main.php

   1 <?php
   2
   3 // convenience error function
   4 // todo: let user display a custom error page
   5 function display_error_and_quit($code, $text = false) {
   6     $code_descriptions = array(
   7         403 => 'Forbidden',
   8         404 => 'Not Found',
   9     );
  10     $code = (int) $code; // enforce integer nature
  11     if (isset($code_descriptions[$code])) {
  12         if (!$text) $text = $code_descriptions[$code];
  13         $code .= ' ' . $code_descriptions[$code]; // casts to string
  14     }
  15     header($_SERVER['SERVER_PROTOCOL'] . ' ' . $code, true, $code);
  16     header('Status: ' . $code);
  17     echo "<h1>$code</h1>";
  18     exit; // essential
  19 }
  20
  21 // initialize array of allowed directories
  22 $allowed_subdirs = array(
  23     'comparison/' => true
  24 );
  25
  26 // load up environment variables
  27 $page = $_SERVER['REQUEST_URI'];
  28 $this_file = basename(__FILE__);
  29
  30 if ($_SERVER['PHP_SELF'] !== '/' . $this_file) {
  31     // we're in a web subdirectory: normalize the name
  32     $prefix_length = strlen($_SERVER['PHP_SELF']) - strlen($this_file) - 1;
  33     $page = substr($page, $prefix_length);
  34 }
  35
  36 // assuming that index.html is are document index handler, Apache
  37 // better have caught it already if it was something else
  38 if ($page == '/') $page = '/index.html';
  39
  40 // remove leading slash, so it's a relative path not web path
  41 $page = substr($page, 1);
  42
  43 // let GET param override, this is good for manual cache invalidation
  44 if (isset($_GET['f'])) $page = $_GET['f'];
  45
  46 // validate the path, perhaps syntax could be more permissive
  47 $chars = 'a-zA-Z0-9\-_';
  48 $regex = "#(((?:[$chars]+/)*)[$chars]+).html#";
  49 $status = preg_match($regex, $page, $matches);
  50 if (!$status) display_error_and_quit(403);
  51
  52 // validate directory
  53 if ($matches[2] !== '' && !isset($allowed_subdirs[$matches[2]])) {
  54     display_error_and_quit(403);
  55 }
  56
  57 // load up the page source
  58 $page_src = $matches[1] . '.xhtml';
  59 if (!is_file($page_src) || !is_readable($page_src)) {
  60     // Apache may have redirected to an ErrorDocument which got directed
  61     // via mod_rewrite to us, in that case, output the corresponding
  62     // status code.  Otherwise, we can give the regular 404.
  63     $code = (int) getenv("REDIRECT_STATUS");
  64     if (!$code) $code = 404;
  65     display_error_and_quit($code);
  66 }
  67
  68 if (is_file($page) && !isset($_GET['purge'])) {
  69     // cached version already exists
  70     // if generated file is newer than old file, do not regenerate
  71     $mtime_page = filemtime($page);
  72     $mtime_page_src = filemtime($page_src);
  73     if ($mtime_page_src < $mtime_page) {
  74         // cached version is fresh, serve it
  75         readfile($page);
  76         exit;
  77     }
  78 }
  79
  80 // regenerate
  81 $source = file_get_contents($page_src);
  82 $contents = $source;
  83 file_put_contents($page, $contents);
  84 echo $contents;
  85
  86 ?>