<?php
\n/**
\n * CodeIgniter
\n *
\n * An open source application development framework for PHP
\n *
\n * This content is released under the MIT License (MIT)
\n *
\n * Copyright (c) 2014 - 2017, British Columbia Institute of Technology
\n *
\n * Permission is hereby granted, free of charge, to any person obtaining a copy
\n * of this software and associated documentation files (the "Software"), to deal
\n * in the Software without restriction, including without limitation the rights
\n * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
\n * copies of the Software, and to permit persons to whom the Software is
\n * furnished to do so, subject to the following conditions:
\n *
\n * The above copyright notice and this permission notice shall be included in
\n * all copies or substantial portions of the Software.
\n *
\n * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
\n * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
\n * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
\n * THE SOFTWARE.
\n *
\n * @package\tCodeIgniter
\n * @author\tEllisLab Dev Team
\n * @copyright\tCopyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
\n * @copyright\tCopyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/)
\n * @license\thttp://opensource.org/licenses/MIT\tMIT License
\n * @link\thttps://codeigniter.com
\n * @since\tVersion 1.0.0
\n * @filesource
\n */
\ndefined('BASEPATH') OR exit('No direct script access allowed');
\n
\n/**
\n * System Initialization File
\n *
\n * Loads the base classes and executes the request.
\n *
\n * @package\t\tCodeIgniter
\n * @subpackage\tCodeIgniter
\n * @category\tFront-controller
\n * @author\t\tEllisLab Dev Team
\n * @link\t\thttps://codeigniter.com/user_guide/
\n */
\n
\n/**
\n * CodeIgniter Version
\n *
\n * @var\tstring
\n *
\n */
\n\tconst CI_VERSION = '3.1.4';
\n
\n/*
\n * ------------------------------------------------------
\n *  Load the framework constants
\n * ------------------------------------------------------
\n */
\n\tif (file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants.php'))
\n\t{
\n\t\trequire_once(APPPATH.'config/'.ENVIRONMENT.'/constants.php');
\n\t}
\n
\n\tif (file_exists(APPPATH.'config/constants.php'))
\n\t{
\n\t\trequire_once(APPPATH.'config/constants.php');
\n\t}
\n
\n/*
\n * ------------------------------------------------------
\n *  Load the global functions
\n * ------------------------------------------------------
\n */
\n\trequire_once(BASEPATH.'core/Common.php');
\n
\n
\n/*
\n * ------------------------------------------------------
\n * Security procedures
\n * ------------------------------------------------------
\n */
\n
\nif ( ! is_php('5.4'))
\n{
\n\tini_set('magic_quotes_runtime', 0);
\n
\n\tif ((bool) ini_get('register_globals'))
\n\t{
\n\t\t$_protected = array(
\n\t\t\t'_SERVER',
\n\t\t\t'_GET',
\n\t\t\t'_POST',
\n\t\t\t'_FILES',
\n\t\t\t'_REQUEST',
\n\t\t\t'_SESSION',
\n\t\t\t'_ENV',
\n\t\t\t'_COOKIE',
\n\t\t\t'GLOBALS',
\n\t\t\t'HTTP_RAW_POST_DATA',
\n\t\t\t'system_path',
\n\t\t\t'application_folder',
\n\t\t\t'view_folder',
\n\t\t\t'_protected',
\n\t\t\t'_registered'
\n\t\t);
\n
\n\t\t$_registered = ini_get('variables_order');
\n\t\tforeach (array('E' => '_ENV', 'G' => '_GET', 'P' => '_POST', 'C' => '_COOKIE', 'S' => '_SERVER') as $key => $superglobal)
\n\t\t{
\n\t\t\tif (strpos($_registered, $key) === FALSE)
\n\t\t\t{
\n\t\t\t\tcontinue;
\n\t\t\t}
\n
\n\t\t\tforeach (array_keys($$superglobal) as $var)
\n\t\t\t{
\n\t\t\t\tif (isset($GLOBALS[$var]) && ! in_array($var, $_protected, TRUE))
\n\t\t\t\t{
\n\t\t\t\t\t$GLOBALS[$var] = NULL;
\n\t\t\t\t}
\n\t\t\t}
\n\t\t}
\n\t}
\n}
\n
\n
\n/*
\n * ------------------------------------------------------
\n *  Define a custom error handler so we can log PHP errors
\n * ------------------------------------------------------
\n */
\n\tset_error_handler('_error_handler');
\n\tset_exception_handler('_exception_handler');
\n\tregister_shutdown_function('_shutdown_handler');
\n
\n/*
\n * ------------------------------------------------------
\n *  Set the subclass_prefix
\n * ------------------------------------------------------
\n *
\n * Normally the "subclass_prefix" is set in the config file.
\n * The subclass prefix allows CI to know if a core class is
\n * being extended via a library in the local application
\n * "libraries" folder. Since CI allows config items to be
\n * overridden via data set in the main index.php file,
\n * before proceeding we need to know if a subclass_prefix
\n * override exists. If so, we will set this value now,
\n * before any classes are loaded
\n * Note: Since the config file data is cached it doesn't
\n * hurt to load it here.
\n */
\n\tif ( ! empty($assign_to_config['subclass_prefix']))
\n\t{
\n\t\tget_config(array('subclass_prefix' => $assign_to_config['subclass_prefix']));
\n\t}
\n
\n/*
\n * ------------------------------------------------------
\n *  Should we use a Composer autoloader?
\n * ------------------------------------------------------
\n */
\n\tif ($composer_autoload = config_item('composer_autoload'))
\n\t{
\n\t\tif ($composer_autoload === TRUE)
\n\t\t{
\n\t\t\tfile_exists(APPPATH.'vendor/autoload.php')
\n\t\t\t\t? require_once(APPPATH.'vendor/autoload.php')
\n\t\t\t\t: log_message('error', '$config[\\'composer_autoload\\'] is set to TRUE but '.APPPATH.'vendor/autoload.php was not found.');
\n\t\t}
\n\t\telseif (file_exists($composer_autoload))
\n\t\t{
\n\t\t\trequire_once($composer_autoload);
\n\t\t}
\n\t\telse
\n\t\t{
\n\t\t\tlog_message('error', 'Could not find the specified $config[\\'composer_autoload\\'] path: '.$composer_autoload);
\n\t\t}
\n\t}
\n
\n/*
\n * ------------------------------------------------------
\n *  Start the timer... tick tock tick tock...
\n * ------------------------------------------------------
\n */
\n\t$BM =& load_class('Benchmark', 'core');
\n\t$BM->mark('total_execution_time_start');
\n\t$BM->mark('loading_time:_base_classes_start');
\n
\n/*
\n * ------------------------------------------------------
\n *  Instantiate the hooks class
\n * ------------------------------------------------------
\n */
\n\t$EXT =& load_class('Hooks', 'core');
\n
\n/*
\n * ------------------------------------------------------
\n *  Is there a "pre_system" hook?
\n * ------------------------------------------------------
\n */
\n\t$EXT->call_hook('pre_system');
\n
\n/*
\n * ------------------------------------------------------
\n *  Instantiate the config class
\n * ------------------------------------------------------
\n *
\n * Note: It is important that Config is loaded first as
\n * most other classes depend on it either directly or by
\n * depending on another class that uses it.
\n *
\n */
\n\t$CFG =& load_class('Config', 'core');
\n
\n\t// Do we have any manually set config items in the index.php file?
\n\tif (isset($assign_to_config) && is_array($assign_to_config))
\n\t{
\n\t\tforeach ($assign_to_config as $key => $value)
\n\t\t{
\n\t\t\t$CFG->set_item($key, $value);
\n\t\t}
\n\t}
\n
\n/*
\n * ------------------------------------------------------
\n * Important charset-related stuff
\n * ------------------------------------------------------
\n *
\n * Configure mbstring and/or iconv if they are enabled
\n * and set MB_ENABLED and ICONV_ENABLED constants, so
\n * that we don't repeatedly do extension_loaded() or
\n * function_exists() calls.
\n *
\n * Note: UTF-8 class depends on this. It used to be done
\n * in it's constructor, but it's _not_ class-specific.
\n *
\n */
\n\t$charset = strtoupper(config_item('charset'));
\n\tini_set('default_charset', $charset);
\n
\n\tif (extension_loaded('mbstring'))
\n\t{
\n\t\tdefine('MB_ENABLED', TRUE);
\n\t\t// mbstring.internal_encoding is deprecated starting with PHP 5.6
\n\t\t// and it's usage triggers E_DEPRECATED messages.
\n\t\t@ini_set('mbstring.internal_encoding', $charset);
\n\t\t// This is required for mb_convert_encoding() to strip invalid characters.
\n\t\t// That's utilized by CI_Utf8, but it's also done for consistency with iconv.
\n\t\tmb_substitute_character('none');
\n\t}
\n\telse
\n\t{
\n\t\tdefine('MB_ENABLED', FALSE);
\n\t}
\n
\n\t// There's an ICONV_IMPL constant, but the PHP manual says that using
\n\t// iconv's predefined constants is "strongly discouraged".
\n\tif (extension_loaded('iconv'))
\n\t{
\n\t\tdefine('ICONV_ENABLED', TRUE);
\n\t\t// iconv.internal_encoding is deprecated starting with PHP 5.6
\n\t\t// and it's usage triggers E_DEPRECATED messages.
\n\t\t@ini_set('iconv.internal_encoding', $charset);
\n\t}
\n\telse
\n\t{
\n\t\tdefine('ICONV_ENABLED', FALSE);
\n\t}
\n
\n\tif (is_php('5.6'))
\n\t{
\n\t\tini_set('php.internal_encoding', $charset);
\n\t}
\n
\n/*
\n * ------------------------------------------------------
\n *  Load compatibility features
\n * ------------------------------------------------------
\n */
\n
\n\trequire_once(BASEPATH.'core/compat/mbstring.php');
\n\trequire_once(BASEPATH.'core/compat/hash.php');
\n\trequire_once(BASEPATH.'core/compat/password.php');
\n\trequire_once(BASEPATH.'core/compat/standard.php');
\n
\n/*
\n * ------------------------------------------------------
\n *  Instantiate the UTF-8 class
\n * ------------------------------------------------------
\n */
\n\t$UNI =& load_class('Utf8', 'core');
\n
\n/*
\n * ------------------------------------------------------
\n *  Instantiate the URI class
\n * ------------------------------------------------------
\n */
\n\t$URI =& load_class('URI', 'core');
\n
\n/*
\n * ------------------------------------------------------
\n *  Instantiate the routing class and set the routing
\n * ------------------------------------------------------
\n */
\n\t$RTR =& load_class('Router', 'core', isset($routing) ? $routing : NULL);
\n
\n/*
\n * ------------------------------------------------------
\n *  Instantiate the output class
\n * ------------------------------------------------------
\n */
\n\t$OUT =& load_class('Output', 'core');
\n
\n/*
\n * ------------------------------------------------------
\n *\tIs there a valid cache file? If so, we're done...
\n * ------------------------------------------------------
\n */
\n\tif ($EXT->call_hook('cache_override') === FALSE && $OUT->_display_cache($CFG, $URI) === TRUE)
\n\t{
\n\t\texit;
\n\t}
\n
\n/*
\n * -----------------------------------------------------
\n * Load the security class for xss and csrf support
\n * -----------------------------------------------------
\n */
\n\t$SEC =& load_class('Security', 'core');
\n
\n/*
\n * ------------------------------------------------------
\n *  Load the Input class and sanitize globals
\n * ------------------------------------------------------
\n */
\n\t$IN\t=& load_class('Input', 'core');
\n
\n/*
\n * ------------------------------------------------------
\n *  Load the Language class
\n * ------------------------------------------------------
\n */
\n\t$LANG =& load_class('Lang', 'core');
\n
\n/*
\n * ------------------------------------------------------
\n *  Load the app controller and local controller
\n * ------------------------------------------------------
\n *
\n */
\n\t// Load the base controller class
\n\trequire_once BASEPATH.'core/Controller.php';
\n
\n\t/**
\n\t * Reference to the CI_Controller method.
\n\t *
\n\t * Returns current CI instance object
\n\t *
\n\t * @return CI_Controller
\n\t */
\n\tfunction &get_instance()
\n\t{
\n\t\treturn CI_Controller::get_instance();
\n\t}
\n
\n\tif (file_exists(APPPATH.'core/'.$CFG->config['subclass_prefix'].'Controller.php'))
\n\t{
\n\t\trequire_once APPPATH.'core/'.$CFG->config['subclass_prefix'].'Controller.php';
\n\t}
\n
\n\t// Set a mark point for benchmarking
\n\t$BM->mark('loading_time:_base_classes_end');
\n
\n/*
\n * ------------------------------------------------------
\n *  Sanity checks
\n * ------------------------------------------------------
\n *
\n *  The Router class has already validated the request,
\n *  leaving us with 3 options here:
\n *
\n *\t1) an empty class name, if we reached the default
\n *\t   controller, but it didn't exist;
\n *\t2) a query string which doesn't go through a
\n *\t   file_exists() check
\n *\t3) a regular request for a non-existing page
\n *
\n *  We handle all of these as a 404 error.
\n *
\n *  Furthermore, none of the methods in the app controller
\n *  or the loader class can be called via the URI, nor can
\n *  controller methods that begin with an underscore.
\n */
\n
\n\t$e404 = FALSE;
\n\t$class = ucfirst($RTR->class);
\n\t$method = $RTR->method;
\n
\n\tif (empty($class) OR ! file_exists(APPPATH.'controllers/'.$RTR->directory.$class.'.php'))
\n\t{
\n\t\t$e404 = TRUE;
\n\t}
\n\telse
\n\t{
\n\t\trequire_once(APPPATH.'controllers/'.$RTR->directory.$class.'.php');
\n
\n\t\tif ( ! class_exists($class, FALSE) OR $method[0] === '_' OR method_exists('CI_Controller', $method))
\n\t\t{
\n\t\t\t$e404 = TRUE;
\n\t\t}
\n\t\telseif (method_exists($class, '_remap'))
\n\t\t{
\n\t\t\t$params = array($method, array_slice($URI->rsegments, 2));
\n\t\t\t$method = '_remap';
\n\t\t}
\n\t\telseif ( ! method_exists($class, $method))
\n\t\t{
\n\t\t\t$e404 = TRUE;
\n\t\t}
\n\t\t/**
\n\t\t * DO NOT CHANGE THIS, NOTHING ELSE WORKS!
\n\t\t *
\n\t\t * - method_exists() returns true for non-public methods, which passes the previous elseif
\n\t\t * - is_callable() returns false for PHP 4-style constructors, even if there's a __construct()
\n\t\t * - method_exists($class, '__construct') won't work because CI_Controller::__construct() is inherited
\n\t\t * - People will only complain if this doesn't work, even though it is documented that it shouldn't.
\n\t\t *
\n\t\t * ReflectionMethod::isConstructor() is the ONLY reliable check,
\n\t\t * knowing which method will be executed as a constructor.
\n\t\t */
\n\t\telseif ( ! is_callable(array($class, $method)) && strcasecmp($class, $method) === 0)
\n\t\t{
\n\t\t\t$reflection = new ReflectionMethod($class, $method);
\n\t\t\tif ( ! $reflection->isPublic() OR $reflection->isConstructor())
\n\t\t\t{
\n\t\t\t\t$e404 = TRUE;
\n\t\t\t}
\n\t\t}
\n\t}
\n
\n\tif ($e404)
\n\t{
\n\t\tif ( ! empty($RTR->routes['404_override']))
\n\t\t{
\n\t\t\tif (sscanf($RTR->routes['404_override'], '%[^/]/%s', $error_class, $error_method) !== 2)
\n\t\t\t{
\n\t\t\t\t$error_method = 'index';
\n\t\t\t}
\n
\n\t\t\t$error_class = ucfirst($error_class);
\n
\n\t\t\tif ( ! class_exists($error_class, FALSE))
\n\t\t\t{
\n\t\t\t\tif (file_exists(APPPATH.'controllers/'.$RTR->directory.$error_class.'.php'))
\n\t\t\t\t{
\n\t\t\t\t\trequire_once(APPPATH.'controllers/'.$RTR->directory.$error_class.'.php');
\n\t\t\t\t\t$e404 = ! class_exists($error_class, FALSE);
\n\t\t\t\t}
\n\t\t\t\t// Were we in a directory? If so, check for a global override
\n\t\t\t\telseif ( ! empty($RTR->directory) && file_exists(APPPATH.'controllers/'.$error_class.'.php'))
\n\t\t\t\t{
\n\t\t\t\t\trequire_once(APPPATH.'controllers/'.$error_class.'.php');
\n\t\t\t\t\tif (($e404 = ! class_exists($error_class, FALSE)) === FALSE)
\n\t\t\t\t\t{
\n\t\t\t\t\t\t$RTR->directory = '';
\n\t\t\t\t\t}
\n\t\t\t\t}
\n\t\t\t}
\n\t\t\telse
\n\t\t\t{
\n\t\t\t\t$e404 = FALSE;
\n\t\t\t}
\n\t\t}
\n
\n\t\t// Did we reset the $e404 flag? If so, set the rsegments, starting from index 1
\n\t\tif ( ! $e404)
\n\t\t{
\n\t\t\t$class = $error_class;
\n\t\t\t$method = $error_method;
\n
\n\t\t\t$URI->rsegments = array(
\n\t\t\t\t1 => $class,
\n\t\t\t\t2 => $method
\n\t\t\t);
\n\t\t}
\n\t\telse
\n\t\t{
\n\t\t\tshow_404($RTR->directory.$class.'/'.$method);
\n\t\t}
\n\t}
\n
\n\tif ($method !== '_remap')
\n\t{
\n\t\t$params = array_slice($URI->rsegments, 2);
\n\t}
\n
\n/*
\n * ------------------------------------------------------
\n *  Is there a "pre_controller" hook?
\n * ------------------------------------------------------
\n */
\n\t$EXT->call_hook('pre_controller');
\n
\n/*
\n * ------------------------------------------------------
\n *  Instantiate the requested controller
\n * ------------------------------------------------------
\n */
\n\t// Mark a start point so we can benchmark the controller
\n\t$BM->mark('controller_execution_time_( '.$class.' / '.$method.' )_start');
\n
\n\t$CI = new $class();
\n
\n/*
\n * ------------------------------------------------------
\n *  Is there a "post_controller_constructor" hook?
\n * ------------------------------------------------------
\n */
\n\t$EXT->call_hook('post_controller_constructor');
\n
\n/*
\n * ------------------------------------------------------
\n *  Call the requested method
\n * ------------------------------------------------------
\n */
\n\tcall_user_func_array(array(&$CI, $method), $params);
\n
\n\t// Mark a benchmark end point
\n\t$BM->mark('controller_execution_time_( '.$class.' / '.$method.' )_end');
\n
\n/*
\n * ------------------------------------------------------
\n *  Is there a "post_controller" hook?
\n * ------------------------------------------------------
\n */
\n\t$EXT->call_hook('post_controller');
\n
\n/*
\n * ------------------------------------------------------
\n *  Send the final rendered output to the browser
\n * ------------------------------------------------------
\n */
\n\tif ($EXT->call_hook('display_override') === FALSE)
\n\t{
\n\t\t$OUT->_display();
\n\t}
\n
\n/*
\n * ------------------------------------------------------
\n *  Is there a "post_system" hook?
\n * ------------------------------------------------------
\n */
\n\t$EXT->call_hook('post_system');
\n