Exemplo n.º 1
0
 private function sendRequest(MOXMAN_Util_Config $config)
 {
     $secretKey = $config->get("ExternalAuthenticator.secret_key");
     $authUrl = $config->get("ExternalAuthenticator.external_auth_url");
     $url = "";
     $defaultPort = 80;
     if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
         $url = "https://";
         $defaultPort = 443;
     }
     $url .= $_SERVER['HTTP_HOST'];
     if ($_SERVER['SERVER_PORT'] != $defaultPort) {
         $url .= ':' . $defaultPort;
     }
     $httpClient = new MOXMAN_Http_HttpClient($url);
     $httpClient->setProxy($config->get("general.http_proxy", ""));
     $authUrl = MOXMAN_Util_PathUtils::toAbsolute(dirname($_SERVER["REQUEST_URI"]) . '/plugins/ExternalAuthenticator', $authUrl);
     $request = $httpClient->createRequest($authUrl, "POST");
     $authUser = $config->get("ExternalAuthenticator.basic_auth_user");
     $authPw = $config->get("ExternalAuthenticator.basic_auth_password");
     if ($authUser && $authPw) {
         $request->setAuth($authUser, $authPw);
     }
     $cookie = isset($_SERVER["HTTP_COOKIE"]) ? $_SERVER["HTTP_COOKIE"] : "";
     if ($cookie) {
         $request->setHeader('cookie', $cookie);
     }
     $seed = hash_hmac('sha256', $cookie . uniqid() . time(), $secretKey);
     $hash = hash_hmac('sha256', $seed, $secretKey);
     $response = $request->send(array("seed" => $seed, "hash" => $hash));
     if ($response->getCode() < 200 || $response->getCode() > 399) {
         throw new MOXMAN_Exception("Did not get a proper http status code from Auth url: " . $url . $authUrl . ".", $response->getCode());
     }
     return $response->getBody();
 }
Exemplo n.º 2
0
 /**
  * Process a request using the specified context.
  *
  * @param MOXMAN_Http_Context $httpContext Context instance to pass to use for the handler.
  */
 public function processRequest(MOXMAN_Http_Context $httpContext)
 {
     $config = MOXMAN::getConfig();
     $response = $httpContext->getResponse();
     $response->disableCache();
     $response->setHeader('Content-type', 'text/html');
     if (!$config->get("general.debug")) {
         $response->sendContent("Debugging not configured, you need to set general.debug to true in config.php file.");
         return;
     }
     $request = $httpContext->getRequest();
     if ($request->get("info")) {
         phpinfo();
         return;
     }
     $sitepaths = MOXMAN_Util_PathUtils::getSitePaths();
     $scriptFilename = $_SERVER["SCRIPT_FILENAME"];
     if (realpath($scriptFilename) != $scriptFilename) {
         $scriptFilename = $scriptFilename . "<br />(" . realpath($scriptFilename) . ")";
     }
     if (function_exists("imagecreatefromjpeg")) {
         $gdInfo = gd_info();
         $outInfo = "Ver:" . $gdInfo["GD Version"];
         $outInfo .= " GIF:" . ($gdInfo["GIF Create Support"] ? "Y" : "N");
         $outInfo .= " PNG:" . ($gdInfo["PNG Support"] ? "Y" : "N");
         $outInfo .= " JPEG:" . ($gdInfo["JPEG Support"] ? "Y" : "N");
     } else {
         $outInfo = "N/A";
         $gdInfo = array();
     }
     $user = MOXMAN::getAuthManager()->getUser();
     $result = array("MOXMAN_ROOT" => MOXMAN_ROOT, "realpath('.')" => realpath("."), "Config.php rootpath" => $config->get("filesystem.rootpath"), "Config.php wwwroot" => $config->get("filesystem.local.wwwroot"), "wwwroot resolve" => $sitepaths["wwwroot"], "wwwroot realpath" => realpath($sitepaths["wwwroot"]), "prefix resolve" => $sitepaths["prefix"], "storage path" => MOXMAN_Util_PathUtils::toAbsolute(MOXMAN_ROOT, $config->get("storage.path")), "storage writable" => is_writable(MOXMAN_Util_PathUtils::toAbsolute(MOXMAN_ROOT, $config->get("storage.path"))), "script filename" => $scriptFilename, "script name" => $_SERVER["SCRIPT_NAME"], "GD" => $outInfo, "memory_limit" => @ini_get("memory_limit"), "upload_max_filesize" => @ini_get("upload_max_filesize"), "post_max_size" => @ini_get("post_max_size"), "file_uploads" => @ini_get("file_uploads") ? "Yes" : "No", "PHP Version" => phpversion(), "Time" => date('Y-m-d H:i:s', time()), "Time UTC" => date('Y-m-d H:i:s', time() - date("Z")), "Authenticated" => MOXMAN::getAuthManager()->isAuthenticated(), "User" => $user ? $user->getName() : "N/A");
     $out = "<html><body><table border='1'>";
     foreach ($result as $name => $value) {
         if ($value === true) {
             $value = "True";
         } else {
             if ($value === false) {
                 $value = "False";
             }
         }
         $out .= "<tr>";
         $out .= "<td>" . $name . "&nbsp;</td><td>" . $value . "&nbsp;</td>";
         $out .= "</tr>";
     }
     $out .= "</table><a href='?action=debug&info=true'>Show phpinfo</a>";
     $out .= "</body></html>";
     $response->sendContent($out);
 }
Exemplo n.º 3
0
 /**
  * Returns a MOXMAN_Vfs_IFile instance based on the specified path.
  *
  * @param string $path Path of the file to retrive.
  * @return MOXMAN_Vfs_IFile File instance for the specified path.
  */
 public function getFile($path)
 {
     // Never give access to the mc_access file
     if ($this->getConfig()->get("filesystem.local.access_file_name") === basename($path)) {
         throw new MOXMAN_Exception("Can't access the access_file_name.");
     }
     $this->verifyPath($path);
     // Force the path to an absolute path
     $path = MOXMAN_Util_PathUtils::toAbsolute(MOXMAN_ROOT, $path);
     // If the path is out side the root then return null
     if (!MOXMAN_Util_PathUtils::isChildOf($path, $this->rootPath)) {
         $null = null;
         return $null;
     }
     return new MOXMAN_Vfs_Local_File($this, $path);
 }
Exemplo n.º 4
0
 public function authenticate(MOXMAN_Auth_User $user)
 {
     $config = MOXMAN::getConfig();
     $secretKey = $config->get("ExternalAuthenticator.secret_key");
     $authUrl = $config->get("ExternalAuthenticator.external_auth_url");
     if (!$secretKey || !$authUrl) {
         throw new MOXMAN_Exception("No key/url set for ExternalAuthenticator, check config.");
     }
     // Build url
     if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
         $url = "https://";
     } else {
         $url = "http://";
     }
     $url .= $_SERVER['HTTP_HOST'];
     if ($_SERVER['SERVER_PORT'] != 80) {
         $url .= ':' . $_SERVER['SERVER_PORT'];
     }
     $httpClient = new MOXMAN_Http_HttpClient($url);
     $authUrl = MOXMAN_Util_PathUtils::toAbsolute(dirname($_SERVER["REQUEST_URI"]) . '/plugins/ExternalAuthenticator', $authUrl);
     $request = $httpClient->createRequest($url . $authUrl);
     $cookie = '';
     foreach ($_COOKIE as $name => $value) {
         $cookie .= ($cookie ? '; ' : '') . $name . '=' . $value;
     }
     $request->setHeader('cookie', $cookie);
     $seed = $cookie . uniqid() . time();
     $hash = hash_hmac('sha256', $seed, $secretKey);
     $response = $request->send(array("seed" => $seed, "hash" => $hash));
     $json = json_decode($response->getBody());
     if (!$json) {
         throw new MOXMAN_Exception("Did not get a proper JSON response from Auth url.");
     }
     if (isset($json->result)) {
         foreach ($json->result as $key => $value) {
             $key = str_replace('_', '.', $key);
             $config->put($key, $value);
         }
         return true;
     } else {
         if (isset($json->error)) {
             throw new MOXMAN_Exception($json->error->message . " - " . $json->error->code);
         } else {
             throw new MOXMAN_Exception("Generic unknown error, did not get a proper JSON response from Auth url.");
         }
     }
 }
Exemplo n.º 5
0
 /**
  * Returns a file object out of the specified URL.
  *
  * @param string Absolute URL for the specified file.
  * @return MOXMAN_Vfs_IFile File that got resolved or null if it wasn't found.
  */
 public function getFile($url)
 {
     $config = $this->fileSystem->getConfig();
     $file = null;
     // Get config items
     $wwwroot = $config->get("filesystem.local.wwwroot");
     $prefix = $config->get("filesystem.local.urlprefix");
     $paths = MOXMAN_Util_PathUtils::getSitePaths();
     // No wwwroot specified try to figure out a wwwroot
     if (!$wwwroot) {
         $wwwroot = $paths["wwwroot"];
     } else {
         // Force the www root to an absolute file system path
         $wwwroot = MOXMAN_Util_PathUtils::toAbsolute(MOXMAN_ROOT, $wwwroot);
     }
     // Add prefix to URL
     if ($prefix == "") {
         $prefix = MOXMAN_Util_PathUtils::combine("{proto}://{host}", $paths["prefix"]);
     }
     // Replace protocol
     if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
         $prefix = str_replace("{proto}", "https", $prefix);
     } else {
         $prefix = str_replace("{proto}", "http", $prefix);
     }
     // Replace host/port
     $prefix = str_replace("{host}", $_SERVER['HTTP_HOST'], $prefix);
     $prefix = str_replace("{port}", $_SERVER['SERVER_PORT'], $prefix);
     // Remove prefix from url
     if ($prefix && strpos($url, $prefix) === 0) {
         $url = substr($url, strlen($prefix));
     }
     // Parse url and check if path part of the URL is within the root of the file system
     $url = parse_url($url);
     if (isset($url["path"])) {
         $path = MOXMAN_Util_PathUtils::combine($wwwroot, $url["path"]);
         if (MOXMAN_Util_PathUtils::isChildOf($path, $this->fileSystem->getRootPath())) {
             // Crop away root path part and glue it back on again since the case might be different
             // For example: c:/inetpub/wwwroot and C:/InetPub/WWWRoot this will force it into the
             // valid fileSystem root path prefix
             $path = substr($path, strlen($this->fileSystem->getRootPath()));
             $path = MOXMAN_Util_PathUtils::combine($this->fileSystem->getRootPath(), $path);
             $file = $this->fileSystem->getFile($path);
         }
     }
     return $file;
 }
Exemplo n.º 6
0
 /**
  * Returns a MOXMAN_Vfs_IFile instance based on the specified path.
  *
  * @param string $path Path of the file to retrive.
  * @return MOXMAN_Vfs_IFile File instance for the specified path.
  */
 public function getFile($path)
 {
     // Get file from cache
     if ($this->cache->has($path)) {
         return $this->cache->get($path);
     }
     // Never give access to the mc_access file
     if ($this->getConfig()->get("filesystem.local.access_file_name") === basename($path)) {
         throw new MOXMAN_Exception("Can't access the access_file_name.");
     }
     MOXMAN_Util_PathUtils::verifyPath($path, true);
     // Force the path to an absolute path
     $path = MOXMAN_Util_PathUtils::toAbsolute(MOXMAN_ROOT, $path);
     // If the path is out side the root then return null
     if (!MOXMAN_Util_PathUtils::isChildOf($path, $this->rootPath)) {
         $null = null;
         return $null;
     }
     // Create the file and put it in the cache
     $file = new MOXMAN_Vfs_Local_File($this, $path);
     $this->cache->put($path, $file);
     return $file;
 }
Exemplo n.º 7
0
 /**
  * Returns an URL for the specified file object.
  *
  * @param MOXMAN_Vfs_IFile $file File to get the absolute URL for.
  * @return String Absolute URL for the specified file.
  */
 public function getUrl(MOXMAN_Vfs_IFile $file)
 {
     $config = $file->getConfig();
     // Get config items
     $wwwroot = $config->get("filesystem.local.wwwroot");
     $prefix = $config->get("filesystem.local.urlprefix");
     $suffix = $config->get("filesystem.local.urlsuffix");
     $paths = MOXMAN_Util_PathUtils::getSitePaths();
     // No wwwroot specified try to figure out a wwwroot
     if (!$wwwroot) {
         $wwwroot = $paths["wwwroot"];
     } else {
         // Force the www root to an absolute file system path
         $wwwroot = MOXMAN_Util_PathUtils::toAbsolute(MOXMAN_ROOT, $wwwroot);
     }
     // Add prefix to URL
     if ($prefix == "") {
         $prefix = MOXMAN_Util_PathUtils::combine("{proto}://{host}", $paths["prefix"]);
     }
     // Replace protocol
     if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
         $prefix = str_replace("{proto}", "https", $prefix);
     } else {
         $prefix = str_replace("{proto}", "http", $prefix);
     }
     // Replace host/port
     $prefix = str_replace("{host}", $_SERVER['HTTP_HOST'], $prefix);
     $prefix = str_replace("{port}", $_SERVER['SERVER_PORT'], $prefix);
     // Insert path into URL
     $url = substr($file->getPath(), strlen($wwwroot));
     $url = MOXMAN_Util_PathUtils::combine($prefix, $url);
     // Add suffix to URL
     if ($suffix) {
         $url .= $suffix;
     }
     return $url;
 }
 /**
  * Process a request using the specified context.
  *
  * @param MOXMAN_Http_Context $httpContext Context instance to pass to use for the handler.
  */
 public function processRequest(MOXMAN_Http_Context $httpContext)
 {
     $config = MOXMAN::getConfig();
     if (!$config->get("general.debug")) {
         return;
     }
     $request = $httpContext->getRequest();
     if ($request->get("info")) {
         phpinfo();
         die;
     }
     $response = $httpContext->getResponse();
     $response->disableCache();
     $response->setHeader('Content-type', 'text/html');
     $sitepaths = MOXMAN_Util_PathUtils::getSitePaths();
     $scriptFilename = $_SERVER["SCRIPT_FILENAME"];
     if (realpath($scriptFilename) != $scriptFilename) {
         $scriptFilename = $scriptFilename . "<br />(" . realpath($scriptFilename) . ")";
     }
     $result = array("MOXMAN_ROOT" => MOXMAN_ROOT, "realpath('.')" => realpath("."), "Config.php rootpath" => $config->get("filesystem.rootpath"), "Config.php wwwroot" => $config->get("filesystem.local.wwwroot"), "wwwroot resolve" => $sitepaths["wwwroot"], "wwwroot realpath" => realpath($sitepaths["wwwroot"]), "prefix resolve" => $sitepaths["prefix"], "storage path" => MOXMAN_Util_PathUtils::toAbsolute(MOXMAN_ROOT, $config->get("storage.path")), "storage writable" => is_writable(MOXMAN_Util_PathUtils::toAbsolute(MOXMAN_ROOT, $config->get("storage.path"))), "script filename" => $scriptFilename, "script name" => $_SERVER["SCRIPT_NAME"]);
     $out = "<html><body><table border='1'>";
     foreach ($result as $name => $value) {
         if ($value === true) {
             $value = "True";
         } else {
             if ($value === false) {
                 $value = "False";
             }
         }
         $out .= "<tr>";
         $out .= "<td>" . $name . "&nbsp;</td><td>" . $value . "&nbsp;</td>";
         $out .= "</tr>";
     }
     $out .= "</table><a href='?action=debug&info=true'>Show phpinfo</a>";
     $out .= "</body></html>";
     $response->sendContent($out);
 }
Exemplo n.º 9
0
 public function authenticate(MOXMAN_Auth_User $user)
 {
     $config = MOXMAN::getConfig();
     $configPrefix = "moxiemanager";
     $authUserKey = "moxiemanager.auth.user";
     // Use cached auth state valid for 5 minutes
     if (isset($_SESSION["moxiemanager.authtime"]) && time() - $_SESSION["moxiemanager.authtime"] < 60 * 5) {
         // Extend config with session prefixed sessions
         $sessionConfig = array();
         if ($configPrefix) {
             foreach ($_SESSION as $key => $value) {
                 if (strpos($key, $configPrefix) === 0) {
                     $sessionConfig[substr($key, strlen($configPrefix) + 1)] = $value;
                 }
             }
         }
         $config->extend($sessionConfig);
         if (isset($_SESSION[$authUserKey])) {
             $config->replaceVariable("user", $_SESSION[$authUserKey]);
             $user->setName($_SESSION[$authUserKey]);
         }
         return true;
     }
     $secretKey = $config->get("ExternalAuthenticator.secret_key");
     $authUrl = $config->get("ExternalAuthenticator.external_auth_url");
     if (!$secretKey || !$authUrl) {
         throw new MOXMAN_Exception("No key/url set for ExternalAuthenticator, check config.");
     }
     // Build url
     if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
         $url = "https://";
     } else {
         $url = "http://";
     }
     $url .= $_SERVER['HTTP_HOST'];
     if ($_SERVER['SERVER_PORT'] != 80) {
         $url .= ':' . $_SERVER['SERVER_PORT'];
     }
     $httpClient = new MOXMAN_Http_HttpClient($url);
     $httpClient->setProxy($config->get("general.http_proxy", ""));
     $authUrl = MOXMAN_Util_PathUtils::toAbsolute(dirname($_SERVER["REQUEST_URI"]) . '/plugins/ExternalAuthenticator', $authUrl);
     $request = $httpClient->createRequest($authUrl, "POST");
     $authUser = $config->get("ExternalAuthenticator.basic_auth_user");
     $authPw = $config->get("ExternalAuthenticator.basic_auth_password");
     if ($authUser && $authPw) {
         $request->setAuth($authUser, $authPw);
     }
     $cookie = isset($_SERVER["HTTP_COOKIE"]) ? $_SERVER["HTTP_COOKIE"] : "";
     if ($cookie) {
         $request->setHeader('cookie', $cookie);
     }
     $seed = hash_hmac('sha256', $cookie . uniqid() . time(), $secretKey);
     $hash = hash_hmac('sha256', $seed, $secretKey);
     $response = $request->send(array("seed" => $seed, "hash" => $hash));
     if ($response->getCode() < 200 || $response->getCode() > 399) {
         throw new MOXMAN_Exception("Did not get a proper http status code from Auth url: " . $url . $authUrl . ".", $response->getCode());
     }
     $json = json_decode($response->getBody(), true);
     if (!$json) {
         throw new MOXMAN_Exception("Did not get a proper JSON response from Auth url.");
     }
     if (isset($json["result"])) {
         foreach ($json["result"] as $key => $value) {
             $config->put($key, $value);
             $_SESSION["moxiemanager." . $key] = $value;
         }
         if (isset($json["result"][$authUserKey])) {
             $config->replaceVariable("user", $json["result"][$authUserKey]);
             $user->setName($json["result"][$authUserKey]);
         }
         $_SESSION["moxiemanager.authtime"] = time();
         return true;
     } else {
         if (isset($json["error"])) {
             throw new MOXMAN_Exception($json["error"]["message"] . " - " . $json["error"]["code"]);
         } else {
             throw new MOXMAN_Exception("Generic unknown error, did not get a proper JSON response from Auth url.");
         }
     }
 }
Exemplo n.º 10
0
 /**
  * Returns an URL for the specified file object.
  *
  * @param MOXMAN_Vfs_IFile $file File to get the absolute URL for.
  * @return String Absolute URL for the specified file.
  */
 public function getUrl(MOXMAN_Vfs_IFile $file)
 {
     $config = $file->getConfig();
     // Get config items
     $wwwroot = $config->get("filesystem.local.wwwroot");
     $prefix = $config->get("filesystem.local.urlprefix");
     $suffix = $config->get("filesystem.local.urlsuffix");
     // Map to wwwroot array
     if (is_array($wwwroot)) {
         foreach ($wwwroot as $rootPath => $rootConfig) {
             $rootPath = MOXMAN_Util_PathUtils::toAbsolute(MOXMAN_ROOT, $rootPath);
             if (strpos($file->getPath(), $rootPath) === 0) {
                 $wwwroot = $rootPath;
                 if (isset($rootConfig["wwwroot"])) {
                     $wwwroot = $rootConfig["wwwroot"];
                 }
                 if (isset($rootConfig["urlprefix"])) {
                     $prefix = $rootConfig["urlprefix"];
                 }
                 if (isset($rootConfig["urlsuffix"])) {
                     $suffix = $rootConfig["urlsuffix"];
                 }
                 break;
             }
         }
         if (is_array($wwwroot)) {
             $wwwroot = "";
         }
     }
     $paths = MOXMAN_Util_PathUtils::getSitePaths();
     // No wwwroot specified try to figure out a wwwroot
     if (!$wwwroot) {
         $wwwroot = $paths["wwwroot"];
     } else {
         // Force the www root to an absolute file system path
         $wwwroot = MOXMAN_Util_PathUtils::toAbsolute(MOXMAN_ROOT, $wwwroot);
     }
     // Add prefix to URL
     if ($prefix == "") {
         $prefix = MOXMAN_Util_PathUtils::combine("{proto}://{host}", $paths["prefix"]);
     }
     // Replace protocol
     if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") {
         $prefix = str_replace("{proto}", "https", $prefix);
     } else {
         $prefix = str_replace("{proto}", "http", $prefix);
     }
     // Replace host/port
     $prefix = str_replace("{host}", $_SERVER['HTTP_HOST'], $prefix);
     $prefix = str_replace("{port}", $_SERVER['SERVER_PORT'], $prefix);
     // Insert path into URL
     if (stripos($file->getPath(), $wwwroot) === 0) {
         $url = substr($file->getPath(), strlen($wwwroot));
         $url = MOXMAN_Util_PathUtils::combine($prefix, MOXMAN_Http_Uri::escapeUriString($url));
         // Add suffix to URL
         if ($suffix) {
             $url .= $suffix;
         }
         return $url;
     }
     return "";
 }