Reduced the gfh2 background image contrast a bit since it was hard to read text with it.

[specialops2.git] / con.php

<?php
/**
 * con.php: Generic setup file.
 *
 * Contains user authentication, database connection and other exciting stuff.
 * Everything else depends on this file. Don't touch it unless you know what
 * you're doing, all the config is done in other places (mostly mysql.php).
 *
 * @author Anthony Parsons (xmpp:ant@specialops.ath.cx)
 * @license file:COPYING
 * @version $Id$
 */

/**
 * Source revision displayed in the page footer.
 * AFAIK there's no way to get the overall value both accurately and quickly,
 * so the revision for just this file will have to do.
 */
define('SO2VER', '$Rev$');


// SO2 won't run on anything less than PHP 5, unless you're masochistic.
if ( version_compare(PHP_VERSION, '5.0', '<') ) {
        header('HTTP/1.1 500 Internal Server Error');
        die('Server configuration error: PHP 5.0 or higher is _required_.');
}


// Use verbose errors. They won't be shown to the general public anyway.
error_reporting(E_ALL|E_STRICT);


/**
 * Start that timer at the bottom of each page.
 */
define('CLOCK', microtime(1));


/* Empty exception classes.
   These allow for more specific catch{} blocks. */
class InvalidInputException extends Exception {}
class DatabaseException     extends Exception {}
class RateLimitException    extends Exception {}


/* SPL exception classes:
   These classes are defined in the Standard PHP Library in PHP 5.1 and above.
   If you only run the code on a 5.0 server, you can delete the "if...{" and "}" lines.
   If you only run it on a 5.1 server, you can delete the lines inbetween too. */
if ( version_compare(PHP_VERSION, '5.1', '<') ) {
        class OutOfBoundsException extends Exception {}
        class RuntimeException     extends Exception {}
        class LengthException      extends Exception {}
}


/**
 * Class autoloader
 */
function __autoload($classname)
{
        require 'lib/class.'.$classname.'.php';
}
// While we're doing that, these are always used
require 'lib/class.page.php';
require 'lib/class.so2mysqli.php';
require 'lib/class.anonuser.php';

// Debug settings
if ( $_SERVER['REMOTE_ADDR'] === $_SERVER['SERVER_ADDR'] )
        /**
         * If the "DEVELOPER" constant is defined a bunch of stuff works differently.
         */
        define('DEVELOPER', 1);


// Create page object. The earlier this is done the better, because it contains the error handler stuff.
$page = new page;


// Set up exception handler and database connection here
if ( defined('DEVELOPER') ) {
        /* Using the output buffer lets us switch off XHTML mode later if something buggers up.
           Fixing PHP errors is a lot less stressful when they're not hidden behind XML ones. */
        ob_start();
        
        function e_handler($exception)
        {
                header('HTTP/1.1 500 Internal Server Error');
                header('Content-Type: text/html; charset=UTF-8');
                echo '<pre class="error">',$exception,'</pre>';
                exit;
        }
        
        // DB
        $dbtype='debugmysqli';
} else {
        function e_handler($exception)
        {
                if ( !headers_sent() ) {
                        header('HTTP/1.1 500 Internal Server Error');
                        header('Content-Type: text/html; charset=UTF-8');
                }
                $GLOBALS['page']->errorfooter('runtime');
        }
        
        $dbtype='so2mysqli';
}

set_exception_handler('e_handler');
require 'mysql.php';


// Check for a DB connection error. Shit happens.
if ( mysqli_connect_errno() ) {
        header('HTTP/1.1 500 Internal Server Error');
        die('Server error: No database connection');
}


// Check MySQL server version. See the comment about PHP versions at the top of the file.
if ( version_compare($DB->server_info, '5.0', '<') ) {
        header('HTTP/1.1 500 Internal Server Error');
        die('Server error: MySQL 5 not found');
}


// Login cookie setting hack
if ( isset($_POST['login'], $_POST['u'], $_POST['p']) )
        list($_COOKIE['u'], $_COOKIE['p']) = array($_POST['u'], $_POST['p']);


// The rest of the file is stuff to decide whether you're logged in or not:
if ( isset($_POST['logout']) ) {
        setcookie('u', null, 1, '/');
        setcookie('p', null, 1, '/');
        unset($_COOKIE);
        $user = new anonuser;

} elseif ( isset($_COOKIE['u'], $_COOKIE['p']) ) {
        
        /* Try to get the user ID from the DB.
           Also tells the DB to remember your user ID, saves fucking around with PHP globals all the time. */
        $q = $DB->query('SELECT @userid := `userid` FROM `users`
                                         WHERE `alias` = '.$DB->string($_COOKIE['u']).'
                                         AND (`password` = AES_ENCRYPT('.$DB->string($_COOKIE['p']).', `reg_ip`)
                                                  OR `password` IS NULL)');
        
        // If there's a matching row in the DB then they're authenticated
        if ( 1 === $q->num_rows ) {
                // Keep people logged in for 24 hours after their last page view
                setcookie('u', $_COOKIE['u'], time()+86400, '/');
                setcookie('p', $_COOKIE['p'], time()+86400, '/');
                
                $user = new authuser(isset($prefetch) ? $prefetch : null);
        } else {
                /* This block of code gets executed if they fail a login attempt.
                   The relevant insults are in lib/class.page.php */
                setcookie('u', null, 1, '/');
                setcookie('p', null, 1, '/');
                
                $user = new anonuser;
        }
} else
        $user = new anonuser;
?>