<?php
/**
* eXtreme Message Board
* XMB 1.9.11
*
* Developed And Maintained By The XMB Group
* Copyright (c) 2001-2010, The XMB Group
* http://www.xmbforum.com
*
* Sponsored By iEntry, Inc.
* http://www.ientry.com
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
**/
/* Front Matter */
if (!defined('X_SCRIPT')) {
header('HTTP/1.0 403 Forbidden');
exit("Not allowed to run this file directly.");
}
if (!defined('ROOT')) define('ROOT', './');
error_reporting(-1); // Report all errors until config.php loads successfully.
define('IN_CODE', TRUE);
require ROOT.'include/global.inc.php';
/* Global Constants and Initialized Values */
$versioncompany = 'The XMB Group';
$versionshort = '1.9.11';
$versiongeneral = 'XMB 1.9.11';
$copyright = '2001-2010';
$alpha = '';
$beta = '';
$gamma = '';
$service_pack = '';
$versionbuild = 20100126;
$mtime = explode(" ", microtime());
$starttime = $mtime[1] + $mtime[0];
$onlinetime = time();
$time = $onlinetime;
$selHTML = 'selected="selected"';
$cheHTML = 'checked="checked"';
$server = substr($_SERVER['SERVER_SOFTWARE'], 0, 3);
$url = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';
$onlineip = $_SERVER['REMOTE_ADDR'];
$canonical_link = '';
$cookiepath = '';
$cookiedomain = '';
$bbcodescript = '';
$database = '';
$threadSubject = '';
$filesize = 0;
$filename = '';
$filetype = '';
$full_url = '';
$navigation = '';
$newu2umsg = '';
$othertid = '';
$pluglink = '';
$quickjump = '';
$searchlink = '';
$smiliesnum = 0;
$status = '';
$wordsnum = 0;
$xmbuser = '';
$xmbpw = '';
$SETTINGS = array();
$THEME = array();
$censorcache = array();
$footerstuff = array();
$links = '';
$lang = array();
$mailer = array();
$plugadmin = array();
$plugimg = array();
$plugname = array();
$plugurl = array();
$smiliecache = array();
$tables = array(
'attachments',
'banned',
'buddys',
'captchaimages',
'favorites',
'forums',
'lang_base',
'lang_keys',
'lang_text',
'logs',
'members',
'posts',
'ranks',
'restricted',
'settings',
'smilies',
'templates',
'themes',
'threads',
'u2u',
'whosonline',
'words',
'vote_desc',
'vote_results',
'vote_voters'
);
define('X_CACHE_GET', 1);
define('X_CACHE_PUT', 2);
define('X_ONLINE_TIMER', 600); // Visitors are offline after this many seconds.
define('X_REDIRECT_HEADER', 1);
define('X_REDIRECT_JS', 2);
define('X_SET_HEADER', 1);
define('X_SET_JS', 2);
define('X_SHORTEN_SOFT', 1);
define('X_SHORTEN_HARD', 2);
// permissions constants
define('X_PERMS_COUNT', 4); //Number of raw bit sets stored in postperm setting.
// indexes used in permissions arrays
define('X_PERMS_RAWPOLL', 0);
define('X_PERMS_RAWTHREAD', 1);
define('X_PERMS_RAWREPLY', 2);
define('X_PERMS_RAWVIEW', 3);
define('X_PERMS_POLL', 40);
define('X_PERMS_THREAD', 41);
define('X_PERMS_REPLY', 42);
define('X_PERMS_VIEW', 43); //View is now = Rawview || Userlist
define('X_PERMS_USERLIST', 44);
define('X_PERMS_PASSWORD', 45);
// status string to bit field assignments
$status_enum = array(
'Super Administrator' => 1,
'Administrator' => 2,
'Super Moderator' => 4,
'Moderator' => 8,
'Member' => 16,
'Guest' => 32,
'' => 32,
'Reserved-Future-Use' => 64,
'Banned' => (1 << 30)
); //$status['Banned'] == 2^30
// status bit to $lang key assignments
$status_translate = array(
1 => 'superadmin',
2 => 'textadmin',
4 => 'textsupermod',
8 => 'textmod',
16 => 'textmem',
32 => 'textguest1',
(1 << 30) => 'textbanned'
);
// discover the most likely browser
// so we can use bbcode specifically made for it
$browser = 'opera'; // default to opera
if (isset($_SERVER['HTTP_USER_AGENT'])) {
if (false !== strpos($_SERVER['HTTP_USER_AGENT'], 'Gecko') && false === strpos($_SERVER['HTTP_USER_AGENT'], 'Safari')) {
$browser = 'mozilla';
}
if (false !== strpos($_SERVER['HTTP_USER_AGENT'], 'Opera')) {
$browser = 'opera';
}
if (false !== strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE')) {
$browser = 'ie';
}
}
define('IS_MOZILLA', ($browser == 'mozilla'));
define('IS_OPERA', ($browser == 'opera'));
define('IS_IE', ($browser == 'ie'));
assertEmptyOutputStream('header.php or global.inc.php');
/* Load the Configuration Created by Install */
require ROOT.'config.php';
assertEmptyOutputStream('config.php');
if (!$show_full_info) {
$versionshort = '';
$versiongeneral = 'XMB';
$alpha = '';
$beta = '';
$gamma = '';
$service_pack = '';
$versionbuild = '[HIDDEN]';
} else {
$versiongeneral .= ' ';
}
$versionlong = 'Powered by '.$versiongeneral.$alpha.$beta.$gamma.$service_pack;
if (!defined('DEBUG')) define('DEBUG', FALSE);
if (!defined('LOG_MYSQL_ERRORS')) define('LOG_MYSQL_ERRORS', FALSE);
if (DEBUG) {
require(ROOT.'include/debug.inc.php');
assertEmptyOutputStream('debug.inc.php');
} else {
error_reporting(E_ERROR | E_PARSE | E_USER_ERROR);
}
$config_array = array(
'dbname' => 'DB/NAME',
'dbuser' => 'DB/USER',
'dbpw' => 'DB/PW',
'dbhost' => 'DB_HOST',
'database' => 'DB_TYPE',
'tablepre' => 'TABLE/PRE',
'full_url' => 'FULLURL',
'ipcheck' => 'IPCHECK',
'allow_spec_q' => 'SPECQ',
'show_full_info' => 'SHOWFULLINFO',
'comment_output' => 'COMMENTOUTPUT'
);
foreach($config_array as $key => $value) {
if (${$key} === $value) {
header('HTTP/1.0 500 Internal Server Error');
if (file_exists(ROOT.'install/')) {
exit('<h1>Error:</h1><br />The installation files ("./install/") have been found on the server. Please remove them as soon as possible. If you have not yet installed XMB, please do so at this time. Just <a href="./install/index.php">click here</a>.');
}
exit('Configuration Problem: XMB noticed that your config.php has not been fully configured.<br />The $'.$key.' has not been configured correctly.<br /><br />Please configure config.php before continuing.<br />Refresh the browser after uploading the new config.php (when asked if you want to resubmit POST data, click the \'OK\'-button).');
}
}
unset($config_array);
/* Validate URL Configuration and Security */
if (empty($full_url)) {
header('HTTP/1.0 500 Internal Server Error');
exit('<b>ERROR: </b><i>Please fill the $full_url variable in your config.php!</i>');
} else {
$array = parse_url($full_url);
$cookiesecure = ($array['scheme'] == 'https');
$cookiedomain = $array['host'];
if (strpos($cookiedomain, '.') === FALSE || preg_match("/^([0-9]{1,3}\.){3}[0-9]{1,3}$/", $cookiedomain)) {
$cookiedomain = '';
} elseif (substr($cookiedomain, 0, 4) === 'www.') {
$cookiedomain = substr($cookiedomain, 3);
}
if (!isset($array['path'])) {
$array['path'] = '/';
}
$cookiepath = $array['path'];
if (DEBUG) {
debugURLsettings($cookiesecure, $cookiedomain, $cookiepath);
} elseif (0 == strlen($url)) {
header('HTTP/1.0 500 Internal Server Error');
exit('Error: URL Not Found. Set DEBUG to TRUE in config.php to see diagnostic details.');
}
unset($array);
}
// Common XSS Protection: XMB disallows '<' and unencoded ':/' in all URLs.
if (X_SCRIPT != 'search.php') {
$url_check = Array('%3c', '<', ':/');
foreach($url_check as $name) {
if (strpos(strtolower($url), $name) !== FALSE) {
header('HTTP/1.0 403 Forbidden');
exit('403 Forbidden - URL rejected by XMB');
}
}
unset($url_check);
}
// Check for double-slash problems in REQUEST_URI
if (substr($url, 0, strlen($cookiepath)) != $cookiepath Or substr($url, strlen($cookiepath), 1) == '/') {
$fixed_url = str_replace('//', '/', $url);
if (substr($fixed_url, 0, strlen($cookiepath)) != $cookiepath Or substr($fixed_url, strlen($cookiepath), 1) == '/' Or $fixed_url != preg_replace('/[^\x20-\x7e]/', '', $fixed_url)) {
header('HTTP/1.0 404 Not Found');
exit('XMB detected an invalid URL. Set DEBUG to TRUE in config.php to see diagnostic details.');
} else {
$fixed_url = $full_url.substr($fixed_url, strlen($cookiepath));
header('HTTP/1.0 301 Moved Permanently');
header("Location: $fixed_url");
exit('XMB detected an invalid URL');
}
}
//Checks the IP-format, if it's not a IPv4 type, it will be blocked, safe to remove....
if ($ipcheck == 'on') {
if (1 != preg_match('@^(\\d{1,3}\\.){3}\\d{1,3}$@', $onlineip)) {
header('HTTP/1.0 403 Forbidden');
exit("Access to this website is currently not possible as your hostname/IP appears suspicous.");
}
}
/* Load Common Files and Establish Database Connection */
define('X_PREFIX', $tablepre); // Secured table prefix constant
require ROOT.'db/'.$database.'.php';
assertEmptyOutputStream('db/'.$database.'.php');
require ROOT.'include/validate.inc.php';
assertEmptyOutputStream('validate.inc.php');
require ROOT.'include/functions.inc.php';
assertEmptyOutputStream('functions.inc.php');
$db = new dbstuff;
$db->connect($dbhost, $dbuser, $dbpw, $dbname, $pconnect);
// Make all settings global, and put them in the $SETTINGS[] array
// This is the first query, so do not panic unless query logging is enabled.
$squery = $db->query("SELECT * FROM ".X_PREFIX."settings", (DEBUG and LOG_MYSQL_ERRORS));
// Assume XMB is not installed if first query fails.
if (FALSE === $squery) {
header('HTTP/1.0 500 Internal Server Error');
if (file_exists(ROOT.'install/')) {
exit('XMB is not yet installed. Please do so at this time. Just <a href="./install/index.php">click here</a>.');
}
exit('Fatal Error: XMB is not installed. Please upload the /install/ directory to begin.');
}
if ($db->num_rows($squery) == 0) {
header('HTTP/1.0 500 Internal Server Error');
exit('Fatal Error: The XMB settings table is empty.');
}
foreach($db->fetch_array($squery) as $key => $val) {
$$key = $val;
$SETTINGS[$key] = $val;
}
$db->free_result($squery);
if ($postperpage < 5) {
$postperpage = 30;
}
if ($topicperpage < 5) {
$topicperpage = 30;
}
if ($memberperpage < 5) {
$memberperpage = 30;
}
if ($onlinetodaycount < 5) {
$onlinetodaycount = 30;
}
// Validate maxattachsize with PHP configuration.
$inimax = phpShorthandValue('upload_max_filesize');
if ($inimax < $SETTINGS['maxattachsize']) {
$SETTINGS['maxattachsize'] = $inimax;
}
unset($inimax);
/* Set Global HTTP Headers */
if (X_SCRIPT != 'files.php') {
header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
}
// Fix annoying bug in windows... *sigh*
$action = postedVar('action', '', FALSE, FALSE, FALSE, 'g');
if ($action != 'attachment' && !($action == 'templates' && isset($download)) && !($action == 'themes' && isset($download))) {
header("Content-type: text/html");
}
// Update last visit cookies
$xmblva = getInt('xmblva', 'c'); // Last visit
$xmblvb = getInt('xmblvb', 'c'); // Duration of this visit (considered to be up to 600 seconds)
if ($xmblvb > 0) {
$thetime = $xmblvb; // lvb will expire in 600 seconds, so if it's there, we're in a current session
} else if ($xmblva > 0) {
$thetime = $xmblva; // Not currently logged in, so let's get the time from the last visit
} else {
$thetime = $onlinetime; // no cookie at all, so this is your first visit
}
put_cookie('xmblva', $onlinetime, ($onlinetime + (86400*365)), $cookiepath, $cookiedomain); // lva == now
put_cookie('xmblvb', $thetime, ($onlinetime + X_ONLINE_TIMER), $cookiepath, $cookiedomain); // lvb =
$lastvisit = $thetime;
if (isset($oldtopics)) {
put_cookie('oldtopics', $oldtopics, ($onlinetime + X_ONLINE_TIMER), $cookiepath, $cookiedomain);
}
/* Authorize User, Set Up Session, and Load Language Translation */
$serror = '';
// Check if the client is ip-banned
if ($SETTINGS['ip_banning'] == 'on') {
$ips = explode(".", $onlineip);
$query = $db->query("SELECT id FROM ".X_PREFIX."banned WHERE ((ip1='$ips[0]' OR ip1='-1') AND (ip2='$ips[1]' OR ip2='-1') AND (ip3='$ips[2]' OR ip3='-1') AND (ip4='$ips[3]' OR ip4='-1')) AND NOT (ip1='-1' AND ip2='-1' AND ip3='-1' AND ip4='-1')");
$result = $db->num_rows($query);
$db->free_result($query);
if ($result > 0) {
// Block all non-admins
$serror = 'ip';
}
}
// Check if the board is offline
if ($SETTINGS['bbstatus'] == 'off' And $serror == '') {
if (($action == 'login' Or $action == 'lostpw') And X_SCRIPT == 'misc.php') {
// Allow login
} elseif ($SETTINGS['regstatus'] == 'on' And ($action == 'reg' Or $action == 'coppa' Or $action == 'captchaimage') And (X_SCRIPT == 'misc.php' Or X_SCRIPT == 'member.php')) {
// Allow registration
} else {
// Block all non-admins
$serror = 'bstatus';
}
}
// Check if the board is set to 'reg-only'
if ($SETTINGS['regviewonly'] == 'on' And $serror == '') {
if (($action == 'login' Or $action == 'lostpw') And X_SCRIPT == 'misc.php') {
// Allow login
} elseif ($SETTINGS['regstatus'] == 'on' And ($action == 'reg' Or $action == 'coppa' Or $action == 'captchaimage') And (X_SCRIPT == 'misc.php' Or X_SCRIPT == 'member.php')) {
// Allow registration
} else {
// Block all guests
$serror = 'guest';
}
}
$uinput = postedVar('xmbuser', '', FALSE, TRUE, FALSE, 'c');
$pinput = postedVar('xmbpw', '', FALSE, FALSE, FALSE, 'c');
if (!elevateUser($uinput, $pinput, FALSE, $serror)) {
// Delete cookies when authentication fails.
if ($uinput != '') {
put_cookie("xmbuser", '', 0, $cookiepath, $cookiedomain);
put_cookie("xmbpw", '', 0, $cookiepath, $cookiedomain);
}
}
unset($uinput, $pinput);
/* Set Up HTML Templates and Themes */
// Create a base element so that links aren't broken if scripts are accessed using unexpected paths.
// XMB expects all links to be relative to $full_url + script name + query string.
$querystring = strstr($url, '?');
if ($querystring === FALSE) {
$querystring = '';
}
$querystring = preg_replace('/[^\x20-\x7e]/', '', $querystring);
if ($url == $cookiepath) {
$baseelement = '<base href="'.$full_url.'" />';
} else {
$baseelement = '<base href="'.$full_url.X_SCRIPT.attrOut($querystring).'" />';
}
// login/logout links
if (X_MEMBER) {
if (X_ADMIN) {
$cplink = ' - <a href="cp.php">'.$lang['textcp'].'</a>';
} else {
$cplink = '';
}
$loginout = '<a href="misc.php?action=logout">'.$lang['textlogout'].'</a>';
$memcp = '<a href="memcp.php">'.$lang['textusercp'].'</a>';
$u2ulink = "<a href=\"u2u.php\" onclick=\"Popup(this.href, 'Window', 700, 450); return false;\">{$lang['banu2u']}</a> - ";
$notify = $lang['loggedin'].' <a href="member.php?action=viewpro&member='.recodeOut($xmbuser).'">'.$xmbuser.'</a><br />['.$loginout.' - '.$u2ulink.''.$memcp.''.$cplink.']';
// Update lastvisit in the header shown
$theTime = $xmblva + ($self['timeoffset'] * 3600) + ($SETTINGS['addtime'] * 3600);
$lastdate = gmdate($dateformat, $theTime);
$lasttime = gmdate($timecode, $theTime);
$lastvisittext = $lang['lastactive'].' '.$lastdate.' '.$lang['textat'].' '.$lasttime;
} else {
// Checks for the possibility to register
if ($SETTINGS['regstatus'] == 'on') {
$reglink = '- <a href="member.php?action=coppa">'.$lang['textregister'].'</a>';
} else {
$reglink = '';
}
$loginout = '<a href="misc.php?action=login">'.$lang['textlogin'].'</a>';
$notify = $lang['notloggedin'].' ['.$loginout.' '.$reglink.']';
$lastvisittext = '';
}
// Get themes, [fid, [tid]]
$forumtheme = 0;
$fid = getInt('fid', 'r');
$tid = getInt('tid', 'r');
if ($tid > 0 && $action != 'templates') {
$query = $db->query("SELECT f.fid, f.theme FROM ".X_PREFIX."forums f RIGHT JOIN ".X_PREFIX."threads t USING (fid) WHERE t.tid=$tid");
$locate = $db->fetch_array($query);
$db->free_result($query);
$fid = $locate['fid'];
$forumtheme = $locate['theme'];
} else if ($fid > 0) {
$forum = getForum($fid);
if (($forum['type'] != 'forum' && $forum['type'] != 'sub') || $forum['status'] != 'on') {
$forumtheme = 0;
} else {
$forumtheme = $forum['theme'];
}
}
// Check what theme to use
$validtheme = FALSE;
if (!$validtheme And (int) $themeuser > 0) {
$theme = (int) $themeuser;
$query = $db->query("SELECT * FROM ".X_PREFIX."themes WHERE themeid=$theme");
if (!$validtheme = ($db->num_rows($query) > 0)) {
$themeuser = 0;
$db->query("UPDATE ".X_PREFIX."members SET theme=0 WHERE uid={$self['uid']}");
}
}
if (!$validtheme And (int) $forumtheme > 0) {
$theme = (int) $forumtheme;
$query = $db->query("SELECT * FROM ".X_PREFIX."themes WHERE themeid=$theme");
if (!$validtheme = ($db->num_rows($query) > 0)) {
$themeuser = 0;
$db->query("UPDATE ".X_PREFIX."forums SET theme=0 WHERE fid=$fid");
}
}
if (!$validtheme) {
$theme = (int) $SETTINGS['theme'];
$query = $db->query("SELECT * FROM ".X_PREFIX."themes WHERE themeid=$theme");
$validtheme = ($db->num_rows($query) > 0);
}
if (!$validtheme) {
$query = $db->query("SELECT * FROM ".X_PREFIX."themes LIMIT 1");
if ($validtheme = ($db->num_rows($query) > 0)) {
$row = $db->fetch_array($query);
$SETTINGS['theme'] = $row['themeid'];
$db->query("UPDATE ".X_PREFIX."settings SET theme={$SETTINGS['theme']}");
$db->data_seek($query, 0);
}
}
if (!$validtheme) {
header('HTTP/1.0 500 Internal Server Error');
exit('Fatal Error: The XMB themes table is empty.');
}
// Make theme-vars semi-global
foreach($db->fetch_array($query) as $key=>$val) {
if ($key != "name") {
$$key = $val;
} else {
$val = stripslashes($val);
}
$THEME[$key] = $val;
}
$db->free_result($query);
// additional CSS to load?
if (file_exists(ROOT.$imgdir.'/theme.css')) {
$cssInclude = '<style type="text/css">'."\n"."@import url('".$imgdir."/theme.css');"."\n".'</style>';
} else {
$cssInclude = '';
}
// Alters certain visibility-variables
if (false === strpos($bgcolor, '.')) {
$bgcode = "background-color: $bgcolor;";
} else {
$bgcode = "background-image: url('$imgdir/$bgcolor');";
}
if (false === strpos($catcolor, '.')) {
$catbgcode = "bgcolor=\"$catcolor\"";
$catcss = 'background-color: '.$catcolor.';';
} else {
$catbgcode = "style=\"background-image: url($imgdir/$catcolor)\"";
$catcss = 'background-image: url('.$imgdir.'/'.$catcolor.');';
}
if (false === strpos($top, '.')) {
$topbgcode = "bgcolor=\"$top\"";
} else {
$topbgcode = "style=\"background-image: url($imgdir/$top)\"";
}
if (false !== strpos($boardimg, ',')) {
$flashlogo = explode(",",$boardimg);
//check if it's an URL or just a filename
$l = array();
$l = parse_url($flashlogo[0]);
if (!isset($l['scheme']) || !isset($l['host'])) {
$flashlogo[0] = $imgdir.'/'.$flashlogo[0];
}
$logo = '<object type="application/x-shockwave-flash" data="'.$flashlogo[0].'" width="'.$flashlogo[1].'" height="'.$flashlogo[2].'"><param name="movie" value="'.$flashlogo[0].'" /><param name="AllowScriptAccess" value="never" /></object>';
} else {
$l = array();
$l = parse_url($boardimg);
if (!isset($l['scheme']) || !isset($l['host'])) {
$boardimg = $imgdir.'/'.$boardimg;
}
$logo = '<a href="./"><img src="'.$boardimg.'" alt="'.$bbname.'" border="0" /></a>';
}
// Font stuff...
$fontedit = preg_replace('#(\D)#', '', $fontsize);
$fontsuf = preg_replace('#(\d)#', '', $fontsize);
$font1 = $fontedit-1 . $fontsuf;
$font3 = $fontedit+2 . $fontsuf;
// Set Extra Theme Keys
$THEME['bgcode'] = $bgcode;
$THEME['font1'] = $font1;
$THEME['font3'] = $font3;
/* Theme Ready. Make pretty errors. */
switch ($serror) {
case 'ip':
if (!X_ADMIN) {
header('HTTP/1.0 403 Forbidden');
error($lang['bannedmessage']);
}
break;
case 'bstatus':
if (!X_ADMIN) {
header('HTTP/1.0 503 Service Unavailable');
header('Retry-After: 3600');
if ($bboffreason != '') {
message(nl2br($bboffreason));
} else {
message($lang['textbstatusdefault']);
}
}
break;
case 'guest':
if (X_GUEST) {
if ($SETTINGS['regstatus'] == 'on') {
$message = $lang['reggedonly'].' '.$reglink.' '.$lang['textor'].' <a href="misc.php?action=login">'.$lang['textlogin'].'</a>';
} else {
$message = $lang['reggedonly'].' <a href="misc.php?action=login">'.$lang['textlogin'].'</a>';
}
message($message);
}
break;
}
/* Finish HTML Templates */
if ((X_ADMIN Or $SETTINGS['bbstatus'] == 'on') And (X_MEMBER Or $SETTINGS['regviewonly'] == 'off')) {
$links = array();
// Search-link
$searchlink = makeSearchLink();
// Faq-link
if ($SETTINGS['faqstatus'] == 'on') {
$links[] = '<img src="'.$imgdir.'/top_faq.gif" alt="'.$lang['altfaq'].'" border="0" /> <a href="faq.php"><font class="navtd">'.$lang['textfaq'].'</font></a>';
}
// Memberlist-link
if ($SETTINGS['memliststatus'] == 'on') {
$links[] = '<img src="'.$imgdir.'/top_memberslist.gif" alt="'.$lang['altmemberlist'].'" border="0" /> <a href="misc.php?action=list"><font class="navtd">'.$lang['textmemberlist'].'</font></a>';
}
// Today's posts-link
if ($SETTINGS['todaysposts'] == 'on') {
$links[] = '<img src="'.$imgdir.'/top_todaysposts.gif" alt="'.$lang['alttodayposts'].'" border="0" /> <a href="today.php"><font class="navtd">'.$lang['navtodaysposts'].'</font></a>';
}
// Stats-link
if ($SETTINGS['stats'] == 'on') {
$links[] = '<img src="'.$imgdir.'/top_stats.gif" alt="'.$lang['altstats'].'" border="0" /> <a href="stats.php"><font class="navtd">'.$lang['navstats'].'</font></a>';
}
// 'Forum Rules'-link
if ($SETTINGS['bbrules'] == 'on') {
$links[] = '<img src="'.$imgdir.'/top_bbrules.gif" alt="'.$lang['altrules'].'" border="0" /> <a href="faq.php?page=forumrules"><font class="navtd">'.$lang['textbbrules'].'</font></a>';
}
$links = implode(' ', $links);
// Show all plugins
$pluglinks = array();
foreach($plugname as $plugnum => $item) {
if (!empty($plugurl[$plugnum]) && !empty($plugname[$plugnum])) {
if (trim($plugimg[$plugnum]) != '') {
$img = ' <img src="'.$plugimg[$plugnum].'" border="0" alt="'.$plugname[$plugnum].'" /> ';
} else {
$img = '';
}
if ($plugadmin[$plugnum] != true || X_ADMIN) {
$pluglinks[] = $img.'<a href="'.$plugurl[$plugnum].'"><font class="navtd">'.$plugname[$plugnum].'</font></a> ';
}
}
}
if (count($pluglinks) == 0) {
$pluglink = '';
} else {
$pluglink = implode(' ', $pluglinks);
}
// create forum jump
if ($SETTINGS['quickjump_status'] == 'on') {
$quickjump = forumJump();
}
// check for new u2u's
if (X_MEMBER) {
$query = $db->query("SELECT COUNT(*) FROM ".X_PREFIX."u2u WHERE owner='$xmbuser' AND folder='Inbox' AND readstatus='no'");
$newu2unum = $db->result($query, 0);
$db->free_result($query);
if ($newu2unum > 0) {
$newu2umsg = "<a href=\"u2u.php\" onclick=\"Popup(this.href, 'Window', 700, 450); return false;\">{$lang['newu2u1']} $newu2unum {$lang['newu2u2']}</a>";
// Popup Alert
if ($self['u2ualert'] == 2 Or ($self['u2ualert'] == 1 And X_SCRIPT == 'index.php')) {
$newu2umsg .= '<script language="JavaScript" type="text/javascript">function u2uAlert() { ';
if ($newu2unum == 1) {
$newu2umsg .= 'u2uAlertMsg = "'.$lang['newu2u1'].' '.$newu2unum.$lang['u2ualert5'].'"; ';
} else {
$newu2umsg .= 'u2uAlertMsg = "'.$lang['newu2u1'].' '.$newu2unum.$lang['u2ualert6'].'"; ';
}
$newu2umsg .= "if (confirm(u2uAlertMsg)) { Popup('u2u.php', 'testWindow', 700, 450); } } setTimeout('u2uAlert();', 10);</script>";
}
}
}
}
/* Perform HTTP Connection Maintenance */
assertEmptyOutputStream('header.php');
// Gzip-compression
if ($SETTINGS['gzipcompress'] == 'on'
&& $action != 'captchaimage'
&& X_SCRIPT != 'files.php'
&& !DEBUG) {
if (($res = @ini_get('zlib.output_compression')) > 0) {
// leave it
} else if ($res === false) {
// ini_get not supported. So let's just leave it
} else {
if (function_exists('gzopen')) {
$r = @ini_set('zlib.output_compression', 4096);
$r2 = @ini_set('zlib.output_compression_level', '3');
if (FALSE === $r || FALSE === $r2) {
ob_start('ob_gzhandler');
}
} else {
ob_start('ob_gzhandler');
}
}
}
assertEmptyOutputStream('header.php');
return;
?>