| [ Index ] |
|
Code source de dotProject 2.1 RC1 |
1 <?php /* $Id: index.php,v 1.121.4.9 2007/02/03 13:09:18 gregorerhardt Exp $ */ 2 3 /* {{{ Copyright (c) 2003-2005 The dotProject Development Team <core-developers@dotproject.net> 4 5 This file is part of dotProject. 6 7 dotProject is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License as published by 9 the Free Software Foundation; either version 2 of the License, or 10 (at your option) any later version. 11 12 dotProject is distributed in the hope that it will be useful, 13 but WITHOUT ANY WARRANTY; without even the implied warranty of 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 GNU General Public License for more details. 16 17 You should have received a copy of the GNU General Public License 18 along with dotProject; if not, write to the Free Software 19 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 20 }}} */ 21 22 ini_set('display_errors', 1); // Ensure errors get to the user. 23 error_reporting(E_ALL & ~E_NOTICE); 24 25 // If you experience a 'white screen of death' or other problems, 26 // uncomment the following line of code: 27 //error_reporting( E_ALL ); 28 29 $loginFromPage = 'index.php'; 30 require_once 'base.php'; 31 32 clearstatcache(); 33 if( is_file( DP_BASE_DIR . "/includes/config.php" ) ) { 34 35 require_once DP_BASE_DIR . "/includes/config.php"; 36 37 } else { 38 echo "<html><head><meta http-equiv='refresh' content='5; URL=".DP_BASE_URL."/install/index.php'></head><body>"; 39 echo "Fatal Error. You haven't created a config file yet.<br/><a href='./install/index.php'> 40 Click Here To Start Installation and Create One!</a> (forwarded in 5 sec.)</body></html>"; 41 exit(); 42 } 43 44 if (! isset($GLOBALS['OS_WIN'])) 45 $GLOBALS['OS_WIN'] = (stristr(PHP_OS, "WIN") !== false); 46 47 // tweak for pathname consistence on windows machines 48 require_once DP_BASE_DIR."/includes/db_adodb.php"; 49 require_once DP_BASE_DIR."/includes/db_connect.php"; 50 require_once DP_BASE_DIR."/includes/main_functions.php"; 51 require_once DP_BASE_DIR."/classes/ui.class.php"; 52 require_once DP_BASE_DIR."/classes/permissions.class.php"; 53 require_once DP_BASE_DIR."/includes/session.php"; 54 55 // don't output anything. Usefull for fileviewer.php, gantt.php, etc. 56 $suppressHeaders = dPgetParam( $_GET, 'suppressHeaders', false ); 57 58 // manage the session variable(s) 59 dPsessionStart(array('AppUI')); 60 61 // write the HTML headers 62 header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past 63 header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified 64 header ("Cache-Control: no-cache, must-revalidate, no-store, post-check=0, pre-check=0"); // HTTP/1.1 65 header ("Pragma: no-cache"); // HTTP/1.0 66 67 // check if session has previously been initialised 68 if (!isset( $_SESSION['AppUI'] ) || isset($_GET['logout'])) { 69 if (isset($_GET['logout']) && isset($_SESSION['AppUI']->user_id)) 70 { 71 $AppUI =& $_SESSION['AppUI']; 72 $user_id = $AppUI->user_id; 73 addHistory('login', $AppUI->user_id, 'logout', $AppUI->user_first_name . ' ' . $AppUI->user_last_name); 74 } 75 76 $_SESSION['AppUI'] = new CAppUI; 77 } 78 $AppUI =& $_SESSION['AppUI']; 79 $last_insert_id =$AppUI->last_insert_id; 80 81 $AppUI->checkStyle(); 82 83 // load the commonly used classes 84 require_once( $AppUI->getSystemClass( 'date' ) ); 85 require_once( $AppUI->getSystemClass( 'dp' ) ); 86 require_once( $AppUI->getSystemClass( 'query' ) ); 87 88 require_once DP_BASE_DIR."/misc/debug.php"; 89 90 //Function for update lost action in user_access_log 91 $AppUI->updateLastAction($last_insert_id); 92 // load default preferences if not logged in 93 if ($AppUI->doLogin()) { 94 $AppUI->loadPrefs( 0 ); 95 } 96 97 //Function register logout in user_acces_log 98 if (isset($user_id) && isset($_GET['logout'])){ 99 $AppUI->registerLogout($user_id); 100 } 101 102 // check is the user needs a new password 103 if (dPgetParam( $_POST, 'lostpass', 0 )) { 104 $uistyle = $dPconfig['host_style']; 105 $AppUI->setUserLocale(); 106 @include_once DP_BASE_DIR."/locales/$AppUI->user_locale/locales.php"; 107 @include_once DP_BASE_DIR."/locales/core.php"; 108 setlocale( LC_TIME, $AppUI->user_lang ); 109 if (dPgetParam( $_REQUEST, 'sendpass', 0 )) { 110 require DP_BASE_DIR."/includes/sendpass.php"; 111 sendNewPass(); 112 } else { 113 require DP_BASE_DIR."/style/$uistyle/lostpass.php"; 114 } 115 exit(); 116 } 117 118 // check if the user is trying to log in 119 // Note the change to REQUEST instead of POST. This is so that we can 120 // support alternative authentication methods such as the PostNuke 121 // and HTTP auth methods now supported. 122 if (isset($_REQUEST['login'])) { 123 124 $username = dPgetCleanParam( $_POST, 'username', '' ); 125 $password = dPgetCleanParam( $_POST, 'password', '' ); 126 $redirect = dPgetCleanParam( $_REQUEST, 'redirect', '' ); 127 $AppUI->setUserLocale(); 128 @include_once( DP_BASE_DIR."/locales/$AppUI->user_locale/locales.php" ); 129 @include_once DP_BASE_DIR."/locales/core.php"; 130 $ok = $AppUI->login( $username, $password ); 131 if (!$ok) { 132 $AppUI->setMsg( 'Login Failed'); 133 } else { 134 //Register login in user_acces_log 135 $AppUI->registerLogin(); 136 } 137 addHistory('login', $AppUI->user_id, 'login', $AppUI->user_first_name . ' ' . $AppUI->user_last_name); 138 $AppUI->redirect( "$redirect" ); 139 } 140 141 // supported since PHP 4.2 142 // writeDebug( var_export( $AppUI, true ), 'AppUI', __FILE__, __LINE__ ); 143 144 // set the default ui style 145 $uistyle = $AppUI->getPref( 'UISTYLE' ) ? $AppUI->getPref( 'UISTYLE' ) : $dPconfig['host_style']; 146 147 // clear out main url parameters 148 $m = ''; 149 $a = ''; 150 $u = ''; 151 152 // check if we are logged in 153 if ($AppUI->doLogin()) { 154 // load basic locale settings 155 $AppUI->setUserLocale(); 156 @include_once( "./locales/$AppUI->user_locale/locales.php" ); 157 @include_once ( "./locales/core.php" ); 158 setlocale( LC_TIME, $AppUI->user_lang ); 159 $redirect = $_SERVER['QUERY_STRING']?strip_tags($_SERVER['QUERY_STRING']):''; 160 if (strpos( $redirect, 'logout' ) !== false) { 161 $redirect = ''; 162 } 163 164 if (isset( $locale_char_set )) { 165 header("Content-type: text/html;charset=$locale_char_set"); 166 } 167 168 require DP_BASE_DIR."/style/$uistyle/login.php"; 169 // destroy the current session and output login page 170 session_unset(); 171 session_destroy(); 172 exit; 173 } 174 $AppUI->setUserLocale(); 175 176 177 // bring in the rest of the support and localisation files 178 require_once DP_BASE_DIR."/includes/permissions.php"; 179 180 181 $def_a = 'index'; 182 if (! isset($_GET['m']) && !empty($dPconfig['default_view_m'])) { 183 $m = $dPconfig['default_view_m']; 184 $def_a = !empty($dPconfig['default_view_a']) ? $dPconfig['default_view_a'] : $def_a; 185 $tab = $dPconfig['default_view_tab']; 186 } else { 187 // set the module from the url 188 $m = $AppUI->checkFileName(dPgetCleanParam( $_GET, 'm', getReadableModule() )); 189 } 190 // set the action from the url 191 $a = $AppUI->checkFileName(dPgetCleanParam( $_GET, 'a', $def_a)); 192 193 /* This check for $u implies that a file located in a subdirectory of higher depth than 1 194 * in relation to the module base can't be executed. So it would'nt be possible to 195 * run for example the file module/directory1/directory2/file.php 196 * Also it won't be possible to run modules/module/abc.zyz.class.php for that dots are 197 * not allowed in the request parameters. 198 */ 199 200 $u = $AppUI->checkFileName(dPgetCleanParam( $_GET, 'u', '' )); 201 202 // load module based locale settings 203 @include_once DP_BASE_DIR."/locales/$AppUI->user_locale/locales.php"; 204 @include_once DP_BASE_DIR."/locales/core.php"; 205 206 setlocale( LC_TIME, $AppUI->user_lang ); 207 $m_config = dPgetConfig($m); 208 @include_once DP_BASE_DIR."/functions/" . $m . "_func.php"; 209 210 // TODO: canRead/Edit assignements should be moved into each file 211 212 // check overall module permissions 213 // these can be further modified by the included action files 214 $perms =& $AppUI->acl(); 215 $canAccess = $perms->checkModule($m, 'access'); 216 $canRead = $perms->checkModule($m, 'view'); 217 $canEdit = $perms->checkModule($m, 'edit'); 218 $canAuthor = $perms->checkModule($m, 'add'); 219 $canDelete = $perms->checkModule($m, 'delete'); 220 221 if ( !$suppressHeaders ) { 222 // output the character set header 223 if (isset( $locale_char_set )) { 224 header("Content-type: text/html;charset=$locale_char_set"); 225 } 226 } 227 228 /* 229 * 230 * TODO: Permissions should be handled by each file. 231 * Denying access from index.php still doesn't asure 232 * someone won't access directly skipping this security check. 233 * 234 // bounce the user if they don't have at least read access 235 if (!( 236 // however, some modules are accessible by anyone 237 $m == 'public' || 238 ($m == 'admin' && $a == 'viewuser') 239 )) { 240 if (!$canRead) { 241 $AppUI->redirect( "m=public&a=access_denied" ); 242 } 243 } 244 */ 245 246 // include the module class file - we use file_exists instead of @ so 247 // that any parse errors in the file are reported, rather than errors 248 // further down the track. 249 $modclass = $AppUI->getModuleClass($m); 250 if (file_exists($modclass)) 251 include_once( $modclass ); 252 if ($u && file_exists(DP_BASE_DIR."/modules/$m/$u/$u.class.php")) 253 include_once DP_BASE_DIR."/modules/$m/$u/$u.class.php"; 254 255 // do some db work if dosql is set 256 // TODO - MUST MOVE THESE INTO THE MODULE DIRECTORY 257 if (isset( $_REQUEST["dosql"]) ) { 258 //require("./dosql/" . $_REQUEST["dosql"] . ".php"); 259 require DP_BASE_DIR."/modules/$m/" . ($u ? "$u/" : "") . $AppUI->checkFileName($_REQUEST["dosql"]) . ".php"; 260 } 261 262 // start output proper 263 include DP_BASE_DIR."/style/$uistyle/overrides.php"; 264 ob_start(); 265 if(!$suppressHeaders) { 266 require DP_BASE_DIR."/style/$uistyle/header.php"; 267 } 268 269 if (! isset($_SESSION['all_tabs'][$m]) ) { 270 // For some reason on some systems if you don't set this up 271 // first you get recursive pointers to the all_tabs array, creating 272 // phantom tabs. 273 if (! isset($_SESSION['all_tabs'])) 274 $_SESSION['all_tabs'] = array(); 275 $_SESSION['all_tabs'][$m] = array(); 276 $all_tabs =& $_SESSION['all_tabs'][$m]; 277 foreach ($AppUI->getActiveModules() as $dir => $module) 278 { 279 if (! $perms->checkModule($dir, 'access')) 280 continue; 281 $modules_tabs = $AppUI->readFiles(DP_BASE_DIR."/modules/$dir/", '^' . $m . '_tab.*\.php'); 282 foreach($modules_tabs as $tab) 283 { 284 // Get the name as the subextension 285 // cut the module_tab. and the .php parts of the filename 286 // (begining and end) 287 $nameparts = explode('.', $tab); 288 $filename = substr($tab, 0, -4); 289 if (count($nameparts) > 3) { 290 $file = $nameparts[1]; 291 if (! isset($all_tabs[$file])) 292 $all_tabs[$file] = array(); 293 $arr =& $all_tabs[$file]; 294 $name = $nameparts[2]; 295 } else { 296 $arr =& $all_tabs; 297 $name = $nameparts[1]; 298 } 299 $arr[] = array( 300 'name' => ucfirst(str_replace('_', ' ', $name)), 301 'file' => DP_BASE_DIR . '/modules/' . $dir . '/' . $filename, 302 'module' => $dir); 303 304 /* 305 ** Don't forget to unset $arr again! $arr is likely to be used in the sequel declaring 306 ** any temporary array. This may lead to strange bugs with disappearing tabs (cf. #1767). 307 ** @author: gregorerhardt @date: 20070203 308 */ 309 unset($arr); 310 } 311 } 312 } else { 313 $all_tabs =& $_SESSION['all_tabs'][$m]; 314 } 315 316 $module_file = DP_BASE_DIR."/modules/$m/" . ($u ? "$u/" : "") . "$a.php"; 317 if (file_exists($module_file)) 318 require $module_file; 319 else 320 { 321 // TODO: make this part of the public module? 322 // TODO: internationalise the string. 323 $titleBlock = new CTitleBlock('Warning', 'log-error.gif'); 324 $titleBlock->show(); 325 326 echo $AppUI->_("Missing file. Possible Module \"$m\" missing!"); 327 } 328 if(!$suppressHeaders) { 329 echo '<iframe name="thread" src="' . DP_BASE_URL . '/modules/index.html" width="0" height="0" frameborder="0"></iframe>'; 330 require DP_BASE_DIR."/style/$uistyle/footer.php"; 331 } 332 ob_end_flush(); 333 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 18 19:46:52 2007 | par Balluche grâce à PHPXref 0.7 |