/**
* Application bootstrap initialization.
* Solves chicken-and-egg problem - need a way to init Horde environment
* from application without an active Horde_Registry object.
*
* Page compression will be started (if configured).
*
* Global variables defined:
* <pre>
* - $browser: Horde_Browser object
* - $cli: Horde_Cli object (if 'cli' is true)
* - $conf: Configuration array
* - $injector: Horde_Injector object
* - $language: Language
* - $notification: Horde_Notification object
* - $page_output: Horde_PageOutput object
* - $prefs: Horde_Prefs object
* - $registry: Horde_Registry object
* - $session: Horde_Session object
* </pre>
*
* @param string $app The application to initialize.
* @param array $args Optional arguments:
* <pre>
* - admin: (boolean) Require authenticated user to be an admin?
* DEFAULT: false
* - authentication: (string) The type of authentication to use:
* - none: Do not authenticate
* - fallback: Attempt to authenticate; if failure, then don't auth
* (@since 2.11.0).
* - [DEFAULT]: Authenticate; on no auth redirect to login screen
* - cli: (boolean) Initialize a CLI interface. Setting this to true
* implicitly sets 'authentication' to 'none' and 'admin' and
* 'nocompress' to true.
* DEFAULT: false
* - nocompress: (boolean) If set, the page will not be compressed.
* DEFAULT: false
* - nologintasks: (boolean) If set, don't perform logintasks (never
* performed if authentication is 'none').
* DEFAULT: false
* - nonotificationinit: (boolean) If set, don't initialize the
* application handlers for the notification
* system (@since 2.12.0).
* - permission: (array) The permission required by the user to access
* the page. The first element (REQUIRED) is the permission
* name. The second element (OPTION; defaults to SHOW) is
* the permission level.
* - session_cache_limiter: (string) Use this value for the session
* cache limiter.
* DEFAULT: Uses the value in the config.
* - session_control: (string) Special session control limitations:
* - netscape: TODO; start read/write session
* - none: Do not start a session
* - readonly: Start session readonly
* - [DEFAULT] - Start read/write session
* - test: (boolean) Is this the test script? If so, we relax several
* sanity checks and don't load things from the cache.
* DEFAULT: false
* - timezone: (boolean) Set the time zone?
* DEFAULT: false
* - user_admin: (boolean) Set authentication to an admin user?
* DEFAULT: false
* </pre>
*
* @return Horde_Registry_Application The application object.
* @throws Horde_Exception
*/
public static function appInit($app, array $args = array())
{
if (isset($GLOBALS['registry'])) {
return $GLOBALS['registry']->getApiInstance($app, 'application');
}
$args = array_merge(array('admin' => false, 'authentication' => null, 'cli' => null, 'nocompress' => false, 'nologintasks' => false, 'nonotificationinit' => false, 'permission' => false, 'session_cache_limiter' => null, 'session_control' => null, 'timezone' => false, 'user_admin' => null), $args);
/* CLI initialization. */
if ($args['cli']) {
/* Make sure no one runs from the web. */
if (!Horde_Cli::runningFromCLI()) {
throw new Horde_Exception(Horde_Core_Translation::t("Script must be run from the command line"));
}
/* Load the CLI environment - make sure there's no time limit,
* init some variables, etc. */
$GLOBALS['cli'] = Horde_Cli::init();
$args['nocompress'] = true;
$args['authentication'] = 'none';
}
// For 'fallback' authentication, try authentication first.
if ($args['authentication'] === 'fallback') {
$fallback_auth = true;
$args['authentication'] = null;
} else {
$fallback_auth = false;
}
// Registry.
$s_ctrl = 0;
switch ($args['session_control']) {
case 'netscape':
// Chicken/egg: Browser object doesn't exist yet.
// Can't use Horde_Core_Browser since it depends on registry to be
// configured.
$browser = new Horde_Browser();
if ($browser->isBrowser('mozilla')) {
$args['session_cache_limiter'] = 'private, must-revalidate';
}
break;
case 'none':
$s_ctrl = self::SESSION_NONE;
break;
case 'readonly':
$s_ctrl = self::SESSION_READONLY;
break;
}
$classname = __CLASS__;
$registry = $GLOBALS['registry'] = new $classname($s_ctrl, $args);
$registry->initialApp = $app;
$appob = $registry->getApiInstance($app, 'application');
$appob->initParams = $args;
do {
try {
$registry->pushApp($app, array('check_perms' => $args['authentication'] != 'none', 'logintasks' => !$args['nologintasks'], 'notransparent' => !empty($args['notransparent'])));
if ($args['admin'] && !$registry->isAdmin()) {
throw new Horde_Exception(Horde_Core_Translation::t("Not an admin"));
}
$e = null;
} catch (Horde_Exception_PushApp $e) {
if ($fallback_auth) {
$registry->authException = $e;
$registry->setAuthenticationSetting('none');
$args['authentication'] = 'none';
$fallback_auth = false;
continue;
}
}
break;
} while (true);
if (!is_null($e)) {
$appob->appInitFailure($e);
switch ($e->getCode()) {
case self::AUTH_FAILURE:
$failure = new Horde_Exception_AuthenticationFailure($e->getMessage());
$failure->application = $app;
throw $failure;
case self::NOT_ACTIVE:
/* Try redirect to Horde if an app is not active. */
if (!$args['cli'] && $app != 'horde') {
$GLOBALS['notification']->push($e, 'horde.error');
Horde::url($registry->getInitialPage('horde'))->redirect();
}
/* Shouldn't reach here, but fall back to permission denied
* error if we can't even access Horde. */
// Fall-through
/* Shouldn't reach here, but fall back to permission denied
* error if we can't even access Horde. */
// Fall-through
case self::PERMISSION_DENIED:
$failure = new Horde_Exception_AuthenticationFailure($e->getMessage(), Horde_Auth::REASON_MESSAGE);
$failure->application = $app;
throw $failure;
}
throw $e;
}
if ($args['timezone']) {
$registry->setTimeZone();
}
if (!$args['nocompress']) {
$GLOBALS['page_output']->startCompression();
}
if ($args['user_admin']) {
if (empty($GLOBALS['conf']['auth']['admins'])) {
throw new Horde_Exception(Horde_Core_Translation::t("Admin authentication requested, but no admin users defined in configuration."));
}
$registry->setAuth(reset($GLOBALS['conf']['auth']['admins']), array(), array('no_convert' => true));
}
if ($args['permission']) {
$admin_opts = array('permission' => $args['permission'][0], 'permlevel' => isset($args['permission'][1]) ? $args['permission'][1] : Horde_Perms::SHOW);
if (!$registry->isAdmin($admin_opts)) {
throw new Horde_Exception_PermissionDenied(Horde_Core_Translation::t("Permission denied."));
}
}
return $appob;
}
/**
* ungimp_ie
*
* This function sets the cache limiting to public if you are running
* some flavor of IE and not using HTTPS.
*/
public static function ungimp_ie()
{
// If no https, no ungimpage required
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'on') {
return true;
}
$browser = new Horde_Browser();
if ($browser->isBrowser('msie')) {
session_cache_limiter('public');
}
return true;
}
