/** main program for visitors
*
* this routine is called from /index.php. It is the main program for visitors.
*
* @return void page sent to the browser
* @todo cleanup login/logout-code
*/
function main_index()
{
global $USER;
global $CFG;
global $LANGUAGE;
/** initialise the program, setup database, read configuration, etc. */
require_once $CFG->progdir . '/init.php';
initialise();
was_version_check();
// this never returns if versions don't match
// TODO: cleanup like in main_admin()
// handle login/logout/continuation so we quickly find out which user is calling
if (isset($_GET['logout'])) {
/** loginlib.php contains both login- and logout-routines */
require_once $CFG->progdir . '/lib/loginlib.php';
was_logout();
// may or may not return here
} elseif (isset($_GET['login'])) {
/** loginlib.php contains both login- and logout-routines */
require_once $CFG->progdir . '/lib/loginlib.php';
was_login(magic_unquote($_GET['login']));
// may or may not return here
} elseif (isset($_COOKIE[$CFG->session_name])) {
/** dbsessionlib.php contains our own database based session handler */
require_once $CFG->progdir . '/lib/dbsessionlib.php';
dbsession_setup($CFG->session_name);
if (dbsession_exists(magic_unquote($_COOKIE[$CFG->session_name]))) {
session_start();
}
}
// At this point we either have a valid session with a logged-in user
// (indicated via existence of $_SESSION) or we are dealing with an anonymous
// visitor with non-existing $_SESSION. Keep track of the number of calls
// this user makes (may be logged lateron on logout).
if (isset($_SESSION)) {
if (!isset($_SESSION['session_counter'])) {
// first time after login, record start time of session
$_SESSION['session_counter'] = 1;
$_SESSION['session_start'] = strftime("%Y-%m-%d %T");
} else {
$_SESSION['session_counter']++;
}
}
// Now is the time to create a USER object, even when the visitor is just a passerby
// because we can then determine easily if a visitor is allowed certain things, e.g.
// view a protected area or something
/** useraccount.class.php is used to define the USER object */
require_once $CFG->progdir . '/lib/useraccount.class.php';
if (isset($_SESSION) && isset($_SESSION['user_id'])) {
$USER = new Useraccount($_SESSION['user_id']);
$USER->is_logged_in = TRUE;
$_SESSION['language_key'] = $LANGUAGE->get_current_language();
// remember language set via _GET or otherwise
} else {
$USER = new Useraccount();
$USER->is_logged_in = FALSE;
}
// Check for the special preview-mode
// This allows a webmaster to preview a page in the correct environment (theme)
// even when the page is under embargo. Note that the node_id and area_id are
// retrieved from the session; the user only has a cryptic preview-code.
// See pagemanagerlib.php for more information (function task_page_preview()).
$in_preview_mode = FALSE;
if ($USER->is_logged_in) {
$preview_code_from_url = get_parameter_string('preview');
if (!is_null($preview_code_from_url) && isset($_SESSION['preview_salt']) && isset($_SESSION['preview_node'])) {
$hash = md5($_SESSION['preview_salt'] . $_SESSION['preview_node']);
if ($hash === $preview_code_from_url) {
$node_id = intval($_SESSION['preview_node']);
$area_id = intval($_SESSION['preview_area']);
$area = db_select_single_record('areas', '*', array('area_id' => $area_id));
if ($area === FALSE) {
logger("Fatal error 070: cannot preview node '{$node_id}' in area '{$area_id}'");
error_exit('070');
} else {
$tree = tree_build($area_id);
$in_preview_mode = TRUE;
}
}
}
}
if ($in_preview_mode == FALSE) {
$requested_area = get_requested_area();
$requested_node = get_requested_node();
$req_area_str = is_null($requested_area) ? "NULL" : strval($requested_area);
$req_node_str = is_null($requested_node) ? "NULL" : strval($requested_node);
if (($area = calculate_area($requested_area, $requested_node)) === FALSE) {
logger("Fatal error 080: no valid area (request: area='{$req_area_str}', node='{$req_node_str}')");
error_exit('080');
// no such area
}
$area_id = intval($area['area_id']);
// If $USER has no permission to view area $area_id, we simply bail out.
// Rationale: if the user is genuine, she knows about logging in first.
// If the user is NOT logged in and tries to view a protected area, I'd consider
// it malicious, and in that case I won't even confirm the existence of
// the requested area. (If a cracker simply tries areas 0,1,.. and sometimes is greeted
// with 'please enter credentials' and sometimes with 'area does not exist', this
// provides information to the cracker. I don't want that). Note that the error code
// is the same as the one for non-existing area. In other words: for an unauthorised
// visitor an existing private area is just as non-existent as a non-existing public area.
if (db_bool_is(TRUE, $area['is_private']) && !$USER->has_intranet_permissions(ACL_ROLE_INTRANET_ACCESS, $area_id)) {
logger(sprintf("Fatal error 080: no view permissions for area '%d' (request: area='%s', node='%s')", $area_id, $req_area_str, $req_node_str));
error_exit('080');
// no such area
}
// still here?
// then we've got a valid $area_id and corresponding $area record.
// now we need to figure out which $node_id to use
$tree = tree_build($area_id);
if (($node_id = calculate_node_id($tree, $area_id, $requested_node)) === FALSE) {
logger(sprintf("Fatal error 080: no valid node within area '%d' (request: area='%s', node='%s')", $area_id, $req_area_str, $req_node_str));
error_exit('080');
// no such area
}
}
// At this point we have the following in our hands
// - a valid $area_id
// - a valid $node_id
// - the complete tree from area $area_id in $tree
// - the area record from database in $area
// - the node record from database in $tree[$node_id]['record']
// - a flag that signals preview mode in $in_preview_mode
// We are on our way to generate a full page with content and all,
// but otoh we MIGHT be in the middle of a redirect, so we may have to
// leave without showing anything at all...
if (!empty($tree[$node_id]['record']['link_href'])) {
update_statistics($node_id);
if (isset($_SESSION)) {
session_write_close();
}
redirect_and_exit(htmlspecialchars($tree[$node_id]['record']['link_href']));
// exit; redirect_and_exit() never returns
}
/** themelib contains the theme factory */
require_once $CFG->progdir . '/lib/themelib.php';
// And now we know about the $area, we can carry on determining which $theme to use.
//
$theme = theme_factory($area['theme_id'], $area_id, $node_id);
if ($theme === FALSE) {
logger("Fatal error 090: cannot setup theme '{$area['theme_id']}' in area '{$area_id}'");
error_exit('090');
}
// Tell the theme about the preview mode
$theme->set_preview_mode($in_preview_mode);
// Now all we need to do is let the module connected to node $node_id generate output
$module_id = $tree[$node_id]['record']['module_id'];
module_view($theme, $area_id, $node_id, $module_id);
// Remember this visitor
update_statistics($node_id);
// Finally, send output to user
$theme->send_output();
if (isset($_SESSION)) {
session_write_close();
}
// done!
exit;
}
<?php
$this->gui->cols_width(1, 3);
$this->gui->set_meta('manage-comment', __('Manage Comments'), 'panel')->push_to(1);
$this->gui->set_item(array('type' => 'dom', 'value' => module_view('views/manage-comment-form', true, 'blogster')))->push_to('manage-comment');
$this->gui->get();
return;
echo $inner_head;
?>
<section>
<section class="hbox stretch">
<?php
echo $lmenu;
?>
<section class="vbox">
<section class="scrollable" id="pjax-container">
<header>
<div class="row b-b m-l-none m-r-none">
<div class="col-sm-4">
<h4 class="m-t m-b-none"><?php
echo get_page('title');
?>
</h4>
<p class="block text-muted"><?php
echo get_page('description');
?>
</p>
</div>
</div>
</header>
<section class="hbox stretch">
<?php
$this->gui->cols_width(1, 3);
$this->gui->cols_width(2, 1);
$this->gui->col_config(1, array('inner-opening-wrapper' => '<form method="post" class="submitForm">'));
$this->gui->col_config(2, array('inner-closing-wrapper' => '</form>'));
$this->gui->set_meta(array('namespace' => 'post_new', 'type' => 'unwrapped'))->push_to(1);
$this->gui->set_meta(array('namespace' => 'post_meta', 'type' => 'unwrapped'))->push_to(2);
$this->gui->set_item(array('type' => 'dom', 'value' => module_view('views/post-new', true, 'blogster')))->push_to('post_new');
$this->gui->set_item(array('type' => 'dom', 'value' => module_view('views/post-new-meta', true, 'blogster')))->push_to('post_meta');
$this->gui->get();
<?php
$this->gui->cols_width(1, 3);
$this->gui->cols_width(2, 1);
$this->gui->set_meta(array('namespace' => 'post_list', 'type' => 'unwrapped'))->push_to(1);
$this->gui->set_meta(array('namespace' => 'comment_excerpt', 'type' => 'unwrapped'))->push_to(1);
$this->gui->set_item(array('type' => 'dom', 'value' => module_view('views/blogster-posts-list', true, 'blogster')))->push_to('post_list');
$this->gui->set_item(array('type' => 'dom'))->push_to('comment_excerpt');
$this->gui->get();
return;
echo $inner_head;
?>
<section id="w-f">
<section class="hbox stretch">
<?php
echo $lmenu;
?>
<section class="vbox">
<section class="scrollable" id="pjax-container">
<header>
<div class="row b-b m-l-none m-r-none">
<div class="col-sm-4">
<h4 class="m-t m-b-none"><?php
echo get_page('title');
?>
</h4>
<p class="block text-muted">
<?php
echo get_page('description');
?>
<?php
$this->gui->cols_width(1, 4);
$this->gui->col_config(1, array('inner-closing-wrapper' => '<div bulkSelect target="#bulkSelect">
<select name="action" class="input-sm form-control input-s-sm inline">
<option value="0">' . __('Bulk Actions') . '</option>
<option value="delete">' . __('Delete') . '</option>
</select>
<button class="btn btn-sm btn-white">' . __('Apply') . '</button>
</div>'));
$this->gui->set_meta(array('type' => 'panel-ho', 'namespace' => 'category-list', 'title' => __('Category List'), 'form_wrap' => array('method' => 'post', 'id' => 'bulkSelect')))->push_to(1);
$this->gui->set_item(array('type' => 'dom', 'value' => module_view('views/category-list-table', true, 'blogster')))->push_to('category-list');
$this->gui->get();
return;
echo $inner_head;
?>
<section id="w-f">
<section class="hbox stretch">
<?php
echo $lmenu;
?>
<section class="vbox">
<section class="scrollable" id="pjax-container">
<header>
<div class="row b-b m-l-none m-r-none">
<div class="col-sm-4">
<h4 class="m-t m-b-none"><?php
echo get_page('title');
?>
</h4>