<?php

use Illuminate\Foundation\Http\Kernel;
use Illuminate\Support\Facades\Log;
use ProcessMaker\Core\AppEvent;
use ProcessMaker\Core\JobsManager;
use ProcessMaker\ChangeLog\ChangeLog;
use ProcessMaker\Plugins\PluginRegistry;
use ProcessMaker\Validation\ValidationUploadedFiles;

/**
 * bootstrap - ProcessMaker Bootstrap
 * This file initializes main variables, redirects, and dispatches all requests.
 */

// Ensure 'HTTP_USER_AGENT' is set
$_SERVER['HTTP_USER_AGENT'] = htmlspecialchars(filter_input(INPUT_SERVER, 'HTTP_USER_AGENT') ?? '', ENT_QUOTES, 'UTF-8');
// Define path separator constant
define('PATH_SEP', '/');

// Define the Home Directory
$documentRoot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']);
$pathParts = explode(PATH_SEP, $documentRoot);
array_pop($pathParts); // Remove the last part (usually the project folder)
$pathHome = implode(PATH_SEP, $pathParts) . PATH_SEP;

// Define trunk paths
$pathTrunk = implode(PATH_SEP, array_slice($pathParts, 0, -1)) . PATH_SEP; // Remove last part again
$pathOutTrunk = implode(PATH_SEP, array_slice($pathParts, 0, -2)) . PATH_SEP; // Remove last two parts

define('PATH_HOME', $pathHome);
define('PATH_TRUNK', $pathTrunk);
define('PATH_OUTTRUNK', $pathOutTrunk);
define('PATH_HTML', PATH_HOME . 'public_html' . PATH_SEP);
define('PATH_DATA', isset($_SERVER['PATH_DATA']) ? $_SERVER['PATH_DATA'] : PATH_TRUNK . 'shared' . PATH_SEP );

// Defining RBAC Paths constants
define('PATH_RBAC_HOME', PATH_TRUNK . 'rbac' . PATH_SEP);

// Defining Gulliver framework paths constants
define('PATH_GULLIVER_HOME', PATH_TRUNK . 'gulliver' . PATH_SEP);
define('PATH_GULLIVER', PATH_GULLIVER_HOME . 'system' . PATH_SEP); //gulliver system classes
define('PATH_GULLIVER_BIN', PATH_GULLIVER_HOME . 'bin' . PATH_SEP); //gulliver bin classes
define('PATH_TEMPLATE', PATH_GULLIVER_HOME . 'templates' . PATH_SEP);
define('PATH_THIRDPARTY', PATH_TRUNK . 'thirdparty' . PATH_SEP);
define('PATH_RBAC', PATH_RBAC_HOME . 'engine' . PATH_SEP . 'classes' . PATH_SEP); //to enable rbac version 2
define('PATH_RBAC_CORE', PATH_RBAC_HOME . 'engine' . PATH_SEP);

// Defining PMCore Path constants
define('PATH_CORE', PATH_HOME . 'engine' . PATH_SEP);
define('PATH_CLASSES', PATH_HOME . "engine" . PATH_SEP . "classes" . PATH_SEP);
define('PATH_SKINS', PATH_CORE . 'skins' . PATH_SEP);
define('PATH_SKIN_ENGINE', PATH_CORE . 'skinEngine' . PATH_SEP);
define('PATH_METHODS', PATH_CORE . 'methods' . PATH_SEP);
define('PATH_XMLFORM', PATH_CORE . 'xmlform' . PATH_SEP);
define('PATH_CONFIG', PATH_CORE . 'config' . PATH_SEP);
define('PATH_PLUGINS', PATH_CORE . 'plugins' . PATH_SEP);
define('PATH_HTMLMAIL', PATH_CORE . 'html_templates' . PATH_SEP);
define('PATH_TPL', PATH_CORE . 'templates' . PATH_SEP);
define('PATH_TEST', PATH_CORE . 'test' . PATH_SEP);
define('PATH_FIXTURES', PATH_TEST . 'fixtures' . PATH_SEP);
define('PATH_RTFDOCS', PATH_CORE . 'rtf_templates' . PATH_SEP);
define('PATH_DYNACONT', PATH_CORE . 'content' . PATH_SEP . 'dynaform' . PATH_SEP);
//define( 'PATH_LANGUAGECONT',PATH_CORE . 'content' . PATH_SEP . 'languages' . PATH_SEP );
define('SYS_UPLOAD_PATH', PATH_HOME . "public_html/files/");
define('PATH_UPLOAD', PATH_HTML . 'files' . PATH_SEP);

define('PATH_WORKFLOW_MYSQL_DATA', PATH_CORE . 'data' . PATH_SEP . 'mysql' . PATH_SEP);
define('PATH_RBAC_MYSQL_DATA', PATH_RBAC_CORE . 'data' . PATH_SEP . 'mysql' . PATH_SEP);
define('FILE_PATHS_INSTALLED', PATH_DATA . 'config' . PATH_SEP . 'paths_installed.php');
define('PATH_WORKFLOW_MSSQL_DATA', PATH_CORE . 'data' . PATH_SEP . 'mssql' . PATH_SEP);
define('PATH_RBAC_MSSQL_DATA', PATH_RBAC_CORE . 'data' . PATH_SEP . 'mssql' . PATH_SEP);
define('PATH_CONTROLLERS', PATH_CORE . 'controllers' . PATH_SEP);

// Return error for local files that should be returned by nginx or apache2
$requestUri = ltrim($_SERVER['REQUEST_URI'], '/'); // Remove leading '/'
$requestFile = PATH_HTML . strtok($requestUri, '?'); // Get the file path without query parameters

if (file_exists($requestFile)) {
    error_log("Requested file should not be accessed directly: /" . $requestUri);
    print ("This should not happen. Review the rules in nginx or apache server: /" . $requestUri);
    exit;
}

// include Gulliver Class and define necessary paths
if (file_exists(FILE_PATHS_INSTALLED)) {
    // include the server installed configuration
    require_once FILE_PATHS_INSTALLED;

    // defining system constants
    define('PATH_LANGUAGECONT', PATH_DATA . "META-INF" . PATH_SEP);
    define('PATH_CUSTOM_SKINS', PATH_DATA . 'skins' . PATH_SEP);
    define('PATH_TEMPORAL', PATH_C . 'dynEditor/');
    define('PATH_DB', PATH_DATA . 'sites' . PATH_SEP);
    define('PATH_SMARTY_C', PATH_C . 'smarty' . PATH_SEP . 'c');
    define('PATH_SMARTY_CACHE', PATH_C . 'smarty' . PATH_SEP . 'cache');

    Bootstrap::verifyPath(PATH_SMARTY_C, true);
    Bootstrap::verifyPath(PATH_SMARTY_CACHE, true);
}

// set include path
set_include_path(
    PATH_CORE . PATH_SEPARATOR .
    PATH_THIRDPARTY . PATH_SEPARATOR .
    PATH_THIRDPARTY . 'pear' . PATH_SEPARATOR .
    PATH_RBAC_CORE . PATH_SEPARATOR .
    get_include_path()
);

/**
 * Global definitions
 */

// URL Key
define("URL_KEY", 'c0l0s40pt1mu59r1m3');

// Application settings
define('TIMEOUT_RESPONSE', 100); //web service timeout in seconds
define('APPLICATION_CODE', 'ProcessMaker'); //Application code for login
define('MAIN_POFILE', 'processmaker');
define('PO_SYSTEM_VERSION', 'PM 4.0.1');

// Environment definitions
define('G_PRO_ENV', 'PRODUCTION');
define('G_DEV_ENV', 'DEVELOPMENT');
define('G_TEST_ENV', 'TEST');

// Number of files per folder at PATH_UPLOAD (cases documents)
define('APPLICATION_DOCUMENTS_PER_FOLDER', 1000);

// Global variables for application state (menus)
$G_CONTENT = null;
$G_MESSAGE = "";
$G_MESSAGE_TYPE = "info";
$G_MENU_SELECTED = -1;
$G_MAIN_MENU = "default";

G::defineConstants();

// Call the function to initialize the session
$config = Bootstrap::getSystemConfiguration(); //to do: review
Bootstrap::initializeSession($config);

//Set Time Zone
$_SESSION['__SYSTEM_UTC_TIME_ZONE__'] = (int)($config['system_utc_time_zone']) == 1;

// Do not change any of these settings directly, use env.ini instead
ini_set('display_errors', $config['display_errors']);
ini_set('error_reporting', $config['error_reporting']);
ini_set('short_open_tag', 'On');
ini_set('default_charset', "UTF-8");
ini_set('soap.wsdl_cache_enabled', $config['wsdl_cache']);
ini_set('date.timezone',
    (isset($_SESSION['__SYSTEM_UTC_TIME_ZONE__']) && $_SESSION['__SYSTEM_UTC_TIME_ZONE__']) ? 'UTC' : $config['time_zone']); //Set Time Zone

define('DEBUG_SQL_LOG', $config['debug_sql']);
define('DEBUG_SQL', $config['debug']);
define('DEBUG_TIME_LOG', $config['debug_time']);
define('DEBUG_CALENDAR_LOG', $config['debug_calendar']);
define('MEMCACHED_ENABLED', $config['memcached']);
define('MEMCACHED_SERVER', $config['memcached_server']);
define('WS_IN_LOGIN', isset($config['WS_IN_LOGIN']) ? $config['WS_IN_LOGIN'] : 'serverconf');
define('LOAD_HEADERS_IE', $config['load_headers_ie']);
define('LEAVE_CASE_WARNING', $config['leave_case_warning']);
define('REDIRECT_TO_MOBILE', $config['redirect_to_mobile']);
define('DISABLE_PHP_UPLOAD_EXECUTION', $config['disable_php_upload_execution']);
define('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION', $config['disable_download_documents_session_validation']);
define('LOGS_MAX_FILES', $config['logs_max_files']);
define('LOGS_LOCATION', $config['logs_location']);
define('LOGGING_LEVEL', $config['logging_level']);
define('EXT_AJAX_TIMEOUT', $config['ext_ajax_timeout']);
define('TIME_ZONE', ini_get('date.timezone'));
define('HIGHLIGHT_HOME_FOLDER_ENABLE', $config['highlight_home_folder_enable'] === "1");
define('HIGHLIGHT_HOME_FOLDER_REFRESH_TIME', $config['highlight_home_folder_refresh_time']);
define('HIGHLIGHT_HOME_FOLDER_SCOPE', $config['highlight_home_folder_scope']);
define('DISABLE_TASK_MANAGER_ROUTING_ASYNC', $config['disable_task_manager_routing_async'] === "1");

// IIS Compatibility, SERVER_ADDR doesn't exist on that env, so we need to define it.
$_SERVER['SERVER_ADDR'] = isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : $_SERVER['SERVER_NAME'];

//to do: make different environments.  sys

//check if it is a installation instance 
if (!defined('PATH_C')) { // to do: review
    // is a intallation instance, so we need to define PATH_C and PATH_LANGUAGECONT constants temporarily
    define('PATH_C', (rtrim(Bootstrap::sys_get_temp_dir(), PATH_SEP) . PATH_SEP));
    define('PATH_LANGUAGECONT', PATH_HOME . 'engine/content/languages/');
}

//Load filter class
$skinPathErrors = G::skinGetPathToSrcByVirtualUri("errors", $config);
$skinPathUpdate = G::skinGetPathToSrcByVirtualUri("update", $config);

// defining Virtual URLs
$virtualURITable = [];
$virtualURITable['/plugin/(*)'] = 'plugin';
$virtualURITable['/(sys\w{0,})/(\w{0,}.js)'] = 'jsMethod';
$virtualURITable['/js/(*)'] = PATH_GULLIVER_HOME . 'js/';
$virtualURITable['/jscore/(*)'] = PATH_CORE . 'js/';

$virtualURITable['/jsform/(*.js)'] = PATH_C . 'xmlform/';
$virtualURITable['/extjs/(*)'] = PATH_C . 'ExtJs/';

$virtualURITable['/htmlarea/(*)'] = PATH_THIRDPARTY . 'htmlarea/';
//$virtualURITable['/sys[a-zA-Z][a-zA-Z0-9]{0,}()/'] = 'sysNamed';
$virtualURITable['/(sys*)'] = false;
$virtualURITable["/errors/(*)"] = ($skinPathErrors != "") ? $skinPathErrors : PATH_GULLIVER_HOME . "methods" . PATH_SEP . "errors" . PATH_SEP;
$virtualURITable['/gulliver/(*)'] = PATH_GULLIVER_HOME . 'methods/';
$virtualURITable['/controls/(*)'] = PATH_GULLIVER_HOME . 'methods/controls/';
//$virtualURITable['/images/'] = 'errorFile';
//$virtualURITable['/skins/'] = 'errorFile';
//$virtualURITable['/files/'] = 'errorFile';
$virtualURITable["/update/(*)"] = ($skinPathUpdate != "") ? $skinPathUpdate : PATH_GULLIVER_HOME . "methods" . PATH_SEP . "update" . PATH_SEP;
//$virtualURITable['/(*)'] = PATH_HTML;
$virtualURITable['/css/(*)'] = PATH_HTML . 'css/'; //ugly
$virtualURITable['/skin/(*)'] = PATH_HTML;
$virtualURITable['/skins/(*)'] = PATH_HTML . 'skins/'; //ugly
$virtualURITable['/images/(*)'] = PATH_HTML . 'images/'; //ugly
$virtualURITable['/[a-zA-Z][a-zA-Z0-9]{0,}/'] = 'errorFile';

// Verify if we need to redirect or stream the file, if G:VirtualURI returns true means we are going to redirect the page
if (Bootstrap::virtualURI($_SERVER['REQUEST_URI'], $virtualURITable, $realPath)) {
    // review if the file requested belongs to public_html plugin
    if (substr($realPath, 0, 6) == 'plugin') {
        // Another way to get the path of Plugin public_html and stream the correspondent file, By JHL Jul 14, 08
        // TODO: $pathsQuery will be used?
        $pathsQuery = '';
        // Get the query side
        // Did we use this variable $pathsQuery for something??
        $forQuery = explode("?", $realPath);
        if (isset($forQuery[1])) {
            $pathsQuery = $forQuery[1];
        }

        //Get that path in array
        $paths = explode(PATH_SEP, $forQuery[0]);
        //remove the "plugin" word from
        $paths[0] = substr($paths[0], 6);
        //Get the Plugin Folder, always the first element
        $pluginFolder = array_shift($paths);
        //The other parts are the realpath into public_html (no matter how many elements)
        $filePath = implode(PATH_SEP, $paths);
        $pluginFilename = PATH_PLUGINS . $pluginFolder . PATH_SEP . 'public_html' . PATH_SEP . $filePath;

        if (file_exists($pluginFilename)) {
            Bootstrap::streamFile($pluginFilename, false, '', true);
        }
        exit();
    }

    $requestUriArray = explode("/", $_SERVER['REQUEST_URI']);

    if ((isset($requestUriArray[1])) && ($requestUriArray[1] == 'skin')) {
        // This will allow to public images of Custom Skins, By JHL Feb 28, 11
        $pathsQuery = "";
        // Get the query side
        // This way we remove garbage
        $forQuery = explode("?", $realPath);
        if (isset($forQuery[1])) {
            $pathsQuery = $forQuery[1];
        }

        //Get that path in array
        $paths = explode(PATH_SEP, $forQuery[0]);
        $url = (preg_match("/^(.*)\?.*$/", $_SERVER["REQUEST_URI"],
            $arrayMatch)) ? $arrayMatch[1] : $_SERVER["REQUEST_URI"];

        $fileToBeStreamed = str_replace("/skin/", PATH_CUSTOM_SKINS, $url);

        if (file_exists($fileToBeStreamed)) {
            Bootstrap::streamFile($fileToBeStreamed);
        }
        exit();
    }

    switch ($realPath) {
        case 'jsMethod':
            Bootstrap::parseURI(getenv("REQUEST_URI"));
            $filename = PATH_METHODS . SYS_COLLECTION . '/' . SYS_TARGET . '.js';
            Bootstrap::streamFile($filename);
            exit();
            break;
        case 'errorFile':
            ob_start();
            header("location: /errors/error404.php?url=" . urlencode($_SERVER['REQUEST_URI']));
            if (DEBUG_TIME_LOG) {
                Bootstrap::logTimeByPage();
            } //log this page
            exit();
            break;
        default:
            //Process files loaded with tag head in HTML
            $realPath = explode('?', $realPath);
            $realPath[0] .= strpos(basename($realPath[0]), '.') === false ? '.php' : '';
            Bootstrap::streamFile($realPath[0]);
            exit();
    }
} //virtual URI parser

// the request correspond to valid php page, now parse the URI
$arrayFriendlyUri = [];
$arrayFriendlyUri['cases/opencase'] = '/^[\w\-]{32}$/';

Bootstrap::parseURI(getenv('REQUEST_URI'), $arrayFriendlyUri);

if (SYS_TARGET === false) {
    header('Location: /errors/error404.php?url=' . urlencode($_SERVER['REQUEST_URI']));
    exit(0);
}

// Bootstrap::mylog("sys_temp: ".SYS_TEMP);
$arrayUpdating = Bootstrap::isPMUnderUpdating();
if (isset($arrayUpdating['action']) && $arrayUpdating['action']) {
    if ($arrayUpdating['workspace'] == "true" || $arrayUpdating['workspace'] == SYS_TEMP) {
        header("location: /update/updating.php");
        if (DEBUG_TIME_LOG) {
            Bootstrap::logTimeByPage();
        }
        die();
    }
}
Bootstrap::logTimeByPage();

// verify if index.html exists
if (!file_exists(PATH_HTML . 'index.html')) { // if not, create it from template
    file_put_contents(PATH_HTML . 'index.html', Bootstrap::parseTemplate(PATH_TPL . 'index.html', array(
        'lang' => ((defined('SYS_LANG') && SYS_LANG != '') ? SYS_LANG : 'en'),
        'skin' => SYS_SKIN
    )));
}


define('SYS_URI', '/sys' . SYS_TEMP . '/' . SYS_LANG . '/' . SYS_SKIN . '/');

// defining the serverConf singleton
if (defined('PATH_DB') && file_exists(PATH_DB)) {
    //Instance Server Configuration Singleton
    $oServerConf = ServerConf::getSingleton();
}

// Create headPublisher singleton
$oHeadPublisher = headPublisher::getSingleton();


// Installer, redirect to install if we don't have a valid shared data folder
if (!defined('PATH_DB') || !file_exists(PATH_DB)) {
    // new installer, extjs based

    //important to start laravel classes
    app()->useStoragePath(realpath(PATH_DATA));
    app()->make(Kernel::class)->bootstrap();
    restore_error_handler();

    $pathFile = PATH_CONTROLLERS . 'InstallerModule.php';
    require_once ($pathFile);
    $controller = InstallerModule::class;

    // if the method name is empty set default to index method
    if (strpos(SYS_TARGET, '/') !== false) {
        list($controller, $controllerAction) = explode('/', SYS_TARGET);
    } else {
        $controllerAction = SYS_TARGET;
    }

    $controllerAction = ($controllerAction != '' && $controllerAction != 'login') ? $controllerAction : 'index';

    // create the installer controller and call its method
    if (method_exists(InstallerModule::class, $controllerAction)) {
        $installer = new $controller();
        $installer->setHttpRequestData($_REQUEST);

        $installer->call($controllerAction);
    } else {
        $_SESSION['phpFileNotFound'] = $_SERVER['REQUEST_URI'];
        header("location: /errors/error404.php?url=" . urlencode($_SERVER['REQUEST_URI']));
    }
    exit();
}

app()->useStoragePath(realpath(PATH_DATA));
app()->make(Kernel::class)->bootstrap();
restore_error_handler();
//Overwrite with the Processmaker env.ini configuration used in production environments
//@todo: move env.ini configuration to .env
ini_set('display_errors', $config['display_errors']);
ini_set('error_reporting', $config['error_reporting']);
ini_set('short_open_tag', 'On');
ini_set('default_charset', "UTF-8");
ini_set('soap.wsdl_cache_enabled', $config['wsdl_cache']);
ini_set('date.timezone', TIME_ZONE); //Set Time Zone

date_default_timezone_set(TIME_ZONE);

config(['app.timezone' => TIME_ZONE]);

// Load Language Translation
Bootstrap::LoadTranslationObject(defined('SYS_LANG') ? SYS_LANG : "en");

// look for a disabled workspace
if ($oServerConf->isWSDisabled(SYS_TEMP)) {
    $aMessage['MESSAGE'] = Bootstrap::LoadTranslation('ID_DISB_WORKSPACE');
    $G_PUBLISH = new Publisher();
    $G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/showMessage', '', $aMessage);
    Bootstrap::RenderPage('publish');
    die();
}

// database and workspace definition
// if SYS_TEMP exists, the URL has a workspace, now we need to verify if exists their db.php file
if (defined('SYS_TEMP') && SYS_TEMP != '') {
    //this is the default, the workspace db.php file is in /shared/workflow/sites/SYS_SYS
    $pathFile = PATH_DB . SYS_TEMP . '/db.php';
    if (file_exists($pathFile)) {
        require_once($pathFile);
        define('SYS_SYS', SYS_TEMP);
        config(["system.workspace" => SYS_TEMP]);

        // defining constant for workspace shared directory
        define('PATH_WORKSPACE', PATH_DB . config("system.workspace") . PATH_SEP);

        // including workspace shared classes -> particularlly for pmTables
        set_include_path(get_include_path() . PATH_SEPARATOR . PATH_WORKSPACE);
    } else {
        if (SYS_LANG != '' && SYS_SKIN != '') {
            Bootstrap::SendTemporalMessage('ID_NOT_WORKSPACE', "error");
            Bootstrap::header('location: /sys/' . SYS_LANG . '/' . SYS_SKIN . '/main/sysLogin?errno=2');
        } else {
            header('location: /errors/error404.php?url=' . urlencode($_SERVER['REQUEST_URI']));
        }
        die();
    }
} else { //when we are in global pages, outside any valid workspace
    if (SYS_TARGET === 'newSite') {
        $phpFile = G::ExpandPath('methods') . SYS_COLLECTION . "/" . SYS_TARGET . '.php';
        require_once($phpFile);
        die();
    } else {
        if (substr(SYS_SKIN, 0,
                2) === 'ux' && SYS_TARGET != 'sysLoginVerify') { // new ux sysLogin - extjs based form
            $pathFile = PATH_CONTROLLERS . 'main.php';
            require_once $pathFile;
            $controllerClass = 'Main';
            $controllerAction = SYS_TARGET == 'sysLoginVerify' ? SYS_TARGET : 'sysLogin';
            //if the method exists
            if (method_exists(
                $controllerClass,
                $controllerAction
            )) {
                $controller = new $controllerClass();
                $controller->setHttpRequestData($_REQUEST);
                $controller->call($controllerAction);
            }
        } else { // classic sysLogin interface
            $pathFile = PATH_METHODS . "login/sysLogin.php";
            require_once($pathFile);
            die();
        }
        if (DEBUG_TIME_LOG) {
            Bootstrap::logTimeByPage();
        } //log this page
        die();
    }
}

// PM Paths DATA
define('PATH_DATA_SITE', PATH_DATA . 'sites/' . config("system.workspace") . '/');
define('PATH_DOCUMENT', PATH_DATA_SITE . 'files/');
define('PATH_DATA_MAILTEMPLATES', PATH_DATA_SITE . 'mailTemplates/');
define('PATH_DATA_PUBLIC', PATH_DATA_SITE . 'public/');
define('PATH_DATA_REPORTS', PATH_DATA_SITE . 'reports/');
define('PATH_DYNAFORM', PATH_DATA_SITE . 'xmlForms/');
define('PATH_IMAGES_ENVIRONMENT_FILES', PATH_DATA_SITE . 'usersFiles' . PATH_SEP);
define('PATH_IMAGES_ENVIRONMENT_USERS', PATH_DATA_SITE . 'usersPhotographies' . PATH_SEP);
define('SERVER_NAME', $_SERVER['SERVER_NAME']);
define('SERVER_PORT', $_SERVER['SERVER_PORT']);

// create memcached singleton
$memcache = PMmemcached::getSingleton(config("system.workspace"));

// load Plugins base class

// setup propel definitions and logging
//changed to autoloader

if (defined('DEBUG_SQL_LOG') && DEBUG_SQL_LOG) {
    define('PM_PID', mt_rand(1, 999999));
    require_once 'Log.php';

    // register debug connection decorator driver
    Creole::registerDriver('*', 'creole.contrib.DebugConnection');

    // initialize Propel with converted config file
    Propel::init(PATH_CORE . "config/databases.php");

    // unified log file for all databases
    $logFile = PATH_DATA . 'log' . PATH_SEP . 'propel.log';
    $logger = Log::singleton('file', $logFile, 'wf ' . config("system.workspace"), null, PEAR_LOG_INFO);
    Propel::setLogger($logger);
    // log file for workflow database
    $con = Propel::getConnection('workflow');
    if ($con instanceof DebugConnection) {
        $con->setLogger($logger);
    }
    // log file for rbac database
    $con = Propel::getConnection('rbac');

    if ($con instanceof DebugConnection) {
        $con->setLogger($logger);
    }

    // log file for report database
    $con = Propel::getConnection('rp');
    if ($con instanceof DebugConnection) {
        $con->setLogger($logger);
    }
} else {
    Propel::init(PATH_CORE . "config/databases.php");
}

/**
 * JobsManager
 */
JobsManager::getSingleton()->init();

//here we are loading all plugins registered
//the singleton has a list of enabled plugins
$oPluginRegistry = PluginRegistry::loadSingleton();
$attributes = $oPluginRegistry->getAttributes();
Bootstrap::LoadTranslationPlugins(defined('SYS_LANG') ? SYS_LANG : "en", $attributes);
// Initialization functions plugins
$oPluginRegistry->init();

$_GET = \ProcessMaker\Util\DateTime::convertDataToUtc($_GET);
$_POST = \ProcessMaker\Util\DateTime::convertDataToUtc($_POST);
$_REQUEST = \ProcessMaker\Util\DateTime::convertDataToUtc($_REQUEST);

Creole::registerDriver('dbarray', 'creole.contrib.DBArrayConnection');

// Session Initializations
ini_set('session.auto_start', '1');

// The register_globals feature has been DEPRECATED as of PHP 5.3.0. default value Off.
// ini_set( 'register_globals', 'Off' );
//session_start();
ob_start();

// Rebuild the base Workflow translations if not exists
if (!is_file(PATH_LANGUAGECONT . 'translation.en')) {
    $pathFile = PATH_CLASSES . "model" . PATH_SEP . "Translation.php";

    require_once($pathFile);

    $pmTranslation = new Translation();
    $fields = $pmTranslation->generateFileTranslation("en");

    // Load Language Translation
    Bootstrap::LoadTranslationObject("en");
}

// TODO: Verify if the language set into url is defined in translations env.
if (SYS_LANG != 'en' && !is_file(PATH_LANGUAGECONT . 'translation.' . SYS_LANG)) {
    $pathFile = PATH_CLASSES . "model" . PATH_SEP . "Translation.php";

    require_once($pathFile);

    $pmTranslation = new Translation();
    $fields = $pmTranslation->generateFileTranslation(SYS_LANG);

    // Load Language Translation
    Bootstrap::LoadTranslationObject(SYS_LANG);
}

// Setup plugins
$oPluginRegistry->setupPlugins(); //get and setup enabled plugins
$avoidChangedWorkspaceValidation = false;

// Load custom Classes and Model from Plugins.
Bootstrap::LoadAllPluginModelClasses();

// jump to php file in methods directory
$collectionPlugin = '';
if ($oPluginRegistry->isRegisteredFolder(SYS_COLLECTION)) {
    $phpFile = PATH_PLUGINS . SYS_COLLECTION . PATH_SEP . SYS_TARGET . '.php';
    $targetPlugin = explode('/', SYS_TARGET);
    $collectionPlugin = $targetPlugin[0];
    $avoidChangedWorkspaceValidation = true;
} else {
    $phpFile = Bootstrap::ExpandPath('methods') . SYS_COLLECTION . PATH_SEP . SYS_TARGET . '.php';
}

// services is a special folder,
if (SYS_COLLECTION == 'services') {
    $avoidChangedWorkspaceValidation = true;
    $targetPlugin = explode('/', SYS_TARGET);

    if ($targetPlugin[0] == 'webdav') {
        $phpFile = Bootstrap::ExpandPath('methods') . SYS_COLLECTION . PATH_SEP . 'webdav.php';
    }
}

if (SYS_COLLECTION == 'login' && SYS_TARGET == 'login') {
    $avoidChangedWorkspaceValidation = true;
}

$bWE = false;
$isControllerCall = false;
$isPluginController = false;

if (substr(SYS_COLLECTION, 0, 8) === 'gulliver') {
    $phpFile = PATH_GULLIVER_HOME . 'methods/' . substr(SYS_COLLECTION, 8) . SYS_TARGET . '.php';
} else {
    //when the file is part of the public directory of any PROCESS, this a ProcessMaker feature
    if (preg_match('/^[0-9][[:alnum:]]+$/', SYS_COLLECTION) == 1) { //the pattern is /sysSYS/LANG/SKIN/PRO_UID/file
        $auxPart = explode('/', $_SERVER['REQUEST_URI']);
        $aAux = explode('?', $auxPart[count($auxPart) - 1]);
        //$extPart = explode ( '.' , $auxPart[ count($auxPart)-1] );
        $extPart = explode('.', $aAux[0]);
        $queryPart = isset($aAux[1]) ? $aAux[1] : "";
        $extension = $extPart[count($extPart) - 1];
        $phpFile = PATH_DATA_SITE . 'public' . PATH_SEP . SYS_COLLECTION . PATH_SEP . urldecode($auxPart[count($auxPart) - 1]);
        $aAux = explode('?', $phpFile);
        $phpFile = $aAux[0];

        if ($extension != 'php') {
            Bootstrap::streamFile($phpFile);
            die();
        }

        $isWebEntry = \ProcessMaker\BusinessModel\WebEntry::isWebEntry(SYS_COLLECTION, $phpFile);
        if (\Bootstrap::getDisablePhpUploadExecution() === 1 && !$isWebEntry) {
            $message = \G::LoadTranslation('ID_THE_PHP_FILES_EXECUTION_WAS_DISABLED');
            $context = [
                'filename' => $phpFile,
                'url' => $_SERVER["REQUEST_URI"] ?? ''
            ];
            Log::channel(':phpExecution')->alert($message, \Bootstrap::context($context));
            echo $message;
            die();
        } else {
            //Backward compatibility: Preload PmDynaform for old generated webentry files.
            class_exists('PmDynaform');
            $message = 'Php Execution';
            $context = [
                'filename' => $phpFile,
                'url' => $_SERVER["REQUEST_URI"] ?? ''
            ];
            Log::channel(':phpExecution')->info($message, \Bootstrap::context($context));
        }

        $avoidChangedWorkspaceValidation = true;
        $bWE = true;
        //$phpFile = PATH_DATA_SITE . 'public' . PATH_SEP .  SYS_COLLECTION . PATH_SEP . $auxPart[ count($auxPart)-1];
    }

    //erik: verify if it is a Controller Class or httpProxyController Class
    if (is_file(PATH_CONTROLLERS . SYS_COLLECTION . '.php')) {
        $pathFile = PATH_CONTROLLERS . SYS_COLLECTION . '.php';
        require_once $pathFile;
        $controllerClass = SYS_COLLECTION;
        //if the method name is empty set default to index method
        $controllerAction = SYS_TARGET != '' ? SYS_TARGET : 'index';
        //if the method exists
        if (method_exists($controllerClass, $controllerAction)) {
            $isControllerCall = true;
        }

        if (substr(SYS_SKIN, 0, 2) != "ux" && $controllerClass == "main") {
            $isControllerCall = false;
        }
    }

    if (is_dir(PATH_PLUGINS . SYS_COLLECTION) && $oPluginRegistry->isRegisteredFolder(SYS_COLLECTION)) {
        $pluginName = SYS_COLLECTION;
        $pluginResourceRequest = explode('/', rtrim(SYS_TARGET, '/'));
        $isPluginController = true;

        if ($pluginResourceRequest > 0) {
            $controllerClass = $pluginResourceRequest[0];

            if (count($pluginResourceRequest) == 1) {
                $controllerAction = 'index';
            } else {
                $controllerAction = $pluginResourceRequest[1];
            }
        }

        $pluginControllerPath = PATH_PLUGINS . $pluginName . PATH_SEP . 'controllers' . PATH_SEP;

        $pathFile = $pluginControllerPath . $controllerClass . '.php';
        if (is_file($pathFile)) {
            require_once $pathFile;
        } elseif (is_file($pluginControllerPath . ucfirst($controllerClass) . '.php')) {
            $controllerClass = ucfirst($controllerClass);
            require_once $pathFile;
        } elseif (is_file($pluginControllerPath . ucfirst($controllerClass) . 'Controller.php')) {
            $controllerClass = ucfirst($controllerClass) . 'Controller';
            require_once $pathFile;
        }

        //if the method exists
        if (method_exists($controllerClass, $controllerAction)) {
            $isControllerCall = true;
        }
    }

    if (!$isControllerCall && !file_exists($phpFile)) {
        $_SESSION['phpFileNotFound'] = $_SERVER['REQUEST_URI'];
        header("location: /errors/error404.php?url=" . urlencode($_SERVER['REQUEST_URI']));
        die();
    }
}

//redirect to login, if user changed the workspace in the URL
if (!$avoidChangedWorkspaceValidation && isset($_SESSION['WORKSPACE']) && $_SESSION['WORKSPACE'] != config("system.workspace")) {
    $_SESSION['WORKSPACE'] = config("system.workspace");
    Bootstrap::SendTemporalMessage('ID_USER_HAVENT_RIGHTS_SYSTEM', "error");
    // verify if the current skin is a 'ux' variant
    $urlPart = substr(SYS_SKIN, 0, 2) == 'ux' && SYS_SKIN != 'uxs' ? '/main/login' : '/login/login';

    header('Location: /sys' . config("system.workspace") . '/' . SYS_LANG . '/' . SYS_SKIN . $urlPart);
    die();
}

// enable rbac

$RBAC = RBAC::getSingleton(PATH_DATA, session_id());
$RBAC->sSystem = 'PROCESSMAKER';

// define and send Headers for all pages
if (!defined('EXECUTE_BY_CRON')) {
    header("Expires: " . gmdate("D, d M Y H:i:s", mktime(0, 0, 0, date('m'), date('d') - 1, date('Y'))) . " GMT");
    header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
    header("Cache-Control: no-store, no-cache, must-revalidate");
    header("Cache-Control: post-check=0, pre-check=0", false);
    header("Pragma: no-cache");

    // get the language direction from ServerConf
    define('SYS_LANG_DIRECTION', $oServerConf->getLanDirection());

    if ((isset($_SESSION['USER_LOGGED'])) && (!(isset($_GET['sid'])))) {
        if ((preg_match("/msie/i", $_SERVER ['HTTP_USER_AGENT']) != 1 ||
                $config['ie_cookie_lifetime'] == 1) &&
            (!(preg_match("/safari/i", $_SERVER ['HTTP_USER_AGENT']) == 1 && preg_match("/chrome/i",
                        $_SERVER ['HTTP_USER_AGENT']) == 0) ||
                $config['safari_cookie_lifetime'] == 1)) {
                // Determine session lifetime
                $sessionLifetime = isset($config['session.gc_maxlifetime']) ? $config['session.gc_maxlifetime'] : ini_get('session.gc_maxlifetime');
                // Default to 1440 seconds (24 minutes) if lifetime is not set
                if (is_null($sessionLifetime)) {
                    $sessionLifetime = 1440;
                }                    
                $cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + $sessionLifetime, 'httponly' => true]);
                setcookie(session_name(), session_id(), $cookieOptions);
        }
        $RBAC->initRBAC();
        //using optimization with memcache, the user data will be in memcache 8 hours, or until session id goes invalid
        $memKey = 'rbacSession' . session_id();
        if (($RBAC->aUserInfo = $memcache->get($memKey)) === false) {
            $RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
            $RBAC->verifyDueDateUserLogged();
            $memcache->set($memKey, $RBAC->aUserInfo, PMmemcached::EIGHT_HOURS);
        }
    } else {
        // this is the blank list to allow execute scripts with no login (without session started)
        $noLoginFiles = $noLoginFolders = [];
        $noLoginFiles[] = 'login';
        $noLoginFiles[] = 'authentication';
        $noLoginFiles[] = 'authenticationSso';
        $noLoginFiles[] = 'login_Ajax';
        $noLoginFiles[] = 'sysLoginVerify';
        $noLoginFiles[] = 'processes_Ajax';
        $noLoginFiles[] = 'showLogoFile';
        $noLoginFiles[] = 'forgotPassword';
        $noLoginFiles[] = 'retrivePassword';
        $noLoginFiles[] = 'steps_Ajax';
        $noLoginFiles[] = 'proxyCasesList';
        $noLoginFiles[] = 'proxyNewCasesList';
        $noLoginFiles[] = 'casesStartPage_Ajax';
        $noLoginFiles[] = 'cases_Ajax';
        $noLoginFiles[] = 'casesList_Ajax';
        $noLoginFiles[] = 'proxyReassignCasesList';
        $noLoginFiles[] = 'ajaxListener';
        $noLoginFiles[] = 'cases_Step';
        $noLoginFiles[] = 'cases_ShowOutputDocument';
        $noLoginFiles[] = 'cases_ShowDocument';
        $noLoginFiles[] = 'cases_CatchExecute';
        $noLoginFiles[] = 'cases_SaveData';
        $noLoginFiles[] = 'cases_Derivate';
        $noLoginFiles[] = 'cases_NextStep';
        $noLoginFiles[] = 'casesShowCaseNotes';
        $noLoginFiles[] = 'genericAjax';
        $noLoginFiles[] = 'casesSaveDataView';
        $noLoginFiles[] = 'propelTableAjax';
        $noLoginFiles[] = 'casesStreamingFile';
        $noLoginFiles[] = 'opencase';
        $noLoginFiles[] = 'defaultAjaxDynaform';

        $noLoginFolders[] = 'services';
        $noLoginFolders[] = 'tracker';
        $noLoginFolders[] = 'InstallerModule';
        
        $data = new stdClass();
        $data->noLoginFiles = &$noLoginFiles;
        $data->noLoginFolders = &$noLoginFolders;
        AppEvent::getAppEvent()->dispatch(AppEvent::SCRIPTS_WITH_NO_LOGIN, $data);

        // This sentence is used when you lost the Session
        if (!in_array(SYS_TARGET, $noLoginFiles) && !in_array(SYS_COLLECTION,
                $noLoginFolders) && $bWE != true && $collectionPlugin != 'services') {
            $bRedirect = true;
            if (isset($_GET['sid'])) {
                $oSessions = new Sessions();
                if ($aSession = $oSessions->verifySession($_GET['sid'])) {
                    require_once 'classes/model/Users.php';
                    $oUser = new Users();
                    $aUser = $oUser->load($aSession['USR_UID']);
                    initUserSession(
                        $aUser['USR_UID'],
                        $aUser['USR_USERNAME']
                    );
                    $bRedirect = false;
                    if ((preg_match("/msie/i", $_SERVER ['HTTP_USER_AGENT']) != 1 ||
                            $config['ie_cookie_lifetime'] == 1) &&
                        (!(preg_match("/safari/i", $_SERVER ['HTTP_USER_AGENT']) == 1 && preg_match("/chrome/i",
                                    $_SERVER ['HTTP_USER_AGENT']) == 0) ||
                            $config['safari_cookie_lifetime'] == 1)) {
                        $cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + $timelife, 'httponly' => true]);
                        setcookie(session_name(), session_id(), $cookieOptions);
                    }
                    $RBAC->initRBAC();
                    $RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
                    $memKey = 'rbacSession' . session_id();
                    $memcache->set($memKey, $RBAC->aUserInfo, PMmemcached::EIGHT_HOURS);
                }
            }

            if (isset($_GET['tracker_designer']) && intval($_GET['tracker_designer']) !== 1) {
                unset($_GET['tracker_designer']);
            }

            if ($bRedirect && (!isset($_GET['tracker_designer']) || (!isset($_SESSION['CASE']) && !isset($_SESSION['PIN'])))) {
                if (substr(SYS_SKIN, 0, 2) === 'ux' && SYS_SKIN !== 'uxs') { // verify if the current skin is a 'ux' variant
                    $loginUrl = 'main/login';
                } else if (strpos($_SERVER['REQUEST_URI'], '/home') !== false) { //verify is it is using the uxs skin for simplified interface
                    $loginUrl = 'home/login';
                } else {
                    $loginUrl = 'login/login'; // just set up the classic login
                }

                if (empty($_POST)) {
                    $headerString = 'location: ' . SYS_URI . $loginUrl . '?u=' . urlencode($_SERVER['REQUEST_URI']);
                    AppEvent::getAppEvent()->dispatch(AppEvent::LOGIN, $headerString);
                    header($headerString);
                } else {
                    if ($isControllerCall) {
                        header("HTTP/1.0 302 session lost in controller");
                    } else {
                        header('location: ' . SYS_URI . $loginUrl);
                    }
                }
                die();
            }
        }
    }
    $_SESSION['phpLastFileFound'] = $_SERVER['REQUEST_URI'];

    // Check if the timezone for the user is valid
    if (!empty($_SESSION['USER_LOGGED']) && isset($_SESSION['__TIME_ZONE_FAILED__']) && $_SESSION['__TIME_ZONE_FAILED__'] &&
        (SYS_COLLECTION != 'login' && SYS_TARGET != 'login')) {
        $userTimeZone = $_SESSION['USR_TIME_ZONE'];
        $browserTimeZone = $_SESSION['BROWSER_TIME_ZONE'];

        $dateTime = new \ProcessMaker\Util\DateTime();

        $userTimeZoneOffset = $dateTime->getTimeZoneOffsetByTimeZoneId($userTimeZone);
        $browserTimeZoneOffset = $dateTime->getTimeZoneOffsetByTimeZoneId($browserTimeZone);

        $userUtcOffset = $dateTime->getUtcOffsetByTimeZoneOffset($userTimeZoneOffset);
        $browserUtcOffset = $dateTime->getUtcOffsetByTimeZoneOffset($browserTimeZoneOffset);

        $arrayTimeZoneId = $dateTime->getTimeZoneIdByTimeZoneOffset($browserTimeZoneOffset);

        array_unshift($arrayTimeZoneId, 'false');
        array_walk($arrayTimeZoneId, function (&$value, $key, $parameter) { $value = ['TZ_UID' => $value, 'TZ_NAME' => '(UTC ' . $parameter . ') ' . $value]; }, $browserUtcOffset);

        $_SESSION['_DBArray'] = ['TIME_ZONE' => $arrayTimeZoneId];

        $arrayData = [
            'USR_TIME_ZONE' => '(UTC ' . $userUtcOffset . ') ' . $userTimeZone,
            'BROWSER_TIME_ZONE' => $browserTimeZone
        ];

        global $G_PUBLISH;
        $G_PUBLISH = new Publisher();
        $G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/TimeZoneAlert', '', $arrayData, SYS_URI . 'login/updateTimezone');

        G::RenderPage('publish');
        exit(0);
    }

    // Initialization functions plugins
    $oPluginRegistry->init();

    if ($isControllerCall) { //Instance the Controller object and call the request method
        ValidationUploadedFiles::getValidationUploadedFiles()
                ->runRulesToAllUploadedFiles();
        $controller = new $controllerClass();
        $controller->setHttpRequestData($_REQUEST);

        if ($isPluginController) {
            $controller->setPluginName($pluginName);
            $controller->setPluginHomeDir(PATH_PLUGINS . $pluginName . PATH_SEP);
        }

        $controller->call($controllerAction);
    } else {
        ChangeLog::getChangeLog()
                ->setSourceId(ChangeLog::FromWeb)
                ->setSkin(SYS_SKIN)
                ->setLanguage(SYS_LANG)
                ->getUsrIdByUsrUid(empty($_SESSION['USER_LOGGED']) ? '' : $_SESSION['USER_LOGGED']);

        ValidationUploadedFiles::getValidationUploadedFiles()
                ->runRulesToAllUploadedFiles();
        require_once $phpFile;
    }

    if (defined('SKIP_HEADERS')) {
        header("Expires: " . gmdate("D, d M Y H:i:s", mktime(0, 0, 0, date('m'), date('d'), date('Y') + 1)) . " GMT");
        header('Cache-Control: public');
        header('Pragma: ');
    }

    @ob_end_flush();
    if (DEBUG_TIME_LOG) {
        bootstrap::logTimeByPage(); //log this page
    }
}