protected static function displayResetPasswordPage($success, $args)
{
$route_args = array();
$route_args['token'] = $args['token'];
$route_args['user'] = $args['user'];
OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => $success, 'args' => $route_args));
}
public function display($post)
{
$defaults = array('adminlogin' => '', 'adminpass' => '', 'dbuser' => '', 'dbpass' => '', 'dbname' => '', 'dbtablespace' => '', 'dbhost' => 'localhost', 'dbtype' => '');
$parameters = array_merge($defaults, $post);
\OC_Util::addVendorScript('strengthify/jquery.strengthify');
\OC_Util::addVendorStyle('strengthify/strengthify');
\OC_Util::addScript('setup');
\OC_Template::printGuestPage('', 'installation', $parameters);
}
public static function init() {
// register autoloader
$loaderStart = microtime(true);
require_once __DIR__ . '/autoloader.php';
self::$loader = new \OC\Autoloader();
spl_autoload_register(array(self::$loader, 'load'));
$loaderEnd = microtime(true);
self::initPaths();
// setup 3rdparty autoloader
$vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php';
if (file_exists($vendorAutoLoad)) {
require_once $vendorAutoLoad;
} else {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
// we can't use the template error page here, because this needs the
// DI container which isn't available yet
print('Composer autoloader not found, unable to continue. Check the folder "3rdparty".');
exit();
}
// setup the basic server
self::$server = new \OC\Server(\OC::$WEBROOT);
\OC::$server->getEventLogger()->log('autoloader', 'Autoloader', $loaderStart, $loaderEnd);
\OC::$server->getEventLogger()->start('boot', 'Initialize');
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
if (defined('DEBUG') && DEBUG) {
ini_set('display_errors', 1);
}
self::$CLI = (php_sapi_name() == 'cli');
date_default_timezone_set('UTC');
ini_set('arg_separator.output', '&');
//try to configure php to enable big file uploads.
//this doesn´t work always depending on the webserver and php configuration.
//Let´s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@set_time_limit(3600);
@ini_set('max_execution_time', 3600);
@ini_set('max_input_time', 3600);
//try to set the maximum filesize to 10G
@ini_set('upload_max_filesize', '10G');
@ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50');
self::handleAuthHeaders();
self::registerAutoloaderCache();
// initialize intl fallback is necessary
\Patchwork\Utf8\Bootup::initIntl();
OC_Util::isSetLocaleWorking();
if (!defined('PHPUNIT_RUN')) {
OC\Log\ErrorHandler::setLogger(OC_Log::$object);
if (defined('DEBUG') and DEBUG) {
OC\Log\ErrorHandler::register(true);
set_exception_handler(array('OC_Template', 'printExceptionErrorPage'));
} else {
OC\Log\ErrorHandler::register();
}
}
// register the stream wrappers
stream_wrapper_register('fakedir', 'OC\Files\Stream\Dir');
stream_wrapper_register('static', 'OC\Files\Stream\StaticStream');
stream_wrapper_register('close', 'OC\Files\Stream\Close');
stream_wrapper_register('quota', 'OC\Files\Stream\Quota');
stream_wrapper_register('oc', 'OC\Files\Stream\OC');
\OC::$server->getEventLogger()->start('init_session', 'Initialize session');
OC_App::loadApps(array('session'));
if (!self::$CLI) {
self::initSession();
}
\OC::$server->getEventLogger()->end('init_session');
self::initTemplateEngine();
self::checkConfig();
self::checkInstalled();
self::checkSSL();
OC_Response::addSecurityHeaders();
$errors = OC_Util::checkServer(\OC::$server->getConfig());
if (count($errors) > 0) {
if (self::$CLI) {
foreach ($errors as $error) {
echo $error['error'] . "\n";
echo $error['hint'] . "\n\n";
}
} else {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
OC_Template::printGuestPage('', 'error', array('errors' => $errors));
}
exit;
}
//try to set the session lifetime
$sessionLifeTime = self::getSessionLifeTime();
@ini_set('gc_maxlifetime', (string)$sessionLifeTime);
$systemConfig = \OC::$server->getSystemConfig();
// User and Groups
if (!$systemConfig->getValue("installed", false)) {
self::$server->getSession()->set('user_id', '');
}
OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database());
//setup extra user backends
if (!self::checkUpgrade(false)) {
OC_User::setupBackends();
}
self::registerCacheHooks();
self::registerFilesystemHooks();
self::registerPreviewHooks();
self::registerShareHooks();
self::registerLogRotate();
self::registerLocalAddressBook();
//make sure temporary files are cleaned up
$tmpManager = \OC::$server->getTempManager();
register_shutdown_function(array($tmpManager, 'clean'));
if ($systemConfig->getValue('installed', false) && !self::checkUpgrade(false)) {
if (\OC::$server->getConfig()->getAppValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
OC_Util::addScript('backgroundjobs');
}
}
// Check whether the sample configuration has been copied
if($systemConfig->getValue('copied_sample_config', false)) {
$l = \OC::$server->getL10N('lib');
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
OC_Template::printErrorPage(
$l->t('Sample configuration detected'),
$l->t('It has been detected that the sample configuration has been copied. This can break your installation and is unsupported. Please read the documentation before performing changes on config.php')
);
return;
}
$host = OC_Request::insecureServerHost();
// if the host passed in headers isn't trusted
if (!OC::$CLI
// overwritehost is always trusted
&& OC_Request::getOverwriteHost() === null
&& !OC_Request::isTrustedDomain($host)
) {
header('HTTP/1.1 400 Bad Request');
header('Status: 400 Bad Request');
$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
$tmpl->assign('domain', $_SERVER['SERVER_NAME']);
$tmpl->printPage();
exit();
}
\OC::$server->getEventLogger()->end('boot');
}
<?php
OCP\App::checkAppEnabled('user_openid_provider');
set_include_path(get_include_path() . PATH_SEPARATOR . __DIR__ . '/3rdparty');
require_once 'Zend/OpenId/Provider.php';
if (!isset($_REQUEST['openid_mode'])) {
OC_Template::printGuestPage('user_openid_provider', 'main');
die;
}
$session = new OC_OpenIdProviderUserSession();
$storage = new OC_OpenIdProviderStorage();
$server = new Zend_OpenId_Provider(null, null, $session, $storage);
if (OCP\User::isLoggedIn() and !$session->getLoggedInUser()) {
$session->setLoggedInUser(OCP\Util::linkToAbsolute('', '?') . OCP\User::getUser());
}
if (isset($_GET['openid_action']) and $_GET['openid_action'] == 'login') {
unset($_GET['openid_action']);
$params = '?' . Zend_OpenId::paramsToQuery($_GET);
$next = OCP\Util::linkToRemote('openid_provider') . $params;
$loginPage = OCP\Util::linkToAbsolute('', 'index.php') . '?redirect_url=' . urlencode($next);
header('Location: ' . $loginPage);
} else {
if (isset($_GET['openid_action']) and $_GET['openid_action'] == 'trust') {
OCP\User::checkLoggedIn();
if (isset($_POST['allow'])) {
if (isset($_POST['forever'])) {
$server->allowSite($server->getSiteRoot($_GET));
}
$server->respondToConsumer($_GET);
} else {
if (isset($_POST['deny'])) {
}
OC_Util::addScript('setup');
$hasSQLite = class_exists('SQLite3');
$hasMySQL = is_callable('mysql_connect');
$hasPostgreSQL = is_callable('pg_connect');
$hasOracle = is_callable('oci_connect');
$hasMSSQL = is_callable('sqlsrv_connect');
$datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT . '/data');
$vulnerableToNullByte = false;
if (@file_exists(__FILE__ . "Nullbyte")) {
// Check if the used PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243)
$vulnerableToNullByte = true;
}
// Protect data directory here, so we can test if the protection is working
OC_Setup::protectDataDirectory();
$opts = array('hasSQLite' => $hasSQLite, 'hasMySQL' => $hasMySQL, 'hasPostgreSQL' => $hasPostgreSQL, 'hasOracle' => $hasOracle, 'hasMSSQL' => $hasMSSQL, 'directory' => $datadir, 'secureRNG' => OC_Util::secureRNGAvailable(), 'htaccessWorking' => OC_Util::isHtAccessWorking(), 'vulnerableToNullByte' => $vulnerableToNullByte, 'errors' => array(), 'dbIsSet' => $dbIsSet, 'directoryIsSet' => $directoryIsSet);
if (isset($_POST['install']) and $_POST['install'] == 'true') {
// We have to launch the installation process :
$e = OC_Setup::install($_POST);
$errors = array('errors' => $e);
if (count($e) > 0) {
//OC_Template::printGuestPage("", "error", array("errors" => $errors));
$options = array_merge($_POST, $opts, $errors);
OC_Template::printGuestPage("", "installation", $options);
} else {
header('Location: ' . OC_Helper::linkToRoute('post_setup_check'));
exit;
}
} else {
OC_Template::printGuestPage("", "installation", $opts);
}
//no apps
require_once '../../lib/base.php';
// Someone lost their password:
if (isset($_POST['user'])) {
if (OC_User::userExists($_POST['user'])) {
$token = sha1($_POST['user'] . md5(uniqid(rand(), true)));
OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
if (!empty($email) and isset($_POST['sectoken']) and isset($_SESSION['sectoken']) and $_POST['sectoken'] == $_SESSION['sectoken']) {
$link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php') . '?user='******'user'] . '&token=' . $token;
$tmpl = new OC_Template('core/lostpassword', 'email');
$tmpl->assign('link', $link);
$msg = $tmpl->fetchPage();
$l = OC_L10N::get('core');
$from = 'lostpassword-noreply@' . OC_Helper::serverHost();
OC_MAIL::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud');
echo 'sent';
}
$sectoken = rand(1000000, 9999999);
$_SESSION['sectoken'] = $sectoken;
OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => true, 'sectoken' => $sectoken));
} else {
$sectoken = rand(1000000, 9999999);
$_SESSION['sectoken'] = $sectoken;
OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => true, 'requested' => false, 'sectoken' => $sectoken));
}
} else {
$sectoken = rand(1000000, 9999999);
$_SESSION['sectoken'] = $sectoken;
OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false, 'sectoken' => $sectoken));
}
/**
* @param array $errors
* @param string[] $messages
*/
public static function displayLoginPage($errors = array(), $messages = [])
{
$parameters = array();
foreach ($errors as $value) {
$parameters[$value] = true;
}
$parameters['messages'] = $messages;
if (!empty($_REQUEST['user'])) {
$parameters["username"] = $_REQUEST['user'];
$parameters['user_autofocus'] = false;
} else {
$parameters["username"] = '';
$parameters['user_autofocus'] = true;
}
if (isset($_REQUEST['redirect_url'])) {
$parameters['redirect_url'] = $_REQUEST['redirect_url'];
}
$parameters['canResetPassword'] = true;
if (!\OC::$server->getSystemConfig()->getValue('lost_password_link')) {
if (isset($_REQUEST['user'])) {
$user = \OC::$server->getUserManager()->get($_REQUEST['user']);
if ($user instanceof IUser) {
$parameters['canResetPassword'] = $user->canChangePassword();
}
}
}
$parameters['alt_login'] = OC_App::getAlternativeLogIns();
$parameters['rememberLoginAllowed'] = self::rememberLoginAllowed();
\OC_Hook::emit('OC_Util', 'pre_displayLoginPage', array('parameters' => $parameters));
OC_Template::printGuestPage("", "login", $parameters);
}
public static function init()
{
// register autoloader
spl_autoload_register(array('OC', 'autoload'));
setlocale(LC_ALL, 'en_US.UTF-8');
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
if (defined('DEBUG') && DEBUG) {
ini_set('display_errors', 1);
}
date_default_timezone_set('UTC');
ini_set('arg_separator.output', '&');
// try to switch magic quotes off.
if (function_exists('set_magic_quotes_runtime')) {
@set_magic_quotes_runtime(false);
}
//try to configure php to enable big file uploads.
//this doesn´t work always depending on the webserver and php configuration.
//Let´s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@set_time_limit(3600);
@ini_set('max_execution_time', 3600);
@ini_set('max_input_time', 3600);
//try to set the maximum filesize to 10G
@ini_set('upload_max_filesize', '10G');
@ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50');
//try to set the session lifetime to 60min
@ini_set('gc_maxlifetime', '3600');
//set http auth headers for apache+php-cgi work around
if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]));
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]));
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
self::initPaths();
// register the stream wrappers
require_once 'streamwrappers.php';
stream_wrapper_register("fakedir", "OC_FakeDirStream");
stream_wrapper_register('static', 'OC_StaticStreamWrapper');
stream_wrapper_register('close', 'OC_CloseStreamWrapper');
self::checkInstalled();
self::checkSSL();
// CSRF protection
if (isset($_SERVER['HTTP_REFERER'])) {
$referer = $_SERVER['HTTP_REFERER'];
} else {
$referer = '';
}
$refererhost = parse_url($referer);
if (isset($refererhost['host'])) {
$refererhost = $refererhost['host'];
} else {
$refererhost = '';
}
$server = OC_Helper::serverHost();
$serverhost = explode(':', $server);
$serverhost = $serverhost['0'];
if ($_SERVER['REQUEST_METHOD'] == 'POST' and $refererhost != $serverhost) {
$url = OC_Helper::serverProtocol() . '://' . $server . OC::$WEBROOT . '/index.php';
header("Location: {$url}");
exit;
}
self::initSession();
self::initTemplateEngine();
self::checkUpgrade();
$errors = OC_Util::checkServer();
if (count($errors) > 0) {
OC_Template::printGuestPage('', 'error', array('errors' => $errors));
exit;
}
// TODO: we should get rid of this one, too
// WARNING: to make everything even more confusing,
// DATADIRECTORY is a var that changes and DATADIRECTORY_ROOT
// stays the same, but is set by "datadirectory".
// Any questions?
OC::$CONFIG_DATADIRECTORY = OC_Config::getValue("datadirectory", OC::$SERVERROOT . "/data");
// User and Groups
if (!OC_Config::getValue("installed", false)) {
$_SESSION['user_id'] = '';
}
OC_User::useBackend(OC_Config::getValue("userbackend", "database"));
OC_Group::useBackend(new OC_Group_Database());
// Set up file system unless forbidden
global $RUNTIME_NOSETUPFS;
if (!$RUNTIME_NOSETUPFS) {
OC_Util::setupFS();
}
// Load Apps
// This includes plugins for users and filesystems as well
global $RUNTIME_NOAPPS;
global $RUNTIME_APPTYPES;
if (!$RUNTIME_NOAPPS) {
if ($RUNTIME_APPTYPES) {
OC_App::loadApps($RUNTIME_APPTYPES);
} else {
OC_App::loadApps();
}
}
// Check for blacklisted files
OC_Hook::connect('OC_Filesystem', 'write', 'OC_Filesystem', 'isBlacklisted');
//make sure temporary files are cleaned up
register_shutdown_function(array('OC_Helper', 'cleanTmp'));
//parse the given parameters
self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? str_replace(array('\\0', '/', '\\', '..'), '', strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files');
if (substr_count(self::$REQUESTEDAPP, '?') != 0) {
$app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
$param = substr(self::$REQUESTEDAPP, strpos(self::$REQUESTEDAPP, '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDAPP = $app;
$_GET['app'] = $app;
}
self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null;
if (substr_count(self::$REQUESTEDFILE, '?') != 0) {
$file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?'));
$param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDFILE = $file;
$_GET['getfile'] = $file;
}
if (!is_null(self::$REQUESTEDFILE)) {
$subdir = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE;
$parent = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP;
if (!OC_Helper::issubdirectory($subdir, $parent)) {
self::$REQUESTEDFILE = null;
header('HTTP/1.0 404 Not Found');
exit;
}
}
}
// remember was checked after last login
if (isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) {
if (defined("DEBUG") && DEBUG) {
error_log("Trying to login from cookie");
}
// confirm credentials in cookie
if (isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) && OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {
OC_User::setUserId($_COOKIE['oc_username']);
OC_Util::redirectToDefaultPage();
} else {
OC_User::unsetMagicInCookie();
}
} elseif (isset($_POST["user"]) && isset($_POST['password'])) {
if (OC_User::login($_POST["user"], $_POST["password"])) {
if (!empty($_POST["remember_login"])) {
if (defined("DEBUG") && DEBUG) {
error_log("Setting remember login to cookie");
}
$token = md5($_POST["user"] . time());
OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
OC_User::setMagicInCookie($_POST["user"], $token);
} else {
OC_User::unsetMagicInCookie();
}
OC_Util::redirectToDefaultPage();
} else {
$error = true;
}
}
OC_Template::printGuestPage('', 'login', array('error' => $error, 'redirect' => isset($_REQUEST['redirect_url']) ? $_REQUEST['redirect_url'] : ''));
}
public static function displayLoginPage($parameters = array())
{
if (isset($_COOKIE["username"])) {
$parameters["username"] = $_COOKIE["username"];
} else {
$parameters["username"] = '';
}
OC_Template::printGuestPage("", "login", $parameters);
}
public static function init()
{
// calculate the root directories
OC::$SERVERROOT = str_replace("\\", '/', substr(__DIR__, 0, -4));
// register autoloader
$loaderStart = microtime(true);
require_once __DIR__ . '/autoloader.php';
self::$loader = new \OC\Autoloader([OC::$SERVERROOT . '/lib', OC::$SERVERROOT . '/core', OC::$SERVERROOT . '/settings', OC::$SERVERROOT . '/ocs', OC::$SERVERROOT . '/ocs-provider', OC::$SERVERROOT . '/3rdparty']);
spl_autoload_register(array(self::$loader, 'load'));
$loaderEnd = microtime(true);
self::$CLI = php_sapi_name() == 'cli';
try {
self::initPaths();
// setup 3rdparty autoloader
$vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php';
if (!file_exists($vendorAutoLoad)) {
throw new \RuntimeException('Composer autoloader not found, unable to continue. Check the folder "3rdparty". Running "git submodule update --init" will initialize the git submodule that handles the subfolder "3rdparty".');
}
require_once $vendorAutoLoad;
} catch (\RuntimeException $e) {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
// we can't use the template error page here, because this needs the
// DI container which isn't available yet
print $e->getMessage();
exit;
}
foreach (OC::$APPSROOTS as $appRoot) {
self::$loader->addValidRoot($appRoot['path']);
}
// setup the basic server
self::$server = new \OC\Server(\OC::$WEBROOT);
\OC::$server->getEventLogger()->log('autoloader', 'Autoloader', $loaderStart, $loaderEnd);
\OC::$server->getEventLogger()->start('boot', 'Initialize');
// Don't display errors and log them
error_reporting(E_ALL | E_STRICT);
@ini_set('display_errors', 0);
@ini_set('log_errors', 1);
date_default_timezone_set('UTC');
//try to configure php to enable big file uploads.
//this doesn´t work always depending on the webserver and php configuration.
//Let´s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@set_time_limit(3600);
@ini_set('max_execution_time', 3600);
@ini_set('max_input_time', 3600);
//try to set the maximum filesize to 10G
@ini_set('upload_max_filesize', '10G');
@ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50');
self::setRequiredIniValues();
self::handleAuthHeaders();
self::registerAutoloaderCache();
// initialize intl fallback is necessary
\Patchwork\Utf8\Bootup::initIntl();
OC_Util::isSetLocaleWorking();
if (!defined('PHPUNIT_RUN')) {
$logger = \OC::$server->getLogger();
OC\Log\ErrorHandler::setLogger($logger);
if (\OC::$server->getConfig()->getSystemValue('debug', false)) {
OC\Log\ErrorHandler::register(true);
set_exception_handler(array('OC_Template', 'printExceptionErrorPage'));
} else {
OC\Log\ErrorHandler::register();
}
}
// register the stream wrappers
stream_wrapper_register('fakedir', 'OC\\Files\\Stream\\Dir');
stream_wrapper_register('static', 'OC\\Files\\Stream\\StaticStream');
stream_wrapper_register('close', 'OC\\Files\\Stream\\Close');
stream_wrapper_register('quota', 'OC\\Files\\Stream\\Quota');
stream_wrapper_register('oc', 'OC\\Files\\Stream\\OC');
\OC::$server->getEventLogger()->start('init_session', 'Initialize session');
OC_App::loadApps(array('session'));
if (!self::$CLI) {
self::initSession();
}
\OC::$server->getEventLogger()->end('init_session');
self::initTemplateEngine();
self::checkConfig();
self::checkInstalled();
OC_Response::addSecurityHeaders();
if (self::$server->getRequest()->getServerProtocol() === 'https') {
ini_set('session.cookie_secure', true);
}
if (!defined('OC_CONSOLE')) {
$errors = OC_Util::checkServer(\OC::$server->getConfig());
if (count($errors) > 0) {
if (self::$CLI) {
// Convert l10n string into regular string for usage in database
$staticErrors = [];
foreach ($errors as $error) {
echo $error['error'] . "\n";
echo $error['hint'] . "\n\n";
$staticErrors[] = ['error' => (string) $error['error'], 'hint' => (string) $error['hint']];
}
try {
\OC::$server->getConfig()->setAppValue('core', 'cronErrors', json_encode($staticErrors));
} catch (\Exception $e) {
echo 'Writing to database failed';
}
exit(1);
} else {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
OC_Template::printGuestPage('', 'error', array('errors' => $errors));
exit;
}
} elseif (self::$CLI && \OC::$server->getConfig()->getSystemValue('installed', false)) {
\OC::$server->getConfig()->deleteAppValue('core', 'cronErrors');
}
}
//try to set the session lifetime
$sessionLifeTime = self::getSessionLifeTime();
@ini_set('gc_maxlifetime', (string) $sessionLifeTime);
$systemConfig = \OC::$server->getSystemConfig();
// User and Groups
if (!$systemConfig->getValue("installed", false)) {
self::$server->getSession()->set('user_id', '');
}
OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database());
//setup extra user backends
if (!self::checkUpgrade(false)) {
OC_User::setupBackends();
}
self::registerCacheHooks();
self::registerFilesystemHooks();
if (\OC::$server->getSystemConfig()->getValue('enable_previews', true)) {
self::registerPreviewHooks();
}
self::registerShareHooks();
self::registerLogRotate();
self::registerLocalAddressBook();
self::registerEncryptionWrapper();
self::registerEncryptionHooks();
//make sure temporary files are cleaned up
$tmpManager = \OC::$server->getTempManager();
register_shutdown_function(array($tmpManager, 'clean'));
$lockProvider = \OC::$server->getLockingProvider();
register_shutdown_function(array($lockProvider, 'releaseAll'));
if ($systemConfig->getValue('installed', false) && !self::checkUpgrade(false)) {
if (\OC::$server->getConfig()->getAppValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
OC_Util::addScript('backgroundjobs');
}
}
// Check whether the sample configuration has been copied
if ($systemConfig->getValue('copied_sample_config', false)) {
$l = \OC::$server->getL10N('lib');
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
OC_Template::printErrorPage($l->t('Sample configuration detected'), $l->t('It has been detected that the sample configuration has been copied. This can break your installation and is unsupported. Please read the documentation before performing changes on config.php'));
return;
}
$request = \OC::$server->getRequest();
$host = $request->getInsecureServerHost();
/**
* if the host passed in headers isn't trusted
* FIXME: Should not be in here at all :see_no_evil:
*/
if (!OC::$CLI && self::$server->getConfig()->getSystemValue('overwritehost') === '' && !\OC::$server->getTrustedDomainHelper()->isTrustedDomain($host) && self::$server->getConfig()->getSystemValue('installed', false)) {
header('HTTP/1.1 400 Bad Request');
header('Status: 400 Bad Request');
$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
$tmpl->assign('domain', $request->server['SERVER_NAME']);
$tmpl->printPage();
exit;
}
\OC::$server->getEventLogger()->end('boot');
}
public static function displayLoginPage($parameters = array())
{
if (isset($_COOKIE["username"])) {
$parameters["username"] = $_COOKIE["username"];
} else {
$parameters["username"] = '';
}
$sectoken = rand(1000000, 9999999);
$_SESSION['sectoken'] = $sectoken;
$parameters["sectoken"] = $sectoken;
OC_Template::printGuestPage("", "login", $parameters);
}
public static function init()
{
// register autoloader
spl_autoload_register(array('OC', 'autoload'));
setlocale(LC_ALL, 'en_US.UTF-8');
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
if (defined('DEBUG') && DEBUG) {
ini_set('display_errors', 1);
}
self::$CLI = php_sapi_name() == 'cli';
date_default_timezone_set('UTC');
ini_set('arg_separator.output', '&');
// try to switch magic quotes off.
if (function_exists('set_magic_quotes_runtime')) {
@set_magic_quotes_runtime(false);
}
//try to configure php to enable big file uploads.
//this doesn´t work always depending on the webserver and php configuration.
//Let´s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@set_time_limit(3600);
@ini_set('max_execution_time', 3600);
@ini_set('max_input_time', 3600);
//try to set the maximum filesize to 10G
@ini_set('upload_max_filesize', '10G');
@ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50');
//try to set the session lifetime to 60min
@ini_set('gc_maxlifetime', '3600');
//set http auth headers for apache+php-cgi work around
if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
self::initPaths();
// set debug mode if an xdebug session is active
if (!defined('DEBUG') || !DEBUG) {
if (isset($_COOKIE['XDEBUG_SESSION'])) {
define('DEBUG', true);
}
}
// register the stream wrappers
require_once 'streamwrappers.php';
stream_wrapper_register("fakedir", "OC_FakeDirStream");
stream_wrapper_register('static', 'OC_StaticStreamWrapper');
stream_wrapper_register('close', 'OC_CloseStreamWrapper');
self::checkInstalled();
self::checkSSL();
self::initSession();
self::initTemplateEngine();
self::checkUpgrade();
$errors = OC_Util::checkServer();
if (count($errors) > 0) {
OC_Template::printGuestPage('', 'error', array('errors' => $errors));
exit;
}
// User and Groups
if (!OC_Config::getValue("installed", false)) {
$_SESSION['user_id'] = '';
}
OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database());
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SESSION['user_id']) && $_SERVER['PHP_AUTH_USER'] != $_SESSION['user_id']) {
OC_User::logout();
}
// Load Apps
// This includes plugins for users and filesystems as well
global $RUNTIME_NOAPPS;
global $RUNTIME_APPTYPES;
if (!$RUNTIME_NOAPPS) {
if ($RUNTIME_APPTYPES) {
OC_App::loadApps($RUNTIME_APPTYPES);
} else {
OC_App::loadApps();
}
}
//setup extra user backends
OC_User::setupBackends();
// register cache cleanup jobs
OC_BackgroundJob_RegularTask::register('OC_Cache_FileGlobal', 'gc');
OC_Hook::connect('OC_User', 'post_login', 'OC_Cache_File', 'loginListener');
// Check for blacklisted files
OC_Hook::connect('OC_Filesystem', 'write', 'OC_Filesystem', 'isBlacklisted');
OC_Hook::connect('OC_Filesystem', 'rename', 'OC_Filesystem', 'isBlacklisted');
//make sure temporary files are cleaned up
register_shutdown_function(array('OC_Helper', 'cleanTmp'));
//parse the given parameters
self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? str_replace(array('\\0', '/', '\\', '..'), '', strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files');
if (substr_count(self::$REQUESTEDAPP, '?') != 0) {
$app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
$param = substr($_GET['app'], strpos($_GET['app'], '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDAPP = $app;
$_GET['app'] = $app;
}
self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null;
if (substr_count(self::$REQUESTEDFILE, '?') != 0) {
$file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?'));
$param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDFILE = $file;
$_GET['getfile'] = $file;
}
if (!is_null(self::$REQUESTEDFILE)) {
$subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE;
$parent = OC_App::getAppPath(OC::$REQUESTEDAPP);
if (!OC_Helper::issubdirectory($subdir, $parent)) {
self::$REQUESTEDFILE = null;
header('HTTP/1.0 404 Not Found');
exit;
}
}
}
public static function init()
{
// register autoloader
require_once __DIR__ . '/autoloader.php';
self::$loader = new \OC\Autoloader();
self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib');
self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib');
self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing');
self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console');
self::$loader->registerPrefix('Sabre\\VObject', '3rdparty');
self::$loader->registerPrefix('Sabre_', '3rdparty');
self::$loader->registerPrefix('Patchwork', '3rdparty');
spl_autoload_register(array(self::$loader, 'load'));
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
if (defined('DEBUG') && DEBUG) {
ini_set('display_errors', 1);
}
self::$CLI = php_sapi_name() == 'cli';
date_default_timezone_set('UTC');
ini_set('arg_separator.output', '&');
// try to switch magic quotes off.
if (get_magic_quotes_gpc() == 1) {
ini_set('magic_quotes_runtime', 0);
}
//try to configure php to enable big file uploads.
//this doesn´t work always depending on the webserver and php configuration.
//Let´s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@set_time_limit(3600);
@ini_set('max_execution_time', 3600);
@ini_set('max_input_time', 3600);
//try to set the maximum filesize to 10G
@ini_set('upload_max_filesize', '10G');
@ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50');
//copy http auth headers for apache+php-fcgid work around
if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
}
//set http auth headers for apache+php-cgi work around
if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
self::initPaths();
if (OC_Config::getValue('instanceid', false)) {
// \OC\Memcache\Cache has a hidden dependency on
// OC_Util::getInstanceId() for namespacing. See #5409.
try {
self::$loader->setMemoryCache(\OC\Memcache\Factory::createLowLatency('Autoloader'));
} catch (\Exception $ex) {
}
}
OC_Util::isSetLocaleWorking();
// set debug mode if an xdebug session is active
if (!defined('DEBUG') || !DEBUG) {
if (isset($_COOKIE['XDEBUG_SESSION'])) {
define('DEBUG', true);
}
}
if (!defined('PHPUNIT_RUN')) {
if (defined('DEBUG') and DEBUG) {
OC\Log\ErrorHandler::register(true);
set_exception_handler(array('OC_Template', 'printExceptionErrorPage'));
} else {
OC\Log\ErrorHandler::register();
}
OC\Log\ErrorHandler::setLogger(OC_Log::$object);
}
// register the stream wrappers
stream_wrapper_register('fakedir', 'OC\\Files\\Stream\\Dir');
stream_wrapper_register('static', 'OC\\Files\\Stream\\StaticStream');
stream_wrapper_register('close', 'OC\\Files\\Stream\\Close');
stream_wrapper_register('quota', 'OC\\Files\\Stream\\Quota');
stream_wrapper_register('oc', 'OC\\Files\\Stream\\OC');
// setup the basic server
self::$server = new \OC\Server();
self::initTemplateEngine();
OC_App::loadApps(array('session'));
if (!self::$CLI) {
self::initSession();
} else {
self::$session = new \OC\Session\Memory('');
}
self::checkConfig();
self::checkInstalled();
self::checkSSL();
self::addSecurityHeaders();
$errors = OC_Util::checkServer();
if (count($errors) > 0) {
if (self::$CLI) {
foreach ($errors as $error) {
echo $error['error'] . "\n";
echo $error['hint'] . "\n\n";
}
} else {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
OC_Template::printGuestPage('', 'error', array('errors' => $errors));
}
exit;
}
//try to set the session lifetime
$sessionLifeTime = self::getSessionLifeTime();
@ini_set('gc_maxlifetime', (string) $sessionLifeTime);
// User and Groups
if (!OC_Config::getValue("installed", false)) {
self::$session->set('user_id', '');
}
OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database());
if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('loginname') && $_SERVER['PHP_AUTH_USER'] !== self::$session->get('loginname')) {
$sessionUser = self::$session->get('loginname');
$serverUser = $_SERVER['PHP_AUTH_USER'];
OC_Log::write('core', "Session loginname ({$sessionUser}) doesn't match SERVER[PHP_AUTH_USER] ({$serverUser}).", OC_Log::WARN);
OC_User::logout();
}
// Load Apps
// This includes plugins for users and filesystems as well
global $RUNTIME_NOAPPS;
global $RUNTIME_APPTYPES;
if (!$RUNTIME_NOAPPS && !self::checkUpgrade(false)) {
if ($RUNTIME_APPTYPES) {
OC_App::loadApps($RUNTIME_APPTYPES);
} else {
OC_App::loadApps();
}
}
//setup extra user backends
OC_User::setupBackends();
self::registerCacheHooks();
self::registerFilesystemHooks();
self::registerPreviewHooks();
self::registerShareHooks();
self::registerLogRotate();
//make sure temporary files are cleaned up
register_shutdown_function(array('OC_Helper', 'cleanTmp'));
//parse the given parameters
self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files');
if (substr_count(self::$REQUESTEDAPP, '?') != 0) {
$app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
$param = substr($_GET['app'], strpos($_GET['app'], '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDAPP = $app;
$_GET['app'] = $app;
}
self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null;
if (substr_count(self::$REQUESTEDFILE, '?') != 0) {
$file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?'));
$param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDFILE = $file;
$_GET['getfile'] = $file;
}
if (!is_null(self::$REQUESTEDFILE)) {
$subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE;
$parent = OC_App::getAppPath(OC::$REQUESTEDAPP);
if (!OC_Helper::issubdirectory($subdir, $parent)) {
self::$REQUESTEDFILE = null;
header('HTTP/1.0 404 Not Found');
exit;
}
}
if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) {
if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
OC_Util::addScript('backgroundjobs');
}
}
}
public static function init()
{
// register autoloader
require_once __DIR__ . '/autoloader.php';
self::$loader = new \OC\Autoloader();
self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib');
self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib');
self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing');
self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console');
self::$loader->registerPrefix('Patchwork', '3rdparty');
self::$loader->registerPrefix('Pimple', '3rdparty/Pimple');
spl_autoload_register(array(self::$loader, 'load'));
// make a dummy session available as early as possible since error pages need it
self::$session = new \OC\Session\Memory('');
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
if (defined('DEBUG') && DEBUG) {
ini_set('display_errors', 1);
}
self::$CLI = php_sapi_name() == 'cli';
date_default_timezone_set('UTC');
ini_set('arg_separator.output', '&');
// try to switch magic quotes off.
if (get_magic_quotes_gpc() == 1) {
ini_set('magic_quotes_runtime', 0);
}
//try to configure php to enable big file uploads.
//this doesn´t work always depending on the webserver and php configuration.
//Let´s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@set_time_limit(3600);
@ini_set('max_execution_time', 3600);
@ini_set('max_input_time', 3600);
//try to set the maximum filesize to 10G
@ini_set('upload_max_filesize', '10G');
@ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50');
//copy http auth headers for apache+php-fcgid work around
if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
}
//set http auth headers for apache+php-cgi work around
if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
self::initPaths();
if (OC_Config::getValue('instanceid', false)) {
// \OC\Memcache\Cache has a hidden dependency on
// OC_Util::getInstanceId() for namespacing. See #5409.
try {
self::$loader->setMemoryCache(\OC\Memcache\Factory::createLowLatency('Autoloader'));
} catch (\Exception $ex) {
}
}
OC_Util::isSetLocaleWorking();
// setup 3rdparty autoloader
$vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php';
if (file_exists($vendorAutoLoad)) {
require_once $vendorAutoLoad;
}
// set debug mode if an xdebug session is active
if (!defined('DEBUG') || !DEBUG) {
if (isset($_COOKIE['XDEBUG_SESSION'])) {
define('DEBUG', true);
}
}
if (!defined('PHPUNIT_RUN')) {
OC\Log\ErrorHandler::setLogger(OC_Log::$object);
if (defined('DEBUG') and DEBUG) {
OC\Log\ErrorHandler::register(true);
set_exception_handler(array('OC_Template', 'printExceptionErrorPage'));
} else {
OC\Log\ErrorHandler::register();
}
}
// register the stream wrappers
stream_wrapper_register('fakedir', 'OC\\Files\\Stream\\Dir');
stream_wrapper_register('static', 'OC\\Files\\Stream\\StaticStream');
stream_wrapper_register('close', 'OC\\Files\\Stream\\Close');
stream_wrapper_register('quota', 'OC\\Files\\Stream\\Quota');
stream_wrapper_register('oc', 'OC\\Files\\Stream\\OC');
// setup the basic server
self::$server = new \OC\Server();
self::initTemplateEngine();
OC_App::loadApps(array('session'));
if (!self::$CLI) {
self::initSession();
} else {
self::$session = new \OC\Session\Memory('');
}
self::checkConfig();
self::checkInstalled();
self::checkSSL();
OC_Response::addSecurityHeaders();
$errors = OC_Util::checkServer();
if (count($errors) > 0) {
if (self::$CLI) {
foreach ($errors as $error) {
echo $error['error'] . "\n";
echo $error['hint'] . "\n\n";
}
} else {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
OC_Template::printGuestPage('', 'error', array('errors' => $errors));
}
exit;
}
//try to set the session lifetime
$sessionLifeTime = self::getSessionLifeTime();
@ini_set('gc_maxlifetime', (string) $sessionLifeTime);
// User and Groups
if (!OC_Config::getValue("installed", false)) {
self::$session->set('user_id', '');
}
OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database());
//setup extra user backends
OC_User::setupBackends();
self::registerCacheHooks();
self::registerFilesystemHooks();
self::registerPreviewHooks();
self::registerShareHooks();
self::registerLogRotate();
//make sure temporary files are cleaned up
register_shutdown_function(array('OC_Helper', 'cleanTmp'));
if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) {
if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
OC_Util::addScript('backgroundjobs');
}
}
}
public static function displayLoginPage($display_lostpassword)
{
$parameters = array();
$parameters['display_lostpassword'] = $display_lostpassword;
if (!empty($_POST['user'])) {
$parameters["username"] = OC_Util::sanitizeHTML($_POST['user']) . '"';
$parameters['user_autofocus'] = false;
} else {
$parameters["username"] = '';
$parameters['user_autofocus'] = true;
}
if (isset($_REQUEST['redirect_url'])) {
$redirect_url = OC_Util::sanitizeHTML($_REQUEST['redirect_url']);
} else {
$redirect_url = $_SERVER['REQUEST_URI'];
}
$parameters['redirect_url'] = $redirect_url;
OC_Template::printGuestPage("", "login", $parameters);
}
/**
* @param array $errors
* @param string[] $messages
*/
public static function displayLoginPage($errors = array(), $messages = [])
{
$parameters = array();
foreach ($errors as $value) {
$parameters[$value] = true;
}
$parameters['messages'] = $messages;
if (!empty($_REQUEST['user'])) {
$parameters["username"] = $_REQUEST['user'];
$parameters['user_autofocus'] = false;
} else {
$parameters["username"] = '';
$parameters['user_autofocus'] = true;
}
if (isset($_REQUEST['redirect_url'])) {
$parameters['redirect_url'] = $_REQUEST['redirect_url'];
}
$parameters['alt_login'] = OC_App::getAlternativeLogIns();
$parameters['rememberLoginAllowed'] = self::rememberLoginAllowed();
\OC_Hook::emit('OC_Util', 'pre_displayLoginPage', array('parameters' => $parameters));
OC_Template::printGuestPage("", "login", $parameters);
}
if (defined("DEBUG") && DEBUG) {
OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
}
$token = md5($_POST["user"] . time() . $_POST['password']);
OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
OC_User::setMagicInCookie($_POST["user"], $token);
} else {
OC_User::unsetMagicInCookie();
}
OC_Util::redirectToDefaultPage();
} else {
$error = true;
}
// The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
} elseif (isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])) {
if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) {
//OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);
OC_User::unsetMagicInCookie();
$_REQUEST['redirect_url'] = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : '';
OC_Util::redirectToDefaultPage();
} else {
$error = true;
}
}
if (!array_key_exists('sectoken', $_SESSION) || array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE) || substr(OC::$REQUESTEDFILE, -3) == 'php') {
$sectoken = rand(1000000, 9999999);
$_SESSION['sectoken'] = $sectoken;
$redirect_url = isset($_REQUEST['redirect_url']) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
}
}
public static function init()
{
// register autoloader
spl_autoload_register(array('OC', 'autoload'));
OC_Util::issetlocaleworking();
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
if (defined('DEBUG') && DEBUG) {
ini_set('display_errors', 1);
}
self::$CLI = php_sapi_name() == 'cli';
date_default_timezone_set('UTC');
ini_set('arg_separator.output', '&');
// try to switch magic quotes off.
if (get_magic_quotes_gpc() == 1) {
ini_set('magic_quotes_runtime', 0);
}
//try to configure php to enable big file uploads.
//this doesn´t work always depending on the webserver and php configuration.
//Let´s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@set_time_limit(3600);
@ini_set('max_execution_time', 3600);
@ini_set('max_input_time', 3600);
//try to set the maximum filesize to 10G
@ini_set('upload_max_filesize', '10G');
@ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50');
//copy http auth headers for apache+php-fcgid work around
if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
}
//set http auth headers for apache+php-cgi work around
if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
list($name, $password) = explode(':', base64_decode($matches[1]), 2);
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
self::initPaths();
// set debug mode if an xdebug session is active
if (!defined('DEBUG') || !DEBUG) {
if (isset($_COOKIE['XDEBUG_SESSION'])) {
define('DEBUG', true);
}
}
if (!defined('PHPUNIT_RUN') and !(defined('DEBUG') and DEBUG)) {
register_shutdown_function(array('OC_Log', 'onShutdown'));
set_error_handler(array('OC_Log', 'onError'));
set_exception_handler(array('OC_Log', 'onException'));
}
// register the stream wrappers
stream_wrapper_register('fakedir', 'OC\\Files\\Stream\\Dir');
stream_wrapper_register('static', 'OC\\Files\\Stream\\StaticStream');
stream_wrapper_register('close', 'OC\\Files\\Stream\\Close');
stream_wrapper_register('oc', 'OC\\Files\\Stream\\OC');
self::initTemplateEngine();
self::checkConfig();
self::checkInstalled();
self::checkSSL();
self::initSession();
$errors = OC_Util::checkServer();
if (count($errors) > 0) {
OC_Template::printGuestPage('', 'error', array('errors' => $errors));
exit;
}
//try to set the session lifetime
$sessionLifeTime = self::getSessionLifeTime();
@ini_set('gc_maxlifetime', (string) $sessionLifeTime);
// User and Groups
if (!OC_Config::getValue("installed", false)) {
$_SESSION['user_id'] = '';
}
OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database());
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SESSION['user_id']) && $_SERVER['PHP_AUTH_USER'] != $_SESSION['user_id']) {
OC_User::logout();
}
// Load Apps
// This includes plugins for users and filesystems as well
global $RUNTIME_NOAPPS;
global $RUNTIME_APPTYPES;
if (!$RUNTIME_NOAPPS) {
if ($RUNTIME_APPTYPES) {
OC_App::loadApps($RUNTIME_APPTYPES);
} else {
OC_App::loadApps();
}
}
//setup extra user backends
OC_User::setupBackends();
self::registerCacheHooks();
self::registerFilesystemHooks();
self::registerShareHooks();
//make sure temporary files are cleaned up
register_shutdown_function(array('OC_Helper', 'cleanTmp'));
//parse the given parameters
self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files');
if (substr_count(self::$REQUESTEDAPP, '?') != 0) {
$app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
$param = substr($_GET['app'], strpos($_GET['app'], '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDAPP = $app;
$_GET['app'] = $app;
}
self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null;
if (substr_count(self::$REQUESTEDFILE, '?') != 0) {
$file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?'));
$param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1);
parse_str($param, $get);
$_GET = array_merge($_GET, $get);
self::$REQUESTEDFILE = $file;
$_GET['getfile'] = $file;
}
if (!is_null(self::$REQUESTEDFILE)) {
$subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE;
$parent = OC_App::getAppPath(OC::$REQUESTEDAPP);
if (!OC_Helper::issubdirectory($subdir, $parent)) {
self::$REQUESTEDFILE = null;
header('HTTP/1.0 404 Not Found');
exit;
}
}
// write error into log if locale can't be set
if (OC_Util::issetlocaleworking() == false) {
OC_Log::write('core', 'setting locale to en_US.UTF-8/en_US.UTF8 failed. Support is probably not installed on your system', OC_Log::ERROR);
}
if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) {
if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
OC_Util::addScript('backgroundjobs');
}
}
}
public static function init()
{
// register autoloader
spl_autoload_register(array('OC', 'autoload'));
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
date_default_timezone_set('Europe/Berlin');
ini_set('arg_separator.output', '&');
// calculate the documentroot
OC::$DOCUMENTROOT = realpath($_SERVER['DOCUMENT_ROOT']);
OC::$SERVERROOT = str_replace("\\", '/', substr(__FILE__, 0, -13));
OC::$SUBURI = substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT));
$scriptName = $_SERVER["SCRIPT_NAME"];
if (substr($scriptName, -1) == '/') {
$scriptName .= 'index.php';
}
OC::$WEBROOT = substr($scriptName, 0, strlen($scriptName) - strlen(OC::$SUBURI));
if (OC::$WEBROOT != '' and OC::$WEBROOT[0] !== '/') {
OC::$WEBROOT = '/' . OC::$WEBROOT;
}
// set the right include path
set_include_path(OC::$SERVERROOT . '/lib' . PATH_SEPARATOR . OC::$SERVERROOT . '/config' . PATH_SEPARATOR . OC::$SERVERROOT . '/3rdparty' . PATH_SEPARATOR . get_include_path() . PATH_SEPARATOR . OC::$SERVERROOT);
// redirect to https site if configured
if (OC_Config::getValue("forcessl", false)) {
ini_set("session.cookie_secure", "on");
if (!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') {
$url = "https://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
header("Location: {$url}");
exit;
}
}
ini_set('session.cookie_httponly', '1;');
session_start();
// Add the stuff we need always
OC_Util::addScript("jquery-1.6.4.min");
OC_Util::addScript("jquery-ui-1.8.14.custom.min");
OC_Util::addScript("jquery-showpassword");
OC_Util::addScript("jquery.infieldlabel.min");
OC_Util::addScript("jquery-tipsy");
OC_Util::addScript("js");
//OC_Util::addScript( "multiselect" );
OC_Util::addScript('search', 'result');
OC_Util::addStyle("styles");
OC_Util::addStyle("multiselect");
OC_Util::addStyle("jquery-ui-1.8.14.custom");
OC_Util::addStyle("jquery-tipsy");
$errors = OC_Util::checkServer();
if (count($errors) > 0) {
OC_Template::printGuestPage('', 'error', array('errors' => $errors));
exit;
}
// TODO: we should get rid of this one, too
// WARNING: to make everything even more confusing,
// DATADIRECTORY is a var that changes and DATADIRECTORY_ROOT
// stays the same, but is set by "datadirectory".
// Any questions?
OC::$CONFIG_DATADIRECTORY = OC_Config::getValue("datadirectory", OC::$SERVERROOT . "/data");
// User and Groups
if (!OC_Config::getValue("installed", false)) {
$_SESSION['user_id'] = '';
}
OC_User::useBackend(OC_Config::getValue("userbackend", "database"));
OC_Group::setBackend(OC_Config::getValue("groupbackend", "database"));
// Load Apps
// This includes plugins for users and filesystems as well
global $RUNTIME_NOAPPS;
if (!$RUNTIME_NOAPPS) {
OC_App::loadApps();
}
// Was in required file ... put it here
OC_Filesystem::registerStorageType('local', 'OC_Filestorage_Local', array('datadir' => 'string'));
// Set up file system unless forbidden
global $RUNTIME_NOSETUPFS;
if (!$RUNTIME_NOSETUPFS) {
OC_Util::setupFS();
}
// Last part: connect some hooks
OC_HOOK::connect('OC_User', 'post_createUser', 'OC_Connector_Sabre_Principal', 'addPrincipal');
OC_HOOK::connect('OC_User', 'post_deleteUser', 'OC_Connector_Sabre_Principal', 'deletePrincipal');
}
/**
* Check if the user verified the login with his password in the last 15 minutes
* If not, the user will be shown a password verification page
*/
public static function verifyUser()
{
if (OC_Config::getValue('enhancedauth', false) === true) {
// Check password to set session
if (isset($_POST['password'])) {
if (OC_User::login(OC_User::getUser(), $_POST["password"]) === true) {
$_SESSION['verifiedLogin'] = time() + OC_Config::getValue('enhancedauthtime', 15 * 60);
}
}
// Check if the user verified his password
if (!isset($_SESSION['verifiedLogin']) or $_SESSION['verifiedLogin'] < time()) {
OC_Template::printGuestPage("", "verify", array('username' => OC_User::getUser()));
exit;
}
}
}
public static function init() {
// register autoloader
require_once __DIR__ . '/autoloader.php';
self::$loader = new \OC\Autoloader();
self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib');
self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib');
self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing');
self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console');
self::$loader->registerPrefix('Patchwork', '3rdparty');
self::$loader->registerPrefix('Pimple', '3rdparty/Pimple');
spl_autoload_register(array(self::$loader, 'load'));
// make a dummy session available as early as possible since error pages need it
self::$session = new \OC\Session\Memory('');
// set some stuff
//ob_start();
error_reporting(E_ALL | E_STRICT);
if (defined('DEBUG') && DEBUG) {
ini_set('display_errors', 1);
}
self::$CLI = (php_sapi_name() == 'cli');
date_default_timezone_set('UTC');
ini_set('arg_separator.output', '&');
// try to switch magic quotes off.
if (get_magic_quotes_gpc() == 1) {
ini_set('magic_quotes_runtime', 0);
}
//try to configure php to enable big file uploads.
//this doesn´t work always depending on the webserver and php configuration.
//Let´s try to overwrite some defaults anyways
//try to set the maximum execution time to 60min
@set_time_limit(3600);
@ini_set('max_execution_time', 3600);
@ini_set('max_input_time', 3600);
//try to set the maximum filesize to 10G
@ini_set('upload_max_filesize', '10G');
@ini_set('post_max_size', '10G');
@ini_set('file_uploads', '50');
self::handleAuthHeaders();
self::initPaths();
self::registerAutoloaderCache();
OC_Util::isSetLocaleWorking();
// setup 3rdparty autoloader
$vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php';
if (file_exists($vendorAutoLoad)) {
require_once $vendorAutoLoad;
}
if (!defined('PHPUNIT_RUN')) {
OC\Log\ErrorHandler::setLogger(OC_Log::$object);
if (defined('DEBUG') and DEBUG) {
OC\Log\ErrorHandler::register(true);
set_exception_handler(array('OC_Template', 'printExceptionErrorPage'));
} else {
OC\Log\ErrorHandler::register();
}
}
// register the stream wrappers
stream_wrapper_register('fakedir', 'OC\Files\Stream\Dir');
stream_wrapper_register('static', 'OC\Files\Stream\StaticStream');
stream_wrapper_register('close', 'OC\Files\Stream\Close');
stream_wrapper_register('quota', 'OC\Files\Stream\Quota');
stream_wrapper_register('oc', 'OC\Files\Stream\OC');
// setup the basic server
self::$server = new \OC\Server();
self::initTemplateEngine();
OC_App::loadApps(array('session'));
if (!self::$CLI) {
self::initSession();
} else {
self::$session = new \OC\Session\Memory('');
}
self::checkConfig();
self::checkInstalled();
self::checkSSL();
OC_Response::addSecurityHeaders();
$errors = OC_Util::checkServer(\OC::$server->getConfig());
if (count($errors) > 0) {
if (self::$CLI) {
foreach ($errors as $error) {
echo $error['error'] . "\n";
echo $error['hint'] . "\n\n";
}
} else {
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
OC_Template::printGuestPage('', 'error', array('errors' => $errors));
}
exit;
}
//try to set the session lifetime
$sessionLifeTime = self::getSessionLifeTime();
@ini_set('gc_maxlifetime', (string)$sessionLifeTime);
// User and Groups
if (!OC_Config::getValue("installed", false)) {
self::$session->set('user_id', '');
}
OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database());
//setup extra user backends
if (!self::checkUpgrade(false)) {
OC_User::setupBackends();
}
self::registerCacheHooks();
self::registerFilesystemHooks();
self::registerPreviewHooks();
self::registerShareHooks();
self::registerLogRotate();
self::registerLocalAddressBook();
//make sure temporary files are cleaned up
register_shutdown_function(array('OC_Helper', 'cleanTmp'));
if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) {
if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
OC_Util::addScript('backgroundjobs');
}
}
$host = OC_Request::insecureServerHost();
// if the host passed in headers isn't trusted
if (!OC::$CLI
// overwritehost is always trusted
&& OC_Request::getOverwriteHost() === null
&& !OC_Request::isTrustedDomain($host)
) {
header('HTTP/1.1 400 Bad Request');
header('Status: 400 Bad Request');
$tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
$tmpl->assign('domain', $_SERVER['SERVER_NAME']);
$tmpl->printPage();
exit();
}
}
/**
* @param array $errors
*/
public static function displayLoginPage($errors = array())
{
$parameters = array();
foreach ($errors as $value) {
$parameters[$value] = true;
}
if (!empty($_REQUEST['user'])) {
$parameters["username"] = $_REQUEST['user'];
$parameters['user_autofocus'] = false;
} else {
$parameters["username"] = '';
$parameters['user_autofocus'] = true;
}
if (isset($_REQUEST['redirect_url'])) {
$redirectUrl = $_REQUEST['redirect_url'];
$parameters['redirect_url'] = urlencode($redirectUrl);
}
$parameters['alt_login'] = OC_App::getAlternativeLogIns();
$parameters['rememberLoginAllowed'] = self::rememberLoginAllowed();
OC_Template::printGuestPage("", "login", $parameters);
}
/**
* @brief Print a fatal error page and terminates the script
* @param string $error The error message to show
* @param string $hint An option hint message
*/
public static function printErrorPage($error, $hint = '')
{
$error['error'] = $error;
$error['hint'] = $hint;
$errors[] = $error;
OC_Template::printGuestPage("", "error", array("errors" => $errors));
die;
}
