Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

index.php 14KB

10 years ago
8 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
8 years ago
7 years ago
10 years ago
10 years ago
9 years ago
10 years ago
10 years ago
10 years ago
9 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
7 years ago
10 years ago
10 years ago
10 years ago
10 years ago
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505
  1. <?php
  2. /**
  3. *
  4. * Friendica
  5. *
  6. */
  7. /**
  8. *
  9. * bootstrap the application
  10. *
  11. */
  12. use Friendica\Core\Config;
  13. require_once('boot.php');
  14. require_once('object/BaseObject.php');
  15. $a = new App;
  16. BaseObject::set_app($a);
  17. // We assume that the index.php is called by a frontend process
  18. // The value is set to "true" by default in boot.php
  19. $a->backend = false;
  20. /**
  21. *
  22. * Load the configuration file which contains our DB credentials.
  23. * Ignore errors. If the file doesn't exist or is empty, we are running in
  24. * installation mode.
  25. *
  26. */
  27. $install = ((file_exists('.htconfig.php') && filesize('.htconfig.php')) ? false : true);
  28. // Only load config if found, don't surpress errors
  29. if (!$install) {
  30. include ".htconfig.php";
  31. }
  32. /**
  33. *
  34. * Try to open the database;
  35. *
  36. */
  37. require_once "include/dba.php";
  38. if (!$install) {
  39. $db = new dba($db_host, $db_user, $db_pass, $db_data, $install);
  40. unset($db_host, $db_user, $db_pass, $db_data);
  41. /**
  42. * Load configs from db. Overwrite configs from .htconfig.php
  43. */
  44. Config::load();
  45. if ($a->max_processes_reached() OR $a->maxload_reached()) {
  46. header($_SERVER["SERVER_PROTOCOL"] . ' 503 Service Temporarily Unavailable');
  47. header('Retry-After: 120');
  48. header('Refresh: 120; url=' . App::get_baseurl() . "/" . $a->query_string);
  49. die("System is currently unavailable. Please try again later");
  50. }
  51. if (get_config('system', 'force_ssl') AND ($a->get_scheme() == "http") AND
  52. (intval(get_config('system', 'ssl_policy')) == SSL_POLICY_FULL) AND
  53. (substr(App::get_baseurl(), 0, 8) == "https://")) {
  54. header("HTTP/1.1 302 Moved Temporarily");
  55. header("Location: " . App::get_baseurl() . "/" . $a->query_string);
  56. exit();
  57. }
  58. require_once("include/session.php");
  59. load_hooks();
  60. call_hooks('init_1');
  61. $maintenance = get_config('system', 'maintenance');
  62. }
  63. $lang = get_browser_language();
  64. load_translation_table($lang);
  65. /**
  66. *
  67. * Important stuff we always need to do.
  68. *
  69. * The order of these may be important so use caution if you think they're all
  70. * intertwingled with no logical order and decide to sort it out. Some of the
  71. * dependencies have changed, but at least at one time in the recent past - the
  72. * order was critical to everything working properly
  73. *
  74. */
  75. // Exclude the backend processes from the session management
  76. if (!$a->is_backend()) {
  77. $stamp1 = microtime(true);
  78. session_start();
  79. $a->save_timestamp($stamp1, "parser");
  80. } else {
  81. require_once "include/poller.php";
  82. call_worker_if_idle();
  83. }
  84. /**
  85. * Language was set earlier, but we can over-ride it in the session.
  86. * We have to do it here because the session was just now opened.
  87. */
  88. if (x($_SESSION,'authenticated') && !x($_SESSION,'language')) {
  89. // we didn't loaded user data yet, but we need user language
  90. $r = q("SELECT language FROM user WHERE uid=%d", intval($_SESSION['uid']));
  91. $_SESSION['language'] = $lang;
  92. if (dbm::is_result($r)) $_SESSION['language'] = $r[0]['language'];
  93. }
  94. if ((x($_SESSION,'language')) && ($_SESSION['language'] !== $lang)) {
  95. $lang = $_SESSION['language'];
  96. load_translation_table($lang);
  97. }
  98. if ((x($_GET,'zrl')) && (!$install && !$maintenance)) {
  99. // Only continue when the given profile link seems valid
  100. // Valid profile links contain a path with "/profile/" and no query parameters
  101. if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == "") AND
  102. strstr(parse_url($_GET['zrl'], PHP_URL_PATH), "/profile/")) {
  103. $_SESSION['my_url'] = $_GET['zrl'];
  104. $a->query_string = preg_replace('/[\?&]zrl=(.*?)([\?&]|$)/is','',$a->query_string);
  105. zrl_init($a);
  106. } else {
  107. // Someone came with an invalid parameter, maybe as a DDoS attempt
  108. // We simply stop processing here
  109. logger("Invalid ZRL parameter ".$_GET['zrl'], LOGGER_DEBUG);
  110. header('HTTP/1.1 403 Forbidden');
  111. echo "<h1>403 Forbidden</h1>";
  112. killme();
  113. }
  114. }
  115. /**
  116. *
  117. * For Mozilla auth manager - still needs sorting, and this might conflict with LRDD header.
  118. * Apache/PHP lumps the Link: headers into one - and other services might not be able to parse it
  119. * this way. There's a PHP flag to link the headers because by default this will over-write any other
  120. * link header.
  121. *
  122. * What we really need to do is output the raw headers ourselves so we can keep them separate.
  123. *
  124. */
  125. // header('Link: <' . App::get_baseurl() . '/amcd>; rel="acct-mgmt";');
  126. if (x($_COOKIE["Friendica"]) || (x($_SESSION,'authenticated')) || (x($_POST,'auth-params')) || ($a->module === 'login')) {
  127. require("include/auth.php");
  128. }
  129. if (! x($_SESSION,'authenticated')) {
  130. header('X-Account-Management-Status: none');
  131. }
  132. /* set up page['htmlhead'] and page['end'] for the modules to use */
  133. $a->page['htmlhead'] = '';
  134. $a->page['end'] = '';
  135. if (! x($_SESSION,'sysmsg')) {
  136. $_SESSION['sysmsg'] = array();
  137. }
  138. if (! x($_SESSION,'sysmsg_info')) {
  139. $_SESSION['sysmsg_info'] = array();
  140. }
  141. // Array for informations about last received items
  142. if (! x($_SESSION,'last_updated')) {
  143. $_SESSION['last_updated'] = array();
  144. }
  145. /*
  146. * check_config() is responsible for running update scripts. These automatically
  147. * update the DB schema whenever we push a new one out. It also checks to see if
  148. * any plugins have been added or removed and reacts accordingly.
  149. */
  150. // in install mode, any url loads install module
  151. // but we need "view" module for stylesheet
  152. if ($install && $a->module!="view") {
  153. $a->module = 'install';
  154. } elseif ($maintenance && $a->module!="view") {
  155. $a->module = 'maintenance';
  156. } else {
  157. check_url($a);
  158. check_db();
  159. check_plugins($a);
  160. }
  161. nav_set_selected('nothing');
  162. //Don't populate apps_menu if apps are private
  163. $privateapps = get_config('config','private_addons');
  164. if ((local_user()) || (! $privateapps === "1")) {
  165. $arr = array('app_menu' => $a->apps);
  166. call_hooks('app_menu', $arr);
  167. $a->apps = $arr['app_menu'];
  168. }
  169. /**
  170. *
  171. * We have already parsed the server path into $a->argc and $a->argv
  172. *
  173. * $a->argv[0] is our module name. We will load the file mod/{$a->argv[0]}.php
  174. * and use it for handling our URL request.
  175. * The module file contains a few functions that we call in various circumstances
  176. * and in the following order:
  177. *
  178. * "module"_init
  179. * "module"_post (only called if there are $_POST variables)
  180. * "module"_afterpost
  181. * "module"_content - the string return of this function contains our page body
  182. *
  183. * Modules which emit other serialisations besides HTML (XML,JSON, etc.) should do
  184. * so within the module init and/or post functions and then invoke killme() to terminate
  185. * further processing.
  186. */
  187. if (strlen($a->module)) {
  188. /**
  189. *
  190. * We will always have a module name.
  191. * First see if we have a plugin which is masquerading as a module.
  192. *
  193. */
  194. // Compatibility with the Android Diaspora client
  195. if ($a->module == "stream") {
  196. $a->module = "network";
  197. }
  198. // Compatibility with the Firefox App
  199. if (($a->module == "users") AND ($a->cmd == "users/sign_in")) {
  200. $a->module = "login";
  201. }
  202. $privateapps = get_config('config','private_addons');
  203. if (is_array($a->plugins) && in_array($a->module,$a->plugins) && file_exists("addon/{$a->module}/{$a->module}.php")) {
  204. //Check if module is an app and if public access to apps is allowed or not
  205. if ((!local_user()) && plugin_is_app($a->module) && $privateapps === "1") {
  206. info( t("You must be logged in to use addons. "));
  207. } else {
  208. include_once("addon/{$a->module}/{$a->module}.php");
  209. if (function_exists($a->module . '_module')) {
  210. $a->module_loaded = true;
  211. }
  212. }
  213. }
  214. /**
  215. * If not, next look for a 'standard' program module in the 'mod' directory
  216. */
  217. if ((! $a->module_loaded) && (file_exists("mod/{$a->module}.php"))) {
  218. include_once("mod/{$a->module}.php");
  219. $a->module_loaded = true;
  220. }
  221. /**
  222. *
  223. * The URL provided does not resolve to a valid module.
  224. *
  225. * On Dreamhost sites, quite often things go wrong for no apparent reason and they send us to '/internal_error.html'.
  226. * We don't like doing this, but as it occasionally accounts for 10-20% or more of all site traffic -
  227. * we are going to trap this and redirect back to the requested page. As long as you don't have a critical error on your page
  228. * this will often succeed and eventually do the right thing.
  229. *
  230. * Otherwise we are going to emit a 404 not found.
  231. *
  232. */
  233. if (! $a->module_loaded) {
  234. // Stupid browser tried to pre-fetch our Javascript img template. Don't log the event or return anything - just quietly exit.
  235. if ((x($_SERVER,'QUERY_STRING')) && preg_match('/{[0-9]}/',$_SERVER['QUERY_STRING']) !== 0) {
  236. killme();
  237. }
  238. if ((x($_SERVER,'QUERY_STRING')) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && isset($dreamhost_error_hack)) {
  239. logger('index.php: dreamhost_error_hack invoked. Original URI =' . $_SERVER['REQUEST_URI']);
  240. goaway(App::get_baseurl() . $_SERVER['REQUEST_URI']);
  241. }
  242. logger('index.php: page not found: ' . $_SERVER['REQUEST_URI'] . ' ADDRESS: ' . $_SERVER['REMOTE_ADDR'] . ' QUERY: ' . $_SERVER['QUERY_STRING'], LOGGER_DEBUG);
  243. header($_SERVER["SERVER_PROTOCOL"] . ' 404 ' . t('Not Found'));
  244. $tpl = get_markup_template("404.tpl");
  245. $a->page['content'] = replace_macros($tpl, array(
  246. '$message' => t('Page not found.' )
  247. ));
  248. }
  249. }
  250. /**
  251. * load current theme info
  252. */
  253. $theme_info_file = "view/theme/".current_theme()."/theme.php";
  254. if (file_exists($theme_info_file)){
  255. require_once($theme_info_file);
  256. }
  257. /* initialise content region */
  258. if (! x($a->page,'content')) {
  259. $a->page['content'] = '';
  260. }
  261. if (!$install && !$maintenance) {
  262. call_hooks('page_content_top',$a->page['content']);
  263. }
  264. /**
  265. * Call module functions
  266. */
  267. if ($a->module_loaded) {
  268. $a->page['page_title'] = $a->module;
  269. $placeholder = '';
  270. if (function_exists($a->module . '_init')) {
  271. call_hooks($a->module . '_mod_init', $placeholder);
  272. $func = $a->module . '_init';
  273. $func($a);
  274. }
  275. if (function_exists(str_replace('-','_',current_theme()) . '_init')) {
  276. $func = str_replace('-','_',current_theme()) . '_init';
  277. $func($a);
  278. }
  279. if (($_SERVER['REQUEST_METHOD'] === 'POST') && (! $a->error)
  280. && (function_exists($a->module . '_post'))
  281. && (! x($_POST,'auth-params'))) {
  282. call_hooks($a->module . '_mod_post', $_POST);
  283. $func = $a->module . '_post';
  284. $func($a);
  285. }
  286. if ((! $a->error) && (function_exists($a->module . '_afterpost'))) {
  287. call_hooks($a->module . '_mod_afterpost',$placeholder);
  288. $func = $a->module . '_afterpost';
  289. $func($a);
  290. }
  291. if ((! $a->error) && (function_exists($a->module . '_content'))) {
  292. $arr = array('content' => $a->page['content']);
  293. call_hooks($a->module . '_mod_content', $arr);
  294. $a->page['content'] = $arr['content'];
  295. $func = $a->module . '_content';
  296. $arr = array('content' => $func($a));
  297. call_hooks($a->module . '_mod_aftercontent', $arr);
  298. $a->page['content'] .= $arr['content'];
  299. }
  300. if (function_exists(str_replace('-','_',current_theme()) . '_content_loaded')) {
  301. $func = str_replace('-','_',current_theme()) . '_content_loaded';
  302. $func($a);
  303. }
  304. }
  305. /*
  306. * Create the page head after setting the language
  307. * and getting any auth credentials.
  308. *
  309. * Moved init_pagehead() and init_page_end() to after
  310. * all the module functions have executed so that all
  311. * theme choices made by the modules can take effect.
  312. */
  313. $a->init_pagehead();
  314. /*
  315. * Build the page ending -- this is stuff that goes right before
  316. * the closing </body> tag
  317. */
  318. $a->init_page_end();
  319. // If you're just visiting, let javascript take you home
  320. if (x($_SESSION, 'visitor_home')) {
  321. $homebase = $_SESSION['visitor_home'];
  322. } elseif (local_user()) {
  323. $homebase = 'profile/' . $a->user['nickname'];
  324. }
  325. if (isset($homebase)) {
  326. $a->page['content'] .= '<script>var homebase="' . $homebase . '" ; </script>';
  327. }
  328. /*
  329. * now that we've been through the module content, see if the page reported
  330. * a permission problem and if so, a 403 response would seem to be in order.
  331. */
  332. if (stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) {
  333. header($_SERVER["SERVER_PROTOCOL"] . ' 403 ' . t('Permission denied.'));
  334. }
  335. /*
  336. * Report anything which needs to be communicated in the notification area (before the main body)
  337. */
  338. call_hooks('page_end', $a->page['content']);
  339. /*
  340. * Add the navigation (menu) template
  341. */
  342. if ($a->module != 'install' && $a->module != 'maintenance') {
  343. nav($a);
  344. }
  345. /*
  346. * Add a "toggle mobile" link if we're using a mobile device
  347. */
  348. if ($a->is_mobile || $a->is_tablet) {
  349. if (isset($_SESSION['show-mobile']) && !$_SESSION['show-mobile']) {
  350. $link = 'toggle_mobile?address=' . curPageURL();
  351. } else {
  352. $link = 'toggle_mobile?off=1&address=' . curPageURL();
  353. }
  354. $a->page['footer'] = replace_macros(get_markup_template("toggle_mobile_footer.tpl"), array(
  355. '$toggle_link' => $link,
  356. '$toggle_text' => t('toggle mobile')
  357. ));
  358. }
  359. /**
  360. * Build the page - now that we have all the components
  361. */
  362. if (!$a->theme['stylesheet']) {
  363. $stylesheet = current_theme_url();
  364. } else {
  365. $stylesheet = $a->theme['stylesheet'];
  366. }
  367. $a->page['htmlhead'] = str_replace('{{$stylesheet}}',$stylesheet,$a->page['htmlhead']);
  368. //$a->page['htmlhead'] = replace_macros($a->page['htmlhead'], array('$stylesheet' => $stylesheet));
  369. if (isset($_GET["mode"]) AND (($_GET["mode"] == "raw") OR ($_GET["mode"] == "minimal"))) {
  370. $doc = new DOMDocument();
  371. $target = new DOMDocument();
  372. $target->loadXML("<root></root>");
  373. $content = mb_convert_encoding($a->page["content"], 'HTML-ENTITIES', "UTF-8");
  374. /// @TODO one day, kill those error-surpressing @ stuff, or PHP should ban it
  375. @$doc->loadHTML($content);
  376. $xpath = new DomXPath($doc);
  377. $list = $xpath->query("//*[contains(@id,'tread-wrapper-')]"); /* */
  378. foreach ($list as $item) {
  379. $item = $target->importNode($item, true);
  380. // And then append it to the target
  381. $target->documentElement->appendChild($item);
  382. }
  383. }
  384. if (isset($_GET["mode"]) AND ($_GET["mode"] == "raw")) {
  385. header("Content-type: text/html; charset=utf-8");
  386. echo substr($target->saveHTML(), 6, -8);
  387. killme();
  388. }
  389. $page = $a->page;
  390. $profile = $a->profile;
  391. header("X-Friendica-Version: " . FRIENDICA_VERSION);
  392. header("Content-type: text/html; charset=utf-8");
  393. /*
  394. * We use $_GET["mode"] for special page templates. So we will check if we have
  395. * to load another page template than the default one.
  396. * The page templates are located in /view/php/ or in the theme directory.
  397. */
  398. if (isset($_GET["mode"])) {
  399. $template = theme_include($_GET["mode"] . '.php');
  400. }
  401. // If there is no page template use the default page template
  402. if (!$template) {
  403. $template = theme_include("default.php");
  404. }
  405. /// @TODO Looks unsafe (remote-inclusion), is maybe not but theme_include() uses file_exists() but does not escape anything
  406. require_once $template;
  407. killme();