/program/install.php - the main entrypoint for website installation
This is one of the main entry points for Website@School. Other main entry points are /admin.php, /cron.php, /file.php and /index.php. There is also /program/manual.php. Main entry points all define the constant WASENTRY. This is used in various include()ed files to detect break-in attempts.
Class | Description |
---|---|
![]() |
class for performing installation tasks |
Valid entry points define WASENTRY; prevents direct access to include()'s.
determine the name of the executing script (the entry point)
this routine tries to reach consensus about the name of the script that was the entry point. This is not as easy as it sounds. Here are some real-world examples in three variations:
Example 2 - a simple Linux-server and http://exemplum.eu/was/index.php?area=1&node=23
Example 3 - a simple Linux-server and http://exemplum.eu/was/index.php/1/23/Welcome
Example 4 - an ISP running php via CGI and http://exemplum.eu/was/index.php
Example 5 - an ISP running php via CGI and http://exemplum.eu/was/index.php?area=1&node=23
Example 6 - an ISP running php via CGI and http://exemplum.eu/was/index.php/1/23/Welcome
Simply using SCRIPT_NAME as per PHP Documentation won't work (see examples 4 and 5). Simply using PHP_SELF is also problematic (see example 3) because it equates to user input. Another problem is the use of symbolic links. The ISP running php via CGI shows this value for __FILE__ (in index.php):
__FILE__ => /usr/local/WWW/E/.5c1/e/exemplum/htdocs/was/index.php
so this simple assertion of the calculated value '/was/index.php' fails:
$DOCUMENT_ROOT.'/was/index.php' == __FILE__
because of the '/.5c1' within the __FILE__ path. However, this might be solved by looking at the realpath() of the left hand side because that resolves the 'hidden' link within $DOCUMENT_ROOT.
All in all the parameter REQUEST_URI shows the most consistent information never mind the appended parameters like node=23, so we start there.
The strategy is as follows.
3. If (basename(__FILE__) == basename(SCRIPT_NAME) then SCRIPT_NAME is the likely answer (works for 1/2/3) 4. If (basename(__FILE__) == basename(PHP_SELF) then PHP_SELF is the likely answer (works for 4/5)
Finally, as a double check we assert that the DOCUMENT_ROOT together with the answer actually yields the __FILE__ path (resolving symlinks along the way). If it doesn't I'd say there is something going terribly wrong, wrong enought to warrant an emergency exit.
In other words: if there is only a slight doubt about the correct answer we simply die();
Note that an almost identical routine wasentry_script_name() is used in the main program via init.php.
Documentation generated on Tue, 28 Jun 2016 19:09:53 +0200 by phpDocumentor 1.4.0