static function write_config($no_hash, $no_hash2) { $out = array(); $out[] = "<?php"; $out[] = "define('CORE_VERSION','" . CORE_VERSION . "');"; $out[] = "define('CORE_VERSION_STRING','" . CORE_VERSION_STRING . "');"; $out[] = "define('CORE_SGSML_VERSION','" . CORE_SGSML_VERSION . "');"; $out[] = "define('SETUP_DB_TYPE','" . SETUP_DB_TYPE . "');"; foreach ($_POST as $key => $val) { $val = $_REQUEST[$key]; if (is_array($val)) { $val = implode("|", $val); } if (in_array($key, array("action_sys", "token"))) { continue; } if ($key == "invalid_extensions") { $val = trim(preg_replace("|\\s*,\\s*|", ",", $val)); } if ($key == "setup_db_pw") { $val = sys_encrypt($val, sha1($_REQUEST["setup_admin_user"])); } if (!$no_hash and $key == "setup_admin_pw") { $val = sha1($val); } if (!$no_hash2 and $key == "setup_admin_pw2") { $val = sha1($val); } if (!is_numeric($val)) { if (strpos($val, "\n") or strpos($val, "'")) { $val = "base64_decode('" . base64_encode($val) . "')"; } else { $val = "'" . $val . "'"; } } $key = strtoupper($key); if (isset(self::$bools[$key])) { if ($val == "1") { $val = "true"; } else { $val = "false"; } } $out[] = "define('" . $key . "'," . $val . ");"; } $out[] = "if (TIMEZONE!='') date_default_timezone_set(TIMEZONE);\n" . " elseif (!ini_get('date.timezone')) date_default_timezone_set(@date_default_timezone_get());"; $out[] = "if (!ini_get('display_errors')) @ini_set('display_errors','1');"; $out[] = "define('NOW',time());"; $out[] = "define('APC',function_exists('apc_store') and ini_get('apc.enabled'));"; $out[] = "?>"; file_put_contents("simple_store/config.php", implode("\n", $out), LOCK_EX); admin::build_js($_REQUEST["lang"]); if (SIMPLE_CACHE != $_REQUEST["simple_cache"]) { self::dirs_clear_caches(SIMPLE_CACHE); self::dirs_clear_caches($_REQUEST["simple_cache"]); } // TODO initialize simple_store if different if (SIMPLE_CUSTOM != $_REQUEST["simple_custom"]) { self::dirs_clear_custom($_REQUEST["simple_custom"]); } if (SIMPLE_EXT != $_REQUEST["simple_ext"]) { self::dirs_clear_custom($_REQUEST["simple_ext"]); } sys_log_message_log("info", sprintf("{t}Setup: setup-data written to %s.{/t}", "simple_store/config.php")); }
function install() { setup::out(' <html> <head> <title>Simple Groupware & CMS</title> <style> body { width:526px; margin:10px auto; } body, a { color: #666666; font-size: 13px; font-family: Arial, Helvetica, Verdana, sans-serif; } a { color: #0000FF; } </style> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body> <div style="border-bottom: 1px solid #666666; letter-spacing: 2px; font-size: 18px; font-weight: bold;">Simple Groupware ' . CORE_VERSION_STRING . '</div> '); $_SESSION["groups"] = array(); $_SESSION["username"] = "******"; $_SESSION["password"] = ""; $_SESSION["permission_sql"] = "1=1"; $_SESSION["permission_sql_read"] = "1=1"; $_SESSION["permission_sql_write"] = "1=1"; define("SETUP_DB_TYPE", $_REQUEST["db_type"]); $update = sgsml_parser::table_column_exists("simple_sys_tree", "id"); setup::out('<img src="http://www.simple-groupware.de/cms/logo.php/' . CORE_VERSION . '/' . SETUP_DB_TYPE . '/' . PHP_VERSION . '/' . (int) $update . '" style="width:1px; height:1px;">', false); setup::out(t("{t}Processing %s ...{/t}", "schema updates")); setup_update::change_database_pre(); if (SETUP_DB_TYPE == "sqlite") { sql_query("begin"); admin::rebuild_schema(false); sql_query("commit"); } else { admin::rebuild_schema(false); } setup_update::change_database_post(); setup::out(t("{t}Processing %s ...{/t}", "sessions")); db_delete("simple_sys_session", array(), array()); setup::out(t("{t}Processing %s ...{/t}", "default groups")); $groups = array("admin_calendar", "admin_news", "admin_projects", "admin_bookmarks", "admin_contacts", "admin_inventory", "admin_helpdesk", "admin_organisation", "admin_files", "admin_payroll", "admin_surveys", "admin_hr", "admin_intranet", "users_self_registration"); foreach ($groups as $group) { trigger::creategroup($group); } setup_update::database_triggers(); setup::out(t("{t}Processing %s ...{/t}", "folder structure")); $count = db_select_value("simple_sys_tree", "id", array()); if (empty($count)) { $folders = "modules/core/folders.xml"; if (!empty($_REQUEST["folders"]) and file_exists(sys_custom($_REQUEST["folders"]))) { $folders = $_REQUEST["folders"]; } if (SETUP_DB_TYPE == "sqlite") { sql_query("begin"); folders::create_default_folders($folders, 0, true); sql_query("commit"); } else { folders::create_default_folders($folders, 0, true); } } setup_update::database_folders(); setup::out(t("{t}Processing %s ...{/t}", "css")); admin::build_css(); setup::out(t("{t}Processing %s ...{/t}", "js")); admin::build_js(); setup::out(t("{t}Processing %s ...{/t}", "icons")); admin::build_icons(); setup::out(t("{t}Processing %s ...{/t}", "config.php")); $vars = array("SETUP_DB_TYPE" => "'" . $_REQUEST["db_type"] . "'", "SETUP_DB_HOST" => "'" . $_REQUEST["db_host"] . "'", "SETUP_DB_NAME" => "'" . $_REQUEST["db_name"] . "'", "SETUP_DB_USER" => "'" . $_REQUEST["db_user"] . "'", "SETUP_DB_PW" => "'" . sys_encrypt($_REQUEST["db_pw"], sha1($_REQUEST["admin_user"])) . "'", "SETUP_ADMIN_USER" => "'" . $_REQUEST["admin_user"] . "'", "SETUP_ADMIN_PW" => "'" . (isset($_REQUEST["auto_update"]) ? $_REQUEST["admin_pw"] : sha1($_REQUEST["admin_pw"])) . "'"); setup::save_config($vars); setup::install_footer(); db_optimize_tables(); }
static function process_login($username, $password = "") { $id = session_id(); if (!APC_SESSION and $id and (empty($_SESSION["username"]) or $_SESSION["username"] != $username)) { $row = db_select_first("simple_sys_session", array("id", "data", "expiry"), "username=@username@", "lastmodified desc", array("username" => $username)); if (!empty($row["id"])) { $_SESSION = array(); session_decode(rawurldecode($row["data"])); if ($row["expiry"] < NOW) { db_delete("simple_sys_session", array("id=@id@"), array("id" => $row["id"])); } } if (!db_count("simple_sys_session", array("id=@id@"), array("id" => $id))) { db_insert("simple_sys_session", array("expiry" => NOW + LOGIN_TIMEOUT, "id" => $id)); } } $_SESSION["username"] = $username; if ($password != "") { $_SESSION["password"] = sys_encrypt($password, $id); } if (!isset($_SESSION["history"])) { $_SESSION["history"] = array(); } $_SESSION["groups"] = array(); $_SESSION["folder_states"] = array(); $base = dirname($_SERVER["SCRIPT_FILENAME"]) . "/"; if (sys_is_super_admin($_SESSION["username"])) { $_SESSION["ALLOWED_PATH"] = array($base . SIMPLE_STORE . "/home/", $base . SIMPLE_CACHE . "/debug/", $base . SIMPLE_STORE . "/trash/", $base . SIMPLE_CACHE . "/preview/", $base . SIMPLE_STORE . "/backup/"); } else { $_SESSION["ALLOWED_PATH"] = array($base . SIMPLE_STORE . "/home/" . $_SESSION["username"] . "/", $base . SIMPLE_CACHE . "/preview/"); } foreach (explode(",", SIMPLE_IMPORT) as $folder) { if ($folder == "" or !is_dir($folder)) { continue; } if ($folder[0] != "/" and !strpos($folder, ":")) { $folder = $base . $folder; } $_SESSION["ALLOWED_PATH"][] = rtrim(str_replace("\\", "/", $folder), "/") . "/"; } // TODO2 put in extra function and configure it with setup to fetch groups from somewhere else if (sys_is_super_admin($_SESSION["username"])) { $_SESSION["permission_sql"] = "1=1"; $_SESSION["permission_sql_exception"] = "1=0"; $_SESSION["disabled_modules"] = array(); } else { $_SESSION["permission_sql"] = sql_regexp("r@right@_users", array($username, "anonymous")); $_SESSION["permission_sql_exception"] = "(rexception_users!='' and " . sql_regexp("rexception_users", array($username, "anonymous"), "|@view@:@right@:%s|") . ")"; $_SESSION["disabled_modules"] = array_flip(explode("|", DISABLED_MODULES)); $rows = db_select("simple_sys_groups", "groupname", array("activated=1", "members like @username_sql@"), "", "", array("username_sql" => "%|" . $username . "|%")); if (is_array($rows) and count($rows) > 0) { foreach ($rows as $val) { $_SESSION["groups"][] = $val["groupname"]; } $_SESSION["permission_sql"] = "(" . $_SESSION["permission_sql"] . " or " . sql_regexp("r@right@_groups", $_SESSION["groups"]) . ")"; $_SESSION["permission_sql_exception"] = "(" . $_SESSION["permission_sql_exception"] . " or (rexception_groups!='' and " . sql_regexp("rexception_groups", $_SESSION["groups"], "|@view@:@right@:%s|") . "))"; } } $_SESSION["permission_sql_read"] = str_replace("@right@", "read", $_SESSION["permission_sql"]); $_SESSION["permission_sql_write"] = str_replace("@right@", "write", $_SESSION["permission_sql"]); $_SESSION["ip"] = _login_get_remoteaddr(); $_SESSION["tickets"] = array("templates" => array("dbselect", "simple_templates", array("tplcontent", "tplname"), array("tplname like @search@"), "tplname asc")); $_SESSION["treevisible"] = true; $row = db_select_first("simple_sys_users", "*", "username=@username@", "", array("username" => $username)); if (!empty($row["cal_day_begin"])) { $_SESSION["day_begin"] = sys_date("G", $row["cal_day_begin"] - 1) * 3600; $_SESSION["day_end"] = sys_date("G", $row["cal_day_end"]) * 3600; } else { $_SESSION["day_begin"] = 25200; // 7:00 = 7*3600 $_SESSION["day_end"] = 64800; // 18:00 = 18*3600 } if (!empty($row["enabled_modules"])) { $row["enabled_modules"] = array_flip(explode("|", trim($row["enabled_modules"], "|"))); $_SESSION["disabled_modules"] = array_diff_key($_SESSION["disabled_modules"], $row["enabled_modules"]); } if (!empty($row["timezone"])) { $_SESSION["timezone"] = $row["timezone"]; } else { $_SESSION["timezone"] = ""; } if (!empty($row["theme"])) { $_SESSION["theme"] = $row["theme"]; } else { $_SESSION["theme"] = "core"; } if (!empty($row["home_folder"])) { $_SESSION["home_folder"] = "index.php?folder=" . rawurlencode($row["home_folder"]); } else { if (sys_is_super_admin($username)) { $anchor = "system"; } else { $anchor = "home_" . $username; } $_SESSION["home_folder"] = "index.php?folder=^" . $anchor; } if ($id or isset($_REQUEST["login"])) { sys_log_stat("logins", 1); sys_log_message_log("login", sprintf("{t}login %s from %s with %s{/t}", $_SESSION["username"], $_SESSION["ip"], sys::$browser)); } trigger::login(); if (!empty($row["pwdexpires"]) and $row["pwdexpires"] < NOW) { sys_warning(sprintf("{t}Password expired. (password of %s has expired){/t}", $username)); self::_redirect("index.php?view=changepwd&find=asset|simple_sys_users|1|username="******"username"]); } else { if (!empty($_REQUEST["page"])) { if (CMS_REAL_URL) { self::_redirect(CMS_REAL_URL . $_REQUEST["page"]); } self::_redirect("cms.php/" . $_REQUEST["page"]); } else { if (!empty($_REQUEST["redirect"])) { self::_redirect($_SESSION["home_folder"]); } } } }