require_once 'includes/lang.php'; require_once 'includes/functions.php'; # Add Cross domain access headers CORSHeaders(); // Check for valid content dirs if (!is_writable(ZM_DIR_EVENTS) || !is_writable(ZM_DIR_IMAGES)) { Fatal("Cannot write to content dirs('" . ZM_DIR_EVENTS . "','" . ZM_DIR_IMAGES . "'). Check that these exist and are owned by the web account user"); } if (isset($_REQUEST['view'])) { $view = detaintPath($_REQUEST['view']); } if (isset($_REQUEST['request'])) { $request = detaintPath($_REQUEST['request']); } if (isset($_REQUEST['action'])) { $action = detaintPath($_REQUEST['action']); } foreach (getSkinIncludes('skin.php') as $includeFile) { require_once $includeFile; } require_once 'includes/actions.php'; # If I put this here, it protects all views and popups, but it has to go after actions.php because actions.php does the actual logging in. if (ZM_OPT_USE_AUTH && !isset($user) && $view != 'login') { $view = 'login'; } # Only one request can open the session file at a time, so let's close the session here to improve concurrency. # Any file/page that uses the session must re-open it. session_write_close(); if (isset($_REQUEST['request'])) { foreach (getSkinIncludes('ajax/' . $request . '.php', true, true) as $includeFile) { if (!file_exists($includeFile)) {
function getSkinIncludes($file, $includeBase = false, $asOverride = false) { global $skinBase; $skinFile = false; foreach ($skinBase as $skin) { $tempSkinFile = detaintPath('skins' . '/' . $skin . '/' . $file); if (file_exists($tempSkinFile)) { $skinFile = $tempSkinFile; } } $includeFiles = array(); if ($asOverride) { if ($skinFile) { $includeFiles[] = $skinFile; } else { if ($includeBase) { $includeFiles[] = $file; } } } else { if ($includeBase) { $includeFiles[] = $file; } if ($skinFile) { $includeFiles[] = $skinFile; } } return $includeFiles; }