. */ use PDOException; use Zend_Controller_Request_Http; use Zend_Session; use Zend_Session_Namespace; /** * This is the bootstrap script, that is run on every request. */ // WT_SCRIPT_NAME is defined in each script that the user is permitted to load. if (!defined('WT_SCRIPT_NAME')) { http_response_code(403); return; } /** * We set the following globals * * @global boolean $SEARCH_SPIDER * @global Zend_Controller_Request_Http $WT_REQUEST * @global Zend_Session $WT_SESSION * @global Tree $WT_TREE */ global $WT_REQUEST, $WT_SESSION, $WT_TREE, $SEARCH_SPIDER; // Identify ourself define('WT_WEBTREES', 'webtrees'); define('WT_VERSION', '1.7.0-dev'); // External URLs define('WT_WEBTREES_URL', 'http://www.webtrees.net/'); define('WT_WEBTREES_WIKI', 'http://wiki.webtrees.net/'); // Resources have version numbers in the URL, so that they can be cached indefinitely. define('WT_STATIC_URL', getenv('STATIC_URL')); // We could set this to load our own static resources from a cookie-free domain. if (getenv('USE_CDN')) { // Caution, using a CDN will break support for responsive features in IE8, as respond.js // needs to be on the same domain as all the CSS files. define('WT_BOOTSTRAP_CSS_URL', '//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.2/css/bootstrap.min.css'); define('WT_BOOTSTRAP_DATETIMEPICKER_CSS_URL', '//cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.0.0/js/bootstrap-datetimepicker.min.css'); define('WT_BOOTSTRAP_DATETIMEPICKER_JS_URL', '//cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.0.0/css/bootstrap-datetimepicker.js'); define('WT_BOOTSTRAP_JS_URL', '//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.2/js/bootstrap.min.js'); define('WT_BOOTSTRAP_RTL_CSS_URL', '//cdn.rawgit.com/morteza/bootstrap-rtl/master/dist/cdnjs/3.3.1/css/bootstrap-rtl.min.css'); // Cloudflare is out of date define('WT_DATATABLES_BOOTSTRAP_CSS_URL', '//cdn.datatables.net/plug-ins/3cfcc339e89/integration/bootstrap/3/dataTables.bootstrap.css'); define('WT_DATATABLES_BOOTSTRAP_JS_URL', '//cdn.datatables.net/plug-ins/3cfcc339e89/integration/bootstrap/3/dataTables.bootstrap.js'); define('WT_FONT_AWESOME_CSS_URL', '//cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/font-awesome.min.css'); define('WT_JQUERYUI_JS_URL', '//cdnjs.cloudflare.com/ajax/libs/jqueryui/1.11.2/jquery-ui.min.js'); define('WT_JQUERY_COOKIE_JS_URL', '//cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js'); define('WT_JQUERY_DATATABLES_JS_URL', '//cdnjs.cloudflare.com/ajax/libs/datatables/1.10.4/js/jquery.dataTables.min.js'); define('WT_JQUERY_JS_URL', '//cdnjs.cloudflare.com/ajax/libs/jquery/1.11.2/jquery.min.js'); define('WT_MODERNIZR_JS_URL', '//cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js'); define('WT_MOMENT_JS_URL', '//cdnjs.cloudflare.com/ajax/libs/moment.js/2.9.0/moment-with-locales.min.js'); define('WT_RESPOND_JS_URL', '//cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.min.js'); } else { define('WT_BOOTSTRAP_CSS_URL', WT_STATIC_URL . 'packages/bootstrap-3.3.2/css/bootstrap.min.css'); define('WT_BOOTSTRAP_DATETIMEPICKER_CSS_URL', WT_STATIC_URL . 'packages/bootstrap-datetimepicker-4.0.0/bootstrap-datetimepicker.min.css'); define('WT_BOOTSTRAP_DATETIMEPICKER_JS_URL', WT_STATIC_URL . 'packages/bootstrap-datetimepicker-4.0.0/bootstrap-datetimepicker.min.js'); define('WT_BOOTSTRAP_JS_URL', WT_STATIC_URL . 'packages/bootstrap-3.3.2/js/bootstrap.min.js'); define('WT_BOOTSTRAP_RTL_CSS_URL', WT_STATIC_URL . 'packages/bootstrap-rtl-3.3.1/css/bootstrap-rtl.min.css'); define('WT_DATATABLES_BOOTSTRAP_CSS_URL', WT_STATIC_URL . 'packages/datatables-1.10.4/plugins/dataTables.bootstrap.css'); define('WT_DATATABLES_BOOTSTRAP_JS_URL', WT_STATIC_URL . 'packages/datatables-1.10.4/plugins/dataTables.bootstrap.js'); define('WT_FONT_AWESOME_CSS_URL', WT_STATIC_URL . 'packages/font-awesome-4.3.0/css/font-awesome.min.css'); define('WT_JQUERYUI_JS_URL', WT_STATIC_URL . 'packages/jquery-ui-1.11.2/js/jquery-ui.min.js'); define('WT_JQUERY_COOKIE_JS_URL', WT_STATIC_URL . 'packages/jquery-cookie-1.4.1/jquery.cookie.js'); define('WT_JQUERY_DATATABLES_JS_URL', WT_STATIC_URL . 'packages/datatables-1.10.4/js/jquery.dataTables.min.js'); define('WT_JQUERY_JS_URL', WT_STATIC_URL . 'packages/jquery-1.11.2/jquery.min.js'); define('WT_MODERNIZR_JS_URL', WT_STATIC_URL . 'packages/modernizr-2.8.3/modernizr.min.js'); define('WT_MOMENT_JS_URL', WT_STATIC_URL . 'packages/moment-2.9.0/moment-with-locales.min.js'); define('WT_RESPOND_JS_URL', WT_STATIC_URL . 'packages/respond-1.4.2/respond.min.js'); } // We can't load these from a CDN, as these have been patched. define('WT_JQUERY_COLORBOX_URL', WT_STATIC_URL . 'assets/js-1.7.0/jquery.colorbox-1.5.14.js'); define('WT_JQUERY_WHEELZOOM_URL', WT_STATIC_URL . 'assets/js-1.7.0/jquery.wheelzoom-2.0.0.js'); define('WT_CKEDITOR_BASE_URL', WT_STATIC_URL . 'packages/ckeditor-4.4.7-custom/'); // Location of our own scripts define('WT_ADMIN_JS_URL', WT_STATIC_URL . 'assets/js-1.7.0/admin.js'); define('WT_AUTOCOMPLETE_JS_URL', WT_STATIC_URL . 'assets/js-1.7.0/autocomplete.js'); define('WT_WEBTREES_JS_URL', WT_STATIC_URL . 'assets/js-1.7.0/webtrees.js'); // Location of our modules and themes. These are used as URLs and folder paths. define('WT_MODULES_DIR', 'modules_v3/'); // Update setup.php and build/Makefile when this changes define('WT_THEMES_DIR', 'themes/'); // Enable debugging output on development builds define('WT_DEBUG', strpos(WT_VERSION, 'dev') !== false); define('WT_DEBUG_SQL', false); // Required version of database tables/columns/indexes/etc. define('WT_SCHEMA_VERSION', 29); // Regular expressions for validating user input, etc. define('WT_MINIMUM_PASSWORD_LENGTH', 6); define('WT_REGEX_XREF', '[A-Za-z0-9:_-]+'); define('WT_REGEX_TAG', '[_A-Z][_A-Z0-9]*'); define('WT_REGEX_INTEGER', '-?\d+'); define('WT_REGEX_BYTES', '[0-9]+[bBkKmMgG]?'); define('WT_REGEX_IPV4', '\d{1,3}(\.\d{1,3}){3}'); define('WT_REGEX_USERNAME', '[^<>"%{};]+'); define('WT_REGEX_PASSWORD', '.{' . WT_MINIMUM_PASSWORD_LENGTH . ',}'); // UTF8 representation of various characters define('WT_UTF8_BOM', "\xEF\xBB\xBF"); // U+FEFF (Byte order mark) define('WT_UTF8_LRM', "\xE2\x80\x8E"); // U+200E (Left to Right mark: zero-width character with LTR directionality) define('WT_UTF8_RLM', "\xE2\x80\x8F"); // U+200F (Right to Left mark: zero-width character with RTL directionality) define('WT_UTF8_LRO', "\xE2\x80\xAD"); // U+202D (Left to Right override: force everything following to LTR mode) define('WT_UTF8_RLO', "\xE2\x80\xAE"); // U+202E (Right to Left override: force everything following to RTL mode) define('WT_UTF8_LRE', "\xE2\x80\xAA"); // U+202A (Left to Right embedding: treat everything following as LTR text) define('WT_UTF8_RLE', "\xE2\x80\xAB"); // U+202B (Right to Left embedding: treat everything following as RTL text) define('WT_UTF8_PDF', "\xE2\x80\xAC"); // U+202C (Pop directional formatting: restore state prior to last LRO, RLO, LRE, RLE) // Alternatives to BMD events for lists, charts, etc. define('WT_EVENTS_BIRT', 'BIRT|CHR|BAPM|_BRTM|ADOP'); define('WT_EVENTS_DEAT', 'DEAT|BURI|CREM'); define('WT_EVENTS_MARR', 'MARR|_NMR'); define('WT_EVENTS_DIV', 'DIV|ANUL|_SEPR'); // Use these line endings when writing files on the server define('WT_EOL', "\r\n"); // Gedcom specification/definitions define('WT_GEDCOM_LINE_LENGTH', 255 - strlen(WT_EOL)); // Characters, not bytes // Used in Google charts define('WT_GOOGLE_CHART_ENCODING', 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-.'); // Privacy constants define('WT_PRIV_PUBLIC', 2); // Allows visitors to view the marked information define('WT_PRIV_USER', 1); // Allows members to access the marked information define('WT_PRIV_NONE', 0); // Allows managers to access the marked information define('WT_PRIV_HIDE', -1); // Hide the item to all users // For performance, it is quicker to refer to files using absolute paths define('WT_ROOT', realpath(dirname(__DIR__)) . DIRECTORY_SEPARATOR); // Keep track of time statistics, for the summary in the footer define('WT_START_TIME', microtime(true)); // We want to know about all PHP errors during development, and fewer in production. if (WT_DEBUG) { error_reporting(E_ALL | E_STRICT | E_NOTICE | E_DEPRECATED); } else { error_reporting(E_ALL); } // We use some PHP5.5 features, but need to run on older servers if (version_compare(PHP_VERSION, '5.4', '<')) { require WT_ROOT . 'includes/php_53_compatibility.php'; } require WT_ROOT . 'vendor/autoload.php'; // PHP requires a time zone to be set date_default_timezone_set(date_default_timezone_get()); // Use the patchwork/utf8 library to: // 1) set all PHP defaults to UTF-8 // 2) create shims for missing mb_string functions such as mb_strlen() // 3) check that requests are valid UTF-8 \Patchwork\Utf8\Bootup::initAll(); // Enables the portablity layer and configures PHP for UTF-8 \Patchwork\Utf8\Bootup::filterRequestUri(); // Redirects to an UTF-8 encoded URL if it's not already the case \Patchwork\Utf8\Bootup::filterRequestInputs(); // Normalizes HTTP inputs to UTF-8 NFC // Use the fisharebest/ext-calendar library to // 1) provide shims for the PHP ext/calendar extension, such as JewishToJD() // 2) provide calendar conversions for the Arabic and Persian calendars \Fisharebest\ExtCalendar\Shim::create(); // Calculate the base URL, so we can generate absolute URLs. $protocol = Filter::server('HTTP_X_FORWARDED_PROTO', 'https?', Filter::server('HTTPS', null, 'off') === 'off' ? 'http' : 'https'); // For CLI scripts, use localhost. $host = Filter::server('SERVER_NAME', null, 'localhost'); $port = Filter::server('HTTP_X_FORWARDED_PORT', '80|443', Filter::server('SERVER_PORT', null, '80')); // Ignore the default port. if ($protocol === 'http' && $port === '80' || $protocol === 'https' && $port === '443') { $port = ''; } else { $port = ':' . $port; } // REDIRECT_URL should be set when Apache is following a RedirectRule // PHP_SELF may have trailing path: /path/to/script.php/FOO/BAR $path = Filter::server('REDIRECT_URL', null, Filter::server('PHP_SELF')); $path = substr($path, 0, stripos($path, WT_SCRIPT_NAME)); define('WT_BASE_URL', $protocol . '://' . $host . $port . $path); // Convert PHP errors into exceptions set_error_handler(function($errno, $errstr, $errfile, $errline) { if (error_reporting() & $errno) { throw new \ErrorException($errstr, 0, $errno, $errfile, $errline); } else { return false; } }); set_exception_handler(function(\Exception $ex) { $long_message = ''; $short_message = ''; foreach ($ex->getTrace() as $level => $frame) { $frame += array('args' => array(), 'file' => 'unknown', 'line' => 'unknown'); array_walk($frame['args'], function(&$arg) { switch (gettype($arg)) { case 'boolean': case 'integer': case 'double': case 'null': $arg = var_export($arg, true); break; case 'string': if (mb_strlen($arg) > 30) { $arg = substr($arg, 0, 30) . '…'; } $arg = var_export($arg, true); break; case 'object': $reflection = new \ReflectionClass($arg); if (is_object($arg) && method_exists($arg, '__toString')) { $arg = '[' . $reflection->getShortName() . ' ' . (string) $arg . ']'; } else { $arg = '[' . $reflection->getShortName() . ']'; } break; default: $arg = '[' . gettype($arg) . ']'; break; } }); $frame['file'] = str_replace(dirname(__DIR__), '', $frame['file']); $long_message .= '#' . $level . ' ' . $frame['file'] . ':' . $frame['line'] . ' '; $short_message .= '#' . $level . ' ' . $frame['file'] . ':' . $frame['line'] . ' '; if ($level) { $long_message .= $frame['function'] . '(' . implode(', ', $frame['args']) . ')' . PHP_EOL; $short_message .= $frame['function'] . "()
"; } else { $long_message .= get_class($ex) . '("' . $ex->getMessage() . '")' . PHP_EOL; $short_message .= get_class($ex) . '("' . $ex->getMessage() . '")
'; } } if (WT_DEBUG) { echo $long_message; } else { echo $short_message; } Log::addErrorLog($long_message); }); // Load our configuration file, so we can connect to the database if (file_exists(WT_ROOT . 'data/config.ini.php')) { $dbconfig = parse_ini_file(WT_ROOT . 'data/config.ini.php'); // Invalid/unreadable config file? if (!is_array($dbconfig)) { header('Location: ' . WT_BASE_URL . 'site-unavailable.php'); exit; } // Down for maintenance? if (file_exists(WT_ROOT . 'data/offline.txt')) { header('Location: ' . WT_BASE_URL . 'site-offline.php'); exit; } } else { // No config file. Set one up. header('Location: ' . WT_BASE_URL . 'setup.php'); exit; } $WT_REQUEST = new Zend_Controller_Request_Http; // Connect to the database try { Database::createInstance($dbconfig['dbhost'], $dbconfig['dbport'], $dbconfig['dbname'], $dbconfig['dbuser'], $dbconfig['dbpass']); define('WT_TBLPREFIX', $dbconfig['tblpfx']); unset($dbconfig); // Some of the FAMILY JOIN HUSBAND JOIN WIFE queries can excede the MAX_JOIN_SIZE setting Database::exec("SET NAMES 'utf8' COLLATE 'utf8_unicode_ci', SQL_BIG_SELECTS=1"); Database::updateSchema(WT_ROOT . 'includes/db_schema/', 'WT_SCHEMA_VERSION', WT_SCHEMA_VERSION); } catch (PDOException $ex) { FlashMessages::addMessage($ex->getMessage(), 'danger'); header('Location: ' . WT_BASE_URL . 'site-unavailable.php'); throw $ex; } // The config.ini.php file must always be in a fixed location. // Other user files can be stored elsewhere... define('WT_DATA_DIR', realpath(Site::getPreference('INDEX_DIRECTORY') ? Site::getPreference('INDEX_DIRECTORY') : 'data') . DIRECTORY_SEPARATOR); // If we have a preferred URL (e.g. www.example.com instead of www.isp.com/~example), then redirect to it. $SERVER_URL = Site::getPreference('SERVER_URL'); if ($SERVER_URL && $SERVER_URL != WT_BASE_URL) { header('Location: ' . $SERVER_URL . WT_SCRIPT_NAME . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : ''), true, 301); exit; } // Request more resources - if we can/want to if (!ini_get('safe_mode')) { $memory_limit = Site::getPreference('MEMORY_LIMIT'); if ($memory_limit && strpos(ini_get('disable_functions'), 'ini_set') === false) { ini_set('memory_limit', $memory_limit); } $max_execution_time = Site::getPreference('MAX_EXECUTION_TIME'); if ($max_execution_time && strpos(ini_get('disable_functions'), 'set_time_limit') === false) { set_time_limit($max_execution_time); } } $rule = Database::prepare( "SELECT SQL_CACHE rule FROM `##site_access_rule`" . " WHERE IFNULL(INET_ATON(?), 0) BETWEEN ip_address_start AND ip_address_end" . " AND ? LIKE user_agent_pattern" . " ORDER BY ip_address_end LIMIT 1" )->execute(array($WT_REQUEST->getClientIp(), Filter::server('HTTP_USER_AGENT')))->fetchOne(); switch ($rule) { case 'allow': $SEARCH_SPIDER = false; break; case 'deny': http_response_code(403); exit; case 'robot': case 'unknown': // Search engines don’t send cookies, and so create a new session with every visit. // Make sure they always use the same one Zend_Session::setId('search-engine-' . str_replace('.', '-', $WT_REQUEST->getClientIp())); $SEARCH_SPIDER = true; break; case '': Database::prepare( "INSERT INTO `##site_access_rule` (ip_address_start, ip_address_end, user_agent_pattern, comment) VALUES (IFNULL(INET_ATON(?), 0), IFNULL(INET_ATON(?), 4294967295), ?, '')" )->execute(array($WT_REQUEST->getClientIp(), $WT_REQUEST->getClientIp(), Filter::server('HTTP_USER_AGENT', null, ''))); $SEARCH_SPIDER = true; break; } // Store our session data in the database. session_set_save_handler( // open function() { return true; }, // close function() { return true; }, // read function($id) { return Database::prepare("SELECT session_data FROM `##session` WHERE session_id=?")->execute(array($id))->fetchOne(); }, // write function($id, $data) use ($WT_REQUEST) { // Only update the session table once per minute, unless the session data has actually changed. Database::prepare( "INSERT INTO `##session` (session_id, user_id, ip_address, session_data, session_time)" . " VALUES (?, ?, ?, ?, CURRENT_TIMESTAMP - SECOND(CURRENT_TIMESTAMP))" . " ON DUPLICATE KEY UPDATE" . " user_id = VALUES(user_id)," . " ip_address = VALUES(ip_address)," . " session_data = VALUES(session_data)," . " session_time = CURRENT_TIMESTAMP - SECOND(CURRENT_TIMESTAMP)" )->execute(array($id, (int) Auth::id(), $WT_REQUEST->getClientIp(), $data)); return true; }, // destroy function($id) { Database::prepare("DELETE FROM `##session` WHERE session_id=?")->execute(array($id)); return true; }, // gc function($maxlifetime) { Database::prepare("DELETE FROM `##session` WHERE session_time < DATE_SUB(NOW(), INTERVAL ? SECOND)")->execute(array($maxlifetime)); return true; } ); // Use the Zend_Session object to start the session. // This allows all the other Zend Framework components to integrate with the session define('WT_SESSION_NAME', 'WT_SESSION'); $cfg = array( 'name' => WT_SESSION_NAME, 'cookie_lifetime' => 0, 'gc_maxlifetime' => Site::getPreference('SESSION_TIME'), 'gc_probability' => 1, 'gc_divisor' => 100, 'cookie_path' => parse_url(WT_BASE_URL, PHP_URL_PATH), 'cookie_httponly' => true, ); Zend_Session::start($cfg); // Register a session “namespace” to store session data. This is better than // using $_SESSION, as we can avoid clashes with other modules or applications, // and problems with servers that have enabled “register_globals”. $WT_SESSION = new Zend_Session_Namespace('WEBTREES'); if (!$SEARCH_SPIDER && !$WT_SESSION->initiated) { // A new session, so prevent session fixation attacks by choosing a new PHPSESSID. Zend_Session::regenerateId(); $WT_SESSION->initiated = true; } else { // An existing session } /** @deprecated Will be removed in 1.7.0 */ define('WT_USER_ID', Auth::id()); /** @deprecated Will be removed in 1.7.0 */ define('WT_USER_NAME', Auth::id() ? Auth::user()->getUserName() : ''); // Set the tree for the page; (1) the request, (2) the session, (3) the site default, (4) any tree foreach (array(Filter::post('ged'), Filter::get('ged'), $WT_SESSION->GEDCOM, Site::getPreference('DEFAULT_GEDCOM')) as $tree_name) { $WT_TREE = Tree::findByName($tree_name); if ($WT_TREE) { $WT_SESSION->GEDCOM = $tree_name; break; } } // No chosen tree? Use any one. if (!$WT_TREE) { foreach (Tree::getAll() as $WT_TREE) { break; } } // These attributes of the currently-selected tree are used frequently if ($WT_TREE) { define('WT_GEDCOM', $WT_TREE->getName()); define('WT_GED_ID', $WT_TREE->getTreeId()); define('WT_GEDURL', $WT_TREE->getNameUrl()); define('WT_TREE_TITLE', $WT_TREE->getTitleHtml()); define('WT_USER_GEDCOM_ADMIN', Auth::isManager($WT_TREE)); define('WT_USER_CAN_ACCEPT', Auth::isModerator($WT_TREE)); define('WT_USER_CAN_EDIT', Auth::isEditor($WT_TREE)); define('WT_USER_CAN_ACCESS', Auth::isMember($WT_TREE)); define('WT_USER_GEDCOM_ID', $WT_TREE->getUserPreference(Auth::user(), 'gedcomid')); define('WT_USER_ROOT_ID', $WT_TREE->getUserPreference(Auth::user(), 'rootid') ? $WT_TREE->getUserPreference(Auth::user(), 'rootid') : WT_USER_GEDCOM_ID); define('WT_USER_PATH_LENGTH', $WT_TREE->getUserPreference(Auth::user(), 'RELATIONSHIP_PATH_LENGTH')); if (WT_USER_GEDCOM_ADMIN) { define('WT_USER_ACCESS_LEVEL', WT_PRIV_NONE); } elseif (WT_USER_CAN_ACCESS) { define('WT_USER_ACCESS_LEVEL', WT_PRIV_USER); } else { define('WT_USER_ACCESS_LEVEL', WT_PRIV_PUBLIC); } } else { define('WT_GEDCOM', ''); define('WT_GED_ID', null); define('WT_GEDURL', ''); define('WT_TREE_TITLE', WT_WEBTREES); define('WT_USER_GEDCOM_ADMIN', false); define('WT_USER_CAN_ACCEPT', false); define('WT_USER_CAN_EDIT', false); define('WT_USER_CAN_ACCESS', false); define('WT_USER_GEDCOM_ID', ''); define('WT_USER_ROOT_ID', ''); define('WT_USER_PATH_LENGTH', 0); define('WT_USER_ACCESS_LEVEL', WT_PRIV_PUBLIC); } // With no parameters, init() looks to the environment to choose a language define('WT_LOCALE', I18N::init()); $WT_SESSION->locale = I18N::$locale; if (empty($WEBTREES_EMAIL)) { $WEBTREES_EMAIL = 'webtrees-noreply@' . preg_replace('/^www\./i', '', $_SERVER['SERVER_NAME']); } // Note that the database/webservers may not be synchronised, so use DB time throughout. define('WT_TIMESTAMP', (int) Database::prepare("SELECT UNIX_TIMESTAMP()")->fetchOne()); // Server timezone is defined in php.ini define('WT_SERVER_TIMESTAMP', WT_TIMESTAMP + (int) date('Z')); if (Auth::check()) { define('WT_CLIENT_TIMESTAMP', WT_TIMESTAMP - $WT_SESSION->timediff); } else { define('WT_CLIENT_TIMESTAMP', WT_SERVER_TIMESTAMP); } define('WT_CLIENT_JD', 2440588 + (int) (WT_CLIENT_TIMESTAMP / 86400)); // Application configuration data - things that aren’t (yet?) user-editable require WT_ROOT . 'includes/config_data.php'; // The login URL must be an absolute URL, and can be user-defined if (Site::getPreference('LOGIN_URL')) { define('WT_LOGIN_URL', Site::getPreference('LOGIN_URL')); } else { define('WT_LOGIN_URL', WT_BASE_URL . 'login.php'); } // If there is no current tree and we need one, then redirect somewhere if (WT_SCRIPT_NAME != 'admin_trees_manage.php' && WT_SCRIPT_NAME != 'admin_pgv_to_wt.php' && WT_SCRIPT_NAME != 'login.php' && WT_SCRIPT_NAME != 'logout.php' && WT_SCRIPT_NAME != 'import.php' && WT_SCRIPT_NAME != 'help_text.php' && WT_SCRIPT_NAME != 'message.php') { if (!$WT_TREE || !$WT_TREE->getPreference('imported')) { if (Auth::isAdmin()) { header('Location: ' . WT_BASE_URL . 'admin_trees_manage.php'); } else { header('Location: ' . WT_LOGIN_URL . '?url=' . rawurlencode(WT_SCRIPT_NAME . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '')), true, 301); } exit; } } // Update the login time every 5 minutes if (WT_TIMESTAMP - $WT_SESSION->activity_time > 300) { Auth::user()->setPreference('sessiontime', WT_TIMESTAMP); $WT_SESSION->activity_time = WT_TIMESTAMP; } // Set the theme if (substr(WT_SCRIPT_NAME, 0, 5) === 'admin' || WT_SCRIPT_NAME === 'module.php' && substr(Filter::get('mod_action'), 0, 5) === 'admin') { // Administration scripts begin with “admin” and use a special administration theme Theme::theme(new AdministrationTheme)->init($WT_SESSION, $SEARCH_SPIDER, $WT_TREE); } else { if (Site::getPreference('ALLOW_USER_THEMES')) { // Requested change of theme? $theme_id = Filter::get('theme'); if (!array_key_exists($theme_id, Theme::themeNames())) { $theme_id = ''; } // Last theme used? if (!$theme_id && array_key_exists($WT_SESSION->theme_id, Theme::themeNames())) { $theme_id = $WT_SESSION->theme_id; } } else { $theme_id = ''; } if (!$theme_id) { // User cannot choose (or has not chosen) a theme. // 1) gedcom setting // 2) site setting // 3) webtrees // 4) first one found if (WT_GED_ID) { $theme_id = $WT_TREE->getPreference('THEME_DIR'); } if (!array_key_exists($theme_id, Theme::themeNames())) { $theme_id = Site::getPreference('THEME_DIR'); } if (!array_key_exists($theme_id, Theme::themeNames())) { $theme_id = 'webtrees'; } } foreach (Theme::installedThemes() as $theme) { if ($theme->themeId() === $theme_id) { Theme::theme($theme)->init($WT_SESSION, $SEARCH_SPIDER, $WT_TREE); } } // Remember this setting $WT_SESSION->theme_id = $theme_id; } // Page hit counter - load after theme, as we need theme formatting if ($WT_TREE && $WT_TREE->getPreference('SHOW_COUNTER') && !$SEARCH_SPIDER) { require WT_ROOT . 'includes/hitcount.php'; } else { $hitCount = ''; } // Search engines are only allowed to see certain pages. if ($SEARCH_SPIDER && !in_array(WT_SCRIPT_NAME, array( 'index.php', 'indilist.php', 'module.php', 'mediafirewall.php', 'individual.php', 'family.php', 'mediaviewer.php', 'note.php', 'repo.php', 'source.php', ))) { http_response_code(403); $controller = new PageController; $controller->setPageTitle(I18N::translate('Search engine')); $controller->pageHeader(); echo '

', I18N::translate('You do not have permission to view this page.'), '

'; exit; } // These theme globals are horribly abused. $bwidth = Theme::theme()->parameter('chart-box-x'); $bheight = Theme::theme()->parameter('chart-box-y'); $basexoffset = Theme::theme()->parameter('chart-offset-x'); $baseyoffset = Theme::theme()->parameter('chart-offset-y'); $bxspacing = Theme::theme()->parameter('chart-spacing-x'); $byspacing = Theme::theme()->parameter('chart-spacing-y'); $Dbwidth = Theme::theme()->parameter('chart-descendancy-box-x'); $Dbheight = Theme::theme()->parameter('chart-descendancy-box-y');