| 1 |
<?php |
| 2 |
|
| 3 |
// Copyright (c) 2009 Katsuhisa Yuasa <berupon [at] gmail.com> |
| 4 |
// License http://www.opensource.org/licenses/mit-license.html |
| 5 |
|
| 6 |
require_once 'version_check.php'; |
| 7 |
|
| 8 |
require_once 'config.php'; |
| 9 |
|
| 10 |
require_once 'common.php'; |
| 11 |
require_once 'validator.php'; |
| 12 |
require_once 'domain.php'; |
| 13 |
require_once 'buggy.class.php'; |
| 14 |
|
| 15 |
session_start(); |
| 16 |
|
| 17 |
//session_cache_limiter('nocache'); |
| 18 |
|
| 19 |
$tpl = array(); |
| 20 |
|
| 21 |
try { |
| 22 |
$con = openDatabase(DB_PATH); |
| 23 |
}catch (Exception $e) { |
| 24 |
echo 'Caught exception: ', $e->getMessage(), "\n"; |
| 25 |
exit; |
| 26 |
} |
| 27 |
|
| 28 |
$params = array_merge($_GET, $_POST); |
| 29 |
if (get_magic_quotes_gpc()) { |
| 30 |
function stripslashes_deep($value) { |
| 31 |
$value = |
| 32 |
is_array($value) |
| 33 |
? |
| 34 |
array_map('stripslashes_deep', $value) |
| 35 |
: |
| 36 |
stripslashes($value) |
| 37 |
; |
| 38 |
return $value; |
| 39 |
} |
| 40 |
|
| 41 |
$params = array_map('stripslashes_deep', $params); |
| 42 |
} |
| 43 |
|
| 44 |
// 入力文字列のエンコーディング検査 |
| 45 |
// http://gihyo.jp/dev/serial/01/php-security/extra/001206 |
| 46 |
{ |
| 47 |
define('INPUT_ENCODING', 'UTF-8'); |
| 48 |
function input_encoding_check_cb($k, $v) { |
| 49 |
// input_encoding_checkのコールバック関数 |
| 50 |
if (!mb_check_encoding($k, INPUT_ENCODING) || !mb_check_encoding($v, INPUT_ENCODING)) { |
| 51 |
trigger_error('不正な文字エンコーディングを検出しました'); |
| 52 |
die('System detected some errors'); |
| 53 |
} |
| 54 |
} |
| 55 |
array_walk_recursive($params, 'input_encoding_check_cb'); |
| 56 |
} |
| 57 |
|
| 58 |
// location |
| 59 |
$relativePath = ''; |
| 60 |
|
| 61 |
$debug = array(); |
| 62 |
|
| 63 |
$base = parse_url($_SERVER['SCRIPT_NAME']); |
| 64 |
$uri = parse_url($_SERVER['REQUEST_URI']); |
| 65 |
//echo $_SERVER['SCRIPT_NAME'] . "<BR>"; |
| 66 |
//echo $_SERVER['REQUEST_URI'] . "<BR>"; |
| 67 |
|
| 68 |
$base = explode(DIRECTORY_SEPARATOR, $base['path']); |
| 69 |
$uri = explode(DIRECTORY_SEPARATOR, $uri['path']); |
| 70 |
$diffs = array_values(array_diff_assoc($uri, $base)); |
| 71 |
$path = implode(DIRECTORY_SEPARATOR, $diffs); |
| 72 |
$relativePath = str_repeat('..'.DIRECTORY_SEPARATOR, max(0, count($diffs)-1)); |
| 73 |
if (count($path) && strlen($path)) { |
| 74 |
$dest = $path; |
| 75 |
}else { |
| 76 |
$dest = 'main'; |
| 77 |
} |
| 78 |
|
| 79 |
// 認証処理に飛ばす |
| 80 |
if (!array_key_exists('authenticated', $_SESSION)) { |
| 81 |
$_SESSION['authenticated'] = false; |
| 82 |
} |
| 83 |
if ($_SESSION['authenticated']) { |
| 84 |
if ($dest == 'login') { |
| 85 |
$addr = dirname($_SERVER['SCRIPT_NAME']) . DIRECTORY_SEPARATOR . 'index.php'; |
| 86 |
header('Location: ' . $addr); |
| 87 |
exit; |
| 88 |
} |
| 89 |
}else { |
| 90 |
if ($dest != 'login' && !DISABLE_AUTHENTICATION) { |
| 91 |
$addr = dirname($_SERVER['SCRIPT_NAME']) . DIRECTORY_SEPARATOR . 'login'; |
| 92 |
header('Location: ' . $addr); |
| 93 |
exit; |
| 94 |
} |
| 95 |
} |
| 96 |
|
| 97 |
$tpl['userid'] = (array_key_exists('userid', $_SESSION)) ? $_SESSION['userid'] : ''; |
| 98 |
$tpl['relative_path'] = $relativePath; |
| 99 |
//$breadcrumbs = '/ ' . str_replace('/', ' / ', $dest); |
| 100 |
|
| 101 |
$privileges = getPrivileges($con); |
| 102 |
$tpl['privileges'] = $privileges; |
| 103 |
$debug['params'] = $params; |
| 104 |
$debug['SESSION'] = $_SESSION; |
| 105 |
|
| 106 |
//usleep(200000); |
| 107 |
|
| 108 |
try { |
| 109 |
$loadPath = $dest . '.inc.php'; |
| 110 |
if (file_exists($loadPath)) { |
| 111 |
include $loadPath; |
| 112 |
}else { |
| 113 |
echo <<<HEAR |
| 114 |
リクエストされたページは見つかりません。移動します。 |
| 115 |
<META HTTP-EQUIV=Refresh CONTENT="2; URL=index.php"> |
| 116 |
HEAR; |
| 117 |
} |
| 118 |
exit; |
| 119 |
}catch (PDOException $e) { |
| 120 |
if (IS_DEBUGGING) { |
| 121 |
echo $e; |
| 122 |
var_export($con->errorInfo()); |
| 123 |
} |
| 124 |
} |
| 125 |
|
Parent Directory
Revision Log