"; echo "Fatal Error. You haven't created a config file yet.
Click Here To Start Installation and Create One! (forwarded in 5 sec.)"; exit(); } if (! isset($GLOBALS['OS_WIN'])) $GLOBALS['OS_WIN'] = (stristr(PHP_OS, "WIN") !== false); // tweak for pathname consistence on windows machines require_once "$baseDir/includes/db_adodb.php"; require_once "$baseDir/includes/db_connect.php"; require_once "$baseDir/includes/main_functions.php"; require_once "$baseDir/classes/ui.class.php"; require_once "$baseDir/classes/permissions.class.php"; require_once "$baseDir/includes/session.php"; require_once "$baseDir/functions/project_state.php"; // don't output anything. Usefull for fileviewer.php, gantt.php, etc. $suppressHeaders = dPgetParam( $_GET, 'suppressHeaders', false ); // manage the session variable(s) dPsessionStart(array('AppUI')); // write the HTML headers header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header ("Cache-Control: no-cache, must-revalidate, no-store, post-check=0, pre-check=0"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0 // check if session has previously been initialised if (!isset( $_SESSION['AppUI'] ) || isset($_GET['logout'])) { if (isset($_GET['logout']) && isset($_SESSION['AppUI']->user_id)) { $AppUI =& $_SESSION['AppUI']; $old_user_id = $AppUI->user_id; addHistory('login', $AppUI->user_id, 'logout', $AppUI->user_first_name . ' ' . $AppUI->user_last_name); } $_SESSION['AppUI'] = new CAppUI; } $AppUI =& $_SESSION['AppUI']; $last_insert_id =$AppUI->last_insert_id; $AppUI->checkStyle(); // load the commonly used classes require_once( $AppUI->getSystemClass( 'date' ) ); require_once( $AppUI->getSystemClass( 'dp' ) ); require_once( $AppUI->getSystemClass( 'query' ) ); require_once "$baseDir/misc/debug.php"; //Function for update lost action in user_access_log $AppUI->updateLastAction($last_insert_id); // load default preferences if not logged in if ($AppUI->doLogin()) { $AppUI->loadPrefs( 0 ); } // check is the user needs a new password if (dPgetParam( $_POST, 'lostpass', 0 )) { $uistyle = $dPconfig['host_style']; $AppUI->setUserLocale(); @include_once "$baseDir/locales/$AppUI->user_locale/locales.php"; @include_once "$baseDir/locales/core.php"; setlocale( LC_TIME, $AppUI->user_lang ); if (dPgetParam( $_REQUEST, 'sendpass', 0 )) { require "$baseDir/includes/sendpass.php"; sendNewPass(); } else { require "$baseDir/style/$uistyle/lostpass.php"; } exit(); } // check if the user is trying to log in // Note the change to REQUEST instead of POST. This is so that we can // support alternative authentication methods such as the PostNuke // and HTTP auth methods now supported. $just_logged_in = false; if (isset($_REQUEST['login'])) { $username = dPgetParam( $_POST, 'username', '' ); $password = dPgetParam( $_POST, 'password', '' ); $redirect = dPgetParam( $_REQUEST, 'redirect', '' ); $AppUI->setUserLocale(); @include_once( "$baseDir/locales/$AppUI->user_locale/locales.php" ); @include_once "$baseDir/locales/core.php"; $ok = $AppUI->login( $username, $password ); if (!$ok) { $AppUI->setMsg( 'Login Failed'); } else { //Register login in user_acces_log $AppUI->registerLogin(); $just_logged_in = true; } addHistory('login', $AppUI->user_id, 'login', $AppUI->user_first_name . ' ' . $AppUI->user_last_name); } //Function register logout in user_acces_log if ((isset($old_user_id) && (isset($_GET['logout'])) || $just_logged_in)) { $user = !$AppUI->doLogin() ? $AppUI->user_id : $old_user_id; include_once $AppUI->getModuleClass('report'); include_once $AppUI->getModuleFile('report', 'generatePDF'); purgeUserPDFs($user); CReport::deleteUserReports($user); if (!$just_logged_in) $AppUI->registerLogout($user); } if ($just_logged_in) $AppUI->redirect("$redirect"); // supported since PHP 4.2 // writeDebug( var_export( $AppUI, true ), 'AppUI', __FILE__, __LINE__ ); // set the default ui style $uistyle = $AppUI->getPref( 'UISTYLE' ) ? $AppUI->getPref( 'UISTYLE' ) : $dPconfig['host_style']; // clear out main url parameters $m = ''; $a = ''; $u = ''; // check if we are logged in if ($AppUI->doLogin()) { // load basic locale settings $AppUI->setUserLocale(); @include_once( "./locales/$AppUI->user_locale/locales.php" ); @include_once( "./locales/core.php" ); setlocale( LC_TIME, $AppUI->user_lang ); $redirect = @$_SERVER['QUERY_STRING']; if (strpos( $redirect, 'logout' ) !== false) { $redirect = ''; } if (isset( $locale_char_set )) { header("Content-type: text/html;charset=$locale_char_set"); } require "$baseDir/style/$uistyle/login.php"; // destroy the current session and output login page session_unset(); session_destroy(); exit; } $AppUI->setUserLocale(); // bring in the rest of the support and localisation files require_once "$baseDir/includes/permissions.php"; $def_a = 'index'; if (! isset($_GET['m']) && !empty($dPconfig['default_view_m'])) { $m = $dPconfig['default_view_m']; $def_a = !empty($dPconfig['default_view_a']) ? $dPconfig['default_view_a'] : $def_a; $tab = $dPconfig['default_view_tab']; } else { // set the module from the url $m = $AppUI->checkFileName(dPgetParam( $_GET, 'm', getReadableModule() )); } // set the action from the url $a = $AppUI->checkFileName(dPgetParam( $_GET, 'a', $def_a)); /* This check for $u implies that a file located in a subdirectory of higher depth than 1 * in relation to the module base can't be executed. So it would'nt be possible to * run for example the file module/directory1/directory2/file.php * Also it won't be possible to run modules/module/abc.zyz.class.php for that dots are * not allowed in the request parameters. */ $u = $AppUI->checkFileName(dPgetParam( $_GET, 'u', '' )); // load module based locale settings @include_once "$baseDir/locales/$AppUI->user_locale/locales.php"; @include_once "$baseDir/locales/core.php"; setlocale( LC_TIME, $AppUI->user_lang ); $m_config = dPgetConfig($m); @include_once "$baseDir/functions/" . $m . "_func.php"; // TODO: canRead/Edit assignements should be moved into each file // check overall module permissions // these can be further modified by the included action files $perms =& $AppUI->acl(); //Leggere i gruppi per far si che le modifiche delle capabilities siano efficaci // nel momento in cui si eseguono e non al successivo login. $AppUI->loadGroups(); $canAccess = 0; $canRead = 0; $canEdit = 0; $canAuthor = 0; $canDelete = 0; foreach ($AppUI->user_groups as $g => $sc) { if (!$canAccess) $canAccess = $perms->checkModule($m, 'access','',$sc,1); if (!$canRead) $canRead = $perms->checkModule($m, 'view','',$sc,1); if (!$canEdit) $canEdit = $perms->checkModule($m, 'edit','',$sc,1); if (!$canAuthor) $canAuthor = $perms->checkModule($m, 'add','',$sc,1); if (!$canDelete) $canDelete = $perms->checkModule($m, 'delete','',$sc,1); if ($canAccess && $canRead && $canEdit && $canAuthor && $canDelete) break; } if ( !$suppressHeaders ) { // output the character set header if (isset( $locale_char_set )) { header("Content-type: text/html;charset=$locale_char_set"); } } /* * * TODO: Permissions should be handled by each file. * Denying access from index.php still doesn't asure * someone won't access directly skipping this security check. * // bounce the user if they don't have at least read access if (!( // however, some modules are accessible by anyone $m == 'public' || ($m == 'admin' && $a == 'viewuser') )) { if (!$canRead) { $AppUI->redirect( "m=public&a=access_denied" ); } } */ // include the module class file - we use file_exists instead of @ so // that any parse errors in the file are reported, rather than errors // further down the track. $modclass = $AppUI->getModuleClass($m); if (file_exists($modclass)) include_once( $modclass ); if ($u && file_exists("$baseDir/modules/$m/$u/$u.class.php")) include_once "$baseDir/modules/$m/$u/$u.class.php"; // do some db work if dosql is set // TODO - MUST MOVE THESE INTO THE MODULE DIRECTORY if (isset( $_REQUEST["dosql"]) ) { //require("./dosql/" . $_REQUEST["dosql"] . ".php"); require "$baseDir/modules/$m/" . ($u ? "$u/" : "") . $AppUI->checkFileName($_REQUEST["dosql"]) . ".php"; } // start output proper include "$baseDir/style/$uistyle/overrides.php"; ob_start(); if(!$suppressHeaders) { require "$baseDir/style/$uistyle/header.php"; } if (! isset($_SESSION['all_tabs'][$m]) ) { // For some reason on some systems if you don't set this up // first you get recursive pointers to the all_tabs array, creating // phantom tabs. if (! isset($_SESSION['all_tabs'])) $_SESSION['all_tabs'] = array(); $_SESSION['all_tabs'][$m] = array(); $all_tabs =& $_SESSION['all_tabs'][$m]; foreach ($AppUI->getActiveModules() as $dir => $module) { if (! $perms->checkModule($dir, 'access'))//DA MODIFICARE CON I GRUPPI continue; $modules_tabs = $AppUI->readFiles("$baseDir/modules/$dir/", '^' . $m . '_tab.*\.php'); foreach($modules_tabs as $tab) { // Get the name as the subextension // cut the module_tab. and the .php parts of the filename // (begining and end) $nameparts = explode('.', $tab); $filename = substr($tab, 0, -4); if (count($nameparts) > 3) { $file = $nameparts[1]; if (! isset($all_tabs[$file])) $all_tabs[$file] = array(); $arr =& $all_tabs[$file]; $name = $nameparts[2]; } else { $arr =& $all_tabs; $name = $nameparts[1]; } $arr[] = array( 'name' => ucfirst(str_replace('_', ' ', $name)), 'file' => $baseDir . '/modules/' . $dir . '/' . $filename, 'module' => $dir); } } } else { $all_tabs =& $_SESSION['all_tabs'][$m]; } $module_file = "$baseDir/modules/$m/" . ($u ? "$u/" : "") . "$a.php";//echo $module_file; if (file_exists($module_file)) require $module_file; else { // TODO: make this part of the public module? // TODO: internationalise the string. $titleBlock = new CTitleBlock('Warning', 'log-error.gif'); $titleBlock->show(); //echo $module_file; echo $AppUI->_("Missing file. Possible Module \"$m\" missing!"); } if(!$suppressHeaders) { require "$baseDir/style/$uistyle/footer.php"; } ob_end_flush(); ?>