r2061 + make the "access denied" message better formatted
[racktables] / inc / init.php
CommitLineData
b325120a 1<?php
e673ee24
DO
2/*
3*
4* This file performs RackTables initialisation. After you include it
da958e52 5* from 1st-level page, don't forget to call fixContext(). This is done
e673ee24 6* to allow reloading of pageno and tabno variables. pageno and tabno
c3a8284b
DO
7* together participate in forming security context by generating
8* related autotags.
e673ee24
DO
9*
10*/
11
12$root = (empty($_SERVER['HTTPS'])?'http':'https').
13 '://'.
14 (isset($_SERVER['HTTP_HOST'])?$_SERVER['HTTP_HOST']:($_SERVER['SERVER_NAME'].($_SERVER['SERVER_PORT']=='80'?'':$_SERVER['SERVER_PORT']))).
9c6e7a97
DO
15 dirname($_SERVER['PHP_SELF']);
16if (substr ($root, -1) != '/')
17 $root .= '/';
e673ee24
DO
18
19// This is the first thing we need to do.
20require_once 'inc/config.php';
21
22// What we need first is database and interface functions.
23require_once 'inc/interface.php';
24require_once 'inc/functions.php';
25require_once 'inc/database.php';
26if (file_exists ('inc/secret.php'))
27 require_once 'inc/secret.php';
28else
29{
30 showError
31 (
32 "Database connection parameters are read from inc/secret.php file, " .
e6093686
DO
33 "which cannot be found.\nYou probably need to complete the installation " .
34 "procedure by following <a href='${root}install.php'>this link</a>."
e673ee24
DO
35 );
36 die;
37}
38
39// Now try to connect...
40try
41{
42 $dbxlink = new PDO ($pdo_dsn, $db_username, $db_password);
43}
44catch (PDOException $e)
45{
46 showError ("Database connection failed:\n\n" . $e->getMessage());
47 die();
48}
49
4d55392a
DO
50$dbxlink->exec ("set names 'utf8'");
51
b8d1ab66
DO
52if (get_magic_quotes_gpc())
53 foreach ($_REQUEST as $key => $value)
f4d511df
DO
54 if (gettype ($value) == 'string')
55 $_REQUEST[$key] = stripslashes ($value);
b8d1ab66
DO
56
57if (!set_magic_quotes_runtime (0))
58{
59 showError ('Failed to turn magic quotes off');
60 die;
61}
6bae5fbb 62
e673ee24
DO
63// Escape any globals before we ever try to use them.
64foreach ($_REQUEST as $key => $value)
f4d511df 65 if (gettype ($value) == 'string')
b8d1ab66 66 $_REQUEST[$key] = escapeString ($value);
6bae5fbb 67
e673ee24
DO
68if (isset ($_SERVER['PHP_AUTH_USER']))
69 $_SERVER['PHP_AUTH_USER'] = escapeString ($_SERVER['PHP_AUTH_USER']);
70if (isset ($_SERVER['PHP_AUTH_PW']))
71 $_SERVER['PHP_AUTH_PW'] = escapeString ($_SERVER['PHP_AUTH_PW']);
72
fbbb74fb
DO
73$dbver = getDatabaseVersion();
74if ($dbver != CODE_VERSION)
75{
76 echo '<p align=justify>This Racktables installation seems to be ' .
77 'just upgraded to version ' . CODE_VERSION . ', while the '.
db914a6c 78 'database version is ' . $dbver . '. No user will be ' .
fbbb74fb
DO
79 'either authenticated or shown any page until the upgrade is ' .
80 "finished. Follow <a href='${root}upgrade.php'>this link</a> and " .
81 'authenticate as administrator to finish the upgrade.</p>';
82 die;
83}
84
26131670
DO
85if (!mb_internal_encoding ('UTF-8') or !mb_regex_encoding ('UTF-8'))
86{
87 showError ('Failed setting multibyte string encoding to UTF-8');
88 die;
89}
06f23fd4
DO
90$configCache = loadConfigCache();
91if (!count ($configCache))
92{
93 showError ('Failed to load configuration from the database.');
94 die();
95}
96
bcd37231 97require_once 'inc/code.php';
cf25e649
DO
98// Depending on the 'result' value the 'load' carries either the
99// parse tree or error message.
100$rackCode = getRackCode (loadScript ('RackCode'));
101if ($rackCode['result'] != 'ACK')
102{
103 // FIXME: display a message with an option to reset RackCode text
104 showError ('Could not load the RackCode due to error: ' . $rackCode['load'], __FUNCTION__);
105 die;
106}
107$rackCode = $rackCode['load'];
bcd37231 108
e673ee24
DO
109// Now init authentication.
110
111require_once 'inc/auth.php';
112// Load access database once.
113$accounts = getUserAccounts();
c35e997f 114if ($accounts === NULL)
e673ee24
DO
115{
116 showError ('Failed to initialize access database.');
117 die();
118}
119
120authenticate();
121
122// Authentication passed.
123// Note that we don't perform autorization here, so each 1st level page
124// has to do it in its way, e.g. to call authorize().
125
126$remote_username = $_SERVER['PHP_AUTH_USER'];
127$pageno = (isset ($_REQUEST['page'])) ? $_REQUEST['page'] : 'index';
128$tabno = (isset ($_REQUEST['tab'])) ? $_REQUEST['tab'] : 'default';
da958e52 129$op = (isset ($_REQUEST['op'])) ? $_REQUEST['op'] : '';
20c901a7
DO
130// Order matters here.
131$taglist = getTagList();
132$tagtree = getTagTree();
e673ee24
DO
133
134require_once 'inc/navigation.php';
135require_once 'inc/pagetitles.php';
e673ee24 136require_once 'inc/ophandlers.php';
641fe9b0 137require_once 'inc/triggers.php';
d33645ff 138require_once 'inc/gateways.php';
3ec29bf4 139require_once 'inc/snmp.php';
e673ee24 140
da958e52
DO
141// These will be filled in by fixContext()
142$auto_tags = array();
2fb24351
DO
143$expl_tags = array();
144$impl_tags = array();
da958e52
DO
145// and this will remain constant
146$user_tags = loadUserTags ($accounts[$remote_username]['user_id']);
147$user_tags = array_merge ($user_tags, getImplicitTags ($user_tags), getUserAutoTags());
2fb24351 148
e673ee24 149?>