Newer
Older
<?php
* Copyright Maarch since 2008 under licence GPLv3.
* See LICENCE.txt file at the root folder for more details.
* This file is part of Maarch software.
* @brief index (THIS PAGE CAN NOT BE OVERWRITTEN IN A CUSTOM)
* @author dev <dev@maarch.org>
* @ingroup apps
*/
/**
* [PROCESS REQUEST]
*/
if (isset($_REQUEST['dir']) && !empty($_REQUEST['dir'])) {
$_REQUEST['dir'] = str_replace("\\", "", $_REQUEST['dir']);
$_REQUEST['dir'] = str_replace("/", "", $_REQUEST['dir']);
$_REQUEST['dir'] = str_replace("..", "", $_REQUEST['dir']);
//reset orders in previous basket list
if (empty($_SESSION['current_basket'])) {
$_SESSION['save_list']['lines'] = "";
$_SESSION['save_list']['order'] = "";
$_SESSION['save_list']['order_field'] = "";
$_SESSION['save_list']['template'] = "";
$_SESSION['save_list']['full_count'] = 0;
}
// Useless ???
if (isset($_GET['show'])) {
$show = $_GET['show'];
} else {
$show = 'true';
}
// Useless ???
if (isset($_SESSION['user']['UserId'])
&& isset($_GET['page'])
&& !empty($_SESSION['user']['UserId']) && $_GET['page'] <> 'login'
&& $_GET['page'] <> 'log' && $_GET['page'] <> 'logout'
) {
$db = new Database();
$key = md5(
time() . '%' . $_SESSION['user']['FirstName'] . '%'
. $_SESSION['user']['UserId'] . '%' . $_SESSION['user']['UserId']
. '%' . date('dmYHmi') . '%'
);
}
/**
* [Includes]
*/
include_once '../../core/class/class_functions.php';
include_once '../../core/class/class_db_pdo.php';
include_once '../../core/init.php';
include 'apps/maarch_entreprise/tools/maarchIVS/MaarchIVS.php';
//Ozwillo
if (!empty($_REQUEST['code']) && !empty($_REQUEST['state'])) {
$_SESSION['ozwillo']['code'] = $_REQUEST['code'];
$_SESSION['ozwillo']['state'] = $_REQUEST['state'];
}
if ($_SESSION['config']['usePHPIDS'] == 'true') {
include 'apps/maarch_entreprise/phpids_control.php';
}
//SET custom path
if (isset($_SESSION['config']['corepath'])) {
require_once 'core/class/class_db.php';
require_once 'core/class/class_core_tools.php';
$core = new core_tools();
if (! isset($_SESSION['custom_override_id'])
|| empty($_SESSION['custom_override_id'])
) {
$_SESSION['custom_override_id'] = $core->get_custom_id();
if (! empty($_SESSION['custom_override_id'])) {
$path = $_SESSION['config']['corepath'] . 'custom/'
. $_SESSION['custom_override_id'] . '/';
set_include_path(
$path . '/' . $_SESSION['config']['corepath']
);
}
}
} else {
require_once '../../core/class/class_db.php';
require_once '../../core/class/class_core_tools.php';
$core = new core_tools();
$_SESSION['custom_override_id'] = $core->get_custom_id();
chdir('../..');
if (! empty($_SESSION['custom_override_id'])) {
$path = $_SESSION['config']['corepath'] . 'custom/'
. $_SESSION['custom_override_id'] . '/';
set_include_path(
$path . '/' . $_SESSION['config']['corepath']
);
}
}
if (!isset($_SESSION['user']['UserId'])
&& $_REQUEST['page'] <> 'login'
&& $_REQUEST['page'] <> 'log'
&& $_REQUEST['page'] <> 'logout'
) {
$_SESSION['HTTP_REFERER'] = Url::requestUri();
if (trim($_SERVER['argv'][0]) <> '') {
header('location: reopen.php?' . $_SERVER['argv'][0]);
} else {
header('location: reopen.php');
}
exit();
}
if ($_REQUEST['page'] && empty($_REQUEST['triggerAngular'])) {
//V1
$started = MaarchIVS::start(__DIR__ . '/xml/IVS/requests_definitions.xml', 'xml');
$valid = MaarchIVS::run('silent');
if (!$valid) {
$validOutpout = MaarchIVS::debug();
$cptValid = count($validOutpout['validationErrors']);
$error = '';
for ($cptV=0; $cptV<=$cptValid; $cptV++) {
$message = $validOutpout['validationErrors'][$cptV]->message;
if ($message == "Length id below the minimal length") {
$message = _IVS_LENGTH_ID_BELOW_MIN_LENGTH;
} elseif ($message == "Length exceeds the maximal length") {
$message = _IVS_LENGTH_EXCEEDS_MAX_LENGTH;
} elseif ($message == "Length is not allowed") {
$message = _IVS_LENGTH_NOT_ALLOWED;
} elseif ($message == "Value is not allowed") {
$message = _IVS_VALUE_NOT_ALLOWED;
} elseif ($message == "Format is not allowed") {
$message = _IVS_FORMAT_NOT_ALLOWED;
} elseif ($message == "Value is below the minimal value") {
$message = _IVS_VALUE_BELOW_MIN_VALUE;
} elseif ($message == "Value exceeds the maximal value") {
$message = _IVS_LENGTH_EXCEEDS_MAX_LENGTH;
} elseif ($message == "Too many digits") {
$message = _IVS_TOO_MANY_DIGITS;
} elseif ($message == "Too many decimal digits") {
$message = _IVS_TOO_MANY_DECIMAL_DIGITS;
}
$error .= $message . PHP_EOL;
$error .= $validOutpout['validationErrors'][$cptV]->parameter . PHP_EOL;
$error .= $validOutpout['validationErrors'][$cptV]->value . PHP_EOL;
foreach ($_REQUEST as $name => $value) {
if (is_string($value) && strpos($value, "<") !== false) {
$value = preg_replace('/(<\/?script[^>]*>|<\?php|<\?[\s|\n|\r])/i', "", $value);
$_REQUEST[$name] = $value;
if (isset($_GET[$name]) && $_GET[$name] <> '') {
$_GET[$name] = $value;
}
if (isset($_POST[$name]) && $_POST[$name] <> '') {
$_POST[$name] = $value;
}
}
$value = str_replace("\\", "", $value);
$value = str_replace("/", "", $value);
$value = str_replace("..", "", $value);
if (isset($_GET[$name]) && $_GET[$name] <> '') {
$_GET[$name] = $value;
}
if (isset($_POST[$name]) && $_POST[$name] <> '') {
$_POST[$name] = $value;
}
//process error for ajax request
if (array_key_exists('HTTP_X_REQUESTED_WITH', $_SERVER)
&& strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'
) {
echo $error;
exit;
} else {
//process error for standard request
$_SESSION['error'] = $error;
if (!isset($_SESSION['user']['UserId'])
&& $_REQUEST['page'] <> 'login'
&& $_REQUEST['page'] <> 'log'
$_SESSION['HTTP_REFERER'] = Url::requestUri();
if (trim($_SERVER['argv'][0]) <> '') {
header('location: reopen.php?' . $_SERVER['argv'][0]);
} else {
header('location: reopen.php');
}
exit();
}
/**
* [New Authentication System]
*/
if ($_REQUEST['page'] <> 'login' && $_REQUEST['page'] <> 'log' && $_REQUEST['page'] <> 'logout') {
$cookie = \SrcCore\models\AuthenticationModel::getCookieAuth();
if (!empty($cookie) && \SrcCore\models\AuthenticationModel::cookieAuthentication($cookie)) {
\SrcCore\models\AuthenticationModel::setCookieAuth(['userId' => $cookie['userId']]);
} else {
header('location: index.php?display=true&page=logout&logout=true');
}
}
//INSERT PART OF PAGE
if (isset($_REQUEST['display'])) {
$core->insert_page();
exit();
//DISPLAY FULL PAGE
$core->start_page_stat();
// $core->configPosition();
// if (isset($_SESSION['HTTP_REFERER'])) {
// $url = $_SESSION['HTTP_REFERER'];
// unset($_SESSION['HTTP_REFERER']);
// header('location: '.$url);
// }
$core->load_html();
$core->load_header();
echo "<script>checkCookieAuth();</script>";
if (isset($_GET['body_loaded'])) {
echo '<body style="background:#f2f2f2;" id="maarch_body">';
echo "<div id='maarch_content' style='display:block;'>";
} else {
echo '<body style="background: url(\'static.php?filename=loading_big.gif\') no-repeat fixed center;" onload="$j(\'#maarch_body\').css(\'background\',\'f2f2f2\');$j(\'#maarch_body\').css(\'backgroundImage\',\'\');$j(\'#maarch_body\').css(\'backgroundUrl\', \'\');$j(\'#maarch_content\').css(\'display\',\'block\');" id="maarch_body">';
echo "<div id='maarch_content' style='display:none;'>";
}
Cyril Vazquez
committed
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
//GET COOKIE CLIENT SIDE
if (empty($_SESSION['clientSideCookies'])) { ?>
<script type="text/javascript">
var path_manage_script = '<?php echo $_SESSION["config"]["businessappurl"]; ?>' + 'index.php?display=true&page=setProxyCookies';
$j.ajax(
{
url: path_manage_script,
type:'POST',
dataType:'json',
data: {
cookies : document.cookie
},
success: function(answer)
{
}
});
</script>
<?php
}
$path = $_SESSION['config']['corepath'] . 'custom/'
. $_SESSION['custom_override_id'] . '/apps/maarch_entreprise/template/header.html';
//Display header
if (file_exists($path)) {
include_once('custom/' . $_SESSION['custom_override_id']
. '/apps/maarch_entreprise/template/header.html');
} else {
include_once('apps/maarch_entreprise/template/header.html');
}
echo '<div id="container">';
echo '<div id="content">';
echo '<div class="error" id="main_error" onclick="this.hide();"></div>';
echo '<div class="error" id="main_error_popup" onclick="this.hide();">';
echo functions::xssafe($_SESSION['error']);
echo '</div>';
echo '<div class="info" id="main_info" onclick="this.hide();">';
echo functions::xssafe($_SESSION['info']);
echo '</div>';
if (isset($_SESSION['error']) && $_SESSION['error'] <> '') {
?>
<script>
var main_error = $j('#main_error_popup');
if (main_error != null) {
main_error.css({"display":"table-cell"})
Element.hide.delay(10, 'main_error_popup');
if (isset($_SESSION['info']) && $_SESSION['info'] <> '') {
?>
<script>
var main_info = $j('#main_info');
if (main_info != null) {
main_info.css({"display":"table-cell"});
Element.hide.delay(10, 'main_info');
}
</script>
<?php
}
//THESAURUS
echo '<div id="return_previsualise_thes" style="display: none; border-radius: 10px; box-shadow: 10px 10px 15px rgba(0, 0, 0, 0.4); padding: 10px; width: auto; height: auto; position: fixed; top: 0; left: 0; z-index: 99999; color: #4f4b47; text-shadow: -1px -1px 0px rgba(255,255,255,0.2);background:#FFF18F;border-radius:5px;overflow:auto;">\';<input type="hidden" id="identifierDetailFrame" value="" /></div>';
$core->insert_page();
//FOOTER
echo '<p id="footer">';
if (isset($_SESSION['config']['showfooter']) && $_SESSION['config']['showfooter'] == 'true') {
$core->load_footer();
}
echo '</p>';
$_SESSION['error'] = '';
$_SESSION['info'] = '';
echo '</div>';
echo '</div>';
echo '</body>';
echo '</html>';
exit();
$cookie = \SrcCore\models\AuthenticationModel::getCookieAuth();
if (empty($cookie)) {
header('location: index.php?display=true&page=logout&logout=true');
$user = \User\models\UserModel::getByLogin(['login' => $cookie['userId'], 'select' => ['password_modification_date', 'change_password', 'status']]);
echo \SrcCore\models\CoreConfigModel::initAngularStructure();
if ($user['status'] == 'ABS') {
$_REQUEST['triggerAngular'] = 'activateUser';
}
$loggingMethod = \SrcCore\models\CoreConfigModel::getLoggingMethod();
if (!in_array($loggingMethod['id'], ['sso', 'cas', 'ldap', 'ozwillo', 'shibboleth'])) {
$passwordRules = \SrcCore\models\PasswordModel::getEnabledRules();
if ($user['change_password'] == 'Y') {
$_REQUEST['triggerAngular'] = 'changePass';
} elseif (!empty($passwordRules['renewal'])) {
$currentDate = new \DateTime();
$lastModificationDate = new \DateTime($user['password_modification_date']);
$lastModificationDate->add(new DateInterval("P{$passwordRules['renewal']}D"));
if ($currentDate > $lastModificationDate) {
$_REQUEST['triggerAngular'] = 'changePass';
}
}
if (isset($_SESSION['HTTP_REFERER'])) {
$url = $_SESSION['HTTP_REFERER'];
unset($_SESSION['HTTP_REFERER']);
header('location: '.$url);
exit;
}
if (!empty($_REQUEST['triggerAngular']) && $_REQUEST['triggerAngular'] == 'changePass') {
?><script>triggerAngular('#/password-modification')</script><?php
} elseif (!empty($_REQUEST['triggerAngular']) && $_REQUEST['triggerAngular'] == 'activateUser') {
?><script>triggerAngular('#/activate-user')</script><?php
} elseif ($cookie['userId'] == 'superadmin' && !empty($_REQUEST['administration'])) {
?><script>triggerAngular('#/administration')</script><?php
} elseif (!$_REQUEST['page']) {
?><script>triggerAngular('#/home')</script><?php
}