2010-03-10 12:03:40 +00:00
< ? php
/**
2015-03-26 10:44:34 +00:00
* @ author Adam Williamson < awilliam @ redhat . com >
* @ author Andreas Fischer < bantu @ owncloud . com >
* @ author Arthur Schiwon < blizzz @ owncloud . com >
* @ author Bart Visscher < bartv @ thisnet . nl >
* @ author Bernhard Posselt < dev @ bernhard - posselt . com >
* @ author Björn Schießle < schiessle @ owncloud . com >
* @ author Christopher Schäpers < kondou @ ts . unde . re >
* @ author davidgumberg < davidnoizgumberg @ gmail . com >
* @ author Florian Scholz < FlorianScholz @ bgstyle . de >
* @ author Florin Peter < github @ florin - peter . de >
* @ author Frank Karlitschek < frank @ owncloud . org >
* @ author Georg Ehrke < georg @ owncloud . com >
2015-06-25 09:43:55 +00:00
* @ author Hugo Gonzalez Labrador < hglavra @ gmail . com >
2015-10-05 18:54:56 +00:00
* @ author Individual IT Services < info @ individual - it . net >
2015-03-26 10:44:34 +00:00
* @ author Jakob Sack < mail @ jakobsack . de >
* @ author Joas Schilling < nickvergessen @ owncloud . com >
* @ author Jörn Friedrich Dreyer < jfd @ butonic . de >
* @ author Lukas Reschke < lukas @ owncloud . com >
* @ author marc0s < marcos @ tenak . net >
2015-10-05 18:54:56 +00:00
* @ author Martin Mattel < martin . mattel @ diemattels . at >
2015-03-26 10:44:34 +00:00
* @ author Michael Gapczynski < GapczynskiM @ gmail . com >
* @ author Morris Jobke < hey @ morrisjobke . de >
* @ author Owen Winkler < a_github @ midnightcircus . com >
2015-10-05 18:54:56 +00:00
* @ author Phil Davis < phil . davis @ inf . org >
2015-03-26 10:44:34 +00:00
* @ author Ramiro Aparicio < rapariciog @ gmail . com >
* @ author Robin Appelman < icewind @ owncloud . com >
* @ author Robin McCorkell < rmccorkell @ karoshi . org . uk >
* @ author scolebrook < scolebrook @ mac . com >
* @ author Stefan Herbrechtsmeier < stefan @ herbrechtsmeier . net >
* @ author Thomas Müller < thomas . mueller @ tmit . eu >
* @ author Thomas Tanghus < thomas @ tanghus . net >
* @ author Victor Dubiniuk < dubiniuk @ owncloud . com >
* @ author Vincent Petry < pvince81 @ owncloud . com >
* @ author Volkan Gezer < volkangezer @ gmail . com >
2011-04-15 17:24:23 +00:00
*
2015-03-26 10:44:34 +00:00
* @ copyright Copyright ( c ) 2015 , ownCloud , Inc .
* @ license AGPL - 3.0
2011-04-15 17:24:23 +00:00
*
2015-03-26 10:44:34 +00:00
* This code is free software : you can redistribute it and / or modify
* it under the terms of the GNU Affero General Public License , version 3 ,
* as published by the Free Software Foundation .
2011-04-15 17:24:23 +00:00
*
2015-03-26 10:44:34 +00:00
* This program is distributed in the hope that it will be useful ,
2011-04-15 17:24:23 +00:00
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
2015-03-26 10:44:34 +00:00
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU Affero General Public License for more details .
2014-04-27 14:41:09 +00:00
*
2015-03-26 10:44:34 +00:00
* You should have received a copy of the GNU Affero General Public License , version 3 ,
* along with this program . If not , see < http :// www . gnu . org / licenses />
2011-04-15 17:24:23 +00:00
*
*/
2015-02-26 10:37:37 +00:00
2012-11-11 14:52:23 +00:00
require_once 'public/constants.php' ;
2011-08-02 16:31:42 +00:00
/**
* Class that is a namespace for all global OC variables
2011-08-06 09:36:56 +00:00
* No , we can not put this class in its own file because it is used by
* OC_autoload !
2011-08-02 16:31:42 +00:00
*/
2013-01-30 21:55:33 +00:00
class OC {
2013-01-14 19:30:28 +00:00
/**
2013-01-18 18:52:29 +00:00
* Associative array for autoloading . classname => filename
2013-01-14 19:30:28 +00:00
*/
public static $CLASSPATH = array ();
/**
* The installation path for owncloud on the server ( e . g . / srv / http / owncloud )
*/
public static $SERVERROOT = '' ;
/**
* the current request path relative to the owncloud root ( e . g . files / index . php )
*/
private static $SUBURI = '' ;
/**
* the owncloud root path for http requests ( e . g . owncloud / )
*/
public static $WEBROOT = '' ;
/**
* The installation path of the 3 rdparty folder on the server ( e . g . / srv / http / owncloud / 3 rdparty )
*/
public static $THIRDPARTYROOT = '' ;
/**
* the root path of the 3 rdparty folder for http requests ( e . g . owncloud / 3 rdparty )
*/
public static $THIRDPARTYWEBROOT = '' ;
/**
* The installation path array of the apps folder on the server ( e . g . / srv / http / owncloud ) 'path' and
* web path in 'url'
*/
public static $APPSROOTS = array ();
2014-01-17 13:40:48 +00:00
public static $configDir ;
2014-05-10 12:00:22 +00:00
/**
2013-01-14 19:30:28 +00:00
* requested app
*/
public static $REQUESTEDAPP = '' ;
2014-05-10 12:00:22 +00:00
2013-01-14 19:30:28 +00:00
/**
2014-11-26 12:16:22 +00:00
* check if ownCloud runs in cli mode
2013-01-14 19:30:28 +00:00
*/
public static $CLI = false ;
2013-10-06 22:32:08 +00:00
2013-01-14 19:30:28 +00:00
/**
2013-05-07 20:16:02 +00:00
* @ var \OC\Autoloader $loader
2013-01-14 19:30:28 +00:00
*/
2013-05-07 20:16:02 +00:00
public static $loader = null ;
2013-01-14 19:30:28 +00:00
2013-08-20 22:58:15 +00:00
/**
* @ var \OC\Server
*/
public static $server = null ;
2015-03-18 10:48:51 +00:00
/**
* @ throws \RuntimeException when the 3 rdparty directory is missing or
* the app path list is empty or contains an invalid path
*/
2013-01-30 21:55:33 +00:00
public static function initPaths () {
2013-02-02 09:02:10 +00:00
// ensure we can find OC_Config
set_include_path (
OC :: $SERVERROOT . '/lib' . PATH_SEPARATOR .
2013-07-02 15:45:34 +00:00
get_include_path ()
2013-02-02 09:02:10 +00:00
);
2014-03-13 12:33:09 +00:00
if ( defined ( 'PHPUNIT_CONFIG_DIR' )) {
self :: $configDir = OC :: $SERVERROOT . '/' . PHPUNIT_CONFIG_DIR . '/' ;
} elseif ( defined ( 'PHPUNIT_RUN' ) and PHPUNIT_RUN and is_dir ( OC :: $SERVERROOT . '/tests/config/' )) {
2014-01-20 12:41:52 +00:00
self :: $configDir = OC :: $SERVERROOT . '/tests/config/' ;
2014-01-17 13:40:48 +00:00
} else {
self :: $configDir = OC :: $SERVERROOT . '/config/' ;
}
OC_Config :: $object = new \OC\Config ( self :: $configDir );
2013-01-14 19:30:28 +00:00
OC :: $SUBURI = str_replace ( " \\ " , " / " , substr ( realpath ( $_SERVER [ " SCRIPT_FILENAME " ]), strlen ( OC :: $SERVERROOT )));
2015-08-13 05:36:42 +00:00
$scriptName = $_SERVER [ 'SCRIPT_NAME' ];
2013-01-14 19:30:28 +00:00
if ( substr ( $scriptName , - 1 ) == '/' ) {
$scriptName .= 'index.php' ;
//make sure suburi follows the same rules as scriptName
if ( substr ( OC :: $SUBURI , - 9 ) != 'index.php' ) {
if ( substr ( OC :: $SUBURI , - 1 ) != '/' ) {
OC :: $SUBURI = OC :: $SUBURI . '/' ;
}
OC :: $SUBURI = OC :: $SUBURI . 'index.php' ;
}
}
2015-02-23 20:49:35 +00:00
if ( OC :: $CLI ) {
OC :: $WEBROOT = OC_Config :: getValue ( 'overwritewebroot' , '' );
} else {
if ( substr ( $scriptName , 0 - strlen ( OC :: $SUBURI )) === OC :: $SUBURI ) {
OC :: $WEBROOT = substr ( $scriptName , 0 , 0 - strlen ( OC :: $SUBURI ));
2013-01-14 19:30:28 +00:00
2015-02-23 20:49:35 +00:00
if ( OC :: $WEBROOT != '' && OC :: $WEBROOT [ 0 ] !== '/' ) {
OC :: $WEBROOT = '/' . OC :: $WEBROOT ;
}
} else {
// The scriptName is not ending with OC::$SUBURI
// This most likely means that we are calling from CLI.
// However some cron jobs still need to generate
// a web URL, so we use overwritewebroot as a fallback.
OC :: $WEBROOT = OC_Config :: getValue ( 'overwritewebroot' , '' );
2014-07-07 13:01:02 +00:00
}
2013-01-14 19:30:28 +00:00
}
// search the 3rdparty folder
2014-07-29 19:07:12 +00:00
OC :: $THIRDPARTYROOT = OC_Config :: getValue ( '3rdpartyroot' , null );
OC :: $THIRDPARTYWEBROOT = OC_Config :: getValue ( '3rdpartyurl' , null );
2015-01-14 19:39:23 +00:00
2014-07-30 21:21:40 +00:00
if ( empty ( OC :: $THIRDPARTYROOT ) && empty ( OC :: $THIRDPARTYWEBROOT )) {
2014-07-29 19:07:12 +00:00
if ( file_exists ( OC :: $SERVERROOT . '/3rdparty' )) {
OC :: $THIRDPARTYROOT = OC :: $SERVERROOT ;
OC :: $THIRDPARTYWEBROOT = OC :: $WEBROOT ;
} elseif ( file_exists ( OC :: $SERVERROOT . '/../3rdparty' )) {
OC :: $THIRDPARTYWEBROOT = rtrim ( dirname ( OC :: $WEBROOT ), '/' );
OC :: $THIRDPARTYROOT = rtrim ( dirname ( OC :: $SERVERROOT ), '/' );
}
}
2014-07-30 21:21:40 +00:00
if ( empty ( OC :: $THIRDPARTYROOT ) || ! file_exists ( OC :: $THIRDPARTYROOT )) {
2015-03-18 10:48:51 +00:00
throw new \RuntimeException ( '3rdparty directory not found! Please put the ownCloud 3rdparty'
2013-12-13 12:30:29 +00:00
. ' folder in the ownCloud folder or the folder above.'
. ' You can also configure the location in the config.php file.' );
2013-01-14 19:30:28 +00:00
}
2015-01-14 19:39:23 +00:00
2013-01-14 19:30:28 +00:00
// search the apps folder
$config_paths = OC_Config :: getValue ( 'apps_paths' , array ());
if ( ! empty ( $config_paths )) {
foreach ( $config_paths as $paths ) {
if ( isset ( $paths [ 'url' ]) && isset ( $paths [ 'path' ])) {
$paths [ 'url' ] = rtrim ( $paths [ 'url' ], '/' );
$paths [ 'path' ] = rtrim ( $paths [ 'path' ], '/' );
OC :: $APPSROOTS [] = $paths ;
}
}
} elseif ( file_exists ( OC :: $SERVERROOT . '/apps' )) {
OC :: $APPSROOTS [] = array ( 'path' => OC :: $SERVERROOT . '/apps' , 'url' => '/apps' , 'writable' => true );
} elseif ( file_exists ( OC :: $SERVERROOT . '/../apps' )) {
2013-02-11 16:44:02 +00:00
OC :: $APPSROOTS [] = array (
'path' => rtrim ( dirname ( OC :: $SERVERROOT ), '/' ) . '/apps' ,
'url' => '/apps' ,
'writable' => true
);
2013-01-14 19:30:28 +00:00
}
if ( empty ( OC :: $APPSROOTS )) {
2015-03-18 10:48:51 +00:00
throw new \RuntimeException ( 'apps directory not found! Please put the ownCloud apps folder in the ownCloud folder'
2013-12-13 12:30:29 +00:00
. ' or the folder above. You can also configure the location in the config.php file.' );
2013-01-14 19:30:28 +00:00
}
$paths = array ();
2013-01-30 21:55:33 +00:00
foreach ( OC :: $APPSROOTS as $path ) {
2013-01-14 19:30:28 +00:00
$paths [] = $path [ 'path' ];
2015-03-18 10:48:51 +00:00
if ( ! is_dir ( $path [ 'path' ])) {
throw new \RuntimeException ( sprintf ( 'App directory "%s" not found! Please put the ownCloud apps folder in the'
. ' ownCloud folder or the folder above. You can also configure the location in the'
. ' config.php file.' , $path [ 'path' ]));
}
2013-01-30 21:55:33 +00:00
}
2013-01-14 19:30:28 +00:00
// set the right include path
set_include_path (
2013-09-25 11:36:30 +00:00
OC :: $SERVERROOT . '/lib/private' . PATH_SEPARATOR .
2013-07-02 15:45:34 +00:00
OC :: $SERVERROOT . '/config' . PATH_SEPARATOR .
OC :: $THIRDPARTYROOT . '/3rdparty' . PATH_SEPARATOR .
2014-05-12 22:16:18 +00:00
implode ( PATH_SEPARATOR , $paths ) . PATH_SEPARATOR .
2013-07-02 15:45:34 +00:00
get_include_path () . PATH_SEPARATOR .
OC :: $SERVERROOT
2013-01-14 19:30:28 +00:00
);
}
2012-12-20 10:10:45 +00:00
2013-01-03 19:11:00 +00:00
public static function checkConfig () {
2014-08-31 08:05:59 +00:00
$l = \OC :: $server -> getL10N ( 'lib' );
2014-12-05 16:32:19 +00:00
2015-09-21 17:19:25 +00:00
// Create config if it does not already exist
2014-12-05 16:32:19 +00:00
$configFilePath = self :: $configDir . '/config.php' ;
if ( ! file_exists ( $configFilePath )) {
@ touch ( $configFilePath );
}
// Check if config is writable
$configFileWritable = is_writable ( $configFilePath );
2014-11-25 15:12:12 +00:00
if ( ! $configFileWritable && ! OC_Helper :: isReadOnlyConfigEnabled ()
2015-09-10 04:20:07 +00:00
|| ! $configFileWritable && self :: checkUpgrade ( false )) {
2013-11-25 12:04:23 +00:00
if ( self :: $CLI ) {
2014-05-28 23:21:54 +00:00
echo $l -> t ( 'Cannot write into "config" directory!' ) . " \n " ;
echo $l -> t ( 'This can usually be fixed by giving the webserver write access to the config directory' ) . " \n " ;
2013-11-25 12:04:23 +00:00
echo " \n " ;
2014-05-28 23:21:54 +00:00
echo $l -> t ( 'See %s' , array ( \OC_Helper :: linkToDocs ( 'admin-dir_permissions' ))) . " \n " ;
2013-11-25 12:04:23 +00:00
exit ;
} else {
OC_Template :: printErrorPage (
2014-05-28 23:21:54 +00:00
$l -> t ( 'Cannot write into "config" directory!' ),
$l -> t ( 'This can usually be fixed by '
. '%sgiving the webserver write access to the config directory%s.' ,
array ( '<a href="' . \OC_Helper :: linkToDocs ( 'admin-dir_permissions' ) . '" target="_blank">' , '</a>' ))
2013-11-25 12:04:23 +00:00
);
}
2013-01-03 19:11:00 +00:00
}
}
2013-01-30 21:55:33 +00:00
public static function checkInstalled () {
2015-02-21 19:52:32 +00:00
if ( defined ( 'OC_CONSOLE' )) {
return ;
}
2013-01-14 19:30:28 +00:00
// Redirect to installer if not installed
2014-11-28 17:52:09 +00:00
if ( ! \OC :: $server -> getSystemConfig () -> getValue ( 'installed' , false ) && OC :: $SUBURI != '/index.php' ) {
2014-07-25 17:39:29 +00:00
if ( OC :: $CLI ) {
throw new Exception ( 'Not installed' );
2014-07-24 11:45:06 +00:00
} else {
2014-07-25 17:39:29 +00:00
$url = 'http://' . $_SERVER [ 'SERVER_NAME' ] . OC :: $WEBROOT . '/index.php' ;
header ( 'Location: ' . $url );
2013-01-14 19:30:28 +00:00
}
exit ();
}
}
2013-01-03 19:11:00 +00:00
public static function checkMaintenanceMode () {
2013-01-04 02:32:33 +00:00
// Allow ajax update script to execute without being stopped
2014-11-28 17:52:09 +00:00
if ( \OC :: $server -> getSystemConfig () -> getValue ( 'maintenance' , false ) && OC :: $SUBURI != '/core/ajax/update.php' ) {
2013-01-14 20:39:55 +00:00
// send http status 503
header ( 'HTTP/1.1 503 Service Temporarily Unavailable' );
header ( 'Status: 503 Service Temporarily Unavailable' );
header ( 'Retry-After: 120' );
// render error page
2015-04-09 21:47:24 +00:00
$template = new OC_Template ( '' , 'update.user' , 'guest' );
2013-07-04 12:28:12 +00:00
OC_Util :: addscript ( 'maintenance-check' );
2015-04-09 21:47:24 +00:00
$template -> printPage ();
2013-10-24 15:46:52 +00:00
die ();
2013-01-03 19:11:00 +00:00
}
}
2015-04-10 09:17:33 +00:00
public static function checkSingleUserMode ( $lockIfNoUserLoggedIn = false ) {
2015-04-09 21:47:24 +00:00
if ( ! \OC :: $server -> getSystemConfig () -> getValue ( 'singleuser' , false )) {
return ;
}
2013-11-25 14:08:24 +00:00
$user = OC_User :: getUserSession () -> getUser ();
2015-04-09 21:47:24 +00:00
if ( $user ) {
$group = \OC :: $server -> getGroupManager () -> get ( 'admin' );
if ( $group -> inGroup ( $user )) {
return ;
}
2015-04-10 09:17:33 +00:00
} else {
if ( ! $lockIfNoUserLoggedIn ) {
return ;
}
2013-11-25 14:08:24 +00:00
}
2015-04-09 21:47:24 +00:00
// send http status 503
header ( 'HTTP/1.1 503 Service Temporarily Unavailable' );
header ( 'Status: 503 Service Temporarily Unavailable' );
header ( 'Retry-After: 120' );
// render error page
$template = new OC_Template ( '' , 'singleuser.user' , 'guest' );
$template -> printPage ();
die ();
2013-11-25 14:08:24 +00:00
}
2013-12-13 12:30:29 +00:00
/**
2015-09-21 17:19:25 +00:00
* check if the instance needs to perform an upgrade
2013-12-13 12:30:29 +00:00
*
* @ return bool
2014-08-14 10:22:34 +00:00
* @ deprecated use \OCP\Util :: needUpgrade () instead
2013-12-13 12:30:29 +00:00
*/
public static function needUpgrade () {
2014-06-10 16:01:07 +00:00
return \OCP\Util :: needUpgrade ();
2013-01-03 19:11:00 +00:00
}
2014-04-21 13:44:54 +00:00
/**
* Checks if the version requires an update and shows
* @ param bool $showTemplate Whether an update screen should get shown
* @ return bool | void
*/
2013-12-13 12:30:29 +00:00
public static function checkUpgrade ( $showTemplate = true ) {
2014-06-10 16:01:07 +00:00
if ( \OCP\Util :: needUpgrade ()) {
2014-11-28 17:52:09 +00:00
$systemConfig = \OC :: $server -> getSystemConfig ();
if ( $showTemplate && ! $systemConfig -> getValue ( 'maintenance' , false )) {
2015-07-07 10:12:54 +00:00
self :: printUpgradePage ();
2013-12-13 12:30:29 +00:00
exit ();
} else {
return true ;
}
}
return false ;
}
2015-07-07 10:12:54 +00:00
/**
* Prints the upgrade page
*/
private static function printUpgradePage () {
$systemConfig = \OC :: $server -> getSystemConfig ();
$oldTheme = $systemConfig -> getValue ( 'theme' );
$systemConfig -> setValue ( 'theme' , '' );
\OCP\Util :: addScript ( 'config' ); // needed for web root
\OCP\Util :: addScript ( 'update' );
// check whether this is a core update or apps update
$installedVersion = $systemConfig -> getValue ( 'version' , '0.0.0' );
$currentVersion = implode ( '.' , OC_Util :: getVersion ());
$appManager = \OC :: $server -> getAppManager ();
$tmpl = new OC_Template ( '' , 'update.admin' , 'guest' );
$tmpl -> assign ( 'version' , OC_Util :: getVersionString ());
// if not a core upgrade, then it's apps upgrade
if ( version_compare ( $currentVersion , $installedVersion , '=' )) {
$tmpl -> assign ( 'isAppsOnlyUpgrade' , true );
} else {
$tmpl -> assign ( 'isAppsOnlyUpgrade' , false );
}
2015-08-20 09:14:30 +00:00
// get third party apps
$ocVersion = OC_Util :: getVersion ();
$tmpl -> assign ( 'appsToUpgrade' , $appManager -> getAppsNeedingUpgrade ( $ocVersion ));
$tmpl -> assign ( 'incompatibleAppsList' , $appManager -> getIncompatibleApps ( $ocVersion ));
2015-07-07 10:12:54 +00:00
$tmpl -> assign ( 'productName' , 'ownCloud' ); // for now
$tmpl -> assign ( 'oldTheme' , $oldTheme );
$tmpl -> printPage ();
}
2013-01-30 21:55:33 +00:00
public static function initSession () {
2013-01-14 19:30:28 +00:00
// prevents javascript from accessing php session cookies
2015-02-18 14:18:27 +00:00
ini_set ( 'session.cookie_httponly' , true );
2013-01-14 19:30:28 +00:00
2013-04-05 22:16:52 +00:00
// set the cookie path to the ownCloud directory
2013-07-02 15:45:34 +00:00
$cookie_path = OC :: $WEBROOT ? : '/' ;
2013-04-18 19:11:55 +00:00
ini_set ( 'session.cookie_path' , $cookie_path );
2013-04-05 22:16:52 +00:00
2014-05-12 15:08:28 +00:00
// Let the session name be changed in the initSession Hook
$sessionName = OC_Util :: getInstanceId ();
2013-07-02 15:45:34 +00:00
try {
2014-05-12 15:08:28 +00:00
// Allow session apps to create a custom session object
$useCustomSession = false ;
2014-07-16 17:40:22 +00:00
$session = self :: $server -> getSession ();
OC_Hook :: emit ( 'OC' , 'initSession' , array ( 'session' => & $session , 'sessionName' => & $sessionName , 'useCustomSession' => & $useCustomSession ));
2015-07-20 10:59:04 +00:00
if ( ! $useCustomSession ) {
2014-05-12 15:08:28 +00:00
// set the session name to the instance id - which is unique
2015-07-20 10:59:04 +00:00
$session = new \OC\Session\Internal ( $sessionName );
2014-05-12 15:08:28 +00:00
}
2015-07-20 10:59:04 +00:00
$cryptoWrapper = \OC :: $server -> getSessionCryptoWrapper ();
$session = $cryptoWrapper -> wrapSession ( $session );
self :: $server -> setSession ( $session );
2013-05-27 23:04:09 +00:00
// if session cant be started break with http 500 error
2013-07-02 15:45:34 +00:00
} catch ( Exception $e ) {
2015-03-20 11:21:03 +00:00
\OCP\Util :: logException ( 'base' , $e );
2013-11-04 20:55:55 +00:00
//show the user a detailed error page
OC_Response :: setStatus ( OC_Response :: STATUS_INTERNAL_SERVER_ERROR );
OC_Template :: printExceptionErrorPage ( $e );
2013-02-25 17:37:05 +00:00
}
2013-01-14 19:30:28 +00:00
2013-06-26 07:19:19 +00:00
$sessionLifeTime = self :: getSessionLifeTime ();
2013-01-14 19:30:28 +00:00
// regenerate session id periodically to avoid session fixation
2014-07-16 17:40:22 +00:00
/**
* @ var \OCP\ISession $session
*/
$session = self :: $server -> getSession ();
if ( ! $session -> exists ( 'SID_CREATED' )) {
$session -> set ( 'SID_CREATED' , time ());
} else if ( time () - $session -> get ( 'SID_CREATED' ) > $sessionLifeTime / 2 ) {
2013-01-14 19:30:28 +00:00
session_regenerate_id ( true );
2014-07-16 17:40:22 +00:00
$session -> set ( 'SID_CREATED' , time ());
2013-01-14 19:30:28 +00:00
}
// session timeout
2014-07-16 17:40:22 +00:00
if ( $session -> exists ( 'LAST_ACTIVITY' ) && ( time () - $session -> get ( 'LAST_ACTIVITY' ) > $sessionLifeTime )) {
2013-01-14 19:30:28 +00:00
if ( isset ( $_COOKIE [ session_name ()])) {
2013-04-18 19:11:55 +00:00
setcookie ( session_name (), '' , time () - 42000 , $cookie_path );
2013-01-14 19:30:28 +00:00
}
session_unset ();
session_destroy ();
session_start ();
}
2013-05-27 23:04:09 +00:00
2014-07-16 17:40:22 +00:00
$session -> set ( 'LAST_ACTIVITY' , time ());
2013-01-14 19:30:28 +00:00
}
2013-06-26 07:19:19 +00:00
/**
2014-02-06 15:30:58 +00:00
* @ return string
2013-06-26 07:19:19 +00:00
*/
private static function getSessionLifeTime () {
2014-11-19 12:06:22 +00:00
return \OC :: $server -> getConfig () -> getSystemValue ( 'session_lifetime' , 60 * 60 * 24 );
2013-06-26 07:19:19 +00:00
}
2013-01-30 21:55:33 +00:00
public static function loadAppClassPaths () {
foreach ( OC_APP :: getEnabledApps () as $app ) {
$file = OC_App :: getAppPath ( $app ) . '/appinfo/classpath.php' ;
if ( file_exists ( $file )) {
2013-01-17 20:44:40 +00:00
require_once $file ;
}
}
}
2013-01-17 20:42:33 +00:00
2015-05-03 11:23:29 +00:00
/**
* Try to set some values to the required ownCloud default
*/
public static function setRequiredIniValues () {
@ ini_set ( 'default_charset' , 'UTF-8' );
}
2013-01-17 20:42:33 +00:00
2013-01-30 21:55:33 +00:00
public static function init () {
2015-08-18 13:35:02 +00:00
// calculate the root directories
OC :: $SERVERROOT = str_replace ( " \\ " , '/' , substr ( __DIR__ , 0 , - 4 ));
2013-01-14 19:30:28 +00:00
// register autoloader
2014-10-15 11:53:19 +00:00
$loaderStart = microtime ( true );
2013-05-07 20:53:07 +00:00
require_once __DIR__ . '/autoloader.php' ;
2015-08-18 13:35:02 +00:00
self :: $loader = new \OC\Autoloader ([
OC :: $SERVERROOT . '/lib' ,
OC :: $SERVERROOT . '/core' ,
OC :: $SERVERROOT . '/settings' ,
OC :: $SERVERROOT . '/ocs' ,
OC :: $SERVERROOT . '/ocs-provider' ,
2015-09-14 18:55:53 +00:00
OC :: $SERVERROOT . '/3rdparty' ,
OC :: $SERVERROOT . '/tests' ,
2015-08-18 13:35:02 +00:00
]);
2013-05-07 20:16:02 +00:00
spl_autoload_register ( array ( self :: $loader , 'load' ));
2014-10-15 11:53:19 +00:00
$loaderEnd = microtime ( true );
2013-01-14 19:30:28 +00:00
2015-02-23 20:49:35 +00:00
self :: $CLI = ( php_sapi_name () == 'cli' );
2015-03-18 10:48:51 +00:00
try {
self :: initPaths ();
// setup 3rdparty autoloader
$vendorAutoLoad = OC :: $THIRDPARTYROOT . '/3rdparty/autoload.php' ;
if ( ! file_exists ( $vendorAutoLoad )) {
2015-09-03 12:55:26 +00:00
throw new \RuntimeException ( 'Composer autoloader not found, unable to continue. Check the folder "3rdparty". Running "git submodule update --init" will initialize the git submodule that handles the subfolder "3rdparty".' );
2015-03-18 10:48:51 +00:00
}
2014-11-17 12:10:15 +00:00
require_once $vendorAutoLoad ;
2015-03-18 10:48:51 +00:00
} catch ( \RuntimeException $e ) {
2014-07-29 01:48:17 +00:00
OC_Response :: setStatus ( OC_Response :: STATUS_SERVICE_UNAVAILABLE );
2015-01-31 15:04:24 +00:00
// we can't use the template error page here, because this needs the
// DI container which isn't available yet
2015-03-18 10:48:51 +00:00
print ( $e -> getMessage ());
2015-01-31 15:04:24 +00:00
exit ();
2014-07-29 01:48:17 +00:00
}
// setup the basic server
2014-11-27 13:50:14 +00:00
self :: $server = new \OC\Server ( \OC :: $WEBROOT );
2014-10-15 11:53:19 +00:00
\OC :: $server -> getEventLogger () -> log ( 'autoloader' , 'Autoloader' , $loaderStart , $loaderEnd );
2014-10-03 20:13:55 +00:00
\OC :: $server -> getEventLogger () -> start ( 'boot' , 'Initialize' );
2013-01-14 19:30:28 +00:00
2015-05-05 10:34:22 +00:00
// Don't display errors and log them
2013-01-14 19:30:28 +00:00
error_reporting ( E_ALL | E_STRICT );
2015-05-05 10:34:22 +00:00
@ ini_set ( 'display_errors' , 0 );
@ ini_set ( 'log_errors' , 1 );
2013-01-14 19:30:28 +00:00
date_default_timezone_set ( 'UTC' );
//try to configure php to enable big file uploads.
//this doesn´ t work always depending on the webserver and php configuration.
2015-09-21 17:19:25 +00:00
//Let´ s try to overwrite some defaults anyway
2013-01-14 19:30:28 +00:00
//try to set the maximum execution time to 60min
@ set_time_limit ( 3600 );
@ ini_set ( 'max_execution_time' , 3600 );
@ ini_set ( 'max_input_time' , 3600 );
//try to set the maximum filesize to 10G
@ ini_set ( 'upload_max_filesize' , '10G' );
@ ini_set ( 'post_max_size' , '10G' );
@ ini_set ( 'file_uploads' , '50' );
2015-05-03 11:23:29 +00:00
self :: setRequiredIniValues ();
2014-07-19 00:16:28 +00:00
self :: handleAuthHeaders ();
2014-07-29 09:18:40 +00:00
self :: registerAutoloaderCache ();
2014-07-29 09:14:36 +00:00
2014-09-09 12:41:45 +00:00
// initialize intl fallback is necessary
\Patchwork\Utf8\Bootup :: initIntl ();
2014-07-29 01:48:17 +00:00
OC_Util :: isSetLocaleWorking ();
2014-09-09 12:41:45 +00:00
2013-07-21 20:40:35 +00:00
if ( ! defined ( 'PHPUNIT_RUN' )) {
2015-07-03 12:06:40 +00:00
$logger = \OC :: $server -> getLogger ();
OC\Log\ErrorHandler :: setLogger ( $logger );
2015-08-24 10:00:37 +00:00
if ( \OC :: $server -> getConfig () -> getSystemValue ( 'debug' , false )) {
2014-01-31 12:27:51 +00:00
OC\Log\ErrorHandler :: register ( true );
2013-07-21 20:40:35 +00:00
set_exception_handler ( array ( 'OC_Template' , 'printExceptionErrorPage' ));
} else {
OC\Log\ErrorHandler :: register ();
}
2013-02-15 02:15:09 +00:00
}
2013-01-14 19:30:28 +00:00
// register the stream wrappers
2013-01-28 14:34:15 +00:00
stream_wrapper_register ( 'fakedir' , 'OC\Files\Stream\Dir' );
stream_wrapper_register ( 'static' , 'OC\Files\Stream\StaticStream' );
stream_wrapper_register ( 'close' , 'OC\Files\Stream\Close' );
2013-07-02 15:45:34 +00:00
stream_wrapper_register ( 'quota' , 'OC\Files\Stream\Quota' );
2013-01-28 14:35:30 +00:00
stream_wrapper_register ( 'oc' , 'OC\Files\Stream\OC' );
2013-01-14 19:30:28 +00:00
2014-10-03 20:13:55 +00:00
\OC :: $server -> getEventLogger () -> start ( 'init_session' , 'Initialize session' );
2014-05-12 15:08:28 +00:00
OC_App :: loadApps ( array ( 'session' ));
2014-11-26 12:16:22 +00:00
if ( ! self :: $CLI ) {
2014-07-25 17:39:29 +00:00
self :: initSession ();
2013-04-19 13:18:27 +00:00
}
2014-10-03 20:13:55 +00:00
\OC :: $server -> getEventLogger () -> end ( 'init_session' );
2013-05-31 15:31:52 +00:00
self :: checkConfig ();
self :: checkInstalled ();
2015-01-19 10:56:04 +00:00
2014-05-12 13:14:01 +00:00
OC_Response :: addSecurityHeaders ();
2015-01-19 10:56:04 +00:00
if ( self :: $server -> getRequest () -> getServerProtocol () === 'https' ) {
ini_set ( 'session.cookie_secure' , true );
}
2013-01-14 19:30:28 +00:00
2015-04-07 22:19:23 +00:00
if ( ! defined ( 'OC_CONSOLE' )) {
$errors = OC_Util :: checkServer ( \OC :: $server -> getConfig ());
if ( count ( $errors ) > 0 ) {
if ( self :: $CLI ) {
// Convert l10n string into regular string for usage in database
$staticErrors = [];
foreach ( $errors as $error ) {
echo $error [ 'error' ] . " \n " ;
echo $error [ 'hint' ] . " \n \n " ;
$staticErrors [] = [
'error' => ( string ) $error [ 'error' ],
'hint' => ( string ) $error [ 'hint' ],
];
}
2015-02-27 19:04:52 +00:00
2015-04-07 22:19:23 +00:00
try {
\OC :: $server -> getConfig () -> setAppValue ( 'core' , 'cronErrors' , json_encode ( $staticErrors ));
} catch ( \Exception $e ) {
echo ( 'Writing to database failed' );
}
exit ( 1 );
} else {
OC_Response :: setStatus ( OC_Response :: STATUS_SERVICE_UNAVAILABLE );
OC_Template :: printGuestPage ( '' , 'error' , array ( 'errors' => $errors ));
exit ;
2015-02-27 19:04:52 +00:00
}
2015-04-07 22:19:23 +00:00
} elseif ( self :: $CLI && \OC :: $server -> getConfig () -> getSystemValue ( 'installed' , false )) {
2015-02-27 19:04:52 +00:00
\OC :: $server -> getConfig () -> deleteAppValue ( 'core' , 'cronErrors' );
2015-04-07 22:19:23 +00:00
}
2013-01-14 19:30:28 +00:00
}
2013-06-26 07:19:19 +00:00
//try to set the session lifetime
$sessionLifeTime = self :: getSessionLifeTime ();
@ ini_set ( 'gc_maxlifetime' , ( string ) $sessionLifeTime );
2014-11-28 17:52:09 +00:00
$systemConfig = \OC :: $server -> getSystemConfig ();
2014-11-19 12:06:22 +00:00
2013-01-14 19:30:28 +00:00
// User and Groups
2014-11-28 17:52:09 +00:00
if ( ! $systemConfig -> getValue ( " installed " , false )) {
2014-07-16 17:40:22 +00:00
self :: $server -> getSession () -> set ( 'user_id' , '' );
2013-01-14 19:30:28 +00:00
}
OC_User :: useBackend ( new OC_User_Database ());
OC_Group :: useBackend ( new OC_Group_Database ());
2013-12-11 13:01:48 +00:00
2015-10-05 09:50:36 +00:00
// Subscribe to the hook
\OCP\Util :: connectHook (
'\OCA\Files_Sharing\API\Server2Server' ,
'preLoginNameUsedAsUserName' ,
'\OC_User_Database' ,
'preLoginNameUsedAsUserName'
);
2013-01-14 19:30:28 +00:00
//setup extra user backends
2014-09-08 10:30:04 +00:00
if ( ! self :: checkUpgrade ( false )) {
OC_User :: setupBackends ();
}
2013-01-14 19:30:28 +00:00
2015-06-05 12:21:17 +00:00
self :: registerCacheHooks ();
2013-01-14 19:30:28 +00:00
self :: registerFilesystemHooks ();
2015-09-03 06:59:35 +00:00
if ( $systemConfig -> getValue ( 'enable_previews' , true )) {
2015-05-06 08:39:48 +00:00
self :: registerPreviewHooks ();
2015-09-17 07:14:04 +00:00
}
2013-01-14 19:30:28 +00:00
self :: registerShareHooks ();
2013-07-10 16:07:43 +00:00
self :: registerLogRotate ();
2014-07-15 15:13:34 +00:00
self :: registerLocalAddressBook ();
2015-01-14 19:39:23 +00:00
self :: registerEncryptionWrapper ();
self :: registerEncryptionHooks ();
2013-01-14 19:30:28 +00:00
//make sure temporary files are cleaned up
2014-10-22 15:36:52 +00:00
$tmpManager = \OC :: $server -> getTempManager ();
register_shutdown_function ( array ( $tmpManager , 'clean' ));
2015-05-19 15:12:09 +00:00
$lockProvider = \OC :: $server -> getLockingProvider ();
register_shutdown_function ( array ( $lockProvider , 'releaseAll' ));
2013-01-14 19:30:28 +00:00
2014-08-13 22:06:19 +00:00
// Check whether the sample configuration has been copied
2014-11-28 17:52:09 +00:00
if ( $systemConfig -> getValue ( 'copied_sample_config' , false )) {
2014-08-31 08:05:59 +00:00
$l = \OC :: $server -> getL10N ( 'lib' );
2014-08-13 22:06:19 +00:00
header ( 'HTTP/1.1 503 Service Temporarily Unavailable' );
header ( 'Status: 503 Service Temporarily Unavailable' );
OC_Template :: printErrorPage (
$l -> t ( 'Sample configuration detected' ),
$l -> t ( 'It has been detected that the sample configuration has been copied. This can break your installation and is unsupported. Please read the documentation before performing changes on config.php' )
);
return ;
}
2014-09-05 12:10:35 +00:00
2015-02-10 12:02:48 +00:00
$request = \OC :: $server -> getRequest ();
$host = $request -> getInsecureServerHost ();
/**
* if the host passed in headers isn ' t trusted
* FIXME : Should not be in here at all : see_no_evil :
*/
2014-09-05 12:10:35 +00:00
if ( ! OC :: $CLI
2015-02-10 12:02:48 +00:00
// overwritehost is always trusted, workaround to not have to make
// \OC\AppFramework\Http\Request::getOverwriteHost public
&& self :: $server -> getConfig () -> getSystemValue ( 'overwritehost' ) === ''
2015-02-16 21:12:47 +00:00
&& ! \OC :: $server -> getTrustedDomainHelper () -> isTrustedDomain ( $host )
2015-02-18 12:06:46 +00:00
&& self :: $server -> getConfig () -> getSystemValue ( 'installed' , false )
2014-09-05 12:10:35 +00:00
) {
header ( 'HTTP/1.1 400 Bad Request' );
header ( 'Status: 400 Bad Request' );
2014-09-08 14:15:31 +00:00
2014-09-05 12:10:35 +00:00
$tmpl = new OCP\Template ( 'core' , 'untrustedDomain' , 'guest' );
2015-02-10 12:02:48 +00:00
$tmpl -> assign ( 'domain' , $request -> server [ 'SERVER_NAME' ]);
2014-09-05 12:10:35 +00:00
$tmpl -> printPage ();
2014-09-08 14:15:31 +00:00
exit ();
2014-09-05 12:10:35 +00:00
}
2014-10-03 20:13:55 +00:00
\OC :: $server -> getEventLogger () -> end ( 'boot' );
2013-01-14 19:30:28 +00:00
}
2014-07-15 15:13:34 +00:00
private static function registerLocalAddressBook () {
self :: $server -> getContactsManager () -> register ( function () {
$userManager = \OC :: $server -> getUserManager ();
\OC :: $server -> getContactsManager () -> registerAddressBook (
new \OC\Contacts\LocalAddressBook ( $userManager ));
});
}
2015-06-05 12:21:17 +00:00
/**
* register hooks for the cache
*/
public static function registerCacheHooks () {
//don't try to do this before we are properly setup
2015-09-10 04:20:07 +00:00
if ( \OC :: $server -> getSystemConfig () -> getValue ( 'installed' , false ) && ! self :: checkUpgrade ( false )) {
2015-06-05 12:21:17 +00:00
// NOTE: This will be replaced to use OCP
$userSession = self :: $server -> getUserSession ();
2015-06-08 12:13:38 +00:00
$userSession -> listen ( '\OC\User' , 'postLogin' , function () {
2015-06-30 15:36:55 +00:00
try {
$cache = new \OC\Cache\File ();
$cache -> gc ();
} catch ( \Exception $e ) {
// a GC exception should not prevent users from using OC,
// so log the exception
\OC :: $server -> getLogger () -> warning ( 'Exception when running cache gc: ' . $e -> getMessage (), array ( 'app' => 'core' ));
}
2015-06-08 12:13:38 +00:00
});
2015-06-05 12:21:17 +00:00
}
}
2015-01-14 19:39:23 +00:00
private static function registerEncryptionWrapper () {
2015-04-30 11:28:06 +00:00
\OCP\Util :: connectHook ( 'OC_Filesystem' , 'preSetup' , 'OC\Encryption\Manager' , 'setupStorage' );
2015-01-14 19:39:23 +00:00
}
private static function registerEncryptionHooks () {
$enabled = self :: $server -> getEncryptionManager () -> isEnabled ();
if ( $enabled ) {
2015-04-17 11:55:31 +00:00
\OCP\Util :: connectHook ( 'OCP\Share' , 'post_shared' , 'OC\Encryption\HookManager' , 'postShared' );
\OCP\Util :: connectHook ( 'OCP\Share' , 'post_unshare' , 'OC\Encryption\HookManager' , 'postUnshared' );
2015-05-11 08:35:42 +00:00
\OCP\Util :: connectHook ( 'OC_Filesystem' , 'post_rename' , 'OC\Encryption\HookManager' , 'postRename' );
\OCP\Util :: connectHook ( '\OCA\Files_Trashbin\Trashbin' , 'post_restore' , 'OC\Encryption\HookManager' , 'postRestore' );
2015-01-14 19:39:23 +00:00
}
}
2013-07-10 16:07:43 +00:00
/**
* register hooks for the cache
*/
public static function registerLogRotate () {
2014-11-28 17:52:09 +00:00
$systemConfig = \OC :: $server -> getSystemConfig ();
2015-09-10 04:20:07 +00:00
if ( $systemConfig -> getValue ( 'installed' , false ) && $systemConfig -> getValue ( 'log_rotate_size' , false ) && ! self :: checkUpgrade ( false )) {
2013-08-28 15:41:27 +00:00
//don't try to do this before we are properly setup
2014-05-20 15:29:59 +00:00
//use custom logfile path if defined, otherwise use default of owncloud.log in data directory
2014-11-28 17:52:09 +00:00
\OCP\BackgroundJob :: registerJob ( 'OC\Log\Rotate' , $systemConfig -> getValue ( 'logfile' , $systemConfig -> getValue ( 'datadirectory' , OC :: $SERVERROOT . '/data' ) . '/owncloud.log' ));
2013-07-10 16:07:43 +00:00
}
}
2013-01-14 19:30:28 +00:00
/**
* register hooks for the filesystem
*/
2013-01-30 21:55:33 +00:00
public static function registerFilesystemHooks () {
2013-01-14 19:30:28 +00:00
// Check for blacklisted files
2014-05-27 22:13:54 +00:00
OC_Hook :: connect ( 'OC_Filesystem' , 'write' , 'OC\Files\Filesystem' , 'isBlacklisted' );
OC_Hook :: connect ( 'OC_Filesystem' , 'rename' , 'OC\Files\Filesystem' , 'isBlacklisted' );
2013-01-14 19:30:28 +00:00
}
2013-05-29 10:01:43 +00:00
/**
* register hooks for previews
*/
public static function registerPreviewHooks () {
2015-05-06 08:39:48 +00:00
OC_Hook :: connect ( 'OC_Filesystem' , 'post_write' , 'OC\Preview' , 'post_write' );
OC_Hook :: connect ( 'OC_Filesystem' , 'delete' , 'OC\Preview' , 'prepare_delete_files' );
OC_Hook :: connect ( '\OCP\Versions' , 'preDelete' , 'OC\Preview' , 'prepare_delete' );
OC_Hook :: connect ( '\OCP\Trashbin' , 'preDelete' , 'OC\Preview' , 'prepare_delete' );
OC_Hook :: connect ( 'OC_Filesystem' , 'post_delete' , 'OC\Preview' , 'post_delete_files' );
2015-03-23 00:05:33 +00:00
OC_Hook :: connect ( '\OCP\Versions' , 'delete' , 'OC\Preview' , 'post_delete_versions' );
2015-05-06 08:39:48 +00:00
OC_Hook :: connect ( '\OCP\Trashbin' , 'delete' , 'OC\Preview' , 'post_delete' );
2015-03-23 00:05:33 +00:00
OC_Hook :: connect ( '\OCP\Versions' , 'rollback' , 'OC\Preview' , 'post_delete_versions' );
2013-05-29 10:01:43 +00:00
}
2013-01-14 19:30:28 +00:00
/**
* register hooks for sharing
*/
2013-01-30 21:55:33 +00:00
public static function registerShareHooks () {
2014-11-28 17:52:09 +00:00
if ( \OC :: $server -> getSystemConfig () -> getValue ( 'installed' )) {
2014-02-18 14:07:03 +00:00
OC_Hook :: connect ( 'OC_User' , 'post_deleteUser' , 'OC\Share\Hooks' , 'post_deleteUser' );
OC_Hook :: connect ( 'OC_User' , 'post_addToGroup' , 'OC\Share\Hooks' , 'post_addToGroup' );
2015-07-03 15:04:05 +00:00
OC_Hook :: connect ( 'OC_Group' , 'pre_addToGroup' , 'OC\Share\Hooks' , 'pre_addToGroup' );
2014-02-18 14:07:03 +00:00
OC_Hook :: connect ( 'OC_User' , 'post_removeFromGroup' , 'OC\Share\Hooks' , 'post_removeFromGroup' );
OC_Hook :: connect ( 'OC_User' , 'post_deleteGroup' , 'OC\Share\Hooks' , 'post_deleteGroup' );
2013-05-16 23:20:02 +00:00
}
2013-01-14 19:30:28 +00:00
}
2014-07-29 09:18:40 +00:00
protected static function registerAutoloaderCache () {
// The class loader takes an optional low-latency cache, which MUST be
// namespaced. The instanceid is used for namespacing, but might be
// unavailable at this point. Futhermore, it might not be possible to
// generate an instanceid via \OC_Util::getInstanceId() because the
// config file may not be writable. As such, we only register a class
// loader cache if instanceid is available without trying to create one.
2014-11-28 17:52:09 +00:00
$instanceId = \OC :: $server -> getSystemConfig () -> getValue ( 'instanceid' , null );
2014-07-29 09:18:40 +00:00
if ( $instanceId ) {
try {
2015-01-14 18:25:00 +00:00
$memcacheFactory = \OC :: $server -> getMemCacheFactory ();
self :: $loader -> setMemoryCache ( $memcacheFactory -> createLocal ( 'Autoloader' ));
2014-07-29 09:18:40 +00:00
} catch ( \Exception $ex ) {
}
}
}
2013-01-14 19:30:28 +00:00
/**
2014-05-19 15:50:53 +00:00
* Handle the request
2013-01-14 19:30:28 +00:00
*/
2013-01-30 21:55:33 +00:00
public static function handleRequest () {
2015-02-10 12:02:48 +00:00
2014-10-03 20:13:55 +00:00
\OC :: $server -> getEventLogger () -> start ( 'handle_request' , 'Handle request' );
2014-11-28 17:52:09 +00:00
$systemConfig = \OC :: $server -> getSystemConfig ();
2013-01-17 20:44:40 +00:00
// load all the classpaths from the enabled apps so they are available
// in the routing files of each app
OC :: loadAppClassPaths ();
2013-01-17 20:42:33 +00:00
2013-01-30 21:55:33 +00:00
// Check if ownCloud is installed or in maintenance (update) mode
2014-11-28 17:52:09 +00:00
if ( ! $systemConfig -> getValue ( 'installed' , false )) {
2014-10-31 10:21:00 +00:00
\OC :: $server -> getSession () -> clear ();
2015-07-29 22:04:30 +00:00
$setupHelper = new OC\Setup ( \OC :: $server -> getConfig (), \OC :: $server -> getIniWrapper (),
\OC :: $server -> getL10N ( 'lib' ), new \OC_Defaults (), \OC :: $server -> getLogger (),
\OC :: $server -> getSecureRandom ());
2015-03-10 22:44:29 +00:00
$controller = new OC\Core\Setup\Controller ( $setupHelper );
2013-09-10 18:19:42 +00:00
$controller -> run ( $_POST );
2013-01-30 21:55:33 +00:00
exit ();
}
2013-02-05 22:33:44 +00:00
2015-02-10 12:02:48 +00:00
$request = \OC :: $server -> getRequest () -> getPathInfo ();
2013-12-13 12:30:29 +00:00
if ( substr ( $request , - 3 ) !== '.js' ) { // we need these files during the upgrade
2013-01-30 22:05:44 +00:00
self :: checkMaintenanceMode ();
self :: checkUpgrade ();
}
2013-01-30 21:55:33 +00:00
2015-02-24 17:00:26 +00:00
// Always load authentication apps
OC_App :: loadApps ([ 'authentication' ]);
2015-01-09 19:59:23 +00:00
// Load minimum set of apps
2015-01-09 20:52:16 +00:00
if ( ! self :: checkUpgrade ( false )
2015-09-10 04:20:07 +00:00
&& ! $systemConfig -> getValue ( 'maintenance' , false )) {
2015-01-09 19:59:23 +00:00
// For logged-in users: Load everything
if ( OC_User :: isLoggedIn ()) {
OC_App :: loadApps ();
} else {
2015-02-24 17:00:26 +00:00
// For guests: Load only filesystem and logging
2015-01-09 19:59:23 +00:00
OC_App :: loadApps ( array ( 'filesystem' , 'logging' ));
\OC_User :: tryBasicAuthLogin ();
}
}
2013-11-25 14:08:24 +00:00
if ( ! self :: $CLI and ( ! isset ( $_GET [ " logout " ]) or ( $_GET [ " logout " ] !== 'true' ))) {
2013-02-07 16:53:38 +00:00
try {
2015-09-10 04:20:07 +00:00
if ( ! $systemConfig -> getValue ( 'maintenance' , false ) && ! self :: checkUpgrade ( false )) {
2014-06-16 11:12:21 +00:00
OC_App :: loadApps ( array ( 'filesystem' , 'logging' ));
2014-06-24 15:37:58 +00:00
OC_App :: loadApps ();
2013-03-03 22:03:47 +00:00
}
2013-11-25 14:08:24 +00:00
self :: checkSingleUserMode ();
2014-08-28 15:58:23 +00:00
OC_Util :: setupFS ();
2015-02-10 12:02:48 +00:00
OC :: $server -> getRouter () -> match ( \OC :: $server -> getRequest () -> getRawPathInfo ());
2013-02-07 16:53:38 +00:00
return ;
} catch ( Symfony\Component\Routing\Exception\ResourceNotFoundException $e ) {
//header('HTTP/1.0 404 Not Found');
} catch ( Symfony\Component\Routing\Exception\MethodNotAllowedException $e ) {
OC_Response :: setStatus ( 405 );
return ;
}
2013-01-14 19:30:28 +00:00
}
2013-01-30 22:05:44 +00:00
2013-01-25 13:57:52 +00:00
// Handle redirect URL for logged in users
if ( isset ( $_REQUEST [ 'redirect_url' ]) && OC_User :: isLoggedIn ()) {
$location = OC_Helper :: makeURLAbsolute ( urldecode ( $_REQUEST [ 'redirect_url' ]));
2013-05-27 23:04:09 +00:00
2013-04-22 21:26:40 +00:00
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
2013-05-07 20:16:02 +00:00
if ( strpos ( $location , '@' ) === false ) {
2013-04-22 21:26:40 +00:00
header ( 'Location: ' . $location );
return ;
}
2013-01-25 13:57:52 +00:00
}
// Handle WebDAV
if ( $_SERVER [ 'REQUEST_METHOD' ] == 'PROPFIND' ) {
2013-10-24 08:34:09 +00:00
// not allowed any more to prevent people
// mounting this root directly.
// Users need to mount remote.php/webdav instead.
header ( 'HTTP/1.1 405 Method Not Allowed' );
header ( 'Status: 405 Method Not Allowed' );
2013-01-25 13:57:52 +00:00
return ;
}
2014-05-11 11:09:46 +00:00
// Redirect to index if the logout link is accessed without valid session
// this is needed to prevent "Token expired" messages while login if a session is expired
// @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
if ( isset ( $_GET [ 'logout' ]) && ! OC_User :: isLoggedIn ()) {
header ( " Location: " . OC :: $WEBROOT . ( empty ( OC :: $WEBROOT ) ? '/' : '' ));
return ;
}
2014-05-10 12:00:22 +00:00
// Someone is logged in
2013-01-14 19:30:28 +00:00
if ( OC_User :: isLoggedIn ()) {
OC_App :: loadApps ();
OC_User :: setupBackends ();
2014-08-28 14:59:56 +00:00
OC_Util :: setupFS ();
2013-01-14 19:30:28 +00:00
if ( isset ( $_GET [ " logout " ]) and ( $_GET [ " logout " ])) {
2014-05-04 11:56:21 +00:00
OC_JSON :: callCheck ();
2013-01-14 19:30:28 +00:00
if ( isset ( $_COOKIE [ 'oc_token' ])) {
2014-11-28 17:52:09 +00:00
\OC :: $server -> getConfig () -> deleteUserValue ( OC_User :: getUser (), 'login_token' , $_COOKIE [ 'oc_token' ]);
2013-01-14 19:30:28 +00:00
}
OC_User :: logout ();
2013-06-25 08:45:37 +00:00
// redirect to webroot and add slash if webroot is empty
header ( " Location: " . OC :: $WEBROOT . ( empty ( OC :: $WEBROOT ) ? '/' : '' ));
2013-01-14 19:30:28 +00:00
} else {
2014-05-10 12:00:22 +00:00
// Redirect to default application
OC_Util :: redirectToDefaultPage ();
2013-01-14 19:30:28 +00:00
}
2014-05-10 12:00:22 +00:00
} else {
// Not handled and not logged in
self :: handleLogin ();
2013-01-14 19:30:28 +00:00
}
}
2014-07-19 00:16:28 +00:00
protected static function handleAuthHeaders () {
//copy http auth headers for apache+php-fcgid work around
if ( isset ( $_SERVER [ 'HTTP_XAUTHORIZATION' ]) && ! isset ( $_SERVER [ 'HTTP_AUTHORIZATION' ])) {
$_SERVER [ 'HTTP_AUTHORIZATION' ] = $_SERVER [ 'HTTP_XAUTHORIZATION' ];
}
// Extract PHP_AUTH_USER/PHP_AUTH_PW from other headers if necessary.
$vars = array (
'HTTP_AUTHORIZATION' , // apache+php-cgi work around
'REDIRECT_HTTP_AUTHORIZATION' , // apache+php-cgi alternative
);
foreach ( $vars as $var ) {
if ( isset ( $_SERVER [ $var ]) && preg_match ( '/Basic\s+(.*)$/i' , $_SERVER [ $var ], $matches )) {
list ( $name , $password ) = explode ( ':' , base64_decode ( $matches [ 1 ]), 2 );
2014-07-19 08:17:24 +00:00
$_SERVER [ 'PHP_AUTH_USER' ] = $name ;
$_SERVER [ 'PHP_AUTH_PW' ] = $password ;
2014-07-19 00:16:28 +00:00
break ;
}
}
}
2013-01-30 21:55:33 +00:00
protected static function handleLogin () {
2013-01-14 19:30:28 +00:00
OC_App :: loadApps ( array ( 'prelogin' ));
$error = array ();
2015-01-22 13:13:17 +00:00
$messages = [];
2013-10-01 11:25:58 +00:00
2015-01-22 13:13:17 +00:00
try {
// auth possible via apache module?
if ( OC :: tryApacheAuth ()) {
$error [] = 'apacheauthfailed' ;
} // remember was checked after last login
elseif ( OC :: tryRememberLogin ()) {
$error [] = 'invalidcookie' ;
} // logon via web form
elseif ( OC :: tryFormLogin ()) {
$error [] = 'invalidpassword' ;
}
} catch ( \OC\User\LoginException $e ) {
$messages [] = $e -> getMessage ();
2015-03-31 12:56:02 +00:00
} catch ( \Exception $ex ) {
\OCP\Util :: logException ( 'handleLogin' , $ex );
// do not disclose information. show generic error
$error [] = 'internalexception' ;
2013-01-14 19:30:28 +00:00
}
2013-05-30 22:53:57 +00:00
2015-01-22 13:13:17 +00:00
OC_Util :: displayLoginPage ( array_unique ( $error ), $messages );
2013-01-14 19:30:28 +00:00
}
2014-04-21 13:44:54 +00:00
/**
* Remove outdated and therefore invalid tokens for a user
* @ param string $user
*/
2013-01-30 21:55:33 +00:00
protected static function cleanupLoginTokens ( $user ) {
2014-11-19 12:06:22 +00:00
$config = \OC :: $server -> getConfig ();
$cutoff = time () - $config -> getSystemValue ( 'remember_login_cookie_lifetime' , 60 * 60 * 24 * 15 );
$tokens = $config -> getUserKeys ( $user , 'login_token' );
2013-01-14 19:30:28 +00:00
foreach ( $tokens as $token ) {
2014-11-19 12:06:22 +00:00
$time = $config -> getUserValue ( $user , 'login_token' , $token );
2013-01-14 19:30:28 +00:00
if ( $time < $cutoff ) {
2014-11-19 12:06:22 +00:00
$config -> deleteUserValue ( $user , 'login_token' , $token );
2013-01-14 19:30:28 +00:00
}
}
}
2014-04-21 13:44:54 +00:00
/**
* Try to login a user via HTTP authentication
* @ return bool | void
*/
2013-10-01 11:25:58 +00:00
protected static function tryApacheAuth () {
2013-10-01 22:55:35 +00:00
$return = OC_User :: handleApacheAuth ();
// if return is true we are logged in -> redirect to the default page
if ( $return === true ) {
2015-02-10 12:02:48 +00:00
$_REQUEST [ 'redirect_url' ] = \OC :: $server -> getRequest () -> getRequestUri ();
2013-10-01 22:55:35 +00:00
OC_Util :: redirectToDefaultPage ();
exit ;
}
// in case $return is null apache based auth is not enabled
return is_null ( $return ) ? false : true ;
2013-10-01 11:25:58 +00:00
}
2014-04-21 13:44:54 +00:00
/**
* Try to login a user using the remember me cookie .
* @ return bool Whether the provided cookie was valid
*/
2013-01-30 21:55:33 +00:00
protected static function tryRememberLogin () {
2013-01-14 19:30:28 +00:00
if ( ! isset ( $_COOKIE [ " oc_remember_login " ])
|| ! isset ( $_COOKIE [ " oc_token " ])
|| ! isset ( $_COOKIE [ " oc_username " ])
|| ! $_COOKIE [ " oc_remember_login " ]
2013-09-24 16:01:34 +00:00
|| ! OC_Util :: rememberLoginAllowed ()
2013-01-30 21:55:33 +00:00
) {
2013-01-14 19:30:28 +00:00
return false ;
}
2014-02-06 10:34:27 +00:00
2015-08-24 10:00:37 +00:00
if ( \OC :: $server -> getConfig () -> getSystemValue ( 'debug' , false )) {
2015-07-03 12:06:40 +00:00
\OCP\Util :: writeLog ( 'core' , 'Trying to login from cookie' , \OCP\Util :: DEBUG );
2013-01-14 19:30:28 +00:00
}
2014-05-21 16:03:37 +00:00
if ( OC_User :: userExists ( $_COOKIE [ 'oc_username' ])) {
2013-01-14 19:30:28 +00:00
self :: cleanupLoginTokens ( $_COOKIE [ 'oc_username' ]);
2014-05-24 08:24:42 +00:00
// verify whether the supplied "remember me" token was valid
2014-05-21 16:03:37 +00:00
$granted = OC_User :: loginWithCookie (
$_COOKIE [ 'oc_username' ], $_COOKIE [ 'oc_token' ]);
if ( $granted === true ) {
2013-01-14 19:30:28 +00:00
OC_Util :: redirectToDefaultPage ();
// doesn't return
}
2015-07-03 12:06:40 +00:00
\OCP\Util :: writeLog ( 'core' , 'Authentication cookie rejected for user ' .
$_COOKIE [ 'oc_username' ], \OCP\Util :: WARN );
2013-01-14 19:30:28 +00:00
// if you reach this point you have changed your password
// or you are an attacker
// we can not delete tokens here because users may reach
// this point multiple times after a password change
}
2014-05-21 16:03:37 +00:00
2013-01-14 19:30:28 +00:00
OC_User :: unsetMagicInCookie ();
return true ;
}
2014-04-21 13:44:54 +00:00
/**
2014-09-22 12:01:45 +00:00
* Tries to login a user using the form based authentication
2014-04-21 13:44:54 +00:00
* @ return bool | void
*/
2013-01-30 21:55:33 +00:00
protected static function tryFormLogin () {
2013-01-14 19:30:28 +00:00
if ( ! isset ( $_POST [ " user " ]) || ! isset ( $_POST [ 'password' ])) {
return false ;
2013-01-04 19:16:59 +00:00
}
2013-01-14 19:30:28 +00:00
2014-09-22 13:36:39 +00:00
if ( ! OC_Util :: isCallRegistered ()) {
return false ;
}
2013-01-14 19:30:28 +00:00
OC_App :: loadApps ();
//setup extra user backends
OC_User :: setupBackends ();
2015-02-13 12:33:20 +00:00
if ( OC_User :: login (( string ) $_POST [ " user " ], ( string ) $_POST [ " password " ])) {
2014-09-22 12:01:45 +00:00
$userId = OC_User :: getUser ();
2013-01-14 19:30:28 +00:00
// setting up the time zone
if ( isset ( $_POST [ 'timezone-offset' ])) {
2015-02-13 12:33:20 +00:00
self :: $server -> getSession () -> set ( 'timezone' , ( string ) $_POST [ 'timezone-offset' ]);
self :: $server -> getConfig () -> setUserValue ( $userId , 'core' , 'timezone' , ( string ) $_POST [ 'timezone' ]);
2013-01-14 19:30:28 +00:00
}
2014-09-22 12:01:45 +00:00
self :: cleanupLoginTokens ( $userId );
2013-01-14 19:30:28 +00:00
if ( ! empty ( $_POST [ " remember_login " ])) {
2015-08-24 10:00:37 +00:00
$config = self :: $server -> getConfig ();
if ( $config -> getSystemValue ( 'debug' , false )) {
2014-09-22 12:01:45 +00:00
self :: $server -> getLogger () -> debug ( 'Setting remember login to cookie' , array ( 'app' => 'core' ));
2013-01-14 19:30:28 +00:00
}
2014-09-03 15:46:48 +00:00
$token = \OC :: $server -> getSecureRandom () -> getMediumStrengthGenerator () -> generate ( 32 );
2015-08-24 10:00:37 +00:00
$config -> setUserValue ( $userId , 'login_token' , $token , time ());
2014-09-22 12:01:45 +00:00
OC_User :: setMagicInCookie ( $userId , $token );
2013-01-14 19:30:28 +00:00
} else {
OC_User :: unsetMagicInCookie ();
}
OC_Util :: redirectToDefaultPage ();
exit ();
}
return true ;
}
2010-03-10 12:03:40 +00:00
2011-07-29 19:03:53 +00:00
}
2015-05-29 19:56:08 +00:00
2011-11-13 15:16:21 +00:00
OC :: init ();