r2154 - don't escape user password
[racktables] / inc / init.php
1 <?php
2 /*
3 *
4 * This file performs RackTables initialisation. After you include it
5 * from 1st-level page, don't forget to call fixContext(). This is done
6 * to allow reloading of pageno and tabno variables. pageno and tabno
7 * together participate in forming security context by generating
8 * related autotags.
9 *
10 */
11
12 $root = (empty($_SERVER['HTTPS'])?'http':'https').
13 '://'.
14 (isset($_SERVER['HTTP_HOST'])?$_SERVER['HTTP_HOST']:($_SERVER['SERVER_NAME'].($_SERVER['SERVER_PORT']=='80'?'':$_SERVER['SERVER_PORT']))).
15 dirname($_SERVER['PHP_SELF']);
16 if (substr ($root, -1) != '/')
17 $root .= '/';
18
19 // This is the first thing we need to do.
20 require_once 'inc/config.php';
21
22 // What we need first is database and interface functions.
23 require_once 'inc/interface.php';
24 require_once 'inc/functions.php';
25 require_once 'inc/database.php';
26 if (file_exists ('inc/secret.php'))
27 require_once 'inc/secret.php';
28 else
29 {
30 showError
31 (
32 "Database connection parameters are read from inc/secret.php file, " .
33 "which cannot be found.\nYou probably need to complete the installation " .
34 "procedure by following <a href='${root}install.php'>this link</a>.",
35 __FILE__
36 );
37 die;
38 }
39
40 // Now try to connect...
41 try
42 {
43 $dbxlink = new PDO ($pdo_dsn, $db_username, $db_password);
44 }
45 catch (PDOException $e)
46 {
47 showError ("Database connection failed:\n\n" . $e->getMessage(), __FILE__);
48 die();
49 }
50
51 $dbxlink->exec ("set names 'utf8'");
52
53 if (get_magic_quotes_gpc())
54 foreach ($_REQUEST as $key => $value)
55 if (gettype ($value) == 'string')
56 $_REQUEST[$key] = stripslashes ($value);
57
58 if (!set_magic_quotes_runtime (0))
59 {
60 showError ('Failed to turn magic quotes off', __FILE__);
61 die;
62 }
63
64 // Escape any globals before we ever try to use them.
65 foreach ($_REQUEST as $key => $value)
66 if (gettype ($value) == 'string')
67 $_REQUEST[$key] = escapeString ($value);
68
69 if (isset ($_SERVER['PHP_AUTH_USER']))
70 $_SERVER['PHP_AUTH_USER'] = escapeString ($_SERVER['PHP_AUTH_USER']);
71
72 $dbver = getDatabaseVersion();
73 if ($dbver != CODE_VERSION)
74 {
75 echo '<p align=justify>This Racktables installation seems to be ' .
76 'just upgraded to version ' . CODE_VERSION . ', while the '.
77 'database version is ' . $dbver . '. No user will be ' .
78 'either authenticated or shown any page until the upgrade is ' .
79 "finished. Follow <a href='${root}upgrade.php'>this link</a> and " .
80 'authenticate as administrator to finish the upgrade.</p>';
81 die;
82 }
83
84 if (!mb_internal_encoding ('UTF-8') or !mb_regex_encoding ('UTF-8'))
85 {
86 showError ('Failed setting multibyte string encoding to UTF-8', __FILE__);
87 die;
88 }
89 $configCache = loadConfigCache();
90 if (!count ($configCache))
91 {
92 showError ('Failed to load configuration from the database.', __FILE__);
93 die();
94 }
95
96 require_once 'inc/code.php';
97 $rackCodeCache = loadScript ('RackCodeCache');
98 if ($rackCodeCache == NULL or empty ($rackCodeCache))
99 {
100 // $t1 = microtime (TRUE);
101 $rackCode = getRackCode (loadScript ('RackCode'));
102 // $t2 = microtime (TRUE);
103 // echo 'DEBUG: parsed RackCode tree from scratch in ' . ($t2 - $t1) . ' second(s)<br>';
104 saveScript ('RackCodeCache', base64_encode (serialize ($rackCode)));
105 }
106 else
107 {
108 // $t1 = microtime (TRUE);
109 $rackCode = unserialize (base64_decode ($rackCodeCache));
110 // $t2 = microtime (TRUE);
111 // echo 'DEBUG: loaded RackCode cache in ' . ($t2 - $t1) . ' second(s)<br>';
112 if ($rackCode === FALSE) // invalid cache
113 {
114 saveScript ('RackCodeCache', '');
115 // $t1 = microtime (TRUE);
116 $rackCode = getRackCode (loadScript ('RackCode'));
117 // $t2 = microtime (TRUE);
118 // echo 'DEBUG: discarded RackCode cache and parsed tree from scratch in ' . ($t2 - $t1) . ' second(s)<br>';
119 }
120 }
121
122 // Depending on the 'result' value the 'load' carries either the
123 // parse tree or error message.
124 if ($rackCode['result'] != 'ACK')
125 {
126 // FIXME: display a message with an option to reset RackCode text
127 showError ('Could not load the RackCode due to error: ' . $rackCode['load'], __FILE__);
128 die;
129 }
130 $rackCode = $rackCode['load'];
131
132 // Now init authentication.
133
134 require_once 'inc/auth.php';
135 // Load access database once.
136 $accounts = getUserAccounts();
137 if ($accounts === NULL)
138 {
139 showError ('Failed to initialize access database.', __FILE__);
140 die();
141 }
142
143 authenticate();
144
145 // Authentication passed.
146 // Note that we don't perform autorization here, so each 1st level page
147 // has to do it in its way, e.g. to call authorize().
148
149 $remote_username = $_SERVER['PHP_AUTH_USER'];
150 $pageno = (isset ($_REQUEST['page'])) ? $_REQUEST['page'] : 'index';
151 // Special handling of tab number to substitute the "last" index where applicable.
152 // Always show explicitly requested tab, substitute the last used name in case
153 // it is awailable, fall back to the default one.
154 if (isset ($_REQUEST['tab']))
155 $tabno = $_REQUEST['tab'];
156 elseif (getConfigVar ('SHOW_LAST_TAB') == 'yes' and isset ($_COOKIE['RTLT-' . $pageno]))
157 $tabno = $_COOKIE['RTLT-' . $pageno];
158 else
159 $tabno = 'default';
160 $op = (isset ($_REQUEST['op'])) ? $_REQUEST['op'] : '';
161
162 // Order matters here.
163 $taglist = getTagList();
164 $tagtree = getTagTree();
165
166 require_once 'inc/navigation.php';
167 require_once 'inc/pagetitles.php';
168 require_once 'inc/ophandlers.php';
169 require_once 'inc/triggers.php';
170 require_once 'inc/gateways.php';
171 require_once 'inc/snmp.php';
172 if (file_exists ('inc/local.php'))
173 require_once 'inc/local.php';
174
175 // These will be filled in by fixContext()
176 $auto_tags = array();
177 $expl_tags = array();
178 $impl_tags = array();
179 // and this will remain constant
180 $user_tags = loadUserTags ($accounts[$remote_username]['user_id']);
181 $user_tags = array_merge ($user_tags, getImplicitTags ($user_tags), getUserAutoTags());
182
183 ?>