lib/main.php

   1 <?php
   2 rcs_id('$Id: main.php,v 1.68 2002-08-23 18:29:30 rurban Exp $');
   3
   4 define ('DEBUG', 1);
   5 define ('USE_PREFS_IN_PAGE', true);
   6
   7 include "lib/config.php";
   8 include "lib/stdlib.php";
   9 require_once('lib/Request.php');
  10 require_once("lib/WikiUser.php");
  11 require_once('lib/WikiDB.php');
  12
  13 class WikiRequest extends Request {
  14
  15     function WikiRequest () {
  16         $this->Request();
  17
  18         // Normalize args...
  19         $this->setArg('pagename', $this->_deducePagename());
  20         $this->setArg('action', $this->_deduceAction());
  21
  22         // Restore auth state
  23         $this->_user = new WikiUser($this->getSessionVar('wiki_user'));
  24         // WikiDB Auth later
  25         // $this->_user = new WikiDB_User($this->getSessionVar('wiki_user'), $this->getAuthDbh());
  26         $this->_prefs = $this->_user->getPreferences();
  27     }
  28
  29     // This really maybe should be part of the constructor, but since it
  30     // may involve HTML/template output, the global $request really needs
  31     // to be initialized before we do this stuff.
  32     function updateAuthAndPrefs () {
  33         global $Theme;
  34         // Handle preference updates, an authentication requests, if any.
  35         if ($new_prefs = $this->getArg('pref')) {
  36             $this->setArg('pref', false);
  37             if ($this->isPost() and !empty($new_prefs['passwd']) and
  38                 ($new_prefs['passwd2'] != $new_prefs['passwd'])) {
  39                 $this->_prefs->set('passwd','');
  40                 // $this->_prefs->set('passwd2',''); // This is not stored anyway
  41                 include_once("themes/" . THEME . "/themeinfo.php");
  42                 return false;
  43             }
  44             foreach ($new_prefs as $key => $val) {
  45                 if ($key == 'passwd') {
  46                   $val = crypt('passwd');
  47                 }
  48                 $this->_prefs->set($key, $val);
  49             }
  50         }
  51
  52         // Handle authentication request, if any.
  53         if ($auth_args = $this->getArg('auth')) {
  54             $this->setArg('auth', false);
  55             include_once("themes/" . THEME . "/themeinfo.php");
  56             $this->_handleAuthRequest($auth_args); // possible NORETURN
  57         }
  58         elseif ( ! $this->_user->isSignedIn() ) {
  59             // If not auth request, try to sign in as saved user.
  60             if (($saved_user = $this->getPref('userid')) != false) {
  61                 include_once("themes/" . THEME . "/themeinfo.php");
  62                 $this->_signIn($saved_user);
  63             }
  64         }
  65
  66         // Save preferences in session and cookie
  67         $id_only = true;
  68         $this->_user->setPreferences($this->_prefs, $id_only);
  69         /*
  70         if ($theme = $this->getPref('theme') ) {
  71             // Load user-defined theme
  72             include_once("themes/$theme/themeinfo.php");
  73         } else {
  74             // site theme
  75             include_once("themes/" . THEME . "/themeinfo.php");
  76         }
  77         */
  78         if (empty($Theme)) {
  79             include_once("themes/" . THEME . "/themeinfo.php");
  80         }
  81         if (empty($Theme)) {
  82             include_once("themes/default/themeinfo.php");
  83         }
  84         assert(!empty($Theme));
  85
  86         // Ensure user has permissions for action
  87         $require_level = $this->requiredAuthority($this->getArg('action'));
  88         if (! $this->_user->hasAuthority($require_level))
  89             $this->_notAuthorized($require_level); // NORETURN
  90     }
  91
  92     function getUser () {
  93         return $this->_user;
  94     }
  95
  96     function getPrefs () {
  97         return $this->_prefs;
  98     }
  99
 100     // Convenience function:
 101     function getPref ($key) {
 102         return $this->_prefs->get($key);
 103     }
 104
 105     function getDbh () {
 106         if (!isset($this->_dbi)) {
 107             // needs PHP 4.1. better use $this->_user->...
 108             $this->_dbi = WikiDB::open($GLOBALS['DBParams']);
 109         }
 110         return $this->_dbi;
 111     }
 112
 113     function getAuthDbh () {
 114         global $DBParams, $DBAuthParams;
 115         if (!isset($this->_auth_dbi)) {
 116             if ($DBParams['dbtype'] == 'dba' or empty($DBAuthParams['auth_dsn']))
 117                 $this->_auth_dbi = $this->getDbh(); // use phpwiki database
 118             elseif ($DBAuthParams['auth_dsn'] == $DBParams['dsn'])
 119                 $this->_auth_dbi = $this->getDbh(); // same phpwiki database
 120             else // use external database
 121                 // needs PHP 4.1. better use $this->_user->...
 122                 $this->_auth_dbi = WikiDB_User::open($DBAuthParams);
 123         }
 124         return $this->_auth_dbi;
 125     }
 126
 127     /**
 128      * Get requested page from the page database.
 129      *
 130      * This is a convenience function.
 131      */
 132     function getPage () {
 133         if (!isset($this->_dbi))
 134             $this->getDbh();
 135         return $this->_dbi->getPage($this->getArg('pagename'));
 136     }
 137
 138     function _handleAuthRequest ($auth_args) {
 139         if (!is_array($auth_args))
 140             return;
 141
 142         // Ignore password unless POST'ed.
 143         if (!$this->isPost())
 144             unset($auth_args['passwd']);
 145
 146         $user = $this->_user->AuthCheck($auth_args);
 147
 148         if (isa($user, 'WikiUser')) {
 149             // Successful login (or logout.)
 150             $this->_setUser($user);
 151         }
 152         elseif ($user) {
 153             // Login attempt failed.
 154             $fail_message = $user;
 155             $auth_args['pass_required'] = true;
 156             // If no password was submitted, it's not really
 157             // a failure --- just need to prompt for password...
 158             if (!isset($auth_args['passwd'])) {
 159                  //$auth_args['pass_required'] = false;
 160                  $fail_message = false;
 161             }
 162             $this->_user->PrintLoginForm($this, $auth_args, $fail_message);
 163             $this->finish();    //NORETURN
 164         }
 165         else {
 166             // Login request cancelled.
 167         }
 168     }
 169
 170     /**
 171      * Attempt to sign in (bogo-login).
 172      *
 173      * Fails silently.
 174      *
 175      * @param $userid string Userid to attempt to sign in as.
 176      * @access private
 177      */
 178     function _signIn ($userid) {
 179         $user = $this->_user->AuthCheck(array('userid' => $userid));
 180         if (isa($user, 'WikiUser')) {
 181             $this->_setUser($user); // success!
 182         }
 183     }
 184
 185     function _setUser ($user) {
 186         $this->_user = $user;
 187         $this->setCookieVar('WIKI_ID', $user->_userid, 365);
 188         $this->setSessionVar('wiki_user', $user);
 189
 190         // Save userid to prefs..
 191         $this->_prefs->set('userid',
 192                            $user->isSignedIn() ? $user->getId() : '');
 193     }
 194
 195     function _notAuthorized ($require_level) {
 196         // User does not have required authority.  Prompt for login.
 197         $what = $this->getActionDescription($this->getArg('action'));
 198
 199         if ($require_level >= WIKIAUTH_FORBIDDEN) {
 200             $this->finish(fmt("%s is disallowed on this wiki.",
 201                               $this->getDisallowedActionDescription($this->getArg('action'))));
 202         }
 203         elseif ($require_level == WIKIAUTH_BOGO)
 204             $msg = fmt("You must sign in to %s.", $what);
 205         elseif ($require_level == WIKIAUTH_USER)
 206             $msg = fmt("You must log in to %s.", $what);
 207         else
 208             $msg = fmt("You must be an administrator to %s.", $what);
 209         $pass_required = ($require_level >= WIKIAUTH_USER);
 210
 211         $this->_user->PrintLoginForm($this, compact('require_level','pass_required'), $msg);
 212         $this->finish();    // NORETURN
 213     }
 214
 215     function getActionDescription($action) {
 216         static $actionDescriptions;
 217         if (! $actionDescriptions) {
 218             $actionDescriptions
 219             = array('browse'     => _("browse pages in this wiki"),
 220                     'diff'       => _("diff pages in this wiki"),
 221                     'dumphtml'   => _("dump html pages from this wiki"),
 222                     'dumpserial' => _("dump serial pages from this wiki"),
 223                     'edit'       => _("edit pages in this wiki"),
 224                     'loadfile'   => _("load files into this wiki"),
 225                     'lock'       => _("lock pages in this wiki"),
 226                     'remove'     => _("remove pages from this wiki"),
 227                     'unlock'     => _("unlock pages in this wiki"),
 228                     'upload'     => _("upload a zip dump to this wiki"),
 229                     'viewsource' => _("view the source of pages in this wiki"),
 230                     'zip'        => _("download a zip dump from this wiki"),
 231                     'ziphtml'    => _("download an html zip dump from this wiki")
 232                     );
 233         }
 234         if (in_array($action, array_keys($actionDescriptions)))
 235             return $actionDescriptions[$action];
 236         else
 237             return $action;
 238     }
 239     function getDisallowedActionDescription($action) {
 240         static $disallowedActionDescriptions;
 241         if (! $disallowedActionDescriptions) {
 242             $disallowedActionDescriptions
 243             = array('browse'     => _("Browsing pages"),
 244                     'diff'       => _("Diffing pages"),
 245                     'dumphtml'   => _("Dumping html pages"),
 246                     'dumpserial' => _("Dumping serial pages"),
 247                     'edit'       => _("Editing pages"),
 248                     'loadfile'   => _("Loading files"),
 249                     'lock'       => _("Locking pages"),
 250                     'remove'     => _("Removing pages"),
 251                     'unlock'     => _("Unlocking pages"),
 252                     'upload'     => _("Uploading zip dumps"),
 253                     'viewsource' => _("Viewing the source of pages"),
 254                     'zip'        => _("Downloading zip dumps"),
 255                     'ziphtml'    => _("Downloading html zip dumps")
 256                     );
 257         }
 258         if (in_array($action, array_keys($disallowedActionDescriptions)))
 259             return $disallowedActionDescriptions[$action];
 260         else
 261             return $action;
 262     }
 263
 264     function requiredAuthority ($action) {
 265         // FIXME: clean up.
 266         // Todo: Check individual page permissions.
 267         switch ($action) {
 268             case 'browse':
 269             case 'viewsource':
 270             case 'diff':
 271                 return WIKIAUTH_ANON;
 272
 273             case 'zip':
 274                 if (defined('ZIPDUMP_AUTH') && ZIPDUMP_AUTH)
 275                     return WIKIAUTH_ADMIN;
 276                 return WIKIAUTH_ANON;
 277
 278             case 'ziphtml':
 279                 if (defined('ZIPDUMP_AUTH') && ZIPDUMP_AUTH)
 280                     return WIKIAUTH_ADMIN;
 281                 return WIKIAUTH_ANON;
 282
 283             case 'edit':
 284                 if (defined('REQUIRE_SIGNIN_BEFORE_EDIT') && REQUIRE_SIGNIN_BEFORE_EDIT)
 285                     return WIKIAUTH_BOGO;
 286                 return WIKIAUTH_ANON;
 287                 // return WIKIAUTH_BOGO;
 288
 289             case 'upload':
 290             case 'dumpserial':
 291             case 'dumphtml':
 292             case 'loadfile':
 293             case 'remove':
 294             case 'lock':
 295             case 'unlock':
 296                 return WIKIAUTH_ADMIN;
 297             default:
 298                 // Temp workaround for french single-word action pages 'Historique'
 299                 // Some of this make sense as SubPage actions or buttons.
 300                 $singleWordActionPages =
 301                     array("Historique", "Info",
 302                           _("Preferences"), _("Administration"),
 303                           _("Today"), _("Help"));
 304                 if (in_array($action, $singleWordActionPages))
 305                     return WIKIAUTH_ANON; // ActionPage.
 306                 global $WikiNameRegexp;
 307                 if (preg_match("/$WikiNameRegexp\Z/A", $action))
 308                     return WIKIAUTH_ANON; // ActionPage.
 309                 else
 310                     return WIKIAUTH_ADMIN;
 311         }
 312     }
 313
 314     function possiblyDeflowerVirginWiki () {
 315         if ($this->getArg('action') != 'browse')
 316             return;
 317         if ($this->getArg('pagename') != HOME_PAGE)
 318             return;
 319
 320         $page = $this->getPage();
 321         $current = $page->getCurrentRevision();
 322         if ($current->getVersion() > 0)
 323             return;             // Homepage exists.
 324
 325         include('lib/loadsave.php');
 326         SetupWiki($this);
 327         $this->finish();        // NORETURN
 328     }
 329
 330     function handleAction () {
 331         $action = $this->getArg('action');
 332         $method = "action_$action";
 333         if (method_exists($this, $method)) {
 334             $this->{$method}();
 335         }
 336         elseif ($this->isActionPage($action)) {
 337             $this->actionpage($action);
 338         }
 339         else {
 340             $this->finish(fmt("%s: Bad action", $action));
 341         }
 342     }
 343
 344
 345     function finish ($errormsg = false) {
 346         static $in_exit = 0;
 347
 348         if ($in_exit)
 349             exit();        // just in case CloseDataBase calls us
 350         $in_exit = true;
 351
 352         if (!empty($this->_dbi))
 353             $this->_dbi->close();
 354         unset($this->_dbi);
 355
 356
 357         global $ErrorManager;
 358         $ErrorManager->flushPostponedErrors();
 359
 360         if (!empty($errormsg)) {
 361             PrintXML(HTML::br(),
 362                      HTML::hr(),
 363                      HTML::h2(_("Fatal PhpWiki Error")),
 364                      $errormsg);
 365             // HACK:
 366             echo "\n</body></html>";
 367         }
 368
 369         Request::finish();
 370         exit;
 371     }
 372
 373     function _deducePagename () {
 374         if ($this->getArg('pagename'))
 375             return $this->getArg('pagename');
 376
 377         if (USE_PATH_INFO) {
 378             $pathinfo = $this->get('PATH_INFO');
 379             $tail = substr($pathinfo, strlen(PATH_INFO_PREFIX));
 380
 381             if ($tail && $pathinfo == PATH_INFO_PREFIX . $tail) {
 382                 return $tail;
 383             }
 384         }
 385
 386         $query_string = $this->get('QUERY_STRING');
 387         if (preg_match('/^[^&=]+$/', $query_string)) {
 388             return urldecode($query_string);
 389         }
 390
 391         return HOME_PAGE;
 392     }
 393
 394     function _deduceAction () {
 395         if (!($action = $this->getArg('action')))
 396             return 'browse';
 397
 398         if (method_exists($this, "action_$action"))
 399             return $action;
 400
 401         // Allow for, e.g. action=LikePages
 402         if ($this->isActionPage($action))
 403             return $action;
 404
 405         // Check for _('PhpWikiAdministration').'/'._('Remove') actions
 406         $pagename = $this->getArg('pagename');
 407         if (strstr($pagename,_('PhpWikiAdministration')))
 408             return $action;
 409
 410         trigger_error("$action: Unknown action", E_USER_NOTICE);
 411         return 'browse';
 412     }
 413
 414     function _deduceUsername () {
 415         if ($userid = $this->getSessionVar('wiki_user'))
 416             return $userid;
 417         if ($userid = $this->getCookieVar('WIKI_ID'))
 418             return $userid;
 419         return false;
 420     }
 421
 422     function isActionPage ($pagename) {
 423         if (isSubPage($pagename))
 424             $subpagename = subPageSlice($pagename,-1); // last element
 425         else
 426             $subpagename = $pagename;
 427         // Temp workaround for french single-word action page 'Historique'
 428         $singleWordActionPages = array("Historique", "Info", _('Preferences'));
 429         if (! in_array($subpagename, $singleWordActionPages)) {
 430             // Allow for, e.g. action=LikePages
 431             global $WikiNameRegexp;
 432             if (!preg_match("/$WikiNameRegexp\\Z/A", $subpagename))
 433                 return false;
 434         }
 435         $dbi = $this->getDbh();
 436         $page = $dbi->getPage($pagename);
 437         $rev = $page->getCurrentRevision();
 438         // FIXME: more restrictive check for sane plugin?
 439         if (strstr($rev->getPackedContent(), '<?plugin'))
 440             return true;
 441         trigger_error("$pagename: Does not appear to be an 'action page'", E_USER_NOTICE);
 442         return false;
 443     }
 444
 445     function action_browse () {
 446         $this->compress_output();
 447         include_once("lib/display.php");
 448         displayPage($this);
 449     }
 450
 451     function action_verify () {
 452         $this->action_browse();
 453     }
 454
 455     function actionpage ($action) {
 456         $this->compress_output();
 457         include_once("lib/display.php");
 458         actionPage($this, $action);
 459     }
 460
 461     function action_diff () {
 462         $this->compress_output();
 463         include_once "lib/diff.php";
 464         showDiff($this);
 465     }
 466
 467     function action_search () {
 468         // This is obsolete: reformulate URL and redirect.
 469         // FIXME: this whole section should probably be deleted.
 470         if ($this->getArg('searchtype') == 'full') {
 471             $search_page = _("FullTextSearch");
 472         }
 473         else {
 474             $search_page = _("TitleSearch");
 475         }
 476         $this->redirect(WikiURL($search_page,
 477                                 array('s' => $this->getArg('searchterm')),
 478                                 'absolute_url'));
 479     }
 480
 481     function action_edit () {
 482         $this->compress_output();
 483         include "lib/editpage.php";
 484         $e = new PageEditor ($this);
 485         $e->editPage();
 486     }
 487
 488     function action_viewsource () {
 489         $this->compress_output();
 490         include "lib/editpage.php";
 491         $e = new PageEditor ($this);
 492         $e->viewSource();
 493     }
 494
 495     function action_lock () {
 496         $page = $this->getPage();
 497         $page->set('locked', true);
 498         $this->action_browse();
 499     }
 500
 501     function action_unlock () {
 502         // FIXME: This check is redundant.
 503         //$user->requireAuth(WIKIAUTH_ADMIN);
 504         $page = $this->getPage();
 505         $page->set('locked', false);
 506         $this->action_browse();
 507     }
 508
 509     function action_remove () {
 510         // FIXME: This check is redundant.
 511         //$user->requireAuth(WIKIAUTH_ADMIN);
 512         $pagename = $this->getArg('pagename');
 513         if (strstr($pagename,_('PhpWikiAdministration'))) {
 514             $this->action_browse();
 515         } else {
 516             include('lib/removepage.php');
 517             RemovePage($this);
 518         }
 519     }
 520
 521
 522     function action_upload () {
 523         include_once("lib/loadsave.php");
 524         LoadPostFile($this);
 525     }
 526
 527     function action_zip () {
 528         include_once("lib/loadsave.php");
 529         MakeWikiZip($this);
 530         // I don't think it hurts to add cruft at the end of the zip file.
 531         echo "\n========================================================\n";
 532         echo "PhpWiki " . PHPWIKI_VERSION . " source:\n$GLOBALS[RCS_IDS]\n";
 533     }
 534
 535     function action_ziphtml () {
 536         include_once("lib/loadsave.php");
 537         MakeWikiZipHtml($this);
 538         // I don't think it hurts to add cruft at the end of the zip file.
 539         echo "\n========================================================\n";
 540         echo "PhpWiki " . PHPWIKI_VERSION . " source:\n$GLOBALS[RCS_IDS]\n";
 541     }
 542
 543     function action_dumpserial () {
 544         include_once("lib/loadsave.php");
 545         DumpToDir($this);
 546     }
 547
 548     function action_dumphtml () {
 549         include_once("lib/loadsave.php");
 550         DumpHtmlToDir($this);
 551     }
 552
 553     function action_loadfile () {
 554         include_once("lib/loadsave.php");
 555         LoadFileOrDir($this);
 556     }
 557 }
 558
 559 //FIXME: deprecated
 560 function is_safe_action ($action) {
 561     return WikiRequest::requiredAuthority($action) < WIKIAUTH_ADMIN;
 562 }
 563
 564
 565 function main () {
 566     global $request;
 567
 568     $request = new WikiRequest();
 569     $request->updateAuthAndPrefs();
 570
 571     /* FIXME: is this needed anymore?
 572         if (USE_PATH_INFO && ! $request->get('PATH_INFO')
 573             && ! preg_match(',/$,', $request->get('REDIRECT_URL'))) {
 574             $request->redirect(SERVER_URL
 575                                . preg_replace('/(\?|$)/', '/\1',
 576                                               $request->get('REQUEST_URI'),
 577                                               1));
 578             exit;
 579         }
 580     */
 581
 582     // Enable the output of most of the warning messages.
 583     // The warnings will screw up zip files though.
 584     global $ErrorManager;
 585     if (substr($request->getArg('action'), 0, 3) != 'zip') {
 586         $ErrorManager->setPostponedErrorMask(E_NOTICE|E_USER_NOTICE);
 587         //$ErrorManager->setPostponedErrorMask(0);
 588     }
 589
 590     //FIXME:
 591     //if ($user->is_authenticated())
 592     //  $LogEntry->user = $user->getId();
 593
 594     $request->possiblyDeflowerVirginWiki();
 595
 596     $request->handleAction();
 597 if (defined('DEBUG') and DEBUG>1) phpinfo(INFO_VARIABLES);
 598     $request->finish();
 599 }
 600
 601 // Used for debugging purposes
 602 function getmicrotime(){
 603     list($usec, $sec) = explode(" ", microtime());
 604     return ((float)$usec + (float)$sec);
 605 }
 606 if (defined('DEBUG')) $GLOBALS['debugclock'] = getmicrotime();
 607
 608 main();
 609
 610
 611 // Local Variables:
 612 // mode: php
 613 // tab-width: 8
 614 // c-basic-offset: 4
 615 // c-hanging-comment-ender-p: nil
 616 // indent-tabs-mode: nil
 617 // End:
 618 ?>