summaryrefslogtreecommitdiffstats
path: root/index.php
blob: ae03e86c73cae3d5701c307b42ff9b1434db5a60 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?php

/**
 * Page class which all "modules" must be extending from
 */
abstract class Page
{
	protected function doPreprocess() {}
	protected function doRender() {}
	protected function doAjax() {}
	public static function preprocess() { self::$instance->doPreprocess(); }
	public static function render() { self::$instance->doRender(); }
	public static function ajax() { self::$instance->doAjax(); }
	/**
	 *
	 * @var \Page
	 */
	private static $instance = false;
	public static function set($name)
	{
		$name = preg_replace('/[^A-Za-z]/', '', $name);
		$modulePath = 'modules/' . strtolower($name) . '.inc.php';
		if (!file_exists($modulePath)) {
			Util::traceError('Invalid module file: ' . $modulePath);
		}
		require_once $modulePath;
		$className = 'Page_' . $name;
		if (!class_exists($className) || get_parent_class($className) !== 'Page') {
			Util::traceError('Module not found: ' . $name);
		}
		self::$instance = new $className();
	}
}

// Error reporting (hopefully goind to stderr, not being printed on pages)
error_reporting(E_ALL);

// Set variable if this is an ajax request
$isAsync = (isset($_REQUEST['async']))
	|| (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest');

// Autoload classes from ./inc which adhere to naming scheme <lowercasename>.inc.php
function slxAutoloader($class) {
	$file = 'inc/' . preg_replace('/[^a-z0-9]/', '', mb_strtolower($class)) . '.inc.php';
	if (!file_exists($file)) return;
	require_once $file;
}
spl_autoload_register('slxAutoloader');

// Now determine which module to run
Page::set(empty($_REQUEST['do']) ? 'Main' : $_REQUEST['do']);

// Deserialize any messages to display
if (!$isAsync && isset($_REQUEST['message'])) {
	Message::fromRequest();
}

// CSRF/XSS check
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
	User::load();
	if (!Util::verifyToken()) {
		if ($isAsync) {
			die('CSRF/XSS? Missing token in POST request!');
		} else {
			Util::redirect('?do=Main');
		}
	}
}

// AJAX Stuff? Just do so. Otherwise, run preprocessing
if ($isAsync) {
	Page::ajax();
	exit(0);
}

// Normal mode - preprocess first....
Page::preprocess();

// Generate Main menu
$menu = new Menu;
Render::addTemplate('main-menu', $menu);

Message::renderList();

// Render page. If the module wants to output anything, it will be done here...
Page::render();

if (defined('CONFIG_DEBUG') && CONFIG_DEBUG) {
	Message::addWarning('debug-mode');
}

// Send page to client.
Render::output();