con.php

   1 <?php
   2 /**
   3  * con.php: Generic setup file.
   4  *
   5  * Contains user authentication, database connection and other exciting stuff.
   6  * Everything else depends on this file. Don't touch it unless you know what
   7  * you're doing, all the config is done in other places.
   8  *
   9  * @author Anthony Parsons (irc://specialops.ath.cx/whitefyre)
  10  * @license file:COPYING
  11  * @version $Id$
  12  */
  13
  14 /**
  15  * Source revision (for this file) displayed in the page footer.
  16  * This is deliberately inaccurate, since doing it accurately would involve
  17  * parsing out the version number from EVERY file.
  18  */
  19 define('SO2VER', '$Rev$');
  20
  21
  22 /**
  23  * Check for PHP version
  24  *
  25  * SO2 won't run on anything less than PHP 5. You can backport it if you want,
  26  * but that kind of defeats the point of using this source in the first place.
  27  */
  28 if ( version_compare(PHP_VERSION, '5.0', '<') ) {
  29         header('HTTP/1.1 500 Internal Server Error');
  30         die('Fatal Server Error: PHP 5.0 or higher is required.');
  31 }
  32
  33 /** Use verbose errors. They won't be shown to the general public anyway. */
  34 error_reporting(E_ALL|E_STRICT);
  35
  36
  37 /** Start counting for that timer at the bottom of each page. */
  38 define('CLOCK',  microtime(1));
  39
  40
  41 /**
  42  * Empty exception classes
  43  *
  44  * These are just to make errors easier to decipher/handle.
  45  */
  46 class InvalidInputException extends Exception {}
  47 class DatabaseException     extends Exception {}
  48 class RateLimitException    extends Exception {}
  49
  50
  51 /**
  52  * SPL exception classes
  53  *
  54  * These classes are defined in the Standard PHP Library in PHP 5.1 and above.
  55  * They're used in SO2 the same as the above ones.
  56  * If you know you're only going to be running Special Ops 2 on a 5.1 server,
  57  * you can delete this block of code to speed all the pages up by a tiny amount.
  58  * Then again, if you want blinding speed, why would you use OOP-heavy code?
  59  */
  60 if ( version_compare(PHP_VERSION, '5.1', '<') ) {
  61         class OutOfBoundsException extends Exception {}
  62         class RuntimeException     extends Exception {}
  63         class LengthException      extends Exception {}
  64 }
  65
  66
  67 /**#@+
  68  * User level constant(s). User levels will be removed in the near future.
  69  * @deprecated
  70  */
  71 define('LVL_RESTRICTED', 0);
  72 define('LVL_USER', 10);
  73 define('LVL_ADMIN', 60);
  74 define('LVL_DEV', 70);
  75 /**#@-*/
  76
  77
  78 /**
  79  * Class autoloader function
  80  *
  81  * FIXME: need to handle interfaces better
  82  */
  83 function __autoload($classname)
  84 {
  85         require 'lib/class.'.$classname.'.php';
  86 }
  87
  88
  89 /**
  90  * Debug settings
  91  *
  92  * If the "DEVELOPER" constant is defined a bunch of stuff happens.
  93  * The default code turns it on for CLI or for browsers running on the server:
  94  */
  95 if ( !isset($_SERVER['REMOTE_ADDR']) || $_SERVER['REMOTE_ADDR'] === $_SERVER['SERVER_ADDR'] )
  96         define('DEVELOPER', 1);
  97
  98
  99 /** Create page object. The earlier this is done the better, because it contains the error handler stuff. */
 100 $page = new page;
 101
 102
 103 /**
 104  * Set up the exception handler bit
 105  *
 106  * If dev mode is on you'll get a traceback when something fucks up.
 107  * If not, you'll get a patronizing/"user-friendly" error message.
 108  */
 109 if ( defined('DEVELOPER') ) {
 110         /**
 111          * Using the output buffer lets us switch off XHTML mode later if something buggers up.
 112          * Fixing PHP errors is a lot less stressful when they're not hidden behind XML ones.
 113          */
 114         ob_start();
 115
 116         function e_handler($exception)
 117         {
 118                 header('HTTP/1.1 500 Internal Server Error');
 119                 header('Content-Type: text/html; charset=UTF-8');
 120                 echo '<pre class="error">',$exception->__toString(),'</pre>';
 121                 exit;
 122         }
 123 } else {
 124         function e_handler($exception)
 125         {
 126                 if ( !headers_sent() ) {
 127                         header('HTTP/1.1 500 Internal Server Error');
 128                         header('Content-Type: text/html; charset=UTF-8');
 129                 }
 130                 $page->errorfooter('runtime');
 131         }
 132 }
 133 set_exception_handler('e_handler');
 134
 135
 136 /**
 137  * Database thingers.
 138  *
 139  * @example res/mysql_ident.example
 140  */
 141 require 'mysql_ident.php';
 142
 143
 144 /**
 145  * Open database connection here
 146  *
 147  * This is where it gets more interesting.
 148  * @see lib/class.debugmysqli.php
 149  */
 150 if ( defined('DEVELOPER') ) {
 151         /**
 152          * Turns on Really Fucking Verbose Mode™.
 153          * This line is disabled because it persists across threads.
 154          * Don't use it unless you're masochistic.
 155          */
 156         //mysqli_report(MYSQLI_REPORT_ALL);
 157
 158         $DB = new debugmysqli($DB['host'], $DB['user'], $DB['pass'], DATABASE_NAME);
 159 } else
 160         $DB = new mysqli($DB['host'], $DB['user'], $DB['pass'], DATABASE_NAME);
 161
 162 /** Check for DB connection error */
 163 if ( mysqli_connect_errno() ) {
 164         header('HTTP/1.1 500 Internal Server Error');
 165         die('Server error connecting to DB');
 166 }
 167
 168 /**
 169  * Check MySQL server version
 170  *
 171  * See the comment about PHP versions at the top of the file.
 172  */
 173 if ( version_compare($DB->server_info, '5.0', '<') ) {
 174         header('HTTP/1.1 500 Internal Server Error');
 175         die('Server error: MySQL 5.0 not found');
 176 }
 177
 178 /** Login cookie setting hack */
 179 if ( isset($_POST['login'], $_POST['u'], $_POST['p']) )
 180         list($_COOKIE['u'], $_COOKIE['p']) = array($_POST['u'], $_POST['p']);
 181
 182
 183 /**
 184  * User authentication
 185  *
 186  * Check whether they're logging out first.
 187  * If they are then don't bother with any auth code.
 188  */
 189 if ( isset($_POST['logout']) ) {
 190         setcookie('u', null, 1);
 191         setcookie('p', null, 1);
 192         unset($_COOKIE);
 193         $user = new anonuser;
 194 } elseif ( isset($_COOKIE['u'], $_COOKIE['p']) ) {
 195         /**
 196          * Try to get the user ID from the DB.
 197          * Also tells the DB to remember who you are, saves fucking around with PHP globals all the time.
 198          */
 199         $q = $DB->query('SELECT @userid := `userid` FROM `users`
 200                                          WHERE `alias` = \''.$DB->escape_string($_COOKIE['u']).'\'
 201                                          AND (`password` = AES_ENCRYPT(\''.$DB->escape_string($_COOKIE['p']).'\', `reg_ip`)
 202                                                   OR `password` IS NULL)');
 203
 204         /** If there's a matching row in the DB then they're authenticated */
 205         if ( 1 === $q->num_rows ) {
 206                 //Leaving this here just in case it fucks things up combined with the select.
 207                 //$DB->query('SET @userid = '.$q->fetch_object()->userid);
 208
 209                 /** WELCOME TO THE FANTASY ZONE */
 210                 setcookie('u', $_COOKIE['u'], time()+86400*7);
 211                 setcookie('p', $_COOKIE['p'], time()+86400*7);
 212
 213                 /**         GET READY           */
 214                 $user = new authuser(isset($prefetch) ? $prefetch : null);
 215         } else {
 216                 /**
 217                  * This bit gets executed if they fail a login attempt.
 218                  * The relevant insults are in lib/class.page.php
 219                  */
 220                 setcookie('u', null, 1);
 221                 setcookie('p', null, 1);
 222
 223                 $user = new anonuser;
 224         }
 225 } else
 226         $user = new anonuser;
 227 ?>