b4f8e559d127bb084213c5c2a26514cf05bb7d8e
[racktables] / wwwroot / index.php
1 <?php
2 ob_start();
3 # Neither "throw/catch" for custom exceptions nor printException() will
4 # work without first loading exceptions.php.
5 require_once 'inc/exceptions.php';
6 try {
7 // Code block below is a module request dispatcher. Turning it into a
8 // function will break things because of the way require() works.
9 switch (TRUE)
10 {
11 case ! array_key_exists ('module', $_REQUEST):
12 case 'interface' == $_REQUEST['module']:
13 require_once 'inc/interface.php';
14 // init.php has to be included after interface.php, otherwise the bits
15 // set by local.php get lost
16 require_once 'inc/init.php';
17 prepareNavigation();
18 // Security context is built on the requested page/tab/bypass data,
19 // do not override.
20 fixContext();
21 redirectIfNecessary();
22 assertPermission();
23 header ('Content-Type: text/html; charset=UTF-8');
24 // Only store the tab name after clearance is got. Any failure is unhandleable.
25 if (isset ($_REQUEST['tab']) and ! isset ($_SESSION['RTLT'][$pageno]['dont_remember']))
26 $_SESSION['RTLT'][$pageno] = array ('tabname' => $tabno, 'time' => time());
27 // call the main handler - page or tab handler.
28 if (isset ($tabhandler[$pageno][$tabno]))
29 call_user_func ($tabhandler[$pageno][$tabno], getBypassValue());
30 elseif (isset ($page[$pageno]['handler']))
31 $page[$pageno]['handler'] ($tabno);
32 else
33 throw new RackTablesError ("Failed to find handler for page '${pageno}', tab '${tabno}'", RackTablesError::INTERNAL);
34 // Embed the current text in OB into interface layout (the latter also
35 // empties color message buffer).
36 $contents = ob_get_contents();
37 ob_clean();
38 renderInterfaceHTML ($pageno, $tabno, $contents);
39 break;
40 case 'chrome' == $_REQUEST['module']:
41 require_once 'inc/init.php';
42 genericAssertion ('uri', 'string');
43 proxyStaticURI ($_REQUEST['uri']);
44 break;
45 case 'download' == $_REQUEST['module']:
46 require_once 'inc/init.php';
47 $pageno = 'file';
48 $tabno = 'download';
49 fixContext();
50 assertPermission();
51 $file = getFile (getBypassValue());
52 header("Content-Type: {$file['type']}");
53 header("Content-Length: {$file['size']}");
54 if (! array_key_exists ('asattach', $_REQUEST) or $_REQUEST['asattach'] != 'no')
55 header("Content-Disposition: attachment; filename={$file['name']}");
56 echo $file['contents'];
57 break;
58 case 'image' == $_REQUEST['module']:
59 # The difference between "image" and "download" ways to serve the same
60 # picture file is that the former is used in <IMG SRC=...> construct,
61 # and the latter is accessed as a standalone URL and can reply with any
62 # Content-type. Hence "image" module indicates failures with internally
63 # built images, and "download" can return a full-fledged "permission
64 # denied" or "exception" HTML page instead of the file requested.
65 require_once 'inc/init.php'; // for authentication check
66 // 'progressbar's never change, attempt an IMS shortcut before loading init.php
67 if (@$_REQUEST['img'] == 'progressbar')
68 if (checkCachedResponse (0, CACHE_DURATION))
69 exit;
70 require_once 'inc/render_image.php';
71 try
72 {
73 dispatchImageRequest();
74 }
75 catch (RTPermissionDenied $e)
76 {
77 ob_clean();
78 renderAccessDeniedImage();
79 }
80 catch (Exception $e)
81 {
82 ob_clean();
83 renderErrorImage();
84 }
85 break;
86 case 'ajax' == $_REQUEST['module']:
87 require_once 'inc/ajax-interface.php';
88 require_once 'inc/init.php';
89 try
90 {
91 dispatchAJAXRequest();
92 }
93 catch (InvalidRequestArgException $e)
94 {
95 ob_clean();
96 echo "NAK\nMalformed request";
97 }
98 catch (Exception $e)
99 {
100 ob_clean();
101 echo "NAK\nRuntime exception: ". $e->getMessage();
102 }
103 break;
104 case 'redirect' == $_REQUEST['module']:
105 // Include init after ophandlers/snmp, not before, so local.php can redefine things.
106 require_once 'inc/ophandlers.php';
107 // snmp.php is an exception, it is treated by a special hack
108 if (isset ($_REQUEST['op']) and $_REQUEST['op'] == 'querySNMPData')
109 require_once 'inc/snmp.php';
110 require_once 'inc/init.php';
111 try
112 {
113 genericAssertion ('op', 'string');
114 $op = $_REQUEST['op'];
115 prepareNavigation();
116 $location = buildWideRedirectURL();
117 // FIXME: find a better way to handle this error
118 if ($op == 'addFile' && !isset($_FILES['file']['error']))
119 throw new RackTablesError ('File upload error, check upload_max_filesize in php.ini', RackTablesError::MISCONFIGURED);
120 fixContext();
121 if
122 (
123 !isset ($ophandler[$pageno][$tabno][$op]) or
124 !function_exists ($ophandler[$pageno][$tabno][$op])
125 )
126 throw new RackTablesError ("Invalid navigation data for '${pageno}-${tabno}-${op}'", RackTablesError::INTERNAL);
127 // We have a chance to handle an error before starting HTTP header.
128 if (!isset ($delayauth[$pageno][$tabno][$op]))
129 assertPermission();
130 # Call below does the job of bypass argument assertion, if such is required,
131 # so the ophandler function doesn't have to re-assert this portion of its
132 # arguments. And it would be even better to pass returned value to ophandler,
133 # so it is not necessary to remember the name of bypass in it.
134 getBypassValue();
135 if (strlen ($redirect_to = call_user_func ($ophandler[$pageno][$tabno][$op])))
136 $location = $redirect_to;
137 }
138 // known "soft" failures require a short error message
139 catch (InvalidRequestArgException $e)
140 {
141 ob_clean();
142 showError ($e->getMessage());
143 }
144 catch (RTDatabaseError $e)
145 {
146 ob_clean();
147 showError ('Database error: ' . $e->getMessage());
148 }
149 catch (RTPermissionDenied $e)
150 {
151 ob_clean();
152 showError ('Operation not permitted');
153 }
154 header ('Location: ' . $location);
155 // any other error requires no special handling and will be caught outside
156 break;
157 case 'popup' == $_REQUEST['module']:
158 require_once 'inc/popup.php';
159 require_once 'inc/init.php';
160 renderPopupHTML();
161 break;
162 case 'upgrade' == $_REQUEST['module']:
163 require_once 'inc/config.php'; // for CODE_VERSION
164 require_once 'inc/dictionary.php';
165 require_once 'inc/upgrade.php';
166 // Enforce default value for now, releases prior to 0.17.0 didn't support 'httpd' auth source.
167 $user_auth_src = 'database';
168 if (FALSE === @include_once 'inc/secret.php')
169 die ('<center>There is no working RackTables instance here, <a href="?module=installer">install</a>?</center>');
170 try
171 {
172 $dbxlink = new PDO ($pdo_dsn, $db_username, $db_password);
173 }
174 catch (PDOException $e)
175 {
176 die ("Database connection failed:\n\n" . $e->getMessage());
177 }
178 renderUpgraderHTML();
179 break;
180 case 'installer' == $_REQUEST['module']:
181 require_once 'inc/dictionary.php';
182 require_once 'inc/install.php';
183 renderInstallerHTML();
184 break;
185 default:
186 throw new InvalidRequestArgException ('module', $_REQUEST['module']);
187 }
188 ob_end_flush();
189 }
190 catch (Exception $e)
191 {
192 ob_end_clean();
193 # prevent message appearing in foreign tab
194 if (isset ($_SESSION['log']))
195 unset ($_SESSION['log']);
196 printException ($e);
197 }
198 ?>