2013-12-23 02:55:53 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
// Called before each action
|
2016-04-18 01:44:45 +02:00
|
|
|
Router\before(function ($action) {
|
2015-01-18 01:17:44 +01:00
|
|
|
Session\open(BASE_URL_DIRECTORY, SESSION_SAVE_PATH, 0);
|
2014-02-08 20:13:14 +01:00
|
|
|
|
2015-01-18 01:53:54 +01:00
|
|
|
// Select the requested database either from post param database or from the
|
|
|
|
// session variable. If it fails, logout to destroy session and
|
2015-01-17 19:35:59 +01:00
|
|
|
// 'remember me' cookie
|
2016-05-03 10:45:07 +02:00
|
|
|
if (Request\value('database') !== null && ! Model\Database\select(Request\value('database'))) {
|
2015-01-18 01:53:54 +01:00
|
|
|
Model\User\logout();
|
|
|
|
Response\redirect('?action=login');
|
2016-04-18 01:44:45 +02:00
|
|
|
} elseif (! empty($_SESSION['database'])) {
|
2015-01-17 19:35:59 +01:00
|
|
|
if (! Model\Database\select($_SESSION['database'])) {
|
|
|
|
Model\User\logout();
|
2014-05-27 02:47:40 +02:00
|
|
|
Response\redirect('?action=login');
|
|
|
|
}
|
|
|
|
}
|
2014-11-19 01:00:53 +01:00
|
|
|
|
2015-01-17 19:35:59 +01:00
|
|
|
// These actions are considered to be safe even for unauthenticated users
|
|
|
|
$safe_actions = array('login', 'bookmark-feed', 'select-db', 'logout', 'notfound');
|
2014-11-19 01:00:53 +01:00
|
|
|
|
2015-01-18 00:53:40 +01:00
|
|
|
if (! Model\User\is_loggedin() && ! in_array($action, $safe_actions)) {
|
2015-01-17 19:35:59 +01:00
|
|
|
if (! Model\RememberMe\authenticate()) {
|
|
|
|
Model\User\logout();
|
|
|
|
Response\redirect('?action=login');
|
2014-11-19 01:00:53 +01:00
|
|
|
}
|
2016-04-18 01:44:45 +02:00
|
|
|
} elseif (Model\RememberMe\has_cookie()) {
|
2015-01-17 19:35:59 +01:00
|
|
|
Model\RememberMe\refresh();
|
|
|
|
}
|
2013-12-23 02:55:53 +01:00
|
|
|
|
|
|
|
// Load translations
|
|
|
|
$language = Model\Config\get('language') ?: 'en_US';
|
2015-01-30 19:45:23 +01:00
|
|
|
Translator\load($language);
|
2013-12-23 02:55:53 +01:00
|
|
|
|
2014-02-26 01:03:46 +01:00
|
|
|
// Set timezone
|
|
|
|
date_default_timezone_set(Model\Config\get('timezone') ?: 'UTC');
|
|
|
|
|
2013-12-23 02:55:53 +01:00
|
|
|
// HTTP secure headers
|
|
|
|
Response\csp(array(
|
|
|
|
'media-src' => '*',
|
2015-08-22 00:18:08 +02:00
|
|
|
'img-src' => '* data:',
|
2014-11-08 02:53:50 +01:00
|
|
|
'frame-src' => Model\Config\get_iframe_whitelist(),
|
2015-05-16 09:35:50 +02:00
|
|
|
'referrer' => 'no-referrer',
|
2013-12-23 02:55:53 +01:00
|
|
|
));
|
|
|
|
|
|
|
|
Response\xframe();
|
|
|
|
Response\xss();
|
|
|
|
Response\nosniff();
|
2015-05-17 19:40:56 +02:00
|
|
|
|
|
|
|
if (ENABLE_HSTS && Helper\is_secure_connection()) {
|
|
|
|
Response\hsts();
|
|
|
|
}
|
2013-12-23 02:55:53 +01:00
|
|
|
});
|
|
|
|
|
|
|
|
// Show help
|
2016-04-18 01:44:45 +02:00
|
|
|
Router\get_action('show-help', function () {
|
2013-12-23 02:55:53 +01:00
|
|
|
Response\html(Template\load('show_help'));
|
2014-02-05 03:47:59 +01:00
|
|
|
});
|
|
|
|
|
2014-02-08 20:13:14 +01:00
|
|
|
// Show the menu for the mobile view
|
2016-04-18 01:44:45 +02:00
|
|
|
Router\get_action('more', function () {
|
2014-02-05 03:47:59 +01:00
|
|
|
Response\html(Template\layout('show_more', array('menu' => 'more')));
|
|
|
|
});
|
2014-04-06 02:24:13 +02:00
|
|
|
|
2014-12-24 21:58:24 +01:00
|
|
|
// Image proxy (avoid SSL mixed content warnings)
|
2016-04-18 01:44:45 +02:00
|
|
|
Router\get_action('proxy', function () {
|
2015-02-01 22:54:57 +01:00
|
|
|
Model\Proxy\download(rawurldecode(Request\param('url')));
|
|
|
|
exit;
|
2014-12-24 21:58:24 +01:00
|
|
|
});
|