Project

General

Profile

1
<?php
2
/**
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4
 *
5
 * This program is free software: you can redistribute it and/or modify
6
 * it under the terms of the GNU General Public License as published by
7
 * the Free Software Foundation, either version 3 of the License, or
8
 * (at your option) any later version.
9
 *
10
 * This program is distributed in the hope that it will be useful,
11
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13
 * GNU General Public License for more details.
14
 *
15
 * You should have received a copy of the GNU General Public License
16
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
17
 */
18

    
19
/**
20
 * initialize.php
21
 *
22
 * @category     Core
23
 * @package      Core_Environment
24
 * @author       Werner v.d.Decken <wkl@isteam.de>
25
 * @copyright    Werner v.d.Decken <wkl@isteam.de>
26
 * @license      http://www.gnu.org/licenses/gpl.html   GPL License
27
 * @version      0.0.1
28
 * @revision     $Revision: 2085 $
29
 * @link         $HeadURL: svn://isteam.dynxs.de/wb-archiv/branches/2.8.x/wb/framework/initialize.php $
30
 * @lastmodified $Date: 2014-01-16 04:31:01 +0100 (Thu, 16 Jan 2014) $
31
 * @since        File replaced since 05.02.2013
32
 * @description  set the basic environment to run WebsiteBaker
33
 */
34

    
35
/* *** define some helper functions *** */
36
/**
37
 * sanitize $_SERVER['HTTP_REFERER']
38
 * @param string $sWbUrl qualified startup URL of current application
39
 */
40
	function initSanitizeHttpReferer($sWbUrl) {
41
		$sTmpReferer = '';
42
		if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {
43
			$sTmpReferer = $_SERVER['HTTP_REFERER'];
44
			$aRefUrl = parse_url($_SERVER['HTTP_REFERER']);
45
			if ($aRefUrl !== false) {
46
				$aRefUrl['host'] = isset($aRefUrl['host']) ? $aRefUrl['host'] : '';
47
				$aRefUrl['path'] = isset($aRefUrl['path']) ? $aRefUrl['path'] : '';
48
				$aRefUrl['fragment'] = isset($aRefUrl['fragment']) ? '#'.$aRefUrl['fragment'] : '';
49
				$aWbUrl = parse_url($sWbUrl);
50
				if ($aWbUrl !== false) {
51
					$aWbUrl['host'] = isset($aWbUrl['host']) ? $aWbUrl['host'] : '';
52
					$aWbUrl['path'] = isset($aWbUrl['path']) ? $aWbUrl['path'] : '';
53
					if (strpos($aRefUrl['host'].$aRefUrl['path'],
54
							   $aWbUrl['host'].$aWbUrl['path']) !== false) {
55
						$aRefUrl['path'] = preg_replace('#^'.$aWbUrl['path'].'#i', '', $aRefUrl['path']);
56
						$sTmpReferer = $sWbUrl.$aRefUrl['path'].$aRefUrl['fragment'];
57
					}
58
					unset($aWbUrl);
59
				}
60
				unset($aRefUrl);
61
			}
62
		}
63
		$_SERVER['HTTP_REFERER'] = $sTmpReferer;
64
	}
65
/**
66
 * Set constants for system/install values
67
 * @throws RuntimeException
68
 */
69
	function initSetInstallPathConstants() {
70
		if(!defined('DEBUG')){ define('DEBUG', false); } // normaly set in config file
71
		if(!defined('ADMIN_DIRECTORY')){ define('ADMIN_DIRECTORY', 'admin'); }
72
		if(!preg_match('/xx[a-z0-9_][a-z0-9_\-\.]+/i', 'xx'.ADMIN_DIRECTORY)) {
73
			throw new RuntimeException('Invalid admin-directory: ' . ADMIN_DIRECTORY);
74
		}
75
		if(!defined('WB_PATH')){ define('WB_PATH', dirname(dirname(__FILE__))); }
76
		if(!defined('ADMIN_URL')){ define('ADMIN_URL', rtrim(WB_URL, '/\\').'/'.ADMIN_DIRECTORY); }
77
		if(!defined('ADMIN_PATH')){ define('ADMIN_PATH', WB_PATH.'/'.ADMIN_DIRECTORY); }
78
		if(!defined('WB_REL')){
79
			$x1 = parse_url(WB_URL);
80
			define('WB_REL', (isset($x1['path']) ? $x1['path'] : ''));
81
		}
82
		if(!defined('ADMIN_REL')){ define('ADMIN_REL', WB_REL.'/'.ADMIN_DIRECTORY); }
83
		if(!defined('DOCUMENT_ROOT')) {
84
			define('DOCUMENT_ROOT', preg_replace('/'.preg_quote(str_replace('\\', '/', WB_REL), '/').'$/', '', str_replace('\\', '/', WB_PATH)));
85
			$_SERVER['DOCUMENT_ROOT'] = DOCUMENT_ROOT;
86
		}
87
		if(!defined('TMP_PATH')){ define('TMP_PATH', WB_PATH.'/temp'); }
88
	}
89
/**
90
 * checkValidCaller
91
 * @param array $aCaller list of allowed scripts
92
 * @return true || Exception
93
 * @throws RuntimeException
94
 * @description test if acctual file is called from one of the given list
95
 */
96
	function initCheckValidCaller(array $aCaller)
97
	{
98
        return true;
99
		$x = debug_backtrace();
100
		if(sizeof($x) == 0) {
101
			return true;
102
		}
103
		$sPattern = '/('.str_replace('#', '|', preg_quote(implode('#', $aCaller), '/')).')$/si';
104
		foreach($x as $aStep) {
105
			// define the scripts which can read the configuration
106
			if(preg_match($sPattern, $aStep['file'])) {
107
				return true;
108
			}
109
		}
110
		throw new RuntimeException('illegal file request!');
111
	}
112
/**
113
 * Read DB settings from configuration file
114
 * @return array
115
 * @throws RuntimeException
116
 * 
117
 */
118
	function initReadSetupFile()
119
	{
120
	// check for valid file request. Becomes more stronger in next version
121
		initCheckValidCaller(array('save.php','index.php','config.php','upgrade-script.php'));
122
		$aCfg = array();
123

    
124
		$sSetupFile = dirname(dirname(__FILE__)).'/setup.ini.php';
125
		if(is_readable($sSetupFile)) {
126
			$aCfg = parse_ini_file($sSetupFile, true);
127
			foreach($aCfg['Constants'] as $key=>$value) {
128
				switch($key):
129
					case 'DEBUG':
130
						$value = filter_var($value, FILTER_VALIDATE_BOOLEAN);
131
						if(!defined('DEBUG')) { define('DEBUG', $value); }
132
						break;
133
					case 'WB_URL': // << case is set deprecated
134
					case 'AppUrl':
135
						$value = trim(str_replace('\\', '/', $value), '/'); 
136
						if(!defined('WB_URL')) { define('WB_URL', $value); }
137
						break;
138
					case 'ADMIN_DIRECTORY': // << case is set deprecated
139
					case 'AcpDir':
140
						$value = trim(str_replace('\\', '/', $value), '/'); 
141
						if(!defined('ADMIN_DIRECTORY')) { define('ADMIN_DIRECTORY', $value); }
142
						break;
143
					default:
144
						if(!defined($key)) { define($key, $value); }
145
						break;
146
				endswitch;
147
			}
148
		}
149
		return $aCfg;
150
//		throw new RuntimeException('unable to read setup.ini.php');
151
	}
152
 /**
153
 * GetDbConnectData
154
 * @param array $aCfg
155
 * @param string $sDbConnectType  can be 'url' or 'dsn'
156
 * @return array
157
 *
158
 */
159
	function initGetDbConnectData(array $aCfg, $sDbConnectType = 'url')
160
	{
161
		if(defined('DB_TYPE'))
162
		{
163
		// import constants for compatibility reasons
164
			$db = array();
165
			if(defined('DB_TYPE'))      { $db['type']         = DB_TYPE; }
166
			if(defined('DB_USERNAME'))  { $db['user']         = DB_USERNAME; }
167
			if(defined('DB_PASSWORD'))  { $db['pass']         = DB_PASSWORD; }
168
			if(defined('DB_HOST'))      { $db['host']         = DB_HOST; }
169
			if(defined('DB_PORT'))      { $db['port']         = DB_PORT; }
170
			if(defined('DB_NAME'))      { $db['name']         = DB_NAME; }
171
			if(defined('DB_CHARSET'))   { $db['charset']      = DB_CHARSET; }
172
			if(defined('TABLE_PREFIX')) { $db['table_prefix'] = TABLE_PREFIX; }
173
			$aCfg['DataBase'] = $db;
174
		}
175
		// sanitize values
176
		$db = $aCfg['DataBase'];
177
		$db['type'] = isset($db['type']) ? $db['type'] : 'mysql';
178
		$db['user'] = isset($db['user']) ? $db['user'] : 'foo';
179
		$db['pass'] = isset($db['pass']) ? $db['pass'] : 'bar';
180
		$db['host'] = isset($db['host']) ? $db['host'] : 'localhost';
181
		$db['port'] = isset($db['port']) ? $db['port'] : '3306';
182
		$db['port'] = ($db['port'] != '3306') ? $db['port'] : '';
183
		$db['name'] = isset($db['name']) ? $db['name'] : 'dummy';
184
		$db['charset'] = isset($db['charset']) ? trim($db['charset']) : 'utf8';
185
		$db['table_prefix'] = (isset($db['table_prefix']) ? $db['table_prefix'] : '');
186
        if (isset($db['options']) && is_array($db['options'])) {
187
            foreach ($db['options'] as $key=>$value) {
188
                $aRetval['options'][constant($key)] = $value;
189
            }
190
        }
191
		if(!defined('TABLE_PREFIX')) { define('TABLE_PREFIX', $db['table_prefix']); }
192
		if($sDbConnectType == 'dsn') {
193
		// build dsn to connect
194
            $aRetval['dsn']      = $db['type'].':dbname='.$db['name'].';host='.$db['host']
195
						         . ($db['port'] != '' ? ';port='.(int)$db['port'] : '');
196
            if ($db['charset'] == 'utf8') {
197
                $aRetval['dsn'] .= ';charset=UTF8';
198
                $aRetval['options'][constant('PDO::MYSQL_ATTR_INIT_COMMAND')]  = 'SET NAMES \'UTF8\'';
199
            }
200
            $aRetval['options']  = '';
201
            $aRetval['user']     = $db['user'];
202
            $aRetval['password'] = $db['pass'];
203
            $aRetval['addons']   = array('CHARSET' => $db['charset'], 'TABLE_PREFIX' => $db['table_prefix']);
204
		}else { 
205
		// build url to connect
206
            $aRetval['url'] = $db['type'].'://'.$db['user'].':'.$db['pass'].'@'
207
						    . $db['host'].($db['port'] != '' ? ':'.$db['port'] : '').'/'.$db['name']
208
						    . '?Charset='.$db['charset'].'&TablePrefix='.$db['table_prefix'];
209
		}
210
		return $aRetval;
211
	}
212

    
213
/* ***************************************************************************************
214
 * Start initialization                                                                  *
215
 ****************************************************************************************/
216
// initialize debug evaluation values ---	
217
	$starttime = array_sum(explode(" ",microtime()));
218
	$iPhpDeclaredClasses = sizeof(get_declared_classes());
219
	$sDbConnectType = 'url'; // depending from class WbDatabase it can be 'url' or 'dsn'
220
// PHP less then 5.3.2 is prohibited ---
221
	if (version_compare(PHP_VERSION, '5.3.2', '<')) {
222
		$sMsg = '<p style="color: #ff0000;">WebsiteBaker is not able to run with PHP-Version less then 5.3.2!!<br />'
223
		      . 'Please change your PHP-Version to any kind from 5.3.2 and up!<br />'
224
		      . 'If you have problems to solve that, ask your hosting provider for it.<br  />'
225
		      . 'The very best solution is the use of PHP-5.4 and up</p>';
226
		die($sMsg);
227
	}
228
// disable all kind of magic_quotes in PHP versions before 5.4 ---
229
	if (function_exists('get_magic_quotes_gpc') && filter_var(get_magic_quotes_gpc(), FILTER_VALIDATE_BOOLEAN)) {
230
		$sMsg = '<p style="color: #ff0000;">WebsiteBaker is not able to run with magic_quotes=on!!<br />'
231
		      . 'Please change your PHP-ini or add a _htaccess file to switch this setting to off!<br />'
232
		      . 'If you have problems to solve that, ask your hosting provider for it.<br  />'
233
		      . 'The very best solution is the use of PHP-5.4 and up</p>';
234
		die($sMsg);
235
	}
236
// load configuration ---
237
	$aCfg = initReadSetupFile();
238
// sanitize $_SERVER['HTTP_REFERER'] ---
239
	initSetInstallPathConstants();
240
	initSanitizeHttpReferer(WB_URL);
241
// register WB basic autoloader ---
242
	$sTmp = dirname(__FILE__).'/WbAutoloader.php';
243
	if(!class_exists('WbAutoloader')){ 
244
		include($sTmp);
245
	}
246
	WbAutoloader::doRegister(array(ADMIN_DIRECTORY=>'a', 'modules'=>'m', 'templates'=>'t', 'include'=>'i'));
247
// instantiate and initialize adaptor for temporary registry replacement ---
248
    $oReg = WbAdaptor::getInstance();
249
	$oReg->getWbConstants();
250
// register TWIG autoloader ---
251
	$sTmp = dirname(dirname(__FILE__)).'/include/Sensio/Twig/lib/Twig/Autoloader.php';
252
	if(!class_exists('Twig_Autoloader')) { 
253
		include($sTmp); 
254
	}
255
	Twig_Autoloader::register();
256
// register PHPMailer autoloader ---
257
    if (!function_exists('PHPMailerAutoload')) {
258
        require($oReg->AppPath.'include/phpmailer/PHPMailerAutoload.php');
259
    }
260
// aktivate exceptionhandler ---
261
	if(!function_exists('globalExceptionHandler')) {
262
		include(dirname(__FILE__).'/globalExceptionHandler.php');
263
	}
264
// ---------------------------
265
// get Database connection data from configuration
266
	$aSqlData = initGetDbConnectData($aCfg, $sDbConnectType);
267
// Create global database instance ---
268
	$oDb = $database = WbDatabase::getInstance();
269
	if($sDbConnectType == 'dsn') {
270
		$bTmp = $oDb->doConnect($aSqlData['dsn'], $aSqlData['user'], $aSqlData['password'], null, $aSqlData['addons']);
271
	}else {
272
		$bTmp = $oDb->doConnect($aSqlData['url']);
273
	}
274
// remove critical data from memory
275
	unset($aSqlData, $aCfg);
276

    
277
	if(!defined('TABLE_PREFIX')) { define('TABLE_PREFIX', $oDb->TablePrefix); }
278

    
279
// load global settings from database and define global consts from ---
280
	$sql = 'SELECT `name`, `value` FROM `'.TABLE_PREFIX.'settings`';
281
	if(($oSettings = $database->query($sql))) {
282
		if(!$oSettings->numRows()) { throw new AppException('no settings found'); }
283
		while($aSetting = $oSettings->fetchRow(MYSQL_ASSOC)) {
284
			//sanitize true/false values
285
			$aSetting['value'] = ($aSetting['value'] == 'true' 
286
								  ? true 
287
								  : ($aSetting['value'] == 'false' 
288
									 ? false 
289
									 : $aSetting['value'])
290
								 );
291
			$sSettingName = strtoupper($aSetting['name']);
292
			switch($sSettingName):
293
				case 'STRING_FILE_MODE':
294
					$iTmp = ((intval(octdec($aSetting['value'])) & ~0111)|0600);
295
					if(!defined('OCTAL_FILE_MODE')) { define('OCTAL_FILE_MODE', $iTmp); }
296
					if(!defined('STRING_FILE_MODE')) { define('STRING_FILE_MODE', sprintf('0%03o', $iTmp)); }
297
					break;
298
				case 'STRING_DIR_MODE':
299
					$iTmp = (intval(octdec($aSetting['value'])) |0711);
300
					if(!defined('OCTAL_DIR_MODE')) { define('OCTAL_DIR_MODE', $iTmp); }
301
					if(!defined('STRING_DIR_MODE')) { define('STRING_DIR_MODE', sprintf('0%03o', $iTmp)); }
302
					break;
303
				case 'PAGES_DIRECTORY':
304
					// sanitize pages_directory
305
					$sTmp = trim($aSetting['value'], '/');
306
					$sTmp = ($sTmp == '' ? '' : '/'.$sTmp);
307
					if(!defined('PAGES_DIRECTORY')) { define('PAGES_DIRECTORY', $sTmp); }
308
					break;
309
				default: // make global const from setting
310
					if(!defined($sSettingName)) { define($sSettingName, $aSetting['value']); }
311
					break;
312
			endswitch;
313
		}
314
	}else { throw new AppException($database->get_error()); }
315
// set error-reporting from loaded settings ---
316
	if(intval(ER_LEVEL) > 0 ) {
317
		error_reporting(ER_LEVEL);
318
		if( intval(ini_get ( 'display_errors' )) == 0 ) {
319
			ini_set('display_errors', 1);
320
		}
321
	}
322
// Start a session ---
323
	if(!defined('SESSION_STARTED')) {
324
		session_name(APP_NAME.'_session_id');
325
		@session_start();
326
		define('SESSION_STARTED', true);
327
	}
328
// get/set server timezone ---
329
	if(!defined('SERVER_TIMEZONE')) { define('SERVER_TIMEZONE', "UTC"); }
330
	date_default_timezone_set( SERVER_TIMEZONE );
331
	if(!defined('MAX_TIME')) { define('MAX_TIME', (pow(2, 31)-1)); } // 32-Bit Timestamp of 19 Jan 2038 03:14:07 GMT
332
	$sTmp = (isset($_SERVER['HTTP_DNT']) && $_SERVER['HTTP_DNT'] != '') ? $_SERVER['HTTP_DNT'] : '0';
333
	if(!defined('DO_NOT_TRACK')) { define('DO_NOT_TRACK', ($sTmp[0] == '1')); }
334
// get/set users timezone ---
335
	if(!defined('TIMEZONE')) { define('TIMEZONE', (isset($_SESSION['TIMEZONE']) ? $_SESSION['TIMEZONE'] : DEFAULT_TIMEZONE)); }
336
	if(!defined('DATE_FORMAT')) { define('DATE_FORMAT', (isset($_SESSION['DATE_FORMAT']) ? $_SESSION['DATE_FORMAT'] : DEFAULT_DATE_FORMAT)); }
337
	if(!defined('TIME_FORMAT')) { define('TIME_FORMAT', (isset($_SESSION['TIME_FORMAT']) ? $_SESSION['TIME_FORMAT'] : DEFAULT_TIME_FORMAT)); }
338
// set Theme directory --- 
339
	if(!defined('THEME_URL')) { define('THEME_URL',  WB_URL.'/templates/'.DEFAULT_THEME); }
340
	if(!defined('THEME_PATH')) { define('THEME_PATH', WB_PATH.'/templates/'.DEFAULT_THEME); }
341
	if(!defined('THEME_REL')) { define('THEME_REL',  WB_REL.'/templates/'.DEFAULT_THEME); }
342
// extended wb editor settings
343
	if(!defined('EDIT_ONE_SECTION')) { define('EDIT_ONE_SECTION', false); }
344
	if(!defined('EDITOR_WIDTH')) { define('EDITOR_WIDTH', 0); }
345
// define form security class and preload it ---
346
	$sSecMod = (defined('SECURE_FORM_MODULE') && SECURE_FORM_MODULE != '') ? '.'.SECURE_FORM_MODULE : '';
347
	$sSecMod = WB_PATH.'/framework/SecureForm'.$sSecMod.'.php';
348
	require_once($sSecMod);
349
// *** begin deprecated part *************************************************************
350
// load settings for use in Captch and ASP module
351
	if (!defined('WB_INSTALL_PROCESS') && !defined('ENABLED_CAPTCHA')) {
352
		$sql = 'SELECT * FROM `'.TABLE_PREFIX.'mod_captcha_control`';
353
		// request settings from database
354
		if(($oSettings = $database->query($sql))) {
355
			if(($aSetting = $oSettings->fetchRow(MYSQL_ASSOC))) {
356
				define('ENABLED_CAPTCHA', ($aSetting['enabled_captcha'] == '1'));
357
				define('ENABLED_ASP', ($aSetting['enabled_asp'] == '1'));
358
				define('CAPTCHA_TYPE', $aSetting['captcha_type']);
359
				define('ASP_SESSION_MIN_AGE', (int)$aSetting['asp_session_min_age']);
360
				define('ASP_VIEW_MIN_AGE', (int)$aSetting['asp_view_min_age']);
361
				define('ASP_INPUT_MIN_AGE', (int)$aSetting['asp_input_min_age']);
362
			}
363
		}
364
	}
365
	if(defined('ENABLED_ASP') && ENABLED_ASP && !isset($_SESSION['session_started'])) {
366
		$_SESSION['session_started'] = time();
367
	}
368
// *** end of deprecated part ************************************************************
369
// get user language ---
370
    $sRequestMethod = '_'.strtoupper($_SERVER['REQUEST_METHOD']);
371
    // check if get/post value is available
372
    $sTempLanguage = (isset(${$sRequestMethod}['lang']) ? ${$sRequestMethod}['lang'] : '');
373
    // validate language code
374
    if (preg_match('/^[a-z]{2}$/si', $sTempLanguage)) {
375
    // if there's valid get/post
376
        define('LANGUAGE', strtoupper($sTempLanguage));
377
    } else {
378
        if (!defined('LANGUAGE')) {
379
            if(isset($_SESSION['LANGUAGE']) && $_SESSION['LANGUAGE']) {
380
            // if there's valid session value
381
                define('LANGUAGE', $_SESSION['LANGUAGE']);
382
            } else {
383
            // otherwise set to default
384
                define('LANGUAGE', DEFAULT_LANGUAGE);
385
            }
386
        }
387
    }
388
    $_SESSION['LANGUAGE'] = LANGUAGE;
389
// activate translations / load language definitions
390
/** begin of deprecated part || will be replaced by class Translate **/	
391
// Load Language file
392
	if(!file_exists(WB_PATH.'/languages/'.LANGUAGE.'.php')) {
393
		$sMsg = 'Error loading language file '.LANGUAGE.', please check configuration';
394
		throw new AppException($sMsg);
395
	} else {
396
	// include language file
397
		require_once(WB_PATH.'/languages/'.LANGUAGE.'.php');
398
	}
399
/** end of deprecated part **/
400
// instantiate and initialize adaptor for temporary registry replacement ---
401
	$oReg->getWbConstants();
402
// load and activate new global translation table
403
	Translate::getInstance()->initialize('en',
404
										 (defined('DEFAULT_LANGUAGE') ? DEFAULT_LANGUAGE : ''), 
405
										 (defined('LANGUAGE') ? LANGUAGE : ''),
406
										 'WbOldStyle',
407
										 (Translate::CACHE_DISABLED|Translate::KEEP_MISSING)
408
//										 (DEBUG ? Translate::CACHE_DISABLED|Translate::KEEP_MISSING : 0)
409
										);
410
	if(!class_exists('PasswordHash', false)) { include(WB_PATH.'/include/phpass/PasswordHash.php'); }
411
	$oPass = Password::getInstance(new PasswordHash(Password::CRYPT_LOOPS_DEFAULT, Password::HASH_TYPE_AUTO));
412
	if(defined('PASSWORD_CRYPT_LOOPS')) { $oPass->setIteration(PASSWORD_CRYPT_LOOPS); }
413
	if(defined('PASSWORD_HASH_TYPES'))  { $oPass->setHashType(PASSWORD_HASH_TYPES); }
414
// *** END OF FILE ***********************************************************************
415
 
(35-35/37)