/**
* Checks that the directories Piwik needs write access are actually writable
* Displays a nice error page if permissions are missing on some directories
*
* @param array $directoriesToCheck Array of directory names to check
*/
public static function dieIfDirectoriesNotWritable($directoriesToCheck = null)
{
$resultCheck = self::checkDirectoriesWritable($directoriesToCheck);
if (array_search(false, $resultCheck) === false) {
return;
}
$directoryList = '';
foreach ($resultCheck as $dir => $bool) {
$realpath = Filesystem::realpath($dir);
if (!empty($realpath) && $bool === false) {
$directoryList .= self::getMakeWritableCommand($realpath);
}
}
// Also give the chown since the chmod is only 755
if (!SettingsServer::isWindows()) {
$realpath = Filesystem::realpath(PIWIK_INCLUDE_PATH . '/');
$directoryList = "<code>chown -R " . self::getUserAndGroup() . " " . $realpath . "</code><br />" . $directoryList;
}
if (function_exists('shell_exec')) {
$currentUser = self::getUser();
if (!empty($currentUser)) {
$optionalUserInfo = " (running as user '" . $currentUser . "')";
}
}
$directoryMessage = "<p><b>Piwik couldn't write to some directories {$optionalUserInfo}</b>.</p>";
$directoryMessage .= "<p>Try to Execute the following commands on your server, to allow Write access on these directories" . ":</p>" . "<blockquote>{$directoryList}</blockquote>" . "<p>If this doesn't work, you can try to create the directories with your FTP software, and set the CHMOD to 0755 (or 0777 if 0755 is not enough). To do so with your FTP software, right click on the directories then click permissions.</p>" . "<p>After applying the modifications, you can <a href='index.php'>refresh the page</a>.</p>" . "<p>If you need more help, try <a href='?module=Proxy&action=redirect&url=http://piwik.org'>Piwik.org</a>.</p>";
$ex = new MissingFilePermissionException($directoryMessage);
$ex->setIsHtmlMessage();
throw $ex;
}
public function uninstall($redirectAfter = true)
{
$pluginName = $this->initPluginModification(static::UNINSTALL_NONCE);
$this->dieIfPluginsAdminIsDisabled();
$uninstalled = \Piwik\Plugin\Manager::getInstance()->uninstallPlugin($pluginName);
if (!$uninstalled) {
$path = Filesystem::getPathToPiwikRoot() . '/plugins/' . $pluginName . '/';
$messagePermissions = Filechecks::getErrorMessageMissingPermissions($path);
$messageIntro = $this->translator->translate("Warning: \"%s\" could not be uninstalled. Piwik did not have enough permission to delete the files in {$path}. ", $pluginName);
$exitMessage = $messageIntro . "<br/><br/>" . $messagePermissions;
$exitMessage .= "<br> Or manually delete this directory (using FTP or SSH access)";
$ex = new MissingFilePermissionException($exitMessage);
$ex->setIsHtmlMessage();
throw $ex;
}
$this->redirectAfterModification($redirectAfter);
}
/**
* Start the session
*
* @param array|bool $options An array of configuration options; the auto-start (bool) setting is ignored
* @return void
* @throws Exception if starting a session fails
*/
public static function start($options = false)
{
if (headers_sent() || self::$sessionStarted || defined('PIWIK_ENABLE_SESSION_START') && !PIWIK_ENABLE_SESSION_START) {
return;
}
self::$sessionStarted = true;
// use cookies to store session id on the client side
@ini_set('session.use_cookies', '1');
// prevent attacks involving session ids passed in URLs
@ini_set('session.use_only_cookies', '1');
// advise browser that session cookie should only be sent over secure connection
if (ProxyHttp::isHttps()) {
@ini_set('session.cookie_secure', '1');
}
// advise browser that session cookie should only be accessible through the HTTP protocol (i.e., not JavaScript)
@ini_set('session.cookie_httponly', '1');
// don't use the default: PHPSESSID
@ini_set('session.name', self::SESSION_NAME);
// proxies may cause the referer check to fail and
// incorrectly invalidate the session
@ini_set('session.referer_check', '');
$currentSaveHandler = ini_get('session.save_handler');
$config = Config::getInstance();
if (self::isFileBasedSessions()) {
// Note: this handler doesn't work well in load-balanced environments and may have a concurrency issue with locked session files
// for "files", use our own folder to prevent local session file hijacking
$sessionPath = self::getSessionsDirectory();
// We always call mkdir since it also chmods the directory which might help when permissions were reverted for some reasons
Filesystem::mkdir($sessionPath);
@ini_set('session.save_handler', 'files');
@ini_set('session.save_path', $sessionPath);
} elseif ($config->General['session_save_handler'] === 'dbtable' || in_array($currentSaveHandler, array('user', 'mm'))) {
// We consider these to be misconfigurations, in that:
// - user - we can't verify that user-defined session handler functions have already been set via session_set_save_handler()
// - mm - this handler is not recommended, unsupported, not available for Windows, and has a potential concurrency issue
$config = array('name' => Common::prefixTable('session'), 'primary' => 'id', 'modifiedColumn' => 'modified', 'dataColumn' => 'data', 'lifetimeColumn' => 'lifetime');
$saveHandler = new DbTable($config);
if ($saveHandler) {
self::setSaveHandler($saveHandler);
}
}
// garbage collection may disabled by default (e.g., Debian)
if (ini_get('session.gc_probability') == 0) {
@ini_set('session.gc_probability', 1);
}
try {
parent::start();
register_shutdown_function(array('Zend_Session', 'writeClose'), true);
} catch (Exception $e) {
Log::error('Unable to start session: ' . $e->getMessage());
$enableDbSessions = '';
if (DbHelper::isInstalled()) {
$enableDbSessions = "<br/>If you still experience issues after trying these changes,\n\t\t\t \t\t\twe recommend that you <a href='http://piwik.org/faq/how-to-install/#faq_133' rel='noreferrer' target='_blank'>enable database session storage</a>.";
}
$pathToSessions = Filechecks::getErrorMessageMissingPermissions(self::getSessionsDirectory());
$message = sprintf("Error: %s %s %s\n<pre>Debug: the original error was \n%s</pre>", Piwik::translate('General_ExceptionUnableToStartSession'), $pathToSessions, $enableDbSessions, $e->getMessage());
$ex = new MissingFilePermissionException($message, $e->getCode(), $e);
$ex->setIsHtmlMessage();
throw $ex;
}
}
