- * The order of these may be important so use caution if you think they're all
- * intertwingled with no logical order and decide to sort it out. Some of the
- * dependencies have changed, but at least at one time in the recent past - the
- * order was critical to everything working properly
- */
-
-// Exclude the backend processes from the session management
-if (!$a->is_backend()) {
- $stamp1 = microtime(true);
- session_start();
- $a->save_timestamp($stamp1, "parser");
-} else {
- $_SESSION = [];
- Worker::executeIfIdle();
-}
-
-/**
- * Language was set earlier, but we can over-ride it in the session.
- * We have to do it here because the session was just now opened.
- */
-if (x($_SESSION, 'authenticated') && !x($_SESSION, 'language')) {
- $_SESSION['language'] = $lang;
- // we haven't loaded user data yet, but we need user language
- if (!empty($_SESSION['uid'])) {
- $user = DBA::selectFirst('user', ['language'], ['uid' => $_SESSION['uid']]);
- if (DBA::isResult($user)) {
- $_SESSION['language'] = $user['language'];
- }
- }
-}
-
-if (x($_SESSION, 'language') && ($_SESSION['language'] !== $lang)) {
- $lang = $_SESSION['language'];
- L10n::loadTranslationTable($lang);
-}
-
-if (!empty($_GET['zrl']) && $a->mode == App::MODE_NORMAL) {
- $a->query_string = Profile::stripZrls($a->query_string);
- if (!local_user()) {
- // Only continue when the given profile link seems valid
- // Valid profile links contain a path with "/profile/" and no query parameters
- if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == "") &&
- strstr(parse_url($_GET['zrl'], PHP_URL_PATH), "/profile/")) {
- if (defaults($_SESSION, "visitor_home", "") != $_GET["zrl"]) {
- $_SESSION['my_url'] = $_GET['zrl'];
- $_SESSION['authenticated'] = 0;
- }
- Profile::zrlInit($a);
- } else {
- // Someone came with an invalid parameter, maybe as a DDoS attempt
- // We simply stop processing here
- logger("Invalid ZRL parameter " . $_GET['zrl'], LOGGER_DEBUG);
- header('HTTP/1.1 403 Forbidden');
- echo "<h1>403 Forbidden</h1>";
- killme();
- }
- }
-}
-
-if ((x($_GET,'owt')) && $a->mode == App::MODE_NORMAL) {
- $token = $_GET['owt'];
- $a->query_string = Profile::stripQueryParam($a->query_string, 'owt');
- Profile::openWebAuthInit($token);
-}
-
-/**
- * For Mozilla auth manager - still needs sorting, and this might conflict with LRDD header.
- * Apache/PHP lumps the Link: headers into one - and other services might not be able to parse it
- * this way. There's a PHP flag to link the headers because by default this will over-write any other
- * link header.