예제 #1
0
 /**
  * @brief Display messages about installation environment
  */
 function dispInstallCheckEnv()
 {
     // Create a temporary file for mod_rewrite check.
     self::$rewriteCheckString = Password::createSecureSalt(32);
     FileHandler::writeFile(_XE_PATH_ . self::$rewriteCheckFilePath, self::$rewriteCheckString);
     // Check if the web server is nginx.
     Context::set('use_nginx', stripos($_SERVER['SERVER_SOFTWARE'], 'nginx') !== false);
     $this->setTemplateFile('check_env');
 }
예제 #2
0
 function procMemberModifyEmailAddress()
 {
     if (!Context::get('is_logged')) {
         return $this->stop('msg_not_logged');
     }
     $member_info = Context::get('logged_info');
     $newEmail = Context::get('email_address');
     if (!$newEmail) {
         return $this->stop('msg_invalid_request');
     }
     $oMemberModel = getModel('member');
     // Check managed Email Host
     if ($oMemberModel->isDeniedEmailHost($newEmail)) {
         $config = $oMemberModel->getMemberConfig();
         $emailhost_check = $config->emailhost_check;
         $managed_email_host = Context::getLang('managed_email_host');
         $email_hosts = $oMemberModel->getManagedEmailHosts();
         foreach ($email_hosts as $host) {
             $hosts[] = $host->email_host;
         }
         $message = sprintf($managed_email_host[$emailhost_check], implode(', ', $hosts), 'id@' . implode(', id@', $hosts));
         return new Object(-1, $message);
     }
     // Check if the e-mail address is already registered
     $member_srl = $oMemberModel->getMemberSrlByEmailAddress($newEmail);
     if ($member_srl) {
         return new Object(-1, 'msg_exists_email_address');
     }
     if ($_SESSION['rechecked_password_step'] != 'INPUT_DATA') {
         return $this->stop('msg_invalid_request');
     }
     unset($_SESSION['rechecked_password_step']);
     $oPassword = new Password();
     $auth_args = new stdClass();
     $auth_args->user_id = $newEmail;
     $auth_args->member_srl = $member_info->member_srl;
     $auth_args->auth_key = $oPassword->createSecureSalt(40);
     $auth_args->new_password = '******';
     $oDB =& DB::getInstance();
     $oDB->begin();
     $output = executeQuery('member.insertAuthMail', $auth_args);
     if (!$output->toBool()) {
         $oDB->rollback();
         return $output;
     }
     $oModuleModel = getModel('module');
     $member_config = $oModuleModel->getModuleConfig('member');
     $tpl_path = sprintf('%sskins/%s', $this->module_path, $member_config->skin);
     if (!is_dir($tpl_path)) {
         $tpl_path = sprintf('%sskins/%s', $this->module_path, 'default');
     }
     global $lang;
     $memberInfo = array();
     $memberInfo[$lang->email_address] = $member_info->email_address;
     $memberInfo[$lang->nick_name] = $member_info->nick_name;
     Context::set('memberInfo', $memberInfo);
     Context::set('newEmail', $newEmail);
     $auth_url = getFullUrl('', 'module', 'member', 'act', 'procMemberAuthEmailAddress', 'member_srl', $member_info->member_srl, 'auth_key', $auth_args->auth_key);
     Context::set('auth_url', $auth_url);
     $oTemplate =& TemplateHandler::getInstance();
     $content = $oTemplate->compile($tpl_path, 'confirm_member_new_email');
     $oMail = new Mail();
     $oMail->setTitle(Context::getLang('title_modify_email_address'));
     $oMail->setContent($content);
     $oMail->setSender($member_config->webmaster_name ? $member_config->webmaster_name : 'webmaster', $member_config->webmaster_email);
     $oMail->setReceiptor($member_info->nick_name, $newEmail);
     $result = $oMail->send();
     $msg = sprintf(Context::getLang('msg_confirm_mail_sent'), $newEmail);
     $this->setMessage($msg);
     $returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'mid', Context::get('mid'), 'act', '');
     $this->setRedirectUrl($returnUrl);
 }
예제 #3
0
 /**
  * @brief Display messages about installation environment
  */
 function dispInstallCheckEnv()
 {
     $oInstallController = getController('install');
     self::$rewriteCheckString = Password::createSecureSalt(32);
     FileHandler::writeFile(_XE_PATH_ . self::$rewriteCheckFilePath, self::$rewriteCheckString);
     Context::set('use_rewrite', $_SESSION['use_rewrite'] = 'N');
     Context::set('use_nginx', stripos($_SERVER['SERVER_SOFTWARE'], 'nginx') !== false);
     $this->setTemplateFile('check_env');
 }
예제 #4
0
파일: vendorpass.php 프로젝트: 1Sam/rhymix
 public static function password_hash($password, $algo = 1, $options = [])
 {
     if (!isset($options['salt']) || !preg_match('/^[0-9a-zA-Z\\.\\/]{22,}$/', $options['salt'])) {
         $options['salt'] = Password::createSecureSalt(22, 'alnum');
     }
     if (!isset($options['cost']) || $options['cost'] < 4 || $options['cost'] > 31) {
         $options['cost'] = 10;
     }
     $salt = '$2y$' . sprintf('%02d', $options['cost']) . '$' . $options['salt'];
     return @crypt($password, $salt);
 }
예제 #5
0
 /**
  * Import attachment
  * @param resource $fp
  * @param int $module_srl
  * @param int $upload_target_srl
  * @param array $files
  * @return int
  */
 function importAttaches($fp, $module_srl, $upload_target_srl, &$files)
 {
     $uploaded_count = 0;
     $started = false;
     $buff = null;
     $file_obj = new stdClass();
     while (!feof($fp)) {
         $str = trim(fgets($fp, 1024));
         // If it ends with </attaches>, break
         if (trim($str) == '</attaches>') {
             break;
         }
         // If it starts with <attach>, collect attachments
         if (trim($str) == '<attach>') {
             $file_obj->file_srl = getNextSequence();
             $file_obj->upload_target_srl = $upload_target_srl;
             $file_obj->module_srl = $module_srl;
             $started = true;
             $buff = null;
             // If it starts with <file>, handle the attachement in xml file
         } else {
             if (trim($str) == '<file>') {
                 $file_obj->file = $this->saveTemporaryFile($fp);
                 continue;
             }
         }
         if ($started) {
             $buff .= $str;
         }
         // If it ends with </attach>, handle attachements
         if (trim($str) == '</attach>') {
             $xmlDoc = $this->oXmlParser->parse($buff . $str);
             $file_obj->source_filename = base64_decode($xmlDoc->attach->filename->body);
             $file_obj->download_count = base64_decode($xmlDoc->attach->download_count->body);
             if (!$file_obj->file) {
                 $url = base64_decode($xmlDoc->attach->url->body);
                 $path = base64_decode($xmlDoc->attach->path->body);
                 if ($path && file_exists($path)) {
                     $file_obj->file = $path;
                 } else {
                     $file_obj->file = $this->getTmpFilename();
                     FileHandler::getRemoteFile($url, $file_obj->file);
                 }
             }
             if (file_exists($file_obj->file)) {
                 $random = new Password();
                 // Set upload path by checking if the attachement is an image or other kind of file
                 if (preg_match("/\\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)\$/i", $file_obj->source_filename)) {
                     // Immediately remove the direct file if it has any kind of extensions for hacking
                     $file_obj->source_filename = preg_replace('/\\.(php|phtm|phar|html?|cgi|pl|exe|jsp|asp|inc)/i', '$0-x', $file_obj->source_filename);
                     $file_obj->source_filename = str_replace(array('<', '>'), array('%3C', '%3E'), $file_obj->source_filename);
                     $path = sprintf("./files/attach/images/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3));
                     $ext = substr(strrchr($file_obj->source_filename, '.'), 1);
                     $_filename = $random->createSecureSalt(32, 'hex') . '.' . $ext;
                     $filename = $path . $_filename;
                     $idx = 1;
                     while (file_exists($filename)) {
                         $filename = $path . preg_replace('/\\.([a-z0-9]+)$/i', '_' . $idx . '.$1', $_filename);
                         $idx++;
                     }
                     $file_obj->direct_download = 'Y';
                 } else {
                     $path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl, 3));
                     $filename = $path . $random->createSecureSalt(32, 'hex');
                     $file_obj->direct_download = 'N';
                 }
                 // Create a directory
                 if (!FileHandler::makeDir($path)) {
                     continue;
                 }
                 if (strncmp('./files/cache/importer/', $file_obj->file, 23) === 0) {
                     FileHandler::rename($file_obj->file, $filename);
                 } else {
                     copy($file_obj->file, $filename);
                 }
                 // Insert the file to the DB
                 unset($file_obj->file);
                 if (file_exists($filename)) {
                     $file_obj->uploaded_filename = $filename;
                     $file_obj->file_size = filesize($filename);
                     $file_obj->comment = NULL;
                     $file_obj->member_srl = 0;
                     $file_obj->sid = $random->createSecureSalt(32, 'hex');
                     $file_obj->isvalid = 'Y';
                     $output = executeQuery('file.insertFile', $file_obj);
                     if ($output->toBool()) {
                         $uploaded_count++;
                         $tmp_obj = null;
                         $tmp_obj->source_filename = $file_obj->source_filename;
                         if ($file_obj->direct_download == 'Y') {
                             $files[$file_obj->source_filename] = $file_obj->uploaded_filename;
                         } else {
                             $files[$file_obj->source_filename] = getUrl('', 'module', 'file', 'act', 'procFileDownload', 'file_srl', $file_obj->file_srl, 'sid', $file_obj->sid);
                         }
                     }
                 }
             }
         }
     }
     return $uploaded_count;
 }
예제 #6
0
 /**
  * @brief Create an IV
  * @return string
  */
 protected static function _createIV()
 {
     $oPassword = new Password();
     return $oPassword->createSecureSalt(self::ENCRYPTION_BLOCK_SIZE, 'binary');
 }
예제 #7
0
 /**
  * Move an attachement to the other document
  *
  * @param int $source_srl Sequence of target to move
  * @param int $target_module_srl New squence of module
  * @param int $target_srl New sequence of target
  * @return void
  */
 function moveFile($source_srl, $target_module_srl, $target_srl)
 {
     if ($source_srl == $target_srl) {
         return;
     }
     $oFileModel = getModel('file');
     $file_list = $oFileModel->getFiles($source_srl);
     if (!$file_list) {
         return;
     }
     $file_count = count($file_list);
     for ($i = 0; $i < $file_count; $i++) {
         unset($file_info);
         $file_info = $file_list[$i];
         $old_file = $file_info->uploaded_filename;
         // Determine the file path by checking if the file is an image or other kinds
         if (preg_match("/\\.(jpg|jpeg|gif|png|wmv|wma|mpg|mpeg|avi|swf|flv|mp1|mp2|mp3|mp4|asf|wav|asx|mid|midi|asf|mov|moov|qt|rm|ram|ra|rmm|m4v)\$/i", $file_info->source_filename)) {
             $path = sprintf("./files/attach/images/%s/%s/", $target_module_srl, $target_srl);
             $new_file = $path . $file_info->source_filename;
         } else {
             $path = sprintf("./files/attach/binaries/%s/%s/", $target_module_srl, $target_srl);
             $random = new Password();
             $new_file = $path . $random->createSecureSalt(32, 'hex');
         }
         // Pass if a target document to move is same
         if ($old_file == $new_file) {
             continue;
         }
         // Create a directory
         FileHandler::makeDir($path);
         // Move the file
         FileHandler::rename($old_file, $new_file);
         // Update DB information
         $args = new stdClass();
         $args->file_srl = $file_info->file_srl;
         $args->uploaded_filename = $new_file;
         $args->module_srl = $file_info->module_srl;
         $args->upload_target_srl = $target_srl;
         executeQuery('file.updateFile', $args);
     }
 }
예제 #8
0
 /**
  * @brief Create an IV
  * @return string
  */
 protected static function _createIV()
 {
     return hex2bin(Password::createSecureSalt(self::ENCRYPTION_BLOCK_SIZE * 2, 'hex'));
 }
예제 #9
0
                 $ext[] = strtolower(array_pop($item));
             }
             $uploaded_ext = explode('.', $filename);
             $uploaded_ext = strtolower(array_pop($uploaded_ext));
             if (!in_array($uploaded_ext, $ext)) {
                 printContent(getXmlRpcFailure(1, 'Not allowed file type'));
                 break;
             }
         }
         $allowed_filesize = $file_module_config->allowed_filesize * 1024 * 1024;
         if ($allowed_filesize < strlen($filedata)) {
             printContent(getXmlRpcFailure(1, 'This file exceeds the attachment limit'));
             break;
         }
     }
     $temp_filename = Password::createSecureSalt(12, 'alnum');
     $target_filename = sprintf('%s%s', $mediaAbsPath, $temp_filename);
     FileHandler::makeDir($mediaAbsPath);
     FileHandler::writeFile($target_filename, $filedata);
     FileHandler::writeFile($target_filename . '_source_filename', $filename);
     $obj = new stdClass();
     $obj->url = Context::getRequestUri() . $mediaPath . $temp_filename;
     $content = getXmlRpcResponse($obj);
     printContent($content);
     break;
     // Get posts
 // Get posts
 case 'metaWeblog.getPost':
     $document_srl = (string) $params[0]->value->string;
     if (!$document_srl) {
         printContent(getXmlRpcFailure(1, 'no permission'));
예제 #10
0
 /**
  * Convert previous configuration files to the current format and return it.
  * 
  * @return array
  */
 public static function convert()
 {
     // Load DB info file.
     if (file_exists(RX_BASEDIR . Config::$old_db_config_filename)) {
         include RX_BASEDIR . Config::$old_db_config_filename;
     } else {
         return array();
     }
     // Load FTP info file.
     if (file_exists(RX_BASEDIR . Config::$old_ftp_config_filename)) {
         include RX_BASEDIR . Config::$old_ftp_config_filename;
     }
     // Load selected language file.
     if (file_exists(RX_BASEDIR . Config::$old_lang_config_filename)) {
         $lang_selected = array();
         $lang_selected_raw = file_get_contents(RX_BASEDIR . Config::$old_lang_config_filename);
         $lang_selected_raw = array_map('trim', explode("\n", $lang_selected_raw));
         foreach ($lang_selected_raw as $lang_selected_item) {
             $lang_selected_item = array_map('trim', explode(',', $lang_selected_item));
             if (count($lang_selected_item) && $lang_selected_item[0] !== '') {
                 $lang_selected_item[0] = $lang_selected_item[0] === 'jp' ? 'ja' : $lang_selected_item[0];
                 $lang_selected[] = $lang_selected_item[0];
             }
         }
         $lang_selected = array_unique($lang_selected);
         unset($lang_selected_raw, $lang_selected_item);
     } else {
         $lang_selected = \Context::getLangType() === 'jp' ? 'ja' : \Context::getLangType();
         $lang_selected = array($lang_selected);
     }
     // Load defaults for the new configuration.
     $config = (include RX_BASEDIR . Config::$default_config_filename);
     // Convert database configuration.
     if (!isset($db_info->master_db)) {
         $db_info->master_db = array();
         $db_info->master_db['db_type'] = $db_info->db_type;
         $db_info->master_db['db_hostname'] = $db_info->db_hostname;
         $db_info->master_db['db_port'] = $db_info->db_port;
         $db_info->master_db['db_userid'] = $db_info->db_userid;
         $db_info->master_db['db_password'] = $db_info->db_password;
         $db_info->master_db['db_database'] = $db_info->db_database;
         $db_info->master_db['db_table_prefix'] = $db_info->db_table_prefix;
     }
     $config['db']['master']['type'] = strtolower($db_info->master_db['db_type']);
     $config['db']['master']['host'] = $db_info->master_db['db_hostname'];
     $config['db']['master']['port'] = $db_info->master_db['db_port'];
     $config['db']['master']['user'] = $db_info->master_db['db_userid'];
     $config['db']['master']['pass'] = $db_info->master_db['db_password'];
     $config['db']['master']['database'] = $db_info->master_db['db_database'];
     $config['db']['master']['prefix'] = $db_info->master_db['db_table_prefix'];
     if (substr($config['db']['master']['prefix'], -1) !== '_') {
         $config['db']['master']['prefix'] .= '_';
     }
     $config['db']['master']['charset'] = $db_info->master_db['db_charset'] ?: 'utf8';
     if (strpos($config['db']['master']['type'], 'innodb') !== false) {
         $config['db']['master']['type'] = str_replace('_innodb', '', $config['db']['master']['type']);
         $config['db']['master']['engine'] = 'innodb';
     } elseif (strpos($config['db']['master']['type'], 'mysql') !== false) {
         $config['db']['master']['engine'] = 'myisam';
     }
     if (isset($db_info->slave_db) && count($db_info->slave_db)) {
         foreach ($db_info->slave_db as $slave_id => $slave_db) {
             if ($slave_db !== $db_info->master_db) {
                 $slave_id = 'slave' . $slave_id;
                 $config['db'][$slave_id]['type'] = strtolower($slave_db['db_type']);
                 $config['db'][$slave_id]['host'] = $slave_db['db_hostname'];
                 $config['db'][$slave_id]['port'] = $slave_db['db_type'];
                 $config['db'][$slave_id]['user'] = $slave_db['db_userid'];
                 $config['db'][$slave_id]['pass'] = $slave_db['db_password'];
                 $config['db'][$slave_id]['database'] = $slave_db['db_database'];
                 $config['db'][$slave_id]['prefix'] = $slave_db['db_table_prefix'];
                 if (substr($config['db'][$slave_id]['prefix'], -1) !== '_') {
                     $config['db'][$slave_id]['prefix'] .= '_';
                 }
                 $config['db'][$slave_id]['charset'] = $slave_db['db_charset'] ?: 'utf8';
                 if (strpos($config['db'][$slave_id]['type'], 'innodb') !== false) {
                     $config['db'][$slave_id]['type'] = str_replace('_innodb', '', $config['db'][$slave_id]['type']);
                     $config['db'][$slave_id]['engine'] = 'innodb';
                 } elseif (strpos($config['db'][$slave_id]['type'], 'mysql') !== false) {
                     $config['db'][$slave_id]['engine'] = 'myisam';
                 }
             }
         }
     }
     // Convert cache configuration.
     if (isset($db_info->use_object_cache)) {
         $config['cache'][] = $db_info->use_object_cache;
     }
     // Convert FTP configuration.
     if (isset($ftp_info)) {
         $config['ftp']['host'] = $ftp_info->ftp_host;
         $config['ftp']['port'] = $ftp_info->ftp_port;
         $config['ftp']['path'] = $ftp_info->ftp_root_path;
         $config['ftp']['user'] = $ftp_info->ftp_user;
         $config['ftp']['pasv'] = $ftp_info->ftp_pasv;
         $config['ftp']['sftp'] = $ftp_info->sftp === 'Y' ? true : false;
     }
     // Create new crypto keys.
     $config['crypto']['encryption_key'] = \Password::createSecureSalt(64, 'alnum');
     $config['crypto']['authentication_key'] = \Password::createSecureSalt(64, 'alnum');
     $config['crypto']['session_key'] = \Password::createSecureSalt(64, 'alnum');
     // Convert language configuration.
     if (isset($db_info->lang_type)) {
         $config['locale']['default_lang'] = str_replace('jp', 'ja', strtolower($db_info->lang_type));
     } elseif (count($lang_selected)) {
         $config['locale']['default_lang'] = array_first($lang_selected);
     }
     $config['locale']['enabled_lang'] = array_values($lang_selected);
     // Convert timezone configuration.
     $old_timezone = DateTime::getTimezoneOffsetByLegacyFormat($db_info->time_zone ?: '+0900');
     switch ($old_timezone) {
         case 32400:
             $config['locale']['default_timezone'] = 'Asia/Seoul';
             break;
         default:
             $config['locale']['default_timezone'] = DateTime::getTimezoneNameByOffset($old_timezone);
     }
     $config['locale']['internal_timezone'] = intval(date('Z'));
     // Convert URL configuration.
     $default_url = $db_info->default_url;
     if (strpos($default_url, 'xn--') !== false) {
         $default_url = \Context::decodeIdna($default_url);
     }
     $config['url']['default'] = $default_url ?: \RX_BASEURL;
     $config['url']['http_port'] = $db_info->http_port ?: null;
     $config['url']['https_port'] = $db_info->https_port ?: null;
     $config['url']['ssl'] = $db_info->use_ssl ?: 'none';
     // Convert session configuration.
     $config['session']['delay'] = $db_info->delay_session === 'Y' ? true : false;
     $config['session']['use_db'] = $db_info->use_db_session === 'Y' ? true : false;
     // Convert view configuration.
     $config['view']['minify_scripts'] = $db_info->minify_scripts ?: 'common';
     $config['view']['use_gzip'] = defined('__OB_GZHANDLER_ENABLE__') && constant('__OB_GZHANDLER_ENABLE__');
     // Convert admin IP whitelist.
     if (isset($db_info->admin_ip_list) && is_array($db_info->admin_ip_list) && count($db_info->admin_ip_list)) {
         $config['admin']['allow'] = array_values($db_info->admin_ip_list);
     }
     // Convert sitelock configuration.
     $config['lock']['locked'] = $db_info->use_sitelock === 'Y' ? true : false;
     $config['lock']['title'] = strval($db_info->sitelock_title);
     $config['lock']['message'] = strval($db_info->sitelock_message);
     if (!is_array($db_info->sitelock_whitelist)) {
         $db_info->sitelock_whitelist = $db_info->sitelock_whitelist ? array_map('trim', explode(',', trim($db_info->sitelock_whitelist))) : array();
     }
     if (!in_array('127.0.0.1', $db_info->sitelock_whitelist)) {
         $db_info->sitelock_whitelist[] = '127.0.0.1';
     }
     $config['lock']['allow'] = array_values($db_info->sitelock_whitelist);
     // Convert debug configuration.
     $config['debug']['enabled'] = true;
     $config['debug']['log_errors'] = true;
     $config['debug']['log_queries'] = \__DEBUG__ & 4 ? true : false;
     $config['debug']['log_slow_queries'] = floatval(\__LOG_SLOW_QUERY__);
     $config['debug']['log_slow_triggers'] = floatval(\__LOG_SLOW_TRIGGER__ * 1000);
     $config['debug']['log_slow_widgets'] = floatval(\__LOG_SLOW_WIDGET__ * 1000);
     // Convert embed filter configuration.
     if (is_array($db_info->embed_white_iframe)) {
         $whitelist = array_unique(array_map(function ($item) {
             return preg_match('@^https?://(.*)$@i', $item, $matches) ? $matches[1] : $item;
         }, $db_info->embed_white_iframe));
         natcasesort($whitelist);
         $config['embedfilter']['iframe'] = $whitelist;
     }
     if (is_array($db_info->embed_white_object)) {
         $whitelist = array_unique(array_map(function ($item) {
             return preg_match('@^https?://(.*)$@i', $item, $matches) ? $matches[1] : $item;
         }, $db_info->embed_white_object));
         natcasesort($whitelist);
         $config['embedfilter']['object'] = $whitelist;
     }
     // Convert miscellaneous configuration.
     $config['use_mobile_view'] = $db_info->use_mobile_view === 'N' ? false : true;
     $config['use_prepared_statements'] = $db_info->use_prepared_statements === 'Y' ? true : false;
     $config['use_rewrite'] = $db_info->use_rewrite === 'Y' ? true : false;
     $config['use_sso'] = $db_info->use_sso === 'Y' ? true : false;
     // Copy other configuration.
     unset($db_info->master_db, $db_info->slave_db);
     unset($db_info->lang_type, $db_info->time_zone);
     unset($db_info->default_url, $db_info->http_port, $db_info->https_port, $db_info->use_ssl);
     unset($db_info->delay_session, $db_info->use_db_session);
     unset($db_info->minify_scripts, $db_info->admin_ip_list);
     unset($db_info->use_sitelock, $db_info->sitelock_title, $db_info->sitelock_message, $db_info->sitelock_whitelist);
     unset($db_info->embed_white_iframe, $db_info->embed_white_object);
     unset($db_info->use_object_cache, $db_info->use_mobile_view, $db_info->use_prepared_statements);
     unset($db_info->use_rewrite, $db_info->use_sso);
     foreach ($db_info as $key => $value) {
         $config['other'][$key] = $value;
     }
     // Return the new configuration.
     return $config;
 }
예제 #11
0
 function getThumbnail($width = 80, $height = 0, $thumbnail_type = '')
 {
     // return false if no doc exists
     if (!$this->comment_srl) {
         return;
     }
     if ($this->isSecret() && !$this->isGranted()) {
         return;
     }
     // If signiture height setting is omitted, create a square
     if (!$height) {
         $height = $width;
     }
     $content = $this->get('content');
     if (!$this->hasUploadedFiles()) {
         if (!$content) {
             $args = new stdClass();
             $args->comment_srl = $this->comment_srl;
             $output = executeQuery('document.getComment', $args, array('content'));
             if ($output->toBool() && $output->data) {
                 $content = $output->data->content;
                 $this->add('content', $content);
             }
         }
         if (!preg_match("!<img!is", $content)) {
             return;
         }
     }
     // get thumbail generation info on the doc module configuration.
     if (!in_array($thumbnail_type, array('crop', 'ratio'))) {
         $thumbnail_type = 'crop';
     }
     // Define thumbnail information
     $thumbnail_path = sprintf('files/thumbnails/%s', getNumberingPath($this->comment_srl, 3));
     $thumbnail_file = sprintf('%s%dx%d.%s.jpg', $thumbnail_path, $width, $height, $thumbnail_type);
     $thumbnail_lockfile = sprintf('%s%dx%d.%s.lock', $thumbnail_path, $width, $height, $thumbnail_type);
     $thumbnail_url = Context::getRequestUri() . $thumbnail_file;
     // return false if a size of existing thumbnail file is 0. otherwise return the file path
     if (file_exists($thumbnail_file) || file_exists($thumbnail_lockfile)) {
         if (filesize($thumbnail_file) < 1) {
             return FALSE;
         } else {
             return $thumbnail_url;
         }
     }
     // Create lockfile to prevent race condition
     FileHandler::writeFile($thumbnail_lockfile, '', 'w');
     // Target file
     $source_file = NULL;
     $is_tmp_file = FALSE;
     // find an image file among attached files
     if ($this->hasUploadedFiles()) {
         $file_list = $this->getUploadedFiles();
         $first_image = null;
         foreach ($file_list as $file) {
             if ($file->direct_download !== 'Y') {
                 continue;
             }
             if ($file->cover_image === 'Y' && file_exists($file->uploaded_filename)) {
                 $source_file = $file->uploaded_filename;
                 break;
             }
             if ($first_image) {
                 continue;
             }
             if (preg_match("/\\.(jpe?g|png|gif|bmp)\$/i", $file->source_filename)) {
                 if (file_exists($file->uploaded_filename)) {
                     $first_image = $file->uploaded_filename;
                 }
             }
         }
         if (!$source_file && $first_image) {
             $source_file = $first_image;
         }
     }
     // get an image file from the doc content if no file attached.
     $is_tmp_file = false;
     if (!$source_file) {
         $random = new Password();
         preg_match_all("!<img[^>]*src=(?:\"|\\')([^\"\\']*?)(?:\"|\\')!is", $content, $matches, PREG_SET_ORDER);
         foreach ($matches as $target_image) {
             $target_src = trim($target_image[1]);
             if (preg_match('/\\/(common|modules|widgets|addons|layouts|m\\.layouts)\\//i', $target_src)) {
                 continue;
             }
             if (!preg_match('/^(http|https):\\/\\//i', $target_src)) {
                 $target_src = Context::getRequestUri() . $target_src;
             }
             $target_src = htmlspecialchars_decode($target_src);
             $tmp_file = _XE_PATH_ . 'files/cache/tmp/' . $random->createSecureSalt(32, 'hex');
             FileHandler::getRemoteFile($target_src, $tmp_file);
             if (!file_exists($tmp_file)) {
                 continue;
             }
             $imageinfo = getimagesize($tmp_file);
             list($_w, $_h) = $imageinfo;
             if ($imageinfo === false || $_w < $width * 0.3 && $_h < $height * 0.3) {
                 FileHandler::removeFile($tmp_file);
                 continue;
             }
             $source_file = $tmp_file;
             $is_tmp_file = true;
             break;
         }
     }
     $output = FileHandler::createImageFile($source_file, $thumbnail_file, $width, $height, 'jpg', $thumbnail_type);
     // Remove source file if it was temporary
     if ($is_tmp_file) {
         FileHandler::removeFile($source_file);
     }
     // Remove lockfile
     FileHandler::removeFile($thumbnail_lockfile);
     // Return the thumbnail path if it was successfully generated
     if ($output) {
         return $thumbnail_url;
     } else {
         FileHandler::writeFile($thumbnail_file, '', 'w');
     }
     return;
 }