changes DEBUG SALT and SALTY from defines to variables

switched that in all places used (class loads mostly) moved all includes at the beginning of index into bootstrap moves *_PATH defines from config to bootstrap config now uses defaults first, then user config
2014-01-29 07:34:50 -05:00 · 2014-01-29 07:34:50 -05:00 · 568445845a
commit 568445845a
parent c2b1c68699
10 changed files with 44 additions and 33 deletions
--- a/public/include/admin_checks.php
+++ b/public/include/admin_checks.php
@ -102,8 +102,8 @@ if (@$_SESSION['USERDATA']['is_admin'] && $user->isAdmin(@$_SESSION['USERDATA'][
    $notice[] = "Strict is <u>disabled</u> - if you have memcache, you should turn this on.";
  }
  // salts too short -> notice, salts default -> error
-  if ((strlen(SALT) < 24) || (strlen(SALTY) < 24) || SALT == 'PLEASEMAKEMESOMETHINGRANDOM' || SALTY == 'THISSHOULDALSOBERRAANNDDOOM') {
+  if ((strlen($config['SALT']) < 24) || (strlen($config['SALTY']) < 24) || $config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
-    if (SALT == 'PLEASEMAKEMESOMETHINGRANDOM' || SALTY == 'THISSHOULDALSOBERRAANNDDOOM') {
+    if ($config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
      $error[] = "You absolutely <u>SHOULD NOT leave your SALT or SALTY default</u>";
    } else {
      $notice[] = "SALT or SALTY is too short, they should be more than 24 characters and changing them will require registering again.";
--- a/public/include/bootstrap.php
+++ b/public/include/bootstrap.php
@ -0,0 +1,28 @@
 <?php 
 $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1;
 // Used for performance calculations
 $dStartTime = microtime(true);
 define('INCLUDE_DIR', BASEPATH . 'include');
 define('CLASS_DIR', INCLUDE_DIR . '/classes');
 define('PAGES_DIR', INCLUDE_DIR . '/pages');
 define('THEME_DIR', BASEPATH . 'templates');
 $quickstartlink = "<a href='https://github.com/MPOS/php-mpos/wiki/Quick-Start-Guide' title='MPOS Quick Start Guide'>Quick Start Guide</a>";
 // Include our configuration (holding defines for the requires)
 if (!include_once(BASEPATH . 'include/config/global.inc.dist.php')) die('Unable to load base global config - '.$quickstartlink);
 if (!@include_once(BASEPATH . 'include/config/global.inc.php')) die('Unable to load your global config - '.$quickstartlink);
 // load our security configs
 if (!include_once(BASEPATH . 'include/config/security.inc.dist.php')) die('Unable to load base security config - '.$quickstartlink);
 if (@file_exists(BASEPATH . 'include/config/security.inc.php')) include_once(BASEPATH . 'include/config/security.inc.php');
 // Our default template to load, pages can overwrite this later
 $master_template = 'master.tpl';
 // Load Classes, they name defines the $ variable used
 // We include all needed files here, even though our templates could load them themself
 require_once(INCLUDE_DIR . '/autoloader.inc.php');
 ?>
--- a/public/include/classes/bitcoinwrapper.class.php
+++ b/public/include/classes/bitcoinwrapper.class.php
@ -73,4 +73,4 @@ class BitcoinWrapper extends BitcoinClient {
 }
 // Load this wrapper
-$bitcoin = new BitcoinWrapper($config['wallet']['type'], $config['wallet']['username'], $config['wallet']['password'], $config['wallet']['host'], DEBUG, $debug, $memcache);
+$bitcoin = new BitcoinWrapper($config['wallet']['type'], $config['wallet']['username'], $config['wallet']['password'], $config['wallet']['host'], $config['DEBUG'], $debug, $memcache);
--- a/public/include/classes/csrftoken.class.php
+++ b/public/include/classes/csrftoken.class.php
@ -97,8 +97,8 @@ class CSRFToken Extends Base {
 $csrftoken = new CSRFToken();
 $csrftoken->setDebug($debug);
 $csrftoken->setMysql($mysqli);
-$csrftoken->setSalt(SALT);
+$csrftoken->setSalt($config['SALT']);
-$csrftoken->setSalty(SALTY);
+$csrftoken->setSalty($config['SALTY']);
 $csrftoken->setMail($mail);
 $csrftoken->setUser($user);
 $csrftoken->setToken($oToken);
--- a/public/include/classes/debug.class.php
+++ b/public/include/classes/debug.class.php
@ -108,5 +108,5 @@ class Debug {
 }
 // Instantiate this class
-$debug = new Debug(DEBUG);
+$debug = new Debug($config['DEBUG']);
 ?>
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@ -861,7 +861,7 @@ public function isAuthenticated($logout=true) {
 $user = new User();
 $user->setDebug($debug);
 $user->setMysql($mysqli);
-$user->setSalt(SALT);
+$user->setSalt($config['SALT']);
 $user->setSmarty($smarty);
 $user->setConfig($config);
 $user->setMail($mail);
--- a/public/include/config/global.inc.dist.php
+++ b/public/include/config/global.inc.dist.php
@ -19,14 +19,9 @@ $config['skip_config_tests'] = false;
 *  Debug setting and salts for hashing passwords
 *   https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-defines--salts
 */
-define('DEBUG', 0);
+$config['DEBUG'] = 0;
-define('SALT', 'PLEASEMAKEMESOMETHINGRANDOM');
+$config['SALT'] = 'PLEASEMAKEMESOMETHINGRANDOM';
-define('SALTY', 'THISSHOULDALSOBERRAANNDDOOM');
+$config['SALTY'] = 'THISSHOULDALSOBERRAANNDDOOM';
 define('INCLUDE_DIR', BASEPATH . 'include');
 define('CLASS_DIR', INCLUDE_DIR . '/classes');
 define('PAGES_DIR', INCLUDE_DIR . '/pages');
 define('THEME_DIR', BASEPATH . 'templates');
 /**
  * Coin Algorithm
--- a/public/include/smarty_globals.inc.php
+++ b/public/include/smarty_globals.inc.php
@ -170,7 +170,7 @@ if ($motd = $setting->getValue('system_motd'))
  $_SESSION['POPUP'][] = array('CONTENT' => $motd, 'TYPE' => 'info');
 // So we can display additional info
-$smarty->assign('DEBUG', DEBUG);
+$smarty->assign('DEBUG', $config['DEBUG']);
 // Make it available in Smarty
 $smarty->assign('PATH', 'site_assets/' . THEME);
--- a/public/index.php
+++ b/public/index.php
@ -32,28 +32,16 @@ if (SECHASH_CHECK) {
  function cfip() { return (@defined('SECURITY')) ? 1 : 0; }
 }
 // Used for performance calculations
 $dStartTime = microtime(true);
 // This should be okay
 // No but Its now, - Aim
 define("BASEPATH", dirname(__FILE__) . "/");
-// Include our configuration (holding defines for the requires)
+// all our includes and config etc are now in bootstrap
-if (!include_once(BASEPATH . 'include/config/global.inc.php')) die('Unable to load site configuration');
+include_once('include/bootstrap.php');
 if (!include_once(BASEPATH . 'include/config/security.inc.dist.php')) die('Unable to load security configuration');
 if (@file_exists(BASEPATH . 'include/config/security.inc.php')) include_once(BASEPATH . 'include/config/security.inc.php');
 // switch to https if config option is enabled
 $hts = ($config['strict__https_only'] && (!empty($_SERVER['QUERY_STRING']))) ? "https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']."?".$_SERVER['QUERY_STRING'] : "https://".$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME'];
-($config['strict__https_only'] && @!$_SERVER['HTTPS']) ? exit(header($hts)):0;
+($config['strict__https_only'] && @!$_SERVER['HTTPS']) ? exit(header("Location: ".$hts)):0;
 // Our default template to load, pages can overwrite this later
 $master_template = 'master.tpl';
 // Load Classes, they name defines the $ variable used
 // We include all needed files here, even though our templates could load them themself
 require_once(INCLUDE_DIR . '/autoloader.inc.php');
 if ($config['memcache']['enabled'] && ($config['mc_antidos']['enabled'] || $config['strict'])) {
  if (PHP_OS == 'WINNT') {
--- a/tests/unit/config/SampleTest.php
+++ b/tests/unit/config/SampleTest.php
@ -8,8 +8,8 @@ class TestDistConfig extends PHPUnit_Framework_Testcase {
   * Test to make sure SALT is sane
   */
  function testSaltLength() {
-    $this->assertNotEmpty(SALT);
+    $this->assertNotEmpty($config['SALT']);
-    $this->assertGreaterThan(1, strlen(SALT));
+    $this->assertGreaterThan(1, strlen($config['SALTY']));
  }
 }