init.php 16.7 KB
Newer Older
Penny Leach's avatar
Penny Leach committed
1 2
<?php
/**
3 4 5
 *
 * @package    mahara
 * @subpackage core
6
 * @author     Catalyst IT Ltd
7 8
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
 * @copyright  For copyright information on Mahara, please see the README file distributed with this software.
9
 *
Penny Leach's avatar
Penny Leach committed
10 11
 */

12 13
defined('INTERNAL') || die();

14 15 16 17
if (defined('CLI') && php_sapi_name() != 'cli') {
    die();
}

Penny Leach's avatar
Penny Leach committed
18
$CFG = new StdClass;
Son Nguyen's avatar
Son Nguyen committed
19
$CFG->docroot = dirname(__FILE__) . DIRECTORY_SEPARATOR;
20 21 22
//array containing site options from database that are overrided by $CFG
$OVERRIDDEN = array();

23
$CFG->libroot = dirname(__FILE__) . DIRECTORY_SEPARATOR . 'lib' . DIRECTORY_SEPARATOR;
24
set_include_path($CFG->libroot . PATH_SEPARATOR . $CFG->libroot . 'pear/' . PATH_SEPARATOR . get_include_path());
Penny Leach's avatar
Penny Leach committed
25

26
// Set up error handling
Nigel McNie's avatar
Nigel McNie committed
27
require('errors.php');
28

29
if (!is_readable($CFG->docroot . 'config.php')) {
30 31 32 33
    // @todo Later, this will redirect to the installer script. For now, we
    // just log and exit.
    log_environ('Not installed! Please create config.php from config-dist.php');
    exit;
Penny Leach's avatar
Penny Leach committed
34 35
}

36 37
init_performance_info();

38
require($CFG->docroot . 'config.php');
Nigel McNie's avatar
Nigel McNie committed
39
$CFG = (object)array_merge((array)$cfg, (array)$CFG);
40 41
require_once('config-defaults.php');
$CFG = (object)array_merge((array)$cfg, (array)$CFG);
Penny Leach's avatar
Penny Leach committed
42

43 44 45 46
// xmldb stuff
$CFG->xmldbdisablenextprevchecking = true;
$CFG->xmldbdisablecommentchecking = true;

47 48 49 50
// ensure directorypermissions is set
if (empty($CFG->directorypermissions)) {
    $CFG->directorypermissions = 0700;
}
Hugh Davenport's avatar
Hugh Davenport committed
51
$CFG->filepermissions = $CFG->directorypermissions & 0666;
52

Son Nguyen's avatar
Son Nguyen committed
53 54 55 56 57 58
// Check if the test mode is enabled
if (isset($CFG->behat_dataroot)) {
    require_once($CFG->docroot . '/testing/frameworks/behat/classes/util.php');
    if (BehatTestingUtil::is_test_site_enabled()) {
        define('BEHAT_TEST', 1);
    }
Son Nguyen's avatar
Son Nguyen committed
59
}
Son Nguyen's avatar
Son Nguyen committed
60 61 62 63 64

// When running behat tests or behat util CLI commnands,
// switch the $CFG->X for $CFG->behat_X.
if (defined('BEHAT_UTIL') || defined('BEHAT_TEST')) {
    if (empty($CFG->behat_wwwroot) || empty($CFG->behat_dataroot) || empty($CFG->behat_dbprefix)) {
65
        log_debug('Behat tests cannot run unless $cfg->behat_wwwroot, $cfg->behat_dataroot, and $cfg->behat_dbprefix are defined in config.php');
Son Nguyen's avatar
Son Nguyen committed
66
        die(1);
Son Nguyen's avatar
Son Nguyen committed
67
    }
Son Nguyen's avatar
Son Nguyen committed
68 69 70 71 72 73 74 75 76

    // Now we can begin switching $CFG->X for $CFG->behat_X.
    // Keep the origin settings for validating only
    $CFG->wwwroot_orig = isset($CFG->wwwroot) ? $CFG->wwwroot : null;
    $CFG->dataroot_orig = isset($CFG->dataroot) ? $CFG->dataroot : null;
    $CFG->dbprefix_orig = isset($CFG->dbprefix) ? $CFG->dbprefix : null;
    $CFG->wwwroot = $CFG->behat_wwwroot;
    $CFG->dataroot = $CFG->behat_dataroot;
    $CFG->dbprefix = $CFG->behat_dbprefix;
Son Nguyen's avatar
Son Nguyen committed
77 78 79 80 81 82 83 84 85 86 87 88
}

// Fix up paths in $CFG
foreach (array('docroot', 'dataroot') as $path) {
    $CFG->{$path} = (substr($CFG->{$path}, -1) != DIRECTORY_SEPARATOR) ? $CFG->{$path} . DIRECTORY_SEPARATOR : $CFG->{$path};
}

// Set default configs that are dependent on the docroot and dataroot
if (empty($CFG->sessionpath)) {
    $CFG->sessionpath = $CFG->dataroot . 'sessions';
}

Aaron Wells's avatar
Aaron Wells committed
89 90 91 92 93
// Now that we've loaded the configs, we can override the default error settings
// from errors.php
$errorlevel = $CFG->error_reporting;
error_reporting($errorlevel);
set_error_handler('error', $errorlevel);
94
// core libraries
95
require('mahara.php');
96
ensure_sanity();
97 98 99 100 101 102 103 104 105 106 107
// Now that we know json_decode exists we check if any config vars are
// encoded json strings and we convert them to be used in php
foreach ($CFG as $key => $option) {
    if (is_string($option)) {
        $decode = json_decode($option, true);
        if ($decode !== null && is_array($decode) && json_last_error() === JSON_ERROR_NONE) {
            $CFG->$key = $decode;
        }
    }
}

108
require('dml.php');
109
require('web.php');
Penny Leach's avatar
Penny Leach committed
110
require('user.php');
111 112 113 114 115
// Optional local/lib.php file
$locallib = get_config('docroot') . 'local/lib.php';
if (file_exists($locallib)) {
    require($locallib);
}
116

Nigel McNie's avatar
Nigel McNie committed
117
// Database access functions
118 119
require('adodb/adodb-exceptions.inc.php');
require('adodb/adodb.inc.php');
120

Nigel McNie's avatar
Nigel McNie committed
121 122 123 124 125
try {
    // ADODB does not provide the raw driver error message if the connection
    // fails for some reason, so we use output buffering to catch whatever
    // the error is instead.
    ob_start();
126

127
    // Transform $CFG->dbtype into the name of the ADODB driver we will use
128
    if (is_postgres()) {
129
        $CFG->dbtype = 'postgres';
130 131
    }
    else if (is_mysql()) {
132 133 134 135 136
        // If they have mysqli, use it. Otherwise, fall back to the older "mysql" extension.
        if (extension_loaded('mysqli')) {
            $CFG->dbtype = 'mysqli';
        }
        else {
137
            // mysql
138
            throw new ConfigSanityException(get_string('mysqlmodulenolongersupported1', 'error'));
139
        }
140
    }
141

142
    $db = ADONewConnection($CFG->dbtype);
143 144 145
    if (empty($CFG->dbhost)) {
        $CFG->dbhost = '';
    }
146
    // The ADODB connection function doesn't have a separate port argument, but the
147
    // postgres, mysql, and mysqli drivers all support a $this->dbport field.
148 149
    if (!empty($CFG->dbport)) {
        $db->port = $CFG->dbport;
Nigel McNie's avatar
Nigel McNie committed
150 151 152
    }
    if (!empty($CFG->dbpersist)) {    // Use persistent connection (default)
        $dbconnected = $db->PConnect($CFG->dbhost,$CFG->dbuser,$CFG->dbpass,$CFG->dbname);
Aaron Wells's avatar
Aaron Wells committed
153
    }
154
    else {                                                     // Use single connection
Nigel McNie's avatar
Nigel McNie committed
155 156
        $dbconnected = $db->Connect($CFG->dbhost,$CFG->dbuser,$CFG->dbpass,$CFG->dbname);
    }
157

158 159 160
    // Now we have a connection, verify the server is a new enough version
    $dbversion = $db->ServerInfo();
    if (is_postgres()) {
161
        $okversion = '8.3';
162 163 164
        $dbfriendlyname = 'PostgreSQL';
    }
    else if (is_mysql()) {
165
        $okversion = '5.0.25';
166 167
        $dbfriendlyname = 'MySQL';
    }
168
    if (floatval($dbversion['version']) <  floatval($okversion)) {
169 170 171
        throw new ConfigSanityException(get_string('dbversioncheckfailed', 'error', $dbfriendlyname, $dbversion['version'], $okversion));
    }

172 173
    $db->SetFetchMode(ADODB_FETCH_ASSOC);
    configure_dbconnection();
174
    ensure_internal_plugins_exist();
175

Nigel McNie's avatar
Nigel McNie committed
176
    ob_end_clean();
177
}
Nigel McNie's avatar
Nigel McNie committed
178
catch (Exception $e) {
179 180 181
    if ($e instanceof ConfigSanityException) {
        throw $e;
    }
182
    $errormessage = ob_get_contents();
183 184 185
    if (!$errormessage) {
        $errormessage = $e->getMessage();
    }
186
    ob_end_clean();
187 188
    $errormessage = get_string('dbconnfailed', 'error') . $errormessage;
    throw new ConfigSanityException($errormessage);
189
}
190
try {
191
    db_ignore_sql_exceptions(true);
192
    load_config();
193
    db_ignore_sql_exceptions(false);
Aaron Wells's avatar
Aaron Wells committed
194
}
195
catch (SQLException $e) {
196
    db_ignore_sql_exceptions(false);
197
}
198

199 200
// Make sure wwwroot is set and available, either in the database or in the
// config file. Cron requires it when sending out forums emails.
201
if (!isset($CFG->wwwroot) && isset($_SERVER['HTTP_HOST'])) {
202
    $proto = (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off') ? 'https://' : 'http://';
203
    $host  =  (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST'];
204 205 206 207
    if (false !== strpos($host, ',')) {
        list($host) = explode(',', $host);
        $host = trim($host);
    }
208 209 210 211
    $path = '';
    if (strpos(dirname(__FILE__), strlen($_SERVER['DOCUMENT_ROOT'])) === 0) {
        $path  = substr(dirname(__FILE__), strlen($_SERVER['DOCUMENT_ROOT']));
    }
212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228
    else {
        $self = explode('/', $_SERVER['PHP_SELF']);
        $dir = dirname(__FILE__);
        $i = 0;
        while (realpath($_SERVER['DOCUMENT_ROOT'].$path) != $dir) {
            if ($i >= count($self) - 1) {
                $path = '';
                break;
            }
            if (empty($self[$i])) {
                $i ++;
                continue;
            }
            $path .= '/'.$self[$i];
            $i ++;
        }
    }
229
    if ($path) {
230
        $path = str_replace('\\', '/', $path);  // windows
231 232 233
        if (substr($path, 0, 1) != '/') {
            $path = '/' . $path;
        }
234
        $path .= '/';
235 236
    } else {
        $path = '/';
237
    }
238 239 240 241 242 243 244 245
    $wwwroot = $proto . $host . $path;
    try {
        set_config('wwwroot', $wwwroot);
    }
    catch (Exception $e) {
        // Just set it directly. The system will most likely not be installed, so we don't care
        $CFG->wwwroot = $wwwroot;
    }
246
}
247 248 249 250 251
if (isset($CFG->wwwroot)) {
    if (substr($CFG->wwwroot, -1, 1) != '/') {
        $CFG->wwwroot .= '/';
    }
}
252

253 254 255 256
// Start up a session object, in case we need to use it to print messages
require_once('auth/session.php');
$SESSION = Session::singleton();

257 258 259 260 261 262 263
// If we have cleanurl subdomains turned on, we need to set cookiedomain
// to ensure cookies are given back to us in all subdomains
if (isset($CFG->cleanurls) && isset($CFG->cleanurlusersubdomains) && !isset($CFG->cookiedomain)) {
    $url = parse_url(get_config('wwwroot'));
    $CFG->cookiedomain = '.' . $url['host'];
}

Aaron Wells's avatar
Aaron Wells committed
264 265 266 267
// Refreshing the Session cookie response settings now that we know the final value of
// $CFG->wwwroot and $CFG->cookiedomain.
Session::setup_response_settings();

268
// If we're forcing an ssl proxy, make sure the wwwroot is correct
269
if ($CFG->sslproxy == true && parse_url($CFG->wwwroot, PHP_URL_SCHEME) !== 'https') {
270 271 272
    throw new ConfigSanityException(get_string('wwwrootnothttps', 'error', get_config('wwwroot')));
}

273
// Make sure that we are using ssl if wwwroot expects us to do so
274 275
if ($CFG->sslproxy === false && isset($_SERVER['REMOTE_ADDR']) && (!isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) == 'off') &&
    parse_url($CFG->wwwroot, PHP_URL_SCHEME) === 'https'){
276 277
    redirect(get_relative_script_path());
}
278 279
if (!isset($CFG->noreplyaddress) && isset($CFG->wwwroot)) {
    $noreplyaddress = 'noreply@' . parse_url($CFG->wwwroot, PHP_URL_HOST);
280 281 282 283 284 285 286 287 288
    try {
        set_config('noreplyaddress', $noreplyaddress);
    }
    catch (Exception $e) {
        // Do nothing again, same reason as above
        $CFG->noreplyaddress = $noreplyaddress;
    }
}

Aaron Wells's avatar
Aaron Wells committed
289 290
if (!get_config('theme')) {
    // if it's not set, we're probably not installed,
Penny Leach's avatar
Penny Leach committed
291
    // so set it in $CFG directly rather than the db which doesn't yet exist
292
    $CFG->theme = 'raw';
Penny Leach's avatar
Penny Leach committed
293 294
}

Aaron Wells's avatar
Aaron Wells committed
295
if (defined('INSTALLER')) {
296
    // Custom themes sometimes cause upgrades to fail.
297
    $CFG->theme = 'raw';
298 299
}

300 301 302 303 304 305 306 307 308
// Make sure the search plugin is configured
if (!get_config('searchplugin')) {
    try {
        set_config('searchplugin', 'internal');
    }
    catch (Exception $e) {
        $CFG->searchplugin = 'internal';
    }
}
309 310 311 312 313 314 315 316 317
$bcrypt_cost = get_config('bcrypt_cost');
// bcrypt_cost is the cost parameter passed as part of the bcrypt hash
// See http://php.net/manual/en/function.crypt.php
// The value is a 2 digit number in the range of 04-31
if (!$bcrypt_cost || !is_int($bcrypt_cost) || $bcrypt_cost < 4 || $bcrypt_cost > 31) {
    $bcrypt_cost = 12;
}
$CFG->bcrypt_cost = sprintf('%02d', $bcrypt_cost);

318 319 320 321 322
if (!get_config('productionmode')) {
    $CFG->log_dbg_targets     = LOG_TARGET_SCREEN | LOG_TARGET_ERRORLOG;
    $CFG->log_info_targets    = LOG_TARGET_SCREEN | LOG_TARGET_ERRORLOG;
    $CFG->log_warn_targets    = LOG_TARGET_SCREEN | LOG_TARGET_ERRORLOG;
    $CFG->log_environ_targets = LOG_TARGET_SCREEN | LOG_TARGET_ERRORLOG;
323
    $CFG->developermode       = DEVMODE_DEBUGCSS | DEVMODE_UNPACKEDJS;
324 325
    $CFG->perftofoot          = true;
    $CFG->nocache             = true;
326 327 328
    if ($CFG->log_backtrace_print_args === null) {
        $CFG->log_backtrace_print_args = true;
    }
329 330
}

331 332 333 334 335
if (get_config('installed')) {
    // Check whether core upgrades need to be done. If so, "close" the site
    // from logins
    require(get_config('libroot') . 'version.php');
    $upgradeavailable = $config->version > get_config('version');
336 337 338
    if ($upgradeavailable) {
        ensure_upgrade_sanity();
    }
339
    if ($upgradeavailable != get_config('siteclosedforupgrade')) {
340
        set_config('siteclosedforupgrade', $upgradeavailable);
341 342 343 344
    }
}

// If we're in the middle of an upgrade, quit the cron now.
345
$siteclosedforupgrade = get_config('siteclosedforupgrade');
346 347 348 349
if ($siteclosedforupgrade && defined('CRON')) {
    exit("Site closed for upgrade.\n");
}

Son Nguyen's avatar
Son Nguyen committed
350 351 352 353 354 355 356
if (!defined('CLI')) {
    header('Content-type: text/html; charset=UTF-8');
    // Ensure that, by default, the response is not cached
    header('Cache-Control: private, must-revalidate, pre-check=0, post-check=0, max-age=0');
    header('Expires: '. gmdate('D, d M Y H:i:s', 507686400) .' GMT');
    header('Pragma: no-cache');

357
    // Security headers. See https://www.owasp.org/index.php/List_of_useful_HTTP_headers
Son Nguyen's avatar
Son Nguyen committed
358
    header('X-Frame-Options: SAMEORIGIN');
359 360 361 362 363 364
    header('X-XSS-Protection: 1; mode=block');
    header('X-Content-Type-Options: nosniff');
    header('X-Permitted-Cross-Domain-Policies: master-only');

    // Don't print precise PHP version as an HTTP header
    header_remove('x-powered-by');
Son Nguyen's avatar
Son Nguyen committed
365
}
366

367 368
// Only do authentication once we know the page theme, so that the login form
// can have the correct theming.
369
require_once('auth/lib.php');
370
$USER    = new LiveUser();
371

372 373 374 375
if (function_exists('local_init_user')) {
    local_init_user();
}

376 377 378 379 380
// try to set the theme, or catch the thrown exception (eg if the name is invalid)
try {
    $THEME   = new Theme($USER);
} catch (SystemException $exception) {
    // set the theme to 'default' and put up an error message
381
    $THEME = new Theme('raw');
382 383 384
    $SESSION->add_error_msg($exception->getMessage());
}

385 386 387 388 389 390 391
// The installer does its own auth_setup checking, because some upgrades may
// break logging in and so need to allow no logins.
// Command-line scripts obviously have no logged-in user.
if (!defined('INSTALLER') && !defined('CLI') && !defined('CRON')) {
    auth_setup();
}

392 393 394 395
// Force the user to log out if:
// - the site is closed by the system due to a pending upgrade
// - the site was closed by an admin (and the user is not an admin)
if ($siteclosedforupgrade || (get_config('siteclosedbyadmin') && !$USER->admin)) {
396 397 398 399 400
    if ($USER->is_logged_in()) {
        $USER->logout();
    }
    if (!defined('HOME') && !defined('INSTALLER')) {
        redirect();
401 402 403
    }
}

404
// check to see if we're installed...
405 406
if (!get_config('installed')) {
    ensure_install_sanity();
407 408 409
    if (defined('TESTSRUNNING')) {
        die("Need to have Mahara installed before phpunit tests will run. Please install via 'php htdocs/admin/cli/install.php'");
    }
410

411
    $scriptfilename = str_replace('\\', '/', $_SERVER['SCRIPT_FILENAME']);
Son Nguyen's avatar
Son Nguyen committed
412 413
    if (!defined('CLI')
    && false === strpos($scriptfilename, 'admin/index.php')
414
    && false === strpos($scriptfilename, 'admin/upgrade.php')
415 416 417
    && false === strpos($scriptfilename, 'admin/upgrade.json.php')
    && false === strpos($scriptfilename, 'admin/cli/install.php')
    && false === strpos($scriptfilename, 'admin/cli/upgrade.php')) {
418
        redirect('/admin/index.php');
419
    }
420 421
}

Clare Lenihan's avatar
Clare Lenihan committed
422
if (defined('JSON') && !defined('NOSESSKEY')) {
423
    $sesskey = param_variable('sesskey', null);
424 425
    global $USER;
    if ($sesskey === null || $USER->get('sesskey') != $sesskey) {
426
        $USER->logout();
427
        json_reply('global', get_string('invalidsesskey'), 1);
428
    }
429
}
430
$mobile_detection_done = $SESSION->get('mobile_detection');
431
// Device detection
432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447
if (!$mobile_detection_done) {
    if (get_config('installed') && get_account_preference($USER->get('id'), 'devicedetection')) {
        require_once(get_config('libroot') . 'mobile_detect/Mobile_Detect.php');
        $detect = new Mobile_Detect();
        $isMobile = $detect->isMobile();
        $isTablet = $detect->isTablet();
        $SESSION->set('handheld_device', $isMobile);
        $SESSION->set('mobile', $isTablet ? false : $isMobile);
        $SESSION->set('tablet', $isTablet);
    }
    else {
        $SESSION->set('handheld_device', false);
        $SESSION->set('mobile', false);
        $SESSION->set('tablet', false);
    }
    $SESSION->set('mobile_detection', true);
448
}
449

450
// Run modules bootstrap code.
451 452 453 454 455 456 457 458 459
if (!defined('INSTALLER')) {
    // make sure the table exists if upgrading from older version
    require_once('ddl.php');
    if (table_exists(new XMLDBTable('module_installed'))) {
        if ($plugins = plugins_installed('module')) {
            foreach ($plugins as &$plugin) {
                if (safe_require_plugin('module', $plugin->name)) {
                    call_static_method(generate_class_name('module', $plugin->name), 'bootstrap');
                }
460 461 462 463
            }
        }
    }
}
464 465 466 467

if (get_config('disableexternalresources')) {
    $CFG->wwwhost = parse_url($CFG->wwwroot, PHP_URL_HOST);
}
468 469 470 471
/*
 * Initializes our performance info early.
 *
 * Pairs up with get_performance_info() which is actually
Aaron Wells's avatar
Aaron Wells committed
472 473
 * in lib/mahara.php. This function is here so that we can
 * call it before all the libs are pulled in.
474 475 476 477 478 479
 *
 * @uses $PERF
 */
function init_performance_info() {

    global $PERF;
Aaron Wells's avatar
Aaron Wells committed
480

481
    $PERF = new StdClass;
482
    $PERF->dbreads = $PERF->dbwrites = $PERF->dbcached = 0;
483 484 485 486 487 488 489 490
    $PERF->logwrites = 0;
    if (function_exists('microtime')) {
        $PERF->starttime = microtime();
        }
    if (function_exists('memory_get_usage')) {
        $PERF->startmemory = memory_get_usage();
    }
    if (function_exists('posix_times')) {
Aaron Wells's avatar
Aaron Wells committed
491
        $PERF->startposixtimes = posix_times();
492 493
    }
}