private function __construct() { #~ Complete Booting: Set Error Handler and Load Other Core modules ##set_error_handler( '\error_handler' ); ##set_exception_handler( '\exception_handler' ); #~ Enforce E_ALL, but allow users to set levels not part of E_ALL. error_reporting(E_ALL | error_reporting()); if (!isset($_SERVER['HTTP_REFERER'])) { $_SERVER['HTTP_REFERER'] = ''; } if (!isset($_SERVER['SERVER_PROTOCOL']) || $_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.0' && $_SERVER['SERVER_PROTOCOL'] != 'HTTP/1.1') { $_SERVER['SERVER_PROTOCOL'] = 'HTTP/1.0'; } if (isset($_SERVER['HTTP_HOST'])) { $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']); #~ As HTTP_HOST is user input, ensure it only contains characters allowed in hostnames. See RFC 952 (and RFC 2181). if (!preg_match('/^\\[?(?:[a-z0-9-:\\]_]+\\.?)+$/', $_SERVER['HTTP_HOST'])) { #~ HTTP_HOST is invalid, e.g. if containing slashes it may be an attack. header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request'); exit; } } else { #~ Some pre-HTTP/1.1 clients will not send a Host header. Ensure the key is defined for E_ALL compliance. $_SERVER['HTTP_HOST'] = ''; } #~ Initialize Current Request Path $this->RequestPath; #~ Prevent PHP from generating HTML error messages. ini_set('html_errors', 0); #~ Don't escape quotes when reading files from the database, disk, etc. ini_set('magic_quotes_runtime', '0'); #~ Use session cookies, not transparent sessions that puts the session id in the query string. ini_set('session.use_cookies', '1'); ini_set('session.use_only_cookies', '1'); ini_set('session.use_trans_sid', '0'); #~ Don't send HTTP headers using PHP's session handler. ini_set('session.cache_limiter', 'none'); #~ Use httponly session cookies. ini_set('session.cookie_httponly', '1'); #~ Start a Timer \Clock::Get()->Start('Global'); #~ Load global settings. require_once DocRoot . '/sites/sites.php'; #~ Decide Site Directory define('ConfPath', $this->ConfPath); #~ Load the settings for active domain require_once DocRoot . $this->ConfPath . '/settings.php'; global $settings; #~ Initialize the Session if (count(explode('.', $settings['cookie_domain'])) > 2 && !is_numeric(str_replace('.', '', $settings['cookie_domain']))) { ini_set('session.cookie_domain', $settings['cookie_domain']); } if ($this->HTTPS) { ini_set('session.cookie_secure', TRUE); session_name('SSES' . md5($settings['cookie_domain'])); } else { session_name('SESS' . md5($settings['cookie_domain'])); } }