1 | <?php |
---|
2 | /* boot.inc.php |
---|
3 | * code by strangecode :: www.strangecode.com :: this document contains copyrighted information. */ |
---|
4 | |
---|
5 | |
---|
6 | /* This is the big juicy initialization script that is generic and global to |
---|
7 | * all sites and scripts (even cron-executed scripts). This file is |
---|
8 | * included by a site-specific configuration file |
---|
9 | * which contains initialization and configuration specific to a site. Then |
---|
10 | * this big-daddy gets loaded, and starts all the trouble. Here we set global |
---|
11 | * configurations, include files that are used globally, connect to the |
---|
12 | * database, setup the sessions, and do things that are done for each script |
---|
13 | * execution, such as checking if the user is logged-in. */ |
---|
14 | |
---|
15 | |
---|
16 | // Find the central base file path of this crazy system |
---|
17 | // With some installations of php __FILE__ returns a relative path! |
---|
18 | $_file = preg_match('|^/|', __FILE__) ? __FILE__ : realpath(dirname($_SERVER['SCRIPT_FILENAME']) . '/' . __FILE__); |
---|
19 | define('CODE_BASE', realpath(dirname($_file) . '/..')); |
---|
20 | |
---|
21 | // If the site config file is not included this must be defined here. |
---|
22 | if (!defined('SITE_BASE')) { |
---|
23 | define('SITE_BASE', '__NO_SITE_BASE__'); |
---|
24 | } |
---|
25 | |
---|
26 | /****************************************************************************** |
---|
27 | * INCLUDE GLOBAL LIBRARIES AND CONFIGURATIONS |
---|
28 | *****************************************************************************/ |
---|
29 | |
---|
30 | require_once CODE_BASE . '/lib/Utilities.inc.php'; |
---|
31 | require_once CODE_BASE . '/lib/App.inc.php'; |
---|
32 | require_once CODE_BASE . '/lib/AuthSQL.inc.php'; |
---|
33 | |
---|
34 | require_once CODE_BASE . '/config/security_roster.inc.php'; |
---|
35 | |
---|
36 | // Default configurations. |
---|
37 | require_once CODE_BASE . '/config/defaults.inc.php'; |
---|
38 | |
---|
39 | // Global configurations overrides site configurations. |
---|
40 | if (file_exists(CODE_BASE . '/../config/global_config.inc.php')) { |
---|
41 | include CODE_BASE . '/../config/global_config.inc.php'; |
---|
42 | } |
---|
43 | |
---|
44 | // Debugging. |
---|
45 | ini_set('display_errors', $CFG->display_errors); |
---|
46 | ini_set('log_errors', '1'); |
---|
47 | if (is_dir($CFG->log_directory) && is_writable($CFG->log_directory)) { |
---|
48 | ini_set('error_log', $CFG->log_directory . '/php_error_log'); |
---|
49 | } |
---|
50 | |
---|
51 | /****************************************************************************** |
---|
52 | * DATABASE STUFF |
---|
53 | *****************************************************************************/ |
---|
54 | |
---|
55 | if ($CFG->enable_mysql) { // use mysql database _______________________________ |
---|
56 | |
---|
57 | // MySQL connection parameters. |
---|
58 | if (!empty($_SERVER['DB_NAME']) && !empty($_SERVER['DB_USER']) && !empty($_SERVER['DB_PASS'])) { |
---|
59 | // We set DB passwords as environment variables in the httpd.conf file, |
---|
60 | // which is readable only by root. |
---|
61 | $CFG->database = $_SERVER['DB_NAME']; |
---|
62 | $CFG->username = $_SERVER['DB_USER']; |
---|
63 | $CFG->password = $_SERVER['DB_PASS']; |
---|
64 | } else { |
---|
65 | // For CLI scripts that do not get httpd.conf ENV variables we load a |
---|
66 | // config file with the credentials. This file must be readable only by the |
---|
67 | // user that is executing the CLI application! NOT apache, unless the CLI is |
---|
68 | // spawned as a background process from an apache executed script, in which |
---|
69 | // case that is the only option. |
---|
70 | include SITE_BASE . '/../config/db_auth.inc.php'; |
---|
71 | } |
---|
72 | |
---|
73 | if (empty($CFG->database) || empty($CFG->username) || empty($CFG->password)) { |
---|
74 | logMsg('Database credentials missing.', LOG_WARNING, __FILE__, __LINE__); |
---|
75 | } |
---|
76 | |
---|
77 | // Connect to MySQL |
---|
78 | $dbh = mysql_connect('localhost', $CFG->username, $CFG->password); |
---|
79 | |
---|
80 | // Select database |
---|
81 | mysql_select_db($CFG->database, $dbh); |
---|
82 | |
---|
83 | // Connection errors. |
---|
84 | if (!$dbh || mysql_error($dbh)) { |
---|
85 | $mysql_error_msg = $dbh ? 'Codebase MySQL error: (' . mysql_errno($dbh) . ') ' . mysql_error($dbh) : 'Codebase MySQL error: Could not connect to server.'; |
---|
86 | if ($CFG->db_debug) { |
---|
87 | echo $mysql_error_msg . "\n"; |
---|
88 | } else { |
---|
89 | echo _("This page is temporarily unavailable. It should be back up in a few minutes."); |
---|
90 | } |
---|
91 | logMsg($mysql_error_msg, LOG_EMERG, __FILE__, __LINE__); |
---|
92 | die; |
---|
93 | } |
---|
94 | |
---|
95 | /** |
---|
96 | * A wrapper for mysql_query. Allows us to set the database link_identifier, |
---|
97 | * to trap errors and ease debugging. |
---|
98 | * |
---|
99 | * @param string $query The SQL query to execute |
---|
100 | * @param bool $debug If true, prints debugging info |
---|
101 | * @return resource Query identifier |
---|
102 | */ |
---|
103 | function dbQuery($query, $debug=false) |
---|
104 | { |
---|
105 | global $CFG, $dbh; |
---|
106 | |
---|
107 | $debugqry = preg_replace("/\n[\t ]+/", "\n", $query); |
---|
108 | if ($CFG->db_always_debug || $debug) { |
---|
109 | echo "<!-- --------------------------------------\n" . $debugqry . "\n-->"; |
---|
110 | } |
---|
111 | $qid = mysql_query($query, $dbh); |
---|
112 | if (!$qid || mysql_error($dbh)) { |
---|
113 | if ($CFG->db_debug) { |
---|
114 | echo '<br><pre style="color:#630; font:9px monaco,geneva,verdana;">'; |
---|
115 | echo '<strong>ERRONEOUS QUERY:</strong>' . htmlspecialchars($debugqry); |
---|
116 | echo '<br><strong>THE PROBLEM:</strong><br>' . wordwrap(mysql_error($dbh)) . '</pre>'; |
---|
117 | } else { |
---|
118 | echo _("This page is temporarily unavailable. It should be back up in a few minutes."); |
---|
119 | } |
---|
120 | logMsg('Query failed: ' . preg_replace('/[\s]+/', ' ', $debugqry) . ' with MySQL error: (' . mysql_errno($dbh) . ') ' . mysql_error($dbh), LOG_EMERG, __FILE__, __LINE__); |
---|
121 | if ($CFG->db_die_on_failure) { |
---|
122 | echo "\n\n<!-- Script execution stopped out of embarrassment. -->"; |
---|
123 | die; |
---|
124 | } |
---|
125 | } |
---|
126 | return $qid; |
---|
127 | } |
---|
128 | |
---|
129 | } // End enable MySQL._________________________________________________________ |
---|
130 | |
---|
131 | /****************************************************************************** |
---|
132 | * SESSION HANDLER INITIALIZATION, AND STARTUP |
---|
133 | *****************************************************************************/ |
---|
134 | |
---|
135 | |
---|
136 | // Skip sessions for some scripts, like the cron executed scripts. |
---|
137 | if (true === $CFG->enable_session) { //________________________________________ |
---|
138 | |
---|
139 | // Set the session ID to one provided in GET/POST. This is necessary for linking |
---|
140 | // between domains and keeping the same session. |
---|
141 | if ($ses = getFormData($CFG->session_name, false)) { |
---|
142 | session_id($ses); |
---|
143 | } |
---|
144 | |
---|
145 | // Session parameters. |
---|
146 | ini_set('session.use_cookies', $CFG->session_use_cookies); |
---|
147 | ini_set('session.use_trans_sid', false); |
---|
148 | ini_set('session.entropy_file', '/dev/urandom'); |
---|
149 | ini_set('session.entropy_length', '512'); |
---|
150 | session_name($CFG->session_name); |
---|
151 | |
---|
152 | if (true === $CFG->enable_mysql_session_handler && true === $CFG->enable_mysql) { |
---|
153 | // Database session handling. |
---|
154 | require_once CODE_BASE . '/lib/MySQLSessionHandler.inc.php'; |
---|
155 | $sess_mysql['dbh'] =& $dbh; // MySQL link identifyer, if we are already connected to the database |
---|
156 | $sess_mysql['hostname'] = 'localhost'; // MySQL hostname |
---|
157 | $sess_mysql['user'] = $CFG->username; // MySQL username |
---|
158 | $sess_mysql['password'] = $CFG->password; // MySQL password |
---|
159 | $sess_mysql['db'] = $CFG->database; // Database where to store the sessions |
---|
160 | $sess_mysql['table'] = 'session_tbl'; // Table where to store the sessions |
---|
161 | ini_set('session.save_handler', 'user'); |
---|
162 | session_set_save_handler('mysqlSessionOpen', 'mysqlSessionClose', 'mysqlSessionRead', 'mysqlSessionWrite', 'mysqlSessionDestroy', 'mysqlSessionGarbage'); |
---|
163 | } |
---|
164 | |
---|
165 | // Start the session. Access session data using: $_SESSION['...'] |
---|
166 | session_start(); |
---|
167 | |
---|
168 | // if (isset($_COOKIE[session_name()])) { |
---|
169 | // logMsg(sprintf('Found session in cookie: %s=%s', session_name(), $_COOKIE[session_name()]), LOG_DEBUG, __FILE__, __LINE__); |
---|
170 | // } |
---|
171 | // if (getPost(session_name())) { |
---|
172 | // logMsg(sprintf('Found session in post: %s=%s', session_name(), getPost(session_name())), LOG_DEBUG, __FILE__, __LINE__); |
---|
173 | // } |
---|
174 | // if (getGet(session_name())) { |
---|
175 | // logMsg(sprintf('Found session in get: %s=%s', session_name(), getGet(session_name())), LOG_DEBUG, __FILE__, __LINE__); |
---|
176 | // } |
---|
177 | // logMsg(sprintf('Using session %s=%s', session_name(), session_id()), LOG_DEBUG, __FILE__, __LINE__); |
---|
178 | |
---|
179 | |
---|
180 | /****************************************************************************** |
---|
181 | * LANGUAGE |
---|
182 | *****************************************************************************/ |
---|
183 | |
---|
184 | // Set the language. |
---|
185 | if ($lang = getFormData('lang')) { |
---|
186 | $_SESSION['_language'] = $lang; |
---|
187 | } else if (!isset($_SESSION['_language'])) { |
---|
188 | preg_match('/^([-[:alpha:]]+)/i', getenv('HTTP_ACCEPT_LANGUAGE'), $lang); |
---|
189 | if (isset($CFG->site_langs[$lang[0]])) { |
---|
190 | $_SESSION['_language'] = $lang[0]; |
---|
191 | } else { |
---|
192 | $_SESSION['_language'] = 'en'; |
---|
193 | } |
---|
194 | } |
---|
195 | |
---|
196 | } // end enable sessions ______________________________________________________ |
---|
197 | |
---|
198 | /****************************************************************************** |
---|
199 | * AUTHENTICATION |
---|
200 | *****************************************************************************/ |
---|
201 | |
---|
202 | |
---|
203 | if (!isset($_admin)) { |
---|
204 | $_admin = new AuthSQL(array( |
---|
205 | 'auth_name' => 'admin', |
---|
206 | 'user_tbl' => 'admin_tbl', |
---|
207 | 'user_id_column' => 'admin_id', |
---|
208 | 'login_url' => $CFG->admin_url . '/login.php' |
---|
209 | )); |
---|
210 | } |
---|
211 | |
---|
212 | if (!isset($_user)) { |
---|
213 | $_user = new AuthSQL(array( |
---|
214 | 'auth_name' => 'user', |
---|
215 | 'db_table' => 'user_tbl', |
---|
216 | 'user_id_column' => 'user_id', |
---|
217 | 'login_tbl' => 'login_tbl', |
---|
218 | 'login_url' => $CFG->site_url . '/login.php', |
---|
219 | 'features' => array('blocking'=>true, 'abuse_detection'=>true), |
---|
220 | )); |
---|
221 | } |
---|
222 | |
---|
223 | /****************************************************************************** |
---|
224 | * ET CETERA |
---|
225 | *****************************************************************************/ |
---|
226 | |
---|
227 | // Character set. This will also be printed in the html head. |
---|
228 | header('Content-type: text/html; charset=' . $CFG->character_set); |
---|
229 | |
---|
230 | // Capture the ultimate referrer. Used? Not yet. |
---|
231 | if (!isset($_SESSION['_ultimate_referrer'])) { |
---|
232 | $_SESSION['_ultimate_referrer'] = getenv('HTTP_REFERER'); |
---|
233 | } |
---|
234 | |
---|
235 | // The include path is set for the templates. |
---|
236 | // We split them between shared and site specific directories. |
---|
237 | $inc_lang = isset($_SESSION['_language']) ? $_SESSION['_language'] : 'en'; |
---|
238 | ini_set('include_path', |
---|
239 | '/usr/local/lib/php' . PATH_SEPARATOR . |
---|
240 | SITE_BASE . '/_templates/' . $inc_lang . PATH_SEPARATOR . |
---|
241 | CODE_BASE . '/templates/' . $inc_lang . PATH_SEPARATOR . |
---|
242 | |
---|
243 | SITE_BASE . '/_templates/en' . PATH_SEPARATOR . |
---|
244 | CODE_BASE . '/templates/en' . PATH_SEPARATOR . |
---|
245 | |
---|
246 | SITE_BASE . '/_templates' . PATH_SEPARATOR . |
---|
247 | CODE_BASE . '/templates' |
---|
248 | ); |
---|
249 | |
---|
250 | ?> |
---|