Home Explore Help
Register Sign In
Oppaitime
/
Gazelle
Watch 9
Star 11
Fork 18
Code Issues 21 Pull Requests 7 Releases 0 Wiki Activity
Oppaitime's version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
236 Commits
1 Branch
Tree: 29a4e15e2f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '29a4e15e2f'
${ noResults }
Gazelle/classes/script_start.php

script_start.php 14KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414 
  1. <?php

  2. /*-- Script Start Class --------------------------------*/

  3. /*------------------------------------------------------*/

  4. /* This isnt really a class but a way to tie other      */

  5. /* classes and functions used all over the site to the  */

  6. /* page currently being displayed.                      */

  7. /*------------------------------------------------------*/

  8. /* The code that includes the main php files and    */

  9. /* generates the page are at the bottom.        */

  10. /*------------------------------------------------------*/

  11. /********************************************************/

  12. require 'config.php'; //The config contains all site wide configuration information

  13. 

  14. // Check for common setup pitfalls

  15. if (!ini_get('short_open_tag')) { die('short_open_tag must be On in php.ini'); }

  16. if (!extension_loaded('apcu')) { die('APCu extension not loaded'); }

  17. 

  18. // Deal with dumbasses

  19. if (isset($_REQUEST['info_hash']) && isset($_REQUEST['peer_id'])) {

  20.   die('d14:failure reason40:Invalid .torrent, try downloading again.e');

  21. }

  22. 

  23. require(SERVER_ROOT.'/classes/proxies.class.php');

  24. 

  25. // Get the user's actual IP address if they're proxied.

  26. // Or if cloudflare is used

  27. if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {

  28.   $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];

  29. }

  30. if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])

  31.     && proxyCheck($_SERVER['REMOTE_ADDR'])

  32.     && filter_var($_SERVER['HTTP_X_FORWARDED_FOR'],

  33.         FILTER_VALIDATE_IP,

  34.         FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {

  35.   $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];

  36. }

  37. 

  38. if (!isset($argv) && !empty($_SERVER['HTTP_HOST'])) {

  39.   // Skip this block if running from cli or if the browser is old and shitty

  40.   // This should really be done in nginx config TODO: Remove

  41.   if ($_SERVER['HTTP_HOST'] == 'www.'.SITE_DOMAIN) {

  42.     header('Location: https://'.SITE_DOMAIN.$_SERVER['REQUEST_URI']); die();

  43.   }

  44. }

  45. 

  46. 

  47. 

  48. $ScriptStartTime = microtime(true); //To track how long a page takes to create

  49. if (!defined('PHP_WINDOWS_VERSION_MAJOR')) {

  50.   $RUsage = getrusage();

  51.   $CPUTimeStart = $RUsage['ru_utime.tv_sec'] * 1000000 + $RUsage['ru_utime.tv_usec'];

  52. }

  53. ob_start(); //Start a buffer, mainly in case there is a mysql error

  54. 

  55. 

  56. require(SERVER_ROOT.'/classes/debug.class.php'); //Require the debug class

  57. require(SERVER_ROOT.'/classes/mysql.class.php'); //Require the database wrapper

  58. require(SERVER_ROOT.'/classes/cache.class.php'); //Require the caching class

  59. require(SERVER_ROOT.'/classes/time.class.php'); //Require the time class

  60. require(SERVER_ROOT.'/classes/paranoia.class.php'); //Require the paranoia check_paranoia function

  61. require(SERVER_ROOT.'/classes/regex.php');

  62. require(SERVER_ROOT.'/classes/util.php');

  63. 

  64. $Debug = new DEBUG;

  65. $Debug->handle_errors();

  66. $Debug->set_flag('Debug constructed');

  67. 

  68. $DB = new DB_MYSQL;

  69. $Cache = new CACHE(MEMCACHED_SERVERS);

  70. 

  71. // Autoload classes.

  72. require(SERVER_ROOT.'/classes/classloader.php');

  73. 

  74. // Note: G::initialize is called twice.

  75. // This is necessary as the code inbetween (initialization of $LoggedUser) makes use of G::$DB and G::$Cache.

  76. // TODO: remove one of the calls once we're moving everything into that class

  77. G::initialize();

  78. 

  79. //Begin browser identification

  80. 

  81. $Browser = UserAgent::browser($_SERVER['HTTP_USER_AGENT']);

  82. $OperatingSystem = UserAgent::operating_system($_SERVER['HTTP_USER_AGENT']);

  83. 

  84. $Debug->set_flag('start user handling');

  85. 

  86. // Get classes

  87. // TODO: Remove these globals, replace by calls into Users

  88. list($Classes, $ClassLevels) = Users::get_classes();

  89. 

  90. //-- Load user information

  91. // User info is broken up into many sections

  92. // Heavy - Things that the site never has to look at if the user isn't logged in (as opposed to things like the class, donor status, etc)

  93. // Light - Things that appear in format_user

  94. // Stats - Uploaded and downloaded - can be updated by a script if you want super speed

  95. // Session data - Information about the specific session

  96. // Enabled - if the user's enabled or not

  97. // Permissions

  98. 

  99. if (isset($_COOKIE['session']) && isset($_COOKIE['userid'])) {

  100.   $SessionID = $_COOKIE['session'];

  101.   $LoggedUser['ID'] = (int)$_COOKIE['userid'];

  102. 

  103.   $UserID = $LoggedUser['ID']; //TODO: UserID should not be LoggedUser

  104. 

  105.   if (!$LoggedUser['ID'] || !$SessionID) {

  106.     logout();

  107.   }

  108. 

  109.   $UserSessions = $Cache->get_value("users_sessions_$UserID");

  110.   if (!is_array($UserSessions)) {

  111.     $DB->query(

  112.      "SELECT

  113.         SessionID,

  114.         Browser,

  115.         OperatingSystem,

  116.         IP,

  117.         LastUpdate

  118.       FROM users_sessions

  119.       WHERE UserID = '$UserID'

  120.         AND Active = 1

  121.       ORDER BY LastUpdate DESC");

  122.     $UserSessions = $DB->to_array('SessionID',MYSQLI_ASSOC);

  123.     $Cache->cache_value("users_sessions_$UserID", $UserSessions, 0);

  124.   }

  125. 

  126.   if (!array_key_exists($SessionID, $UserSessions)) {

  127.     logout();

  128.   }

  129. 

  130.   // Check if user is enabled

  131.   $Enabled = $Cache->get_value('enabled_'.$LoggedUser['ID']);

  132.   if ($Enabled === false) {

  133.     $DB->query("

  134.       SELECT Enabled

  135.       FROM users_main

  136.       WHERE ID = '$LoggedUser[ID]'");

  137.     list($Enabled) = $DB->next_record();

  138.     $Cache->cache_value('enabled_'.$LoggedUser['ID'], $Enabled, 0);

  139.   }

  140.   if ($Enabled == 2) {

  141.     logout();

  142.   }

  143. 

  144.   // Up/Down stats

  145.   $UserStats = $Cache->get_value('user_stats_'.$LoggedUser['ID']);

  146.   if (!is_array($UserStats)) {

  147.     $DB->query("

  148.       SELECT Uploaded AS BytesUploaded, Downloaded AS BytesDownloaded, RequiredRatio

  149.       FROM users_main

  150.       WHERE ID = '$LoggedUser[ID]'");

  151.     $UserStats = $DB->next_record(MYSQLI_ASSOC);

  152.     $Cache->cache_value('user_stats_'.$LoggedUser['ID'], $UserStats, 3600);

  153.   }

  154. 

  155.   // Get info such as username

  156.   $LightInfo = Users::user_info($LoggedUser['ID']);

  157.   $HeavyInfo = Users::user_heavy_info($LoggedUser['ID']);

  158. 

  159.   // Create LoggedUser array

  160.   $LoggedUser = array_merge($HeavyInfo, $LightInfo, $UserStats);

  161. 

  162.   $LoggedUser['RSS_Auth'] = md5($LoggedUser['ID'] . RSS_HASH . $LoggedUser['torrent_pass']);

  163. 

  164.   // $LoggedUser['RatioWatch'] as a bool to disable things for users on Ratio Watch

  165.   $LoggedUser['RatioWatch'] = (

  166.     $LoggedUser['RatioWatchEnds']

  167.     && time() < strtotime($LoggedUser['RatioWatchEnds'])

  168.     && ($LoggedUser['BytesDownloaded'] * $LoggedUser['RequiredRatio']) > $LoggedUser['BytesUploaded']

  169.   );

  170. 

  171.   // Load in the permissions

  172.   $LoggedUser['Permissions'] = Permissions::get_permissions_for_user($LoggedUser['ID'], $LoggedUser['CustomPermissions']);

  173.   $LoggedUser['Permissions']['MaxCollages'] += Donations::get_personal_collages($LoggedUser['ID']);

  174. 

  175.   // Change necessary triggers in external components

  176.   $Cache->CanClear = check_perms('admin_clear_cache');

  177. 

  178.   // Because we <3 our staff

  179.   if (check_perms('site_disable_ip_history')) {

  180.     $_SERVER['REMOTE_ADDR'] = '127.0.0.1';

  181.   }

  182. 

  183.   // Update LastUpdate every 10 minutes

  184.   if (strtotime($UserSessions[$SessionID]['LastUpdate']) + 600 < time()) {

  185.     $DB->query("

  186.       UPDATE users_main

  187.       SET LastAccess = '".sqltime()."'

  188.       WHERE ID = '$LoggedUser[ID]'");

  189.     $SessionQuery =

  190.      "UPDATE users_sessions

  191.       SET ";

  192.     // Only update IP if we have an encryption key in memory

  193.     if (apcu_exists('DBKEY')) {

  194.       $SessionQuery .= "IP = '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."', ";

  195.     }

  196.     $SessionQuery .=

  197.        "Browser = '$Browser',

  198.         OperatingSystem = '$OperatingSystem',

  199.         LastUpdate = '".sqltime()."'

  200.       WHERE UserID = '$LoggedUser[ID]'

  201.         AND SessionID = '".db_string($SessionID)."'";

  202.     $DB->query($SessionQuery);

  203.     $Cache->begin_transaction("users_sessions_$UserID");

  204.     $Cache->delete_row($SessionID);

  205.     $UsersSessionCache = array(

  206.         'SessionID' => $SessionID,

  207.         'Browser' => $Browser,

  208.         'OperatingSystem' => $OperatingSystem,

  209.         'IP' => ((apcu_exists('DBKEY')) ? DBCrypt::encrypt($_SERVER['REMOTE_ADDR']) : $UserSessions[$SessionID]['IP']),

  210.         'LastUpdate' => sqltime() );

  211.     $Cache->insert_front($SessionID, $UsersSessionCache);

  212.     $Cache->commit_transaction(0);

  213.   }

  214. 

  215.   // Notifications

  216.   if (isset($LoggedUser['Permissions']['site_torrents_notify'])) {

  217.     $LoggedUser['Notify'] = $Cache->get_value('notify_filters_'.$LoggedUser['ID']);

  218.     if (!is_array($LoggedUser['Notify'])) {

  219.       $DB->query("

  220.         SELECT ID, Label

  221.         FROM users_notify_filters

  222.         WHERE UserID = '$LoggedUser[ID]'");

  223.       $LoggedUser['Notify'] = $DB->to_array('ID');

  224.       $Cache->cache_value('notify_filters_'.$LoggedUser['ID'], $LoggedUser['Notify'], 2592000);

  225.     }

  226.   }

  227. 

  228.   // We've never had to disable the wiki privs of anyone.

  229.   if ($LoggedUser['DisableWiki']) {

  230.     unset($LoggedUser['Permissions']['site_edit_wiki']);

  231.   }

  232. 

  233.   // IP changed

  234. 

  235.   if (apcu_exists('DBKEY') && DBCrypt::decrypt($LoggedUser['IP']) != $_SERVER['REMOTE_ADDR'] && !check_perms('site_disable_ip_history')) {

  236. 

  237.     if (Tools::site_ban_ip($_SERVER['REMOTE_ADDR'])) {

  238.       error('Your IP address has been banned.');

  239.     }

  240. 

  241.     $CurIP = db_string($LoggedUser['IP']);

  242.     $NewIP = db_string($_SERVER['REMOTE_ADDR']);

  243.     $DB->query("

  244.       SELECT IP

  245.       FROM users_history_ips

  246.       WHERE EndTime IS NULL

  247.         AND UserID = '$LoggedUser[ID]'");

  248.     while (list($EncIP) = $DB->next_record()) {

  249.       if (DBCrypt::decrypt($EncIP) == $CurIP) {

  250.         $CurIP = $EncIP;

  251.         // CurIP is now the encrypted IP that was already in the database (for matching)

  252.         break;

  253.       }

  254.     }

  255.     $DB->query("

  256.       UPDATE users_history_ips

  257.       SET EndTime = '".sqltime()."'

  258.       WHERE EndTime IS NULL

  259.         AND UserID = '$LoggedUser[ID]'

  260.         AND IP = '$CurIP'");

  261.     $DB->query("

  262.       INSERT IGNORE INTO users_history_ips

  263.         (UserID, IP, StartTime)

  264.       VALUES

  265.         ('$LoggedUser[ID]', '".DBCrypt::encrypt($NewIP)."', '".sqltime()."')");

  266. 

  267.     $ipcc = Tools::geoip($NewIP);

  268.     $DB->query("

  269.       UPDATE users_main

  270.       SET IP = '".DBCrypt::encrypt($NewIP)."', ipcc = '$ipcc'

  271.       WHERE ID = '$LoggedUser[ID]'");

  272.     $Cache->begin_transaction('user_info_heavy_'.$LoggedUser['ID']);

  273.     $Cache->update_row(false, array('IP' => DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])));

  274.     $Cache->commit_transaction(0);

  275. 

  276. 

  277.   }

  278. 

  279. 

  280.   // Get stylesheets

  281.   $Stylesheets = $Cache->get_value('stylesheets');

  282.   if (!is_array($Stylesheets)) {

  283.     $DB->query('

  284.       SELECT

  285.         ID,

  286.         LOWER(REPLACE(Name, " ", "_")) AS Name,

  287.         Name AS ProperName,

  288.         LOWER(REPLACE(Additions, " ", "_")) AS Additions,

  289.         Additions AS ProperAdditions

  290.       FROM stylesheets');

  291.     $Stylesheets = $DB->to_array('ID', MYSQLI_BOTH);

  292.     $Cache->cache_value('stylesheets', $Stylesheets, 0);

  293.   }

  294. 

  295.   //A9 TODO: Clean up this messy solution

  296.   $LoggedUser['StyleName'] = $Stylesheets[$LoggedUser['StyleID']]['Name'];

  297. 

  298.   if (empty($LoggedUser['Username'])) {

  299.     logout(); // Ghost

  300.   }

  301. }

  302. G::initialize();

  303. $Debug->set_flag('end user handling');

  304. 

  305. $Debug->set_flag('start function definitions');

  306. 

  307. /**

  308.  * Log out the current session

  309.  */

  310. function logout() {

  311.   global $SessionID;

  312.   setcookie('session', '', time() - 60 * 60 * 24 * 365, '/', '', false);

  313.   setcookie('userid', '', time() - 60 * 60 * 24 * 365, '/', '', false);

  314.   setcookie('keeplogged', '', time() - 60 * 60 * 24 * 365, '/', '', false);

  315.   if ($SessionID) {

  316. 

  317.     G::$DB->query("

  318.       DELETE FROM users_sessions

  319.       WHERE UserID = '" . G::$LoggedUser['ID'] . "'

  320.         AND SessionID = '".db_string($SessionID)."'");

  321. 

  322.     G::$Cache->begin_transaction('users_sessions_' . G::$LoggedUser['ID']);

  323.     G::$Cache->delete_row($SessionID);

  324.     G::$Cache->commit_transaction(0);

  325.   }

  326.   G::$Cache->delete_value('user_info_' . G::$LoggedUser['ID']);

  327.   G::$Cache->delete_value('user_stats_' . G::$LoggedUser['ID']);

  328.   G::$Cache->delete_value('user_info_heavy_' . G::$LoggedUser['ID']);

  329. 

  330.   header('Location: login.php');

  331. 

  332.   die();

  333. }

  334. 

  335. function logout_all_sessions() {

  336.   $UserID = G::$LoggedUser['ID'];

  337. 

  338.   G::$DB->query("

  339.     DELETE FROM users_sessions

  340.     WHERE UserID = '$UserID'");

  341. 

  342.   G::$Cache->delete_value('users_sessions_' . $UserID);

  343.   logout();

  344. }

  345. 

  346. function enforce_login() {

  347.   global $SessionID;

  348.   if (!$SessionID || !G::$LoggedUser) {

  349.     setcookie('redirect', $_SERVER['REQUEST_URI'], time() + 60 * 30, '/', '', false);

  350.     logout();

  351.   }

  352. }

  353. 

  354. /**

  355.  * Make sure $_GET['auth'] is the same as the user's authorization key

  356.  * Should be used for any user action that relies solely on GET.

  357.  *

  358.  * @param Are we using ajax?

  359.  * @return authorisation status. Prints an error message to LAB_CHAN on IRC on failure.

  360.  */

  361. function authorize($Ajax = false) {

  362.   if (empty($_REQUEST['auth']) || $_REQUEST['auth'] != G::$LoggedUser['AuthKey']) {

  363.     send_irc("PRIVMSG ".LAB_CHAN." :".G::$LoggedUser['Username']." just failed authorize on ".$_SERVER['REQUEST_URI'].(!empty($_SERVER['HTTP_REFERER']) ? " coming from ".$_SERVER['HTTP_REFERER'] : ""));

  364.     error('Invalid authorization key. Go back, refresh, and try again.', $Ajax);

  365.     return false;

  366.   }

  367.   return true;

  368. }

  369. 

  370. $Debug->set_flag('ending function definitions');

  371. //Include /sections/*/index.php

  372. $Document = basename(parse_url($_SERVER['SCRIPT_FILENAME'], PHP_URL_PATH), '.php');

  373. if (!preg_match('/^[a-z0-9]+$/i', $Document)) {

  374.   error(404);

  375. }

  376. 

  377. $StripPostKeys = array_fill_keys(array('password', 'cur_pass', 'new_pass_1', 'new_pass_2', 'verifypassword', 'confirm_password', 'ChangePassword', 'Password'), true);

  378. $Cache->cache_value('php_' . getmypid(), array(

  379.   'start' => sqltime(),

  380.   'document' => $Document,

  381.   'query' => $_SERVER['QUERY_STRING'],

  382.   'get' => $_GET,

  383.   'post' => array_diff_key($_POST, $StripPostKeys)), 600);

  384. 

  385. // Locked account constant

  386. define('STAFF_LOCKED', 1);

  387. 

  388. $AllowedPages = ['staffpm', 'ajax', 'locked', 'logout', 'login'];

  389. 

  390. if (isset(G::$LoggedUser['LockedAccount']) && !in_array($Document, $AllowedPages)) {

  391.   require(SERVER_ROOT . '/sections/locked/index.php');

  392. } else {

  393.   require(SERVER_ROOT . '/sections/' . $Document . '/index.php');

  394. }

  395. 

  396. $Debug->set_flag('completed module execution');

  397. 

  398. /* Required in the absence of session_start() for providing that pages will change

  399. upon hit rather than being browser cached for changing content.

  400. 

  401. Old versions of Internet Explorer choke when downloading binary files over HTTPS with disabled cache.

  402. Define the following constant in files that handle file downloads */

  403. if (!defined('SKIP_NO_CACHE_HEADERS')) {

  404.   header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0');

  405.   header('Pragma: no-cache');

  406. }

  407. 

  408. //Flush to user

  409. ob_end_flush();

  410. 

  411. $Debug->set_flag('set headers and send to user');

  412. 

  413. //Attribute profiling

  414. $Debug->profile();