From 568445845a796c1e8645c9533817edcc2928c9ca Mon Sep 17 00:00:00 2001
From: xisi <chaeldarrs@gmail.com>
Date: Wed, 29 Jan 2014 07:34:50 -0500
Subject: [PATCH] changes DEBUG SALT and SALTY from defines to variables
 switched that in all places used (class loads mostly) moved all includes at
 the beginning of index into bootstrap moves *_PATH defines from config to
 bootstrap config now uses defaults first, then user config

---
 public/include/admin_checks.php               |  4 +--
 public/include/bootstrap.php                  | 28 +++++++++++++++++++
 .../include/classes/bitcoinwrapper.class.php  |  2 +-
 public/include/classes/csrftoken.class.php    |  4 +--
 public/include/classes/debug.class.php        |  2 +-
 public/include/classes/user.class.php         |  2 +-
 public/include/config/global.inc.dist.php     | 11 ++------
 public/include/smarty_globals.inc.php         |  2 +-
 public/index.php                              | 18 ++----------
 tests/unit/config/SampleTest.php              |  4 +--
 10 files changed, 44 insertions(+), 33 deletions(-)
 create mode 100644 public/include/bootstrap.php

diff --git a/public/include/admin_checks.php b/public/include/admin_checks.php
index 094555ce..d1c099cd 100644
--- a/public/include/admin_checks.php
+++ b/public/include/admin_checks.php
@@ -102,8 +102,8 @@ if (@$_SESSION['USERDATA']['is_admin'] && $user->isAdmin(@$_SESSION['USERDATA'][
     $notice[] = "Strict is <u>disabled</u> - if you have memcache, you should turn this on.";
   }
   // salts too short -> notice, salts default -> error
-  if ((strlen(SALT) < 24) || (strlen(SALTY) < 24) || SALT == 'PLEASEMAKEMESOMETHINGRANDOM' || SALTY == 'THISSHOULDALSOBERRAANNDDOOM') {
-    if (SALT == 'PLEASEMAKEMESOMETHINGRANDOM' || SALTY == 'THISSHOULDALSOBERRAANNDDOOM') {
+  if ((strlen($config['SALT']) < 24) || (strlen($config['SALTY']) < 24) || $config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
+    if ($config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
       $error[] = "You absolutely <u>SHOULD NOT leave your SALT or SALTY default</u>";
     } else {
       $notice[] = "SALT or SALTY is too short, they should be more than 24 characters and changing them will require registering again.";
diff --git a/public/include/bootstrap.php b/public/include/bootstrap.php
new file mode 100644
index 00000000..98cf6d55
--- /dev/null
+++ b/public/include/bootstrap.php
@@ -0,0 +1,28 @@
+<?php 
+$defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
+// Used for performance calculations
+$dStartTime = microtime(true);
+
+define('INCLUDE_DIR', BASEPATH . 'include');
+define('CLASS_DIR', INCLUDE_DIR . '/classes');
+define('PAGES_DIR', INCLUDE_DIR . '/pages');
+define('THEME_DIR', BASEPATH . 'templates');
+
+$quickstartlink = "<a href='https://github.com/MPOS/php-mpos/wiki/Quick-Start-Guide' title='MPOS Quick Start Guide'>Quick Start Guide</a>";
+
+// Include our configuration (holding defines for the requires)
+if (!include_once(BASEPATH . 'include/config/global.inc.dist.php')) die('Unable to load base global config - '.$quickstartlink);
+if (!@include_once(BASEPATH . 'include/config/global.inc.php')) die('Unable to load your global config - '.$quickstartlink);
+
+// load our security configs
+if (!include_once(BASEPATH . 'include/config/security.inc.dist.php')) die('Unable to load base security config - '.$quickstartlink);
+if (@file_exists(BASEPATH . 'include/config/security.inc.php')) include_once(BASEPATH . 'include/config/security.inc.php');
+
+// Our default template to load, pages can overwrite this later
+$master_template = 'master.tpl';
+
+// Load Classes, they name defines the $ variable used
+// We include all needed files here, even though our templates could load them themself
+require_once(INCLUDE_DIR . '/autoloader.inc.php');
+
+?>
\ No newline at end of file
diff --git a/public/include/classes/bitcoinwrapper.class.php b/public/include/classes/bitcoinwrapper.class.php
index fe913ee2..544cecff 100644
--- a/public/include/classes/bitcoinwrapper.class.php
+++ b/public/include/classes/bitcoinwrapper.class.php
@@ -73,4 +73,4 @@ class BitcoinWrapper extends BitcoinClient {
 }
 
 // Load this wrapper
-$bitcoin = new BitcoinWrapper($config['wallet']['type'], $config['wallet']['username'], $config['wallet']['password'], $config['wallet']['host'], DEBUG, $debug, $memcache);
+$bitcoin = new BitcoinWrapper($config['wallet']['type'], $config['wallet']['username'], $config['wallet']['password'], $config['wallet']['host'], $config['DEBUG'], $debug, $memcache);
diff --git a/public/include/classes/csrftoken.class.php b/public/include/classes/csrftoken.class.php
index bdcb0821..13e20955 100644
--- a/public/include/classes/csrftoken.class.php
+++ b/public/include/classes/csrftoken.class.php
@@ -97,8 +97,8 @@ class CSRFToken Extends Base {
 $csrftoken = new CSRFToken();
 $csrftoken->setDebug($debug);
 $csrftoken->setMysql($mysqli);
-$csrftoken->setSalt(SALT);
-$csrftoken->setSalty(SALTY);
+$csrftoken->setSalt($config['SALT']);
+$csrftoken->setSalty($config['SALTY']);
 $csrftoken->setMail($mail);
 $csrftoken->setUser($user);
 $csrftoken->setToken($oToken);
diff --git a/public/include/classes/debug.class.php b/public/include/classes/debug.class.php
index 46c8a8d4..de5c9435 100644
--- a/public/include/classes/debug.class.php
+++ b/public/include/classes/debug.class.php
@@ -108,5 +108,5 @@ class Debug {
 }
 
 // Instantiate this class
-$debug = new Debug(DEBUG);
+$debug = new Debug($config['DEBUG']);
 ?>
diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index b71119ac..138cb6dc 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -861,7 +861,7 @@ public function isAuthenticated($logout=true) {
 $user = new User();
 $user->setDebug($debug);
 $user->setMysql($mysqli);
-$user->setSalt(SALT);
+$user->setSalt($config['SALT']);
 $user->setSmarty($smarty);
 $user->setConfig($config);
 $user->setMail($mail);
diff --git a/public/include/config/global.inc.dist.php b/public/include/config/global.inc.dist.php
index 83c35b62..44efc690 100644
--- a/public/include/config/global.inc.dist.php
+++ b/public/include/config/global.inc.dist.php
@@ -19,14 +19,9 @@ $config['skip_config_tests'] = false;
  *  Debug setting and salts for hashing passwords
  *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-defines--salts
  */
-define('DEBUG', 0);
-define('SALT', 'PLEASEMAKEMESOMETHINGRANDOM');
-define('SALTY', 'THISSHOULDALSOBERRAANNDDOOM');
-
-define('INCLUDE_DIR', BASEPATH . 'include');
-define('CLASS_DIR', INCLUDE_DIR . '/classes');
-define('PAGES_DIR', INCLUDE_DIR . '/pages');
-define('THEME_DIR', BASEPATH . 'templates');
+$config['DEBUG'] = 0;
+$config['SALT'] = 'PLEASEMAKEMESOMETHINGRANDOM';
+$config['SALTY'] = 'THISSHOULDALSOBERRAANNDDOOM';
 
 /**
   * Coin Algorithm
diff --git a/public/include/smarty_globals.inc.php b/public/include/smarty_globals.inc.php
index bb658cd1..b18e5bb4 100644
--- a/public/include/smarty_globals.inc.php
+++ b/public/include/smarty_globals.inc.php
@@ -170,7 +170,7 @@ if ($motd = $setting->getValue('system_motd'))
   $_SESSION['POPUP'][] = array('CONTENT' => $motd, 'TYPE' => 'info');
 
 // So we can display additional info
-$smarty->assign('DEBUG', DEBUG);
+$smarty->assign('DEBUG', $config['DEBUG']);
 
 // Make it available in Smarty
 $smarty->assign('PATH', 'site_assets/' . THEME);
diff --git a/public/index.php b/public/index.php
index fbcc0bcb..40a313b9 100644
--- a/public/index.php
+++ b/public/index.php
@@ -32,28 +32,16 @@ if (SECHASH_CHECK) {
   function cfip() { return (@defined('SECURITY')) ? 1 : 0; }
 }
 
-// Used for performance calculations
-$dStartTime = microtime(true);
-
 // This should be okay
 // No but Its now, - Aim
 define("BASEPATH", dirname(__FILE__) . "/");
 
-// Include our configuration (holding defines for the requires)
-if (!include_once(BASEPATH . 'include/config/global.inc.php')) die('Unable to load site configuration');
-if (!include_once(BASEPATH . 'include/config/security.inc.dist.php')) die('Unable to load security configuration');
-if (@file_exists(BASEPATH . 'include/config/security.inc.php')) include_once(BASEPATH . 'include/config/security.inc.php');
+// all our includes and config etc are now in bootstrap
+include_once('include/bootstrap.php');
 
 // switch to https if config option is enabled
 $hts = ($config['strict__https_only'] && (!empty($_SERVER['QUERY_STRING']))) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."?".$_SERVER['QUERY_STRING'] : "https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME'];
-($config['strict__https_only'] && @!$_SERVER['HTTPS']) ? exit(header($hts)):0;
-
-// Our default template to load, pages can overwrite this later
-$master_template = 'master.tpl';
-
-// Load Classes, they name defines the $ variable used
-// We include all needed files here, even though our templates could load them themself
-require_once(INCLUDE_DIR . '/autoloader.inc.php');
+($config['strict__https_only'] && @!$_SERVER['HTTPS']) ? exit(header("Location: ".$hts)):0;
 
 if ($config['memcache']['enabled'] && ($config['mc_antidos']['enabled'] || $config['strict'])) {
   if (PHP_OS == 'WINNT') {
diff --git a/tests/unit/config/SampleTest.php b/tests/unit/config/SampleTest.php
index 3ee6c140..ae788a29 100644
--- a/tests/unit/config/SampleTest.php
+++ b/tests/unit/config/SampleTest.php
@@ -8,8 +8,8 @@ class TestDistConfig extends PHPUnit_Framework_Testcase {
    * Test to make sure SALT is sane
    */
   function testSaltLength() {
-    $this->assertNotEmpty(SALT);
-    $this->assertGreaterThan(1, strlen(SALT));
+    $this->assertNotEmpty($config['SALT']);
+    $this->assertGreaterThan(1, strlen($config['SALTY']));
   }
 }