blob: 9a4ebd879e5238834e41f5bbe2ba11d81b0fde9e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
<?php
/*
* SCROTT Copyright (C) 2016 Malf Furious
*
* Scrott is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License,
* or (at your option) any later version.
*
* Scrott is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
* License for more details.
*/
require_once "class/controller.class.php";
require_once "class/setting.class.php";
require_once "controller/sysconf.control.php";
require_once "controller/except.control.php";
require_once "controller/auth.control.php";
require_once "controller/deauth.control.php";
require_once "controller/dashboard.control.php";
require_once "controller/deleteacct.control.php";
/*
* Root-level controller for Scrott app. This object will delegate the page request to the
* appropriate controller or handle it with an error message page.
*/
class Root extends Controller
{
/*
* Controller implementation
*/
function handle($argv)
{
global $_SCROTT;
$argv = $this->normalizeArgv($argv);
try
{
/* Assert that the system config file exists and has been included */
if (!$this->scrottConfExists())
{
$ctrl = new Sysconf();
$ctrl->handle($argv);
return;
}
/* Assert we are running over HTTP(S), whichever is desired */
switch ($_SCROTT['settSSL'])
{
case "force": $this->sec_require_https(); break;
case "forbid": $this->sec_forbid_https(); break;
default:
switch (Setting::settSSL())
{
case "force": $this->sec_require_https(); break;
case "forbid": $this->sec_forbid_https(); break;
}
}
/* Assert session IP */
$this->sec_verify_ip();
/* Assert that a user is logged in */
if (!$this->getCurrentUser())
{
$ctrl = new Auth();
$ctrl->handle($argv);
return;
}
/* Handle page request */
if (count($argv) == 0)
$ctrl = new Dashboard();
else
{
switch ($argv[0])
{
case "logout": $ctrl = new Deauth(); break;
case "deleteaccount": $ctrl = new Deleteacct(); break;
default:
throw new Exception("The requested path is not valid.");
break;
}
}
$ctrl->handle($argv);
}
catch (Exception $e)
{
$ctrl = new Except();
$ctrl->handle($e->getMessage());
}
}
/*
* Get a useful path string by normalizeing the $argv array received from the main function.
* This will remove directory names that appear in the $this->ar() string and the initial
* and trailing (if present) empty strings
*/
function normalizeArgv($argv)
{
$argv = array_values(array_filter($argv));
$ar = array_values(array_filter(explode("/", $this->ar())));
$i = 0;
$trunc = true;
if (count($ar) == 0)
return $argv;
foreach ($ar as $elem)
{
if ($elem != $argv[$i])
{
$trunc = false;
break;
}
$i++;
}
if (!$trunc)
return $argv;
return array_values(array_slice($argv, count($ar)));
}
}
?>
|