/** * get the login name of the current user * * @return string */ public function getLoginName() { if ($this->activeUser) { return $this->session->get('loginname'); } else { $uid = $this->session->get('user_id'); if ($uid) { $this->activeUser = $this->manager->get($uid); return $this->session->get('loginname'); } else { return null; } } }
public static function initSession() { // prevents javascript from accessing php session cookies ini_set('session.cookie_httponly', '1;'); // set the cookie path to the ownCloud directory $cookie_path = OC::$WEBROOT ? : '/'; ini_set('session.cookie_path', $cookie_path); //set the session object to a dummy session so code relying on the session existing still works self::$session = new \OC\Session\Memory(''); // Let the session name be changed in the initSession Hook $sessionName = OC_Util::getInstanceId(); try { // Allow session apps to create a custom session object $useCustomSession = false; OC_Hook::emit('OC', 'initSession', array('session' => &self::$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession)); if(!$useCustomSession) { // set the session name to the instance id - which is unique self::$session = new \OC\Session\Internal($sessionName); } // if session cant be started break with http 500 error } catch (Exception $e) { //show the user a detailed error page OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR); OC_Template::printExceptionErrorPage($e); } $sessionLifeTime = self::getSessionLifeTime(); // regenerate session id periodically to avoid session fixation if (!self::$session->exists('SID_CREATED')) { self::$session->set('SID_CREATED', time()); } else if (time() - self::$session->get('SID_CREATED') > $sessionLifeTime / 2) { session_regenerate_id(true); self::$session->set('SID_CREATED', time()); } // session timeout if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > $sessionLifeTime)) { if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 42000, $cookie_path); } session_unset(); session_destroy(); session_start(); } self::$session->set('LAST_ACTIVITY', time()); }
public static function init() { // register autoloader require_once __DIR__ . '/autoloader.php'; self::$loader = new \OC\Autoloader(); self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib'); self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib'); self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing'); self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console'); self::$loader->registerPrefix('Sabre\\VObject', '3rdparty'); self::$loader->registerPrefix('Sabre_', '3rdparty'); self::$loader->registerPrefix('Patchwork', '3rdparty'); spl_autoload_register(array(self::$loader, 'load')); // set some stuff //ob_start(); error_reporting(E_ALL | E_STRICT); if (defined('DEBUG') && DEBUG) { ini_set('display_errors', 1); } self::$CLI = php_sapi_name() == 'cli'; date_default_timezone_set('UTC'); ini_set('arg_separator.output', '&'); // try to switch magic quotes off. if (get_magic_quotes_gpc() == 1) { ini_set('magic_quotes_runtime', 0); } //try to configure php to enable big file uploads. //this doesn´t work always depending on the webserver and php configuration. //Let´s try to overwrite some defaults anyways //try to set the maximum execution time to 60min @set_time_limit(3600); @ini_set('max_execution_time', 3600); @ini_set('max_input_time', 3600); //try to set the maximum filesize to 10G @ini_set('upload_max_filesize', '10G'); @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); //copy http auth headers for apache+php-fcgid work around if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; } //set http auth headers for apache+php-cgi work around if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } //set http auth headers for apache+php-cgi work around if variable gets renamed by apache if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } self::initPaths(); if (OC_Config::getValue('instanceid', false)) { // \OC\Memcache\Cache has a hidden dependency on // OC_Util::getInstanceId() for namespacing. See #5409. try { self::$loader->setMemoryCache(\OC\Memcache\Factory::createLowLatency('Autoloader')); } catch (\Exception $ex) { } } OC_Util::isSetLocaleWorking(); // set debug mode if an xdebug session is active if (!defined('DEBUG') || !DEBUG) { if (isset($_COOKIE['XDEBUG_SESSION'])) { define('DEBUG', true); } } if (!defined('PHPUNIT_RUN')) { if (defined('DEBUG') and DEBUG) { OC\Log\ErrorHandler::register(true); set_exception_handler(array('OC_Template', 'printExceptionErrorPage')); } else { OC\Log\ErrorHandler::register(); } OC\Log\ErrorHandler::setLogger(OC_Log::$object); } // register the stream wrappers stream_wrapper_register('fakedir', 'OC\\Files\\Stream\\Dir'); stream_wrapper_register('static', 'OC\\Files\\Stream\\StaticStream'); stream_wrapper_register('close', 'OC\\Files\\Stream\\Close'); stream_wrapper_register('quota', 'OC\\Files\\Stream\\Quota'); stream_wrapper_register('oc', 'OC\\Files\\Stream\\OC'); // setup the basic server self::$server = new \OC\Server(); self::initTemplateEngine(); OC_App::loadApps(array('session')); if (!self::$CLI) { self::initSession(); } else { self::$session = new \OC\Session\Memory(''); } self::checkConfig(); self::checkInstalled(); self::checkSSL(); self::addSecurityHeaders(); $errors = OC_Util::checkServer(); if (count($errors) > 0) { if (self::$CLI) { foreach ($errors as $error) { echo $error['error'] . "\n"; echo $error['hint'] . "\n\n"; } } else { OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); OC_Template::printGuestPage('', 'error', array('errors' => $errors)); } exit; } //try to set the session lifetime $sessionLifeTime = self::getSessionLifeTime(); @ini_set('gc_maxlifetime', (string) $sessionLifeTime); // User and Groups if (!OC_Config::getValue("installed", false)) { self::$session->set('user_id', ''); } OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('loginname') && $_SERVER['PHP_AUTH_USER'] !== self::$session->get('loginname')) { $sessionUser = self::$session->get('loginname'); $serverUser = $_SERVER['PHP_AUTH_USER']; OC_Log::write('core', "Session loginname ({$sessionUser}) doesn't match SERVER[PHP_AUTH_USER] ({$serverUser}).", OC_Log::WARN); OC_User::logout(); } // Load Apps // This includes plugins for users and filesystems as well global $RUNTIME_NOAPPS; global $RUNTIME_APPTYPES; if (!$RUNTIME_NOAPPS && !self::checkUpgrade(false)) { if ($RUNTIME_APPTYPES) { OC_App::loadApps($RUNTIME_APPTYPES); } else { OC_App::loadApps(); } } //setup extra user backends OC_User::setupBackends(); self::registerCacheHooks(); self::registerFilesystemHooks(); self::registerPreviewHooks(); self::registerShareHooks(); self::registerLogRotate(); //make sure temporary files are cleaned up register_shutdown_function(array('OC_Helper', 'cleanTmp')); //parse the given parameters self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files'); if (substr_count(self::$REQUESTEDAPP, '?') != 0) { $app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?')); $param = substr($_GET['app'], strpos($_GET['app'], '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDAPP = $app; $_GET['app'] = $app; } self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null; if (substr_count(self::$REQUESTEDFILE, '?') != 0) { $file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?')); $param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDFILE = $file; $_GET['getfile'] = $file; } if (!is_null(self::$REQUESTEDFILE)) { $subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE; $parent = OC_App::getAppPath(OC::$REQUESTEDAPP); if (!OC_Helper::issubdirectory($subdir, $parent)) { self::$REQUESTEDFILE = null; header('HTTP/1.0 404 Not Found'); exit; } } if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) { if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') { OC_Util::addScript('backgroundjobs'); } } }
/** * Handle the request */ public static function handleRequest() { $l = \OC_L10N::get('lib'); // load all the classpaths from the enabled apps so they are available // in the routing files of each app OC::loadAppClassPaths(); // Check if ownCloud is installed or in maintenance (update) mode if (!OC_Config::getValue('installed', false)) { $controller = new OC\Core\Setup\Controller(); $controller->run($_POST); exit; } $host = OC_Request::insecureServerHost(); // if the host passed in headers isn't trusted if (!OC::$CLI && OC_Request::getOverwriteHost() === null && !OC_Request::isTrustedDomain($host)) { header('HTTP/1.1 400 Bad Request'); header('Status: 400 Bad Request'); OC_Template::printErrorPage($l->t('You are accessing the server from an untrusted domain.'), $l->t('Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domain" setting in config/config.php. An example configuration is provided in config/config.sample.php.')); return; } $request = OC_Request::getPathInfo(); if (substr($request, -3) !== '.js') { // we need these files during the upgrade self::checkMaintenanceMode(); self::checkUpgrade(); } if (!OC_User::isLoggedIn()) { // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP OC::tryBasicAuthLogin(); } if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) { try { if (!OC_Config::getValue('maintenance', false) && !\OCP\Util::needUpgrade()) { OC_App::loadApps(array('authentication')); OC_App::loadApps(array('filesystem', 'logging')); OC_App::loadApps(); } self::checkSingleUserMode(); OC::$server->getRouter()->match(OC_Request::getRawPathInfo()); return; } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { //header('HTTP/1.0 404 Not Found'); } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) { OC_Response::setStatus(405); return; } } // Load minimum set of apps if (!self::checkUpgrade(false)) { // For logged-in users: Load everything if (OC_User::isLoggedIn()) { OC_App::loadApps(); } else { // For guests: Load only authentication, filesystem and logging OC_App::loadApps(array('authentication')); OC_App::loadApps(array('filesystem', 'logging')); } } // Handle redirect URL for logged in users if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url'])); // Deny the redirect if the URL contains a @ // This prevents unvalidated redirects like ?redirect_url=:user@domain.com if (strpos($location, '@') === false) { header('Location: ' . $location); return; } } // Handle WebDAV if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { // not allowed any more to prevent people // mounting this root directly. // Users need to mount remote.php/webdav instead. header('HTTP/1.1 405 Method Not Allowed'); header('Status: 405 Method Not Allowed'); return; } // Redirect to index if the logout link is accessed without valid session // this is needed to prevent "Token expired" messages while login if a session is expired // @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583 if (isset($_GET['logout']) && !OC_User::isLoggedIn()) { header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : '')); return; } // Someone is logged in if (OC_User::isLoggedIn()) { OC_App::loadApps(); OC_User::setupBackends(); if (isset($_GET["logout"]) and $_GET["logout"]) { OC_JSON::callCheck(); if (isset($_COOKIE['oc_token'])) { OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); } if (isset($_SERVER['PHP_AUTH_USER'])) { if (isset($_COOKIE['oc_ignore_php_auth_user'])) { // Ignore HTTP Authentication for 5 more mintues. setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : '')); } elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) { // Ignore HTTP Authentication to allow a different user to log in. setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : '')); } } OC_User::logout(); // redirect to webroot and add slash if webroot is empty header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : '')); } else { // Redirect to default application OC_Util::redirectToDefaultPage(); } } else { // Not handled and not logged in self::handleLogin(); } }
public function testGetAfterSet() { $this->instance->set('foo', 'bar'); $this->assertEquals('bar', $this->instance->get('foo')); }