crmPRO/index.php

<?php
error_reporting(E_ALL ^ E_NOTICE ^ E_STRICT ^ E_WARNING ^ E_DEPRECATED);
function __autoload_my_classes($classname)
{
    $q = explode('\\', $classname);
    $c = array_pop($q);
    $base_path = 'autoload/' . implode('/', $q) . '/';
    $f = $base_path . $c . '.php';
    if ( !file_exists( $f ) )
      $f = $base_path . 'class.' . $c . '.php';

    if (file_exists($f)) {
        require_once($f);
    }
}
spl_autoload_register('__autoload_my_classes');
date_default_timezone_set('Europe/Warsaw');

require_once 'config.php';
require_once 'libraries/medoo/medoo.php';
require_once 'libraries/grid/config.php';
require_once 'libraries/phpmailer/class.phpmailer.php';
require_once 'libraries/phpmailer/class.smtp.php';
require_once 'libraries/rb.php';

session_start();

if (!isset($_SESSION['check'])) {
    session_regenerate_id();
    $_SESSION['check']  = true;
    $_SESSION['ip']     = $_SERVER['REMOTE_ADDR'];
}

if ($_SESSION['ip'] !== $_SERVER['REMOTE_ADDR']) {
    session_destroy();
    header('Location: /');
    exit;
}

\R::setup('mysql:host=' . $database['host'] . ';dbname=' . $database['name'], $database['user'], $database['password']);
\R::ext('xdispense', function ($type) {
    return R::getRedBean() -> dispense($type);
});

$mdb = new medoo([
                    'database_type' => 'mysql',
                    'database_name' => $database['name'],
                    'server'        => $database['host'],
                    'username'      => $database['user'],
                    'password'      => $database['password'],
                    'charset'       => 'utf8'
                ]);

$domain = preg_replace( '#^(http(s)?://)?w{3}\.#', '$1', $_SERVER['SERVER_NAME'] );
$cookie_name = str_replace( '.', '-', $domain );
$settings = array_merge( $settings, \factory\Crm::settings());

if ( empty( $_SESSION['_db_migrated_v3'] ) )
{
  $col = $mdb -> query( "SHOW COLUMNS FROM `users` LIKE 'remember_token'" ) -> fetch();
  if ( !$col )
    $mdb -> pdo -> exec( "ALTER TABLE `users` ADD COLUMN `remember_token` VARCHAR(64) DEFAULT NULL" );

  $tbl = $mdb -> query( "SHOW TABLES LIKE 'users_permissions'" ) -> fetch();
  if ( !$tbl )
  {
    $mdb -> pdo -> exec( "
      CREATE TABLE `users_permissions` (
        `user_id` INT UNSIGNED NOT NULL PRIMARY KEY,
        `tasks` TINYINT(1) NOT NULL DEFAULT 1,
        `projects` TINYINT(1) NOT NULL DEFAULT 1,
        `finances` TINYINT(1) NOT NULL DEFAULT 0,
        `wiki` TINYINT(1) NOT NULL DEFAULT 1,
        `crm` TINYINT(1) NOT NULL DEFAULT 0,
        `work_time` TINYINT(1) NOT NULL DEFAULT 1
      ) ENGINE=InnoDB DEFAULT CHARSET=utf8
    " );
  }
  else
  {
    $col_z = $mdb -> query( "SHOW COLUMNS FROM `users_permissions` LIKE 'zaplecze'" ) -> fetch();
    if ( $col_z )
      $mdb -> pdo -> exec( "ALTER TABLE `users_permissions` DROP COLUMN `zaplecze`" );
  }

  $_SESSION['_db_migrated_v3'] = true;
}

if ( isset( $_COOKIE[$cookie_name] ) && !isset( $_SESSION['user'] ) )
{
  $remember_token = $_COOKIE[$cookie_name];

  if ( is_string( $remember_token ) && strlen( $remember_token ) === 64 && ctype_xdigit( $remember_token ) )
  {
    $user_tmp = $mdb -> get( 'users', '*', [ 'remember_token' => $remember_token ] );
    if ( $user_tmp )
      \S::set_session( 'user', $user_tmp );
  }
  else
  {
    // stare cookie w nieaktualnym formacie — usunięcie
    setcookie( $cookie_name, "", [
      'expires'  => strtotime( "-1 year" ),
      'path'     => '/',
      'domain'   => $domain,
      'secure'   => true,
      'httponly'  => true,
      'samesite'  => 'Lax'
    ] );
  }
}

$user = \S::get_session('user');

if ( !$user and !in_array( $_SERVER['REQUEST_URI'], [ '/logowanie', '/rejestracja', '/users/login/', '/cron/main_view/' ] ) )
{
  header( 'Location: /logowanie' );
  exit;
}

echo \view\Site::show();