+ * config.php

+// Constants

+// User Levels

+define(ADMIN, 4);

+define(SUPERMOD, 3);

+define(MODERATOR, 2);

+define(USER, 1);

+define(DELETED, -1);

+define(ANONYMOUS, -1);

+// Forum access levels

+define(PUBLIC, 1);

+define(PRIVATE, 2);

+

+// Forum posting levels

+define(ANONALLOWED, 1);

+define(REGONLY, 2);

+define(MODONLY, 3);

+

+// Topic state

+define(UNLOCKED, 0);

+define(LOCKED, 1);

+

+// Ban time types

+define(SECONDS, 1);

+define(MINUTES, 2);

+define(HOURS, 3);

+define(DAYS, 4);

+define(YEARS, 5);

+

+// Error codes

+define(SQL_CONNECT, 1);

+define(BANNED, 2);

+define(QUERY_ERROR, 3);

+define(SESSION_CREATE, 4);

+

+

+$session_cookie = "phpBBsession";

+$session_cookie_time = 3600;

+

+$dbms = "mysql";

+$dbhost = "localhost";

+$dbname = "phpbb2";

+$dbuser = "root";

+$dbpasswd = "zocalo";

+ * db.php

+switch($dbms)

+{

+ case 'mysql':

+ include('db/mysql.'.$phpEx);

+ break;

+ case 'postgres':

+ include('db/postgres7.'.$phpEx);

+ break;

+ case 'mssql':

+ include('db/mssql.'.$phpEx);

+ break;

+ case 'oracle':

+ include('db/oracle.'.$phpEx);

+ break;

+}

+

+// Make the database connection.

+$db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, false);

+if(!$db->db_connect_id)

+{

+ error_die($db, SQL_CONNECT);

+}

+

+// Check if user is banned

+if(!auth("ip ban", $db, "", "", "", "", "", $REMOTE_ADDR, "", "", ""))

+{

+ error_die($db, BANNED);

+}

+

+// Initalize these variables to keep them safe.

+$user_logged_in = 0;

+$logged_in = 0;

+$userdata = Array();

+

+// Setup forum wide options.

+$sql = "SELECT * FROM config WHERE selected = 1";

+if(!$result = $db->sql_query($sql))

+{

+ error_die($db, QUERY_ERROR);

+}

+else

+{

+ $config = $db->sql_fetchrowset($result);

+ $sitename = stripslashes($config[0]["sitename"]);

+ $allow_html = $config[0]["allow_html"];

+ $allow_bbcode = $config[0]["allow_bbcode"];

+ $allow_sig = $config[0]["allow_sig"];

+ $allow_namechange = $config[0]["allow_namechange"];

+ $posts_per_page = $config[0]["posts_per_page"];

+ $hot_threshold = $config[0]["hot_threshold"];

+ $topics_per_page = $config[0]["topics_per_page"];

+ $override_user_themes = $config[0]["override_themes"];

+ $email_sig = stripslashes($config[0]["email_sig"]);

+ $email_from = $config[0]["email_from"];

+ $default_lang = $config[0]["default_lang"];

+ $sys_lang = $default_lang;

+}

+

+if(isset($HTTP_COOKIE_VARS[$session_cookie]))

+{

+ $sessid = $HTTP_COOKIE_VARS[$session_cookie];

+ $userid = get_userid_from_session($sessid, $session_cookie_time, $REMOTE_ADDR, $db);

+

+ if ($userid)

+ {

+ $user_logged_in = 1;

+ update_session_time($sessid, $db);

+

+ if(!auth("username ban", $db, $userid, "", "", "", "", "", "", "", ""))

+ {

+ error_die($db, BANNED);

+ }

+ $userdata = get_userdata_from_id($userid, $db);

+ }

+}

+

+// If the user isn't logged in check if they have a user ID cookie.

+if (!$user_logged_in)

+{

+ if(isset($HTTP_COOKIE_VARS[$cookie_name]))

+ {

+ $userdata = get_userdata_from_id($HTTP_COOKIE_VARS["$cookie_name"], $db);

+ if(!auth("username ban", $db, $userdata["user_id"], "", "", "", "", "", "", "", ""))

+ {

+ error_die($db, BANNED);

+ }

+ }

+}

+// Setup what template to use. Currently just use default

+$template = new Template("./templates/Default", "keep");

+ * auth.php

+/* Notes:

+ * auth() is going to become a very complex function and can take in a LARGE number of arguments.

+ * The currently included argements should be enough to handle any situation, however, if you need access to another

+ * the best option would be to create a global variable and access it that way if you can.

+ *

+ * auth() returns:

+ * TRUE if the user authorized

+ * FALSE if the user is not

+ */

+function auth($type,

+ $db,

+ $user_id = "",

+ $user_name = "",

+ $user_pass = "",

+ $user_level = "",

+ $session_id = "",

+ $user_ip = "",

+ $forum_id = "",

+ $topic_id = "",

+ $post_id = "")

+{

+ switch($type)

+ {

+ case 'ip ban':

+ $sql = "DELETE FROM banlist

+ WHERE (ban_end < ". mktime(date("H"), date("i"), date("s"), date("m"), date("d"), date("Y")).")

+ AND (ban_end > 0)";

+ $db->sql_query($sql);

+ $sql = "SELECT ban_ip FROM banlist";

+ if($result = $db->sql_query($sql))

+ {

+ if($totalrows = $db->sql_numrows())

+ {

+ $iprow = $db->sql_fetchrowset($result);

+ for($x = 0; $x < $totalrows; $x++)

+ {

+ $ip = $iprow[$x]["ban_ip"];

+ if($ip[strlen($ip) - 1] == ".")

+ {

+ $db_ip = explode(".", $ip);

+ $this_ip = explode(".", $user_ip);

+

+ for($x = 0; $x < count($db_ip) - 1; $x++)

+ {

+ $my_ip .= $this_ip[$x] . ".";

+ }

+

+ if($my_ip == $ip)

+ {

+ return(FALSE);

+ }

+ }

+ else

+ {

+ if($ipuser == $ip)

+ {

+ return(FALSE);

+ }

+ }

+ }

+ return(TRUE);

+ }

+ else

+ {

+ return(TRUE);

+ }

+ }

+ return(TRUE);

+ break;

+ case 'username ban':

+ $sql = "DELETE FROM banlist

+ WHERE (ban_end < ". mktime(date("H"), date("i"), date("s"), date("m"), date("d"), date("Y")).")

+ AND (ban_end > 0)";

+ $db->sql_query($sql);

+ $sql = "SELECT ban_userid FROM banlist WHERE ban_userid = '$user_id'";

+ if($result = $db->sql_query($sql))

+ {

+ if($db->sql_numrows())

+ {

+ return(FALSE);

+ }

+ else

+ {

+ return(TRUE);

+ }

+ }

+ else

+ {

+ return(TRUE);

+ }

+ break;

+ }

+}

+

+

+/*

+ * The following functions are used for getting user information. They are not related directly to auth()

+ */

+function get_userdata_from_id($userid, $db)

+{

+

+ $sql = "SELECT * FROM users WHERE user_id = $userid";

+ if(!$result = $db->sql_query($sql))

+ {

+ $userdata = array("error" => "1");

+ return ($userdata);

+ }

+ if($db->sql_numrows())

+ {

+ $myrow = $db->sql_fetchrowset($result);

+ return($myrow[0]);

+ }

+ else

+ {

+ $userdata = array("error" => "1");

+ return ($userdata);

+ }

+}

+ * sessions.php

+/**

+ * new_session()

+ * Adds a new session to the database for the given userid.

+ * Returns the new session ID.

+ * Also deletes all expired sessions from the database, based on the given session lifespan.

+ */

+function new_session($userid, $remote_ip, $lifespan, $db)

+{

+

+ mt_srand( (double) microtime() * 1000000);

+ $sessid = mt_rand();

+

+ $currtime = (string) (time());

+ $expirytime = (string) (time() - $lifespan);

+

+ $deleteSQL = "DELETE FROM sessions WHERE (start_time < $expirytime)";

+ $delresult = $db->sql_query($deleteSQL);

+

+ if (!$delresult)

+ {

+ error_die($db, SESSION_CREATE);

+ }

+

+ $sql = "INSERT INTO sessions (sess_id, user_id, start_time, remote_ip) VALUES ($sessid, $userid, $currtime, '$remote_ip')";

+

+ $result = $db->sql_query($sql);

+

+ if ($result)

+ {

+ return $sessid;

+ }

+ else

+ {

+ error_die($db, SESSION_CREATE);

+ } // if/else

+

+} // new_session()

+

+/*

+ * Sets the sessID cookie for the given session ID. the $cookietime parameter

+ * is no longer used, but just hasn't been removed yet. It'll break all the modules

+ * (just login) that call this code when it gets removed.

+ * Sets a cookie with no specified expiry time. This makes the cookie last until the

+ * user's browser is closed. (at last that's the case in IE5 and NS4.7.. Haven't tried

+ * it with anything else.)

+ */

+function set_session_cookie($sessid, $cookietime, $cookiename, $cookiepath, $cookiedomain, $cookiesecure)

+{

+ // This sets a cookie that will persist until the user closes their browser window.

+ // since session expiry is handled on the server-side, cookie expiry time isn't a big deal.

+ setcookie($cookiename, $sessid, '', $cookiepath, $cookiedomain, $cookiesecure);

+

+} // set_session_cookie()

+

+/*

+ * Returns the userID associated with the given session, based on

+ * the given session lifespan $cookietime and the given remote IP

+ * address. If no match found, returns 0.

+ */

+function get_userid_from_session($sessid, $cookietime, $remote_ip, $db)

+{

+ $mintime = time() - $cookietime;

+ $sql = "SELECT user_id

+ FROM sessions

+ WHERE (sess_id = $sessid)

+ AND (start_time > $mintime)

+ AND (remote_ip = '$remote_ip')";

+ $result = $db->sql_query($sql);

+ if (!$result)

+ {

+ error_die($db, "Error doing DB query in get_userid_from_session()");

+ }

+ $rowset = $db->sql_fetchrowset();

+ $num_rows = $db->sql_numrows();

+ if ($num_rows == 0)

+ {

+ return 0;

+ }

+ else

+ {

+ return $rowset[0]["user_id"];

+ }

+

+} // get_userid_from_session()

+

+

+function update_session_time($sessid, $db)

+{

+

+ $newtime = (string) time();

+ $sql = "UPDATE sessions SET start_time=$newtime WHERE (sess_id = $sessid)";

+ $result = $db->sql_query($sql);

+ if (!$result)

+ {

+ $db_error = $db->sql_error();

+ error_die($db, "Error doing DB update in update_session_time(). Reason: " . $db_error["message"]);

+ }

+ return 1;

+

+} // update_session_time()

+

+function end_user_session($userid, $db)

+{

+ $sql = "DELETE FROM sessions WHERE (user_id = $userid)";

+ $result = $db->sql_query($sql, $db);

+ if (!$result)

+ {

+ $db_error = $db->sql_error();

+ error_die($db, "Delete failed in end_user_session(). Reason: " . $db_error["message"]);

+ }

+ return 1;

+

+} // end_session()

+ * index.php

+include('extension.inc');

+include('config.'.$phpEx);

+include('template.inc');

+include('functions/error.'.$phpEx);

+include('functions/sessions.'.$phpEx);

+include('functions/auth.'.$phpEx);

+include('db.'.$phpEx);

+$total_users = 10;

+$total_posts = 55668;

+$newest_user = "Dave";

+$newest_uid = 10;

+$users_browsing = "4 Users";

+$pagetype = "index";

+include('page_header.'.$phpEx);

+$template->set_block("body", "catrow", "cats");

+$template->set_block("catrow", "forumrow", "forums");

+

+$sql = "SELECT * FROM catagories ORDER BY cat_order";

+if(!$result = $db->sql_query($sql))

+{

+ error_die($db, QUERY_ERROR);

+}

+$total_rows = $db->sql_numrows();

+if($total_rows)

+{

+ $rows = $db->sql_fetchrowset($result);

+ for($x = 0; $x < $total_rows; $x++)

+ {

+

+ $template->set_var(array("CAT_ID" => $rows[$x]["cat_id"],

+ "PHP_SELF" => $PHP_SELF,

+ "CAT_DESC" => stripslashes($rows[$x]["cat_title"])));

+

+ $sub_sql = "SELECT f.* FROM forums f WHERE f.cat_id = '".$rows[$x]["cat_id"]."' ORDER BY forum_id";

+ if(!$sub_result = $db->sql_query($sub_sql))

+ {

+ error_die($db, QUERY_ERROR);

+ }

+ $total_forums = $db->sql_numrows($sub_result);

+ $forum_rows = $db->sql_fetchrowset($sub_result);

+

+ if($total_forums)

+ {

+ $template->parse("cats", "catrow", true);

+ for($y = 0; $y < $total_forums; $y++)

+ {

+ $folder_image = "<img src=\"images/folder.gif\">";

+ $posts = 150;

+ $topics = 35;

+ $last_post = "05-10-2000 12:34:33pm<br>by theFinn";

+ $moderators = "<a href=\"profile.$phpEx?mode=viewprofile&user_id=1\">theFinn</a>";

+ if($row_color == "#DDDDDD")

+ {

+ $row_color = "#CCCCCC";

+ }

+ else

+ {

+ $row_color = "#DDDDDD";

+ }

+ $template->set_var(array("FOLDER" => $folder_image,

+ "FORUM_NAME" => stripslashes($forum_rows[$y]["forum_name"]),

+ "FORUM_ID" => $forum_rows[$y]["forum_id"],

+ "FORUM_DESC" => stripslashes($forum_rows[$y]["forum_desc"]),

+ "ROW_COLOR" => $row_color,

+ "PHPEX" => $phpEx,

+ "POSTS" => $posts,

+ "TOPICS" => $topics,

+ "LAST_POST" => $last_post,

+ "MODERATORS" => $moderators));

+ $template->parse("forums", "forumrow", true);

+ }

+ $template->parse("cats", "forums", true);

+ $template->set_var("forums", "");

+ }

+ }

+}

+$template->pparse("output", "body");

+

+

+include('page_tail.'.$phpEx);

+switch($pagetype)

+{

+ case 'index':

+ $page_title = "Forum Index";

+ $template->set_file(array("overall_header" => "overall_header.tpl",

+ "header" => "index_header.tpl",

+ "body" => "index_body.tpl",

+ "footer" => "index_footer.tpl",

+ "overall_footer" => "overall_footer.tpl"));

+ $template->set_var(array("SITENAME" => $sitename,

+ "PAGE_TITLE" => $page_title,

+ "META_INFO" => $meta_tags,

+ "TOTAL_POSTS" => $total_posts,

+ "TOTAL_USERS" => $total_users,

+ "NEWEST_USER" => $newest_user,

+ "NEWEST_UID" => $newest_uid,

+ "USERS_BROWSING" => $users_browsing));

+

+ $template->pparse("output", "overall_header");

+ $template->pparse("output", "header");

+

+ break;

+}

+