function _init_loadSettings() { // get settings filenames and paths (either) list($hostnameWithoutPort) = explode(':', strtolower(@$_SERVER['HTTP_HOST'])); $hostnameWithoutPort = preg_replace('/[^\\w\\-\\.]/', '', $hostnameWithoutPort); // security: HTTP_HOST is user defined - remove non-filename chars to prevent ../ attacks $hostnameWithoutPort = preg_replace('/^www\\./i', '', $hostnameWithoutPort); // v2.50 - usability: don't require www. prefix so www.example.com and example.com both check for settings.example.com.php $settings_fileName = 'settings.' . preg_replace('/[^\\w\\-\\.]/', '', $hostnameWithoutPort) . '.php'; $settings_filePath = DATA_DIR . '/' . $settings_fileName; // supports host based settings files such as: /data/settings.localhost.php define('SETTINGS_DEV_FILENAME', $settings_fileName); define('SETTINGS_DEV_FILEPATH', DATA_DIR . '/' . SETTINGS_DEV_FILENAME); // set settings name and path for this server $useDev = is_file(SETTINGS_DEV_FILEPATH); define('SETTINGS_FILENAME', $useDev ? SETTINGS_DEV_FILENAME : 'settings.dat.php'); define('SETTINGS_FILEPATH', $useDev ? SETTINGS_DEV_FILEPATH : DATA_DIR . '/settings.dat.php'); // Require hostname-based settings files on development server domains (this section to be expanded) if (isInstalled() && isDevServer() && !is_file(SETTINGS_DEV_FILEPATH)) { header("Content-type: text/plain"); die("Development server requires custom settings files. Delete /data/isInstalled.php and re-install to create one."); } // load settings global $SETTINGS; if (!is_file(SETTINGS_FILEPATH)) { renameOrRemoveDefaultFiles(); } // rename settings.dat.php.default to settings.dat.php $SETTINGS = loadStructOrINI(SETTINGS_FILEPATH); // legacy support $SETTINGS['advanced']['encryptPasswords'] = 1; // added in 2.08, removed in 2.62 (force on for legacy support since encryption is always required now) ### set defaults (if not already defined in settings file - this happens when a user upgrades) // NOTE: Do this here for future instead of _upgradeSettings() $defaults = array('language' => '', 'adminEmail' => '', 'adminUrl' => '', 'cookiePrefix' => substr(md5(mt_rand()), 0, 5) . '_', 'activePlugins' => '', 'headerImageUrl' => '', 'footerHTML' => '', 'dateFormat' => '', 'cssTheme' => 'blue.css', 'webRootDir' => @$_SERVER['DOCUMENT_ROOT'], 'wysiwyg' => array(), 'advanced' => array(), 'bgtasks_lastRun' => '0', 'bgtasks_lastEmail' => '0', 'webPrefixUrl' => ''); $wysiwygDefaults = array('wysiwygLang' => 'en', 'includeDomainInLinks' => '0'); $advancedDefaults = array('imageResizeQuality' => 80, 'showExpandedMenu' => 0, 'disableFlashUploader' => 0, 'codeGeneratorExpertMode' => 0, 'hideLanguageSettings' => 0, 'session_cookie_domain' => '', 'session_save_path' => '', 'useDatepicker' => 0, 'requireHTTPS' => 0, 'httpProxyServer' => '', 'allowRelatedRecordsDragSorting' => 0, 'outgoingMail' => 'sendOnly', 'languageDeveloperMode' => 0, 'login_expiry_limit' => '30', 'login_expiry_unit' => 'minutes', 'restrictByIP' => 0, 'restrictByIP_allowed' => '', 'smtp_method' => 'php', 'smtp_hostname' => '', 'smtp_port' => '', 'smtp_username' => '', 'smtp_password' => '', 'phpHideErrors' => '0', 'phpEmailErrors' => '0', 'checkReferer' => '1', 'disableAutocomplete' => '0'); foreach ($defaults as $key => $value) { if (!array_key_exists($key, $SETTINGS)) { $SETTINGS[$key] = $value; } } foreach ($wysiwygDefaults as $key => $value) { if (!array_key_exists($key, $SETTINGS['wysiwyg'])) { $SETTINGS['wysiwyg'][$key] = $value; } } foreach ($advancedDefaults as $key => $value) { if (!array_key_exists($key, $SETTINGS['advanced'])) { $SETTINGS['advanced'][$key] = $value; } } ### custom defaults // adminUrl - update if url path has changed if (defined('IS_CMS_ADMIN')) { $hasAdminPathChanged = parse_url(thisPageUrl(), PHP_URL_PATH) != parse_url(@$SETTINGS['adminUrl'], PHP_URL_PATH); if ($hasAdminPathChanged) { // only update adminUrl when in the CMS admin $SETTINGS['adminUrl'] = @array_shift(explode('?', thisPageUrl())); // added in 2.12 - this must be set when admin.php is being access directly so we get the right URL saveSettings(); alert(sprintf(t("Updating Program Url to: %s") . "<br/>\n", $SETTINGS['adminUrl'])); } } // set default uploadDir and uploadUrl (do this here as above defaults code only runs when keys are undefined, not when they are blank) if (!$SETTINGS['uploadDir']) { $SETTINGS['uploadDir'] = 'uploads/'; // previously: /../uploads/ } if (!$SETTINGS['uploadUrl'] && !inCLI()) { // SCRIPT_NAME is set to filepath not web path when running in CLI, giving us incorrect values $SETTINGS['uploadUrl'] = dirname($_SERVER['SCRIPT_NAME']) . "/uploads/"; // previously: /../uploads/ $SETTINGS['uploadUrl'] = realUrl($SETTINGS['uploadUrl']); // remove ../ parent reference $SETTINGS['uploadUrl'] = parse_url($SETTINGS['uploadUrl'], PHP_URL_PATH); // remove scheme://hostname and leave /url/path } // remove old settings $removeKeys = array('vendorPoweredBy', 'timezoneOffsetAddMinus', 'timezoneOffsetHours', 'timezoneOffsetMinutes'); $removeCount = 0; foreach ($removeKeys as $key) { if (array_key_exists($key, $SETTINGS)) { unset($SETTINGS[$key]); $removeCount++; } } if ($removeCount) { saveSettings(); } // remove/convert old 'isInstalled' setting (from v2.09) if (array_key_exists('isInstalled', $SETTINGS)) { isInstalled(true); // set new installed status (semaphore file) unset($SETTINGS['isInstalled']); saveSettings(); } // Update PHP config with SMTP values from settings (only effects users who call mail() explicitly) if ($GLOBALS['SETTINGS']['advanced']['smtp_hostname']) { ini_set('SMTP', $GLOBALS['SETTINGS']['advanced']['smtp_hostname']); } if ($GLOBALS['SETTINGS']['advanced']['smtp_port']) { ini_set('smtp_port', $GLOBALS['SETTINGS']['advanced']['smtp_port']); } // Note: We don't need to return $SETTINGS because we're modifying the global. }
function upgradeIfNeeded() { global $SETTINGS, $APP; if ($SETTINGS['programVersion'] >= $APP['version']) { return; } // rename default files renameOrRemoveDefaultFiles(); // run upgrades require "lib/upgrade_functions.php"; // update version in settings $SETTINGS['programVersion'] = $APP['version']; saveSettings(); }