Namespaces

Classes

Interfaces

Exceptions

Functions

1: <?php
2: /**
3: * XOOPS common initialization file
4: *
5: * You may not change or alter any portion of this comment or credits
6: * of supporting developers from this source code or any supporting source code
7: * which is considered copyrighted (c) material of the original comment or credit authors.
8: * This program is distributed in the hope that it will be useful,
9: * but WITHOUT ANY WARRANTY; without even the implied warranty of
10: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11: *
12: * @copyright (c) 2000-2021 XOOPS Project (https://xoops.org)
13: * @license GNU GPL 2 (https://www.gnu.org/licenses/gpl-2.0.html)
14: * @package kernel
15: */
16: defined('XOOPS_MAINFILE_INCLUDED') || die('Restricted access');
17:
18: global $xoops, $xoopsPreload, $xoopsLogger, $xoopsErrorHandler, $xoopsSecurity, $sess_handler;
19:
20: /**
21: * BC Polyfill for PHP 8
22: *
23: * Please remove these functions from your code
24: */
25: if (!function_exists('get_magic_quotes_gpc')) {
26: function get_magic_quotes_gpc() { return false; }
27: }
28: if (!function_exists('get_magic_quotes_runtime')) {
29: function get_magic_quotes_runtime() { return false; }
30: }
31: /* end BC polyfill */
32:
33: /**
34: * YOU SHOULD NEVER USE THE FOLLOWING TO CONSTANTS, THEY WILL BE REMOVED
35: */
36: defined('DS') or define('DS', DIRECTORY_SEPARATOR);
37: defined('NWLINE') or define('NWLINE', "\n");
38:
39: /**
40: * Include files with definitions
41: */
42: include_once XOOPS_ROOT_PATH . '/include/defines.php';
43: include_once XOOPS_ROOT_PATH . '/include/version.php';
44: include_once XOOPS_ROOT_PATH . '/include/license.php';
45:
46: /**
47: * Include XoopsLoad
48: */
49: require_once XOOPS_ROOT_PATH . '/class/xoopsload.php';
50:
51: /**
52: * YOU SHOULD BE CAREFUL WITH THE PRELOAD METHODS IN 2.4*, THEY WILL BE DEPRECATED AND IMPLEMENTED IN A DIFFERENT WAY
53: */
54: /**
55: * Create Instance of Preload Object
56: */
57: XoopsLoad::load('preload');
58: $xoopsPreload = XoopsPreload::getInstance();
59: $xoopsPreload->triggerEvent('core.include.common.start');
60:
61: /**
62: * YOU SHOULD BE CAREFUL WITH THE {@xos_kernel_Xoops2}, MOST METHODS WILL BE DEPRECATED
63: */
64: /**
65: * Create Instance of xos_kernel_Xoops2 Object
66: * Atention, not all methods can be used at this point
67: */
68: XoopsLoad::load('xoopskernel');
69: $xoops = new xos_kernel_Xoops2();
70: $xoops->pathTranslation();
71: $xoopsRequestUri =& $_SERVER['REQUEST_URI'];// Deprecated (use the corrected $_SERVER variable now)
72:
73: /**
74: * Create Instance of xoopsSecurity Object and check Supergolbals
75: */
76: XoopsLoad::load('xoopssecurity');
77: $xoopsSecurity = new XoopsSecurity();
78: $xoopsSecurity->checkSuperglobals();
79:
80: /**
81: * Create Instantance XoopsLogger Object
82: */
83: XoopsLoad::load('xoopslogger');
84: $xoopsLogger = XoopsLogger::getInstance();
85: $xoopsErrorHandler = XoopsLogger::getInstance();
86: $xoopsLogger->startTime();
87: $xoopsLogger->startTime('XOOPS Boot');
88:
89: /**
90: * Include Required Files
91: */
92: include_once $xoops->path('kernel/object.php');
93: include_once $xoops->path('class/criteria.php');
94: include_once $xoops->path('class/module.textsanitizer.php');
95: require_once $xoops->path('include/xoopssetcookie.php');
96: include_once $xoops->path('include/functions.php');
97:
98: /* new installs should create this in mainfile */
99: if (!defined('XOOPS_COOKIE_DOMAIN')) {
100: define('XOOPS_COOKIE_DOMAIN', xoops_getBaseDomain(XOOPS_URL));
101: }
102:
103: /**
104: * Check Proxy;
105: * Requires functions
106: */
107: if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !$xoopsSecurity->checkReferer(XOOPS_DB_CHKREF)) {
108: define('XOOPS_DB_PROXY', 1);
109: }
110:
111: /**
112: * Get database for making it global
113: * Requires XoopsLogger, XOOPS_DB_PROXY;
114: */
115: include_once $xoops->path('class/database/databasefactory.php');
116: /** @var XoopsMySQLDatabase $xoopsDB */
117: $xoopsDB = XoopsDatabaseFactory::getDatabaseConnection();
118:
119: /**
120: * Get xoops configs
121: * Requires functions and database loaded
122: */
123: /** @var XoopsConfigHandler $config_handler */
124: $config_handler = xoops_getHandler('config');
125: $xoopsConfig = $config_handler->getConfigsByCat(XOOPS_CONF);
126:
127: /**
128: * Merge file and db configs.
129: */
130: if (file_exists($file = $GLOBALS['xoops']->path('var/configs/xoopsconfig.php'))) {
131: $fileConfigs = include $file;
132: $xoopsConfig = array_merge($xoopsConfig, (array)$fileConfigs);
133: unset($fileConfigs, $file);
134: } else {
135: trigger_error('File Path Error: ' . 'var/configs/xoopsconfig.php' . ' does not exist.');
136: }
137:
138: /**
139: * clickjack protection - Add option to HTTP header restricting using site in an iframe
140: */
141: $xFrameOptions = isset($xoopsConfig['xFrameOptions']) ? $xoopsConfig['xFrameOptions'] : 'sameorigin';
142: if (!headers_sent() && !empty($xFrameOptions)) {
143: header('X-Frame-Options: ' . $xFrameOptions);
144: }
145:
146: //check if user set a local timezone (from XavierS)
147: // $xoops_server_timezone="Etc/GMT";
148: // if ($xoopsConfig["server_TZ"]>0) {
149: // $xoops_server_timezone .="+".$xoopsConfig["server_TZ"]; } else{
150: // $xoops_server_timezone .=$xoopsConfig["server_TZ"]; } date_default_timezone_set($xoops_server_timezone);
151:
152: //check if 'date.timezone' is set in php.ini
153: if (!ini_get('date.timezone')) {
154: date_default_timezone_set('UTC');
155: }
156:
157: /**
158: * Enable Gzip compression, r
159: * Requires configs loaded and should go before any output
160: */
161: $xoops->gzipCompression();
162:
163: /**
164: * Start of Error Reporting.
165: */
166: if ($xoopsConfig['debug_mode'] == 1 || $xoopsConfig['debug_mode'] == 2) {
167: xoops_loadLanguage('logger');
168: error_reporting(E_ALL);
169: $xoopsLogger->enableRendering();
170: $xoopsLogger->usePopup = ($xoopsConfig['debug_mode'] == 2);
171: } else {
172: error_reporting(0);
173: $xoopsLogger->activated = false;
174: }
175:
176: /**
177: * Check Bad Ip Addressed against database and block bad ones, requires configs loaded
178: */
179: $xoopsSecurity->checkBadips();
180:
181: /**
182: * Load Language settings and defines
183: */
184: $xoopsPreload->triggerEvent('core.include.common.language');
185: xoops_loadLanguage('global');
186: xoops_loadLanguage('errors');
187: xoops_loadLanguage('pagetype');
188:
189: /**
190: * User Sessions
191: */
192: $xoopsUser = '';
193: $xoopsUserIsAdmin = false;
194: /** @var XoopsMemberHandler $member_handler */
195: $member_handler = xoops_getHandler('member');
196: /** @var \XoopsSessionHandler $sess_handler */
197: $sess_handler = xoops_getHandler('session');
198: if ($xoopsConfig['use_ssl'] && isset($_POST[$xoopsConfig['sslpost_name']]) && $_POST[$xoopsConfig['sslpost_name']] != '') {
199: session_id($_POST[$xoopsConfig['sslpost_name']]);
200: } elseif ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '' && $xoopsConfig['session_expire'] > 0) {
201: session_name($xoopsConfig['session_name']);
202: session_cache_expire($xoopsConfig['session_expire']);
203: @ini_set('session.gc_maxlifetime', $xoopsConfig['session_expire'] * 60);
204: }
205: session_set_save_handler(
206: array($sess_handler, 'open'),
207: array($sess_handler, 'close'),
208: array($sess_handler, 'read'),
209: array($sess_handler, 'write'),
210: array($sess_handler, 'destroy'),
211: array($sess_handler, 'gc')
212: );
213:
214: if (function_exists('session_status')) {
215: if (session_status() !== PHP_SESSION_ACTIVE) {
216: session_start();
217: }
218: } else {
219: // this should silently fail if session has already started (for PHP 5.3)
220: @session_start();
221: }
222: $xoopsPreload->triggerEvent('core.behavior.session.start');
223: /**
224: * Remove expired session for xoopsUserId
225: */
226: if ($xoopsConfig['use_mysession']
227: && $xoopsConfig['session_name'] != ''
228: && !isset($_COOKIE[$xoopsConfig['session_name']])
229: && !empty($_SESSION['xoopsUserId'])
230: ) {
231: unset($_SESSION['xoopsUserId']);
232: }
233:
234: /**
235: * Load xoopsUserId from cookie if "Remember me" is enabled.
236: */
237: $rememberClaims = false;
238: if (empty($_SESSION['xoopsUserId'])
239: && !empty($GLOBALS['xoopsConfig']['usercookie'])
240: ) {
241: $rememberClaims = \Xmf\Jwt\TokenReader::fromCookie('rememberme', $GLOBALS['xoopsConfig']['usercookie']);
242: if (false !== $rememberClaims && !empty($rememberClaims->uid)) {
243: $_SESSION['xoopsUserId'] = $rememberClaims->uid;
244: } else {
245: xoops_setcookie($GLOBALS['xoopsConfig']['usercookie'], null, time() - 3600, '/', XOOPS_COOKIE_DOMAIN, 0, true);
246: xoops_setcookie($GLOBALS['xoopsConfig']['usercookie'], null, time() - 3600);
247: }
248: }
249:
250: /**
251: * Log user in and deal with Sessions and Cookies
252: */
253: if (!empty($_SESSION['xoopsUserId'])) {
254: $xoopsUser = $member_handler->getUser($_SESSION['xoopsUserId']);
255: if (!is_object($xoopsUser)) {
256: $xoopsUser = '';
257: $_SESSION = array();
258: session_destroy();
259: xoops_setcookie($GLOBALS['xoopsConfig']['usercookie'], null, time() - 3600, '/', XOOPS_COOKIE_DOMAIN, 0, true);
260: xoops_setcookie($GLOBALS['xoopsConfig']['usercookie'], null, time() - 3600);
261: } else {
262: if (((int)$xoopsUser->getVar('last_login') + 60 * 5) < time()) {
263: $sql = 'UPDATE ' . $xoopsDB->prefix('users') . " SET last_login = '" . time()
264: . "' WHERE uid = " . $_SESSION['xoopsUserId'];
265: try {
266: $xoopsDB->queryF($sql);
267: } catch (Exception $e) {
268: throw new \RuntimeException(
269: \sprintf(_DB_QUERY_ERROR, $sql) . $db->error(), E_USER_ERROR
270: );
271: }
272: }
273:
274: //$sess_handler->update_cookie();
275: if (isset($_SESSION['xoopsUserGroups'])) {
276: $xoopsUser->setGroups($_SESSION['xoopsUserGroups']);
277: } else {
278: $_SESSION['xoopsUserGroups'] = $xoopsUser->getGroups();
279: }
280: if (is_object($rememberClaims)) { // only do during a 'remember me' login
281: $user_theme = $xoopsUser->getVar('theme');
282: if ($user_theme != $xoopsConfig['theme_set'] && in_array($user_theme, $xoopsConfig['theme_set_allowed'])) {
283: $_SESSION['xoopsUserTheme'] = $user_theme;
284: }
285: // update our remember me cookie
286: $claims = array(
287: 'uid' => $_SESSION['xoopsUserId'],
288: );
289: $rememberTime = 60*60*24*30;
290: $token = \Xmf\Jwt\TokenFactory::build('rememberme', $claims, $rememberTime);
291: xoops_setcookie(
292: $GLOBALS['xoopsConfig']['usercookie'],
293: $token,
294: time() + $rememberTime,
295: '/',
296: XOOPS_COOKIE_DOMAIN,
297: (XOOPS_PROT === 'https://'),
298: true
299: );
300: }
301: $xoopsUserIsAdmin = $xoopsUser->isAdmin();
302: }
303: }
304: if (PHP_VERSION_ID < 70300) {
305: $sess_handler->update_cookie(); // make sure we supply the cookie, not PHP's session code
306: }
307: // user characteristics are established
308: $xoopsPreload->triggerEvent('core.include.common.auth.success');
309:
310: /**
311: * Debug level for XOOPS
312: * Check /xoops_data/configs/xoopsconfig.php for details
313: *
314: * Note: temporary solution only. Will be re-designed in XOOPS 3.0
315: */
316: if ($xoopsLogger->activated) {
317: $level = isset($xoopsConfig['debugLevel']) ? (int)$xoopsConfig['debugLevel'] : 2;
318: if (($level == 2 && empty($xoopsUserIsAdmin)) || ($level == 1 && !$xoopsUser)) {
319: error_reporting(0);
320: $xoopsLogger->activated = false;
321: }
322: unset($level);
323: }
324:
325: /**
326: * YOU SHOULD NEVER USE THE FOLLOWING METHOD, IT WILL BE REMOVED
327: */
328: /**
329: * Theme Selection
330: */
331: $xoops->themeSelect();
332: xoops_load('XoopsFormRendererInterface');
333: xoops_load('XoopsFormRenderer');
334:
335: /**
336: * Closed Site
337: */
338: if ($xoopsConfig['closesite'] == 1) {
339: include_once $xoops->path('include/site-closed.php');
340: }
341:
342: /**
343: * Load Xoops Module
344: */
345: if (file_exists('./xoops_version.php')) {
346: $url_arr = explode('/', strstr($_SERVER['PHP_SELF'], '/modules/'));
347: /** @var XoopsModuleHandler $module_handler */
348: $module_handler = xoops_getHandler('module');
349: $xoopsModule = $module_handler->getByDirname($url_arr[2]);
350: unset($url_arr);
351:
352: if (!$xoopsModule || !$xoopsModule->getVar('isactive')) {
353: include_once $xoops->path('header.php');
354: echo '<h4>' . _MODULENOEXIST . '</h4>';
355: include_once $xoops->path('footer.php');
356: exit();
357: }
358: /** @var XoopsGroupPermHandler $moduleperm_handler */
359: $moduleperm_handler = xoops_getHandler('groupperm');
360: if ($xoopsUser) {
361: if (!$moduleperm_handler->checkRight('module_read', $xoopsModule->getVar('mid'), $xoopsUser->getGroups())) {
362: redirect_header(XOOPS_URL, 1, _NOPERM, false);
363: }
364: $xoopsUserIsAdmin = $xoopsUser->isAdmin($xoopsModule->getVar('mid'));
365: } else {
366: if (!$moduleperm_handler->checkRight('module_read', $xoopsModule->getVar('mid'), XOOPS_GROUP_ANONYMOUS)) {
367: redirect_header(XOOPS_URL . '/user.php?from=' . $xoopsModule->getVar('dirname', 'n'), 1, _NOPERM);
368: }
369: }
370:
371: if ($xoopsModule->getVar('dirname', 'n') !== 'system') {
372: if (file_exists($file = $xoops->path('modules/' . $xoopsModule->getVar('dirname', 'n') . '/language/' . $xoopsConfig['language'] . '/main.php'))) {
373: include_once $file;
374: } elseif (file_exists($file = $xoops->path('modules/' . $xoopsModule->getVar('dirname', 'n') . '/language/english/main.php'))) {
375: include_once $file;
376: }
377: unset($file);
378: }
379:
380: if ($xoopsModule->getVar('hasconfig') == 1 || $xoopsModule->getVar('hascomments') == 1 || $xoopsModule->getVar('hasnotification') == 1) {
381: $xoopsModuleConfig = $config_handler->getConfigsByCat(0, $xoopsModule->getVar('mid'));
382: }
383: } elseif ($xoopsUser) {
384: $xoopsUserIsAdmin = $xoopsUser->isAdmin(1);
385: }
386:
387: /**
388: * YOU SHOULD AVOID USING THE FOLLOWING FUNCTION, IT WILL BE REMOVED
389: */
390: //Creates 'system_modules_active' cache file if it has been deleted.
391: xoops_getActiveModules();
392:
393: $xoopsLogger->stopTime('XOOPS Boot');
394: $xoopsLogger->startTime('Module init');
395:
396: $xoopsPreload->triggerEvent('core.include.common.end');
397:
API documentation generated by ApiGen v7.0.0-alpha.6