5 files changed, 87 insertions, 37 deletions

diff --git a/Zotlabs/Web/Controller.php b/Zotlabs/Web/Controller.php
index 2d0f58891..6384f24df 100644
--- a/Zotlabs/Web/Controller.php
+++ b/Zotlabs/Web/Controller.php
@@ -2,12 +2,58 @@
 
 namespace Zotlabs\Web;
 
+/**
+ * Base controller class for Modules.
+ *
+ * Modules should extend this class, and override the methods needed. Emtpy
+ * default implementations allow Modules to only override the methods they
+ * need.
+ *
+ * The methods defined by this class is invoked in order:
+ *
+ *   - init()
+ *   - post() -- only for POST requests
+ *   - get()
+ *
+ * Modules which emit other serialisations besides HTML (XML,JSON, etc.) should
+ * do so within the module `init` and/or `post` functions and then invoke
+ * `killme()` to terminate further processing.
+ */
+abstract class Controller {
 
-class Controller {
+	/**
+	 * Initialize request processing.
+	 *
+	 * This method is called before any other request processing, and
+	 * regardless of the request method. The theme is not yet loaded when
+	 * this method is invoked.
+	 */
+	public function init() {
+	}
 
-	function init() {}
-	function post() {}
-	function get() {}
+	/**
+	 * Process POST requests.
+	 *
+	 * This method is called if the incoming request is a POST request. It is
+	 * invoked after the theme has been loaded. This method should not normally
+	 * render HTML output, as processing will fall through to the GET processing
+	 * if this method completes without error or stopping processing in other
+	 * ways.
+	 */
+	public function post() {
+	}
 
+	/**
+	 * Process GET requests or the body part of POST requests.
+	 *
+	 * This method is called directly for GET requests, and immediately after the
+	 * `post()` method for POST requests.
+	 *
+	 * It will return the module content as a HTML string.
+	 *
+	 * @return string HTML content for the module.
+	 */
+	public function get() {
+		return '';
+	}
 }
-
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 793b8cb45..7c289ff5f 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -5,6 +5,7 @@ namespace Zotlabs\Web;
 use DateTime;
 use DateTimeZone;
 use Zotlabs\Lib\Activity;
+use Zotlabs\Lib\Config;
 use Zotlabs\Lib\Crypto;
 use Zotlabs\Lib\Keyutils;
 use Zotlabs\Lib\Webfinger;
@@ -528,7 +529,7 @@ class HTTPSig {
 
 		// TODO: should we default to hs2019? cavage-http-signatures-12 is not very wide spread yet
 
-		if (get_config('system', 'use_hs2019', false) && $algorithm === 'rsa-sha256') {
+		if (Config::Get('system', 'use_hs2019', false) && $algorithm === 'rsa-sha256') {
 			$algorithm = 'hs2019';
 		}
 
@@ -673,7 +674,7 @@ class HTTPSig {
 		$iv = $key = $alg = $data = null;
 
 		if (!$prvkey) {
-			$prvkey = get_config('system', 'prvkey');
+			$prvkey = Config::Get('system', 'prvkey');
 		}
 
 		$matches = [];
diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php
index 2876fcc3c..122e7ff73 100644
--- a/Zotlabs/Web/Router.php
+++ b/Zotlabs/Web/Router.php
@@ -4,6 +4,7 @@ namespace Zotlabs\Web;
 
 use App;
 use Zotlabs\Extend\Route;
+use Zotlabs\Lib\Config;
 use Exception;
 
 /**
@@ -36,6 +37,7 @@ class Router {
 
 	private $modname = '';
 	private $controller = null;
+	private bool $module_loaded = false;
 
 	/**
 	 * @brief Router constructor.
@@ -61,7 +63,7 @@ class Router {
 						include_once($route[0]);
 						if(class_exists($modname)) {
 							$this->controller = new $modname;
-							App::$module_loaded = true;
+							$this->module_loaded = true;
 						}
 					}
 				}
@@ -69,15 +71,15 @@ class Router {
 
 			// legacy plugins - this can be removed when they have all been converted
 
-			if(! (App::$module_loaded)) {
+			if(! ($this->module_loaded)) {
 				if(is_array(App::$plugins) && in_array($module, App::$plugins) && file_exists("addon/{$module}/{$module}.php")) {
 					include_once("addon/{$module}/{$module}.php");
 					if(class_exists($modname)) {
 						$this->controller = new $modname;
-						App::$module_loaded = true;
+						$this->module_loaded = true;
 					}
 					elseif(function_exists($module . '_module')) {
-						App::$module_loaded = true;
+						$this->module_loaded = true;
 					}
 				}
 			}
@@ -87,40 +89,40 @@ class Router {
 			 * Otherwise, look for the standard program module
 			 */
 
-			if(! (App::$module_loaded)) {
+			if(! ($this->module_loaded)) {
 				try {
 					$filename = 'Zotlabs/SiteModule/'. ucfirst($module). '.php';
 					if(file_exists($filename)) {
 						// This won't be picked up by the autoloader, so load it explicitly
 						require_once($filename);
 						$this->controller = new $modname;
-						App::$module_loaded = true;
+						$this->module_loaded = true;
 					}
 					else {
 						$filename = 'Zotlabs/Module/'. ucfirst($module). '.php';
 						if(file_exists($filename)) {
 							$this->controller = new $modname;
-							App::$module_loaded = true;
+							$this->module_loaded = true;
 						}
 					}
-					if(! App::$module_loaded)
+					if(! $this->module_loaded)
 						throw new Exception('Module not found');
 				}
 				catch(Exception $e) {
 					if(file_exists("mod/site/{$module}.php")) {
 						include_once("mod/site/{$module}.php");
-						App::$module_loaded = true;
+						$this->module_loaded = true;
 					}
 					elseif(file_exists("mod/{$module}.php")) {
 						include_once("mod/{$module}.php");
-						App::$module_loaded = true;
+						$this->module_loaded = true;
 					}
 				}
 			}
 
 			$x = [
 					'module' => $module,
-					'installed' => App::$module_loaded,
+					'installed' => $this->module_loaded,
 					'controller' => $this->controller
 			];
 			/**
@@ -137,7 +139,7 @@ class Router {
 			 */
 			call_hooks('module_loaded', $x);
 			if($x['installed']) {
-				App::$module_loaded = true;
+				$this->module_loaded = true;
 				$this->controller = $x['controller'];
 			}
 
@@ -145,7 +147,7 @@ class Router {
 			 * The URL provided does not resolve to a valid module.
 	 		 */
 
-			if(! (App::$module_loaded)) {
+			if(! ($this->module_loaded)) {
 
 				// undo the setting of a letsencrypt acme-challenge rewrite rule
 				// which blocks access to our .well-known routes.
@@ -154,14 +156,14 @@ class Router {
 				// make the file read-only so letsencrypt doesn't modify it
 
 				if(strpos($_SERVER['REQUEST_URI'],'/.well-known/') === 0) {
-					if(file_exists('.well-known/.htaccess') && get_config('system','fix_apache_acme',true)) {
+					if(file_exists('.well-known/.htaccess') && Config::Get('system','fix_apache_acme',true)) {
 						rename('.well-known/.htaccess','.well-known/.htaccess.old');
 					}
 				}
 
 				$x = [
 					'module' => $module,
-					'installed' => App::$module_loaded,
+					'installed' => $this->module_loaded,
 					'controller' => $this->controller
 				];
 				call_hooks('page_not_found',$x);
@@ -173,7 +175,7 @@ class Router {
 					killme();
 				}
 
-				if(get_config('system','log_404',true)) {
+				if(Config::Get('system','log_404',true)) {
 					logger("Module {$module} not found.", LOGGER_DEBUG, LOG_WARNING);
 					logger('index.php: page not found: ' . $_SERVER['REQUEST_URI']
 						. ' ADDRESS: ' . $_SERVER['REMOTE_ADDR'] . ' QUERY: '
@@ -188,7 +190,7 @@ class Router {
 
 				// pretend this is a module so it will initialise the theme
 				App::$module = '404';
-				App::$module_loaded = true;
+				$this->module_loaded = true;
 				App::$error = true;
 			}
 		}
@@ -204,7 +206,7 @@ class Router {
 		 * Call module functions
 		 */
 
-		if(App::$module_loaded) {
+		if($this->module_loaded) {
 
 			App::$page['page_title'] = App::$module;
 			$placeholder = '';
diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php
index 14c054d20..ec26e6b0d 100644
--- a/Zotlabs/Web/Session.php
+++ b/Zotlabs/Web/Session.php
@@ -10,6 +10,7 @@ namespace Zotlabs\Web;
  * session info.
  */
 
+use Zotlabs\Lib\Config;
 
 class Session {
 
@@ -24,7 +25,7 @@ class Session {
 		ini_set('session.use_only_cookies', 1);
 		ini_set('session.cookie_httponly', 1);
 
-		$this->custom_handler = boolval(get_config('system', 'session_custom', false));
+		$this->custom_handler = boolval(Config::Get('system', 'session_custom', false));
 
 		/*
 		 * Set our session storage functions.
@@ -33,8 +34,8 @@ class Session {
 		if($this->custom_handler) {
 			/* Custom handler (files, memached, redis..) */
 
-			$session_save_handler = strval(get_config('system', 'session_save_handler', Null));
-			$session_save_path = strval(get_config('system', 'session_save_path', Null));
+			$session_save_handler = strval(Config::Get('system', 'session_save_handler', Null));
+			$session_save_path = strval(Config::Get('system', 'session_save_path', Null));
 
 			if(is_null($session_save_handler) || is_null($session_save_path)) {
 				logger('Session save handler or path not set', LOGGER_NORMAL, LOG_ERR);
@@ -48,8 +49,8 @@ class Session {
 				else {
 					ini_set('session.save_handler', $session_save_handler);
 					ini_set('session.save_path', $session_save_path);
-					ini_set('session.gc_probability', intval(get_config('system', 'session_gc_probability', 1)));
-					ini_set('session.gc_divisor', intval(get_config('system', 'session_gc_divisor', 100)));
+					ini_set('session.gc_probability', intval(Config::Get('system', 'session_gc_probability', 1)));
+					ini_set('session.gc_divisor', intval(Config::Get('system', 'session_gc_divisor', 100)));
 				}
 			}
 		}
@@ -212,7 +213,7 @@ class Session {
 			$paranoia = intval(get_pconfig($_SESSION['uid'], 'system', 'paranoia'));
 
 			if(! $paranoia)
-				$paranoia = intval(get_config('system', 'paranoia'));
+				$paranoia = intval(Config::Get('system', 'paranoia'));
 
 			switch($paranoia) {
 				case 0:
diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php
index f43ae10a4..6f8a4b956 100644
--- a/Zotlabs/Web/WebServer.php
+++ b/Zotlabs/Web/WebServer.php
@@ -13,11 +13,11 @@ class WebServer {
 
 		require_once('boot.php');
 
-		sys_boot();
+		$installed = sys_boot();
 
 
 		\App::$language = get_best_language();
-		load_translation_table(\App::$language,\App::$install);
+		load_translation_table(\App::$language, !$installed);
 
 
 		/**
@@ -56,7 +56,7 @@ class WebServer {
 			load_translation_table(\App::$language);
 		}
 
-		if((x($_GET,'zid')) && (! \App::$install)) {
+		if (x($_GET,'zid') && $installed) {
 			\App::$query_string = strip_zids(\App::$query_string);
 			if(! local_channel()) {
 				if (!isset($_SESSION['my_address']) || $_SESSION['my_address'] != $_GET['zid']) {
@@ -69,14 +69,14 @@ class WebServer {
 			}
 		}
 
-		if((x($_GET,'zat')) && (! \App::$install)) {
+		if (x($_GET,'zat') && $installed) {
 			\App::$query_string = strip_zats(\App::$query_string);
 			if(! local_channel()) {
 				zat_init();
 			}
 		}
 
-		if((x($_REQUEST,'owt')) && (! \App::$install)) {
+		if (x($_REQUEST,'owt') && $installed) {
 			$token = $_REQUEST['owt'];
 			\App::$query_string = strip_query_param(\App::$query_string,'owt');
 			owt_init($token);
@@ -85,7 +85,7 @@ class WebServer {
 		if((x($_SESSION, 'authenticated')) || (x($_POST, 'auth-params')) || (\App::$module === 'login'))
 			require('include/auth.php');
 
-		if(\App::$install) {
+		if (!$installed) {
 			/* Allow an exception for the view module so that pcss will be interpreted during installation */
 			if(\App::$module != 'view')
 				\App::$module = 'setup';