Subversion Repositories oidplus

Rev

Rev 1245 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed

  1. <?php
  2.  
  3. /*
  4.  * OIDplus 2.0
  5.  * Copyright 2019 - 2022 Daniel Marschall, ViaThinkSoft
  6.  *
  7.  * Licensed under the Apache License, Version 2.0 (the "License");
  8.  * you may not use this file except in compliance with the License.
  9.  * You may obtain a copy of the License at
  10.  *
  11.  *     http://www.apache.org/licenses/LICENSE-2.0
  12.  *
  13.  * Unless required by applicable law or agreed to in writing, software
  14.  * distributed under the License is distributed on an "AS IS" BASIS,
  15.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16.  * See the License for the specific language governing permissions and
  17.  * limitations under the License.
  18.  */
  19.  
  20. use ViaThinkSoft\OIDplus\OIDplus;
  21. use ViaThinkSoft\OIDplus\OIDplusGui;
  22.  
  23. header('Content-Type:text/html; charset=UTF-8');
  24.  
  25. require_once __DIR__ . '/includes/oidplus.inc.php';
  26.  
  27. set_exception_handler(array(OIDplusGui::class, 'html_exception_handler'));
  28.  
  29. ob_start(); // allow cookie headers to be sent
  30.  
  31. OIDplus::init(true);
  32.  
  33. $static_node_id = $_REQUEST['goto'] ?? 'oidplus:system';
  34.  
  35. if (isset($_REQUEST['h404'])) {
  36.         $handled = false;
  37.         $plugins = OIDplus::getAllPlugins();
  38.         foreach ($plugins as $plugin) {
  39.                 if ($plugin->handle404($_REQUEST['h404'])) $handled = true;
  40.         }
  41.         if (!$handled) {
  42.                 header('Location:'.OIDplus::webpath().'?goto='.urlencode('oidplus:err:'.$_REQUEST['h404']));
  43.                 die();
  44.         }
  45. }
  46.  
  47. $static_node_id_original = $static_node_id;
  48. $static_node_id = OIDplus::prefilterQuery($static_node_id, false);
  49. if ($static_node_id_original !== $static_node_id) {
  50.         // Redirect to the corrected query
  51.         $canonical_url = OIDplus::canonicalURL($static_node_id);
  52.         if ($canonical_url) {
  53.                 header('Location:'.$canonical_url);
  54.                 die();
  55.         }
  56.         unset($canonical_url);
  57. }
  58. unset($static_node_id_original);
  59.  
  60. $static = OIDplus::gui()->generateContentPage($static_node_id);
  61. $page_title_2 = $static['title'];
  62. $static_icon = $static['icon'];
  63. $static_content = $static['text'];
  64.  
  65. if (!isset($_COOKIE['csrf_token'])) {
  66.         // This is the main CSRF token used for AJAX.
  67.         $token = OIDplus::authUtils()->genCSRFToken();
  68.         OIDplus::cookieUtils()->setcookie('csrf_token', $token, 0, false);
  69.         unset($token);
  70. }
  71.  
  72. if (!isset($_COOKIE['csrf_token_weak'])) {
  73.         // This CSRF token is created with SameSite=Lax and must be used
  74.         // for OAuth 2.0 redirects or similar purposes.
  75.         $token = OIDplus::authUtils()->genCSRFToken();
  76.         OIDplus::cookieUtils()->setcookie('csrf_token_weak', $token, 0, false, 'Lax');
  77.         unset($token);
  78. }
  79.  
  80. OIDplus::handleLangArgument();
  81.  
  82. $page_title_1 = OIDplus::gui()->combine_systemtitle_and_pagetitle(OIDplus::config()->getValue('system_title'), $page_title_2);
  83.  
  84. $cont = OIDplus::gui()->showMainPage($page_title_1, $page_title_2, $static_icon, $static_content, $extra_head_tags=array(), $static_node_id);
  85.  
  86. OIDplus::invoke_shutdown();
  87.  
  88. echo $cont;
  89.