Subversion Repositories oidplus

Rev

Rev 1321 | Blame | Compare with Previous | Last modification | View Log | RSS feed

  1. <?php
  2.  
  3. /*
  4.  * OIDplus 2.0
  5.  * Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft
  6.  *
  7.  * Licensed under the Apache License, Version 2.0 (the "License");
  8.  * you may not use this file except in compliance with the License.
  9.  * You may obtain a copy of the License at
  10.  *
  11.  *     http://www.apache.org/licenses/LICENSE-2.0
  12.  *
  13.  * Unless required by applicable law or agreed to in writing, software
  14.  * distributed under the License is distributed on an "AS IS" BASIS,
  15.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16.  * See the License for the specific language governing permissions and
  17.  * limitations under the License.
  18.  */
  19.  
  20. use ViaThinkSoft\OIDplus\OIDplus;
  21. use ViaThinkSoft\OIDplus\OIDplusGui;
  22.  
  23. header('Content-Type:text/html; charset=UTF-8');
  24.  
  25. require_once __DIR__ . '/includes/oidplus.inc.php';
  26.  
  27. set_exception_handler(array(OIDplusGui::class, 'html_exception_handler'));
  28.  
  29. ob_start(); // allow cookie headers to be sent
  30.  
  31. OIDplus::init(true);
  32.  
  33. $static_node_id = $_REQUEST['goto'] ?? 'oidplus:system';
  34.  
  35. if (isset($_REQUEST['h404'])) {
  36.         $handled = false;
  37.         $plugins = OIDplus::getAllPlugins();
  38.         foreach ($plugins as $plugin) {
  39.                 if ($plugin->handle404($_REQUEST['h404'])) $handled = true;
  40.         }
  41.         if (!$handled) {
  42.                 // TODO: Is canonical host OK? Because we might have a login cookie on this domain!
  43.                 header('Location:'.OIDplus::webpath().'?goto='.urlencode('oidplus:err:'.$_REQUEST['h404']));
  44.                 die();
  45.         }
  46. }
  47.  
  48. $static_node_id_original = $static_node_id;
  49. $static_node_id = OIDplus::prefilterQuery($static_node_id, false);
  50. if ($static_node_id_original !== $static_node_id) {
  51.         // Redirect to the corrected query
  52.         // TODO: Is canonical host OK? Because we might have a login cookie on this domain!
  53.         $canonical_url = OIDplus::canonicalURL($static_node_id);
  54.         if ($canonical_url) {
  55.                 header('Location:'.$canonical_url);
  56.                 die();
  57.         }
  58.         unset($canonical_url);
  59. }
  60. unset($static_node_id_original);
  61.  
  62. $static = OIDplus::gui()->generateContentPage($static_node_id);
  63. $page_title_2 = $static['title'];
  64. $static_icon = $static['icon'];
  65. $static_content = $static['text'];
  66.  
  67. if (!isset($_COOKIE['csrf_token'])) {
  68.         // This is the main CSRF token used for AJAX.
  69.         $token = OIDplus::authUtils()->genCSRFToken();
  70.         OIDplus::cookieUtils()->setcookie('csrf_token', $token, 0, false);
  71.         unset($token);
  72. }
  73.  
  74. if (!isset($_COOKIE['csrf_token_weak'])) {
  75.         // This CSRF token is created with SameSite=Lax and must be used
  76.         // for OAuth 2.0 redirects or similar purposes.
  77.         $token = OIDplus::authUtils()->genCSRFToken();
  78.         OIDplus::cookieUtils()->setcookie('csrf_token_weak', $token, 0, false, 'Lax');
  79.         unset($token);
  80. }
  81.  
  82. OIDplus::handleLangArgument();
  83.  
  84. $page_title_1 = OIDplus::gui()->combine_systemtitle_and_pagetitle(OIDplus::config()->getValue('system_title'), $page_title_2);
  85.  
  86. $cont = OIDplus::gui()->showMainPage($page_title_1, $page_title_2, $static_icon, $static_content, $extra_head_tags=array(), $static_node_id);
  87.  
  88. OIDplus::invoke_shutdown();
  89.  
  90. echo $cont;
  91.