function init($requestData)
{
if (CONFIG_API_LIVE) {
if (!CONFIG_ENFORCE_SSL || isHTTPS()) {
// if the client uses HTTPS (or it's not enforced)
if (isset($_SERVER['HTTP_USER_AGENT'])) {
// if User-Agent header is set
if (preg_match('/Faceless-([a-z_-]+)-([0-9]+)/i', $_SERVER['HTTP_USER_AGENT'], $userAgent)) {
// if User-Agent header has valid format
$userAgentList = unserialize(CONFIG_API_CLIENTS);
// if user agent uses valid platform and no outdated client software
if (isset($userAgentList[$userAgent[1]]) && intval($userAgent[2]) >= $userAgentList[$userAgent[1]]) {
// get the custom request timestamp from the HTTP headers
$requestTimestamp = isset($_SERVER[CONFIG_HEADER_TIMESTAMP]) ? $_SERVER[CONFIG_HEADER_TIMESTAMP] : '';
// if the timestamp (verified by signature) is within the valid interval
if (abs($requestTimestamp - time()) < 86400) {
// get the signature provided by the client
$signatureClient = isset($_SERVER[CONFIG_HEADER_SIGNATURE]) ? $_SERVER[CONFIG_HEADER_SIGNATURE] : '';
// generate the server signature for this request
$signatureServer = base64_encode(hash_hmac(CONFIG_HMAC_ALGORITHM, getRequestIdentifier($requestData), CONFIG_API_SECRET, true));
// compare the server signature to the client signature for request verification
if (hash_equals($signatureClient, $signatureServer)) {
// integrity and authenticity of the request have been verified
// initialize the database connection
try {
Database::init(CONFIG_DB_CONNECT_STRING, CONFIG_DB_USERNAME, CONFIG_DB_PASSWORD);
} catch (Exception $e) {
respond(array('status' => 'maintenance'));
}
// return with supplied user credentials
return array('username' => isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '', 'password' => isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '');
} else {
respond(array('status' => 'bad_request'));
}
} else {
respond(array('status' => 'bad_request'));
}
} else {
respond(array('status' => 'outdated_client'));
}
} else {
respond(array('status' => 'bad_request'));
}
} else {
respond(array('status' => 'bad_request'));
}
} else {
respond(array('status' => 'bad_request'));
}
} else {
respond(array('status' => 'maintenance'));
}
return NULL;
// suppress IDE warnings
}
} elseif (!empty($_filename) && !$g->exists() && !$g->size()) {
if (!$_options->wiki) {
header('HTTP/1.1 404 Not Found');
}
}
// offer ?wait updates (polling)
if (isset($i_wait)) {
$etag = is_array($i_wait) && isset($i_wait['etag']) ? $i_wait['etag'] : $g->etag();
while ($etag == $g->etag()) {
sleep(1);
clearstatcache();
}
$g->reload();
}
// offer WebSocket updates
$updatesVia = isHTTPS() ? 'wss:' : 'ws:';
$updatesVia .= '//' . $_domain . ':' . (1 + $_SERVER['SERVER_PORT']);
header('Updates-Via: ' . $updatesVia);
// RDF details
header('Triples: ' . $g->size());
if (isset($i_query)) {
header('Query: ' . str_replace(array("\r", "\n"), '', $i_query));
}
// support JSON-P
if (isset($i_callback)) {
header('Content-Type: text/javascript');
if ($_method == 'GET') {
if ($_output == 'json' || isset($i_query)) {
echo $i_callback, '(';
register_shutdown_function(function () {
echo ');';
function convert_imagen_to_https($url)
{
if (isHTTPS()) {
return str_replace('http://', 'https://', $url);
}
return $url;
}
});
// base constants
if (!isset($_ENV['CLOUD_NAME'])) {
$_ENV['CLOUD_NAME'] = $_SERVER['SERVER_NAME'];
}
if (!isset($_ENV['CLOUD_HOME'])) {
$_ENV['CLOUD_HOME'] = realpath(dirname(__FILE__) . '/../../');
}
if (!isset($_ENV['CLOUD_DATA'])) {
$_ENV['CLOUD_DATA'] = $_ENV['CLOUD_HOME'] . '/data';
}
define('BASE_DOMAIN', $_ENV['CLOUD_NAME']);
define('X_AGENT', isset($_SERVER['X_AGENT']) ? $_SERVER['X_AGENT'] : 'Mozilla');
define('X_PAD', isset($_SERVER['X_PAD']) ? $_SERVER['X_PAD'] : '(null)');
define('REQUEST_TIME', $_SERVER['REQUEST_TIME']);
if (isHTTPS()) {
$BASE = 'https://' . $_SERVER['SERVER_NAME'] . ($_SERVER['SERVER_PORT'] != '443' ? ':' . $_SERVER['SERVER_PORT'] : '');
} else {
$BASE = 'http://' . $_SERVER['SERVER_NAME'] . ($_SERVER['SERVER_PORT'] != '80' ? ':' . $_SERVER['SERVER_PORT'] : '');
}
//$URI = isset($_SERVER['REDIRECT_URL']) ? $_SERVER['REDIRECT_URL'] : $_SERVER['REQUEST_URI'];
$URI = $_SERVER['REQUEST_URI'];
define('REQUEST_BASE', $BASE);
define('REQUEST_URL', $URI);
define('REQUEST_URI', $BASE . $URI);
// session startup
session_name('SID');
session_set_cookie_params(157680000, '/', '.' . preg_replace('/.+\\.([^.]+\\.[^.]+)$/', '\\1', $_SERVER['SERVER_NAME']));
session_start();
// init RDF
if (function_exists('librdf_php_free_last_log')) {
function _getLink($detailUrl, $filenameFieldValue, $recordNum, $useSeoUrls)
{
global $VIEWER_NAME;
// error checking
//
// define vars
$link = '';
// add http://domain for viewer
$includesProto = preg_match("!^\\w+://!", $detailUrl);
if (!$includesProto) {
$link .= isHTTPS() ? 'https://' : 'http://';
$link .= $_SERVER['HTTP_HOST'];
}
//
$link .= PREFIX_URL;
// add url path (without http, domain, query or PATH_INFO) for viewer
$relativeUrl = !preg_match("!^(/|\\w+://)!", $detailUrl);
if ($relativeUrl) {
$thisDirUrl = dirname(@$_SERVER['SCRIPT_NAME']) . "/" . $detailUrl;
$thisDirUrl = preg_replace("|^[\\\\/]+|", "/", $thisDirUrl);
// remove multiple leading slashes (and replace \ returned by dirname on windows in root)
$link .= $thisDirUrl;
} else {
$link .= $detailUrl;
}
// add url delimiter, filenameField, and record number
$link .= $useSeoUrls ? '/' : '?';
$link .= $filenameFieldValue;
$link .= $recordNum;
//
return $link;
}
function _security_getProgramBaseRefererUrl()
{
// Get current page URL without query string (originally based off thisPageUrl() code)
static $programBaseUrl;
if (!isset($programBaseUrl)) {
$proto = isHTTPS() ? "https://" : "http://";
$domain = @$_SERVER['HTTP_HOST'] ? $_SERVER['HTTP_HOST'] : @$_SERVER['SERVER_NAME'];
if (preg_match('|:[0-9]+$|', $domain)) {
$port = '';
} else {
$port = @$_SERVER['SERVER_PORT'] && @$_SERVER['SERVER_PORT'] != 80 && @$_SERVER['SERVER_PORT'] != 443 ? ":{$_SERVER['SERVER_PORT']}" : '';
}
$path = str_replace(' ', '%20', $_SERVER['SCRIPT_NAME']);
// exclude PATH_INFO
$programBaseUrl = $proto . $domain . $port . $path;
}
return $programBaseUrl;
}
function startSessionIfRequired()
{
global $SETTINGS;
// don't run this more than once
if (defined('SESSION_STARTED')) {
return;
}
define('SESSION_STARTED', true);
// error-checking for custom session settings
$customSessionErrors = getCustomSessionErrors(@$SETTINGS['advanced']['session_cookie_domain'], @$SETTINGS['advanced']['session_save_path']);
if ($customSessionErrors) {
$customSessionErrors .= sprintf(t('To change %1$s settings edit %2$s'), 'session', '/data/' . SETTINGS_FILENAME);
die($customSessionErrors);
}
// Initialize session
$session_name = cookiePrefix() . 'PHPSESSID';
// use a unique session cookie for each CMS installation
ini_set('session.name', $session_name);
// sets session.name
ini_set('session.cookie_secure', isHTTPS());
// use/require secure cookies when on HTTPS:// connections
ini_set('session.use_cookies', true);
ini_set('session.use_only_cookies', true);
ini_set('session.cookie_domain', @$SETTINGS['advanced']['session_cookie_domain']);
// use this to allow shared login access between subdomains such as host1.example.com, host2.example.com, example.com
ini_set('session.cookie_path', '/');
ini_set('session.cookie_httponly', true);
ini_set('session.cookie_lifetime', 60 * 60 * 24 * 365 * 25);
// save session cookies forever (or 25 years) so they'll work even if users who have turned their system clocks back a few years
ini_set('session.gc_maxlifetime', 60 * 60 * 24);
// session garbage-collection code starts getting randomly called after this many seconds of inactiity
ini_set('session.use_trans_sid', false);
if (@$SETTINGS['advanced']['session_save_path']) {
ini_set('session.save_path', @$SETTINGS['advanced']['session_save_path']);
// use this if your host imposes restrictive session removal timeouts
ini_set('session.gc_probability', 1);
// after gc_maxlifetime is met old session are cleaned up randomly every (gc_probability / gc_divisor) requests
ini_set('session.gc_divisor', 100);
// after gc_maxlifetime is met old session are cleaned up randomly every (gc_probability / gc_divisor) requests
// we don't set gc_ values by default because they cause errors on some server configs: http://bugs.php.net/bug.php?id=20720
}
unset($php_errormsg);
@session_start();
// session_start doesn't output correct return value until PHP 5.3.0+ so we test on the next line
if (isset($php_errormsg)) {
die("Couldn't start session! '{$php_errormsg}'!");
}
}
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
require_once 'runtime.php';
if (isset($i_next)) {
sess('next', $i_next);
} elseif (isMethod('GET') && isset($_SERVER['HTTP_REFERER'])) {
if (sess('next0') != $_SERVER['HTTP_REFERER']) {
sess('next0', $_SERVER['HTTP_REFERER']);
sess('next', $_SERVER['HTTP_REFERER']);
}
}
if (isset($i_auth) && $i_auth == 'WebID') {
if (isSess('next')) {
sess('next', str_replace('http://', 'https://', sess('next')));
}
if (!isHTTPS()) {
header('Location: https://' . BASE_DOMAIN . $_options->base_url . '/login' . newQSA());
exit;
}
}
if (isset($i_provider)) {
header('Location: ' . REQUEST_BASE . '/rp_auth' . newQSA());
exit;
}
if (isset($i_display) && $i_display == 'popup') {
$next = newQSA(array('display' => NULL));
echo "<script>opener.document.location = '{$next}';window.close();</script>";
} elseif (isset($i_id) && $i_id == 'facebook' && isset($i_session)) {
$i_session = str_replace('\\', '', $i_session);
$session = json_decode($i_session, true);
if (isset($session['access_token'])) {
<?php
// for compatibility with older plugins, include functions that have been factored out of admin_functions.php
$libDir = pathinfo(__FILE__, PATHINFO_DIRNAME);
require_once "{$libDir}/login_functions.php";
// require HTTPS
if (@$SETTINGS['advanced']['requireHTTPS'] && !isHTTPS()) {
$httpsUrl = preg_replace('/^http:/i', 'https:', thisPageUrl());
die(sprintf(t("Secure HTTP login required: %s"), "<a href='{$httpsUrl}'>{$httpsUrl}</a>"));
}
// restrict IP access
if (@$SETTINGS['advanced']['restrictByIP'] && !isIpAllowed()) {
die(sprintf(t("Access is not permitted from your IP address (%s)"), $_SERVER['REMOTE_ADDR']));
}
// install or upgrade if needed
installIfNeeded();
upgradeIfNeeded();
// register if needed
# NOTE: Disabling or modifying licensing or registration code violates your license agreement and is willful copyright infringement.
# NOTE: Copyright infringement can be very expensive: http://en.wikipedia.org/wiki/Statutory_damages_for_copyright_infringement
# NOTE: Please do not steal our software.
registerIfNeeded();
// set current user or show login menu
function adminLoginMenu()
{
global $CURRENT_USER;
// login menu actions
$action = @$_REQUEST['action'];
if ($action == 'logoff') {
user_logoff();
exit;
function projectURL()
{
$base_url = isHTTPS(true) . "://" . $_SERVER['SERVER_NAME'] . getenv('project_path');
return $base_url;
}
function admin_saveSettings($savePagePath)
{
global $SETTINGS, $APP;
// error checking
clearAlertsAndNotices();
// so previous alerts won't prevent saving of admin options
// security checks
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
//
disableInDemoMode('settings', $savePagePath);
# license error checking
if (array_key_exists('licenseProductId', $_REQUEST)) {
if (!isValidProductId($_REQUEST['licenseProductId'])) {
alert("Invalid Product License ID!");
} else {
if ($SETTINGS['licenseProductId'] != $_REQUEST['licenseProductId']) {
$SETTINGS['licenseCompanyName'] = $_REQUEST['licenseCompanyName'];
// update settings
$SETTINGS['licenseDomainName'] = $_REQUEST['licenseDomainName'];
// ...
$SETTINGS['licenseProductId'] = $_REQUEST['licenseProductId'];
// ...
$isValid = register();
// validate productId (and save new settings)
if (!$isValid) {
redirectBrowserToURL('?menu=admin', true);
exit;
}
}
}
}
# program url / adminUrl
if (array_key_exists('adminUrl', $_REQUEST)) {
if (!preg_match('/^http/i', $_REQUEST['adminUrl'])) {
alert("Program URL must start with http:// or https://<br/>\n");
}
if (preg_match('/\\?/i', $_REQUEST['adminUrl'])) {
alert("Program URL can not contain a ?<br/>\n");
}
}
# webPrefixUrl - v2.53
if (@$_REQUEST['webPrefixUrl'] != '') {
if (!preg_match("|^(\\w+:/)?/|", $_REQUEST['webPrefixUrl'])) {
alert(t("Website Prefix URL must start with /") . "<br/>\n");
}
if (preg_match("|/\$|", $_REQUEST['webPrefixUrl'])) {
alert(t("Website Prefix URL cannot end with /") . "<br/>\n");
}
}
# upload url/dir
if (array_key_exists('uploadDir', $_REQUEST)) {
# if (!preg_match('/\/$/', $_REQUEST['uploadDir'])) { alert("Upload Directory must end with a slash! (eg: /www/htdocs/uploads/)<br/>\n"); }
}
if (array_key_exists('uploadUrl', $_REQUEST)) {
# if (preg_match('/^\w+:\/\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must be the web path only without a domain (eg: /uploads/)<br/>\n"); }
# else if (!preg_match('/^\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must start with a slash! (eg: /uploads/)<br/>\n"); }
# if (!preg_match('/\/$/', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must end with a slash! (eg: /uploads/)<br/>\n"); }
$_REQUEST['uploadUrl'] = chop($_REQUEST['uploadUrl'], '\\\\/');
// remove trailing slashes
}
# admin email
if (array_key_exists('adminEmail', $_REQUEST) && !isValidEmail($_REQUEST['adminEmail'])) {
alert("Admin Email must be a valid email (example: user@example.com)<br/>\n");
}
// error checking - require HTTPS
if (@$_REQUEST['requireHTTPS'] && !isHTTPS()) {
alert("Require HTTPS: You must be logged in with a secure HTTPS url to set this option!<br/>\n");
}
// error checking - require HTTPS
if (@$_REQUEST['restrictByIP'] && !isIpAllowed(true, @$_REQUEST['restrictByIP_allowed'])) {
alert(t("Restrict IP Access: You current IP address must be in the allowed IP list!") . "<br/>\n");
}
// error checking - session values
$sessionErrors = getCustomSessionErrors(@$_REQUEST['session_cookie_domain'], @$_REQUEST['session_save_path']);
if ($sessionErrors) {
alert($sessionErrors);
}
# show errors
if (alert()) {
showInterface('admin/general.php');
exit;
}
### update global settings
$globalSettings =& $SETTINGS;
foreach (array_keys($globalSettings) as $key) {
if (array_key_exists($key, $_REQUEST)) {
$globalSettings[$key] = $_REQUEST[$key];
}
}
# update subsection settings
$subsections = array('advanced', 'wysiwyg');
foreach ($subsections as $subsection) {
$sectionSettings =& $SETTINGS[$subsection];
foreach (array_keys($sectionSettings) as $key) {
if (array_key_exists($key, $_REQUEST)) {
$sectionSettings[$key] = $_REQUEST[$key];
}
}
}
# save to file
saveSettings();
# return to admin home
notice('Settings have been saved.');
showInterface($savePagePath);
}
function getTwilioEndpoint()
{
return (isHTTPS() ? 'https://' : 'http://') . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
}
