Home Explore Help
Register Sign In
Stortebeker
/
Gazelle
forked from Oppaitime/Gazelle
Watch 0
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Oppaitime's version of Gazelle
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
2 Branches
Tree: 3d9458b3d0
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3d9458b3d0'
${ noResults }
Gazelle/classes/script_start.php

script_start.php 14KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427 
  1. <?php

  2. /*-- Script Start Class --------------------------------*/

  3. /*------------------------------------------------------*/

  4. /* This isnt really a class but a way to tie other      */

  5. /* classes and functions used all over the site to the  */

  6. /* page currently being displayed.                      */

  7. /*------------------------------------------------------*/

  8. /* The code that includes the main php files and		*/

  9. /* generates the page are at the bottom.				*/

  10. /*------------------------------------------------------*/

  11. /********************************************************/

  12. require 'config.php'; //The config contains all site wide configuration information

  13. //Deal with dumbasses

  14. if (isset($_REQUEST['info_hash']) && isset($_REQUEST['peer_id'])) {

  15. 	die('d14:failure reason40:Invalid .torrent, try downloading again.e');

  16. }

  17. 

  18. require(SERVER_ROOT.'/classes/proxies.class.php');

  19. 

  20. // Get the user's actual IP address if they're proxied.

  21. // Or if cloudflare is used

  22. if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {

  23. 	$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];

  24. }

  25. if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])

  26. 		&& proxyCheck($_SERVER['REMOTE_ADDR'])

  27. 		&& filter_var($_SERVER['HTTP_X_FORWARDED_FOR'],

  28. 				FILTER_VALIDATE_IP,

  29. 				FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {

  30. 	$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];

  31. }

  32. 

  33. $SSL = true; #(isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443);

  34. if (!isset($argv) && !empty($_SERVER['HTTP_HOST'])) {

  35. //Skip this block if running from cli or if the browser is old and shitty

  36. 	if (!$SSL && $_SERVER['HTTP_HOST'] == 'www.'.NONSSL_SITE_URL) {

  37. 		header('Location: http://'.NONSSL_SITE_URL.$_SERVER['REQUEST_URI']); die();

  38. 	}

  39. 	if ($SSL && $_SERVER['HTTP_HOST'] == 'www.'.NONSSL_SITE_URL) {

  40. 		header('Location: https://'.SSL_SITE_URL.$_SERVER['REQUEST_URI']); die();

  41. 	}

  42. 	if (SSL_SITE_URL != NONSSL_SITE_URL) {

  43. 		if (!$SSL && $_SERVER['HTTP_HOST'] == SSL_SITE_URL) {

  44. 			header('Location: https://'.SSL_SITE_URL.$_SERVER['REQUEST_URI']); die();

  45. 		}

  46. 		if ($SSL && $_SERVER['HTTP_HOST'] == NONSSL_SITE_URL) {

  47. 			header('Location: https://'.SSL_SITE_URL.$_SERVER['REQUEST_URI']); die();

  48. 		}

  49. 	}

  50. 	if ($_SERVER['HTTP_HOST'] == 'www.m.'.NONSSL_SITE_URL) {

  51. 		header('Location: http://m.'.NONSSL_SITE_URL.$_SERVER['REQUEST_URI']); die();

  52. 	}

  53. }

  54. 

  55. 

  56. 

  57. $ScriptStartTime = microtime(true); //To track how long a page takes to create

  58. if (!defined('PHP_WINDOWS_VERSION_MAJOR')) {

  59. 	$RUsage = getrusage();

  60. 	$CPUTimeStart = $RUsage['ru_utime.tv_sec'] * 1000000 + $RUsage['ru_utime.tv_usec'];

  61. }

  62. ob_start(); //Start a buffer, mainly in case there is a mysql error

  63. 

  64. 

  65. require(SERVER_ROOT.'/classes/debug.class.php'); //Require the debug class

  66. require(SERVER_ROOT.'/classes/mysql.class.php'); //Require the database wrapper

  67. require(SERVER_ROOT.'/classes/cache.class.php'); //Require the caching class

  68. require(SERVER_ROOT.'/classes/encrypt.class.php'); //Require the encryption class

  69. require(SERVER_ROOT.'/classes/time.class.php'); //Require the time class

  70. require(SERVER_ROOT.'/classes/paranoia.class.php'); //Require the paranoia check_paranoia function

  71. require(SERVER_ROOT.'/classes/regex.php');

  72. require(SERVER_ROOT.'/classes/util.php');

  73. 

  74. $Debug = new DEBUG;

  75. $Debug->handle_errors();

  76. $Debug->set_flag('Debug constructed');

  77. 

  78. $DB = new DB_MYSQL;

  79. $Cache = new CACHE(MEMCACHED_SERVERS);

  80. $Enc = new CRYPT;

  81. 

  82. // Autoload classes.

  83. require(SERVER_ROOT.'/classes/classloader.php');

  84. 

  85. // Note: G::initialize is called twice.

  86. // This is necessary as the code inbetween (initialization of $LoggedUser) makes use of G::$DB and G::$Cache.

  87. // TODO: remove one of the calls once we're moving everything into that class

  88. G::initialize();

  89. 

  90. //Begin browser identification

  91. 

  92. $Browser = UserAgent::browser($_SERVER['HTTP_USER_AGENT']);

  93. $OperatingSystem = UserAgent::operating_system($_SERVER['HTTP_USER_AGENT']);

  94. 

  95. $Debug->set_flag('start user handling');

  96. 

  97. // Get classes

  98. // TODO: Remove these globals, replace by calls into Users

  99. list($Classes, $ClassLevels) = Users::get_classes();

  100. 

  101. //-- Load user information

  102. // User info is broken up into many sections

  103. // Heavy - Things that the site never has to look at if the user isn't logged in (as opposed to things like the class, donor status, etc)

  104. // Light - Things that appear in format_user

  105. // Stats - Uploaded and downloaded - can be updated by a script if you want super speed

  106. // Session data - Information about the specific session

  107. // Enabled - if the user's enabled or not

  108. // Permissions

  109. 

  110. if (isset($_COOKIE['session'])) {

  111. 	$LoginCookie = $Enc->decrypt($_COOKIE['session']);

  112. }

  113. if (isset($LoginCookie)) {

  114. 	list($SessionID, $LoggedUser['ID']) = explode('|~|', $Enc->decrypt($LoginCookie));

  115. 	$LoggedUser['ID'] = (int)$LoggedUser['ID'];

  116. 

  117. 	$UserID = $LoggedUser['ID']; //TODO: UserID should not be LoggedUser

  118. 

  119. 	if (!$LoggedUser['ID'] || !$SessionID) {

  120. 		logout();

  121. 	}

  122. 

  123. 	$UserSessions = $Cache->get_value("users_sessions_$UserID");

  124. 	if (!is_array($UserSessions)) {

  125.     $DB->query(

  126. 		 "SELECT

  127. 				SessionID,

  128. 				Browser,

  129.         OperatingSystem,

  130.         IP, 

  131. 			  LastUpdate

  132. 			FROM users_sessions

  133. 			WHERE UserID = '$UserID'

  134. 				AND Active = 1

  135. 			ORDER BY LastUpdate DESC");

  136. 		$UserSessions = $DB->to_array('SessionID',MYSQLI_ASSOC);

  137. 		$Cache->cache_value("users_sessions_$UserID", $UserSessions, 0);

  138. 	}

  139. 

  140. 	if (!array_key_exists($SessionID, $UserSessions)) {

  141. 		logout();

  142. 	}

  143. 

  144. 	// Check if user is enabled

  145. 	$Enabled = $Cache->get_value('enabled_'.$LoggedUser['ID']);

  146. 	if ($Enabled === false) {

  147. 		$DB->query("

  148. 			SELECT Enabled

  149. 			FROM users_main

  150. 			WHERE ID = '$LoggedUser[ID]'");

  151. 		list($Enabled) = $DB->next_record();

  152. 		$Cache->cache_value('enabled_'.$LoggedUser['ID'], $Enabled, 0);

  153. 	}

  154. 	if ($Enabled == 2) {

  155. 

  156. 		logout();

  157. 	}

  158. 

  159. 	// Up/Down stats

  160. 	$UserStats = $Cache->get_value('user_stats_'.$LoggedUser['ID']);

  161. 	if (!is_array($UserStats)) {

  162. 		$DB->query("

  163. 			SELECT Uploaded AS BytesUploaded, Downloaded AS BytesDownloaded, RequiredRatio

  164. 			FROM users_main

  165. 			WHERE ID = '$LoggedUser[ID]'");

  166. 		$UserStats = $DB->next_record(MYSQLI_ASSOC);

  167. 		$Cache->cache_value('user_stats_'.$LoggedUser['ID'], $UserStats, 3600);

  168. 	}

  169. 

  170. 	// Get info such as username

  171. 	$LightInfo = Users::user_info($LoggedUser['ID']);

  172. 	$HeavyInfo = Users::user_heavy_info($LoggedUser['ID']);

  173. 

  174. 	// Create LoggedUser array

  175. 	$LoggedUser = array_merge($HeavyInfo, $LightInfo, $UserStats);

  176. 

  177. 	$LoggedUser['RSS_Auth'] = md5($LoggedUser['ID'] . RSS_HASH . $LoggedUser['torrent_pass']);

  178. 

  179. 	// $LoggedUser['RatioWatch'] as a bool to disable things for users on Ratio Watch

  180. 	$LoggedUser['RatioWatch'] = (

  181. 		$LoggedUser['RatioWatchEnds'] != '0000-00-00 00:00:00'

  182. 		&& time() < strtotime($LoggedUser['RatioWatchEnds'])

  183. 		&& ($LoggedUser['BytesDownloaded'] * $LoggedUser['RequiredRatio']) > $LoggedUser['BytesUploaded']

  184. 	);

  185. 

  186. 	// Load in the permissions

  187. 	$LoggedUser['Permissions'] = Permissions::get_permissions_for_user($LoggedUser['ID'], $LoggedUser['CustomPermissions']);

  188. 	$LoggedUser['Permissions']['MaxCollages'] += Donations::get_personal_collages($LoggedUser['ID']);

  189. 

  190. 	// Change necessary triggers in external components

  191. 	$Cache->CanClear = check_perms('admin_clear_cache');

  192. 

  193. 	// Because we <3 our staff

  194. 	if (check_perms('site_disable_ip_history')) {

  195. 		$_SERVER['REMOTE_ADDR'] = '127.0.0.1';

  196. 	}

  197. 

  198. 	// Update LastUpdate every 10 minutes

  199. 	if (strtotime($UserSessions[$SessionID]['LastUpdate']) + 600 < time()) {

  200. 		$DB->query("

  201. 			UPDATE users_main

  202. 			SET LastAccess = '".sqltime()."'

  203. 			WHERE ID = '$LoggedUser[ID]'");

  204. 		$SessionQuery = 

  205.      "UPDATE users_sessions

  206.       SET ";

  207.     // Only update IP if we have an encryption key in memory

  208.     if (apc_exists('DBKEY')) {

  209.       $SessionQuery .= "IP = '".DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])."', ";

  210.     }

  211.     $SessionQuery .=

  212.        "Browser = '$Browser',

  213. 				OperatingSystem = '$OperatingSystem',

  214. 				LastUpdate = '".sqltime()."'

  215. 			WHERE UserID = '$LoggedUser[ID]'

  216. 				AND SessionID = '".db_string($SessionID)."'";

  217.     $DB->query($SessionQuery);

  218. 		$Cache->begin_transaction("users_sessions_$UserID");

  219. 		$Cache->delete_row($SessionID);

  220.     $UsersSessionCache = array(

  221. 				'SessionID' => $SessionID,

  222. 				'Browser' => $Browser,

  223. 				'OperatingSystem' => $OperatingSystem,

  224.         'IP' => ((apc_exists('DBKEY')) ? DBCrypt::encrypt($_SERVER['REMOTE_ADDR']) : $UserSessions[$SessionID]['IP']),

  225.         'LastUpdate' => sqltime() );

  226. 		$Cache->insert_front($SessionID, $UsersSessionCache);

  227. 		$Cache->commit_transaction(0);

  228. 	}

  229. 

  230. 	// Notifications

  231. 	if (isset($LoggedUser['Permissions']['site_torrents_notify'])) {

  232. 		$LoggedUser['Notify'] = $Cache->get_value('notify_filters_'.$LoggedUser['ID']);

  233. 		if (!is_array($LoggedUser['Notify'])) {

  234. 			$DB->query("

  235. 				SELECT ID, Label

  236. 				FROM users_notify_filters

  237. 				WHERE UserID = '$LoggedUser[ID]'");

  238. 			$LoggedUser['Notify'] = $DB->to_array('ID');

  239. 			$Cache->cache_value('notify_filters_'.$LoggedUser['ID'], $LoggedUser['Notify'], 2592000);

  240. 		}

  241. 	}

  242. 

  243. 	// We've never had to disable the wiki privs of anyone.

  244. 	if ($LoggedUser['DisableWiki']) {

  245. 		unset($LoggedUser['Permissions']['site_edit_wiki']);

  246. 	}

  247. 

  248. 	// IP changed

  249. 

  250. 	if (apc_exists('DBKEY') && DBCrypt::decrypt($LoggedUser['IP']) != $_SERVER['REMOTE_ADDR'] && !check_perms('site_disable_ip_history')) {

  251. 

  252. 		if (Tools::site_ban_ip($_SERVER['REMOTE_ADDR'])) {

  253. 			error('Your IP address has been banned.');

  254. 		}

  255. 

  256. 		$CurIP = db_string($LoggedUser['IP']);

  257. 		$NewIP = db_string($_SERVER['REMOTE_ADDR']);

  258.     $DB->query("

  259.       SELECT IP

  260.       FROM users_history_ips

  261.       WHERE EndTime IS NULL

  262.         AND UserID = '$LoggedUser[ID]'");

  263.     while (list($EncIP) = $DB->next_record()) {

  264.       if (DBCrypt::decrypt($EncIP) == $CurIP) {

  265.         $CurIP = $EncIP;

  266.         // CurIP is now the encrypted IP that was already in the database (for matching)

  267.         break;

  268.       }

  269.     }

  270. 		$DB->query("

  271. 			UPDATE users_history_ips

  272. 			SET EndTime = '".sqltime()."'

  273. 			WHERE EndTime IS NULL

  274. 				AND UserID = '$LoggedUser[ID]'

  275. 				AND IP = '$CurIP'");

  276. 		$DB->query("

  277. 			INSERT IGNORE INTO users_history_ips

  278. 				(UserID, IP, StartTime)

  279. 			VALUES

  280. 				('$LoggedUser[ID]', '".DBCrypt::encrypt($NewIP)."', '".sqltime()."')");

  281. 

  282. 		$ipcc = Tools::geoip($NewIP);

  283. 		$DB->query("

  284. 			UPDATE users_main

  285. 			SET IP = '".DBCrypt::encrypt($NewIP)."', ipcc = '$ipcc'

  286. 			WHERE ID = '$LoggedUser[ID]'");

  287. 		$Cache->begin_transaction('user_info_heavy_'.$LoggedUser['ID']);

  288. 		$Cache->update_row(false, array('IP' => DBCrypt::encrypt($_SERVER['REMOTE_ADDR'])));

  289. 		$Cache->commit_transaction(0);

  290. 

  291. 

  292. 	}

  293. 

  294. 

  295. 	// Get stylesheets

  296. 	$Stylesheets = $Cache->get_value('stylesheets');

  297. 	if (!is_array($Stylesheets)) {

  298. 		$DB->query('

  299. 			SELECT

  300. 				ID,

  301. 				LOWER(REPLACE(Name, " ", "_")) AS Name,

  302. 				Name AS ProperName

  303. 			FROM stylesheets');

  304. 		$Stylesheets = $DB->to_array('ID', MYSQLI_BOTH);

  305. 		$Cache->cache_value('stylesheets', $Stylesheets, 0);

  306. 	}

  307. 

  308. 	//A9 TODO: Clean up this messy solution

  309. 	$LoggedUser['StyleName'] = $Stylesheets[$LoggedUser['StyleID']]['Name'];

  310. 

  311. 	if (empty($LoggedUser['Username'])) {

  312. 		logout(); // Ghost

  313. 	}

  314. }

  315. G::initialize();

  316. $Debug->set_flag('end user handling');

  317. 

  318. $Debug->set_flag('start function definitions');

  319. 

  320. /**

  321.  * Log out the current session

  322.  */

  323. function logout() {

  324. 	global $SessionID;

  325. 	setcookie('session', '', time() - 60 * 60 * 24 * 365, '/', '', false);

  326. 	setcookie('keeplogged', '', time() - 60 * 60 * 24 * 365, '/', '', false);

  327. 	setcookie('session', '', time() - 60 * 60 * 24 * 365, '/', '', false);

  328. 	if ($SessionID) {

  329. 

  330. 		G::$DB->query("

  331. 			DELETE FROM users_sessions

  332. 			WHERE UserID = '" . G::$LoggedUser['ID'] . "'

  333. 				AND SessionID = '".db_string($SessionID)."'");

  334. 

  335. 		G::$Cache->begin_transaction('users_sessions_' . G::$LoggedUser['ID']);

  336. 		G::$Cache->delete_row($SessionID);

  337. 		G::$Cache->commit_transaction(0);

  338. 	}

  339. 	G::$Cache->delete_value('user_info_' . G::$LoggedUser['ID']);

  340. 	G::$Cache->delete_value('user_stats_' . G::$LoggedUser['ID']);

  341. 	G::$Cache->delete_value('user_info_heavy_' . G::$LoggedUser['ID']);

  342. 

  343. 	header('Location: login.php');

  344. 

  345. 	die();

  346. }

  347. 

  348. function logout_all_sessions() {

  349. 	$UserID = G::$LoggedUser['ID'];

  350. 

  351. 	G::$DB->query("

  352. 		DELETE FROM users_sessions

  353. 		WHERE UserID = '$UserID'");

  354. 	

  355. 	G::$Cache->delete_value('users_sessions_' . $UserID);

  356. 	logout();

  357. }

  358. 

  359. function enforce_login() {

  360. 	global $SessionID;

  361. 	if (!$SessionID || !G::$LoggedUser) {

  362. 		setcookie('redirect', $_SERVER['REQUEST_URI'], time() + 60 * 30, '/', '', false);

  363. 		logout();

  364. 	}

  365. }

  366. 

  367. /**

  368.  * Make sure $_GET['auth'] is the same as the user's authorization key

  369.  * Should be used for any user action that relies solely on GET.

  370.  *

  371.  * @param Are we using ajax?

  372.  * @return authorisation status. Prints an error message to LAB_CHAN on IRC on failure.

  373.  */

  374. function authorize($Ajax = false) {

  375. 	if (empty($_REQUEST['auth']) || $_REQUEST['auth'] != G::$LoggedUser['AuthKey']) {

  376. 		send_irc("PRIVMSG ".LAB_CHAN." :".G::$LoggedUser['Username']." just failed authorize on ".$_SERVER['REQUEST_URI'].(!empty($_SERVER['HTTP_REFERER']) ? " coming from ".$_SERVER['HTTP_REFERER'] : ""));

  377. 		error('Invalid authorization key. Go back, refresh, and try again.', $Ajax);

  378. 		return false;

  379. 	}

  380. 	return true;

  381. }

  382. 

  383. $Debug->set_flag('ending function definitions');

  384. //Include /sections/*/index.php

  385. $Document = basename(parse_url($_SERVER['SCRIPT_FILENAME'], PHP_URL_PATH), '.php');

  386. if (!preg_match('/^[a-z0-9]+$/i', $Document)) {

  387. 	error(404);

  388. }

  389. 

  390. $StripPostKeys = array_fill_keys(array('password', 'cur_pass', 'new_pass_1', 'new_pass_2', 'verifypassword', 'confirm_password', 'ChangePassword', 'Password'), true);

  391. $Cache->cache_value('php_' . getmypid(), array(

  392. 	'start' => sqltime(),

  393. 	'document' => $Document,

  394. 	'query' => $_SERVER['QUERY_STRING'],

  395. 	'get' => $_GET,

  396. 	'post' => array_diff_key($_POST, $StripPostKeys)), 600);

  397. 

  398. // Locked account constant

  399. define('STAFF_LOCKED', 1);

  400. 

  401. $AllowedPages = ['staffpm', 'ajax', 'locked', 'logout', 'login'];

  402. 

  403. if (isset(G::$LoggedUser['LockedAccount']) && !in_array($Document, $AllowedPages)) {

  404.   require(SERVER_ROOT . '/sections/locked/index.php');

  405. } else {

  406.   require(SERVER_ROOT . '/sections/' . $Document . '/index.php');

  407. }

  408. 

  409. $Debug->set_flag('completed module execution');

  410. 

  411. /* Required in the absence of session_start() for providing that pages will change

  412. upon hit rather than being browser cached for changing content.

  413. 

  414. Old versions of Internet Explorer choke when downloading binary files over HTTPS with disabled cache.

  415. Define the following constant in files that handle file downloads */

  416. if (!defined('SKIP_NO_CACHE_HEADERS')) {

  417. 	header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0');

  418. 	header('Pragma: no-cache');

  419. }

  420. 

  421. //Flush to user

  422. ob_end_flush();

  423. 

  424. $Debug->set_flag('set headers and send to user');

  425. 

  426. //Attribute profiling

  427. $Debug->profile();