public function init()
{
$this->setBasePath(APPLICATION_PATH . '/templates/');
$this->addHelperPath(APPLICATION_PATH . '/templates/helpers/', 'Zend_View_Helper');
$this->addHelperPath(APPLICATION_PATH . '/libraries/Kimai/View/Helper/', 'Kimai_View_Helper');
parent::init();
$kga = Kimai_Registry::getConfig();
$this->assign('kga', $kga);
}
protected function resetKga()
{
if (null === $this->kgaLast) {
return;
}
global $kga;
$kga = $this->kgaLast;
\Kimai_Registry::setConfig($kga);
}
/**
* @return string
*/
public function getName()
{
if (null === $this->skinName) {
$skin = Kimai_Config::getDefault(Kimai_Config::DEFAULT_SKIN);
$kga = Kimai_Registry::getConfig();
if (!empty($kga->getSettings()->getSkin())) {
$skin = $kga->getSettings()->getSkin();
} else {
if (!empty($kga->getSkin())) {
$skin = $kga->getSkin();
}
}
$this->skinName = $this->view->escape($skin);
}
return $this->skinName;
}
/**
* Check if a user is logged in or kick them.
*/
function checkUser()
{
$database = Kimai_Registry::getDatabase();
if (isset($_COOKIE['kimai_user']) && isset($_COOKIE['kimai_key']) && $_COOKIE['kimai_user'] != "0" && $_COOKIE['kimai_key'] != "0") {
$kimai_user = addslashes($_COOKIE['kimai_user']);
$kimai_key = addslashes($_COOKIE['kimai_key']);
if ($database->get_seq($kimai_user) != $kimai_key) {
Logger::logfile("Kicking user {$kimai_user} because of authentication key mismatch.");
kickUser();
} else {
$user = $database->checkUserInternal($kimai_user);
Kimai_Registry::setUser(new Kimai_User($user));
return $user;
}
}
Logger::logfile("Kicking user because of missing cookie.");
kickUser();
}
}
if (!isset($_REQUEST['name']) || is_array($_REQUEST['name'])) {
$name = '';
} else {
$name = $_REQUEST['name'];
}
if (!isset($_REQUEST['key']) || is_array($_REQUEST['key'])) {
$key = 'nokey';
// will never match since hash values are either NULL or 32 characters
} else {
$key = $_REQUEST['key'];
}
require 'includes/basics.php';
$view = new Zend_View();
$view->setBasePath(WEBROOT . '/templates');
$authPlugin = Kimai_Registry::getAuthenticator();
$view->assign('kga', $kga);
// current database setup correct?
checkDBversion(".");
// processing login and displaying either login screen or errors
$name = htmlspecialchars(trim($name));
$is_customer = $database->is_customer_name($name);
if ($is_customer) {
$id = $database->customer_nameToID($name);
$customer = $database->customer_get_data($id);
$keyCorrect = $key === $customer['passwordResetHash'];
} else {
$id = $database->user_name2id($name);
$user = $database->user_get_data($id);
$keyCorrect = $key === $user['passwordResetHash'];
}
$kga['server_username'] = $server_ext_username[$dbnr];
}
if ($server_ext_password[$dbnr] != '') {
$kga['server_password'] = $server_ext_password[$dbnr];
}
if ($server_ext_prefix[$dbnr] != '') {
$kga['server_prefix'] = $server_ext_prefix[$dbnr];
}
}
}
$database = new Kimai_Database_Mysql($kga);
$database->connect($kga['server_hostname'], $kga['server_database'], $kga['server_username'], $kga['server_password'], $kga['utf8'], $kga['server_type']);
if (!$database->isConnected()) {
die('Kimai could not connect to database. Check your autoconf.php.');
}
Kimai_Registry::setDatabase($database);
global $translations;
$translations = new Translations($kga);
if ($kga['language'] != 'en') {
$translations->load($kga['language']);
}
$vars = $database->configuration_get_data();
if (!empty($vars)) {
$kga['currency_name'] = $vars['currency_name'];
$kga['currency_sign'] = $vars['currency_sign'];
$kga['show_sensible_data'] = $vars['show_sensible_data'];
$kga['show_update_warn'] = $vars['show_update_warn'];
$kga['check_at_startup'] = $vars['check_at_startup'];
$kga['show_daySeperatorLines'] = $vars['show_daySeperatorLines'];
$kga['show_gabBreaks'] = $vars['show_gabBreaks'];
$kga['show_RecordAgain'] = $vars['show_RecordAgain'];
/**
* Returns the configured Authenticator for Kimai.
*
* @return Kimai_Auth_Abstract
*/
protected function getAuthenticator()
{
return Kimai_Registry::getAuthenticator();
}
* Create the autoconf.php file.
*/
case "write_config":
include "../includes/func.php";
// special characters " and $ are escaped
$database = $_REQUEST['database'];
$hostname = $_REQUEST['hostname'];
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$charset = 'utf8';
$prefix = addcslashes($_REQUEST['prefix'], '"$');
$lang = $_REQUEST['lang'];
$salt = createPassword(20);
$timezone = $_REQUEST['timezone'];
$kimaiConfig = new Kimai_Config(array('server_prefix' => $server_prefix, 'server_hostname' => $hostname, 'server_database' => $database, 'server_username' => $username, 'server_password' => $password, 'server_charset' => $charset, 'defaultTimezone' => $timezone, 'password_salt' => $salt));
Kimai_Registry::setConfig($kimaiConfig);
write_config_file($database, $hostname, $username, $password, $charset, $prefix, $lang, $salt, $timezone);
break;
/**
* Create the database.
*/
/**
* Create the database.
*/
case 'make_database':
$databaseName = $_REQUEST['database'];
$hostname = $_REQUEST['hostname'];
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$db_error = false;
$result = false;
// ============ setup database ============
// we do not unset the $database variable
// as it is historically referenced in many places from the global namespace
$database = new Kimai_Database_Mysql($kga, true);
if (!$database->isConnected()) {
die('Kimai could not connect to database. Check your autoconf.php.');
}
Kimai_Registry::setDatabase($database);
// ============ setup authenticator ============
$authClass = 'Kimai_Auth_' . ucfirst($kga->getAuthenticator());
if (!class_exists($authClass)) {
$authClass = 'Kimai_Auth_Kimai';
}
$authPlugin = new $authClass($database, $kga);
Kimai_Registry::setAuthenticator($authPlugin);
unset($authPlugin);
// ============ load global configurations ============
$database->initializeConfig($kga);
// ============ setup translation object ============
$service = new Kimai_Translation_Service();
Kimai_Registry::setTranslation($service->load($kga->getLanguage()));
unset($service);
$tmpDir = WEBROOT . 'temporary/';
if (!file_exists($tmpDir) || !is_dir($tmpDir) || !is_writable($tmpDir)) {
die('Kimai needs write permissions for: temporary/');
}
$frontendOptions = array('lifetime' => 7200, 'automatic_serialization' => true);
$backendOptions = array('cache_dir' => $tmpDir);
$cache = Zend_Cache::factory('Core', 'File', $frontendOptions, $backendOptions);
Kimai_Registry::setCache($cache);
Zend_Locale::setCache($cache);
$logdatei = fopen(WEBROOT . "temporary/logfile.txt", "w");
fwrite($logdatei, "");
fclose($logdatei);
echo $kga['lang']['log_delete'];
} else {
die;
}
break;
/**
* Write some message to the logfile.
*/
/**
* Write some message to the logfile.
*/
case "shoutbox":
Kimai_Logger::logfile("[" . Kimai_Registry::getUser()->getName() . "] " . $axValue);
break;
/**
* Return the $kga variable (Kimai Global Array). Strip out some sensitive
* information if not configured otherwise.
*/
/**
* Return the $kga variable (Kimai Global Array). Strip out some sensitive
* information if not configured otherwise.
*/
case "reloadKGA":
$output = $kga;
$filter = array('server_hostname' => "xxx", 'server_database' => "xxx", 'server_username' => "xxx", 'server_password' => "xxx", 'password_salt' => "xxx", 'user' => array('secure' => "xxx", 'userID' => "xxx", 'pw' => "xxx", 'password' => "xxx", 'apikey' => "xxx"));
switch ($axValue) {
case 'plain':
$output = $kga;
/**
* A drop-in function to replace checkuser() and be compatible with none-cookie environments.
*
* @author th/kp
*/
public function checkUserInternal($kimai_user)
{
$p = $this->kga['server_prefix'];
if (strncmp($kimai_user, 'customer_', 9) == 0) {
$customerName = MySQL::SQLValue(substr($kimai_user, 9));
$query = "SELECT customerID FROM {$p}customers WHERE name = {$customerName} AND NOT trash = '1';";
$this->conn->Query($query);
$row = $this->conn->RowArray(0, MYSQLI_ASSOC);
$customerID = $row['customerID'];
if ($customerID < 1) {
Kimai_Logger::logfile("Kicking customer {$customerName} because he is unknown to the system.");
kickUser();
}
} else {
$query = "SELECT userID FROM {$p}users WHERE name = '{$kimai_user}' AND active = '1' AND NOT trash = '1';";
$this->conn->Query($query);
$row = $this->conn->RowArray(0, MYSQLI_ASSOC);
$userID = $row['userID'];
$name = $kimai_user;
if ($userID < 1) {
Kimai_Logger::logfile("Kicking user {$name} because he is unknown to the system.");
kickUser();
}
}
$this->kga['timezone'] = $this->kga['defaultTimezone'];
// and add user or customer specific settings on top
if (strncmp($kimai_user, 'customer_', 9) == 0) {
$configs = $this->get_customer_config($customerID);
if ($configs !== null) {
foreach ($configs as $key => $value) {
$this->kga['customer'][$key] = $value;
}
$this->kga->setTimezone($this->kga['customer']['timezone']);
}
} else {
$configs = $this->get_user_config($userID);
if ($configs !== null) {
$user = new Kimai_User($configs);
$user->setGroups($this->getGroupMemberships($userID));
$this->kga->setUser($user);
Kimai_Registry::setUser($user);
$this->kga->getSettings()->add($this->user_get_preferences_by_prefix('ui.', $userID));
$userTimezone = $this->user_get_preference('timezone', $userID);
if ($userTimezone != '') {
$this->kga->setTimezone($userTimezone);
}
}
}
date_default_timezone_set($this->kga->getTimezone());
// skin fallback
if (!is_dir(WEBROOT . "/skins/" . $this->kga->getSettings()->getSkin())) {
$this->kga->getSettings()->setSkin($this->kga->getSkin());
}
// load user specific translation
Kimai_Registry::getTranslation()->addTranslations($this->kga->getLanguage());
if (isset($this->kga['user'])) {
return $this->kga['user'];
}
return null;
}
/**
* @param $database
* @param $hostname
* @param $username
* @param $password
* @param $charset
* @param $prefix
* @param $lang
* @param $salt
* @param $timezone
* @return bool
*/
function write_config_file($database, $hostname, $username, $password, $charset, $prefix, $lang, $salt, $timezone = null)
{
$kga = Kimai_Registry::getConfig();
$database = addcslashes($database, '"$');
$hostname = addcslashes($hostname, '"$');
$username = addcslashes($username, '"$');
$password = addcslashes($password, '"$');
$file = fopen(realpath(dirname(__FILE__)) . '/autoconf.php', 'w');
if (!$file) {
return false;
}
// fallback if timezone was not provided
if (!empty($timezone)) {
$timezone = addcslashes($timezone, '"$');
$timezone = '"' . $timezone . '"';
} else {
if (isset($kga['defaultTimezone'])) {
$timezone = '"' . $kga['defaultTimezone'] . '"';
} else {
$timezone = 'date_default_timezone_get()';
}
}
// fetch skin from global config with "standard" fallback
$skin = !empty($kga->getSkin()) ? $kga->getSkin() : Kimai_Config::getDefault(Kimai_Config::DEFAULT_SKIN);
$billable = !empty($kga->getBillable()) ? var_export($kga->getBillable(), true) : var_export(Kimai_Config::getDefault(Kimai_Config::DEFAULT_BILLABLE), true);
$authenticator = !empty($kga->getAuthenticator()) ? $kga->getAuthenticator() : Kimai_Config::getDefault(Kimai_Config::DEFAULT_AUTHENTICATOR);
$lang = !empty($lang) ? $lang : Kimai_Config::getDefault(Kimai_Config::DEFAULT_LANGUAGE);
$config = <<<EOD
<?php
/**
* This file is part of
* Kimai - Open Source Time Tracking // http://www.kimai.org
* (c) Kimai-Development-Team since 2006
*
* Kimai is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; Version 3, 29 June 2007
*
* Kimai is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Kimai; If not, see <http://www.gnu.org/licenses/>.
*/
// This file was automatically generated by the installer
\$server_hostname = "{$hostname}";
\$server_database = "{$database}";
\$server_username = "******";
\$server_password = "******";
\$server_charset = "{$charset}";
\$server_prefix = "{$prefix}";
\$language = "{$lang}";
\$password_salt = "{$salt}";
\$defaultTimezone = {$timezone};
\$skin = "{$skin}";
\$authenticator = "{$authenticator}";
\$billable = {$billable};
EOD;
fputs($file, $config);
fclose($file);
return true;
}
$view->assign('months_short_array', sprintf("['%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s']", $kga['lang']['months_short'][0], $kga['lang']['months_short'][1], $kga['lang']['months_short'][2], $kga['lang']['months_short'][3], $kga['lang']['months_short'][4], $kga['lang']['months_short'][5], $kga['lang']['months_short'][6], $kga['lang']['months_short'][7], $kga['lang']['months_short'][8], $kga['lang']['months_short'][9], $kga['lang']['months_short'][10], $kga['lang']['months_short'][11]));
// assign view placeholders
$view->assign('current_timer_hour', $current_timer['hour']);
$view->assign('current_timer_min', $current_timer['min']);
$view->assign('current_timer_sec', $current_timer['sec']);
$view->assign('current_timer_start', $current_timer['all'] ? $current_timer['all'] : time());
$view->assign('current_time', time());
$view->assign('timeframe_in', $in);
$view->assign('timeframe_out', $out);
$view->assign('kga', $kga);
$view->assign('extensions', $extensions->extensionsTabData());
$view->assign('css_extension_files', $extensions->cssExtensionFiles());
$view->assign('js_extension_files', $extensions->jsExtensionFiles());
$view->assign('currentRecording', -1);
if (isset($kga['user'])) {
$view->assign('user', Kimai_Registry::getUser());
$currentRecordings = $database->get_current_recordings($kga['user']['userID']);
if (count($currentRecordings) > 0) {
$view->assign('currentRecording', $currentRecordings[0]);
}
}
$view->assign('openAfterRecorded', $kga->getSettings()->isShowAfterRecorded());
$view->assign('lang_checkUsername', $kga['lang']['checkUsername']);
$view->assign('lang_checkGroupname', $kga['lang']['checkGroupname']);
$view->assign('lang_checkStatusname', $kga['lang']['checkStatusname']);
$view->assign('lang_checkGlobalRoleName', $kga['lang']['checkGlobalRoleName']);
$view->assign('lang_checkMembershipRoleName', $kga['lang']['checkMembershipRoleName']);
$customerData = array('customerID' => false, 'name' => '');
$projectData = array('projectID' => false, 'name' => '');
$activityData = array('activityID' => false, 'name' => '');
if (!isset($kga['customer'])) {
