/**
* Does the user authentication.
*/
protected function initAuth()
{
// this is a work-around since neither RequestHandler
// nor RouteHandler are populated right now
$pathInfo = RouteHandler::getPathInfo();
if (empty($pathInfo) || !preg_match('~^/?(acp-?captcha|login|logout)/~i', $pathInfo)) {
if (WCF::getUser()->userID == 0) {
// work-around for AJAX-requests within ACP
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
throw new AJAXException(WCF::getLanguage()->get('wcf.ajax.error.sessionExpired'), AJAXException::SESSION_EXPIRED, '');
}
// build redirect path
$application = ApplicationHandler::getInstance()->getActiveApplication();
if ($application === null) {
throw new SystemException("You have aborted the installation, therefore this installation is unusable. You are required to reinstall the software.");
}
// fallback for unknown host (rescue mode)
if ($application->domainName != $_SERVER['HTTP_HOST']) {
$pageURL = RouteHandler::getProtocol() . $_SERVER['HTTP_HOST'] . RouteHandler::getPath(array('acp'));
} else {
$pageURL = $application->getPageURL();
}
// drop session id
$redirectURI = preg_replace('~[&\\?]s=[a-f0-9]{40}(&|$)~', '', WCF::getSession()->requestURI);
$path = $pageURL . 'acp/index.php?login/' . SID_ARG_2ND_NOT_ENCODED . '&url=' . rawurlencode(RouteHandler::getProtocol() . $_SERVER['HTTP_HOST'] . $redirectURI);
HeaderUtil::redirect($path);
exit;
} else {
// work-around for AJAX-requests within ACP
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
try {
WCF::getSession()->checkPermissions(array('admin.general.canUseAcp'));
} catch (PermissionDeniedException $e) {
throw new AJAXException(self::getLanguage()->get('wcf.ajax.error.permissionDenied'), AJAXException::INSUFFICIENT_PERMISSIONS, $e->getTraceAsString());
}
} else {
WCF::getSession()->checkPermissions(array('admin.general.canUseAcp'));
}
// force debug mode if in ACP and authenticated
self::$overrideDebugMode = true;
}
}
}
/**
* Returns the URI of the current page.
*
* @return string
*/
public static function getRequestURI()
{
if (URL_LEGACY_MODE) {
// resolve path and query components
$scriptName = $_SERVER['SCRIPT_NAME'];
$pathInfo = RouteHandler::getPathInfo();
if (empty($pathInfo)) {
// bug fix if URL omits script name and path
$scriptName = substr($scriptName, 0, strrpos($scriptName, '/'));
}
$path = str_replace('/index.php', '', str_replace($scriptName, '', $_SERVER['REQUEST_URI']));
if (!StringUtil::isUTF8($path)) {
$path = StringUtil::convertEncoding('ISO-8859-1', 'UTF-8', $path);
}
$path = FileUtil::removeLeadingSlash($path);
$baseHref = self::getTPL()->get('baseHref');
if (!empty($path) && mb_strpos($path, '?') !== 0) {
$baseHref .= 'index.php/';
}
return $baseHref . $path;
} else {
$url = preg_replace('~^(https?://[^/]+)(?:/.*)?$~', '$1', self::getTPL()->get('baseHref'));
$url .= $_SERVER['REQUEST_URI'];
return $url;
}
}
/**
* Builds a new request.
*
* @param string $application
*/
protected function buildRequest($application)
{
try {
$routeData = RouteHandler::getInstance()->getRouteData();
// handle landing page for frontend requests
if (!$this->isACPRequest()) {
$this->handleDefaultController($application, $routeData);
// check if accessing from the wrong domain (e.g. "www." omitted but domain was configured with)
if (!defined('WCF_RUN_MODE') || WCF_RUN_MODE != 'embedded') {
$applicationObject = ApplicationHandler::getInstance()->getApplication($application);
if ($applicationObject->domainName != $_SERVER['HTTP_HOST']) {
// build URL, e.g. http://example.net/forum/
$url = FileUtil::addTrailingSlash(RouteHandler::getProtocol() . $applicationObject->domainName . RouteHandler::getPath());
if (URL_LEGACY_MODE) {
// add path info, e.g. index.php/Board/2/
$pathInfo = RouteHandler::getPathInfo();
if (!empty($pathInfo)) {
$url .= 'index.php' . $pathInfo;
}
}
// query string, e.g. ?foo=bar
if (!empty($_SERVER['QUERY_STRING'])) {
$url .= '?' . $_SERVER['QUERY_STRING'];
}
HeaderUtil::redirect($url, true);
exit;
}
}
// handle controller aliasing
if (empty($routeData['isImplicitController']) && !URL_LEGACY_MODE && isset($routeData['controller'])) {
$ciController = mb_strtolower($routeData['controller']);
// aliased controller, redirect to new URL
$alias = $this->getAliasByController($ciController);
if ($alias !== null) {
$this->redirect($routeData, $application);
}
$controller = $this->getControllerByAlias($ciController);
if ($controller !== null) {
// check if controller was provided explicitly as it should
$alias = $this->getAliasByController($controller);
if ($alias != $routeData['controller']) {
$routeData['controller'] = $controller;
$this->redirect($routeData, $application);
}
$routeData['controller'] = $controller;
}
}
} else {
if (empty($routeData['controller'])) {
$routeData['controller'] = 'Index';
}
}
$controller = $routeData['controller'];
// validate class name
if (!preg_match('~^[a-z0-9-]+$~i', $controller)) {
throw new SystemException("Illegal class name '" . $controller . "'");
}
// work-around for WCFSetup
if (!PACKAGE_ID) {
$parts = explode('-', $controller);
$parts = array_map(function ($part) {
return ucfirst($part);
}, $parts);
$controller = implode('', $parts);
}
// find class
$classData = $this->getClassData($controller, 'page', $application);
if ($classData === null) {
$classData = $this->getClassData($controller, 'form', $application);
}
if ($classData === null) {
$classData = $this->getClassData($controller, 'action', $application);
}
if ($classData === null) {
throw new SystemException("unable to find class for controller '" . $controller . "'");
} else {
if (!class_exists($classData['className'])) {
throw new SystemException("unable to find class '" . $classData['className'] . "'");
}
}
// check if controller was provided exactly as it should
if (!URL_LEGACY_MODE && !$this->isACPRequest()) {
if (preg_match('~([A-Za-z0-9]+)(?:Action|Form|Page)$~', $classData['className'], $matches)) {
$realController = self::getTokenizedController($matches[1]);
if ($controller != $realController) {
$this->redirect($routeData, $application, $matches[1]);
}
}
}
$this->activeRequest = new Request($classData['className'], $classData['controller'], $classData['pageType']);
} catch (SystemException $e) {
throw new IllegalLinkException();
}
}