-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathrequesthandler.php
99 lines (92 loc) · 2.8 KB
/
requesthandler.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
<?php
chdir(dirname(__FILE__));
require('core.php');
ob_start();
set_exception_handler('exception_handler');
// Work out where we are on the server
$base_path = dirname(__FILE__);
$base_url = dirname($_SERVER['SCRIPT_NAME']);
$request_url = $_SERVER['REQUEST_URI'];
$isSecure = false;
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
$isSecure = true;
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {
$isSecure = true;
}
if(!isset($_SERVER['HTTP_HOST'])) {
require('views/error400.php');
die;
}
$relative_request_url = preg_replace('/^'.preg_quote($base_url, '/').'/', '/', $request_url);
$absolute_request_url = 'http'.($isSecure ? 's' : '').'://'.$_SERVER['HTTP_HOST'].$request_url;
if(isset($_SERVER['PHP_AUTH_USER'])) {
try {
$active_user = $user_dir->get_user_by_uid($_SERVER['PHP_AUTH_USER']);
} catch(UserNotFoundException $ex) {
require('views/error403.php');
die;
}
} else if(isset($_SERVER['X-SSL-CERT-DN'])) {
$dn = $_SERVER['X-SSL-CERT-DN'];
preg_match('|CN=([^,/]*)|', $dn, $matches);
try {
$active_user = $user_dir->get_user_by_uid($matches[1]);
} catch(UserNotFoundException $ex) {
require('views/error403.php');
die;
}
} else {
throw new Exception("Not logged in.");
}
if(empty($config['web']['enabled'])) {
require('views/error503.php');
die;
}
if(!$active_user->active) {
require('views/error403.php');
die;
}
if(!empty($_POST)) {
// Check CSRF token
if(isset($_SERVER['HTTP_X_BYPASS_CSRF_PROTECTION']) && $_SERVER['HTTP_X_BYPASS_CSRF_PROTECTION'] == 1) {
// This is being called from script, not a web browser
} elseif(!isset($_POST['csrf_token']) || !$active_user->check_csrf_token($_POST['csrf_token'])) {
require('views/csrf.php');
die;
}
}
// Route request to the correct view
$router = new Router;
foreach($routes as $path => $service) {
$public = array_key_exists($path, $public_routes);
if($path == "/" && !$active_user->admin) {
$router->add_route("/", "certificates", false);
} else {
$router->add_route($path, $service, $public);
}
}
$router->handle_request($relative_request_url);
if(isset($router->view)) {
$view = path_join($base_path, 'views', $router->view.'.php');
if(file_exists($view)) {
if($active_user->auth_realm == 'LDAP' || $active_user->auth_realm == 'local' || $router->public) {
require($view);
} else {
require('views/error403.php');
die;
}
} else {
throw new Exception("View file $view missing.");
}
}
// Handler for uncaught exceptions
function exception_handler($e) {
global $active_user, $config;
$error_number = time();
error_log("$error_number: ".str_replace("\n", "\n$error_number: ", $e));
while(ob_get_length()) {
ob_end_clean();
}
require('views/error500.php');
die;
}