advokit-installer-bak/turban.php - view

Return to turban.php CVS log

Up to [Development] / advokit-installer-bak

File: [Development] / advokit-installer-bak / turban.php (download) / (as text)
Revision: 1.6, Wed Aug 25 03:13:03 2004 UTC (6 years ago) by travislow
Branch: MAIN
CVS Tags: HEAD
Changes since 1.5: +5 -6 lines

- Fixed minor security issues relating to uninitialized variables.
- Enhanced bug reporting.  If a DB error occurs, a form is displayed.
  The user can choose to use it, or not.
- Change app maintainers to ak@voter2voter.org

<?
# ======================================================================
# AdvoKit -- a campaign managment tool
# Copyright (C) 2004  OrchidSuites, Inc. (info@orchidsuites.net)
# 
# This program is free software; you can redistribute it and/or
# modify it under the terms of the AFFERO GENERAL PUBLIC LICENSE
# as published by Affero, Inc.; either version 1
# of the License, or (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# AFFERO GENERAL PUBLIC LICENSE for more details.
# 
# You should have received a copy of the AFFERO GENERAL PUBLIC LICENSE
# along with this program; if not, write to Affero, Inc. at
# 510 Third Street - Suite 225, San Francisco, CA 94107, USA
# or visit <http://www.affero.org>.
# ======================================================================
# ======================================================================
# This file is the core of the turban framework.  All requests
# are routed through this file.  You should only modify the first
# few lines 
# ======================================================================

# ======================================================================
# MAKE SURE TO SET THE CORRECT PATHNAMES IN THE FOLLOWING SECTION!
# ======================================================================

# Configuration information.  You can have any number of ini files.
# If values in two files have the same name, the later value will
# overwrite the first.
$configs = array( "%%rootdir%%%%DIRSEP%%%%inifilename%%.ini" );

# Configuration class to hold the .ini information.
require "%%rootdir%%%%DIRSEP%%Configuration.class.php";

# ======================================================================
# DO NOT MODIFY ANYTHING BELOW THIS LINE!
# ======================================================================

#----------------------------------------------------------------------
# Platform-specific crap.  Why can't we just all get along?
#----------------------------------------------------------------------
if( PHP_OS == "WIN32" || PHP_OS == "WINNT" )
{
    define( "DIRSEP", "\\" );
}
else
{
    define( "DIRSEP", "/" );
}

#----------------------------------------------------------------------
# Create configuration object to hold values in .ini files
#----------------------------------------------------------------------
$t_config = new Configuration( $configs );
$t_config || die ( "Missing configuration object.  Sorry, cannot continue!" );
$t_root = $t_config->get( "turban_root" );

#----------------------------------------------------------------------
# Logger for interesting events.  Set log levels in your .ini file.
#----------------------------------------------------------------------
require "$t_root".DIRSEP."Logger.class.php";
$t_logger = new Logger( $t_config );
$t_logger || die ( "Missing logger object.  Sorry, cannot continue!" );

#----------------------------------------------------------------------
# Database access class.  Specify database type in your .ini file.
# Currently, only MySQL is supported.
#----------------------------------------------------------------------
require "$t_root".DIRSEP."Db.class.php";
$t_db = new Db( $t_config, $t_logger );
$t_db || die ( "Could not instantiate database object.  Sorry, you need a database!" );

#----------------------------------------------------------------------
# Wrapper class for HTTP parameters.  
#----------------------------------------------------------------------
require "$t_root".DIRSEP."Request.class.php";
$t_request = new Request( $t_config, $t_logger, $t_db );
$t_request || die ( "Missing request object.  Sorry, cannot continue!" );

#----------------------------------------------------------------------
# User state class (kitchen sink).  You can store arbitrary name-value
# pairs in the database using this class.  Each pair is associated
# with a particular user.
#----------------------------------------------------------------------
require "$t_root".DIRSEP."Ustate.class.php";
$t_ustate = new Ustate( $t_db, $t_config );
$t_ustate || die ( "Missing User state object.  Sorry, cannot continue!" );

#----------------------------------------------------------------------
# Template engine class.  Specify which engine in your .ini file.
# Currently, only the Smarty template engine is supported.
#----------------------------------------------------------------------
require "$t_root".DIRSEP."TemplateEngine.class.php";
$t_te = new TemplateEngine( $t_config, $t_logger );
$t_te || die ( "Missing Template Engine object.  Sorry, cannot continue!" );

#----------------------------------------------------------------------
# Class to see if there is an active session associated 
# with this request.
#----------------------------------------------------------------------
require "$t_root".DIRSEP."SessionHandler.class.php";
$t_sesshandler = new SessionHandler( $t_config, $t_logger, $t_db, $t_request, $t_te, $t_ustate );
$t_sesshandler || die ( "Missing Session Handler object.  Sorry, cannot continue!" );
if( "request" == $t_sesshandler->getSessionType() )
{
    $t_te_instance = $t_te->te;
    require "$t_root".DIRSEP."session-utils.inc.php";
}
#----------------------------------------------------------------------
# Class to represent a user of the system.
#----------------------------------------------------------------------
require "$t_root".DIRSEP."User.class.php";
$t_user = $t_sesshandler->getUser();
$t_user || die ( "Missing User object.  Sorry, cannot continue!" );

#----------------------------------------------------------------------
# Set up some constants
#----------------------------------------------------------------------
define( "IS_ADMIN",   $t_user->isAdmin() );
define( "IS_TECH",    $t_user->isTech() );
define( "IS_SPECIAL", $t_user->isSpecial() );

#----------------------------------------------------------------------
# Wrapper for information passed between classes.
#----------------------------------------------------------------------
require "$t_root".DIRSEP."Context.class.php";
$t_context = new Context( $t_config, $t_logger, $t_db, $t_request, $t_te, $t_sesshandler, $t_user, $t_ustate );
$t_context || die ( "Missing Context object.  Sorry, cannot continue!" );


#======================================================================
# Done with initialization.  Start processing the request.
#======================================================================

#----------------------------------------------------------------------
# If an action was specified, then perform it.
#----------------------------------------------------------------------
if( $t_request->hasNonEmpty( "action" ) )
{
    require "$t_root".DIRSEP."BaseAction.class.php";
    require "$t_root".DIRSEP."AddAction.class.php";
    $actionname = $t_request->get( "action" );
    $action = NULL;
    if( file_exists( $t_config->get( "actions" ).DIRSEP.$actionname.".class.php" ) )
    {
        if( $t_context->user->canPerform( $actionname ) )
        {
            include $t_config->get( "actions" ).DIRSEP.$actionname.".class.php";
            $action = new $actionname( $t_context );
            $action->perform();
        }
        else
        {
            $t_context->actiondenied = TRUE;
        }
    }
    else
    {
        $t_logger->warning(__FILE__, "Action '".$actionname."' not found!" );
        $t_context->message = "Action '".$actionname."' not found!";
    }
}
else
{
    $t_logger->debug(__FILE__, "No action requested." );
}
#----------------------------------------------------------------------
# Return if the action said not to display anything.
#----------------------------------------------------------------------
if( $t_context->nodisplay )
{
    return;
}
require "$t_root".DIRSEP."BaseDisplay.class.php";
require "$t_root".DIRSEP."HtmlDisplay.class.php";
require "$t_root".DIRSEP."TemplateDisplay.class.php";
#----------------------------------------------------------------------
# Render the display, if specified.  If none, use default.
# Note special case for "redisplay" parameter.
#----------------------------------------------------------------------
if( $t_request->hasNonEmpty( "redisplay" ) )
{
    $t_context->displayname = $t_ustate->getValue( $t_user->getId(), 0, '', '', "lastdisplay" );
    $t_request->setParms( $t_ustate->getData( $t_user->getId(), 0, '', '', "lastparms" ) );
}
$displayname = $t_context->displayname;
if( ! $displayname && $t_request->hasNonEmpty( "display" ) )
{
    $displayname = $t_request->get( "display" );
}
$html_display = NULL;
if( $displayname )
{
    if( file_exists( $t_config->get( "displays" ).DIRSEP.$displayname.".class.php" ) )
    {
        $t_logger->debug(__FILE__, "Using custom display class '".$displayname.".class.php'" );
        include $t_config->get( "displays" ).DIRSEP.$displayname.".class.php";
        $display = new $displayname( $t_context );
        $display->setTemplate( "$displayname.tpl" );
    }
    elseif( file_exists( $t_config->get( "te_root" ).DIRSEP.$t_config->get( "te_tpls_raw" ).DIRSEP.$displayname.".tpl" ) )
    {
        $t_logger->info(__FILE__, "Using standard TemplateDisplay class to display '".$displayname."'" );
        $display = new TemplateDisplay( $t_context );
        $display->setTemplate( $displayname.".tpl" );
    }
    elseif( file_exists( $t_config->get( "html_includes" ).DIRSEP.$displayname.".html" ) )
    {
        $t_logger->info(__FILE__, "Using standard HtmlDisplay class to display '".$displayname."'" );
        $display = new HtmlDisplay( $t_context );
        $html_display = TRUE;
        $display->setFile( $t_config->get( "html_includes" ).DIRSEP.$displayname.".html" );
    }
    else
    {
        $t_logger->warning(__FILE__, "Display '".$displayname."' not found!" );
        $t_context->message = "Display '".$displayname."' not found!";
        $nf = $t_config->get( "notfound_display" );
        include $t_config->get( "displays" ).DIRSEP.$nf.".class.php";
        $display = new $nf( $t_context );
        $display->setTemplate( "$nf.tpl" );
    }
}
else
{
    $displayname = $t_config->get( "default_display" );
    $t_logger->debug(__FILE__, "No display specified!  Using default: '".$displayname."'" );
    include $t_config->get( "displays" ).DIRSEP.$displayname.".class.php";
    $display = new $displayname( $t_context );
    $display->setTemplate( $displayname.".tpl" );

}
if(  ( $action && $t_context->actiondenied )
  || ( $displayname && ! $html_display && ! $t_context->user->canView( $displayname ) )
  )
{
    if( $t_context->actiondenied )
    {
        $t_context->message = "Insufficient rights to perform action '".$actionname."'.  Please login.";
    }
    else
    {
        $t_context->message = "Insufficient rights to view display '".$displayname."'.  Please login.";
    }
    if( $t_config->get( "use_http_auth" ) )
    {
        // use http 401 response to request login from the user.
        require_once "$t_root".DIRSEP."auth-utils.inc.php";
        $timestamp = $t_ustate->getValue( $t_context->user->getId(), 0, '', '', "login_timestamp" );
        makeAuthenticateHeader( $t_config, $timestamp );
        // if the user hits 'cancel', they'll get the std login display below
        // (fall through)
    }
    $displayname = $t_config->get( "login_display" );
    if( !class_exists( $displayname ) )
    {
        include $t_config->get( "displays" ).DIRSEP.$displayname.".class.php";
    }
    $display = new $displayname( $t_context );
    $display->setTemplate( $displayname.".tpl" );
}
$display->render();

?>

cvsadmin@voter2voter.org

CVS Snapshots (updated daily)