forked from anegostudios/vsmoddb
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.php
76 lines (53 loc) · 1.88 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<?php
header_remove('X-Powered-By');
if (!empty($_SERVER['HTTP_ACCEPT']) && $_SERVER['REQUEST_METHOD'] == "GET") {
if(!strstr($_SERVER['HTTP_ACCEPT'], "text/html") && !strstr($_SERVER['HTTP_ACCEPT'], "application/json") && $_SERVER['HTTP_ACCEPT'] != "*/*") exit("not an image");
}
$config = array();
$config["basepath"] = getcwd() . '/';
include("lib/core.php");
$urlpath = getURLPath();
$target = explode("?", $urlpath)[0];
$view->assign("urltarget", $target);
if (preg_match("/[^-\/\w+]/", $target)) $target="dashboard";
if (empty($target)) {
$target = "home";
}
$urlparts = explode("/", $target);
$typewhitelist = array("terms", "api", "updateversiontags", "files", "show", "download", "edit", "edit-comment", "delete-comment", "edit-uploadfile", "edit-deletefile", "list", "accountsettings", "logout", "login", "home", "get-assetlist", "get-usernames", "notification", "set-follow");
if (!in_array($urlparts[0], $typewhitelist)) {
$modid = $con->getOne("select assetid from `mod` where urlalias=?", array($urlparts[0]));
if ($modid) {
$urlparts = array("show", "mod", $modid);
} else {
$view->display("404.tpl");
exit();
}
}
if ($urlparts[0] == "api") {
array_shift($urlparts);
include("api.php");
exit();
}
if ($urlparts[0] == "notification") {
include("notification.php");
exit();
}
$filename = implode("-", array_slice($urlparts, 0, 2)) . ".php";
if (file_exists($filename)) {
include($filename);
exit();
}
$filename = $urlparts[0] . ".php";
if (count($urlparts) > 1) {
$assettypeid = $con->getOne("select assettypeid from assettype where code=?", array($urlparts[1]));
if ($assettypeid && file_exists($filename)) {
$assettype = $urlparts[1];
if (in_array($assettype, array('user', 'stati', 'assettype', 'tag')) && $user['rolecode'] != 'admin') exit("noprivilege");
include($filename);
exit();
}
} else {
include($filename);
}
$view->display("404.tpl");