function _init_loadSettings()
{
// get settings filenames and paths (either)
list($hostnameWithoutPort) = explode(':', strtolower(@$_SERVER['HTTP_HOST']));
$hostnameWithoutPort = preg_replace('/[^\\w\\-\\.]/', '', $hostnameWithoutPort);
// security: HTTP_HOST is user defined - remove non-filename chars to prevent ../ attacks
$hostnameWithoutPort = preg_replace('/^www\\./i', '', $hostnameWithoutPort);
// v2.50 - usability: don't require www. prefix so www.example.com and example.com both check for settings.example.com.php
$settings_fileName = 'settings.' . preg_replace('/[^\\w\\-\\.]/', '', $hostnameWithoutPort) . '.php';
$settings_filePath = DATA_DIR . '/' . $settings_fileName;
// supports host based settings files such as: /data/settings.localhost.php
define('SETTINGS_DEV_FILENAME', $settings_fileName);
define('SETTINGS_DEV_FILEPATH', DATA_DIR . '/' . SETTINGS_DEV_FILENAME);
// set settings name and path for this server
$useDev = is_file(SETTINGS_DEV_FILEPATH);
define('SETTINGS_FILENAME', $useDev ? SETTINGS_DEV_FILENAME : 'settings.dat.php');
define('SETTINGS_FILEPATH', $useDev ? SETTINGS_DEV_FILEPATH : DATA_DIR . '/settings.dat.php');
// Require hostname-based settings files on development server domains (this section to be expanded)
if (isInstalled() && isDevServer() && !is_file(SETTINGS_DEV_FILEPATH)) {
header("Content-type: text/plain");
die("Development server requires custom settings files. Delete /data/isInstalled.php and re-install to create one.");
}
// load settings
global $SETTINGS;
if (!is_file(SETTINGS_FILEPATH)) {
renameOrRemoveDefaultFiles();
}
// rename settings.dat.php.default to settings.dat.php
$SETTINGS = loadStructOrINI(SETTINGS_FILEPATH);
// legacy support
$SETTINGS['advanced']['encryptPasswords'] = 1;
// added in 2.08, removed in 2.62 (force on for legacy support since encryption is always required now)
### set defaults (if not already defined in settings file - this happens when a user upgrades)
// NOTE: Do this here for future instead of _upgradeSettings()
$defaults = array('language' => '', 'adminEmail' => '', 'adminUrl' => '', 'cookiePrefix' => substr(md5(mt_rand()), 0, 5) . '_', 'activePlugins' => '', 'headerImageUrl' => '', 'footerHTML' => '', 'dateFormat' => '', 'cssTheme' => 'blue.css', 'webRootDir' => @$_SERVER['DOCUMENT_ROOT'], 'wysiwyg' => array(), 'advanced' => array(), 'bgtasks_lastRun' => '0', 'bgtasks_lastEmail' => '0', 'webPrefixUrl' => '');
$wysiwygDefaults = array('wysiwygLang' => 'en', 'includeDomainInLinks' => '0');
$advancedDefaults = array('imageResizeQuality' => 80, 'showExpandedMenu' => 0, 'disableFlashUploader' => 0, 'codeGeneratorExpertMode' => 0, 'hideLanguageSettings' => 0, 'session_cookie_domain' => '', 'session_save_path' => '', 'useDatepicker' => 0, 'requireHTTPS' => 0, 'httpProxyServer' => '', 'allowRelatedRecordsDragSorting' => 0, 'outgoingMail' => 'sendOnly', 'languageDeveloperMode' => 0, 'login_expiry_limit' => '30', 'login_expiry_unit' => 'minutes', 'restrictByIP' => 0, 'restrictByIP_allowed' => '', 'smtp_method' => 'php', 'smtp_hostname' => '', 'smtp_port' => '', 'smtp_username' => '', 'smtp_password' => '', 'phpHideErrors' => '0', 'phpEmailErrors' => '0', 'checkReferer' => '1', 'disableAutocomplete' => '0');
foreach ($defaults as $key => $value) {
if (!array_key_exists($key, $SETTINGS)) {
$SETTINGS[$key] = $value;
}
}
foreach ($wysiwygDefaults as $key => $value) {
if (!array_key_exists($key, $SETTINGS['wysiwyg'])) {
$SETTINGS['wysiwyg'][$key] = $value;
}
}
foreach ($advancedDefaults as $key => $value) {
if (!array_key_exists($key, $SETTINGS['advanced'])) {
$SETTINGS['advanced'][$key] = $value;
}
}
### custom defaults
// adminUrl - update if url path has changed
if (defined('IS_CMS_ADMIN')) {
$hasAdminPathChanged = parse_url(thisPageUrl(), PHP_URL_PATH) != parse_url(@$SETTINGS['adminUrl'], PHP_URL_PATH);
if ($hasAdminPathChanged) {
// only update adminUrl when in the CMS admin
$SETTINGS['adminUrl'] = @array_shift(explode('?', thisPageUrl()));
// added in 2.12 - this must be set when admin.php is being access directly so we get the right URL
saveSettings();
alert(sprintf(t("Updating Program Url to: %s") . "<br/>\n", $SETTINGS['adminUrl']));
}
}
// set default uploadDir and uploadUrl (do this here as above defaults code only runs when keys are undefined, not when they are blank)
if (!$SETTINGS['uploadDir']) {
$SETTINGS['uploadDir'] = 'uploads/';
// previously: /../uploads/
}
if (!$SETTINGS['uploadUrl'] && !inCLI()) {
// SCRIPT_NAME is set to filepath not web path when running in CLI, giving us incorrect values
$SETTINGS['uploadUrl'] = dirname($_SERVER['SCRIPT_NAME']) . "/uploads/";
// previously: /../uploads/
$SETTINGS['uploadUrl'] = realUrl($SETTINGS['uploadUrl']);
// remove ../ parent reference
$SETTINGS['uploadUrl'] = parse_url($SETTINGS['uploadUrl'], PHP_URL_PATH);
// remove scheme://hostname and leave /url/path
}
// remove old settings
$removeKeys = array('vendorPoweredBy', 'timezoneOffsetAddMinus', 'timezoneOffsetHours', 'timezoneOffsetMinutes');
$removeCount = 0;
foreach ($removeKeys as $key) {
if (array_key_exists($key, $SETTINGS)) {
unset($SETTINGS[$key]);
$removeCount++;
}
}
if ($removeCount) {
saveSettings();
}
// remove/convert old 'isInstalled' setting (from v2.09)
if (array_key_exists('isInstalled', $SETTINGS)) {
isInstalled(true);
// set new installed status (semaphore file)
unset($SETTINGS['isInstalled']);
saveSettings();
}
// Update PHP config with SMTP values from settings (only effects users who call mail() explicitly)
if ($GLOBALS['SETTINGS']['advanced']['smtp_hostname']) {
ini_set('SMTP', $GLOBALS['SETTINGS']['advanced']['smtp_hostname']);
}
if ($GLOBALS['SETTINGS']['advanced']['smtp_port']) {
ini_set('smtp_port', $GLOBALS['SETTINGS']['advanced']['smtp_port']);
}
// Note: We don't need to return $SETTINGS because we're modifying the global.
}
function upgradeIfNeeded()
{
global $SETTINGS, $APP;
if ($SETTINGS['programVersion'] >= $APP['version']) {
return;
}
// rename default files
renameOrRemoveDefaultFiles();
// run upgrades
require "lib/upgrade_functions.php";
// update version in settings
$SETTINGS['programVersion'] = $APP['version'];
saveSettings();
}
