diff --git a/public/include/admin_checks.php b/public/include/admin_checks.php
index 094555ce..d1c099cd 100644
--- a/public/include/admin_checks.php
+++ b/public/include/admin_checks.php
@@ -102,8 +102,8 @@ if (@$_SESSION['USERDATA']['is_admin'] && $user->isAdmin(@$_SESSION['USERDATA'][
$notice[] = "Strict is disabled - if you have memcache, you should turn this on.";
}
// salts too short -> notice, salts default -> error
- if ((strlen(SALT) < 24) || (strlen(SALTY) < 24) || SALT == 'PLEASEMAKEMESOMETHINGRANDOM' || SALTY == 'THISSHOULDALSOBERRAANNDDOOM') {
- if (SALT == 'PLEASEMAKEMESOMETHINGRANDOM' || SALTY == 'THISSHOULDALSOBERRAANNDDOOM') {
+ if ((strlen($config['SALT']) < 24) || (strlen($config['SALTY']) < 24) || $config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
+ if ($config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
$error[] = "You absolutely SHOULD NOT leave your SALT or SALTY default";
} else {
$notice[] = "SALT or SALTY is too short, they should be more than 24 characters and changing them will require registering again.";
diff --git a/public/include/bootstrap.php b/public/include/bootstrap.php
new file mode 100644
index 00000000..98cf6d55
--- /dev/null
+++ b/public/include/bootstrap.php
@@ -0,0 +1,28 @@
+Quick Start Guide";
+
+// Include our configuration (holding defines for the requires)
+if (!include_once(BASEPATH . 'include/config/global.inc.dist.php')) die('Unable to load base global config - '.$quickstartlink);
+if (!@include_once(BASEPATH . 'include/config/global.inc.php')) die('Unable to load your global config - '.$quickstartlink);
+
+// load our security configs
+if (!include_once(BASEPATH . 'include/config/security.inc.dist.php')) die('Unable to load base security config - '.$quickstartlink);
+if (@file_exists(BASEPATH . 'include/config/security.inc.php')) include_once(BASEPATH . 'include/config/security.inc.php');
+
+// Our default template to load, pages can overwrite this later
+$master_template = 'master.tpl';
+
+// Load Classes, they name defines the $ variable used
+// We include all needed files here, even though our templates could load them themself
+require_once(INCLUDE_DIR . '/autoloader.inc.php');
+
+?>
\ No newline at end of file
diff --git a/public/include/classes/bitcoinwrapper.class.php b/public/include/classes/bitcoinwrapper.class.php
index fe913ee2..544cecff 100644
--- a/public/include/classes/bitcoinwrapper.class.php
+++ b/public/include/classes/bitcoinwrapper.class.php
@@ -73,4 +73,4 @@ class BitcoinWrapper extends BitcoinClient {
}
// Load this wrapper
-$bitcoin = new BitcoinWrapper($config['wallet']['type'], $config['wallet']['username'], $config['wallet']['password'], $config['wallet']['host'], DEBUG, $debug, $memcache);
+$bitcoin = new BitcoinWrapper($config['wallet']['type'], $config['wallet']['username'], $config['wallet']['password'], $config['wallet']['host'], $config['DEBUG'], $debug, $memcache);
diff --git a/public/include/classes/csrftoken.class.php b/public/include/classes/csrftoken.class.php
index bdcb0821..13e20955 100644
--- a/public/include/classes/csrftoken.class.php
+++ b/public/include/classes/csrftoken.class.php
@@ -97,8 +97,8 @@ class CSRFToken Extends Base {
$csrftoken = new CSRFToken();
$csrftoken->setDebug($debug);
$csrftoken->setMysql($mysqli);
-$csrftoken->setSalt(SALT);
-$csrftoken->setSalty(SALTY);
+$csrftoken->setSalt($config['SALT']);
+$csrftoken->setSalty($config['SALTY']);
$csrftoken->setMail($mail);
$csrftoken->setUser($user);
$csrftoken->setToken($oToken);
diff --git a/public/include/classes/debug.class.php b/public/include/classes/debug.class.php
index 46c8a8d4..de5c9435 100644
--- a/public/include/classes/debug.class.php
+++ b/public/include/classes/debug.class.php
@@ -108,5 +108,5 @@ class Debug {
}
// Instantiate this class
-$debug = new Debug(DEBUG);
+$debug = new Debug($config['DEBUG']);
?>
diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index b71119ac..138cb6dc 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -861,7 +861,7 @@ public function isAuthenticated($logout=true) {
$user = new User();
$user->setDebug($debug);
$user->setMysql($mysqli);
-$user->setSalt(SALT);
+$user->setSalt($config['SALT']);
$user->setSmarty($smarty);
$user->setConfig($config);
$user->setMail($mail);
diff --git a/public/include/config/global.inc.dist.php b/public/include/config/global.inc.dist.php
index 83c35b62..44efc690 100644
--- a/public/include/config/global.inc.dist.php
+++ b/public/include/config/global.inc.dist.php
@@ -19,14 +19,9 @@ $config['skip_config_tests'] = false;
* Debug setting and salts for hashing passwords
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-defines--salts
*/
-define('DEBUG', 0);
-define('SALT', 'PLEASEMAKEMESOMETHINGRANDOM');
-define('SALTY', 'THISSHOULDALSOBERRAANNDDOOM');
-
-define('INCLUDE_DIR', BASEPATH . 'include');
-define('CLASS_DIR', INCLUDE_DIR . '/classes');
-define('PAGES_DIR', INCLUDE_DIR . '/pages');
-define('THEME_DIR', BASEPATH . 'templates');
+$config['DEBUG'] = 0;
+$config['SALT'] = 'PLEASEMAKEMESOMETHINGRANDOM';
+$config['SALTY'] = 'THISSHOULDALSOBERRAANNDDOOM';
/**
* Coin Algorithm
diff --git a/public/include/smarty_globals.inc.php b/public/include/smarty_globals.inc.php
index bb658cd1..b18e5bb4 100644
--- a/public/include/smarty_globals.inc.php
+++ b/public/include/smarty_globals.inc.php
@@ -170,7 +170,7 @@ if ($motd = $setting->getValue('system_motd'))
$_SESSION['POPUP'][] = array('CONTENT' => $motd, 'TYPE' => 'info');
// So we can display additional info
-$smarty->assign('DEBUG', DEBUG);
+$smarty->assign('DEBUG', $config['DEBUG']);
// Make it available in Smarty
$smarty->assign('PATH', 'site_assets/' . THEME);
diff --git a/public/index.php b/public/index.php
index fbcc0bcb..40a313b9 100644
--- a/public/index.php
+++ b/public/index.php
@@ -32,28 +32,16 @@ if (SECHASH_CHECK) {
function cfip() { return (@defined('SECURITY')) ? 1 : 0; }
}
-// Used for performance calculations
-$dStartTime = microtime(true);
-
// This should be okay
// No but Its now, - Aim
define("BASEPATH", dirname(__FILE__) . "/");
-// Include our configuration (holding defines for the requires)
-if (!include_once(BASEPATH . 'include/config/global.inc.php')) die('Unable to load site configuration');
-if (!include_once(BASEPATH . 'include/config/security.inc.dist.php')) die('Unable to load security configuration');
-if (@file_exists(BASEPATH . 'include/config/security.inc.php')) include_once(BASEPATH . 'include/config/security.inc.php');
+// all our includes and config etc are now in bootstrap
+include_once('include/bootstrap.php');
// switch to https if config option is enabled
$hts = ($config['strict__https_only'] && (!empty($_SERVER['QUERY_STRING']))) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."?".$_SERVER['QUERY_STRING'] : "https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME'];
-($config['strict__https_only'] && @!$_SERVER['HTTPS']) ? exit(header($hts)):0;
-
-// Our default template to load, pages can overwrite this later
-$master_template = 'master.tpl';
-
-// Load Classes, they name defines the $ variable used
-// We include all needed files here, even though our templates could load them themself
-require_once(INCLUDE_DIR . '/autoloader.inc.php');
+($config['strict__https_only'] && @!$_SERVER['HTTPS']) ? exit(header("Location: ".$hts)):0;
if ($config['memcache']['enabled'] && ($config['mc_antidos']['enabled'] || $config['strict'])) {
if (PHP_OS == 'WINNT') {
diff --git a/tests/unit/config/SampleTest.php b/tests/unit/config/SampleTest.php
index 3ee6c140..ae788a29 100644
--- a/tests/unit/config/SampleTest.php
+++ b/tests/unit/config/SampleTest.php
@@ -8,8 +8,8 @@ class TestDistConfig extends PHPUnit_Framework_Testcase {
* Test to make sure SALT is sane
*/
function testSaltLength() {
- $this->assertNotEmpty(SALT);
- $this->assertGreaterThan(1, strlen(SALT));
+ $this->assertNotEmpty($config['SALT']);
+ $this->assertGreaterThan(1, strlen($config['SALTY']));
}
}