[racktables] / wwwroot / index.php

<?php
ob_start();
try {
// Code block below is a module request dispatcher. Turning it into a
// function will break things because of the way require() works.
	switch (TRUE)
	{
	case ! array_key_exists ('module', $_REQUEST):
	case 'interface' == $_REQUEST['module']:
		require_once 'inc/interface.php';
		// init.php has to be included after interface.php, otherwise the bits
		// set by local.php get lost
		require_once 'inc/init.php';
		prepareNavigation();
		// Security context is built on the requested page/tab/bypass data,
		// do not override.
		fixContext();
		redirectIfNecessary();
		if (! permitted())
		{
			renderAccessDenied (FALSE);
			break;
		}
		header ('Content-Type: text/html; charset=UTF-8');
		// Only store the tab name after clearance is got. Any failure is unhandleable.
		if (isset ($_REQUEST['tab']) and ! isset ($_SESSION['RTLT'][$pageno]['dont_remember']))
			$_SESSION['RTLT'][$pageno] = array ('tabname' => $tabno, 'time' => time());
		// call the main handler - page or tab handler.
		if (isset ($tabhandler[$pageno][$tabno]))
			call_user_func ($tabhandler[$pageno][$tabno], getBypassValue());
		elseif (isset ($page[$pageno]['handler']))
			$page[$pageno]['handler'] ($tabno);
		else
			throw new RackTablesError ("Failed to find handler for page '${pageno}', tab '${tabno}'", RackTablesError::INTERNAL);
		// Embed the current text in OB into interface layout (the latter also
		// empties color message buffer).
		$contents = ob_get_contents();
		ob_clean();
		renderInterfaceHTML ($pageno, $tabno, $contents);
		break;
	case 'tsuri' == $_REQUEST['module']:
		require_once 'inc/init.php';
		genericAssertion ('uri', 'string');
		proxyStaticURI ($_REQUEST['uri']);
		break;
	case 'download' == $_REQUEST['module']:
		require_once 'inc/init.php';
		$pageno = 'file';
		$tabno = 'download';
		fixContext();
		if (!permitted())
		{
			require_once 'inc/interface.php';
			renderAccessDenied (FALSE);
			break;
		}

		$asattach = (isset ($_REQUEST['asattach']) and $_REQUEST['asattach'] == 'no') ? FALSE : TRUE;
		$file = getFile (getBypassValue());
		header("Content-Type: {$file['type']}");
		header("Content-Length: {$file['size']}");
		if ($asattach)
			header("Content-Disposition: attachment; filename={$file['name']}");
		echo $file['contents'];
		break;
	case 'image' == $_REQUEST['module']:
		require_once 'inc/render_image.php';
		// 'progressbar's never change, attempt an IMS chortcut before loading init.php
		checkIMSCondition();
		require_once 'inc/init.php';
		try
		{
			dispatchImageRequest();
		}
		catch (Exception $e)
		{
			ob_clean();
			renderError();
		}
		break;
	case 'ajax' == $_REQUEST['module']:
		require_once 'inc/ajax-interface.php';
		require_once 'inc/init.php';
		try
		{
			dispatchAJAXRequest();
		}
		catch (InvalidRequestArgException $e)
		{
			ob_clean();
			echo "NAK\nMalformed request";
		}
		catch (Exception $e)
		{
			ob_clean();
			echo "NAK\nRuntime exception: ". $e->getMessage();
		}
		break;
	case 'redirect' == $_REQUEST['module']:
		// Include init after ophandlers/snmp, not before, so local.php can redefine things.
		require_once 'inc/ophandlers.php';
		// snmp.php is an exception, it is treated by a special hack
		if (isset ($_REQUEST['op']) and $_REQUEST['op'] == 'querySNMPData')
			require_once 'inc/snmp.php';
		require_once 'inc/init.php';
		try
		{
			genericAssertion ('op', 'string');
			$op = $_REQUEST['op'];
			prepareNavigation();
			$location = buildWideRedirectURL();
			// FIXME: find a better way to handle this error
			if ($op == 'addFile' && !isset($_FILES['file']['error']))
				throw new RackTablesError ('File upload error, check upload_max_filesize in php.ini', RackTablesError::MISCONFIGURED);
			fixContext();
			if
			(
				!isset ($ophandler[$pageno][$tabno][$op]) or
				!function_exists ($ophandler[$pageno][$tabno][$op])
			)
				throw new RackTablesError ("Invalid navigation data for '${pageno}-${tabno}-${op}'", RackTablesError::INTERNAL);
			// We have a chance to handle an error before starting HTTP header.
			if (!isset ($delayauth[$pageno][$tabno][$op]) and !permitted())
				showError ('Operation not permitted');
			else
			{
				// Call below does the job of bypass argument assertion, if such is required,
				// so the ophandler function doesn't have to re-assert this portion of its
				// arguments. And it would be even better to pass returned value to ophandler,
				// so it is not necessary to remember the name of bypass in it.
				getBypassValue();
				if (strlen ($redirect_to = call_user_func ($ophandler[$pageno][$tabno][$op])))
					$location = $redirect_to;
			}
			header ("Location: " . $location);
		}
		// known "soft" failures require a short error message
		catch (InvalidRequestArgException2 $e)
		{
			ob_clean();
			showError ($e->getMessage());
			header ('Location: ' . $location);
		}
		catch (RTDatabaseError $e)
		{
			ob_clean();
			showError ('Database error: ' . $e->getMessage());
			header ('Location: ' . $location);
		}
		// any other error requires no special handling and will be caught outside
		break;
	case 'popup' == $_REQUEST['module']:
		require_once 'inc/popup.php';
		require_once 'inc/interface.php';
		require_once 'inc/init.php';
		renderPopupHTML();
		break;
	default:
		throw new InvalidRequestArgException ('module', $_REQUEST['module']);
	}
	ob_end_flush();
	exit;
}
catch (Exception $e)
{
	ob_end_clean();
	printException ($e);
}
clearMessages(); // prevent message appearing in foreign tab
?>
Commit	Line	Data
b325120a	1	<?php
90a3d6d8 DY	2	ob_start();
90a3d6d8 DY	3	try {
87c744a9 DO	4	// Code block below is a module request dispatcher. Turning it into a
87c744a9 DO	5	// function will break things because of the way require() works.
c5dfde62	6	switch (TRUE)
36ef72d9	7	{
c5dfde62 DO	8	case ! array_key_exists ('module', $_REQUEST):
	9	case 'interface' == $_REQUEST['module']:
	10	require_once 'inc/interface.php';
	11	// init.php has to be included after interface.php, otherwise the bits
	12	// set by local.php get lost
	13	require_once 'inc/init.php';
	14	prepareNavigation();
	15	// Security context is built on the requested page/tab/bypass data,
	16	// do not override.
	17	fixContext();
	18	redirectIfNecessary();
	19	if (! permitted())
	20	{
	21	renderAccessDenied (FALSE);
	22	break;
	23	}
	24	header ('Content-Type: text/html; charset=UTF-8');
	25	// Only store the tab name after clearance is got. Any failure is unhandleable.
	26	if (isset ($_REQUEST['tab']) and ! isset ($_SESSION['RTLT'][$pageno]['dont_remember']))
	27	$_SESSION['RTLT'][$pageno] = array ('tabname' => $tabno, 'time' => time());
	28	// call the main handler - page or tab handler.
	29	if (isset ($tabhandler[$pageno][$tabno]))
	30	call_user_func ($tabhandler[$pageno][$tabno], getBypassValue());
	31	elseif (isset ($page[$pageno]['handler']))
	32	$page[$pageno]['handler'] ($tabno);
	33	else
	34	throw new RackTablesError ("Failed to find handler for page '${pageno}', tab '${tabno}'", RackTablesError::INTERNAL);
	35	// Embed the current text in OB into interface layout (the latter also
	36	// empties color message buffer).
	37	$contents = ob_get_contents();
	38	ob_clean();
	39	renderInterfaceHTML ($pageno, $tabno, $contents);
	40	break;
	41	case 'tsuri' == $_REQUEST['module']:
4afb4c10	42	require_once 'inc/init.php';
36ef72d9 DO	43	genericAssertion ('uri', 'string');
	44	proxyStaticURI ($_REQUEST['uri']);
	45	break;
c5dfde62	46	case 'download' == $_REQUEST['module']:
4afb4c10	47	require_once 'inc/init.php';
0415b520 DO	48	$pageno = 'file';
	49	$tabno = 'download';
	50	fixContext();
	51	if (!permitted())
	52	{
	53	require_once 'inc/interface.php';
87c744a9 DO	54	renderAccessDenied (FALSE);
87c744a9 DO	55	break;
0415b520 DO	56	}
	57
	58	$asattach = (isset ($_REQUEST['asattach']) and $_REQUEST['asattach'] == 'no') ? FALSE : TRUE;
	59	$file = getFile (getBypassValue());
	60	header("Content-Type: {$file['type']}");
	61	header("Content-Length: {$file['size']}");
	62	if ($asattach)
	63	header("Content-Disposition: attachment; filename={$file['name']}");
	64	echo $file['contents'];
	65	break;
c5dfde62	66	case 'image' == $_REQUEST['module']:
4afb4c10 DO	67	require_once 'inc/render_image.php';
	68	// 'progressbar's never change, attempt an IMS chortcut before loading init.php
	69	checkIMSCondition();
	70	require_once 'inc/init.php';
	71	try
	72	{
	73	dispatchImageRequest();
	74	}
	75	catch (Exception $e)
	76	{
87c744a9	77	ob_clean();
4afb4c10 DO	78	renderError();
	79	}
	80	break;
c5dfde62	81	case 'ajax' == $_REQUEST['module']:
9f4f431c DO	82	require_once 'inc/ajax-interface.php';
	83	require_once 'inc/init.php';
	84	try
	85	{
	86	dispatchAJAXRequest();
	87	}
	88	catch (InvalidRequestArgException $e)
	89	{
	90	ob_clean();
	91	echo "NAK\nMalformed request";
	92	}
	93	catch (Exception $e)
	94	{
	95	ob_clean();
	96	echo "NAK\nRuntime exception: ". $e->getMessage();
	97	}
	98	break;
c5dfde62	99	case 'redirect' == $_REQUEST['module']:
87c744a9 DO	100	// Include init after ophandlers/snmp, not before, so local.php can redefine things.
	101	require_once 'inc/ophandlers.php';
	102	// snmp.php is an exception, it is treated by a special hack
	103	if (isset ($_REQUEST['op']) and $_REQUEST['op'] == 'querySNMPData')
	104	require_once 'inc/snmp.php';
	105	require_once 'inc/init.php';
	106	try
	107	{
	108	genericAssertion ('op', 'string');
	109	$op = $_REQUEST['op'];
	110	prepareNavigation();
	111	$location = buildWideRedirectURL();
	112	// FIXME: find a better way to handle this error
	113	if ($op == 'addFile' && !isset($_FILES['file']['error']))
	114	throw new RackTablesError ('File upload error, check upload_max_filesize in php.ini', RackTablesError::MISCONFIGURED);
	115	fixContext();
	116	if
	117	(
	118	!isset ($ophandler[$pageno][$tabno][$op]) or
	119	!function_exists ($ophandler[$pageno][$tabno][$op])
	120	)
	121	throw new RackTablesError ("Invalid navigation data for '${pageno}-${tabno}-${op}'", RackTablesError::INTERNAL);
	122	// We have a chance to handle an error before starting HTTP header.
	123	if (!isset ($delayauth[$pageno][$tabno][$op]) and !permitted())
	124	showError ('Operation not permitted');
	125	else
	126	{
	127	// Call below does the job of bypass argument assertion, if such is required,
	128	// so the ophandler function doesn't have to re-assert this portion of its
	129	// arguments. And it would be even better to pass returned value to ophandler,
	130	// so it is not necessary to remember the name of bypass in it.
	131	getBypassValue();
	132	if (strlen ($redirect_to = call_user_func ($ophandler[$pageno][$tabno][$op])))
	133	$location = $redirect_to;
	134	}
	135	header ("Location: " . $location);
	136	}
	137	// known "soft" failures require a short error message
	138	catch (InvalidRequestArgException2 $e)
	139	{
	140	ob_clean();
	141	showError ($e->getMessage());
	142	header ('Location: ' . $location);
	143	}
	144	catch (RTDatabaseError $e)
	145	{
	146	ob_clean();
	147	showError ('Database error: ' . $e->getMessage());
	148	header ('Location: ' . $location);
	149	}
	150	// any other error requires no special handling and will be caught outside
	151	break;
e0ce8064 DO	152	case 'popup' == $_REQUEST['module']:
	153	require_once 'inc/popup.php';
	154	require_once 'inc/interface.php';
	155	require_once 'inc/init.php';
	156	renderPopupHTML();
	157	break;
36ef72d9 DO	158	default:
	159	throw new InvalidRequestArgException ('module', $_REQUEST['module']);
	160	}
0415b520	161	ob_end_flush();
36ef72d9 DO	162	exit;
36ef72d9 DO	163	}
c5dfde62 DO	164	catch (Exception $e)
c5dfde62 DO	165	{
90a3d6d8	166	ob_end_clean();
c5dfde62	167	printException ($e);
90a3d6d8	168	}
1d4d254b	169	clearMessages(); // prevent message appearing in foreign tab
e410ebfc	170	?>