/**
* Encrypts a string using the specified key. Caches the result so that
* expensive encryption does not need to happen more often than necessary.
*
* @static
* @param string $string
* @return string
*/
public static function encrypt($string)
{
if (!isset(self::$encryptedStrings)) {
self::$encryptedStrings = array();
}
if (!array_key_exists($string, self::$encryptedStrings)) {
$iv = drupal_random_bytes(16);
$iv_base64 = rtrim(base64_encode($iv), '=');
// Guaranteed to be 22 char long
$encrypted = openssl_encrypt($string, 'aes-256-cbc', self::$cryptoKey, 1, $iv);
self::$encryptedStrings[$string] = '$' . $iv_base64 . base64_encode($encrypted);
}
return self::$encryptedStrings[$string];
}
/**
* @param \Drufony\Bridge\Event\GetCallableForPhase $event
*/
public function onBootstrapFull(GetCallableForPhase $event)
{
$event->setCallable(function () {
require_once DRUPAL_ROOT . '/includes/common.inc';
require_once DRUPAL_ROOT . '/' . variable_get('path_inc', 'includes/path.inc');
require_once DRUPAL_ROOT . '/includes/theme.inc';
require_once DRUPAL_ROOT . '/includes/pager.inc';
require_once DRUPAL_ROOT . '/' . variable_get('menu_inc', 'includes/menu.inc');
require_once DRUPAL_ROOT . '/includes/tablesort.inc';
require_once DRUPAL_ROOT . '/includes/file.inc';
require_once DRUPAL_ROOT . '/includes/unicode.inc';
require_once DRUPAL_ROOT . '/includes/image.inc';
require_once DRUPAL_ROOT . '/includes/form.inc';
require_once DRUPAL_ROOT . '/includes/mail.inc';
require_once DRUPAL_ROOT . '/includes/actions.inc';
require_once DRUPAL_ROOT . '/includes/ajax.inc';
require_once DRUPAL_ROOT . '/includes/token.inc';
require_once DRUPAL_ROOT . '/includes/errors.inc';
// Detect string handling method
unicode_check();
// Undo magic quotes
fix_gpc_magic();
// Load all enabled modules
module_load_all();
// Make sure all stream wrappers are registered.
file_get_stream_wrappers();
// Ensure mt_rand is reseeded, to prevent random values from one page load
// being exploited to predict random values in subsequent page loads.
$seed = unpack("L", drupal_random_bytes(4));
mt_srand($seed[1]);
$test_info =& $GLOBALS['drupal_test_info'];
if (!empty($test_info['in_child_site'])) {
// Running inside the simpletest child site, log fatal errors to test
// specific file directory.
ini_set('log_errors', 1);
ini_set('error_log', 'public://error.log');
}
// Initialize $_GET['q'] prior to invoking hook_init().
drupal_path_initialize();
// Remaining function calls from this phase of bootstrap must happen after
// the user is authenticated because they initialize the theme and call
// menu_get_item().
});
}
/**
* Implements AcsfEventHandler::handle().
*/
public function handle()
{
drush_print(dt('Entered @class', array('@class' => get_class($this))));
$options = $this->event->context['scrub_options'];
variable_del('cron_last');
variable_del('cron_semaphore');
variable_del('node_cron_last');
variable_del('drupal_private_key');
variable_set('cron_key', drupal_hash_base64(drupal_random_bytes(55)));
// Ensure Drupal filesystem related configuration variables are correct for
// the new site. Consider the following variables:
// - file_directory_path
// - file_directory_temp
// - file_private_path
// - file_temporary_path
// Given the AH environment for Gardens, we want to leave the temp paths
// alone, and we want to delete the other variables, to ensure they reset to
// their defaults (because of scarecrow, these shouldn't exist in the
// variable table anyway).
$file_path_variables = array('file_directory_path', 'file_private_path');
foreach ($file_path_variables as $variable) {
variable_del($variable);
}
}
/**
* Modify a solr base url and construct a hmac authenticator cookie.
*
* @param $url
* The solr url beng requested - passed by reference and may be altered.
* @param $string
* A string - the data to be authenticated, or empty to just use the path
* and query from the url to build the authenticator.
* @param $derived_key
* Optional string to supply the derived key.
*
* @return
* An array containing the string to be added as the content of the
* Cookie header to the request and the nonce.
*
* @see acquia_search_auth_cookie
*/
function authCookie(&$url, $string = '', $derived_key = NULL)
{
$uri = parse_url($url);
// Add a scheme - should always be https if available.
if (in_array('ssl', stream_get_transports(), TRUE) && !defined('ACQUIA_DEVELOPMENT_NOSSL')) {
$scheme = 'https://';
$port = '';
} else {
$scheme = 'http://';
$port = isset($uri['port']) && $uri['port'] != 80 ? ':' . $uri['port'] : '';
}
$path = isset($uri['path']) ? $uri['path'] : '/';
$query = isset($uri['query']) ? '?' . $uri['query'] : '';
$url = $scheme . $uri['host'] . $port . $path . $query;
// 32 character nonce.
$nonce = base64_encode(drupal_random_bytes(24));
if ($string) {
$auth_header = $this->authenticator($string, $nonce, $derived_key);
} else {
$auth_header = $this->authenticator($path . $query, $nonce, $derived_key);
}
return array($auth_header, $nonce);
}
/**
* Form API submit for install_settings form.
*/
function install_settings_form_submit($form, &$form_state)
{
global $install_state;
$database = array_intersect_key($form_state['values']['_database'], array_flip(array('driver', 'database', 'username', 'password', 'host', 'port')));
// Update global settings array and save
$settings['databases'] = array('value' => array('default' => array('default' => $database)), 'required' => TRUE);
$settings['db_prefix'] = array('value' => $form_state['values']['db_prefix'], 'required' => TRUE);
$settings['drupal_hash_salt'] = array('value' => sha1(drupal_random_bytes(64)), 'required' => TRUE);
drupal_rewrite_settings($settings);
// Indicate that the settings file has been verified, and check the database
// for the last completed task, now that we have a valid connection. This
// last step is important since we want to trigger an error if the new
// database already has Drupal installed.
$install_state['settings_verified'] = TRUE;
$install_state['completed_task'] = install_verify_completed_task();
}
/**
* Generates a random base 64-encoded salt prefixed with settings for the hash.
*
* Proper use of salts may defeat a number of attacks, including:
* - The ability to try candidate passwords against multiple hashes at once.
* - The ability to use pre-hashed lists of candidate passwords.
* - The ability to determine whether two users have the same (or different)
* password without actually having to guess one of the passwords.
*
* @param $count_log2
* Integer that determines the number of iterations used in the hashing
* process. A larger value is more secure, but takes more time to complete.
*
* @return
* A 12 character string containing the iteration count and a random salt.
*/
private function _password_generate_salt($count_log2)
{
$output = '$S$';
// Ensure that $count_log2 is within set bounds.
$count_log2 = $this->_password_enforce_log2_boundaries($count_log2);
// We encode the final log2 iteration count in base 64.
$itoa64 = $this->_password_itoa64();
$output .= $itoa64[$count_log2];
// 6 bytes is the standard salt for a portable phpass hash.
$output .= $this->_password_base64_encode(drupal_random_bytes(6), 6);
return $output;
}
/**
* Generates a random base 64-encoded salt prefixed with settings for the hash.
*
* Proper use of salts may defeat a number of attacks, including:
* - The ability to try candidate passwords against multiple hashes at once.
* - The ability to use pre-hashed lists of candidate passwords.
* - The ability to determine whether two users have the same (or different)
* password without actually having to guess one of the passwords.
*
* @param $count_log2
* Integer that determines the number of iterations used in the hashing
* process. A larger value is more secure, but takes more time to complete.
*
* @return
* A 12 character string containing the iteration count and a random salt.
*/
function _password_generate_salt($count_log2)
{
$output = '$P$';
// Minimum log2 iterations is DRUPAL_MIN_HASH_COUNT.
$count_log2 = max($count_log2, DRUPAL_MIN_HASH_COUNT);
// Maximum log2 iterations is DRUPAL_MAX_HASH_COUNT.
// We encode the final log2 iteration count in base 64.
$itoa64 = _password_itoa64();
$output .= $itoa64[min($count_log2, DRUPAL_MAX_HASH_COUNT)];
// 6 bytes is the standard salt for a portable phpass hash.
$output .= _password_base64_encode(drupal_random_bytes(6), 6);
return $output;
}
private function generateSecret()
{
$this->setPassword(md5(drupal_random_bytes(32)));
}
/**
* @param array $values
*/
public function __construct(array $values = array())
{
// If this bootstrap object is used in a service, bootstrap.inc may
// not have been included yet. If the file is not included, the
// Drupal bootstrap constants are not available.
require_once $values['DRUPAL_ROOT'] . '/includes/bootstrap.inc';
parent::__construct($values);
/**
* Sets up the script environment and loads settings.php.
*
* @see _drupal_bootstrap_configuration()
*/
$this[DRUPAL_BOOTSTRAP_CONFIGURATION] = $this->share(function () {
// Start a page timer:
timer_start('page');
// Initialize the configuration, including variables from settings.php.
// drupal_settings_initialize();
global $base_url, $base_path, $base_root;
// Export these settings.php variables to the global namespace.
global $databases, $cookie_domain, $conf, $installed_profile, $update_free_access, $db_url, $db_prefix, $drupal_hash_salt, $is_https, $base_secure_url, $base_insecure_url;
$conf = array();
if (file_exists(DRUPAL_ROOT . '/' . conf_path() . '/settings.php')) {
include_once DRUPAL_ROOT . '/' . conf_path() . '/settings.php';
}
$is_https = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on';
if (isset($base_url)) {
// Parse fixed base URL from settings.php.
$parts = parse_url($base_url);
if (!isset($parts['path'])) {
$parts['path'] = '';
}
$base_path = $parts['path'] . '/';
// Build $base_root (everything until first slash after "scheme://").
$base_root = substr($base_url, 0, strlen($base_url) - strlen($parts['path']));
} else {
// Create base URL.
$http_protocol = $is_https ? 'https' : 'http';
$base_root = $http_protocol . '://' . $_SERVER['HTTP_HOST'];
$base_url = $base_root;
// $_SERVER['SCRIPT_NAME'] can, in contrast to $_SERVER['PHP_SELF'], not
// be modified by a visitor.
if ($dir = rtrim(dirname($_SERVER['SCRIPT_NAME']), '\\/')) {
$base_path = $dir;
$base_url .= $base_path;
$base_path .= '/';
} else {
$base_path = '/';
}
}
$base_secure_url = str_replace('http://', 'https://', $base_url);
$base_insecure_url = str_replace('https://', 'http://', $base_url);
// We do not mess with cookie or session settings in Drupal at all.
});
// DRUPAL_BOOTSTRAP_PAGE_CACHE only loads the cache handler.
$this[DRUPAL_BOOTSTRAP_PAGE_CACHE] = $this->share(function () {
// Allow specifying special cache handlers in settings.php, like
// using memcached or files for storing cache information.
require_once DRUPAL_ROOT . '/includes/cache.inc';
foreach (variable_get('cache_backends', array()) as $include) {
require_once DRUPAL_ROOT . '/' . $include;
}
});
// DRUPAL_BOOTSTRAP_DATABASE - in parent class.
$this[DRUPAL_BOOTSTRAP_VARIABLES] = $this->share($this->extend(DRUPAL_BOOTSTRAP_VARIABLES, function () {
if (isset($GLOBALS['service_container']) && is_a($GLOBALS['service_container'], 'Symfony\\Component\\DependencyInjection\\ContainerInterface')) {
/** @var \Symfony\Component\DependencyInjection\ContainerInterface $container */
$container = $GLOBALS['service_container'];
$GLOBALS['conf']['session_inc'] = $container->getParameter('bangpound_drupal.conf.session_inc');
$GLOBALS['conf']['mail_system']['default-system'] = $container->getParameter('bangpound_drupal.conf.mail_system.default_system');
}
}));
// DRUPAL_BOOTSTRAP_SESSION - in base class.
$this[DRUPAL_BOOTSTRAP_PAGE_HEADER] = $this->share(function () {
bootstrap_invoke_all('boot');
});
// DRUPAL_BOOTSTRAP_LANGUAGE
$this[DRUPAL_BOOTSTRAP_FULL] = $this->share(function () {
require_once DRUPAL_ROOT . '/includes/common.inc';
require_once DRUPAL_ROOT . '/' . variable_get('path_inc', 'includes/path.inc');
require_once DRUPAL_ROOT . '/includes/theme.inc';
require_once DRUPAL_ROOT . '/includes/pager.inc';
require_once DRUPAL_ROOT . '/' . variable_get('menu_inc', 'includes/menu.inc');
require_once DRUPAL_ROOT . '/includes/tablesort.inc';
require_once DRUPAL_ROOT . '/includes/file.inc';
require_once DRUPAL_ROOT . '/includes/unicode.inc';
require_once DRUPAL_ROOT . '/includes/image.inc';
require_once DRUPAL_ROOT . '/includes/form.inc';
require_once DRUPAL_ROOT . '/includes/mail.inc';
require_once DRUPAL_ROOT . '/includes/actions.inc';
require_once DRUPAL_ROOT . '/includes/ajax.inc';
require_once DRUPAL_ROOT . '/includes/token.inc';
require_once DRUPAL_ROOT . '/includes/errors.inc';
// Detect string handling method
unicode_check();
// Undo magic quotes
fix_gpc_magic();
// Load all enabled modules
module_load_all();
// Make sure all stream wrappers are registered.
file_get_stream_wrappers();
// Ensure mt_rand is reseeded, to prevent random values from one page load
// being exploited to predict random values in subsequent page loads.
$seed = unpack("L", drupal_random_bytes(4));
mt_srand($seed[1]);
$test_info =& $GLOBALS['drupal_test_info'];
if (!empty($test_info['in_child_site'])) {
// Running inside the simpletest child site, log fatal errors to test
// specific file directory.
ini_set('log_errors', 1);
ini_set('error_log', 'public://error.log');
}
// Initialize $_GET['q'] prior to invoking hook_init().
drupal_path_initialize();
// Remaining function calls from this phase of bootstrap must happen after
// the user is authenticated because they initialize the theme and call
// menu_get_item().
});
}
