Rev 1066 | Rev 1130 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
2 | daniel-mar | 1 | <?php |
2 | |||
3 | /* |
||
4 | * OIDplus 2.0 |
||
773 | daniel-mar | 5 | * Copyright 2019 - 2022 Daniel Marschall, ViaThinkSoft |
2 | daniel-mar | 6 | * |
7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
||
8 | * you may not use this file except in compliance with the License. |
||
9 | * You may obtain a copy of the License at |
||
10 | * |
||
11 | * http://www.apache.org/licenses/LICENSE-2.0 |
||
12 | * |
||
13 | * Unless required by applicable law or agreed to in writing, software |
||
14 | * distributed under the License is distributed on an "AS IS" BASIS, |
||
15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
16 | * See the License for the specific language governing permissions and |
||
17 | * limitations under the License. |
||
18 | */ |
||
19 | |||
1050 | daniel-mar | 20 | use ViaThinkSoft\OIDplus\OIDplus; |
21 | use ViaThinkSoft\OIDplus\OIDplusGui; |
||
22 | |||
207 | daniel-mar | 23 | header('Content-Type:text/html; charset=UTF-8'); |
2 | daniel-mar | 24 | |
207 | daniel-mar | 25 | require_once __DIR__ . '/includes/oidplus.inc.php'; |
26 | |||
1050 | daniel-mar | 27 | set_exception_handler(array(OIDplusGui::class, 'html_exception_handler')); |
240 | daniel-mar | 28 | |
207 | daniel-mar | 29 | ob_start(); // allow cookie headers to be sent |
30 | |||
120 | daniel-mar | 31 | OIDplus::init(true); |
32 | |||
33 | $static_node_id = isset($_REQUEST['goto']) ? $_REQUEST['goto'] : 'oidplus:system'; |
||
773 | daniel-mar | 34 | |
946 | daniel-mar | 35 | if (isset($_REQUEST['h404'])) { |
36 | $handled = false; |
||
1116 | daniel-mar | 37 | $plugins = OIDplus::getAllPlugins(); |
946 | daniel-mar | 38 | foreach ($plugins as $plugin) { |
39 | if ($plugin->handle404($_REQUEST['h404'])) $handled = true; |
||
40 | } |
||
41 | if (!$handled) { |
||
42 | header('Location:'.OIDplus::webpath().'?goto='.urlencode('oidplus:err:'.$_REQUEST['h404'])); |
||
43 | die(); |
||
44 | } |
||
45 | } |
||
46 | |||
775 | daniel-mar | 47 | $static_node_id = OIDplus::prefilterQuery($static_node_id, false); |
773 | daniel-mar | 48 | |
558 | daniel-mar | 49 | $static = OIDplus::gui()->generateContentPage($static_node_id); |
1066 | daniel-mar | 50 | $page_title_2 = $static['title']; |
120 | daniel-mar | 51 | $static_icon = $static['icon']; |
52 | $static_content = $static['text']; |
||
53 | |||
564 | daniel-mar | 54 | if (!isset($_COOKIE['csrf_token'])) { |
55 | // This is the main CSRF token used for AJAX. |
||
56 | $token = OIDplus::authUtils()->genCSRFToken(); |
||
57 | OIDplus::cookieUtils()->setcookie('csrf_token', $token, 0, false); |
||
58 | unset($token); |
||
59 | } |
||
60 | |||
61 | if (!isset($_COOKIE['csrf_token_weak'])) { |
||
62 | // This CSRF token is created with SameSite=Lax and must be used |
||
63 | // for OAuth 2.0 redirects or similar purposes. |
||
64 | $token = OIDplus::authUtils()->genCSRFToken(); |
||
65 | OIDplus::cookieUtils()->setcookie('csrf_token_weak', $token, 0, false, 'Lax'); |
||
66 | unset($token); |
||
67 | } |
||
68 | |||
362 | daniel-mar | 69 | OIDplus::handleLangArgument(); |
70 | |||
1066 | daniel-mar | 71 | $page_title_1 = OIDplus::gui()->combine_systemtitle_and_pagetitle(OIDplus::config()->getValue('system_title'), $page_title_2); |
120 | daniel-mar | 72 | |
1066 | daniel-mar | 73 | $cont = OIDplus::gui()->showMainPage($page_title_1, $page_title_2, $static_icon, $static_content, $extra_head_tags=array(), $static_node_id=''); |
142 | daniel-mar | 74 | |
1005 | daniel-mar | 75 | OIDplus::invoke_shutdown(); |
76 | |||
366 | daniel-mar | 77 | echo $cont; |