$GLOBALS["_init_t0"] = microtime(true); function _it($label) { static $last = null; $now = microtime(true); $elapsed = round(($now - $GLOBALS["_init_t0"]) * 1000); $since = $last ? round(($now - $last) * 1000) : 0; file_put_contents("/tmp/init_timing.log", "$label elapsed={$elapsed} step={$since}ms\n", FILE_APPEND); $last = $now; } _it("init_start"); /** * initialization file * * initialization of the incms front and back-end. all default paths are defined here. the user authentication gets initiated here too. * finally, if applicable, redirects to another file get handled and the normal file flow interuppted. * * @author Sam Haenni * @copyright (c) unico data ag * @package inCMS * @subpackage library * @version 3.0 */ /** * get running and config incms version */ $versionparts = explode(DIRECTORY_SEPARATOR, __FILE__); $version = $versionparts[(count($versionparts) - 2)]; define( 'INCMS_VERSION', $version ); $configversionparts = explode(DIRECTORY_SEPARATOR, $GLOBALS['INCMS_CUST_VARS']['SYSTEM']['engine-dir']); $configversion = $configversionparts[(count($configversionparts) - 2)]; define( 'INCMS_VERSION_CONFIG', $configversion); _it("after_version_check"); _tl('B_version'); define( 'INCMS_VERSION_OVERRULE', INCMS_VERSION != INCMS_VERSION_CONFIG); /** * path to the backend */ define( 'PATH_short_backend', 'incms/' ); define( 'PATH_backend', PATH_site . PATH_short_backend ); /** * path to the controlunits */ define( 'PATH_short_controlunits', 'incms_controlunits/' ); define( 'PATH_controlunits', PATH_site . PATH_short_controlunits ); /** * path to the classes library */ define( 'PATH_short_lib', 'incms_lib/' ); define( 'PATH_lib', PATH_site . PATH_short_lib ); /** * path to the classes library extensions */ define( 'PATH_short_extensions', PATH_short_lib . 'extensions/' ); define( 'PATH_extensions', PATH_site . PATH_short_extensions ); /** * path to the scripts (mainly javascript) */ define( 'PATH_short_scripts', 'incms_scripts/' ); define( 'PATH_scripts', PATH_site . PATH_short_scripts ); /** * path to the menus */ define( 'PATH_short_menus', 'incms_menus/' ); define( 'PATH_menus', PATH_site . PATH_short_menus ); /** * path to the modules */ define( 'PATH_short_modules', 'incms_modules/' ); define( 'PATH_modules', PATH_site . PATH_short_modules ); /** * path to the templates */ define( 'PATH_short_resources', 'incms_styles/resources/' ); define( 'PATH_resources', PATH_site . PATH_short_resources ); /** * path to the templates */ define( 'PATH_templates', PATH_site . 'incms_templates/' ); /** * path to the master template base dir */ $frontentFramework = $GLOBALS['INCMS_CUST_VARS']['SYSTEM']['frontendFramework']; $frontentFramework = (in_array($frontentFramework, array('base', 'bootstrap')) ? $frontentFramework : 'base'); define( 'FRONTENT_FRAMEWORK', $frontentFramework); $webSubfolder = FRONTENT_FRAMEWORK . '/'; define( 'PATH_web', PATH_site . 'incms_web/' . $webSubfolder); /** * path to the vendor folder */ define( 'PATH_vendor', PATH_site . 'vendor/' ); /** * define hostname, https, siteurl */ $hostname = trim(gethostname()); define( 'HOSTNAME', $hostname ); /** * HTTPS_REQUEST, true/false, server using PHP FCGI got protocoll in HTTP_X_FORWARDED_PROTO */ define( 'HTTPS_REQUEST', ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' ? true : false )); /** * build the header of this connection - https?, servername?, filename? */ define( 'SITEURL', ( HTTPS_REQUEST ? 'https' : 'http' ) . '://' . $_SERVER['HTTP_HOST'] ); // example: http://www.incms.com ==> use this, or HEADER_URL (with trailing slash) instead of old $GLOBALS['INCMS_CUST_VARS']['WEBSITE']['siteurl']! /** * ExecutionTimeLog obj */ require_once( PATH_scripts . 'ExecutionTimeLog.php' ); $GLOBALS['executionTimeLog'] = new ExecutionTimeLog($GLOBALS['INCMS_CUST_VARS']['SYSTEM']['timelog']); /** * the new dynamic virtual hosts setup does not modify DOCUMENT_ROOT to point * to the virtual document root - instead it creates a new environment variable * named VIRTUAL_DOCUMENT_ROOT */ if (isset($_SERVER['VIRTUAL_DOCUMENT_ROOT'])) { $_SERVER['DOCUMENT_ROOT'] = $_SERVER['VIRTUAL_DOCUMENT_ROOT']; } /** * some checks to avoid cross site scripting * dont allow url containing stuff like this: * /?55e50“>18f77815c06=1 * * https://www.owasp.org/index.php/XSS */ $queryString = urldecode($_SERVER['QUERY_STRING']); $queryString = htmlspecialchars_decode($queryString); /* * The reason for this is that ' is not part of HTML 4.01. * < < * > > * " " * ' ' */ foreach(array('>', '<', '"', ''') as $badString) if(strpos($queryString, $badString) !== false) { header('HTTP/1.0 400 Bad Request'); echo file_get_contents(PATH_templates . 'db_error.html'); die(); } /** * include miscellaneous functions library for general purpose */ require_once( PATH_lib . 'core/class.div.php' ); /** * include default configuration and verify basic configurations are declared */ require_once( PATH_site . 'config.php' ); /** * debug mode * can be set with DBG GET param (uppercase now!) or in config */ $dbg = false; if(\inCMS\session_key_get('DEBUG') === true) { $dbg = true; } else if($GLOBALS['INCMS_CUST_VARS']['SYSTEM']['debug']) { $dbg = true; } define('DEBUG', $dbg); /** * require MasterCore class */ require_once(PATH_extensions . 'libmaster/MasterCore.php'); /** * niche constant for niche customers */ define('NICHE', MasterCore::isNiche($GLOBALS['INCMS_CUST_VARS']['SYSTEM']['packageid'])); /** * SMM constant for SMM Hosting */ define('SMMHOSTING', (bool)$GLOBALS['INCMS_CUST_VARS']['SYSTEM']['smmhosting']); /** * build the header of this connection - https?, servername?, filename? */ define( 'HEADER_PROTOCOL', HTTPS_REQUEST ? 'https://' : 'http://' ); /** * niche domain with or without www (default is with) */ $rootDomain = $GLOBALS['INCMS_CUST_VARS']['NICHE']['rootdomain']; if($rootDomain) { $rootDomainWww = isset($GLOBALS['INCMS_CUST_VARS']['NICHE']['rootdomainwww']) ? $GLOBALS['INCMS_CUST_VARS']['NICHE']['rootdomainwww'] : true; $rootHost = ($rootDomainWww ? 'www.' : '') . $rootDomain; $rootUrl = 'https://' . $rootHost . '/'; } if(CFREQUEST && NICHE && $rootDomain) { $httpHost = $rootHost; // if we're not being called with the rootdomain or desired www/non-www, redirect // (but only handle new and updated CF distros where orign host header is sent (not *.incms.net)) if($_SERVER['HTTP_HOST'] !== $httpHost && !strpos($_SERVER['HTTP_HOST'], 'incms.net')) { header('Location: ' . HEADER_PROTOCOL . $httpHost . $_SERVER['REQUEST_URI'], true, 301); die(); } } else { $httpHost = $_SERVER['HTTP_HOST']; } define( 'HEADER_SELF', HEADER_PROTOCOL . $httpHost . $_SERVER['PHP_SELF'] ); // example: http://www.incms.com/index.php define( 'HEADER_URI', HEADER_PROTOCOL . $httpHost . $_SERVER['REQUEST_URI'] ); // example: http://www.incms.com/?redirect=script.php define( 'HEADER_URL', HEADER_PROTOCOL . $httpHost . '/' ); // example: http://www.incms.com/ ==> use this, or SITEURL (without trailing slash) instead of old $GLOBALS['INCMS_CUST_VARS']['WEBSITE']['siteurl']! define( 'HEADER_URI_PATH', HEADER_PROTOCOL . $httpHost . ($_SERVER['QUERY_STRING'] ? substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], $_SERVER['QUERY_STRING']) - 1) : $_SERVER['REQUEST_URI'])); // example: http://www.incms.com/page1/test?redirect=script.php goes to http://www.incms.com/page1/test define( 'DOMAIN_URL', $rootUrl ?: HEADER_URL); // same as HEADER_URL, but if available based on root domain, and always assuming https; example https://www.incms.com/; falls back on HEADER_URL define( 'BASE_HREF', HEADER_URL ); if(isset($GLOBALS['INCMS_CUST_VARS']['SYSTEM']['cdn']) && !DEBUG) { if(SMMHOSTING || !NICHE) { $custCdn = HEADER_PROTOCOL . $GLOBALS['INCMS_CUST_VARS']['SYSTEM']['cdn'] . '/'; } else { $custCdn = ''; } } else { $custCdn = ''; } define( 'HEADER_CDN_URL', $custCdn?$custCdn:HEADER_URL ); /** * webpath to the customers site base dir */ define( 'WEBPATH_sitebase', $custCdn?$custCdn:PATH_sitebase ); define( 'WEBPATH_NOCDN_sitebase', PATH_sitebase ); /** * composer autoloading */ require PATH_vendor . 'autoload.php'; /** * workaround for cdn bypass request */ if($caller == 'fe' && strpos($_SERVER['REQUEST_URI'], $GLOBALS['INCMS_CONF_VARS']['SYS']['cdnBypassUrl']) === 0) { // important to ensure incomingcontroller doesn't validate coolurl $_SERVER['REQUEST_URI'] = '/index.php' . ($_SERVER['QUERY_STRING'] ? '?' . $_SERVER['QUERY_STRING'] : ''); } /** * include base classes */ require_once( PATH_site . 'class.incms.php' ); require_once( PATH_extensions . 'class.extension.php' ); require_once( PATH_extensions . 'libfolder/class.libfolder.php' ); require_once( PATH_extensions . 'libcontact/class.libcontact.php' ); require_once( PATH_extensions . 'liblogin/class.liblogin.php' ); require_once( PATH_extensions . 'libsettings/class.libsettings.php' ); require_once( PATH_extensions . 'libnichesettings/class.libnichesettings.php' ); /** * include the caching */ require_once( 'Cache/Lite.php' ); require_once( 'Cache/Lite/File.php' ); /** * include the incoming data ($_GET and $_POST) controller */ require_once( PATH_lib . 'core/class.incomingcontroller.php' ); /** * include the usermanagement */ require_once( PATH_lib . 'core/class.patUser.php' ); require_once( PATH_lib . 'core/class.incmsuser.php' ); /** * check if the global variables have been set from outside this script */ if ( isset( $_POST['GLOBALS'] ) || isset( $_GET['GLOBALS'] ) ) die( 'You cannot set the GLOBALS-array from outside the script.' ); /** * global default and customer vars are stored in these arrays. here the inclusion of the config-files is verified by checking if the vars are set. */ if ( !isset( $GLOBALS['INCMS_CONF_VARS'] ) ) die ( 'The inCMS configuration file was not included.' ); if ( !isset( $GLOBALS['INCMS_CUST_VARS'] ) ) die ( 'The inCMS customer configuration file was not included.' ); /** * webpath to the inCMS core */ if(!isset($GLOBALS['INCMS_CUST_VARS']['SYSTEM']['engine-link'])) die( 'The inCMS customer configuration file misses "engine-link" configuration.' ); if(isset($GLOBALS['INCMS_CONF_VARS']['SYS']['cdn']) && !DEBUG && !$GLOBALS['INCMS_CUST_VARS']['SYSTEM']['nocdn'] && INCMS_VERSION != 'trunk') { $cdn = HEADER_PROTOCOL . $GLOBALS['INCMS_CONF_VARS']['SYS']['cdn']; } else { $cdn = ''; } define( 'WEBPATH_site', $cdn . $GLOBALS['INCMS_CUST_VARS']['SYSTEM']['engine-link'] . INCMS_VERSION . '/' ); define( 'WEBPATH_NOCDN_site', $GLOBALS['INCMS_CUST_VARS']['SYSTEM']['engine-link'] . INCMS_VERSION . '/' ); /** * hosting configuration type */ define( 'CONFIGURATION', incms::getConfigurationType()); /** * webpath to the backend */ define( 'WEBPATH_backend', WEBPATH_site.'incms/' ); /** * webpath to the controlunits */ define( 'WEBPATH_controlunits', WEBPATH_site . 'incms_controlunits/' ); /** * webpath to the classes library */ define( 'WEBPATH_lib', WEBPATH_site.'incms_lib/' ); /** * webpath to the classes library extensions */ define( 'WEBPATH_extensions', WEBPATH_lib.'extensions/' ); /** * webpath to the menus */ define( 'WEBPATH_menus', WEBPATH_site.'incms_menus/' ); /** * webpath to the modules */ define( 'WEBPATH_modules', WEBPATH_site.'incms_modules/' ); /** * webpath to the scripts (mainly javscript) */ define( 'WEBPATH_scripts', WEBPATH_site.'incms_scripts/' ); /** * webpath to the style resources */ define( 'WEBPATH_resources', WEBPATH_site.'incms_styles/resources/' ); /** * webpath to the templates */ define( 'WEBPATH_templates', WEBPATH_site.'incms_templates/' ); /** * webpath to the vendor dir */ define( 'WEBPATH_vendor', WEBPATH_site.'vendor/' ); /** * webpath to the master template base dir */ define( 'WEBPATH_web', WEBPATH_site.'incms_web/' . $webSubfolder); define( 'WEBPATH_NOCDN_web', WEBPATH_NOCDN_site.'incms_web/' . $webSubfolder); /** * include default frontend configuration from master template and verify basic configurations are declared */ require_once( PATH_web . 'config.php' ); if ( !isset( $GLOBALS['INCMS_MASTER_VARS'] ) ) die ( 'The inCMS frontend master configuration file was not included.' ); /** * only if configuration not equal null * merge standard and optional customer frontend settings from master template * */ if(CONFIGURATION != 'cust') { $GLOBALS['INCMS_CUST_VARS'] = lib_div::array_merge_recursive_overrule($GLOBALS['INCMS_MASTER_VARS'], $GLOBALS['INCMS_CUST_VARS']); $GLOBALS['INCMS_CUST_VARS']['BE']['controlunits'] = array_unique(array_merge((array)$GLOBALS['INCMS_MASTER_VARS']['BE']['controlunits'], (array)$GLOBALS['INCMS_CUST_VARS']['BE']['controlunits'])); $GLOBALS['INCMS_CUST_VARS']['BE']['modules'] = array_unique(array_merge((array)$GLOBALS['INCMS_MASTER_VARS']['BE']['modules'], (array)$GLOBALS['INCMS_CUST_VARS']['BE']['modules'])); } /** * merge standard and optional customer backend settings */ $GLOBALS['INCMS_CONF_VARS']['BE']['controlunits'] = array_unique(array_merge( $GLOBALS['INCMS_CONF_VARS']['BE']['controlunits'], (array)$GLOBALS['INCMS_CUST_VARS']['BE']['controlunits'])); $GLOBALS['INCMS_CONF_VARS']['BE']['modules'] = array_unique(array_merge( $GLOBALS['INCMS_CONF_VARS']['BE']['modules'], (array)$GLOBALS['INCMS_CUST_VARS']['BE']['modules'])); if($GLOBALS['INCMS_CUST_VARS']['BE']['tinymce']) $GLOBALS['INCMS_CONF_VARS']['BE']['tinymce'] = lib_div::array_merge_recursive_overrule($GLOBALS['INCMS_CONF_VARS']['BE']['tinymce'], $GLOBALS['INCMS_CUST_VARS']['BE']['tinymce']); /** * turn on output buffering for chromephp */ if(DEBUG) { ob_start(); } /** * initialize a global patUser */ $GLOBALS['uObj'] = new incmsUser( true, 'userData', 'usersSeq' ); /** * check if the cache dir exists, else create it */ if( !@is_dir( $GLOBALS['INCMS_CONF_VARS']['CACHE']['output']['cacheDir'] ) ) mkdir( $GLOBALS['INCMS_CONF_VARS']['CACHE']['output']['cacheDir'] ); /** * Create extended Cache_Lite object * Now using Cache_Lite_File, which compares lastmod of customer's config.cust.php and invalidates all cache files older than that */ class Cache_Lite_Plus extends Cache_Lite_File { // OVERRIDE: if cache can not be read (NFS..), don't raise error, just return false to let incms content be rebuild function _read() { $fp = @fopen($this->_file, "rb"); if ($fp) { if ($this->_fileLocking) @flock($fp, LOCK_SH); clearstatcache(); $length = @filesize($this->_file); if ($this->_readControl) { $hashControl = @fread($fp, 32); $length = $length - 32; } if ($length) { $data = ''; // See https://bugs.php.net/bug.php?id=30936 // The 8192 magic number is the chunk size used internally by PHP. while(!feof($fp)) $data .= fread($fp, 8192); } else { $data = ''; } if ($this->_fileLocking) @flock($fp, LOCK_UN); @fclose($fp); if ($this->_readControl) { $hashData = $this->_hash($data, $this->_readControlType); if ($hashData != $hashControl) { if (!(is_null($this->_lifeTime))) { @touch($this->_file, time() - 2*abs($this->_lifeTime)); } else { @unlink($this->_file); } return false; } } return $data; } // FIX >>> //return $this->raiseError('Cache_Lite : Unable to read cache !', -2); return false; // FIX <<< } // OVERRIDE: if cache cleared while writing, rewrite once function _writeAndControl($data) { $result = $this->_write($data); if (is_object($result)) { return $result; # We return the PEAR_Error object } $dataRead = $this->_read(); // FIX >>> if (is_object($dataRead)) { $result = $this->_write($data); if (is_object($result)) { return $result; # We return the PEAR_Error object } $dataRead = $this->_read(); } // FIX <<< if (is_object($dataRead)) { return $dataRead; # We return the PEAR_Error object } if ((is_bool($dataRead)) && (!$dataRead)) { return false; } return ($dataRead==$data); } // OVERRIDE: skip if caching disabled; clean old, manually cached files, too function clean($group = false, $mode = 'ingroup') { if(!$this->_caching) return true; if($cacheFiles = scandir($this->_cacheDir)) { foreach($cacheFiles as $cacheFileName) { $cacheFile = $this->_cacheDir . $cacheFileName; if(is_file($cacheFile) && ((time() - filemtime($cacheFile)) > $GLOBALS['INCMS_CONF_VARS']['CACHE']['output']['lifeTimeClean'])) { unlink($cacheFile); } } } return parent::clean($group, $mode); } // OVERRIDE: skip if caching disabled function remove($id, $group = 'default', $checkbeforeunlink = false) { if(!$this->_caching) return true; return parent::remove($id, $group, $checkbeforeunlink); } } $GLOBALS['cacheObj'] = new Cache_Lite_Plus($GLOBALS['INCMS_CONF_VARS']['CACHE']['output']); // disable all caching if in DEBUG mode or if INCMS_VERSION manually set if(DEBUG || INCMS_VERSION_OVERRULE) $GLOBALS['cacheObj']->setOption('caching', false); /** * get page settings */ $pageSettings = $GLOBALS['uObj']->getSessionValue( 'page' ); if(!$pageSettings) $pageSettings = array(); // make sure it's an array /** * Redirect? API call? */ $redirect = lib_div::GPvar( 'redirect' ); $apicall = in_array(substr($_SERVER['REQUEST_URI'], 0, 5), ['/api.', '/api/']); if($apicall) $caller = 'api'; /** * Redirect a frontend browser to correct lang */ if($caller != 'be' && count($GLOBALS['INCMS_CUST_VARS']['LANGUAGES']) > 1 && !$pageSettings && !substr($_SERVER['REQUEST_URI'],1) && $_SERVER['HTTP_SEC_FETCH_SITE'] !== 'same-origin' && $_SERVER['HTTP_SEC_FETCH_SITE'] !== 'same-site') { // if user has manually changed the language, use that setting, otherwise detect browser lang $bLid = $_COOKIE['incms_lid'] ?: lib_div::getBrowserLang(); // if it's not the default lang ... if(array_search($bLid, $GLOBALS['INCMS_CUST_VARS']['LANGUAGES'])) { // the incomingcontroller handles basic stuff directly in the constructor // is important to store incoming settings especially the languages params new incomingcontroller($caller, true); // redirect! header('Location: ' . HEADER_URL . $GLOBALS['INCMS_CONF_VARS']['LANGUAGES'][$bLid]['browser'] . '/'); die(); } } // mobile site enabled? if($GLOBALS['INCMS_CUST_VARS']['SYSTEM']['mobile']['enabled'] && !$redirect && $caller != 'be' && !$GLOBALS['uObj']->isAuthenticated()) { require_once( PATH_scripts . 'mobiledetect.php' ); $mobileDetect = new mobileRedirect(); // detect and redirect mobile devices to mobile-site $mobileDetect->detectMobile(); } /** * if we're not in admin mode and the user hasen't been authenticated, * check if this page has been cached */ _it("before_cachecheck"); $cachingPossible = !$redirect && !$apicall && $caller != 'be' && $pageSettings['mode'] != 'admin' && !$GLOBALS['uObj']->isAuthenticated() && !lib_div::GPvar('search') && !$_POST && !$GLOBALS['INCMS_CUST_VARS']['NICHE']['private']; // Niche CloudFront Request needs to be cached seperately if( $cachingPossible && ( $cacheData = $GLOBALS['cacheObj']->get(incomingcontroller::getCacheID(), 'page' ) ) ) { //error_log('CACHE DATA FOUND ' . HEADER_URI . (CFREQUEST?'-cf':'')); // full page cache hit! } else { // No valid cache found (we have to make the page) /** * setup exception handling */ function exception_handler($e) { header('HTTP/1.0 503 Service Unavailable'); echo file_get_contents(PATH_templates . 'db_error.html'); $exStr = 'EXCEPTION: ' . $e->getMessage() . '; ' . $e->getFile() . ':' . $e->getLine(); error_log($exStr); error_log($e->getTraceAsString()); if(DEBUG) ChromePhp::log($exStr); } //set_exception_handler('exception_handler'); /** * for old db obj instances (libmaster, ..) */ function handleDBError($errorObj) { if(DEBUG) ChromePhp::error($errorObj->getDebugInfo(), $errorObj->getMessage()); error_log('DB Error: ' . HEADER_URL); error_log($errorObj->getMessage()); error_log($errorObj->getDebugInfo()); } /** * include the pear database abstraction layer -> make sure the path is set in php.ini to the pear directory */ _it("after_pear_db"); require_once( 'DB.php' ); /** * include the patErrorManager */ //require_once( 'pat/patErrorManager.php' ); require_once( PATH_scripts . 'pat/patErrorManager.php' ); /** * include patTemplate */ //require_once( 'pat/patTemplate.php' ); require_once( PATH_scripts . 'pat/patTemplate.php' ); /** * include the collector */ require_once( PATH_lib . 'core/class.collector.php' ); /** * include the content class */ require_once( PATH_lib . 'core/class.content.php' ); /** * include the DB writer -> simplifies inserting / updating / deleting the DB */ require_once( PATH_lib . 'core/class.dbwriter.php' ); /** * include the errorhandling class */ require_once( PATH_lib . 'core/class.errorhandler.php' ); /** * include the log class */ require_once( PATH_lib . 'core/class.logger.php' ); /** * include the parent controlunit class */ require_once( PATH_controlunits . 'class.controlunits.php' ); /** * include the parent menu class */ require_once( PATH_menus . 'class.menu.php' ); /** * include the parent module class */ require_once( PATH_modules . 'class.module.php' ); /** * include filemanager and imageworks classes */ require_once(PATH_lib . 'core/class.filemanager.php'); require_once(PATH_lib . 'core/class.imageworks.php'); /** * include smartboxhub class */ require_once(PATH_lib . 'core/class.smartboxhub.php'); /** * Pimple Dependency Injection Container */ $GLOBALS['c'] = new Pimple\Container(); /** * init the patError handler */ $GLOBALS['errorhandlerObj'] = new errorhandler(); patErrorManager::setErrorHandling( E_ALL, 'callback', array( $GLOBALS['errorhandlerObj'], 'addError' ) ); /** * open a global DB connection. do we have a dsn?? */ if ( !isset( $GLOBALS['INCMS_CUST_VARS']['DB']['dsn'] ) ) die ( 'No dsn specified!
File: ' . __FILE__ . '
Line: ' . __LINE__ ); /** * Doctrine Database Abstraction Layer */ _tl('C_doctrine'); $GLOBALS['c']['db'] = function() { $dsnParts = explode('@', substr($GLOBALS['INCMS_CUST_VARS']['DB']['dsn'], 9)); $dsnUserPw = explode(':', $dsnParts[0]); $dsnHostDb = explode('/', $dsnParts[1]); return Doctrine\DBAL\DriverManager::getConnection(array( 'driver' => 'pdo_mysql', 'charset' => 'utf8mb4', 'host' => $dsnHostDb[0], 'dbname' => $dsnHostDb[1], 'user' => $dsnUserPw[0], 'password' => $dsnUserPw[1], )); }; /** * DB connection for user permissions * provides read-only access to `groupsmeta` and `usergroups` tables */ _tl('D_permdb'); $GLOBALS['c']['permdb'] = function($c) { if(!SMMHOSTING && HOSTNAME != 'vagrant') { return Doctrine\DBAL\DriverManager::getConnection([ 'driver' => 'pdo_mysql', 'charset' => 'utf8mb4', 'host' => 'permdb.eu-west-1.incms.com', 'dbname' => 'db_sec', 'user' => 'perm', 'password' => 'KfVHq6tOEYGXUuhq', ]); } return $c['db']; }; /** * slave dummy (just use master) */ $GLOBALS['c']['dbSlave'] = $GLOBALS['c']['db']; /** * db wrapper */ require_once(PATH_lib . 'core/class.dbwrapper.php'); $GLOBALS['dbObj'] = new DBWrapper($GLOBALS['c']['db']); /** * global DB writer object */ $GLOBALS['dbwriterObj'] = new dbwriter(); /** * global log object */ $GLOBALS['loggerObj'] = new logger(); if(!$apicall) { /** * initiate the incoming controller, which will handle all $_GET & $_POST vars ...and then make it global too */ $GLOBALS['icObj'] = incomingcontroller::getInstance($caller); /** * initialize template engine (make that global too!) */ if( !@is_dir( $GLOBALS['INCMS_CONF_VARS']['CACHE']['template']['cacheFolder'] ) ) mkdir( $GLOBALS['INCMS_CONF_VARS']['CACHE']['template']['cacheFolder'] ); $GLOBALS['tmplObj'] = new patTemplate(); $GLOBALS['tmplObj']->setOption( 'namespace', 'incms' ); $GLOBALS['tmplObj']->setRoot( PATH_templates ); $GLOBALS['tmplObj']->useTemplateCache( 'File', $GLOBALS['INCMS_CONF_VARS']['CACHE']['template'] ); $GLOBALS['tmplObj']->addGlobalVar( 'ENCODING', 'UTF-8' ); $GLOBALS['tmplObj']->addGlobalVar( 'HOST', ( HTTPS_REQUEST ? 'https' : 'http')); /** * set global vars needed for login */ $GLOBALS['tmplObj']->addGlobalVar('PHP_SELF', $_SERVER['PHP_SELF']); $GLOBALS['tmplObj']->addGlobalVar('HEADER_URL', HEADER_URL); $GLOBALS['tmplObj']->addGlobalVar('HEADER_CDN_URL', HEADER_CDN_URL); $GLOBALS['tmplObj']->addGlobalVar('HEADER_URI', HEADER_URI); $GLOBALS['tmplObj']->addGlobalVar('HEADER_URI_PATH', HEADER_URI_PATH); $GLOBALS['tmplObj']->addGlobalVar('WEBPATH_SITE', WEBPATH_site); $GLOBALS['tmplObj']->addGlobalVar('WEBPATH_CONTROLUNITS', WEBPATH_controlunits); $GLOBALS['tmplObj']->addGlobalVar('WEBPATH_MENUS', WEBPATH_menus); $GLOBALS['tmplObj']->addGlobalVar('WEBPATH_MODULES', WEBPATH_modules); $GLOBALS['tmplObj']->addGlobalVar('WEBPATH_SCRIPTS', WEBPATH_scripts); $GLOBALS['tmplObj']->addGlobalVar('WEBPATH_RESOURCES', WEBPATH_resources); $GLOBALS['tmplObj']->addGlobalVar('WEBPATH_VENDOR', WEBPATH_vendor); $GLOBALS['tmplObj']->addGlobalVar('WEBPATH_WEB', WEBPATH_web); $GLOBALS['tmplObj']->addGlobalVar('WEBPATH_NOCDN_WEB', WEBPATH_NOCDN_web); $GLOBALS['tmplObj']->addGlobalVar('INCMS_VERSION', INCMS_VERSION); if (class_exists('\inCMS\Session')) { $GLOBALS['tmplObj']->addGlobalVar('SESSIONID', \inCMS\session_id()); } else { $GLOBALS['tmplObj']->addGlobalVar('SESSIONID', session_id()); } $GLOBALS['tmplObj']->addGlobalVar('CURRENT_TIMESTAMP', time()); $GLOBALS['tmplObj']->addGlobalVar('BASE_HREF', BASE_HREF); } /** * connect patUser to database/template engines */ $GLOBALS['uObj']->setAuthDbcWrapper($GLOBALS['dbObj']); $GLOBALS['uObj']->setTemplate( $GLOBALS['tmplObj'] ); $GLOBALS['uObj']->setAuthFields( $GLOBALS['INCMS_CONF_VARS']['USERMANAGEMENT']['fields']['auth'] ); $GLOBALS['uObj']->setGroupFields( $GLOBALS['INCMS_CONF_VARS']['USERMANAGEMENT']['fields']['group'] ); $GLOBALS['uObj']->setGroupRelFields( $GLOBALS['INCMS_CONF_VARS']['USERMANAGEMENT']['fields']['grouprel'] ); $GLOBALS['uObj']->setPermFields( $GLOBALS['INCMS_CONF_VARS']['USERMANAGEMENT']['fields']['perm'] ); $GLOBALS['uObj']->addStats('last_login'); $GLOBALS['uObj']->addStats('count_logins'); $GLOBALS['uObj']->addStats('count_pages'); $GLOBALS['uObj']->addStats('time_online'); /** * initialize incms core classes */ $GLOBALS['c']['master'] = function() { if(getenv('INCMS_STAGE') === 'dev') { return new MasterCoreDev(); } else { return new MasterCore(); } }; _tl('E_incmsObj'); $GLOBALS['incmsObj'] = new incms($caller); // incmsObj first, sets $caller stuff _tl('F_libfolder'); $GLOBALS['libfolderObj'] = new libfolder(); // libfolder before libcontact, wich depends on it $GLOBALS['libcontactObj'] = new libcontact(); $GLOBALS['libloginObj'] = new liblogin(); $GLOBALS['libsettingsObj'] = new libsettings(); $GLOBALS['iwObj'] = new imageworks(); // iwObj before fmObj, wich depends on it $GLOBALS['fmObj'] = new filemanager(); $GLOBALS['sbObj'] = new smartboxhub(); $GLOBALS['c']['nichesettings'] = function() { return new libnichesettings(); }; /** * if we're in admin mode, require authentication */ if( $caller == 'be' || $pageSettings['mode'] == 'admin' ) { /** * force the backend to be served over https */ if((CFREQUEST || !HTTPS_REQUEST && HOSTNAME != 'vagrant') && !SMMHOSTING) { $location = 'https://'; /** * for Niche use incms.net domain */ if($GLOBALS['INCMS_CUST_VARS']['NICHE']['incmsdomain']) { $location .= $GLOBALS['INCMS_CUST_VARS']['NICHE']['incmsdomain'] . '/'; } /** * for Swiss use custom domain, if set */ else if($GLOBALS['INCMS_CUST_VARS']['SYSTEM']['incmsdomain']) { $location .= $GLOBALS['INCMS_CUST_VARS']['SYSTEM']['incmsdomain'] . '/'; } else { // use default incms.net backend domain, to have SSL $custInfo = $GLOBALS['c']['master']->getCustInfo(); $location .= $custInfo['domain'] . '.incms.net/'; } $location .= 'incms/'; /** * build dummy backend, redirect to incms domain */ die(''); } $sitename = $GLOBALS['INCMS_CUST_VARS']['WEBSITE']['sitename']; $sitename = (strlen($sitename) >= 28 ? substr($sitename, 0, 21) . '...' : $sitename); /** * add globals vars for patUser login */ if($GLOBALS['INCMS_CUST_VARS']['BE']['login']) { $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_LOGIN_ICONCLS', $GLOBALS['INCMS_CUST_VARS']['BE']['login']['iconCls'] ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_LOGIN_CUSTTITLE', strtr($GLOBALS['INCMS_CUST_VARS']['BE']['login']['title'], array( '%SITENAME%' => $sitename, ))); } else { $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_LOGIN_CUSTTITLE', $sitename . ' | inCMS Login'); } $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_LOGIN_RESETPASS', $GLOBALS['INCMS_CUST_VARS']['BE']['login']['resetPass']===false?'false':'true' ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_LOGIN_CREATELOGINLINK', (string)$GLOBALS['INCMS_CUST_VARS']['BE']['login']['createLoginLink'] ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_ENTERUSERPASS', $GLOBALS['incmsObj']->getCoreLabel( 'enteruserpass', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_USER', $GLOBALS['incmsObj']->getCoreLabel( 'username', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_PW', $GLOBALS['incmsObj']->getCoreLabel( 'password', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_STAYSIGNEDL', $GLOBALS['incmsObj']->getCoreLabel( 'staysigned', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_STAYSIGNED_ENABLED', (int)$GLOBALS['INCMS_CUST_VARS']['SYSTEM']['staysigned']); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_ERROR_MESSAGE_CAPSLOCK', $GLOBALS['incmsObj']->getCoreLabel( 'error_message_capslock', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_ERROR_MESSAGE_IP', $GLOBALS['incmsObj']->getCoreLabel( 'error_message_ip', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_ERROR_MESSAGE_ADMINISTRATOR', $GLOBALS['incmsObj']->getCoreLabel( 'error_message_administrator', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_ERROR_MESSAGE_1', $GLOBALS['incmsObj']->getCoreLabel( 'error_message_1', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_ERROR_MESSAGE_10', $GLOBALS['incmsObj']->getCoreLabel( 'error_message_10', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_ERROR_MESSAGE_11', $GLOBALS['incmsObj']->getCoreLabel( 'error_message_11', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_ERROR_MESSAGE_14', $GLOBALS['incmsObj']->getCoreLabel( 'error_message_14', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_ERROR_MESSAGE_15', $GLOBALS['incmsObj']->getCoreLabel( 'error_message_15', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_AUTHENTICATING', $GLOBALS['incmsObj']->getCoreLabel( 'pleasewait', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_ERROR_IECOMPATMSG_TITLE', $GLOBALS['incmsObj']->getCoreLabel( 'error_message_iecompat_title', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_ERROR_IECOMPATMSG', $GLOBALS['incmsObj']->getCoreLabel( 'error_message_iecompat', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_EMAIL', $GLOBALS['incmsObj']->getCoreLabel( 'email', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_LOGIN_CREATELOGIN', $GLOBALS['incmsObj']->getCoreLabel( 'login_createlogin', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_LOGIN_FORGOTPW', $GLOBALS['incmsObj']->getCoreLabel( 'login_forgotpw', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_LOGIN_FORGOTPW_DESC', $GLOBALS['incmsObj']->getCoreLabel( 'login_forgotpw_desc', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_LOGIN_RESETPASS_NOW', $GLOBALS['incmsObj']->getCoreLabel( 'login_resetpass_now', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_LOGIN_RESETPASS_RESETING', $GLOBALS['incmsObj']->getCoreLabel( 'login_resetpass_reseting', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_LOGIN_PASSWORDSENT', $GLOBALS['incmsObj']->getCoreLabel( 'login_passwordsent', 'browser' ) ); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_LOGIN_EMAILERROR', $GLOBALS['incmsObj']->getCoreLabel( 'login_emailerror', 'browser' ) ); $userData = $GLOBALS['uObj']->getUserData( array( 'fields' => array( 'username', 'lid', 'theme', 'vue' ) ) ); // VUE has only en, de and fr as available languages if($userData) { if(!in_array($userData[0]['lid'], ['1', '2', '4'])) { $userData[0]['lid'] = '4'; } } /** * webpath to the styles (backend css) */ $beTheme = $feTheme = 'vue'; define( 'BE_THEME', $beTheme); define( 'FE_THEME', $feTheme); $GLOBALS['tmplObj']->addGlobalVar( 'PATUSER_BETHEME', BE_THEME ); define( 'WEBPATH_styles', WEBPATH_site.'incms_styles/' . BE_THEME . '/' ); $GLOBALS['tmplObj']->addGlobalVar('WEBPATH_STYLES', WEBPATH_styles); /** * be and optional cust styles */ $beFiles = array('css' => [ WEBPATH_site.'incms_scripts/colorpicker/css/colorpicker.css', WEBPATH_site.'vendor/components/font-awesome/css/font-awesome.min.css', WEBPATH_site.'incms_styles/backend_main.css' ]); $beFiles = array_merge_recursive($beFiles, lib_div::getCSSJSFileArray($GLOBALS['INCMS_CONF_VARS']['BE']['styles'][BE_THEME]['files'])); if($GLOBALS['INCMS_CUST_VARS']['BE']['styles']) { foreach ($GLOBALS['INCMS_CUST_VARS']['BE']['styles'] as $custStyle) { if(strpos($custStyle['name'], BE_THEME) !== false) { $beFiles = array_merge_recursive($beFiles, lib_div::getCSSJSFileArray($custStyle['files'])); } } } if($beFiles['css']) { $GLOBALS['tmplObj']->addGlobalVar( 'INCMS_STYLES', ''); } if($beFiles['js']) { $GLOBALS['tmplObj']->addGlobalVar( 'INCMS_JS', ' '); } /** * check if browser is Internet Explorer 5.5 or above, but not IE7 (BETA!) */ //if( !lib_div::isIE55OrAbove() ) die( 'Sorry, you need Microsoft Internet Explorer 5.5 or above ...' ); $GLOBALS['uObj']->updateStats(); $GLOBALS['tmplObj']->setRoot( PATH_templates ); /** * store new merged value in session */ $userLanguage = ( is_int( (int)$userData[0]['lid'] ) )?( $userData[0]['lid'] ):( '1' ); if($pageSettings['mode'] != 'admin' || !$pageSettings['userLanguage'] || $pageSettings['userLanguage'] != $userLanguage) { $GLOBALS['icObj']->storeSettings( array ( 'page' => array ( 'mode' => 'admin', 'userLanguage' => $userLanguage ) ) ); // We have to reload the page session to get the new user language and require all core labels with the correct userlang // This only happens after the login form has been submitted $GLOBALS['incmsObj']->loadPageSession(); $GLOBALS['incmsObj']->prepareJsJson(); } $GLOBALS['executionTimeLog']->log('$masterSession go', 'init'); /** * in backend, get custInfo and PackageInfo, but do it only once for performance reasons (double db) */ if(!$masterSession = $GLOBALS['uObj']->getSessionValue('master')) { $masterSession = array( 'cust' => $GLOBALS['c']['master']->getCustInfo(), 'package' => $GLOBALS['c']['master']->getPackageInfo(), 'environment' => $GLOBALS['c']['master']->getEnvironment(), ); $GLOBALS['icObj']->storeSettings(array('master' => $masterSession)); } $GLOBALS['INCMS_CUST_VARS']['CUST'] = $masterSession['cust']; $GLOBALS['INCMS_CUST_VARS']['PACKAGE'] = $masterSession['package']; define('WLY', $masterSession['environment'] == 'wly' || in_array($masterSession['package']['uid'], [15,16,18,19,21,22,24])); define('ACCRETIO', $masterSession['package']['uid'] == 23); $GLOBALS['executionTimeLog']->log('$masterSession done', 'init'); /** * define if credits can be used and bought * use: if in SMM, or in hostings when as admin or if given the perms to use credits * buy: if in SMM but only if not subuser, or in hostings when as admin */ define('CREDITS_USE', HOSTNAME != 'vagrant' && (SMMHOSTING || $userData[0]['username'] == 'custbackdooradmin' || $GLOBALS['INCMS_CUST_VARS']['CUST']['credits'])); define('CREDITS_BUY', HOSTNAME != 'vagrant' && (SMMHOSTING && !$GLOBALS['uObj']->getSubFUid() || $userData[0]['username'] == 'custbackdooradmin')); /** * initialize layout class (but not for any other redirect than ajax.php) */ if($caller == 'fe' && (!$redirect || $redirect == 'ajax.php')) { require_once(PATH_scripts . 'layout/class.layout.php'); $GLOBALS['layoutObj'] = new layout(); $GLOBALS['incmsObj']->addJson('theme', FE_THEME, 'o'); } } /** * get current page uid */ if($caller == 'fe' && !$redirect && !$apicall) { // ATTENTION! icObj->getUID() HAS TO BE CALLED BEFORE THE INCMS OBJ IS NEEDED! $pageUid = $GLOBALS['icObj']->getUID(); // INITIALIZE NEW SESSION VALUES $GLOBALS['incmsObj']->loadPageSession(); $GLOBALS['tmplObj']->addGlobalVar('PAGE_UID', $pageUid); /* * publish custid & packageid globally */ $GLOBALS['tmplObj']->addGlobalVar('incms_custid', $GLOBALS['INCMS_CUST_VARS']['SYSTEM']['custid']); $GLOBALS['tmplObj']->addGlobalVar('incms_packageid', $GLOBALS['INCMS_CUST_VARS']['SYSTEM']['packageid']); $GLOBALS['tmplObj']->addGlobalVar('L_MENU', $GLOBALS['incmsObj']->getCoreLabel('menu', 'browser')); /** * page title */ if(NICHE) { $customTitle = $GLOBALS['libsettingsObj']->getSetting('customtitle', 'showsitename', 'value'); if($customTitle != 'hide') { $GLOBALS['tmplObj']->addGlobalVar('SITENAME', ' - ' . $GLOBALS['INCMS_CUST_VARS']['WEBSITE']['sitename']); } } else { $GLOBALS['tmplObj']->addGlobalVar('SITENAME', $GLOBALS['INCMS_CUST_VARS']['WEBSITE']['sitename']); } } /** * redirect private page to incms login, dont show fe */ if($GLOBALS['INCMS_CUST_VARS']['NICHE']['private'] && $caller != 'be' && !$GLOBALS['uObj']->isAuthenticated() && !$redirect && !$apicall) { $GLOBALS['tmplObj']->readTemplatesFromFile('privatehosting.tmpl'); $GLOBALS['tmplObj']->addVars('privatehosting', array( 'L_PRIVATEHOSTING_TITLE' => $GLOBALS['incmsObj']->getCoreLabel('privatehosting_title', 'browser'), 'L_PRIVATEHOSTING_BODY' => $GLOBALS['incmsObj']->getCoreLabel('privatehosting_body', 'browser', false), )); header('HTTP/1.0 503 Service Unavailable'); $GLOBALS['tmplObj']->displayParsedTemplate( 'privatehosting' ); exit; } } /** * API call - redirect to api script */ if($apicall) { include_once( PATH_scripts . 'api.php' ); /** * forget the rest! */ exit; } /** * get redirection from the incoming controller and set constant */ else if($redirect) { // only redirect to .php files if(substr($redirect, -4) != '.php') { header('HTTP/1.0 404 Not Found'); die('Illegal Redirect'); } define( 'PHP_SELF_REDIRECT', $GLOBALS['icObj']->getRedirect( TRUE ) ); switch( TRUE ) { case @is_file( PATH_site . $redirect ): include_once( PATH_site . $redirect ); break; case @is_file( PATH_backend . $redirect ): include_once( PATH_backend . $redirect ); break; case @is_file( PATH_controlunits . $redirect ): include_once( PATH_controlunits . $redirect ); break; case @is_file( PATH_modules . $redirect ): include_once( PATH_modules . $redirect ); break; case @is_file( PATH_scripts . $redirect ): include_once( PATH_scripts . $redirect ); break; case @is_file( PATH_lib . $redirect ): include_once( PATH_lib . $redirect ); break; case @is_file( PATH_sitebase . $redirect ): include_once( PATH_sitebase . $redirect ); break; default: die( 'Can\'t find redirected file' ); } /** * forget the rest! */ exit; } ?>