function migrate($n = false) { if ($this->method !== 'post') { $this->error('403', 'Forbidden'); return; } $CI =& get_instance(); $this->db =& $CI->db; $db_config = Shutter::get_db_configuration(); $this->load->dbforge(); if ($n === 'schema') { require FCPATH . 'app' . DIRECTORY_SEPARATOR . 'koken' . DIRECTORY_SEPARATOR . 'schema.php'; foreach ($koken_tables as $table_name => $info) { $table = $db_config['prefix'] . "{$table_name}"; if ($this->db->table_exists($table)) { $existing_fields = array(); foreach ($this->db->field_data($table) as $field) { $existing_fields[$field->name] = $field; } foreach ($info['fields'] as $field_name => $field_info) { if (array_key_exists($field_name, $existing_fields)) { $field_info['type'] = strtolower($field_info['type']); $compare = (array) $existing_fields[$field_name]; unset($compare['name']); unset($compare['primary_key']); if (isset($compare['max_length'])) { $compare['constraint'] = (int) $compare['max_length']; unset($compare['max_length']); } if (in_array(strtolower($field_info['type']), array('text', 'varchar', 'longtext'))) { $field_info['null'] = true; } $diff = array_diff_assoc($field_info, $compare); if (isset($diff['null']) && $diff['null'] === true && is_null($compare['default']) && $field_info['type'] !== 'text' && $field_info['type'] !== 'varchar') { unset($diff['null']); } if (!empty($diff)) { $this->dbforge->modify_column($table, array($field_name => $field_info)); } } else { if (in_array(strtolower($field_info['type']), array('text', 'varchar', 'longtext'))) { $field_info['null'] = true; } $this->dbforge->add_column($table, array($field_name => $field_info)); } } if (isset($info['keys'])) { foreach ($info['keys'] as $key) { if (is_array($key)) { $key_name = $this->db->_protect_identifiers(implode('_', $key)); $key = $this->db->_protect_identifiers($key); } else { $key_name = $this->db->_protect_identifiers($key); $key = array($key_name); } $sql = "ALTER TABLE {$table} ADD KEY {$key_name} (" . implode(', ', $key) . ")"; $this->db->query($sql); } } if (isset($info['uniques'])) { foreach ($info['uniques'] as $key) { $this->db->query("CREATE UNIQUE INDEX {$key} ON {$table} ({$key})"); } } } else { if (!isset($info['no_id'])) { $this->dbforge->add_field('id'); } $this->dbforge->add_field($info['fields']); if (isset($info['keys'])) { foreach ($info['keys'] as $key) { $primary = false; if ($key == 'id') { $primary = true; } $this->dbforge->add_key($key, $primary); } } $this->dbforge->create_table($db_config['prefix'] . "{$table_name}"); if (isset($info['uniques'])) { $table = $db_config['prefix'] . "{$table_name}"; foreach ($info['uniques'] as $key) { $this->db->query("CREATE UNIQUE INDEX {$key} ON {$table} ({$key})"); } } } } $this->_clear_system_caches(); $s = new Setting(); $s->where('name', 'uuid')->get(); if (!$s->exists()) { $s = new Setting(); $s->name = 'uuid'; $s->value = md5($_SERVER['HTTP_HOST'] . uniqid('', true)); $s->save(); } $uuid = $s->value; $base_folder = trim(preg_replace('/\\/api\\.php(.*)?$/', '', $_SERVER['SCRIPT_NAME']), '/'); include FCPATH . 'app' . DIRECTORY_SEPARATOR . 'koken' . DIRECTORY_SEPARATOR . 'DarkroomUtils.php'; $s->where('name', 'image_processing_library')->get(); $libs = DarkroomUtils::libraries(); $processing_string = $libs[$s->value]['label']; $themes = array('axis' => '86d2f683-9f90-ca3f-d93f-a2e0a9d0a089', 'blueprint' => '1a355994-6217-c7ce-b67a-4241be3feae8', 'boulevard' => 'b30686d9-3490-9abb-1049-fe419a211502', 'chastain' => 'd174e766-5a5f-19eb-d735-5b46ae673a6d', 'elementary' => 'be1cb2d9-ed05-2d81-85b4-23282832eb84', 'madison' => '618e0b9f-fba0-37eb-810a-6d615d0f0e08', 'observatory' => '605ea246-fa37-11f0-f078-d54c8a7cbd3c', 'regale' => 'efde04b6-657d-33b6-767d-67af8ef15e7b', 'repertoire' => 'fa8a5d39-01a5-dfd6-92ff-65a22af5d5ac'); $themes_dir = FCPATH . 'storage' . DIRECTORY_SEPARATOR . 'themes' . DIRECTORY_SEPARATOR; foreach ($themes as $name => $guid) { $dir = $themes_dir . $name; $guid_path = $dir . DIRECTORY_SEPARATOR . 'koken.guid'; $old_guid_path = $dir . DIRECTORY_SEPARATOR . '.guid'; if (file_exists($old_guid_path)) { rename($old_guid_path, $guid_path); } else { if (is_dir($dir) && !file_exists($guid_path)) { file_put_contents($guid_path, $guid); } } } $plugins = array('google-analytics' => 'c4e5bc2b-be8b-3ae7-ccbe-d7e7a1a26136', 'font-loader' => '5b6016ae-9d1a-2336-78c4-63dbb74d39b3', 'koken-spotify' => 'e24a53fc-ac9a-5ab6-5777-237f6dc98496', 'koken-rdio' => '84eb1b9a-ea40-c204-5420-c1af5e1bcbe6', 'koken-html-injector' => '045cb01a-07a6-02b6-a0df-2ae377ce18af', 'koken-pulse-timer' => '6e5cbaa3-9fee-ca89-c989-a7969aa491f3', 'koken-pulse-transition-pack' => '7e958135-8e3e-3b34-5ccd-defe39db9400', 'koken-disqus' => '0a430465-cb52-be7d-a160-94bf73e40c03', 'koken-timeago' => 'bf4ceae8-b2b8-dc16-a439-46a4d915161c'); $plugins_dir = FCPATH . 'storage' . DIRECTORY_SEPARATOR . 'plugins' . DIRECTORY_SEPARATOR; foreach ($plugins as $name => $guid) { $dir = $plugins_dir . $name; $guid_path = $dir . DIRECTORY_SEPARATOR . 'koken.guid'; if (is_dir($dir) && !file_exists($guid_path)) { file_put_contents($guid_path, $guid); } } $this->load->library('webhostwhois'); $host = new WebhostWhois(array('useDns' => false)); if ($host->key === 'unknown' && isset($_SERVER['KOKEN_HOST'])) { $host->key = $_SERVER['KOKEN_HOST']; } $data = array('domain' => $_SERVER['HTTP_HOST'], 'path' => '/' . $base_folder, 'uuid' => $uuid, 'php' => PHP_VERSION, 'version' => KOKEN_VERSION, 'ip' => $_SERVER['SERVER_ADDR'], 'image_processing' => urlencode($processing_string), 'host' => $host->key, 'plugins' => array()); $s = new Setting(); $s->where('name', 'site_url')->get(); if ($s->value !== 'default') { $data['published_path'] = $s->value; } $t = new Theme(); $themes = $t->read(); foreach ($themes as $theme) { if (isset($theme['koken_store_guid'])) { $data['plugins'][] = array('guid' => $theme['koken_store_guid'], 'version' => $theme['version']); } } $plugins = $this->parse_plugins(); foreach ($plugins as $plugin) { if (isset($plugin['koken_store_guid'])) { $data['plugins'][] = array('guid' => $plugin['koken_store_guid'], 'version' => $plugin['version']); } } if (!isset($_COOKIE['koken_session']) && !isset($_COOKIE['koken_session_ci'])) { // Catch upgrades with old auth setup and try to keep them logged in. $u = new User(); $u->get_by_id($this->auth_user_id); if ($u->exists()) { $this->load->library('session'); $u->create_session($this->session); } } // Session upgrade to CI sessions (0.14) if (!isset($_COOKIE['koken_session_ci']) && isset($_COOKIE['koken_session'])) { $old_session = unserialize($_COOKIE['koken_session']); if ($old_session) { $u = new User(); $u->get_by_id($old_session['user']['id']); if ($u->exists()) { $this->load->library('session'); $u->create_session($this->session); } } } $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, KOKEN_STORE_URL . '/register'); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($data, '', '&')); curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($curl, CURLOPT_HEADER, 0); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); $r = curl_exec($curl); curl_close($curl); die(json_encode(array('done' => true))); } else { if ($n) { $path = $this->migrate_path . "{$n}.php"; $migrate_setting = new Setting(); $migrate_setting->where('name', 'last_migration')->get(); if (is_file($path)) { include $path; $is_done = isset($done); if ($migrate_setting->exists() && $is_done) { $migrate_setting->value = (int) $n; $migrate_setting->save(); } die(json_encode(array('done' => $is_done))); exit; } } } }
function index() { // GC old sessions if ($this->method !== 'delete') { $gc = new Application(); $gc->where('role', 'god')->where('created_on <', strtotime('-14 days'))->get(); $gc->delete_all(); } if ($this->method == 'get') { $auth = $this->authenticate(); if ($auth) { $user_id = $auth[0]; $u = new User(); $u->get_by_id($user_id); if ($u->exists()) { $this->set_response_data(array('token' => $auth[1], 'user' => $u->to_array())); } else { $this->error('404', 'User not found.'); return; } } else { $this->error('404', 'Session not found.'); return; } } else { switch ($this->method) { case 'post': $u = new User(); if ($this->input->post('email') && $this->input->post('password')) { $u->where('email', $this->input->post('email'))->limit(1)->get(); if ($u->exists() && $u->check_password($this->input->post('password'))) { $u->create_session($this->session, $this->input->post('remember') === 'on'); } else { $this->error('404', 'User not found.'); return; } } else { $this->error('403', 'Required parameters "email" and/or "password" are not present.'); return; } $this->redirect("/sessions"); break; case 'delete': $auth = $this->authenticate(); if (!$auth) { $this->error('401', 'Not authorized to perform this action.'); return; } $a = new Application(); $a->where('token', $auth[1])->get(); $a->delete(); $user_id = $auth[0]; $u = new User(); $u->get_by_id($user_id); $u->remember_me = null; $u->save(); $this->load->helper('cookie'); delete_cookie('remember_me'); $this->session->sess_destroy(); exit; break; } } }
function authenticate($require_king = false) { $token = false; $cookie = false; $cookie_auth = isset($_SERVER['HTTP_X_KOKEN_AUTH']) && $_SERVER['HTTP_X_KOKEN_AUTH'] === 'cookie'; $this->load->helper('cookie'); if (isset($_COOKIE['koken_session_ci']) && $cookie_auth) { $token = $this->session->userdata('token'); if ($token) { $cookie = true; } } else { if (isset($_COOKIE['koken_session']) && !$this->strict_cookie_auth) { $cookie = unserialize($_COOKIE['koken_session']); $token = $cookie['token']; } else { if ($this->method == 'get' && preg_match("/token:([a-zA-Z0-9]{32})/", $this->uri->uri_string(), $matches)) { // TODO: deprecate this in favor of X-KOKEN-TOKEN $token = $matches[1]; } else { if (isset($_REQUEST['token'])) { $token = $_REQUEST['token']; } else { if (isset($_SERVER['HTTP_X_KOKEN_TOKEN'])) { $token = $_SERVER['HTTP_X_KOKEN_TOKEN']; } } } } } if ($token && $token === $this->config->item('encryption_key')) { return true; } else { if ($token) { $a = new Application(); $a->where('token', $token)->limit(1)->get(); if ($a->exists()) { if ($a->role === 'god' && $this->strict_cookie_auth) { if (!$cookie) { return false; } } else { if ($a->single_use) { $a->delete(); } } return array($a->user_id, $token, $a->role); } } else { if ($cookie_auth && get_cookie('remember_me')) { $remember_token = get_cookie('remember_me'); $u = new User(); $u->where('remember_me', $remember_token)->get(); if ($u->exists()) { $token = $u->create_session($this->session, true); return array($u->id, $token, 'god'); } } } } return false; }