/**
* @brief Returns the server host
* @returns the server host
*
* Returns the server host, even if the website uses one or more
* reverse proxies
*/
public static function getServerHost()
{
return \OC_Helper::serverHost();
}
$RUNTIME_NOAPPS = TRUE;
//no apps
require_once '../../lib/base.php';
// Someone lost their password:
if (isset($_POST['user'])) {
if (OC_User::userExists($_POST['user'])) {
$token = sha1($_POST['user'] . md5(uniqid(rand(), true)));
OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
if (!empty($email) and isset($_POST['sectoken']) and isset($_SESSION['sectoken']) and $_POST['sectoken'] == $_SESSION['sectoken']) {
$link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php') . '?user='******'user'] . '&token=' . $token;
$tmpl = new OC_Template('core/lostpassword', 'email');
$tmpl->assign('link', $link);
$msg = $tmpl->fetchPage();
$l = OC_L10N::get('core');
$from = 'lostpassword-noreply@' . OC_Helper::serverHost();
OC_MAIL::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud');
echo 'sent';
}
$sectoken = rand(1000000, 9999999);
$_SESSION['sectoken'] = $sectoken;
OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => true, 'sectoken' => $sectoken));
} else {
$sectoken = rand(1000000, 9999999);
$_SESSION['sectoken'] = $sectoken;
OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => true, 'requested' => false, 'sectoken' => $sectoken));
}
} else {
$sectoken = rand(1000000, 9999999);
$_SESSION['sectoken'] = $sectoken;
OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false, 'sectoken' => $sectoken));
/**
* return the config data of this server
* @param string $format
* @return string xml/json
*/
private static function apiConfig($format)
{
$user = OC_OCS::checkpassword(false);
$url = substr(OC_Helper::serverHost() . $_SERVER['SCRIPT_NAME'], 0, -11) . '';
$xml['version'] = '1.5';
$xml['website'] = 'ownCloud';
$xml['host'] = OC_Helper::serverHost();
$xml['contact'] = '';
$xml['ssl'] = 'false';
echo OC_OCS::generatexml($format, 'ok', 100, '', $xml, 'config', '', 1);
}
/**
* Check if the htaccess file is working buy creating a test file in the data directory and trying to access via http
*/
public static function ishtaccessworking()
{
// testdata
$filename = '/htaccesstest.txt';
$testcontent = 'testcontent';
// creating a test file
$testfile = OC_Config::getValue("datadirectory", OC::$SERVERROOT . "/data") . '/' . $filename;
$fp = @fopen($testfile, 'w');
@fwrite($fp, $testcontent);
@fclose($fp);
// accessing the file via http
$url = OC_Helper::serverProtocol() . '://' . OC_Helper::serverHost() . OC::$WEBROOT . '/data' . $filename;
$fp = @fopen($url, 'r');
$content = @fread($fp, 2048);
@fclose($fp);
// cleanup
@unlink($testfile);
// does it work ?
if ($content == $testcontent) {
return false;
} else {
return true;
}
}
public static function init()
{
// register autoloader
spl_autoload_register(array('OC', 'autoload'));
setlocale(LC_ALL, 'en_US.UTF-8');
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
if (defined('DEBUG') && DEBUG) {
ini_set('display_errors', 1);
}
date_default_timezone_set('UTC');
ini_set('arg_separator.output', '&');
// try to switch magic quotes off.
if (function_exists('set_magic_quotes_runtime')) {
@set_magic_quotes_runtime(false);
}
//try to configure php to enable big file uploads.
//this doesn´t work always depending on the webserver and php configuration.
//Let´s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@set_time_limit(3600);
@ini_set('max_execution_time', 3600);
@ini_set('max_input_time', 3600);
//try to set the maximum filesize to 10G
@ini_set('upload_max_filesize', '10G');
@ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50');
//try to set the session lifetime to 60min
@ini_set('gc_maxlifetime', '3600');
//set http auth headers for apache+php-cgi work around
if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]));
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]));
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
self::initPaths();
// register the stream wrappers
require_once 'streamwrappers.php';
stream_wrapper_register("fakedir", "OC_FakeDirStream");
stream_wrapper_register('static', 'OC_StaticStreamWrapper');
stream_wrapper_register('close', 'OC_CloseStreamWrapper');
self::checkInstalled();
self::checkSSL();
// CSRF protection
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
} else {
$referer = '';
}
$refererhost = parse_url($referer);
if (isset($refererhost['host'])) {
$refererhost = $refererhost['host'];
} else {
$refererhost = '';
}
$server = OC_Helper::serverHost();
$serverhost = explode(':', $server);
$serverhost = $serverhost['0'];
if ($_SERVER['REQUEST_METHOD'] == 'POST' and $refererhost != $serverhost) {
$url = OC_Helper::serverProtocol() . '://' . $server . OC::$WEBROOT . '/index.php';
header("Location: {$url}");
exit;
}
self::initSession();
self::initTemplateEngine();
self::checkUpgrade();
$errors = OC_Util::checkServer();
if (count($errors) > 0) {
OC_Template::printGuestPage('', 'error', array('errors' => $errors));
exit;
}
// TODO: we should get rid of this one, too
// WARNING: to make everything even more confusing,
// DATADIRECTORY is a var that changes and DATADIRECTORY_ROOT
// stays the same, but is set by "datadirectory".
// Any questions?
OC::$CONFIG_DATADIRECTORY = OC_Config::getValue("datadirectory", OC::$SERVERROOT . "/data");
// User and Groups
if (!OC_Config::getValue("installed", false)) {
$_SESSION['user_id'] = '';
}
OC_User::useBackend(OC_Config::getValue("userbackend", "database"));
OC_Group::useBackend(new OC_Group_Database());
// Set up file system unless forbidden
global $RUNTIME_NOSETUPFS;
if (!$RUNTIME_NOSETUPFS) {
OC_Util::setupFS();
}
// Load Apps
// This includes plugins for users and filesystems as well
global $RUNTIME_NOAPPS;
global $RUNTIME_APPTYPES;
if (!$RUNTIME_NOAPPS) {
if ($RUNTIME_APPTYPES) {
OC_App::loadApps($RUNTIME_APPTYPES);
} else {
OC_App::loadApps();
}
}
// Check for blacklisted files
OC_Hook::connect('OC_Filesystem', 'write', 'OC_Filesystem', 'isBlacklisted');
//make sure temporary files are cleaned up
register_shutdown_function(array('OC_Helper', 'cleanTmp'));
//parse the given parameters
self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? str_replace(array('\\0', '/', '\\', '..'), '', strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files');
if (substr_count(self::$REQUESTEDAPP, '?') != 0) {
$app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
$param = substr(self::$REQUESTEDAPP, strpos(self::$REQUESTEDAPP, '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDAPP = $app;
$_GET['app'] = $app;
}
self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null;
if (substr_count(self::$REQUESTEDFILE, '?') != 0) {
$file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?'));
$param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDFILE = $file;
$_GET['getfile'] = $file;
}
if (!is_null(self::$REQUESTEDFILE)) {
$subdir = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE;
$parent = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP;
if (!OC_Helper::issubdirectory($subdir, $parent)) {
self::$REQUESTEDFILE = null;
header('HTTP/1.0 404 Not Found');
exit;
}
}
}
* This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE * License as published by the Free Software Foundation; either * version 3 of the License, or any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. * * You should have received a copy of the GNU Affero General Public * License along with this library. If not, see <http://www.gnu.org/licenses/>. * */ require_once '../lib/base.php'; $url = 'http://' . substr(OC_Helper::serverHost() . $_SERVER['REQUEST_URI'], 0, -17) . 'ocs/v1.php/'; echo ' <providers> <provider> <id>ownCloud</id> <location>' . $url . '</location> <name>ownCloud</name> <icon></icon> <termsofuse></termsofuse> <register></register> <services> <activity ocsversion="1.5" /> </services> </provider> </providers> ';
