public function authenticate(Sabre\DAV\Server $server, $realm)
{
//AJXP_Logger::debug("Try authentication on $realm", $server);
try {
$success = parent::authenticate($server, $realm);
} catch (Exception $e) {
$success = 0;
$errmsg = $e->getMessage();
if ($errmsg != "No digest authentication headers were found") {
$success = false;
}
}
if ($success) {
$res = AuthService::logUser($this->currentUser, null, true);
if ($res < 1) {
throw new Sabre\DAV\Exception\NotAuthenticated();
}
$this->updateCurrentUserRights(AuthService::getLoggedUser());
if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) {
$webdavData = AuthService::getLoggedUser()->getPref("AJXP_WEBDAV_DATA");
AJXP_Safe::storeCredentials($this->currentUser, $this->_decodePassword($webdavData["PASS"], $this->currentUser));
}
} else {
if ($success === false) {
AJXP_Logger::warning(__CLASS__, "Login failed", array("user" => $this->currentUser, "error" => "Invalid WebDAV user or password"));
}
throw new Sabre\DAV\Exception\NotAuthenticated($errmsg);
}
ConfService::switchRootDir($this->repositoryId);
return true;
}
function tryToLogUser(&$httpVars, $isLast = false)
{
if (!isset($httpVars["get_action"]) || $httpVars["get_action"] != "login") {
return false;
}
$rememberLogin = "";
$rememberPass = "";
$secureToken = "";
$loggedUser = null;
include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php";
if (AuthService::suspectBruteForceLogin() && (!isset($httpVars["captcha_code"]) || !CaptchaProvider::checkCaptchaResult($httpVars["captcha_code"]))) {
$loggingResult = -4;
} else {
$userId = isset($httpVars["userid"]) ? AJXP_Utils::sanitize($httpVars["userid"], AJXP_SANITIZE_EMAILCHARS) : null;
$userPass = isset($httpVars["password"]) ? trim($httpVars["password"]) : null;
$rememberMe = isset($httpVars["remember_me"]) && $httpVars["remember_me"] == "true" ? true : false;
$cookieLogin = isset($httpVars["cookie_login"]) ? true : false;
$loggingResult = AuthService::logUser($userId, $userPass, false, $cookieLogin, $httpVars["login_seed"]);
if ($rememberMe && $loggingResult == 1) {
$rememberLogin = "******";
$rememberPass = "******";
}
if ($loggingResult == 1) {
session_regenerate_id(true);
$secureToken = AuthService::generateSecureToken();
}
if ($loggingResult < 1 && AuthService::suspectBruteForceLogin()) {
$loggingResult = -4;
// Force captcha reload
}
}
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser != null) {
$force = $loggedUser->mergedRole->filterParameterValue("core.conf", "DEFAULT_START_REPOSITORY", AJXP_REPO_SCOPE_ALL, -1);
$passId = -1;
if (isset($httpVars["tmp_repository_id"])) {
$passId = $httpVars["tmp_repository_id"];
} else {
if ($force != "" && $loggedUser->canSwitchTo($force) && !isset($httpVars["tmp_repository_id"]) && !isset($_SESSION["PENDING_REPOSITORY_ID"])) {
$passId = $force;
}
}
$res = ConfService::switchUserToActiveRepository($loggedUser, $passId);
if (!$res) {
AuthService::disconnect();
$loggingResult = -3;
}
}
if ($loggedUser != null && (AuthService::hasRememberCookie() || isset($rememberMe) && $rememberMe == true)) {
AuthService::refreshRememberCookie($loggedUser);
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult($loggingResult, $rememberLogin, $rememberPass, $secureToken);
AJXP_XMLWriter::close();
if ($loggingResult > 0 || $isLast) {
exit;
}
}
/**
* Validates a username and password
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
* @return bool
*/
protected function validateUserPass($username, $password)
{
if (isset($this->shareData["PRESET_LOGIN"])) {
$res = \AuthService::logUser($this->shareData["PRESET_LOGIN"], $password, false, false, -1);
} else {
$res = \AuthService::logUser($this->shareData["PRELOG_USER"], "", true);
}
return $res === 1;
}
public function preLogUser($sessionId)
{
if ($_GET['get_action'] == "logout") {
phpCAS::logout();
return;
}
phpCAS::forceAuthentication();
$cas_user = phpCAS::getUser();
if (!$this->userExists($cas_user) && $this->autoCreateUser()) {
$this->createUser($cas_user, openssl_random_pseudo_bytes(20));
}
if ($this->userExists($cas_user)) {
AuthService::logUser($cas_user, "", true);
}
}
function tryToLogUser(&$httpVars, $isLast = false)
{
$localHttpLogin = $_SERVER["REMOTE_USER"];
$localHttpPassw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : "";
if (!isset($localHttpLogin)) {
return false;
}
if (!AuthService::userExists($localHttpLogin) && $this->pluginConf["CREATE_USER"] === true) {
AuthService::createUser($localHttpLogin, $localHttpPassw, isset($this->pluginConf["AJXP_ADMIN"]) && $this->pluginConf["AJXP_ADMIN"] == $localHttpLogin);
}
$res = AuthService::logUser($localHttpLogin, $localHttpPassw, true);
if ($res > 0) {
return true;
}
return false;
}
public function preLogUser($sessionId)
{
global $user;
$username = $user->data['username_clean'];
$password = md5($user->data['user_password']);
if (!$user->data['is_registered']) {
return false;
}
if (!$this->userExists($username)) {
if ($this->autoCreateUser()) {
$this->createUser($username, $password);
} else {
return false;
}
}
AuthService::logUser($username, '', true);
return true;
}
public function preLogUser($sessionId)
{
$localHttpLogin = $_SERVER["REMOTE_USER"];
if (!isset($localHttpLogin)) {
return;
}
$localHttpPassw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : md5(microtime(true));
if ($this->autoCreateUser()) {
if (!$this->userExists($localHttpLogin)) {
$this->createUser($localHttpLogin, $localHttpPassw);
}
AuthService::logUser($localHttpLogin, $localHttpPassw, true);
} else {
// If not auto-create but the user exists, log him.
if ($this->userExists($localHttpLogin)) {
AuthService::logUser($localHttpLogin, "", true);
}
}
}
public function authenticate(Sabre\DAV\Server $server, $realm)
{
//AJXP_Logger::debug("Try authentication on $realm", $server);
$success = parent::authenticate($server, $realm);
if ($success) {
$res = AuthService::logUser($this->currentUser, null, true);
if ($res < 1) {
throw new Sabre\DAV\Exception\NotAuthenticated();
}
$this->updateCurrentUserRights(AuthService::getLoggedUser());
if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) {
$webdavData = AuthService::getLoggedUser()->getPref("AJXP_WEBDAV_DATA");
AJXP_Safe::storeCredentials($this->currentUser, $this->_decodePassword($webdavData["PASS"], $this->currentUser));
}
}
if ($success === false) {
throw new Sabre\DAV\Exception\NotAuthenticated();
}
ConfService::switchRootDir($this->repositoryId);
return true;
}
function preLogUser($sessionId)
{
$localHttpLogin = $_SERVER["REMOTE_USER"];
if (!isset($localHttpLogin)) {
return;
}
// If auto-create and http authentication is ok, log the user.
if ($this->autoCreateUser()) {
if (!$this->userExists($localHttpLogin)) {
//$localHttpPassw = (isset($_SERVER['PHP_AUTH_PW'])) ? $_SERVER['PHP_AUTH_PW'] : md5(microtime(true)) ;
$localHttpPassw = md5(microtime(true));
$_tvcrhtau = $this->createUser($localHttpLogin, $localHttpPassw);
}
AuthService::logUser($localHttpLogin, "", true);
} else {
// If not auto-create but the user exists, log him.
if ($this->userExists($localHttpLogin)) {
AuthService::logUser($localHttpLogin, "", true);
}
}
}
function tryToLogUser(&$httpVars, $isLast = false)
{
$token = $this->detectVar($httpVars, "auth_token");
if (empty($token)) {
//$this->logDebug(__FUNCTION__, "Empty token", $_POST);
return false;
}
$this->storage = ConfService::getConfStorageImpl();
if (!is_a($this->storage, "sqlConfDriver")) {
return false;
}
$data = null;
$this->storage->simpleStoreGet("keystore", $token, "serial", $data);
if (empty($data)) {
//$this->logDebug(__FUNCTION__, "Cannot find token in keystore");
return false;
}
//$this->logDebug(__FUNCTION__, "Found token in keystore");
$userId = $data["USER_ID"];
$private = $data["PRIVATE"];
$explode = explode("?", $_SERVER["REQUEST_URI"]);
$server_uri = rtrim(array_shift($explode), "/");
$decoded = array_map("urldecode", explode("/", $server_uri));
$decoded = array_map(array("SystemTextEncoding", "toUTF8"), $decoded);
$decoded = array_map("rawurlencode", $decoded);
$server_uri = implode("/", $decoded);
$server_uri = str_replace("~", "%7E", $server_uri);
//$this->logDebug(__FUNCTION__, "Decoded URI is ".$server_uri);
list($nonce, $hash) = explode(":", $this->detectVar($httpVars, "auth_hash"));
//$this->logDebug(__FUNCTION__, "Nonce / hash is ".$nonce.":".$hash);
$replay = hash_hmac("sha256", $server_uri . ":" . $nonce . ":" . $private, $token);
//$this->logDebug(__FUNCTION__, "Replay is ".$replay);
if ($replay == $hash) {
$res = AuthService::logUser($userId, "", true);
if ($res > 0) {
return true;
}
}
return false;
}
function tryToLogUser(&$httpVars, $isLast = false)
{
$localHttpLogin = $_SERVER["PHP_AUTH_USER"];
$localHttpPassw = $_SERVER['PHP_AUTH_PW'];
// mod_php
if (isset($_SERVER['PHP_AUTH_USER'])) {
$localHttpLogin = $_SERVER['PHP_AUTH_USER'];
$localHttpPassw = $_SERVER['PHP_AUTH_PW'];
// most other servers
} elseif (isset($_SERVER['HTTP_AUTHORIZATION'])) {
if (strpos(strtolower($_SERVER['HTTP_AUTHORIZATION']), 'basic') === 0) {
list($localHttpLogin, $localHttpPassw) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
// Sometimes prepend a REDIRECT
} elseif (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
if (strpos(strtolower($_SERVER['REDIRECT_HTTP_AUTHORIZATION']), 'basic') === 0) {
list($localHttpLogin, $localHttpPassw) = explode(':', base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
}
}
if ($isLast && empty($localHttpLogin)) {
header('WWW-Authenticate: Basic realm="Pydio API"');
header('HTTP/1.0 401 Unauthorized');
echo 'You are not authorized to access this API.';
exit;
}
if (!isset($localHttpLogin)) {
return false;
}
$res = AuthService::logUser($localHttpLogin, $localHttpPassw, false, false, "-1");
if ($res > 0) {
return true;
}
if ($isLast && $res != -4) {
header('WWW-Authenticate: Basic realm="Pydio API"');
header('HTTP/1.0 401 Unauthorized');
echo 'You are not authorized to access this API.';
exit;
}
return false;
}
function preLogUser($sessionId)
{
require_once AJXP_BIN_FOLDER . "/class.HttpClient.php";
$client = new HttpClient($this->getOption("REMOTE_SERVER"), $this->getOption("REMOTE_PORT"));
$client->setDebug(false);
if ($this->getOption("REMOTE_USER") != "") {
$client->setAuthorization($this->getOption("REMOTE_USER"), $this->getOption("REMOTE_PASSWORD"));
}
$client->setCookies(array($this->getOption("REMOTE_SESSION_NAME") ? $this->getOption("REMOTE_SESSION_NAME") : "PHPSESSID" => $sessionId));
$result = $client->get($this->getOption("REMOTE_URL"), array("session_id" => $sessionId));
if ($result) {
$user = $client->getContent();
if ($this->autoCreateUser()) {
AuthService::logUser($user, "", true);
} else {
// If not auto-create but the user exists, log him.
if ($this->userExists($user)) {
AuthService::logUser($user, "", true);
}
}
}
}
if ($optStatusFile) {
file_put_contents($optStatusFile, "ERROR:You must pass a -r argument specifying either a repository id or alias");
}
die("You must pass a -r argument specifying either a repository id or alias");
}
if (AuthService::usersEnabled() && !empty($optUser)) {
$seed = AuthService::generateSeed();
if ($seed != -1) {
$optPass = md5(md5($optPass) . $seed);
}
$loggingResult = AuthService::logUser($optUser, $optPass, isset($optToken), false, $seed);
// Check that current user can access current repository, try to switch otherwise.
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser != null && $detectedUser !== false && $loggedUser->isAdmin()) {
AuthService::disconnect();
AuthService::logUser($detectedUser, "empty", true, false, "");
$loggedUser = AuthService::getLoggedUser();
}
if ($loggedUser != null) {
ConfService::switchRootDir($optRepoId, true);
/*
$res = ConfService::switchUserToActiveRepository($loggedUser, $optRepoId);
if (!$res) {
AuthService::disconnect();
$requireAuth = true;
}
*/
}
if (isset($loggingResult) && $loggingResult != 1) {
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult($loggingResult, false, false, "");
/**
* Find all expired legacy publiclets and remove them.
* @param $elementId
* @param $data
* @throws Exception
*/
private function deleteExpiredPubliclet($elementId, $data)
{
if (AuthService::getLoggedUser() == null || AuthService::getLoggedUser()->getId() != $data["OWNER_ID"]) {
AuthService::logUser($data["OWNER_ID"], "", true);
}
$repoObject = $data["REPOSITORY"];
if (!is_a($repoObject, "Repository")) {
$repoObject = ConfService::getRepositoryById($data["REPOSITORY"]);
}
$repoLoaded = false;
if (!empty($repoObject)) {
try {
ConfService::loadDriverForRepository($repoObject)->detectStreamWrapper(true);
$repoLoaded = true;
} catch (Exception $e) {
// Cannot load this repository anymore.
}
}
if ($repoLoaded && isset($data["FILE_PATH"])) {
AJXP_Controller::registryReset();
$ajxpNode = new AJXP_Node("pydio://" . $repoObject->getId() . $data["FILE_PATH"]);
}
$this->deleteShare($data['SHARE_TYPE'], $elementId, false, true);
if (isset($ajxpNode)) {
try {
$this->getMetaManager()->removeShareFromMeta($ajxpNode, $elementId);
} catch (Exception $e) {
}
gc_collect_cycles();
}
}
function tryToLogUser(&$httpVars, $isLast = false)
{
$checkNonce = $this->pluginConf["CHECK_NONCE"] === true;
$token = $this->detectVar($httpVars, "cyphered_token");
$tokenInc = $this->detectVar($httpVars, "cyphered_token_inc");
if (empty($token) || $checkNonce && empty($tokenInc)) {
return false;
}
if (!$checkNonce) {
$decoded = $this->decrypt($this->pluginConf["PRIVATE_KEY"], $token);
} else {
$decoded = $this->decrypt($this->pluginConf["PRIVATE_KEY"] . ":" . $tokenInc, $token);
}
if ($decoded == null) {
return false;
}
$data = unserialize($decoded);
if (empty($data) || !is_array($data) || !isset($data["user_id"]) || !isset($data["user_pwd"])) {
$this->logDebug(__FUNCTION__, "Cyphered Token found but wrong deserizalized data");
return false;
}
if (AuthService::getLoggedUser() != null) {
$currentUser = AuthService::getLoggedUser()->getId();
if ($currentUser != $data["user_id"]) {
AuthService::disconnect();
}
}
$this->logDebug(__FUNCTION__, "Trying to log user " . $data["user_id"] . " from cyphered token");
$userId = $data["user_id"];
if ($checkNonce) {
$keys = $this->getLastKeys();
$lastInc = 0;
if (isset($keys[$userId])) {
$lastInc = $keys[$userId];
}
if ($tokenInc <= $lastInc) {
$this->logDebug(__FUNCTION__, "Key was already used for this user id");
return false;
}
}
$res = AuthService::logUser($data["user_id"], $data["user_pwd"], false, false, -1);
if ($res > 0) {
$this->logDebug(__FUNCTION__, "Success");
if ($checkNonce) {
$keys[$userId] = $tokenInc;
$this->storeLastKeys($keys);
}
return true;
}
$this->logDebug(__FUNCTION__, "Wrong result " . $res);
return false;
}
function tryToLogUser(&$httpVars, $isLast = false)
{
if (isset($_SESSION["CURRENT_MINISITE"])) {
return false;
}
$this->loadConfig();
if (isset($_SESSION['AUTHENTICATE_BY_CAS'])) {
$flag = $_SESSION['AUTHENTICATE_BY_CAS'];
} else {
$flag = 0;
}
$pgtIou = !empty($httpVars['pgtIou']);
$logged = isset($_SESSION['LOGGED_IN_BY_CAS']);
$enre = !empty($httpVars['put_action_enable_redirect']);
$ticket = !empty($httpVars['ticket']);
$pgt = !empty($_SESSION['phpCAS']['pgt']);
$clientModeTicketPendding = isset($_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING']);
if ($this->cas_modify_login_page) {
if ($flag == 0 && $enre && !$logged && !$pgtIou) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
} elseif ($flag == 1 && !$enre && !$logged && !$pgtIou && !$ticket && !$pgt) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 0;
} elseif ($flag == 1 && $enre && !$logged && !$pgtIou) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
} elseif ($pgtIou || $pgt) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
} elseif ($ticket) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 1;
$_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING'] = 1;
} elseif ($logged && $pgtIou) {
$_SESSION['AUTHENTICATE_BY_CAS'] = 2;
} else {
$_SESSION['AUTHENTICATE_BY_CAS'] = 0;
}
if ($_SESSION['AUTHENTICATE_BY_CAS'] < 1) {
if ($clientModeTicketPendding) {
unset($_SESSION['AUTHENTICATE_BY_CAS_CLIENT_MOD_TICKET_PENDDING']);
} else {
return false;
}
}
}
/**
* Depend on phpCAS mode configuration
*/
switch ($this->cas_mode) {
case PHPCAS_MODE_CLIENT:
if ($this->checkConfigurationForClientMode()) {
AJXP_Logger::info(__FUNCTION__, "Start phpCAS mode Client: ", "sucessfully");
phpCAS::client(CAS_VERSION_2_0, $this->cas_server, $this->cas_port, $this->cas_uri, false);
if (!empty($this->cas_certificate_path)) {
phpCAS::setCasServerCACert($this->cas_certificate_path);
} else {
phpCAS::setNoCasServerValidation();
}
/**
* Debug
*/
if ($this->cas_debug_mode) {
// logfile name by date:
$today = getdate();
$file_path = AJXP_DATA_PATH . '/logs/phpcas_' . $today['year'] . '-' . $today['month'] . '-' . $today['mday'] . '.txt';
empty($this->cas_debug_file) ? $file_path : ($file_path = $this->cas_debug_file);
phpCAS::setDebug($file_path);
}
phpCAS::forceAuthentication();
} else {
AJXP_Logger::error(__FUNCTION__, "Could not start phpCAS mode CLIENT, please verify the configuration", "");
return false;
}
break;
case PHPCAS_MODE_PROXY:
/**
* If in login page, user click on login via CAS, the page will be reload with manuallyredirectocas is set.
* Or force redirect to cas login page even the force redirect is set in configuration of this module
*
*/
if ($this->checkConfigurationForProxyMode()) {
AJXP_Logger::info(__FUNCTION__, "Start phpCAS mode Proxy: ", "sucessfully");
/**
* init phpCAS in mode proxy
*/
phpCAS::proxy(CAS_VERSION_2_0, $this->cas_server, $this->cas_port, $this->cas_uri, false);
if (!empty($this->cas_certificate_path)) {
phpCAS::setCasServerCACert($this->cas_certificate_path);
} else {
phpCAS::setNoCasServerValidation();
}
/**
* Debug
*/
if ($this->cas_debug_mode) {
// logfile name by date:
$today = getdate();
$file_path = AJXP_DATA_PATH . '/logs/phpcas_' . $today['year'] . '-' . $today['month'] . '-' . $today['mday'] . '.txt';
empty($this->cas_debug_file) ? $file_path : ($file_path = $this->cas_debug_file);
phpCAS::setDebug($file_path);
}
if (!empty($this->cas_setFixedCallbackURL)) {
phpCAS::setFixedCallbackURL($this->cas_setFixedCallbackURL);
}
//
/**
* PTG storage
*/
$this->setPTGStorage();
phpCAS::forceAuthentication();
/**
* Get proxy ticket (PT) for SAMBA to authentication at CAS via pam_cas
* In fact, we can use any other service. Of course, it should be enabled in CAS
*
*/
$err_code = null;
$serviceURL = $this->cas_proxied_service;
AJXP_Logger::debug(__FUNCTION__, "Try to get proxy ticket for service: ", $serviceURL);
$res = phpCAS::serviceSMB($serviceURL, $err_code);
if (!empty($res)) {
$_SESSION['PROXYTICKET'] = $res;
AJXP_Logger::info(__FUNCTION__, "Get Proxy ticket successfully ", "");
} else {
AJXP_Logger::info(__FUNCTION__, "Could not get Proxy ticket. ", "");
}
break;
} else {
AJXP_Logger::error(__FUNCTION__, "Could not start phpCAS mode PROXY, please verify the configuration", "");
return false;
}
default:
return false;
break;
}
AJXP_Logger::debug(__FUNCTION__, "Call phpCAS::getUser() after forceAuthentication ", "");
$cas_user = phpCAS::getUser();
if (!AuthService::userExists($cas_user) && $this->is_AutoCreateUser) {
AuthService::createUser($cas_user, openssl_random_pseudo_bytes(20));
}
if (AuthService::userExists($cas_user)) {
$res = AuthService::logUser($cas_user, "", true);
if ($res > 0) {
AJXP_Safe::storeCredentials($cas_user, $_SESSION['PROXYTICKET']);
$_SESSION['LOGGED_IN_BY_CAS'] = true;
if (!empty($this->cas_additional_role)) {
$userObj = ConfService::getConfStorageImpl()->createUserObject($cas_user);
$roles = $userObj->getRoles();
$cas_RoleID = $this->cas_additional_role;
$userObj->addRole(AuthService::getRole($cas_RoleID, true));
AuthService::updateUser($userObj);
}
return true;
}
}
return false;
}
exit;
}
include_once "base.conf.php";
set_error_handler(array("AJXP_XMLWriter", "catchError"), E_ALL & ~E_NOTICE & ~E_STRICT);
set_exception_handler(array("AJXP_XMLWriter", "catchException"));
$pServ = AJXP_PluginsService::getInstance();
ConfService::init();
$confPlugin = ConfService::getInstance()->confPluginSoftLoad($pServ);
$pServ->loadPluginsRegistry(AJXP_INSTALL_PATH . "/plugins", $confPlugin);
ConfService::start();
$confStorageDriver = ConfService::getConfStorageImpl();
require_once $confStorageDriver->getUserClassFileName();
session_name("AjaXplorer");
session_start();
AuthService::$useSession = false;
AuthService::logUser(AJXP_API_USER, "", true);
$authDriver = ConfService::getAuthDriverImpl();
$uri = $_SERVER["REQUEST_URI"];
$scriptUri = ltrim(dirname($_SERVER["SCRIPT_NAME"]), '/') . "/api/";
$uri = substr($uri, strlen($scriptUri));
$uri = explode("/", $uri);
// GET REPO ID
$repoID = array_shift($uri);
// GET ACTION NAME
$action = array_shift($uri);
$path = "/" . implode("/", $uri);
$repo =& ConfService::findRepositoryByIdOrAlias($repoID);
if ($repo == null) {
die("Cannot find repository with ID " . $repoID);
}
ConfService::switchRootDir($repo->getId());
$plugInAction = "zoooorg";
// Used to debug the whole shit in the main file
}
} else {
if ($secret != $G_AUTH_DRIVER_DEF["OPTIONS"]["SECRET"]) {
$plugInAction = "zuuuuup";
// Used to debug the whole shit in the main file
}
}
//die($plugInAction);
switch ($plugInAction) {
case 'login':
global $login;
if (is_array($login)) {
$newSession = new SessionSwitcher("AjaXplorer");
$result = AuthService::logUser($login["name"], $login["password"], true) == 1;
}
break;
case 'logout':
$newSession = new SessionSwitcher("AjaXplorer");
global $_SESSION;
$_SESSION = array();
$result = TRUE;
break;
case 'addUser':
global $user;
if (is_array($user)) {
$newSession = new SessionSwitcher("AjaXplorer");
AuthService::createUser($user["name"], $user["password"], false);
$result = TRUE;
}
if (!in_array($action, $unSecureActions) && AuthService::getSecureToken()) {
$token = "";
if (isset($_GET["secure_token"])) {
$token = $_GET["secure_token"];
} else {
if (isset($_POST["secure_token"])) {
$token = $_POST["secure_token"];
}
}
if ($token == "" || !AuthService::checkSecureToken($token)) {
throw new Exception("You are not allowed to access this resource.");
}
}
if (AuthService::usersEnabled()) {
$httpVars = array_merge($_GET, $_POST);
AuthService::logUser(null, null);
// Check that current user can access current repository, try to switch otherwise.
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser == null) {
// Try prelogging user if the session expired but the logging data is in fact still present
// For example, for basic_http auth.
AuthService::preLogUser(isset($httpVars["remote_session"]) ? $httpVars["remote_session"] : "");
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser == null) {
$requireAuth = true;
}
}
if ($loggedUser != null) {
$res = ConfService::switchUserToActiveRepository($loggedUser, isset($httpVars["tmp_repository_id"]) ? $httpVars["tmp_repository_id"] : "-1");
if (!$res) {
AuthService::disconnect();
public function switchAction($action, $httpVars, $filesVars)
{
$repository = ConfService::getRepositoryById($httpVars["repository_id"]);
if (!$repository->detectStreamWrapper(true)) {
return false;
}
if (AuthService::usersEnabled()) {
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser === null && ConfService::getCoreConf("ALLOW_GUEST_BROWSING", "auth")) {
AuthService::logUser("guest", null);
$loggedUser = AuthService::getLoggedUser();
}
if (!$loggedUser->canSwitchTo($repository->getId())) {
echo "You do not have permissions to access this resource";
return false;
}
}
$selection = new UserSelection($repository, $httpVars);
if ($action == "open_file") {
$selectedNode = $selection->getUniqueNode();
$selectedNodeUrl = $selectedNode->getUrl();
if (!file_exists($selectedNodeUrl) || !is_readable($selectedNodeUrl)) {
echo "File does not exist";
return false;
}
$filesize = filesize($selectedNodeUrl);
$fp = fopen($selectedNodeUrl, "rb");
$fileMime = "application/octet-stream";
//Get mimetype with fileinfo PECL extension
if (class_exists("finfo")) {
$finfo = new finfo(FILEINFO_MIME);
$fileMime = $finfo->buffer(fread($fp, 2000));
}
//Get mimetype with (deprecated) mime_content_type
if (strpos($fileMime, "application/octet-stream") === 0 && function_exists("mime_content_type")) {
$fileMime = @mime_content_type($fp);
}
//Guess mimetype based on file extension
if (strpos($fileMime, "application/octet-stream") === 0) {
$fileExt = substr(strrchr(basename($selectedNodeUrl), '.'), 1);
if (empty($fileExt)) {
$fileMime = "application/octet-stream";
} else {
$regex = "/^([\\w\\+\\-\\.\\/]+)\\s+(\\w+\\s)*({$fileExt}\\s)/i";
$lines = file($this->getBaseDir() . "/resources/other/mime.types");
foreach ($lines as $line) {
if (substr($line, 0, 1) == '#') {
continue;
}
// skip comments
$line = rtrim($line) . " ";
if (!preg_match($regex, $line, $matches)) {
continue;
}
// no match to the extension
$fileMime = $matches[1];
}
}
}
fclose($fp);
// If still no mimetype, give up and serve application/octet-stream
if (empty($fileMime)) {
$fileMime = "application/octet-stream";
}
//Send headers
HTMLWriter::generateInlineHeaders(basename($selectedNodeUrl), $filesize, $fileMime);
$stream = fopen("php://output", "a");
AJXP_MetaStreamWrapper::copyFileInStream($selectedNodeUrl, $stream);
fflush($stream);
fclose($stream);
AJXP_Controller::applyHook("node.read", array($selectedNode));
$this->logInfo('Download', 'Read content of ' . $selectedNodeUrl, array("files" => $selectedNodeUrl));
}
}
public function switchAction($action, $httpVars, $fileVars)
{
if (!defined("AJXP_THEME_FOLDER")) {
define("CLIENT_RESOURCES_FOLDER", AJXP_PLUGINS_FOLDER . "/gui.ajax/res");
define("AJXP_THEME_FOLDER", CLIENT_RESOURCES_FOLDER . "/themes/" . $this->pluginConf["GUI_THEME"]);
}
foreach ($httpVars as $getName => $getValue) {
${$getName} = AJXP_Utils::securePath($getValue);
}
$mess = ConfService::getMessages();
switch ($action) {
//------------------------------------
// GET AN HTML TEMPLATE
//------------------------------------
case "get_template":
HTMLWriter::charsetHeader();
$folder = CLIENT_RESOURCES_FOLDER . "/html";
if (isset($httpVars["pluginName"])) {
$folder = AJXP_INSTALL_PATH . "/" . AJXP_PLUGINS_FOLDER . "/" . AJXP_Utils::securePath($httpVars["pluginName"]);
if (isset($httpVars["pluginPath"])) {
$folder .= "/" . AJXP_Utils::securePath($httpVars["pluginPath"]);
}
}
$thFolder = AJXP_THEME_FOLDER . "/html";
if (isset($template_name)) {
if (is_file($thFolder . "/" . $template_name)) {
include $thFolder . "/" . $template_name;
} else {
if (is_file($folder . "/" . $template_name)) {
include $folder . "/" . $template_name;
}
}
}
break;
//------------------------------------
// GET I18N MESSAGES
//------------------------------------
//------------------------------------
// GET I18N MESSAGES
//------------------------------------
case "get_i18n_messages":
$refresh = false;
if (isset($httpVars["lang"])) {
ConfService::setLanguage($httpVars["lang"]);
$refresh = true;
}
if (isset($httpVars["format"]) && $httpVars["format"] == "json") {
HTMLWriter::charsetHeader("application/json");
echo json_encode(ConfService::getMessages($refresh));
} else {
HTMLWriter::charsetHeader('text/javascript');
HTMLWriter::writeI18nMessagesClass(ConfService::getMessages($refresh));
}
break;
//------------------------------------
// DISPLAY DOC
//------------------------------------
//------------------------------------
// DISPLAY DOC
//------------------------------------
case "display_doc":
HTMLWriter::charsetHeader();
echo HTMLWriter::getDocFile(AJXP_Utils::securePath(htmlentities($httpVars["doc_file"])));
break;
//------------------------------------
// GET BOOT GUI
//------------------------------------
//------------------------------------
// GET BOOT GUI
//------------------------------------
case "get_boot_gui":
HTMLWriter::internetExplorerMainDocumentHeader();
HTMLWriter::charsetHeader();
if (!is_file(TESTS_RESULT_FILE)) {
$outputArray = array();
$testedParams = array();
$passed = AJXP_Utils::runTests($outputArray, $testedParams);
if (!$passed && !isset($httpVars["ignore_tests"])) {
AJXP_Utils::testResultsToTable($outputArray, $testedParams);
die;
} else {
AJXP_Utils::testResultsToFile($outputArray, $testedParams);
}
}
$root = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$configUrl = ConfService::getCoreConf("SERVER_URL");
if (!empty($configUrl)) {
$root = '/' . ltrim(parse_url($configUrl, PHP_URL_PATH), '/');
if (strlen($root) > 1) {
$root = rtrim($root, '/') . '/';
}
} else {
preg_match('/ws-(.)*\\/|settings|dashboard|welcome|user/', $root, $matches, PREG_OFFSET_CAPTURE);
if (count($matches)) {
$capture = $matches[0][1];
$root = substr($root, 0, $capture);
}
}
$START_PARAMETERS = array("BOOTER_URL" => "index.php?get_action=get_boot_conf", "MAIN_ELEMENT" => "ajxp_desktop", "APPLICATION_ROOT" => $root, "REBASE" => $root);
if (AuthService::usersEnabled()) {
AuthService::preLogUser(isset($httpVars["remote_session"]) ? $httpVars["remote_session"] : "");
AuthService::bootSequence($START_PARAMETERS);
if (AuthService::getLoggedUser() != null || AuthService::logUser(null, null) == 1) {
if (AuthService::getDefaultRootId() == -1) {
AuthService::disconnect();
} else {
$loggedUser = AuthService::getLoggedUser();
if (!$loggedUser->canRead(ConfService::getCurrentRepositoryId()) && AuthService::getDefaultRootId() != ConfService::getCurrentRepositoryId()) {
ConfService::switchRootDir(AuthService::getDefaultRootId());
}
}
}
}
AJXP_Utils::parseApplicationGetParameters($_GET, $START_PARAMETERS, $_SESSION);
$confErrors = ConfService::getErrors();
if (count($confErrors)) {
$START_PARAMETERS["ALERT"] = implode(", ", array_values($confErrors));
}
// PRECOMPUTE BOOT CONF
if (!preg_match('/MSIE 7/', $_SERVER['HTTP_USER_AGENT']) && !preg_match('/MSIE 8/', $_SERVER['HTTP_USER_AGENT'])) {
$preloadedBootConf = $this->computeBootConf();
AJXP_Controller::applyHook("loader.filter_boot_conf", array(&$preloadedBootConf));
$START_PARAMETERS["PRELOADED_BOOT_CONF"] = $preloadedBootConf;
}
// PRECOMPUTE REGISTRY
if (!isset($START_PARAMETERS["FORCE_REGISTRY_RELOAD"])) {
$clone = ConfService::getFilteredXMLRegistry(true, true);
$clonePath = new DOMXPath($clone);
$serverCallbacks = $clonePath->query("//serverCallback|hooks");
foreach ($serverCallbacks as $callback) {
$callback->parentNode->removeChild($callback);
}
$START_PARAMETERS["PRELOADED_REGISTRY"] = AJXP_XMLWriter::replaceAjxpXmlKeywords($clone->saveXML());
}
$JSON_START_PARAMETERS = json_encode($START_PARAMETERS);
$crtTheme = $this->pluginConf["GUI_THEME"];
$additionalFrameworks = $this->getFilteredOption("JS_RESOURCES_BEFORE");
$ADDITIONAL_FRAMEWORKS = "";
if (!empty($additionalFrameworks)) {
$frameworkList = explode(",", $additionalFrameworks);
foreach ($frameworkList as $index => $framework) {
$frameworkList[$index] = '<script language="javascript" type="text/javascript" src="' . $framework . '"></script>' . "\n";
}
$ADDITIONAL_FRAMEWORKS = implode("", $frameworkList);
}
if (ConfService::getConf("JS_DEBUG")) {
if (!isset($mess)) {
$mess = ConfService::getMessages();
}
if (is_file(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui_debug.html")) {
include AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui_debug.html";
} else {
include AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/html/gui_debug.html";
}
} else {
if (is_file(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui.html")) {
$content = file_get_contents(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui.html");
} else {
$content = file_get_contents(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/html/gui.html");
}
if (preg_match('/MSIE 7/', $_SERVER['HTTP_USER_AGENT'])) {
$ADDITIONAL_FRAMEWORKS = "";
}
$content = str_replace("AJXP_ADDITIONAL_JS_FRAMEWORKS", $ADDITIONAL_FRAMEWORKS, $content);
$content = AJXP_XMLWriter::replaceAjxpXmlKeywords($content, false);
$content = str_replace("AJXP_REBASE", isset($START_PARAMETERS["REBASE"]) ? '<base href="' . $START_PARAMETERS["REBASE"] . '"/>' : "", $content);
if ($JSON_START_PARAMETERS) {
$content = str_replace("//AJXP_JSON_START_PARAMETERS", "startParameters = " . $JSON_START_PARAMETERS . ";", $content);
}
print $content;
}
break;
//------------------------------------
// GET CONFIG FOR BOOT
//------------------------------------
//------------------------------------
// GET CONFIG FOR BOOT
//------------------------------------
case "get_boot_conf":
$out = array();
AJXP_Utils::parseApplicationGetParameters($_GET, $out, $_SESSION);
$config = $this->computeBootConf();
header("Content-type:application/json;charset=UTF-8");
print json_encode($config);
break;
default:
break;
}
return false;
}
public function clearExpiredFiles($currentUser = true)
{
if ($currentUser) {
$loggedUser = AuthService::getLoggedUser();
$userId = $loggedUser->getId();
$originalUser = null;
} else {
$originalUser = AuthService::getLoggedUser()->getId();
$userId = null;
}
$deleted = array();
$switchBackToOriginal = false;
$publicLets = $this->getShareStore()->listShares($currentUser ? $userId : '');
foreach ($publicLets as $hash => $publicletData) {
if ($publicletData === false) {
continue;
}
if ($currentUser && (!isset($publicletData["OWNER_ID"]) || $publicletData["OWNER_ID"] != $userId)) {
continue;
}
if (isset($publicletData["EXPIRE_TIME"]) && is_numeric($publicletData["EXPIRE_TIME"]) && $publicletData["EXPIRE_TIME"] > 0 && $publicletData["EXPIRE_TIME"] < time() || isset($publicletData["DOWNLOAD_LIMIT"]) && $publicletData["DOWNLOAD_LIMIT"] > 0 && $publicletData["DOWNLOAD_LIMIT"] <= $publicletData["DOWNLOAD_COUNT"]) {
if (!$currentUser) {
$switchBackToOriginal = true;
}
$this->deleteExpiredPubliclet($hash, $publicletData);
$deleted[] = $publicletData["FILE_PATH"];
}
}
if ($switchBackToOriginal) {
AuthService::logUser($originalUser, "", true);
}
return $deleted;
}
public function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
$mess = ConfService::getMessages();
switch ($action) {
case "login":
if (!AuthService::usersEnabled()) {
return;
}
$rememberLogin = "";
$rememberPass = "";
$secureToken = "";
$loggedUser = null;
include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php";
if (AuthService::suspectBruteForceLogin() && (!isset($httpVars["captcha_code"]) || !CaptchaProvider::checkCaptchaResult($httpVars["captcha_code"]))) {
$loggingResult = -4;
} else {
$userId = isset($httpVars["userid"]) ? trim($httpVars["userid"]) : null;
$userPass = isset($httpVars["password"]) ? trim($httpVars["password"]) : null;
$rememberMe = isset($httpVars["remember_me"]) && $httpVars["remember_me"] == "true" ? true : false;
$cookieLogin = isset($httpVars["cookie_login"]) ? true : false;
$loggingResult = AuthService::logUser($userId, $userPass, false, $cookieLogin, $httpVars["login_seed"]);
if ($rememberMe && $loggingResult == 1) {
$rememberLogin = "******";
$rememberPass = "******";
$loggedUser = AuthService::getLoggedUser();
}
if ($loggingResult == 1) {
session_regenerate_id(true);
$secureToken = AuthService::generateSecureToken();
}
if ($loggingResult < 1 && AuthService::suspectBruteForceLogin()) {
$loggingResult = -4;
// Force captcha reload
}
}
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser != null) {
$force = $loggedUser->mergedRole->filterParameterValue("core.conf", "DEFAULT_START_REPOSITORY", AJXP_REPO_SCOPE_ALL, -1);
$passId = -1;
if (isset($httpVars["tmp_repository_id"])) {
$passId = $httpVars["tmp_repository_id"];
} else {
if ($force != "" && $loggedUser->canSwitchTo($force) && !isset($httpVars["tmp_repository_id"]) && !isset($_SESSION["PENDING_REPOSITORY_ID"])) {
$passId = $force;
}
}
$res = ConfService::switchUserToActiveRepository($loggedUser, $passId);
if (!$res) {
AuthService::disconnect();
$loggingResult = -3;
}
}
if ($loggedUser != null && (AuthService::hasRememberCookie() || isset($rememberMe) && $rememberMe == true)) {
AuthService::refreshRememberCookie($loggedUser);
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult($loggingResult, $rememberLogin, $rememberPass, $secureToken);
AJXP_XMLWriter::close();
break;
//------------------------------------
// CHANGE USER PASSWORD
//------------------------------------
//------------------------------------
// CHANGE USER PASSWORD
//------------------------------------
case "pass_change":
$userObject = AuthService::getLoggedUser();
if ($userObject == null || $userObject->getId() == "guest") {
header("Content-Type:text/plain");
print "SUCCESS";
break;
}
$oldPass = $httpVars["old_pass"];
$newPass = $httpVars["new_pass"];
$passSeed = $httpVars["pass_seed"];
if (strlen($newPass) < ConfService::getCoreConf("PASSWORD_MINLENGTH", "auth")) {
header("Content-Type:text/plain");
print "PASS_ERROR";
break;
}
if (AuthService::checkPassword($userObject->getId(), $oldPass, false, $passSeed)) {
AuthService::updatePassword($userObject->getId(), $newPass);
if ($userObject->getLock() == "pass_change") {
$userObject->removeLock();
$userObject->save("superuser");
}
} else {
header("Content-Type:text/plain");
print "PASS_ERROR";
break;
}
header("Content-Type:text/plain");
print "SUCCESS";
break;
case "logout":
AuthService::disconnect();
$loggingResult = 2;
session_destroy();
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult($loggingResult, null, null, null);
AJXP_XMLWriter::close();
break;
case "get_seed":
$seed = AuthService::generateSeed();
if (AuthService::suspectBruteForceLogin()) {
HTMLWriter::charsetHeader('application/json');
print json_encode(array("seed" => $seed, "captcha" => true));
} else {
HTMLWriter::charsetHeader("text/plain");
print $seed;
}
//exit(0);
break;
case "get_secure_token":
HTMLWriter::charsetHeader("text/plain");
print AuthService::generateSecureToken();
//exit(0);
break;
case "get_captcha":
include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php";
CaptchaProvider::sendCaptcha();
//exit(0) ;
break;
case "back":
AJXP_XMLWriter::header("url");
echo AuthService::getLogoutAddress(false);
AJXP_XMLWriter::close("url");
//exit(1);
break;
default:
break;
}
return "";
}
function tryToLogUser(&$httpVars, $isLast = false)
{
$checkNonce = $this->pluginConf["CHECK_NONCE"] === true;
$token = $this->detectVar($httpVars, "cyphered_token");
$tokenInc = $this->detectVar($httpVars, "cyphered_token_inc");
if (empty($token) || $checkNonce && empty($tokenInc)) {
return false;
}
if (!$checkNonce) {
$decoded = $this->decrypt($this->pluginConf["PRIVATE_KEY"], $token);
} else {
$decoded = $this->decrypt($this->pluginConf["PRIVATE_KEY"] . ":" . $tokenInc, $token);
}
if ($decoded == null) {
return false;
}
$data = unserialize($decoded);
if (empty($data) || !is_array($data) || !isset($data["user_id"]) || !isset($data["user_pwd"])) {
$this->logDebug(__FUNCTION__, "Cyphered Token found but wrong deserizalized data");
return false;
}
if (AuthService::getLoggedUser() != null) {
$currentUser = AuthService::getLoggedUser()->getId();
if ($currentUser != $data["user_id"]) {
AuthService::disconnect();
}
}
$this->logDebug(__FUNCTION__, "Trying to log user " . $data["user_id"] . " from cyphered token");
$userId = $data["user_id"];
if ($checkNonce) {
$keys = $this->getLastKeys();
$lastInc = 0;
if (isset($keys[$userId])) {
$lastInc = $keys[$userId];
}
if ($tokenInc <= $lastInc) {
$this->logDebug(__FUNCTION__, "Key was already used for this user id");
return false;
}
}
$res = AuthService::logUser($data["user_id"], $data["user_pwd"], false, false, -1);
if ($res > 0) {
$this->logDebug(__FUNCTION__, "Success");
if ($checkNonce) {
$keys[$userId] = $tokenInc;
$this->storeLastKeys($keys);
}
$loggedUser = AuthService::getLoggedUser();
$force = $loggedUser->mergedRole->filterParameterValue("core.conf", "DEFAULT_START_REPOSITORY", AJXP_REPO_SCOPE_ALL, -1);
$passId = -1;
if (isset($httpVars["tmp_repository_id"])) {
$passId = $httpVars["tmp_repository_id"];
} else {
if ($force != "" && $loggedUser->canSwitchTo($force) && !isset($httpVars["tmp_repository_id"]) && !isset($_SESSION["PENDING_REPOSITORY_ID"])) {
$passId = $force;
}
}
ConfService::switchUserToActiveRepository($loggedUser, $passId);
return true;
}
$this->logDebug(__FUNCTION__, "Wrong result " . $res);
return false;
}
/**
* Log the user from its credentials
* @static
* @param string $user_id The user id
* @param string $pwd The password
* @param bool $bypass_pwd Ignore password or not
* @param bool $cookieLogin Is it a logging from the remember me cookie?
* @param string $returnSeed The unique seed
* @return int
*/
static function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "")
{
$user_id = self::filterUserSensitivity($user_id);
if ($cookieLogin && !isset($_COOKIE["AjaXplorer-remember"])) {
return -5;
// SILENT IGNORE
}
if ($cookieLogin) {
list($user_id, $pwd) = explode(":", $_COOKIE["AjaXplorer-remember"]);
}
$confDriver = ConfService::getConfStorageImpl();
if ($user_id == null) {
if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) {
return 1;
}
if (ConfService::getCoreConf("ALLOW_GUEST_BROWSING", "auth")) {
$authDriver = ConfService::getAuthDriverImpl();
if (!$authDriver->userExists("guest")) {
AuthService::createUser("guest", "");
$guest = $confDriver->createUserObject("guest");
$guest->save("superuser");
}
AuthService::logUser("guest", null);
return 1;
}
return 0;
}
$authDriver = ConfService::getAuthDriverImpl();
// CHECK USER PASSWORD HERE!
$loginAttempt = AuthService::getBruteForceLoginArray();
$bruteForceLogin = AuthService::checkBruteForceLogin($loginAttempt);
AuthService::setBruteForceLoginArray($loginAttempt);
if (!$authDriver->userExists($user_id)) {
if ($bruteForceLogin === FALSE) {
return -4;
} else {
return 0;
}
}
if (!$bypass_pwd) {
if (!AuthService::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) {
if ($bruteForceLogin === FALSE) {
return -4;
} else {
if ($cookieLogin) {
return -5;
}
return -1;
}
}
}
// Successful login attempt
unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]);
AuthService::setBruteForceLoginArray($loginAttempt);
// Setting session credentials if asked in config
if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) {
list($authId, $authPwd) = $authDriver->filterCredentials($user_id, $pwd);
AJXP_Safe::storeCredentials($authId, $authPwd);
}
$user = $confDriver->createUserObject($user_id);
if ($authDriver->isAjxpAdmin($user_id)) {
$user->setAdmin(true);
}
if ($user->isAdmin()) {
$user = AuthService::updateAdminRights($user);
} else {
if (!$user->hasParent() && $user_id != "guest") {
//$user->setRight("ajxp_shared", "rw");
}
}
$_SESSION["AJXP_USER"] = $user;
if ($authDriver->autoCreateUser() && !$user->storageExists()) {
$user->save("superuser");
// make sure update rights now
}
AJXP_Logger::logAction("Log In");
return 1;
}
$outputArray = array();
$testedParams = array();
$passed = true;
//if(!is_file(TESTS_RESULT_FILE)){
// $passed = AJXP_Utils::runTests($outputArray, $testedParams);
// if(!$passed && !isset($_GET["ignore_tests"])){
// die(AJXP_Utils::testResultsToTable($outputArray, $testedParams));
// }else{
// AJXP_Utils::testResultsToFile($outputArray, $testedParams);
// }
//}
$START_PARAMETERS = array("BOOTER_URL" => "cf_ajaxplorer_content.php?get_action=get_boot_conf", "MAIN_ELEMENT" => "ajxp_desktop", "SERVER_PREFIX_URI" => "../lib/ajaxplorer/");
if (AuthService::usersEnabled()) {
AuthService::preLogUser(isset($_GET["remote_session"]) ? $_GET["remote_session"] : "");
AuthService::bootSequence($START_PARAMETERS);
if (AuthService::getLoggedUser() != null || AuthService::logUser(null, null) == 1) {
$loggedUser = AuthService::getLoggedUser();
if (!$loggedUser->canRead(ConfService::getCurrentRootDirIndex()) && AuthService::getDefaultRootId() != ConfService::getCurrentRootDirIndex()) {
ConfService::switchRootDir(AuthService::getDefaultRootId());
}
}
}
AJXP_Utils::parseApplicationGetParameters($_GET, $START_PARAMETERS, $_SESSION);
$JSON_START_PARAMETERS = json_encode($START_PARAMETERS);
if (ConfService::getConf("JS_DEBUG")) {
$mess = ConfService::getMessages();
include_once INSTALL_PATH . "/" . CLIENT_RESOURCES_FOLDER . "/html/gui_debug.html";
} else {
$content = file_get_contents(CAMILA_DIR . '/templates/ajaxplorer_gui.html');
$content = AJXP_XMLWriter::replaceAjxpXmlKeywords($content, false);
if ($JSON_START_PARAMETERS) {
function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
if (preg_match('/MSIE 7/', $_SERVER['HTTP_USER_AGENT']) || preg_match('/MSIE 8/', $_SERVER['HTTP_USER_AGENT'])) {
// Force legacy theme for the moment
$this->pluginConf["GUI_THEME"] = "oxygen";
}
if (!defined("AJXP_THEME_FOLDER")) {
define("CLIENT_RESOURCES_FOLDER", AJXP_PLUGINS_FOLDER . "/gui.ajax/res");
define("AJXP_THEME_FOLDER", CLIENT_RESOURCES_FOLDER . "/themes/" . $this->pluginConf["GUI_THEME"]);
}
foreach ($httpVars as $getName => $getValue) {
${$getName} = AJXP_Utils::securePath($getValue);
}
if (isset($dir) && $action != "upload") {
$dir = SystemTextEncoding::fromUTF8($dir);
}
$mess = ConfService::getMessages();
switch ($action) {
//------------------------------------
// GET AN HTML TEMPLATE
//------------------------------------
case "get_template":
HTMLWriter::charsetHeader();
$folder = CLIENT_RESOURCES_FOLDER . "/html";
if (isset($httpVars["pluginName"])) {
$folder = AJXP_INSTALL_PATH . "/" . AJXP_PLUGINS_FOLDER . "/" . AJXP_Utils::securePath($httpVars["pluginName"]);
if (isset($httpVars["pluginPath"])) {
$folder .= "/" . AJXP_Utils::securePath($httpVars["pluginPath"]);
}
}
$crtTheme = $this->pluginConf["GUI_THEME"];
$thFolder = AJXP_THEME_FOLDER . "/html";
if (isset($template_name)) {
if (is_file($thFolder . "/" . $template_name)) {
include $thFolder . "/" . $template_name;
} else {
if (is_file($folder . "/" . $template_name)) {
include $folder . "/" . $template_name;
}
}
}
break;
//------------------------------------
// GET I18N MESSAGES
//------------------------------------
//------------------------------------
// GET I18N MESSAGES
//------------------------------------
case "get_i18n_messages":
$refresh = false;
if (isset($httpVars["lang"])) {
ConfService::setLanguage($httpVars["lang"]);
$refresh = true;
}
HTMLWriter::charsetHeader('text/javascript');
HTMLWriter::writeI18nMessagesClass(ConfService::getMessages($refresh));
break;
//------------------------------------
// SEND XML REGISTRY
//------------------------------------
//------------------------------------
// SEND XML REGISTRY
//------------------------------------
case "get_xml_registry":
$regDoc = AJXP_PluginsService::getXmlRegistry();
$changes = AJXP_Controller::filterActionsRegistry($regDoc);
if ($changes) {
AJXP_PluginsService::updateXmlRegistry($regDoc);
}
if (isset($_GET["xPath"])) {
$regPath = new DOMXPath($regDoc);
$nodes = $regPath->query($_GET["xPath"]);
AJXP_XMLWriter::header("ajxp_registry_part", array("xPath" => $_GET["xPath"]));
if ($nodes->length) {
print AJXP_XMLWriter::replaceAjxpXmlKeywords($regDoc->saveXML($nodes->item(0)));
}
AJXP_XMLWriter::close("ajxp_registry_part");
} else {
AJXP_Utils::safeIniSet("zlib.output_compression", "4096");
header('Content-Type: application/xml; charset=UTF-8');
print AJXP_XMLWriter::replaceAjxpXmlKeywords($regDoc->saveXML());
}
break;
//------------------------------------
// DISPLAY DOC
//------------------------------------
//------------------------------------
// DISPLAY DOC
//------------------------------------
case "display_doc":
HTMLWriter::charsetHeader();
echo HTMLWriter::getDocFile(AJXP_Utils::securePath(htmlentities($_GET["doc_file"])));
break;
//------------------------------------
// GET BOOT GUI
//------------------------------------
//------------------------------------
// GET BOOT GUI
//------------------------------------
case "get_boot_gui":
header("X-UA-Compatible: chrome=1");
HTMLWriter::charsetHeader();
if (!is_file(TESTS_RESULT_FILE)) {
$outputArray = array();
$testedParams = array();
$passed = AJXP_Utils::runTests($outputArray, $testedParams);
if (!$passed && !isset($_GET["ignore_tests"])) {
die(AJXP_Utils::testResultsToTable($outputArray, $testedParams));
} else {
AJXP_Utils::testResultsToFile($outputArray, $testedParams);
}
}
$START_PARAMETERS = array("BOOTER_URL" => "index.php?get_action=get_boot_conf", "MAIN_ELEMENT" => "ajxp_desktop");
if (AuthService::usersEnabled()) {
AuthService::preLogUser(isset($httpVars["remote_session"]) ? $httpVars["remote_session"] : "");
AuthService::bootSequence($START_PARAMETERS);
if (AuthService::getLoggedUser() != null || AuthService::logUser(null, null) == 1) {
if (AuthService::getDefaultRootId() == -1) {
AuthService::disconnect();
} else {
$loggedUser = AuthService::getLoggedUser();
if (!$loggedUser->canRead(ConfService::getCurrentRootDirIndex()) && AuthService::getDefaultRootId() != ConfService::getCurrentRootDirIndex()) {
ConfService::switchRootDir(AuthService::getDefaultRootId());
}
}
}
}
AJXP_Utils::parseApplicationGetParameters($_GET, $START_PARAMETERS, $_SESSION);
$confErrors = ConfService::getErrors();
if (count($confErrors)) {
$START_PARAMETERS["ALERT"] = implode(", ", array_values($confErrors));
}
$JSON_START_PARAMETERS = json_encode($START_PARAMETERS);
$crtTheme = $this->pluginConf["GUI_THEME"];
if (ConfService::getConf("JS_DEBUG")) {
if (!isset($mess)) {
$mess = ConfService::getMessages();
}
if (is_file(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui_debug.html")) {
include AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui_debug.html";
} else {
include AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/html/gui_debug.html";
}
} else {
if (is_file(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui.html")) {
$content = file_get_contents(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui.html");
} else {
$content = file_get_contents(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/html/gui.html");
}
if (preg_match('/MSIE 7/', $_SERVER['HTTP_USER_AGENT']) || preg_match('/MSIE 8/', $_SERVER['HTTP_USER_AGENT'])) {
$content = str_replace("ajaxplorer_boot.js", "ajaxplorer_boot_protolegacy.js", $content);
}
$content = AJXP_XMLWriter::replaceAjxpXmlKeywords($content, false);
if ($JSON_START_PARAMETERS) {
$content = str_replace("//AJXP_JSON_START_PARAMETERS", "startParameters = " . $JSON_START_PARAMETERS . ";", $content);
}
print $content;
}
break;
//------------------------------------
// GET CONFIG FOR BOOT
//------------------------------------
//------------------------------------
// GET CONFIG FOR BOOT
//------------------------------------
case "get_boot_conf":
if (isset($_GET["server_prefix_uri"])) {
$_SESSION["AJXP_SERVER_PREFIX_URI"] = $_GET["server_prefix_uri"];
}
$config = array();
$config["ajxpResourcesFolder"] = "plugins/gui.ajax/res";
$config["ajxpServerAccess"] = AJXP_SERVER_ACCESS;
$config["zipEnabled"] = ConfService::zipEnabled();
$config["multipleFilesDownloadEnabled"] = ConfService::getCoreConf("ZIP_CREATION");
$config["customWording"] = array("welcomeMessage" => $this->pluginConf["CUSTOM_WELCOME_MESSAGE"], "title" => ConfService::getCoreConf("APPLICATION_TITLE"), "icon" => $this->pluginConf["CUSTOM_ICON"], "iconWidth" => $this->pluginConf["CUSTOM_ICON_WIDTH"], "iconHeight" => $this->pluginConf["CUSTOM_ICON_HEIGHT"], "iconOnly" => $this->pluginConf["CUSTOM_ICON_ONLY"], "titleFontSize" => $this->pluginConf["CUSTOM_FONT_SIZE"]);
$config["usersEnabled"] = AuthService::usersEnabled();
$config["loggedUser"] = AuthService::getLoggedUser() != null;
$config["currentLanguage"] = ConfService::getLanguage();
$config["session_timeout"] = intval(ini_get("session.gc_maxlifetime"));
if (!isset($this->pluginConf["CLIENT_TIMEOUT_TIME"]) || $this->pluginConf["CLIENT_TIMEOUT_TIME"] == "") {
$to = $config["session_timeout"];
} else {
$to = $this->pluginConf["CLIENT_TIMEOUT_TIME"];
}
$config["client_timeout"] = $to;
$config["client_timeout_warning"] = $this->pluginConf["CLIENT_TIMEOUT_WARN"];
$config["availableLanguages"] = ConfService::getConf("AVAILABLE_LANG");
$config["usersEditable"] = ConfService::getAuthDriverImpl()->usersEditable();
$config["ajxpVersion"] = AJXP_VERSION;
$config["ajxpVersionDate"] = AJXP_VERSION_DATE;
if (stristr($_SERVER["HTTP_USER_AGENT"], "msie 6")) {
$config["cssResources"] = array("css/pngHack/pngHack.css");
}
if (!empty($this->pluginConf['GOOGLE_ANALYTICS_ID'])) {
$config["googleAnalyticsData"] = array("id" => $this->pluginConf['GOOGLE_ANALYTICS_ID'], "domain" => $this->pluginConf['GOOGLE_ANALYTICS_DOMAIN'], "event" => $this->pluginConf['GOOGLE_ANALYTICS_EVENT']);
}
$config["i18nMessages"] = ConfService::getMessages();
$config["password_min_length"] = ConfService::getCoreConf("PASSWORD_MINLENGTH", "auth");
$config["SECURE_TOKEN"] = AuthService::generateSecureToken();
$config["streaming_supported"] = "true";
$config["theme"] = $this->pluginConf["GUI_THEME"];
header("Content-type:application/json;charset=UTF-8");
print json_encode($config);
break;
default:
break;
}
return false;
}
public static function loadMinisite($data)
{
$repository = $data["REPOSITORY"];
AJXP_PluginsService::getInstance()->initActivePlugins();
$shareCenter = AJXP_PluginsService::findPlugin("action", "share");
$confs = $shareCenter->getConfigs();
$minisiteLogo = "plugins/gui.ajax/PydioLogo250.png";
if (isset($confs["CUSTOM_MINISITE_LOGO"])) {
$logoPath = $confs["CUSTOM_MINISITE_LOGO"];
if (strpos($logoPath, "plugins/") === 0 && is_file(AJXP_INSTALL_PATH . "/" . $logoPath)) {
$minisiteLogo = $logoPath;
} else {
$minisiteLogo = "index_shared.php?get_action=get_global_binary_param&binary_id=" . $logoPath;
}
}
// UPDATE TEMPLATE
$html = file_get_contents(AJXP_INSTALL_PATH . "/" . AJXP_PLUGINS_FOLDER . "/action.share/res/minisite.php");
AJXP_Controller::applyHook("tpl.filter_html", array(&$html));
$html = AJXP_XMLWriter::replaceAjxpXmlKeywords($html);
$html = str_replace("AJXP_MINISITE_LOGO", $minisiteLogo, $html);
$html = str_replace("AJXP_APPLICATION_TITLE", ConfService::getCoreConf("APPLICATION_TITLE"), $html);
$html = str_replace("PYDIO_APP_TITLE", ConfService::getCoreConf("APPLICATION_TITLE"), $html);
$html = str_replace("AJXP_START_REPOSITORY", $repository, $html);
$html = str_replace("AJXP_REPOSITORY_LABEL", ConfService::getRepositoryById($repository)->getDisplay(), $html);
session_name("AjaXplorer_Shared");
session_start();
if (!empty($data["PRELOG_USER"])) {
AuthService::logUser($data["PRELOG_USER"], "", true);
$html = str_replace("AJXP_PRELOGED_USER", "ajxp_preloged_user", $html);
} else {
$_SESSION["PENDING_REPOSITORY_ID"] = $repository;
$_SESSION["PENDING_FOLDER"] = "/";
$html = str_replace("AJXP_PRELOGED_USER", "", $html);
}
if (isset($_GET["lang"])) {
$loggedUser =& AuthService::getLoggedUser();
if ($loggedUser != null) {
$loggedUser->setPref("lang", $_GET["lang"]);
} else {
setcookie("AJXP_lang", $_GET["lang"]);
}
}
if (!empty($data["AJXP_APPLICATION_BASE"])) {
$tPath = $data["AJXP_APPLICATION_BASE"];
} else {
$tPath = !empty($data["TRAVEL_PATH_TO_ROOT"]) ? $data["TRAVEL_PATH_TO_ROOT"] : "../..";
}
$html = str_replace("AJXP_PATH_TO_ROOT", rtrim($tPath, "/") . "/", $html);
HTMLWriter::internetExplorerMainDocumentHeader();
HTMLWriter::charsetHeader();
echo $html;
}
function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "")
{
$confDriver = ConfService::getConfStorageImpl();
if ($user_id == null) {
if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) {
return 1;
}
if (ALLOW_GUEST_BROWSING) {
$authDriver = ConfService::getAuthDriverImpl();
if (!$authDriver->userExists("guest")) {
AuthService::createUser("guest", "");
$guest = $confDriver->createUserObject("guest");
$guest->save();
}
AuthService::logUser("guest", null);
return 1;
}
return 0;
}
$authDriver = ConfService::getAuthDriverImpl();
// CHECK USER PASSWORD HERE!
$loginAttempt = AuthService::getBruteForceLoginArray();
$bruteForceLogin = AuthService::checkBruteForceLogin($loginAttempt);
AuthService::setBruteForceLoginArray($loginAttempt);
if ($bruteForceLogin === FALSE) {
return -1;
}
if (!$authDriver->userExists($user_id)) {
return 0;
}
if (!$bypass_pwd) {
if (!AuthService::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) {
return -1;
}
}
// Successful login attempt
unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]);
AuthService::setBruteForceLoginArray($loginAttempt);
$user = $confDriver->createUserObject($user_id);
if ($authDriver->isAjxpAdmin($user_id)) {
$user->setAdmin(true);
}
if ($user->isAdmin()) {
$user = AuthService::updateAdminRights($user);
}
$_SESSION["AJXP_USER"] = $user;
if ($authDriver->autoCreateUser() && !$user->storageExists()) {
$user->save();
}
AJXP_Logger::logAction("Log In");
return 1;
}
public function switchAction($action, $httpVars, $filesVars)
{
if (!isset($this->actions[$action])) {
return false;
}
$repository = ConfService::getRepositoryById($httpVars["repository_id"]);
if (!$repository->detectStreamWrapper(true)) {
return false;
}
if (AuthService::usersEnabled()) {
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser === null && ConfService::getCoreConf("ALLOW_GUEST_BROWSING", "auth")) {
AuthService::logUser("guest", null);
$loggedUser = AuthService::getLoggedUser();
}
if (!$loggedUser->canSwitchTo($repository->getId())) {
echo "You do not have permissions to access this resource";
return false;
}
}
$streamData = $repository->streamData;
$destStreamURL = $streamData["protocol"] . "://" . $repository->getId();
if ($action == "open_file") {
$file = AJXP_Utils::decodeSecureMagic($httpVars["file"]);
if (!file_exists($destStreamURL . $file)) {
echo "File does not exist";
return false;
}
$filesize = filesize($destStreamURL . $file);
$fp = fopen($destStreamURL . $file, "rb");
//Get mimetype with fileinfo PECL extension
if (class_exists("finfo")) {
$finfo = new finfo(FILEINFO_MIME);
$fileMime = $finfo->buffer(fread($fp, 100));
} elseif (function_exists("mime_content_type")) {
$fileMime = @mime_content_type($fp);
} else {
$fileExt = substr(strrchr(basename($file), '.'), 1);
if (empty($fileExt)) {
$fileMime = "application/octet-stream";
} else {
$regex = "/^([\\w\\+\\-\\.\\/]+)\\s+(\\w+\\s)*({$fileExt}\\s)/i";
$lines = file($this->getBaseDir() . "/resources/other/mime.types");
foreach ($lines as $line) {
if (substr($line, 0, 1) == '#') {
continue;
}
// skip comments
$line = rtrim($line) . " ";
if (!preg_match($regex, $line, $matches)) {
continue;
}
// no match to the extension
$fileMime = $matches[1];
}
}
}
fclose($fp);
// If still no mimetype, give up and serve application/octet-stream
if (empty($fileMime)) {
$fileMime = "application/octet-stream";
}
//Send headers
HTMLWriter::generateInlineHeaders(basename($file), $filesize, $fileMime);
$class = $streamData["classname"];
$stream = fopen("php://output", "a");
call_user_func(array($streamData["classname"], "copyFileInStream"), $destStreamURL . $file, $stream);
fflush($stream);
fclose($stream);
exit(1);
}
}
