function getUrlfromDir($local_dir)
{
//-------------------------------
$server_dir = getWebDir($local_dir);
$server_scheme = getScheme();
$server_host = getHost();
return "{$server_scheme}://{$server_host}/{$server_dir}";
}
function defineURL($_file)
{
global $CONFIG;
if (!empty($_SERVER['REQUEST_URI'])) {
$parts = parse_url($_SERVER['REQUEST_URI']);
define("LIVEZILLA_URL", getScheme() . $CONFIG["gl_host"] . str_replace($_file, "", $parts["path"]));
} else {
define("LIVEZILLA_URL", getScheme() . $_SERVER["HTTP_HOST"] . str_replace($_file, "", $_SERVER["PHP_SELF"]));
}
}
function getRequestUri($requestUri = null)
{
if ($requestUri === null) {
if (isset($_SERVER['HTTP_X_REWRITE_URL'])) {
// check this first so IIS will catch
$requestUri = $_SERVER['HTTP_X_REWRITE_URL'];
} elseif (isset($_SERVER['IIS_WasUrlRewritten']) && $_SERVER['IIS_WasUrlRewritten'] == '1' && isset($_SERVER['UNENCODED_URL']) && $_SERVER['UNENCODED_URL'] != '') {
$requestUri = $_SERVER['UNENCODED_URL'];
} elseif (isset($_SERVER['REQUEST_URI'])) {
$requestUri = $_SERVER['REQUEST_URI'];
// Http proxy reqs setup request uri with scheme and host [and port] + the url path, only use url path
$schemeAndHttpHost = getScheme() . '://' . getHttpHost();
if (strpos($requestUri, $schemeAndHttpHost) === 0) {
$requestUri = substr($requestUri, strlen($schemeAndHttpHost));
}
} elseif (isset($_SERVER['ORIG_PATH_INFO'])) {
// IIS 5.0, PHP as CGI
$requestUri = $_SERVER['ORIG_PATH_INFO'];
if (!empty($_SERVER['QUERY_STRING'])) {
$requestUri .= '?' . $_SERVER['QUERY_STRING'];
}
} else {
return '';
}
} elseif (!is_string($requestUri)) {
return '';
} else {
// Set GET items, if available
if (false !== ($pos = strpos($requestUri, '?'))) {
// Get key => value pairs and set $_GET
$query = substr($requestUri, $pos + 1);
parse_str($query, $vars);
$this->setQuery($vars);
}
}
return $requestUri;
}
function validate($_basic = false)
{
global $INTERNAL, $GROUPS, $RESPONSE, $CONFIG, $CM;
if (!empty($CONFIG["gl_rhts"]) && getScheme() != SCHEME_HTTP_SECURE) {
define("AUTH_RESULT", LOGIN_REPLY_HTTPS);
} else {
if (DB_CONNECTION || SERVERSETUP) {
if (!empty($_POST[POST_INTERN_AUTHENTICATION_USERID]) && !empty($_POST[POST_INTERN_AUTHENTICATION_PASSWORD])) {
foreach ($INTERNAL as $sysId => $operator) {
if (strtolower($operator->UserId) == strtolower($_POST[POST_INTERN_AUTHENTICATION_USERID])) {
if ($operator->ValidateLoginAttempt()) {
if (!empty($operator->Password) && ($operator->Password == md5($_POST[POST_INTERN_AUTHENTICATION_PASSWORD]) || sha1($operator->Password) == $_POST[POST_INTERN_AUTHENTICATION_PASSWORD])) {
define("CALLER_SYSTEM_ID", $sysId);
if ($_basic) {
define("VALIDATED", true);
return;
}
if (!empty($CM)) {
$operator->LoadUnCacheables();
}
if (isset($_POST[POST_INTERN_NEW_PASSWORD])) {
$INTERNAL[CALLER_SYSTEM_ID]->ChangePassword($_POST[POST_INTERN_NEW_PASSWORD], true, true);
$RESPONSE->Authentications = "<val userid=\"" . base64_encode(CALLER_SYSTEM_ID) . "\" pass=\"" . base64_encode($_POST[POST_INTERN_NEW_PASSWORD]) . "\" />\r\n";
}
if (empty($_POST["p_db_no_req"]) && !DB_CONNECTION) {
define("AUTH_RESULT", LOGIN_REPLY_DB);
break;
}
if (!LOGIN && !SERVERSETUP) {
if ($operator->Deactivated) {
define("AUTH_RESULT", LOGIN_REPLY_ACCOUNT_DEACTIVATED);
break;
}
if (!$operator->ClientWeb && $operator->LastActive < time() - $CONFIG["timeout_clients"] && $_POST[POST_INTERN_AUTHENTICATION_LOGINID] == $operator->LoginId) {
define("AUTH_RESULT", LOGIN_REPLY_SESSION_TIMEOUT);
break;
}
if ($operator->SignOffRequest || !empty($_POST["p_app_device_id"]) && $operator->AppDeviceId != "LOGIN" && $operator->AppDeviceId != $_POST["p_app_device_id"]) {
$operator->SignOff(false);
define("AUTH_RESULT", LOGIN_REPLY_SIGN_OFF_REQUEST);
break;
}
if (!empty($operator->LoginId) && !empty($_POST[POST_INTERN_AUTHENTICATION_LOGINID]) && $_POST[POST_INTERN_AUTHENTICATION_LOGINID] != $operator->LoginId) {
define("AUTH_RESULT", LOGIN_REPLY_BAD_COMBINATION);
break;
}
} else {
if (LOGIN && !SERVERSETUP) {
$operator->AppClient = !empty($_POST["p_app"]);
$operator->ClientWeb = !empty($_POST["p_web"]);
if (($operator->AppClient || $operator->ClientWeb) && $operator->GetPermission(45, PERMISSION_FULL) == PERMISSION_NONE) {
define("AUTH_RESULT", LOGIN_REPLY_NO_MOBILE_ACCESS);
break;
} else {
if ($operator->Deactivated) {
define("AUTH_RESULT", LOGIN_REPLY_ACCOUNT_DEACTIVATED);
break;
} else {
if ($operator->SignOffRequest) {
$operator->SignOff(false);
define("AUTH_RESULT", LOGIN_REPLY_SIGN_OFF_REQUEST);
break;
} else {
if (empty($_POST[POST_INTERN_IGNORE_SIGNED_ON]) && $operator->LastActive > time() - $CONFIG["timeout_clients"] && !empty($operator->LoginId) && $_POST[POST_INTERN_AUTHENTICATION_LOGINID] != $operator->LoginId) {
define("AUTH_RESULT", LOGIN_REPLY_ALREADY_ONLINE);
break;
} else {
if ($operator->PasswordChangeRequest) {
define("AUTH_RESULT", LOGIN_REPLY_CHANGE_PASS);
break;
}
}
}
}
}
} else {
if (SERVERSETUP && $operator->Level != USER_LEVEL_ADMIN) {
if (!(in_array($CONFIG["gl_host"], $operator->WebsitesUsers) && !empty($_POST[POST_INTERN_GET_MANAGEMENT])) && !(in_array($CONFIG["gl_host"], $operator->WebsitesConfig) && empty($_POST[POST_INTERN_GET_MANAGEMENT]))) {
define("AUTH_RESULT", LOGIN_REPLY_NOADMIN);
break;
}
}
}
}
define("VALIDATED", true);
if (!LOGOFF && isset($_POST[POST_INTERN_AUTHENTICATION_LOGINID])) {
$operator->LoginId = $_POST[POST_INTERN_AUTHENTICATION_LOGINID];
} elseif (LOGOFF) {
$operator->LoginId = null;
}
define("AUTH_RESULT", LOGIN_REPLY_SUCCEEDED);
break;
} else {
$operator->DeleteLoginAttempts();
$operator->SaveLoginAttempt(md5($_POST[POST_INTERN_AUTHENTICATION_PASSWORD]));
break;
}
}
}
}
}
} else {
define("AUTH_RESULT", LOGIN_REPLY_DB);
}
}
if (isValidated() && LOGIN) {
$INTERNAL[CALLER_SYSTEM_ID]->IP = getIP();
$INTERNAL[CALLER_SYSTEM_ID]->FirstActive = time();
$INTERNAL[CALLER_SYSTEM_ID]->VisitorFileSizes = array();
$INTERNAL[CALLER_SYSTEM_ID]->VisitorStaticReload = array();
$isex = !empty($INTERNAL[CALLER_SYSTEM_ID]->Groups) && $GROUPS[$INTERNAL[CALLER_SYSTEM_ID]->Groups[0]]->IsExternal;
$RESPONSE->Login = $INTERNAL[CALLER_SYSTEM_ID]->GetLoginReply($isex, getTimeDifference($_POST[POST_INTERN_CLIENT_TIME]));
}
if (!defined("AUTH_RESULT")) {
define("AUTH_RESULT", LOGIN_REPLY_BAD_COMBINATION);
}
}
$html = str_replace("<!--ssl_secured-->", getScheme() == SCHEME_HTTP_SECURE && !empty($CONFIG["gl_sssl"]) ? "" : "display:none;", $html);
} else {
if ($_GET[GET_EXTERN_TEMPLATE] == "lz_chat_frame.3.2.lgin.0.0") {
$html = getFile(PATH_FRAMES . $_GET[GET_EXTERN_TEMPLATE] . ".tpl");
} else {
if ($_GET[GET_EXTERN_TEMPLATE] == "lz_chat_frame.3.2.chat" && isset($_POST[GET_EXTERN_GROUP])) {
$html = getFile(PATH_FRAMES . $_GET[GET_EXTERN_TEMPLATE] . ".tpl");
$html = str_replace("<!--intgroup-->", base64UrlEncode($_POST[GET_EXTERN_GROUP]), $html);
} else {
if ($_GET[GET_EXTERN_TEMPLATE] == "lz_chat_frame.3.2.mail.1.0") {
initData(array("INTERNAL", "GROUPS", "INPUTS"));
$groupbuilder = new GroupBuilder($INTERNAL, $GROUPS, NULL);
$html = getFile(PATH_FRAMES . $_GET[GET_EXTERN_TEMPLATE] . ".tpl");
$html = getChatLoginInputs($html, MAX_INPUT_LENGTH);
$html = str_replace("<!--alert-->", getAlertTemplate(), $html);
$html = str_replace("<!--ssl_secured-->", getScheme() == SCHEME_HTTP_SECURE && !empty($CONFIG["gl_sssl"]) ? "" : "display:none;", $html);
$html = str_replace("<!--groups-->", $groupbuilder->GetHTML($DEFAULT_BROWSER_LANGUAGE), $html);
} else {
if ($_GET[GET_EXTERN_TEMPLATE] == "lz_chat_frame.1.1") {
$html = getFile(PATH_FRAMES . $_GET[GET_EXTERN_TEMPLATE] . ".tpl");
if (isset($_GET[GET_EXTERN_USER_HEADER]) && !empty($_GET[GET_EXTERN_USER_HEADER])) {
$html = str_replace("<!--logo-->", "<img src=\"" . base64UrlDecode($_GET[GET_EXTERN_USER_HEADER]) . "\" border=\"0\"><br>", $html);
} else {
if (!empty($CONFIG["gl_cali"])) {
$html = str_replace("<!--logo-->", "<img src=\"" . $CONFIG["gl_cali"] . "\" border=\"0\"><br>", $html);
}
}
if (!empty($CONFIG["gl_cahi"])) {
$html = str_replace("<!--background-->", "<img src=\"" . $CONFIG["gl_cahi"] . "\" border=\"0\"><br>", $html);
}
} else {
/**
* @return string
*/
function getTrustRoot()
{
// {{{
return sprintf("%s://%s:%s%s", getScheme(), $_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT'], str_replace('\\', '/', dirname($_SERVER['PHP_SELF'])));
}
function getUrlPort()
{
global $req_headers;
$scheme = getScheme();
if (array_key_exists('X_FORWARDED_PROTO', $req_headers) && $req_headers['X_FORWARDED_PROTO'] == 'https') {
$server_port = 443;
} else {
$matches = array();
preg_match('/:(\\d{1,5})$/', $_SERVER['HTTP_HOST'], $matches);
if (array_key_exists(1, $matches)) {
$server_port = $matches[1];
} else {
$server_port = $_SERVER['SERVER_PORT'];
}
}
if ($scheme == 'http' && $server_port == 80) {
$urlPort = '';
} elseif ($scheme == 'https' && $server_port == 443) {
$urlPort = '';
} else {
$urlPort = ":{$server_port}";
}
return $urlPort;
}
function _replace_tag($matches)
{
global $urlid, $striptags, $iframe;
$url = get_full_url($matches[4]);
if (in_array('ads', $striptags) && strtolower($matches[2]) == 'img' && preg_match("/\\/ads?\\//i", $url)) {
return '';
}
// switch on tag
switch (strtolower($matches[2])) {
// attn: order is crucial as $url needs be saved to get overwritten
case 'form':
$append = "<input type='hidden' name='{$urlid}' value='{$url}'/>";
$url = getScheme() . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
if ($iframe) {
$append .= "<input type='hidden' name='iframe' value='{$iframe}'/>";
}
break;
case 'area':
$parameters = "?{$urlid}=" . urlencode($url);
$url = getScheme() . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
if ($iframe) {
$parameters .= "&iframe=" . $iframe;
}
break;
}
return $matches[1] . $url . $parameters . $matches[5] . $append;
}
/**
* Enter description here...
*
* @return URL that serves as the entry point for authenthication
*/
function getTrustRoot()
{
//with full path including domain name, port and dir
return sprintf("%s://%s:%s%s/", getScheme(), $_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT'], dirname($_SERVER['PHP_SELF']));
}
function _replace_tag($matches)
{
global $urlid, $striptags;
$url = get_full_url($matches[4]);
if (in_array('ads', $striptags) && strtolower($matches[2]) == 'img' && preg_match("/\\/ads?\\//i", $url)) {
return '';
}
// switch on tag
switch (strtolower($matches[2])) {
case 'form':
$append = "<input type='hidden' name='{$urlid}' value='{$url}'/>";
$url = getScheme() . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
break;
case 'area':
$parameters = "?{$urlid}=" . urlencode($url);
$url = getScheme() . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
break;
}
return $matches[1] . $url . $parameters . $matches[5] . $append;
}
function defineURL($_file)
{
global $CONFIG;
if (!empty($_SERVER['REQUEST_URI']) && !empty($CONFIG["gl_root"])) {
$parts = parse_url($_SERVER['REQUEST_URI']);
define("LIVEZILLA_URL", getScheme() . $CONFIG["gl_host"] . str_replace($_file, "", @$parts["path"]));
} else {
define("LIVEZILLA_URL", getScheme() . @$_SERVER["HTTP_HOST"] . str_replace($_file, "", htmlentities($_SERVER["PHP_SELF"], ENT_QUOTES, "UTF-8")));
}
}
function getReturnTo()
{
return sprintf("%s://%s:%s%s/finish.php", getScheme(), $_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT'], dirname($_SERVER['PHP_SELF']));
}
* Improper changes to this file may cause critical errors. It is strongly
* recommended to desist from editing this file.
*
***************************************************************************************/
define("ACCESSTIME", microtime());
define("ACCESSID", md5(microtime()));
define("IN_LIVEZILLA", true);
define("SAFE_MODE", @ini_get('safe_mode'));
define("LIVEZILLA_PATH", "./");
@error_reporting(E_ALL);
require LIVEZILLA_PATH . "_definitions/definitions.inc.php";
require LIVEZILLA_PATH . "_definitions/definitions.files.inc.php";
require LIVEZILLA_PATH . "_definitions/definitions.protocol.inc.php";
require LIVEZILLA_PATH . "_lib/functions.global.inc.php";
require LIVEZILLA_PATH . "_lib/objects.global.users.inc.php";
define("LIVEZILLA_URL", getScheme() . $_SERVER["HTTP_HOST"] . str_replace(FILE_SERVER_FILE, "", $_SERVER["PHP_SELF"]));
header("Connection: close");
processHeaderValues();
$RESPONSE = new Response();
if (!isset($_POST[POST_INTERN_ADMINISTRATE]) && isset($_POST[POST_SERVER_REQUEST_TYPE]) && $_POST[POST_SERVER_REQUEST_TYPE] == CALLER_TYPE_INTERNAL) {
header("Content-Type: text/xml; charset=UTF-8");
if (getIdle()) {
$RESPONSE->SetValidationError(LOGIN_REPLY_IDLE);
exit($RESPONSE->GetXML());
}
if (!getAvailability() && $_POST[POST_INTERN_SERVER_ACTION] == INTERN_ACTION_LOGIN && !isset($_POST[POST_INTERN_ACCESSTEST])) {
$RESPONSE->SetValidationError(LOGIN_REPLY_DEACTIVATED);
exit($RESPONSE->GetXML());
}
}
require LIVEZILLA_PATH . "_config/config.inc.php";
*
* Improper changes to this file may cause critical errors.
***************************************************************************************/
define("IN_LIVEZILLA", true);
if (!defined("LIVEZILLA_PATH")) {
define("LIVEZILLA_PATH", "./");
}
header("Content-Type: text/html; charset=UTF-8");
require LIVEZILLA_PATH . "_lib/functions.global.inc.php";
require LIVEZILLA_PATH . "_definitions/definitions.inc.php";
require LIVEZILLA_PATH . "_definitions/definitions.protocol.inc.php";
require LIVEZILLA_PATH . "_definitions/definitions.dynamic.inc.php";
require LIVEZILLA_PATH . "_lib/functions.index.inc.php";
languageSelect();
@set_error_handler("handleError");
$scheme = getScheme();
if (isset($_GET[GET_INDEX_SERVER_ACTION]) && $_GET[GET_INDEX_SERVER_ACTION] == "addserver") {
$html = doReplacements(getFile(TEMPLATE_HTML_ADD_SERVER));
$html = str_replace("<!--lz_add_url-->", getServerAddLink($scheme), $html);
exit($html);
} else {
$html = getFile(TEMPLATE_HTML_INDEX);
$errorbox = null;
$errors['write'] = getFolderPermissions();
$errors['php_version'] = getPhpVersion();
$errors['mysql'] = getMySQL();
if (!empty($errors['write']) || !empty($errors['php_version']) || !empty($errors['mysql'])) {
$errorbox = getFile(TEMPLATE_HTML_INDEX_ERRORS);
$errorbox = str_replace("<!--write_access-->", $errors['write'], $errorbox);
if (strlen($errors['write']) > 0 && !empty($errors['php_version'])) {
$errors['php_version'] = "<br><br>" . $errors['php_version'];
function defineURL($_file)
{
global $CONFIG;
if (!empty($_SERVER['REQUEST_URI']) && !empty($CONFIG["gl_root"])) {
$parts = parse_url($_SERVER['REQUEST_URI']);
$host = $CONFIG["gl_host"];
$path = @$parts["path"];
} else {
$host = @$_SERVER["HTTP_HOST"];
$path = $_SERVER["PHP_SELF"];
}
if (!empty($path) && !endsWith(strtolower($path), strtolower($_file)) && strpos(strtolower($path), strtolower($_file)) !== false) {
exit("err 888383");
}
define("LIVEZILLA_URL", getScheme() . $host . str_replace($_file, "", htmlentities($path, ENT_QUOTES, "UTF-8")));
}
private function getTrustRoot()
{
return sprintf("%s://%s:%s%s/", getScheme(), $_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT'], dirname($_SERVER['PHP_SELF']));
}
function getTrustRoot()
{
return sprintf("%s://%s:%s/", getScheme(), $_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT']);
}
curl_setopt($c, CURLOPT_VERBOSE, 0);
curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
$r = curl_exec($c);
$http_retcode = curl_getinfo($c, CURLINFO_HTTP_CODE);
$error = curl_error($c);
if ($http_retcode !== 200) {
header('HTTP/1.0 ' . $http_retcode);
nocache();
print "ERROR 207 : " . $error;
die;
}
$storage = json_decode($r);
// put in cache
file_put_contents(CACHEPATH . '/' . $cacheKey, serialize(array('os_expires' => strtotime($storage->expires), 'os_endpoint' => $storage->endpoint, 'os_token' => $storage->token, 'access_token' => $access_token, 'access_expires' => $access_expires, 'refresh_token' => $refresh_token)));
if ($mode == 'callback' || $mode == 'autoregister') {
header('HTTP/1.0 301 Redirect');
nocache();
header('Location: ' . getScheme() . '://' . $_SERVER['HTTP_HOST'] . $_prefix . '/success/');
} else {
if ($mode == 'swift') {
header('X-Storage-Url: ' . $storage->endpoint);
header('X-Auth-Token: ' . $storage->token);
header('HTTP/1.0 204 No Content');
// header('HTTP/1.0 200 OK'); // dulwich swift-repo does not understand 204
nocache();
} else {
header('HTTP/1.0 404 Not Found');
nocache();
print "Not Found!";
}
}
function getTrustRoot()
{
$directory = dirname($_SERVER['PHP_SELF']);
$directory = "/" ? "" : $directory;
return sprintf("%s://%s:%s%s/", getScheme(), $_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT'], $directory);
}
