1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
<?php
require_once("boot.php");
$a = new App;
$debug_text = ''; // Debugging functions should never be used on production systems.
// Setup the database.
$install = ((file_exists('.htconfig.php')) ? false : true);
@include(".htconfig.php");
require_once("dba.php");
$db = new dba($db_host, $db_user, $db_pass, $db_data, $install);
unset($db_host, $db_user, $db_pass, $db_data);
require_once("session.php");
require_once("datetime.php");
date_default_timezone_set(($default_timezone) ? $default_timezone : 'UTC');
$a->init_pagehead();
session_start();
if((x($_SESSION,'authenticated')) || (x($_POST['auth-params'])))
require("auth.php");
if($install)
$a->module = 'install';
if(strlen($a->module)) {
if(file_exists("mod/{$a->module}.php")) {
include("mod/{$a->module}.php");
$a->module_loaded = true;
}
else {
// TODO
// search builtin function module table, else
// return 403, 404, etc. Right now unresolved pages return blank.
}
}
// invoke module functions
// Important: Modules normally do not emit content, unless you need it for debugging.
// The module_init, module_post, and module_afterpost functions process URL parameters and POST processing.
// The module_content function returns content text to this function where it is included on the page.
// Modules emitting XML/Atom, etc. should do so in the _init function and promptly exit.
// "Most" HTML resides in the view directory as text templates with macro substitution.
// They look like HTML with PHP variables but only a couple pass through the PHP processor - those with .php extensions.
// The macro substitution is defined per page for the .tpl files.
// Information transfer between functions can be accomplished via the App session '$a' and its related variables.
// x() queries both a variable's existence and that it is "non-zero" or "non-empty" depending on how it is called.
// q() is the SQL query form. All string (%s) variables MUST be passed through dbesc().
// All int values MUST be cast to integer using intval();
if($a->module_loaded) {
$a->page['page_title'] = $a->module;
if(function_exists($a->module . '_init')) {
$func = $a->module . '_init';
$func($a);
}
if(($_SERVER['REQUEST_METHOD'] == 'POST') && (! $a->error)
&& (function_exists($a->module . '_post'))
&& (! x($_POST,'auth-params'))) {
$func = $a->module . '_post';
$func($a);
}
if((! $a->error) && (function_exists($a->module . '_afterpost'))) {
$func = $a->module . '_afterpost';
$func($a);
}
if((! $a->error) && (function_exists($a->module . '_content'))) {
$func = $a->module . '_content';
$a->page['content'] .= $func($a);
}
footer($a);
}
// report anything important happening
if(x($_SESSION,'sysmsg')) {
$a->page['content'] = "<div class=\"error-message\">{$_SESSION['sysmsg']}</div>\r\n"
. $a->page['content'];
unset($_SESSION['sysmsg']);
}
// Feel free to comment out this line on production sites.
$a->page['content'] .= $debug_text;
// build page
// Navigation (menu) template
require_once("nav.php");
$page = $a->page;
$profile = $a->profile;
header("Content-type: text/html; charset=utf-8");
$template = "view/"
. ((x($a->page,'theme')) ? $a->page['theme'] . '/' : "" )
. ((x($a->page,'template')) ? $a->page['template'] : 'default' )
. ".php";
require_once($template);
session_write_close();
exit;
|
