Consistent use of relative URLs, and make BASE_URL optional

calls/call_document_merge_help.class.php

@@ -20,25 +20,25 @@ function run()
 					<tr>
 						<td>Simple list of people in a table</td>
 						<td class="nowrap">
-							<a href="./resources/merge_samples/example_list_of_people.ods">ODS</a> &nbsp;
-							<a href="./resources/merge_samples/example_list_of_people.xlsx">XLSX</a> &nbsp;
-							<a href="./resources/merge_samples/example_list_of_people.odt">ODT</a> &nbsp;
-							<a href="./resources/merge_samples/example_list_of_people.docx">DOCX</a>
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_list_of_people.ods">ODS</a> &nbsp;
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_list_of_people.xlsx">XLSX</a> &nbsp;
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_list_of_people.odt">ODT</a> &nbsp;
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_list_of_people.docx">DOCX</a>
 						</td>
 					</tr>
 					<tr>
 						<td>Nametags, A4, 3x7 per page</td>
 						<td>
-							<a href="./resources/merge_samples/example_nametags_7x3.docx">DOCX</a>
-							<a href="./resources/merge_samples/example_nametags_7x3.odt">ODT</a>
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_nametags_7x3.docx">DOCX</a>
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_nametags_7x3.odt">ODT</a>
 						</td>
 					</tr>
 					<tr>
 						<td>Attendance list, with birthdays highlighted
 							<br /><small><i>This also shows date of birth (a custom field) and whether they have had a birthday in the past week. The ODS version uses conditional formatting to omit dividing lines between members of the same family.</i></small></td>
 						<td>
-							<a href="./resources/merge_samples/example_attendance_sheet.ods">ODS</a> &nbsp;
-							<a href="./resources/merge_samples/example_attendance_sheet.xlsx">XLSX</a>
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_attendance_sheet.ods">ODS</a> &nbsp;
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_attendance_sheet.xlsx">XLSX</a>
 						</td>
 					</tr>
 				</table>
@@ -47,15 +47,15 @@ function run()
 					<tr>
 						<td>Mailing labels, A4, 3x7 per page</td>
 						<td>
-							<a href="./resources/merge_samples/example_mailing_labels_7x3.docx">DOCX</a>
-							<a href="./resources/merge_samples/example_mailing_labels_7x3.odt">ODT</a>
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_mailing_labels_7x3.docx">DOCX</a>
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_mailing_labels_7x3.odt">ODT</a>
 						</td>
 					</tr>
 					<tr>
 						<td>Family attendance sheet</td>
 						<td>
-							<a href="./resources/merge_samples/example_family_attendance.ods">ODS</a> &nbsp;
-							<a href="./resources/merge_samples/example_family_attendance.xlsx">XLSX</a>
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_family_attendance.ods">ODS</a> &nbsp;
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_family_attendance.xlsx">XLSX</a>
 						</td>
 					</tr>
 				</table>
@@ -145,8 +145,8 @@ function run()
 				</ul>
 
 				<p>Example Attendance-Specific Template 3 uses this concept:			
-							<a href="./resources/merge_samples/example_monthly_attendance2.ods">ODS</a> &nbsp;
-							<a href="./resources/merge_samples/example_monthly_attendance2.xlsx">XLSX</a> &nbsp;
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_monthly_attendance2.ods">ODS</a> &nbsp;
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_monthly_attendance2.xlsx">XLSX</a> &nbsp;
 				</p>
 
 				<p><b>Special considerations</b></p>
@@ -176,14 +176,14 @@ function run()
 				<p>Note: Columns with a total of zero are included.</p>
 				<p>
 				<b>Example Attendance-Specific Templates</b>:<br />  Example 1:
-							<a href="./resources/merge_samples/example_monthly_attendance.ods">ODS</a> &nbsp;
-							<a href="./resources/merge_samples/example_monthly_attendance.xlsx">XLSX</a><br>
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_monthly_attendance.ods">ODS</a> &nbsp;
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_monthly_attendance.xlsx">XLSX</a><br>
 				Example 2:
-							<a href="./resources/merge_samples/example_monthly_attendance1.ods">ODS</a> &nbsp;
-							<a href="./resources/merge_samples/example_monthly_attendance1.xlsx">XLSX</a><br>
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_monthly_attendance1.ods">ODS</a> &nbsp;
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_monthly_attendance1.xlsx">XLSX</a><br>
 				Example 3:
-							<a href="./resources/merge_samples/example_monthly_attendance2.ods">ODS</a> &nbsp;
-							<a href="./resources/merge_samples/example_monthly_attendance2.xlsx">XLSX</a> &nbsp;
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_monthly_attendance2.ods">ODS</a> &nbsp;
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_monthly_attendance2.xlsx">XLSX</a> &nbsp;
 				</p>
 
 				<h3>Extra Fields for Rosters Page</h3>
@@ -210,11 +210,11 @@ function run()
 				<p>
 				<b>Example Roster-specific Templates</b>:<br />
 				Sign-in sheets: 
-							<a href="./resources/merge_samples/example_roster_sign_in_out_sheet.ods">ODS</a> &nbsp;
-							<a href="./resources/merge_samples/example_roster_sign_in_out_sheet.xlsx">XLSX</a><br>
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_roster_sign_in_out_sheet.ods">ODS</a> &nbsp;
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_roster_sign_in_out_sheet.xlsx">XLSX</a><br>
 				Roster: 
-							<a href="./resources/merge_samples/example_roster.ods">ODS</a> &nbsp;
-							<a href="./resources/merge_samples/example_roster.xlsx">XLSX</a> &nbsp;
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_roster.ods">ODS</a> &nbsp;
+							<a href="<?php echo BASE_URL; ?>/resources/merge_samples/example_roster.xlsx">XLSX</a> &nbsp;
 				</p>
 				<p>
 				<b>Handy hint</b>:<br />

conf.php.sample

@@ -21,12 +21,14 @@ define('DB_DATABASE', '');
 define('DB_USERNAME', '');
 define('DB_PASSWORD', '');
 
-// The URL jethro will be running at.  NB The final slash is important!!
-define('BASE_URL', 'http://example.com/jethro/');
+// The URL jethro will be running at. Only needs to be set if Jethro is running behind a proxy without
+// X-Forwarded-Proto + X-Forwarded-Host, or running scripts/task_reminder.php, where the base URL cannot be inferred
+// define('BASE_URL', 'https://example.com/jethro/');
 
 // Whether the system must be accessed by HTTPS.
 // If this is true, the BASE_URL above must begin with https://
-define('REQUIRE_HTTPS', FALSE);
+// No longer used - Jethro will run wherever it finds itself.
+// define('REQUIRE_HTTPS', FALSE);
 
 ///////////////////////////////////////////////////////////////////////////
 // OPTIONAL DATABASE SETTINGS -

db_objects/person_group.class.php

@@ -50,7 +50,7 @@ protected static function _getFields()
 									'type' => 'select',
 									'options' => Array('No', 'Yes'),
 									'default' => 0,
-									'note' => 'Should members of this group be able to see each other\'s details in <a href="'.BASE_URL.'members">member portal</a>?',
+									'note' => 'Should members of this group be able to see each other\'s details in <a href="'.BASE_URL.'/members">member portal</a>?',
 									'label' => 'Share member details?',
 								),
 		);

db_objects/roster_view.class.php

@@ -106,7 +106,7 @@ protected static function _getFields()
 									'type'		=> 'select',
 									'options'	=> Array('' => 'Private', 'members' => 'Show in members area', 'public' => 'Show in public area'),
 									'default'	=> 0,
-									'note' => 'Whether this roster view is visible in the <a href="'.BASE_URL.'/public/">public area</a> and/or to church members via the <a href="'.BASE_URL.'members/">members area</a>',
+									'note' => 'Whether this roster view is visible in the <a href="'.BASE_URL.'/public/">public area</a> and/or to church members via the <a href="'.BASE_URL.'/members/">members area</a>',
 								),
 			'show_on_run_sheet' => Array(
 									'type'	=> 'select',
@@ -122,7 +122,7 @@ function printForm($prefix='', $fields=NULL)
 	{
 		$this->fields['members'] = Array(); // fake field for interface purposes
 		if ($this->id) {
-			$url = BASE_URL.'public/?view=display_roster&roster_view='.$this->id;
+			$url = BASE_URL.'/public/?view=display_roster&roster_view='.$this->id;
 			if (defined('PUBLIC_ROSTER_SECRET') && strlen(PUBLIC_ROSTER_SECRET)) {
 				$url .= '&secret='.PUBLIC_ROSTER_SECRET;
 			}
@@ -575,7 +575,7 @@ private function _printOutputLabel($member, $service)
 			if (ifdef('PUBLIC_AREA_ENABLED', 1)) {
 				echo '<a class="med-popup" href="'.BASE_URL.'/public/?view=display_role_description&role='.(int)$member['role_id'].'">';
 			} else {
-				echo '<a class="med-popup" href="'.BASE_URL.'?view=rosters__define_roster_roles&roster_roleid='.(int)$member['role_id'].'">';
+				echo '<a class="med-popup" href="?view=rosters__define_roster_roles&roster_roleid='.(int)$member['role_id'].'">';
 			}
 			echo ents($member['role_title']);
 			echo '</a>';
@@ -597,9 +597,9 @@ private function _printOutputValue($member, $service, $asn, $withLinks=TRUE)
 					if ($asn['absenceid']) {
 						echo ' <span class="label label-important" title="Planned absence: '.ents($asn['absence_comment']).'">!</i></span>';
 					}
-					if (('' === $asn['email'])) echo ' <img class="visible-desktop" src="'.BASE_URL.'resources/img/no_email.png" title="No Email Address" />';
+					if (('' === $asn['email'])) echo ' <img class="visible-desktop" src="'.BASE_URL.'/resources/img/no_email.png" title="No Email Address" />';
 					if (('' === $asn['mobile']) && SMS_Sender::canSend()) {
-						echo ' <img class="visible-desktop" src="'.BASE_URL.'resources/img/no_phone.png" title="No Mobile" />';
+						echo ' <img class="visible-desktop" src="'.BASE_URL.'/resources/img/no_phone.png" title="No Mobile" />';
 					}
 					echo '</span>';
 
@@ -841,9 +841,9 @@ function printView($start_date=NULL, $end_date=NULL, $editing=FALSE, $public=FAL
 									if (strlen(strval($vs['absenceid']))) {
 										$n .= ' <a href="'.$href.'#rosters" class="label label-important" title="Planned absence: '.ents($vs['absence_comment']).'">!</i></a>';
 									}
-									if (('' === $vs['email'])) $n .= ' <img class="visible-desktop" src="'.BASE_URL.'resources/img/no_email.png" title="No Email Address" />';
+									if (('' === $vs['email'])) $n .= ' <img class="visible-desktop" src="'.BASE_URL.'/resources/img/no_email.png" title="No Email Address" />';
 									if (('' === $vs['mobile']) && SMS_Sender::canSend()) {
-										$n .= ' <img class="visible-desktop" src="'.BASE_URL.'resources/img/no_phone.png" title="No Mobile" />';
+										$n .= ' <img class="visible-desktop" src="'.BASE_URL.'/resources/img/no_phone.png" title="No Mobile" />';
 					                }
 									$n .= '</span>';
 									$names[] = $n;
@@ -946,7 +946,7 @@ function _printRoleHeaders($editing, $public)
 					if ($public) {
 						echo '<a class="med-popup" href="'.BASE_URL.'/public/?view=display_role_description&role='.(int)$details['role_id'].'">';
 					} else {
-						echo '<a class="med-popup" href="'.BASE_URL.'?view=rosters__define_roster_roles&roster_roleid='.(int)$details['role_id'].'">';
+						echo '<a class="med-popup" href="?view=rosters__define_roster_roles&roster_roleid='.(int)$details['role_id'].'">';
 					}
 					echo ents($details['role_title']);
 					echo '</a>';

db_objects/service.class.php

@@ -402,7 +402,7 @@ function printFieldValue($fieldname, $value=NULL, $printableMode=FALSE)
 							$line .= '<table class="help-block custom-field-tooltip" id="compdetail'.$compid.'-'.$this->id.'"><tr><td class="narrow">CCLI #:</td><td>'.$ccli_code.'</td>';
 							$line .= '<td class="narrow">';
 							if ($this->checkPerm(PERM_SERVICECOMPS)) {
-								$line .= '<a title="Edit this component" href="'.BASE_URL.'?view=_edit_service_component&service_componentid='.$compid.'"><i class="icon-wrench"></i></a>';
+								$line .= '<a title="Edit this component" href="?view=_edit_service_component&service_componentid='.$compid.'"><i class="icon-wrench"></i></a>';
 							}
 							$line .= '</td></tr>';
 							$line .= '<tr><td>Comments:</td><td colspan="2">'.linkUrlsInTrustedHtml(nl2br($item['comments'] ?? '')).'</td></tr></table>';

db_objects/service_component.class.php

@@ -382,7 +382,7 @@ public function printFieldInterface($name, $prefix='')
 				?>
 				<tr>
 					<td><?php print_widget('tags[]', $params, $tagid); ?></td>
-					<td><img src="<?php echo BASE_URL; ?>resources/img/cross_red.png" class="icon delete-row" title="Delete this tag from the list" /></td>
+					<td><img src="<?php echo BASE_URL; ?>/resources/img/cross_red.png" class="icon delete-row" title="Delete this tag from the list" /></td>
 				</tr>
 				<?php
 			}
@@ -394,7 +394,7 @@ public function printFieldInterface($name, $prefix='')
 						<?php print_widget('tags[]', $params, NULL); ?>
 						<input style="display: none" placeholder="Type new tag here" type="text" name="new_tags[]" />
 					</td>
-					<td><img src="<?php echo BASE_URL; ?>resources/img/cross_red.png" class="icon delete-row" title="Delete this tag from the list" /></td>
+					<td><img src="<?php echo BASE_URL; ?>/resources/img/cross_red.png" class="icon delete-row" title="Delete this tag from the list" /></td>
 				</tr>
 			</table>
 			<p class="help-inline"><a href="?view=_manage_service_component_tags">Manage tag library</a></p>

include/general.php

@@ -292,7 +292,7 @@ class="<?php echo trim($classes); ?>"
 			static $includedCK = false;
 			if (!$includedCK) {
 				?>
-				<script src="<?php echo BASE_URL.'resources/ckeditor/ckeditor.js'; ?>"></script>
+				<script src="<?php echo BASE_URL.'/resources/ckeditor/ckeditor.js'; ?>"></script>
 				<?php
 			}
 			$ckParams = 'disableNativeSpellChecker: false,
@@ -777,16 +777,52 @@ function build_url($params)
 			$vars[$i] = $v;
 		}
 	}
-	$protocol = (REQUIRE_HTTPS || !empty($_REQUEST['HTTPS'])) ? 'https://' : 'http://';
-	$ubits = parse_url(BASE_URL);
-	$path = (0 === strpos($_SERVER['PHP_SELF'], $ubits['path'])) ? $_SERVER['PHP_SELF'] : $ubits['path'];
-	if (!empty($ubits['port'])) {
-		return $protocol.str_replace('index.php', '', $ubits['host'].':'.$ubits['port'].$path).'?'.http_build_query($vars);
+	if ($queryparams = http_build_query($vars)) {
+		return get_baseurl_path().'?'.$queryparams;
 	} else {
-		return $protocol.str_replace('index.php', '', $ubits['host'].$path).'?'.http_build_query($vars);
+		return get_baseurl_path();
 	}
 }
 
+/**
+ * Get the path segment of Jethro's URL, without slashes. E.g. given BASE_URL:
+ *  - 'https://jethro.mychurch.org'   returns ''
+ *  - 'https://jethro.mychurch.org/'   returns ''
+ *  - 'https://jethro.mychurch.org//'   returns ''
+ *  - 'https://mychurch.org/jethro'   returns ''
+ *  - '/'   returns ''
+ *  - '/'   returns ''
+ *  - '/'   returns ''
+ * @return string
+ */
+function get_baseurl_path()
+{
+	return trim((parse_url(BASE_URL, PHP_URL_PATH) ?? ''), '/');
+}
+
+/**
+ * Infer Jethro's base URL from the request.
+ */
+function base_url()
+{
+    // Detect scheme
+    $https = (
+        (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ||
+        (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443) ||
+        (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
+    );
+    $scheme = $https ? 'https' : 'http';
+
+    // Detect host (with proxy awareness)
+    $host = $_SERVER['HTTP_X_FORWARDED_HOST'] ?? $_SERVER['HTTP_HOST'] ?? $_SERVER['SERVER_NAME'];
+
+    // Detect base path (the directory your app runs from)
+    $scriptDir = rtrim(str_replace('\\', '/', dirname($_SERVER['SCRIPT_NAME'])), '/');
+
+    // Build base URL (no trailing slash if at root)
+    return $scheme . '://' . $host . ($scriptDir !== '' ? $scriptDir : '');
+}
+
 function speed_log($bam=FALSE)
 {
 	$fn = $bam ? 'bam' : 'error_log';

include/init.php

@@ -27,21 +27,6 @@
 require_once JETHRO_ROOT.'/include/general.php';
 strip_all_slashes();
 
-if (php_sapi_name() != 'cli') {
-	// Make sure we're at the correct URL
-	$do_redirect = FALSE;
-	if (REQUIRE_HTTPS && !defined('IS_PUBLIC') && empty($_SERVER['HTTPS'])) {
-		$do_redirect = TRUE;
-	}
-	if (strpos(array_get($_SERVER, 'HTTP_HOST', array_get($_SERVER, 'SERVER_NAME', '')).$_SERVER['REQUEST_URI'], str_replace(Array('http://', 'https://'), '', BASE_URL)) !== 0) {
-		$do_redirect = TRUE;
-	}
-	if ($do_redirect) {
-		header('Location: '.build_url(Array()));
-		exit();
-	}
-}
-
 // Set up the DB
 require_once JETHRO_ROOT .'/include/jethrodb.php';
 JethroDB::init(ifdef('DB_MODE', 'PRIVATE'));
@@ -61,9 +46,12 @@
 	@ini_set('session.gc_maxlifetime', SESSION_TIMEOUT_MINS*60);
 }
 
+// Default BASE_URL to '' i.e. script-relative.
+if (!defined('BASE_URL')) define('BASE_URL', '');
+
 // If max length is set, set the cookie timeout - this will allow sessions to outlast browser invocations
 $expiryTime = defined('SESSION_MAXLENGTH_MINS') ? SESSION_MAXLENGTH_MINS * 60 : NULL;
-session_set_cookie_params($expiryTime, parse_url(BASE_URL, PHP_URL_PATH));
+session_set_cookie_params($expiryTime, '/'.get_baseurl_path());
 if (session_id() == '') {
 	session_name('JethroSess');
 	session_start();

include/system_controller.class.php

@@ -354,7 +354,7 @@ private function _reportError($title, $bg, $errstr, $errfile, $errline, $bt, $se
 			$content .= "REQUEST: \n".print_r($safe_request,1)."\n\n";
 			$content .= "BACKTRACE:\n";
 			$content .= print_r($bt, 1);
-			@mail(constant('ERRORS_EMAIL_ADDRESS'), 'Jethro Error from '.BASE_URL, $content);
+			@mail(constant('ERRORS_EMAIL_ADDRESS'), 'Jethro Error from '.base_url(), $content);
 		}
 		if ($send_email) error_log("$errstr - Line $errline of $errfile");
 	}
@@ -385,17 +385,6 @@ public function featureEnabled($feature)
 		return in_array(strtoupper($feature), $enabled_features);
 	}
 
-	public static function checkConfigHealth()
-	{
-		if (REQUIRE_HTTPS && (FALSE === strpos(BASE_URL, 'https://'))) {
-			throw new \RuntimeException("Configuration file error: If you set REQUIRE_HTTPS to true, your BASE_URL must start with https");
-		}
-
-		if (substr(BASE_URL, -1) != '/') {
-			throw new \RuntimeException("Configuration file error: Your BASE_URL must end with a slash");
-		}
-	}
-
 	public function setGlobalHeaders()
 	{
         	if (session_id()) {

include/user_system.class.php

@@ -136,7 +136,7 @@ private function _logUserIn($user_details)
 		include_once 'include/size_detector.class.php';
 		SizeDetector::processRequest();
 		session_write_close();
-		header('Location: '.build_url(Array())); // the login form was POSTed; we redirect so the subsequent page load is a clean GET request.
+		header('Location: /'.build_url(Array())); // the login form was POSTed; we redirect so the subsequent page load is a clean GET request.
 		exit;
 	}
 

index.php

@@ -52,7 +52,6 @@
 $GLOBALS['user_system'] = new User_System();
 
 if ($GLOBALS['user_system']->getCurrentUser() == NULL) {
-	System_Controller::checkConfigHealth();
 	// Nobody is logged in, so show login screen or installer
 	if (!$GLOBALS['db']->hasTables()) {
 		require_once JETHRO_ROOT.'/include/installer.class.php';

members/templates/account_request_received.template.php

@@ -24,7 +24,7 @@
 			?>
 			</p>
 
-			<a class="btn btn-lnk" href="<?php echo BASE_URL; ?>members">&laquo; Back to login form</a>
+			<a class="btn btn-lnk" href="<?php echo BASE_URL; ?>/members">&laquo; Back to login form</a>
 
 		</div>
 	</form>

members/templates/main.template.php

@@ -27,7 +27,7 @@
 						</a>
 						<ul class="dropdown-menu pull-right" role="menu" aria-labelledby="user-menu">
 							<li><a href="?view=_change_password">Change Password</a></li>
-							<li><a href="<?php echo BASE_URL; ?>members/?logout=1" data-method="post">Log out</a></li>
+							<li><a href="<?php echo BASE_URL; ?>/members/?logout=1" data-method="post">Log out</a></li>
 						</ul>
 						</span>
 					</div>				

members/views/view_0_edit_ical.class.php

@@ -46,7 +46,7 @@ function printView()
 	{
 		$uuid = $this->person->getValue('feed_uuid');
 		if ($uuid) {
-			$url = BASE_URL.'public/?call=roster_ical&uuid='.rawurlencode($uuid);
+			$url = BASE_URL.'/public/?call=roster_ical&uuid='.rawurlencode($uuid);
 			?>
 			<p>Your personalised roster assignments iCal feed is available at <br />
 				<span class="input-append"><input id="ical-url" type="text" class="span8" autoselect="autoselect" readonly="readonly" value="<?php echo $url; ?>" />