<?php
/** \file index.php
 *  \brief DI index page
 *  \author Bram Lentjes, Core|Vision
 *  \version 1.0
 *  \date 27-05-2013
 *
 * This file contains the index file.
 */

/*
 * Required pages
 */
require_once('include/core_xml.php');
require_once('include/core.php');
require_once('app/include/app_definitions.php');
require_once('app/include/app_utilities.php');
require_once('app/include/app_touch_events.php');

// Go to page passed by href=
if (isset($_GET['href'])) {
    // Check for local files => No links!!!
    if (CheckDirectory(array($_SESSION[$_PAGE_INFO['id']]['base_path'] . "app/include",
        $_SESSION[$_PAGE_INFO['id']]['base_path'] . "app/html/js",
        $_SESSION[$_PAGE_INFO['id']]['base_path'] . "app/di_store",
        $_SESSION[$_PAGE_INFO['id']]['base_path'] . "app/di_login",
        $_SESSION[$_PAGE_INFO['id']]['base_path'] . "app/di_app_projects",
        $_SESSION[$_PAGE_INFO['id']]['base_path'] . "app/di_app_news"),
        realpath($_GET['redirect']))) {
        DBG("checkdir");
    }

    $validUnauthPages = array(
        'app/version/version.txt',
        'app/di_login/login.php',
        'app/di_login/a_login.php',
        'app/di_app_news/a_get_news.php',
        'app/di_app_news/app_news_index.php',
        'app/di_app_signin/redirect_signin_login.php',
        'app/di_app_signin/signin_login.php',
        'app/di_app_signin/a_signin_login.php',
        'app/di_app_projects/app_signin_project_index.php',
        'app/di_app_signin/app_signin_index.php',
        'app/di_app_signin/advertisement.php',
        'app/di_app_signin/signin_send_sms.php',
        'app/di_app_projects/check_in_out.php',
        'app/di_app_projects/store_gps.php',
        'app/di_app_projects/a_get_documents.php',
        'app/di_app_projects/a_get_enquetes.php',
        'app/di_app_projects/a_get_appointmentbook.php',
        'app/di_app_projects/a_get_evaluations.php',
        'app/di_app_projects/a_get_questions.php',
        'app/di_app_projects/a_get_scans.php',
        'app/di_app_projects/a_get_signinlist.php',
        'app/di_app_projects/a_get_uploads.php',
        'app/di_app_projects/a_store_evaluations.php',
        'app/di_app_projects/add_button.php',
        'app/di_app_projects/delete_item_trash.php',
        'app/di_app_projects/delete_item_trash_1.php',
        'app/di_app_projects/store_single_question.php',
        'app/di_app_projects/store_flag.php',
        'app/di_app_projects/store_evalution_in_session.php',
        'app/di_app_projects/set_access_level.php',
        'app/di_app_profile/app_profile_index.php',
        'app/di_app_profile/a_get_profile.php',
        'app/di_app_profile/add_profile.php',
        'app/di_app_profile/import_profile.php',
        'app/di_app_profile/store_profile.php',
        'app/di_app_profile/store_profile_in_session.php',
        'app/dummy_poll.php',
        'app/include/check_project_transfer.php',
        'app/include/upload_comment.php',
        'app/include/upload_photo.php',
        'app/include/project_transfer.php',
        'app/di_app_profile/redirect_profile.php',
        'app/di_app_dvp/store_dvp_data.php',
        'app/di_app_dvp/get_dvp_data.php'
    );

    // When a user request an unauhtorized page or
    // When he/she is logged on, has no .. in the URI
    if (in_array($_GET['href'], $validUnauthPages) ||
        (isset($_SESSION[$_PAGE_INFO['id']]['logged_on']) && strpos($_GET['href'], '..') === false)
    ) {
        // The href must be relative to web-interface root directory (which is 1 level higher than this)
        include(dirname(__DIR__) . '/' . $_GET['href']);
    } elseif (($_GET['href'] == 'app/di_store/store_index.php') && !isset($_SESSION[$_PAGE_INFO['id']]['logged_on'])) {
        // Go to the DI store
        include('app/di_store/store_index.php');
    } else {
        // Only when session of the user is removed
        if ($_GET['href'] == 'app/di_app_projects/a_get_projects.php') {
            // Redirect page back to login page from normal
            include('app/di_store/store_index.php');
        } else {
            // Redirect page back to login page from ajax xmlhttp
            echo "<script type=\"text/javascript\">\n";
            echo "window.open(getBaseURL());";
            echo "</script>\n";
        }
    }
} else {
    include('app/di_store/store_index.php');
}
?>