3 * pre.php - Automatically prepend to every page.
5 * Copyright 1999-2001, VA Linux Systems
6 * Copyright 2010, Roland Mas <lolando@debian.org>
7 * Copyright (C) 2012 Alain Peyrat - Alcatel-Lucent
8 * Copyright 2013,2018, Franck Villaume - TrivialDev
10 * This file is part of FusionForge. FusionForge is free software;
11 * you can redistribute it and/or modify it under the terms of the
12 * GNU General Public License as published by the Free Software
13 * Foundation; either version 2 of the Licence, or (at your option)
16 * FusionForge is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License along
22 * with FusionForge; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 require_once $gfcommon.'include/escapingUtils.php';
27 require_once $gfcommon.'include/utils.php';
29 // Declare and init variables to store messages
32 require_once $gfcommon.'include/config.php';
34 // Block link prefetching (Moz prefetching, Google Web Accelerator, others)
35 // http://www.google.com/webmasters/faq.html#prefetchblock
36 if (getStringFromServer('HTTP_X_moz') === 'prefetch'){
37 header(getStringFromServer('SERVER_PROTOCOL') . ' 404 Prefetch Forbidden');
38 trigger_error('Prefetch request forbidden.');
42 // Database access and other passwords when on the web
43 function setconfigfromenv ($sec, $var, $serv, $env) {
44 if (getenv ('SERVER_SOFTWARE')) {
45 if (function_exists ('apache_request_headers')) {
46 $headers = apache_request_headers() ;
51 if (isset ($headers[$serv])) {
52 forge_define_config_item ($var, $sec,
57 if (isset ($_ENV[$env])) {
58 forge_define_config_item ($var, $sec,
65 setconfigfromenv('core', 'database_host', 'FusionForgeDbhost', 'sys_gfdbhost');
66 setconfigfromenv('core', 'database_port', 'FusionForgeDbport', 'sys_gfdbport');
67 setconfigfromenv('core', 'database_name', 'FusionForgeDbname', 'sys_gfdbname');
68 setconfigfromenv('core', 'database_user', 'FusionForgeDbuser', 'sys_gfdbuser');
69 setconfigfromenv('core', 'database_password', 'FusionForgeDbpasswd', 'sys_gfdbpasswd');
70 setconfigfromenv('core', 'ldap_password', 'FusionForgeLdapPasswd', 'sys_gfldap_passwd');
71 setconfigfromenv('core', 'session_key', 'FusionForgeSessionKey', 'sys_session_key');
73 forge_read_config_file($gfconfig.'/'.$gfcgfile);
75 if (($ecf = forge_get_config ('extra_config_files')) != NULL) {
76 $ecfa = explode (',', $ecf) ;
77 foreach ($ecfa as $cf) {
79 forge_read_config_file ($cf) ;
82 if (($ecd = forge_get_config ('extra_config_dirs')) != NULL) {
83 $ecda = explode (',', $ecd) ;
84 foreach ($ecda as $cd) {
86 forge_read_config_dir ($cd) ;
90 $url_prefix = forge_get_config('url_prefix');
91 if (isset($_SERVER) && array_key_exists('PHP_SELF', $_SERVER) && $_SERVER['PHP_SELF']) {
92 $_SERVER['PHP_SELF'] = htmlspecialchars($_SERVER['PHP_SELF']);
93 if (substr($_SERVER['PHP_SELF'], 0, strlen($url_prefix)) == $url_prefix) {
94 $_SERVER['PHP_SELF'] = '/'.substr($_SERVER['PHP_SELF'], strlen($url_prefix));
98 if (isset($GLOBALS) && array_key_exists('PHP_SELF', $GLOBALS) && $GLOBALS['PHP_SELF']) {
99 $GLOBALS['PHP_SELF'] = htmlspecialchars($GLOBALS['PHP_SELF']);
100 if (substr($GLOBALS['PHP_SELF'], 0, strlen($url_prefix)) == $url_prefix) {
101 $GLOBALS['PHP_SELF'] = '/'.substr($GLOBALS['PHP_SELF'], strlen($url_prefix));
105 if (isset($_SERVER) && array_key_exists('REQUEST_URI', $_SERVER) && $_SERVER['REQUEST_URI']) {
106 $_SERVER['REQUEST_URI'] = htmlspecialchars($_SERVER['REQUEST_URI']);
107 if (substr($_SERVER['REQUEST_URI'], 0, strlen($url_prefix)) == $url_prefix) {
108 $_SERVER['REQUEST_URI'] = '/'.substr($_SERVER['REQUEST_URI'], strlen($url_prefix));
112 if (isset($GLOBALS) && array_key_exists('REQUEST_URI', $GLOBALS) && $GLOBALS['REQUEST_URI']) {
113 $GLOBALS['REQUEST_URI'] = htmlspecialchars($GLOBALS['REQUEST_URI']);
114 if (substr($GLOBALS['REQUEST_URI'], 0, strlen($url_prefix)) == $url_prefix) {
115 $GLOBALS['REQUEST_URI'] = '/'.substr($GLOBALS['REQUEST_URI'], strlen($url_prefix));
119 if (forge_get_config('use_ssl')) {
120 header('Access-Control-Allow-Origin: http://'.forge_get_config('web_host'));
123 forge_define_config_item ('installation_environment', 'core', 'production') ;
124 $installation_environment = forge_get_config ('installation_environment') ;
125 if ($installation_environment == 'development' || $installation_environment == 'integration') {
126 $default_sysdebug_enable = 'true';
128 $default_sysdebug_enable = 'false';
130 forge_define_config_item ('sysdebug_enable', 'core', $default_sysdebug_enable) ;
131 forge_set_config_item_bool ('sysdebug_enable', 'core') ;
132 forge_define_config_item ('sysdebug_phphandler', 'core', 'true') ;
133 forge_set_config_item_bool ('sysdebug_phphandler', 'core') ;
134 forge_define_config_item ('sysdebug_backtraces', 'core', 'false') ;
135 forge_set_config_item_bool ('sysdebug_backtraces', 'core') ;
136 forge_define_config_item ('sysdebug_ignored', 'core', 'false') ;
137 forge_set_config_item_bool ('sysdebug_ignored', 'core') ;
138 forge_define_config_item ('sysdebug_dberrors', 'core', 'true') ;
139 forge_set_config_item_bool ('sysdebug_dberrors', 'core') ;
140 forge_define_config_item ('sysdebug_dbquery', 'core', 'false') ;
141 forge_set_config_item_bool ('sysdebug_dbquery', 'core') ;
142 forge_define_config_item ('sysdebug_xmlstarlet', 'core', 'false') ;
143 forge_set_config_item_bool ('sysdebug_xmlstarlet', 'core') ;
144 // Load extra func to add extras func like debug
145 $sysdebug_enable = forge_get_config('sysdebug_enable');
147 // Server to access 'groupdir_prefix' via SSH
148 // In simple, single-server installs, it's the 'web_host'
149 if (forge_get_config('shell_host') == null) {
150 forge_define_config_item('shell_host', 'core', forge_get_config('web_host'));
155 * we could use xhtml-rdfa-1.dtd but would need to
156 * mirror the entire XHTML/1.1 shebang then, too
159 'dtdfile' => 'xhtml1-strict.dtd',
160 'doctype' => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">'
162 /* the original XHTML/1.0 Transitional */
163 'transitional-orig' => array(
164 'dtdfile' => 'xhtml1-transitional.dtd',
165 'doctype' => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
167 /* XHTML/1.0 Transitional + RDFa 1.0 */
168 'transitional' => array(
169 'dtdfile' => 'xhtml10t-rdfa10.dtd',
170 'doctype' => '<!DOCTYPE html SYSTEM "http://evolvis.org/DTD/xhtml10t-rdfa10.dtd">'
174 $sysXMLNSs = 'xmlns="http://www.w3.org/1999/xhtml"';
175 if (!$sysdebug_enable || !forge_get_config('sysdebug_xmlstarlet')) {
177 'dc' => 'http://purl.org/dc/elements/1.1/',
178 'doap' => 'http://usefulinc.com/ns/doap#',
179 'foaf' => 'http://xmlns.com/foaf/0.1/',
180 'planetforge' => 'http://coclico-project.org/ontology/planetforge#',
181 'sioc' => 'http://rdfs.org/sioc/ns#',
182 ) as $key => $value) {
183 $sysXMLNSs .= ' xmlns:' . $key . '="' . $value . '"';
187 if ($sysdebug_enable && getenv('SERVER_SOFTWARE')) {
188 require $gfcommon.'include/extras-debug.php';
190 $sysdebug_dberrors = false;
191 $sysdebug_dbquery = false;
193 function sysdebug_off($hdr=false, $replace=true, $resp=false) {
194 if ($hdr !== false) {
195 if ($resp === false) {
196 header($hdr, $replace);
198 header($hdr, $replace, $resp);
204 function sysdebug_lazymode($enable) {
207 function sysdebug_ajaxbody($enable=true) {
212 // Get constants used for flags or status
213 require $gfcommon.'include/constants.php';
215 // Base error library for new objects
216 require_once $gfcommon.'include/FFError.class.php';
217 require_once $gfcommon.'include/ForgeLog.class.php';
219 // Database abstraction
220 // From here database is required
221 if (getenv('FUSIONFORGE_NO_DB') != 'true' and forge_get_config('database_name') != "") {
222 require_once $gfcommon.'include/database-pgsql.php';
224 // Authentication and access control
225 require_once $gfcommon.'include/session.php';
226 require_once $gfcommon.'include/RBACEngine.class.php';
229 require_once $gfcommon.'include/System.class.php';
230 forge_define_config_item('account_manager_type', 'core', 'UNIX') ;
231 require_once $gfcommon.'include/system/'.forge_get_config('account_manager_type').'.class.php';
232 $amt = forge_get_config('account_manager_type') ;
235 // User-related classes and functions
236 require_once $gfcommon.'include/User.class.php';
238 // Project-related classes and functions
239 require_once $gfcommon.'include/Group.class.php';
241 // Permission-related functions
242 require_once $gfcommon.'include/Permission.class.php';
245 require_once $gfcommon.'include/Plugin.class.php' ;
246 require_once $gfcommon.'include/PluginManager.class.php' ;
248 // SCM-specific plugins subsystem
249 require_once $gfcommon.'include/SCMPlugin.class.php' ;
251 // SysAuth-specific plugins subsystem
252 require_once $gfcommon.'include/SysAuthPlugin.class.php' ;
254 // Authentication-specific plugins subsystem
255 require_once $gfcommon.'include/AuthPlugin.class.php' ;
257 if (getenv ('FUSIONFORGE_NO_PLUGINS') != 'true') {
258 setup_plugin_manager () ;
261 ini_set('date.timezone', forge_get_config ('default_timezone'));
263 if (isset($_SERVER['SERVER_SOFTWARE'])) { // We're on the web
264 // Detect upload larger that upload allowed size.
265 if ( $_SERVER['REQUEST_METHOD'] == 'POST' && empty($_POST) &&
266 empty($_FILES) && $_SERVER['CONTENT_LENGTH'] > 0 )
268 $error_msg = sprintf(_('Posted data is too large. %1$s exceeds the maximum size of %2$s'),
269 human_readable_bytes($_SERVER['CONTENT_LENGTH']), human_readable_bytes(util_get_maxuploadfilesize()));
272 // exit_error() and variants (for the web)
273 require_once $gfcommon.'include/exit.php';
275 // Library to determine browser settings
276 require_once $gfwww.'include/browser.php';
278 // HTML layout class, may be overriden by the Theme class
279 require_once $gfwww.'include/Layout.class.php';
281 // Various HTML libs like button bar, themable
282 require_once $gfcommon.'include/html.php';
284 // Forms key generation
285 require_once $gfcommon.'include/forms.php';
287 // Determine if there's a web session running
290 plugin_hook('after_session_set');
293 if (!session_loggedin() && forge_get_config ('force_login') == 1 ) {
294 $expl_pathinfo = explode('/', getStringFromServer('REQUEST_URI'));
295 if (getStringFromServer('REQUEST_URI')!='/' && $expl_pathinfo[1]!='account' && $expl_pathinfo[1]!='export' && $expl_pathinfo[1]!='plugins') {
296 exit_not_logged_in();
298 // Show proj* export even if not logged in when force login
299 // If not default web project page would be broken
300 if ($expl_pathinfo[1]=='export' && !preg_match('/^proj/', $expl_pathinfo[2])) {
301 exit_not_logged_in();
303 // We must let auth plugins go further
304 if ($expl_pathinfo[1]=='plugins' && !preg_match('/^auth/', $expl_pathinfo[2])) {
305 exit_not_logged_in();
309 // Insert this page view into the database
310 require_once $gfcommon.'include/logger.php';
312 // If logged in, set up a $LUSER var referencing
313 // the logged in user's object
315 // and refresh session cookies
316 if (session_loggedin()) {
317 $LUSER =& session_get_user();
318 $use_tooltips = $LUSER->usesTooltips();
319 header('Cache-Control: private');
320 $x_theme = $LUSER->setUpTheme();
324 $x_theme = forge_get_config('default_theme');
326 require_once forge_get_config('themes_root').'/'.$x_theme.'/Theme.class.php';
327 $x = explode('-', $x_theme);
332 $classname = implode('_', $y);
333 if (!class_exists($classname)) {
334 $classname = 'Theme'; // Cope with local themes where the class may still be called "Theme"
336 $HTML = new $classname () ;
337 $HTML->_theme = $x_theme;
339 } else { // Script run from cron or a command line
340 require_once $gfcommon.'include/squal_exit.php';
344 require_once $gfcommon.'include/gettext.php';
345 require_once $gfcommon.'include/group_section_texts.php';
347 setup_tz_from_context();
348 setup_gettext_from_context();
351 $feedback = htmlspecialchars(getStringFromRequest('feedback', $feedback));
352 $error_msg = htmlspecialchars(getStringFromRequest('error_msg', $error_msg));
353 $warning_msg = htmlspecialchars(getStringFromRequest('warning_msg', $warning_msg));
354 if (empty($feedback) && empty($error_msg) && empty($warning_msg)) {
355 util_init_messages();
363 $LUSER - Logged in user object
369 // c-file-style: "bsd"