*/
if (isset($_SERVER['SCRIPT_NAME']) && $_SERVER['HTTP_HOST'] && preg_match("/\\/index\\.php/", $_SERVER['SCRIPT_NAME'])) {
$url = asCleanString($_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME']);
confChange('SELF_URL', $url);
} elseif ($_SERVER['HTTP_HOST']) {
$url = asCleanString($_SERVER['HTTP_HOST']);
confChange('SELF_URL', $url);
}
/**
* adjust url-prefix if https
* NOTE:
* - for installations at https, the urls in notifications-mails has to start with
* https://www.somedome.com/
*/
if (!confGet('SELF_PROTOCOL')) {
if (getServerVar('HTTPS') == 'on') {
confChange('SELF_PROTOCOL', 'https');
} else {
confChange('SELF_PROTOCOL', 'http');
}
}
/**
* get domain for email-address
*/
if (!confGet('SELF_DOMAIN') && isset($_SERVER["HTTP_HOST"])) {
confChange('SELF_DOMAIN', $_SERVER["HTTP_HOST"]);
}
/**
* set administrator-address (this should be set in customize.inc)
* - this address is used in errors, etc.
*/
function validateNotSpam($str)
{
global $PH;
global $auth;
if (confGet('REJECT_SPAM_CONTENT') && $auth->cur_user->id == confGet('ANONYMOUS_USER') && isSpam($str)) {
log_message(sprintf("rejected spam comment from %s with %s", getServerVar('REMOTE_ADDR'), getSpamProbability($str)), LOG_MESSAGE_HACKING_ALERT);
$PH->abortWarning(__("Comment has been rejected, because it looks like spam."));
}
}
public function show($id = NULL, $params = NULL, $fn_argument = NULL)
{
global $auth;
### echo debug output ###
if (isset($auth->cur_user)) {
$user_name = $auth->cur_user->name;
} else {
$user_name = '__not_logged_in__';
}
$crawler = Auth::isCrawler() ? 'crawler' : '';
log_message($user_name . '@' . getServerVar('REMOTE_ADDR', true) . " -> {$id} " . getServerVar('REQUEST_URI') . " (" . getServerVar('HTTP_USER_AGENT') . ") {$crawler}", LOG_MESSAGE_DEBUG);
if (!$id) {
$this->show('home');
exit;
} else {
if ($id != asAlphaNumeric($id)) {
new FeedbackWarning("Ignored invalid page '" . asCleanString($id) . "'");
$this->show('home');
exit;
} else {
if (!isset($this->hash[$id])) {
trigger_error('try to show undefined page-id ' . $id, E_USER_WARNING);
$this->show('error');
return;
}
}
}
$handle = $this->hash[$id];
### not authenticated ###
if (!isset($auth) || !$auth->cur_user) {
if (!$handle->valid_for_anonymous) {
new FeedbackWarning("As an anonymous user you have not enough rights to view page '{$id}'");
$this->show('loginForm');
exit;
}
}
### check sufficient user-rights ###
if ($handle->rights_required && !($handle->rights_required & $auth->cur_user->user_rights)) {
$this->abortWarning("insufficient rights");
}
### hide modification pages from guests ###
/**
* Note: for some reason, this interfers with unit testing. Using the user agent for this
* check here is extremely dirty, because it can be faked from attackers. This will not lead
* to a result, because it switches the database for unit testing, though.
*/
if (getServerVar('HTTP_USER_AGENT') != 'streber_unit_tester') {
if (isset($auth) && $auth->isAnonymousUser() && !$handle->valid_for_anonymous && ($handle->type == 'form' || $handle->type == 'subm' || $handle->type == 'func')) {
$this->abortWarning("insufficient rights");
}
}
require_once $handle->req;
#--- set page-handler-curpage ---
$keep_cur_page_id = $this->cur_page_id;
# show() might be called again, so we have to keep the page_id
$this->cur_page_id = $id;
$keep_cur_page = $this->cur_page;
$this->cur_page = $handle;
### submit ###
if ($handle->type = 'subm') {
$tmp = get('from');
if ($tmp) {
$this->cur_page_md5 = $tmp;
}
}
#--- set params ---
if ($params) {
# global $vars;
# foreach($params as $key=>$value) {
# $vars[$key]=$value;
# }
# $vars['go']=$id;
$params['go'] = $id;
addRequestVars($params);
}
#--- avoid endless traps ---
if (count($this->recursions) > MAX_PAGE_RECURSIONS) {
trigger_error("maximum page recursions reached! (" . implode(",", $this->recursions) . ")", E_USER_ERROR);
return;
}
$this->recursions[] = $id;
#--- use id as function-name ----
if (function_exists($id)) {
if ($fn_argument) {
$id($fn_argument);
# pass additional paramenter (eg. non-db-objects to xxxNew()-functions)
} else {
$id();
}
} else {
$this->abortWarning("page-call to undefined functions '{$id}'", ERROR_FATAL);
}
$this->cur_page_id = $keep_cur_page_id;
$this->cur_page = $keep_cur_page;
}
public function __toString()
{
global $auth;
$onload_javascript = $this->page->extra_onload_js;
### include theme-config ###
if ($theme_config = getThemeFile("theme_config.inc.php")) {
require_once $theme_config;
}
### Set uft8
header("Content-type: text/html; charset=utf-8");
### Disable page caching ###
header("Expires: -1");
header("Cache-Control: post-check=0, pre-check=0");
header("Pragma: no-cache");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
$title = asHtml($this->page->title) . '/' . asHtml($this->page->title_minor) . ' - ' . confGet('APP_NAME');
$buffer = '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">' . '<html>' . '<head>' . '<meta http-equiv="Content-type" content="text/html; charset=utf-8">';
if (isset($auth->cur_user->language)) {
$buffer .= '<meta http-equiv="Content-Language" content="' . $auth->cur_user->language . '">';
}
$buffer .= '<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">' . '<META HTTP-EQUIV="EXPIRES" CONTENT="-1">' . '<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">' . '<link rel="SHORTCUT ICON" href="./favicon.ico">' . "<title>{$title}</title>";
/**
* use Starlight syntax highlighting if enabled and client uses Gecko
*/
if (confGet('LINK_STAR_LIGHT') && preg_match("/Gecko/i", getServerVar('HTTP_USER_AGENT'), $matches)) {
$buffer .= "<link rel=\"stylesheet\" href=\"themes/starlight/star-light.css\" type=\"text/css\"/>";
}
$buffer .= "<link rel=\"stylesheet\" title=\"top\" media=\"screen\" type=\"text/css\" href=\"" . getThemeFile("styles.css") . "?v=" . confGet('STREBER_VERSION') . "\">";
$buffer .= "<!--[if IE]><link rel=\"stylesheet\" title=\"ie\" media=\"screen\" type=\"text/css\" href=\"" . getThemeFile("styles_ie.css") . "?v=" . confGet('STREBER_VERSION') . "\"><![endif]-->";
### link print-style ###
if (confGet('LINK_STYLE_PRINT')) {
$buffer .= "<link rel=\"stylesheet\" media=\"print, embossed\" type=\"text/css\" href=\"" . getThemeFile("styles_print.css") . "?v=" . confGet('STREBER_VERSION') . "\">";
}
### Add iphone layout hints
if (stristr(getServerVar('HTTP_USER_AGENT'), "iPhone")) {
$buffer .= '<meta name = "viewport" content = "initial-scale = 0.7, user-scalable = no">';
$buffer .= '<link rel="stylesheet" media="screen" type="text/css" href="' . getThemeFile("iphone.css") . "?v=" . confGet('STREBER_VERSION') . '">';
$onload_javascript = 'window.scrollTo(0, 1);';
}
$buffer .= '<script type="text/javascript" src="js/jquery-1.8.2.js"></script>' . '<script type="text/javascript" src="js/jquery.jeditable.1.5.x.js"></script>' . '<script type="text/javascript" src="js/misc.js' . "?v=" . confGet('STREBER_VERSION') . '"></script>' . '<script type="text/javascript" src="js/listFunctions.js' . "?v=" . confGet('STREBER_VERSION') . '"></script>';
if ($this->page->use_autocomplete) {
$buffer .= '<script type="text/javascript" src="js/jquery.autocomplete.1.0.2.js' . "?v=" . confGet('STREBER_VERSION') . '"></script>';
$buffer .= '<link rel="stylesheet" type="text/css" href="' . getThemeFile("jquery.autocomplete.css") . '?v=' . confGet('STREBER_VERSION') . '" />';
}
$buffer .= '
<script type="text/javascript">
';
if (confGet('TASKDETAILS_IN_SIDEBOARD')) {
$buffer .= "var g_enable_sideboard= true;";
} else {
$buffer .= "var g_enable_sideboard= false;";
}
### assemble onLoad function
$buffer .= '
<!--
//------ on load -------
$(document).ready(function(){
';
$buffer .= $onload_javascript;
if ($this->page->use_autocomplete) {
$buffer .= 'initAutocompleteFields();';
}
if ($this->page->autofocus_field) {
$buffer .= "\r\ndocument.my_form." . $this->page->autofocus_field . ".focus();\r\ndocument.my_form." . $this->page->autofocus_field . ".select();";
}
$buffer .= 'initContextMenus();';
if ($q = get('q')) {
$q = asCleanString($q);
if ($ar = explode(" ", $q)) {
foreach ($ar as $q2) {
if ($q2) {
$buffer .= "highlightWord(document.getElementsByTagName('body')[0],'{$q2}'); ";
}
}
} else {
$buffer .= "highlightWord(document.getElementsByTagName('body')[0],'{$q}'); ";
}
}
$buffer .= "misc();\r\n listFunctions();\r\n\r\n });\r\n\r\n //-->\r\n </script>" . "<script type=\"text/javascript\" src=\"js/contextMenus.js\"></script>" . "<script type=\"text/javascript\" src=\"js/searchhi.js\"></script>" . "<script type=\"text/javascript\">\r\n cMenu.menus=new Object();\r\n </script>";
/**
* for notes on searchi see: http://www.kryogenix.org/code/browser/searchhi/
*/
### add calendar-functions for form-pages ###
# NOTE: including calendar tremedously increases loading time!
if ($this->page->use_jscalendar) {
$buffer .= '<style type="text/css">@import url(' . getThemeFile('/calendar-win2k-1.css') . ');</style>' . '<script type="text/javascript" src="js/calendar.js"></script>' . '<script type="text/javascript" src="js/lang/calendar-en.js"></script>' . '<script type="text/javascript" src="js/calendar-setup.js"></script>' . '<script type="text/javascript" src="js/dragslider.js"></script>';
}
### add extra html ###
$buffer .= $this->page->extra_header_html;
$buffer .= "\r\n </head>";
$buffer .= '<body ';
global $PH;
if (isset($PH->cur_page_id)) {
$buffer .= "class=\"{$PH->cur_page_id}\"";
}
#$buffer.="updateTableColor();";
$buffer .= '>';
# close body tag & onload
$buffer .= "<div class=\"noscript\"><noscript>";
$buffer .= __("This page requires java-script to be enabled. Please adjust your browser-settings.");
$buffer .= "</noscript></div><div id=\"outer\">";
return $buffer;
}
/**
* Logout the current user and remove cookies @ingroup pages
*/
function logout()
{
global $PH;
global $auth;
### kill cookie ###
$auth->removeUserCookie();
$PH->cur_page_md5 = NULL;
/**
* keep date of last logout
* NOTE: the cur_user-object might be no longer up to date (think about person submit).
* so we get the latest version from the database to update the last_login-field
*/
if ($cur_user = Person::getById($auth->cur_user->id)) {
$cur_user->cookie_string = $auth->cur_user->calcCookieString();
$cur_user->last_logout = getGMTString();
$cur_user->update();
}
### go to login-page ####
$PH->messages[] = "Logged out";
$PH->show('loginForm');
#header("location:index.php");
if ($auth->cur_user) {
$nickname = $auth->cur_user->nickname;
} else {
$nickname = '_nobody_';
}
log_message("'" . $nickname . "' logged out from:" . getServerVar("REMOTE_ADDR", true), LOG_MESSAGE_LOGOUT);
require_once confGet('DIR_STREBER') . 'std/mail.inc.php';
Notifier::sendNotifications();
}
if (file_exists(confGet('DIR_SETTINGS') . confGet('FILE_DB_SETTINGS'))) {
require_once confGet('DIR_SETTINGS') . confGet('FILE_DB_SETTINGS');
} else {
header("location:install/install.php");
exit;
}
include_once confGet('DIR_SETTINGS') . confGet('SITE_SETTINGS');
### user-settings ##
if (file_exists('customize.inc.php')) {
require_once confGet('DIR_STREBER') . 'customize.inc.php';
}
/**
* overwrite db-settings if page requested while unit testing
* read more at www.streber-pm.org/7276
*/
if (getServerVar('HTTP_USER_AGENT') == 'streber_unit_tester') {
confChange('DB_TABLE_PREFIX', 'test_' . confGet('DB_TABLE_PREFIX'));
confChange('LOG_LEVEL', '');
}
### start output-buffering? ###
if (confGet('USE_FIREPHP')) {
ob_start();
}
filterGlobalArrays();
/**
* run profiler and output measures in footer?
*/
if (confGet('USE_PROFILER')) {
require_once confGet('DIR_STREBER') . "std/profiler.inc.php";
} else {
### define empty functions ###
function find_in_path($needle, array $extrapath = array())
{
$paths = explode(PATH_SEPARATOR, getServerVar('PATH'));
$paths = array_merge($paths, $extrapath);
$exts = explode(PATH_SEPARATOR, getServerVar('PATHEXT'));
foreach ($paths as $path) {
$file = $path . DIRECTORY_SEPARATOR . $needle;
if (file_exists($file)) {
return $file;
}
// W32 needs this
foreach ($exts as $ext) {
if (file_exists($file . $ext)) {
return $file . $ext;
}
}
}
}
/**
* there are some web crawlers which only cause traffic
*
* those are provided with empty page
*/
public static function isUglyCrawler()
{
if ($agent = getServerVar('HTTP_USER_AGENT')) {
$crawlers = array("/HTTrack/", "/Mozilla\\/4.0 \\(compatible; MSIE 6.0; Windows NT 5.1; SV1\\)/", "/Mail\\.Ru\\/1.0/");
foreach ($crawlers as $c) {
if (preg_match($c, $agent)) {
return true;
}
}
}
}
