2010-03-10 12:03:40 +00:00
< ? php
/**
2011-04-15 17:24:23 +00:00
* ownCloud
*
* @ author Frank Karlitschek
2012-05-26 17:14:24 +00:00
* @ copyright 2012 Frank Karlitschek frank @ owncloud . org
2011-04-15 17:24:23 +00:00
*
* This library is free software ; you can redistribute it and / or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation ; either
* version 3 of the License , or any later version .
*
* This library is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details .
2014-04-27 14:31:04 +00:00
* t
2011-04-15 17:24:23 +00:00
* You should have received a copy of the GNU Affero General Public
* License along with this library . If not , see < http :// www . gnu . org / licenses />.
*
*/
2010-03-10 12:03:40 +00:00
2012-11-11 14:52:23 +00:00
require_once 'public/constants.php' ;
2011-08-02 16:31:42 +00:00
/**
* Class that is a namespace for all global OC variables
2011-08-06 09:36:56 +00:00
* No , we can not put this class in its own file because it is used by
* OC_autoload !
2011-08-02 16:31:42 +00:00
*/
2013-01-30 21:55:33 +00:00
class OC {
2013-01-14 19:30:28 +00:00
/**
2013-01-18 18:52:29 +00:00
* Associative array for autoloading . classname => filename
2013-01-14 19:30:28 +00:00
*/
public static $CLASSPATH = array ();
/**
* The installation path for owncloud on the server ( e . g . / srv / http / owncloud )
*/
public static $SERVERROOT = '' ;
/**
* the current request path relative to the owncloud root ( e . g . files / index . php )
*/
private static $SUBURI = '' ;
/**
* the owncloud root path for http requests ( e . g . owncloud / )
*/
public static $WEBROOT = '' ;
/**
* The installation path of the 3 rdparty folder on the server ( e . g . / srv / http / owncloud / 3 rdparty )
*/
public static $THIRDPARTYROOT = '' ;
/**
* the root path of the 3 rdparty folder for http requests ( e . g . owncloud / 3 rdparty )
*/
public static $THIRDPARTYWEBROOT = '' ;
/**
* The installation path array of the apps folder on the server ( e . g . / srv / http / owncloud ) 'path' and
* web path in 'url'
*/
public static $APPSROOTS = array ();
2014-01-17 13:40:48 +00:00
public static $configDir ;
2013-01-14 19:30:28 +00:00
/*
* requested app
*/
public static $REQUESTEDAPP = '' ;
/*
* requested file of app
*/
public static $REQUESTEDFILE = '' ;
/**
* check if owncloud runs in cli mode
*/
public static $CLI = false ;
2013-10-06 22:32:08 +00:00
2013-01-14 19:30:28 +00:00
/**
2013-05-27 23:04:09 +00:00
* @ var \OC\Session\Session
2013-01-14 19:30:28 +00:00
*/
2013-05-27 23:04:09 +00:00
public static $session = null ;
2013-01-14 19:30:28 +00:00
/**
2013-05-07 20:16:02 +00:00
* @ var \OC\Autoloader $loader
2013-01-14 19:30:28 +00:00
*/
2013-05-07 20:16:02 +00:00
public static $loader = null ;
2013-01-14 19:30:28 +00:00
2013-08-20 22:58:15 +00:00
/**
* @ var \OC\Server
*/
public static $server = null ;
2013-01-30 21:55:33 +00:00
public static function initPaths () {
2013-01-14 19:30:28 +00:00
// calculate the root directories
OC :: $SERVERROOT = str_replace ( " \\ " , '/' , substr ( __DIR__ , 0 , - 4 ));
2013-02-02 09:02:10 +00:00
// ensure we can find OC_Config
set_include_path (
OC :: $SERVERROOT . '/lib' . PATH_SEPARATOR .
2013-07-02 15:45:34 +00:00
get_include_path ()
2013-02-02 09:02:10 +00:00
);
2014-03-13 12:33:09 +00:00
if ( defined ( 'PHPUNIT_CONFIG_DIR' )) {
self :: $configDir = OC :: $SERVERROOT . '/' . PHPUNIT_CONFIG_DIR . '/' ;
} elseif ( defined ( 'PHPUNIT_RUN' ) and PHPUNIT_RUN and is_dir ( OC :: $SERVERROOT . '/tests/config/' )) {
2014-01-20 12:41:52 +00:00
self :: $configDir = OC :: $SERVERROOT . '/tests/config/' ;
2014-01-17 13:40:48 +00:00
} else {
self :: $configDir = OC :: $SERVERROOT . '/config/' ;
}
OC_Config :: $object = new \OC\Config ( self :: $configDir );
2013-01-14 19:30:28 +00:00
OC :: $SUBURI = str_replace ( " \\ " , " / " , substr ( realpath ( $_SERVER [ " SCRIPT_FILENAME " ]), strlen ( OC :: $SERVERROOT )));
2012-09-09 10:54:47 +00:00
$scriptName = OC_Request :: scriptName ();
2013-01-14 19:30:28 +00:00
if ( substr ( $scriptName , - 1 ) == '/' ) {
$scriptName .= 'index.php' ;
//make sure suburi follows the same rules as scriptName
if ( substr ( OC :: $SUBURI , - 9 ) != 'index.php' ) {
if ( substr ( OC :: $SUBURI , - 1 ) != '/' ) {
OC :: $SUBURI = OC :: $SUBURI . '/' ;
}
OC :: $SUBURI = OC :: $SUBURI . 'index.php' ;
}
}
OC :: $WEBROOT = substr ( $scriptName , 0 , strlen ( $scriptName ) - strlen ( OC :: $SUBURI ));
if ( OC :: $WEBROOT != '' and OC :: $WEBROOT [ 0 ] !== '/' ) {
OC :: $WEBROOT = '/' . OC :: $WEBROOT ;
}
// search the 3rdparty folder
if ( OC_Config :: getValue ( '3rdpartyroot' , '' ) <> '' and OC_Config :: getValue ( '3rdpartyurl' , '' ) <> '' ) {
OC :: $THIRDPARTYROOT = OC_Config :: getValue ( '3rdpartyroot' , '' );
OC :: $THIRDPARTYWEBROOT = OC_Config :: getValue ( '3rdpartyurl' , '' );
} elseif ( file_exists ( OC :: $SERVERROOT . '/3rdparty' )) {
OC :: $THIRDPARTYROOT = OC :: $SERVERROOT ;
OC :: $THIRDPARTYWEBROOT = OC :: $WEBROOT ;
} elseif ( file_exists ( OC :: $SERVERROOT . '/../3rdparty' )) {
OC :: $THIRDPARTYWEBROOT = rtrim ( dirname ( OC :: $WEBROOT ), '/' );
OC :: $THIRDPARTYROOT = rtrim ( dirname ( OC :: $SERVERROOT ), '/' );
} else {
2013-07-16 20:36:39 +00:00
throw new Exception ( '3rdparty directory not found! Please put the ownCloud 3rdparty'
2013-12-13 12:30:29 +00:00
. ' folder in the ownCloud folder or the folder above.'
. ' You can also configure the location in the config.php file.' );
2013-01-14 19:30:28 +00:00
}
// search the apps folder
$config_paths = OC_Config :: getValue ( 'apps_paths' , array ());
if ( ! empty ( $config_paths )) {
foreach ( $config_paths as $paths ) {
if ( isset ( $paths [ 'url' ]) && isset ( $paths [ 'path' ])) {
$paths [ 'url' ] = rtrim ( $paths [ 'url' ], '/' );
$paths [ 'path' ] = rtrim ( $paths [ 'path' ], '/' );
OC :: $APPSROOTS [] = $paths ;
}
}
} elseif ( file_exists ( OC :: $SERVERROOT . '/apps' )) {
OC :: $APPSROOTS [] = array ( 'path' => OC :: $SERVERROOT . '/apps' , 'url' => '/apps' , 'writable' => true );
} elseif ( file_exists ( OC :: $SERVERROOT . '/../apps' )) {
2013-02-11 16:44:02 +00:00
OC :: $APPSROOTS [] = array (
'path' => rtrim ( dirname ( OC :: $SERVERROOT ), '/' ) . '/apps' ,
'url' => '/apps' ,
'writable' => true
);
2013-01-14 19:30:28 +00:00
}
if ( empty ( OC :: $APPSROOTS )) {
2013-07-16 20:36:39 +00:00
throw new Exception ( 'apps directory not found! Please put the ownCloud apps folder in the ownCloud folder'
2013-12-13 12:30:29 +00:00
. ' or the folder above. You can also configure the location in the config.php file.' );
2013-01-14 19:30:28 +00:00
}
$paths = array ();
2013-01-30 21:55:33 +00:00
foreach ( OC :: $APPSROOTS as $path ) {
2013-01-14 19:30:28 +00:00
$paths [] = $path [ 'path' ];
2013-01-30 21:55:33 +00:00
}
2013-01-14 19:30:28 +00:00
// set the right include path
set_include_path (
2013-09-25 11:36:30 +00:00
OC :: $SERVERROOT . '/lib/private' . PATH_SEPARATOR .
2013-07-02 15:45:34 +00:00
OC :: $SERVERROOT . '/config' . PATH_SEPARATOR .
OC :: $THIRDPARTYROOT . '/3rdparty' . PATH_SEPARATOR .
implode ( $paths , PATH_SEPARATOR ) . PATH_SEPARATOR .
get_include_path () . PATH_SEPARATOR .
OC :: $SERVERROOT
2013-01-14 19:30:28 +00:00
);
}
2012-12-20 10:10:45 +00:00
2013-01-03 19:11:00 +00:00
public static function checkConfig () {
2014-01-17 13:40:48 +00:00
if ( file_exists ( self :: $configDir . " /config.php " )
and ! is_writable ( self :: $configDir . " /config.php " )
2013-12-13 12:30:29 +00:00
) {
2013-11-25 12:04:23 +00:00
if ( self :: $CLI ) {
echo " Can't write into config directory! \n " ;
echo " This can usually be fixed by giving the webserver write access to the config directory \n " ;
echo " \n " ;
echo " See " . \OC_Helper :: linkToDocs ( 'admin-dir_permissions' ) . " \n " ;
exit ;
} else {
OC_Template :: printErrorPage (
" Can't write into config directory! " ,
'This can usually be fixed by '
2013-12-13 12:30:29 +00:00
. '<a href="' . \OC_Helper :: linkToDocs ( 'admin-dir_permissions' ) . '" target="_blank">giving the webserver write access to the config directory</a>.'
2013-11-25 12:04:23 +00:00
);
}
2013-01-03 19:11:00 +00:00
}
}
2013-01-30 21:55:33 +00:00
public static function checkInstalled () {
2013-01-14 19:30:28 +00:00
// Redirect to installer if not installed
if ( ! OC_Config :: getValue ( 'installed' , false ) && OC :: $SUBURI != '/index.php' ) {
if ( ! OC :: $CLI ) {
$url = 'http://' . $_SERVER [ 'SERVER_NAME' ] . OC :: $WEBROOT . '/index.php' ;
header ( " Location: $url " );
}
exit ();
}
}
2014-04-13 09:51:03 +00:00
/*
2014-04-13 10:54:26 +00:00
* This function adds some security related headers to all requests served via base . php
2014-04-14 08:15:31 +00:00
* The implementation of this function has to happen here to ensure that all third - party
2014-04-13 10:54:26 +00:00
* components ( e . g . SabreDAV ) also benefit from this headers .
2014-04-13 09:51:03 +00:00
*/
public static function addSecurityHeaders () {
header ( 'X-XSS-Protection: 1; mode=block' ); // Enforce browser based XSS filters
header ( 'X-Content-Type-Options: nosniff' ); // Disable sniffing the content type for IE
// iFrame Restriction Policy
$xFramePolicy = OC_Config :: getValue ( 'xframe_restriction' , true );
if ( $xFramePolicy ) {
header ( 'X-Frame-Options: Sameorigin' ); // Disallow iFraming from other domains
}
// Content Security Policy
// If you change the standard policy, please also change it in config.sample.php
$policy = OC_Config :: getValue ( 'custom_csp_policy' ,
'default-src \'self\'; '
. 'script-src \'self\' \'unsafe-eval\'; '
. 'style-src \'self\' \'unsafe-inline\'; '
. 'frame-src *; '
. 'img-src *; '
. 'font-src \'self\' data:; '
. 'media-src *' );
header ( 'Content-Security-Policy:' . $policy );
}
2013-01-30 21:55:33 +00:00
public static function checkSSL () {
2013-01-14 19:30:28 +00:00
// redirect to https site if configured
if ( OC_Config :: getValue ( " forcessl " , false )) {
header ( 'Strict-Transport-Security: max-age=31536000' );
ini_set ( " session.cookie_secure " , " on " );
if ( OC_Request :: serverProtocol () <> 'https' and ! OC :: $CLI ) {
2012-09-09 10:54:47 +00:00
$url = " https:// " . OC_Request :: serverHost () . OC_Request :: requestUri ();
2013-01-14 19:30:28 +00:00
header ( " Location: $url " );
exit ();
}
2013-02-14 18:23:29 +00:00
} else {
// Invalidate HSTS headers
if ( OC_Request :: serverProtocol () === 'https' ) {
header ( 'Strict-Transport-Security: max-age=0' );
}
2013-01-14 19:30:28 +00:00
}
}
2012-12-20 10:10:45 +00:00
2013-01-03 19:11:00 +00:00
public static function checkMaintenanceMode () {
2013-01-04 02:32:33 +00:00
// Allow ajax update script to execute without being stopped
if ( OC_Config :: getValue ( 'maintenance' , false ) && OC :: $SUBURI != '/core/ajax/update.php' ) {
2013-01-14 20:39:55 +00:00
// send http status 503
header ( 'HTTP/1.1 503 Service Temporarily Unavailable' );
header ( 'Status: 503 Service Temporarily Unavailable' );
header ( 'Retry-After: 120' );
// render error page
2013-10-24 15:46:52 +00:00
$tmpl = new OC_Template ( '' , 'update.user' , 'guest' );
$tmpl -> printPage ();
die ();
2013-01-03 19:11:00 +00:00
}
}
2013-11-25 14:08:24 +00:00
public static function checkSingleUserMode () {
$user = OC_User :: getUserSession () -> getUser ();
$group = OC_Group :: getManager () -> get ( 'admin' );
if ( $user && OC_Config :: getValue ( 'singleuser' , false ) && ! $group -> inGroup ( $user )) {
// send http status 503
header ( 'HTTP/1.1 503 Service Temporarily Unavailable' );
header ( 'Status: 503 Service Temporarily Unavailable' );
header ( 'Retry-After: 120' );
// render error page
$tmpl = new OC_Template ( '' , 'singleuser.user' , 'guest' );
$tmpl -> printPage ();
die ();
}
}
2013-12-13 12:30:29 +00:00
/**
* check if the instance needs to preform an upgrade
*
* @ return bool
*/
public static function needUpgrade () {
2013-01-03 19:11:00 +00:00
if ( OC_Config :: getValue ( 'installed' , false )) {
$installedVersion = OC_Config :: getValue ( 'version' , '0.0.0' );
$currentVersion = implode ( '.' , OC_Util :: getVersion ());
2013-12-13 12:30:29 +00:00
return version_compare ( $currentVersion , $installedVersion , '>' );
} else {
2013-01-03 19:11:00 +00:00
return false ;
}
}
2014-04-21 13:44:54 +00:00
/**
* Checks if the version requires an update and shows
* @ param bool $showTemplate Whether an update screen should get shown
* @ return bool | void
*/
2013-12-13 12:30:29 +00:00
public static function checkUpgrade ( $showTemplate = true ) {
if ( self :: needUpgrade ()) {
if ( $showTemplate && ! OC_Config :: getValue ( 'maintenance' , false )) {
OC_Config :: setValue ( 'theme' , '' );
OC_Util :: addScript ( 'config' ); // needed for web root
OC_Util :: addScript ( 'update' );
$tmpl = new OC_Template ( '' , 'update.admin' , 'guest' );
$tmpl -> assign ( 'version' , OC_Util :: getVersionString ());
$tmpl -> printPage ();
exit ();
} else {
return true ;
}
}
return false ;
}
2013-01-30 21:55:33 +00:00
public static function initTemplateEngine () {
2013-01-14 19:30:28 +00:00
// Add the stuff we need always
2014-01-12 17:57:53 +00:00
// TODO: read from core/js/core.json
2013-05-27 18:13:13 +00:00
OC_Util :: addScript ( " jquery-1.10.0.min " );
OC_Util :: addScript ( " jquery-migrate-1.2.1.min " );
2013-01-23 10:37:28 +00:00
OC_Util :: addScript ( " jquery-ui-1.10.0.custom " );
2013-01-14 19:30:28 +00:00
OC_Util :: addScript ( " jquery-showpassword " );
OC_Util :: addScript ( " jquery.infieldlabel " );
2013-10-23 16:51:25 +00:00
OC_Util :: addScript ( " jquery.placeholder " );
2013-01-14 19:30:28 +00:00
OC_Util :: addScript ( " jquery-tipsy " );
2013-02-14 11:16:51 +00:00
OC_Util :: addScript ( " compatibility " );
2014-04-07 12:04:16 +00:00
OC_Util :: addScript ( " underscore " );
2013-06-02 19:52:59 +00:00
OC_Util :: addScript ( " jquery.ocdialog " );
2013-01-14 19:30:28 +00:00
OC_Util :: addScript ( " oc-dialogs " );
OC_Util :: addScript ( " js " );
2013-08-14 21:06:43 +00:00
OC_Util :: addScript ( " octemplate " );
2013-01-14 19:30:28 +00:00
OC_Util :: addScript ( " eventsource " );
OC_Util :: addScript ( " config " );
//OC_Util::addScript( "multiselect" );
OC_Util :: addScript ( 'search' , 'result' );
2013-08-30 09:38:49 +00:00
OC_Util :: addScript ( " oc-requesttoken " );
2013-01-14 19:30:28 +00:00
2013-09-01 16:17:14 +00:00
// avatars
if ( \OC_Config :: getValue ( 'enable_avatars' , true ) === true ) {
\OC_Util :: addScript ( 'placeholder' );
\OC_Util :: addScript ( '3rdparty' , 'md5/md5.min' );
\OC_Util :: addScript ( 'jquery.avatar' );
\OC_Util :: addScript ( 'avatar' );
}
2013-08-29 12:26:11 +00:00
2013-01-14 19:30:28 +00:00
OC_Util :: addStyle ( " styles " );
2014-02-20 10:33:46 +00:00
OC_Util :: addStyle ( " mobile " );
2014-01-21 16:39:38 +00:00
OC_Util :: addStyle ( " icons " );
2013-08-30 09:38:49 +00:00
OC_Util :: addStyle ( " apps " );
2013-08-30 09:42:32 +00:00
OC_Util :: addStyle ( " fixes " );
2013-01-14 19:30:28 +00:00
OC_Util :: addStyle ( " multiselect " );
2013-01-23 10:37:28 +00:00
OC_Util :: addStyle ( " jquery-ui-1.10.0.custom " );
2013-01-14 19:30:28 +00:00
OC_Util :: addStyle ( " jquery-tipsy " );
2013-06-02 19:52:59 +00:00
OC_Util :: addStyle ( " jquery.ocdialog " );
2013-01-14 19:30:28 +00:00
}
2013-01-30 21:55:33 +00:00
public static function initSession () {
2013-01-14 19:30:28 +00:00
// prevents javascript from accessing php session cookies
ini_set ( 'session.cookie_httponly' , '1;' );
2013-04-05 22:16:52 +00:00
// set the cookie path to the ownCloud directory
2013-07-02 15:45:34 +00:00
$cookie_path = OC :: $WEBROOT ? : '/' ;
2013-04-18 19:11:55 +00:00
ini_set ( 'session.cookie_path' , $cookie_path );
2013-04-05 22:16:52 +00:00
2013-06-17 20:41:07 +00:00
//set the session object to a dummy session so code relying on the session existing still works
self :: $session = new \OC\Session\Memory ( '' );
2013-07-02 15:45:34 +00:00
try {
2013-05-27 23:04:09 +00:00
// set the session name to the instance id - which is unique
2013-05-27 23:10:18 +00:00
self :: $session = new \OC\Session\Internal ( OC_Util :: getInstanceId ());
2013-05-27 23:04:09 +00:00
// if session cant be started break with http 500 error
2013-07-02 15:45:34 +00:00
} catch ( Exception $e ) {
2013-11-04 20:55:55 +00:00
//show the user a detailed error page
OC_Response :: setStatus ( OC_Response :: STATUS_INTERNAL_SERVER_ERROR );
OC_Template :: printExceptionErrorPage ( $e );
2013-02-25 17:37:05 +00:00
}
2013-01-14 19:30:28 +00:00
2013-06-26 07:19:19 +00:00
$sessionLifeTime = self :: getSessionLifeTime ();
2013-01-14 19:30:28 +00:00
// regenerate session id periodically to avoid session fixation
2013-05-27 23:04:09 +00:00
if ( ! self :: $session -> exists ( 'SID_CREATED' )) {
self :: $session -> set ( 'SID_CREATED' , time ());
2013-06-28 13:17:54 +00:00
} else if ( time () - self :: $session -> get ( 'SID_CREATED' ) > $sessionLifeTime / 2 ) {
2013-01-14 19:30:28 +00:00
session_regenerate_id ( true );
2013-05-27 23:04:09 +00:00
self :: $session -> set ( 'SID_CREATED' , time ());
2013-01-14 19:30:28 +00:00
}
// session timeout
2013-06-26 07:19:19 +00:00
if ( self :: $session -> exists ( 'LAST_ACTIVITY' ) && ( time () - self :: $session -> get ( 'LAST_ACTIVITY' ) > $sessionLifeTime )) {
2013-01-14 19:30:28 +00:00
if ( isset ( $_COOKIE [ session_name ()])) {
2013-04-18 19:11:55 +00:00
setcookie ( session_name (), '' , time () - 42000 , $cookie_path );
2013-01-14 19:30:28 +00:00
}
session_unset ();
session_destroy ();
session_start ();
}
2013-05-27 23:04:09 +00:00
self :: $session -> set ( 'LAST_ACTIVITY' , time ());
2013-01-14 19:30:28 +00:00
}
2013-06-26 07:19:19 +00:00
/**
2014-02-06 15:30:58 +00:00
* @ return string
2013-06-26 07:19:19 +00:00
*/
private static function getSessionLifeTime () {
2013-06-28 13:17:54 +00:00
return OC_Config :: getValue ( 'session_lifetime' , 60 * 60 * 24 );
2013-06-26 07:19:19 +00:00
}
2013-01-30 21:55:33 +00:00
public static function loadAppClassPaths () {
foreach ( OC_APP :: getEnabledApps () as $app ) {
$file = OC_App :: getAppPath ( $app ) . '/appinfo/classpath.php' ;
if ( file_exists ( $file )) {
2013-01-17 20:44:40 +00:00
require_once $file ;
}
}
}
2013-01-17 20:42:33 +00:00
2013-01-30 21:55:33 +00:00
public static function init () {
2013-01-14 19:30:28 +00:00
// register autoloader
2013-05-07 20:53:07 +00:00
require_once __DIR__ . '/autoloader.php' ;
2013-07-02 15:45:34 +00:00
self :: $loader = new \OC\Autoloader ();
2013-05-07 20:53:07 +00:00
self :: $loader -> registerPrefix ( 'Doctrine\\Common' , 'doctrine/common/lib' );
self :: $loader -> registerPrefix ( 'Doctrine\\DBAL' , 'doctrine/dbal/lib' );
self :: $loader -> registerPrefix ( 'Symfony\\Component\\Routing' , 'symfony/routing' );
2013-09-01 14:40:50 +00:00
self :: $loader -> registerPrefix ( 'Symfony\\Component\\Console' , 'symfony/console' );
2013-07-16 20:32:04 +00:00
self :: $loader -> registerPrefix ( 'Patchwork' , '3rdparty' );
2013-05-07 20:16:02 +00:00
spl_autoload_register ( array ( self :: $loader , 'load' ));
2013-01-14 19:30:28 +00:00
// set some stuff
//ob_start();
error_reporting ( E_ALL | E_STRICT );
if ( defined ( 'DEBUG' ) && DEBUG ) {
ini_set ( 'display_errors' , 1 );
}
self :: $CLI = ( php_sapi_name () == 'cli' );
date_default_timezone_set ( 'UTC' );
ini_set ( 'arg_separator.output' , '&' );
// try to switch magic quotes off.
2013-07-02 15:45:34 +00:00
if ( get_magic_quotes_gpc () == 1 ) {
2013-03-17 21:05:45 +00:00
ini_set ( 'magic_quotes_runtime' , 0 );
2013-01-14 19:30:28 +00:00
}
//try to configure php to enable big file uploads.
//this doesn´ t work always depending on the webserver and php configuration.
//Let´ s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@ set_time_limit ( 3600 );
@ ini_set ( 'max_execution_time' , 3600 );
@ ini_set ( 'max_input_time' , 3600 );
//try to set the maximum filesize to 10G
@ ini_set ( 'upload_max_filesize' , '10G' );
@ ini_set ( 'post_max_size' , '10G' );
@ ini_set ( 'file_uploads' , '50' );
//copy http auth headers for apache+php-fcgid work around
if ( isset ( $_SERVER [ 'HTTP_XAUTHORIZATION' ]) && ! isset ( $_SERVER [ 'HTTP_AUTHORIZATION' ])) {
$_SERVER [ 'HTTP_AUTHORIZATION' ] = $_SERVER [ 'HTTP_XAUTHORIZATION' ];
}
//set http auth headers for apache+php-cgi work around
2013-02-11 16:44:02 +00:00
if ( isset ( $_SERVER [ 'HTTP_AUTHORIZATION' ])
2013-07-02 15:45:34 +00:00
&& preg_match ( '/Basic\s+(.*)$/i' , $_SERVER [ 'HTTP_AUTHORIZATION' ], $matches )
) {
2013-01-14 19:30:28 +00:00
list ( $name , $password ) = explode ( ':' , base64_decode ( $matches [ 1 ]), 2 );
$_SERVER [ 'PHP_AUTH_USER' ] = strip_tags ( $name );
$_SERVER [ 'PHP_AUTH_PW' ] = strip_tags ( $password );
}
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
2013-02-11 16:44:02 +00:00
if ( isset ( $_SERVER [ 'REDIRECT_HTTP_AUTHORIZATION' ])
2013-07-02 15:45:34 +00:00
&& preg_match ( '/Basic\s+(.*)$/i' , $_SERVER [ 'REDIRECT_HTTP_AUTHORIZATION' ], $matches )
) {
2013-01-14 19:30:28 +00:00
list ( $name , $password ) = explode ( ':' , base64_decode ( $matches [ 1 ]), 2 );
$_SERVER [ 'PHP_AUTH_USER' ] = strip_tags ( $name );
$_SERVER [ 'PHP_AUTH_PW' ] = strip_tags ( $password );
}
self :: initPaths ();
2013-10-21 13:21:37 +00:00
if ( OC_Config :: getValue ( 'instanceid' , false )) {
// \OC\Memcache\Cache has a hidden dependency on
// OC_Util::getInstanceId() for namespacing. See #5409.
try {
self :: $loader -> setMemoryCache ( \OC\Memcache\Factory :: createLowLatency ( 'Autoloader' ));
2013-12-13 12:30:29 +00:00
} catch ( \Exception $ex ) {
2013-10-21 13:21:37 +00:00
}
}
2013-08-18 08:33:09 +00:00
OC_Util :: isSetLocaleWorking ();
2013-01-14 19:30:28 +00:00
2014-01-05 20:49:08 +00:00
// setup 3rdparty autoloader
$vendorAutoLoad = OC :: $THIRDPARTYROOT . '/3rdparty/autoload.php' ;
2014-01-07 15:24:05 +00:00
if ( file_exists ( $vendorAutoLoad )) {
2014-01-05 20:49:08 +00:00
require_once $vendorAutoLoad ;
}
2013-01-14 19:30:28 +00:00
// set debug mode if an xdebug session is active
if ( ! defined ( 'DEBUG' ) || ! DEBUG ) {
if ( isset ( $_COOKIE [ 'XDEBUG_SESSION' ])) {
define ( 'DEBUG' , true );
}
}
2013-07-21 20:40:35 +00:00
if ( ! defined ( 'PHPUNIT_RUN' )) {
if ( defined ( 'DEBUG' ) and DEBUG ) {
2014-01-31 12:27:51 +00:00
OC\Log\ErrorHandler :: register ( true );
2013-07-21 20:40:35 +00:00
set_exception_handler ( array ( 'OC_Template' , 'printExceptionErrorPage' ));
} else {
OC\Log\ErrorHandler :: register ();
}
2014-01-31 12:27:51 +00:00
OC\Log\ErrorHandler :: setLogger ( OC_Log :: $object );
2013-02-15 02:15:09 +00:00
}
2013-01-14 19:30:28 +00:00
// register the stream wrappers
2013-01-28 14:34:15 +00:00
stream_wrapper_register ( 'fakedir' , 'OC\Files\Stream\Dir' );
stream_wrapper_register ( 'static' , 'OC\Files\Stream\StaticStream' );
stream_wrapper_register ( 'close' , 'OC\Files\Stream\Close' );
2013-07-02 15:45:34 +00:00
stream_wrapper_register ( 'quota' , 'OC\Files\Stream\Quota' );
2013-01-28 14:35:30 +00:00
stream_wrapper_register ( 'oc' , 'OC\Files\Stream\OC' );
2013-01-14 19:30:28 +00:00
2013-09-15 21:07:18 +00:00
// setup the basic server
self :: $server = new \OC\Server ();
2013-04-23 09:06:28 +00:00
self :: initTemplateEngine ();
2013-07-02 15:45:34 +00:00
if ( ! self :: $CLI ) {
2013-04-19 13:18:27 +00:00
self :: initSession ();
2013-05-27 23:15:38 +00:00
} else {
self :: $session = new \OC\Session\Memory ( '' );
2013-04-19 13:18:27 +00:00
}
2013-05-31 15:31:52 +00:00
self :: checkConfig ();
self :: checkInstalled ();
self :: checkSSL ();
2014-04-13 09:51:03 +00:00
self :: addSecurityHeaders ();
2013-01-14 19:30:28 +00:00
$errors = OC_Util :: checkServer ();
if ( count ( $errors ) > 0 ) {
2013-11-25 12:04:23 +00:00
if ( self :: $CLI ) {
foreach ( $errors as $error ) {
2013-12-13 12:30:29 +00:00
echo $error [ 'error' ] . " \n " ;
2013-11-25 12:04:23 +00:00
echo $error [ 'hint' ] . " \n \n " ;
}
} else {
2014-03-14 12:58:34 +00:00
OC_Response :: setStatus ( OC_Response :: STATUS_SERVICE_UNAVAILABLE );
2013-11-25 12:04:23 +00:00
OC_Template :: printGuestPage ( '' , 'error' , array ( 'errors' => $errors ));
}
2013-01-14 19:30:28 +00:00
exit ;
}
2013-06-26 07:19:19 +00:00
//try to set the session lifetime
$sessionLifeTime = self :: getSessionLifeTime ();
@ ini_set ( 'gc_maxlifetime' , ( string ) $sessionLifeTime );
2013-01-14 19:30:28 +00:00
// User and Groups
if ( ! OC_Config :: getValue ( " installed " , false )) {
2013-07-02 15:45:34 +00:00
self :: $session -> set ( 'user_id' , '' );
2013-01-14 19:30:28 +00:00
}
OC_User :: useBackend ( new OC_User_Database ());
OC_Group :: useBackend ( new OC_Group_Database ());
2013-12-11 13:01:48 +00:00
2014-02-26 17:06:13 +00:00
$basic_auth = OC_Config :: getValue ( 'basic_auth' , true );
if ( $basic_auth && isset ( $_SERVER [ 'PHP_AUTH_USER' ]) && self :: $session -> exists ( 'loginname' )
2013-12-11 12:57:02 +00:00
&& $_SERVER [ 'PHP_AUTH_USER' ] !== self :: $session -> get ( 'loginname' )) {
2013-12-11 12:56:45 +00:00
$sessionUser = self :: $session -> get ( 'loginname' );
2013-10-01 11:25:58 +00:00
$serverUser = $_SERVER [ 'PHP_AUTH_USER' ];
OC_Log :: write ( 'core' ,
2014-01-09 09:29:21 +00:00
" Session loginname ( $sessionUser ) doesn't match SERVER[PHP_AUTH_USER] ( $serverUser ). " ,
2013-10-01 11:25:58 +00:00
OC_Log :: WARN );
2013-01-14 19:30:28 +00:00
OC_User :: logout ();
}
2014-02-06 10:34:27 +00:00
// Load minimum set of apps - which is filesystem, authentication and logging
2014-02-06 08:44:13 +00:00
if ( ! self :: checkUpgrade ( false )) {
2014-03-21 14:00:25 +00:00
OC_App :: loadApps ( array ( 'authentication' ));
OC_App :: loadApps ( array ( 'filesystem' , 'logging' ));
2013-01-14 19:30:28 +00:00
}
//setup extra user backends
OC_User :: setupBackends ();
self :: registerCacheHooks ();
self :: registerFilesystemHooks ();
2013-05-29 10:01:43 +00:00
self :: registerPreviewHooks ();
2013-01-14 19:30:28 +00:00
self :: registerShareHooks ();
2013-07-10 16:07:43 +00:00
self :: registerLogRotate ();
2013-01-14 19:30:28 +00:00
//make sure temporary files are cleaned up
register_shutdown_function ( array ( 'OC_Helper' , 'cleanTmp' ));
//parse the given parameters
2013-02-09 14:03:47 +00:00
self :: $REQUESTEDAPP = ( isset ( $_GET [ 'app' ]) && trim ( $_GET [ 'app' ]) != '' && ! is_null ( $_GET [ 'app' ]) ? OC_App :: cleanAppId ( strip_tags ( $_GET [ 'app' ])) : OC_Config :: getValue ( 'defaultapp' , 'files' ));
2013-01-14 19:30:28 +00:00
if ( substr_count ( self :: $REQUESTEDAPP , '?' ) != 0 ) {
$app = substr ( self :: $REQUESTEDAPP , 0 , strpos ( self :: $REQUESTEDAPP , '?' ));
$param = substr ( $_GET [ 'app' ], strpos ( $_GET [ 'app' ], '?' ) + 1 );
parse_str ( $param , $get );
$_GET = array_merge ( $_GET , $get );
self :: $REQUESTEDAPP = $app ;
$_GET [ 'app' ] = $app ;
}
self :: $REQUESTEDFILE = ( isset ( $_GET [ 'getfile' ]) ? $_GET [ 'getfile' ] : null );
if ( substr_count ( self :: $REQUESTEDFILE , '?' ) != 0 ) {
$file = substr ( self :: $REQUESTEDFILE , 0 , strpos ( self :: $REQUESTEDFILE , '?' ));
$param = substr ( self :: $REQUESTEDFILE , strpos ( self :: $REQUESTEDFILE , '?' ) + 1 );
parse_str ( $param , $get );
$_GET = array_merge ( $_GET , $get );
self :: $REQUESTEDFILE = $file ;
$_GET [ 'getfile' ] = $file ;
}
if ( ! is_null ( self :: $REQUESTEDFILE )) {
$subdir = OC_App :: getAppPath ( OC :: $REQUESTEDAPP ) . '/' . self :: $REQUESTEDFILE ;
$parent = OC_App :: getAppPath ( OC :: $REQUESTEDAPP );
if ( ! OC_Helper :: issubdirectory ( $subdir , $parent )) {
self :: $REQUESTEDFILE = null ;
header ( 'HTTP/1.0 404 Not Found' );
exit ;
}
}
2013-03-03 22:08:41 +00:00
if ( OC_Config :: getValue ( 'installed' , false ) && ! self :: checkUpgrade ( false )) {
2013-01-14 19:30:28 +00:00
if ( OC_Appconfig :: getValue ( 'core' , 'backgroundjobs_mode' , 'ajax' ) == 'ajax' ) {
OC_Util :: addScript ( 'backgroundjobs' );
}
}
}
/**
* register hooks for the cache
*/
2013-01-30 21:55:33 +00:00
public static function registerCacheHooks () {
2013-12-13 12:30:29 +00:00
if ( OC_Config :: getValue ( 'installed' , false ) && ! self :: needUpgrade ()) { //don't try to do this before we are properly setup
\OCP\BackgroundJob :: registerJob ( 'OC\Cache\FileGlobalGC' );
2013-04-20 22:08:55 +00:00
2013-09-18 11:15:38 +00:00
// NOTE: This will be replaced to use OCP
$userSession = \OC_User :: getUserSession ();
2013-09-18 13:02:25 +00:00
$userSession -> listen ( 'postLogin' , '\OC\Cache\File' , 'loginListener' );
2013-04-20 22:08:55 +00:00
}
2013-01-14 19:30:28 +00:00
}
2013-07-10 16:07:43 +00:00
/**
* register hooks for the cache
*/
public static function registerLogRotate () {
2013-12-13 12:30:29 +00:00
if ( OC_Config :: getValue ( 'installed' , false ) && OC_Config :: getValue ( 'log_rotate_size' , false ) && ! self :: needUpgrade ()) {
2013-08-28 15:41:27 +00:00
//don't try to do this before we are properly setup
2013-12-13 12:30:29 +00:00
\OCP\BackgroundJob :: registerJob ( 'OC\Log\Rotate' , OC_Config :: getValue ( " datadirectory " , OC :: $SERVERROOT . '/data' ) . '/owncloud.log' );
2013-07-10 16:07:43 +00:00
}
}
2013-01-14 19:30:28 +00:00
/**
* register hooks for the filesystem
*/
2013-01-30 21:55:33 +00:00
public static function registerFilesystemHooks () {
2013-01-14 19:30:28 +00:00
// Check for blacklisted files
OC_Hook :: connect ( 'OC_Filesystem' , 'write' , 'OC_Filesystem' , 'isBlacklisted' );
OC_Hook :: connect ( 'OC_Filesystem' , 'rename' , 'OC_Filesystem' , 'isBlacklisted' );
}
2013-05-29 10:01:43 +00:00
/**
* register hooks for previews
*/
public static function registerPreviewHooks () {
2013-05-29 10:33:24 +00:00
OC_Hook :: connect ( 'OC_Filesystem' , 'post_write' , 'OC\Preview' , 'post_write' );
2014-03-11 13:21:27 +00:00
OC_Hook :: connect ( 'OC_Filesystem' , 'preDelete' , 'OC\Preview' , 'prepare_delete_files' );
OC_Hook :: connect ( '\OCP\Versions' , 'preDelete' , 'OC\Preview' , 'prepare_delete' );
OC_Hook :: connect ( '\OCP\Trashbin' , 'preDelete' , 'OC\Preview' , 'prepare_delete' );
OC_Hook :: connect ( 'OC_Filesystem' , 'delete' , 'OC\Preview' , 'post_delete_files' );
2013-11-12 13:08:55 +00:00
OC_Hook :: connect ( '\OCP\Versions' , 'delete' , 'OC\Preview' , 'post_delete' );
OC_Hook :: connect ( '\OCP\Trashbin' , 'delete' , 'OC\Preview' , 'post_delete' );
2013-05-29 10:01:43 +00:00
}
2013-01-14 19:30:28 +00:00
/**
* register hooks for sharing
*/
2013-01-30 21:55:33 +00:00
public static function registerShareHooks () {
2013-12-13 12:30:29 +00:00
if ( \OC_Config :: getValue ( 'installed' )) {
2014-02-18 14:07:03 +00:00
OC_Hook :: connect ( 'OC_User' , 'post_deleteUser' , 'OC\Share\Hooks' , 'post_deleteUser' );
OC_Hook :: connect ( 'OC_User' , 'post_addToGroup' , 'OC\Share\Hooks' , 'post_addToGroup' );
OC_Hook :: connect ( 'OC_User' , 'post_removeFromGroup' , 'OC\Share\Hooks' , 'post_removeFromGroup' );
OC_Hook :: connect ( 'OC_User' , 'post_deleteGroup' , 'OC\Share\Hooks' , 'post_deleteGroup' );
2013-05-16 23:20:02 +00:00
}
2013-01-14 19:30:28 +00:00
}
/**
* @ brief Handle the request
*/
2013-01-30 21:55:33 +00:00
public static function handleRequest () {
2014-04-23 23:42:18 +00:00
$l = \OC_L10N :: get ( 'lib' );
2013-01-17 20:44:40 +00:00
// load all the classpaths from the enabled apps so they are available
// in the routing files of each app
OC :: loadAppClassPaths ();
2013-01-17 20:42:33 +00:00
2013-01-30 21:55:33 +00:00
// Check if ownCloud is installed or in maintenance (update) mode
if ( ! OC_Config :: getValue ( 'installed' , false )) {
2013-09-10 18:19:42 +00:00
$controller = new OC\Core\Setup\Controller ();
$controller -> run ( $_POST );
2013-01-30 21:55:33 +00:00
exit ();
}
2013-02-05 22:33:44 +00:00
2014-03-05 14:02:05 +00:00
$host = OC_Request :: insecureServerHost ();
// if the host passed in headers isn't trusted
if ( ! OC :: $CLI
// overwritehost is always trusted
&& OC_Request :: getOverwriteHost () === null
&& ! OC_Request :: isTrustedDomain ( $host )) {
header ( 'HTTP/1.1 400 Bad Request' );
header ( 'Status: 400 Bad Request' );
OC_Template :: printErrorPage (
2014-04-23 23:42:18 +00:00
$l -> t ( 'You are accessing the server from an untrusted domain.' ),
2014-04-27 14:31:04 +00:00
$l -> t ( 'Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domain" setting in config/config.php. An example configuration is provided in config/config.sample.php.' )
2014-03-05 14:02:05 +00:00
);
return ;
}
2013-01-30 22:05:44 +00:00
$request = OC_Request :: getPathInfo ();
2013-12-13 12:30:29 +00:00
if ( substr ( $request , - 3 ) !== '.js' ) { // we need these files during the upgrade
2013-01-30 22:05:44 +00:00
self :: checkMaintenanceMode ();
self :: checkUpgrade ();
}
2013-01-30 21:55:33 +00:00
2013-06-04 22:38:08 +00:00
// Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
2013-05-25 02:51:51 +00:00
OC :: tryBasicAuthLogin ();
2013-05-30 22:53:57 +00:00
2013-11-25 14:08:24 +00:00
if ( ! self :: $CLI and ( ! isset ( $_GET [ " logout " ]) or ( $_GET [ " logout " ] !== 'true' ))) {
2013-02-07 16:53:38 +00:00
try {
2013-03-03 22:03:47 +00:00
if ( ! OC_Config :: getValue ( 'maintenance' , false )) {
OC_App :: loadApps ();
}
2013-11-25 14:08:24 +00:00
self :: checkSingleUserMode ();
2014-03-10 13:06:47 +00:00
OC :: $server -> getRouter () -> match ( OC_Request :: getRawPathInfo ());
2013-02-07 16:53:38 +00:00
return ;
} catch ( Symfony\Component\Routing\Exception\ResourceNotFoundException $e ) {
//header('HTTP/1.0 404 Not Found');
} catch ( Symfony\Component\Routing\Exception\MethodNotAllowedException $e ) {
OC_Response :: setStatus ( 405 );
return ;
}
2013-01-14 19:30:28 +00:00
}
2013-01-30 22:05:44 +00:00
2013-01-14 19:30:28 +00:00
$app = OC :: $REQUESTEDAPP ;
$file = OC :: $REQUESTEDFILE ;
$param = array ( 'app' => $app , 'file' => $file );
2013-01-25 13:57:52 +00:00
// Handle redirect URL for logged in users
if ( isset ( $_REQUEST [ 'redirect_url' ]) && OC_User :: isLoggedIn ()) {
$location = OC_Helper :: makeURLAbsolute ( urldecode ( $_REQUEST [ 'redirect_url' ]));
2013-05-27 23:04:09 +00:00
2013-04-22 21:26:40 +00:00
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
2013-05-07 20:16:02 +00:00
if ( strpos ( $location , '@' ) === false ) {
2013-04-22 21:26:40 +00:00
header ( 'Location: ' . $location );
return ;
}
2013-01-25 13:57:52 +00:00
}
// Handle WebDAV
if ( $_SERVER [ 'REQUEST_METHOD' ] == 'PROPFIND' ) {
2013-10-24 08:34:09 +00:00
// not allowed any more to prevent people
// mounting this root directly.
// Users need to mount remote.php/webdav instead.
header ( 'HTTP/1.1 405 Method Not Allowed' );
header ( 'Status: 405 Method Not Allowed' );
2013-01-25 13:57:52 +00:00
return ;
}
2013-01-14 19:30:28 +00:00
// Someone is logged in :
if ( OC_User :: isLoggedIn ()) {
OC_App :: loadApps ();
OC_User :: setupBackends ();
if ( isset ( $_GET [ " logout " ]) and ( $_GET [ " logout " ])) {
if ( isset ( $_COOKIE [ 'oc_token' ])) {
OC_Preferences :: deleteKey ( OC_User :: getUser (), 'login_token' , $_COOKIE [ 'oc_token' ]);
}
OC_User :: logout ();
2013-06-25 08:45:37 +00:00
// redirect to webroot and add slash if webroot is empty
header ( " Location: " . OC :: $WEBROOT . ( empty ( OC :: $WEBROOT ) ? '/' : '' ));
2013-01-14 19:30:28 +00:00
} else {
if ( is_null ( $file )) {
$param [ 'file' ] = 'index.php' ;
}
$file_ext = substr ( $param [ 'file' ], - 3 );
if ( $file_ext != 'php'
|| ! self :: loadAppScriptFile ( $param )
2013-01-30 21:55:33 +00:00
) {
2013-01-14 19:30:28 +00:00
header ( 'HTTP/1.0 404 Not Found' );
}
}
return ;
}
// Not handled and not logged in
self :: handleLogin ();
}
2014-04-21 13:44:54 +00:00
/**
* Load a PHP file belonging to the specified application
* @ param array $param The application and file to load
* @ return bool Whether the file has been found ( will return 404 and false if not )
*/
2013-01-30 21:55:33 +00:00
public static function loadAppScriptFile ( $param ) {
2013-01-14 19:30:28 +00:00
OC_App :: loadApps ();
$app = $param [ 'app' ];
$file = $param [ 'file' ];
$app_path = OC_App :: getAppPath ( $app );
2013-06-28 17:22:51 +00:00
if ( OC_App :: isEnabled ( $app ) && $app_path !== false ) {
$file = $app_path . '/' . $file ;
unset ( $app , $app_path );
if ( file_exists ( $file )) {
require_once $file ;
return true ;
}
2013-01-14 19:30:28 +00:00
}
2013-06-28 17:22:51 +00:00
header ( 'HTTP/1.0 404 Not Found' );
2013-01-14 19:30:28 +00:00
return false ;
}
2013-01-30 21:55:33 +00:00
protected static function handleLogin () {
2013-01-14 19:30:28 +00:00
OC_App :: loadApps ( array ( 'prelogin' ));
$error = array ();
2013-10-01 11:25:58 +00:00
2013-10-01 22:55:35 +00:00
// auth possible via apache module?
if ( OC :: tryApacheAuth ()) {
$error [] = 'apacheauthfailed' ;
2013-12-13 12:30:29 +00:00
} // remember was checked after last login
2013-10-01 11:25:58 +00:00
elseif ( OC :: tryRememberLogin ()) {
2013-01-14 19:30:28 +00:00
$error [] = 'invalidcookie' ;
2013-12-13 12:30:29 +00:00
} // logon via web form
2013-10-01 22:55:35 +00:00
elseif ( OC :: tryFormLogin ()) {
2013-01-14 19:30:28 +00:00
$error [] = 'invalidpassword' ;
2013-10-10 12:15:13 +00:00
if ( OC_Config :: getValue ( 'log_authfailip' , false ) ) {
2013-09-10 09:07:26 +00:00
OC_Log :: write ( 'core' , 'Login failed: user \'' . $_POST [ " user " ] . '\' , wrong password, IP:' . $_SERVER [ 'REMOTE_ADDR' ],
OC_Log :: WARN );
2013-12-11 12:56:45 +00:00
} else {
2013-09-10 09:07:26 +00:00
OC_Log :: write ( 'core' , 'Login failed: user \'' . $_POST [ " user " ] . '\' , wrong password, IP:set log_authfailip=true in conf' ,
OC_Log :: WARN );
}
2013-01-14 19:30:28 +00:00
}
2013-05-30 22:53:57 +00:00
2013-01-14 19:30:28 +00:00
OC_Util :: displayLoginPage ( array_unique ( $error ));
}
2014-04-21 13:44:54 +00:00
/**
* Remove outdated and therefore invalid tokens for a user
* @ param string $user
*/
2013-01-30 21:55:33 +00:00
protected static function cleanupLoginTokens ( $user ) {
2013-01-14 19:30:28 +00:00
$cutoff = time () - OC_Config :: getValue ( 'remember_login_cookie_lifetime' , 60 * 60 * 24 * 15 );
$tokens = OC_Preferences :: getKeys ( $user , 'login_token' );
foreach ( $tokens as $token ) {
$time = OC_Preferences :: getValue ( $user , 'login_token' , $token );
if ( $time < $cutoff ) {
OC_Preferences :: deleteKey ( $user , 'login_token' , $token );
}
}
}
2014-04-21 13:44:54 +00:00
/**
* Try to login a user via HTTP authentication
* @ return bool | void
*/
2013-10-01 11:25:58 +00:00
protected static function tryApacheAuth () {
2013-10-01 22:55:35 +00:00
$return = OC_User :: handleApacheAuth ();
// if return is true we are logged in -> redirect to the default page
if ( $return === true ) {
$_REQUEST [ 'redirect_url' ] = \OC_Request :: requestUri ();
OC_Util :: redirectToDefaultPage ();
exit ;
}
// in case $return is null apache based auth is not enabled
return is_null ( $return ) ? false : true ;
2013-10-01 11:25:58 +00:00
}
2014-04-21 13:44:54 +00:00
/**
* Try to login a user using the remember me cookie .
* @ return bool Whether the provided cookie was valid
*/
2013-01-30 21:55:33 +00:00
protected static function tryRememberLogin () {
2013-01-14 19:30:28 +00:00
if ( ! isset ( $_COOKIE [ " oc_remember_login " ])
|| ! isset ( $_COOKIE [ " oc_token " ])
|| ! isset ( $_COOKIE [ " oc_username " ])
|| ! $_COOKIE [ " oc_remember_login " ]
2013-09-24 16:01:34 +00:00
|| ! OC_Util :: rememberLoginAllowed ()
2013-01-30 21:55:33 +00:00
) {
2013-01-14 19:30:28 +00:00
return false ;
}
2014-02-06 10:34:27 +00:00
2013-01-14 19:30:28 +00:00
if ( defined ( " DEBUG " ) && DEBUG ) {
OC_Log :: write ( 'core' , 'Trying to login from cookie' , OC_Log :: DEBUG );
}
// confirm credentials in cookie
if ( isset ( $_COOKIE [ 'oc_token' ]) && OC_User :: userExists ( $_COOKIE [ 'oc_username' ])) {
// delete outdated cookies
self :: cleanupLoginTokens ( $_COOKIE [ 'oc_username' ]);
// get stored tokens
$tokens = OC_Preferences :: getKeys ( $_COOKIE [ 'oc_username' ], 'login_token' );
// test cookies token against stored tokens
if ( in_array ( $_COOKIE [ 'oc_token' ], $tokens , true )) {
// replace successfully used token with a new one
OC_Preferences :: deleteKey ( $_COOKIE [ 'oc_username' ], 'login_token' , $_COOKIE [ 'oc_token' ]);
2013-08-15 06:49:19 +00:00
$token = OC_Util :: generateRandomBytes ( 32 );
2013-01-14 19:30:28 +00:00
OC_Preferences :: setValue ( $_COOKIE [ 'oc_username' ], 'login_token' , $token , time ());
OC_User :: setMagicInCookie ( $_COOKIE [ 'oc_username' ], $token );
// login
OC_User :: setUserId ( $_COOKIE [ 'oc_username' ]);
OC_Util :: redirectToDefaultPage ();
// doesn't return
}
// if you reach this point you have changed your password
// or you are an attacker
// we can not delete tokens here because users may reach
// this point multiple times after a password change
OC_Log :: write ( 'core' , 'Authentication cookie rejected for user ' . $_COOKIE [ 'oc_username' ], OC_Log :: WARN );
}
OC_User :: unsetMagicInCookie ();
return true ;
}
2014-04-21 13:44:54 +00:00
/**
* Tries to login a user using the formbased authentication
* @ return bool | void
*/
2013-01-30 21:55:33 +00:00
protected static function tryFormLogin () {
2013-01-14 19:30:28 +00:00
if ( ! isset ( $_POST [ " user " ]) || ! isset ( $_POST [ 'password' ])) {
return false ;
2013-01-04 19:16:59 +00:00
}
2013-01-14 19:30:28 +00:00
OC_App :: loadApps ();
//setup extra user backends
OC_User :: setupBackends ();
if ( OC_User :: login ( $_POST [ " user " ], $_POST [ " password " ])) {
// setting up the time zone
if ( isset ( $_POST [ 'timezone-offset' ])) {
2013-05-27 23:04:09 +00:00
self :: $session -> set ( 'timezone' , $_POST [ 'timezone-offset' ]);
2013-01-14 19:30:28 +00:00
}
2013-08-29 22:33:48 +00:00
$userid = OC_User :: getUser ();
self :: cleanupLoginTokens ( $userid );
2013-01-14 19:30:28 +00:00
if ( ! empty ( $_POST [ " remember_login " ])) {
if ( defined ( " DEBUG " ) && DEBUG ) {
OC_Log :: write ( 'core' , 'Setting remember login to cookie' , OC_Log :: DEBUG );
}
2013-08-15 06:49:19 +00:00
$token = OC_Util :: generateRandomBytes ( 32 );
2013-08-29 22:33:48 +00:00
OC_Preferences :: setValue ( $userid , 'login_token' , $token , time ());
OC_User :: setMagicInCookie ( $userid , $token );
2013-01-14 19:30:28 +00:00
} else {
OC_User :: unsetMagicInCookie ();
}
OC_Util :: redirectToDefaultPage ();
exit ();
}
return true ;
}
2014-04-21 13:44:54 +00:00
/**
* Try to login a user using HTTP authentication .
* @ return bool
*/
2013-01-30 21:55:33 +00:00
protected static function tryBasicAuthLogin () {
2013-01-14 19:30:28 +00:00
if ( ! isset ( $_SERVER [ " PHP_AUTH_USER " ])
|| ! isset ( $_SERVER [ " PHP_AUTH_PW " ])
2013-01-30 21:55:33 +00:00
) {
2013-01-14 19:30:28 +00:00
return false ;
}
2014-02-06 10:34:27 +00:00
2013-09-05 22:28:13 +00:00
if ( OC_User :: login ( $_SERVER [ " PHP_AUTH_USER " ], $_SERVER [ " PHP_AUTH_PW " ])) {
//OC_Log::write('core',"Logged in with HTTP Authentication", OC_Log::DEBUG);
OC_User :: unsetMagicInCookie ();
$_SERVER [ 'HTTP_REQUESTTOKEN' ] = OC_Util :: callRegister ();
2013-01-14 19:30:28 +00:00
}
return true ;
2013-01-04 02:32:33 +00:00
}
2012-08-08 20:42:45 +00:00
2011-03-02 21:18:22 +00:00
}
2010-03-10 12:03:40 +00:00
2012-12-20 10:10:45 +00:00
if ( ! function_exists ( 'get_temp_dir' )) {
2014-04-21 13:44:54 +00:00
/**
* Get the temporary dir to store uploaded data
* @ return null | string Path to the temporary directory or null
*/
2013-01-30 21:55:33 +00:00
function get_temp_dir () {
2013-01-14 19:30:28 +00:00
if ( $temp = ini_get ( 'upload_tmp_dir' )) return $temp ;
if ( $temp = getenv ( 'TMP' )) return $temp ;
if ( $temp = getenv ( 'TEMP' )) return $temp ;
if ( $temp = getenv ( 'TMPDIR' )) return $temp ;
$temp = tempnam ( __FILE__ , '' );
if ( file_exists ( $temp )) {
unlink ( $temp );
return dirname ( $temp );
}
if ( $temp = sys_get_temp_dir ()) return $temp ;
return null ;
}
2011-07-29 19:03:53 +00:00
}
2011-11-13 15:16:21 +00:00
OC :: init ();