def connect(url): """ Initialise a database connection. Note that mysqli does not support persistent connections. """ # Check if MySQLi support is present in PHP url = php.parse_url(url, 3306) # Decode url-encoded information in the db connection string url['user'] = php.urldecode(url['user']) # Test if database url has a password. url['pass'] = (php.urldecode(url['pass']) if php.isset(url, 'pass') else '') url['host'] = php.urldecode(url['host']) url['path'] = php.urldecode(url['path']) if (not php.isset(url, 'port')): url['port'] = None connection = DrupyMySQL.mysqli_real_connect(\ url['host'], url['user'], url['pass'], php.substr(url['path'], 1), \ url['port'], '', DrupyMySQL.MYSQLI_CLIENT_FOUND_ROWS) if (DrupyMySQL.mysqli_connect_errno() > 0): _db_error_page(DrupyMySQL.mysqli_connect_error()) # Force UTF-8. DrupyMySQL.mysqli_query(connection, 'SET NAMES "utf8"') # Require ANSI mode to improve SQL portability. DrupyMySQL.mysqli_query(connection, "SET php.SESSION sql_mode='ANSI'") return connection
def initialize(): """ Choose a language for the page, based on language negotiation settings. """ # Configured presentation language mode. mode = variable_get('language_negotiation', \ lib_bootstrap.LANGUAGE_NEGOTIATION_NONE) # Get a list of enabled languages. languages = lib_bootstrap.language_list('enabled') languages = languages[1] if mode == lib_bootstrap.LANGUAGE_NEGOTIATION_NONE: return language_default() elif mode == lib_bootstrap.LANGUAGE_NEGOTIATION_DOMAIN: for language in languages: parts = php.parse_url(language.domain) if (not php.empty(parts['host']) and \ (php.SERVER['php.SERVER_NAME'] == parts['host'])): return language return language_default() elif mode == lib_bootstrap.LANGUAGE_NEGOTIATION_PATH_DEFAULT or \ mode == lib_bootstrap.LANGUAGE_NEGOTIATION_PATH: # _GET['q'] might not be available at this time, because # path initialization runs after the language bootstrap phase. args = (php.explode('/', _GET['q']) if php.isset(_GET, 'q') else []) prefix = php.array_shift(args) # Search prefix within enabled languages. for language in languages: if (not php.empty(language.prefix) and language.prefix == prefix): # Rebuild php.GET['q'] with the language removed. php.GET['q'] = php.implode('/', args) return language if (mode == LANGUAGE_NEGOTIATION_PATH_DEFAULT): # If we did not found the language by prefix, choose the default. return language_default() # User language. if (lib_appglobals.user.uid and \ php.isset(languages[lib_appglobals.user.language])): return languages[lib_appglobals.user.language] # Browser accept-language parsing. language = language_from_browser() if (language): return language # Fall back on the default if everything else fails. return language_default()
def conf_init(): """ Loads the configuration and sets the base URL, cookie domain, and session name correctly. """ # These will come from settings # db_url, db_prefix, cookie_domain, conf, installed_profile, update_free_access if (lib_appglobals.base_url != None): # Parse fixed base URL from settings.php. parts = php.parse_url(lib_appglobals.base_url) if (not php.isset(parts, 'path')): parts['path'] = '' lib_appglobals.base_path = parts['path'] + '/' # Build base_root (everything until first slash after "scheme://"). lib_appglobals.base_root = \ php.substr(lib_appglobals.base_url, 0, \ php.strlen(lib_appglobals.base_url) - \ php.strlen(parts['path'])) else: # Create base URL lib_appglobals.base_root = \ ('https' if (php.isset(php.SERVER, 'HTTPS') and \ php.SERVER['HTTPS'] == 'on') else 'http') # As php.SERVER['HTTP_HOST'] is user input, ensure it only contains # characters allowed in hostnames. lib_appglobals.base_root += '://' + \ php.preg_replace('/[^a-z0-9-:._]/i', '', \ php.SERVER['HTTP_HOST']) lib_appglobals.base_url = lib_appglobals.base_root # php.SERVER['SCRIPT_NAME'] can, in contrast to php.SERVER['PHP_SELF'], not # be modified by a visitor. dir = php.trim(php.dirname(php.SERVER['SCRIPT_NAME']), '\,/') if (len(dir) > 0): lib_appglobals.base_path = "/dir" lib_appglobals.base_url += lib_appglobals.base_path lib_appglobals.base_path += '/' else: lib_appglobals.base_path = '/' if (settings.cookie_domain != None): # If the user specifies the cookie domain, also use it for session name. session_name_ = settings.cookie_domain else: # Otherwise use base_url as session name, without the protocol # to use the same session identifiers across http and https. session_name_ = php.explode('://', lib_appglobals.base_url, 2)[1] # We escape the hostname because it can be modified by a visitor. if (not php.empty(php.SERVER['HTTP_HOST'])): settings.cookie_domain = check_plain(php.SERVER['HTTP_HOST']) # To prevent session cookies from being hijacked, a user can configure the # SSL version of their website to only transfer session cookies via SSL by # using PHP's session.cookie_secure setting. The browser will then use two # separate session cookies for the HTTPS and HTTP versions of the site. So we # must use different session identifiers for HTTPS and HTTP to prevent a # cookie collision. if (php.ini_get('session.cookie_secure')): session_name_ += 'SSL' # Strip leading periods, www., and port numbers from cookie domain. settings.cookie_domain = php.ltrim(settings.cookie_domain, '.') if (php.strpos(settings.cookie_domain, 'www.') == 0): settings.cookie_domain = php.substr(settings.cookie_domain, 4) settings.cookie_domain = php.explode(':', settings.cookie_domain) settings.cookie_domain = '.' + settings.cookie_domain[0] # Per RFC 2109, cookie domains must contain at least one dot other than the # first. For hosts such as 'localhost' or IP Addresses we don't set a # cookie domain. if (php.count(php.explode('.', settings.cookie_domain)) > 2 and not \ php.is_numeric(php.str_replace('.', '', settings.cookie_domain))): php.ini_set('session.cookie_domain', settings.cookie_domain) #print session_name; lib_session.name('SESS' + php.md5(session_name_))
def conf_init(): """ Loads the configuration and sets the base URL, cookie domain, and session name correctly. """ # These will come from settings # db_url, db_prefix, cookie_domain, conf, installed_profile, update_free_access if lib_appglobals.base_url != None: # Parse fixed base URL from settings.php. parts = php.parse_url(lib_appglobals.base_url) if not php.isset(parts, "path"): parts["path"] = "" lib_appglobals.base_path = parts["path"] + "/" # Build base_root (everything until first slash after "scheme://"). lib_appglobals.base_root = php.substr( lib_appglobals.base_url, 0, php.strlen(lib_appglobals.base_url) - php.strlen(parts["path"]) ) else: # Create base URL lib_appglobals.base_root = ( "https" if (php.isset(php.SERVER, "HTTPS") and php.SERVER["HTTPS"] == "on") else "http" ) # As php.SERVER['HTTP_HOST'] is user input, ensure it only contains # characters allowed in hostnames. lib_appglobals.base_root += "://" + php.preg_replace("/[^a-z0-9-:._]/i", "", php.SERVER["HTTP_HOST"]) lib_appglobals.base_url = lib_appglobals.base_root # php.SERVER['SCRIPT_NAME'] can, in contrast to php.SERVER['PHP_SELF'], not # be modified by a visitor. dir = php.trim(php.dirname(php.SERVER["SCRIPT_NAME"]), "\,/") if len(dir) > 0: lib_appglobals.base_path = "/dir" lib_appglobals.base_url += lib_appglobals.base_path lib_appglobals.base_path += "/" else: lib_appglobals.base_path = "/" if settings.cookie_domain != None: # If the user specifies the cookie domain, also use it for session name. session_name_ = settings.cookie_domain else: # Otherwise use base_url as session name, without the protocol # to use the same session identifiers across http and https. session_name_ = php.explode("://", lib_appglobals.base_url, 2)[1] # We escape the hostname because it can be modified by a visitor. if not php.empty(php.SERVER["HTTP_HOST"]): settings.cookie_domain = check_plain(php.SERVER["HTTP_HOST"]) # To prevent session cookies from being hijacked, a user can configure the # SSL version of their website to only transfer session cookies via SSL by # using PHP's session.cookie_secure setting. The browser will then use two # separate session cookies for the HTTPS and HTTP versions of the site. So we # must use different session identifiers for HTTPS and HTTP to prevent a # cookie collision. if php.ini_get("session.cookie_secure"): session_name_ += "SSL" # Strip leading periods, www., and port numbers from cookie domain. settings.cookie_domain = php.ltrim(settings.cookie_domain, ".") if php.strpos(settings.cookie_domain, "www.") == 0: settings.cookie_domain = php.substr(settings.cookie_domain, 4) settings.cookie_domain = php.explode(":", settings.cookie_domain) settings.cookie_domain = "." + settings.cookie_domain[0] # Per RFC 2109, cookie domains must contain at least one dot other than the # first. For hosts such as 'localhost' or IP Addresses we don't set a # cookie domain. if php.count(php.explode(".", settings.cookie_domain)) > 2 and not php.is_numeric( php.str_replace(".", "", settings.cookie_domain) ): php.ini_set("session.cookie_domain", settings.cookie_domain) # print session_name; lib_session.name("SESS" + php.md5(session_name_))