2017-12-16 19:17:29 +00:00
|
|
|
<?php
|
|
|
|
|
namespace Misuzu;
|
|
|
|
|
|
2018-09-16 19:45:40 +00:00
|
|
|
define('MSZ_STARTUP', microtime(true));
|
2018-10-04 20:30:55 +00:00
|
|
|
define('MSZ_ROOT', __DIR__);
|
|
|
|
|
define('MSZ_DEBUG', is_file(MSZ_ROOT . '/.debug'));
|
2018-09-16 19:45:40 +00:00
|
|
|
|
2018-09-16 21:03:56 +00:00
|
|
|
error_reporting(MSZ_DEBUG ? -1 : 0);
|
|
|
|
|
ini_set('display_errors', MSZ_DEBUG ? 'On' : 'Off');
|
|
|
|
|
|
2018-05-27 23:24:16 +00:00
|
|
|
date_default_timezone_set('UTC');
|
2018-09-15 21:55:26 +00:00
|
|
|
mb_internal_encoding('UTF-8');
|
2018-10-04 20:30:55 +00:00
|
|
|
set_include_path(get_include_path() . PATH_SEPARATOR . MSZ_ROOT);
|
2018-05-27 23:24:16 +00:00
|
|
|
|
2018-09-28 08:56:51 +00:00
|
|
|
require_once 'vendor/autoload.php';
|
2018-08-23 18:13:37 +00:00
|
|
|
|
2018-09-16 21:03:56 +00:00
|
|
|
$errorHandler = new \Whoops\Run;
|
|
|
|
|
$errorHandler->pushHandler(
|
|
|
|
|
MSZ_DEBUG
|
|
|
|
|
? (
|
2018-08-23 18:13:37 +00:00
|
|
|
PHP_SAPI === 'cli'
|
|
|
|
|
? new \Whoops\Handler\PlainTextHandler
|
|
|
|
|
: new \Whoops\Handler\PrettyPageHandler
|
2018-09-16 21:03:56 +00:00
|
|
|
)
|
|
|
|
|
: ($errorReporter = new WhoopsReporter)
|
|
|
|
|
);
|
|
|
|
|
$errorHandler->register();
|
2018-08-23 18:13:37 +00:00
|
|
|
|
2018-09-28 08:56:51 +00:00
|
|
|
require_once 'src/array.php';
|
|
|
|
|
require_once 'src/audit_log.php';
|
2018-10-06 22:40:14 +00:00
|
|
|
require_once 'src/cache.php';
|
2018-09-28 08:56:51 +00:00
|
|
|
require_once 'src/changelog.php';
|
2018-10-09 21:09:54 +00:00
|
|
|
require_once 'src/chat_quotes.php';
|
2018-09-28 08:56:51 +00:00
|
|
|
require_once 'src/colour.php';
|
|
|
|
|
require_once 'src/comments.php';
|
2018-10-04 20:30:55 +00:00
|
|
|
require_once 'src/config.php';
|
2018-10-02 19:16:42 +00:00
|
|
|
require_once 'src/csrf.php';
|
2018-10-05 09:06:39 +00:00
|
|
|
require_once 'src/db.php';
|
2018-09-28 08:56:51 +00:00
|
|
|
require_once 'src/general.php';
|
|
|
|
|
require_once 'src/git.php';
|
2018-10-04 21:53:37 +00:00
|
|
|
require_once 'src/mail.php';
|
2018-09-28 08:56:51 +00:00
|
|
|
require_once 'src/manage.php';
|
|
|
|
|
require_once 'src/news.php';
|
|
|
|
|
require_once 'src/perms.php';
|
|
|
|
|
require_once 'src/string.php';
|
|
|
|
|
require_once 'src/tpl.php';
|
|
|
|
|
require_once 'src/zalgo.php';
|
|
|
|
|
require_once 'src/Forum/forum.php';
|
|
|
|
|
require_once 'src/Forum/perms.php';
|
|
|
|
|
require_once 'src/Forum/post.php';
|
|
|
|
|
require_once 'src/Forum/topic.php';
|
|
|
|
|
require_once 'src/Forum/validate.php';
|
|
|
|
|
require_once 'src/Net/cidr.php';
|
2018-10-05 11:00:37 +00:00
|
|
|
require_once 'src/Net/geoip.php';
|
2018-09-28 08:56:51 +00:00
|
|
|
require_once 'src/Net/ip.php';
|
|
|
|
|
require_once 'src/Parsers/parse.php';
|
2018-10-08 12:29:18 +00:00
|
|
|
require_once 'src/Users/avatar.php';
|
|
|
|
|
require_once 'src/Users/background.php';
|
2018-09-28 08:56:51 +00:00
|
|
|
require_once 'src/Users/login_attempt.php';
|
|
|
|
|
require_once 'src/Users/profile.php';
|
2018-10-08 12:59:58 +00:00
|
|
|
require_once 'src/Users/recovery.php';
|
2018-09-28 08:56:51 +00:00
|
|
|
require_once 'src/Users/relations.php';
|
|
|
|
|
require_once 'src/Users/role.php';
|
|
|
|
|
require_once 'src/Users/session.php';
|
|
|
|
|
require_once 'src/Users/user.php';
|
|
|
|
|
require_once 'src/Users/validation.php';
|
2018-01-02 19:37:13 +00:00
|
|
|
|
2018-10-04 20:30:55 +00:00
|
|
|
config_load(MSZ_ROOT . '/config/config.ini');
|
2018-10-04 21:53:37 +00:00
|
|
|
mail_prepare(config_get_default([], 'Mail'));
|
2018-10-04 20:30:55 +00:00
|
|
|
|
2018-09-16 21:03:56 +00:00
|
|
|
if (!empty($errorReporter)) {
|
2018-10-04 20:30:55 +00:00
|
|
|
$errorReporter->setReportInfo(
|
|
|
|
|
config_get('Exceptions', 'report_url'),
|
|
|
|
|
config_get('Exceptions', 'hash_key')
|
|
|
|
|
);
|
2018-09-16 21:03:56 +00:00
|
|
|
}
|
|
|
|
|
|
2018-10-06 23:30:48 +00:00
|
|
|
db_setup([
|
|
|
|
|
'mysql-main' => config_get_default([], 'Database.mysql-main')
|
|
|
|
|
]);
|
2018-03-14 01:39:02 +00:00
|
|
|
|
2018-10-05 09:14:54 +00:00
|
|
|
// replace this with a better storage mechanism
|
|
|
|
|
define('MSZ_STORAGE', create_directory(config_get_default(MSZ_ROOT . '/store', 'Storage', 'path')));
|
|
|
|
|
|
2018-07-11 20:30:17 +00:00
|
|
|
if (PHP_SAPI === 'cli') {
|
|
|
|
|
if ($argv[0] === basename(__FILE__)) {
|
|
|
|
|
switch ($argv[1] ?? null) {
|
|
|
|
|
case 'cron':
|
|
|
|
|
// Ensure main role exists.
|
2018-10-06 23:30:48 +00:00
|
|
|
db_exec("
|
2018-07-11 20:30:17 +00:00
|
|
|
INSERT IGNORE INTO `msz_roles`
|
2018-10-29 21:18:53 +00:00
|
|
|
(`role_id`, `role_name`, `role_hierarchy`, `role_colour`, `role_description`, `role_created`)
|
2018-07-11 20:30:17 +00:00
|
|
|
VALUES
|
|
|
|
|
(1, 'Member', 1, 1073741824, NULL, NOW())
|
|
|
|
|
");
|
|
|
|
|
|
|
|
|
|
// Ensures all users are in the main role.
|
2018-10-06 23:30:48 +00:00
|
|
|
db_exec('
|
2018-07-11 20:30:17 +00:00
|
|
|
INSERT INTO `msz_user_roles`
|
|
|
|
|
(`user_id`, `role_id`)
|
|
|
|
|
SELECT `user_id`, 1 FROM `msz_users` as u
|
|
|
|
|
WHERE NOT EXISTS (
|
|
|
|
|
SELECT 1
|
|
|
|
|
FROM `msz_user_roles` as ur
|
|
|
|
|
WHERE `role_id` = 1
|
|
|
|
|
AND u.`user_id` = ur.`user_id`
|
|
|
|
|
)
|
|
|
|
|
');
|
|
|
|
|
|
|
|
|
|
// Ensures all display_role values are correct with `msz_user_roles`
|
2018-10-06 23:30:48 +00:00
|
|
|
db_exec('
|
2018-07-11 20:30:17 +00:00
|
|
|
UPDATE `msz_users` as u
|
|
|
|
|
SET `display_role` = (
|
|
|
|
|
SELECT ur.`role_id`
|
|
|
|
|
FROM `msz_user_roles` as ur
|
|
|
|
|
LEFT JOIN `msz_roles` as r
|
|
|
|
|
ON r.`role_id` = ur.`role_id`
|
|
|
|
|
WHERE ur.`user_id` = u.`user_id`
|
|
|
|
|
ORDER BY `role_hierarchy` DESC
|
|
|
|
|
LIMIT 1
|
|
|
|
|
)
|
|
|
|
|
WHERE NOT EXISTS (
|
|
|
|
|
SELECT 1
|
|
|
|
|
FROM `msz_user_roles` as ur
|
|
|
|
|
WHERE ur.`role_id` = u.`display_role`
|
|
|
|
|
AND `ur`.`user_id` = u.`user_id`
|
|
|
|
|
)
|
|
|
|
|
');
|
2018-07-17 17:55:28 +00:00
|
|
|
|
|
|
|
|
// Deletes expired sessions
|
2018-10-06 23:30:48 +00:00
|
|
|
db_exec('
|
2018-07-17 17:55:28 +00:00
|
|
|
DELETE FROM `msz_sessions`
|
|
|
|
|
WHERE `expires_on` < NOW()
|
|
|
|
|
');
|
|
|
|
|
|
2018-07-21 23:54:12 +00:00
|
|
|
// Remove old password reset records, left for a week for possible review
|
2018-10-06 23:30:48 +00:00
|
|
|
db_exec('
|
2018-07-21 23:54:12 +00:00
|
|
|
DELETE FROM `msz_users_password_resets`
|
|
|
|
|
WHERE `reset_requested` < NOW() - INTERVAL 1 WEEK
|
|
|
|
|
');
|
|
|
|
|
|
2018-07-17 17:55:28 +00:00
|
|
|
// Cleans up the login history table
|
2018-10-06 23:30:48 +00:00
|
|
|
db_exec('
|
2018-07-17 17:55:28 +00:00
|
|
|
DELETE FROM `msz_login_attempts`
|
2018-10-29 21:18:53 +00:00
|
|
|
WHERE `attempt_created` < NOW() - INTERVAL 1 YEAR
|
2018-07-17 17:55:28 +00:00
|
|
|
');
|
|
|
|
|
|
|
|
|
|
// Cleans up the audit log table
|
2018-10-06 23:30:48 +00:00
|
|
|
db_exec('
|
2018-07-17 17:55:28 +00:00
|
|
|
DELETE FROM `msz_audit_log`
|
|
|
|
|
WHERE `log_created` < NOW() - INTERVAL 1 YEAR
|
|
|
|
|
');
|
2018-07-11 20:30:17 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'migrate':
|
|
|
|
|
$migrationTargets = [
|
2018-10-04 20:30:55 +00:00
|
|
|
'mysql-main' => MSZ_ROOT . '/database',
|
2018-07-11 20:30:17 +00:00
|
|
|
];
|
|
|
|
|
$doRollback = !empty($argv[2]) && $argv[2] === 'rollback';
|
|
|
|
|
$targetDb = isset($argv[$doRollback ? 3 : 2]) ? $argv[$doRollback ? 3 : 2] : null;
|
|
|
|
|
|
|
|
|
|
if ($targetDb !== null && !array_key_exists($targetDb, $migrationTargets)) {
|
|
|
|
|
echo 'Invalid target database connection.' . PHP_EOL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach ($migrationTargets as $db => $path) {
|
|
|
|
|
echo "Creating migration manager for '{$db}'..." . PHP_EOL;
|
2018-10-06 23:30:48 +00:00
|
|
|
$migrationManager = new DatabaseMigrationManager(db_connection($db), $path);
|
2018-07-11 20:30:17 +00:00
|
|
|
$migrationManager->setLogger(function ($log) {
|
|
|
|
|
echo $log . PHP_EOL;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if ($doRollback) {
|
|
|
|
|
echo "Rolling back last migrations for '{$db}'..." . PHP_EOL;
|
|
|
|
|
$migrationManager->rollback();
|
|
|
|
|
} else {
|
|
|
|
|
echo "Running migrations for '{$db}'..." . PHP_EOL;
|
|
|
|
|
$migrationManager->migrate();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$errors = $migrationManager->getErrors();
|
|
|
|
|
$errorCount = count($errors);
|
|
|
|
|
|
|
|
|
|
if ($errorCount < 1) {
|
|
|
|
|
echo 'Completed with no errors!' . PHP_EOL;
|
|
|
|
|
} else {
|
|
|
|
|
echo PHP_EOL . "There were {$errorCount} errors during the migrations..." . PHP_EOL;
|
|
|
|
|
|
|
|
|
|
foreach ($errors as $error) {
|
|
|
|
|
echo $error . PHP_EOL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
2018-07-18 03:06:27 +00:00
|
|
|
case 'new-mig':
|
|
|
|
|
if (empty($argv[2])) {
|
|
|
|
|
echo 'Specify a migration name.' . PHP_EOL;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!preg_match('#^([a-z_]+)$#', $argv[2])) {
|
|
|
|
|
echo 'Migration name may only contain alpha and _ characters.' . PHP_EOL;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$filename = date('Y_m_d_His_') . trim($argv[2], '_') . '.php';
|
2018-10-04 20:30:55 +00:00
|
|
|
$filepath = MSZ_ROOT . '/database/' . $filename;
|
2018-07-18 03:06:27 +00:00
|
|
|
$namespace = snake_to_camel($argv[2]);
|
|
|
|
|
$template = <<<MIG
|
|
|
|
|
<?php
|
|
|
|
|
namespace Misuzu\DatabaseMigrations\\$namespace;
|
|
|
|
|
|
|
|
|
|
use PDO;
|
|
|
|
|
|
|
|
|
|
function migrate_up(PDO \$conn): void
|
|
|
|
|
{
|
|
|
|
|
\$conn->exec('
|
|
|
|
|
CREATE TABLE ...
|
|
|
|
|
');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function migrate_down(PDO \$conn): void
|
|
|
|
|
{
|
|
|
|
|
\$conn->exec('DROP TABLE ...');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
MIG;
|
|
|
|
|
|
|
|
|
|
file_put_contents($filepath, $template);
|
|
|
|
|
|
|
|
|
|
echo "Template for '{$namespace}' has been created." . PHP_EOL;
|
|
|
|
|
break;
|
|
|
|
|
|
2018-07-11 20:30:17 +00:00
|
|
|
default:
|
|
|
|
|
echo 'Unknown command.' . PHP_EOL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2018-09-16 19:45:40 +00:00
|
|
|
if (!MSZ_DEBUG) {
|
2018-07-21 00:56:47 +00:00
|
|
|
ob_start('ob_gzhandler');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// we're running this again because ob_clean breaks gzip otherwise
|
|
|
|
|
ob_start();
|
2018-07-14 17:57:21 +00:00
|
|
|
|
2018-10-05 09:14:54 +00:00
|
|
|
if (!is_readable(MSZ_STORAGE) || !is_writable(MSZ_STORAGE)) {
|
2018-03-24 04:31:42 +00:00
|
|
|
echo 'Cannot access storage directory.';
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-06 22:40:14 +00:00
|
|
|
cache_init(config_get_default([], 'Cache'));
|
2018-10-05 11:00:37 +00:00
|
|
|
geoip_init(config_get_default('', 'GeoIP', 'database_path'));
|
|
|
|
|
|
2018-09-17 19:07:10 +00:00
|
|
|
tpl_init([
|
|
|
|
|
'debug' => MSZ_DEBUG,
|
|
|
|
|
'auto_reload' => MSZ_DEBUG,
|
2018-10-04 20:30:55 +00:00
|
|
|
'cache' => MSZ_DEBUG ? false : create_directory(build_path(sys_get_temp_dir(), 'msz-tpl-cache-' . md5(MSZ_ROOT))),
|
2018-09-17 19:07:10 +00:00
|
|
|
]);
|
2018-09-16 19:45:40 +00:00
|
|
|
|
2018-10-04 20:30:55 +00:00
|
|
|
tpl_var('globals', [
|
|
|
|
|
'site_name' => config_get_default('Misuzu', 'Site', 'name'),
|
|
|
|
|
'site_description' => config_get('Site', 'description'),
|
|
|
|
|
'site_twitter' => config_get('Site', 'twitter'),
|
|
|
|
|
'site_url' => config_get('Site', 'url'),
|
|
|
|
|
]);
|
2018-09-16 19:45:40 +00:00
|
|
|
|
2018-10-04 20:30:55 +00:00
|
|
|
tpl_add_path(MSZ_ROOT . '/templates');
|
2018-07-07 23:24:34 +00:00
|
|
|
|
2018-09-27 22:27:30 +00:00
|
|
|
$misuzuBypassLockdown = !empty($misuzuBypassLockdown);
|
|
|
|
|
|
2018-10-05 07:52:13 +00:00
|
|
|
if (!$misuzuBypassLockdown && boolval(config_get_default(false, 'Auth', 'lockdown'))) {
|
2018-03-31 22:28:32 +00:00
|
|
|
http_response_code(503);
|
2018-09-23 01:32:18 +00:00
|
|
|
echo tpl_render('auth.lockdown');
|
2018-03-31 22:28:32 +00:00
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-02 22:34:05 +00:00
|
|
|
if (isset($_COOKIE['msz_uid'], $_COOKIE['msz_sid'])
|
|
|
|
|
&& user_session_start((int)$_COOKIE['msz_uid'], $_COOKIE['msz_sid'])) {
|
|
|
|
|
$mszUserId = (int)$_COOKIE['msz_uid'];
|
|
|
|
|
|
|
|
|
|
user_bump_last_active($mszUserId);
|
2018-10-29 21:23:53 +00:00
|
|
|
user_session_bump_active(user_session_current('session_id'));
|
2018-10-02 22:34:05 +00:00
|
|
|
|
2018-10-06 23:30:48 +00:00
|
|
|
$getUserDisplayInfo = db_prepare('
|
2018-10-02 22:34:05 +00:00
|
|
|
SELECT
|
|
|
|
|
u.`user_id`, u.`username`, u.`user_background_settings`,
|
|
|
|
|
COALESCE(u.`user_colour`, r.`role_colour`) as `user_colour`
|
|
|
|
|
FROM `msz_users` as u
|
|
|
|
|
LEFT JOIN `msz_roles` as r
|
|
|
|
|
ON u.`display_role` = r.`role_id`
|
|
|
|
|
WHERE `user_id` = :user_id
|
|
|
|
|
');
|
|
|
|
|
$getUserDisplayInfo->bindValue('user_id', $mszUserId);
|
|
|
|
|
$userDisplayInfo = $getUserDisplayInfo->execute() ? $getUserDisplayInfo->fetch() : [];
|
2018-03-31 22:28:32 +00:00
|
|
|
}
|
|
|
|
|
|
2018-10-04 20:30:55 +00:00
|
|
|
csrf_init(
|
|
|
|
|
config_get_default('insecure', 'CSRF', 'secret_key'),
|
|
|
|
|
empty($userDisplayInfo) ? ip_remote_address() : $_COOKIE['msz_sid']
|
|
|
|
|
);
|
2018-10-02 19:16:42 +00:00
|
|
|
|
2018-10-05 07:33:26 +00:00
|
|
|
if (!$misuzuBypassLockdown && boolval(config_get_default(false, 'Private', 'enabled'))) {
|
2018-10-02 22:34:05 +00:00
|
|
|
if (user_session_active()) {
|
2018-10-05 07:33:26 +00:00
|
|
|
$privatePermission = intval(config_get_default(0, 'Private', 'permission'));
|
|
|
|
|
|
|
|
|
|
if ($privatePermission > 0) {
|
|
|
|
|
$generalPerms = perms_get_user(MSZ_PERMS_GENERAL, $userDisplayInfo['user_id']);
|
2018-09-28 07:56:55 +00:00
|
|
|
|
2018-10-05 07:33:26 +00:00
|
|
|
if (!perms_check($generalPerms, $privatePermission)) {
|
|
|
|
|
unset($userDisplayInfo);
|
|
|
|
|
user_session_stop(); // au revoir
|
|
|
|
|
}
|
2018-09-28 07:56:55 +00:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
http_response_code(401);
|
|
|
|
|
echo tpl_render('auth.private', [
|
2018-10-05 07:33:26 +00:00
|
|
|
'private_message'=> config_get_default('', 'Private', 'message'),
|
2018-09-28 07:56:55 +00:00
|
|
|
]);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
2018-09-27 22:27:30 +00:00
|
|
|
}
|
|
|
|
|
|
2018-10-02 23:09:41 +00:00
|
|
|
if (!empty($userDisplayInfo)) {
|
|
|
|
|
tpl_var('current_user', $userDisplayInfo);
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-07 23:24:34 +00:00
|
|
|
$inManageMode = starts_with($_SERVER['REQUEST_URI'], '/manage');
|
2018-10-02 22:34:05 +00:00
|
|
|
$hasManageAccess = perms_check(perms_get_user(MSZ_PERMS_GENERAL, $userDisplayInfo['user_id'] ?? 0), MSZ_PERM_GENERAL_CAN_MANAGE);
|
2018-08-15 01:12:58 +00:00
|
|
|
tpl_var('has_manage_access', $hasManageAccess);
|
2018-03-28 00:35:37 +00:00
|
|
|
|
2018-07-07 23:24:34 +00:00
|
|
|
if ($inManageMode) {
|
|
|
|
|
if (!$hasManageAccess) {
|
2018-05-26 20:33:05 +00:00
|
|
|
echo render_error(403);
|
2018-03-28 00:35:37 +00:00
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-02 22:34:05 +00:00
|
|
|
tpl_var('manage_menu', manage_get_menu($userDisplayInfo['user_id'] ?? 0));
|
2018-03-28 00:35:37 +00:00
|
|
|
}
|
2018-03-14 01:39:02 +00:00
|
|
|
}
|
