Source for file response-defs.php

Documentation is available at response-defs.php

  1. <?php
  2. /* ******************************************************************** */
  3. /* CATALYST PHP Source Code */
  4. /* -------------------------------------------------------------------- */
  5. /* This program is free software; you can redistribute it and/or modify */
  6. /* it under the terms of the GNU General Public License as published by */
  7. /* the Free Software Foundation; either version 2 of the License, or */
  8. /* (at your option) any later version. */
  9. /* */
  10. /* This program is distributed in the hope that it will be useful, */
  11. /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
  12. /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
  13. /* GNU General Public License for more details. */
  14. /* */
  15. /* You should have received a copy of the GNU General Public License */
  16. /* along with this program; if not, write to: */
  17. /* The Free Software Foundation, Inc., 59 Temple Place, Suite 330, */
  18. /* Boston, MA 02111-1307 USA */
  19. /* -------------------------------------------------------------------- */
  20. /* */
  21. /* Filename: response-defs.php */
  22. /* Author: Paul Waite */
  23. /* Description: Definitions for managing the RESPONSE object. */
  24. /* */
  25. /* ******************************************************************** */
  26. /** @package core */// AUTHENTICATION OPTIONS
  27. /** Authentication option: Redundant case, no authentication */
  28. ("NO_AUTHENTICATION", 0 );
  29. /** Authentication option: Browser popup form */
  30. ("HTTP_AUTHENTICATION", 1 );
  31. /** Authentication option: Username/password from custom form fields */
  32. ("FORM_AUTHENTICATION", 2 );
  33.  
  34. // -----------------------------------------------------------------------
  35. // RESPONSE COMPRESSION OPTIONS
  36.  
  37. /** Webpage compression: None. Just straight HTML */
  38. ("NO_COMPRESSION", 0 );
  39. /** Webpage compression: Use the builtin Php compression system. Requires Php >= v4.04 */
  40. ("BUILTIN_COMPRESSION", 1 );
  41. /** Webpage compression: Use custom Phplib compression. For Php < v4.04 */
  42. ("CUSTOM_COMPRESSION", 2 );
  43.  
  44. // -----------------------------------------------------------------------
  45. // FAILED AUTHENTICATION RESPONSE OPTIONS
  46. // Here's what we can do when the user fails authentication.
  47.  
  48.  
  49.  
  50. /** Failed authentication: Die, with 'not authorised' message. */
  51. ("AUTHFAIL_DIE_MSG", 0);
  52. /** Failed authentication: Die silently. */
  53. ("AUTHFAIL_DIE_SILENT", 1);
  54. /** Failed authentication: Re-direct to specified URL. */
  55. ("AUTHFAIL_REDIRECT", 2);
  56. /** Failed authentication: Welcome the user as a guest instead. */
  57. ("AUTHFAIL_GUEST", 3);
  58.  
  59. // -----------------------------------------------------------------------
  60. // KEEP OPTIONS
  61.  
  62. /** Enable keeping variables across requests using Php session handling */
  63. ("KEEP_ENABLED", true );
  64. /** Disable keeping variables across requests using Php session handling */
  65. ("KEEP_DISABLED", false );
  66.  
  67. // -----------------------------------------------------------------------
  68. // METADATA OPTIONS
  69.  
  70. /** Enable metadata editing and generation enhancements */
  71. ("METADATA_ENABLED", true );
  72. /** Disable metadata editing and generation enhancements */
  73. ("METADATA_DISABLED", false );
  74.  
  75. // -----------------------------------------------------------------------
  76. // MICROSITE OPTIONS
  77.  
  78. /** Enable microsites editing and generation enhancements */
  79. ("MICROSITES_ENABLED", true );
  80. /** Disable microsites editing and generation enhancements */
  81. ("MICROSITES_DISABLED", false );
  82.  
  83. // -----------------------------------------------------------------------
  84. // MULIT-LANGUAGE OPTIONS
  85.  
  86. /** Enable multi-language extensions */
  87. ("MULTILANG_ENABLED", true );
  88. /** Disable multi-language extensions */
  89. ("MULTILANG_DISABLED", false );
  90.  
  91. // -----------------------------------------------------------------------
  92. // BROWSER MAKES
  93. // We recognise Internet Explorer, Mozilla (includes Netscape), and then
  94. // class all the others under the "other" umbrella. Other browsers may
  95. // be added in the future as requirements dictate.
  96.  
  97.  
  98.  
  99. /** Microsoft internet Explorer */
  100. ("BROWSER_IE", "msie");
  101. /** Netscape, Mozilla */
  102. ("BROWSER_MOZILLA", "mozilla");
  103. /** Netscape only, this is Mozilla <5.0 */
  104. ("BROWSER_NETSCAPE", "netscape");
  105. /** Opera */
  106. ("BROWSER_OPERA", "opera");
  107. /** Browser detection: Any WAP phone browser */
  108. ("BROWSER_PHONE", "phone");
  109. /** Browser detection: Other browsers */
  110. ("BROWSER_OTHER", "other");
  111. /** Browser detection: No browser; command line interface */
  112. ("BROWSER_NONE", "none");
  113.  
  114. // -----------------------------------------------------------------------
  115. // DEFAULT DTD's
  116.  
  117. /** These Document Type Definition specifier strings are the defaults
  118. * which are used in the event that (a) they are not specified in the
  119. * application.php file, and (b) not specified in the template(s).
  120. */
  121. $DEFAULT_DTD = array(
  122. BROWSER_TYPE_HTML => "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\">",
  123. BROWSER_TYPE_WML => "<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.1//EN\" \"http://www.wapforum.org/DTD/wml_1.1.xml\">"
  124. );
  125.  
  126. // -----------------------------------------------------------------------
  127. /** List of recognition patterns for web-browsers. */
  128. = "(wget)"
  129. . "|(mozilla)"
  130. . "|(opera)"
  131. . "|(lynx)"
  132. . "|(msie)"
  133. . "|(konqueror)"
  134. . "|(libwww-perl)"
  135. ;
  136. /** List of recognition patterns for WAP-phones. */
  137. = "(UP\.Browser)"
  138. . "|(Nokia)"
  139. . "|(Sharp)"
  140. . "|(Panasonic)"
  141. . "|(Ericsson)"
  142. . "|(SonyEricsson)"
  143. ;
  144.  
  145. // -----------------------------------------------------------------------
  146. // SET APPLICATION DEFINES & GLOBALS
  147. // At this point the document root should be set, but if not we fall back
  148. // to the current working directory..
  149.  
  150. if (empty($DOCUMENT_ROOT)) {
  151. $DOCUMENT_ROOT = getcwd();
  152. }
  153. if (file_exists("$DOCUMENT_ROOT/application.xml")) {
  154. /** Application management classes */
  155. ("application-defs.php");
  156. $application = new application("$DOCUMENT_ROOT/application.xml");
  157. if ($application->valid) {
  158. foreach ($application->definitions as $defname => $defval) {
  159. define($defname, $defval);
  160. }
  161. foreach ($application->globals as $globname => $globval) {
  162. $$globname = $globval;
  163. }
  164. }
  165. }
  166.  
  167. // -----------------------------------------------------------------------
  168. // SITE CLOSED CHECK
  169. // We implement a nice simple method of closing a website without
  170. // recourse to using the database which may of course be down for some
  171. // maintenance. If this file exists, we always display it, and exit..
  172.  
  173. if (file_exists("$DOCUMENT_ROOT/closed.php")) {
  174. include("$DOCUMENT_ROOT/closed.php");
  175. exit;
  176. }
  177.  
  178. // -----------------------------------------------------------------------
  179. // REQUIRED SYSTEM INCLUDES
  180.  
  181. /** Various constants */
  182. ("constants.php");
  183. /** MIME types and categories */
  184. ("mime-types.php");
  185. /** Simple anti-hack filtering */
  186. ("antihack.php");
  187. /** Basic renderable classes */
  188. ("renderable.php");
  189. /** Filesystem access classes */
  190. ("file-defs.php");
  191. /** Database query classes */
  192. ("query-defs.php");
  193. /** Built-in debugger */
  194. ("debugger.php");
  195. /** User identification and management */
  196. ("user-defs.php");
  197. /** Misc. utility functions */
  198. ("utils.php");
  199. /** User session management */
  200. ("session-defs.php");
  201. /** Generic configuration classes */
  202. ("configuration-defs.php");
  203. /** Database access classes */
  204. ("database-defs.php");
  205. /** Php globals management */
  206. ("globals-defs.php");
  207. /** Axyl keep-alive classes */
  208. ("keep-defs.php");
  209. /** Core webpage classes */
  210. ("webpage-defs.php");
  211.  
  212. // -----------------------------------------------------------------------
  213. /**
  214. * THE RESPONSE CLASS
  215. * This object is a container for all things to do with the response which
  216. * we will send back to the requester (the client browser). It is a
  217. * descendant of the webpage class, and before that, the session and the
  218. * user classes.
  219. *
  220. * If you use the Phplib framework then a response object is automatically
  221. * instantiated for you. This object is assigned to the global variable
  222. * called $RESPONSE. The framework also sets up the response parameters,
  223. * and then calls the activate() method.
  224. * @package core
  225. */
  226. class response extends webpage {
  227. // Public
  228. /** The make of browser */
  229.  
  230. var $browser;
  231. /** The version of browser requesting this response */
  232.  
  233. var $browser_version = 0;
  234. /** The type of browser requesting this response */
  235.  
  236. var $browser_type = BROWSER_TYPE_HTML;
  237. /** The user-agent */
  238.  
  239. var $user_agent = "";
  240. /** The remote IP address */
  241.  
  242. var $remote_address = "";
  243. /** The browser accept string, as submitted by user-agent */
  244.  
  245. var $accept = "";
  246. /** The browser accept-encoding string */
  247.  
  248. var $accept_encoding = "";
  249. /** The browser accept-language string */
  250.  
  251. var $accept_language = "";
  252. /** Whether we are in multi-language mode or not, If this is true then
  253. we enable facilities to set language tags on webpages, and also
  254. deliver http content encoded in UTF-8. */
  255. var $multilang = false;
  256. /** IDs of all languages contained in this page */
  257.  
  258. var $languages = array();
  259. /** Charset for this page */
  260.  
  261. var $charset = "ISO-8859-1";
  262. /** Page ID - key to ax_sitepage record */
  263.  
  264. var $page_id;
  265. /** Whether we have multi-byte string fns available */
  266.  
  267. var $mbstring_avail = false;
  268. /** Datasources associated with this response */
  269.  
  270. var $datasource;
  271. /** Metadata edit/generation mode we are in */
  272.  
  273. var $metadata_mode = METADATA_DISABLED;
  274. /** Microsites edit/generation mode we are in */
  275.  
  276. var $microsites_mode = MICROSITES_DISABLED;
  277. /** Name of the microsite detected, or undefined */
  278.  
  279. var $microsite_detected;
  280. /** The URL of this website */
  281.  
  282. var $site_url;
  283. /** The host of this website ie. 'foo.thingy.co.nz' */
  284.  
  285. var $http_host;
  286. /** Path to the site document root */
  287.  
  288. var $site_docroot;
  289. /** Path to the requested script/page */
  290.  
  291. var $requested;
  292. /** Query string (if any) supplied to requested page */
  293.  
  294. var $requested_query;
  295.  
  296. // Private
  297. /** Buffering option to use
  298. @access private */
  299. var $buffering_mode = BUFFERED;
  300. /** Array of hosts we wish to connect persistently to
  301. @access private */
  302. var $persistent_hosts = array();
  303. /** Compression type to use for response content
  304. @access private */
  305. var $compression_type;
  306. /** Minimum size in bytes before invoking compression
  307. @access private */
  308. var $compression_minsize;
  309. /** The debugger for this response
  310. @access private */
  311. var $debugger;
  312. /** Type of authentication in effect
  313. @access private */
  314. var $auth_type;
  315. /** Option to take on auth failure
  316. @access private */
  317. var $auth_fail_option;
  318. /** URL to redirect to on auth failure
  319. @access private */
  320. var $auth_fail_redirect;
  321. /** Our keep enabled flag (default enabled)
  322. @access private */
  323. var $keep_enabled = KEEP_ENABLED;
  324. /** Our keep. Keeps variables alive in session
  325. @access private */
  326. var $keep;
  327. /** Globals object. Manages the global vars in this response
  328. @access private */
  329. var $globals;
  330. /** Cache control directive, usually passed on URL
  331. @access private */
  332. var $cachecontrol;
  333. /** Dynamic page expiry in seconds. Time to allow a dynamic page to
  334. 'live' in user browser. Note this defaults to -1, which means
  335. 'in the past', and which causes us to force the users browser
  336. to NOT cache the page at all, and revalidate every time.
  337. @access private */
  338. var $page_expiry_secs = -1;
  339. /** Array of DTD specifiers for this response. @see set_dtd()
  340. @access private */
  341. var $DTD;
  342. // ...................................................................
  343. /**
  344. * Constructor
  345. * Create a new response.
  346. * One of these objects must be created to respond to each request
  347. * from the user agent for a webpage. This object manages that response
  348. * and is a central marshalling point for all data and functions
  349. * associated with that process. A response object is automatically
  350. * created for you at the bottom of this module, and is assigned to
  351. * the global variable $RESPONSE.
  352. */
  353. function response() {
  354. // Initialise DTD array..
  355. global $DEFAULT_DTD;
  356. $this->DTD = $DEFAULT_DTD;
  357. $this->mbstring_avail = extension_loaded("mbstring");
  358.  
  359. // Create the debugger..
  360. $this->debugger = new webdebugger();
  361.  
  362. // Create the globaliser..
  363. $this->globals = new globals();
  364.  
  365. // Globalise all server vars..
  366. $this->register(
  367. "DOCUMENT_ROOT," // List of Web Server vars to globalise.
  368. . "^HTTP_.*," // Note the use of Perl regex to specify
  369. . "^REMOTE_.*," // groups of server vars to globalise.
  370. . "^SERVER_.*,"
  371. . "PATH,"
  372. . "SCRIPT_FILENAME,"
  373. . "PHP_SELF,"
  374. . "UNIQUE_ID,"
  375. . "GATEWAY_INTERFACE,"
  376. . "SERVER_PROTOCOL,"
  377. . "REQUEST_METHOD,"
  378. . "QUERY_STRING,"
  379. . "REQUEST_URI,"
  380. . "SCRIPT_NAME,"
  381. . "PATH_TRANSLATED,"
  382. . "PHP_SELF"
  383. ,
  384. "server"
  385. );
  386.  
  387. // Globalise vars used for login/logout..
  388. $this->register(
  389. "tbxUsername,user"
  390. . "tbxPassword,pass"
  391. . "tbxLogoff,"
  392. . "chkRememberMe,"
  393. . "authid,"
  394. . "auth_code,"
  395. . "admin_auth_code,"
  396. . "PHP_AUTH_USER,"
  397. . "PHP_AUTH_PW,"
  398. . "MAX_FILE_SIZE,"
  399. . "cachecontrol,"
  400. . "^_.*,"
  401. . "^recmaint.*,"
  402. . "theme"
  403. ,
  404. "get,post"
  405. );
  406.  
  407. // Do the globalisation thing..
  408. $this->globalise();
  409.  
  410. // Some globals we need to use right now..
  411. global $HTTP_USER_AGENT;
  412. global $HTTP_HOST;
  413. global $REMOTE_ADDR;
  414. global $PHP_SELF;
  415. global $SCRIPT_NAME;
  416. global $QUERY_STRING;
  417. global $WEB_BROWSERS, $WAP_PHONES;
  418. global $DOCUMENT_ROOT;
  419.  
  420. // Initialise some vars..
  421. $this->initialise();
  422.  
  423. // BROWSER TYPE IDENTIFICATION..
  424. $this->user_agent = $HTTP_USER_AGENT;
  425. $this->remote_address = $REMOTE_ADDR;
  426. $this->browser_type = $this->get_browser_type();
  427.  
  428. // WEB-BROWSER IDENTIFICATION..
  429. switch ($this->browser_type) {
  430. case BROWSER_TYPE_CLI:
  431. $this->browser = BROWSER_NONE;
  432. $this->browser_version = "";
  433. // The site Domain and URL..
  434. $this->http_host = trim(`hostname --fqdn`);
  435. $this->site_url = "http://$this->http_host";
  436. $this->site_docroot = getcwd();
  437. // For debugging, set output mode..
  438. $this->debugger->debug_output(DBG_O_CLI);
  439. break;
  440.  
  441. case BROWSER_TYPE_WML:
  442. case BROWSER_TYPE_WMLUP:
  443. $this->browser = BROWSER_PHONE;
  444. $this->browser_version = "";
  445. // The site Domain and URL..
  446. $this->http_host = $HTTP_HOST;
  447. $this->site_url = "http://$this->http_host";
  448. $this->site_docroot = $DOCUMENT_ROOT;
  449. break;
  450.  
  451. case BROWSER_TYPE_HTML:
  452. case BROWSER_TYPE_XHTML:
  453. // First try to determine browser version. We assume that the people
  454. // who made it will be sticking to the rule that the first word
  455. // is the browser/version string.
  456. $agentbits = explode(" ", $HTTP_USER_AGENT);
  457. $verbits = explode("/", $agentbits[0]);
  458. if (is_numeric((float) $verbits[1])) {
  459. $this->browser_version = $verbits[1];
  460. }
  461. // OPERA
  462. if (eregi("opera", $HTTP_USER_AGENT)) {
  463. $this->browser = BROWSER_OPERA;
  464. if (preg_match("/.* opera (.+) .*/i", $HTTP_USER_AGENT, $matches)) {
  465. if (is_numeric((float) $matches[1])) {
  466. $this->browser_version = $matches[1];
  467. }
  468. }
  469. }
  470. // INTERNET EXPLORER
  471. // Determine flavour of browser. Practicality means that we
  472. // resolve this down to either IE or Netscape/Mozilla
  473. elseif (eregi("msie", $HTTP_USER_AGENT)) {
  474. $this->browser = BROWSER_IE;
  475. // IE has its own version number..
  476. if (preg_match("/.* msie (.+); .*/i", $HTTP_USER_AGENT, $matches)) {
  477. if (is_numeric((float) $matches[1])) {
  478. $this->browser_version = $matches[1];
  479. }
  480. }
  481. }
  482. // MOZILLA - NETSCAPE 4.xx
  483. elseif (eregi("mozilla", $HTTP_USER_AGENT)) {
  484. $this->browser = BROWSER_MOZILLA;
  485. // The Mozilla engine with version nos. less than 5.0 is
  486. // in fact that old dog the Netscape browser..
  487. if ($this->browser_version > 0 && $this->browser_version < 5) {
  488. $this->browser = BROWSER_NETSCAPE;
  489. }
  490. }
  491. // MOBILE PHONES..
  492. elseif (eregi($WAP_PHONES, $HTTP_USER_AGENT)) {
  493. $this->browser = BROWSER_PHONE;
  494. }
  495. // OTHER WEB BROWSER
  496. // This might be an xhtml-compatible phone or a
  497. // PDA of some kind, who knows..
  498. else {
  499. $this->browser = BROWSER_OTHER;
  500. }
  501.  
  502. // The site Domain and URL..
  503. $this->http_host = $HTTP_HOST;
  504. $this->site_url = "http://$this->http_host";
  505. $this->site_docroot = $DOCUMENT_ROOT;
  506. break;
  507.  
  508. default:
  509. $this->browser = BROWSER_NONE;
  510. $this->browser_version = "";
  511. // The site Domain and URL..
  512. $this->http_host = $HTTP_HOST;
  513. $this->site_url = "http://$this->http_host";
  514. $this->site_docroot = $DOCUMENT_ROOT;
  515. } // switch
  516.  
  517. if (dirname($PHP_SELF) != "/") {
  518. $this->site_url .= dirname($PHP_SELF);
  519. }
  520.  
  521. // Possible cache control directive. This is usually
  522. // passed in on the URL to force refresh or something..
  523. global $cachecontrol;
  524. if (isset($cachecontrol)) {
  525. $this->cachecontrol = strtolower($cachecontrol);
  526. }
  527.  
  528. // The page being requested and the query string.
  529. // These are just our local copies..
  530. $this->requested = "";
  531. $this->requested_query = "";
  532. if (isset($SCRIPT_NAME)) {
  533. $this->requested = $SCRIPT_NAME;
  534. }
  535. if (isset($QUERY_STRING)) {
  536. $this->requested_query = $QUERY_STRING;
  537. }
  538.  
  539. // Set default charset according to browser type.
  540. // This is just the initial setting & can be overriden..
  541. switch ($this->browser_type) {
  542. case BROWSER_TYPE_WML:
  543. case BROWSER_TYPE_WMLUP:
  544. $this->charset = "UTF-8";
  545. break;
  546. default:
  547. $this->charset = "ISO-8859-1";
  548. }
  549. } // response
  550. // ...................................................................
  551. /**
  552. * Initialise values
  553. * Initialise our main response parameters to normal values.
  554. * @access private
  555. */
  556. function initialise() {
  557. $this->cookiename = "session_id";
  558. $this->compression_type = NO_COMPRESSION;
  559. $this->compression_minsize = 0;
  560. $this->persistent_hosts = array();
  561. $this->auth_type = FORM_AUTHENTICATION;
  562. $this->auth_fail_option = AUTHFAIL_GUEST;
  563. $this->auth_fail_redirect = "";
  564. $this->multilang = MULTILANG_DISABLED;
  565. } // initialise
  566. // ...................................................................
  567. /**
  568. * Determine the browser type
  569. * Examines the headers, if we are running as an apache module and
  570. * returns the browser type accordingly. If we are not running as
  571. * an apache module returns 'cgi' (command line).
  572. * @access private
  573. */
  574. function get_browser_type() {
  575. global $HTTP_USER_AGENT;
  576. global $WEB_BROWSERS, $WAP_PHONES;
  577.  
  578. // Starting point..
  579. $type = BROWSER_TYPE_UNKNOWN;
  580.  
  581. // If webserver then detect, else CLI script..
  582. if (isset($HTTP_USER_AGENT) && $HTTP_USER_AGENT != "") {
  583. // Determine accept headers..
  584. $headers = getallheaders();
  585. $this->accept = trim($headers["Accept"]);
  586. $this->accept_encoding = trim($headers["Accept-Encoding"]);
  587. $this->accept_language = trim($headers["Accept-Language"]);
  588.  
  589. // STANDARD BROWSERS - User Agent Detection
  590. if (eregi($WEB_BROWSERS, $HTTP_USER_AGENT)) {
  591. $type = BROWSER_TYPE_HTML;
  592. }
  593. // WAP PHONES - User Agent Detection
  594. elseif (eregi($WAP_PHONES, $HTTP_USER_AGENT)) {
  595. $type = BROWSER_TYPE_WML;
  596. }
  597.  
  598. // GENERIC - Accept Encodings Detection
  599. // This might override the more general user-agent detection
  600. // phase which has been undertaken above. Note that Vodafone
  601. // gateways do not pass through Accept headers.
  602. if (stristr($this->accept, "application/vnd.wap")) $type = BROWSER_TYPE_WML;
  603. elseif (stristr($this->accept, "text/vnd.wap")) $type = BROWSER_TYPE_WML;
  604. elseif (stristr($this->accept, "application/xhtml")) $type = BROWSER_TYPE_XHTML;
  605. elseif (stristr($this->accept, "text/html")) $type = BROWSER_TYPE_HTML;
  606.  
  607. // A bit of post-processing for WAP phones which
  608. // might have Phone.com extensions..
  609. if ($type == BROWSER_TYPE_WML) {
  610. if (stristr($this->accept, "application/x-up")
  611. || stristr($this->accept, "application/vnd.phonecom")
  612. ) {
  613. $type = BROWSER_TYPE_WMLUP;
  614. }
  615. elseif (eregi("(up)", $HTTP_USER_AGENT)) {
  616. $type = BROWSER_TYPE_WMLUP;
  617. }
  618. }
  619. }
  620. else {
  621. // Default browser type to CLI (command line)..
  622. $type = BROWSER_TYPE_CLI;
  623. }
  624.  
  625. // Fallback to default if unknown..
  626. if ($type == BROWSER_TYPE_UNKNOWN) {
  627. $type = BROWSER_TYPE_DEFAULT;
  628. }
  629. return $type;
  630. } // get_browser_type
  631. // .....................................................................
  632. /**
  633. * Set the DTDs array for all possible content types for this webpage.
  634. * The array is associative, with content type as the key, and the
  635. * DTD specifier as the value. Currently we only support two content
  636. * types: "html" and "wml".
  637. * @param array $DTD Array of DTD specifiers per content type
  638. */
  639. function set_dtd($DTD) {
  640. if (is_array($DTD)) {
  641. $this->DTD = $DTD;
  642. }
  643. } // set_dtd
  644. // ...................................................................
  645. /**
  646. * Set up the page attributes for our response. This is an important
  647. * call, and should be made just after including response-defs.php in
  648. * your source code. It sets up the page title, the template file which
  649. * defines the page structure, the theme and stylesheet.
  650. * @param string $title Webpage title string
  651. * @param string $template Template for this webpage
  652. * @param string $theme Theme to apply. This is for branding purposes
  653. * @param string $stylesheet Name of stylesheet to use eg: 'sitestyle.css'
  654. * @param string $dtd Override the DTD specifier for page
  655. */
  656. function page($title="", $template="main", $theme="", $stylesheet="", $dtd="") {
  657. // The ordering of these calls is important, since the
  658. // theme setting influences the path settings for the
  659. // template and the stylesheet..
  660. $this->set_title($title);
  661. $this->set_theme($theme);
  662. $this->set_template($template);
  663. $this->set_stylesheet($stylesheet);
  664. if ($dtd != "") {
  665. $this->head->set_dtd($dtd);
  666. }
  667. $this->check_group_membership();
  668. debug("page: template '$template' ", DBG_DEBUG);
  669. if ($theme != "") {
  670. debugbr("theme '$theme'", DBG_DEBUG);
  671. }
  672. else {
  673. debugbr(" (default theme)", DBG_DEBUG);
  674. }
  675. } // page
  676. // ...................................................................
  677. /**
  678. * Set up the Wap page (card) attributes for our response. This is
  679. * the exact equivalent to the page() method above, but for WAP
  680. * phones instead.
  681. * @param string $title Card title string
  682. * @param string $template Template for this WML card
  683. * @param string $theme Theme to apply. This is for branding purposes
  684. * @param string $stylesheet Name of stylesheet to use eg: 'sitestyle.css'
  685. * @param string $dtd Override the DTD specifier for WML page
  686. */
  687. function card($title="", $template="main", $theme="", $stylesheet="", $dtd="") {
  688. if ($this->browser != BROWSER_PHONE) {
  689. // Enable normal browsers to see Wap content..
  690. include_once("wml-defs.php");
  691. $this->body = new deck($title, $template, $theme, $stylesheet);
  692. }
  693. $this->page($title, $template, $theme, $stylesheet, $dtd);
  694. global $CARD;
  695. $CARD = new WMLcard(basename($template), $this->head->title);
  696. $this->check_group_membership();
  697. return $CARD;
  698. } // card
  699. // ...................................................................
  700. /**
  701. * Activate response
  702. * Activate the response object. This isn't done in the constructor
  703. * so that the application code can make various calls etc. to set
  704. * up the environment for the response, such as session parameters.
  705. * After this setup phase is complete, then this function is called.
  706. * @access private
  707. */
  708. function activate() {
  709. global $CONTEXT;
  710. global $tbxUsername, $user; // Username submitted by user form
  711. global $tbxPassword, $pass; // Password submitted
  712. global $tbxLogoff; // Logoff sequence submission
  713. global $PHP_AUTH_USER; // HTTP Authentication username
  714. global $PHP_AUTH_PW; // HTTP Authentication password
  715. global $cachecontrol; // Cache/page expiry control override
  716.  
  717. debug_trace($this);
  718.  
  719. // Set site-wide language, if multi-language mode, and given..
  720. if ($this->multilang) {
  721. debugbr("multilang: multi-language mode is enabled", DBG_DEBUG);
  722. if ($this->mbstring_avail) {
  723. mb_internal_encoding("UTF-8");
  724. mb_http_output("UTF-8");
  725. }
  726. // Use the session-specific language if present. How this session
  727. // var gets set is entirely application-specific. If it is defined
  728. // then it becomes the 'default' language by virtue of being first..
  729. if (isset($this->session_record["lang_id"]) && $this->session_record["lang_id"] != "") {
  730. $this->add_language($this->session_record["lang_id"]);
  731. }
  732. // Otherwise, use the language defaults. These are again in an
  733. // order, with the first one the designated default..
  734. else {
  735. $q = "SELECT lang_id FROM ax_language";
  736. $q .= " WHERE enabled=TRUE";
  737. $q .= " AND is_default=TRUE";
  738. $q .= " ORDER BY display_order";
  739. $langs = dbrecordset($q);
  740. if ($langs->hasdata) {
  741. do {
  742. $this->add_language( $langs->field("lang_id") );
  743. } while ($langs->get_next());
  744. }
  745. }
  746. } // multilang
  747.  
  748. // Create our parent webpage object now. We do not do this in
  749. // the constructor, due to timing. Only at this point do we
  750. // know what type of browser (html or wml) it is, and have
  751. // the relevant library included to support it..
  752. $this->webpage();
  753.  
  754. // Map alternative fieldnames onto standard ones..
  755. if (isset($user) && !isset($tbxUsername)) $tbxUsername = $user;
  756. if (isset($pass) && !isset($tbxPassword)) $tbxPassword = $pass;
  757.  
  758. // Always disable buffering mode for command-line..
  759. if ($this->browser_type == BROWSER_TYPE_CLI) {
  760. $this->set_buffering_mode(UNBUFFERED);
  761. }
  762.  
  763. // See if we should disable webpage buffering..
  764. if ($this->buffering_mode == UNBUFFERED) {
  765. $this->discard();
  766. $this->buffered = false;
  767. }
  768.  
  769. // Check flag to see if we have to globalise everything in
  770. // sight. If this is the case, it is probably due to the website
  771. // being broken by setting 'register_globals = Off' in php.ini.
  772. if ($this->globalise_all) {
  773. $this->globals->globalise_all();
  774. }
  775. else {
  776. // By now we have the actual cookie name, so we make
  777. // sure it is globalised..
  778. $this->globalise($this->cookiename, "cookie");
  779. }
  780.  
  781. // Browser announcement
  782. $msg = "browser: $this->browser";
  783. if ($this->browser_version != "") $msg .= "/$this->browser_version";
  784. $msg .= " ($this->browser_type)";
  785. debugbr($msg, DBG_DEBUG);
  786. debugbr("accept=[$this->accept]", DBG_DEBUG);
  787. debugbr("UA=[$this->user_agent]", DBG_DEBUG);
  788.  
  789. if ($this->browser != BROWSER_NONE) {
  790. // HTTP AUTHENTICATION
  791. if ($this->auth_type == HTTP_AUTHENTICATION) {
  792. debugbr("HTTP Authentication", DBG_DEBUG);
  793. if (!isset($PHP_AUTH_USER)) {
  794. debugbr("NOT Got PHP_AUTH_USER - sending HTTP auth headers", DBG_DEBUG);
  795. header("WWW-Authenticate: Basic realm=\"" . APP_NAME . "\"");
  796. header("HTTP/1.0 401 Unauthorized");
  797. return;
  798. }
  799. else {
  800. // Get the HTTP authentication variables..
  801. debugbr("Got PHP_AUTH_USER '$PHP_AUTH_USER', PHP_AUTH_PS '$PHP_AUTH_PW'", DBG_DEBUG);
  802. if ($this->get_session_cookie()) {
  803. debugbr("We already have a valid session..", DBG_DEBUG);
  804. if ($this->identify_user()
  805. && $this->userid == "guest"
  806. && strtolower($PHP_AUTH_USER != "guest")
  807. ) {
  808. debugbr("But overriding guest session with supplied HTTP Auth login..", DBG_DEBUG);
  809. $tbxUsername = $PHP_AUTH_USER;
  810. if (isset($PHP_AUTH_PW)) $tbxPassword = $PHP_AUTH_PW;
  811. else $tbxPassword = "";
  812. }
  813. }
  814. else {
  815. // Transform it into our own kind of login sequence..
  816. debugbr("Transforming it into our own kind of login..", DBG_DEBUG);
  817. $tbxUsername = $PHP_AUTH_USER;
  818. if (isset($PHP_AUTH_PW)) $tbxPassword = $PHP_AUTH_PW;
  819. else $tbxPassword = "";
  820. }
  821. }
  822. } // HTTP Auth
  823. else {
  824. debugbr("FORM Authentication.", DBG_DEBUG);
  825. }
  826. }
  827.  
  828. // IDENTIFY USER, LOGIN
  829. $logged_in = true;
  830. $retries = 2;
  831. do {
  832. // Create the user's keep if enabled..
  833. if ( $this->keep_enabled
  834. && $this->browser != BROWSER_NONE
  835. && $this->browser != BROWSER_PHONE
  836. ) {
  837. $this->keep = new keep("CATITKEEP" . APP_PREFIX, $this->lifetime);
  838. // Deal with logoff activity..
  839. if (isset($tbxLogoff) && $tbxLogoff == "Logoff") {
  840. $this->keep->forgetall();
  841. }
  842. }
  843.  
  844. // Get the session to login the user. We expect this step
  845. // to succeed unless they mucked up a login sequence, or
  846. // someone is hacking on our website..
  847. if (!$this->identify_user()) {
  848. // Deal with authentication/session create failure..
  849. debugbr("response-defs: user not identified.", DBG_DEBUG);
  850. if (!$this->isvalid()) {
  851. debugbr("response-defs: user invalid.", DBG_DEBUG);
  852. // Make sure the cookie is removed..
  853. $this->delete_cookie();
  854. if ($this->keep_enabled) {
  855. $this->keep->delete();
  856. }
  857.  
  858. switch ($this->auth_fail_option) {
  859. case AUTHFAIL_DIE_MSG:
  860. $this->crash(401, $this->error_message);
  861. break;
  862.  
  863. case AUTHFAIL_DIE_SILENT:
  864. $this->crash();
  865. break;
  866.  
  867. case AUTHFAIL_REDIRECT:
  868. header("Location: $this->auth_fail_redirect");
  869. break;
  870.  
  871. // AUTHFAIL_GUEST and friends..
  872. default:
  873. if (isset($tbxUsername) && strtolower($tbxUsername) == "guest") {
  874. // Failed guest login should not happen if the guest user
  875. // exists and its 'enabled' flag is true..
  876. $this->crash(401, "Guest logins are not permitted.");
  877. }
  878. else {
  879. // Unset everything they might be logging in with, so that
  880. // the system will default them into guest mode..
  881. if (isset($tbxUsername)) {
  882. debugbr("AUTHFAIL_GUEST: tbxUsername is set '$tbxUsername', setting it to guest.", DBG_DEBUG);
  883. $tbxUsername = "guest";
  884. $tbxPassword = "";
  885. }
  886. if (isset($authid)) unset($authid);
  887. $logged_in = false;
  888. }
  889. break;
  890. } // switch
  891. }
  892. // Otherwise we failed authentication, but the user was
  893. // valid - a very strange state of affairs..!
  894. else {
  895. debugbr("user valid but not auth! userid='$this->userid'", DBG_DEBUG);
  896. if ($this->authfail_option != AUTHFAIL_SILENT) {
  897. $this->crash(500, "No session!");
  898. }
  899. else die();
  900. }
  901. // Countdown for retries..
  902. $retries -= 1;
  903. } // if !identify_user
  904. else {
  905. // Affirm user identified..
  906. $logged_in = true;
  907. }
  908. } while (!$logged_in && $retries > 0);
  909.  
  910. // If login failed, then we have no options left..
  911. if (!$logged_in) {
  912. if ($this->authfail_option != AUTHFAIL_SILENT) {
  913. $this->crash(401);
  914. }
  915. else die();
  916. }
  917.  
  918. // CONTENT TYPE HEADER
  919. $this->set_encoding();
  920.  
  921. // CACHE HEADERS
  922. switch ($this->browser_type) {
  923. case BROWSER_TYPE_HTML:
  924. case BROWSER_TYPE_XHTML:
  925. header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
  926. if ($this->page_expiry_secs == -1 || (isset($cachecontrol) && $cachecontrol == "dynamic")) {
  927. header("Expires: Thu, 1 Jan 1970 01:00:00 GMT");
  928. header("Cache-Control: no-cache, must-revalidate");
  929. header("Pragma: no-cache");
  930. debugbr("page expiry: no cache", DBG_DEBUG);
  931. }
  932. else {
  933. $expirysecs = time() + $this->page_expiry_secs;
  934. header("Expires: " . gmdate("D, d M Y H:i:s", $expirysecs) . " GMT");
  935. debugbr("page expiry: cache for $this->page_expiry_secs seconds", DBG_DEBUG);
  936. }
  937. break;
  938.  
  939. case BROWSER_TYPE_WML:
  940. case BROWSER_TYPE_WMLUP:
  941. header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
  942. header("Last-Modified: " . gmdate("D, d M Y H:i:s T") );
  943. header("Cache-Control: no-cache, must revalidate");
  944. header("Pragma: no-cache");
  945. header("Accept-Ranges: none");
  946. break;
  947. } // switch
  948.  
  949. // CONTEXT
  950. if ($this->browser_type != BROWSER_TYPE_CLI
  951. && file_exists($this->site_docroot . "/context-defs.php")) {
  952. include_once("context-defs.php");
  953. $CONTEXT = new context();
  954. }
  955. debug_trace();
  956. } // activate
  957. // ...................................................................
  958. /**
  959. * Sets the status of the multi-language flag 'multilang'. If this flag
  960. * is true then multi-language facilities are enabled. This allows the
  961. * setting of tags to indicate webpage language(s), and for inputting
  962. * different character encodings via form elements etc.
  963. * @param boolean $mode Whether we should set multi-language mode
  964. */
  965. function set_multilang($mode=true) {
  966. $this->multilang = $mode;
  967. } // set_multilang
  968. // ...................................................................
  969. /**
  970. * Adds another language for the current webpage. Webpages might
  971. * contain content in multiple languages, hence the need for a list.
  972. * @param integer $langid The new language ID to add for the webpage
  973. */
  974. function add_language($langid) {
  975. if ($this->multilang) {
  976. if (!in_array($langid, $this->languages)) {
  977. $this->languages[] = $langid;
  978. if (isset($this->head)) {
  979. $this->head->add_language($langid);
  980. }
  981. }
  982. }
  983. } // add_language
  984. // ...................................................................
  985. /**
  986. * Sets the content-type header characterset encoding, and (optionally)
  987. * allows you to override the content type itself although it should
  988. * be set for you automatically, so you should only need to provide the
  989. * second parameter for special purposes. This method will send the
  990. * content-type: header to the user agent (browser). It can be called
  991. * any number of times before send() is called.
  992. * @param string $charset The character encoding to use for the webpage
  993. * @param string $content_type The content type (defaults to proper one for browser)
  994. */
  995. function set_encoding($charset="", $content_type="") {
  996. if ($charset != "") {
  997. $this->charset = $charset;
  998. }
  999. if ($content_type == "") {
  1000. switch ($this->browser_type) {
  1001. case BROWSER_TYPE_HTML:
  1002. case BROWSER_TYPE_XHTML:
  1003. $content_type = "text/html";
  1004. break;
  1005.  
  1006. case BROWSER_TYPE_WML:
  1007. case BROWSER_TYPE_WMLUP:
  1008. $content_type = "text/vnd.wap.wml";
  1009. break;
  1010.  
  1011. default:
  1012. $content_type = "text/html";
  1013. }
  1014. }
  1015. // Insert prefix if not already provided..
  1016. if ( substr(strtolower($content_type), 0, 13) != "content-type:") {
  1017. $content_type = "content-type: $content_type";
  1018. }
  1019. // Set head section charset..
  1020. if (isset($this->head)) {
  1021. $this->head->set_charset($this->charset);
  1022. }
  1023.  
  1024. // Append charset code for header if provided..
  1025. if ($this->charset != "") {
  1026. $content_type .= "; charset=$this->charset";
  1027. }
  1028. // Also transmit a content-type header..
  1029. if ($this->browser_type != BROWSER_TYPE_CLI) {
  1030. header($content_type);
  1031. }
  1032. } // set_encoding
  1033. // ...................................................................
  1034. /**
  1035. * Set globalise all
  1036. * Flag that we should globalise all vars from anywhere. This is the
  1037. * same as setting 'register_globals = On' in php.ini. It gives
  1038. * backward compatibility with that setting, if you find that it has
  1039. * been set to 'Off' and this breaks your code.
  1040. * NB: This only takes effect when the session is activated with
  1041. * the activate() method of this class.
  1042. */
  1043. function globalise_all() {
  1044. $this->globalise_all = true;
  1045. } // globalise_all
  1046. // ...................................................................
  1047. /**
  1048. * Globalise specific vars
  1049. * @param string $varnames Comma-delimited list of variable names to globalise
  1050. * @param string $sources Comma-delimited list of allowed sources for values
  1051. */
  1052. function globalise($varnames="", $sources="env,get,post,cookie,server") {
  1053. $this->globals->globalise($varnames, $sources);
  1054. } // globalise
  1055. // ...................................................................
  1056. /**
  1057. * Register vars
  1058. * Register given variables for globalisation.
  1059. * @param string $varnames Comma-delimited list of variable names to globalise
  1060. * @param string $sources Comma-delimited list of allowed sources for values
  1061. */
  1062. function register($varnames, $sources="env,get,post,cookie,server") {
  1063. $this->globals->register($varnames, $sources);
  1064. } // register
  1065. // ...................................................................
  1066. /**
  1067. * Set keep enable status. If the keep is enabled then there is access to
  1068. * the remember() and forget() methods to control persistent vars using
  1069. * Php session handling functions.
  1070. * @see remember(), forget()
  1071. * @param boolean $keep_enabled If true then the keep methods are enabled
  1072. */
  1073. function set_keep($keep_enabled=true) {
  1074. $this->keep_enabled = $keep_enabled;
  1075. } // set_keep
  1076. // ...................................................................
  1077. /**
  1078. * Remember variables by name, across page requests using our keep
  1079. * functionality. This utilises Php session handling to maintain the value
  1080. * of variables named here. Pass a list of vars as a string delimited
  1081. * by a comma.
  1082. * @param string $varnames Comma-delimited list of variable names to keep
  1083. */
  1084. function remember($varnames) {
  1085. if ($this->keep_enabled && isset($this->keep)) {
  1086. $this->keep->remember($varnames);
  1087. }
  1088. } // remember
  1089. // ...................................................................
  1090. /**
  1091. * Forget kept variables by name. The named variables will have been
  1092. * passed to the remember() function beforehand, and this method causes
  1093. * them to be forgotten.
  1094. * @param string $varnames Comma-delimited list of variable names to forget
  1095. */
  1096. function forget($varnames) {
  1097. if ($this->keep_enabled && isset($this->keep)) {
  1098. $this->keep->forget($varnames);
  1099. }
  1100. } // forget
  1101. // ...................................................................
  1102. /**
  1103. * Define persistent hosts list.
  1104. * Set the list of hosts recognition strings to connect to with
  1105. * persistent database connections. You can pass either an array of strings
  1106. * or a single string containing a delimited list of hosts.
  1107. * @param mixed $hosts Array or delimited list of host names to connect persistently to
  1108. * @param string $delim Optional delimiter, defaults to a comma
  1109. */
  1110. function set_persistent_hosts($hosts="", $delim=",") {
  1111. if (is_array($hosts)) {
  1112. $this->persistent_hosts = $hosts;
  1113. }
  1114. else {
  1115. if ($hosts != "") {
  1116. $hosts = explode($delim, $hosts);
  1117. }
  1118. }
  1119. } // set_persistent_hosts
  1120. // ...................................................................
  1121. /**
  1122. * define a blocked IP list.
  1123. * Set the list of IP addresses which are persona non grata for our site.
  1124. * This might be a list of problem IPs which are hacking, for example.
  1125. * Note that this method may not return, since the IP checking is done
  1126. * immediately, and if the REMOTE_ADDR accessing the site right now is
  1127. * found to match a blocked IP, then we crash and burn the response.
  1128. *
  1129. * @param mixed $hosts Array or delimited list of host names to connect persistently to
  1130. * @param string $delim Optional delimiter, defaults to a comma
  1131. */
  1132. function set_blocked_ips($ips="", $delim=",") {
  1133. if ($ips != "") {
  1134. global $REMOTE_ADDR;
  1135. if (isset($REMOTE_ADDR) && $REMOTE_ADDR != "") {
  1136. if (!is_array($ips) && $ips != "") {
  1137. $ips = explode($delim, $ips);
  1138. }
  1139. foreach ($ips as $unwelcome) {
  1140. if (preg_match("/^$unwelcome/", $REMOTE_ADDR)) {
  1141. $this->crash(403, "Bad address");
  1142. exit();
  1143. }
  1144. }
  1145. }
  1146. }
  1147. } //set_blocked_ips
  1148. // ...................................................................
  1149. /**
  1150. * Set compression type
  1151. * Set the compression type to use for content delivery. Options are:
  1152. * NO_COMPRESSION Normal delivery of content
  1153. * BUILTIN_COMPRESSION Builtin PHP compression (Requires Php >= v4.04)
  1154. * CUSTOM_COMPRESSION Compression provided by the library
  1155. * @param integer $type Compression type: NO_COMPRESSION, BUILTIN_COMPRESSION, CUSTOM_COMPRESSION
  1156. */
  1157. function set_compression_type($type=NO_COMPRESSION) {
  1158. $this->compression_type = $type;
  1159. } // set_compression_type
  1160. // ...................................................................
  1161. /**
  1162. * Set buffering option
  1163. * Set the webstream buffering option. Usually we want to buffer the
  1164. * webpage output to do cool things with the content right up until
  1165. * we send it. If you select NO_BUFFERING, then output won't be
  1166. * buffered and you will probably be processing it yourself. If in
  1167. * doubt, leave it as BUFFERING, the default.
  1168. * Possible options..
  1169. * BUFFERED Output webstream uses Php buffering (default)
  1170. * UNBUFFERED No buffering of output webstream
  1171. * @param bool $buffering Buffering option: NO_BUFFERING, or BUFFERING
  1172. */
  1173. function set_buffering_mode($mode=BUFFERED) {
  1174. $this->buffering_mode = $mode;
  1175. } // set_buffering_mode
  1176. // ...................................................................
  1177. /**
  1178. * Set metadata mode
  1179. * This setting determines whether Axyl will implement the metadata
  1180. * enhancements that it has. If true, content-managed layouts will get
  1181. * an extra button 'META', which enables page metadata to be edited
  1182. * Also, when page generation takes place, metadata elements will be
  1183. * procuced in the output.
  1184. * @param bool $mode Metadata enable mode, true or false
  1185. */
  1186. function set_metadata_mode($mode=METADATA_ENABLED) {
  1187. $this->metadata_mode = $mode;
  1188. } // set_metadata_mode
  1189. // ...................................................................
  1190. /**
  1191. * Set microsites mode
  1192. * This setting determines whether Axyl will implement the microsites
  1193. * enhancements that it has. If true, then users with content manager
  1194. * privileges will be able to create and maintain "microsites" within
  1195. * the current Axyl website framework. These are essentially simple
  1196. * themes, using Axyl themeing.
  1197. * @param bool $mode Microsites feature enable mode, true or false
  1198. */
  1199. function set_microsites_mode($mode=MICROSITES_ENABLED) {
  1200. $this->microsites_mode = $mode;
  1201. } // set_microsites_mode
  1202. // ...................................................................
  1203. /**
  1204. * Set page expiry in seconds. This affects all of the pages returned by Axyl.
  1205. * Normally this is left at -1, which causes the system to tell the user browser
  1206. * to NOT cache the webpage, and revalidate every time. This is the usual case
  1207. * for a dynamic website where content is always changing. If set to a positive
  1208. * value, the user browser will (probably) keep the page cached for this time.
  1209. *
  1210. * @param integer $secs Time to allow website pages to live in the user browser.
  1211. */
  1212. function set_page_expirysecs($secs=-1) {
  1213. $this->page_expiry_secs = $secs;
  1214. } // set_page_expirysecs
  1215. // ...................................................................
  1216. /**
  1217. * Set compression threshold
  1218. * Set the threshold size of content before we use compression.
  1219. * @param integer $size Pagesize in bytes below which we will not compress
  1220. */
  1221. function set_compression_minsize($size=0) {
  1222. $this->compression_minsize = $size;
  1223. } // set_compression_minsize
  1224. // ...................................................................
  1225. /**
  1226. * Set website authentication
  1227. * Set the authentication option for the website. Note that although there
  1228. * is NO_AUTHENTICATION, this has no real effect and is mainly there so
  1229. * you can indicate your intent not to bother with authentication. If no
  1230. * username/password is passed then the system will always log the session
  1231. * as a "guest" anyway, regardless of this setting. Options are:
  1232. * NO_AUTHENTICATION Redundant case, no authentication
  1233. * HTTP_AUTHENTICATION User sees a browser username/password popup
  1234. * FORM_AUTHENTICATION Custom form fields $tbxUsername/$tbxPassword
  1235. * @param integer $authtype Authentication option type
  1236. */
  1237. function set_authentication_type($authtype=HTTP_AUTHENTICATION) {
  1238. $this->auth_type = $authtype;
  1239. } // set_authentication_type
  1240. // ...................................................................
  1241. /**
  1242. * Set authentication failure option
  1243. * This sets the option for when authentication fails due to invalid
  1244. * username/password. Options are:
  1245. * AUTHFAIL_DIE_MSG Die, with 'not authorised' message
  1246. * AUTHFAIL_DIE_SILENT Die silently
  1247. * AUTHFAIL_REDIRECT Re-direct to alternate URL
  1248. * AUTHFAIL_GUEST Welcome the user as a guest (the default)
  1249. */
  1250. function on_authentication_fail($option=AUTHFAIL_GUEST, $redirect="") {
  1251. $this->auth_fail_option = $option;
  1252. $this->auth_fail_redirect = $redirect;
  1253. } // on_authentication_fail
  1254. // ...................................................................
  1255. /**
  1256. * Add database
  1257. * Add a new database to the list of datasources which are going to be used to
  1258. * serve this response. The dbtype and the name are the only mandatory parameters.
  1259. * @param string $dbtype The type of database eg: 'postgres', 'mssql' etc.
  1260. * @param string $name The name of the database
  1261. * @param string $user Name of a user who can access the database
  1262. * @param string $passwd The password the user can access the database with
  1263. * @param string $host The hostname of the machine running the database (TCP/IP)
  1264. * @param integer $port The port number of the database server
  1265. * @param boolean $default True if the database is the default database
  1266. */
  1267. function add_database($dbtype, $name, $user="", $passwd="", $host="", $port="", $default=false) {
  1268. if ($this->db_backed) {
  1269. if (!isset($this->datasource)) {
  1270. $this->datasource = new datasources();
  1271. }
  1272. $this->datasource->add_database($dbtype, $name, $user, $passwd, $host, $port, $default);
  1273. }
  1274. } // add_database
  1275. // ...................................................................
  1276. /**
  1277. * Selects a database to use
  1278. * This will connect it if it isn't already connected. Calling this
  1279. * with no database name will select the default one. Returns the
  1280. * database unique identifier, or false if none was selected.
  1281. * The named database must have been already defined. @see add_database()
  1282. * @see datasources::add_database()
  1283. * @param string $dbname The name of the database to select
  1284. * @return resource The database resource ID
  1285. */
  1286. function select_database($db_name="") {
  1287. if ($this->db_backed && isset($this->datasource)) {
  1288. return $this->datasource->select($db_name);
  1289. }
  1290. else {
  1291. return false;
  1292. }
  1293. } // select_database
  1294. // ...................................................................
  1295. /**
  1296. * Is host in peristent list
  1297. * Returns true if the given host is in our list of persistent
  1298. * hosts, else returns false. The persistent hosts list we hold
  1299. * will general contain partial hostnames. We therefore check
  1300. * to see if this partial name occurs anywhere in the given
  1301. * hostname.
  1302. * @param string $hostname The name of the host to check
  1303. */
  1304. function InPersistentHostsList($hostname) {
  1305. if (count($this->persistent_hosts) > 0) {
  1306. foreach ($this->persistent_hosts as $host) {
  1307. if (stristr($hostname, $host)) {
  1308. return true;
  1309. }
  1310. }
  1311. }
  1312. return false;
  1313. } // InPersistentHostsList
  1314. // ...................................................................
  1315. /**
  1316. * Allowed groups
  1317. * This defines the allowed user-groups for this response, otherwise
  1318. * they get an error page returned. The list of allowed groups
  1319. * should be a comma-delimited string.
  1320. * NB: We look for globals $admin_auth_code, and $auth_code and if
  1321. * available, use these for authorisation.
  1322. * @param string $allowed_groups Comma-delimited list of allowed groups
  1323. */
  1324. function allowed_groups($allowed_groups) {
  1325. global $WEBMASTER_EMAIL, $WEBMASTER_PERSON;
  1326. global $auth_code;
  1327. global $admin_auth_code;
  1328. if (!$this->ismemberof_group_in($allowed_groups)) {
  1329. if (isset($admin_auth_code)) $auth = $admin_auth_code;
  1330. elseif (isset($auth_code)) $auth = $auth_code;
  1331. if (isset($auth)) {
  1332. $user = new authorised_user($auth);
  1333. if ($user->ismemberof_group_in($allowed_groups)) {
  1334. return;
  1335. }
  1336. }
  1337. // On failure follow the login settings for action..
  1338. switch ($this->auth_fail_option) {
  1339. case AUTHFAIL_DIE_MSG:
  1340. $msg = "<p><center><h4>"
  1341. . "You are not permitted to view this page.<br>"
  1342. . "For further information, please contact "
  1343. . "<a href=\"mailto:$WEBMASTER_EMAIL\">$WEBMASTER_PERSON</a>"
  1344. . "</h4></center></p>"
  1345. . "<p><center><h4><a href=\"/\">HOME</a></p></h4></center></p>"
  1346. ;
  1347. $this->set_template("plain");
  1348. $this->plugin("MAIN_CONTENT", $msg);
  1349. $this->send();
  1350. exit;
  1351. break;
  1352. case AUTHFAIL_DIE_SILENT:
  1353. $this->crash();
  1354. break;
  1355. case AUTHFAIL_REDIRECT:
  1356. header("Location: $this->auth_fail_redirect");
  1357. exit;
  1358. break;
  1359. default:
  1360. $this->crash(401, $this->error_message);
  1361. exit;
  1362. } // switch
  1363. }
  1364. } // allowed_groups
  1365. // ...................................................................
  1366. /**
  1367. * Check group membership
  1368. * This check whether the user requesting the page fulfils any group
  1369. * membership requirements. These are optionally expressed as the
  1370. * presence of 'ax_sitepage_group' records. A set of these records
  1371. * represents a set of groups that the user must be member of at
  1372. * least one of, to have access to the page.
  1373. */
  1374. function check_group_membership() {
  1375. // Find page and group permissions if we can..
  1376. $q = "SELECT * FROM ax_sitepage p, ax_sitepage_group sg, ax_group g";
  1377. $q .= " WHERE p.page_path='" . addslashes($this->requested) . "'";
  1378. $q .= " AND p.page_title='" . addslashes($this->head->title) . "'";
  1379. $q .= " AND sg.page_id=p.page_id";
  1380. $q .= " AND g.group_id=sg.group_id";
  1381. $allowed = dbrecordset($q);
  1382. if ($allowed->hasdata) {
  1383. $groups = array();
  1384. do {
  1385. $groups[] = $allowed->field("group_desc");
  1386. } while ($allowed->get_next());
  1387. // Check membership and die if not authorised..
  1388. debugbr("sitepage group membership: " . implode(",", $groups), DBG_DEBUG);
  1389. $this->allowed_groups( implode(",", $groups) );
  1390. }
  1391. } // check_group_membership
  1392. // ...................................................................
  1393. /**
  1394. * Crash the response with message
  1395. * A fatal error ocurred. We die with a message to the system log
  1396. * and to the user. Code supplied is optional.
  1397. * @param integer $code The HTTP/1.0 code to use
  1398. * @param string $msg The message to display and log
  1399. */
  1400. function crash($code=false, $msg="") {
  1401. // Echo debugging output, but only if
  1402. // we are in debugging mode..
  1403. echo debug_render();
  1404.  
  1405. // For the system log..
  1406. $logmsg = APP_PREFIX . " CRASH: ";
  1407. if ($msg != "") $logmsg .= $msg;
  1408. else $logmsg = "(no message)";
  1409. if ($code) $logmsg .= " ($code)";
  1410. error_log(APP_PREFIX . " CRASH: $msg.");
  1411. // For the user..
  1412. if ($code || $msg != "") {
  1413. $umsg = "";
  1414. if ($code) $umsg .= HTTPError($code) . " ";
  1415. if ($msg != "") $umsg .= $msg;
  1416. die($umsg);
  1417. }
  1418. else die();
  1419. } // fatal
  1420.  
  1421. } // response class
  1422. // -----------------------------------------------------------------------
  1423. // CREATE THe RESPONSE OBJECT
  1424.  
  1425. $RESPONSE = new response();
  1426.  
  1427. // -----------------------------------------------------------------------
  1428. // OUTPUT GENERATION INCLUDES
  1429.  
  1430. switch ($RESPONSE->browser_type) {
  1431. case BROWSER_TYPE_WML:
  1432. case BROWSER_TYPE_WMLUP:
  1433. include_once("wml-defs.php");
  1434. break;
  1435. default:
  1436. include_once("html-defs.php");
  1437. } // switch
  1438. // -----------------------------------------------------------------------
  1439. // APPLY APPLICATION RESPONSE SETTINGS
  1440. // These settings are the ones sourced from the application.xml file
  1441. // for this particular website.
  1442.  
  1443. if (file_exists("$DOCUMENT_ROOT/application.xml") && isset($application) && $application->valid) {
  1444. $firstDB = true;
  1445. foreach ($application->settings as $setting) {
  1446. if (isset($setting->agent) && $setting->agent != "") {
  1447. $methodname = $setting->agent;
  1448. $parms = array();
  1449. foreach ($setting->parameters as $parameter) {
  1450. $parms[] = $parameter->get_decodedvalue();
  1451. }
  1452. // Set the 'default=true' parameter for first database..
  1453. if ($setting->name == "database" && $firstDB) {
  1454. $parms[] = true;
  1455. $firstDB = false;
  1456. }
  1457. // Apply the RESPONSE setting..
  1458. call_user_method_array($methodname, $RESPONSE, $parms);
  1459. }
  1460. }
  1461.  
  1462. // UNICODE
  1463. // If the above loop brought in the multilang setting as true
  1464. // then we will be needing the Unicode functions..
  1465. if ($RESPONSE->multilang) {
  1466. include_once("unicode-defs.php");
  1467. }
  1468.  
  1469. // WEBMASTER SETTINGS
  1470. if ($WEBMASTER_PERSON == "") {
  1471. $WEBMASTER_PERSON = "The " . ((APP_NAME != "") ? (APP_NAME . " ") : "") . "Webmaster";
  1472. }
  1473. if ($WEBMASTER_EMAIL == "") {
  1474. $WEBMASTER_EMAIL = "webmaster@" . $this->http_host;
  1475. }
  1476.  
  1477. // DEBUGGING
  1478. $debugging = $application->getparameter("debug_on", "debug_on");
  1479. if ($debugging) {
  1480. debug_on($application->getparameter("debug_classes", "debug_classes"));
  1481. debug_output($application->getparameter("debug_output", "debug_output"));
  1482. }
  1483.  
  1484. // MOBILE PHONES
  1485. // No cookie-based 'keep' feature for these..
  1486. if ($RESPONSE->browser == BROWSER_NONE
  1487. || $RESPONSE->browser == BROWSER_PHONE) {
  1488. $RESPONSE->set_keep(false);
  1489. }
  1490.  
  1491. // ABSOLUTE REFERENCES
  1492. // Turm relative references to web docroot absolute..
  1493. if (isset($TEMPLATESDIR) && substr($TEMPLATESDIR,0,1) != "/") {
  1494. $TEMPLATESDIR = "/$TEMPLATESDIR";
  1495. }
  1496. if (isset($IMAGESDIR) && substr($IMAGESDIR,0,1) != "/") {
  1497. $IMAGESDIR = "/$IMAGESDIR";
  1498. }
  1499. if (isset($CMDIR) && substr($CMDIR,0,1) != "/") {
  1500. $CMDIR = "/$CMDIR";
  1501. }
  1502. if (isset($CATALOGDIR) && substr($CATALOGDIR,0,1) != "/") {
  1503. $CATALOGDIR = "/$CATALOGDIR";
  1504. }
  1505. if (isset($INCDIR) && substr($INCDIR,0,1) != "/") {
  1506. $INCDIR = "/$INCDIR";
  1507. }
  1508.  
  1509. // ACTIVATION
  1510. // No longer required..
  1511. unset($application);
  1512. // Activate the response, determine user etc..
  1513. $RESPONSE->activate();
  1514.  
  1515. // SET MICROSITE THEME
  1516. if ($RESPONSE->microsites_mode == MICROSITES_ENABLED) {
  1517. debugbr("microsite features are enabled", DBG_DEBUG);
  1518. // Get the hostname/URL of this request..
  1519. //$hostbits = explode(".", $HTTP_HOST);
  1520. $hostname = strtolower($HTTP_HOST);
  1521. $hostname = str_replace("-test", "", $hostname);
  1522. // Check this hostname against our microsite domains..
  1523. $q = "SELECT mi.microsite_name,mi.microsite_domain,m.menu_name";
  1524. $q .= " FROM ax_microsite mi, ax_menu m";
  1525. $q .= " WHERE mi.currently_installed=TRUE";
  1526. $q .= " AND mi.req_microsite_remove=FALSE";
  1527. $q .= " AND m.menu_id=mi.menu_id";
  1528. $microsites = dbrecordset($q);
  1529. if ($microsites->hasdata) {
  1530. do {
  1531. $microsite_domain = $microsites->field("microsite_domain");
  1532. if (stristr($hostname, $microsite_domain)) {
  1533. debugbr("microsite scan hit: [$microsite_domain]", DBG_DEBUG);
  1534. $RESPONSE->microsite_detected = $microsites->field("microsite_name");
  1535. $theme = $RESPONSE->microsite_detected;
  1536. $THEME_TITLE = $microsites->field("microsite_desc");
  1537. $THEME_MENU = $microsites->field("menu_name");
  1538. break;
  1539. }
  1540. } while ($microsites->get_next());
  1541. // Detect index page request..
  1542. if (isset($RESPONSE->microsite_detected)) {
  1543. switch ($RESPONSE->requested) {
  1544. case "":
  1545. case "/":
  1546. case "/index.php":
  1547. $q = "SELECT * FROM ax_microsite_page mp, ax_sitepage p";
  1548. $q .= " WHERE mp.microsite_name='" . addslashes($RESPONSE->microsite_detected) . "'";
  1549. $q .= " AND mp.microsite_homepage=TRUE";
  1550. $q .= " AND p.page_id=mp.page_id";
  1551. $home = dbrecordset($q);
  1552. if ($home->hasdata) {
  1553. $homepath = $home->field("page_path");
  1554. if ($homepath != "") {
  1555. // Re-direct to the correct page and exit..
  1556. $redirect_url = $RESPONSE->site_url . $homepath;
  1557. $RESPONSE->discard();
  1558. header("Location: $redirect_url");
  1559. exit;
  1560. }
  1561. }
  1562. break;
  1563. } // switch
  1564. }
  1565. }
  1566. } // microsites enabled
  1567. }
  1568.  
  1569. // -----------------------------------------------------------------------
  1570. ?>

Documentation generated by phpDocumentor 1.3.0RC3