<?php
/* boot.inc.php
 * code by strangecode :: www.strangecode.com :: this document contains copyrighted information. */


/* This is the big juicy initialization script that is generic and global to
 * all sites and scripts (even cron-executed scripts). This file is
 * included by a site-specific configuration file
 * which contains initialization and configuration specific to a site. Then
 * this big-daddy gets loaded, and starts all the trouble. Here we set global
 * configurations, include files that are used globally, connect to the
 * database, setup the sessions, and do things that are done for each script
 * execution, such as checking if the user is logged-in. */


// Find the central base file path of this crazy system
// With some installations of php __FILE__ returns a relative path!
$_file = preg_match('|^/|', __FILE__) ? __FILE__ : realpath(dirname($_SERVER['SCRIPT_FILENAME']) . '/' . __FILE__);
define('CODE_BASE', realpath(dirname($_file) . '/..'));

// If the site config file is not included this must be defined here.
if (!defined('SITE_BASE')) {
    define('SITE_BASE', '__NO_SITE_BASE__');
}

/******************************************************************************
 * INCLUDE GLOBAL LIBRARIES AND CONFIGURATIONS
 *****************************************************************************/

require_once CODE_BASE . '/lib/Utilities.inc.php';
require_once CODE_BASE . '/lib/App.inc.php';
require_once CODE_BASE . '/lib/AuthSQL.inc.php';

require_once CODE_BASE . '/config/security_roster.inc.php';

// Default configurations.
require_once CODE_BASE . '/config/defaults.inc.php';

// Global configurations overrides site configurations.
if (file_exists(CODE_BASE . '/../config/global_config.inc.php')) {
    include CODE_BASE . '/../config/global_config.inc.php';
}

// Debugging.
ini_set('display_errors', $CFG->display_errors);
ini_set('log_errors', '1');
if (is_dir($CFG->log_directory) && is_writable($CFG->log_directory)) {
    ini_set('error_log', $CFG->log_directory . '/php_error_log');
}

/******************************************************************************
 * DATABASE STUFF
 *****************************************************************************/

if ($CFG->enable_mysql) {

    // MySQL connection parameters.
    if (!empty($_SERVER['DB_SERVER']) && !empty($_SERVER['DB_NAME']) && !empty($_SERVER['DB_USER']) && !empty($_SERVER['DB_PASS'])) {
        // We set DB passwords as environment variables in the httpd.conf file,
        // which is readable only by root.
        $CFG->dbserver = $_SERVER['DB_SERVER'];
        $CFG->database = $_SERVER['DB_NAME'];
        $CFG->username = $_SERVER['DB_USER'];
        $CFG->password = $_SERVER['DB_PASS'];
    } else {
        // For CLI scripts that do not get httpd.conf ENV variables we load a
        // config file with the credentials. This file must be readable only by the
        // user that is executing the CLI application! NOT apache, unless the CLI is
        // spawned as a background process from an apache executed script, in which
        // case that is the only option.
        include SITE_BASE . '/../config/db_auth.inc.php';
    }

    $CFG->dbserver = (!isset($CFG->dbserver) || '' == $CFG->dbserver) ? 'localhost' : $CFG->dbserver;

    if (empty($CFG->database) || empty($CFG->username) || !isset($CFG->password)) { // Allow password to be empty string.
        logMsg('Database credentials missing.', LOG_WARNING, __FILE__, __LINE__);
    }

    // Polyfill to support PHP 7.
    require_once dirname(__FILE__) . '/../polyfill/mysql.inc.php';

    // Connect to MySQL
    if ($dbh = mysql_connect($CFG->dbserver, $CFG->username, $CFG->password)) {
        // Select database
        mysql_select_db($CFG->database, $dbh);
    }

    // Connection errors.
    if (!$dbh || mysql_error($dbh)) {
        $mysql_error_msg = $dbh ? 'Codebase MySQL error: (' . mysql_errno($dbh) . ') ' . mysql_error($dbh) : 'Codebase MySQL error: Could not connect to server.';
        if ($CFG->db_debug) {
            echo $mysql_error_msg . "\n";
        } else {
            echo _("This page is temporarily unavailable. It should be back up in a few minutes.");
        }
        logMsg($mysql_error_msg, LOG_EMERG, __FILE__, __LINE__);
        die;
    }

    /**
     * A wrapper for mysql_query. Allows us to set the database link_identifier,
     * to trap errors and ease debugging.
     *
     * @param  string  $query   The SQL query to execute
     * @param  bool    $debug   If true, prints debugging info
     * @return resource         Query identifier
     */
    function dbQuery($query, $debug=false)
    {
        global $CFG, $dbh;

        $debugqry = preg_replace("/\n[\t ]+/", "\n", $query);
        if ($CFG->db_always_debug || $debug) {
            logMsg($debugqry, LOG_DEBUG, __FILE__, __LINE__);
            echo "<!-- --------------------------------------\n" . $debugqry . "\n-->";
        }

        // Ensure we have an active connection.
        // If we continue on a dead connection we might experience a "MySQL server has gone away" error.
        // http://dev.mysql.com/doc/refman/5.0/en/gone-away.html
        // Unfortunately we'll have redundant code with the reconnection below.
        if (!mysql_ping($dbh)) {
            logMsg(sprintf('MySQL ping failed; reconnecting… ("%s")', truncate(trim($debugqry), 150)), LOG_NOTICE, __FILE__, __LINE__);
            mysql_close($dbh);
            if ($dbh = mysql_connect('localhost', $CFG->username, $CFG->password)) {
                mysql_select_db($CFG->database, $dbh);
            }
            if (!$dbh || mysql_error($dbh)) {
                $mysql_error_msg = $dbh ? 'Codebase MySQL error: (' . mysql_errno($dbh) . ') ' . mysql_error($dbh) : 'Codebase MySQL error: Could not connect to server.';
                if ($CFG->db_debug) {
                    echo $mysql_error_msg . "\n";
                } else {
                    echo _("This page is temporarily unavailable. It should be back up in a few minutes.");
                }
                logMsg($mysql_error_msg, LOG_EMERG, __FILE__, __LINE__);
                die;
            }
        }

        $qid = mysql_query($query, $dbh);
        if (!$qid || mysql_error($dbh)) {
            if ($CFG->db_debug) {
                echo '<br><pre style="color:#630; font:9px monaco,geneva,verdana;">';
                echo '<strong>ERRONEOUS QUERY:</strong>' . htmlspecialchars($debugqry);
                echo '<br><strong>THE PROBLEM:</strong><br>' . wordwrap(mysql_error($dbh)) . '</pre>';
            } else {
                echo _("This page is temporarily unavailable. It should be back up in a few minutes.");
            }
            logMsg('Query failed: ' . preg_replace('/[\s]+/', ' ', $debugqry) . ' with MySQL error: (' . mysql_errno($dbh) . ') ' . mysql_error($dbh), LOG_EMERG, __FILE__, __LINE__);
            if ($CFG->db_die_on_failure) {
                echo "\n\n<!-- Script execution stopped out of embarrassment. -->";
                die;
            }
        }
        return $qid;
    }

    $mysql_character_sets = array(
        'utf-8' => 'utf8',
        'iso-8859-1' => 'latin1',
    );

    // Tell MySQL what character set we're useing. Available only on MySQL verions > 4.01.01.
    if ('' != $CFG->character_set && isset($mysql_character_sets[strtolower($CFG->character_set)])) {
        dbQuery("/*!40101 SET NAMES '" . $mysql_character_sets[strtolower($CFG->character_set)] . "' */");
    } else {
        logMsg(sprintf('%s is not a known character_set.', $CFG->character_set), LOG_ERR, __FILE__, __LINE__);
    }

} // End enable MySQL._________________________________________________________

/******************************************************************************
 * SESSION HANDLER INITIALIZATION, AND STARTUP
 *****************************************************************************/


// Skip sessions for some scripts, like the cron executed scripts.
if (true === $CFG->enable_session) { //________________________________________

    // Set the session ID to one provided in GET/POST. This is necessary for linking
    // between domains and keeping the same session.
    if ($ses = getFormData($CFG->session_name, false)) {
        session_id($ses);
    }

    // Session parameters.
    ini_set('session.use_cookies', $CFG->session_use_cookies);
    ini_set('session.use_trans_sid', false);
    ini_set('session.entropy_file', '/dev/urandom');
    ini_set('session.entropy_length', '512');
    session_name($CFG->session_name);

    if (true === $CFG->enable_mysql_session_handler && true === $CFG->enable_mysql) {
        // Database session handling.
        require_once CODE_BASE . '/lib/MySQLSessionHandler.inc.php';
        $sess_mysql['dbh']             =& $dbh;           // MySQL link identifier, if we are already connected to the database
        $sess_mysql['hostname']        = 'localhost';     // MySQL hostname
        $sess_mysql['user']            = $CFG->username;  // MySQL username
        $sess_mysql['password']        = $CFG->password;  // MySQL password
        $sess_mysql['db']              = $CFG->database;  // Database where to store the sessions
        $sess_mysql['table']           = 'session_tbl';   // Table where to store the sessions
        ini_set('session.save_handler', 'user');
        session_set_save_handler('mysqlSessionOpen', 'mysqlSessionClose', 'mysqlSessionRead', 'mysqlSessionWrite', 'mysqlSessionDestroy', 'mysqlSessionGarbage');
    }

    // Start the session. Access session data using: $_SESSION['...']
    session_start();

    // Access session data using: $_SESSION['...'].
    // Initialize here _after_ session has started.
    if (!isset($_SESSION['_boomerang'])) {
        $_SESSION['_boomerang'] = array(
            'url' => array(),
        );
    }
    if (!isset($_SESSION['_messages'])) {
        $_SESSION['_messages'] = array();
    }
} // end enable sessions ______________________________________________________

/******************************************************************************
 * AUTHENTICATION
 *****************************************************************************/


if (!isset($_admin)) {
    $_admin = new AuthSQL(array(
        'auth_name'         => 'admin',
        'user_tbl'          => 'admin_tbl',
        'user_id_column'    => 'admin_id',
        'login_url'         => $CFG->admin_url . '/login.php'
    ));
}

if (!isset($_user)) {
    $_user = new AuthSQL(array(
        'auth_name'         => 'user',
        'db_table'          => 'user_tbl',
        'user_id_column'    => 'user_id',
        'login_tbl'         => 'login_tbl',
        'login_url'         => $CFG->site_url . '/login.php',
        'features'          => array('blocking'=>true, 'abuse_detection'=>true),
    ));
}

/******************************************************************************
 * ET CETERA
 *****************************************************************************/

// Character set. This will also be printed in the html head.
header('Content-type: text/html; charset=' . $CFG->character_set);

// Set the version of the codebase we're using.
$codebase_version_file = dirname(__FILE__) . '/../docs/version.txt';
if (is_readable($codebase_version_file)) {
    $CFG->codebase_version = trim(file_get_contents($codebase_version_file));
    header('X-Codebase-Version: ' . $CFG->codebase_version);
}

// Capture the ultimate referrer. Used? Not yet.
if (!isset($_SESSION['_ultimate_referrer'])) {
    $_SESSION['_ultimate_referrer'] = getenv('HTTP_REFERER');
}

// The include path is set for the templates.
// We split them between shared and site specific directories.
ini_set('include_path',
    ini_get('include_path') . PATH_SEPARATOR .
    SITE_BASE . '/_templates' . PATH_SEPARATOR .
    CODE_BASE . '/templates' . PATH_SEPARATOR .

    SITE_BASE . '/../lib'
);