php", "form_6");
nova_redirect("index.php?page=offline","offline");
}
// require registration to view board?
if ($can_view_board=='0' && $_GET['page']!='error' && $_GET['page']!='register' && $_GET['page']!='login' && $_GET['page']!='verify'){
nova_redirect("index.php?page=error&error=30","error/30");
}
// final template hook. PHEW!
template_hook("header.template.php", "end");
?>