/** * @brief Returns the server host * @returns the server host * * Returns the server host, even if the website uses one or more * reverse proxies */ public static function getServerHost() { return \OC_Helper::serverHost(); }
$RUNTIME_NOAPPS = TRUE; //no apps require_once '../../lib/base.php'; // Someone lost their password: if (isset($_POST['user'])) { if (OC_User::userExists($_POST['user'])) { $token = sha1($_POST['user'] . md5(uniqid(rand(), true))); OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token); $email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', ''); if (!empty($email) and isset($_POST['sectoken']) and isset($_SESSION['sectoken']) and $_POST['sectoken'] == $_SESSION['sectoken']) { $link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php') . '?user='******'user'] . '&token=' . $token; $tmpl = new OC_Template('core/lostpassword', 'email'); $tmpl->assign('link', $link); $msg = $tmpl->fetchPage(); $l = OC_L10N::get('core'); $from = 'lostpassword-noreply@' . OC_Helper::serverHost(); OC_MAIL::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud'); echo 'sent'; } $sectoken = rand(1000000, 9999999); $_SESSION['sectoken'] = $sectoken; OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => true, 'sectoken' => $sectoken)); } else { $sectoken = rand(1000000, 9999999); $_SESSION['sectoken'] = $sectoken; OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => true, 'requested' => false, 'sectoken' => $sectoken)); } } else { $sectoken = rand(1000000, 9999999); $_SESSION['sectoken'] = $sectoken; OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false, 'sectoken' => $sectoken));
/** * return the config data of this server * @param string $format * @return string xml/json */ private static function apiConfig($format) { $user = OC_OCS::checkpassword(false); $url = substr(OC_Helper::serverHost() . $_SERVER['SCRIPT_NAME'], 0, -11) . ''; $xml['version'] = '1.5'; $xml['website'] = 'ownCloud'; $xml['host'] = OC_Helper::serverHost(); $xml['contact'] = ''; $xml['ssl'] = 'false'; echo OC_OCS::generatexml($format, 'ok', 100, '', $xml, 'config', '', 1); }
/** * Check if the htaccess file is working buy creating a test file in the data directory and trying to access via http */ public static function ishtaccessworking() { // testdata $filename = '/htaccesstest.txt'; $testcontent = 'testcontent'; // creating a test file $testfile = OC_Config::getValue("datadirectory", OC::$SERVERROOT . "/data") . '/' . $filename; $fp = @fopen($testfile, 'w'); @fwrite($fp, $testcontent); @fclose($fp); // accessing the file via http $url = OC_Helper::serverProtocol() . '://' . OC_Helper::serverHost() . OC::$WEBROOT . '/data' . $filename; $fp = @fopen($url, 'r'); $content = @fread($fp, 2048); @fclose($fp); // cleanup @unlink($testfile); // does it work ? if ($content == $testcontent) { return false; } else { return true; } }
public static function init() { // register autoloader spl_autoload_register(array('OC', 'autoload')); setlocale(LC_ALL, 'en_US.UTF-8'); // set some stuff //ob_start(); error_reporting(E_ALL | E_STRICT); if (defined('DEBUG') && DEBUG) { ini_set('display_errors', 1); } date_default_timezone_set('UTC'); ini_set('arg_separator.output', '&'); // try to switch magic quotes off. if (function_exists('set_magic_quotes_runtime')) { @set_magic_quotes_runtime(false); } //try to configure php to enable big file uploads. //this doesn´t work always depending on the webserver and php configuration. //Let´s try to overwrite some defaults anyways //try to set the maximum execution time to 60min @set_time_limit(3600); @ini_set('max_execution_time', 3600); @ini_set('max_input_time', 3600); //try to set the maximum filesize to 10G @ini_set('upload_max_filesize', '10G'); @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); //try to set the session lifetime to 60min @ini_set('gc_maxlifetime', '3600'); //set http auth headers for apache+php-cgi work around if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1])); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } //set http auth headers for apache+php-cgi work around if variable gets renamed by apache if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1])); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } self::initPaths(); // register the stream wrappers require_once 'streamwrappers.php'; stream_wrapper_register("fakedir", "OC_FakeDirStream"); stream_wrapper_register('static', 'OC_StaticStreamWrapper'); stream_wrapper_register('close', 'OC_CloseStreamWrapper'); self::checkInstalled(); self::checkSSL(); // CSRF protection if (isset($_SERVER['HTTP_REFERER'])) { $referer = $_SERVER['HTTP_REFERER']; } else { $referer = ''; } $refererhost = parse_url($referer); if (isset($refererhost['host'])) { $refererhost = $refererhost['host']; } else { $refererhost = ''; } $server = OC_Helper::serverHost(); $serverhost = explode(':', $server); $serverhost = $serverhost['0']; if ($_SERVER['REQUEST_METHOD'] == 'POST' and $refererhost != $serverhost) { $url = OC_Helper::serverProtocol() . '://' . $server . OC::$WEBROOT . '/index.php'; header("Location: {$url}"); exit; } self::initSession(); self::initTemplateEngine(); self::checkUpgrade(); $errors = OC_Util::checkServer(); if (count($errors) > 0) { OC_Template::printGuestPage('', 'error', array('errors' => $errors)); exit; } // TODO: we should get rid of this one, too // WARNING: to make everything even more confusing, // DATADIRECTORY is a var that changes and DATADIRECTORY_ROOT // stays the same, but is set by "datadirectory". // Any questions? OC::$CONFIG_DATADIRECTORY = OC_Config::getValue("datadirectory", OC::$SERVERROOT . "/data"); // User and Groups if (!OC_Config::getValue("installed", false)) { $_SESSION['user_id'] = ''; } OC_User::useBackend(OC_Config::getValue("userbackend", "database")); OC_Group::useBackend(new OC_Group_Database()); // Set up file system unless forbidden global $RUNTIME_NOSETUPFS; if (!$RUNTIME_NOSETUPFS) { OC_Util::setupFS(); } // Load Apps // This includes plugins for users and filesystems as well global $RUNTIME_NOAPPS; global $RUNTIME_APPTYPES; if (!$RUNTIME_NOAPPS) { if ($RUNTIME_APPTYPES) { OC_App::loadApps($RUNTIME_APPTYPES); } else { OC_App::loadApps(); } } // Check for blacklisted files OC_Hook::connect('OC_Filesystem', 'write', 'OC_Filesystem', 'isBlacklisted'); //make sure temporary files are cleaned up register_shutdown_function(array('OC_Helper', 'cleanTmp')); //parse the given parameters self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? str_replace(array('\\0', '/', '\\', '..'), '', strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files'); if (substr_count(self::$REQUESTEDAPP, '?') != 0) { $app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?')); $param = substr(self::$REQUESTEDAPP, strpos(self::$REQUESTEDAPP, '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDAPP = $app; $_GET['app'] = $app; } self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null; if (substr_count(self::$REQUESTEDFILE, '?') != 0) { $file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?')); $param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDFILE = $file; $_GET['getfile'] = $file; } if (!is_null(self::$REQUESTEDFILE)) { $subdir = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE; $parent = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP; if (!OC_Helper::issubdirectory($subdir, $parent)) { self::$REQUESTEDFILE = null; header('HTTP/1.0 404 Not Found'); exit; } } }
* This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE * License as published by the Free Software Foundation; either * version 3 of the License, or any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. * * You should have received a copy of the GNU Affero General Public * License along with this library. If not, see <http://www.gnu.org/licenses/>. * */ require_once '../lib/base.php'; $url = 'http://' . substr(OC_Helper::serverHost() . $_SERVER['REQUEST_URI'], 0, -17) . 'ocs/v1.php/'; echo ' <providers> <provider> <id>ownCloud</id> <location>' . $url . '</location> <name>ownCloud</name> <icon></icon> <termsofuse></termsofuse> <register></register> <services> <activity ocsversion="1.5" /> </services> </provider> </providers> ';