<?php
/** \file html\index_st.php
 *  \brief ZKL webinterface main parser file (Second stage)
 *  \author Rob Schalken, Core|Vision
 *  \version 1.0
 *  \date 17-10-2008
 *
 * This file is the main parser file of the ZKL web interface. After every button/hyperlink press This
 * file is called. This file checks whether it is an action or page and checks if the user has been
 * logged on and if the called file exists!
 */

/*
 * Required pages (1/3)
 */
require_once("include/utilities.php");

/*
 * Called in the background (=CLI)?
 */
$background = ((isset($argc)) && ($argc >= 1)) ? TRUE : FALSE;

/*
 * Capture output buffer when process is handled in the background
 */
if ($background) {
  // Retrieve $_GET vars
  if ($argc >= 1) {
    $_GET = unserialize(urldecode($argv[1]));
  }

  // Retrieve $_POST vars
  if ($argc >= 2) {
    $_POST = unserialize(urldecode($argv[2]));
  }

  // Retrieve session id
  if ($argc >= 3) {
    // Session id was stored in cookie by browser, so not accessible by CLI
    session_id($argv[3]);
  }

  // Set time time (max 10 minutes, this to prevent an never ending story)
  set_time_limit(600);

  // Turn on output buffering
  ob_start();
}

/*
 * Read only session => Otherwhise lock wait timeout can occur
 * This must be called before the session.php has been include
 */
$session_ro = array("scripts/other/rtstatus_datapump.php");
if ((isset($_GET['redirect'])) && (in_array($_GET['redirect'], $session_ro))) {
  $_PAGE_INFO['session_read_only'] = TRUE;
}


/*
 * Required pages (2/3)
 */
require_once("include/core_xml.php");
require_once("include/core.php");
require_once("include/cp3000-tcpclient.php");
require_once("include/tcpclient.php");

// Determine device (opera mini/mobile/skyfire)
$_PAGE_INFO['browser'] = browser();
if ((isset($_SERVER['HTTP_X_SKYFIRE_VERSION'])) || (isset($_SERVER['HTTP_X_OPERAMINI_PHONE'])) ||
    (($_PAGE_INFO['browser'] == "OPERA") && (strpos(strtolower($_SERVER['HTTP_USER_AGENT']),"opera mobi") !== FALSE)) ||
    (strpos(strtolower($_SERVER['HTTP_USER_AGENT']),"iemobile") !== FALSE)) {
  $_PAGE_INFO['MTinfo_device'] = "TEL";
}
else if (stristr($_SERVER['HTTP_USER_AGENT'], "MTINFO_RS3000") !== FALSE) {
  $_PAGE_INFO['MTinfo_device'] = "RS3000";
}
else if (stristr($_SERVER['HTTP_USER_AGENT'], "MTINFO_SMSSERVER") !== FALSE) {
  $_PAGE_INFO['MTinfo_device'] = "SMSSERVER";
}
else if ((stristr($_SERVER['HTTP_USER_AGENT'], "MTINFO_APP") !== FALSE) ||
   // Filetransfer exception => User agent cannot be overruled!
  ((isset($_GET['USER_AGENT'])) && (stristr($_GET['USER_AGENT'],"MTINFO_APP") !== FALSE) && (isset($_GET['href'])) && (stristr($_GET['href'], "upload_photo") !== FALSE))) {
  $_PAGE_INFO['MTinfo_device'] = "APP";
}
else {
  $_PAGE_INFO['MTinfo_device'] = "DESKTOP";
}


/*
 * Required pages (3/3)
 */
if ((!is_dev("RS3000")) && (!is_dev("SMSSERVER"))) {
  require_once("include/core_menu.php");
  require_once("include/form_elements.php");
  require_once("include/document.php");
  require_once("include/report.php");
}

if (is_dev("APP")) {
  // Check for release candidate?
  if ((!CHECK_RC) || (!isset($_SESSION[$_PAGE_INFO['id']]['logged_on']))) {
    // Go to release page
    include("app/index.php");
  }
  else {
    // Use release candidate/release?
    $cust = db_fetch_customer($_SESSION[$_PAGE_INFO['id']]['login']['customer']['id'], 1);
    $user = db_fetch_user($_SESSION[$_PAGE_INFO['id']]['login']['user']['id'],"",1);

    $release                                    = "";
    $_SESSION[$_PAGE_INFO['id']]['release_dir'] = "";
    if ((!is_null($cust['mtinfo_versie'])) || (!is_null($user['mtinfo_versie']))) {
      // User overrules company
      if ((!is_null($user['mtinfo_versie'])) && ($user['mtinfo_version'] != "release")) {
        $release                                    = $_RELEASE['rc']['dir'];
        $release                                   .= $user['mtinfo_versie'] . "/";
        $_SESSION[$_PAGE_INFO['id']]['release_dir'] = $user['mtinfo_versie'];
      }
      else if ((!is_null($user['mtinfo_versie'])) && ($user['mtinfo_version'] == "release")) {
        // Do nothing
      }
      else if (!is_null($cust['mtinfo_versie'])) {
        $release                                    = $_RELEASE['rc']['dir'];
        $release                                   .= $cust['mtinfo_versie'] . "/";
        $_SESSION[$_PAGE_INFO['id']]['release_dir'] = $cust['mtinfo_versie'];
      }
    }

    // Does this release exists?
    if (((!is_dir($release)) || (!strlen($release))) && (is_ReleaseCandidate())) {
      // Redirect back to the release!
      header("Location: " . $_RELEASE['release']['url'] . "?" . $_SERVER['QUERY_STRING']);
      exit;
    }
    else if ((strlen($release)) && (is_dir($release)) && ((!is_ReleaseCandidate()) || ((stristr($_SERVER['SCRIPT_FILENAME'], $_RELEASE['rc']['dir'] . $_SESSION[$_PAGE_INFO['id']]['release_dir']) === FALSE)))) {
      // Redirect to release candidate
      header("Location: " . $_RELEASE['rc']['url'] . $_SESSION[$_PAGE_INFO['id']]['release_dir'] . "/?" . $_SERVER['QUERY_STRING']);
      exit;
    }
    else {
      // Go to release page
      include("app/index.php");
    }
  }
}
else if (($_PAGE_INFO['browser'] != "IE") || (browser_version() > 6)) {
  // Store current action when set
  if (isset($_GET['action'])) {
    // action               - the current action for this page, possibly with call stack (separated by colons)
    // call_action          - previous page(s) (descending in call stack order), where this page is called from
    // return_action        - previous top of the call stack; the 'recall_counter' is incremented when it the
    //                        'return_action' is set, so this page doesn't reset its form entries
    $actions = explode(":", $_GET['action']);
    $previous_call = $_SESSION[$_PAGE_INFO['id']]['call_action'];
    $_SESSION[$_PAGE_INFO['id']]['action'] = $actions[0];

    // set or clear nested actions
    $actions = array_slice($actions, 1);
    if( $actions ) {
      $_SESSION[$_PAGE_INFO['id']]['call_action']  = implode(":", $actions);
    }
    else {
      $_SESSION[$_PAGE_INFO['id']]['call_action'] = $_GET['call_action'];
    }
    $_SESSION[$_PAGE_INFO['id']]['return_action'] = $_GET['return_action'];
  }

  // Display page history
  if (LOG_HREF_HISTORY) {
    if (!is_array($_SESSION[$_PAGE_INFO['id']]['history_href'])) {
      // Clear buffer and counter
      $_SESSION[$_PAGE_INFO['id']]['history_href']         = array();
      $_SESSION[$_PAGE_INFO['id']]['history_href_counter'] = 0;
    }

    // Store history
    $_SESSION[$_PAGE_INFO['id']]['history_href'][$_SESSION[$_PAGE_INFO['id']]['history_href_counter']] = array(href => $_GET['href'], action => $_GET['action'], time => date("Y-m-d H:i:s"), url => $_SERVER['REQUEST_URI']);

    // Circulair buffer (25 items)
    $_SESSION[$_PAGE_INFO['id']]['history_href_counter'] = ($_SESSION[$_PAGE_INFO['id']]['history_href_counter'] >= 24) ? 0 : $_SESSION[$_PAGE_INFO['id']]['history_href_counter'] + 1;
  }

  // Handle action?
  if ((isset($_GET['href'])) && (action($_GET['href']))) {
    // Check for local files => No links!!!
    if (CheckDirectory(array($_SESSION[$_PAGE_INFO['id']]['base_path']. "scripts/action"),
                       page_path($_GET['href']))
    ) {
      /*
       * Security checks: check for CSRF (cross-site request forgery)
       */
      if( $_POST && !csrf_check_token() ) {
        error_log("CSRF check failed");
        unset($_POST);
      }

      // Include action script
      include(page_path($_GET['href']));
      
      if( ($recall = current_recall()) ) {
        // ieuw! yukkie en zelfs een beetje bah...
        if(
          substr($recall, 0, 12) == "follow_link="
        ) {
          $url = substr($recall, 12);
          
          // page headers are already sent out, so...
          echo "<script type=\"text/javascript\">\n";
          echo "window.open('" . $url . "','_self')\n";
          echo "</script>\n";
        }
      }
      
      // Remove wait cursor, set in the JavaScript function 'onSubmit()' (in "core.php")
      if( report_content_type() == "text/html" ) {
        echo "<script type=\"text/javascript\">document.body.style.cursor = 'default';</script>\n";
      }

	  }
    else {
      // Display error page
      if( $_PAGE_INFO['mtinfo-dev'] ) trigger_error("$_GET[href] set to \"" . $_GET['href'] . "\" but no action", E_USER_ERROR);
      include(page_path(PAGE_ERROR));
    }
  }
  else {
    // Redirect page (can be without login)
    if (isset($_GET['redirect'])) {
      // Check for local files => No links!!!
      if (CheckDirectory(array($_SESSION[$_PAGE_INFO['id']]['base_path'] . "include",
                               $_SESSION[$_PAGE_INFO['id']]['base_path'] . "scripts/page",
                               $_SESSION[$_PAGE_INFO['id']]['base_path'] . "scripts/other"),
                         realpath($_GET['redirect']))
      ) {
        $login_exception = array("scripts/page/menu_lance_market.php",
                                 "include/set_info.php");
        // Check for login
        if ((in_array($_GET['redirect'], $login_exception)) || (isset($_SESSION[$_PAGE_INFO['id']]['logged_on']))) {
          include($_GET['redirect']);
        }
        else {
          // Display error page
          if( $_PAGE_INFO['mtinfo-dev'] ) trigger_error("$_GET[redirect] set to \"" . $_GET['redirect'] . "\" but this is not allowed", E_USER_ERROR);
          include(page_path(PAGE_ERROR));
        }
      }
      else {
        // Display error page
        if( $_PAGE_INFO['mtinfo-dev'] ) trigger_error("Invalid directory: " . realpath($_GET['redirect']), E_USER_ERROR);
        include(page_path(PAGE_ERROR));
      }
    }
    // Telephone => not accessible
    else if (is_dev("TEL")) {
      // Display tel page
      include(page_path(PAGE_TEL));
    }
    // Already logged on?
    else if (!isset($_SESSION[$_PAGE_INFO['id']]['logged_on']) || ($_GET['href'] == PAGE_LOGIN)) {
      // Login on release candidate not allowed => Goto release
      if (!CHECK_RC || !is_ReleaseCandidate()) {
        // Go to login page
        if( $_PAGE_INFO['mtinfo-dev'] ) error_log("Redirect to login page: Not logged in");
        include(page_path(PAGE_LOGIN));
      }
      else {
        // Redirect back to the release!
        if( $_PAGE_INFO['mtinfo-dev'] ) error_log("Redirect to login page: Not logged in and/or not allowed to use the release candicate");
        header("Location: " . $_RELEASE['release']['url'] . "?" . $_SERVER['QUERY_STRING']);
        exit;
      }
    }
    else {
      // Check for release candidates?
      if (CHECK_RC) {
        // Use release candidate/release?
        $cust = db_fetch_customer($_SESSION[$_PAGE_INFO['id']]['login']['customer']['id'], 1);
        $user = db_fetch_user($_SESSION[$_PAGE_INFO['id']]['login']['user']['id'],"",1);

        $release                                    = "";
        $_SESSION[$_PAGE_INFO['id']]['release_dir'] = "";
        if ((!is_null($cust['mtinfo_versie'])) || (!is_null($user['mtinfo_versie']))) {

          // User overrules company
          if ((!is_null($user['mtinfo_versie'])) && ($user['mtinfo_version'] != "release")) {
            $release                                    = $_RELEASE['rc']['dir'];
            $release                                   .= $user['mtinfo_versie'] . "/";
            $_SESSION[$_PAGE_INFO['id']]['release_dir'] = $user['mtinfo_versie'];
          }
          else if ((!is_null($user['mtinfo_versie'])) && ($user['mtinfo_version'] == "release")) {
            // Do nothing
          }
          else if (!is_null($cust['mtinfo_versie'])) {
            $release                                    = $_RELEASE['rc']['dir'];
            $release                                   .= $cust['mtinfo_versie'] . "/";
            $_SESSION[$_PAGE_INFO['id']]['release_dir'] = $cust['mtinfo_versie'];
          }
        }

        // Does this release exists?
        if (((!is_dir($release)) || (!strlen($release))) && (is_ReleaseCandidate())) {
          // Redirect back to the release!
          header("Location: " . $_RELEASE['release']['url'] . "?" . $_SERVER['QUERY_STRING']);
          exit;
        }
        else if ((strlen($release)) && (is_dir($release)) && ((!is_ReleaseCandidate()) || ((stristr($_SERVER['SCRIPT_FILENAME'], $_RELEASE['rc']['dir'] . $_SESSION[$_PAGE_INFO['id']]['release_dir']) === FALSE)))) {
          // Redirect to release candidate
          header("Location: " . $_RELEASE['rc']['url'] . $_SESSION[$_PAGE_INFO['id']]['release_dir'] . "/?" . $_SERVER['QUERY_STRING']);
          exit;
        }
      }

      // Back to project when not signed in anymore or different project selected meanwhile, and default page when called without href (exception is help file)!!!
      if ((((isset($_GET['page_project'])) && (!isset($_PAGE_INFO['login']['project']['id']))) ||
          ($_GET['page_project'] != $_PAGE_INFO['login']['project']['id']) ||
          (!isset($_GET['href']))) &&
          ($_GET['href'] != "page/help")) {
        $page = PAGE_PROJECT;
      }
      else {
        $page = $_GET['href'];
      }

      // Valid file?
      if (CheckDirectory(array($_SESSION[$_PAGE_INFO['id']]['base_path'] . "include",
                               $_SESSION[$_PAGE_INFO['id']]['base_path'] . "scripts/page",
                               $_SESSION[$_PAGE_INFO['id']]['base_path'] . "scripts/other",
                               $_SESSION[$_PAGE_INFO['id']]['base_path'] . "scripts/action"),
                         page_path($page))
      ) {
        // Valid file?
        if (file_exists($_SESSION[$_PAGE_INFO['id']]['base_path'] . page_path($page))) {
          // Recall counter
          $href = get_page_href();
          if( $_SESSION[$_PAGE_INFO['id']]['href_history'] == $href ) {
            $_SESSION[$_PAGE_INFO['id']]['recall_counter']++;
          }
          else if(
            !isset($_GET['force_reload']) &&
            (
              (isset($_GET['return_action']) || in_array($_GET['action'], explode(":", $previous_call))) ||
              // back button?
              is_valid_backbutton(current_action())
            )
          ) {
            // Return from call
            $_SESSION[$_PAGE_INFO['id']]['recall_counter']++;
            // Clear old recall
            unset($_SESSION[$_PAGE_INFO['id']]['recall']);
          }
          else {
            // Reset counter
            $_SESSION[$_PAGE_INFO['id']]['recall_counter'] = 0;
            // Clear old recall
            unset($_SESSION[$_PAGE_INFO['id']]['recall']);
          }

          // include page
          include(page_path($page));
    
          if( ($recall = current_recall()) ) {
            // ieuw! yukkie en zelfs een beetje bah...
            if(
              substr($recall, 0, 12) == "follow_link="
            ) {
              $url = substr($recall, 12);
              
              // page headers are already sent out, so...
              echo "<script type=\"text/javascript\">;\n";
              echo "window.open('" . $url . "','_self')\n";
              echo "</script>\n";
            }
          }
        }
        else {
          // Give extra information
          DBG("PAGE_ERROR: " . $_SERVER['REQUEST_URI'] . ", " . $_SESSION[$_PAGE_INFO['id']]['href_history']);

          // Display error page
          if( $_PAGE_INFO['mtinfo-dev'] ) trigger_error("File does not exist: " . $_SESSION[$_PAGE_INFO['id']]['base_path'] . page_path($page), E_USER_ERROR);
          include(page_path(PAGE_ERROR));
        }
      }
      else {
        // Give extra information
        DBG("PAGE_ERROR: " . $_SERVER['REQUEST_URI'] . ", " . $_SESSION[$_PAGE_INFO['id']]['href_history']);

        // Display error page
        if( $_PAGE_INFO['mtinfo-dev'] ) trigger_error("Invalid directory: " . page_path($page), E_USER_ERROR);
        include(page_path(PAGE_ERROR));
      }
    }
  }
}
else {
  // Display error page
  include(page_path(PAGE_NOT_SUPPORTED));
}

/*
 * Store output buffer when process is handled in the background
 */
if ($background) {
  // Update/insert background process result
  $query  = "REPLACE INTO session (id, data, expiration) values('" . $_POST['background_id'] . "', ";
  $query .= "'" . addslashes(ob_get_clean()) . "',unix_timestamp(date_add(now(), interval 1 hour)))";
  db_store_data($query);
}

?>