Subversion Repositories oidplus

Rev

Rev 532 | Rev 571 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed

  1. <?php
  2.  
  3. /*
  4.  * OIDplus 2.0
  5.  * Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft
  6.  *
  7.  * Licensed under the Apache License, Version 2.0 (the "License");
  8.  * you may not use this file except in compliance with the License.
  9.  * You may obtain a copy of the License at
  10.  *
  11.  *     http://www.apache.org/licenses/LICENSE-2.0
  12.  *
  13.  * Unless required by applicable law or agreed to in writing, software
  14.  * distributed under the License is distributed on an "AS IS" BASIS,
  15.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16.  * See the License for the specific language governing permissions and
  17.  * limitations under the License.
  18.  */
  19.  
  20. // Before we do ANYTHING, check for dependencies! Do not include anything (except the GMP supplement) yet.
  21.  
  22. define('INSIDE_OIDPLUS', true);
  23.  
  24. require_once __DIR__ . '/functions.inc.php'; // Required for _L()
  25.  
  26. if (version_compare(PHP_VERSION, '7.0.0') < 0) {
  27.         // Reasons why we currently require PHP 7.0:
  28.         // - Return values (e.g. "function foo(): array") (added 2020-04-06 at the database classes)
  29.         //   Note: By removing these return values (e.g. removing ": array"), you *might* be
  30.         //   able to run OIDplus with PHP lower than version 7.0 (not tested)
  31.         //
  32.         // Currently we do NOT require 7.1, because some (old-)stable distros are still using PHP 7.0
  33.         // (e.g. Debian 9 which has LTS support till May 2022).
  34.         // Therefore we commented out following features which would require PHP 7.1:
  35.         // - Nullable return values (e.g. "function foo(): ?array")
  36.         // - void return value (e.g. "function foo(): void")
  37.         // - private/protected/public consts
  38.         echo '<!DOCTYPE HTML>';
  39.         echo '<html><head><title>'._L('OIDplus error').'</title></head><body>';
  40.         echo '<h1>'._L('OIDplus error').'</h1>';
  41.         echo '<p>'._L('OIDplus requires at least PHP version %1! You are currently using version %2','7.0',PHP_VERSION).'</p>'."\n";
  42.         echo '</body></html>';
  43.         die();
  44. }
  45.  
  46. include_once __DIR__ . '/gmp_supplement.inc.php';
  47. include_once __DIR__ . '/../3p/symfony-mbstring-polyfill/bootstrap.php';
  48.  
  49. include_once __DIR__ . '/../3p/php-jwt/ExpiredException.php';
  50. include_once __DIR__ . '/../3p/php-jwt/BeforeValidException.php';
  51. include_once __DIR__ . '/../3p/php-jwt/SignatureInvalidException.php';
  52. include_once __DIR__ . '/../3p/php-jwt/JWT.php';
  53. include_once __DIR__ . '/../3p/php-jwt/JWK.php';
  54.  
  55. include_once __DIR__ . '/simplexml_supplement.inc.php';
  56.  
  57. require_once __DIR__ . '/oidplus_dependency.inc.php';
  58.  
  59. $missing_dependencies = oidplus_get_missing_dependencies();
  60.  
  61. if (count($missing_dependencies) >= 1) {
  62.         echo '<!DOCTYPE HTML>';
  63.         echo '<html><head><title>'._L('OIDplus error').'</title></head><body>';
  64.         echo '<h1>'._L('OIDplus error').'</h1>';
  65.         echo '<p>'._L('The following PHP extensions need to be installed in order to run OIDplus:').'</p>';
  66.         echo '<ul>';
  67.         foreach ($missing_dependencies as $dependency) {
  68.                 echo '<li>'.$dependency.'<br><br></li>';
  69.         }
  70.         echo '</ul>';
  71.         echo '</body></html>';
  72.         die();
  73. }
  74.  
  75. unset($missing_dependencies);
  76.  
  77. // Now we can continue!
  78.  
  79. if (PHP_SAPI != 'cli') {
  80.         // TODO: Plugins should be able to extend CSP
  81.         header('X-Content-Type-Options: nosniff');
  82.         header('X-XSS-Protection: 1; mode=block');
  83.         header("Content-Security-Policy: default-src 'self' blob: https://fonts.gstatic.com https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/; ".
  84.                "style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/; ".
  85.                "img-src blob: data: http: https:; ".
  86.                "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ https://polyfill.io/; ".
  87.                "frame-ancestors 'none'; ".
  88.                "object-src 'none'");
  89.         header('X-Frame-Options: SAMEORIGIN');
  90.         header('Referrer-Policy: no-referrer-when-downgrade');
  91. }
  92.  
  93. require_once __DIR__ . '/../3p/0xbb/Sha3.php';
  94.  
  95. require_once __DIR__ . '/oid_utils.inc.php';
  96. require_once __DIR__ . '/uuid_utils.inc.php';
  97. require_once __DIR__ . '/color_utils.inc.php';
  98. require_once __DIR__ . '/ipv4_functions.inc.php';
  99. require_once __DIR__ . '/ipv6_functions.inc.php';
  100. require_once __DIR__ . '/anti_xss.inc.php';
  101.  
  102. include_once __DIR__ . '/../3p/vts_fileformats/VtsFileTypeDetect.class.php';
  103.  
  104. // ---
  105.  
  106. spl_autoload_register(function ($class_name) {
  107.         static $class_refs = null;
  108.  
  109.         if (is_null($class_refs)) {
  110.                 $valid_plugin_folders = array(
  111.                         'adminPages',
  112.                         'auth',
  113.                         'database',
  114.                         'design',
  115.                         'language',
  116.                         'logger',
  117.                         'objectTypes',
  118.                         'publicPages',
  119.                         'raPages',
  120.                         'sqlSlang'
  121.                 );
  122.  
  123.                 $class_files = array();
  124.                 foreach ($valid_plugin_folders as $folder) {
  125.                         $class_files = array_merge($class_files, glob(__DIR__ . '/../plugins/'.$folder.'/'.'*'.'/'.'*'.'.class.php'));
  126.                 }
  127.                 $class_files = array_merge($class_files, glob(__DIR__ . '/classes/'.'*'.'.class.php'));
  128.  
  129.                 $class_refs = array();
  130.                 foreach ($class_files as $filename) {
  131.                         $cn = basename($filename, '.class.php');
  132.                         $cn = strtolower($cn);
  133.                         if (!isset($class_refs[$cn])) {
  134.                                 $class_refs[$cn] = $filename;
  135.                         }
  136.                 }
  137.         }
  138.  
  139.         $class_name = strtolower($class_name);
  140.         if (isset($class_refs[$class_name])) {
  141.                 require $class_refs[$class_name];
  142.                 unset($class_refs[$class_name]); // this emulates a "require_once" and is faster
  143.         }
  144. });
  145.