/**
* check system configuration
* @return void
*/
function checkSystemConfiguration()
{
$changed = false;
// Check encryption keys.
if (config('crypto.encryption_key') === null) {
config('crypto.encryption_key', Rhymix\Framework\Security::getRandom(64, 'alnum'));
$changed = true;
}
if (config('crypto.authentication_key') === null) {
config('crypto.authentication_key', Rhymix\Framework\Security::getRandom(64, 'alnum'));
$changed = true;
}
if (config('crypto.session_key') === null) {
config('crypto.session_key', Rhymix\Framework\Security::getRandom(64, 'alnum'));
$changed = true;
}
// Save new configuration.
if ($changed) {
Rhymix\Framework\Config::save();
}
}
function procMemberModifyEmailAddress()
{
if (!Context::get('is_logged')) {
return $this->stop('msg_not_logged');
}
$member_info = Context::get('logged_info');
$newEmail = Context::get('email_address');
if (!$newEmail) {
return $this->stop('msg_invalid_request');
}
$oMemberModel = getModel('member');
// Check managed Email Host
if ($oMemberModel->isDeniedEmailHost($newEmail)) {
$config = $oMemberModel->getMemberConfig();
$emailhost_check = $config->emailhost_check;
$managed_email_host = lang('managed_email_host');
$email_hosts = $oMemberModel->getManagedEmailHosts();
foreach ($email_hosts as $host) {
$hosts[] = $host->email_host;
}
$message = sprintf($managed_email_host[$emailhost_check], implode(', ', $hosts), 'id@' . implode(', id@', $hosts));
return new Object(-1, $message);
}
// Check if the e-mail address is already registered
$member_srl = $oMemberModel->getMemberSrlByEmailAddress($newEmail);
if ($member_srl) {
return new Object(-1, 'msg_exists_email_address');
}
if ($_SESSION['rechecked_password_step'] != 'INPUT_DATA') {
return $this->stop('msg_invalid_request');
}
unset($_SESSION['rechecked_password_step']);
$auth_args = new stdClass();
$auth_args->user_id = $newEmail;
$auth_args->member_srl = $member_info->member_srl;
$auth_args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
$auth_args->new_password = '******';
$oDB =& DB::getInstance();
$oDB->begin();
$output = executeQuery('member.insertAuthMail', $auth_args);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
$oModuleModel = getModel('module');
$member_config = $oModuleModel->getModuleConfig('member');
$tpl_path = sprintf('%sskins/%s', $this->module_path, $member_config->skin);
if (!is_dir($tpl_path)) {
$tpl_path = sprintf('%sskins/%s', $this->module_path, 'default');
}
global $lang;
$memberInfo = array();
$memberInfo[$lang->email_address] = $member_info->email_address;
$memberInfo[$lang->nick_name] = $member_info->nick_name;
Context::set('memberInfo', $memberInfo);
Context::set('newEmail', $newEmail);
$auth_url = getFullUrl('', 'module', 'member', 'act', 'procMemberAuthEmailAddress', 'member_srl', $member_info->member_srl, 'auth_key', $auth_args->auth_key);
Context::set('auth_url', $auth_url);
$oTemplate =& TemplateHandler::getInstance();
$content = $oTemplate->compile($tpl_path, 'confirm_member_new_email');
$oMail = new Mail();
$oMail->setTitle(lang('title_modify_email_address'));
$oMail->setContent($content);
$oMail->setSender($member_config->webmaster_name ? $member_config->webmaster_name : 'webmaster', $member_config->webmaster_email);
$oMail->setReceiptor($member_info->nick_name, $newEmail);
$result = $oMail->send();
$msg = sprintf(lang('msg_confirm_mail_sent'), $newEmail);
$this->setMessage($msg);
$returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', '');
$this->setRedirectUrl($returnUrl);
}
function strcmpConstantTime($a, $b)
{
return Rhymix\Framework\Security::compareStrings($a, $b);
}
/**
* Check for CSRF attacks
*
* @return bool
*/
function checkCSRF()
{
// Use Rhymix Security class first.
if (Rhymix\Framework\Security::checkCSRF()) {
return true;
}
// Check if we have a virtual site with a matching domain.
$oModuleModel = getModel('module');
$siteModuleInfo = $oModuleModel->getDefaultMid();
$virtualSiteInfo = $oModuleModel->getSiteInfo($siteModuleInfo->site_srl);
if (strcasecmp($virtualSiteInfo->domain, Context::get('vid')) && stristr($virtualSiteInfo->domain, $referer_host)) {
return true;
} else {
return false;
}
}
/**
* @brief Create an IV
* @return string
*/
protected static function _createIV()
{
return Rhymix\Framework\Security::getRandom(self::ENCRYPTION_BLOCK_SIZE, 'binary');
}
/**
* Move an attachement to the other document
*
* @param int $source_srl Sequence of target to move
* @param int $target_module_srl New squence of module
* @param int $target_srl New sequence of target
* @return void
*/
function moveFile($source_srl, $target_module_srl, $target_srl)
{
if ($source_srl == $target_srl) {
return;
}
$oFileModel = getModel('file');
$file_list = $oFileModel->getFiles($source_srl);
if (!$file_list) {
return;
}
$file_count = count($file_list);
for ($i = 0; $i < $file_count; $i++) {
unset($file_info);
$file_info = $file_list[$i];
$old_file = $file_info->uploaded_filename;
// Determine the file path by checking if the file is an image or other kinds
if (preg_match("/\\.(jpg|jpeg|gif|png|wmv|wma|mpg|mpeg|avi|swf|flv|mp1|mp2|mp3|mp4|asf|wav|asx|mid|midi|asf|mov|moov|qt|rm|ram|ra|rmm|m4v)\$/i", $file_info->source_filename)) {
$path = sprintf("./files/attach/images/%s/%s/", $target_module_srl, $target_srl);
$new_file = $path . $file_info->source_filename;
} else {
$path = sprintf("./files/attach/binaries/%s/%s/", $target_module_srl, $target_srl);
$new_file = $path . Rhymix\Framework\Security::getRandom(32, 'hex');
}
// Pass if a target document to move is same
if ($old_file == $new_file) {
continue;
}
// Create a directory
FileHandler::makeDir($path);
// Move the file
FileHandler::rename($old_file, $new_file);
// Update DB information
$args = new stdClass();
$args->file_srl = $file_info->file_srl;
$args->uploaded_filename = $new_file;
$args->module_srl = $file_info->module_srl;
$args->upload_target_srl = $target_srl;
executeQuery('file.updateFile', $args);
}
}
/**
* Handle request arguments for XML RPC
*
* @return void
*/
private function _setXmlRpcArgument()
{
if (self::getRequestMethod() != 'XMLRPC') {
return;
}
$xml = $GLOBALS['HTTP_RAW_POST_DATA'];
if (!Rhymix\Framework\Security::checkXEE($xml)) {
header("HTTP/1.0 400 Bad Request");
exit;
}
if (function_exists('libxml_disable_entity_loader')) {
libxml_disable_entity_loader(true);
}
$oXml = new XmlParser();
$xml_obj = $oXml->parse($xml);
$params = $xml_obj->methodcall->params;
unset($params->node_name, $params->attrs, $params->body);
if (!count(get_object_vars($params))) {
return;
}
foreach ($params as $key => $val) {
self::set($key, $this->_filterXmlVars($key, $val), TRUE);
}
}
/**
* @brief check XML External Entity
*
* @see from drupal. https://github.com/drupal/drupal/commit/90e884ad0f7f2cf269d953f7d70966de9fd821ff
*
* @param string $xml
* @return bool
*/
public static function detectingXEE($xml)
{
return !Rhymix\Framework\Security::checkXEE($xml);
}
/**
* @brief Install with received information
*/
function procInstall($install_config = null)
{
// Check if it is already installed
if (Context::isInstalled()) {
return new Object(-1, 'msg_already_installed');
}
// Get install parameters.
$config = Rhymix\Framework\Config::getDefaults();
if ($install_config) {
$install_config = (array) $install_config;
$config['db']['master']['type'] = str_replace('_innodb', '', $install_config['db_type']);
$config['db']['master']['host'] = $install_config['db_hostname'];
$config['db']['master']['port'] = $install_config['db_port'];
$config['db']['master']['user'] = $install_config['db_userid'];
$config['db']['master']['pass'] = $install_config['db_password'];
$config['db']['master']['database'] = $install_config['db_database'];
$config['db']['master']['prefix'] = $install_config['db_table_prefix'];
$config['db']['master']['charset'] = $install_config['db_charset'];
$config['db']['master']['engine'] = strpos($install_config['db_type'], 'innodb') !== false ? 'innodb' : (strpos($install_config['db_type'], 'mysql') !== false ? 'myisam' : null);
$config['use_rewrite'] = $install_config['use_rewrite'] === 'Y' ? true : false;
$config['url']['ssl'] = $install_config['use_ssl'] ?: 'none';
$time_zone = $install_config['time_zone'];
$user_info = new stdClass();
$user_info->email_address = $install_config['email_address'];
$user_info->password = $install_config['password'];
$user_info->nick_name = $install_config['nick_name'];
$user_info->user_id = $install_config['user_id'];
} else {
$config['db']['master']['type'] = str_replace('_innodb', '', $_SESSION['db_config']->db_type);
$config['db']['master']['host'] = $_SESSION['db_config']->db_host;
$config['db']['master']['port'] = $_SESSION['db_config']->db_port;
$config['db']['master']['user'] = $_SESSION['db_config']->db_user;
$config['db']['master']['pass'] = $_SESSION['db_config']->db_pass;
$config['db']['master']['database'] = $_SESSION['db_config']->db_database;
$config['db']['master']['prefix'] = $_SESSION['db_config']->db_prefix;
$config['db']['master']['charset'] = $_SESSION['db_config']->db_charset;
$config['db']['master']['engine'] = strpos($_SESSION['db_config']->db_type, 'innodb') !== false ? 'innodb' : (strpos($_SESSION['db_config']->db_type, 'mysql') !== false ? 'myisam' : null);
$config['use_rewrite'] = $_SESSION['use_rewrite'] === 'Y' ? true : false;
$config['url']['ssl'] = Context::get('use_ssl') ?: 'none';
$time_zone = Context::get('time_zone');
$user_info = Context::gets('email_address', 'password', 'nick_name', 'user_id');
}
// Fix the database table prefix.
$config['db']['master']['prefix'] = rtrim($config['db']['master']['prefix'], '_');
if ($config['db']['master']['prefix'] !== '') {
$config['db']['master']['prefix'] .= '_';
}
// Create new crypto keys.
$config['crypto']['encryption_key'] = Rhymix\Framework\Security::getRandom(64, 'alnum');
$config['crypto']['authentication_key'] = Rhymix\Framework\Security::getRandom(64, 'alnum');
$config['crypto']['session_key'] = Rhymix\Framework\Security::getRandom(64, 'alnum');
// Set the default language.
$config['locale']['default_lang'] = Context::getLangType();
$config['locale']['enabled_lang'] = array($config['locale']['default_lang']);
// Set the default time zone.
if (strpos($time_zone, '/') !== false) {
$config['locale']['default_timezone'] = $time_zone;
$user_timezone = null;
} else {
$user_timezone = intval(Rhymix\Framework\DateTime::getTimezoneOffsetByLegacyFormat($time_zone ?: '+0900') / 3600);
switch ($user_timezone) {
case 9:
$config['locale']['default_timezone'] = 'Asia/Seoul';
break;
case 0:
$config['locale']['default_timezone'] = 'Etc/UTC';
break;
default:
$config['locale']['default_timezone'] = 'Etc/GMT' . ($user_timezone > 0 ? '-' : '+') . abs($user_timezone);
}
}
// Set the internal time zone.
if ($config['locale']['default_timezone'] === 'Asia/Seoul') {
$config['locale']['internal_timezone'] = 32400;
} elseif ($user_timezone !== null) {
$config['locale']['internal_timezone'] = $user_timezone * 3600;
} else {
$config['locale']['internal_timezone'] = 0;
}
// Set the default URL.
$config['url']['default'] = Context::getRequestUri();
// Set the default umask.
$config['file']['umask'] = Rhymix\Framework\Storage::recommendUmask();
// Load the new configuration.
Rhymix\Framework\Config::setAll($config);
Context::loadDBInfo($config);
// Check DB.
$oDB = DB::getInstance();
if (!$oDB->isConnected()) {
return $oDB->getError();
}
// Assign a temporary administrator while installing.
foreach ($user_info as $key => $val) {
Context::set($key, $val, true);
}
$user_info->is_admin = 'Y';
Context::set('logged_info', $user_info);
// Install all the modules.
try {
$oDB->begin();
$this->installDownloadedModule();
$oDB->commit();
} catch (Exception $e) {
$oDB->rollback();
return new Object(-1, $e->getMessage());
}
// Execute the install script.
$scripts = FileHandler::readDir(_XE_PATH_ . 'modules/install/script', '/(\\.php)$/');
if (count($scripts)) {
sort($scripts);
foreach ($scripts as $script) {
$script_path = FileHandler::getRealPath('./modules/install/script/');
$output = (include $script_path . $script);
}
}
// Apply site lock.
if (Context::get('use_sitelock') === 'Y') {
$user_ip_range = getView('install')->detectUserIPRange();
Rhymix\Framework\Config::set('lock.locked', true);
Rhymix\Framework\Config::set('lock.message', 'This site is locked.');
Rhymix\Framework\Config::set('lock.allow', array('127.0.0.1', $user_ip_range));
}
// Save the new configuration.
Rhymix\Framework\Config::save();
// Unset temporary session variables.
unset($_SESSION['use_rewrite']);
unset($_SESSION['db_config']);
// Redirect to the home page.
$this->setMessage('msg_install_completed');
$returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : RX_BASEURL;
$this->setRedirectUrl($returnUrl);
return new Object();
}
public static function password_hash($password, $algo = 1, $options = [])
{
if (!isset($options['salt']) || !preg_match('/^[0-9a-zA-Z\\.\\/]{22,}$/', $options['salt'])) {
$options['salt'] = Rhymix\Framework\Security::getRandom(22, 'alnum');
}
if (!isset($options['cost']) || $options['cost'] < 4 || $options['cost'] > 31) {
$options['cost'] = 10;
}
$salt = '$2y$' . sprintf('%02d', $options['cost']) . '$' . $options['salt'];
return @crypt($password, $salt);
}