} ?> <body> <?php printLogoAndLinks(); ?> <div id="main"> <div id="content"> <h1><?php echo gettext('Setup request'); ?> </h1> <div class="tabbox"> <p> <?php if (zpFunctions::hasPrimaryScripts()) { if ($found) { echo '<a href="' . WEBPATH . '/' . ZENFOLDER . '/setup.php?xsrfToken=' . getXSRFToken('setup') . '">' . gettext('Click to restore the setup scripts and run setup.') . '</a>'; } else { printf(gettext('You must restore the setup files from the %1$s release.'), ZENPHOTO_VERSION); } } else { echo gettext('You must restore the setup files on your primary installation to run the setup operation.'); } ?> </p> </div> </div> </div> </body> </html>
/** * control when and how setup scripts are turned back into PHP files * @param int reason * 1 No prior install signature * 2 restore setup files button * 4 Clone request * 5 Setup run with proper XSRF token * 6 checkSignature and no prior signature * 11 No config file * 12 No database specified * 13 No DB connection * 14 checkInstall Version has changed */ function restoreSetupScrpts($reason) { //log setup file restore no matter what! require_once SERVERPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/security-logger.php'; switch ($reason) { default: $addl = sprintf(gettext('to run setup [%s]'), $reason); break; case 2: $addl = gettext('by Admin request'); break; case 4: $addl = gettext('by cloning'); break; } $allowed = defined('ADMIN_RIGHTS') && zp_loggedin(ADMIN_RIGHTS) && zpFunctions::hasPrimaryScripts(); security_logger::log_setup($allowed, 'restore', $addl); if ($allowed) { if (!defined('FILE_MOD')) { define('FILE_MOD', 0666); } chdir(dirname(__FILE__) . '/setup/'); $found = safe_glob('*.xxx'); foreach ($found as $script) { chmod($script, 0777); if (@rename($script, stripSuffix($script) . '.php')) { chmod(stripSuffix($script) . '.php', FILE_MOD); } else { chmod($script, FILE_MOD); } } } }
/** * Write output to the debug log * Use this for debugging when echo statements would come before headers are sent * or would create havoc in the HTML. * Creates (or adds to) a file named debug.log which is located in the zenphoto core folder * * @param string $message the debug information * @param bool $reset set to true to reset the log to zero before writing the message * @param string $log alternative log file */ function debugLog($message, $reset = false, $log = 'debug') { if (defined('SERVERPATH')) { global $_zp_mutex; $path = SERVERPATH . '/' . DATA_FOLDER . '/' . $log . '.log'; $me = getmypid(); if (is_object($_zp_mutex)) { $_zp_mutex->lock(); } if ($reset || ($size = @filesize($path)) == 0 || defined('DEBUG_LOG_SIZE') && DEBUG_LOG_SIZE && $size > DEBUG_LOG_SIZE) { if (!$reset && $size > 0) { switchLog('debug'); } $f = fopen($path, 'w'); if ($f) { if (!class_exists('zpFunctions') || zpFunctions::hasPrimaryScripts()) { $clone = ''; } else { $clone = ' ' . gettext('clone'); } fwrite($f, '{' . $me . ':' . gmdate('D, d M Y H:i:s') . " GMT} ZenPhoto20 v" . ZENPHOTO_VERSION . $clone . "\n"); } } else { $f = fopen($path, 'a'); if ($f) { fwrite($f, '{' . $me . ':' . gmdate('D, d M Y H:i:s') . " GMT}\n"); } } if ($f) { fwrite($f, " " . $message . "\n"); fclose($f); clearstatcache(); if (defined('DATA_MOD')) { @chmod($path, DATA_MOD); } } if (is_object($_zp_mutex)) { $_zp_mutex->unlock(); } } }
case 'plugins': $plugin_subfolders[] = implode('/', $folders); unset($installed_files[$key]); // this will be taken care of later break; case STATIC_CACHE_FOLDER: $Cache_html_subfolders[] = implode('/', $folders); unset($installed_files[$key]); break; } } $filelist = ''; foreach ($installed_files as $extra) { $filelist .= filesystemToInternal(str_replace($base, '', $extra) . '<br />'); } if (class_exists('zpFunctions') && zpFunctions::hasPrimaryScripts() && count($installed_files) > 0) { if (defined('TEST_RELEASE') && TEST_RELEASE) { $msg1 = gettext("Zenphoto core files [This is a <em>debug</em> build. Some files are missing or seem wrong]"); } else { $msg1 = gettext("Zenphoto core files [Some files are missing or seem wrong]"); } $msg2 = gettext('Perhaps there was a problem with the upload. You should check the following files: ') . '<br /><code>' . substr($filelist, 0, -6) . '</code>'; $mark = -1; } else { if (defined('TEST_RELEASE') && TEST_RELEASE) { $mark = -1; $msg1 = gettext("Zenphoto core files [This is a <em>debug</em> build]"); } else { $msg1 = ''; $mark = 1; }
/** * Does the log handling * * @param int $success * @param string $user * @param string $name * @param string $ip * @param string $type * @param string $authority kind of login * @param string $addl more info */ private static function Logger($success, $user, $name, $action, $authority, $addl = NULL) { global $_zp_authority, $_zp_mutex; $pattern = '~^([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.([01]?\\d\\d?|2[0-4]\\d|25[0-5])$~'; $forwardedIP = NULL; $ip = sanitize($_SERVER['REMOTE_ADDR']); if (!preg_match($pattern, $ip)) { $ip = NULL; } if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $forwardedIP = sanitize($_SERVER['HTTP_X_FORWARDED_FOR']); if (preg_match($pattern, $forwardedIP)) { $ip .= ' {' . $forwardedIP . '}'; } } $admin = $_zp_authority->getMasterUser(); $locale = $admin->getLanguage(); if (empty($locale)) { $locale = 'en_US'; } $cur_locale = getUserLocale(); setupCurrentLocale($locale); // the log will be in the language of the master user. switch ($action) { case 'clear_log': $type = gettext('Log reset'); break; case 'delete_log': $type = gettext('Log deleted'); break; case 'download_log': $type = gettext('Log downloaded'); break; case 'setup_install': $type = gettext('Install'); $addl = gettext('version') . ' ' . ZENPHOTO_VERSION . '[' . ZENPHOTO_RELEASE . "]"; if (!zpFunctions::hasPrimaryScripts()) { $addl .= ' ' . gettext('clone'); } break; case 'setup_proptect': $type = gettext('Protect setup scripts'); break; case 'user_new': $type = gettext('Request add user'); break; case 'user_update': $type = gettext('Request update user'); break; case 'user_delete': $type = gettext('Request delete user'); break; case 'XSRF_blocked': $type = gettext('Cross Site Reference'); break; case 'blocked_album': $type = gettext('Album access'); break; case 'blocked_access': $type = gettext('Admin access'); break; case 'Front-end': $type = gettext('Guest login'); break; case 'Back-end': $type = gettext('Admin login'); break; case 'auth_cookie': $type = gettext('Authorization cookie check'); break; default: $type = $action; break; } $file = SERVERPATH . '/' . DATA_FOLDER . '/security.log'; $max = getOption('security_log_size'); $_zp_mutex->lock(); if ($max && @filesize($file) > $max) { switchLog('security'); } $preexists = file_exists($file) && filesize($file) > 0; $f = fopen($file, 'a'); if ($f) { if (!$preexists) { // add a header fwrite($f, gettext('date' . "\t" . 'requestor’s IP' . "\t" . 'type' . "\t" . 'user ID' . "\t" . 'user name' . "\t" . 'outcome' . "\t" . 'authority' . "\tadditional information\n")); } $message = date('Y-m-d H:i:s') . "\t"; $message .= $ip . "\t"; $message .= $type . "\t"; $message .= $user . "\t"; $message .= $name . "\t"; switch ($success) { case 0: $message .= gettext("Failed") . "\t"; break; case 1: $message .= gettext("Success") . "\t"; $message .= substr($authority, 0, strrpos($authority, '_auth')); break; case 2: $message .= gettext("Blocked") . "\t"; break; default: $message .= $success . "\t"; } if ($addl) { $message .= "\t" . $addl; } fwrite($f, $message . "\n"); fclose($f); clearstatcache(); if (!$preexists) { @chmod($file, 0660 & CHMOD_VALUE); if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') { $permission = fileperms($file) & 0700; // on Windows owner==group==public $check = $permission != 0600 & CHMOD_VALUE; } else { $permission = fileperms($file) & 0777; $check = $permission != 0660 & CHMOD_VALUE; } if ($check) { $f = fopen($file, 'a'); fwrite($f, "\t\t" . gettext('Set Security log permissions') . "\t\t\t" . gettext('Failed') . "\t\t" . sprintf(gettext('File permissions of Security log are %04o'), $permission) . "\n"); fclose($f); clearstatcache(); } } } $_zp_mutex->unlock(); setupCurrentLocale($cur_locale); // restore to whatever was in effect. }
* <b>Note:</b> If the destination already has a installation these files and folders will be removed by the cloning * process! * * The <i>Delete setup scripts</i> button will remove the <var>setup</var> files from the current installation. This is * the same function provided by <i>Setup</i> after a successful install. It is provided here because you will likely not want to * remove the setup scripts until you have cloned and installed all desired destinations. * * @author Stephen Billard (sbillard) * * @package plugins * @subpackage admin */ $plugin_is_filter = 5 | ADMIN_PLUGIN; $plugin_description = gettext('Allows multiple installations to share a single set of script files.'); $plugin_author = "Stephen Billard (sbillard)"; $plugin_disable = SYMLINK ? zpFunctions::hasPrimaryScripts() ? false : gettext('Only the primary installation may clone offspring installations.') : gettext('Your server does not support symbolic linking.'); require_once SERVERPATH . '/' . ZENFOLDER . '/reconfigure.php'; if ($plugin_disable) { enableExtension('cloneZenphoto', 0); } else { zp_register_filter('admin_tabs', 'cloneZenphoto::tabs'); class cloneZenphoto { static function tabs($tabs) { if (zp_loggedin(ADMIN_RIGHTS)) { $oldtabs = $tabs; $tabs = array(); foreach ($oldtabs as $tab => $data) { if ($tab == 'logs') { $tabs['clone'] = array('text' => gettext("clone"), 'link' => WEBPATH . "/" . ZENFOLDER . '/' . PLUGIN_FOLDER . '/cloneZenphoto/cloneTab.php', 'rights' => ADMIN_RIGHTS, 'subtabs' => NULL);
} } $filelist = ''; $report = $installed_files; if (count($report) > 15) { shuffle($report); $report = array_slice($report, 0, 15); natsort($report); } foreach ($report as $extra) { $filelist .= filesystemToInternal(str_replace($base, '', $extra) . '<br />'); } if ($report != $installed_files) { $filelist .= '....<br />'; } if (zpFunctions::hasPrimaryScripts() && count($installed_files) > 0) { if (defined('TEST_RELEASE') && TEST_RELEASE) { $msg1 = gettext("ZenPhoto20 core files [This is a <em>debug</em> build. Some files are missing or seem wrong]"); } else { $msg1 = gettext("ZenPhoto20 core files [Some files are missing or seem wrong]"); } $msg2 = gettext('Perhaps there was a problem with the upload. You should check the following files: ') . '<br /><code>' . substr($filelist, 0, -6) . '</code>'; $mark = -1; } else { if (isset($rootupdate) && !$rootupdate) { $mark = 0; $msg1 = gettext("ZenPhoto20 core files [Could not update the root <em>index.php</em> file.]"); $msg2 = sprintf(gettext('Perhaps there is a permissions issue. You should manually copy the %s <em>root_index.php</em> file to the installation root and rename it <em>index.php</em>.'), ZENFOLDER); } else { if (defined('TEST_RELEASE') && TEST_RELEASE) { $mark = -1;
function site_upgrade_button($buttons) { global $_zp_conf_vars, $_site_filelist; $state = @$_zp_conf_vars['site_upgrade_state']; $hash = ''; foreach ($_site_filelist as $name => $source) { if (file_exists(SERVERPATH . '/' . USER_PLUGIN_FOLDER . '/site_upgrade/' . $name)) { $hash .= md5(file_get_contents(SERVERPATH . '/' . USER_PLUGIN_FOLDER . '/site_upgrade/' . $name)); } } if ($hash !== getOption('site_upgrade_hash')) { $buttons[] = array('XSRFTag' => 'site_upgrade_refresh', 'category' => gettext('Admin'), 'enable' => true, 'button_text' => gettext('Restore site_upgrade files'), 'formname' => 'refreshHTML', 'action' => FULLWEBPATH . '/' . ZENFOLDER . '/admin.php', 'icon' => 'images/refresh.png', 'title' => gettext('Restores the files in the "plugins/site_upgrade" folder to their default state. Note: this will overwrite any custom edits you may have made.'), 'alt' => '', 'hidden' => '<input type="hidden" name="refreshHTML" value="1" />', 'rights' => ADMIN_RIGHTS); } switch ($state) { case 'closed': $buttons[] = array('XSRFTag' => 'site_upgrade', 'category' => gettext('Admin'), 'enable' => 2, 'button_text' => gettext('Site » test mode'), 'formname' => 'site_upgrade', 'action' => FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/site_upgrade/site_upgrade.php', 'icon' => 'images/lock_open.png', 'title' => gettext('Make the site available for viewing administrators only.'), 'onclick' => "\$('#site_upgrade_form').dirtyForms('setClean');this.form.submit();", 'alt' => '', 'hidden' => '<input type="hidden" name="siteState" value="closed_for_test" />', 'rights' => ADMIN_RIGHTS); break; case 'closed_for_test': $buttons[] = array('XSRFTag' => 'site_upgrade', 'category' => gettext('Admin'), 'enable' => 2, 'button_text' => gettext('Site » open'), 'formname' => 'site_upgrade', 'action' => FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/site_upgrade/site_upgrade.php', 'icon' => 'images/lock.png', 'title' => gettext('Make site available for viewing.'), 'alt' => '', 'hidden' => '<input type="hidden" name="siteState" value="open" />', 'rights' => ADMIN_RIGHTS); list($diff, $needs) = checkSignature(0); if (zpFunctions::hasPrimaryScripts() && empty($needs)) { ?> <script type="text/javascript"> window.addEventListener('load', function () { $('#site_upgrade').submit(function () { return confirm('<?php echo gettext('Your setup scripts are not protected!'); ?> '); }) }, false); </script> <?php } break; default: $buttons[] = array('XSRFTag' => 'site_upgrade', 'category' => gettext('Admin'), 'enable' => true, 'button_text' => gettext('Site » close'), 'formname' => 'site_upgrade.php', 'action' => FULLWEBPATH . '/' . ZENFOLDER . '/' . PLUGIN_FOLDER . '/site_upgrade/site_upgrade.php', 'icon' => 'images/lock.png', 'title' => gettext('Make site unavailable for viewing by redirecting to the "closed.html" page.'), 'alt' => '', 'hidden' => '<input type="hidden" name="siteState" value="closed" />', 'rights' => ADMIN_RIGHTS); break; } return $buttons; }