Rev 1321 | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
2 | daniel-mar | 1 | <?php |
2 | |||
3 | /* |
||
4 | * OIDplus 2.0 |
||
1321 | daniel-mar | 5 | * Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft |
2 | daniel-mar | 6 | * |
7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
||
8 | * you may not use this file except in compliance with the License. |
||
9 | * You may obtain a copy of the License at |
||
10 | * |
||
11 | * http://www.apache.org/licenses/LICENSE-2.0 |
||
12 | * |
||
13 | * Unless required by applicable law or agreed to in writing, software |
||
14 | * distributed under the License is distributed on an "AS IS" BASIS, |
||
15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
16 | * See the License for the specific language governing permissions and |
||
17 | * limitations under the License. |
||
18 | */ |
||
19 | |||
1050 | daniel-mar | 20 | use ViaThinkSoft\OIDplus\OIDplus; |
21 | use ViaThinkSoft\OIDplus\OIDplusGui; |
||
22 | |||
207 | daniel-mar | 23 | header('Content-Type:text/html; charset=UTF-8'); |
2 | daniel-mar | 24 | |
207 | daniel-mar | 25 | require_once __DIR__ . '/includes/oidplus.inc.php'; |
26 | |||
1050 | daniel-mar | 27 | set_exception_handler(array(OIDplusGui::class, 'html_exception_handler')); |
240 | daniel-mar | 28 | |
207 | daniel-mar | 29 | ob_start(); // allow cookie headers to be sent |
30 | |||
120 | daniel-mar | 31 | OIDplus::init(true); |
32 | |||
1130 | daniel-mar | 33 | $static_node_id = $_REQUEST['goto'] ?? 'oidplus:system'; |
773 | daniel-mar | 34 | |
946 | daniel-mar | 35 | if (isset($_REQUEST['h404'])) { |
36 | $handled = false; |
||
1116 | daniel-mar | 37 | $plugins = OIDplus::getAllPlugins(); |
946 | daniel-mar | 38 | foreach ($plugins as $plugin) { |
39 | if ($plugin->handle404($_REQUEST['h404'])) $handled = true; |
||
40 | } |
||
41 | if (!$handled) { |
||
1375 | daniel-mar | 42 | // TODO: Is canonical host OK? Because we might have a login cookie on this domain! |
946 | daniel-mar | 43 | header('Location:'.OIDplus::webpath().'?goto='.urlencode('oidplus:err:'.$_REQUEST['h404'])); |
44 | die(); |
||
45 | } |
||
46 | } |
||
47 | |||
1247 | daniel-mar | 48 | $static_node_id_original = $static_node_id; |
775 | daniel-mar | 49 | $static_node_id = OIDplus::prefilterQuery($static_node_id, false); |
1247 | daniel-mar | 50 | if ($static_node_id_original !== $static_node_id) { |
51 | // Redirect to the corrected query |
||
1375 | daniel-mar | 52 | // TODO: Is canonical host OK? Because we might have a login cookie on this domain! |
1247 | daniel-mar | 53 | $canonical_url = OIDplus::canonicalURL($static_node_id); |
54 | if ($canonical_url) { |
||
55 | header('Location:'.$canonical_url); |
||
56 | die(); |
||
1245 | daniel-mar | 57 | } |
1247 | daniel-mar | 58 | unset($canonical_url); |
1245 | daniel-mar | 59 | } |
1247 | daniel-mar | 60 | unset($static_node_id_original); |
1245 | daniel-mar | 61 | |
558 | daniel-mar | 62 | $static = OIDplus::gui()->generateContentPage($static_node_id); |
1066 | daniel-mar | 63 | $page_title_2 = $static['title']; |
120 | daniel-mar | 64 | $static_icon = $static['icon']; |
65 | $static_content = $static['text']; |
||
66 | |||
564 | daniel-mar | 67 | if (!isset($_COOKIE['csrf_token'])) { |
68 | // This is the main CSRF token used for AJAX. |
||
69 | $token = OIDplus::authUtils()->genCSRFToken(); |
||
70 | OIDplus::cookieUtils()->setcookie('csrf_token', $token, 0, false); |
||
71 | unset($token); |
||
72 | } |
||
73 | |||
74 | if (!isset($_COOKIE['csrf_token_weak'])) { |
||
75 | // This CSRF token is created with SameSite=Lax and must be used |
||
76 | // for OAuth 2.0 redirects or similar purposes. |
||
77 | $token = OIDplus::authUtils()->genCSRFToken(); |
||
78 | OIDplus::cookieUtils()->setcookie('csrf_token_weak', $token, 0, false, 'Lax'); |
||
79 | unset($token); |
||
80 | } |
||
81 | |||
362 | daniel-mar | 82 | OIDplus::handleLangArgument(); |
83 | |||
1066 | daniel-mar | 84 | $page_title_1 = OIDplus::gui()->combine_systemtitle_and_pagetitle(OIDplus::config()->getValue('system_title'), $page_title_2); |
120 | daniel-mar | 85 | |
1184 | daniel-mar | 86 | $cont = OIDplus::gui()->showMainPage($page_title_1, $page_title_2, $static_icon, $static_content, $extra_head_tags=array(), $static_node_id); |
142 | daniel-mar | 87 | |
1005 | daniel-mar | 88 | OIDplus::invoke_shutdown(); |
89 | |||
366 | daniel-mar | 90 | echo $cont; |