/**
* get the login name of the current user
*
* @return string
*/
public function getLoginName() {
if ($this->activeUser) {
return $this->session->get('loginname');
} else {
$uid = $this->session->get('user_id');
if ($uid) {
$this->activeUser = $this->manager->get($uid);
return $this->session->get('loginname');
} else {
return null;
}
}
}
public static function initSession() {
// prevents javascript from accessing php session cookies
ini_set('session.cookie_httponly', '1;');
// set the cookie path to the ownCloud directory
$cookie_path = OC::$WEBROOT ? : '/';
ini_set('session.cookie_path', $cookie_path);
//set the session object to a dummy session so code relying on the session existing still works
self::$session = new \OC\Session\Memory('');
// Let the session name be changed in the initSession Hook
$sessionName = OC_Util::getInstanceId();
try {
// Allow session apps to create a custom session object
$useCustomSession = false;
OC_Hook::emit('OC', 'initSession', array('session' => &self::$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession));
if(!$useCustomSession) {
// set the session name to the instance id - which is unique
self::$session = new \OC\Session\Internal($sessionName);
}
// if session cant be started break with http 500 error
} catch (Exception $e) {
//show the user a detailed error page
OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
OC_Template::printExceptionErrorPage($e);
}
$sessionLifeTime = self::getSessionLifeTime();
// regenerate session id periodically to avoid session fixation
if (!self::$session->exists('SID_CREATED')) {
self::$session->set('SID_CREATED', time());
} else if (time() - self::$session->get('SID_CREATED') > $sessionLifeTime / 2) {
session_regenerate_id(true);
self::$session->set('SID_CREATED', time());
}
// session timeout
if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 42000, $cookie_path);
}
session_unset();
session_destroy();
session_start();
}
self::$session->set('LAST_ACTIVITY', time());
}
public static function init()
{
// register autoloader
require_once __DIR__ . '/autoloader.php';
self::$loader = new \OC\Autoloader();
self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib');
self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib');
self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing');
self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console');
self::$loader->registerPrefix('Sabre\\VObject', '3rdparty');
self::$loader->registerPrefix('Sabre_', '3rdparty');
self::$loader->registerPrefix('Patchwork', '3rdparty');
spl_autoload_register(array(self::$loader, 'load'));
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
if (defined('DEBUG') && DEBUG) {
ini_set('display_errors', 1);
}
self::$CLI = php_sapi_name() == 'cli';
date_default_timezone_set('UTC');
ini_set('arg_separator.output', '&');
// try to switch magic quotes off.
if (get_magic_quotes_gpc() == 1) {
ini_set('magic_quotes_runtime', 0);
}
//try to configure php to enable big file uploads.
//this doesn´t work always depending on the webserver and php configuration.
//Let´s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@set_time_limit(3600);
@ini_set('max_execution_time', 3600);
@ini_set('max_input_time', 3600);
//try to set the maximum filesize to 10G
@ini_set('upload_max_filesize', '10G');
@ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50');
//copy http auth headers for apache+php-fcgid work around
if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
}
//set http auth headers for apache+php-cgi work around
if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
self::initPaths();
if (OC_Config::getValue('instanceid', false)) {
// \OC\Memcache\Cache has a hidden dependency on
// OC_Util::getInstanceId() for namespacing. See #5409.
try {
self::$loader->setMemoryCache(\OC\Memcache\Factory::createLowLatency('Autoloader'));
} catch (\Exception $ex) {
}
}
OC_Util::isSetLocaleWorking();
// set debug mode if an xdebug session is active
if (!defined('DEBUG') || !DEBUG) {
if (isset($_COOKIE['XDEBUG_SESSION'])) {
define('DEBUG', true);
}
}
if (!defined('PHPUNIT_RUN')) {
if (defined('DEBUG') and DEBUG) {
OC\Log\ErrorHandler::register(true);
set_exception_handler(array('OC_Template', 'printExceptionErrorPage'));
} else {
OC\Log\ErrorHandler::register();
}
OC\Log\ErrorHandler::setLogger(OC_Log::$object);
}
// register the stream wrappers
stream_wrapper_register('fakedir', 'OC\\Files\\Stream\\Dir');
stream_wrapper_register('static', 'OC\\Files\\Stream\\StaticStream');
stream_wrapper_register('close', 'OC\\Files\\Stream\\Close');
stream_wrapper_register('quota', 'OC\\Files\\Stream\\Quota');
stream_wrapper_register('oc', 'OC\\Files\\Stream\\OC');
// setup the basic server
self::$server = new \OC\Server();
self::initTemplateEngine();
OC_App::loadApps(array('session'));
if (!self::$CLI) {
self::initSession();
} else {
self::$session = new \OC\Session\Memory('');
}
self::checkConfig();
self::checkInstalled();
self::checkSSL();
self::addSecurityHeaders();
$errors = OC_Util::checkServer();
if (count($errors) > 0) {
if (self::$CLI) {
foreach ($errors as $error) {
echo $error['error'] . "\n";
echo $error['hint'] . "\n\n";
}
} else {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
OC_Template::printGuestPage('', 'error', array('errors' => $errors));
}
exit;
}
//try to set the session lifetime
$sessionLifeTime = self::getSessionLifeTime();
@ini_set('gc_maxlifetime', (string) $sessionLifeTime);
// User and Groups
if (!OC_Config::getValue("installed", false)) {
self::$session->set('user_id', '');
}
OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database());
if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('loginname') && $_SERVER['PHP_AUTH_USER'] !== self::$session->get('loginname')) {
$sessionUser = self::$session->get('loginname');
$serverUser = $_SERVER['PHP_AUTH_USER'];
OC_Log::write('core', "Session loginname ({$sessionUser}) doesn't match SERVER[PHP_AUTH_USER] ({$serverUser}).", OC_Log::WARN);
OC_User::logout();
}
// Load Apps
// This includes plugins for users and filesystems as well
global $RUNTIME_NOAPPS;
global $RUNTIME_APPTYPES;
if (!$RUNTIME_NOAPPS && !self::checkUpgrade(false)) {
if ($RUNTIME_APPTYPES) {
OC_App::loadApps($RUNTIME_APPTYPES);
} else {
OC_App::loadApps();
}
}
//setup extra user backends
OC_User::setupBackends();
self::registerCacheHooks();
self::registerFilesystemHooks();
self::registerPreviewHooks();
self::registerShareHooks();
self::registerLogRotate();
//make sure temporary files are cleaned up
register_shutdown_function(array('OC_Helper', 'cleanTmp'));
//parse the given parameters
self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files');
if (substr_count(self::$REQUESTEDAPP, '?') != 0) {
$app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
$param = substr($_GET['app'], strpos($_GET['app'], '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDAPP = $app;
$_GET['app'] = $app;
}
self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null;
if (substr_count(self::$REQUESTEDFILE, '?') != 0) {
$file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?'));
$param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDFILE = $file;
$_GET['getfile'] = $file;
}
if (!is_null(self::$REQUESTEDFILE)) {
$subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE;
$parent = OC_App::getAppPath(OC::$REQUESTEDAPP);
if (!OC_Helper::issubdirectory($subdir, $parent)) {
self::$REQUESTEDFILE = null;
header('HTTP/1.0 404 Not Found');
exit;
}
}
if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) {
if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
OC_Util::addScript('backgroundjobs');
}
}
}
/**
* Handle the request
*/
public static function handleRequest()
{
$l = \OC_L10N::get('lib');
// load all the classpaths from the enabled apps so they are available
// in the routing files of each app
OC::loadAppClassPaths();
// Check if ownCloud is installed or in maintenance (update) mode
if (!OC_Config::getValue('installed', false)) {
$controller = new OC\Core\Setup\Controller();
$controller->run($_POST);
exit;
}
$host = OC_Request::insecureServerHost();
// if the host passed in headers isn't trusted
if (!OC::$CLI && OC_Request::getOverwriteHost() === null && !OC_Request::isTrustedDomain($host)) {
header('HTTP/1.1 400 Bad Request');
header('Status: 400 Bad Request');
OC_Template::printErrorPage($l->t('You are accessing the server from an untrusted domain.'), $l->t('Please contact your administrator. If you are an administrator of this instance, configure the "trusted_domain" setting in config/config.php. An example configuration is provided in config/config.sample.php.'));
return;
}
$request = OC_Request::getPathInfo();
if (substr($request, -3) !== '.js') {
// we need these files during the upgrade
self::checkMaintenanceMode();
self::checkUpgrade();
}
if (!OC_User::isLoggedIn()) {
// Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
OC::tryBasicAuthLogin();
}
if (!self::$CLI and (!isset($_GET["logout"]) or $_GET["logout"] !== 'true')) {
try {
if (!OC_Config::getValue('maintenance', false) && !\OCP\Util::needUpgrade()) {
OC_App::loadApps(array('authentication'));
OC_App::loadApps(array('filesystem', 'logging'));
OC_App::loadApps();
}
self::checkSingleUserMode();
OC::$server->getRouter()->match(OC_Request::getRawPathInfo());
return;
} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
//header('HTTP/1.0 404 Not Found');
} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
OC_Response::setStatus(405);
return;
}
}
// Load minimum set of apps
if (!self::checkUpgrade(false)) {
// For logged-in users: Load everything
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
} else {
// For guests: Load only authentication, filesystem and logging
OC_App::loadApps(array('authentication'));
OC_App::loadApps(array('filesystem', 'logging'));
}
}
// Handle redirect URL for logged in users
if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (strpos($location, '@') === false) {
header('Location: ' . $location);
return;
}
}
// Handle WebDAV
if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
// not allowed any more to prevent people
// mounting this root directly.
// Users need to mount remote.php/webdav instead.
header('HTTP/1.1 405 Method Not Allowed');
header('Status: 405 Method Not Allowed');
return;
}
// Redirect to index if the logout link is accessed without valid session
// this is needed to prevent "Token expired" messages while login if a session is expired
// @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
if (isset($_GET['logout']) && !OC_User::isLoggedIn()) {
header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
return;
}
// Someone is logged in
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
OC_User::setupBackends();
if (isset($_GET["logout"]) and $_GET["logout"]) {
OC_JSON::callCheck();
if (isset($_COOKIE['oc_token'])) {
OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
}
if (isset($_SERVER['PHP_AUTH_USER'])) {
if (isset($_COOKIE['oc_ignore_php_auth_user'])) {
// Ignore HTTP Authentication for 5 more mintues.
setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
} elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) {
// Ignore HTTP Authentication to allow a different user to log in.
setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
}
}
OC_User::logout();
// redirect to webroot and add slash if webroot is empty
header("Location: " . OC::$WEBROOT . (empty(OC::$WEBROOT) ? '/' : ''));
} else {
// Redirect to default application
OC_Util::redirectToDefaultPage();
}
} else {
// Not handled and not logged in
self::handleLogin();
}
}
public function testGetAfterSet()
{
$this->instance->set('foo', 'bar');
$this->assertEquals('bar', $this->instance->get('foo'));
}
