xref: /webtrees/index.php (revision f5558d03d2b82addeecce3d5688cd9c9501aa372)
1<?php
2/**
3 * webtrees: online genealogy
4 * Copyright (C) 2018 webtrees development team
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
15 */
16declare(strict_types=1);
17
18namespace Fisharebest\Webtrees;
19
20use Closure;
21use DateTime;
22use ErrorException;
23use Exception;
24use Fisharebest\Webtrees\Exceptions\Handler;
25use Fisharebest\Webtrees\Http\Middleware\CheckCsrf;
26use Fisharebest\Webtrees\Http\Middleware\CheckForMaintenanceMode;
27use Fisharebest\Webtrees\Http\Middleware\MiddlewareInterface;
28use Fisharebest\Webtrees\Http\Middleware\PageHitCounter;
29use Fisharebest\Webtrees\Http\Middleware\UseTransaction;
30use League\Flysystem\Adapter\Local;
31use League\Flysystem\Filesystem;
32use PDOException;
33use Throwable;
34use Symfony\Component\HttpFoundation\JsonResponse;
35use Symfony\Component\HttpFoundation\RedirectResponse;
36use Symfony\Component\HttpFoundation\Request;
37use Symfony\Component\HttpFoundation\Response;
38
39// Identify ourself
40define('WT_WEBTREES', 'webtrees');
41define('WT_VERSION', '2.0.0-dev');
42define('WT_WEBTREES_URL', 'https://www.webtrees.net/');
43
44// Location of our modules and themes. These are used as URLs and folder paths.
45define('WT_MODULES_DIR', 'modules_v3/');
46define('WT_THEMES_DIR', 'themes/');
47define('WT_ASSETS_URL', 'public/assets-2.0.0/'); // See also webpack.mix.js
48define('WT_CKEDITOR_BASE_URL', 'public/ckeditor-4.5.2-custom/');
49
50// Enable debugging output on development builds
51define('WT_DEBUG', strpos(WT_VERSION, 'dev') !== false);
52
53// Required version of database tables/columns/indexes/etc.
54define('WT_SCHEMA_VERSION', 40);
55
56// Regular expressions for validating user input, etc.
57define('WT_MINIMUM_PASSWORD_LENGTH', 6);
58define('WT_REGEX_XREF', '[A-Za-z0-9:_-]+');
59define('WT_REGEX_TAG', '[_A-Z][_A-Z0-9]*');
60define('WT_REGEX_INTEGER', '-?\d+');
61define('WT_REGEX_BYTES', '[0-9]+[bBkKmMgG]?');
62define('WT_REGEX_PASSWORD', '.{' . WT_MINIMUM_PASSWORD_LENGTH . ',}');
63
64define('WT_UTF8_BOM', "\xEF\xBB\xBF"); // U+FEFF (Byte order mark)
65
66// Alternatives to BMD events for lists, charts, etc.
67define('WT_EVENTS_BIRT', 'BIRT|CHR|BAPM|_BRTM|ADOP');
68define('WT_EVENTS_DEAT', 'DEAT|BURI|CREM');
69define('WT_EVENTS_MARR', 'MARR|_NMR');
70define('WT_EVENTS_DIV', 'DIV|ANUL|_SEPR');
71
72// For performance, it is quicker to refer to files using absolute paths
73define('WT_ROOT', realpath(__DIR__) . DIRECTORY_SEPARATOR);
74
75// Keep track of time so we can handle timeouts gracefully.
76define('WT_START_TIME', microtime(true));
77
78// We want to know about all PHP errors during development, and fewer in production.
79if (WT_DEBUG) {
80    error_reporting(E_ALL | E_STRICT | E_NOTICE | E_DEPRECATED);
81} else {
82    error_reporting(E_ALL);
83}
84
85require WT_ROOT . 'vendor/autoload.php';
86
87// Initialise the DebugBar for development.
88// Use `composer install --dev` on a development build to enable.
89// Note that you may need to increase the size of the fcgi buffers on nginx.
90// e.g. add these lines to your fastcgi_params file:
91// fastcgi_buffers 16 16m;
92// fastcgi_buffer_size 32m;
93DebugBar::init(WT_DEBUG && class_exists('\\DebugBar\\StandardDebugBar'));
94
95// PHP requires a time zone to be set. We'll set a better one later on.
96date_default_timezone_set('UTC');
97
98// Calculate the base URL, so we can generate absolute URLs.
99$request     = Request::createFromGlobals();
100$request_uri = $request->getSchemeAndHttpHost() . $request->getRequestUri();
101
102// Remove any PHP script name and parameters.
103$base_uri = preg_replace('/[^\/]+\.php(\?.*)?$/', '', $request_uri);
104define('WT_BASE_URL', $base_uri);
105
106// Convert PHP warnings/notices into exceptions
107set_error_handler(function ($errno, $errstr, $errfile, $errline) {
108    // Ignore errors that are silenced with '@'
109    if (error_reporting() & $errno) {
110        throw new ErrorException($errstr, 0, $errno, $errfile, $errline);
111    }
112});
113
114DebugBar::startMeasure('init database');
115
116// Load our configuration file, so we can connect to the database
117if (!file_exists(WT_ROOT . 'data/config.ini.php')) {
118    // No config file. Set one up.
119    $url      = Html::url('setup.php', ['route' => 'setup']);
120    $response = new RedirectResponse($url);
121    $response->send();
122    return;
123}
124
125// Connect to the database
126try {
127    // Read the connection settings and create the database
128    Database::createInstance(parse_ini_file(WT_ROOT . 'data/config.ini.php'));
129
130    // Update the database schema, if necessary.
131    Database::updateSchema('\Fisharebest\Webtrees\Schema', 'WT_SCHEMA_VERSION', WT_SCHEMA_VERSION);
132} catch (PDOException $ex) {
133    DebugBar::addThrowable($ex);
134
135    define('WT_DATA_DIR', 'data/');
136    I18N::init();
137    if ($ex->getCode() === 1045) {
138        // Error during connection?
139        $content = view('errors/database-connection', ['error' => $ex->getMessage()]);
140    } else {
141        // Error in a migration script?
142        $content = view('errors/database-error', ['error' => $ex->getMessage()]);
143    }
144    $html     = view('layouts/error', ['content' => $content]);
145    $response = new Response($html, 503);
146    $response->prepare($request)->send();
147    return;
148} catch (Throwable $ex) {
149    DebugBar::addThrowable($ex);
150
151    define('WT_DATA_DIR', 'data/');
152    I18N::init();
153    $content  = view('errors/database-connection', ['error' => $ex->getMessage()]);
154    $html     = view('layouts/error', ['content' => $content]);
155    $response = new Response($html, 503);
156    $response->prepare($request)->send();
157    return;
158}
159
160DebugBar::stopMeasure('init database');
161
162// The config.ini.php file must always be in a fixed location.
163// Other user files can be stored elsewhere...
164define('WT_DATA_DIR', realpath(Site::getPreference('INDEX_DIRECTORY', 'data/')) . DIRECTORY_SEPARATOR);
165
166// Some broken servers block access to their own temp folder using open_basedir...
167$data_dir = new Filesystem(new Local(WT_DATA_DIR));
168$data_dir->createDir('tmp');
169putenv('TMPDIR=' . WT_DATA_DIR . 'tmp');
170
171// Request more resources - if we can/want to
172$memory_limit = Site::getPreference('MEMORY_LIMIT');
173if ($memory_limit !== '' && strpos(ini_get('disable_functions'), 'ini_set') === false) {
174    ini_set('memory_limit', $memory_limit);
175}
176$max_execution_time = Site::getPreference('MAX_EXECUTION_TIME');
177if ($max_execution_time !== '' && strpos(ini_get('disable_functions'), 'set_time_limit') === false) {
178    set_time_limit((int) $max_execution_time);
179}
180
181// Sessions
182Session::start();
183
184DebugBar::startMeasure('init i18n');
185
186// With no parameters, init() looks to the environment to choose a language
187define('WT_LOCALE', I18N::init());
188Session::put('locale', WT_LOCALE);
189
190DebugBar::stopMeasure('init i18n');
191
192// Note that the database/webservers may not be synchronised, so use DB time throughout.
193define('WT_TIMESTAMP', (int) Database::prepare("SELECT UNIX_TIMESTAMP()")->fetchOne());
194
195// Users get their own time-zone. Visitors get the site time-zone.
196try {
197    if (Auth::check()) {
198        date_default_timezone_set(Auth::user()->getPreference('TIMEZONE'));
199    } else {
200        date_default_timezone_set(Site::getPreference('TIMEZONE'));
201    }
202} catch (ErrorException $ex) {
203    // Server upgrades and migrations can leave us with invalid timezone settings.
204    date_default_timezone_set('UTC');
205}
206
207define('WT_TIMESTAMP_OFFSET', date_offset_get(new DateTime('now')));
208
209define('WT_CLIENT_JD', 2440588 + (int) ((WT_TIMESTAMP + WT_TIMESTAMP_OFFSET) / 86400));
210
211// Update the last-login time no more than once a minute
212if (WT_TIMESTAMP - Session::get('activity_time') >= 60) {
213    if (Session::get('masquerade') === null) {
214        Auth::user()->setPreference('sessiontime', WT_TIMESTAMP);
215    }
216    Session::put('activity_time', WT_TIMESTAMP);
217}
218
219DebugBar::startMeasure('routing');
220
221// The HTTP request.
222$request = Request::createFromGlobals();
223$route   = $request->get('route');
224
225try {
226    // Most requests will need the current tree and user.
227    $all_trees = Tree::getAll();
228
229    $tree = $all_trees[$request->get('ged')] ?? null;
230
231    // No tree specified/available?  Choose one.
232    if ($tree === null && $request->getMethod() === Request::METHOD_GET) {
233        $tree = $all_trees[Site::getPreference('DEFAULT_GEDCOM')] ?? array_values($all_trees)[0] ?? null;
234    }
235
236    $request->attributes->set('tree', $tree);
237    $request->attributes->set('user', Auth::user());
238
239    // Most layouts will require a tree for the page header/footer
240    View::share('tree', $tree);
241
242    // Load the routing table.
243    $routes = require 'routes/web.php';
244
245    // Find the action for the selected route
246    $controller_action = $routes[$request->getMethod() . ':' . $route] ?? 'ErrorController@noRouteFound';
247
248    // Create the controller
249    list($controller_name, $action) = explode('@', $controller_action);
250    $controller_class = __NAMESPACE__ . '\\Http\\Controllers\\' . $controller_name;
251    $controller       = new $controller_class;
252
253    DebugBar::stopMeasure('routing');
254
255    DebugBar::startMeasure('init theme');
256
257    // Last theme used?
258    $theme_id = Session::get('theme_id');
259    // Default for tree
260    if (!array_key_exists($theme_id, Theme::themeNames()) && $tree) {
261        $theme_id = $tree->getPreference('THEME_DIR');
262    }
263    // Default for site
264    if (!array_key_exists($theme_id, Theme::themeNames())) {
265        $theme_id = Site::getPreference('THEME_DIR');
266    }
267    // Default
268    if (!array_key_exists($theme_id, Theme::themeNames())) {
269        $theme_id = 'webtrees';
270    }
271    foreach (Theme::installedThemes() as $theme) {
272        if ($theme->themeId() === $theme_id) {
273            Theme::theme($theme)->init($tree);
274            // Remember this setting
275            if (Site::getPreference('ALLOW_USER_THEMES') === '1') {
276                Session::put('theme_id', $theme_id);
277            }
278            break;
279        }
280    }
281
282    DebugBar::stopMeasure('init theme');
283
284    // Note that we can't stop this timer, as running the action will
285    // generate the response - which includes (and stops) the timer
286    DebugBar::startMeasure('controller_action', $controller_action);
287
288    $middleware_stack = [
289        new CheckForMaintenanceMode,
290    ];
291
292    if ($request->getMethod() === Request::METHOD_GET) {
293        $middleware_stack[] = new PageHitCounter;
294    }
295
296    if ($request->getMethod() === Request::METHOD_POST) {
297        $middleware_stack[] = new UseTransaction;
298        $middleware_stack[] = new CheckCsrf;
299    }
300
301    // Apply the middleware using the "onion" pattern.
302    $pipeline = array_reduce($middleware_stack, function (Closure $next, MiddlewareInterface $middleware): Closure {
303        // Create a closure to apply the middleware.
304        return function (Request $request) use ($middleware, $next): Response {
305            return $middleware->handle($request, $next);
306        };
307    }, function (Request $request) use ($controller, $action): Response {
308        // Create a closure to generate the response.
309        return call_user_func([$controller, $action], $request);
310    });
311
312    $response = call_user_func($pipeline, $request);
313} catch (Exception $exception) {
314    DebugBar::addThrowable($exception);
315
316    $response = (new Handler)->render($request, $exception);
317}
318
319// Send response
320if ($response instanceof RedirectResponse) {
321    // Show the debug data on the next page
322    DebugBar::stackData();
323} elseif ($response instanceof JsonResponse) {
324    // Use HTTP headers and some jQuery to add debug to the current page.
325    DebugBar::sendDataInHeaders();
326}
327
328$response->prepare($request)->send();
329