Example #1
0
function check_access_key($resource, $key)
{
    # Verify a supplied external access key
    # Option to plugin in some extra functionality to check keys
    if (hook("check_access_key", "", array($resource, $key)) === true) {
        return true;
    }
    $keys = sql_query("select user,usergroup,expires from external_access_keys where resource='{$resource}' and access_key='{$key}' and (expires is null or expires>now())");
    if (count($keys) == 0) {
        return false;
    } else {
        # "Emulate" the user that e-mailed the resource by setting the same group and permissions
        $user = $keys[0]["user"];
        $expires = $keys[0]["expires"];
        # Has this expired?
        if ($expires != "" && strtotime($expires) < time()) {
            global $lang;
            ?>
			<script type="text/javascript">
			alert("<?php 
            echo $lang["externalshareexpired"];
            ?>
");
			history.go(-1);
			</script>
			<?php 
            exit;
        }
        global $usergroup, $userpermissions, $userrequestmode, $userfixedtheme, $usersearchfilter;
        $groupjoin = "u.usergroup=g.ref";
        if ($keys[0]["usergroup"] != "") {
            # Select the user group from the access key instead.
            $groupjoin = "g.ref='" . escape_check($keys[0]["usergroup"]) . "'";
        }
        $userinfo = sql_query("select g.ref usergroup,g.permissions,g.fixed_theme,g.search_filter from user u join usergroup g on {$groupjoin} where u.ref='{$user}'");
        if (count($userinfo) > 0) {
            $usergroup = $userinfo[0]["usergroup"];
            # Older mode, where no user group was specified, find the user group out from the table.
            $userpermissions = explode(",", $userinfo[0]["permissions"]);
            $usersearchfilter = $userinfo[0]["search_filter"];
            if (trim($userinfo[0]["fixed_theme"]) != "") {
                $userfixedtheme = $userinfo[0]["fixed_theme"];
            }
            # Apply fixed theme also
            if (hook("modifyuserpermissions")) {
                $userpermissions = hook("modifyuserpermissions");
            }
            $userrequestmode = 0;
            # Always use 'email' request mode for external users
            # Load any plugins specific to the group of the sharing user, but only once as may be checking multiple keys
            global $emulate_plugins_set;
            if ($emulate_plugins_set !== true) {
                global $plugins;
                $enabled_plugins = sql_query("SELECT name,enabled_groups, config, config_json FROM plugins WHERE inst_version>=0 AND length(enabled_groups)>0  ORDER BY priority");
                foreach ($enabled_plugins as $plugin) {
                    $s = explode(",", $plugin['enabled_groups']);
                    if (in_array($usergroup, $s)) {
                        include_plugin_config($plugin['name'], $plugin['config'], $plugin['config_json']);
                        register_plugin($plugin['name']);
                        $plugins[] = $plugin['name'];
                    }
                }
                for ($n = count($plugins) - 1; $n >= 0; $n--) {
                    register_plugin_language($plugins[$n]);
                }
                $emulate_plugins_set = true;
            }
        }
        # Special case for anonymous logins.
        # When a valid key is present, we need to log the user in as the anonymous user so they will be able to browse the public links.
        global $anonymous_login;
        if (isset($anonymous_login)) {
            global $username, $baseurl;
            if (is_array($anonymous_login)) {
                foreach ($anonymous_login as $key => $val) {
                    if ($baseurl == $key) {
                        $anonymous_login = $val;
                    }
                }
            }
            $username = $anonymous_login;
        }
        # Set the 'last used' date for this key
        sql_query("update external_access_keys set lastused=now() where resource='{$resource}' and access_key='{$key}'");
        return true;
    }
}
Example #2
0

# Check for a process lock
# This script checks one e-mail at a time.
if (is_process_lock("checkmail")) {
	if ($email_errors){
		send_mail($email_errors_address,$applicationname."- Checkmail blocked by process lock","Your IMAP account will not be checked until you clear this. An error may have caused this. Run the process manually with the -c switch to clear the lock and check for any errors.",$email_from);
	}
	exit("Process lock is in place. Deferring\r\n");
}
set_process_lock("checkmail");


// manually include plugin config since authenticate isn't being run
$config = sql_value("select config value from plugins where name='checkmail'","");
include_plugin_config("checkmail",$config);

$temp_dir=$storagedir."/tmp/checkmail_in";
if (!is_dir($temp_dir)){mkdir($temp_dir,0777);}



$delete=false; // set to true only after all files are transferred
$build_collection=false;
$collection="";




// get the first unseen message, one email is processed in this script
$imap=imap_open("{".$checkmail_imap_server. "}INBOX", $checkmail_email, $checkmail_password ) or die("can't connect: " . imap_last_error() );
Example #3
0
    $active_plugins = sql_query("SELECT name,enabled_groups,config,config_json FROM plugins WHERE inst_version>=0 order by priority DESC");
    $mysql_verbatim_queries = $mysql_vq;
    foreach ($active_plugins as $plugin) {
        # Check group access, only enable for global access at this point
        if ($plugin['enabled_groups'] == '') {
            # Add to the plugins array if not already present which is what we are working with
            # later on.
            if (!in_array($plugin['name'], $plugins)) {
                $plugins[] = $plugin['name'];
            }
            include_plugin_config($plugin['name'], $plugin['config'], $plugin['config_json']);
        }
    }
} else {
    for ($n = 0; $n < count($plugins); $n++) {
        include_plugin_config($plugins[$n]);
    }
}
# Include the appropriate language file
$pagename = str_replace(".php", "", pagename());
if (isset($defaultlanguage)) {
    $language = $defaultlanguage;
} else {
    $language = http_get_preferred_language();
}
if (isset($_COOKIE["language"])) {
    $language = $_COOKIE["language"];
}
if (isset($_GET["language_set"])) {
    $language = $_GET["language_set"];
    # Cannot use the general.php: rs_setcookie() here since general may not have been included.
    $py = get_plugin_yaml($plugin_yaml_path, false);
    # Check
    if ((!isset($userfixedtheme) || $userfixedtheme == "") && (isset($py["userpreferencegroup"]) && preg_replace("/^col-/", "", $py["name"]) == $ctheme)) {
        $exists = sql_value("SELECT name as value FROM plugins WHERE name='" . $plugin["name"] . "'", '');
        if ($exists) {
            include_plugin_config($plugin['name'], $plugin['config'], $plugin['config_json']);
            register_plugin($plugin['name']);
            register_plugin_language($plugin['name']);
            $plugins[] = $plugin['name'];
        }
    }
    # Check group access and applicable for this user in the group
    if (!isset($py["userpreferencegroup"]) && $plugin['enabled_groups'] != '') {
        $s = explode(",", $plugin['enabled_groups']);
        if (isset($usergroup) && in_array($usergroup, $s)) {
            include_plugin_config($plugin['name'], $plugin['config'], $plugin['config_json']);
            register_plugin($plugin['name']);
            register_plugin_language($plugin['name']);
            $plugins[] = $plugin['name'];
        }
    } else {
        if (!isset($py["userpreferencegroup"]) && $plugin['enabled_groups'] == '') {
            $plugins[] = $plugin['name'];
        }
    }
}
foreach ($plugins as $plugin) {
    hook("afterregisterplugin", "", array($plugin));
}
// Load user config options
process_config_options($userref);