Source for file setup_inc.php
Documentation is available at setup_inc.php
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See below for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See http://www.gnu.org/copyleft/lesser.html for details.
//ini_set( 'session.save_path', 'C:\somewhere\I\can\write' );
define( 'BIT_ROOT_PATH', empty( $_SERVER['VHOST_DIR'] ) ? $rootDir. '/' : $_SERVER['VHOST_DIR']. '/' );
// immediately die on request to hack our database
if(( !empty( $_REQUEST['sort_mode'] ) && !is_array( $_REQUEST['sort_mode'] ) && strpos( $_REQUEST['sort_mode'], 'http' ) !== FALSE ) || ( !empty( $_REQUEST['PGV_BASE_DIRECTORY'] ) && strpos( $_REQUEST['PGV_BASE_DIRECTORY'], 'http' ) !== FALSE )) {
require_once( dirname( __FILE__ ). '/bit_error_inc.php' );
require_once( BIT_ROOT_PATH. 'kernel/config_defaults_inc.php' );
require_once( KERNEL_PKG_PATH. 'kernel_lib.php' );
require_once( KERNEL_PKG_PATH. 'BitTimer.php' );
// this is evil stuff and causes hell for us
ini_set( 'session.use_trans_sid', 'Off' );
// clean up $_GET and make sure others are clean as well
if( !empty( $_GET ) && is_array( $_GET ) && empty( $gNoToxify ) ) {
// Force a global ADODB db object so all classes share the same connection
if( !empty( $gBitSystem ) ) {
switch( $gBitDbSystem ) {
// the installer and select admin pages required DataDict to verify package installation
if( !empty( $gForceAdodb )) {
require_once( KERNEL_PKG_PATH. $dbClass. '.php' );
// =================== Global Classes ===================
$gBitDb = new $dbClass();
if( defined( 'QUERY_CACHE_ACTIVE' ) ) {
require_once( KERNEL_PKG_PATH. 'BitSystem.php' );
global $gBitSmarty, $gBitSystem;
// make sure we only create one BitSmarty
// set the default handler
$gBitSmarty->load_filter( 'pre', 'tr' );
// $gBitSmarty->load_filter('output','trimwhitespace');
if( isset ( $_REQUEST['highlight'] ) ) {
$gBitSmarty->load_filter( 'output', 'highlight' );
// first thing we do, is check to see if our version of bitweaver is up to date.
// we need to know about this before any other package is loaded to ensure that we can exclude stuff that isn't backwards compatible.
// BIT_INSTALL is set by the installer and LOGIN_VALIDATE is set in users/validate.php
define( 'INSTALLER_FORCE', TRUE );
require_once( LANGUAGES_PKG_PATH. 'BitLanguage.php' );
// collects information about the browser - needed for various browser specific theme settings
require_once( UTIL_PKG_PATH. 'phpsniff/phpSniff.class.php' );
$gSniffer = new phpSniff;
$gBitSmarty->assign_by_ref( 'gBrowserInfo', $gSniffer->_browser_info );
// set various classes global
global $gBitUser, $gTicket, $userlib, $gBitDbType, $gLibertySystem;
if( ini_get( 'zlib.output_compression' ) == 1 ) {
$gBitSmarty->assign( 'output_compression', 'zlib' );
} elseif( $gBitSystem->isFeatureActive( 'site_output_obzip' ) && !empty( $_SERVER['SCRIPT_FILENAME'] ) && !preg_match( '!/download.php$!', $_SERVER['SCRIPT_FILENAME'] )) {
$gBitSmarty->assign( 'output_compression', 'gzip' );
// we need to allow up to 900 chars for this value in our 250 char table column
$gBitSystem->setConfig( 'site_keywords',
$host = $gBitSystem->getConfig( 'kernel_server_name', $_SERVER['HTTP_HOST'] );
// Added check for IIS $_SERVER['HTTPS'] uses 'off' value - wolff_borg
define( 'BIT_BASE_URI', 'http'. (( !empty( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] != 'off' ) ? 's' : '' ). '://'. $host );
if( !defined( 'BIT_BASE_PATH' ) ) {
$path_end = $root_path_count - $root_url_count;
define( 'BIT_BASE_PATH', ( BIT_ROOT_URL == "/" ? BIT_ROOT_PATH : substr( BIT_ROOT_PATH, 0, $path_end ) . "/" ) );
// Force full URI's for offline or exported content (newsletters, etc.)
if( $root[strlen($root)- 1] != '/' ) {
define( 'UTIL_PKG_URL', $root. 'util/' );
define( 'LIBERTY_PKG_URL', $root. 'liberty/' );
// load only installed and active packages
$gBitSystem->scanPackages( 'bit_setup_inc.php', TRUE, 'active', TRUE, TRUE );
$gBitSmarty->scanPackagePluginDirs();
// possible install specific customizations for multi-sites, staging sites, etc.
require_once( CONFIG_PKG_PATH. 'kernel/override_inc.php' );
// some plugins check for active packages, so we do this *after* package scanning
$gBitSmarty->assign_by_ref( 'gBitSystem', $gBitSystem );
// some liberty plugins might need to run some functions.
// it's necessary that we call them early on after scanPackages() has been completed.
foreach( $gLibertySystem->getPluginFunctions( 'preload_function' ) as $func ) {
// TODO: XSS security check
if( !empty( $_REQUEST['tk'] ) && empty( $_SERVER['bot'] ) ) {
//$gBitUser->verifyTicket();
} elseif( !empty( $_SERVER['bot'] ) ) {
// this will register and set up the dropdown menus and the application menus in modules
require_once( THEMES_PKG_PATH. 'menu_register_inc.php' );
// added for virtual hosting suport
if( !isset ( $bitdomain )) {
$gBitSystem->setConfig( 'bitdomain', $bitdomain );
$gBitSmarty->assign( "bitdomain", $bitdomain );
// Fix IIS servers not setting what they should set (ay ay IIS, ay ay)
if( !isset ( $_SERVER['QUERY_STRING'] )) {
$_SERVER['QUERY_STRING'] = '';
if( !isset ( $_SERVER['REQUEST_URI'] ) || empty( $_SERVER['REQUEST_URI'] )) {
$_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME']. '/'. $_SERVER['QUERY_STRING'];
if( isset ( $_REQUEST['page'] )) {
$_REQUEST['page'] = strip_tags( $_REQUEST['page'] );
$gBitSmarty->assign_by_ref( 'gHideModules', $gHideModules );
$keywords = $gBitSystem->getConfig( 'site_keywords' );
$gBitSmarty->assign_by_ref( 'metaKeywords', $keywords );
// =================== Kernel ===================
//$gBitSmarty->assign_by_ref( "gBitSystemPackages", $gBitSystem->mPackages ); doesn't seem to be used - xing
// check to see if admin has closed the site
if(( isset ( $_SERVER['SCRIPT_URL'] ) && $_SERVER['SCRIPT_URL'] == USERS_PKG_URL. 'validate.php' )) {
$bypass_siteclose_check = 'y';
if( empty($gShellScript) && $gBitSystem->isFeatureActive( 'site_closed' ) && !$gBitUser->hasPermission( 'p_access_closed_site' ) && !isset ( $bypass_siteclose_check )) {
$_REQUEST['error'] = $gBitSystem->getConfig('site_closed_msg',' ');
include( KERNEL_PKG_PATH . 'error_simple.php' );
// check to see if max server load threshold is enabled
$site_use_load_threshold = $gBitSystem->getConfig( 'site_use_load_threshold', 'n' );
// get average server load in the last minute. Keep quiet cause virtual hosts can give perm denied or openbase_dir is open_basedir on
list ($server_load) = explode(' ', $load[0]);
$gBitSmarty->assign('server_load', $server_load);
if ($site_use_load_threshold == 'y' && !$gBitUser->hasPermission( 'p_access_closed_site' ) && !isset ($bypass_siteclose_check)) {
$site_load_threshold = $gBitSystem->getConfig('site_load_threshold', 3);
if ($server_load > $site_load_threshold) {
$_REQUEST['error'] = $gBitSystem->getConfig('site_busy_msg', 'Server is currently too busy; please come back later.');
include( KERNEL_PKG_PATH . 'error_simple.php' );
// if we are interactively translating the website, we force template caching on every page load.
$gBitSmarty->assign_by_ref( "gBitTranslationHash", $gBitTranslationHash );
// this has to be done since the permission can't be checked in BitLanguage::translate() as it's called too soon by prefilter.tr
$gBitSystem->setConfig( 'i18n_interactive_translation', 'n' );
// All of the below deals with HTTPS - perhaps we should move this to a separate file
if( isset ( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] == 'on' ) {
$site_https_port = isset ( $_SERVER['SERVER_PORT'] ) ? $_SERVER['SERVER_PORT'] : 443;
$site_http_port = isset ( $_SERVER['SERVER_PORT'] ) ? $_SERVER['SERVER_PORT'] : 80;
if( !$site_https_port = $gBitSystem->getConfig( 'site_https_port', $site_https_port ) ) {
$gBitSystem->setConfig( 'site_https_port', $site_https_port );
if( defined( 'SECURE_BIT_BASE_URI' ) ) {
define( 'SECURE_BIT_BASE_URI', 'https://'. $host. ($site_https_port!= 443? $site_https_port: '') );
// we need this for backwards compatibility - use $gBitSystem->getPrerference( 'max_records' ) if you need it, or else the spanish inquisition will come and poke you with a soft cushion
$max_records = $gBitSystem->getConfig( "max_records", 10 );
$gBitSmarty->assign('site_https_login', $gBitSystem->getConfig( 'site_https_login' ) );
$gBitSmarty->assign('site_https_login_required', $gBitSystem->getConfig( 'site_https_login_required' ) );
$login_url = USERS_PKG_URL . 'validate.php';
$gBitSmarty->assign( 'login_url', $login_url );
$http_login_url = 'http://' . $gBitSystem->getConfig( 'site_http_domain', $_SERVER['HTTP_HOST'] );
if( $site_http_port != 80 ) {
$http_login_url .= ':'. $site_http_port;
$https_login_url = 'https://'. $gBitSystem->getConfig( 'site_https_domain', $_SERVER['HTTP_HOST'] );
if( $site_https_port != 443 ) {
$https_login_url .= ':'. $site_https_port;
$https_login_url .= $gBitSystem->getConfig( 'site_https_prefix', BIT_ROOT_URL ). USERS_PKG_URL. 'login.php';
$gBitSystem->setConfig( 'http_login_url', $http_login_url );
// force the login_url to the https_login_url if needed
if( !( isset ( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] == 'on' )) {
$gBitSmarty->assign( 'login_url', $https_login_url );
$gBitSystem->setConfig( 'http_login_url', $http_login_url );
$gBitSystem->setConfig( 'https_login_url', $https_login_url );
// if we have a valid user but their status is unsavory then completely cut them off from accessing the site
if( $gBitUser->getField('content_status_id') < 0 ){
$gBitSystem->scanPackages();
$gBitSystem->fatalError( tra( 'Access Denied' ). "!" );
// INSTALLER_FORCE was set earlier and here we force the installer if needed.
if( defined( 'INSTALLER_FORCE' )) {
$gBitSmarty->display( "bitpackage:kernel/force_installer.tpl" );
|