Location: PHPKode > projects > TPEngine > tpengine-1.87beta/admin/common.inc.php
<?php
/* $Id: common.inc.php,v 1.0 drscream Exp $ */
/*
          TPEngine - PHP/MySQL Protocol System
        ==============================================
            (c) 2005 by
               Thomas Merkel      <hide@address.com>
               David Hoess	  <hide@address.com>
	       Uwe Schiber	  <hide@address.com>

          download the latest version:
            http://tpengine.sourceforge.net

          This  program is  free  software;  you can
          redistribute it and/or modify it under the
          terms of the GNU General Public License as
          published by the Free Software Foundation;
          either  version 2 of  the License,  or (at
          your option) any later version.

        ==============================================

*/

/**
 * as of php5, $HTTP_*_VARS are disabled
 * so we have to recreate them here
 * 
 * this is actually pretty evil, but it does work.
 **/

if(substr(phpversion(), 0, 1) > 4)
{
    $a_globals = array(
        'HTTP_SERVER_VARS' => '_SERVER', 
        'HTTP_COOKIE_VARS' => '_COOKIE', 
        'HTTP_POST_VARS' => '_POST',
        'HTTP_GET_VARS' => '_GET',
        'HTTP_ENV_VARS' => '_ENV'
    );

    foreach($a_globals as $k => $v)
    {
       global $$k;
       $$k = $$v;
    }
    unset($a_globals);
}

include('functions.inc.php');
if( !@include('./../inc/config.inc.php') )
{
	print 'Die TPEngine ist noch nicht installiert! Klicken Sie <a href="./install.php">hier</a>, um mit der Installation zu beginnen.';
	exit;
}

// php 4.1+
if( isset($HTTP_GET_VARS) )
	extract($HTTP_GET_VARS, EXTR_SKIP);
if( isset($HTTP_PUT_VARS) )
	extract($HTTP_PUT_VARS, EXTR_SKIP);
if( isset($HTTP_POST_VARS) )
	extract($HTTP_POST_VARS, EXTR_SKIP);

if( get_magic_quotes_gpc() && is_array($GLOBALS) )
{
	$HTTP_GET_VARS = r_stripslashes($HTTP_GET_VARS);
	$HTTP_POST_VARS = r_stripslashes($HTTP_POST_VARS);
	$HTTP_COOKIE_VARS = r_stripslashes($HTTP_COOKIE_VARS);
	$GLOBALS = r_stripslashes($GLOBALS);
}

error_reporting(7); // E_ERROR | E_WARNING | E_PARSE
set_magic_quotes_runtime(0);

if( $REMOTE_ADDR == '127.0.0.1' ) {
   $REMOTE_ADDR = $HTTP_X_FORWARDED_FOR;
}


$mysql = @mysql_connect($mysql_h, $mysql_u, $mysql_p);
$db = @mysql_select_db($mysql_db, $mysql);

// wiedi code, a cool session code

extract($_REQUEST);
extract($_COOKIE);
session_start();

$luser=$l_username;
$lpass=$l_password;
if (!isset($_SESSION['luser'])) {
   $_SESSION['luser'] = $luser;
   $_SESSION['lpass'] = $lpass;
} else {
   $luser = $_SESSION['luser'];
   $lpass = $_SESSION['lpass'];
}

$sqlcmd  =  "select userid, username from ".$pref."user WHERE username='".$luser."' AND userpassword='" . md5($lpass) . "' AND userisadmin=1";
$r_user = mysql_query($sqlcmd, $mysql);
if(mysql_num_rows($r_user) != 1 ) {
  loginform();
  exit;
} else {
  $g_user = $luser;
}

// end wiedi code


// small admin logs
 query( "INSERT INTO ".$pref."adminlog (logtype, logtime, logaction)
       VALUES ('LOG_ADMIN', ".time().", '".addslashes($action)."')" ); 


$r_registry = query("SELECT keyname, keyvalue, keytype FROM " . $pref . "registry");
while ( $registry = mysql_fetch_array($r_registry) )
{
	switch( $registry['keytype'] )
	{
		case 'integer':
		case 'boolean':
			$config[$registry['keyname']] = intval($registry['keyvalue']);
			break;
			
		case 'array':
			$array = explode("\n", $registry['keyvalue']);
			while( list($k, $v) = @each($array) )
				$array[$k] = '"'.addslashes(trim($v)).'"';
			eval("\$config[\$registry['keyname']] = array(".implode(',', $array).");");
			break;
				
		default:
			$config[$registry['keyname']] = $registry['keyvalue'];
	}
}
       
?>
Return current item: TPEngine