public function __construct($checkSessionAndActionAndActivateLogging = TRUE, $pageLocation = null, $requestedAction = null, $checkLocationAction = true)
{
global $WOOOF_VERSION;
if ($pageLocation == NULL) {
unset($pageLocation, $requestedAction);
global $pageLocation;
global $requestedAction;
}
global $userData;
global $__isSiteBuilderPage;
global $__isAdminPage;
global $wooofConfigOptions;
global $wooofConfigCustomOptions;
if (WOOOF::$instance !== NULL) {
//return; // forgive
exit('WOOOF constructor: WOOOF has already been constructed!');
// punish
}
if (!$checkSessionAndActionAndActivateLogging) {
$checkLocationAction = false;
}
$this->version = $WOOOF_VERSION;
$this->originalPostValues = $_POST;
$this->originalFilesValues = $_FILES;
$this->isAjax = !empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest';
// Expected WOOOF config option names
$configOptionNames = array('siteName', 'siteURLStart', 'defaultDBIndex', 'databaseName', 'databaseUser', 'databasePass', 'databaseHost', 'databaseLog', 'databaseAutoCommit', 'databaseSQLMode', 'fileLog', 'logTable', 'logFilePath', 'debugLogPath', 'debugMessagesLogLevel', 'sendEmailOnError', 'displayDatabaseErrors', 'displayScriptErrors', 'displaySQLStatementsLevel', 'debugSQLStatementsLevel', 'sessionExpirationPeriod', 'aggressiveSecurity', 'antiFloodProtection', 'storeUserPaths', 'siteBaseURL', 'siteBasePath', 'publicSite', 'absoluteFilesRepositoryPath', 'imagesRelativePath', 'adminMainFileName', 'adminURL', 'adminIncludesDirectory', 'dbManagerBaseURL', 'templatesRepository', 'applicationTemplatesRepository', 'cssFileNameForTinyMCE', 'cssForFormItem', 'isCacheEnabled', 'isMemCacheEnabled', 'memCacheServers', 'domainNameForCookies', 'minimumPasswordLength', 'minimumCapitalsInPassword', 'minimumNumbersInPassword', 'minimumSymbolsInPassword', 'classesPath', 'wooofClassesPath', 'showStopperErrorRoutine', 'saltProductionMethod', 'initApplicationRoutine');
// Init with some defaults
//
$this->isProductionEnv = defined('WOOOF_ENVIRONMENT') ? strtolower(substr(WOOOF_ENVIRONMENT, 0, 4)) == 'prod' ? true : false : true;
$this->configuration = array('siteURLStart' => '', 'defaultDBIndex' => 0, 'debugMessagesLogLevel' => WOOOF_loggingLevels::WOOOF_LOG_STATUSES, 'sendEmailOnError' => '', 'displayDatabaseErrors' => true, 'displayScriptErrors' => true, 'displaySQLStatementsLevel' => 1, 'debugSQLStatementsLevel' => 1, 'sessionExpirationPeriod' => '6 months', 'templatesRepository' => '../wooof_fragments/', 'applicationTemplatesRepository' => 'fragments/', 'showStopperErrorRoutine' => '', 'saltProductionMethod' => '', 'initApplicationRoutine' => '', 'publicSite' => 'publicSite/', 'dbManagerBaseURL' => 'wooof_dbManager/', 'adminURL' => 'wooof_administration/', 'adminMainFileName' => 'administration.php', 'adminIncludesDirectory' => 'adminIncludes/', 'classesPath' => 'classes/', 'wooofClassesPath' => 'wooof_classes/');
if ($this->isProductionEnv) {
// Override some defaults for Production environments.
// Maybe overriden by actual config entries.
$this->configuration['displayDatabaseErrors'] = false;
$this->configuration['displayScriptErrors'] = false;
$this->configuration['displaySQLStatementsLevel'] = 0;
}
$this->errors = array();
// Reveal forgotten / extra config options expected in WOOOF
// foreach($configOptionNames as $aVal ) { if ( !isset($wooofConfigOptions[$aVal]) ) { echo "A [$aVal]" . '<br>'; } }
// foreach($wooofConfigOptions as $aKey => $aVal ) { if ( !in_array($aKey,$configOptionNames) ) { echo "B [$aKey]" . '<br>'; } }
// die();
// Allow backwards compatibility (config options defined as multiple global variables).
$configInput = isset($wooofConfigOptions) ? $wooofConfigOptions : $GLOBALS;
unset($GLOBALS['wooofConfigOptions']);
foreach ($configInput as $aKey => $aVal) {
if (!in_array($aKey, $configOptionNames)) {
continue;
} else {
$this->configuration[$aKey] = $aVal;
}
}
// foreach provided option
// TODO: Make some checks... e.g. for
$dbIsPresent = isset($this->configuration['databaseName']);
if ($dbIsPresent) {
foreach ($this->configuration['databaseName'] as $aKey => $aName) {
if (!isset($this->configuration['databaseAutoCommit'][$aKey])) {
$this->configuration['databaseAutoCommit'][$aKey] = true;
}
if (!isset($this->configuration['databaseSQLMode'][$aKey])) {
$this->configuration['databaseSQLMode'][$aKey] = '';
}
}
}
// Make 'applicationTemplatesRepository' absolute, so that it can be found by custom admin code as well.
$this->configuration['applicationTemplatesRepository'] = $this->configuration['siteBasePath'] . $this->configuration['publicSite'] . $this->configuration['applicationTemplatesRepository'];
if (!$this->hasContent($this->configuration['siteURLStart'])) {
if (isset($_SERVER['HTTP_HOST'])) {
$siteURLStart = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' ? 'https' : 'http';
$siteURLStart .= '://' . $_SERVER['HTTP_HOST'];
$siteURLStart .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
} else {
$siteURLStart = 'http://localhost/';
}
}
$this->configuration['siteURLStart'] = $siteURLStart;
$this->assetsURL = $this->configuration['siteBaseURL'] . $this->configuration['publicSite'];
$this->imagesURL = $this->configuration['siteBaseURL'] . $this->configuration['publicSite'] . $this->configuration['imagesRelativePath'];
// Extra/Custom Configurations
if (isset($wooofConfigCustomOptions) && is_array($wooofConfigCustomOptions)) {
$this->configurationCustom = $wooofConfigCustomOptions;
}
// General settings and handlers
//
// error_reporting(E_ALL /*& ~E_NOTICE*/); // does not play a role ??
mb_internal_encoding("UTF-8");
set_error_handler(array($this, "handleError"));
register_shutdown_function(array($this, "handleShutdown"));
spl_autoload_register(array($this, 'handleClassAutoloader'));
WOOOF::$instance = $this;
$sessionsToDebug = $this->getConfigurationFor('sessions', 'debug');
$debugAll = $sessionsToDebug != NULL && is_array($sessionsToDebug) && count($sessionsToDebug) > 0 && $sessionsToDebug[0] == 'ALL';
$this->doDebug = $debugAll || is_array($sessionsToDebug) && in_array($this->sid, $sessionsToDebug);
if ($dbIsPresent) {
for ($dbCount = 0; $dbCount < count($this->configuration['databaseName']); $dbCount++) {
if ($this->configuration['databaseName'][$dbCount] != '') {
$this->dataBases[$dbCount] = new WOOOF_dataBase(microtime(true));
if ($this->configuration['defaultDBIndex'] == $dbCount) {
$this->db = $this->dataBases[$dbCount];
}
if ($checkSessionAndActionAndActivateLogging) {
$this->dataBases[$dbCount]->loggingToDatabase($this->configuration['databaseLog'][$dbCount], $this->configuration['logTable'][$dbCount]);
$this->dataBases[$dbCount]->loggingToFile($this->configuration['fileLog'][$dbCount], $this->configuration['logFilePath'][$dbCount]);
} else {
$this->dataBases[$dbCount]->loggingToDatabase(FALSE, $this->configuration['logTable'][$dbCount]);
$this->dataBases[$dbCount]->loggingToFile(FALSE, $this->configuration['logFilePath'][$dbCount]);
}
if ($__isAdminPage == true || $__isSiteBuilderPage == true) {
$this->dataBases[$dbCount]->setLoggingType(WOOOF_databaseLoggingModes::doNotLogSelectsDescrShow, WOOOF_databaseLoggingModes::doNotLogSelectsDescrShow);
}
}
}
}
$this->currentMicroTime = microtime(true);
$this->dateTime = date('YmdHis');
if ($checkSessionAndActionAndActivateLogging) {
$bR = $this->db->query('select * from __bannedIPs where IP=\'' . $this->cleanUserInput($_SERVER['REMOTE_ADDR']) . '\' and banExpiration>\'' . $this->dateTime . '\'');
if ($bR === FALSE) {
$this->handleConstructorError('Failed checking banned IPs.');
return;
}
if (mysqli_num_rows($bR)) {
// Intentionally die here as we are under attack (or so it seems).
//$this->log(WOOOF_loggingLevels::WOOOF_CRITICAL_ERROR, "IP [".$this->cleanUserInput($_SERVER['REMOTE_ADDR'] )." is banned");
die('you are banned!');
exit;
}
if (!$this->sessionCheck()) {
$this->newSession('0123456789');
}
// antonis
// Global $userData has been set at this point.
// $this->sid has been set at this point (but may be empty).
$this->userData = $userData;
// needed here as it is used in getSecurityPermitionsForLocationAndUser.
// Fill-in userRoles... cache
$userId = $userData['id'];
$this->userRolesSQLString = '';
$result = $this->db->query("select r.role, r.id from __userRoleRelation ur, __roles r where ur.userId = '{$userId}' and r.id = ur.roleId");
if ($result === FALSE) {
$this->handleConstructorError('Failed getting user roles.');
return;
}
while ($p = $this->db->fetchRow($result)) {
$this->userRolesArray[$p[0]] = 1;
// 1 could be anything
$this->userRolesSQLString .= "'" . $p[1] . "',";
}
$this->userRolesSQLString = substr($this->userRolesSQLString, 0, strlen($this->userRolesSQLString) - 1);
if ($this->configuration['storeUserPaths']) {
$this->db->query('insert into __userPaths set sessionId=\'' . $this->cleanUserInput($this->sid) . '\', requestPage=\'' . $this->cleanUserInput($_SERVER['REQUEST_URI']) . '\', requestData=\'' . $this->cleanUserInput(serialize($_POST)) . '\', timeStamp=\'' . $this->dateTime . '\'');
}
if ($this->configuration['antiFloodProtection'] > 0) {
$_ip = $this->cleanUserInput($_SERVER['REMOTE_ADDR']);
$requestsLastSecondR = $this->db->query('SELECT count(*) FROM __userPaths where sessionId=\'' . $this->cleanUserInput($this->sid) . '\' and timeStamp>\'' . date('YmdH') . (date('is') - 1) . '\'');
$requestsLastSecond = $this->db->fetchRow($requestsLastSecondR);
if ($requestsLastSecond[0] >= $this->configuration['antiFloodProtection'] - 1) {
$bR = $this->db->query('select * from __bannedIPs where IP=\'' . $_ip . '\'');
if (mysqli_num_rows($bR) > 5) {
$when = strtotime("+3 days");
} elseif (mysqli_num_rows($bR) > 1) {
$when = strtotime("+2 days");
} elseif (mysqli_num_rows($bR)) {
$when = strtotime("+1 days");
} else {
$when = strtotime("+6 hours");
}
$this->db->query('insert into __bannedIPs set IP=\'' . $_ip . '\', banExpiration=\'' . $when . '\'');
$this->db->commit();
$this->log(WOOOF_loggingLevels::WOOOF_CRITICAL_ERROR, self::_ECP . "0010 IP [{$_ip}] is now banned!");
exit;
}
}
}
$this->userData = $userData;
// set also above.
if ($dbIsPresent) {
$this->db->commit();
// Need to commit here to save session data for sure.
}
if ($checkLocationAction) {
$res = $this->checkLocationAndAction($pageLocation, $requestedAction);
if ($res === FALSE) {
$this->handleConstructorError('Failed in checkLocationAndAction.');
return;
}
}
// if $checkLocationAction
if ($this->configuration['isMemCacheEnabled']) {
$this->memCache = new Memcached();
foreach ($server as $this->configuration['memCacheServers']) {
$this->memCache->addServer($server);
}
}
if (!$__isAdminPage and !$__isSiteBuilderPage) {
// Call any defined app init routine
$customHandler = $this->getConfigurationFor('initApplicationRoutine');
if (WOOOF::hasContent($customHandler)) {
if (!is_callable($customHandler)) {
$this->logError(self::_ECP . "0520 Custom Application Init function [{$customHandler}] not found!");
}
$res = call_user_func($customHandler, $this);
if ($res === FALSE) {
$this->logError(self::_ECP . "0500 Custom Application Init function returned FALSE");
}
}
}
// not for admin or dbManager users
}
