/**
* Initialize the stream from the given path.
* Concretely, transform ajxp.smb:// into smb://
*
* @param string $path
* @return mixed Real path or -1 if currentListing contains the listing : original path converted to real path
*/
protected static function initPath($path, $streamType, $storeOpenContext = false, $skipZip = false)
{
$url = parse_url($path);
$repoId = $url["host"];
$repoObject = ConfService::getRepositoryById($repoId);
if (!isset($repoObject)) {
throw new Exception("Cannot find repository with id " . $repoId);
}
$path = $url["path"];
// Fix if the host is defined as //MY_HOST/path/to/folder
$host = str_replace("//", "", $repoObject->getOption("HOST"));
$credentials = "";
$safeCreds = AJXP_Safe::tryLoadingCredentialsFromSources($url, $repoObject);
if ($safeCreds["user"] != "" && $safeCreds["password"] != "") {
$login = $safeCreds["user"];
$pass = $safeCreds["password"];
$_SESSION["AJXP_SESSION_REMOTE_PASS"] = $pass;
$credentials = "{$login}:{$pass}@";
$domain = $repoObject->getOption("DOMAIN");
if ($domain != "") {
$credentials = $domain . "/" . $credentials;
}
}
$basePath = $repoObject->getOption("PATH");
$fullPath = "smb://" . $credentials . $host . "/";
//.$basePath."/".$path;
if ($basePath != "") {
$fullPath .= trim($basePath, "/\\");
}
if ($path != "") {
$fullPath .= ($path[0] == "/" ? "" : "/") . $path;
}
return $fullPath;
}
/**
* Initialize the stream from the given path.
* Concretely, transform ajxp.webdav:// into webdav://
*
* @param string $path
* @return mixed Real path or -1 if currentListing contains the listing : original path converted to real path
*/
protected static function initPath($path, $streamType, $storeOpenContext = false, $skipZip = false)
{
$url = AJXP_Utils::safeParseUrl($path);
$repoId = $url["host"];
$repoObject = ConfService::getRepositoryById($repoId);
if (!isset($repoObject)) {
$e = new Exception("Cannot find repository with id " . $repoId);
self::$lastException = $e;
throw $e;
}
$path = $url["path"];
$host = $repoObject->getOption("HOST");
$hostParts = parse_url($host);
if ($hostParts["scheme"] == "https" && !extension_loaded("openssl")) {
$e = new Exception("Warning you must have the openssl PHP extension loaded to connect an https server!");
self::$lastException = $e;
throw $e;
}
$credentials = AJXP_Safe::tryLoadingCredentialsFromSources($hostParts, $repoObject);
$user = $credentials["user"];
$password = $credentials["password"];
if ($user != null && $password != null) {
$host = ($hostParts["scheme"] == "https" ? "webdavs" : "webdav") . "://{$user}:{$password}@" . $hostParts["host"];
if (isset($hostParts["port"])) {
$host .= ":" . $hostParts["port"];
}
} else {
$host = str_replace(array("http", "https"), array("webdav", "webdavs"), $host);
}
// MAKE SURE THERE ARE NO // OR PROBLEMS LIKE THAT...
$basePath = $repoObject->getOption("PATH");
if ($basePath[strlen($basePath) - 1] == "/") {
$basePath = substr($basePath, 0, -1);
}
if ($basePath[0] != "/") {
$basePath = "/{$basePath}";
}
$path = AJXP_Utils::securePath($path);
if ($path[0] == "/") {
$path = substr($path, 1);
}
// SHOULD RETURN webdav://host_server/uri/to/webdav/folder
AJXP_Logger::debug(__CLASS__, __FUNCTION__, $host . $basePath . "/" . $path);
return $host . $basePath . "/" . $path;
}
/**
* @param array $data
* @param AbstractAccessDriver $accessDriver
* @param Repository $repository
*/
public function storeSafeCredentialsIfNeeded(&$data, $accessDriver, $repository)
{
$storeCreds = false;
if ($repository->getOption("META_SOURCES")) {
$options["META_SOURCES"] = $repository->getOption("META_SOURCES");
foreach ($options["META_SOURCES"] as $metaSource) {
if (isset($metaSource["USE_SESSION_CREDENTIALS"]) && $metaSource["USE_SESSION_CREDENTIALS"] === true) {
$storeCreds = true;
break;
}
}
}
if ($storeCreds || $accessDriver->hasMixin("credentials_consumer")) {
$cred = AJXP_Safe::tryLoadingCredentialsFromSources(array(), $repository);
if (isset($cred["user"]) && isset($cred["password"])) {
$data["SAFE_USER"] = $cred["user"];
$data["SAFE_PASS"] = $cred["password"];
}
}
}
protected function parseUrl($url, $forceLogin = false)
{
// URL MAY BE ajxp.ftp://username:password@host/path
$urlParts = AJXP_Utils::safeParseUrl($url);
$this->repositoryId = $urlParts["host"];
$repository = ConfService::getRepositoryById($this->repositoryId);
if ($repository == null) {
throw new Exception("Cannot find repository for dynamic ftp authentification.");
}
$credentials = AJXP_Safe::tryLoadingCredentialsFromSources($urlParts, $repository);
$this->user = $credentials["user"];
$this->password = $credentials["password"];
if ($this->user == "") {
throw new AJXP_Exception("Cannot find user/pass for FTP access!");
}
if ($repository->getOption("DYNAMIC_FTP") == "TRUE" && isset($_SESSION["AJXP_DYNAMIC_FTP_DATA"])) {
$data = $_SESSION["AJXP_DYNAMIC_FTP_DATA"];
$this->host = $data["FTP_HOST"];
$this->path = $data["PATH"];
$this->secure = $data["FTP_SECURE"] == "TRUE" ? true : false;
$this->port = $data["FTP_PORT"] != "" ? intval($data["FTP_PORT"]) : ($this->secure ? 22 : 21);
$this->ftpActive = $data["FTP_DIRECT"] == "TRUE" ? true : false;
$this->repoCharset = $data["CHARSET"];
} else {
$this->host = $repository->getOption("FTP_HOST");
$this->path = $repository->getOption("PATH");
$this->secure = $repository->getOption("FTP_SECURE") == "TRUE" ? true : false;
$this->port = $repository->getOption("FTP_PORT") != "" ? intval($repository->getOption("FTP_PORT")) : ($this->secure ? 22 : 21);
$this->ftpActive = $repository->getOption("FTP_DIRECT") == "TRUE" ? true : false;
$this->repoCharset = $repository->getOption("CHARSET");
}
// Test Connexion and server features
global $_SESSION;
$cacheKey = $repository->getId() . "_ftpCharset";
if (!isset($_SESSION[$cacheKey]) || !strlen($_SESSION[$cacheKey]) || $forceLogin) {
$features = $this->getServerFeatures();
$ctxCharset = ConfService::getContextCharset();
if (empty($ctxCharset)) {
ConfService::setContextCharset($features["charset"]);
$_SESSION[$cacheKey] = $features["charset"];
} else {
$_SESSION[$cacheKey] = $ctxCharset;
}
}
return $urlParts;
}
public function detectRemoteUserId($repoObject)
{
$host = $repoObject->getOption("SFTP_HOST");
$port = $repoObject->getOption("SFTP_PORT");
$credentials = AJXP_Safe::tryLoadingCredentialsFromSources(NULL, $repoObject);
$user = $credentials["user"];
$pass = $credentials["password"];
$ssh2 = new Net_SSH2($host, $port);
if ($ssh2->login($user, $pass)) {
$output = $ssh2->exec('id');
$ssh2->disconnect();
if (trim($output != "")) {
$res = sscanf($output, "uid=%i(%s) gid=%i(%s) groups=%i(%s)");
preg_match_all("/(\\w*)=(\\w*)\\((\\w*)\\)/", $output, $matches);
if (count($matches[0]) == 3) {
$uid = $matches[2][0];
$gid = $matches[2][1];
return array($uid, $gid);
}
}
}
unset($ssh2);
return array(null, null);
}
/** Cypher the publiclet object data and write to disk.
* @param Array $data The publiclet data array to write
The data array must have the following keys:
- DRIVER The driver used to get the file's content
- OPTIONS The driver options to be successfully constructed (usually, the user and password)
- FILE_PATH The path to the file's content
- PASSWORD If set, the written publiclet will ask for this password before sending the content
- ACTION If set, action to perform
- USER If set, the AJXP user
- EXPIRE_TIME If set, the publiclet will deny downloading after this time, and probably self destruct.
* - AUTHOR_WATCH If set, will post notifications for the publiclet author each time the file is loaded
* @param AbstractAccessDriver $accessDriver
* @param Repository $repository
* @return array An array containing the hash (0) and the generated url (1)
*/
public function writePubliclet(&$data, $accessDriver, $repository)
{
$downloadFolder = ConfService::getCoreConf("PUBLIC_DOWNLOAD_FOLDER");
if (!is_dir($downloadFolder)) {
return "ERROR : Public URL folder does not exist!";
}
if (!function_exists("mcrypt_create_iv")) {
return "ERROR : MCrypt must be installed to use publiclets!";
}
$this->initPublicFolder($downloadFolder);
$data["PLUGIN_ID"] = $accessDriver->getId();
$data["BASE_DIR"] = $accessDriver->getBaseDir();
//$data["REPOSITORY"] = $repository;
if (AuthService::usersEnabled()) {
$data["OWNER_ID"] = AuthService::getLoggedUser()->getId();
}
$storeCreds = false;
if ($repository->getOption("META_SOURCES")) {
$options["META_SOURCES"] = $repository->getOption("META_SOURCES");
foreach ($options["META_SOURCES"] as $metaSource) {
if (isset($metaSource["USE_SESSION_CREDENTIALS"]) && $metaSource["USE_SESSION_CREDENTIALS"] === true) {
$storeCreds = true;
break;
}
}
}
if ($storeCreds || $accessDriver->hasMixin("credentials_consumer")) {
$cred = AJXP_Safe::tryLoadingCredentialsFromSources(array(), $repository);
if (isset($cred["user"]) && isset($cred["password"])) {
$data["SAFE_USER"] = $cred["user"];
$data["SAFE_PASS"] = $cred["password"];
}
}
// Force expanded path in publiclet
$copy = clone $repository;
$copy->addOption("PATH", $repository->getOption("PATH"));
$data["REPOSITORY"] = $copy;
if ($data["ACTION"] == "") {
$data["ACTION"] = "download";
}
// Create a random key
$data["FINAL_KEY"] = md5(mt_rand() . time());
// Cypher the data with a random key
$outputData = serialize($data);
// Hash the data to make sure it wasn't modified
$hash = $this->computeHash($outputData, $downloadFolder);
// md5($outputData);
$outputData = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $hash, $outputData, MCRYPT_MODE_ECB));
$fileData = "<" . "?" . "php \n" . ' require_once("' . str_replace("\\", "/", AJXP_INSTALL_PATH) . '/publicLet.inc.php"); ' . "\n" . ' $id = str_replace(".php", "", basename(__FILE__)); ' . "\n" . ' $cypheredData = base64_decode("' . $outputData . '"); ' . "\n" . ' $inputData = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $id, $cypheredData, MCRYPT_MODE_ECB), "\\0"); ' . "\n" . ' if (!ShareCenter::checkHash($inputData, $id)) { header("HTTP/1.0 401 Not allowed, script was modified"); exit(); } ' . "\n" . ' // Ok extract the data ' . "\n" . ' $data = unserialize($inputData); ShareCenter::loadPubliclet($data); ';
if (@file_put_contents($downloadFolder . "/" . $hash . ".php", $fileData) === FALSE) {
return "Can't write to PUBLIC URL";
}
@chmod($downloadFolder . "/" . $hash . ".php", 0755);
PublicletCounter::reset($hash);
$url = $this->buildPublicletLink($hash);
$this->logInfo("New Share", array("file" => "'" . $copy->display . ":/" . $data['FILE_PATH'] . "'", "url" => $url, "expiration" => $data['EXPIRE_TIME'], "limit" => $data['DOWNLOAD_LIMIT'], "repo_uuid" => $copy->uuid));
AJXP_Controller::applyHook("node.share.create", array('type' => 'file', 'repository' => &$copy, 'accessDriver' => &$accessDriver, 'data' => &$data, 'url' => $url));
return array($hash, $url);
}
public static function getSshConnection($path, $repoObject = null)
{
if ($repoObject != null) {
$url = array();
} else {
$url = AJXP_Utils::safeParseUrl($path);
$repoId = $url["host"];
$repoObject = ConfService::getRepositoryById($repoId);
}
$remote_serv = $repoObject->getOption("SERV");
$remote_port = $repoObject->getOption("PORT");
$credentials = AJXP_Safe::tryLoadingCredentialsFromSources($url, $repoObject);
$remote_user = $credentials["user"];
$remote_pass = $credentials["password"];
$remote_base_path = $repoObject->getOption("PATH");
$callbacks = array('disconnect' => "disconnectedSftp", 'ignore' => "ignoreSftp", 'debug' => "debugSftp", 'macerror' => "macerrorSftp");
$connection = ssh2_connect($remote_serv, intval($remote_port), array(), $callbacks);
ssh2_auth_password($connection, $remote_user, $remote_pass);
return array($connection, $remote_base_path);
}
/** Cypher the publiclet object data and write to disk.
* @param Array $data The publiclet data array to write
The data array must have the following keys:
- DRIVER The driver used to get the file's content
- OPTIONS The driver options to be successfully constructed (usually, the user and password)
- FILE_PATH The path to the file's content
- PASSWORD If set, the written publiclet will ask for this password before sending the content
- ACTION If set, action to perform
- USER If set, the AJXP user
- EXPIRE_TIME If set, the publiclet will deny downloading after this time, and probably self destruct.
* @param AbstractAccessDriver $accessDriver
* @param Repository $repository
* @return the URL to the downloaded file
*/
function writePubliclet($data, $accessDriver, $repository)
{
$downloadFolder = ConfService::getCoreConf("PUBLIC_DOWNLOAD_FOLDER");
if (!is_dir($downloadFolder)) {
return "ERROR : Public URL folder does not exist!";
}
if (!function_exists("mcrypt_create_iv")) {
return "ERROR : MCrypt must be installed to use publiclets!";
}
$this->initPublicFolder($downloadFolder);
$data["PLUGIN_ID"] = $accessDriver->getId();
$data["BASE_DIR"] = $accessDriver->getBaseDir();
$data["REPOSITORY"] = $repository;
if (AuthService::usersEnabled()) {
$data["OWNER_ID"] = AuthService::getLoggedUser()->getId();
}
if ($accessDriver->hasMixin("credentials_consumer")) {
$cred = AJXP_Safe::tryLoadingCredentialsFromSources(array(), $repository);
if (isset($cred["user"]) && isset($cred["password"])) {
$data["SAFE_USER"] = $cred["user"];
$data["SAFE_PASS"] = $cred["password"];
}
}
// Force expanded path in publiclet
$data["REPOSITORY"]->addOption("PATH", $repository->getOption("PATH"));
if ($data["ACTION"] == "") {
$data["ACTION"] = "download";
}
// Create a random key
$data["FINAL_KEY"] = md5(mt_rand() . time());
// Cypher the data with a random key
$outputData = serialize($data);
// Hash the data to make sure it wasn't modified
$hash = md5($outputData);
// The initialisation vector is only required to avoid a warning, as ECB ignore IV
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
// We have encoded as base64 so if we need to store the result in a database, it can be stored in text column
$outputData = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $hash, $outputData, MCRYPT_MODE_ECB, $iv));
// Okay, write the file:
$fileData = "<" . "?" . "php \n" . ' require_once("' . str_replace("\\", "/", AJXP_INSTALL_PATH) . '/publicLet.inc.php"); ' . "\n" . ' $id = str_replace(".php", "", basename(__FILE__)); ' . "\n" . ' $cypheredData = base64_decode("' . $outputData . '"); ' . "\n" . ' $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND); ' . "\n" . ' $inputData = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $id, $cypheredData, MCRYPT_MODE_ECB, $iv), "\\0"); ' . "\n" . ' if (md5($inputData) != $id) { header("HTTP/1.0 401 Not allowed, script was modified"); exit(); } ' . "\n" . ' // Ok extract the data ' . "\n" . ' $data = unserialize($inputData); ShareCenter::loadPubliclet($data); ?' . '>';
if (@file_put_contents($downloadFolder . "/" . $hash . ".php", $fileData) === FALSE) {
return "Can't write to PUBLIC URL";
}
@chmod($downloadFolder . "/" . $hash . ".php", 0755);
PublicletCounter::reset($hash);
return $this->buildPublicletLink($hash);
}
