projects / racktables / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
r4338 considerGivenConstraint: ability to check context tags
[racktables] / wwwroot / index.php
1 <?php
2 ob_start();
3 # Neither "throw/catch" for custom exceptions nor printException() will
4 # work without first loading exceptions.php.
5 require_once 'inc/exceptions.php';
6 try {
7 // Code block below is a module request dispatcher. Turning it into a
8 // function will break things because of the way require() works.
9 switch (TRUE)
10 {
11 case ! array_key_exists ('module', $_REQUEST):
12 case 'interface' == $_REQUEST['module']:
13 require_once 'inc/interface.php';
14 // init.php has to be included after interface.php, otherwise the bits
15 // set by local.php get lost
16 require_once 'inc/init.php';
17 prepareNavigation();
18 // Security context is built on the requested page/tab/bypass data,
19 // do not override.
20 fixContext();
21 redirectIfNecessary();
22 if (! permitted())
23 {
24 renderAccessDenied (FALSE);
25 break;
26 }
27 header ('Content-Type: text/html; charset=UTF-8');
28 // Only store the tab name after clearance is got. Any failure is unhandleable.
29 if (isset ($_REQUEST['tab']) and ! isset ($_SESSION['RTLT'][$pageno]['dont_remember']))
30 $_SESSION['RTLT'][$pageno] = array ('tabname' => $tabno, 'time' => time());
31 // call the main handler - page or tab handler.
32 if (isset ($tabhandler[$pageno][$tabno]))
33 call_user_func ($tabhandler[$pageno][$tabno], getBypassValue());
34 elseif (isset ($page[$pageno]['handler']))
35 $page[$pageno]['handler'] ($tabno);
36 else
37 throw new RackTablesError ("Failed to find handler for page '${pageno}', tab '${tabno}'", RackTablesError::INTERNAL);
38 // Embed the current text in OB into interface layout (the latter also
39 // empties color message buffer).
40 $contents = ob_get_contents();
41 ob_clean();
42 renderInterfaceHTML ($pageno, $tabno, $contents);
43 break;
44 case 'chrome' == $_REQUEST['module']:
45 require_once 'inc/init.php';
46 genericAssertion ('uri', 'string');
47 proxyStaticURI ($_REQUEST['uri']);
48 break;
49 case 'download' == $_REQUEST['module']:
50 require_once 'inc/init.php';
51 $pageno = 'file';
52 $tabno = 'download';
53 fixContext();
54 if (!permitted())
55 {
56 renderAccessDenied (FALSE);
57 break;
58 }
59
60 $asattach = (isset ($_REQUEST['asattach']) and $_REQUEST['asattach'] == 'no') ? FALSE : TRUE;
61 $file = getFile (getBypassValue());
62 header("Content-Type: {$file['type']}");
63 header("Content-Length: {$file['size']}");
64 if ($asattach)
65 header("Content-Disposition: attachment; filename={$file['name']}");
66 echo $file['contents'];
67 break;
68 case 'image' == $_REQUEST['module']:
69 require_once 'inc/init.php'; // for authentication check
70 // 'progressbar's never change, attempt an IMS shortcut before loading init.php
71 if (@$_REQUEST['img'] == 'progressbar')
72 if (checkCachedResponse (0, CACHE_DURATION))
73 exit;
74 require_once 'inc/render_image.php';
75 try
76 {
77 dispatchImageRequest();
78 }
79 catch (Exception $e)
80 {
81 ob_clean();
82 renderErrorImage();
83 }
84 break;
85 case 'ajax' == $_REQUEST['module']:
86 require_once 'inc/ajax-interface.php';
87 require_once 'inc/init.php';
88 try
89 {
90 dispatchAJAXRequest();
91 }
92 catch (InvalidRequestArgException $e)
93 {
94 ob_clean();
95 echo "NAK\nMalformed request";
96 }
97 catch (Exception $e)
98 {
99 ob_clean();
100 echo "NAK\nRuntime exception: ". $e->getMessage();
101 }
102 break;
103 case 'redirect' == $_REQUEST['module']:
104 // Include init after ophandlers/snmp, not before, so local.php can redefine things.
105 require_once 'inc/ophandlers.php';
106 // snmp.php is an exception, it is treated by a special hack
107 if (isset ($_REQUEST['op']) and $_REQUEST['op'] == 'querySNMPData')
108 require_once 'inc/snmp.php';
109 require_once 'inc/init.php';
110 try
111 {
112 genericAssertion ('op', 'string');
113 $op = $_REQUEST['op'];
114 prepareNavigation();
115 $location = buildWideRedirectURL();
116 // FIXME: find a better way to handle this error
117 if ($op == 'addFile' && !isset($_FILES['file']['error']))
118 throw new RackTablesError ('File upload error, check upload_max_filesize in php.ini', RackTablesError::MISCONFIGURED);
119 fixContext();
120 if
121 (
122 !isset ($ophandler[$pageno][$tabno][$op]) or
123 !function_exists ($ophandler[$pageno][$tabno][$op])
124 )
125 throw new RackTablesError ("Invalid navigation data for '${pageno}-${tabno}-${op}'", RackTablesError::INTERNAL);
126 // We have a chance to handle an error before starting HTTP header.
127 if (!isset ($delayauth[$pageno][$tabno][$op]) and !permitted())
128 showError ('Operation not permitted');
129 else
130 {
131 // Call below does the job of bypass argument assertion, if such is required,
132 // so the ophandler function doesn't have to re-assert this portion of its
133 // arguments. And it would be even better to pass returned value to ophandler,
134 // so it is not necessary to remember the name of bypass in it.
135 getBypassValue();
136 if (strlen ($redirect_to = call_user_func ($ophandler[$pageno][$tabno][$op])))
137 $location = $redirect_to;
138 }
139 header ("Location: " . $location);
140 }
141 // known "soft" failures require a short error message
142 catch (InvalidRequestArgException $e)
143 {
144 ob_clean();
145 showError ($e->getMessage());
146 header ('Location: ' . $location);
147 }
148 catch (RTDatabaseError $e)
149 {
150 ob_clean();
151 showError ('Database error: ' . $e->getMessage());
152 header ('Location: ' . $location);
153 }
154 // any other error requires no special handling and will be caught outside
155 break;
156 case 'popup' == $_REQUEST['module']:
157 require_once 'inc/popup.php';
158 require_once 'inc/init.php';
159 renderPopupHTML();
160 break;
161 case 'upgrade' == $_REQUEST['module']:
162 require_once 'inc/config.php'; // for CODE_VERSION
163 require_once 'inc/dictionary.php';
164 require_once 'inc/upgrade.php';
165 // Enforce default value for now, releases prior to 0.17.0 didn't support 'httpd' auth source.
166 $user_auth_src = 'database';
167 if (FALSE === @include_once 'inc/secret.php')
168 die ('<center>There is no working RackTables instance here, <a href="?module=installer">install</a>?</center>');
169 try
170 {
171 $dbxlink = new PDO ($pdo_dsn, $db_username, $db_password);
172 }
173 catch (PDOException $e)
174 {
175 die ("Database connection failed:\n\n" . $e->getMessage());
176 }
177 renderUpgraderHTML();
178 break;
179 case 'installer' == $_REQUEST['module']:
180 require_once 'inc/dictionary.php';
181 require_once 'inc/install.php';
182 renderInstallerHTML();
183 break;
184 default:
185 throw new InvalidRequestArgException ('module', $_REQUEST['module']);
186 }
187 ob_end_flush();
188 }
189 catch (Exception $e)
190 {
191 ob_end_clean();
192 # prevent message appearing in foreign tab
193 if (isset ($_SESSION['log']))
194 unset ($_SESSION['log']);
195 printException ($e);
196 }
197 ?>
[mirror] RackTables current development repository