This file is part of dotProject. dotProject is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. dotProject is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with dotProject; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA }}} */ ini_set('display_errors', 1); // Ensure errors get to the user. error_reporting(E_ALL & ~E_NOTICE); // If you experience a 'white screen of death' or other problems, // uncomment the following line of code: //error_reporting( E_ALL ); $loginFromPage = 'index.php'; require_once 'base.php'; clearstatcache(); if( is_file( DP_BASE_DIR . '/includes/config.php' ) ) { require_once DP_BASE_DIR . '/includes/config.php'; } else { echo ''; echo 'Fatal Error. You haven\'t created a config file yet.
' .'Click Here To Start Installation and Create One! (forwarded in 5 sec.)'; exit(); } if (! isset($GLOBALS['OS_WIN'])) $GLOBALS['OS_WIN'] = (stristr(PHP_OS, 'WIN') !== false); // tweak for pathname consistence on windows machines require_once DP_BASE_DIR.'/includes/main_functions.php'; require_once DP_BASE_DIR.'/includes/db_adodb.php'; require_once DP_BASE_DIR.'/includes/db_connect.php'; require_once DP_BASE_DIR.'/classes/ui.class.php'; require_once DP_BASE_DIR.'/classes/permissions.class.php'; require_once DP_BASE_DIR.'/includes/session.php'; // don't output anything. Usefull for fileviewer.php, gantt.php, etc. $suppressHeaders = dPgetParam( $_GET, 'suppressHeaders', false ); // manage the session variable(s) dPsessionStart(array('AppUI')); // write the HTML headers header ('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); // Date in the past header ('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); // always modified header ('Cache-Control: no-cache, must-revalidate, no-store, post-check=0, pre-check=0'); // HTTP/1.1 header ('Pragma: no-cache'); // HTTP/1.0 // check if session has previously been initialised if (!isset( $_SESSION['AppUI'] ) || isset($_GET['logout'])) { if (isset($_GET['logout']) && isset($_SESSION['AppUI']->user_id)) { $AppUI =& $_SESSION['AppUI']; $user_id = $AppUI->user_id; addHistory('login', $AppUI->user_id, 'logout', $AppUI->user_first_name . ' ' . $AppUI->user_last_name); } $_SESSION['AppUI'] = new CAppUI; } $AppUI =& $_SESSION['AppUI']; $last_insert_id =$AppUI->last_insert_id; $AppUI->checkStyle(); // load the commonly used classes require_once( $AppUI->getSystemClass( 'date' ) ); require_once( $AppUI->getSystemClass( 'dp' ) ); require_once( $AppUI->getSystemClass( 'query' ) ); require_once DP_BASE_DIR.'/misc/debug.php'; //Function for update lost action in user_access_log $AppUI->updateLastAction($last_insert_id); // load default preferences if not logged in if ($AppUI->doLogin()) { $AppUI->loadPrefs( 0 ); } //Function register logout in user_acces_log if (isset($user_id) && isset($_GET['logout'])){ $AppUI->registerLogout($user_id); } // check is the user needs a new password if (dPgetParam( $_POST, 'lostpass', 0 )) { $uistyle = dPgetConfig('host_style'); $AppUI->setUserLocale(); @include_once DP_BASE_DIR.'/locales/'.$AppUI->user_locale.'/locales.php'; @include_once DP_BASE_DIR.'/locales/core.php'; setlocale( LC_TIME, $AppUI->user_lang ); if (dPgetParam( $_REQUEST, 'sendpass', 0 )) { require DP_BASE_DIR.'/includes/sendpass.php'; sendNewPass(); } else { require DP_BASE_DIR.'/style/'.$uistyle.'/lostpass.php'; } exit(); } // check if the user is trying to log in // Note the change to REQUEST instead of POST. This is so that we can // support alternative authentication methods such as the PostNuke // and HTTP auth methods now supported. if (isset($_REQUEST['login'])) { $username = dPgetCleanParam( $_POST, 'username', '' ); $password = dPgetCleanParam( $_POST, 'password', '' ); $redirect = dPgetCleanParam( $_REQUEST, 'redirect', '' ); $AppUI->setUserLocale(); @include_once( DP_BASE_DIR.'/locales/'.$AppUI->user_locale.'/locales.php' ); @include_once DP_BASE_DIR.'/locales/core.php'; $ok = $AppUI->login( $username, $password ); if (!$ok) { $AppUI->setMsg( 'Login Failed'); } else { //Register login in user_acces_log $AppUI->registerLogin(); } addHistory('login', $AppUI->user_id, 'login', $AppUI->user_first_name . ' ' . $AppUI->user_last_name); $AppUI->redirect( ''.$redirect ); } // supported since PHP 4.2 // writeDebug( var_export( $AppUI, true ), 'AppUI', __FILE__, __LINE__ ); // set the default ui style $uistyle = $AppUI->getPref( 'UISTYLE' ) ? $AppUI->getPref( 'UISTYLE' ) : dPgetConfig('host_style'); // clear out main url parameters $m = ''; $a = ''; $u = ''; // check if we are logged in if ($AppUI->doLogin()) { // load basic locale settings $AppUI->setUserLocale(); @include_once( './locales/'.$AppUI->user_locale.'/locales.php' ); @include_once( './locales/core.php' ); setlocale( LC_TIME, $AppUI->user_lang ); $redirect = $_SERVER['QUERY_STRING']?strip_tags($_SERVER['QUERY_STRING']):''; if (strpos( $redirect, 'logout' ) !== false) { $redirect = ''; } if (isset( $locale_char_set )) { header('Content-type: text/html;charset='.$locale_char_set); } require DP_BASE_DIR.'/style/'.$uistyle.'/login.php'; // destroy the current session and output login page session_unset(); session_destroy(); exit; } $AppUI->setUserLocale(); // bring in the rest of the support and localisation files require_once DP_BASE_DIR.'/includes/permissions.php'; $def_a = 'index'; if (! isset($_GET['m']) && !empty($dPconfig['default_view_m'])) { $m = $dPconfig['default_view_m']; $def_a = !empty($dPconfig['default_view_a']) ? $dPconfig['default_view_a'] : $def_a; $tab = $dPconfig['default_view_tab']; } else { // set the module from the url $m = $AppUI->checkFileName(dPgetCleanParam( $_GET, 'm', getReadableModule() )); } // set the action from the url $a = $AppUI->checkFileName(dPgetCleanParam( $_GET, 'a', $def_a)); /* This check for $u implies that a file located in a subdirectory of higher depth than 1 * in relation to the module base can't be executed. So it would'nt be possible to * run for example the file module/directory1/directory2/file.php * Also it won't be possible to run modules/module/abc.zyz.class.php for that dots are * not allowed in the request parameters. */ $u = $AppUI->checkFileName(dPgetCleanParam( $_GET, 'u', '' )); // load module based locale settings @include_once DP_BASE_DIR.'/locales/'.$AppUI->user_locale.'/locales.php'; @include_once DP_BASE_DIR.'/locales/core.php'; setlocale( LC_TIME, $AppUI->user_lang ); $m_config = dPgetConfig($m); @include_once DP_BASE_DIR.'/functions/' . $m . '_func.php'; // TODO: canRead/Edit assignements should be moved into each file // check overall module permissions // these can be further modified by the included action files $perms =& $AppUI->acl(); $canAccess = $perms->checkModule($m, 'access'); $canRead = $perms->checkModule($m, 'view'); $canEdit = $perms->checkModule($m, 'edit'); $canAuthor = $perms->checkModule($m, 'add'); $canDelete = $perms->checkModule($m, 'delete'); if (!$canAccess) { $AppUI->redirect('m=public&a=access_denied'); } if ( !$suppressHeaders ) { // output the character set header if (isset( $locale_char_set )) { header('Content-type: text/html;charset='.$locale_char_set); } } /* * * TODO: Permissions should be handled by each file. * Denying access from index.php still doesn't asure * someone won't access directly skipping this security check. * // bounce the user if they don't have at least read access if (!( // however, some modules are accessible by anyone $m == 'public' || ($m == 'admin' && $a == 'viewuser') )) { if (!$canRead) { $AppUI->redirect( 'm=public&a=access_denied' ); } } */ // include the module class file - we use file_exists instead of @ so // that any parse errors in the file are reported, rather than errors // further down the track. $modclass = $AppUI->getModuleClass($m); if (file_exists($modclass)) include_once( $modclass ); if ($u && file_exists(DP_BASE_DIR.'/modules/'.$m.'/'.$u.'/'.$u.'.class.php')) include_once DP_BASE_DIR.'/modules/'.$m.'/'.$u.'/'.$u.'.class.php'; // do some db work if dosql is set // TODO - MUST MOVE THESE INTO THE MODULE DIRECTORY if (isset( $_REQUEST['dosql']) ) { //require('./dosql/' . $_REQUEST['dosql'] . '.php'); require DP_BASE_DIR.'/modules/'.$m.'/' . ($u ? ($u.'/') : '') . $AppUI->checkFileName($_REQUEST['dosql']) . '.php'; } // start output proper include DP_BASE_DIR.'/style/'.$uistyle.'/overrides.php'; ob_start(); if(!$suppressHeaders) { require DP_BASE_DIR.'/style/'.$uistyle.'/header.php'; } if (! isset($_SESSION['all_tabs'][$m]) ) { // For some reason on some systems if you don't set this up // first you get recursive pointers to the all_tabs array, creating // phantom tabs. if (! isset($_SESSION['all_tabs'])) { $_SESSION['all_tabs'] = array(); } $_SESSION['all_tabs'][$m] = array(); $all_tabs =& $_SESSION['all_tabs'][$m]; foreach ($AppUI->getActiveModules() as $dir => $module) { if (! $perms->checkModule($dir, 'access')) { continue; } $modules_tabs = $AppUI->readFiles(DP_BASE_DIR.'/modules/'.$dir.'/', '^' . $m . '_tab.*\.php'); foreach($modules_tabs as $tab) { // Get the name as the subextension // cut the module_tab. and the .php parts of the filename // (begining and end) $nameparts = explode('.', $tab); $filename = substr($tab, 0, -4); if (count($nameparts) > 3) { $file = $nameparts[1]; if (! isset($all_tabs[$file])) { $all_tabs[$file] = array(); } $arr =& $all_tabs[$file]; $name = $nameparts[2]; } else { $arr =& $all_tabs; $name = $nameparts[1]; } $arr[] = array( 'name' => ucfirst(str_replace('_', ' ', $name)), 'file' => DP_BASE_DIR . '/modules/' . $dir . '/' . $filename, 'module' => $dir); /* ** Don't forget to unset $arr again! $arr is likely to be used in the sequel declaring ** any temporary array. This may lead to strange bugs with disappearing tabs (cf. #1767). ** @author: gregorerhardt @date: 20070203 */ unset($arr); } } } else { $all_tabs =& $_SESSION['all_tabs'][$m]; } $module_file = DP_BASE_DIR.'/modules/'.$m.'/'.($u?($u.'/'):'').$a.'.php'; if (file_exists($module_file)) { require $module_file; } else { // TODO: make this part of the public module? // TODO: internationalise the string. $titleBlock = new CTitleBlock('Warning', 'log-error.gif'); $titleBlock->show(); echo $AppUI->_('Missing file. Possible Module "'.$m.'" missing!'); } if(!$suppressHeaders) { echo ''; require DP_BASE_DIR.'/style/'.$uistyle.'/footer.php'; } ob_end_flush(); ?>