3 * pre.php - Automatically prepend to every page.
5 * Copyright 1999-2001, VA Linux Systems
6 * Copyright 2010, Roland Mas <lolando@debian.org>
7 * Copyright (C) 2012 Alain Peyrat - Alcatel-Lucent
8 * Copyright 2013,2018, Franck Villaume - TrivialDev
10 * This file is part of FusionForge. FusionForge is free software;
11 * you can redistribute it and/or modify it under the terms of the
12 * GNU General Public License as published by the Free Software
13 * Foundation; either version 2 of the Licence, or (at your option)
16 * FusionForge is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License along
22 * with FusionForge; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
26 require_once $gfcommon.'include/escapingUtils.php';
27 require_once $gfcommon.'include/utils.php';
28 require_once $gfcommon.'include/config.php';
30 // Declare and init variables to store messages
33 // Block link prefetching (Moz prefetching, Google Web Accelerator, others)
34 // http://www.google.com/webmasters/faq.html#prefetchblock
35 if (getStringFromServer('HTTP_X_moz') === 'prefetch'){
36 header(getStringFromServer('SERVER_PROTOCOL') . ' 404 Prefetch Forbidden');
37 trigger_error('Prefetch request forbidden.');
41 // Database access and other passwords when on the web
42 function setconfigfromenv ($sec, $var, $serv, $env) {
43 if (getenv ('SERVER_SOFTWARE')) {
44 if (function_exists ('apache_request_headers')) {
45 $headers = apache_request_headers() ;
50 if (isset ($headers[$serv])) {
51 forge_define_config_item ($var, $sec,
56 if (isset ($_ENV[$env])) {
57 forge_define_config_item ($var, $sec,
64 setconfigfromenv('core', 'database_host', 'FusionForgeDbhost', 'sys_gfdbhost');
65 setconfigfromenv('core', 'database_port', 'FusionForgeDbport', 'sys_gfdbport');
66 setconfigfromenv('core', 'database_name', 'FusionForgeDbname', 'sys_gfdbname');
67 setconfigfromenv('core', 'database_user', 'FusionForgeDbuser', 'sys_gfdbuser');
68 setconfigfromenv('core', 'database_password', 'FusionForgeDbpasswd', 'sys_gfdbpasswd');
69 setconfigfromenv('core', 'ldap_password', 'FusionForgeLdapPasswd', 'sys_gfldap_passwd');
70 setconfigfromenv('core', 'session_key', 'FusionForgeSessionKey', 'sys_session_key');
72 forge_read_config_file($gfconfig.'/'.$gfcgfile);
74 if (($ecf = forge_get_config ('extra_config_files')) != NULL) {
75 $ecfa = explode (',', $ecf) ;
76 foreach ($ecfa as $cf) {
78 forge_read_config_file ($cf) ;
81 if (($ecd = forge_get_config ('extra_config_dirs')) != NULL) {
82 $ecda = explode (',', $ecd) ;
83 foreach ($ecda as $cd) {
85 forge_read_config_dir ($cd) ;
89 $url_prefix = forge_get_config('url_prefix');
90 if (isset($_SERVER) && array_key_exists('PHP_SELF', $_SERVER) && $_SERVER['PHP_SELF']) {
91 $_SERVER['PHP_SELF'] = htmlspecialchars($_SERVER['PHP_SELF']);
92 if (substr($_SERVER['PHP_SELF'], 0, strlen($url_prefix)) == $url_prefix) {
93 $_SERVER['PHP_SELF'] = '/'.substr($_SERVER['PHP_SELF'], strlen($url_prefix));
97 if (isset($GLOBALS) && array_key_exists('PHP_SELF', $GLOBALS) && $GLOBALS['PHP_SELF']) {
98 $GLOBALS['PHP_SELF'] = htmlspecialchars($GLOBALS['PHP_SELF']);
99 if (substr($GLOBALS['PHP_SELF'], 0, strlen($url_prefix)) == $url_prefix) {
100 $GLOBALS['PHP_SELF'] = '/'.substr($GLOBALS['PHP_SELF'], strlen($url_prefix));
104 if (isset($_SERVER) && array_key_exists('REQUEST_URI', $_SERVER) && $_SERVER['REQUEST_URI']) {
105 $_SERVER['REQUEST_URI'] = htmlspecialchars($_SERVER['REQUEST_URI']);
106 if (substr($_SERVER['REQUEST_URI'], 0, strlen($url_prefix)) == $url_prefix) {
107 $_SERVER['REQUEST_URI'] = '/'.substr($_SERVER['REQUEST_URI'], strlen($url_prefix));
111 if (isset($GLOBALS) && array_key_exists('REQUEST_URI', $GLOBALS) && $GLOBALS['REQUEST_URI']) {
112 $GLOBALS['REQUEST_URI'] = htmlspecialchars($GLOBALS['REQUEST_URI']);
113 if (substr($GLOBALS['REQUEST_URI'], 0, strlen($url_prefix)) == $url_prefix) {
114 $GLOBALS['REQUEST_URI'] = '/'.substr($GLOBALS['REQUEST_URI'], strlen($url_prefix));
118 if (forge_get_config('use_ssl')) {
119 header('Access-Control-Allow-Origin: http://'.forge_get_config('web_host'));
122 forge_define_config_item ('installation_environment', 'core', 'production') ;
123 $installation_environment = forge_get_config ('installation_environment') ;
124 if ($installation_environment == 'development' || $installation_environment == 'integration') {
125 $default_sysdebug_enable = 'true';
127 $default_sysdebug_enable = 'false';
129 forge_define_config_item ('sysdebug_enable', 'core', $default_sysdebug_enable) ;
130 forge_set_config_item_bool ('sysdebug_enable', 'core') ;
131 forge_define_config_item ('sysdebug_phphandler', 'core', 'true') ;
132 forge_set_config_item_bool ('sysdebug_phphandler', 'core') ;
133 forge_define_config_item ('sysdebug_backtraces', 'core', 'false') ;
134 forge_set_config_item_bool ('sysdebug_backtraces', 'core') ;
135 forge_define_config_item ('sysdebug_ignored', 'core', 'false') ;
136 forge_set_config_item_bool ('sysdebug_ignored', 'core') ;
137 forge_define_config_item ('sysdebug_dberrors', 'core', 'true') ;
138 forge_set_config_item_bool ('sysdebug_dberrors', 'core') ;
139 forge_define_config_item ('sysdebug_dbquery', 'core', 'false') ;
140 forge_set_config_item_bool ('sysdebug_dbquery', 'core') ;
141 forge_define_config_item ('sysdebug_xmlstarlet', 'core', 'false') ;
142 forge_set_config_item_bool ('sysdebug_xmlstarlet', 'core') ;
143 // Load extra func to add extras func like debug
144 $sysdebug_enable = forge_get_config('sysdebug_enable');
146 // Server to access 'groupdir_prefix' via SSH
147 // In simple, single-server installs, it's the 'web_host'
148 if (forge_get_config('shell_host') == null) {
149 forge_define_config_item('shell_host', 'core', forge_get_config('web_host'));
154 * we could use xhtml-rdfa-1.dtd but would need to
155 * mirror the entire XHTML/1.1 shebang then, too
158 'dtdfile' => 'xhtml1-strict.dtd',
159 'doctype' => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">'
161 /* the original XHTML/1.0 Transitional */
162 'transitional-orig' => array(
163 'dtdfile' => 'xhtml1-transitional.dtd',
164 'doctype' => '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
166 /* XHTML/1.0 Transitional + RDFa 1.0 */
167 'transitional' => array(
168 'dtdfile' => 'xhtml10t-rdfa10.dtd',
169 'doctype' => '<!DOCTYPE html SYSTEM "http://evolvis.org/DTD/xhtml10t-rdfa10.dtd">'
173 $sysXMLNSs = 'xmlns="http://www.w3.org/1999/xhtml"';
174 if (!$sysdebug_enable || !forge_get_config('sysdebug_xmlstarlet')) {
176 'dc' => 'http://purl.org/dc/elements/1.1/',
177 'doap' => 'http://usefulinc.com/ns/doap#',
178 'foaf' => 'http://xmlns.com/foaf/0.1/',
179 'planetforge' => 'http://coclico-project.org/ontology/planetforge#',
180 'sioc' => 'http://rdfs.org/sioc/ns#',
181 ) as $key => $value) {
182 $sysXMLNSs .= ' xmlns:' . $key . '="' . $value . '"';
186 if ($sysdebug_enable && getenv('SERVER_SOFTWARE')) {
187 require $gfcommon.'include/extras-debug.php';
189 $sysdebug_dberrors = false;
190 $sysdebug_dbquery = false;
192 function sysdebug_off($hdr=false, $replace=true, $resp=false) {
193 if ($hdr !== false) {
194 if ($resp === false) {
195 header($hdr, $replace);
197 header($hdr, $replace, $resp);
203 function sysdebug_lazymode($enable) {
206 function sysdebug_ajaxbody($enable=true) {
211 // Get constants used for flags or status
212 require $gfcommon.'include/constants.php';
214 // Base error library for new objects
215 require_once $gfcommon.'include/FFError.class.php';
216 require_once $gfcommon.'include/ForgeLog.class.php';
218 // Database abstraction
219 // From here database is required
220 if (getenv('FUSIONFORGE_NO_DB') != 'true' and forge_get_config('database_name') != "") {
221 require_once $gfcommon.'include/database-pgsql.php';
223 // Authentication and access control
224 require_once $gfcommon.'include/session.php';
225 require_once $gfcommon.'include/RBACEngine.class.php';
228 require_once $gfcommon.'include/System.class.php';
229 forge_define_config_item('account_manager_type', 'core', 'UNIX') ;
230 require_once $gfcommon.'include/system/'.forge_get_config('account_manager_type').'.class.php';
231 $amt = forge_get_config('account_manager_type') ;
234 // User-related classes and functions
235 require_once $gfcommon.'include/User.class.php';
237 // Project-related classes and functions
238 require_once $gfcommon.'include/Group.class.php';
240 // Permission-related functions
241 require_once $gfcommon.'include/Permission.class.php';
244 require_once $gfcommon.'include/Plugin.class.php' ;
245 require_once $gfcommon.'include/PluginManager.class.php' ;
247 // SCM-specific plugins subsystem
248 require_once $gfcommon.'include/SCMPlugin.class.php' ;
250 // SysAuth-specific plugins subsystem
251 require_once $gfcommon.'include/SysAuthPlugin.class.php' ;
253 // Authentication-specific plugins subsystem
254 require_once $gfcommon.'include/AuthPlugin.class.php' ;
256 if (getenv ('FUSIONFORGE_NO_PLUGINS') != 'true') {
257 setup_plugin_manager () ;
260 ini_set('date.timezone', forge_get_config ('default_timezone'));
262 if (isset($_SERVER['SERVER_SOFTWARE'])) { // We're on the web
263 // Detect upload larger that upload allowed size.
264 if ( $_SERVER['REQUEST_METHOD'] == 'POST' && empty($_POST) &&
265 empty($_FILES) && $_SERVER['CONTENT_LENGTH'] > 0 )
267 $error_msg = sprintf(_('Posted data is too large. %1$s exceeds the maximum size of %2$s'),
268 human_readable_bytes($_SERVER['CONTENT_LENGTH']), human_readable_bytes(util_get_maxuploadfilesize()));
271 // exit_error() and variants (for the web)
272 require_once $gfcommon.'include/exit.php';
274 // Library to determine browser settings
275 require_once $gfwww.'include/browser.php';
277 // HTML layout class, may be overriden by the Theme class
278 require_once $gfwww.'include/Layout.class.php';
280 // Various HTML libs like button bar, themable
281 require_once $gfcommon.'include/html.php';
283 // Forms key generation
284 require_once $gfcommon.'include/forms.php';
286 // Determine if there's a web session running
289 plugin_hook('after_session_set');
292 if (!session_loggedin() && forge_get_config ('force_login') == 1 ) {
293 $expl_pathinfo = explode('/', getStringFromServer('REQUEST_URI'));
294 if (getStringFromServer('REQUEST_URI')!='/' && $expl_pathinfo[1]!='account' && $expl_pathinfo[1]!='export' && $expl_pathinfo[1]!='plugins') {
295 exit_not_logged_in();
297 // Show proj* export even if not logged in when force login
298 // If not default web project page would be broken
299 if ($expl_pathinfo[1]=='export' && !preg_match('/^proj/', $expl_pathinfo[2])) {
300 exit_not_logged_in();
302 // We must let auth plugins go further
303 if ($expl_pathinfo[1]=='plugins' && !preg_match('/^auth/', $expl_pathinfo[2])) {
304 exit_not_logged_in();
308 // Insert this page view into the database
309 require_once $gfcommon.'include/logger.php';
311 // If logged in, set up a $LUSER var referencing
312 // the logged in user's object
314 // and refresh session cookies
315 if (session_loggedin()) {
316 $LUSER =& session_get_user();
317 $use_tooltips = $LUSER->usesTooltips();
318 header('Cache-Control: private');
319 $x_theme = $LUSER->setUpTheme();
323 $x_theme = forge_get_config('default_theme');
325 require_once forge_get_config('themes_root').'/'.$x_theme.'/Theme.class.php';
326 $x = explode('-', $x_theme);
331 $classname = implode('_', $y);
332 if (!class_exists($classname)) {
333 $classname = 'Theme'; // Cope with local themes where the class may still be called "Theme"
335 $HTML = new $classname () ;
336 $HTML->_theme = $x_theme;
338 } else { // Script run from cron or a command line
339 require_once $gfcommon.'include/squal_exit.php';
343 require_once $gfcommon.'include/gettext.php';
344 require_once $gfcommon.'include/group_section_texts.php';
346 setup_tz_from_context();
347 setup_gettext_from_context();
350 $feedback = htmlspecialchars(getStringFromRequest('feedback', $feedback));
351 $error_msg = htmlspecialchars(getStringFromRequest('error_msg', $error_msg));
352 $warning_msg = htmlspecialchars(getStringFromRequest('warning_msg', $warning_msg));
353 if (empty($feedback) && empty($error_msg) && empty($warning_msg)) {
354 util_init_messages();
362 $LUSER - Logged in user object
368 // c-file-style: "bsd"