git.gnu.io has moved to IP address 209.51.188.249 -- please double check where you are logging in.

index.php 11.8 KB
Newer Older
Evan Prodromou's avatar
Evan Prodromou committed
1
<?php
2
/**
3
 * StatusNet - the distributed open-source microblogging tool
4
 * Copyright (C) 2008, 2009, StatusNet, Inc.
Evan Prodromou's avatar
Evan Prodromou committed
5
 *
6 7 8 9
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
Evan Prodromou's avatar
Evan Prodromou committed
10
 *
11 12 13 14
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
Evan Prodromou's avatar
Evan Prodromou committed
15
 *
16 17
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
Evan Prodromou's avatar
Evan Prodromou committed
18
 *
19 20
 * @category StatusNet
 * @package  StatusNet
21
 * @author   Brenda Wallace <shiny@cpan.org>
22
 * @author   Brion Vibber <brion@pobox.com>
23
 * @author   Christopher Vollick <psycotica0@gmail.com>
24
 * @author   CiaranG <ciaran@ciarang.com>
25
 * @author   Craig Andrews <candrews@integralblue.com>
26
 * @author   Evan Prodromou <evan@controlezvous.ca>
27
 * @author   Gina Haeussge <osd@foosel.net>
28
 * @author   James Walker <walkah@walkah.net>
29 30 31
 * @author   Jeffery To <jeffery.to@gmail.com>
 * @author   Mike Cochrane <mikec@mikenz.geek.nz>
 * @author   Robin Millette <millette@controlyourself.ca>
32
 * @author   Sarven Capadisli <csarven@controlyourself.ca>
33
 * @author   Tom Adams <tom@holizz.com>
34
 * @author   Zach Copley <zach@status.net>
35
 * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
36
 *
37
 * @license  GNU Affero General Public License http://www.gnu.org/licenses/
38
 */
Evan Prodromou's avatar
Evan Prodromou committed
39

40
$_startTime = microtime(true);
41
$_perfCounters = array();
42

Evan Prodromou's avatar
Evan Prodromou committed
43
define('INSTALLDIR', dirname(__FILE__));
44
define('STATUSNET', true);
45
define('LACONICA', true); // compatibility
Evan Prodromou's avatar
Evan Prodromou committed
46

47 48 49
$user = null;
$action = null;

50 51
function getPath($req)
{
52
    if ((common_config('site', 'fancy') || !array_key_exists('PATH_INFO', $_SERVER))
53
        && array_key_exists('p', $req)
54
    ) {
55
        return $req['p'];
56
    } else if (array_key_exists('PATH_INFO', $_SERVER)) {
57 58 59 60 61 62 63
        $path = $_SERVER['PATH_INFO'];
        $script = $_SERVER['SCRIPT_NAME'];
        if (substr($path, 0, mb_strlen($script)) == $script) {
            return substr($path, mb_strlen($script));
        } else {
            return $path;
        }
64
    } else {
65
        return null;
66 67
    }
}
68

Brenda Wallace's avatar
Brenda Wallace committed
69 70
/**
 * logs and then displays error messages
Brenda Wallace's avatar
Brenda Wallace committed
71 72
 *
 * @return void
Brenda Wallace's avatar
Brenda Wallace committed
73
 */
74 75
function handleError($error)
{
76
    try {
77

78 79
        if ($error->getCode() == DB_DATAOBJECT_ERROR_NODATA) {
            return;
80
        }
81

82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101
        $logmsg = "PEAR error: " . $error->getMessage();
        if ($error instanceof PEAR_Exception && common_config('site', 'logdebug')) {
            $logmsg .= " : ". $error->toText();
        }
        // DB queries often end up with a lot of newlines; merge to a single line
        // for easier grepability...
        $logmsg = str_replace("\n", " ", $logmsg);
        common_log(LOG_ERR, $logmsg);

        // @fixme backtrace output should be consistent with exception handling
        if (common_config('site', 'logdebug')) {
            $bt = $error->getTrace();
            foreach ($bt as $n => $line) {
                common_log(LOG_ERR, formatBacktraceLine($n, $line));
            }
        }
        if ($error instanceof DB_DataObject_Error
            || $error instanceof DB_Error
            || ($error instanceof PEAR_Exception && $error->getCode() == -24)
        ) {
102 103 104 105 106 107
            //If we run into a DB error, assume we can't connect to the DB at all
            //so set the current user to null, so we don't try to access the DB
            //while rendering the error page.
            global $_cur;
            $_cur = null;

108
            $msg = sprintf(
109
                // TRANS: Database error message.
110 111 112 113 114
                _('The database for %1$s is not responding correctly, '.
                  'so the site will not work properly. '.
                  'The site admins probably know about the problem, '.
                  'but you can contact them at %2$s to make sure. '.
                  'Otherwise, wait a few minutes and try again.'
115 116 117 118
                ),
                common_config('site', 'name'),
                common_config('site', 'email')
            );
119 120 121

            $dac = new DBErrorAction($msg, 500);
            $dac->showPage();
122
        } else {
123 124
            $sac = new ServerErrorAction($error->getMessage(), 500, $error);
            $sac->showPage();
125 126 127
        }

    } catch (Exception $e) {
128
        // TRANS: Error message.
129 130
        echo _('An error occurred.');
    }
131 132
    exit(-1);
}
133

134 135 136 137
set_exception_handler('handleError');

require_once INSTALLDIR . '/lib/common.php';

138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169
/**
 * Format a backtrace line for debug output roughly like debug_print_backtrace() does.
 * Exceptions already have this built in, but PEAR error objects just give us the array.
 *
 * @param int $n line number
 * @param array $line per-frame array item from debug_backtrace()
 * @return string
 */
function formatBacktraceLine($n, $line)
{
    $out = "#$n ";
    if (isset($line['class'])) $out .= $line['class'];
    if (isset($line['type'])) $out .= $line['type'];
    if (isset($line['function'])) $out .= $line['function'];
    $out .= '(';
    if (isset($line['args'])) {
        $args = array();
        foreach ($line['args'] as $arg) {
            // debug_print_backtrace seems to use var_export
            // but this gets *very* verbose!
            $args[] = gettype($arg);
        }
        $out .= implode(',', $args);
    }
    $out .= ')';
    $out .= ' called at [';
    if (isset($line['file'])) $out .= $line['file'];
    if (isset($line['line'])) $out .= ':' . $line['line'];
    $out .= ']';
    return $out;
}

170
function setupRW()
171 172 173
{
    global $config;

174
    static $alwaysRW = array('session', 'remember_me');
175

176
    $rwdb = $config['db']['database'];
177

178
    if (Event::handle('StartReadWriteTables', array(&$alwaysRW, &$rwdb))) {
179

180 181 182 183 184 185 186 187 188 189 190
        // We ensure that these tables always are used
        // on the master DB

        $config['db']['database_rw'] = $rwdb;
        $config['db']['ini_rw'] = INSTALLDIR.'/classes/statusnet.ini';

        foreach ($alwaysRW as $table) {
            $config['db']['table_'.$table] = 'rw';
        }

        Event::handle('EndReadWriteTables', array($alwaysRW, $rwdb));
191
    }
192 193

    return;
194
}
195

196 197
function checkMirror($action_obj, $args)
{
198 199
    global $config;

200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215
    if (common_config('db', 'mirror') && $action_obj->isReadOnly($args)) {
        if (is_array(common_config('db', 'mirror'))) {
            // "load balancing", ha ha
            $arr = common_config('db', 'mirror');
            $k = array_rand($arr);
            $mirror = $arr[$k];
        } else {
            $mirror = common_config('db', 'mirror');
        }

        // everyone else uses the mirror

        $config['db']['database'] = $mirror;
    }
}

216 217
function isLoginAction($action)
{
218
    static $loginActions =  array('login', 'recoverpassword', 'api', 'doc', 'register', 'publicxrds', 'otp', 'opensearch', 'rsd', 'hostmeta');
219 220 221 222 223 224 225 226 227 228

    $login = null;

    if (Event::handle('LoginAction', array($action, &$login))) {
        $login = in_array($action, $loginActions);
    }

    return $login;
}

229 230
function main()
{
231 232
    // fake HTTP redirects using lighttpd's 404 redirects
    if (strpos($_SERVER['SERVER_SOFTWARE'], 'lighttpd') !== false) {
233
        $_lighty_url = $_SERVER['REQUEST_URI'];
234 235 236
        $_lighty_url = @parse_url($_lighty_url);

        if ($_lighty_url['path'] != '/index.php' && $_lighty_url['path'] != '/') {
237
            $_lighty_path = preg_replace('/^'.preg_quote(common_config('site', 'path')).'\//', '', substr($_lighty_url['path'], 1));
238
            $_SERVER['QUERY_STRING'] = 'p='.$_lighty_path;
239
            if (isset($_lighty_url['query']) && $_lighty_url['query'] != '') {
240
                $_SERVER['QUERY_STRING'] .= '&'.$_lighty_url['query'];
241 242 243 244
                parse_str($_lighty_url['query'], $_lighty_query);
                foreach ($_lighty_query as $key => $val) {
                    $_GET[$key] = $_REQUEST[$key] = $val;
                }
245
            }
246
            $_GET['p'] = $_REQUEST['p'] = $_lighty_path;
247 248 249 250
        }
    }
    $_SERVER['REDIRECT_URL'] = preg_replace("/\?.+$/", "", $_SERVER['REQUEST_URI']);

251
    // quick check for fancy URL auto-detection support in installer.
252
    if (isset($_SERVER['REDIRECT_URL']) && (preg_replace("/^\/$/", "", (dirname($_SERVER['REQUEST_URI']))) . '/check-fancy') === $_SERVER['REDIRECT_URL']) {
253 254
        die("Fancy URL support detection succeeded. We suggest you enable this to get fancy (pretty) URLs.");
    }
255
    global $user, $action;
256

257
    Snapshot::check();
258

259
    if (!_have_config()) {
260
        $msg = sprintf(
261
            // TRANS: Error message displayed when there is no StatusNet configuration file.
262 263
            _("No configuration file found. Try running ".
              "the installation program first."
264 265
            )
        );
266 267 268 269 270
        $sac = new ServerErrorAction($msg);
        $sac->showPage();
        return;
    }

271 272 273 274
    // Make sure RW database is setup

    setupRW();

275
    // XXX: we need a little more structure in this script
276

277
    // get and cache current user (may hit RW!)
278

279
    $user = common_current_user();
Evan Prodromou's avatar
Evan Prodromou committed
280

281
    // initialize language env
Evan Prodromou's avatar
Evan Prodromou committed
282

283
    common_init_language();
284

285 286
    $path = getPath($_REQUEST);

Evan Prodromou's avatar
Evan Prodromou committed
287
    $r = Router::get();
288

289
    $args = $r->map($path);
Evan Prodromou's avatar
Evan Prodromou committed
290

291
    if (!$args) {
292
        // TRANS: Error message displayed when trying to access a non-existing page.
293 294 295 296
        $cac = new ClientErrorAction(_('Unknown page'), 404);
        $cac->showPage();
        return;
    }
297

298 299 300 301 302 303 304 305
    $site_ssl = common_config('site', 'ssl');

    // If the request is HTTP and it should be HTTPS...
    if ($site_ssl != 'never' && !StatusNet::isHTTPS() && common_is_sensitive($args['action'])) {
        common_redirect(common_local_url($args['action'], $args));
        return;
    }

306
    $args = array_merge($args, $_REQUEST);
307 308

    Event::handle('ArgsInitialize', array(&$args));
309

310
    $action = $args['action'];
311

312 313 314
    if (!$action || !preg_match('/^[a-zA-Z0-9_-]*$/', $action)) {
        common_redirect(common_local_url('public'));
        return;
315
    }
316

317 318 319
    // If the site is private, and they're not on one of the "public"
    // parts of the site, redirect to login

Evan Prodromou's avatar
Evan Prodromou committed
320 321
    if (!$user && common_config('site', 'private')
        && !isLoginAction($action)
322
        && !preg_match('/rss$/', $action)
323 324 325
        && $action != 'robotstxt'
        && !preg_match('/^Api/', $action)) {

326 327 328 329 330 331 332 333 334 335 336 337 338 339
        // set returnto
        $rargs =& common_copy_args($args);
        unset($rargs['action']);
        if (common_config('site', 'fancy')) {
            unset($rargs['p']);
        }
        if (array_key_exists('submit', $rargs)) {
            unset($rargs['submit']);
        }
        foreach (array_keys($_COOKIE) as $cookie) {
            unset($rargs[$cookie]);
        }
        common_set_returnto(common_local_url($action, $rargs));

340 341 342 343 344 345 346
        common_redirect(common_local_url('login'));
        return;
    }

    $action_class = ucfirst($action).'Action';

    if (!class_exists($action_class)) {
347
        // TRANS: Error message displayed when trying to perform an undefined action.
348
        $cac = new ClientErrorAction(_('Unknown action'), 404);
349
        $cac->showPage();
350 351 352
    } else {
        $action_obj = new $action_class();

353
        checkMirror($action_obj, $args);
354 355 356 357 358 359 360 361 362

        try {
            if ($action_obj->prepare($args)) {
                $action_obj->handle($args);
            }
        } catch (ClientException $cex) {
            $cac = new ClientErrorAction($cex->getMessage(), $cex->getCode());
            $cac->showPage();
        } catch (ServerException $sex) { // snort snort guffaw
363
            $sac = new ServerErrorAction($sex->getMessage(), $sex->getCode(), $sex);
364 365
            $sac->showPage();
        } catch (Exception $ex) {
366
            $sac = new ServerErrorAction($ex->getMessage(), 500, $ex);
367 368
            $sac->showPage();
        }
369
    }
370
}
371

372 373
main();

374 375 376 377
// XXX: cleanup exit() calls or add an exit handler so
// this always gets called

Event::handle('CleanupPlugin');