Source for file response-defs.php

Documentation is available at response-defs.php

  1. <?php
  2. /* ******************************************************************** */
  3. /* CATALYST PHP Source Code */
  4. /* -------------------------------------------------------------------- */
  5. /* This program is free software; you can redistribute it and/or modify */
  6. /* it under the terms of the GNU General Public License as published by */
  7. /* the Free Software Foundation; either version 2 of the License, or */
  8. /* (at your option) any later version. */
  9. /* */
  10. /* This program is distributed in the hope that it will be useful, */
  11. /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
  12. /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
  13. /* GNU General Public License for more details. */
  14. /* */
  15. /* You should have received a copy of the GNU General Public License */
  16. /* along with this program; if not, write to: */
  17. /* The Free Software Foundation, Inc., 59 Temple Place, Suite 330, */
  18. /* Boston, MA 02111-1307 USA */
  19. /* -------------------------------------------------------------------- */
  20. /* */
  21. /* Filename: response-defs.php */
  22. /* Author: Paul Waite */
  23. /* Description: Definitions for managing the RESPONSE object. */
  24. /* */
  25. /* ******************************************************************** */
  26. /** @package core */// AUTHENTICATION OPTIONS
  27. /** Authentication option: Redundant case, no authentication */
  28. ("NO_AUTHENTICATION", 0 );
  29. /** Authentication option: Browser popup form */
  30. ("HTTP_AUTHENTICATION", 1 );
  31. /** Authentication option: Username/password from custom form fields */
  32. ("FORM_AUTHENTICATION", 2 );
  33.  
  34. // -----------------------------------------------------------------------
  35. // RESPONSE COMPRESSION OPTIONS
  36.  
  37. /** Webpage compression: None. Just straight HTML */
  38. ("NO_COMPRESSION", 0 );
  39. /** Webpage compression: Use the builtin Php compression system. Requires Php >= v4.04 */
  40. ("BUILTIN_COMPRESSION", 1 );
  41. /** Webpage compression: Use custom Phplib compression. For Php < v4.04 */
  42. ("CUSTOM_COMPRESSION", 2 );
  43.  
  44. // -----------------------------------------------------------------------
  45. // FAILED AUTHENTICATION RESPONSE OPTIONS
  46. // Here's what we can do when the user fails authentication.
  47.  
  48.  
  49.  
  50. /** Failed authentication: Die, with 'not authorised' message. */
  51. ("AUTHFAIL_DIE_MSG", 0);
  52. /** Failed authentication: Die silently. */
  53. ("AUTHFAIL_DIE_SILENT", 1);
  54. /** Failed authentication: Re-direct to specified URL. */
  55. ("AUTHFAIL_REDIRECT", 2);
  56. /** Failed authentication: Welcome the user as a guest instead. */
  57. ("AUTHFAIL_GUEST", 3);
  58.  
  59. // -----------------------------------------------------------------------
  60. // KEEP OPTIONS
  61.  
  62. /** Enable keeping variables across requests using Php session handling */
  63. ("KEEP_ENABLED", true );
  64. /** Disable keeping variables across requests using Php session handling */
  65. ("KEEP_DISABLED", false );
  66.  
  67. // -----------------------------------------------------------------------
  68. // METADATA OPTIONS
  69.  
  70. /** Enable metadata editing and generation enhancements */
  71. ("METADATA_ENABLED", true );
  72. /** Disable metadata editing and generation enhancements */
  73. ("METADATA_DISABLED", false );
  74.  
  75. // -----------------------------------------------------------------------
  76. // MULIT-LANGUAGE OPTIONS
  77.  
  78. /** Enable multi-language extensions */
  79. ("MULTILANG_ENABLED", true );
  80. /** Disable multi-language extensions */
  81. ("MULTILANG_DISABLED", false );
  82.  
  83. // -----------------------------------------------------------------------
  84. // BROWSER MAKES
  85. // We recognise Internet Explorer, Mozilla (includes Netscape), and then
  86. // class all the others under the "other" umbrella. Other browsers may
  87. // be added in the future as requirements dictate.
  88.  
  89.  
  90.  
  91. /** Microsoft internet Explorer */
  92. ("BROWSER_IE", "msie");
  93. /** Netscape, Mozilla */
  94. ("BROWSER_MOZILLA", "mozilla");
  95. /** Netscape only, this is Mozilla <5.0 */
  96. ("BROWSER_NETSCAPE", "netscape");
  97. /** Opera */
  98. ("BROWSER_OPERA", "opera");
  99. /** Browser detection: Any WAP phone browser */
  100. ("BROWSER_PHONE", "phone");
  101. /** Browser detection: Other browsers */
  102. ("BROWSER_OTHER", "other");
  103. /** Browser detection: No browser; command line interface */
  104. ("BROWSER_NONE", "none");
  105.  
  106. // -----------------------------------------------------------------------
  107. // DEFAULT DTD's
  108.  
  109. /** These Document Type Definition specifier strings are the defaults
  110. * which are used in the event that (a) they are not specified in the
  111. * application.php file, and (b) not specified in the template(s).
  112. */
  113. $DEFAULT_DTD = array(
  114. BROWSER_TYPE_HTML => "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">",
  115. BROWSER_TYPE_WML => "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.1//EN\" \"http://www.wapforum.org/DTD/wml_1.1.xml\">"
  116. );
  117.  
  118. // -----------------------------------------------------------------------
  119. /** List of recognition patterns for web-browsers. */
  120. = "(wget)"
  121. . "|(mozilla)"
  122. . "|(opera)"
  123. . "|(lynx)"
  124. . "|(msie)"
  125. . "|(konqueror)"
  126. . "|(libwww-perl)"
  127. ;
  128. /** List of recognition patterns for WAP-phones. */
  129. = "(UP\.Browser)"
  130. . "|(Nokia)"
  131. . "|(Sharp)"
  132. . "|(Panasonic)"
  133. . "|(Ericsson)"
  134. . "|(SonyEricsson)"
  135. ;
  136.  
  137. // -----------------------------------------------------------------------
  138. // SET APPLICATION DEFINES & GLOBALS
  139.  
  140. if (file_exists("$DOCUMENT_ROOT/application.xml")) {
  141. /** Application management classes */
  142. ("application-defs.php");
  143. $application = new application("$DOCUMENT_ROOT/application.xml");
  144. if ($application->valid) {
  145. foreach ($application->definitions as $defname => $defval) {
  146. define($defname, $defval);
  147. }
  148. foreach ($application->globals as $globname => $globval) {
  149. global $globname;
  150. $$globname = $globval;
  151. }
  152. }
  153. }
  154.  
  155. // -----------------------------------------------------------------------
  156. // SITE CLOSED CHECK
  157. // We implement a nice simple method of closing a website without
  158. // recourse to using the database which may of course be down for some
  159. // maintenance. If this file exists, we always display it, and exit..
  160.  
  161. if (file_exists("$DOCUMENT_ROOT/closed.php")) {
  162. include("$DOCUMENT_ROOT/closed.php");
  163. exit;
  164. }
  165.  
  166. // -----------------------------------------------------------------------
  167. // REQUIRED SYSTEM INCLUDES
  168.  
  169. /** Various constants */
  170. ("constants.php");
  171. /** MIME types and categories */
  172. ("mime-types.php");
  173. /** Simple anti-hack filtering */
  174. ("antihack.php");
  175. /** Basic renderable classes */
  176. ("renderable.php");
  177. /** Filesystem access classes */
  178. ("file-defs.php");
  179. /** Database query classes */
  180. ("query-defs.php");
  181. /** Built-in debugger */
  182. ("debugger.php");
  183. /** User identification and management */
  184. ("user-defs.php");
  185. /** Misc. utility functions */
  186. ("utils.php");
  187. /** User session management */
  188. ("session-defs.php");
  189. /** Generic configuration classes */
  190. ("configuration-defs.php");
  191. /** Database access classes */
  192. ("database-defs.php");
  193. /** Php globals management */
  194. ("globals-defs.php");
  195. /** Axyl keep-alive classes */
  196. ("keep-defs.php");
  197. /** Core webpage classes */
  198. ("webpage-defs.php");
  199.  
  200. // -----------------------------------------------------------------------
  201. /**
  202. * THE RESPONSE CLASS
  203. * This object is a container for all things to do with the response which
  204. * we will send back to the requester (the client browser). It is a
  205. * descendant of the webpage class, and before that, the session and the
  206. * user classes.
  207. *
  208. * If you use the Phplib framework then a response object is automatically
  209. * instantiated for you. This object is assigned to the global variable
  210. * called $RESPONSE. The framework also sets up the response parameters,
  211. * and then calls the activate() method.
  212. * @package core
  213. */
  214. class response extends webpage {
  215. // Public
  216. /** The make of browser */
  217.  
  218. var $browser;
  219. /** The version of browser requesting this response */
  220.  
  221. var $browser_version = 0;
  222. /** The type of browser requesting this response */
  223.  
  224. var $browser_type = BROWSER_TYPE_HTML;
  225. /** The user-agent */
  226.  
  227. var $user_agent = "";
  228. /** The remote IP address */
  229.  
  230. var $remote_address = "";
  231. /** The browser accept string, as submitted by user-agent */
  232.  
  233. var $accept = "";
  234. /** The browser accept-encoding string */
  235.  
  236. var $accept_encoding = "";
  237. /** The browser accept-language string */
  238.  
  239. var $accept_language = "";
  240. /** Whether we are in multi-language mode or not, If this is true then
  241. we enable facilities to set language tags on webpages, and also
  242. deliver http content encoded in UTF-8. */
  243. var $multilang = false;
  244. /** IDs of all languages contained in this page */
  245.  
  246. var $languages = array();
  247. /** Charset for this page */
  248.  
  249. var $charset = "ISO-8859-1";
  250. /** Page ID - key to ax_sitepage record */
  251.  
  252. var $page_id;
  253. /** Whether we have multi-byte string fns available */
  254.  
  255. var $mbstring_avail = false;
  256. /** Datasources associated with this response */
  257.  
  258. var $datasource;
  259. /** Metadata edit/generation mode we are in */
  260.  
  261. var $metadata_mode = METADATA_DISABLED;
  262. /** The URL of this website */
  263.  
  264. var $site_url;
  265. /** The host of this website ie. 'foo.thingy.co.nz' */
  266.  
  267. var $http_host;
  268. /** Path to the site document root */
  269.  
  270. var $site_docroot;
  271. /** Path to the requested script/page */
  272.  
  273. var $requested;
  274. /** Query string (if any) supplied to requested page */
  275.  
  276. var $requested_query;
  277.  
  278. // Private
  279. /** Buffering option to use
  280. @access private */
  281. var $buffering_mode = BUFFERED;
  282. /** Array of hosts we wish to connect persistently to
  283. @access private */
  284. var $persistent_hosts = array();
  285. /** Compression type to use for response content
  286. @access private */
  287. var $compression_type;
  288. /** Minimum size in bytes before invoking compression
  289. @access private */
  290. var $compression_minsize;
  291. /** The debugger for this response
  292. @access private */
  293. var $debugger;
  294. /** Type of authentication in effect
  295. @access private */
  296. var $auth_type;
  297. /** Option to take on auth failure
  298. @access private */
  299. var $auth_fail_option;
  300. /** URL to redirect to on auth failure
  301. @access private */
  302. var $auth_fail_redirect;
  303. /** Our keep enabled flag (default enabled)
  304. @access private */
  305. var $keep_enabled = KEEP_ENABLED;
  306. /** Our keep. Keeps variables alive in session
  307. @access private */
  308. var $keep;
  309. /** Globals object. Manages the global vars in this response
  310. @access private */
  311. var $globals;
  312. /** Dynamic page expiry in seconds. Time to allow a dynamic page to
  313. 'live' in user browser. Note this defaults to -1, which means
  314. 'in the past', and which causes us to force the users browser
  315. to NOT cache the page at all, and revalidate every time.
  316. @access private */
  317. var $page_expiry_secs = -1;
  318. /** Array of DTD specifiers for this response. @see set_dtd()
  319. @access private */
  320. var $DTD;
  321. // ...................................................................
  322. /**
  323. * Constructor
  324. * Create a new response.
  325. * One of these objects must be created to respond to each request
  326. * from the user agent for a webpage. This object manages that response
  327. * and is a central marshalling point for all data and functions
  328. * associated with that process. A response object is automatically
  329. * created for you at the bottom of this module, and is assigned to
  330. * the global variable $RESPONSE.
  331. */
  332. function response() {
  333. // Initialise DTD array..
  334. global $DEFAULT_DTD;
  335. $this->DTD = $DEFAULT_DTD;
  336. $this->mbstring_avail = extension_loaded("mbstring");
  337.  
  338. // Create the debugger..
  339. $this->debugger = new webdebugger();
  340.  
  341. // Create the globaliser..
  342. $this->globals = new globals();
  343.  
  344. // Globalise all server vars..
  345. $this->register(
  346. "DOCUMENT_ROOT," // List of Web Server vars to globalise.
  347. . "^HTTP_.*," // Note the use of Perl regex to specify
  348. . "^REMOTE_.*," // groups of server vars to globalise.
  349. . "^SERVER_.*,"
  350. . "PATH,"
  351. . "SCRIPT_FILENAME,"
  352. . "PHP_SELF,"
  353. . "UNIQUE_ID,"
  354. . "GATEWAY_INTERFACE,"
  355. . "SERVER_PROTOCOL,"
  356. . "REQUEST_METHOD,"
  357. . "QUERY_STRING,"
  358. . "REQUEST_URI,"
  359. . "SCRIPT_NAME,"
  360. . "PATH_TRANSLATED,"
  361. . "PHP_SELF"
  362. ,
  363. "server"
  364. );
  365.  
  366. // Globalise vars used for login/logout..
  367. $this->register(
  368. "tbxUsername,user"
  369. . "tbxPassword,pass"
  370. . "tbxLogoff,"
  371. . "chkRememberMe,"
  372. . "authid,"
  373. . "auth_code,"
  374. . "admin_auth_code,"
  375. . "PHP_AUTH_USER,"
  376. . "PHP_AUTH_PW,"
  377. . "MAX_FILE_SIZE,"
  378. . "cachecontrol,"
  379. . "^_.*,"
  380. . "^recmaint.*,"
  381. . "theme"
  382. ,
  383. "get,post"
  384. );
  385.  
  386. // Do the globalisation thing..
  387. $this->globalise();
  388.  
  389. // Some globals we need to use right now..
  390. global $HTTP_USER_AGENT;
  391. global $HTTP_HOST;
  392. global $REMOTE_ADDR;
  393. global $PHP_SELF;
  394. global $SCRIPT_NAME;
  395. global $QUERY_STRING;
  396. global $WEB_BROWSERS, $WAP_PHONES;
  397. global $DOCUMENT_ROOT;
  398.  
  399. // Initialise some vars..
  400. $this->initialise();
  401.  
  402. // BROWSER TYPE IDENTIFICATION..
  403. $this->user_agent = $HTTP_USER_AGENT;
  404. $this->remote_address = $REMOTE_ADDR;
  405. $this->browser_type = $this->get_browser_type();
  406.  
  407. // WEB-BROWSER IDENTIFICATION..
  408. switch ($this->browser_type) {
  409. case BROWSER_TYPE_CLI:
  410. $this->browser = BROWSER_NONE;
  411. $this->browser_version = "";
  412. // The site Domain and URL..
  413. $this->http_host = trim(`hostname --fqdn`);
  414. $this->site_url = "http://$this->http_host";
  415. $this->site_docroot = getcwd();
  416. // For debugging, set output mode..
  417. $this->debugger->debug_output(DBG_O_CLI);
  418. break;
  419.  
  420. case BROWSER_TYPE_WML:
  421. case BROWSER_TYPE_WMLUP:
  422. $this->browser = BROWSER_PHONE;
  423. $this->browser_version = "";
  424. // The site Domain and URL..
  425. $this->http_host = $HTTP_HOST;
  426. $this->site_url = "http://$this->http_host";
  427. $this->site_docroot = $DOCUMENT_ROOT;
  428. break;
  429.  
  430. case BROWSER_TYPE_HTML:
  431. case BROWSER_TYPE_XHTML:
  432. // First try to determine browser version. We assume that the people
  433. // who made it will be sticking to the rule that the first word
  434. // is the browser/version string.
  435. $agentbits = explode(" ", $HTTP_USER_AGENT);
  436. $verbits = explode("/", $agentbits[0]);
  437. if (is_numeric((float) $verbits[1])) {
  438. $this->browser_version = $verbits[1];
  439. }
  440. // OPERA
  441. if (eregi("opera", $HTTP_USER_AGENT)) {
  442. $this->browser = BROWSER_OPERA;
  443. if (preg_match("/.* opera (.+) .*/i", $HTTP_USER_AGENT, $matches)) {
  444. if (is_numeric((float) $matches[1])) {
  445. $this->browser_version = $matches[1];
  446. }
  447. }
  448. }
  449. // INTERNET EXPLORER
  450. // Determine flavour of browser. Practicality means that we
  451. // resolve this down to either IE or Netscape/Mozilla
  452. elseif (eregi("msie", $HTTP_USER_AGENT)) {
  453. $this->browser = BROWSER_IE;
  454. // IE has its own version number..
  455. if (preg_match("/.* msie (.+); .*/i", $HTTP_USER_AGENT, $matches)) {
  456. if (is_numeric((float) $matches[1])) {
  457. $this->browser_version = $matches[1];
  458. }
  459. }
  460. }
  461. // MOZILLA - NETSCAPE 4.xx
  462. elseif (eregi("mozilla", $HTTP_USER_AGENT)) {
  463. $this->browser = BROWSER_MOZILLA;
  464. // The Mozilla engine with version nos. less than 5.0 is
  465. // in fact that old dog the Netscape browser..
  466. if ($this->browser_version > 0 && $this->browser_version < 5) {
  467. $this->browser = BROWSER_NETSCAPE;
  468. }
  469. }
  470. // MOBILE PHONES..
  471. elseif (eregi($WAP_PHONES, $HTTP_USER_AGENT)) {
  472. $this->browser = BROWSER_PHONE;
  473. }
  474. // OTHER WEB BROWSER
  475. // This might be an xhtml-compatible phone or a
  476. // PDA of some kind, who knows..
  477. else {
  478. $this->browser = BROWSER_OTHER;
  479. }
  480.  
  481. // The site Domain and URL..
  482. $this->http_host = $HTTP_HOST;
  483. $this->site_url = "http://$this->http_host";
  484. $this->site_docroot = $DOCUMENT_ROOT;
  485. break;
  486.  
  487. default:
  488. $this->browser = BROWSER_NONE;
  489. $this->browser_version = "";
  490. // The site Domain and URL..
  491. $this->http_host = $HTTP_HOST;
  492. $this->site_url = "http://$this->http_host";
  493. $this->site_docroot = $DOCUMENT_ROOT;
  494. } // switch
  495.  
  496. if (dirname($PHP_SELF) != "/")
  497. $this->site_url .= dirname($PHP_SELF);
  498.  
  499. // The page being requested and the query string.
  500. // These are just our local copies..
  501. $this->requested = "";
  502. $this->requested_query = "";
  503. if (isset($SCRIPT_NAME)) {
  504. $this->requested = $SCRIPT_NAME;
  505. }
  506. if (isset($QUERY_STRING)) {
  507. $this->requested_query = $QUERY_STRING;
  508. }
  509.  
  510. // Set default charset according to browser type.
  511. // This is just the initial setting & can be overriden..
  512. switch ($this->browser_type) {
  513. case BROWSER_TYPE_WML:
  514. case BROWSER_TYPE_WMLUP:
  515. $this->charset = "UTF-8";
  516. break;
  517. default:
  518. $this->charset = "ISO-8859-1";
  519. }
  520. } // response
  521. // ...................................................................
  522. /**
  523. * Initialise values
  524. * Initialise our main response parameters to normal values.
  525. * @access private
  526. */
  527. function initialise() {
  528. $this->cookiename = "session_id";
  529. $this->compression_type = NO_COMPRESSION;
  530. $this->compression_minsize = 0;
  531. $this->persistent_hosts = array();
  532. $this->auth_type = FORM_AUTHENTICATION;
  533. $this->auth_fail_option = AUTHFAIL_GUEST;
  534. $this->auth_fail_redirect = "";
  535. $this->multilang = MULTILANG_DISABLED;
  536. } // initialise
  537. // ...................................................................
  538. /**
  539. * Determine the browser type
  540. * Examines the headers, if we are running as an apache module and
  541. * returns the browser type accordingly. If we are not running as
  542. * an apache module returns 'cgi' (command line).
  543. * @access private
  544. */
  545. function get_browser_type() {
  546. global $HTTP_USER_AGENT;
  547. global $WEB_BROWSERS, $WAP_PHONES;
  548.  
  549. // Starting point..
  550. $type = BROWSER_TYPE_UNKNOWN;
  551.  
  552. // If webserver then detect, else CLI script..
  553. if (isset($HTTP_USER_AGENT) && $HTTP_USER_AGENT != "") {
  554. // Determine accept headers..
  555. $headers = getallheaders();
  556. $this->accept = trim($headers["Accept"]);
  557. $this->accept_encoding = trim($headers["Accept-Encoding"]);
  558. $this->accept_language = trim($headers["Accept-Language"]);
  559.  
  560. // STANDARD BROWSERS - User Agent Detection
  561. if (eregi($WEB_BROWSERS, $HTTP_USER_AGENT)) {
  562. $type = BROWSER_TYPE_HTML;
  563. }
  564. // WAP PHONES - User Agent Detection
  565. elseif (eregi($WAP_PHONES, $HTTP_USER_AGENT)) {
  566. $type = BROWSER_TYPE_WML;
  567. }
  568.  
  569. // GENERIC - Accept Encodings Detection
  570. // This might override the more general user-agent detection
  571. // phase which has been undertaken above. Note that Vodafone
  572. // gateways do not pass through Accept headers.
  573. if (stristr($this->accept, "application/vnd.wap")) $type = BROWSER_TYPE_WML;
  574. elseif (stristr($this->accept, "text/vnd.wap")) $type = BROWSER_TYPE_WML;
  575. elseif (stristr($this->accept, "application/xhtml")) $type = BROWSER_TYPE_XHTML;
  576. elseif (stristr($this->accept, "text/html")) $type = BROWSER_TYPE_HTML;
  577.  
  578. // A bit of post-processing for WAP phones which
  579. // might have Phone.com extensions..
  580. if ($type == BROWSER_TYPE_WML) {
  581. if (stristr($this->accept, "application/x-up")
  582. || stristr($this->accept, "application/vnd.phonecom")
  583. ) {
  584. $type = BROWSER_TYPE_WMLUP;
  585. }
  586. elseif (eregi("(up)", $HTTP_USER_AGENT)) {
  587. $type = BROWSER_TYPE_WMLUP;
  588. }
  589. }
  590. }
  591. else {
  592. // Default browser type to CLI (command line)..
  593. $type = BROWSER_TYPE_CLI;
  594. }
  595.  
  596. // Fallback to default if unknown..
  597. if ($type == BROWSER_TYPE_UNKNOWN) {
  598. $type = BROWSER_TYPE_DEFAULT;
  599. }
  600. return $type;
  601. } // get_browser_type
  602. // .....................................................................
  603. /**
  604. * Set the DTDs array for all possible content types for this webpage.
  605. * The array is associative, with content type as the key, and the
  606. * DTD specifier as the value. Currently we only support two content
  607. * types: "html" and "wml".
  608. * @param array $DTD Array of DTD specifiers per content type
  609. */
  610. function set_dtd($DTD) {
  611. if (is_array($DTD)) {
  612. $this->DTD = $DTD;
  613. }
  614. } // set_dtd
  615. // ...................................................................
  616. /**
  617. * Set up the page attributes for our response. This is an important
  618. * call, and should be made just after including response-defs.php in
  619. * your source code. It sets up the page title, the template file which
  620. * defines the page structure, the theme and stylesheet.
  621. * @param string $title Webpage title string
  622. * @param string $template Template for this webpage
  623. * @param string $theme Theme to apply. This is for branding purposes
  624. * @param string $stylesheet Name of stylesheet to use eg: 'sitestyle.css'
  625. * @param string $dtd Override the DTD specifier for page
  626. */
  627. function page($title="", $template="main", $theme="", $stylesheet="", $dtd="") {
  628. // The ordering of these calls is important, since the
  629. // theme setting influences the path settings for the
  630. // template and the stylesheet..
  631. $this->set_title($title);
  632. $this->set_theme($theme);
  633. $this->set_template($template);
  634. $this->set_stylesheet($stylesheet);
  635. if ($dtd != "") {
  636. $this->head->set_dtd($dtd);
  637. }
  638. $this->check_group_membership();
  639. } // page
  640. // ...................................................................
  641. /**
  642. * Set up the Wap page (card) attributes for our response. This is
  643. * the exact equivalent to the page() method above, but for WAP
  644. * phones instead.
  645. * @param string $title Card title string
  646. * @param string $template Template for this WML card
  647. * @param string $theme Theme to apply. This is for branding purposes
  648. * @param string $stylesheet Name of stylesheet to use eg: 'sitestyle.css'
  649. * @param string $dtd Override the DTD specifier for WML page
  650. */
  651. function card($title="", $template="main", $theme="", $stylesheet="", $dtd="") {
  652. if ($this->browser != BROWSER_PHONE) {
  653. // Enable normal browsers to see Wap content..
  654. include_once("wml-defs.php");
  655. $this->body = new deck($title, $template, $theme, $stylesheet);
  656. }
  657. $this->page($title, $template, $theme, $stylesheet, $dtd);
  658. global $CARD;
  659. $CARD = new WMLcard(basename($template), $this->head->title);
  660. $this->check_group_membership();
  661. return $CARD;
  662. } // card
  663. // ...................................................................
  664. /**
  665. * Activate response
  666. * Activate the response object. This isn't done in the constructor
  667. * so that the application code can make various calls etc. to set
  668. * up the environment for the response, such as session parameters.
  669. * After this setup phase is complete, then this function is called.
  670. * @access private
  671. */
  672. function activate() {
  673. global $CONTEXT;
  674. global $tbxUsername, $user; // Username submitted by user form
  675. global $tbxPassword, $pass; // Password submitted
  676. global $tbxLogoff; // Logoff sequence submission
  677. global $PHP_AUTH_USER; // HTTP Authentication username
  678. global $PHP_AUTH_PW; // HTTP Authentication password
  679. global $cachecontrol; // Cache/page expiry control override
  680.  
  681. debug_trace($this);
  682.  
  683. // Set site-wide language, if multi-language mode, and given..
  684. if ($this->multilang) {
  685. debugbr("multilang: multi-language mode is enabled", DBG_DEBUG);
  686. if ($this->mbstring_avail) {
  687. mb_internal_encoding("UTF-8");
  688. mb_http_output("UTF-8");
  689. }
  690. // Use the session-specific language if present. How this session
  691. // var gets set is entirely application-specific. If it is defined
  692. // then it becomes the 'default' language by virtue of being first..
  693. if (isset($this->session_record["lang_id"]) && $this->session_record["lang_id"] != "") {
  694. $this->add_language($this->session_record["lang_id"]);
  695. }
  696. // Otherwise, use the language defaults. These are again in an
  697. // order, with the first one the designated default..
  698. else {
  699. $q = "SELECT lang_id FROM ax_language";
  700. $q .= " WHERE enabled=TRUE";
  701. $q .= " AND is_default=TRUE";
  702. $q .= " ORDER BY display_order";
  703. $langs = dbrecordset($q);
  704. if ($langs->hasdata) {
  705. do {
  706. $this->add_language( $langs->field("lang_id") );
  707. } while ($langs->get_next());
  708. }
  709. }
  710. } // multilang
  711.  
  712. // Create our parent webpage object now. We do not do this in
  713. // the constructor, due to timing. Only at this point do we
  714. // know what type of browser (html or wml) it is, and have
  715. // the relevant library included to support it..
  716. $this->webpage();
  717.  
  718. // Map alternative fieldnames onto standard ones..
  719. if (isset($user) && !isset($tbxUsername)) $tbxUsername = $user;
  720. if (isset($pass) && !isset($tbxPassword)) $tbxPassword = $pass;
  721.  
  722. // Always disable buffering mode for command-line..
  723. if ($this->browser_type == BROWSER_TYPE_CLI) {
  724. $this->set_buffering_mode(UNBUFFERED);
  725. }
  726.  
  727. // See if we should disable webpage buffering..
  728. if ($this->buffering_mode == UNBUFFERED) {
  729. $this->discard();
  730. $this->buffered = false;
  731. }
  732.  
  733. // Check flag to see if we have to globalise everything in
  734. // sight. If this is the case, it is probably due to the website
  735. // being broken by setting 'register_globals = Off' in php.ini.
  736. if ($this->globalise_all) {
  737. $this->globals->globalise_all();
  738. }
  739. else {
  740. // By now we have the actual cookie name, so we make
  741. // sure it is globalised..
  742. $this->globalise($this->cookiename, "cookie");
  743. }
  744.  
  745. // Browser announcement
  746. $msg = "browser: $this->browser";
  747. if ($this->browser_version != "") $msg .= "/$this->browser_version";
  748. $msg .= " ($this->browser_type)";
  749. debugbr($msg, DBG_DEBUG);
  750. debugbr("accept=[$this->accept]", DBG_DEBUG);
  751. debugbr("UA=[$this->user_agent]", DBG_DEBUG);
  752.  
  753. if ($this->browser != BROWSER_NONE) {
  754. // HTTP AUTHENTICATION
  755. if ($this->auth_type == HTTP_AUTHENTICATION) {
  756. debugbr("HTTP Authentication", DBG_DEBUG);
  757. if (!isset($PHP_AUTH_USER)) {
  758. debugbr("NOT Got PHP_AUTH_USER - sending HTTP auth headers", DBG_DEBUG);
  759. header("WWW-Authenticate: Basic realm=\"" . APP_NAME . "\"");
  760. header("HTTP/1.0 401 Unauthorized");
  761. return;
  762. }
  763. else {
  764. // Get the HTTP authentication variables..
  765. debugbr("Got PHP_AUTH_USER '$PHP_AUTH_USER', PHP_AUTH_PS '$PHP_AUTH_PW'", DBG_DEBUG);
  766. if ($this->get_session_cookie()) {
  767. debugbr("We already have a valid session..", DBG_DEBUG);
  768. if ($this->identify_user()
  769. && $this->userid == "guest"
  770. && strtolower($PHP_AUTH_USER != "guest")
  771. ) {
  772. debugbr("But overriding guest session with supplied HTTP Auth login..", DBG_DEBUG);
  773. $tbxUsername = $PHP_AUTH_USER;
  774. if (isset($PHP_AUTH_PW)) $tbxPassword = $PHP_AUTH_PW;
  775. else $tbxPassword = "";
  776. }
  777. }
  778. else {
  779. // Transform it into our own kind of login sequence..
  780. debugbr("Transforming it into our own kind of login..", DBG_DEBUG);
  781. $tbxUsername = $PHP_AUTH_USER;
  782. if (isset($PHP_AUTH_PW)) $tbxPassword = $PHP_AUTH_PW;
  783. else $tbxPassword = "";
  784. }
  785. }
  786. } // HTTP Auth
  787. else {
  788. debugbr("FORM Authentication.", DBG_DEBUG);
  789. }
  790. }
  791.  
  792. // IDENTIFY USER, LOGIN
  793. $logged_in = true;
  794. $retries = 2;
  795. do {
  796. // Create the user's keep if enabled..
  797. if ( $this->keep_enabled
  798. && $this->browser != BROWSER_NONE
  799. && $this->browser != BROWSER_PHONE
  800. ) {
  801. $this->keep = new keep("CATITKEEP" . APP_PREFIX, $this->lifetime);
  802. // Deal with logoff activity..
  803. if (isset($tbxLogoff) && $tbxLogoff == "Logoff") {
  804. $this->keep->forgetall();
  805. }
  806. }
  807.  
  808. // Get the session to login the user. We expect this step
  809. // to succeed unless they mucked up a login sequence, or
  810. // someone is hacking on our website..
  811. if (!$this->identify_user()) {
  812. // Deal with authentication/session create failure..
  813. debugbr("response-defs: user not identified.", DBG_DEBUG);
  814. if (!$this->isvalid()) {
  815. debugbr("response-defs: user invalid.", DBG_DEBUG);
  816. // Make sure the cookie is removed..
  817. $this->delete_cookie();
  818. if ($this->keep_enabled) {
  819. $this->keep->delete();
  820. }
  821.  
  822. switch ($this->auth_fail_option) {
  823. case AUTHFAIL_DIE_MSG:
  824. $this->crash(401, $this->error_message);
  825. break;
  826.  
  827. case AUTHFAIL_DIE_SILENT:
  828. $this->crash();
  829. break;
  830.  
  831. case AUTHFAIL_REDIRECT:
  832. header("Location: $this->auth_fail_redirect");
  833. break;
  834.  
  835. // AUTHFAIL_GUEST and friends..
  836. default:
  837. if (isset($tbxUsername) && strtolower($tbxUsername) == "guest") {
  838. // Failed guest login should not happen if the guest user
  839. // exists and its 'enabled' flag is true..
  840. $this->crash(401, "Guest logins are not permitted.");
  841. }
  842. else {
  843. // Unset everything they might be logging in with, so that
  844. // the system will default them into guest mode..
  845. if (isset($tbxUsername)) {
  846. debugbr("AUTHFAIL_GUEST: tbxUsername is set '$tbxUsername', setting it to guest.", DBG_DEBUG);
  847. $tbxUsername = "guest";
  848. $tbxPassword = "";
  849. }
  850. if (isset($authid)) unset($authid);
  851. $logged_in = false;
  852. }
  853. break;
  854. } // switch
  855. }
  856. // Otherwise we failed authentication, but the user was
  857. // valid - a very strange state of affairs..!
  858. else {
  859. debugbr("user valid but not auth! userid='$this->userid'", DBG_DEBUG);
  860. if ($this->authfail_option != AUTHFAIL_SILENT) {
  861. $this->crash(500, "No session!");
  862. }
  863. else die();
  864. }
  865. // Countdown for retries..
  866. $retries -= 1;
  867. } // if !identify_user
  868. else {
  869. // Affirm user identified..
  870. $logged_in = true;
  871. }
  872. } while (!$logged_in && $retries > 0);
  873.  
  874. // If login failed, then we have no options left..
  875. if (!$logged_in) {
  876. if ($this->authfail_option != AUTHFAIL_SILENT) {
  877. $this->crash(401);
  878. }
  879. else die();
  880. }
  881.  
  882. // CONTENT TYPE HEADER
  883. $this->set_encoding();
  884.  
  885. // CACHE HEADERS
  886. switch ($this->browser_type) {
  887. case BROWSER_TYPE_HTML:
  888. case BROWSER_TYPE_XHTML:
  889. header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
  890. if ($this->page_expiry_secs == -1 || (isset($cachecontrol) && $cachecontrol == "dynamic")) {
  891. header("Expires: Thu, 1 Jan 1970 01:00:00 GMT");
  892. header("Cache-Control: no-cache, must-revalidate");
  893. header("Pragma: no-cache");
  894. debugbr("page expiry: no cache", DBG_DEBUG);
  895. }
  896. else {
  897. $expirysecs = time() + $this->page_expiry_secs;
  898. header("Expires: " . gmdate("D, d M Y H:i:s", $expirysecs) . " GMT");
  899. debugbr("page expiry: cache for $this->page_expiry_secs seconds", DBG_DEBUG);
  900. }
  901. break;
  902.  
  903. case BROWSER_TYPE_WML:
  904. case BROWSER_TYPE_WMLUP:
  905. header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
  906. header("Last-Modified: " . gmdate("D, d M Y H:i:s T") );
  907. header("Cache-Control: no-cache, must revalidate");
  908. header("Pragma: no-cache");
  909. header("Accept-Ranges: none");
  910. break;
  911. } // switch
  912.  
  913. // CONTEXT
  914. if ($this->browser_type != BROWSER_TYPE_CLI
  915. && file_exists($this->site_docroot . "/context-defs.php")) {
  916. include_once("context-defs.php");
  917. $CONTEXT = new context();
  918. }
  919. debug_trace();
  920. } // activate
  921. // ...................................................................
  922. /**
  923. * Sets the status of the multi-language flag 'multilang'. If this flag
  924. * is true then multi-language facilities are enabled. This allows the
  925. * setting of tags to indicate webpage language(s), and for inputting
  926. * different character encodings via form elements etc.
  927. * @param boolean $mode Whether we should set multi-language mode
  928. */
  929. function set_multilang($mode=true) {
  930. $this->multilang = $mode;
  931. } // set_multilang
  932. // ...................................................................
  933. /**
  934. * Adds another language for the current webpage. Webpages might
  935. * contain content in multiple languages, hence the need for a list.
  936. * @param integer $langid The new language ID to add for the webpage
  937. */
  938. function add_language($langid) {
  939. if ($this->multilang) {
  940. if (!in_array($langid, $this->languages)) {
  941. $this->languages[] = $langid;
  942. if (isset($this->head)) {
  943. $this->head->add_language($langid);
  944. }
  945. }
  946. }
  947. } // add_language
  948. // ...................................................................
  949. /**
  950. * Sets the content-type header characterset encoding, and (optionally)
  951. * allows you to override the content type itself although it should
  952. * be set for you automatically, so you should only need to provide the
  953. * second parameter for special purposes. This method will send the
  954. * content-type: header to the user agent (browser). It can be called
  955. * any number of times before send() is called.
  956. * @param string $charset The character encoding to use for the webpage
  957. * @param string $content_type The content type (defaults to proper one for browser)
  958. */
  959. function set_encoding($charset="", $content_type="") {
  960. if ($charset != "") {
  961. $this->charset = $charset;
  962. }
  963. if ($content_type == "") {
  964. switch ($this->browser_type) {
  965. case BROWSER_TYPE_HTML:
  966. case BROWSER_TYPE_XHTML:
  967. $content_type = "text/html";
  968. break;
  969.  
  970. case BROWSER_TYPE_WML:
  971. case BROWSER_TYPE_WMLUP:
  972. $content_type = "text/vnd.wap.wml";
  973. break;
  974.  
  975. default:
  976. $content_type = "text/html";
  977. }
  978. }
  979. // Insert prefix if not already provided..
  980. if ( substr(strtolower($content_type), 0, 13) != "content-type:") {
  981. $content_type = "content-type: $content_type";
  982. }
  983. // Set head section charset..
  984. if (isset($this->head)) {
  985. $this->head->set_charset($this->charset);
  986. }
  987.  
  988. // Append charset code for header if provided..
  989. if ($this->charset != "") {
  990. $content_type .= "; charset=$this->charset";
  991. }
  992. // Also transmit a content-type header..
  993. if ($this->browser_type != BROWSER_TYPE_CLI) {
  994. header($content_type);
  995. }
  996. } // set_encoding
  997. // ...................................................................
  998. /**
  999. * Set globalise all
  1000. * Flag that we should globalise all vars from anywhere. This is the
  1001. * same as setting 'register_globals = On' in php.ini. It gives
  1002. * backward compatibility with that setting, if you find that it has
  1003. * been set to 'Off' and this breaks your code.
  1004. * NB: This only takes effect when the session is activated with
  1005. * the activate() method of this class.
  1006. */
  1007. function globalise_all() {
  1008. $this->globalise_all = true;
  1009. } // globalise_all
  1010. // ...................................................................
  1011. /**
  1012. * Globalise specific vars
  1013. * @param string $varnames Comma-delimited list of variable names to globalise
  1014. * @param string $sources Comma-delimited list of allowed sources for values
  1015. */
  1016. function globalise($varnames="", $sources="env,get,post,cookie,server") {
  1017. $this->globals->globalise($varnames, $sources);
  1018. } // globalise
  1019. // ...................................................................
  1020. /**
  1021. * Register vars
  1022. * Register given variables for globalisation.
  1023. * @param string $varnames Comma-delimited list of variable names to globalise
  1024. * @param string $sources Comma-delimited list of allowed sources for values
  1025. */
  1026. function register($varnames, $sources="env,get,post,cookie,server") {
  1027. $this->globals->register($varnames, $sources);
  1028. } // register
  1029. // ...................................................................
  1030. /**
  1031. * Set keep enable status. If the keep is enabled then there is access to
  1032. * the remember() and forget() methods to control persistent vars using
  1033. * Php session handling functions.
  1034. * @see remember(), forget()
  1035. * @param boolean $keep_enabled If true then the keep methods are enabled
  1036. */
  1037. function set_keep($keep_enabled=true) {
  1038. $this->keep_enabled = $keep_enabled;
  1039. } // set_keep
  1040. // ...................................................................
  1041. /**
  1042. * Remember variables by name, across page requests using our keep
  1043. * functionality. This utilises Php session handling to maintain the value
  1044. * of variables named here. Pass a list of vars as a string delimited
  1045. * by a comma.
  1046. * @param string $varnames Comma-delimited list of variable names to keep
  1047. */
  1048. function remember($varnames) {
  1049. if ($this->keep_enabled && isset($this->keep)) {
  1050. $this->keep->remember($varnames);
  1051. }
  1052. } // remember
  1053. // ...................................................................
  1054. /**
  1055. * Forget kept variables by name. The named variables will have been
  1056. * passed to the remember() function beforehand, and this method causes
  1057. * them to be forgotten.
  1058. * @param string $varnames Comma-delimited list of variable names to forget
  1059. */
  1060. function forget($varnames) {
  1061. if ($this->keep_enabled && isset($this->keep)) {
  1062. $this->keep->forget($varnames);
  1063. }
  1064. } // forget
  1065. // ...................................................................
  1066. /**
  1067. * Define persistent hosts list.
  1068. * Set the list of hosts recognition strings to connect to with
  1069. * persistent database connections. You can pass either an array of strings
  1070. * or a single string containing a delimited list of hosts.
  1071. * @param mixed $hosts Array or delimited list of host names to connect persistently to
  1072. * @param string $delim Optional delimiter, defaults to a comma
  1073. */
  1074. function set_persistent_hosts($hosts="", $delim=",") {
  1075. if (is_array($hosts)) {
  1076. $this->persistent_hosts = $hosts;
  1077. }
  1078. else {
  1079. if ($hosts != "") {
  1080. $hosts = explode($delim, $hosts);
  1081. }
  1082. }
  1083. } // set_persistent_hosts
  1084. // ...................................................................
  1085. /**
  1086. * define a blocked IP list.
  1087. * Set the list of IP addresses which are persona non grata for our site.
  1088. * This might be a list of problem IPs which are hacking, for example.
  1089. * Note that this method may not return, since the IP checking is done
  1090. * immediately, and if the REMOTE_ADDR accessing the site right now is
  1091. * found to match a blocked IP, then we crash and burn the response.
  1092. *
  1093. * @param mixed $hosts Array or delimited list of host names to connect persistently to
  1094. * @param string $delim Optional delimiter, defaults to a comma
  1095. */
  1096. function set_blocked_ips($ips="", $delim=",") {
  1097. if ($ips != "") {
  1098. global $REMOTE_ADDR;
  1099. if (isset($REMOTE_ADDR) && $REMOTE_ADDR != "") {
  1100. if (!is_array($ips) && $ips != "") {
  1101. $ips = explode($delim, $ips);
  1102. }
  1103. foreach ($ips as $unwelcome) {
  1104. if (preg_match("/^$unwelcome/", $REMOTE_ADDR)) {
  1105. $this->crash(403, "Bad address");
  1106. exit();
  1107. }
  1108. }
  1109. }
  1110. }
  1111. } //set_blocked_ips
  1112. // ...................................................................
  1113. /**
  1114. * Set compression type
  1115. * Set the compression type to use for content delivery. Options are:
  1116. * NO_COMPRESSION Normal delivery of content
  1117. * BUILTIN_COMPRESSION Builtin PHP compression (Requires Php >= v4.04)
  1118. * CUSTOM_COMPRESSION Compression provided by the library
  1119. * @param integer $type Compression type: NO_COMPRESSION, BUILTIN_COMPRESSION, CUSTOM_COMPRESSION
  1120. */
  1121. function set_compression_type($type=NO_COMPRESSION) {
  1122. $this->compression_type = $type;
  1123. } // set_compression_type
  1124. // ...................................................................
  1125. /**
  1126. * Set buffering option
  1127. * Set the webstream buffering option. Usually we want to buffer the
  1128. * webpage output to do cool things with the content right up until
  1129. * we send it. If you select NO_BUFFERING, then output won't be
  1130. * buffered and you will probably be processing it yourself. If in
  1131. * doubt, leave it as BUFFERING, the default.
  1132. * Possible options..
  1133. * BUFFERED Output webstream uses Php buffering (default)
  1134. * UNBUFFERED No buffering of output webstream
  1135. * @param bool $buffering Buffering option: NO_BUFFERING, or BUFFERING
  1136. */
  1137. function set_buffering_mode($mode=BUFFERED) {
  1138. $this->buffering_mode = $mode;
  1139. } // set_buffering_mode
  1140. // ...................................................................
  1141. /**
  1142. * Set metadata mode
  1143. * This setting determines whether Axyl will implement the metadata
  1144. * enhancements that it has. If true, content-managed layouts will get
  1145. * an extra button 'META', which enables page metadata to be edited
  1146. * Also, when page generation takes place, metadata elements will be
  1147. * procuced in the output.
  1148. * @param bool $mode Metadata enable mode, true or false
  1149. */
  1150. function set_metadata_mode($mode=METADATA_ENABLED) {
  1151. $this->metadata_mode = $mode;
  1152. } // set_metadata_mode
  1153. // ...................................................................
  1154. /**
  1155. * Set page expiry in seconds. This affects all of the pages returned by Axyl.
  1156. * Normally this is left at -1, which causes the system to tell the user browser
  1157. * to NOT cache the webpage, and revalidate every time. This is the usual case
  1158. * for a dynamic website where content is always changing. If set to a positive
  1159. * value, the user browser will (probably) keep the page cached for this time.
  1160. *
  1161. * @param integer $secs Time to allow website pages to live in the user browser.
  1162. */
  1163. function set_page_expirysecs($secs=-1) {
  1164. $this->page_expiry_secs = $secs;
  1165. } // set_page_expirysecs
  1166. // ...................................................................
  1167. /**
  1168. * Set compression threshold
  1169. * Set the threshold size of content before we use compression.
  1170. * @param integer $size Pagesize in bytes below which we will not compress
  1171. */
  1172. function set_compression_minsize($size=0) {
  1173. $this->compression_minsize = $size;
  1174. } // set_compression_minsize
  1175. // ...................................................................
  1176. /**
  1177. * Set website authentication
  1178. * Set the authentication option for the website. Note that although there
  1179. * is NO_AUTHENTICATION, this has no real effect and is mainly there so
  1180. * you can indicate your intent not to bother with authentication. If no
  1181. * username/password is passed then the system will always log the session
  1182. * as a "guest" anyway, regardless of this setting. Options are:
  1183. * NO_AUTHENTICATION Redundant case, no authentication
  1184. * HTTP_AUTHENTICATION User sees a browser username/password popup
  1185. * FORM_AUTHENTICATION Custom form fields $tbxUsername/$tbxPassword
  1186. * @param integer $authtype Authentication option type
  1187. */
  1188. function set_authentication_type($authtype=HTTP_AUTHENTICATION) {
  1189. $this->auth_type = $authtype;
  1190. } // set_authentication_type
  1191. // ...................................................................
  1192. /**
  1193. * Set authentication failure option
  1194. * This sets the option for when authentication fails due to invalid
  1195. * username/password. Options are:
  1196. * AUTHFAIL_DIE_MSG Die, with 'not authorised' message
  1197. * AUTHFAIL_DIE_SILENT Die silently
  1198. * AUTHFAIL_REDIRECT Re-direct to alternate URL
  1199. * AUTHFAIL_GUEST Welcome the user as a guest (the default)
  1200. */
  1201. function on_authentication_fail($option=AUTHFAIL_GUEST, $redirect="") {
  1202. $this->auth_fail_option = $option;
  1203. $this->auth_fail_redirect = $redirect;
  1204. } // on_authentication_fail
  1205. // ...................................................................
  1206. /**
  1207. * Add database
  1208. * Add a new database to the list of datasources which are going to be used to
  1209. * serve this response. The dbtype and the name are the only mandatory parameters.
  1210. * @param string $dbtype The type of database eg: 'postgres', 'mssql' etc.
  1211. * @param string $name The name of the database
  1212. * @param string $user Name of a user who can access the database
  1213. * @param string $passwd The password the user can access the database with
  1214. * @param string $host The hostname of the machine running the database (TCP/IP)
  1215. * @param integer $port The port number of the database server
  1216. * @param boolean $default True if the database is the default database
  1217. */
  1218. function add_database($dbtype, $name, $user="", $passwd="", $host="", $port="", $default=false) {
  1219. if ($this->db_backed) {
  1220. if (!isset($this->datasource)) {
  1221. $this->datasource = new datasources();
  1222. }
  1223. $this->datasource->add_database($dbtype, $name, $user, $passwd, $host, $port, $default);
  1224. }
  1225. } // add_database
  1226. // ...................................................................
  1227. /**
  1228. * Selects a database to use
  1229. * This will connect it if it isn't already connected. Calling this
  1230. * with no database name will select the default one. Returns the
  1231. * database unique identifier, or false if none was selected.
  1232. * The named database must have been already defined. @see add_database()
  1233. * @see datasources::add_database()
  1234. * @param string $dbname The name of the database to select
  1235. * @return resource The database resource ID
  1236. */
  1237. function select_database($db_name="") {
  1238. if ($this->db_backed && isset($this->datasource)) {
  1239. return $this->datasource->select($db_name);
  1240. }
  1241. else {
  1242. return false;
  1243. }
  1244. } // select_database
  1245. // ...................................................................
  1246. /**
  1247. * Is host in peristent list
  1248. * Returns true if the given host is in our list of persistent
  1249. * hosts, else returns false. The persistent hosts list we hold
  1250. * will general contain partial hostnames. We therefore check
  1251. * to see if this partial name occurs anywhere in the given
  1252. * hostname.
  1253. * @param string $hostname The name of the host to check
  1254. */
  1255. function InPersistentHostsList($hostname) {
  1256. if (count($this->persistent_hosts) > 0) {
  1257. foreach ($this->persistent_hosts as $host) {
  1258. if (stristr($hostname, $host)) {
  1259. return true;
  1260. }
  1261. }
  1262. }
  1263. return false;
  1264. } // InPersistentHostsList
  1265. // ...................................................................
  1266. /**
  1267. * Allowed groups
  1268. * This defines the allowed user-groups for this response, otherwise
  1269. * they get an error page returned. The list of allowed groups
  1270. * should be a comma-delimited string.
  1271. * NB: We look for globals $admin_auth_code, and $auth_code and if
  1272. * available, use these for authorisation.
  1273. * @param string $allowed_groups Comma-delimited list of allowed groups
  1274. */
  1275. function allowed_groups($allowed_groups) {
  1276. global $WEBMASTER_EMAIL, $WEBMASTER_PERSON;
  1277. global $auth_code;
  1278. global $admin_auth_code;
  1279. if (!$this->ismemberof_group_in($allowed_groups)) {
  1280. if (isset($admin_auth_code)) $auth = $admin_auth_code;
  1281. elseif (isset($auth_code)) $auth = $auth_code;
  1282. if (isset($auth)) {
  1283. $user = new authorised_user($auth);
  1284. if ($user->ismemberof_group_in($allowed_groups)) {
  1285. return;
  1286. }
  1287. }
  1288. // On failure follow the login settings for action..
  1289. switch ($this->auth_fail_option) {
  1290. case AUTHFAIL_DIE_MSG:
  1291. $msg = "<p><center><h4>"
  1292. . "You are not permitted to view this page.<br>"
  1293. . "For further information, please contact "
  1294. . "<a href=\"mailto:$WEBMASTER_EMAIL\">$WEBMASTER_PERSON</a>"
  1295. . "</h4></center></p>"
  1296. . "<p><center><h4><a href=\"/\">HOME</a></p></h4></center></p>"
  1297. ;
  1298. $this->set_template("plain");
  1299. $this->plugin("MAIN_CONTENT", $msg);
  1300. $this->send();
  1301. exit;
  1302. break;
  1303. case AUTHFAIL_DIE_SILENT:
  1304. $this->crash();
  1305. break;
  1306. case AUTHFAIL_REDIRECT:
  1307. header("Location: $this->auth_fail_redirect");
  1308. exit;
  1309. break;
  1310. default:
  1311. $this->crash(401, $this->error_message);
  1312. exit;
  1313. } // switch
  1314. }
  1315. } // allowed_groups
  1316. // ...................................................................
  1317. /**
  1318. * Check group membership
  1319. * This check whether the user requesting the page fulfils any group
  1320. * membership requirements. These are optionally expressed as the
  1321. * presence of 'ax_sitepage_group' records. A set of these records
  1322. * represents a set of groups that the user must be member of at
  1323. * least one of, to have access to the page.
  1324. */
  1325. function check_group_membership() {
  1326. // Find page and group permissions if we can..
  1327. $q = "SELECT * FROM ax_sitepage p, ax_sitepage_group sg, ax_group g";
  1328. $q .= " WHERE p.page_path='" . addslashes($this->requested) . "'";
  1329. $q .= " AND p.page_title='" . addslashes($this->head->title) . "'";
  1330. $q .= " AND sg.page_id=p.page_id";
  1331. $q .= " AND g.group_id=sg.group_id";
  1332. $allowed = dbrecordset($q);
  1333. if ($allowed->hasdata) {
  1334. $groups = array();
  1335. do {
  1336. $groups[] = $allowed->field("group_desc");
  1337. } while ($allowed->get_next());
  1338. // Check membership and die if not authorised..
  1339. debugbr("sitepage group membership: " . implode(",", $groups), DBG_DEBUG);
  1340. $this->allowed_groups( implode(",", $groups) );
  1341. }
  1342. } // check_group_membership
  1343. // ...................................................................
  1344. /**
  1345. * Crash the response with message
  1346. * A fatal error ocurred. We die with a message to the system log
  1347. * and to the user. Code supplied is optional.
  1348. * @param integer $code The HTTP/1.0 code to use
  1349. * @param string $msg The message to display and log
  1350. */
  1351. function crash($code=false, $msg="") {
  1352. // Echo debugging output, but only if
  1353. // we are in debugging mode..
  1354. echo debug_render();
  1355.  
  1356. // For the system log..
  1357. $logmsg = APP_PREFIX . " CRASH: ";
  1358. if ($msg != "") $logmsg .= $msg;
  1359. else $logmsg = "(no message)";
  1360. if ($code) $logmsg .= " ($code)";
  1361. error_log(APP_PREFIX . " CRASH: $msg.");
  1362. // For the user..
  1363. if ($code || $msg != "") {
  1364. $umsg = "";
  1365. if ($code) $umsg .= HTTPError($code) . " ";
  1366. if ($msg != "") $umsg .= $msg;
  1367. die($umsg);
  1368. }
  1369. else die();
  1370. } // fatal
  1371.  
  1372. } // response class
  1373. // -----------------------------------------------------------------------
  1374. // CREATE THe RESPONSE OBJECT
  1375.  
  1376. $RESPONSE = new response();
  1377.  
  1378. // -----------------------------------------------------------------------
  1379. // OUTPUT GENERATION INCLUDES
  1380.  
  1381. switch ($RESPONSE->browser_type) {
  1382. case BROWSER_TYPE_WML:
  1383. case BROWSER_TYPE_WMLUP:
  1384. include_once("wml-defs.php");
  1385. break;
  1386. default:
  1387. include_once("html-defs.php");
  1388. } // switch
  1389. // -----------------------------------------------------------------------
  1390. // APPLY APPLICATION RESPONSE SETTINGS
  1391. // These settings are the ones sourced from the application.xml file
  1392. // for this particular website.
  1393.  
  1394. if (file_exists("$DOCUMENT_ROOT/application.xml") && isset($application) && $application->valid) {
  1395. $firstDB = true;
  1396. foreach ($application->settings as $setting) {
  1397. if (isset($setting->agent) && $setting->agent != "") {
  1398. $methodname = $setting->agent;
  1399. $parms = array();
  1400. foreach ($setting->parameters as $parameter) {
  1401. $parms[] = $parameter->get_decodedvalue();
  1402. }
  1403. // Set the 'default=true' parameter for first database..
  1404. if ($setting->name == "database" && $firstDB) {
  1405. $parms[] = true;
  1406. $firstDB = false;
  1407. }
  1408. // Apply the RESPONSE setting..
  1409. call_user_method_array($methodname, $RESPONSE, $parms);
  1410. }
  1411. }
  1412.  
  1413. // UNICODE INCLUDE..
  1414. // If the above loop brought in the multilang setting as true
  1415. // then we will be needing the Unicode functions..
  1416. if ($RESPONSE->multilang) {
  1417. include_once("unicode-defs.php");
  1418. }
  1419.  
  1420. // Default webmaster, and webmaster email..
  1421. if ($WEBMASTER_PERSON == "") {
  1422. $WEBMASTER_PERSON = "The " . ((APP_NAME != "") ? (APP_NAME . " ") : "") . "Webmaster";
  1423. }
  1424. if ($WEBMASTER_EMAIL == "") {
  1425. $WEBMASTER_EMAIL = "webmaster@" . $this->http_host;
  1426. }
  1427.  
  1428. // Debugging control..
  1429. $debugging = $application->getparameter("debug_on", "debug_on");
  1430. if ($debugging) {
  1431. debug_on($application->getparameter("debug_classes", "debug_classes"));
  1432. debug_output($application->getparameter("debug_output", "debug_output"));
  1433. }
  1434.  
  1435. // Make some checks/adjustments..
  1436. if ($RESPONSE->browser == BROWSER_NONE
  1437. || $RESPONSE->browser == BROWSER_PHONE) {
  1438. $RESPONSE->set_keep(false);
  1439. }
  1440.  
  1441. // Turm relative references to web docroot absolute..
  1442. if (isset($TEMPLATESDIR) && substr($TEMPLATESDIR,0,1) != "/") {
  1443. $TEMPLATESDIR = "/$TEMPLATESDIR";
  1444. }
  1445. if (isset($IMAGESDIR) && substr($IMAGESDIR,0,1) != "/") {
  1446. $IMAGESDIR = "/$IMAGESDIR";
  1447. }
  1448. if (isset($CMDIR) && substr($CMDIR,0,1) != "/") {
  1449. $CMDIR = "/$CMDIR";
  1450. }
  1451. if (isset($CATALOGDIR) && substr($CATALOGDIR,0,1) != "/") {
  1452. $CATALOGDIR = "/$CATALOGDIR";
  1453. }
  1454. if (isset($INCDIR) && substr($INCDIR,0,1) != "/") {
  1455. $INCDIR = "/$INCDIR";
  1456. }
  1457.  
  1458. // No longer required..
  1459. unset($application);
  1460. // Activate the response, determine user etc..
  1461. $RESPONSE->activate();
  1462. }
  1463.  
  1464. // -----------------------------------------------------------------------
  1465. ?>

Documentation generated by phpDocumentor 1.3.0RC3