Return of the All-HTML post

[specialops2.git] / con.php

<?php
/**
 * con.php: Generic setup file.
 *
 * Contains user authentication, database connection and other exciting stuff.
 * Everything else depends on this file. Don't touch it unless you know what
 * you're doing, all the config is done in other places (mostly mysql.php).
 *
 * @author Anthony Parsons (xmpp:ant@specialops.ath.cx)
 * @license file://COPYING
 * @version $Id$
 */

// Numbers that go in the footer
define('SO2VER', '$Rev$');
define('CLOCK', microtime(1));


// Line noise
error_reporting(E_ALL|E_STRICT);


// SO2 loses its magic on anything less than PHP 5.1
if ( version_compare(PHP_VERSION, '5.1', '<') ) {
        include 'res/server-error.inc';
        throw new Exception('PHP 5.1 or higher is required to run SO2.');
}


// Classes
require 'lib/class.Page.php';
require 'lib/class.so2mysqli.php';
require 'lib/class.User_Anonymous.php';
class InvalidInputException extends Exception {}
class DatabaseException     extends Exception {}
class RateLimitException    extends Exception {}
function __autoload($classname)
{
        require 'lib/class.'.$classname.'.php';
}


// Turn Dev mode on
if ( $_SERVER['REMOTE_ADDR'] === $_SERVER['SERVER_ADDR'] ) {
        define('DEVELOPER', 1);
}


// Create page object, contains the error handler stuff.
$page = new page;


// Set up exception handler and database connection here
if ( defined('DEVELOPER') ) {
        ob_start();
        
        function e_handler($exception)
        {
                header('HTTP/1.1 500 Internal Server Error');
                header('Content-Type: text/html; charset=UTF-8');
                echo '<pre class="error">',$exception,'</pre>';
                exit;
        }
        
        // DB
        $dbtype = 'debugmysqli';
} else {
        function e_handler($exception)
        {
                if ( !headers_sent() ) {
                        header('HTTP/1.1 500 Internal Server Error');
                        header('Content-Type: text/html; charset=UTF-8');
                }
                
                $GLOBALS['page']->errorfooter('runtime');
        }
        
        $dbtype = 'so2mysqli';
}

set_exception_handler('e_handler');
require 'mysql.php';

if ( mysqli_connect_errno() ) {
        include 'res/server-error.inc';
        throw new Exception('No database connection.');
}


// On-Login cookie setting hack
if ( isset($_POST['login'], $_POST['u'], $_POST['p']) ) {
        list($_COOKIE['u'], $_COOKIE['p']) = array($_POST['u'], $_POST['p']);
}

// Destroy user cookie details on logout
if ( isset($_POST['logout']) ) {
        setcookie('u', null, 1, '/');
        setcookie('p', null, 1, '/');
        unset($_COOKIE);
}

// Auth bit
if ( isset($_COOKIE['u'], $_COOKIE['p']) ) {
        /* Try to get the user ID from the DB, and shove it into a MySQL var. */
        $q = $DB->query('SELECT @userid := `userid` FROM `users`
                                WHERE `alias` = '.$DB->string($_COOKIE['u']).'
                                AND (`password` = AES_ENCRYPT('.$DB->string($_COOKIE['p']).', `reg_ip`)
                                        OR `password` IS NULL)');
        
        // orly
        if ( 1 === $q->num_rows ) {
                // Keep login cookie valid
                setcookie('u', $_COOKIE['u'], time()+86400, '/');
                setcookie('p', $_COOKIE['p'], time()+86400, '/');
                
                $user = new User_Authenticated(isset($prefetch) ? $prefetch : null);
        } else {
                // Wipe cookies if bad login
                setcookie('u', null, 1, '/');
                setcookie('p', null, 1, '/');
                unset($_COOKIE);
                
                $user = new User_Anonymous;
        }
} else
        $user = new User_Anonymous;
?>