Example #1
0
function lovd_getProjectFile()
{
    // Gets project file name (file name including possible project subdirectory).
    // 2015-03-05; 3.0-13; When running an import, this function is called very often, so let's cache this function's results.
    static $sProjectFile;
    if ($sProjectFile) {
        return $sProjectFile;
    }
    $sDir = rtrim(dirname($_SERVER['SCRIPT_NAME']), '/') . '/';
    // /LOVDv.3.0/install/ or /
    $sProjectDir = lovd_cleanDirName($sDir . ROOT_PATH);
    // /LOVDv.3.0/         or /
    $sDir = substr($sDir, strlen($sProjectDir) - 1);
    // /install/           or /
    // You need to use SCRIPT_FILENAME here, because SCRIPT_NAME can lose the .php extension.
    $sProjectFile = $sDir . basename($_SERVER['SCRIPT_FILENAME']);
    // /install/index.php  or /variants.php
    return $sProjectFile;
}
Example #2
0
// The following applies only if the system is fully installed.
if (!defined('NOT_INSTALLED')) {
    // Load session data.
    require ROOT_PATH . 'inc-auth.php';
    // If we're read only, log user out when lower than Manager.
    if ($_AUTH && $_CONF['lovd_read_only'] && $_AUTH['level'] < LEVEL_MANAGER) {
        // We won't let the user know, because this usually only happens when a
        //  new message has appeared that sets the installation to read-only.
        // So let's hope the new message on the screen attracks attention and
        //  that it speaks for itself.
        // (In principle, it can also happen when an existing message is edited
        //   to lock the installation.)
        $_AUTH = false;
    }
    // Define $_PE ($_PATH_ELEMENTS) and CURRENT_PATH.
    $sPath = preg_replace('/^' . preg_quote(lovd_getInstallURL(false), '/') . '/', '', lovd_cleanDirName(rawurldecode($_SERVER['REQUEST_URI'])));
    // 'login' or 'genes?create' or 'users/00001?edit'
    $aPath = explode('?', $sPath);
    // Cut off the Query string, that will be handled later.
    $_PE = explode('/', rtrim($aPath[0], '/'));
    // array('login') or array('genes') or array('users', '00001')
    // XSS check on the elements.
    foreach ($_PE as $key => $val) {
        if ($val !== strip_tags($val)) {
            $_PE[$key] = '';
        }
    }
    if (isset($_SETT['objectid_length'][$_PE[0]]) && isset($_PE[1]) && ctype_digit($_PE[1])) {
        $_PE[1] = sprintf('%0' . $_SETT['objectid_length'][$_PE[0]] . 'd', $_PE[1]);
    }
    define('CURRENT_PATH', implode('/', $_PE));