-
Notifications
You must be signed in to change notification settings - Fork 50
/
index.php
executable file
·405 lines (319 loc) · 11.8 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
<?php /** @file */
/**
*
* Red Matrix
*
*/
/**
*
* bootstrap the application
*
*/
require_once('boot.php');
$a = new App;
/**
*
* Load the configuration file which contains our DB credentials.
* Ignore errors. If the file doesn't exist or is empty, we are running in installation mode.'
*
*/
$a->install = ((file_exists('.htconfig.php') && filesize('.htconfig.php')) ? false : true);
@include(".htconfig.php");
$a->timezone = ((x($default_timezone)) ? $default_timezone : 'UTC');
date_default_timezone_set($a->timezone);
/**
*
* Try to open the database;
*
*/
require_once("include/dba/dba_driver.php");
if(! $a->install) {
$db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type, $a->install);
unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
/**
* Load configs from db. Overwrite configs from .htconfig.php
*/
load_config('config');
load_config('system');
load_config('feature');
require_once("include/session.php");
load_hooks();
call_hooks('init_1');
$a->language = get_best_language();
load_translation_table($a->language);
// Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start().
if(intval($a->config['system']['ssl_cookie_protection'])) {
$arr = session_get_cookie_params();
session_set_cookie_params(
((isset($arr['lifetime'])) ? $arr['lifetime'] : 0),
((isset($arr['path'])) ? $arr['path'] : '/'),
((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()),
((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
((isset($arr['httponly'])) ? $arr['httponly'] : true));
}
}
else {
// load translations but do not check plugins as we have no database
$a->language = get_best_language();
load_translation_table($a->language,true);
}
/**
*
* Important stuff we always need to do.
*
* The order of these may be important so use caution if you think they're all
* intertwingled with no logical order and decide to sort it out. Some of the
* dependencies have changed, but at least at one time in the recent past - the
* order was critical to everything working properly
*
*/
session_start();
/**
* Language was set earlier, but we can over-ride it in the session.
* We have to do it here because the session was just now opened.
*/
if(array_key_exists('system_language',$_POST)) {
if(strlen($_POST['system_language']))
$_SESSION['language'] = $_POST['system_language'];
else
unset($_SESSION['language']);
}
if((x($_SESSION,'language')) && ($_SESSION['language'] !== $lang)) {
$a->language = $_SESSION['language'];
load_translation_table($a->language);
}
if((x($_GET,'zid')) && (! $a->install)) {
$a->query_string = strip_zids($a->query_string);
if(! local_channel()) {
$_SESSION['my_address'] = $_GET['zid'];
zid_init($a);
}
}
if((x($_SESSION,'authenticated')) || (x($_POST,'auth-params')) || ($a->module === 'login'))
require("include/auth.php");
if(! x($_SESSION,'sysmsg'))
$_SESSION['sysmsg'] = array();
if(! x($_SESSION,'sysmsg_info'))
$_SESSION['sysmsg_info'] = array();
/*
* check_config() is responsible for running update scripts. These automatically
* update the DB schema whenever we push a new one out. It also checks to see if
* any plugins have been added or removed and reacts accordingly.
*/
if($a->install) {
/* Allow an exception for the view module so that pcss will be interpreted during installation */
if($a->module != 'view')
$a->module = 'setup';
}
else
check_config($a);
nav_set_selected('nothing');
$arr = array('app_menu' => $a->get_apps());
call_hooks('app_menu', $arr);
$a->set_apps($arr['app_menu']);
/**
*
* We have already parsed the server path into $a->argc and $a->argv
*
* $a->argv[0] is our module name. We will load the file mod/{$a->argv[0]}.php
* and use it for handling our URL request.
* The module file contains a few functions that we call in various circumstances
* and in the following order:
*
* "module"_init
* "module"_post (only called if there are $_POST variables)
* "module"_aside
* $theme_$module_aside (and $extends_$module_aside) are run first if either exist
* if either of these return false, module_aside is not called
* This allows a theme to over-ride the sidebar layout completely.
* "module"_content - the string return of this function contains our page body
*
* Modules which emit other serialisations besides HTML (XML,JSON, etc.) should do
* so within the module init and/or post functions and then invoke killme() to terminate
* further processing.
*/
if(strlen($a->module)) {
/**
*
* We will always have a module name.
* First see if we have a plugin which is masquerading as a module.
*
*/
if(is_array($a->plugins) && in_array($a->module,$a->plugins) && file_exists("addon/{$a->module}/{$a->module}.php")) {
include_once("addon/{$a->module}/{$a->module}.php");
if(function_exists($a->module . '_module'))
$a->module_loaded = true;
}
if((strpos($a->module,'admin') === 0) && (! is_site_admin())) {
$a->module_loaded = false;
notice( t('Permission denied.') . EOL);
goaway(z_root());
}
/**
* If the site has a custom module to over-ride the standard module, use it.
* Otherwise, look for the standard program module in the 'mod' directory
*/
if(! $a->module_loaded) {
if(file_exists("mod/site/{$a->module}.php")) {
include_once("mod/site/{$a->module}.php");
$a->module_loaded = true;
}
elseif(file_exists("mod/{$a->module}.php")) {
include_once("mod/{$a->module}.php");
$a->module_loaded = true;
}
}
/**
*
* The URL provided does not resolve to a valid module.
*
* On Dreamhost sites, quite often things go wrong for no apparent reason and they send us to '/internal_error.html'.
* We don't like doing this, but as it occasionally accounts for 10-20% or more of all site traffic -
* we are going to trap this and redirect back to the requested page. As long as you don't have a critical error on your page
* this will often succeed and eventually do the right thing.
*
* Otherwise we are going to emit a 404 not found.
*
*/
if(! $a->module_loaded) {
// Stupid browser tried to pre-fetch our Javascript img template. Don't log the event or return anything - just quietly exit.
if((x($_SERVER,'QUERY_STRING')) && preg_match('/{[0-9]}/',$_SERVER['QUERY_STRING']) !== 0) {
killme();
}
if((x($_SERVER,'QUERY_STRING')) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && isset($dreamhost_error_hack)) {
logger('index.php: dreamhost_error_hack invoked. Original URI =' . $_SERVER['REQUEST_URI']);
goaway($a->get_baseurl() . $_SERVER['REQUEST_URI']);
}
logger('index.php: page not found: ' . $_SERVER['REQUEST_URI'] . ' ADDRESS: ' . $_SERVER['REMOTE_ADDR'] . ' QUERY: ' . $_SERVER['QUERY_STRING'], LOGGER_DEBUG);
header($_SERVER["SERVER_PROTOCOL"] . ' 404 ' . t('Not Found'));
$tpl = get_markup_template("404.tpl");
$a->page['content'] = replace_macros($tpl, array(
'$message' => t('Page not found.' )
));
// pretend this is a module so it will initialise the theme.
$a->module = '404';
$a->module_loaded = true;
}
}
/* initialise content region */
if(! x($a->page,'content'))
$a->page['content'] = '';
if(! ($a->module === 'setup')) {
/* set JS cookie */
if($_COOKIE['jsAvailable'] != 1) {
$a->page['content'] .= '<script>document.cookie="jsAvailable=1; path=/"; var jsMatch = /\&JS=1/; if (!jsMatch.exec(location.href)) { location.href = location.href + "&JS=1"; }</script>';
/* emulate JS cookie if cookies are not accepted */
if ($_GET['JS'] == 1) {
$_COOKIE['jsAvailable'] = 1;
}
}
call_hooks('page_content_top',$a->page['content']);
}
/**
* Call module functions
*/
if($a->module_loaded) {
$a->page['page_title'] = $a->module;
$placeholder = '';
/**
* No theme has been specified when calling the module_init functions
* For this reason, please restrict the use of templates to those which
* do not provide any presentation details - as themes will not be able
* to over-ride them.
*/
if(function_exists($a->module . '_init')) {
call_hooks($a->module . '_mod_init', $placeholder);
$func = $a->module . '_init';
$func($a);
}
/**
* Do all theme initialiasion here before calling any additional module functions.
* The module_init function may have changed the theme.
* Additionally any page with a Comanche template may alter the theme.
* So we'll check for those now.
*/
/**
* In case a page has overloaded a module, see if we already have a layout defined
* otherwise, if a PDL file exists for this module, use it
* The member may have also created a customised PDL that's stored in the config
*/
load_pdl($a);
/**
* load current theme info
*/
$theme_info_file = "view/theme/".current_theme()."/php/theme.php";
if (file_exists($theme_info_file)){
require_once($theme_info_file);
}
if(function_exists(str_replace('-','_',current_theme()) . '_init')) {
$func = str_replace('-','_',current_theme()) . '_init';
$func($a);
}
elseif (x($a->theme_info,"extends") && file_exists("view/theme/".$a->theme_info["extends"]."/php/theme.php")) {
require_once("view/theme/".$a->theme_info["extends"]."/php/theme.php");
if(function_exists(str_replace('-','_',$a->theme_info["extends"]) . '_init')) {
$func = str_replace('-','_',$a->theme_info["extends"]) . '_init';
$func($a);
}
}
if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! $a->error)
&& (function_exists($a->module . '_post'))
&& (! x($_POST,'auth-params'))) {
call_hooks($a->module . '_mod_post', $_POST);
$func = $a->module . '_post';
$func($a);
}
if(! $a->error) {
// If a theme has defined an _aside() function, run that first
//
// If the theme function doesn't exist, see if this theme extends another,
// and see if that other theme has an _aside() function--if it does, run it
//
// If $aside_default is not False after the theme _aside() function, run the
// module's _aside() function too
//
// This gives themes more control over how the sidebar looks
$aside_default = true;
call_hooks($a->module . '_mod_aside',$placeholder);
if(function_exists(str_replace('-','_',current_theme()) . '_' . $a->module . '_aside')) {
$func = str_replace('-','_',current_theme()) . '_' . $a->module . '_aside';
$aside_default = $func($a);
}
elseif($aside_default && x($a->theme_info,"extends")
&& (function_exists(str_replace('-','_',$a->theme_info["extends"]) . '_' . $a->module . '_aside'))) {
$func = str_replace('-','_',$a->theme_info["extends"]) . '_' . $a->module . '_aside';
$aside_default = $func($a);
}
if($aside_default && function_exists($a->module . '_aside')) {
$func = $a->module . '_aside';
$func($a);
}
}
if((! $a->error) && (function_exists($a->module . '_content'))) {
$arr = array('content' => $a->page['content']);
call_hooks($a->module . '_mod_content', $arr);
$a->page['content'] = $arr['content'];
$func = $a->module . '_content';
$arr = array('content' => $func($a));
call_hooks($a->module . '_mod_aftercontent', $arr);
$a->page['content'] .= $arr['content'];
}
}
// If you're just visiting, let javascript take you home
if(x($_SESSION,'visitor_home'))
$homebase = $_SESSION['visitor_home'];
elseif(local_channel())
$homebase = $a->get_baseurl() . '/channel/' . $a->channel['channel_address'];
if(isset($homebase))
$a->page['content'] .= '<script>var homebase="' . $homebase . '" ; </script>';
// now that we've been through the module content, see if the page reported
// a permission problem and if so, a 403 response would seem to be in order.
if(stristr( implode("",$_SESSION['sysmsg']), t('Permission denied'))) {
header($_SERVER["SERVER_PROTOCOL"] . ' 403 ' . t('Permission denied.'));
}
call_hooks('page_end', $a->page['content']);
if(! $a->install)
check_cron_broken();
construct_page($a);
session_write_close();
exit;