xref: /web-php/include/prepend.inc (revision f252981e) 
1<?php
2
3use phpweb\UserPreferences;
4
5require_once __DIR__ . '/../src/autoload.php';
6
7// Compress all pages, if ext/zlib is available on the mirror
8// XXX Deactivated by sas, causes errors towards delivery machines
9// ini_set("zlib.output_compression", 1);
10
11// See http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
12// for cache control header descriptions (used in many places on the site).
13
14// Provide default content-type, charset and language information
15// Manual pages will override this, and maybe others too
16header("Content-language: en");
17header("Content-type: text/html; charset=utf-8");
18
19// Opt out of FLoC
20header("Permissions-Policy: interest-cohort=()");
21
22/* Fix Silly Same Origin Policies */
23(function (): void {
24    if (!isset($_SERVER["HTTP_ORIGIN"])) {
25        return;
26    }
27
28    $host = parse_url($_SERVER["HTTP_ORIGIN"]);
29    if (strncmp(strrev($host["host"]), strrev("php.net"), strlen("php.net")) != 0) {
30        if ($host["host"] != $_SERVER["SERVER_NAME"]) {
31            exit(10);
32        }
33    }
34    if (isset($host["port"])) {
35        $hostname = $host["host"] . ":" . $host["port"];
36    } else {
37        $hostname = $host["host"];
38    }
39
40    header("Access-Control-Allow-Origin: http://$hostname");
41    if (isset($_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"])) {
42        $headers = $_SERVER["HTTP_ACCESS_CONTROL_REQUEST_HEADERS"];
43        $headers = str_replace(["\r", "\n", "\0"], "", $headers);
44        header("Access-Control-Allow-Headers: $headers");
45    }
46})();
47
48/* Clickjacking workaround. Nothing should be in a frame so it could technically be 'deny'
49 * but it doesn't make any difference anyway */
50header("X-Frame-Options: SAMEORIGIN");
51
52// Be 100% sure the timezone is set
53if (ini_get("date.timezone") === "" && function_exists("date_default_timezone_set")) {
54    date_default_timezone_set("UTC");
55}
56
57/* Compatibility with the PHP webserver.. */
58if (!isset($_SERVER["SERVER_ADDR"])) {
59    $_SERVER["SERVER_ADDR"] = "127.0.0.1";
60}
61
62// As of PHP 5.3.0 multibyte sequence errors are no longer
63// silent. Prior to that version this bitfield does not exist
64// so define it to prevent notices on older versions
65if (!defined("ENT_IGNORE")) {
66    define("ENT_IGNORE", 0);
67}
68
69// Prevent cross site scripting problems
70unset($RSIDEBAR_DATA);
71unset($SIDEBAR_DATA);
72unset($SEARCH_BASE);
73unset($LANG);
74unset($COUNTRY);
75unset($ONLOAD);
76unset($LAST_UPDATED);
77
78// Load the My PHP.net settings before any includes
79myphpnet_load();
80
81// Site details (mirror site information)
82include __DIR__ . '/site.inc';
83
84// Choose language used for translated parts
85include __DIR__ . '/langchooser.inc';
86
87// Get country of the user and set it in a cookie
88include __DIR__ . '/ip-to-country.inc';
89
90// Common layout functions
91include __DIR__ . '/layout.inc';
92
93// This file is generated on rsync.php.net and propagated
94// from there. It just defines $LAST_UPDATED, which is the
95// mirror's last updated time.
96include __DIR__ . '/last_updated.inc';
97
98// -----------------------------------------------------------------------------
99
100// Load in the user preferences
101function myphpnet_load(): void
102{
103    UserPreferences::$languageCode = '';
104    UserPreferences::$searchType = UserPreferences::URL_NONE;
105    UserPreferences::$isUserGroupTipsEnabled = false;
106
107    if (!isset($_COOKIE['MYPHPNET']) || !is_string($_COOKIE['MYPHPNET']) || $_COOKIE['MYPHPNET'] === '') {
108        return;
109    }
110
111    /**
112     * 0 - Language code
113     * 1 - URL search fallback
114     * 2 - Mirror site (removed)
115     * 3 - User Group tips
116     * 4 - Documentation developmental server (removed)
117     */
118    $preferences = explode(",", $_COOKIE['MYPHPNET']);
119    UserPreferences::$languageCode = $preferences[0] ?? '';
120    if (isset($preferences[1]) && in_array($preferences[1], [UserPreferences::URL_FUNC, UserPreferences::URL_MANUAL], true)) {
121        UserPreferences::$searchType = $preferences[1];
122    }
123
124    UserPreferences::$isUserGroupTipsEnabled = isset($preferences[3]) && $preferences[3];
125}
126
127// Get preferred language code
128function myphpnet_language(): string
129{
130    return UserPreferences::$languageCode;
131}
132
133// Set URL search fallback preference
134function myphpnet_urlsearch($type = false)
135{
136    // Set type if specified and if correct
137    if ($type && in_array($type, [UserPreferences::URL_FUNC, UserPreferences::URL_MANUAL], true)) {
138        UserPreferences::$searchType = $type;
139    }
140
141    return UserPreferences::$searchType;
142}
143
144function myphpnet_showug($enable = null) {
145    if (isset($_GET["showug"])) {
146        $enable = true;
147    }
148
149    if (is_bool($enable)) {
150        UserPreferences::$isUserGroupTipsEnabled = $enable;
151    }
152
153    // Show the ug tips to lucky few, depending on time.
154    if ($_SERVER["REQUEST_TIME"] % 10) {
155        UserPreferences::$isUserGroupTipsEnabled = true;
156    }
157
158    return UserPreferences::$isUserGroupTipsEnabled;
159}
160
161// Save user settings in cookie
162function myphpnet_save(): void
163{
164    /**
165     * 0 - Language code
166     * 1 - URL search fallback
167     * 2 - Mirror site (removed)
168     * 3 - User Group tips
169     * 4 - Documentation developmental server (removed)
170     */
171    $preferences = [
172        UserPreferences::$languageCode,
173        UserPreferences::$searchType,
174        '',
175        UserPreferences::$isUserGroupTipsEnabled,
176    ];
177
178    // Set all the preferred values for a year
179    mirror_setcookie("MYPHPNET", join(",", $preferences), 60 * 60 * 24 * 365);
180}
181
182// Embed Google Custom Search engine
183function google_cse(): void {
184    $cse_snippet = <<<EOF
185        <noscript>
186          php.net's search functionality requires JavaScript to operate. Please enable
187          JavaScript and reload to continue.
188        </noscript>
189        <script>
190            (function() {
191                var cx = '011570197911755000456:fip9wopfz_u';
192                var gcse = document.createElement('script');
193                gcse.type = 'text/javascript';
194                gcse.async = true;
195                gcse.src = 'https://cse.google.com/cse.js?cx=' + cx;
196                var s = document.getElementsByTagName('script')[0];
197                s.parentNode.insertBefore(gcse, s);
198            })();
199        </script>
200        <div class="gcse-search" data-linktarget></div>
201    EOF;
202
203    echo $cse_snippet;
204}
205