function do_upgrade($upversion)
{
global $gbl, $sgbl, $login, $ghtml;
if (file_exists("/usr/local/lxlabs/.git")) {
print "Development system.. Not upgrading --> exit!...\n";
exit;
}
$program = $sgbl->__var_program_name;
$programfile = "{$program}-" . $upversion . ".zip";
lxfile_rm_rec("__path_program_htmlbase/htmllib/script");
lxfile_rm_rec("__path_program_root/pscript");
$saveddir = getcwd();
lxfile_rm_rec("__path_program_htmlbase/download");
lxfile_mkdir("download");
chdir("download");
print "Downloading {$programfile}.....\n";
download_source("/{$program}/{$programfile}");
print "Download Done....\n";
lxshell_unzip("../..", $programfile);
chdir($saveddir);
}
/** main program for serving files
*
* this routine is called from /file.php.
*
* This routine is responsible for serving files to the visitor.
* These files are stored in a (virtual) file hierarchy that looks
* like this.
*
* <pre>
* /areas/areaname
* /another
* /stillmore
* ...
* /users/username
* /another
* /stillmore
* ...
* /groups/groupname
* /another
* /stillmore
* ...
* /websiteatschool/program
* /manual
* /languages
* </pre>
*
* This structure maps to the real file system as follows. The (virtual)
* directories /areas, /users and /groups correspond to the fysical
* directories {$CFG->datadir}/areas, {$CFG->datadir}/users and
* {$CFG->datadir}/groups respectively. The subdirectories correspond to
* a (unique) area, user or group and serve as a file repository for that
* area, user or group.
*
* The (virtual) top-level directory /websiteatschool is a special case.
* It is used to serve the currently running website program code and the
* user-defined translations of active languages.
*
* Before any file is transmitted to the visitor the access privileges
* are checked. The following rules apply.
*
* Access control for the /areas subdirectory
*
* - an area must be active before any files are served
* - the visitor must have access to the private area if files are to be served
* - non-existing files yield a 404 Not Found error
* - non-existing areas also yield a 404 Not Found error
* - if the visitor has no access to the private area, also a 404 Not Found error is returned
*
* Access control for /users and /groups
*
* - a user/group must be active before any files are served
* - non-existing users/groups yield 404 Not Found
* - non-existing files in existing directories also yield 404 Not Found
*
* Access control for /websiteatschool
*
* - there is no limit on downloading the currently active program code or user-defined translations of active languages
*
* Note:
* The check on '..' in the requested filename would be inconclusive if the $path
* is encoded in invalid UTF-8: the overlong sequence 2F C0 AE 2E 2F eventually
* yields 2F 2E 2E 2F or '/../'. Reference: RFC3629 section 10. However, we use
* the filename processed with get_requested_filename() which already checks for
* utf8 validity, which rules out the trick with overlong sequences.
*
* @return void file sent to the browser OR 404 not found on error
*/
function main_file()
{
global $USER;
global $CFG;
global $WAS_SCRIPT_NAME;
global $LANGUAGE;
/** initialise the program, setup database, read configuration, etc. */
require_once $CFG->progdir . '/init.php';
initialise();
was_version_check();
// this never returns if versions don't match
/** utility routines for manipulating files */
require_once $CFG->progdir . '/lib/filelib.php';
$filename = get_requested_filename();
if (is_null($filename)) {
error_exit404();
}
// 0 -- is the visitor logged in
if (isset($_COOKIE[$CFG->session_name])) {
/** dbsessionlib.php contains our own database based session handler */
require_once $CFG->progdir . '/lib/dbsessionlib.php';
dbsession_setup($CFG->session_name);
if (dbsession_exists(magic_unquote($_COOKIE[$CFG->session_name]))) {
session_start();
if (!isset($_SESSION['session_counter'])) {
// first time after login, record start time of session
$_SESSION['session_counter'] = 1;
$_SESSION['session_start'] = strftime("%Y-%m-%d %T");
} else {
$_SESSION['session_counter']++;
}
}
}
/** useraccount.class.php is used to define the USER object */
require_once $CFG->progdir . '/lib/useraccount.class.php';
if (isset($_SESSION) && isset($_SESSION['user_id'])) {
$USER = new Useraccount($_SESSION['user_id']);
$USER->is_logged_in = TRUE;
$_SESSION['language_key'] = $LANGUAGE->get_current_language();
// remember language set via _GET or otherwise
session_write_close();
// we no longer need this here, everything relevant is now in $USER
} else {
$USER = new Useraccount();
$USER->is_logged_in = FALSE;
}
//
// 1 -- does the visitor want to download the source code
//
$path_components = explode('/', trim(strtr($filename, '\\', '/'), '/'));
if (strtolower($path_components[0]) == 'websiteatschool') {
$source = isset($path_components[1]) ? strtolower($path_components[1]) : 'program';
download_source($source);
exit;
}
//
// 2 -- no source code requested. check out regular files
//
$path = '/' . implode('/', $path_components);
// 2A -- always disallow attempts to escape from tree via parent directory tricks
if (in_array('..', $path_components)) {
logger(sprintf("%s(): access denied for file '%s': no tricks with '/../': return 404 Not Found", __FUNCTION__, $path), WLOG_DEBUG);
error_exit404($path);
}
// 2B -- check the 1st and 2nd component of the requested file
switch ($path_components[0]) {
case 'areas':
$area_path = isset($path_components[1]) ? $path_components[1] : '';
$fields = array('area_id', 'is_private');
$where = array('is_active' => TRUE, 'path' => $area_path);
$table = 'areas';
if (($record = db_select_single_record($table, $fields, $where)) === FALSE) {
logger(sprintf("%s(): access denied for file '%s': non-existing or inactive area: return 404 Not Found", __FUNCTION__, $path), WLOG_DEBUG);
error_exit404($path);
}
$area_id = intval($record['area_id']);
if (db_bool_is(TRUE, $record['is_private']) && !$USER->has_intranet_permissions(ACL_ROLE_INTRANET_ACCESS, $area_id)) {
logger(sprintf("%s(): access denied for file '%s' in private area '%d': return 404 Not Found", __FUNCTION__, $path, $area_id), WLOG_DEBUG);
error_exit404($path);
}
break;
case 'users':
$user_path = isset($path_components[1]) ? $path_components[1] : '';
$fields = array('user_id');
$where = array('path' => $user_path, 'is_active' => TRUE);
$table = 'users';
if (($record = db_select_single_record($table, $fields, $where)) === FALSE) {
logger(sprintf("%s(): access denied for file '%s': non-existing or inactive user: return 404 Not Found", __FUNCTION__, $path), WLOG_DEBUG);
error_exit404($path);
}
break;
case 'groups':
$group_path = isset($path_components[1]) ? $path_components[1] : '';
$fields = array('group_id');
$where = array('path' => $group_path, 'is_active' => TRUE);
$table = 'groups';
if (($record = db_select_single_record($table, $fields, $where)) === FALSE) {
logger(sprintf("%s(): access denied for file '%s': non-existing or inactive group: return 404 Not Found", __FUNCTION__, $path), WLOG_DEBUG);
error_exit404($path);
}
break;
default:
logger(sprintf("%s(): access denied for file '%s': subdirectory '%s' not recognised: return 404 Not Found", __FUNCTION__, $path, $path_components[0]), WLOG_DEBUG);
error_exit404($path);
break;
}
// 2C -- still here? 1st and 2nd components are good but does the file exist?
if (!is_file($CFG->datadir . $path)) {
logger(sprintf("%s(): access denied for file '%s': file does not exist: return 404 Not Found", __FUNCTION__, $path), WLOG_DEBUG);
error_exit404($path);
}
//
// At this point we confident that the file exists within the data directory and also that
// the visitor is allowed access to the file. Now send the file to the visitor.
//
$name = basename($path);
if (($bytes_sent = send_file_from_datadir($path, $name)) === FALSE) {
logger(sprintf("Failed to send '%s' using filename '%s'", $path, $name));
$retval = FALSE;
} else {
logger(sprintf("Success sending '%s' using filename '%s', size = %d bytes", $path, $name, $bytes_sent), WLOG_DEBUG);
$retval = TRUE;
}
exit;
}
function do_upgrade($upversion)
{
global $gbl, $sgbl, $login, $ghtml;
$program = $sgbl->__var_program_name;
if (file_exists(".svn") || file_exists(".git")) {
log_cleanup("BREAK -> Development version found");
exit;
}
$programfile = "{$program}-" . $upversion . ".zip";
lxfile_rm_rec("__path_program_htmlbase/help");
lxfile_mkdir("help");
lxfile_rm_rec("__path_program_htmlbase/htmllib/script");
lxfile_rm_rec("__path_program_root/pscript");
$saveddir = getcwd();
lxfile_rm_rec("__path_program_htmlbase/download");
lxfile_mkdir("download");
chdir("download");
log_cleanup("Downloading {$programfile}");
download_source("/{$program}/{$programfile}");
log_cleanup("Download Done!... Start unzip");
system("cd ../../ ; unzip -o httpdocs/download/{$programfile}");
// issue #710 - Make sure the files are owned by lxlabs UID/GID
system("chown -R lxlabs:lxlabs /usr/local/lxlabs/");
chdir($saveddir);
}
}
}
} else {
?>
<tr>
<td colspan="8" class="alert">Le dépôt ne contient aucun plugin.</td>
</tr>
<?php
}
?>
</tbody>
</table> <!-- catalogue ends here -->
<p>
Lovely designed by theirs authors -
<a href="<?php
download_source();
?>
">Download source of this page</a>
version <?php
echo VERSION;
?>
-
Php <?php
echo PHP_VERSION;
?>
</p>
<h3>Paramètres de l'url</h3>
<ul>
<li><strong><?php
echo $root;
?>
