function dir_init_log_path()
{
global $conf;
$logstats_accessconf = $this->getConf('hitslog');
if ($logstats_accessconf == "") {
nice_die('Error in directions plugin (logger component): the configuration
variable $conf[\'plugin\'][\'directions\'][\'hitslog\'] is
not set or the default value cannot be read.');
}
$tmp_accesslogname = DOKU_INC . $logstats_accessconf;
$tmp_accesslogname = init_path($tmp_accesslogname);
if ($tmp_accesslogname == "") {
$this->dir_init_log_file(DOKU_INC . $logstats_accessconf);
}
}
/**
* Find the appropriate configuration directory.
*
* If the .htaccess based setup is used, the configuration directory can be
* any subdirectory of the farm directory.
*
* Otherwise try finding a matching configuration directory by stripping the
* website's hostname from left to right and pathname from right to left. The
* first configuration file found will be used; the remaining will ignored.
* If no configuration file is found, return the default confdir './conf'.
*/
function farm_confpath($farm)
{
// htaccess based or cli
// cli usage example: animal=your_animal bin/indexer.php
if (isset($_REQUEST['animal']) || 'cli' == php_sapi_name() && isset($_SERVER['animal'])) {
$mode = isset($_REQUEST['animal']) ? 'htaccess' : 'cli';
$animal = $mode == 'htaccess' ? $_REQUEST['animal'] : $_SERVER['animal'];
// check that $animal is a string and just a directory name and not a path
if (!is_string($animal) || strpbrk($animal, '\\/') !== false) {
nice_die('Sorry! Invalid animal name!');
}
if (!is_dir($farm . '/' . $animal)) {
nice_die("Sorry! This Wiki doesn't exist!");
}
if (!defined('DOKU_FARM')) {
define('DOKU_FARM', $mode);
}
return $farm . '/' . $animal . '/conf/';
}
// virtual host based
$uri = explode('/', $_SERVER['SCRIPT_NAME'] ? $_SERVER['SCRIPT_NAME'] : $_SERVER['SCRIPT_FILENAME']);
$server = explode('.', implode('.', array_reverse(explode(':', rtrim($_SERVER['HTTP_HOST'], '.')))));
for ($i = count($uri) - 1; $i > 0; $i--) {
for ($j = count($server); $j > 0; $j--) {
$dir = implode('.', array_slice($server, -$j)) . implode('.', array_slice($uri, 0, $i));
if (is_dir("{$farm}/{$dir}/conf/")) {
if (!defined('DOKU_FARM')) {
define('DOKU_FARM', 'virtual');
}
return "{$farm}/{$dir}/conf/";
}
}
}
// default conf directory in farm
if (is_dir("{$farm}/default/conf/")) {
if (!defined('DOKU_FARM')) {
define('DOKU_FARM', 'default');
}
return "{$farm}/default/conf/";
}
// farmer
return DOKU_INC . 'conf/';
}
/**
* Initialize the auth system.
*
* This function is automatically called at the end of init.php
*
* This used to be the main() of the auth.php
*
* @todo backend loading maybe should be handled by the class autoloader
* @todo maybe split into multiple functions at the XXX marked positions
* @triggers AUTH_LOGIN_CHECK
* @return bool
*/
function auth_setup()
{
global $conf;
/* @var auth_basic $auth */
global $auth;
/* @var Input $INPUT */
global $INPUT;
global $AUTH_ACL;
global $lang;
$AUTH_ACL = array();
if (!$conf['useacl']) {
return false;
}
// load the the backend auth functions and instantiate the auth object XXX
if (@file_exists(DOKU_INC . 'inc/auth/' . $conf['authtype'] . '.class.php')) {
require_once DOKU_INC . 'inc/auth/basic.class.php';
require_once DOKU_INC . 'inc/auth/' . $conf['authtype'] . '.class.php';
$auth_class = "auth_" . $conf['authtype'];
if (class_exists($auth_class)) {
$auth = new $auth_class();
if ($auth->success == false) {
// degrade to unauthenticated user
unset($auth);
auth_logoff();
msg($lang['authtempfail'], -1);
}
} else {
nice_die($lang['authmodfailed']);
}
} else {
nice_die($lang['authmodfailed']);
}
if (!isset($auth) || !$auth) {
return false;
}
// do the login either by cookie or provided credentials XXX
$INPUT->set('http_credentials', false);
if (!$conf['rememberme']) {
$INPUT->set('r', false);
}
// handle renamed HTTP_AUTHORIZATION variable (can happen when a fix like
// the one presented at
// http://www.besthostratings.com/articles/http-auth-php-cgi.html is used
// for enabling HTTP authentication with CGI/SuExec)
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
}
// streamline HTTP auth credentials (IIS/rewrite -> mod_php)
if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
// if no credentials were given try to use HTTP auth (for SSO)
if (!$INPUT->str('u') && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])) {
$INPUT->set('u', $_SERVER['PHP_AUTH_USER']);
$INPUT->set('p', $_SERVER['PHP_AUTH_PW']);
$INPUT->set('http_credentials', true);
}
// apply cleaning
$INPUT->set('u', $auth->cleanUser($INPUT->str('u')));
if ($INPUT->str('authtok')) {
// when an authentication token is given, trust the session
auth_validateToken($INPUT->str('authtok'));
} elseif (!is_null($auth) && $auth->canDo('external')) {
// external trust mechanism in place
$auth->trustExternal($INPUT->str('u'), $INPUT->str('p'), $INPUT->bool('r'));
} else {
$evdata = array('user' => $INPUT->str('u'), 'password' => $INPUT->str('p'), 'sticky' => $INPUT->bool('r'), 'silent' => $INPUT->bool('http_credentials'));
trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper');
}
//load ACL into a global array XXX
$AUTH_ACL = auth_loadACL();
return true;
}
/**
* Checks the existance of certain files and creates them if missing.
*/
function init_files()
{
global $conf;
$files = array($conf['indexdir'] . '/page.idx');
foreach ($files as $file) {
if (!@file_exists($file)) {
$fh = @fopen($file, 'a');
if ($fh) {
fclose($fh);
if ($conf['fperm']) {
chmod($file, $conf['fperm']);
}
} else {
nice_die("{$file} is not writable. Check your permissions settings!");
}
}
}
# create title index (needs to have same length as page.idx)
/*
$file = $conf['indexdir'].'/title.idx';
if(!@file_exists($file)){
$pages = file($conf['indexdir'].'/page.idx');
$pages = count($pages);
$fh = @fopen($file,'a');
if($fh){
for($i=0; $i<$pages; $i++){
fwrite($fh,"\n");
}
fclose($fh);
}else{
nice_die("$file is not writable. Check your permissions settings!");
}
}
*/
}
/**
* Append a PHP extension to a given file and adds an exit call
*
* This is used to migrate some old configfiles. An added PHP extension
* ensures the contents are not shown to webusers even if .htaccess files
* do not work
*
* @author Jan Decaluwe <*****@*****.**>
*/
function scriptify($file)
{
// checks
if (!is_readable($file)) {
return;
}
$fn = $file . '.php';
if (@file_exists($fn)) {
return;
}
$fh = fopen($fn, 'w');
if (!$fh) {
nice_die($fn . ' is not writable. Check your permission settings!');
}
// write php exit hack first
fwrite($fh, "# {$fn}\n");
fwrite($fh, '# <?php exit()?>' . "\n");
fwrite($fh, "# Don't modify the lines above\n");
fwrite($fh, "#\n");
// copy existing lines
$lines = file($file);
foreach ($lines as $line) {
fwrite($fh, $line);
}
fclose($fh);
//try to rename the old file
io_rename($file, "{$file}.old");
}
require_once DOKU_INC . 'inc/auth/basic.class.php';
require_once DOKU_INC . 'inc/auth/' . $conf['authtype'] . '.class.php';
$auth_class = "auth_" . $conf['authtype'];
if (class_exists($auth_class)) {
$auth = new $auth_class();
if ($auth->success == false) {
// degrade to unauthenticated user
unset($auth);
auth_logoff();
msg($lang['authtempfail'], -1);
}
} else {
nice_die($lang['authmodfailed']);
}
} else {
nice_die($lang['authmodfailed']);
}
}
// do the login either by cookie or provided credentials
if ($conf['useacl']) {
if ($auth) {
if (!isset($_REQUEST['u'])) {
$_REQUEST['u'] = '';
}
if (!isset($_REQUEST['p'])) {
$_REQUEST['p'] = '';
}
if (!isset($_REQUEST['r'])) {
$_REQUEST['r'] = '';
}
$_REQUEST['http_credentials'] = false;
function simple_copy($base, $dest)
{
if (!copy($base, $dest)) {
nice_die("TeXit: unable to copy {$base} into {$dest}.");
}
}
/**
* Initialize the auth system.
*
* This function is automatically called at the end of init.php
*
* This used to be the main() of the auth.php
*
* @todo backend loading maybe should be handled by the class autoloader
* @todo maybe split into multiple functions at the XXX marked positions
*/
function auth_setup()
{
global $conf;
global $auth;
global $AUTH_ACL;
global $lang;
global $config_cascade;
$AUTH_ACL = array();
if (!$conf['useacl']) {
return false;
}
// load the the backend auth functions and instantiate the auth object XXX
if (@file_exists(DOKU_INC . 'inc/auth/' . $conf['authtype'] . '.class.php')) {
require_once DOKU_INC . 'inc/auth/basic.class.php';
require_once DOKU_INC . 'inc/auth/' . $conf['authtype'] . '.class.php';
$auth_class = "auth_" . $conf['authtype'];
if (class_exists($auth_class)) {
$auth = new $auth_class();
if ($auth->success == false) {
// degrade to unauthenticated user
unset($auth);
auth_logoff();
msg($lang['authtempfail'], -1);
}
} else {
nice_die($lang['authmodfailed']);
}
} else {
nice_die($lang['authmodfailed']);
}
if (!$auth) {
return;
}
// do the login either by cookie or provided credentials XXX
if (!isset($_REQUEST['u'])) {
$_REQUEST['u'] = '';
}
if (!isset($_REQUEST['p'])) {
$_REQUEST['p'] = '';
}
if (!isset($_REQUEST['r'])) {
$_REQUEST['r'] = '';
}
$_REQUEST['http_credentials'] = false;
if (!$conf['rememberme']) {
$_REQUEST['r'] = false;
}
// streamline HTTP auth credentials (IIS/rewrite -> mod_php)
if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
// if no credentials were given try to use HTTP auth (for SSO)
if (empty($_REQUEST['u']) && empty($_COOKIE[DOKU_COOKIE]) && !empty($_SERVER['PHP_AUTH_USER'])) {
$_REQUEST['u'] = $_SERVER['PHP_AUTH_USER'];
$_REQUEST['p'] = $_SERVER['PHP_AUTH_PW'];
$_REQUEST['http_credentials'] = true;
}
// apply cleaning
$_REQUEST['u'] = $auth->cleanUser($_REQUEST['u']);
if (isset($_REQUEST['authtok'])) {
// when an authentication token is given, trust the session
auth_validateToken($_REQUEST['authtok']);
} elseif (!is_null($auth) && $auth->canDo('external')) {
// external trust mechanism in place
$auth->trustExternal($_REQUEST['u'], $_REQUEST['p'], $_REQUEST['r']);
} else {
$evdata = array('user' => $_REQUEST['u'], 'password' => $_REQUEST['p'], 'sticky' => $_REQUEST['r'], 'silent' => $_REQUEST['http_credentials']);
trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper');
}
//load ACL into a global array XXX
$AUTH_ACL = auth_loadACL();
}
function processSSO()
{
// 1. Schritt: noch kein gueltiges Token vom HiOrg-Server erhalten
if (empty($_GET["token"])) {
$ziel = $this->addUrlParams($this->ssourl, array("weiter" => $this->myUrl(array("do" => "login")), "getuserinfo" => "name,vorname,username,email,user_id"));
send_redirect($ziel);
}
// 2. Schritt: Token vom HiOrg-Server erhalten: jetzt Login ueberpruefen und Nutzerdaten abfragen
$token = $_GET["token"];
$url = $this->addUrlParams($this->ssourl, array("token" => $token));
$daten = $this->getUrl($url);
if (mb_substr($daten, 0, 2) != "OK") {
nice_die("Login beim HiOrg-Server fehlgeschlagen!");
}
$daten = unserialize(base64_decode(mb_substr($daten, 3)));
// wenn per Konfig auf eine Organisation festgelegt, Cross-Logins abfangen:
$ov = $this->getConf('ov');
if (!empty($ov) && $daten["ov"] != $ov) {
nice_die("Falsches Organisationskuerzel: " . $daten["ov"] . ", erwartet: " . $ov);
}
// $daten = array("name"=>"Hansi", "vorname"=>"Tester", "username"=>"admin", "email"=>"*****@*****.**", "user_id"=>"abcde12345", "ov"=>"xxx");
$this->data = array("uid" => $daten["user_id"], "user" => $this->buildUser($daten["username"], $daten["ov"]), "name" => $this->buildName($daten["vorname"], $daten["name"]), "mail" => $daten["email"], "token" => $token);
$this->data["grps"] = $this->getGroups($this->data["user"]);
return true;
}
