/** * Update security configuration. */ function procAdminUpdateSecurity() { $vars = Context::getRequestVars(); // iframe filter $iframe_whitelist = $vars->mediafilter_iframe; $iframe_whitelist = array_filter(array_map('trim', preg_split('/[\\r\\n]/', $iframe_whitelist)), function ($item) { return $item !== ''; }); $iframe_whitelist = array_unique(array_map(function ($item) { return Rhymix\Framework\Filters\MediaFilter::formatPrefix($item); }, $iframe_whitelist)); natcasesort($iframe_whitelist); Rhymix\Framework\Config::set('mediafilter.iframe', array_values($iframe_whitelist)); // object filter $object_whitelist = $vars->mediafilter_object; $object_whitelist = array_filter(array_map('trim', preg_split('/[\\r\\n]/', $object_whitelist)), function ($item) { return $item !== ''; }); $object_whitelist = array_unique(array_map(function ($item) { return Rhymix\Framework\Filters\MediaFilter::formatPrefix($item); }, $object_whitelist)); natcasesort($object_whitelist); Rhymix\Framework\Config::set('mediafilter.object', array_values($object_whitelist)); // Remove old embed filter $config = Rhymix\Framework\Config::getAll(); unset($config['embedfilter']); Rhymix\Framework\Config::setAll($config); // Admin IP access control $allowed_ip = array_map('trim', preg_split('/[\\r\\n]/', $vars->admin_allowed_ip)); $allowed_ip = array_unique(array_filter($allowed_ip, function ($item) { return $item !== ''; })); if (!Rhymix\Framework\Filters\IpFilter::validateRanges($allowed_ip)) { return new Object(-1, 'msg_invalid_ip'); } $denied_ip = array_map('trim', preg_split('/[\\r\\n]/', $vars->admin_denied_ip)); $denied_ip = array_unique(array_filter($denied_ip, function ($item) { return $item !== ''; })); if (!Rhymix\Framework\Filters\IpFilter::validateRanges($denied_ip)) { return new Object(-1, 'msg_invalid_ip'); } $oMemberAdminModel = getAdminModel('member'); if (!$oMemberAdminModel->getMemberAdminIPCheck($allowed_ip, $denied_ip)) { return new Object(-1, 'msg_current_ip_will_be_denied'); } Rhymix\Framework\Config::set('admin.allow', array_values($allowed_ip)); Rhymix\Framework\Config::set('admin.deny', array_values($denied_ip)); // Save Rhymix\Framework\Config::save(); $this->setMessage('success_updated'); $this->setRedirectUrl(Context::get('success_return_url') ?: getNotEncodedUrl('', 'module', 'admin', 'act', 'dispAdminConfigSecurity')); }
/** * @brief Install with received information */ function procInstall($install_config = null) { // Check if it is already installed if (Context::isInstalled()) { return new Object(-1, 'msg_already_installed'); } // Get install parameters. $config = Rhymix\Framework\Config::getDefaults(); if ($install_config) { $install_config = (array) $install_config; $config['db']['master']['type'] = str_replace('_innodb', '', $install_config['db_type']); $config['db']['master']['host'] = $install_config['db_hostname']; $config['db']['master']['port'] = $install_config['db_port']; $config['db']['master']['user'] = $install_config['db_userid']; $config['db']['master']['pass'] = $install_config['db_password']; $config['db']['master']['database'] = $install_config['db_database']; $config['db']['master']['prefix'] = $install_config['db_table_prefix']; $config['db']['master']['charset'] = $install_config['db_charset']; $config['db']['master']['engine'] = strpos($install_config['db_type'], 'innodb') !== false ? 'innodb' : (strpos($install_config['db_type'], 'mysql') !== false ? 'myisam' : null); $config['use_rewrite'] = $install_config['use_rewrite'] === 'Y' ? true : false; $config['url']['ssl'] = $install_config['use_ssl'] ?: 'none'; $time_zone = $install_config['time_zone']; $user_info = new stdClass(); $user_info->email_address = $install_config['email_address']; $user_info->password = $install_config['password']; $user_info->nick_name = $install_config['nick_name']; $user_info->user_id = $install_config['user_id']; } else { $config['db']['master']['type'] = str_replace('_innodb', '', $_SESSION['db_config']->db_type); $config['db']['master']['host'] = $_SESSION['db_config']->db_host; $config['db']['master']['port'] = $_SESSION['db_config']->db_port; $config['db']['master']['user'] = $_SESSION['db_config']->db_user; $config['db']['master']['pass'] = $_SESSION['db_config']->db_pass; $config['db']['master']['database'] = $_SESSION['db_config']->db_database; $config['db']['master']['prefix'] = $_SESSION['db_config']->db_prefix; $config['db']['master']['charset'] = $_SESSION['db_config']->db_charset; $config['db']['master']['engine'] = strpos($_SESSION['db_config']->db_type, 'innodb') !== false ? 'innodb' : (strpos($_SESSION['db_config']->db_type, 'mysql') !== false ? 'myisam' : null); $config['use_rewrite'] = $_SESSION['use_rewrite'] === 'Y' ? true : false; $config['url']['ssl'] = Context::get('use_ssl') ?: 'none'; $time_zone = Context::get('time_zone'); $user_info = Context::gets('email_address', 'password', 'nick_name', 'user_id'); } // Fix the database table prefix. $config['db']['master']['prefix'] = rtrim($config['db']['master']['prefix'], '_'); if ($config['db']['master']['prefix'] !== '') { $config['db']['master']['prefix'] .= '_'; } // Set the default language. $config['locale']['default_lang'] = Context::getLangType(); $config['locale']['enabled_lang'] = array($config['locale']['default_lang']); // Set the default time zone. if (strpos($time_zone, '/') !== false) { $config['locale']['default_timezone'] = $time_zone; $user_timezone = null; } else { $user_timezone = intval(Rhymix\Framework\DateTime::getTimezoneOffsetByLegacyFormat($time_zone ?: '+0900') / 3600); switch ($user_timezone) { case 9: $config['locale']['default_timezone'] = 'Asia/Seoul'; break; case 0: $config['locale']['default_timezone'] = 'Etc/UTC'; break; default: $config['locale']['default_timezone'] = 'Etc/GMT' . ($user_timezone > 0 ? '-' : '+') . abs($user_timezone); } } // Set the internal time zone. if ($config['locale']['default_timezone'] === 'Asia/Seoul') { $config['locale']['internal_timezone'] = 32400; } elseif ($user_timezone !== null) { $config['locale']['internal_timezone'] = $user_timezone * 3600; } else { $config['locale']['internal_timezone'] = 0; } // Set the default URL. $config['url']['default'] = Context::getRequestUri(); // Load the new configuration. Rhymix\Framework\Config::setAll($config); Context::loadDBInfo($config); // Check DB. $oDB = DB::getInstance(); if (!$oDB->isConnected()) { return $oDB->getError(); } // Assign a temporary administrator while installing. foreach ($user_info as $key => $val) { Context::set($key, $val, true); } $user_info->is_admin = 'Y'; Context::set('logged_info', $user_info); // Install all the modules. try { $oDB->begin(); $this->installDownloadedModule(); $oDB->commit(); } catch (Exception $e) { $oDB->rollback(); return new Object(-1, $e->getMessage()); } // Execute the install script. $scripts = FileHandler::readDir(_XE_PATH_ . 'modules/install/script', '/(\\.php)$/'); if (count($scripts)) { sort($scripts); foreach ($scripts as $script) { $script_path = FileHandler::getRealPath('./modules/install/script/'); $output = (include $script_path . $script); } } // Apply site lock. if (Context::get('use_sitelock') === 'Y') { $user_ip_range = getView('install')->detectUserIPRange(); Rhymix\Framework\Config::set('lock.locked', true); Rhymix\Framework\Config::set('lock.message', 'This site is locked.'); Rhymix\Framework\Config::set('lock.allow', array('127.0.0.1', $user_ip_range)); } // Save the new configuration. Rhymix\Framework\Config::save(); // Unset temporary session variables. unset($_SESSION['use_rewrite']); unset($_SESSION['db_config']); // Redirect to the home page. $this->setMessage('msg_install_completed'); $returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : RX_BASEURL; $this->setRedirectUrl($returnUrl); return new Object(); }