function init($requestData) { if (CONFIG_API_LIVE) { if (!CONFIG_ENFORCE_SSL || isHTTPS()) { // if the client uses HTTPS (or it's not enforced) if (isset($_SERVER['HTTP_USER_AGENT'])) { // if User-Agent header is set if (preg_match('/Faceless-([a-z_-]+)-([0-9]+)/i', $_SERVER['HTTP_USER_AGENT'], $userAgent)) { // if User-Agent header has valid format $userAgentList = unserialize(CONFIG_API_CLIENTS); // if user agent uses valid platform and no outdated client software if (isset($userAgentList[$userAgent[1]]) && intval($userAgent[2]) >= $userAgentList[$userAgent[1]]) { // get the custom request timestamp from the HTTP headers $requestTimestamp = isset($_SERVER[CONFIG_HEADER_TIMESTAMP]) ? $_SERVER[CONFIG_HEADER_TIMESTAMP] : ''; // if the timestamp (verified by signature) is within the valid interval if (abs($requestTimestamp - time()) < 86400) { // get the signature provided by the client $signatureClient = isset($_SERVER[CONFIG_HEADER_SIGNATURE]) ? $_SERVER[CONFIG_HEADER_SIGNATURE] : ''; // generate the server signature for this request $signatureServer = base64_encode(hash_hmac(CONFIG_HMAC_ALGORITHM, getRequestIdentifier($requestData), CONFIG_API_SECRET, true)); // compare the server signature to the client signature for request verification if (hash_equals($signatureClient, $signatureServer)) { // integrity and authenticity of the request have been verified // initialize the database connection try { Database::init(CONFIG_DB_CONNECT_STRING, CONFIG_DB_USERNAME, CONFIG_DB_PASSWORD); } catch (Exception $e) { respond(array('status' => 'maintenance')); } // return with supplied user credentials return array('username' => isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '', 'password' => isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : ''); } else { respond(array('status' => 'bad_request')); } } else { respond(array('status' => 'bad_request')); } } else { respond(array('status' => 'outdated_client')); } } else { respond(array('status' => 'bad_request')); } } else { respond(array('status' => 'bad_request')); } } else { respond(array('status' => 'bad_request')); } } else { respond(array('status' => 'maintenance')); } return NULL; // suppress IDE warnings }
} elseif (!empty($_filename) && !$g->exists() && !$g->size()) { if (!$_options->wiki) { header('HTTP/1.1 404 Not Found'); } } // offer ?wait updates (polling) if (isset($i_wait)) { $etag = is_array($i_wait) && isset($i_wait['etag']) ? $i_wait['etag'] : $g->etag(); while ($etag == $g->etag()) { sleep(1); clearstatcache(); } $g->reload(); } // offer WebSocket updates $updatesVia = isHTTPS() ? 'wss:' : 'ws:'; $updatesVia .= '//' . $_domain . ':' . (1 + $_SERVER['SERVER_PORT']); header('Updates-Via: ' . $updatesVia); // RDF details header('Triples: ' . $g->size()); if (isset($i_query)) { header('Query: ' . str_replace(array("\r", "\n"), '', $i_query)); } // support JSON-P if (isset($i_callback)) { header('Content-Type: text/javascript'); if ($_method == 'GET') { if ($_output == 'json' || isset($i_query)) { echo $i_callback, '('; register_shutdown_function(function () { echo ');';
function convert_imagen_to_https($url) { if (isHTTPS()) { return str_replace('http://', 'https://', $url); } return $url; }
}); // base constants if (!isset($_ENV['CLOUD_NAME'])) { $_ENV['CLOUD_NAME'] = $_SERVER['SERVER_NAME']; } if (!isset($_ENV['CLOUD_HOME'])) { $_ENV['CLOUD_HOME'] = realpath(dirname(__FILE__) . '/../../'); } if (!isset($_ENV['CLOUD_DATA'])) { $_ENV['CLOUD_DATA'] = $_ENV['CLOUD_HOME'] . '/data'; } define('BASE_DOMAIN', $_ENV['CLOUD_NAME']); define('X_AGENT', isset($_SERVER['X_AGENT']) ? $_SERVER['X_AGENT'] : 'Mozilla'); define('X_PAD', isset($_SERVER['X_PAD']) ? $_SERVER['X_PAD'] : '(null)'); define('REQUEST_TIME', $_SERVER['REQUEST_TIME']); if (isHTTPS()) { $BASE = 'https://' . $_SERVER['SERVER_NAME'] . ($_SERVER['SERVER_PORT'] != '443' ? ':' . $_SERVER['SERVER_PORT'] : ''); } else { $BASE = 'http://' . $_SERVER['SERVER_NAME'] . ($_SERVER['SERVER_PORT'] != '80' ? ':' . $_SERVER['SERVER_PORT'] : ''); } //$URI = isset($_SERVER['REDIRECT_URL']) ? $_SERVER['REDIRECT_URL'] : $_SERVER['REQUEST_URI']; $URI = $_SERVER['REQUEST_URI']; define('REQUEST_BASE', $BASE); define('REQUEST_URL', $URI); define('REQUEST_URI', $BASE . $URI); // session startup session_name('SID'); session_set_cookie_params(157680000, '/', '.' . preg_replace('/.+\\.([^.]+\\.[^.]+)$/', '\\1', $_SERVER['SERVER_NAME'])); session_start(); // init RDF if (function_exists('librdf_php_free_last_log')) {
function _getLink($detailUrl, $filenameFieldValue, $recordNum, $useSeoUrls) { global $VIEWER_NAME; // error checking // // define vars $link = ''; // add http://domain for viewer $includesProto = preg_match("!^\\w+://!", $detailUrl); if (!$includesProto) { $link .= isHTTPS() ? 'https://' : 'http://'; $link .= $_SERVER['HTTP_HOST']; } // $link .= PREFIX_URL; // add url path (without http, domain, query or PATH_INFO) for viewer $relativeUrl = !preg_match("!^(/|\\w+://)!", $detailUrl); if ($relativeUrl) { $thisDirUrl = dirname(@$_SERVER['SCRIPT_NAME']) . "/" . $detailUrl; $thisDirUrl = preg_replace("|^[\\\\/]+|", "/", $thisDirUrl); // remove multiple leading slashes (and replace \ returned by dirname on windows in root) $link .= $thisDirUrl; } else { $link .= $detailUrl; } // add url delimiter, filenameField, and record number $link .= $useSeoUrls ? '/' : '?'; $link .= $filenameFieldValue; $link .= $recordNum; // return $link; }
function _security_getProgramBaseRefererUrl() { // Get current page URL without query string (originally based off thisPageUrl() code) static $programBaseUrl; if (!isset($programBaseUrl)) { $proto = isHTTPS() ? "https://" : "http://"; $domain = @$_SERVER['HTTP_HOST'] ? $_SERVER['HTTP_HOST'] : @$_SERVER['SERVER_NAME']; if (preg_match('|:[0-9]+$|', $domain)) { $port = ''; } else { $port = @$_SERVER['SERVER_PORT'] && @$_SERVER['SERVER_PORT'] != 80 && @$_SERVER['SERVER_PORT'] != 443 ? ":{$_SERVER['SERVER_PORT']}" : ''; } $path = str_replace(' ', '%20', $_SERVER['SCRIPT_NAME']); // exclude PATH_INFO $programBaseUrl = $proto . $domain . $port . $path; } return $programBaseUrl; }
function startSessionIfRequired() { global $SETTINGS; // don't run this more than once if (defined('SESSION_STARTED')) { return; } define('SESSION_STARTED', true); // error-checking for custom session settings $customSessionErrors = getCustomSessionErrors(@$SETTINGS['advanced']['session_cookie_domain'], @$SETTINGS['advanced']['session_save_path']); if ($customSessionErrors) { $customSessionErrors .= sprintf(t('To change %1$s settings edit %2$s'), 'session', '/data/' . SETTINGS_FILENAME); die($customSessionErrors); } // Initialize session $session_name = cookiePrefix() . 'PHPSESSID'; // use a unique session cookie for each CMS installation ini_set('session.name', $session_name); // sets session.name ini_set('session.cookie_secure', isHTTPS()); // use/require secure cookies when on HTTPS:// connections ini_set('session.use_cookies', true); ini_set('session.use_only_cookies', true); ini_set('session.cookie_domain', @$SETTINGS['advanced']['session_cookie_domain']); // use this to allow shared login access between subdomains such as host1.example.com, host2.example.com, example.com ini_set('session.cookie_path', '/'); ini_set('session.cookie_httponly', true); ini_set('session.cookie_lifetime', 60 * 60 * 24 * 365 * 25); // save session cookies forever (or 25 years) so they'll work even if users who have turned their system clocks back a few years ini_set('session.gc_maxlifetime', 60 * 60 * 24); // session garbage-collection code starts getting randomly called after this many seconds of inactiity ini_set('session.use_trans_sid', false); if (@$SETTINGS['advanced']['session_save_path']) { ini_set('session.save_path', @$SETTINGS['advanced']['session_save_path']); // use this if your host imposes restrictive session removal timeouts ini_set('session.gc_probability', 1); // after gc_maxlifetime is met old session are cleaned up randomly every (gc_probability / gc_divisor) requests ini_set('session.gc_divisor', 100); // after gc_maxlifetime is met old session are cleaned up randomly every (gc_probability / gc_divisor) requests // we don't set gc_ values by default because they cause errors on some server configs: http://bugs.php.net/bug.php?id=20720 } unset($php_errormsg); @session_start(); // session_start doesn't output correct return value until PHP 5.3.0+ so we test on the next line if (isset($php_errormsg)) { die("Couldn't start session! '{$php_errormsg}'!"); } }
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ require_once 'runtime.php'; if (isset($i_next)) { sess('next', $i_next); } elseif (isMethod('GET') && isset($_SERVER['HTTP_REFERER'])) { if (sess('next0') != $_SERVER['HTTP_REFERER']) { sess('next0', $_SERVER['HTTP_REFERER']); sess('next', $_SERVER['HTTP_REFERER']); } } if (isset($i_auth) && $i_auth == 'WebID') { if (isSess('next')) { sess('next', str_replace('http://', 'https://', sess('next'))); } if (!isHTTPS()) { header('Location: https://' . BASE_DOMAIN . $_options->base_url . '/login' . newQSA()); exit; } } if (isset($i_provider)) { header('Location: ' . REQUEST_BASE . '/rp_auth' . newQSA()); exit; } if (isset($i_display) && $i_display == 'popup') { $next = newQSA(array('display' => NULL)); echo "<script>opener.document.location = '{$next}';window.close();</script>"; } elseif (isset($i_id) && $i_id == 'facebook' && isset($i_session)) { $i_session = str_replace('\\', '', $i_session); $session = json_decode($i_session, true); if (isset($session['access_token'])) {
<?php // for compatibility with older plugins, include functions that have been factored out of admin_functions.php $libDir = pathinfo(__FILE__, PATHINFO_DIRNAME); require_once "{$libDir}/login_functions.php"; // require HTTPS if (@$SETTINGS['advanced']['requireHTTPS'] && !isHTTPS()) { $httpsUrl = preg_replace('/^http:/i', 'https:', thisPageUrl()); die(sprintf(t("Secure HTTP login required: %s"), "<a href='{$httpsUrl}'>{$httpsUrl}</a>")); } // restrict IP access if (@$SETTINGS['advanced']['restrictByIP'] && !isIpAllowed()) { die(sprintf(t("Access is not permitted from your IP address (%s)"), $_SERVER['REMOTE_ADDR'])); } // install or upgrade if needed installIfNeeded(); upgradeIfNeeded(); // register if needed # NOTE: Disabling or modifying licensing or registration code violates your license agreement and is willful copyright infringement. # NOTE: Copyright infringement can be very expensive: http://en.wikipedia.org/wiki/Statutory_damages_for_copyright_infringement # NOTE: Please do not steal our software. registerIfNeeded(); // set current user or show login menu function adminLoginMenu() { global $CURRENT_USER; // login menu actions $action = @$_REQUEST['action']; if ($action == 'logoff') { user_logoff(); exit;
function projectURL() { $base_url = isHTTPS(true) . "://" . $_SERVER['SERVER_NAME'] . getenv('project_path'); return $base_url; }
function admin_saveSettings($savePagePath) { global $SETTINGS, $APP; // error checking clearAlertsAndNotices(); // so previous alerts won't prevent saving of admin options // security checks security_dieUnlessPostForm(); security_dieUnlessInternalReferer(); security_dieOnInvalidCsrfToken(); // disableInDemoMode('settings', $savePagePath); # license error checking if (array_key_exists('licenseProductId', $_REQUEST)) { if (!isValidProductId($_REQUEST['licenseProductId'])) { alert("Invalid Product License ID!"); } else { if ($SETTINGS['licenseProductId'] != $_REQUEST['licenseProductId']) { $SETTINGS['licenseCompanyName'] = $_REQUEST['licenseCompanyName']; // update settings $SETTINGS['licenseDomainName'] = $_REQUEST['licenseDomainName']; // ... $SETTINGS['licenseProductId'] = $_REQUEST['licenseProductId']; // ... $isValid = register(); // validate productId (and save new settings) if (!$isValid) { redirectBrowserToURL('?menu=admin', true); exit; } } } } # program url / adminUrl if (array_key_exists('adminUrl', $_REQUEST)) { if (!preg_match('/^http/i', $_REQUEST['adminUrl'])) { alert("Program URL must start with http:// or https://<br/>\n"); } if (preg_match('/\\?/i', $_REQUEST['adminUrl'])) { alert("Program URL can not contain a ?<br/>\n"); } } # webPrefixUrl - v2.53 if (@$_REQUEST['webPrefixUrl'] != '') { if (!preg_match("|^(\\w+:/)?/|", $_REQUEST['webPrefixUrl'])) { alert(t("Website Prefix URL must start with /") . "<br/>\n"); } if (preg_match("|/\$|", $_REQUEST['webPrefixUrl'])) { alert(t("Website Prefix URL cannot end with /") . "<br/>\n"); } } # upload url/dir if (array_key_exists('uploadDir', $_REQUEST)) { # if (!preg_match('/\/$/', $_REQUEST['uploadDir'])) { alert("Upload Directory must end with a slash! (eg: /www/htdocs/uploads/)<br/>\n"); } } if (array_key_exists('uploadUrl', $_REQUEST)) { # if (preg_match('/^\w+:\/\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must be the web path only without a domain (eg: /uploads/)<br/>\n"); } # else if (!preg_match('/^\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must start with a slash! (eg: /uploads/)<br/>\n"); } # if (!preg_match('/\/$/', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must end with a slash! (eg: /uploads/)<br/>\n"); } $_REQUEST['uploadUrl'] = chop($_REQUEST['uploadUrl'], '\\\\/'); // remove trailing slashes } # admin email if (array_key_exists('adminEmail', $_REQUEST) && !isValidEmail($_REQUEST['adminEmail'])) { alert("Admin Email must be a valid email (example: user@example.com)<br/>\n"); } // error checking - require HTTPS if (@$_REQUEST['requireHTTPS'] && !isHTTPS()) { alert("Require HTTPS: You must be logged in with a secure HTTPS url to set this option!<br/>\n"); } // error checking - require HTTPS if (@$_REQUEST['restrictByIP'] && !isIpAllowed(true, @$_REQUEST['restrictByIP_allowed'])) { alert(t("Restrict IP Access: You current IP address must be in the allowed IP list!") . "<br/>\n"); } // error checking - session values $sessionErrors = getCustomSessionErrors(@$_REQUEST['session_cookie_domain'], @$_REQUEST['session_save_path']); if ($sessionErrors) { alert($sessionErrors); } # show errors if (alert()) { showInterface('admin/general.php'); exit; } ### update global settings $globalSettings =& $SETTINGS; foreach (array_keys($globalSettings) as $key) { if (array_key_exists($key, $_REQUEST)) { $globalSettings[$key] = $_REQUEST[$key]; } } # update subsection settings $subsections = array('advanced', 'wysiwyg'); foreach ($subsections as $subsection) { $sectionSettings =& $SETTINGS[$subsection]; foreach (array_keys($sectionSettings) as $key) { if (array_key_exists($key, $_REQUEST)) { $sectionSettings[$key] = $_REQUEST[$key]; } } } # save to file saveSettings(); # return to admin home notice('Settings have been saved.'); showInterface($savePagePath); }
function getTwilioEndpoint() { return (isHTTPS() ? 'https://' : 'http://') . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']; }