/** * @return string */ public function GetAuthTokenQ() { return \RainLoop\Utils::EncodeKeyValuesQ(array('token', $this->sEmail, $this->sLogin, $this->sPassword, \RainLoop\Utils::Fingerprint(), $this->sSignMeToken, $this->sParentEmail, \RainLoop\Utils::GetShortToken(), $this->sProxyAuthUser, $this->sProxyAuthPassword, 0)); }
/** * @param string $sToken * @param bool $bThrowExceptionOnFalse = true * @param bool $bValidateShortToken = true * @param bool $bQ = false * * @return \RainLoop\Model\Account|bool * @throws \RainLoop\Exceptions\ClientException */ public function GetAccountFromCustomToken($sToken, $bThrowExceptionOnFalse = true, $bValidateShortToken = true, $bQ = false) { $oResult = false; if (!empty($sToken)) { $aAccountHash = $bQ ? \RainLoop\Utils::DecodeKeyValuesQ($sToken) : \RainLoop\Utils::DecodeKeyValues($sToken); if (!empty($aAccountHash[0]) && 'token' === $aAccountHash[0] && 8 <= \count($aAccountHash) && !empty($aAccountHash[7]) && (!$bValidateShortToken || \RainLoop\Utils::GetShortToken() === $aAccountHash[7] || isset($aAccountHash[10]) && 0 < $aAccountHash[10] && \time() < $aAccountHash[10])) { $oAccount = $this->LoginProvide($aAccountHash[1], $aAccountHash[2], $aAccountHash[3], empty($aAccountHash[5]) ? '' : $aAccountHash[5], $bThrowExceptionOnFalse); if ($oAccount instanceof \RainLoop\Model\Account) { if (!empty($aAccountHash[8]) && !empty($aAccountHash[9])) { $oAccount->SetProxyAuthUser($aAccountHash[8]); $oAccount->SetProxyAuthPassword($aAccountHash[9]); } $this->Logger()->AddSecret($oAccount->Password()); $this->Logger()->AddSecret($oAccount->ProxyAuthPassword()); $oAccount->SetParentEmail($aAccountHash[6]); $oResult = $oAccount; } } else { if ($bThrowExceptionOnFalse) { throw new \RainLoop\Exceptions\ClientException(\RainLoop\Notifications::AuthError); } } } if ($bThrowExceptionOnFalse && !$oResult instanceof \RainLoop\Model\Account) { throw new \RainLoop\Exceptions\ClientException(\RainLoop\Notifications::AuthError); } return $oResult; }
/** * @return \RainLoop\Service */ public function Handle() { if (!\class_exists('MailSo\\Version')) { return $this; } $this->oActions->BootStart(); $this->oActions->ParseQueryAuthString(); $bCached = false; $sResult = ''; $sQuery = \trim(\trim($this->oHttp->GetServer('QUERY_STRING', '')), ' /'); $iPos = \strpos($sQuery, '&'); if (0 < $iPos) { $sQuery = \substr($sQuery, 0, $iPos); } $this->oActions->Plugins()->RunHook('filter.http-query', array(&$sQuery)); $aPaths = \explode('/', $sQuery); $this->oActions->Plugins()->RunHook('filter.http-paths', array(&$aPaths)); $bAdmin = false; $sAdminPanelHost = $this->oActions->Config()->Get('security', 'admin_panel_host', ''); if (empty($sAdminPanelHost)) { $bAdmin = !empty($aPaths[0]) && \in_array(\strtolower($aPaths[0]), array('admin', 'cp')); } else { if (empty($aPaths[0]) && \MailSo\Base\Utils::StrToLowerIfAscii($sAdminPanelHost) === \MailSo\Base\Utils::StrToLowerIfAscii($this->oHttp->GetHost())) { $bAdmin = true; } } if ($bAdmin && !$this->oActions->Config()->Get('security', 'allow_admin_panel', true)) { echo $this->oActions->ErrorTemplates('Access Denied.', 'Access to the RainLoop Webmail Admin Panel is not allowed!', true); return $this; } $bIndex = true; if (0 < \count($aPaths) && !empty($aPaths[0]) && !$bAdmin && 'index' !== $aPaths[0]) { $bIndex = false; $sMethodName = 'Service' . $aPaths[0]; if (\method_exists($this->oServiceActions, $sMethodName) && \is_callable(array($this->oServiceActions, $sMethodName))) { $this->oServiceActions->SetQuery($sQuery)->SetPaths($aPaths); $sResult = \call_user_func(array($this->oServiceActions, $sMethodName)); } else { if (!$this->oActions->Plugins()->RunAdditionalPart($aPaths[0], $aPaths)) { $bIndex = true; } } } if ($bIndex) { @header('Content-Type: text/html; charset=utf-8'); $this->oHttp->ServerNoCache(); $aTemplateParameters = $this->indexTemplateParameters($bAdmin); $sCacheFileName = ''; if ($this->oActions->Config()->Get('labs', 'cache_system_data', true)) { $sCacheFileName = 'TMPL:' . $aTemplateParameters['{{BaseHash}}']; $sResult = $this->oActions->Cacher()->Get($sCacheFileName); } if (0 === \strlen($sResult)) { $sResult = \strtr(\file_get_contents(APP_VERSION_ROOT_PATH . 'app/templates/Index.html'), $aTemplateParameters); $sResult = \RainLoop\Utils::ClearHtmlOutput($sResult); if (0 < \strlen($sCacheFileName)) { $this->oActions->Cacher()->Set($sCacheFileName, $sResult); } } else { $bCached = true; } $sResult .= '<!--'; $sResult .= ' [version:' . APP_VERSION; $sResult .= '][time:' . \substr(\microtime(true) - APP_START, 0, 6); $sResult .= '][cached:' . ($bCached ? 'true' : 'false'); $sResult .= '][hash:' . $aTemplateParameters['{{BaseHash}}']; $sResult .= '][session:' . \md5(\RainLoop\Utils::GetShortToken()); $sResult .= '] -->'; } // Output result echo $sResult; unset($sResult); $this->oActions->BootEnd(); return $this; }
/** * @param string $sEncriptedString * @param string $sKey * * @return string */ public static function DecryptStringQ($sEncriptedString, $sKey) { // if (\MailSo\Base\Utils::FunctionExistsAndEnabled('openssl_pkey_get_private')) // { // return \RainLoop\Utils::DecryptStringRSA($sEncriptedString, // $sKey.'Q'.\RainLoop\Utils::GetShortToken()); // } return \MailSo\Base\Crypt::XxteaDecrypt($sEncriptedString, $sKey . 'Q' . \RainLoop\Utils::GetShortToken()); }
/** * @return \RainLoop\Service */ public function Handle() { if (!\class_exists('MailSo\\Version')) { return $this; } $this->oActions->BootStart(); $this->oActions->ParseQueryAuthString(); $bCached = false; $sResult = ''; $sQuery = \trim(\trim($this->oHttp->GetServer('QUERY_STRING', '')), ' /'); $iPos = \strpos($sQuery, '&'); if (0 < $iPos) { $sQuery = \substr($sQuery, 0, $iPos); } $this->oActions->Plugins()->RunHook('filter.http-query', array(&$sQuery)); $aPaths = \explode('/', $sQuery); $this->oActions->Plugins()->RunHook('filter.http-paths', array(&$aPaths)); $bAdmin = false; $sAdminPanelHost = $this->oActions->Config()->Get('security', 'admin_panel_host', ''); if (empty($sAdminPanelHost)) { $bAdmin = !empty($aPaths[0]) && \in_array(\strtolower($aPaths[0]), array('admin', 'cp')); } else { if (empty($aPaths[0]) && \MailSo\Base\Utils::StrToLowerIfAscii($sAdminPanelHost) === \MailSo\Base\Utils::StrToLowerIfAscii($this->oHttp->GetHost())) { $bAdmin = true; } } if ($bAdmin && !$this->oActions->Config()->Get('security', 'allow_admin_panel', true)) { echo $this->oActions->ErrorTemplates('Access Denied.', 'Access to the RainLoop Webmail Admin Panel is not allowed!', true); return $this; } $bIndex = true; if (0 < \count($aPaths) && !empty($aPaths[0]) && !$bAdmin && 'index' !== $aPaths[0]) { $bIndex = false; $sMethodName = 'Service' . $aPaths[0]; if (\method_exists($this->oServiceActions, $sMethodName) && \is_callable(array($this->oServiceActions, $sMethodName))) { $this->oServiceActions->SetQuery($sQuery)->SetPaths($aPaths); $sResult = \call_user_func(array($this->oServiceActions, $sMethodName)); } else { if (!$this->oActions->Plugins()->RunAdditionalPart($aPaths[0], $aPaths)) { $bIndex = true; } } } if ($bIndex) { @header('Content-Type: text/html; charset=utf-8'); $this->oHttp->ServerNoCache(); $aData = $this->startUpData($bAdmin); $sCacheFileName = ''; if ($this->oActions->Config()->Get('labs', 'cache_system_data', true)) { $sCacheFileName = 'TMPL:' . $aData['Hash']; $sResult = $this->oActions->Cacher()->Get($sCacheFileName); } if (0 === \strlen($sResult)) { $sJsBoot = \file_get_contents(APP_VERSION_ROOT_PATH . 'static/js/boot.js'); $sResult = \strtr(\file_get_contents(APP_VERSION_ROOT_PATH . 'app/templates/Index.html'), array('{{BaseRandHash}}' => \md5(\rand(1000, 9000) . \microtime(true)), '{{BaseAppDataScriptLink}}' => $bAdmin ? './?/AdminAppData/' : './?/AppData/', '{{BaseAppFaviconIcoFile}}' => $aData['FaviconIcoLink'], '{{BaseAppFaviconPngFile}}' => $aData['FaviconPngLink'], '{{BaseAppAppleTouchFile}}' => $aData['AppleTouchLink'], '{{BaseAppMainCssLink}}' => $aData['AppCssLink'], '{{BaseAppBootScriptSource}}' => $sJsBoot, '{{BaseAppLibsScriptLink}}' => $aData['LibJsLink'], '{{BaseAppEditorScriptLink}}' => $aData['EditorJsLink'], '{{BaseAppMainScriptLink}}' => $aData['AppJsLink'], '{{BaseAppLoadingDescription}}' => \htmlspecialchars($aData['LoadingDescription'], ENT_QUOTES | ENT_IGNORE, 'UTF-8'), '{{BaseDir}}' => \in_array($aData['Language'], array('ar', 'he', 'ur')) ? 'rtl' : 'ltr')); $sResult = \RainLoop\Utils::ClearHtmlOutput($sResult); if (0 < \strlen($sCacheFileName)) { $this->oActions->Cacher()->Set($sCacheFileName, $sResult); } } else { $bCached = true; } $sResult .= '<!--'; $sResult .= ' [version:' . APP_VERSION; $sResult .= '][time:' . \substr(\microtime(true) - APP_START, 0, 6); $sResult .= '][cached:' . ($bCached ? 'true' : 'false'); $sResult .= '][session:' . \md5(\RainLoop\Utils::GetShortToken()); $sResult .= '] -->'; } // Output result echo $sResult; unset($sResult); $this->oActions->BootEnd(); return $this; }
/** * @param string $sToken * @param bool $bThrowExceptionOnFalse = true * @param bool $bValidateShortToken = true * * @return \RainLoop\Account|bool * @throws \RainLoop\Exceptions\ClientException */ public function GetAccountFromCustomToken($sToken, $bThrowExceptionOnFalse = true, $bValidateShortToken = true) { $oResult = false; if (!empty($sToken)) { $aAccountHash = \RainLoop\Utils::DecodeKeyValues($sToken); if (!empty($aAccountHash[0]) && 'token' === $aAccountHash[0] && 8 === \count($aAccountHash) && !empty($aAccountHash[7]) && (!$bValidateShortToken || \RainLoop\Utils::GetShortToken() === $aAccountHash[7])) { $oAccount = $this->LoginProvide($aAccountHash[1], $aAccountHash[2], $aAccountHash[3], empty($aAccountHash[5]) ? '' : $aAccountHash[5]); if ($oAccount instanceof \RainLoop\Account) { $this->Logger()->AddSecret($oAccount->Password()); $oAccount->SetParentEmail($aAccountHash[6]); $oResult = $oAccount; } else { $oDomain = $this->DomainProvider()->Load(\MailSo\Base\Utils::GetDomainFromEmail($aAccountHash[1]), true); if ($bThrowExceptionOnFalse) { if (!$oDomain instanceof \RainLoop\Domain) { throw new \RainLoop\Exceptions\ClientException(\RainLoop\Notifications::DomainNotAllowed); } else { if (!$oDomain->ValidateWhiteList($aAccountHash[1], $aAccountHash[2])) { throw new \RainLoop\Exceptions\ClientException(\RainLoop\Notifications::AccountNotAllowed); } } } } } else { if ($bThrowExceptionOnFalse) { throw new \RainLoop\Exceptions\ClientException(\RainLoop\Notifications::AuthError); } } } if ($bThrowExceptionOnFalse && !$oResult instanceof \RainLoop\Account) { throw new \RainLoop\Exceptions\ClientException(\RainLoop\Notifications::AuthError); } return $oResult; }