index.php ➔ elk_main() - Code Metrics - Inspection of "A few items, some questionable :D" - elkarte/Elkarte - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — development (#2955)

by Stephen

created 2017-07-05 01:28 UTC

index.php ➔ elk_main() B

↳ Parent: Project

Complexity

Conditions	5
Paths	7

Size

Total Lines	63
Code Lines	23

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	5
eloc	23
nc	7
nop	0
dl	0
loc	63
rs	8.6498
c	0
b	0
f	0

How to fix Long Method

<?php

/**
 * This, as you have probably guessed, is the crux for all functions.
 * Everything should start here, so all the setup and security is done
 * properly.
 *
 * @name      ElkArte Forum
 * @copyright ElkArte Forum contributors
 * @license   BSD http://opensource.org/licenses/BSD-3-Clause
 *
 * This file contains code covered by:
 * copyright:	2011 Simple Machines (http://www.simplemachines.org)
 * license:		BSD, See included LICENSE.TXT for terms and conditions.
 *
 * @version 1.1 Release Candidate 1
 *
 */

$time_start = microtime(true);

// The software version
const FORUM_VERSION = 'ElkArte 1.1 RC 1';

// First things first, but not necessarily in that order.
const ELK = '1';

// Shortcut for the browser cache stale
const CACHE_STALE = '?R11RC1';

// Report errors but not depreciated ones
error_reporting(E_ALL | E_STRICT & ~8192);

// Directional only script time usage for display
// getrusage is missing in php < 7 on Windows
if (function_exists('getrusage'))
	$rusage_start = getrusage();
else
	$rusage_start = array();

// Turn on output buffering if it isn't already on (via php.ini for example)
if (!ob_get_level())
	ob_start();

$db_show_debug = false;

// We don't need no globals. (a bug in "old" versions of PHP)
foreach (array('db_character_set', 'cachedir') as $variable)
	if (isset($GLOBALS[$variable]))
		unset($GLOBALS[$variable], $GLOBALS[$variable]);

// Where the Settings.php file is located
$settings_loc = __DIR__ . '/Settings.php';

// First thing: if the install dir exists, just send anybody there
// The ignore_install_dir var is for developers only. Do not add it on production sites
if (file_exists('install'))
{
	if (file_exists($settings_loc))
	{
		require_once($settings_loc);
	}
	if (empty($ignore_install_dir))
	{
		// No install_time defined or finished the installing in the last 2 minutes
		if (empty($install_time) || $install_time - time() < 120)
		{
			$redirec_file = 'install.php';
		}
		else
		{
			$redirec_file = 'upgrade.php';
		}

		header('Location: http' . (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ? 's' : '') . '://' . (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] . (empty($_SERVER['SERVER_PORT']) || $_SERVER['SERVER_PORT'] == '80' ? '' : ':' . $_SERVER['SERVER_PORT']) : $_SERVER['HTTP_HOST']) . (strtr(dirname($_SERVER['PHP_SELF']), '\\', '/') == '/' ? '' : strtr(dirname($_SERVER['PHP_SELF']), '\\', '/')) . '/install/' . $redirec_file);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
		die();
	}
}
else
{
	require_once($settings_loc);
}

// Make sure the paths are correct... at least try to fix them.
if (!file_exists($boarddir) && file_exists(__DIR__ . '/agreement.txt'))
	$boarddir = __DIR__;
if (!file_exists($sourcedir . '/SiteDispatcher.class.php') && file_exists($boarddir . '/sources'))
	$sourcedir = $boarddir . '/sources';

// Check that directories which didn't exist in past releases are initialized.
if ((empty($cachedir) || !file_exists($cachedir)) && file_exists($boarddir . '/cache'))
	$cachedir = $boarddir . '/cache';
if ((empty($extdir) || !file_exists($extdir)) && file_exists($sourcedir . '/ext'))
	$extdir = $sourcedir . '/ext';
if ((empty($languagedir) || !file_exists($languagedir)) && file_exists($boarddir . '/themes/default/languages'))
	$languagedir = $boarddir . '/themes/default/languages';

// Time to forget about variables and go with constants!
DEFINE('BOARDDIR', $boarddir);
DEFINE('CACHEDIR', $cachedir);
DEFINE('EXTDIR', $extdir);
DEFINE('LANGUAGEDIR', $languagedir);
DEFINE('SOURCEDIR', $sourcedir);
DEFINE('ADMINDIR', $sourcedir . '/admin');
DEFINE('CONTROLLERDIR', $sourcedir . '/controllers');
DEFINE('SUBSDIR', $sourcedir . '/subs');
DEFINE('ADDONSDIR', $boarddir . '/addons');
unset($boarddir, $cachedir, $sourcedir, $languagedir, $extdir);

// Files we cannot live without.
require_once(SOURCEDIR . '/QueryString.php');
require_once(SOURCEDIR . '/Session.php');
require_once(SOURCEDIR . '/Subs.php');
require_once(SOURCEDIR . '/Logging.php');
require_once(SOURCEDIR . '/Load.php');
require_once(SOURCEDIR . '/Security.php');
require_once(SUBSDIR . '/Cache.subs.php');

// Initialize the class Autoloader
require(SOURCEDIR . '/Autoloader.class.php');
$autoloder = Elk_Autoloader::getInstance();
$autoloder->setupAutoloader(array(SOURCEDIR, SUBSDIR, CONTROLLERDIR, ADMINDIR, ADDONSDIR));
$autoloder->register(SOURCEDIR, '\\ElkArte');
$autoloder->register(SOURCEDIR . '/subs/BBC', '\\BBC');

// Show lots of debug information below the page, not for production sites
if ($db_show_debug === true)
	Debug::get()->rusage('start', $rusage_start);

// Forum in extended maintenance mode? Our trip ends here with a bland message.
if (!empty($maintenance) && $maintenance == 2)
	Errors::instance()->display_maintenance_message();

// Clean the request.
cleanRequest();

// Initiate the database connection and define some database functions to use.
loadDatabase();

// Let's set up our shiny new hooks handler.
Hooks::init(database(), Debug::get());

// It's time for settings loaded from the database.
reloadSettings();

// Our good ole' contextual array, which will hold everything
if (!isset($context))
{
	$context = array();
}

// Seed the random generator.
elk_seed_generator();


// Before we get carried away, are we doing a scheduled task? If so save CPU cycles by jumping out!
if (isset($_GET['scheduled']))
{
	// Don't make people wait on us if we can help it.
	if (function_exists('fastcgi_finish_request'))
		fastcgi_finish_request();

	$controller = new ScheduledTasks_Controller();
	$controller->action_autotask();
}

// Check if compressed output is enabled, supported, and not already being done.
if (!empty($modSettings['enableCompressedOutput']) && !headers_sent())
{
	// If zlib is being used, turn off output compression.
	if (detectServer()->outPutCompressionEnabled())
		$modSettings['enableCompressedOutput'] = 0;
	else
	{
		@ob_end_clean();
		ob_start('ob_gzhandler');
	}
}

// Register error & exception handlers.
new ElkArte\Errors\ErrorHandler;

// Start the session. (assuming it hasn't already been.)
loadSession();

// Restore post data if we are revalidating OpenID.
if (isset($_GET['openid_restore_post']) && !empty($_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]['post']) && empty($_POST))
{
	$_POST = $_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]['post'];
	unset($_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]);
}

// Pre-dispatch
elk_main();

// Call obExit specially; we're coming from the main area ;).
obExit(null, null, true);

/**
 * The main dispatcher.
 * This delegates to each area.
 */
function elk_main()
{
	global $modSettings, $context;

	// A safer way to work with our form globals
	// @todo Use a DIC
	$_req = HttpReq::instance();

	// What shall we do?
	$dispatcher = new Site_Dispatcher($_req);

	if ($dispatcher->needSecurity())
	{
		// We should set our security headers now.
		frameOptionsHeader();
		securityOptionsHeader();

		// Load the user's cookie (or set as guest) and load their settings.
		loadUserSettings();

		// Load the current board's information.
		loadBoard();

		// Load the current user's permissions.
		loadPermissions();

		// Load the current theme.  (note that ?theme=1 will also work, may be used for guest theming.)
		if ($dispatcher->needTheme())
		{
			loadTheme();

			// Load BadBehavior before we go much further
			loadBadBehavior();

			// The parser is not a DIC just yet
			loadBBCParsers();
		}
		// Otherwise don't require the entire theme to be loaded.
		else
		{
			detectBrowser();
		}

		// Check if the user should be disallowed access.
		is_not_banned();

		// Do some logging, unless this is an attachment, avatar, toggle of editor buttons, theme option, XML feed etc.
		if ($dispatcher->trackStats())
		{
			// I see you!
			writeLog();

			// Track forum statistics and hits...?
			if (!empty($modSettings['hitStats']))
				trackStats(array('hits' => '+'));
		}

		// Show where we came from, and go
		$context['site_action'] = $dispatcher->site_action();
	}

	$dispatcher->dispatch();
}


Pull Request — development (#2955)

index.php ➔ elk_main() B

Complexity

Size

Duplication

Importance

How to fix Long Method

Long Method

1 path for user data to reach this point

Response Splitting Attacks

General Strategies to prevent injection

1		<?php
2
3		/**
4		* This, as you have probably guessed, is the crux for all functions.
5		* Everything should start here, so all the setup and security is done
6		* properly.
7		*
8		* @name ElkArte Forum
9		* @copyright ElkArte Forum contributors
10		* @license BSD http://opensource.org/licenses/BSD-3-Clause
11		*
12		* This file contains code covered by:
13		* copyright: 2011 Simple Machines (http://www.simplemachines.org)
14		* license: BSD, See included LICENSE.TXT for terms and conditions.
15		*
16		* @version 1.1 Release Candidate 1
17		*
18		*/
19
20		$time_start = microtime(true);
21
22		// The software version
23		const FORUM_VERSION = 'ElkArte 1.1 RC 1';
24
25		// First things first, but not necessarily in that order.
26		const ELK = '1';
27
28		// Shortcut for the browser cache stale
29		const CACHE_STALE = '?R11RC1';
30
31		// Report errors but not depreciated ones
32		error_reporting(E_ALL \| E_STRICT & ~8192);
33
34		// Directional only script time usage for display
35		// getrusage is missing in php < 7 on Windows
36		if (function_exists('getrusage'))
37		$rusage_start = getrusage();
38		else
39		$rusage_start = array();
40
41		// Turn on output buffering if it isn't already on (via php.ini for example)
42		if (!ob_get_level())
43		ob_start();
44
45		$db_show_debug = false;
46
47		// We don't need no globals. (a bug in "old" versions of PHP)
48	View Code Duplication	foreach (array('db_character_set', 'cachedir') as $variable)
49		if (isset($GLOBALS[$variable]))
50		unset($GLOBALS[$variable], $GLOBALS[$variable]);
51
52		// Where the Settings.php file is located
53		$settings_loc = __DIR__ . '/Settings.php';
54
55		// First thing: if the install dir exists, just send anybody there
56		// The ignore_install_dir var is for developers only. Do not add it on production sites
57		if (file_exists('install'))
58		{
59		if (file_exists($settings_loc))
60		{
61		require_once($settings_loc);
62		}
63		if (empty($ignore_install_dir))
64		{
65		// No install_time defined or finished the installing in the last 2 minutes
66		if (empty($install_time) \|\| $install_time - time() < 120)
67		{
68		$redirec_file = 'install.php';
69		}
70		else
71		{
72		$redirec_file = 'upgrade.php';
73		}
74
75		header('Location: http' . (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ? 's' : '') . '://' . (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] . (empty($_SERVER['SERVER_PORT']) \|\| $_SERVER['SERVER_PORT'] == '80' ? '' : ':' . $_SERVER['SERVER_PORT']) : $_SERVER['HTTP_HOST']) . (strtr(dirname($_SERVER['PHP_SELF']), '\\', '/') == '/' ? '' : strtr(dirname($_SERVER['PHP_SELF']), '\\', '/')) . '/install/' . $redirec_file);
		0 ignored issues – show Security Response Splitting introduced 2016-07-06 01:30 UTC by Report Bug Copy Issue Report `'Location: http' . (!emp...stall/' . $redirec_file` can contain request data and is used in response header context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Fetching key `HTTP_HOST` from `$_SERVER` in index.php on line 75 Response Splitting Attacks Allowing an attacker to set a response header, opens your application to response splitting attacks; effectively allowing an attacker to send any response, he would like. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
76		die();
77		}
78		}
79		else
80		{
81		require_once($settings_loc);
82		}
83
84		// Make sure the paths are correct... at least try to fix them.
85		if (!file_exists($boarddir) && file_exists(__DIR__ . '/agreement.txt'))
86		$boarddir = __DIR__;
87	View Code Duplication	if (!file_exists($sourcedir . '/SiteDispatcher.class.php') && file_exists($boarddir . '/sources'))
88		$sourcedir = $boarddir . '/sources';
89
90		// Check that directories which didn't exist in past releases are initialized.
91	View Code Duplication	if ((empty($cachedir) \|\| !file_exists($cachedir)) && file_exists($boarddir . '/cache'))
92		$cachedir = $boarddir . '/cache';
93	View Code Duplication	if ((empty($extdir) \|\| !file_exists($extdir)) && file_exists($sourcedir . '/ext'))
94		$extdir = $sourcedir . '/ext';
95	View Code Duplication	if ((empty($languagedir) \|\| !file_exists($languagedir)) && file_exists($boarddir . '/themes/default/languages'))
96		$languagedir = $boarddir . '/themes/default/languages';
97
98		// Time to forget about variables and go with constants!
99		DEFINE('BOARDDIR', $boarddir);
100		DEFINE('CACHEDIR', $cachedir);
101		DEFINE('EXTDIR', $extdir);
102		DEFINE('LANGUAGEDIR', $languagedir);
103		DEFINE('SOURCEDIR', $sourcedir);
104		DEFINE('ADMINDIR', $sourcedir . '/admin');
105		DEFINE('CONTROLLERDIR', $sourcedir . '/controllers');
106		DEFINE('SUBSDIR', $sourcedir . '/subs');
107		DEFINE('ADDONSDIR', $boarddir . '/addons');
108		unset($boarddir, $cachedir, $sourcedir, $languagedir, $extdir);
109
110		// Files we cannot live without.
111		require_once(SOURCEDIR . '/QueryString.php');
112		require_once(SOURCEDIR . '/Session.php');
113		require_once(SOURCEDIR . '/Subs.php');
114		require_once(SOURCEDIR . '/Logging.php');
115		require_once(SOURCEDIR . '/Load.php');
116		require_once(SOURCEDIR . '/Security.php');
117		require_once(SUBSDIR . '/Cache.subs.php');
118
119		// Initialize the class Autoloader
120		require(SOURCEDIR . '/Autoloader.class.php');
121		$autoloder = Elk_Autoloader::getInstance();
122		$autoloder->setupAutoloader(array(SOURCEDIR, SUBSDIR, CONTROLLERDIR, ADMINDIR, ADDONSDIR));
123		$autoloder->register(SOURCEDIR, '\\ElkArte');
124		$autoloder->register(SOURCEDIR . '/subs/BBC', '\\BBC');
125
126		// Show lots of debug information below the page, not for production sites
127		if ($db_show_debug === true)
128		Debug::get()->rusage('start', $rusage_start);
129
130		// Forum in extended maintenance mode? Our trip ends here with a bland message.
131		if (!empty($maintenance) && $maintenance == 2)
132		Errors::instance()->display_maintenance_message();
133
134		// Clean the request.
135		cleanRequest();
136
137		// Initiate the database connection and define some database functions to use.
138		loadDatabase();
139
140		// Let's set up our shiny new hooks handler.
141		Hooks::init(database(), Debug::get());
142
143		// It's time for settings loaded from the database.
144		reloadSettings();
145
146		// Our good ole' contextual array, which will hold everything
147		if (!isset($context))
148		{
149		$context = array();
150		}
151
152		// Seed the random generator.
153		elk_seed_generator();
		0 ignored issues – show Deprecated Code introduced 2017-01-28 23:22 UTC by Report Bug Copy Issue Report The function `elk_seed_generator()` has been deprecated. This function has been deprecated. Loading history...
154
155		// Before we get carried away, are we doing a scheduled task? If so save CPU cycles by jumping out!
156		if (isset($_GET['scheduled']))
157		{
158		// Don't make people wait on us if we can help it.
159		if (function_exists('fastcgi_finish_request'))
160		fastcgi_finish_request();
161
162		$controller = new ScheduledTasks_Controller();
163		$controller->action_autotask();
164		}
165
166		// Check if compressed output is enabled, supported, and not already being done.
167		if (!empty($modSettings['enableCompressedOutput']) && !headers_sent())
168		{
169		// If zlib is being used, turn off output compression.
170		if (detectServer()->outPutCompressionEnabled())
171		$modSettings['enableCompressedOutput'] = 0;
172		else
173		{
174		@ob_end_clean();
175		ob_start('ob_gzhandler');
176		}
177		}
178
179		// Register error & exception handlers.
180		new ElkArte\Errors\ErrorHandler;
181
182		// Start the session. (assuming it hasn't already been.)
183		loadSession();
184
185		// Restore post data if we are revalidating OpenID.
186		if (isset($_GET['openid_restore_post']) && !empty($_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]['post']) && empty($_POST))
187		{
188		$_POST = $_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]['post'];
189		unset($_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]);
190		}
191
192		// Pre-dispatch
193		elk_main();
194
195		// Call obExit specially; we're coming from the main area ;).
196		obExit(null, null, true);
197
198		/**
199		* The main dispatcher.
200		* This delegates to each area.
201		*/
202		function elk_main()
203		{
204		global $modSettings, $context;
205
206		// A safer way to work with our form globals
207		// @todo Use a DIC
208		$_req = HttpReq::instance();
209
210		// What shall we do?
211		$dispatcher = new Site_Dispatcher($_req);
212
213		if ($dispatcher->needSecurity())
214		{
215		// We should set our security headers now.
216		frameOptionsHeader();
217		securityOptionsHeader();
218
219		// Load the user's cookie (or set as guest) and load their settings.
220		loadUserSettings();
221
222		// Load the current board's information.
223		loadBoard();
224
225		// Load the current user's permissions.
226		loadPermissions();
227
228		// Load the current theme. (note that ?theme=1 will also work, may be used for guest theming.)
229		if ($dispatcher->needTheme())
230		{
231		loadTheme();
232
233		// Load BadBehavior before we go much further
234		loadBadBehavior();
235
236		// The parser is not a DIC just yet
237		loadBBCParsers();
238		}
239		// Otherwise don't require the entire theme to be loaded.
240		else
241		{
242		detectBrowser();
243		}
244
245		// Check if the user should be disallowed access.
246		is_not_banned();
247
248		// Do some logging, unless this is an attachment, avatar, toggle of editor buttons, theme option, XML feed etc.
249		if ($dispatcher->trackStats())
250		{
251		// I see you!
252		writeLog();
253
254		// Track forum statistics and hits...?
255		if (!empty($modSettings['hitStats']))
256		trackStats(array('hits' => '+'));
257		}
258
259		// Show where we came from, and go
260		$context['site_action'] = $dispatcher->site_action();
261		}
262
263		$dispatcher->dispatch();
264		}
265

elkarte / Elkarte

Pull Request — development (#2955)

index.php ➔ elk_main() B

Complexity

Size

Duplication

Importance

How to fix Long Method

Long Method

1 path for user data to reach this point

Response Splitting Attacks

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like