13

bootstrap

bootstrap
SYNOPSIS

bootstrap()

DESCRIPTION

bootstrap initializes the context of the program. If the configuration parameter $db_url is set, bootstrap opens a DB connection. bootstrap defines the global variables $base_url, $base_path and $base_root. bootstrap always opens a session and defines the global variable $session_name if it's not already defined in the configuration file.

bootstrap is the first function called by index.php, the unique entry point of the program.

CODE
  1. require_once 'session.php';
  2. require_once 'unsetglobals.php';
  3. require_once 'validatehostname.php';

Loads the code for the functions session_open, unset_globals and validate_host_name.

  1. function bootstrap() {
  2.     global $base_url, $base_path, $base_root;
  3.     global $db_url, $session_name, $login_lifetime;

bootstrap initializes the global variables $base_url, $base_path, $base_root and $session_name.

  1.     if (isset($_SERVER['HTTP_HOST'])) {
  2.         $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
  3.         if (!validate_host_name($_SERVER['HTTP_HOST'])) {
  4.             header('HTTP/1.1 400 Bad Request');
  5.             exit;
  6.         }
  7.     }
  8.     else {
  9.         $_SERVER['HTTP_HOST'] = '';
  10.     }

Tries to pinpoint a fraudulent request by validating the name of the sender with validate_host_name.

  1.     unset_globals();
  2.  
  3.     @include 'settings.inc';
  4.     @include 'config.inc';
  5.     @include 'db.inc';

Cleanses the global variables of PHP. Initializes and configures the program.

  1.     if ($db_url == 'mysql://username:password@localhost/databasename') {
  2.         $db_url = false;
  3.     }
  4.  
  5.     if ($db_url) {
  6.         require_once 'pdo.php';
  7.         db_connect($db_url);
  8.     }

Checks if the DB connector is set to the default value. Opens a connection with the DB if $db_url isn't false.

  1.     if ($base_url) {
  2.         $base_url = trim($base_url, '/');
  3.  
  4.         $url = parse_url($base_url);
  5.  
  6.         if (!isset($url['path'])) {
  7.             $url['path'] = '';
  8.         }
  9.  
  10.         $base_path = $url['path'];
  11.         $base_root = substr($base_url, 0, strlen($base_url) - strlen($base_path));
  12.     }
  13.     else {
  14.         $base_root = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
  15.  
  16.         $base_url = $base_root .= '://'. $_SERVER['HTTP_HOST'];
  17.  
  18.         if ($dir = trim(dirname($_SERVER['SCRIPT_NAME']), '\,/')) {
  19.             $base_path = '/' . $dir;
  20.             $base_url .= $base_path;
  21.         }
  22.         else {
  23.             $base_path = '';
  24.         }
  25.     }

If the global variable $base_url has been defined in config.inc, extracts from it the path part of the URL and initializes the global variables $base_path and $base_root. Otherwise, computes the values of $base_root and of $base_path from the PHP variables $_SERVER['HTTPS'], $_SERVER['HTTP_HOST'] and $_SERVER['SCRIPT_NAME'], then builds $base_url by concatenating them.

  1.     if (!$session_name) {
  2.         list( , $session_name) = explode('://', $base_url, 2);
  3.         $session_name = 'izend@' . $session_name;
  4.  
  5.         if (ini_get('session.cookie_secure')) {
  6.             $session_name .= 'SSL';
  7.         }
  8.     }

Builds a unique session name if $session_name isn't already set.

  1.     session_open(md5($session_name));

Opens a session whose name is the MD5 of $session_name.

  1.     if (isset($_SESSION['user']['lasttime'])) {
  2.         $now = time();
  3.         if ($now - $_SESSION['user']['lasttime'] > $login_lifetime) {
  4.             unset($_SESSION['user']);
  5.         }
  6.         else {
  7.             $_SESSION['user']['lasttime'] = $now;
  8.         }
  9.     }

Disconnects a user who has been inactive for too long. The configuration parameter $login_lifetime defines the maximum time in seconds between two requests. The session variable $_SESSION['user'] determines if a user is identified. The field $_SESSION['user']['lasttime'] is initialized when the user logs in if the parameter $login_lifetime isn't false.

SEE ALSO

validatehostname, unsetglobals, db, session, userisidentified

Comments

To add a comment, click here.