search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Created a new folder in _templates to house site icons. Put the new RSS standard...
[elgg.git] / lib / setup.php
blob669d7ee9e8e7efd662243556c20a293d941b37f1
1 <?php
2
3 // declare our globals.
4 global $db;
5 global $USER;
6 global $CFG;
7 global $SESSION;
8 global $PAGE;
9
10 /// First try to detect some attacks on older buggy PHP versions
11 if (isset($_REQUEST['GLOBALS']) || isset($_COOKIE['GLOBALS']) || isset($_FILES['GLOBALS'])) {
12 die('Fatal: Illegal GLOBALS overwrite attempt detected!');
13 }
14
15 // set up perf.
16 init_performance_info();
17
18 /// Just say no to link prefetching (Moz prefetching, Google Web Accelerator, others)
19 /// http://www.google.com/webmasters/faq.html#prefetchblock
20
21 if (!empty($_SERVER['HTTP_X_moz']) && $_SERVER['HTTP_X_moz'] === 'prefetch'){
22 header($_SERVER['SERVER_PROTOCOL'] . ' 404 Prefetch Forbidden');
23 trigger_error('Prefetch request forbidden.');
24 exit;
25 }
26
27 if (empty($CFG->debug)) {
28 $CFG->debug = 0;
29 }
30
31 $CFG->libdir = $CFG->dirroot .'/lib';
32
33 // set up our database connection
34 if ($CFG->debug & E_USER_ERROR) {
35 require_once($CFG->dirroot.'/lib/adodb/adodb-errorhandler.inc.php');
36 }
37 require_once($CFG->dirroot.'/lib/adodb/adodb.inc.php'); // Database access functions
38
39 $db = &ADONewConnection($CFG->dbtype);
40
41 error_reporting(0); // Hide errors
42
43 if (!empty($CFG->dbpersist)) { // Use persistent connection (default)
44 $dbconnected = $db->PConnect($CFG->dbhost,$CFG->dbuser,$CFG->dbpass,$CFG->dbname);
45 } else { // Use single connection
46 $dbconnected = $db->Connect($CFG->dbhost,$CFG->dbuser,$CFG->dbpass,$CFG->dbname);
47 }
48 if (! $dbconnected) {
49 // In the name of protocol correctness, monitoring and performance
50 // profiling, set the appropriate error headers for machine consumption
51 if (isset($_SERVER['SERVER_PROTOCOL'])) {
52 // Avoid it with cron.php. Note that we assume it's HTTP/1.x
53 header($_SERVER['SERVER_PROTOCOL'] . ' 503 Service Unavailable');
54 }
55 // and then for human consumption...
56 echo '<html><body>';
57 echo '<table align="center"><tr>';
58 echo '<td style="color:#990000; text-align:center; font-size:large; border-width:1px; '.
59 ' border-color:#000000; border-style:solid; border-radius: 20px; border-collapse: collapse; '.
60 ' -moz-border-radius: 20px; padding: 15px">';
61 echo '<p>Error: Database connection failed.</p>';
62 echo '<p>It is possible that the database is overloaded or otherwise not running properly.</p>';
63 echo '<p>The site administrator should also check that the database details have been correctly specified in config.php</p>';
64 echo '</td></tr></table>';
65 echo '</body></html>';
66 die;
67 } else {
68 if ($db->databaseType == 'mysql') {
69 $db->Execute("SET NAMES 'utf8'");
70 $db->Execute("SET CHARSET 'utf8'");
71 } else if ($db->databaseType == 'postgres7') {
72 $db->Execute("SET NAMES 'utf8'");
73 }
74 }
75
76 /// Load up any configuration from the config table
77 $CFG = get_config();
78
79 /// Turn on SQL logging if required
80 if (!empty($CFG->logsql)) {
81 $db->LogSQL();
82 }
83
84
85 /// Set error reporting back to normal
86 if (empty($CFG->debug)) {
87 $CFG->debug = 7;
88 }
89 error_reporting($CFG->debug);
90
91 /// File permissions on created directories in the $CFG->dataroot
92
93 if (empty($CFG->directorypermissions)) {
94 $CFG->directorypermissions = 0777; // Must be octal (that's why it's here)
95 }
96
97 /// Files might not want all the permissions that directories have, e.g. +x or g+s,
98 /// so using a separate setting for files
99 if (empty($CFG->filepermissions)) {
100 $CFG->filepermissions = 0666; // Must be octal
101 }
102
103 if (!is_writable($CFG->dataroot)) {
104 $messages[] = "Your current dataroot directory, $CFG->dataroot is not writable by the webserver!";
105 }
106
107 /// Set up session handling
108 if(empty($CFG->respectsessionsettings)) {
109 if (empty($CFG->dbsessions)) { /// File-based sessions
110
111 // Some distros disable GC by setting probability to 0
112 // overriding the PHP default of 1
113 // (gc_probability is divided by gc_divisor, which defaults to 1000)
114 if (ini_get('session.gc_probability') == 0) {
115 ini_set('session.gc_probability', 1);
116 }
117
118 if (!empty($CFG->sessiontimeout)) {
119 ini_set('session.gc_maxlifetime', $CFG->sessiontimeout);
120 }
121
122 if (!file_exists($CFG->dataroot .'sessions')) {
123 require_once($CFG->dirroot.'lib/uploadlib.php');
124 make_upload_directory('sessions');
125 }
126 ini_set('session.save_path', $CFG->dataroot .'sessions');
127
128 } else { /// Database sessions
129 ini_set('session.save_handler', 'user');
130
131 $ADODB_SESSION_DRIVER = $CFG->dbtype;
132 $ADODB_SESSION_CONNECT = $CFG->dbhost;
133 $ADODB_SESSION_USER = $CFG->dbuser;
134 $ADODB_SESSION_PWD = $CFG->dbpass;
135 $ADODB_SESSION_DB = $CFG->dbname;
136 $ADODB_SESSION_TBL = $CFG->prefix.'sessions';
137
138 require_once($CFG->libdir. '/adodb/session/adodb-session.php');
139 }
140 }
141 /// Set sessioncookie variable if it isn't already
142 if (!isset($CFG->sessioncookie)) {
143 $CFG->sessioncookie = '';
144 }
145
146 // for phpthumb
147 require_once($CFG->dirroot.'lib/uploadlib.php');
148 make_upload_directory('cache/phpThumb');
149 // for magpie rss
150 make_upload_directory('cache/magpie');
151 define('MAGPIE_CACHE_DIR',$CFG->dataroot.'cache/magpie');
152
153 /// Configure ampersands in URLs
154
155 @ini_set('arg_separator.output', '&amp;');
156
157 /// Refuse to run with register_globals
158 if (ini_get_bool('register_globals')) {
159 die("Elgg cannot run with register_globals on");
160 }
161
162 // Now we use prepared statements everywhere,
163 // we want everything to be stripslashed
164 // rather than addslashed.
165 if (ini_get_bool('magic_quotes_gpc') ) {
166 function stripslashes_deep($value) {
167 $value = is_array($value) ?
168 array_map('stripslashes_deep', $value) :
169 stripslashes($value);
170 return $value;
171 }
172 $_POST = array_map('stripslashes_deep', $_POST);
173 $_GET = array_map('stripslashes_deep', $_GET);
174 $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
175 $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
176 if (!empty($_SERVER['REQUEST_URI'])) {
177 $_SERVER['REQUEST_URI'] = stripslashes($_SERVER['REQUEST_URI']);
178 }
179 if (!empty($_SERVER['QUERY_STRING'])) {
180 $_SERVER['QUERY_STRING'] = stripslashes($_SERVER['QUERY_STRING']);
181 }
182 if (!empty($_SERVER['HTTP_REFERER'])) {
183 $_SERVER['HTTP_REFERER'] = stripslashes($_SERVER['HTTP_REFERER']);
184 }
185 if (!empty($_SERVER['PATH_INFO'])) {
186 $_SERVER['PATH_INFO'] = stripslashes($_SERVER['PATH_INFO']);
187 }
188 if (!empty($_SERVER['PHP_SELF'])) {
189 $_SERVER['PHP_SELF'] = stripslashes($_SERVER['PHP_SELF']);
190 }
191 if (!empty($_SERVER['PATH_TRANSLATED'])) {
192 $_SERVER['PATH_TRANSLATED'] = stripslashes($_SERVER['PATH_TRANSLATED']);
193 }
194 }
195
196 if (!isset($noelggcookie)) {
197 session_name('ElggSession'.$CFG->sessioncookie);
198 @session_start();
199 if (! isset($_SESSION['SESSION'])) {
200 $_SESSION['SESSION'] = new Stdclass;
201 $_SESSION['SESSION']->session_test = random_string(10);
202 if (!empty($_COOKIE['ElggSessionTest'.$CFG->sessioncookie])) {
203 $_SESSION['SESSION']->has_timed_out = true;
204 }
205 setcookie('ElggSessionTest'.$CFG->sessioncookie, $_SESSION['SESSION']->session_test, 0, '/');
206 $_COOKIE['ElggSessionTest'.$CFG->sessioncookie] = $_SESSION['SESSION']->session_test;
207 }
208 if (! isset($_SESSION['USER'])) {
209 $_SESSION['USER'] = new StdClass;
210 }
211
212 $SESSION = &$_SESSION['SESSION']; // Makes them easier to reference
213 $USER = &$_SESSION['USER'];
214 }
215 else {
216 $SESSION = NULL;
217 $USER = NULL;
218 }
219
220 // Load textlib
221 require_once($CFG->dirroot.'lib/textlib.class.php');
222
223 if (defined('FULLME')) { // Usually in command-line scripts like admin/cron.php
224 $FULLME = FULLME;
225 $ME = FULLME;
226 } else {
227 $FULLME = qualified_me();
228 $ME = strip_querystring($FULLME);
229 }
230
231 /// In VERY rare cases old PHP server bugs (it has been found on PHP 4.1.2 running
232 /// as a CGI under IIS on Windows) may require that you uncomment the following:
233 // session_register("USER");
234 // session_register("SESSION");
235
236 /// now do a session test to prevent random user switching
237 if ($SESSION != NULL) {
238 if (empty($_COOKIE['ElggSessionTest'.$CFG->sessioncookie])) {
239 report_session_error();
240 } else if (isset($SESSION->session_test) && $_COOKIE['ElggSessionTest'.$CFG->sessioncookie] != $SESSION->session_test) {
241 report_session_error();
242 }
243 }
244
245 if (!empty($CFG->opentogoogle)) {
246 if (empty($_SESSION['USER'])) {
247 if (!empty($_SERVER['HTTP_USER_AGENT'])) {
248 if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
249 $USER = guest_user();
250 }
251 if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) {
252 $USER = guest_user();
253 }
254 }
255 if (empty($_SESSION['USER']) and !empty($_SERVER['HTTP_REFERER'])) {
256 if (strpos($_SERVER['HTTP_REFERER'], 'google') !== false ) {
257 $USER = guest_user();
258 } else if (strpos($_SERVER['HTTP_REFERER'], 'altavista') !== false ) {
259 $USER = guest_user();
260 }
261 }
262 }
263 }
264
265 /// Populates an empty $USER if is empty
266 if (empty($USER) || !isset($USER->ident)) {
267 $USER = guest_user();
268 }
269
270 /// backwards compatibility
271 fill_legacy_user_session($USER);
272
273 //////
274 ////// Load some core libraries
275 //////
276 require_once("{$CFG->dirroot}/lib/templates.php");
277 require_once("{$CFG->dirroot}/lib/displaylib.php");
278
279 //////
280 ////// Init templating basics
281 //////
282 if (!isset($CFG->templatestore)) { $CFG->templatestore = 'db' ;}
283 if (!isset($PAGE->menu )) { $PAGE->menu = array();}
284 if (!isset($PAGE->menu_sub )) { $PAGE->menu_sub = array();}
285 if (!isset($PAGE->menu_top )) { $PAGE->menu_top = array();}
286 if (!isset($PAGE->menu_bottom)) { $PAGE->menu_bottom = array();}
287
288 //////
289 ////// Define what modules we have, and load their libraries
290 //////
291
292 // TODO : set up a modules table so we can do get_records('modules')
293 // to fetch the enabled ones (instead of all the available modules)
294 // we can also track db version with it.
295 if ($allmods = get_list_of_plugins('mod') ) {
296 foreach ($allmods as $mod) {
297 $modfile = $CFG->dirroot .'/mod/'.$mod .'/lib.php';
298 if (file_exists($modfile)) {
299 include_once($modfile);
300 }
301 }
302 }
303 // keep the global scope clean
304 unset($allmods); unset ($mod); unset($modfile);
305
306 /// Apache log integration. In apache conf file one can use ${ELGGUSER}n in
307 /// LogFormat to get the current logged in username in Elgg.
308 /// NOTE: we are grabbing the username -- see the commented out lines
309 /// for alternative things that could be logged...
310 if ($USER && function_exists('apache_note')) {
311 $apachelog_username = clean_filename($USER->username);
312 // $apachelog_name = clean_filename($USER->firstname. " ".$USER->lastname);
313 // $apachelog_userid = $USER->ident;
314 /* Enable this commented out section ONLY if Elgg can do
315 user masquerading...
316 if (isset($USER->realuser)) {
317 if ($realuser = get_record('users', 'ident', $USER->realuser)) {
318 $apachelog_username = clean_filename($realuser->username." as ".$apachelog_username);
319 // $apachelog_name = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$apachelog_name);
320 // $apachelog_userid = clean_filename($realuser->id." as ".$apachelog_userid);
321 }
322 }
323 */
324 apache_note('ELGGUSER', $apachelog_username);
325 }
326
327 /// Adjust ALLOWED_TAGS
328 adjust_allowed_tags();
329
330 // backwards compatibility (this is what elgg used to use)
331 define("db_server", $CFG->dbhost);
332 define("db_user",$CFG->dbuser);
333 define("db_pass",$CFG->dbpass);
334 define("db_name",$CFG->dbname);
335
336 define("sitename", $CFG->sitename);
337 define("url",$CFG->wwwroot);
338 define("path",$CFG->dirroot);
339 define("email",$CFG->sysadminemail);
340 define("locale", $CFG->defaultlocale);
341 define("public_reg", $CFG->publicreg);
342 if (empty($CFG->default_access)) {
343 $CFG->default_access = "LOGGED_IN";
344 }
345 define("default_access",$CFG->default_access);
346
347 // figure out a noreply address if we don't have one.
348 if (empty($CFG->noreplyaddress)) {
349 $CFG->noreplyaddress = 'noreply@'.preg_replace('/([a-zA-z]*:\/\/)([a-zA-Z0-9-.]*)([:0-9]*)(\/*.*)/','$2',$CFG->wwwroot);
350 }
351
352 /***
353 *** init_performance_info() {
354 ***
355 *** Initializes our performance info early.
356 ***
357 *** Pairs up with get_performance_info() which is actually
358 *** in moodlelib.php. This function is here so that we can
359 *** call it before all the libs are pulled in.
360 ***
361 **/
362 function init_performance_info() {
363
364 global $PERF;
365
366 $PERF = new StdClass;
367 $PERF->dbqueries = 0;
368 $PERF->logwrites = 0;
369 if (function_exists('microtime')) {
370 $PERF->starttime = microtime();
371 }
372 if (function_exists('memory_get_usage')) {
373 $PERF->startmemory = memory_get_usage();
374 }
375 if (function_exists('posix_times')) {
376 $PERF->startposixtimes = posix_times();
377 }
378 }
379
380 ?>
Elgg Social Networking Platform