*/ if (isset($_SERVER['SCRIPT_NAME']) && $_SERVER['HTTP_HOST'] && preg_match("/\\/index\\.php/", $_SERVER['SCRIPT_NAME'])) { $url = asCleanString($_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME']); confChange('SELF_URL', $url); } elseif ($_SERVER['HTTP_HOST']) { $url = asCleanString($_SERVER['HTTP_HOST']); confChange('SELF_URL', $url); } /** * adjust url-prefix if https * NOTE: * - for installations at https, the urls in notifications-mails has to start with * https://www.somedome.com/ */ if (!confGet('SELF_PROTOCOL')) { if (getServerVar('HTTPS') == 'on') { confChange('SELF_PROTOCOL', 'https'); } else { confChange('SELF_PROTOCOL', 'http'); } } /** * get domain for email-address */ if (!confGet('SELF_DOMAIN') && isset($_SERVER["HTTP_HOST"])) { confChange('SELF_DOMAIN', $_SERVER["HTTP_HOST"]); } /** * set administrator-address (this should be set in customize.inc) * - this address is used in errors, etc. */
function validateNotSpam($str) { global $PH; global $auth; if (confGet('REJECT_SPAM_CONTENT') && $auth->cur_user->id == confGet('ANONYMOUS_USER') && isSpam($str)) { log_message(sprintf("rejected spam comment from %s with %s", getServerVar('REMOTE_ADDR'), getSpamProbability($str)), LOG_MESSAGE_HACKING_ALERT); $PH->abortWarning(__("Comment has been rejected, because it looks like spam.")); } }
public function show($id = NULL, $params = NULL, $fn_argument = NULL) { global $auth; ### echo debug output ### if (isset($auth->cur_user)) { $user_name = $auth->cur_user->name; } else { $user_name = '__not_logged_in__'; } $crawler = Auth::isCrawler() ? 'crawler' : ''; log_message($user_name . '@' . getServerVar('REMOTE_ADDR', true) . " -> {$id} " . getServerVar('REQUEST_URI') . " (" . getServerVar('HTTP_USER_AGENT') . ") {$crawler}", LOG_MESSAGE_DEBUG); if (!$id) { $this->show('home'); exit; } else { if ($id != asAlphaNumeric($id)) { new FeedbackWarning("Ignored invalid page '" . asCleanString($id) . "'"); $this->show('home'); exit; } else { if (!isset($this->hash[$id])) { trigger_error('try to show undefined page-id ' . $id, E_USER_WARNING); $this->show('error'); return; } } } $handle = $this->hash[$id]; ### not authenticated ### if (!isset($auth) || !$auth->cur_user) { if (!$handle->valid_for_anonymous) { new FeedbackWarning("As an anonymous user you have not enough rights to view page '{$id}'"); $this->show('loginForm'); exit; } } ### check sufficient user-rights ### if ($handle->rights_required && !($handle->rights_required & $auth->cur_user->user_rights)) { $this->abortWarning("insufficient rights"); } ### hide modification pages from guests ### /** * Note: for some reason, this interfers with unit testing. Using the user agent for this * check here is extremely dirty, because it can be faked from attackers. This will not lead * to a result, because it switches the database for unit testing, though. */ if (getServerVar('HTTP_USER_AGENT') != 'streber_unit_tester') { if (isset($auth) && $auth->isAnonymousUser() && !$handle->valid_for_anonymous && ($handle->type == 'form' || $handle->type == 'subm' || $handle->type == 'func')) { $this->abortWarning("insufficient rights"); } } require_once $handle->req; #--- set page-handler-curpage --- $keep_cur_page_id = $this->cur_page_id; # show() might be called again, so we have to keep the page_id $this->cur_page_id = $id; $keep_cur_page = $this->cur_page; $this->cur_page = $handle; ### submit ### if ($handle->type = 'subm') { $tmp = get('from'); if ($tmp) { $this->cur_page_md5 = $tmp; } } #--- set params --- if ($params) { # global $vars; # foreach($params as $key=>$value) { # $vars[$key]=$value; # } # $vars['go']=$id; $params['go'] = $id; addRequestVars($params); } #--- avoid endless traps --- if (count($this->recursions) > MAX_PAGE_RECURSIONS) { trigger_error("maximum page recursions reached! (" . implode(",", $this->recursions) . ")", E_USER_ERROR); return; } $this->recursions[] = $id; #--- use id as function-name ---- if (function_exists($id)) { if ($fn_argument) { $id($fn_argument); # pass additional paramenter (eg. non-db-objects to xxxNew()-functions) } else { $id(); } } else { $this->abortWarning("page-call to undefined functions '{$id}'", ERROR_FATAL); } $this->cur_page_id = $keep_cur_page_id; $this->cur_page = $keep_cur_page; }
public function __toString() { global $auth; $onload_javascript = $this->page->extra_onload_js; ### include theme-config ### if ($theme_config = getThemeFile("theme_config.inc.php")) { require_once $theme_config; } ### Set uft8 header("Content-type: text/html; charset=utf-8"); ### Disable page caching ### header("Expires: -1"); header("Cache-Control: post-check=0, pre-check=0"); header("Pragma: no-cache"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); $title = asHtml($this->page->title) . '/' . asHtml($this->page->title_minor) . ' - ' . confGet('APP_NAME'); $buffer = '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">' . '<html>' . '<head>' . '<meta http-equiv="Content-type" content="text/html; charset=utf-8">'; if (isset($auth->cur_user->language)) { $buffer .= '<meta http-equiv="Content-Language" content="' . $auth->cur_user->language . '">'; } $buffer .= '<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">' . '<META HTTP-EQUIV="EXPIRES" CONTENT="-1">' . '<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">' . '<link rel="SHORTCUT ICON" href="./favicon.ico">' . "<title>{$title}</title>"; /** * use Starlight syntax highlighting if enabled and client uses Gecko */ if (confGet('LINK_STAR_LIGHT') && preg_match("/Gecko/i", getServerVar('HTTP_USER_AGENT'), $matches)) { $buffer .= "<link rel=\"stylesheet\" href=\"themes/starlight/star-light.css\" type=\"text/css\"/>"; } $buffer .= "<link rel=\"stylesheet\" title=\"top\" media=\"screen\" type=\"text/css\" href=\"" . getThemeFile("styles.css") . "?v=" . confGet('STREBER_VERSION') . "\">"; $buffer .= "<!--[if IE]><link rel=\"stylesheet\" title=\"ie\" media=\"screen\" type=\"text/css\" href=\"" . getThemeFile("styles_ie.css") . "?v=" . confGet('STREBER_VERSION') . "\"><![endif]-->"; ### link print-style ### if (confGet('LINK_STYLE_PRINT')) { $buffer .= "<link rel=\"stylesheet\" media=\"print, embossed\" type=\"text/css\" href=\"" . getThemeFile("styles_print.css") . "?v=" . confGet('STREBER_VERSION') . "\">"; } ### Add iphone layout hints if (stristr(getServerVar('HTTP_USER_AGENT'), "iPhone")) { $buffer .= '<meta name = "viewport" content = "initial-scale = 0.7, user-scalable = no">'; $buffer .= '<link rel="stylesheet" media="screen" type="text/css" href="' . getThemeFile("iphone.css") . "?v=" . confGet('STREBER_VERSION') . '">'; $onload_javascript = 'window.scrollTo(0, 1);'; } $buffer .= '<script type="text/javascript" src="js/jquery-1.8.2.js"></script>' . '<script type="text/javascript" src="js/jquery.jeditable.1.5.x.js"></script>' . '<script type="text/javascript" src="js/misc.js' . "?v=" . confGet('STREBER_VERSION') . '"></script>' . '<script type="text/javascript" src="js/listFunctions.js' . "?v=" . confGet('STREBER_VERSION') . '"></script>'; if ($this->page->use_autocomplete) { $buffer .= '<script type="text/javascript" src="js/jquery.autocomplete.1.0.2.js' . "?v=" . confGet('STREBER_VERSION') . '"></script>'; $buffer .= '<link rel="stylesheet" type="text/css" href="' . getThemeFile("jquery.autocomplete.css") . '?v=' . confGet('STREBER_VERSION') . '" />'; } $buffer .= ' <script type="text/javascript"> '; if (confGet('TASKDETAILS_IN_SIDEBOARD')) { $buffer .= "var g_enable_sideboard= true;"; } else { $buffer .= "var g_enable_sideboard= false;"; } ### assemble onLoad function $buffer .= ' <!-- //------ on load ------- $(document).ready(function(){ '; $buffer .= $onload_javascript; if ($this->page->use_autocomplete) { $buffer .= 'initAutocompleteFields();'; } if ($this->page->autofocus_field) { $buffer .= "\r\ndocument.my_form." . $this->page->autofocus_field . ".focus();\r\ndocument.my_form." . $this->page->autofocus_field . ".select();"; } $buffer .= 'initContextMenus();'; if ($q = get('q')) { $q = asCleanString($q); if ($ar = explode(" ", $q)) { foreach ($ar as $q2) { if ($q2) { $buffer .= "highlightWord(document.getElementsByTagName('body')[0],'{$q2}'); "; } } } else { $buffer .= "highlightWord(document.getElementsByTagName('body')[0],'{$q}'); "; } } $buffer .= "misc();\r\n listFunctions();\r\n\r\n });\r\n\r\n //-->\r\n </script>" . "<script type=\"text/javascript\" src=\"js/contextMenus.js\"></script>" . "<script type=\"text/javascript\" src=\"js/searchhi.js\"></script>" . "<script type=\"text/javascript\">\r\n cMenu.menus=new Object();\r\n </script>"; /** * for notes on searchi see: http://www.kryogenix.org/code/browser/searchhi/ */ ### add calendar-functions for form-pages ### # NOTE: including calendar tremedously increases loading time! if ($this->page->use_jscalendar) { $buffer .= '<style type="text/css">@import url(' . getThemeFile('/calendar-win2k-1.css') . ');</style>' . '<script type="text/javascript" src="js/calendar.js"></script>' . '<script type="text/javascript" src="js/lang/calendar-en.js"></script>' . '<script type="text/javascript" src="js/calendar-setup.js"></script>' . '<script type="text/javascript" src="js/dragslider.js"></script>'; } ### add extra html ### $buffer .= $this->page->extra_header_html; $buffer .= "\r\n </head>"; $buffer .= '<body '; global $PH; if (isset($PH->cur_page_id)) { $buffer .= "class=\"{$PH->cur_page_id}\""; } #$buffer.="updateTableColor();"; $buffer .= '>'; # close body tag & onload $buffer .= "<div class=\"noscript\"><noscript>"; $buffer .= __("This page requires java-script to be enabled. Please adjust your browser-settings."); $buffer .= "</noscript></div><div id=\"outer\">"; return $buffer; }
/** * Logout the current user and remove cookies @ingroup pages */ function logout() { global $PH; global $auth; ### kill cookie ### $auth->removeUserCookie(); $PH->cur_page_md5 = NULL; /** * keep date of last logout * NOTE: the cur_user-object might be no longer up to date (think about person submit). * so we get the latest version from the database to update the last_login-field */ if ($cur_user = Person::getById($auth->cur_user->id)) { $cur_user->cookie_string = $auth->cur_user->calcCookieString(); $cur_user->last_logout = getGMTString(); $cur_user->update(); } ### go to login-page #### $PH->messages[] = "Logged out"; $PH->show('loginForm'); #header("location:index.php"); if ($auth->cur_user) { $nickname = $auth->cur_user->nickname; } else { $nickname = '_nobody_'; } log_message("'" . $nickname . "' logged out from:" . getServerVar("REMOTE_ADDR", true), LOG_MESSAGE_LOGOUT); require_once confGet('DIR_STREBER') . 'std/mail.inc.php'; Notifier::sendNotifications(); }
if (file_exists(confGet('DIR_SETTINGS') . confGet('FILE_DB_SETTINGS'))) { require_once confGet('DIR_SETTINGS') . confGet('FILE_DB_SETTINGS'); } else { header("location:install/install.php"); exit; } include_once confGet('DIR_SETTINGS') . confGet('SITE_SETTINGS'); ### user-settings ## if (file_exists('customize.inc.php')) { require_once confGet('DIR_STREBER') . 'customize.inc.php'; } /** * overwrite db-settings if page requested while unit testing * read more at www.streber-pm.org/7276 */ if (getServerVar('HTTP_USER_AGENT') == 'streber_unit_tester') { confChange('DB_TABLE_PREFIX', 'test_' . confGet('DB_TABLE_PREFIX')); confChange('LOG_LEVEL', ''); } ### start output-buffering? ### if (confGet('USE_FIREPHP')) { ob_start(); } filterGlobalArrays(); /** * run profiler and output measures in footer? */ if (confGet('USE_PROFILER')) { require_once confGet('DIR_STREBER') . "std/profiler.inc.php"; } else { ### define empty functions ###
function find_in_path($needle, array $extrapath = array()) { $paths = explode(PATH_SEPARATOR, getServerVar('PATH')); $paths = array_merge($paths, $extrapath); $exts = explode(PATH_SEPARATOR, getServerVar('PATHEXT')); foreach ($paths as $path) { $file = $path . DIRECTORY_SEPARATOR . $needle; if (file_exists($file)) { return $file; } // W32 needs this foreach ($exts as $ext) { if (file_exists($file . $ext)) { return $file . $ext; } } } }
/** * there are some web crawlers which only cause traffic * * those are provided with empty page */ public static function isUglyCrawler() { if ($agent = getServerVar('HTTP_USER_AGENT')) { $crawlers = array("/HTTrack/", "/Mozilla\\/4.0 \\(compatible; MSIE 6.0; Windows NT 5.1; SV1\\)/", "/Mail\\.Ru\\/1.0/"); foreach ($crawlers as $c) { if (preg_match($c, $agent)) { return true; } } } }