129

Initialization and configuration

Copy the whole tree of site0 to a folder called site1.

  1. /cms
    1. site0
    2. site1

In this chapter, we are going to organize how the site is configured and started.

To test the result online, enter http://www.frasq.org/cms/site1 in the address bar of your navigator. The output shows how the URL is analyzed by the program.

Create the folders includes and library in the folder site1. Move dump.php in library.

  1. /cms/site1
    1. includes
    2. library
      1. dump.php
    3. favicon.ico
    4. robots.txt
    5. sitemap.xml
    6. index.php
    7. .htaccess

The files with the parameters for initializing and configuring the program are grouped in the folder includes.

  1. /cms/site1
    1. includes
      1. settings.inc
      2. config.inc

Create the files settings.inc and config.inc in the folder includes with the following contents:

  1. ini_set('arg_separator.output',     '&');
  2. ini_set('magic_quotes_runtime',     0);
  3. ini_set('magic_quotes_sybase',      0);
  4. ini_set('register_globals',         0);
  5. ini_set('session.cache_expire',     180);
  6. ini_set('session.cache_limiter',    'none');
  7. ini_set('session.cookie_lifetime',  0);
  8. ini_set('session.gc_maxlifetime',   1440);
  9. ini_set('session.name',             '');
  10. ini_set('session.save_handler',     'files');
  11. ini_set('session.use_cookies',      1);
  12. ini_set('session.use_only_cookies', 1);
  13. ini_set('session.use_trans_sid',    0);
  14. ini_set('url_rewriter.tags',        '');
  15.  
  16. ini_set('error_reporting',          E_ALL | E_STRICT);
  17. ini_set('display_errors',           1);
  18. ini_set('log_errors',               0);

settings.inc redefines parameters of PHP which are configured in the system file php.ini.

IMPORTANT: Change the configuration of the site when put online to not display errors and write them instead in a log by setting the parameter display_errors to 0 and the parameter log_errors to 1.

  1. global $base_url, $base_path, $base_root;
  2.  
  3. global $sitename, $webmaster;
  4.  
  5. $sitename = 'frasq.org';
  6. $webmaster = 'nobody@frasq.org';

config.inc is reserved for the global parameters of the program.

The initialization of the program is done by a function called bootstrap which needs the functions unset_globals and validate_host_name. Each function is defined in a separate file.

Add the files bootstrap.php, unsetglobals.php and validatehostname.php in the folder library with the following contents:

  1. /cms/site1
    1. library
      1. bootstrap.php
      2. unsetglobals.php
      3. validatehostname.php
  1. function unset_globals() {
  2.     if (ini_get('register_globals')) {
  3.         $allowed = array('_ENV', '_GET', '_POST', '_COOKIE', '_FILES', '_SERVER', '_REQUEST', 'GLOBALS');
  4.         foreach ($GLOBALS as $key => $value) {
  5.             if (!in_array($key, $allowed)) {
  6.                 unset($GLOBALS[$key]);
  7.             }
  8.         }
  9.     }
  10. }

unset_globals clears a series of dangerous global variables set by PHP if the parameter register_globals is true. We have asked Apache in .htaccess with the directive SetEnv REGISTER_GLOBALS 0 and PHP in settings.inc with a call to init_set to set this parameter to 0, but an internet provider might very well configure Apache and/or PHP so they reject any attempt to modify this parameter.

  1. function validate_host_name($host) {
  2.     return preg_match('/^\[?(?:[a-z0-9-:\]_]+\.?)+$/', $host);
  3. }

validate_host_name returns true if the argument $host is a valid host name, false otherwise.

  1. require_once 'unsetglobals.php';
  2. require_once 'validatehostname.php';

Loads the code for the functions unset_globals and validate_host_name.

  1. function bootstrap() {
  2.     global $base_url, $base_path, $base_root;

bootstrap initializes the global variables $base_url, $base_path and $base_root.

  1.     if (isset($_SERVER['HTTP_HOST'])) {
  2.         $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
  3.         if (!validate_host_name($_SERVER['HTTP_HOST'])) {
  4.             header('HTTP/1.1 400 Bad Request');
  5.             exit;
  6.         }
  7.     }
  8.     else {
  9.         $_SERVER['HTTP_HOST'] = '';
  10.     }

Tries to pinpoint a fraudulent request by validating the name of the sender with validate_host_name.

  1.     unset_globals();
  2.  
  3.     @include 'settings.inc';
  4.     @include 'config.inc';

Cleanses the global variables of PHP. Initializes and configures the program.

  1.     if (isset($base_url)) {
  2.         $base_url = trim($base_url, '/');
  3.  
  4.         $url = parse_url($base_url);
  5.  
  6.         if (!isset($url['path'])) {
  7.             $url['path'] = '';
  8.         }
  9.  
  10.         $base_path = $url['path'];
  11.         $base_root = substr($base_url, 0, strlen($base_url) - strlen($base_path));
  12.     }
  13.     else {
  14.         $base_root = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
  15.  
  16.         $base_url = $base_root .= '://'. $_SERVER['HTTP_HOST'];
  17.  
  18.         if ($dir = trim(dirname($_SERVER['SCRIPT_NAME']), '\,/')) {
  19.             $base_path = '/' . $dir;
  20.             $base_url .= $base_path;
  21.         }
  22.         else {
  23.             $base_path = '';
  24.         }
  25.     }
  26. }

If the global variable $base_url has been defined in config.inc, extracts from it the path part of the URL and initializes the global variables $base_path and $base_root. Otherwise, computes the values of $base_root and of $base_path from the PHP variables $_SERVER['HTTPS'], $_SERVER['HTTP_HOST'] and $_SERVER['SCRIPT_NAME'], then builds $base_url by concatenating them.

Modify index.php to properly initialize the program with bootstrap:

  1. define('ROOT_DIR', dirname(__FILE__));
  2.  
  3. set_include_path(get_include_path() . PATH_SEPARATOR . ROOT_DIR . DIRECTORY_SEPARATOR . 'library');
  4. set_include_path(get_include_path() . PATH_SEPARATOR . ROOT_DIR . DIRECTORY_SEPARATOR . 'includes');
  5.  
  6. require_once 'dump.php';
  7.  
  8. require_once 'bootstrap.php';
  9.  
  10. bootstrap();
  11.  
  12. dump($base_url);
  13. dump($base_root);
  14. dump($base_path);

index.php starts by adding the directories library and includes to the PHP path. After loading the code for dump and bootstrap, index.php calls bootstrap. The rest of the program prints the global variables $base_url, $base_root and $base_path which were set in bootstrap.

Enter http://localhost/cms/site1/search?q=foobar in the address bar of your navigator.

string(32) "http://localhost/cms/site1"

string(22) "http://localhost"

string(10) "/cms/site1"

Set $base_url to http://localhost/cms/site1 in config.inc and reload the page. Check that the display is identical.

Comments

To add a comment, click here.