mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 01:35:12 +00:00
baedd25309
Plugins can provide the necessary channel details (probably from an extended registration form). If no details are provided, a social (mostly public) channel will be created using the LHS of the email address and you will be directed to your channel page (unless email verification is required, in which case this step will be delayed until successful validation and login). If the reddress is already assigned a random name(1000-9999) reddress will be assigned.
379 lines
11 KiB
PHP
Executable file
379 lines
11 KiB
PHP
Executable file
<?php
|
|
/**
|
|
* @file index.php
|
|
*
|
|
* @brief The main entry point to the application.
|
|
*
|
|
* Bootstrap the application, load configuration, load modules, load theme, etc.
|
|
*/
|
|
|
|
/*
|
|
* bootstrap the application
|
|
*/
|
|
require_once('boot.php');
|
|
// our global App object
|
|
$a = new App;
|
|
|
|
/*
|
|
* Load the configuration file which contains our DB credentials.
|
|
* Ignore errors. If the file doesn't exist or is empty, we are running in
|
|
* installation mode.
|
|
*/
|
|
|
|
$a->install = ((file_exists('.htconfig.php') && filesize('.htconfig.php')) ? false : true);
|
|
|
|
@include('.htconfig.php');
|
|
|
|
$a->timezone = ((x($default_timezone)) ? $default_timezone : 'UTC');
|
|
date_default_timezone_set($a->timezone);
|
|
|
|
|
|
/*
|
|
* Try to open the database;
|
|
*/
|
|
|
|
require_once('include/dba/dba_driver.php');
|
|
|
|
if(! $a->install) {
|
|
$db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type, $a->install);
|
|
if(! $db->connected) {
|
|
system_unavailable();
|
|
}
|
|
|
|
unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
|
|
|
|
/**
|
|
* Load configs from db. Overwrite configs from .htconfig.php
|
|
*/
|
|
|
|
load_config('config');
|
|
load_config('system');
|
|
load_config('feature');
|
|
|
|
require_once('include/session.php');
|
|
load_hooks();
|
|
call_hooks('init_1');
|
|
|
|
$a->language = get_best_language();
|
|
load_translation_table($a->language);
|
|
// Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start().
|
|
|
|
if(intval($a->config['system']['ssl_cookie_protection'])) {
|
|
$arr = session_get_cookie_params();
|
|
session_set_cookie_params(
|
|
((isset($arr['lifetime'])) ? $arr['lifetime'] : 0),
|
|
((isset($arr['path'])) ? $arr['path'] : '/'),
|
|
((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()),
|
|
((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
|
|
((isset($arr['httponly'])) ? $arr['httponly'] : true));
|
|
}
|
|
}
|
|
else {
|
|
// load translations but do not check plugins as we have no database
|
|
$a->language = get_best_language();
|
|
load_translation_table($a->language,true);
|
|
}
|
|
|
|
|
|
/**
|
|
*
|
|
* Important stuff we always need to do.
|
|
*
|
|
* The order of these may be important so use caution if you think they're all
|
|
* intertwingled with no logical order and decide to sort it out. Some of the
|
|
* dependencies have changed, but at least at one time in the recent past - the
|
|
* order was critical to everything working properly
|
|
*
|
|
*/
|
|
|
|
session_start();
|
|
|
|
/**
|
|
* Language was set earlier, but we can over-ride it in the session.
|
|
* We have to do it here because the session was just now opened.
|
|
*/
|
|
|
|
if(array_key_exists('system_language',$_POST)) {
|
|
if(strlen($_POST['system_language']))
|
|
$_SESSION['language'] = $_POST['system_language'];
|
|
else
|
|
unset($_SESSION['language']);
|
|
}
|
|
if((x($_SESSION, 'language')) && ($_SESSION['language'] !== $lang)) {
|
|
$a->language = $_SESSION['language'];
|
|
load_translation_table($a->language);
|
|
}
|
|
|
|
if((x($_GET,'zid')) && (! $a->install)) {
|
|
$a->query_string = strip_zids($a->query_string);
|
|
if(! local_channel()) {
|
|
$_SESSION['my_address'] = $_GET['zid'];
|
|
zid_init($a);
|
|
}
|
|
}
|
|
|
|
if((x($_SESSION, 'authenticated')) || (x($_POST, 'auth-params')) || ($a->module === 'login'))
|
|
require('include/auth.php');
|
|
|
|
if(! x($_SESSION, 'sysmsg'))
|
|
$_SESSION['sysmsg'] = array();
|
|
|
|
if(! x($_SESSION, 'sysmsg_info'))
|
|
$_SESSION['sysmsg_info'] = array();
|
|
|
|
/*
|
|
* check_config() is responsible for running update scripts. These automatically
|
|
* update the DB schema whenever we push a new one out. It also checks to see if
|
|
* any plugins have been added or removed and reacts accordingly.
|
|
*/
|
|
|
|
|
|
if($a->install) {
|
|
/* Allow an exception for the view module so that pcss will be interpreted during installation */
|
|
if($a->module != 'view')
|
|
$a->module = 'setup';
|
|
}
|
|
else
|
|
check_config($a);
|
|
|
|
nav_set_selected('nothing');
|
|
|
|
$arr = array('app_menu' => $a->get_apps());
|
|
|
|
call_hooks('app_menu', $arr);
|
|
|
|
$a->set_apps($arr['app_menu']);
|
|
|
|
/**
|
|
*
|
|
* We have already parsed the server path into $a->argc and $a->argv
|
|
*
|
|
* $a->argv[0] is our module name. We will load the file mod/{$a->argv[0]}.php
|
|
* and use it for handling our URL request.
|
|
* The module file contains a few functions that we call in various circumstances
|
|
* and in the following order:
|
|
*
|
|
* "module"_init
|
|
* "module"_post (only called if there are $_POST variables)
|
|
* "module"_content - the string return of this function contains our page body
|
|
*
|
|
* Modules which emit other serialisations besides HTML (XML,JSON, etc.) should do
|
|
* so within the module init and/or post functions and then invoke killme() to terminate
|
|
* further processing.
|
|
*/
|
|
|
|
if(strlen($a->module)) {
|
|
|
|
/**
|
|
*
|
|
* We will always have a module name.
|
|
* First see if we have a plugin which is masquerading as a module.
|
|
*
|
|
*/
|
|
|
|
if(is_array($a->plugins) && in_array($a->module,$a->plugins) && file_exists("addon/{$a->module}/{$a->module}.php")) {
|
|
include_once("addon/{$a->module}/{$a->module}.php");
|
|
if(function_exists($a->module . '_module'))
|
|
$a->module_loaded = true;
|
|
}
|
|
|
|
if((strpos($a->module,'admin') === 0) && (! is_site_admin())) {
|
|
$a->module_loaded = false;
|
|
notice( t('Permission denied.') . EOL);
|
|
goaway(z_root());
|
|
}
|
|
|
|
/**
|
|
* If the site has a custom module to over-ride the standard module, use it.
|
|
* Otherwise, look for the standard program module in the 'mod' directory
|
|
*/
|
|
|
|
if(! $a->module_loaded) {
|
|
if(file_exists("mod/site/{$a->module}.php")) {
|
|
include_once("mod/site/{$a->module}.php");
|
|
$a->module_loaded = true;
|
|
}
|
|
elseif(file_exists("mod/{$a->module}.php")) {
|
|
include_once("mod/{$a->module}.php");
|
|
$a->module_loaded = true;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* This provides a place for plugins to register module handlers which don't otherwise exist on the system.
|
|
* If the plugin sets 'installed' to true we won't throw a 404 error for the specified module even if
|
|
* there is no specific module file or matching plugin name.
|
|
* The plugin should catch at least one of the module hooks for this URL.
|
|
*/
|
|
|
|
$x = array('module' => $a->module, 'installed' => false);
|
|
call_hooks('module_loaded', $x);
|
|
if($x['installed'])
|
|
$a->module_loaded = true;
|
|
|
|
/**
|
|
* The URL provided does not resolve to a valid module.
|
|
*
|
|
* On Dreamhost sites, quite often things go wrong for no apparent reason and they send us to '/internal_error.html'.
|
|
* We don't like doing this, but as it occasionally accounts for 10-20% or more of all site traffic -
|
|
* we are going to trap this and redirect back to the requested page. As long as you don't have a critical error on your page
|
|
* this will often succeed and eventually do the right thing.
|
|
*
|
|
* Otherwise we are going to emit a 404 not found.
|
|
*/
|
|
|
|
if(! $a->module_loaded) {
|
|
|
|
// Stupid browser tried to pre-fetch our Javascript img template. Don't log the event or return anything - just quietly exit.
|
|
if((x($_SERVER, 'QUERY_STRING')) && preg_match('/{[0-9]}/', $_SERVER['QUERY_STRING']) !== 0) {
|
|
killme();
|
|
}
|
|
|
|
if((x($_SERVER, 'QUERY_STRING')) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && isset($dreamhost_error_hack)) {
|
|
logger('index.php: dreamhost_error_hack invoked. Original URI =' . $_SERVER['REQUEST_URI']);
|
|
goaway($a->get_baseurl() . $_SERVER['REQUEST_URI']);
|
|
}
|
|
|
|
logger('index.php: page not found: ' . $_SERVER['REQUEST_URI'] . ' ADDRESS: ' . $_SERVER['REMOTE_ADDR'] . ' QUERY: ' . $_SERVER['QUERY_STRING'], LOGGER_DEBUG);
|
|
header($_SERVER['SERVER_PROTOCOL'] . ' 404 ' . t('Not Found'));
|
|
$tpl = get_markup_template('404.tpl');
|
|
$a->page['content'] = replace_macros($tpl, array(
|
|
'$message' => t('Page not found.')
|
|
));
|
|
|
|
// pretend this is a module so it will initialise the theme
|
|
$a->module = '404';
|
|
$a->module_loaded = true;
|
|
}
|
|
}
|
|
|
|
|
|
/* initialise content region */
|
|
|
|
if(! x($a->page, 'content'))
|
|
$a->page['content'] = '';
|
|
|
|
|
|
if(! ($a->module === 'setup')) {
|
|
/* set JS cookie */
|
|
if($_COOKIE['jsAvailable'] != 1) {
|
|
$a->page['content'] .= '<script>document.cookie="jsAvailable=1; path=/"; var jsMatch = /\&JS=1/; if (!jsMatch.exec(location.href)) { location.href = location.href + "&JS=1"; }</script>';
|
|
/* emulate JS cookie if cookies are not accepted */
|
|
if ($_GET['JS'] == 1) {
|
|
$_COOKIE['jsAvailable'] = 1;
|
|
}
|
|
}
|
|
|
|
call_hooks('page_content_top', $a->page['content']);
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
* Call module functions
|
|
*/
|
|
|
|
if($a->module_loaded) {
|
|
$a->page['page_title'] = $a->module;
|
|
$placeholder = '';
|
|
|
|
/**
|
|
* No theme has been specified when calling the module_init functions
|
|
* For this reason, please restrict the use of templates to those which
|
|
* do not provide any presentation details - as themes will not be able
|
|
* to over-ride them.
|
|
*/
|
|
|
|
if(function_exists($a->module . '_init')) {
|
|
call_hooks($a->module . '_mod_init', $placeholder);
|
|
$func = $a->module . '_init';
|
|
$func($a);
|
|
}
|
|
|
|
/**
|
|
* Do all theme initialiasion here before calling any additional module functions.
|
|
* The module_init function may have changed the theme.
|
|
* Additionally any page with a Comanche template may alter the theme.
|
|
* So we'll check for those now.
|
|
*/
|
|
|
|
|
|
/**
|
|
* In case a page has overloaded a module, see if we already have a layout defined
|
|
* otherwise, if a PDL file exists for this module, use it
|
|
* The member may have also created a customised PDL that's stored in the config
|
|
*/
|
|
|
|
load_pdl($a);
|
|
|
|
/**
|
|
* load current theme info
|
|
*/
|
|
|
|
$theme_info_file = 'view/theme/' . current_theme() . '/php/theme.php';
|
|
if (file_exists($theme_info_file)){
|
|
require_once($theme_info_file);
|
|
}
|
|
|
|
if(function_exists(str_replace('-', '_', current_theme()) . '_init')) {
|
|
$func = str_replace('-', '_', current_theme()) . '_init';
|
|
$func($a);
|
|
}
|
|
elseif (x($a->theme_info, 'extends') && file_exists('view/theme/' . $a->theme_info['extends'] . '/php/theme.php')) {
|
|
require_once('view/theme/' . $a->theme_info['extends'] . '/php/theme.php');
|
|
if(function_exists(str_replace('-', '_', $a->theme_info['extends']) . '_init')) {
|
|
$func = str_replace('-', '_', $a->theme_info['extends']) . '_init';
|
|
$func($a);
|
|
}
|
|
}
|
|
|
|
if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! $a->error)
|
|
&& (function_exists($a->module . '_post'))
|
|
&& (! x($_POST, 'auth-params'))) {
|
|
call_hooks($a->module . '_mod_post', $_POST);
|
|
$func = $a->module . '_post';
|
|
$func($a);
|
|
}
|
|
|
|
if((! $a->error) && (function_exists($a->module . '_content'))) {
|
|
$arr = array('content' => $a->page['content'], 'replace' => false);
|
|
call_hooks($a->module . '_mod_content', $arr);
|
|
$a->page['content'] = $arr['content'];
|
|
if(! $arr['replace']) {
|
|
$func = $a->module . '_content';
|
|
$arr = array('content' => $func($a));
|
|
}
|
|
call_hooks($a->module . '_mod_aftercontent', $arr);
|
|
$a->page['content'] .= $arr['content'];
|
|
}
|
|
}
|
|
|
|
// If you're just visiting, let javascript take you home
|
|
|
|
if(x($_SESSION, 'visitor_home')) {
|
|
$homebase = $_SESSION['visitor_home'];
|
|
} elseif(local_channel()) {
|
|
$homebase = $a->get_baseurl() . '/channel/' . $a->channel['channel_address'];
|
|
}
|
|
|
|
if(isset($homebase)) {
|
|
$a->page['content'] .= '<script>var homebase = "' . $homebase . '";</script>';
|
|
}
|
|
|
|
// now that we've been through the module content, see if the page reported
|
|
// a permission problem and if so, a 403 response would seem to be in order.
|
|
|
|
if(stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) {
|
|
header($_SERVER['SERVER_PROTOCOL'] . ' 403 ' . t('Permission denied.'));
|
|
}
|
|
|
|
|
|
call_hooks('page_end', $a->page['content']);
|
|
|
|
if(! $a->install)
|
|
check_cron_broken();
|
|
|
|
construct_page($a);
|
|
|
|
session_write_close();
|
|
exit;
|