setup.php

Revision 361, 12.8 kB (checked in by sven, 3 years ago)
allow generated files to have separate permissions from their directories
Property svn:eol-style set to `native`

Line
1	<?php
2
3	// declare our globals.
4	global $db;
5	global $USER;
6	global $CFG;
7	global $SESSION;
8	global $PAGE;
9
10	/// First try to detect some attacks on older buggy PHP versions
11	if (isset($_REQUEST['GLOBALS']) \|\| isset($_COOKIE['GLOBALS']) \|\| isset($_FILES['GLOBALS'])) {
12	die('Fatal: Illegal GLOBALS overwrite attempt detected!');
13	}
14
15	// set up perf.
16	init_performance_info();
17
18	/// Just say no to link prefetching (Moz prefetching, Google Web Accelerator, others)
19	/// http://www.google.com/webmasters/faq.html#prefetchblock
20
21	if (!empty($_SERVER['HTTP_X_moz']) && $_SERVER['HTTP_X_moz'] === 'prefetch'){
22	header($_SERVER['SERVER_PROTOCOL'] . ' 404 Prefetch Forbidden');
23	trigger_error('Prefetch request forbidden.');
24	exit;
25	}
26
27	if (empty($CFG->debug)) {
28	$CFG->debug = 0;
29	}
30
31	$CFG->libdir = $CFG->dirroot .'/lib';
32
33	// set up our database connection
34	if ($CFG->debug & E_USER_ERROR) {
35	require_once($CFG->dirroot.'/lib/adodb/adodb-errorhandler.inc.php');
36	}
37	require_once($CFG->dirroot.'/lib/adodb/adodb.inc.php'); // Database access functions
38
39	$db = &ADONewConnection($CFG->dbtype);
40
41	error_reporting(0); // Hide errors
42
43	if (!empty($CFG->dbpersist)) { // Use persistent connection (default)
44	$dbconnected = $db->PConnect($CFG->dbhost,$CFG->dbuser,$CFG->dbpass,$CFG->dbname);
45	} else { // Use single connection
46	$dbconnected = $db->Connect($CFG->dbhost,$CFG->dbuser,$CFG->dbpass,$CFG->dbname);
47	}
48	if (! $dbconnected) {
49	// In the name of protocol correctness, monitoring and performance
50	// profiling, set the appropriate error headers for machine consumption
51	if (isset($_SERVER['SERVER_PROTOCOL'])) {
52	// Avoid it with cron.php. Note that we assume it's HTTP/1.x
53	header($_SERVER['SERVER_PROTOCOL'] . ' 503 Service Unavailable');
54	}
55	// and then for human consumption...
56	echo '<html><body>';
57	echo '<table align="center"><tr>';
58	echo '<td style="color:#990000; text-align:center; font-size:large; border-width:1px; '.
59	' border-color:#000000; border-style:solid; border-radius: 20px; border-collapse: collapse; '.
60	' -moz-border-radius: 20px; padding: 15px">';
61	echo '<p>Error: Database connection failed.</p>';
62	echo '<p>It is possible that the database is overloaded or otherwise not running properly.</p>';
63	echo '<p>The site administrator should also check that the database details have been correctly specified in config.php</p>';
64	echo '</td></tr></table>';
65	echo '</body></html>';
66	die;
67	} else {
68	if ($db->databaseType == 'mysql') {
69	$db->Execute("SET NAMES 'utf8'");
70	$db->Execute("SET CHARSET 'utf8'");
71	} else if ($db->databaseType == 'postgres7') {
72	$db->Execute("SET NAMES 'utf8'");
73	}
74	}
75
76	/// Load up any configuration from the config table
77	$CFG = get_config();
78
79	/// Turn on SQL logging if required
80	if (!empty($CFG->logsql)) {
81	$db->LogSQL();
82	}
83
84
85	/// Set error reporting back to normal
86	if (empty($CFG->debug)) {
87	$CFG->debug = 7;
88	}
89	error_reporting($CFG->debug);
90
91	/// File permissions on created directories in the $CFG->dataroot
92
93	if (empty($CFG->directorypermissions)) {
94	$CFG->directorypermissions = 0777; // Must be octal (that's why it's here)
95	}
96
97	/// Files might not want all the permissions that directories have, e.g. +x or g+s,
98	/// so using a separate setting for files
99	if (empty($CFG->filepermissions)) {
100	$CFG->filepermissions = 0666; // Must be octal
101	}
102
103	if (!is_writable($CFG->dataroot)) {
104	$messages[] = gettext("Your current dataroot directory, $CFG->dataroot is not writable by the webserver!");
105	}
106
107	/// Set up session handling
108	if(empty($CFG->respectsessionsettings)) {
109	if (empty($CFG->dbsessions)) { /// File-based sessions
110
111	// Some distros disable GC by setting probability to 0
112	// overriding the PHP default of 1
113	// (gc_probability is divided by gc_divisor, which defaults to 1000)
114	if (ini_get('session.gc_probability') == 0) {
115	ini_set('session.gc_probability', 1);
116	}
117
118	if (!empty($CFG->sessiontimeout)) {
119	ini_set('session.gc_maxlifetime', $CFG->sessiontimeout);
120	}
121
122	if (!file_exists($CFG->dataroot .'sessions')) {
123	require_once($CFG->dirroot.'lib/uploadlib.php');
124	make_upload_directory('sessions');
125	}
126	ini_set('session.save_path', $CFG->dataroot .'sessions');
127
128	} else { /// Database sessions
129	ini_set('session.save_handler', 'user');
130
131	$ADODB_SESSION_DRIVER = $CFG->dbtype;
132	$ADODB_SESSION_CONNECT = $CFG->dbhost;
133	$ADODB_SESSION_USER = $CFG->dbuser;
134	$ADODB_SESSION_PWD = $CFG->dbpass;
135	$ADODB_SESSION_DB = $CFG->dbname;
136	$ADODB_SESSION_TBL = $CFG->prefix.'sessions';
137
138	require_once($CFG->libdir. '/adodb/session/adodb-session.php');
139	}
140	}
141	/// Set sessioncookie variable if it isn't already
142	if (!isset($CFG->sessioncookie)) {
143	$CFG->sessioncookie = '';
144	}
145
146	// for phpthumb
147	require_once($CFG->dirroot.'lib/uploadlib.php');
148	make_upload_directory('cache/phpThumb');
149	// for magpie rss
150	make_upload_directory('cache/magpie');
151	define('MAGPIE_CACHE_DIR',$CFG->dataroot.'cache/magpie');
152
153	/// Configure ampersands in URLs
154
155	@ini_set('arg_separator.output', '&');
156
157	/// Refuse to run with register_globals
158	if (ini_get_bool('register_globals')) {
159	die("Elgg cannot run with register_globals on");
160	}
161
162	// Now we use prepared statements everywhere,
163	// we want everything to be stripslashed
164	// rather than addslashed.
165	if (ini_get_bool('magic_quotes_gpc') ) {
166	function stripslashes_deep($value) {
167	$value = is_array($value) ?
168	array_map('stripslashes_deep', $value) :
169	stripslashes($value);
170	return $value;
171	}
172	$_POST = array_map('stripslashes_deep', $_POST);
173	$_GET = array_map('stripslashes_deep', $_GET);
174	$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
175	$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
176	if (!empty($_SERVER['REQUEST_URI'])) {
177	$_SERVER['REQUEST_URI'] = stripslashes($_SERVER['REQUEST_URI']);
178	}
179	if (!empty($_SERVER['QUERY_STRING'])) {
180	$_SERVER['QUERY_STRING'] = stripslashes($_SERVER['QUERY_STRING']);
181	}
182	if (!empty($_SERVER['HTTP_REFERER'])) {
183	$_SERVER['HTTP_REFERER'] = stripslashes($_SERVER['HTTP_REFERER']);
184	}
185	if (!empty($_SERVER['PATH_INFO'])) {
186	$_SERVER['PATH_INFO'] = stripslashes($_SERVER['PATH_INFO']);
187	}
188	if (!empty($_SERVER['PHP_SELF'])) {
189	$_SERVER['PHP_SELF'] = stripslashes($_SERVER['PHP_SELF']);
190	}
191	if (!empty($_SERVER['PATH_TRANSLATED'])) {
192	$_SERVER['PATH_TRANSLATED'] = stripslashes($_SERVER['PATH_TRANSLATED']);
193	}
194	}
195
196	if (!isset($noelggcookie)) {
197	session_name('ElggSession'.$CFG->sessioncookie);
198	@session_start();
199	if (! isset($_SESSION['SESSION'])) {
200	$_SESSION['SESSION'] = new Stdclass;
201	$_SESSION['SESSION']->session_test = random_string(10);
202	if (!empty($_COOKIE['ElggSessionTest'.$CFG->sessioncookie])) {
203	$_SESSION['SESSION']->has_timed_out = true;
204	}
205	setcookie('ElggSessionTest'.$CFG->sessioncookie, $_SESSION['SESSION']->session_test, 0, '/');
206	$_COOKIE['ElggSessionTest'.$CFG->sessioncookie] = $_SESSION['SESSION']->session_test;
207	}
208	if (! isset($_SESSION['USER'])) {
209	$_SESSION['USER'] = new StdClass;
210	}
211
212	$SESSION = &$_SESSION['SESSION']; // Makes them easier to reference
213	$USER = &$_SESSION['USER'];
214	}
215	else {
216	$SESSION = NULL;
217	$USER = NULL;
218	}
219
220	// Load textlib
221	require_once($CFG->dirroot.'lib/textlib.class.php');
222
223	if (defined('FULLME')) { // Usually in command-line scripts like admin/cron.php
224	$FULLME = FULLME;
225	$ME = FULLME;
226	} else {
227	$FULLME = qualified_me();
228	$ME = strip_querystring($FULLME);
229	}
230
231	/// In VERY rare cases old PHP server bugs (it has been found on PHP 4.1.2 running
232	/// as a CGI under IIS on Windows) may require that you uncomment the following:
233	// session_register("USER");
234	// session_register("SESSION");
235
236	/// now do a session test to prevent random user switching
237	if ($SESSION != NULL) {
238	if (empty($_COOKIE['ElggSessionTest'.$CFG->sessioncookie])) {
239	report_session_error();
240	} else if (isset($SESSION->session_test) && $_COOKIE['ElggSessionTest'.$CFG->sessioncookie] != $SESSION->session_test) {
241	report_session_error();
242	}
243	}
244
245	if (!empty($CFG->opentogoogle)) {
246	if (empty($_SESSION['USER'])) {
247	if (!empty($_SERVER['HTTP_USER_AGENT'])) {
248	if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
249	$USER = guest_user();
250	}
251	if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) {
252	$USER = guest_user();
253	}
254	}
255	if (empty($_SESSION['USER']) and !empty($_SERVER['HTTP_REFERER'])) {
256	if (strpos($_SERVER['HTTP_REFERER'], 'google') !== false ) {
257	$USER = guest_user();
258	} else if (strpos($_SERVER['HTTP_REFERER'], 'altavista') !== false ) {
259	$USER = guest_user();
260	}
261	}
262	}
263	}
264
265	/// Populates an empty $USER if is empty
266	if (empty($USER)) {
267	$USER = guest_user();
268	}
269
270	/// backwards compatibility
271	fill_legacy_user_session($USER);
272
273	//////
274	////// Load some core libraries
275	//////
276	require_once("{$CFG->dirroot}/lib/templates.php");
277	require_once("{$CFG->dirroot}/lib/displaylib.php");
278
279	//////
280	////// Init templating basics
281	//////
282	if (!isset($CFG->templatestore)) { $CFG->templatestore = 'db' ;}
283	if (!isset($PAGE->menu )) { $PAGE->menu = array();}
284	if (!isset($PAGE->menu_sub )) { $PAGE->menu_sub = array();}
285	if (!isset($PAGE->menu_top )) { $PAGE->menu_top = array();}
286	if (!isset($PAGE->menu_bottom)) { $PAGE->menu_bottom = array();}
287
288	//////
289	////// Define what modules we have, and load their libraries
290	//////
291
292	// TODO : set up a modules table so we can do get_records('modules')
293	// to fetch the enabled ones (instead of all the available modules)
294	// we can also track db version with it.
295	if ($allmods = get_list_of_plugins('mod') ) {
296	foreach ($allmods as $mod) {
297	$modfile = $CFG->dirroot .'/mod/'.$mod .'/lib.php';
298	if (file_exists($modfile)) {
299	include_once($modfile);
300	}
301	}
302	}
303	// keep the global scope clean
304	unset($allmods); unset ($mod); unset($modfile);
305
306	/// Apache log integration. In apache conf file one can use ${ELGGUSER}n in
307	/// LogFormat to get the current logged in username in Elgg.
308	/// NOTE: we are grabbing the username -- see the commented out lines
309	/// for alternative things that could be logged...
310	if ($USER && function_exists('apache_note')) {
311	$apachelog_username = clean_filename($USER->username);
312	// $apachelog_name = clean_filename($USER->firstname. " ".$USER->lastname);
313	// $apachelog_userid = $USER->ident;
314	/* Enable this commented out section ONLY if Elgg can do
315	user masquerading...
316	if (isset($USER->realuser)) {
317	if ($realuser = get_record('users', 'ident', $USER->realuser)) {
318	$apachelog_username = clean_filename($realuser->username." as ".$apachelog_username);
319	// $apachelog_name = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$apachelog_name);
320	// $apachelog_userid = clean_filename($realuser->id." as ".$apachelog_userid);
321	}
322	}
323	*/
324	apache_note('ELGGUSER', $apachelog_username);
325	}
326
327	/// Adjust ALLOWED_TAGS
328	adjust_allowed_tags();
329
330	// backwards compatibility (this is what elgg used to use)
331	define("db_server", $CFG->dbhost);
332	define("db_user",$CFG->dbuser);
333	define("db_pass",$CFG->dbpass);
334	define("db_name",$CFG->dbname);
335
336	define("sitename", $CFG->sitename);
337	define("url",$CFG->wwwroot);
338	define("path",$CFG->dirroot);
339	define("email",$CFG->sysadminemail);
340	define("locale", $CFG->defaultlocale);
341	define("public_reg", $CFG->publicreg);
342	if (empty($CFG->default_access)) {
343	$CFG->default_access = "LOGGED_IN";
344	}
345	define("default_access",$CFG->default_access);
346
347	// figure out a noreply address if we don't have one.
348	if (empty($CFG->noreplyaddress)) {
349	$CFG->noreplyaddress = 'noreply@'.preg_replace('/([a-zA-z]:\/\/)([a-zA-Z0-9-.])([:0-9])(\/.*)/','$2',$CFG->wwwroot);
350	}
351
352	/***
353	*** init_performance_info() {
354	***
355	*** Initializes our performance info early.
356	***
357	*** Pairs up with get_performance_info() which is actually
358	*** in moodlelib.php. This function is here so that we can
359	*** call it before all the libs are pulled in.
360	***
361	**/
362	function init_performance_info() {
363
364	global $PERF;
365
366	$PERF = new StdClass;
367	$PERF->dbqueries = 0;
368	$PERF->logwrites = 0;
369	if (function_exists('microtime')) {
370	$PERF->starttime = microtime();
371	}
372	if (function_exists('memory_get_usage')) {
373	$PERF->startmemory = memory_get_usage();
374	}
375	if (function_exists('posix_times')) {
376	$PERF->startposixtimes = posix_times();
377	}
378	}
379
380	?>

Note: See TracBrowser for help on using the browser.

root/releases/0.6/lib/setup.php

Download in other formats:

Developers

Discuss

Specialised

Featured