public function __construct($checkSessionAndActionAndActivateLogging = TRUE, $pageLocation = null, $requestedAction = null, $checkLocationAction = true) { global $WOOOF_VERSION; if ($pageLocation == NULL) { unset($pageLocation, $requestedAction); global $pageLocation; global $requestedAction; } global $userData; global $__isSiteBuilderPage; global $__isAdminPage; global $wooofConfigOptions; global $wooofConfigCustomOptions; if (WOOOF::$instance !== NULL) { //return; // forgive exit('WOOOF constructor: WOOOF has already been constructed!'); // punish } if (!$checkSessionAndActionAndActivateLogging) { $checkLocationAction = false; } $this->version = $WOOOF_VERSION; $this->originalPostValues = $_POST; $this->originalFilesValues = $_FILES; $this->isAjax = !empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'; // Expected WOOOF config option names $configOptionNames = array('siteName', 'siteURLStart', 'defaultDBIndex', 'databaseName', 'databaseUser', 'databasePass', 'databaseHost', 'databaseLog', 'databaseAutoCommit', 'databaseSQLMode', 'fileLog', 'logTable', 'logFilePath', 'debugLogPath', 'debugMessagesLogLevel', 'sendEmailOnError', 'displayDatabaseErrors', 'displayScriptErrors', 'displaySQLStatementsLevel', 'debugSQLStatementsLevel', 'sessionExpirationPeriod', 'aggressiveSecurity', 'antiFloodProtection', 'storeUserPaths', 'siteBaseURL', 'siteBasePath', 'publicSite', 'absoluteFilesRepositoryPath', 'imagesRelativePath', 'adminMainFileName', 'adminURL', 'adminIncludesDirectory', 'dbManagerBaseURL', 'templatesRepository', 'applicationTemplatesRepository', 'cssFileNameForTinyMCE', 'cssForFormItem', 'isCacheEnabled', 'isMemCacheEnabled', 'memCacheServers', 'domainNameForCookies', 'minimumPasswordLength', 'minimumCapitalsInPassword', 'minimumNumbersInPassword', 'minimumSymbolsInPassword', 'classesPath', 'wooofClassesPath', 'showStopperErrorRoutine', 'saltProductionMethod', 'initApplicationRoutine'); // Init with some defaults // $this->isProductionEnv = defined('WOOOF_ENVIRONMENT') ? strtolower(substr(WOOOF_ENVIRONMENT, 0, 4)) == 'prod' ? true : false : true; $this->configuration = array('siteURLStart' => '', 'defaultDBIndex' => 0, 'debugMessagesLogLevel' => WOOOF_loggingLevels::WOOOF_LOG_STATUSES, 'sendEmailOnError' => '', 'displayDatabaseErrors' => true, 'displayScriptErrors' => true, 'displaySQLStatementsLevel' => 1, 'debugSQLStatementsLevel' => 1, 'sessionExpirationPeriod' => '6 months', 'templatesRepository' => '../wooof_fragments/', 'applicationTemplatesRepository' => 'fragments/', 'showStopperErrorRoutine' => '', 'saltProductionMethod' => '', 'initApplicationRoutine' => '', 'publicSite' => 'publicSite/', 'dbManagerBaseURL' => 'wooof_dbManager/', 'adminURL' => 'wooof_administration/', 'adminMainFileName' => 'administration.php', 'adminIncludesDirectory' => 'adminIncludes/', 'classesPath' => 'classes/', 'wooofClassesPath' => 'wooof_classes/'); if ($this->isProductionEnv) { // Override some defaults for Production environments. // Maybe overriden by actual config entries. $this->configuration['displayDatabaseErrors'] = false; $this->configuration['displayScriptErrors'] = false; $this->configuration['displaySQLStatementsLevel'] = 0; } $this->errors = array(); // Reveal forgotten / extra config options expected in WOOOF // foreach($configOptionNames as $aVal ) { if ( !isset($wooofConfigOptions[$aVal]) ) { echo "A [$aVal]" . '<br>'; } } // foreach($wooofConfigOptions as $aKey => $aVal ) { if ( !in_array($aKey,$configOptionNames) ) { echo "B [$aKey]" . '<br>'; } } // die(); // Allow backwards compatibility (config options defined as multiple global variables). $configInput = isset($wooofConfigOptions) ? $wooofConfigOptions : $GLOBALS; unset($GLOBALS['wooofConfigOptions']); foreach ($configInput as $aKey => $aVal) { if (!in_array($aKey, $configOptionNames)) { continue; } else { $this->configuration[$aKey] = $aVal; } } // foreach provided option // TODO: Make some checks... e.g. for $dbIsPresent = isset($this->configuration['databaseName']); if ($dbIsPresent) { foreach ($this->configuration['databaseName'] as $aKey => $aName) { if (!isset($this->configuration['databaseAutoCommit'][$aKey])) { $this->configuration['databaseAutoCommit'][$aKey] = true; } if (!isset($this->configuration['databaseSQLMode'][$aKey])) { $this->configuration['databaseSQLMode'][$aKey] = ''; } } } // Make 'applicationTemplatesRepository' absolute, so that it can be found by custom admin code as well. $this->configuration['applicationTemplatesRepository'] = $this->configuration['siteBasePath'] . $this->configuration['publicSite'] . $this->configuration['applicationTemplatesRepository']; if (!$this->hasContent($this->configuration['siteURLStart'])) { if (isset($_SERVER['HTTP_HOST'])) { $siteURLStart = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' ? 'https' : 'http'; $siteURLStart .= '://' . $_SERVER['HTTP_HOST']; $siteURLStart .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']); } else { $siteURLStart = 'http://localhost/'; } } $this->configuration['siteURLStart'] = $siteURLStart; $this->assetsURL = $this->configuration['siteBaseURL'] . $this->configuration['publicSite']; $this->imagesURL = $this->configuration['siteBaseURL'] . $this->configuration['publicSite'] . $this->configuration['imagesRelativePath']; // Extra/Custom Configurations if (isset($wooofConfigCustomOptions) && is_array($wooofConfigCustomOptions)) { $this->configurationCustom = $wooofConfigCustomOptions; } // General settings and handlers // // error_reporting(E_ALL /*& ~E_NOTICE*/); // does not play a role ?? mb_internal_encoding("UTF-8"); set_error_handler(array($this, "handleError")); register_shutdown_function(array($this, "handleShutdown")); spl_autoload_register(array($this, 'handleClassAutoloader')); WOOOF::$instance = $this; $sessionsToDebug = $this->getConfigurationFor('sessions', 'debug'); $debugAll = $sessionsToDebug != NULL && is_array($sessionsToDebug) && count($sessionsToDebug) > 0 && $sessionsToDebug[0] == 'ALL'; $this->doDebug = $debugAll || is_array($sessionsToDebug) && in_array($this->sid, $sessionsToDebug); if ($dbIsPresent) { for ($dbCount = 0; $dbCount < count($this->configuration['databaseName']); $dbCount++) { if ($this->configuration['databaseName'][$dbCount] != '') { $this->dataBases[$dbCount] = new WOOOF_dataBase(microtime(true)); if ($this->configuration['defaultDBIndex'] == $dbCount) { $this->db = $this->dataBases[$dbCount]; } if ($checkSessionAndActionAndActivateLogging) { $this->dataBases[$dbCount]->loggingToDatabase($this->configuration['databaseLog'][$dbCount], $this->configuration['logTable'][$dbCount]); $this->dataBases[$dbCount]->loggingToFile($this->configuration['fileLog'][$dbCount], $this->configuration['logFilePath'][$dbCount]); } else { $this->dataBases[$dbCount]->loggingToDatabase(FALSE, $this->configuration['logTable'][$dbCount]); $this->dataBases[$dbCount]->loggingToFile(FALSE, $this->configuration['logFilePath'][$dbCount]); } if ($__isAdminPage == true || $__isSiteBuilderPage == true) { $this->dataBases[$dbCount]->setLoggingType(WOOOF_databaseLoggingModes::doNotLogSelectsDescrShow, WOOOF_databaseLoggingModes::doNotLogSelectsDescrShow); } } } } $this->currentMicroTime = microtime(true); $this->dateTime = date('YmdHis'); if ($checkSessionAndActionAndActivateLogging) { $bR = $this->db->query('select * from __bannedIPs where IP=\'' . $this->cleanUserInput($_SERVER['REMOTE_ADDR']) . '\' and banExpiration>\'' . $this->dateTime . '\''); if ($bR === FALSE) { $this->handleConstructorError('Failed checking banned IPs.'); return; } if (mysqli_num_rows($bR)) { // Intentionally die here as we are under attack (or so it seems). //$this->log(WOOOF_loggingLevels::WOOOF_CRITICAL_ERROR, "IP [".$this->cleanUserInput($_SERVER['REMOTE_ADDR'] )." is banned"); die('you are banned!'); exit; } if (!$this->sessionCheck()) { $this->newSession('0123456789'); } // antonis // Global $userData has been set at this point. // $this->sid has been set at this point (but may be empty). $this->userData = $userData; // needed here as it is used in getSecurityPermitionsForLocationAndUser. // Fill-in userRoles... cache $userId = $userData['id']; $this->userRolesSQLString = ''; $result = $this->db->query("select r.role, r.id from __userRoleRelation ur, __roles r where ur.userId = '{$userId}' and r.id = ur.roleId"); if ($result === FALSE) { $this->handleConstructorError('Failed getting user roles.'); return; } while ($p = $this->db->fetchRow($result)) { $this->userRolesArray[$p[0]] = 1; // 1 could be anything $this->userRolesSQLString .= "'" . $p[1] . "',"; } $this->userRolesSQLString = substr($this->userRolesSQLString, 0, strlen($this->userRolesSQLString) - 1); if ($this->configuration['storeUserPaths']) { $this->db->query('insert into __userPaths set sessionId=\'' . $this->cleanUserInput($this->sid) . '\', requestPage=\'' . $this->cleanUserInput($_SERVER['REQUEST_URI']) . '\', requestData=\'' . $this->cleanUserInput(serialize($_POST)) . '\', timeStamp=\'' . $this->dateTime . '\''); } if ($this->configuration['antiFloodProtection'] > 0) { $_ip = $this->cleanUserInput($_SERVER['REMOTE_ADDR']); $requestsLastSecondR = $this->db->query('SELECT count(*) FROM __userPaths where sessionId=\'' . $this->cleanUserInput($this->sid) . '\' and timeStamp>\'' . date('YmdH') . (date('is') - 1) . '\''); $requestsLastSecond = $this->db->fetchRow($requestsLastSecondR); if ($requestsLastSecond[0] >= $this->configuration['antiFloodProtection'] - 1) { $bR = $this->db->query('select * from __bannedIPs where IP=\'' . $_ip . '\''); if (mysqli_num_rows($bR) > 5) { $when = strtotime("+3 days"); } elseif (mysqli_num_rows($bR) > 1) { $when = strtotime("+2 days"); } elseif (mysqli_num_rows($bR)) { $when = strtotime("+1 days"); } else { $when = strtotime("+6 hours"); } $this->db->query('insert into __bannedIPs set IP=\'' . $_ip . '\', banExpiration=\'' . $when . '\''); $this->db->commit(); $this->log(WOOOF_loggingLevels::WOOOF_CRITICAL_ERROR, self::_ECP . "0010 IP [{$_ip}] is now banned!"); exit; } } } $this->userData = $userData; // set also above. if ($dbIsPresent) { $this->db->commit(); // Need to commit here to save session data for sure. } if ($checkLocationAction) { $res = $this->checkLocationAndAction($pageLocation, $requestedAction); if ($res === FALSE) { $this->handleConstructorError('Failed in checkLocationAndAction.'); return; } } // if $checkLocationAction if ($this->configuration['isMemCacheEnabled']) { $this->memCache = new Memcached(); foreach ($server as $this->configuration['memCacheServers']) { $this->memCache->addServer($server); } } if (!$__isAdminPage and !$__isSiteBuilderPage) { // Call any defined app init routine $customHandler = $this->getConfigurationFor('initApplicationRoutine'); if (WOOOF::hasContent($customHandler)) { if (!is_callable($customHandler)) { $this->logError(self::_ECP . "0520 Custom Application Init function [{$customHandler}] not found!"); } $res = call_user_func($customHandler, $this); if ($res === FALSE) { $this->logError(self::_ECP . "0500 Custom Application Init function returned FALSE"); } } } // not for admin or dbManager users }