science-ation/common.inc.bootstrap.php

388 lines
14 KiB
PHP

<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005-2010 James Grant <james@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
//if we dont set the charset any page that doesnt call send_header() (where it used to be set) would defualt to the server's encoding,
//which in many cases (like ysf-fsj.ca/sfiab) is UTF-8. This was causing a lot of the newly AJAX'd editors to fail on french characters,
//becuase they were being encoded improperly. Ideally, all the databases will be switched to UTF-8, but thats not a near-term possibility,
//so this is kind of a band-aid solution until we can make everything UTF8. Hope it doesnt break anything anywhere else!
header("Content-Type: text/html; charset=UTF-8");
//set error reporting to not show notices, for some reason some people's installation dont set this by default
//so we will set it in the code instead just to make sure
//error_reporting(E_ALL & ~E_DEPRECATED );
define('REQUIREDFIELD','<span class="requiredfield">*</span>');
//figure out the directory to prepend to directoroy names, depending on if we are in a subdirectory or not
// Dennis Fix so works in windows servers.
// Windows based servers use '\' in directories. This code works for WIN servers and or *nix servers.
if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-6)=="\\admin")
$prependdir="../";
else if(substr(getcwd(),-6)=="/super" || substr(getcwd(),-6)=="\\super")
$prependdir="../";
else if(substr(getcwd(),-7)=="/config" || substr(getcwd(),-7)=="\\config")
$prependdir="../";
else if(substr(getcwd(),-3)=="/db" || substr(getcwd(),-3)=="\\db")
$prependdir="../";
else if(substr(getcwd(),-8)=="/scripts" || substr(getcwd(),-8)=="\\scripts")
$prependdir="../";
else if(substr(getcwd(),-4)=="/app" || substr(getcwd(),-4)=="\\app")
$prependdir="../";
else
$prependdir="";
$sfiabversion=@file($prependdir."version.txt");
$config['version']=trim($sfiabversion[0]);
//make sure the data subdirectory is writable, if its not, then we're screwed, so make sure it is!
if(!is_writable($prependdir."data")) {
echo "<html><head><title>SFIAB ERROR</title></head><body>";
echo "<h1>Science Fair In A Box - ERROR</h1>";
echo "data/ subdirectory is not writable by the web server";
echo "<br>";
echo "<h2>Details</h2>";
echo "The data/ subdirectory is used to store files uploaded through the SFIAB software. The web server must have write access to this directory in order to function properly. Please contact your system administrator (if you are the system administrator, chown/chmod the data directory appropriately).";
echo "<br>";
echo "</body></html>";
exit;
}
if(file_exists($prependdir."data/config.inc.php")) {
require_once($prependdir."data/config.inc.php");
}
else {
echo "<html><head><title>SFIAB</title></head><body>";
echo "<h1>Science Fair In A Box - Installation</h1>";
echo "It looks like this is a new installation of SFIAB, and the database has not yet been configured. Please choose from the following options: <br />";
echo "<br />";
echo "<a href=\"install.php\">Proceed with Fresh SFIAB Installation</a>";
echo "<br />";
echo "</body></html>";
exit;
}
/*
difference between MySQL <5.1 and 5.1:
in <5.1 in must have internall truncated it at 16 before comparing with the hard-coded 16 character database limit
in 5.1 it doesnt truncate and compares the full string with the hardcoded 16 character limit, so all our very long usernames
are now failing
James - Dec 30 2010
*/
$DBUSER=substr($DBUSER,0,16);
if(!mysql_connect($DBHOST,$DBUSER,$DBPASS)) {
echo "<html><head><title>SFIAB ERROR</title></head><body>";
echo "<h1>Science Fair In A Box - ERROR</h1>";
echo "Cannot connect to database!";
echo "</body></html>";
exit;
}
if(!mysql_select_db($DBNAME)) {
echo "<html><head><title>SFIAB ERROR</title></head><body>";
echo "<h1>Science Fair In A Box - ERROR</h1>";
echo "Cannot select database!";
echo "</body></html>";
exit;
}
//this will silently fail on mysql 4.x, but is needed on mysql5.x to ensure we're only using utf8 encodings
@mysql_query("SET NAMES utf8");
//find out the fair year and any other 'year=0' configuration parameters (things that dont change as the years go on)
$q=@mysql_query("SELECT * FROM config WHERE conferences_id=0");
//we might get an error if installation step 2 is not done (ie, the config table doesnt even exist)
if(mysql_error()) {
echo "<html><head><title>SFIAB ERROR</title></head><body>";
echo "<h1>Science Fair In A Box - ERROR</h1>";
echo "SFIAB installation is not complete. Please go to <A href=\"install2.php\">Installer Step 2</a> to complete the installation process";
echo "<br>";
echo "</body></html>";
exit;
}
//if we have 0 (<1) then install2 is not done, which would get caught above,
//if we have 1 (<2) then insatll3 is not done (no entries for FAIRYEAR and SFIABDIRECTORY)
if(mysql_num_rows($q)<2) {
echo "<html><head><title>SFIAB ERROR</title></head><body>";
echo "<h1>Science Fair In A Box - ERROR</h1>";
echo "SFIAB installation is not complete. Please go to <A href=\"install3.php\">Installer Step 3</a> to complete the installation process";
echo "<br>";
echo "</body></html>";
exit;
}
else {
while($r=mysql_fetch_object($q)) {
$config[$r->var]=$r->val;
}
}
//doh! we cant do it all, becuase it continains things like registration passwords! lets just add things as we need them i guess
//this gets turned into a 'config' object that is accessible in javascript (and output directly to the browser, so dont put
//anything in it that shouldnt be available to the public!
$configjs['SFIABDIRECTORY']=$config['SFIABDIRECTORY'];
$dbdbversion=$config['DBVERSION'];
$dbcodeversion=@file($prependdir."db/db.code.version.txt");
$dbcodeversion=trim($dbcodeversion[0]);
if(!$dbdbversion) {
echo "<html><head><title>SFIAB ERROR</title></head><body>";
echo "<h1>Science Fair In A Box - ERROR</h1>";
echo "SFIAB installation is not complete. Please go to <A href=\"install2.php\">Installer Step 2</a> to complete the installation process";
echo "<br>";
echo "</body></html>";
exit;
}
if($dbcodeversion!=$dbdbversion) {
echo "<html><head><title>SFIAB ERROR</title></head><body>";
echo "<h1>Science Fair In A Box - ERROR</h1>";
echo "SFIAB database and code are mismatched";
echo "<br>";
echo "Please run the db_update.php script in order to update";
echo "<br>";
echo "your database to the same version as the code";
echo "<br>";
echo "<br>";
echo "<br>";
echo "<h2>Details</h2>";
echo "Current SFIAB codebase requires DB version: ".$dbcodeversion;
echo "<br>";
echo "Current SFIAB database is detected as version: ".$dbdbversion;
echo "<br>";
echo "</body></html>";
exit;
}
/* Check that magic_quotes is OFF */
if(get_magic_quotes_gpc()) {
?>
<html><head><title>SFIAB ERROR</title></head><body>
<h1>Science Fair In A Box - ERROR</h1>
<p>Your PHP configuration has magic_quotes ENABLED. They should be
disabled, and are disabled in the .htaccess file, so your server is
ignoring the .htaccess file or overriding it.
<p>Magic quotes is DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, but ON
by default for any PHP &lt; 5.3.0.
<p>Add <pre>php_flag magic_quotes_gpc off</pre> to the .htacces, or add
<pre>php_flag magic_quotes_gpc=off</pre> to php.ini
<br></body></html>
<?
exit;
}
if($config['SFIABDIRECTORY'] == '') {
session_name("SFIABSESSID");
session_set_cookie_params(0,'/');
} else {
session_name("SFIABSESSID".ereg_replace("[^A-Za-z]","_",$config['SFIABDIRECTORY']));
session_set_cookie_params(0,$config['SFIABDIRECTORY']);
}
session_start();
if(!$_SESSION['conferences_id']) {
$q=mysql_query("SELECT * FROM conferences WHERE status='running' ORDER BY name LIMIT 1");
if($r=mysql_fetch_object($q)) {
$_SESSION['conferences_id']=$r->id;
}
/*
else {
echo "No conferences defined!";
}*/
}
// switch tho the conference of the specified ID. Returns true on success, false otherwise.
function switchConference($cid) {
$rval = false;
$cid=intval($cid);
$q=mysql_query("SELECT * FROM conferences WHERE id='$cid' AND status='running'");
if($r=mysql_fetch_object($q)) {
$_SESSION['conferences_id']=$cid;
$rval = true;
}
return $rval;
}
//move the conference stuff before the configuration loading, so we can load the right configuration for the conference :)
if(isset($_GET['switchconference'])) {
//make sure its good
switchConference($_GET['switchconference']);
unset($_SESSION['nav']);
}
if(intval($_SESSION['conferences_id'])>0) {
$q=mysql_query("SELECT * FROM conferences WHERE id='{$_SESSION['conferences_id']}'");
$conference=mysql_fetch_assoc($q);
/*
******* THIS IS TEMPORARY.. probably remove it in a year or so ********
if the conference year is set, this is temporary for migratory purposes, so set the FAIRYEAR = confierence year - this will
gracefully handle the science fair parts that still rely on FAIRYEAR
if conference year is NOT set, then make sure config['FAIRYEAR'] is NOT set, so we can weed out any code that relies on
FAIRYEAR from the conference system
*/
if($conference['year'])
$config['FAIRYEAR']=$conference['year'];
else
$config['FAIRYEAR']=NULL;
}
//now pull the rest of the configuration
$q=mysql_query("SELECT * FROM config WHERE conferences_id='".$conference['id']."'");
while($r=mysql_fetch_object($q)) {
$config[$r->var]=$r->val;
}
//now pull the dates
if($conference['id'])
$q=mysql_query("SELECT * FROM dates WHERE conferences_id='".$conference['id']."'");
else
$config['dates']=array();
while($r=mysql_fetch_object($q)) {
$config['dates'][$r->name]=$r->date;
}
//load roles
$roles=array();
$q = mysql_query("SELECT * FROM roles");
while(($r = mysql_fetch_assoc($q))) {
$roles[$r['type']] = $r;
$roles_by_id[$r['id']]=$r;
}
//and now pull the theme
require_once("theme/{$config['theme']}/theme.php");
require_once("theme/{$config['theme_icons']}/icons.php");
//detect the browser first, so we know what icons to use - we store this in the config array as well
//even though its not configurable by the fair
if(stristr($_SERVER['HTTP_USER_AGENT'],"MSIE"))
$config['icon_extension']="gif";
else
$config['icon_extension']="png";
//now get the languages, and make sure we have at least one active language
$q=mysql_query("SELECT * FROM languages WHERE active='Y' ORDER BY langname");
if(mysql_num_rows($q)==0) {
echo "No active languages defined, defaulting to English";
$config['languages']['en']="English";
}
else {
while($r=mysql_fetch_object($q)) {
$config['languages'][$r->lang]=$r->langname;
}
}
//now if no language has been set yet, lets set it to the default language
if(!$_SESSION['lang']) {
//first try the default language, if that doesnt work, use "en"
if($config['default_language'])
$_SESSION['lang']=$config['default_language'];
else
$_SESSION['lang']="en";
}
//only allow debug to get set if we're using a development version (odd numbered ending)
if(substr($config['version'], -1) % 2 != 0)
if($_GET['debug']) $_SESSION['debug']=$_GET['debug'];
//if the user has switched languages, go ahead and switch the session variable
if($_GET['switchlanguage']) {
//first, make sure its a valid language:
if($config['languages'][$_GET['switchlanguage']]) {
$_SESSION['lang']=$_GET['switchlanguage'];
}
else {
//invalid language, dont do anything
}
}
$CWSFDivisions=array(
1=>"Automotive",
2=>"Biotechnology & Pharmaceutical Sciences",
3=>"Computing & Information Technology",
4=>"Earth & Environmental Sciences",
5=>"Engineering",
6=>"Environmental Innovation",
7=>"Health Sciences",
8=>"Life Sciences",
9=>"Physical & Mathematical Sciences"
);
$conference_types = array(
'sciencefair' => 'Science Fair',
'scienceolympics' => 'Science Olympics'
);
//take SFIABDIRECTORY off of the current URL
$pageurl=substr($_SERVER['PHP_SELF'],strlen($config['SFIABDIRECTORY']));
//this code figures out if the page we're on is in the navigation structure, and if so, where, and properly sets the primary, secondary and tertiary navigation variables
$q=mysql_query("SELECT * FROM rolestasks WHERE
( link='".mysql_real_escape_string($pageurl)."'
OR link LIKE '".mysql_real_escape_string($pageurl)."?%')
AND conferencetype='{$conference['type']}'");
if(mysql_num_rows($q)) {
if(mysql_num_rows($q)==1) {
$r=mysql_fetch_object($q);
}
else {
//take the first one for now
while($r=mysql_fetch_object($q)) {
if($NAV_IDENT==$r->navident)
break;
}
//we have more than one, we need to rely on the $navident now
}
//okay we found it, now get its full tree above it
//set things to 0 to start
$_SESSION['nav']['primary']=0;
$_SESSION['nav']['secondary']=0;
$_SESSION['nav']['tertiary']=0;
$navTree=array();
upTree($r->id,&$navTree);
//go through each one, and set the SESSION vars
foreach($navTree AS $t) {
switch($t['level']) {
case 0: //primary nav
$_SESSION['nav']['primary']=$t['id'];
break;
case 1: //secondary nav
$_SESSION['nav']['secondary']=$t['id'];
break;
case 2: //tertiary nav
$_SESSION['nav']['tertiary']=$t['id'];
break;
}
}
}
else {
//if we didnt find it, we only set the tertiary to 0, because we probably want to keep our primary and secondary navs if they exist
$_SESSION['nav']['tertiary']=0;
}