[1] | 1 | <?php |
---|
| 2 | /* boot.inc.php |
---|
| 3 | * code by strangecode :: www.strangecode.com :: this document contains copyrighted information. */ |
---|
| 4 | |
---|
| 5 | |
---|
| 6 | /* This is the big juicy initialization script that is generic and global to |
---|
| 7 | * all sites and scripts (even cron-executed scripts). This file is |
---|
| 8 | * included by a site-specific configuration file |
---|
| 9 | * which contains initialization and configuration specific to a site. Then |
---|
| 10 | * this big-daddy gets loaded, and starts all the trouble. Here we set global |
---|
| 11 | * configurations, include files that are used globally, connect to the |
---|
| 12 | * database, setup the sessions, and do things that are done for each script |
---|
| 13 | * execution, such as checking if the user is logged-in. */ |
---|
| 14 | |
---|
| 15 | |
---|
| 16 | // Find the central base file path of this crazy system |
---|
| 17 | // With some installations of php __FILE__ returns a relative path! |
---|
| 18 | $_file = preg_match('|^/|', __FILE__) ? __FILE__ : realpath(dirname($_SERVER['SCRIPT_FILENAME']) . '/' . __FILE__); |
---|
| 19 | define('CODE_BASE', realpath(dirname($_file) . '/..')); |
---|
| 20 | |
---|
| 21 | // If the site config file is not included this must be defined here. |
---|
| 22 | if (!defined('SITE_BASE')) { |
---|
| 23 | define('SITE_BASE', '__NO_SITE_BASE__'); |
---|
| 24 | } |
---|
| 25 | |
---|
| 26 | /****************************************************************************** |
---|
| 27 | * INCLUDE GLOBAL LIBRARIES AND CONFIGURATIONS |
---|
| 28 | *****************************************************************************/ |
---|
| 29 | |
---|
| 30 | require_once CODE_BASE . '/lib/Utilities.inc.php'; |
---|
| 31 | require_once CODE_BASE . '/lib/App.inc.php'; |
---|
| 32 | require_once CODE_BASE . '/lib/AuthSQL.inc.php'; |
---|
| 33 | |
---|
| 34 | require_once CODE_BASE . '/config/security_roster.inc.php'; |
---|
| 35 | |
---|
| 36 | // Default configurations. |
---|
| 37 | require_once CODE_BASE . '/config/defaults.inc.php'; |
---|
| 38 | |
---|
| 39 | // Global configurations overrides site configurations. |
---|
| 40 | if (file_exists(CODE_BASE . '/../config/global_config.inc.php')) { |
---|
| 41 | include CODE_BASE . '/../config/global_config.inc.php'; |
---|
| 42 | } |
---|
| 43 | |
---|
| 44 | // Debugging. |
---|
| 45 | ini_set('display_errors', $CFG->display_errors); |
---|
| 46 | ini_set('log_errors', '1'); |
---|
| 47 | if (is_dir($CFG->log_directory) && is_writable($CFG->log_directory)) { |
---|
| 48 | ini_set('error_log', $CFG->log_directory . '/php_error_log'); |
---|
| 49 | } |
---|
| 50 | |
---|
| 51 | /****************************************************************************** |
---|
| 52 | * DATABASE STUFF |
---|
| 53 | *****************************************************************************/ |
---|
| 54 | |
---|
| 55 | if ($CFG->enable_mysql) { // use mysql database _______________________________ |
---|
| 56 | |
---|
| 57 | // MySQL connection parameters. |
---|
| 58 | if (!empty($_SERVER['DB_NAME']) && !empty($_SERVER['DB_USER']) && !empty($_SERVER['DB_PASS'])) { |
---|
| 59 | // We set DB passwords as environment variables in the httpd.conf file, |
---|
| 60 | // which is readable only by root. |
---|
| 61 | $CFG->database = $_SERVER['DB_NAME']; |
---|
| 62 | $CFG->username = $_SERVER['DB_USER']; |
---|
| 63 | $CFG->password = $_SERVER['DB_PASS']; |
---|
| 64 | } else { |
---|
| 65 | // For CLI scripts that do not get httpd.conf ENV variables we load a |
---|
| 66 | // config file with the credentials. This file must be readable only by the |
---|
| 67 | // user that is executing the CLI application! NOT apache, unless the CLI is |
---|
| 68 | // spawned as a background process from an apache executed script, in which |
---|
| 69 | // case that is the only option. |
---|
| 70 | include SITE_BASE . '/../config/db_auth.inc.php'; |
---|
| 71 | } |
---|
| 72 | |
---|
| 73 | if (empty($CFG->database) || empty($CFG->username) || empty($CFG->password)) { |
---|
| 74 | logMsg('Database credentials missing.', LOG_EMERG, __FILE__, __LINE__); |
---|
| 75 | } |
---|
| 76 | |
---|
| 77 | // Connect to MySQL |
---|
| 78 | $dbh = mysql_connect('localhost', $CFG->username, $CFG->password); |
---|
| 79 | |
---|
| 80 | // Select database |
---|
| 81 | mysql_select_db($CFG->database, $dbh); |
---|
| 82 | |
---|
| 83 | // Connection errors. |
---|
| 84 | if (!$dbh || mysql_error($dbh)) { |
---|
| 85 | $mysql_error_msg = $dbh ? 'Codebase MySQL error: (' . mysql_errno($dbh) . ') ' . mysql_error($dbh) : 'Codebase MySQL error: Could not connect to server.'; |
---|
| 86 | if ($CFG->db_debug) { |
---|
| 87 | echo $mysql_error_msg . "\n"; |
---|
| 88 | } else { |
---|
| 89 | echo _("This page is temporarily unavailable. It should be back up in a few minutes."); |
---|
| 90 | } |
---|
| 91 | logMsg($mysql_error_msg, LOG_EMERG, __FILE__, __LINE__); |
---|
| 92 | die; |
---|
| 93 | } |
---|
| 94 | |
---|
| 95 | /** |
---|
| 96 | * A wrapper for mysql_query. Allows us to set the database link_identifier, |
---|
| 97 | * to trap errors and ease debugging. |
---|
| 98 | * |
---|
| 99 | * @param string $query The SQL query to execute |
---|
| 100 | * @param bool $debug If true, prints debugging info |
---|
| 101 | * @return resource Query identifier |
---|
| 102 | */ |
---|
| 103 | function dbQuery($query, $debug=false) |
---|
| 104 | { |
---|
| 105 | global $CFG, $dbh; |
---|
| 106 | |
---|
| 107 | $debugqry = preg_replace("/\n[\t ]+/", "\n", $query); |
---|
| 108 | if ($CFG->db_always_debug || $debug) { |
---|
| 109 | echo "<!-- --------------------------------------\n" . $debugqry . "\n-->"; |
---|
| 110 | } |
---|
| 111 | $qid = mysql_query($query, $dbh); |
---|
| 112 | if (!$qid || mysql_error($dbh)) { |
---|
| 113 | if ($CFG->db_debug) { |
---|
| 114 | echo '<br><pre style="color:#630; font:9px monaco,geneva,verdana;">'; |
---|
| 115 | echo '<strong>ERRONEOUS QUERY:</strong>' . htmlspecialchars($debugqry); |
---|
| 116 | echo '<br><strong>THE PROBLEM:</strong><br>' . wordwrap(mysql_error($dbh)) . '</pre>'; |
---|
| 117 | } else { |
---|
| 118 | echo _("This page is temporarily unavailable. It should be back up in a few minutes."); |
---|
| 119 | } |
---|
| 120 | logMsg('Query failed: ' . preg_replace('/[\s]+/', ' ', $debugqry) . ' with MySQL error: (' . mysql_errno($dbh) . ') ' . mysql_error($dbh), LOG_EMERG, __FILE__, __LINE__); |
---|
| 121 | if ($CFG->db_die_on_failure) { |
---|
| 122 | echo "\n\n<!-- Script execution stopped out of embarrassment. -->"; |
---|
| 123 | die; |
---|
| 124 | } |
---|
| 125 | } |
---|
| 126 | return $qid; |
---|
| 127 | } |
---|
| 128 | |
---|
| 129 | } // End enable MySQL._________________________________________________________ |
---|
| 130 | |
---|
| 131 | /****************************************************************************** |
---|
| 132 | * SESSION HANDLER INITIALIZATION, AND STARTUP |
---|
| 133 | *****************************************************************************/ |
---|
| 134 | |
---|
| 135 | |
---|
| 136 | // Skip sessions for some scripts, like the cron executed scripts. |
---|
| 137 | if (true === $CFG->enable_session) { //________________________________________ |
---|
| 138 | |
---|
| 139 | // Set the session ID to one provided in GET/POST. This is necessary for linking |
---|
| 140 | // between domains and keeping the same session. |
---|
| 141 | if ($ses = getFormData($CFG->session_name, false)) { |
---|
| 142 | session_id($ses); |
---|
| 143 | } |
---|
| 144 | |
---|
| 145 | // Session parameters. |
---|
| 146 | ini_set('session.use_cookies', $CFG->session_use_cookies); |
---|
| 147 | ini_set('session.use_trans_sid', false); |
---|
| 148 | ini_set('session.entropy_file', '/dev/urandom'); |
---|
| 149 | ini_set('session.entropy_length', '512'); |
---|
| 150 | session_name($CFG->session_name); |
---|
| 151 | |
---|
| 152 | if (true === $CFG->enable_mysql_session_handler && true === $CFG->enable_mysql) { |
---|
| 153 | // Database session handling. |
---|
| 154 | require_once CODE_BASE . '/lib/MySQLSessionHandler.inc.php'; |
---|
| 155 | $sess_mysql['dbh'] =& $dbh; // MySQL link identifyer, if we are already connected to the database |
---|
| 156 | $sess_mysql['hostname'] = 'localhost'; // MySQL hostname |
---|
| 157 | $sess_mysql['user'] = $CFG->username; // MySQL username |
---|
| 158 | $sess_mysql['password'] = $CFG->password; // MySQL password |
---|
| 159 | $sess_mysql['db'] = $CFG->database; // Database where to store the sessions |
---|
| 160 | $sess_mysql['table'] = 'session_tbl'; // Table where to store the sessions |
---|
| 161 | ini_set('session.save_handler', 'user'); |
---|
| 162 | session_set_save_handler('mysqlSessionOpen', 'mysqlSessionClose', 'mysqlSessionRead', 'mysqlSessionWrite', 'mysqlSessionDestroy', 'mysqlSessionGarbage'); |
---|
| 163 | } |
---|
| 164 | |
---|
| 165 | // Start the session. Access session data using: $_SESSION['...'] |
---|
| 166 | session_start(); |
---|
| 167 | |
---|
| 168 | // if (isset($_COOKIE[session_name()])) { |
---|
| 169 | // logMsg(sprintf('Found session in cookie: %s=%s', session_name(), $_COOKIE[session_name()]), LOG_DEBUG, __FILE__, __LINE__); |
---|
| 170 | // } |
---|
| 171 | // if (getPost(session_name())) { |
---|
| 172 | // logMsg(sprintf('Found session in post: %s=%s', session_name(), getPost(session_name())), LOG_DEBUG, __FILE__, __LINE__); |
---|
| 173 | // } |
---|
| 174 | // if (getGet(session_name())) { |
---|
| 175 | // logMsg(sprintf('Found session in get: %s=%s', session_name(), getGet(session_name())), LOG_DEBUG, __FILE__, __LINE__); |
---|
| 176 | // } |
---|
| 177 | // logMsg(sprintf('Using session %s=%s', session_name(), session_id()), LOG_DEBUG, __FILE__, __LINE__); |
---|
| 178 | |
---|
| 179 | |
---|
| 180 | /****************************************************************************** |
---|
| 181 | * LANGUAGE |
---|
| 182 | *****************************************************************************/ |
---|
| 183 | |
---|
| 184 | // Set the language. |
---|
| 185 | if ($lang = getFormData('lang')) { |
---|
| 186 | $_SESSION['_language'] = $lang; |
---|
| 187 | } else if (!isset($_SESSION['_language'])) { |
---|
| 188 | preg_match('/^([-[:alpha:]]+)/i', getenv('HTTP_ACCEPT_LANGUAGE'), $lang); |
---|
| 189 | if (isset($CFG->site_langs[$lang[0]])) { |
---|
| 190 | $_SESSION['_language'] = $lang[0]; |
---|
| 191 | } else { |
---|
| 192 | $_SESSION['_language'] = 'en'; |
---|
| 193 | } |
---|
| 194 | } |
---|
| 195 | |
---|
| 196 | } // end enable sessions ______________________________________________________ |
---|
| 197 | |
---|
| 198 | /****************************************************************************** |
---|
| 199 | * AUTHENTICATION |
---|
| 200 | *****************************************************************************/ |
---|
| 201 | |
---|
| 202 | |
---|
| 203 | if (!isset($_admin)) { |
---|
| 204 | $_admin = new AuthSQL(array( |
---|
| 205 | 'auth_name' => 'admin', |
---|
| 206 | 'user_tbl' => 'admin_tbl', |
---|
| 207 | 'user_id_column' => 'admin_id', |
---|
| 208 | 'login_url' => $CFG->admin_url . '/login.php' |
---|
| 209 | )); |
---|
| 210 | } |
---|
| 211 | |
---|
| 212 | if (!isset($_user)) { |
---|
| 213 | $_user = new AuthSQL(array( |
---|
| 214 | 'auth_name' => 'user', |
---|
| 215 | 'db_table' => 'user_tbl', |
---|
| 216 | 'user_id_column' => 'user_id', |
---|
| 217 | 'login_tbl' => 'login_tbl', |
---|
| 218 | 'login_url' => $CFG->site_url . '/login.php', |
---|
| 219 | 'features' => array('blocking'=>true, 'abuse_detection'=>true), |
---|
| 220 | )); |
---|
| 221 | } |
---|
| 222 | |
---|
| 223 | /****************************************************************************** |
---|
| 224 | * ET CETERA |
---|
| 225 | *****************************************************************************/ |
---|
| 226 | |
---|
| 227 | // Character set. This will also be printed in the html head. |
---|
| 228 | header('Content-type: text/html; charset=' . $CFG->character_set); |
---|
| 229 | |
---|
| 230 | // Capture the ultimate referrer. Used? Not yet. |
---|
| 231 | if (!isset($_SESSION['_ultimate_referrer'])) { |
---|
| 232 | $_SESSION['_ultimate_referrer'] = getenv('HTTP_REFERER'); |
---|
| 233 | } |
---|
| 234 | |
---|
| 235 | // The include path is set for the templates. |
---|
| 236 | // We split them between shared and site specific directories. |
---|
| 237 | $inc_lang = isset($_SESSION['_language']) ? $_SESSION['_language'] : 'en'; |
---|
| 238 | ini_set('include_path', |
---|
| 239 | '/usr/local/lib/php' . PATH_SEPARATOR . |
---|
| 240 | SITE_BASE . '/_templates/' . $inc_lang . PATH_SEPARATOR . |
---|
| 241 | CODE_BASE . '/templates/' . $inc_lang . PATH_SEPARATOR . |
---|
| 242 | |
---|
| 243 | SITE_BASE . '/_templates/en' . PATH_SEPARATOR . |
---|
| 244 | CODE_BASE . '/templates/en' . PATH_SEPARATOR . |
---|
| 245 | |
---|
| 246 | SITE_BASE . '/_templates' . PATH_SEPARATOR . |
---|
| 247 | CODE_BASE . '/templates' |
---|
| 248 | ); |
---|
| 249 | |
---|
| 250 | ?> |
---|