363 lines
14 KiB
PHP
363 lines
14 KiB
PHP
<?php
|
|
/** \file html\index_st.php
|
|
* \brief ZKL webinterface main parser file (Second stage)
|
|
* \author Rob Schalken, Core|Vision
|
|
* \version 1.0
|
|
* \date 17-10-2008
|
|
*
|
|
* This file is the main parser file of the ZKL web interface. After every button/hyperlink press This
|
|
* file is called. This file checks whether it is an action or page and checks if the user has been
|
|
* logged on and if the called file exists!
|
|
*/
|
|
|
|
/*
|
|
* Required pages (1/3)
|
|
*/
|
|
require_once("include/utilities.php");
|
|
|
|
/*
|
|
* Called in the background (=CLI)?
|
|
*/
|
|
$background = ((isset($argc)) && ($argc >= 1)) ? TRUE : FALSE;
|
|
/*
|
|
* Capture output buffer when process is handled in the background
|
|
*/
|
|
if ($background) {
|
|
// Retrieve $_GET vars
|
|
if ($argc >= 1) {
|
|
$_GET = unserialize(urldecode($argv[1]));
|
|
}
|
|
|
|
// Retrieve $_POST vars
|
|
if ($argc >= 2) {
|
|
$_POST = unserialize(urldecode($argv[2]));
|
|
}
|
|
|
|
// Retrieve session id
|
|
if ($argc >= 3) {
|
|
// Session id was stored in cookie by browser, so not accessible by CLI
|
|
session_id($argv[3]);
|
|
}
|
|
|
|
// Set time time (max 10 minutes, this to prevent an never ending story)
|
|
set_time_limit(600);
|
|
|
|
// Turn on output buffering
|
|
ob_start();
|
|
}
|
|
|
|
/*
|
|
* Read only session => Otherwhise lock wait timeout can occur
|
|
* This must be called before the session.php has been include
|
|
*/
|
|
$session_ro = array("scripts/other/rtstatus_datapump.php");
|
|
if ((isset($_GET['redirect'])) && (in_array($_GET['redirect'], $session_ro))) {
|
|
$_PAGE_INFO['session_read_only'] = TRUE;
|
|
}
|
|
|
|
|
|
/*
|
|
* Required pages (2/3)
|
|
*/
|
|
require_once("include/core_xml.php");
|
|
require_once("include/core.php");
|
|
require_once("include/cp3000-tcpclient.php");
|
|
require_once("include/tcpclient.php");
|
|
|
|
// Determine device (opera mini/mobile/skyfire)
|
|
if ((isset($_SERVER['HTTP_X_SKYFIRE_VERSION'])) || (isset($_SERVER['HTTP_X_OPERAMINI_PHONE'])) ||
|
|
((browser() == "OPERA") && (strpos(strtolower($_SERVER['HTTP_USER_AGENT']),"opera mobi") !== FALSE)) ) {
|
|
$_PAGE_INFO['MTinfo_device'] = "TEL";
|
|
}
|
|
else if (stristr($_SERVER['HTTP_USER_AGENT'], "MTINFO_RS3000") !== FALSE) {
|
|
$_PAGE_INFO['MTinfo_device'] = "RS3000";
|
|
}
|
|
else if (stristr($_SERVER['HTTP_USER_AGENT'], "MTINFO_SMSSERVER") !== FALSE) {
|
|
$_PAGE_INFO['MTinfo_device'] = "SMSSERVER";
|
|
}
|
|
else if (isset($_SERVER['HTTP_USER_AGENT']) && stristr($_SERVER['HTTP_USER_AGENT'], "MTINFO_APP")){
|
|
$_PAGE_INFO['MTinfo_device'] = "APP";
|
|
}
|
|
else if (isset($_GET['desktop']) && $_GET['desktop']){
|
|
$_PAGE_INFO['MTinfo_device'] = "DESKTOP";
|
|
}
|
|
else if ((stristr($_SERVER['HTTP_USER_AGENT'], "MTINFO_APP") !== FALSE) ||
|
|
(strpos(strtolower($_SERVER['HTTP_USER_AGENT']),"msapphost") !== FALSE) ||
|
|
// Filetransfer exception => User agent cannot be overruled!
|
|
((isset($_GET['USER_AGENT'])) && (stristr($_GET['USER_AGENT'],"MTINFO_APP") !== FALSE) && (isset($_GET['href'])) && (stristr($_GET['href'], "upload_photo") !== FALSE)) ||
|
|
((isset($_GET['USER_AGENT'])) && (strpos(strtolower($_GET['USER_AGENT']),"msapphost") !== FALSE) && (isset($_GET['href'])) && (stristr($_GET['href'], "upload_photo") !== FALSE)) ||
|
|
((strpos(strtolower($_SERVER['HTTP_USER_AGENT']),"win64") !== FALSE) && (isset($_GET['href'])) && (stristr($_GET['href'], "upload_photo") !== FALSE))) {
|
|
$_PAGE_INFO['MTinfo_device'] = "APP";
|
|
|
|
}
|
|
else {
|
|
$_PAGE_INFO['MTinfo_device'] = "DESKTOP";
|
|
}
|
|
|
|
|
|
|
|
// Check is user want's to open the portal app
|
|
if (strpos($_SERVER['HTTP_HOST'],'open') !== false) {
|
|
$_PAGE_INFO['MTinfo_device'] = "APP";
|
|
$_SESSION[$_PAGE_INFO['id']]['APP_PORTAL'] = true;
|
|
}
|
|
|
|
|
|
/*
|
|
* Required pages (3/3)
|
|
*/
|
|
if ((!is_dev("RS3000")) && (!is_dev("SMSSERVER"))) {
|
|
require_once("include/form_elements.php");
|
|
require_once("include/document.php");
|
|
require_once("include/report.php");
|
|
}
|
|
|
|
if (is_dev("APP")) {
|
|
// Set flag for RS3000 App
|
|
//if(stristr($_SERVER['HTTP_USER_AGENT'],"_RS")){
|
|
$_SESSION[$_PAGE_INFO['id']]['rs'] = true;
|
|
//}
|
|
|
|
// Check for release candidate?
|
|
if ((!CHECK_RC) || (!isset($_SESSION[$_PAGE_INFO['id']]['logged_on']))) {
|
|
// Go to release page
|
|
include("app/index.php");
|
|
}
|
|
else {
|
|
// Use release candidate/release?
|
|
$cust = db_fetch_customer($_SESSION[$_PAGE_INFO['id']]['login']['customer']['id'], 1);
|
|
$user = db_fetch_user($_SESSION[$_PAGE_INFO['id']]['login']['user']['id'],"",1);
|
|
|
|
$release = "";
|
|
$_SESSION[$_PAGE_INFO['id']]['release_dir'] = "";
|
|
if ((!is_null($cust['mtinfo_versie'])) || (!is_null($user['mtinfo_versie']))) {
|
|
// User overrules company
|
|
if ((!is_null($user['mtinfo_versie'])) && ($user['mtinfo_version'] != "release")) {
|
|
$release = $_RELEASE['rc']['dir'];
|
|
$release .= $user['mtinfo_versie'] . "/";
|
|
$_SESSION[$_PAGE_INFO['id']]['release_dir'] = $user['mtinfo_versie'];
|
|
}
|
|
else if ((!is_null($user['mtinfo_versie'])) && ($user['mtinfo_version'] == "release")) {
|
|
// Do nothing
|
|
}
|
|
else if (!is_null($cust['mtinfo_versie'])) {
|
|
$release = $_RELEASE['rc']['dir'];
|
|
$release .= $cust['mtinfo_versie'] . "/";
|
|
$_SESSION[$_PAGE_INFO['id']]['release_dir'] = $cust['mtinfo_versie'];
|
|
}
|
|
}
|
|
|
|
// Does this release exists?
|
|
if (((!is_dir($release)) || (!strlen($release))) && (is_ReleaseCandidate())) {
|
|
// Redirect to open portal?
|
|
$dir = ($_SESSION[$_PAGE_INFO['id']]['APP_PORTAL']) ? str_replace("mtinfo.", "open.", $_RELEASE['release']['url']) : $_RELEASE['release']['url'];
|
|
|
|
// Redirect back to the release!
|
|
header("Location: " . $dir . "?" . $_SERVER['QUERY_STRING']);
|
|
exit;
|
|
}
|
|
else if ((strlen($release)) && (is_dir($release)) && ((!is_ReleaseCandidate()) || ((stristr($_SERVER['SCRIPT_FILENAME'], $_RELEASE['rc']['dir'] . $_SESSION[$_PAGE_INFO['id']]['release_dir']) === FALSE)))) {
|
|
// Redirect to open portal?
|
|
$dir = ($_SESSION[$_PAGE_INFO['id']]['APP_PORTAL']) ? str_replace("mtinfo.", "open.", $_RELEASE['rc']['url']) : $_RELEASE['rc']['url'];
|
|
|
|
// Redirect to release candidate
|
|
header("Location: " . $dir . $_SESSION[$_PAGE_INFO['id']]['release_dir'] . "/?" . $_SERVER['QUERY_STRING']);
|
|
exit;
|
|
}
|
|
else {
|
|
// Go to release page
|
|
include("app/index.php");
|
|
}
|
|
}
|
|
}
|
|
else if ((Browser() != "IE") || (browser_version() > 6)) {
|
|
// Store current action when set
|
|
if (isset($_GET['action'])) {
|
|
$_SESSION[$_PAGE_INFO['id']]['action'] = $_GET['action'];
|
|
}
|
|
|
|
// Display page history
|
|
if (LOG_HREF_HISTORY) {
|
|
if (!is_array($_SESSION[$_PAGE_INFO['id']]['history_href'])) {
|
|
// Clear buffer and counter
|
|
$_SESSION[$_PAGE_INFO['id']]['history_href'] = array();
|
|
$_SESSION[$_PAGE_INFO['id']]['history_href_counter'] = 0;
|
|
}
|
|
|
|
// Store history
|
|
$_SESSION[$_PAGE_INFO['id']]['history_href'][$_SESSION[$_PAGE_INFO['id']]['history_href_counter']] = array(href => $_GET['href'], action => $_GET['action'], time => date("Y-m-d H:i:s"), url => $_SERVER['REQUEST_URI']);
|
|
|
|
// Circulair buffer (25 items)
|
|
$_SESSION[$_PAGE_INFO['id']]['history_href_counter'] = ($_SESSION[$_PAGE_INFO['id']]['history_href_counter'] >= 24) ? 0 : $_SESSION[$_PAGE_INFO['id']]['history_href_counter'] + 1;
|
|
}
|
|
|
|
// Handle action?
|
|
if ((isset($_GET['href'])) && (action($_GET['href']))) {
|
|
// Check for local files => No links!!!
|
|
if (CheckDirectory(array($_SESSION[$_PAGE_INFO['id']]['base_path'] . "scripts/action"),
|
|
page_path($_GET['href']))) {
|
|
/*
|
|
* Security checks: check for CSRF (cross-site request forgery)
|
|
*/
|
|
if( $_POST && (!is_dev("RS3000")) && (!is_dev("SMSSERVER")) && !csrf_check_token() ) {
|
|
error_log("CSRF check failed");
|
|
unset($_POST);
|
|
}
|
|
|
|
// Include action script
|
|
include(page_path($_GET['href']));
|
|
}
|
|
else {
|
|
// Display error page
|
|
include(page_path(PAGE_ERROR));
|
|
}
|
|
}
|
|
else {
|
|
// Redirect page (can be without login)
|
|
if (isset($_GET['redirect'])) {
|
|
// Check for local files => No links!!!
|
|
if (CheckDirectory(array($_SESSION[$_PAGE_INFO['id']]['base_path'] . "include",
|
|
$_SESSION[$_PAGE_INFO['id']]['base_path'] . "scripts/page",
|
|
$_SESSION[$_PAGE_INFO['id']]['base_path'] . "scripts/other"),
|
|
realpath($_GET['redirect']))) {
|
|
$login_exception = array("scripts/page/menu_lance_market.php",
|
|
"include/set_info.php");
|
|
// Check for login
|
|
if ((in_array($_GET['redirect'], $login_exception)) || (isset($_SESSION[$_PAGE_INFO['id']]['logged_on']))) {
|
|
include($_GET['redirect']);
|
|
}
|
|
else {
|
|
// Display error page
|
|
include(page_path(PAGE_ERROR));
|
|
}
|
|
}
|
|
else {
|
|
// Display error page
|
|
include(page_path(PAGE_ERROR));
|
|
}
|
|
}
|
|
// Telephone => not accessible
|
|
else if (is_dev("TEL")) {
|
|
// Display tel page
|
|
include(page_path(PAGE_TEL));
|
|
}
|
|
// Already logged on?
|
|
else if (!isset($_SESSION[$_PAGE_INFO['id']]['logged_on']) || ($_GET['href'] == PAGE_LOGIN)) {
|
|
// Login on release candidate not allowed => Goto release
|
|
if (!CHECK_RC || !is_ReleaseCandidate()) {
|
|
// Go to login page
|
|
include(page_path(PAGE_LOGIN));
|
|
}
|
|
else {
|
|
// Redirect back to the release!
|
|
header("Location: " . $_RELEASE['release']['url'] . "?" . $_SERVER['QUERY_STRING']);
|
|
exit;
|
|
}
|
|
}
|
|
else {
|
|
// Check for release candidates?
|
|
if (CHECK_RC) {
|
|
// Use release candidate/release?
|
|
$cust = db_fetch_customer($_SESSION[$_PAGE_INFO['id']]['login']['customer']['id'], 1);
|
|
$user = db_fetch_user($_SESSION[$_PAGE_INFO['id']]['login']['user']['id'],"",1);
|
|
|
|
$release = "";
|
|
$_SESSION[$_PAGE_INFO['id']]['release_dir'] = "";
|
|
if ((!is_null($cust['mtinfo_versie'])) || (!is_null($user['mtinfo_versie']))) {
|
|
|
|
// User overrules company
|
|
if ((!is_null($user['mtinfo_versie'])) && ($user['mtinfo_version'] != "release")) {
|
|
$release = $_RELEASE['rc']['dir'];
|
|
$release .= $user['mtinfo_versie'] . "/";
|
|
$_SESSION[$_PAGE_INFO['id']]['release_dir'] = $user['mtinfo_versie'];
|
|
}
|
|
else if ((!is_null($user['mtinfo_versie'])) && ($user['mtinfo_version'] == "release")) {
|
|
// Do nothing
|
|
}
|
|
else if (!is_null($cust['mtinfo_versie'])) {
|
|
$release = $_RELEASE['rc']['dir'];
|
|
$release .= $cust['mtinfo_versie'] . "/";
|
|
$_SESSION[$_PAGE_INFO['id']]['release_dir'] = $cust['mtinfo_versie'];
|
|
}
|
|
}
|
|
|
|
// Does this release exists?
|
|
if (((!is_dir($release)) || (!strlen($release))) && (is_ReleaseCandidate())) {
|
|
// Redirect back to the release!
|
|
header("Location: " . $_RELEASE['release']['url'] . "?" . $_SERVER['QUERY_STRING']);
|
|
exit;
|
|
}
|
|
else if ((strlen($release)) && (is_dir($release)) && ((!is_ReleaseCandidate()) || ((stristr($_SERVER['SCRIPT_FILENAME'], $_RELEASE['rc']['dir'] . $_SESSION[$_PAGE_INFO['id']]['release_dir']) === FALSE)))) {
|
|
// Redirect to release candidate
|
|
header("Location: " . $_RELEASE['rc']['url'] . $_SESSION[$_PAGE_INFO['id']]['release_dir'] . "/?" . $_SERVER['QUERY_STRING']);
|
|
exit;
|
|
}
|
|
}
|
|
|
|
// Back to project when not signed in anymore or different project selected meanwhile, and default page when called without href (exception is help file)!!!
|
|
if ((((isset($_GET['page_project'])) && (!isset($_PAGE_INFO['login']['project']['id']))) ||
|
|
($_GET['page_project'] != $_PAGE_INFO['login']['project']['id']) ||
|
|
(!isset($_GET['href']))) &&
|
|
($_GET['href'] != "page/help")) {
|
|
$page = PAGE_PROJECT;
|
|
}
|
|
else {
|
|
$page = $_GET['href'];
|
|
}
|
|
|
|
// Valid file?
|
|
if (CheckDirectory(array($_SESSION[$_PAGE_INFO['id']]['base_path'] . "include",
|
|
$_SESSION[$_PAGE_INFO['id']]['base_path'] . "scripts/page",
|
|
$_SESSION[$_PAGE_INFO['id']]['base_path'] . "scripts/other",
|
|
$_SESSION[$_PAGE_INFO['id']]['base_path'] . "scripts/action"),
|
|
page_path($page))) {
|
|
// Valid file?
|
|
if (file_exists($_SESSION[$_PAGE_INFO['id']]['base_path'] . page_path($page))) {
|
|
// Recall counter
|
|
$href = (isset($_GET['action'])) ? $_GET['href'] . "&action=" . $_GET['action'] : $_GET['href'];
|
|
$href .= (isset($_GET['page_project'])) ? "&page_project=" . $_GET['page_project'] : "";
|
|
if ($_SESSION[$_PAGE_INFO['id']]['href_history'] == $href) {
|
|
$_SESSION[$_PAGE_INFO['id']]['recall_counter']++;
|
|
}
|
|
else {
|
|
// Reset counter
|
|
$_SESSION[$_PAGE_INFO['id']]['recall_counter'] = 0;
|
|
}
|
|
|
|
// include page
|
|
include(page_path($page));
|
|
}
|
|
else {
|
|
// Give extra information
|
|
DBG("PAGE_ERROR: " . $_SERVER['REQUEST_URI'] . ", " . $_SESSION[$_PAGE_INFO['id']]['href_history']);
|
|
|
|
// Display error page
|
|
include(page_path(PAGE_ERROR));
|
|
}
|
|
}
|
|
else {
|
|
// Give extra information
|
|
DBG("PAGE_ERROR: " . $_SERVER['REQUEST_URI'] . ", " . $_SESSION[$_PAGE_INFO['id']]['href_history']);
|
|
|
|
// Display error page
|
|
include(page_path(PAGE_ERROR));
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else {
|
|
// Display error page
|
|
include(page_path(PAGE_NOT_SUPPORTED));
|
|
}
|
|
|
|
/*
|
|
* Store output buffer when process is handled in the background
|
|
*/
|
|
if ($background) {
|
|
// Update/insert background process result
|
|
$query = "REPLACE INTO session (id, data, expiration) values('" . $_POST['background_id'] . "', ";
|
|
$query .= "'" . addslashes(ob_get_clean()) . "',unix_timestamp(date_add(now(), interval 1 hour)))";
|
|
db_store_data($query);
|
|
}
|
|
?>
|