blob: ae03e86c73cae3d5701c307b42ff9b1434db5a60 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
<?php
/**
* Page class which all "modules" must be extending from
*/
abstract class Page
{
protected function doPreprocess() {}
protected function doRender() {}
protected function doAjax() {}
public static function preprocess() { self::$instance->doPreprocess(); }
public static function render() { self::$instance->doRender(); }
public static function ajax() { self::$instance->doAjax(); }
/**
*
* @var \Page
*/
private static $instance = false;
public static function set($name)
{
$name = preg_replace('/[^A-Za-z]/', '', $name);
$modulePath = 'modules/' . strtolower($name) . '.inc.php';
if (!file_exists($modulePath)) {
Util::traceError('Invalid module file: ' . $modulePath);
}
require_once $modulePath;
$className = 'Page_' . $name;
if (!class_exists($className) || get_parent_class($className) !== 'Page') {
Util::traceError('Module not found: ' . $name);
}
self::$instance = new $className();
}
}
// Error reporting (hopefully goind to stderr, not being printed on pages)
error_reporting(E_ALL);
// Set variable if this is an ajax request
$isAsync = (isset($_REQUEST['async']))
|| (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest');
// Autoload classes from ./inc which adhere to naming scheme <lowercasename>.inc.php
function slxAutoloader($class) {
$file = 'inc/' . preg_replace('/[^a-z0-9]/', '', mb_strtolower($class)) . '.inc.php';
if (!file_exists($file)) return;
require_once $file;
}
spl_autoload_register('slxAutoloader');
// Now determine which module to run
Page::set(empty($_REQUEST['do']) ? 'Main' : $_REQUEST['do']);
// Deserialize any messages to display
if (!$isAsync && isset($_REQUEST['message'])) {
Message::fromRequest();
}
// CSRF/XSS check
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
User::load();
if (!Util::verifyToken()) {
if ($isAsync) {
die('CSRF/XSS? Missing token in POST request!');
} else {
Util::redirect('?do=Main');
}
}
}
// AJAX Stuff? Just do so. Otherwise, run preprocessing
if ($isAsync) {
Page::ajax();
exit(0);
}
// Normal mode - preprocess first....
Page::preprocess();
// Generate Main menu
$menu = new Menu;
Render::addTemplate('main-menu', $menu);
Message::renderList();
// Render page. If the module wants to output anything, it will be done here...
Page::render();
if (defined('CONFIG_DEBUG') && CONFIG_DEBUG) {
Message::addWarning('debug-mode');
}
// Send page to client.
Render::output();
|