require_once 'includes/lang.php';
require_once 'includes/functions.php';
# Add Cross domain access headers
CORSHeaders();
// Check for valid content dirs
if (!is_writable(ZM_DIR_EVENTS) || !is_writable(ZM_DIR_IMAGES)) {
Fatal("Cannot write to content dirs('" . ZM_DIR_EVENTS . "','" . ZM_DIR_IMAGES . "'). Check that these exist and are owned by the web account user");
}
if (isset($_REQUEST['view'])) {
$view = detaintPath($_REQUEST['view']);
}
if (isset($_REQUEST['request'])) {
$request = detaintPath($_REQUEST['request']);
}
if (isset($_REQUEST['action'])) {
$action = detaintPath($_REQUEST['action']);
}
foreach (getSkinIncludes('skin.php') as $includeFile) {
require_once $includeFile;
}
require_once 'includes/actions.php';
# If I put this here, it protects all views and popups, but it has to go after actions.php because actions.php does the actual logging in.
if (ZM_OPT_USE_AUTH && !isset($user) && $view != 'login') {
$view = 'login';
}
# Only one request can open the session file at a time, so let's close the session here to improve concurrency.
# Any file/page that uses the session must re-open it.
session_write_close();
if (isset($_REQUEST['request'])) {
foreach (getSkinIncludes('ajax/' . $request . '.php', true, true) as $includeFile) {
if (!file_exists($includeFile)) {
function getSkinIncludes($file, $includeBase = false, $asOverride = false)
{
global $skinBase;
$skinFile = false;
foreach ($skinBase as $skin) {
$tempSkinFile = detaintPath('skins' . '/' . $skin . '/' . $file);
if (file_exists($tempSkinFile)) {
$skinFile = $tempSkinFile;
}
}
$includeFiles = array();
if ($asOverride) {
if ($skinFile) {
$includeFiles[] = $skinFile;
} else {
if ($includeBase) {
$includeFiles[] = $file;
}
}
} else {
if ($includeBase) {
$includeFiles[] = $file;
}
if ($skinFile) {
$includeFiles[] = $skinFile;
}
}
return $includeFiles;
}
