protected static function displayResetPasswordPage($success, $args) { $route_args = array(); $route_args['token'] = $args['token']; $route_args['user'] = $args['user']; OC_Template::printGuestPage('core/lostpassword', 'resetpassword', array('success' => $success, 'args' => $route_args)); }
public function display($post) { $defaults = array('adminlogin' => '', 'adminpass' => '', 'dbuser' => '', 'dbpass' => '', 'dbname' => '', 'dbtablespace' => '', 'dbhost' => 'localhost', 'dbtype' => ''); $parameters = array_merge($defaults, $post); \OC_Util::addVendorScript('strengthify/jquery.strengthify'); \OC_Util::addVendorStyle('strengthify/strengthify'); \OC_Util::addScript('setup'); \OC_Template::printGuestPage('', 'installation', $parameters); }
public static function init() { // register autoloader $loaderStart = microtime(true); require_once __DIR__ . '/autoloader.php'; self::$loader = new \OC\Autoloader(); spl_autoload_register(array(self::$loader, 'load')); $loaderEnd = microtime(true); self::initPaths(); // setup 3rdparty autoloader $vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php'; if (file_exists($vendorAutoLoad)) { require_once $vendorAutoLoad; } else { OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); // we can't use the template error page here, because this needs the // DI container which isn't available yet print('Composer autoloader not found, unable to continue. Check the folder "3rdparty".'); exit(); } // setup the basic server self::$server = new \OC\Server(\OC::$WEBROOT); \OC::$server->getEventLogger()->log('autoloader', 'Autoloader', $loaderStart, $loaderEnd); \OC::$server->getEventLogger()->start('boot', 'Initialize'); // set some stuff //ob_start(); error_reporting(E_ALL | E_STRICT); if (defined('DEBUG') && DEBUG) { ini_set('display_errors', 1); } self::$CLI = (php_sapi_name() == 'cli'); date_default_timezone_set('UTC'); ini_set('arg_separator.output', '&'); //try to configure php to enable big file uploads. //this doesn´t work always depending on the webserver and php configuration. //Let´s try to overwrite some defaults anyways //try to set the maximum execution time to 60min @set_time_limit(3600); @ini_set('max_execution_time', 3600); @ini_set('max_input_time', 3600); //try to set the maximum filesize to 10G @ini_set('upload_max_filesize', '10G'); @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); self::handleAuthHeaders(); self::registerAutoloaderCache(); // initialize intl fallback is necessary \Patchwork\Utf8\Bootup::initIntl(); OC_Util::isSetLocaleWorking(); if (!defined('PHPUNIT_RUN')) { OC\Log\ErrorHandler::setLogger(OC_Log::$object); if (defined('DEBUG') and DEBUG) { OC\Log\ErrorHandler::register(true); set_exception_handler(array('OC_Template', 'printExceptionErrorPage')); } else { OC\Log\ErrorHandler::register(); } } // register the stream wrappers stream_wrapper_register('fakedir', 'OC\Files\Stream\Dir'); stream_wrapper_register('static', 'OC\Files\Stream\StaticStream'); stream_wrapper_register('close', 'OC\Files\Stream\Close'); stream_wrapper_register('quota', 'OC\Files\Stream\Quota'); stream_wrapper_register('oc', 'OC\Files\Stream\OC'); \OC::$server->getEventLogger()->start('init_session', 'Initialize session'); OC_App::loadApps(array('session')); if (!self::$CLI) { self::initSession(); } \OC::$server->getEventLogger()->end('init_session'); self::initTemplateEngine(); self::checkConfig(); self::checkInstalled(); self::checkSSL(); OC_Response::addSecurityHeaders(); $errors = OC_Util::checkServer(\OC::$server->getConfig()); if (count($errors) > 0) { if (self::$CLI) { foreach ($errors as $error) { echo $error['error'] . "\n"; echo $error['hint'] . "\n\n"; } } else { OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); OC_Template::printGuestPage('', 'error', array('errors' => $errors)); } exit; } //try to set the session lifetime $sessionLifeTime = self::getSessionLifeTime(); @ini_set('gc_maxlifetime', (string)$sessionLifeTime); $systemConfig = \OC::$server->getSystemConfig(); // User and Groups if (!$systemConfig->getValue("installed", false)) { self::$server->getSession()->set('user_id', ''); } OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); //setup extra user backends if (!self::checkUpgrade(false)) { OC_User::setupBackends(); } self::registerCacheHooks(); self::registerFilesystemHooks(); self::registerPreviewHooks(); self::registerShareHooks(); self::registerLogRotate(); self::registerLocalAddressBook(); //make sure temporary files are cleaned up $tmpManager = \OC::$server->getTempManager(); register_shutdown_function(array($tmpManager, 'clean')); if ($systemConfig->getValue('installed', false) && !self::checkUpgrade(false)) { if (\OC::$server->getConfig()->getAppValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') { OC_Util::addScript('backgroundjobs'); } } // Check whether the sample configuration has been copied if($systemConfig->getValue('copied_sample_config', false)) { $l = \OC::$server->getL10N('lib'); header('HTTP/1.1 503 Service Temporarily Unavailable'); header('Status: 503 Service Temporarily Unavailable'); OC_Template::printErrorPage( $l->t('Sample configuration detected'), $l->t('It has been detected that the sample configuration has been copied. This can break your installation and is unsupported. Please read the documentation before performing changes on config.php') ); return; } $host = OC_Request::insecureServerHost(); // if the host passed in headers isn't trusted if (!OC::$CLI // overwritehost is always trusted && OC_Request::getOverwriteHost() === null && !OC_Request::isTrustedDomain($host) ) { header('HTTP/1.1 400 Bad Request'); header('Status: 400 Bad Request'); $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); $tmpl->assign('domain', $_SERVER['SERVER_NAME']); $tmpl->printPage(); exit(); } \OC::$server->getEventLogger()->end('boot'); }
<?php OCP\App::checkAppEnabled('user_openid_provider'); set_include_path(get_include_path() . PATH_SEPARATOR . __DIR__ . '/3rdparty'); require_once 'Zend/OpenId/Provider.php'; if (!isset($_REQUEST['openid_mode'])) { OC_Template::printGuestPage('user_openid_provider', 'main'); die; } $session = new OC_OpenIdProviderUserSession(); $storage = new OC_OpenIdProviderStorage(); $server = new Zend_OpenId_Provider(null, null, $session, $storage); if (OCP\User::isLoggedIn() and !$session->getLoggedInUser()) { $session->setLoggedInUser(OCP\Util::linkToAbsolute('', '?') . OCP\User::getUser()); } if (isset($_GET['openid_action']) and $_GET['openid_action'] == 'login') { unset($_GET['openid_action']); $params = '?' . Zend_OpenId::paramsToQuery($_GET); $next = OCP\Util::linkToRemote('openid_provider') . $params; $loginPage = OCP\Util::linkToAbsolute('', 'index.php') . '?redirect_url=' . urlencode($next); header('Location: ' . $loginPage); } else { if (isset($_GET['openid_action']) and $_GET['openid_action'] == 'trust') { OCP\User::checkLoggedIn(); if (isset($_POST['allow'])) { if (isset($_POST['forever'])) { $server->allowSite($server->getSiteRoot($_GET)); } $server->respondToConsumer($_GET); } else { if (isset($_POST['deny'])) {
} OC_Util::addScript('setup'); $hasSQLite = class_exists('SQLite3'); $hasMySQL = is_callable('mysql_connect'); $hasPostgreSQL = is_callable('pg_connect'); $hasOracle = is_callable('oci_connect'); $hasMSSQL = is_callable('sqlsrv_connect'); $datadir = OC_Config::getValue('datadirectory', OC::$SERVERROOT . '/data'); $vulnerableToNullByte = false; if (@file_exists(__FILE__ . "Nullbyte")) { // Check if the used PHP version is vulnerable to the NULL Byte attack (CVE-2006-7243) $vulnerableToNullByte = true; } // Protect data directory here, so we can test if the protection is working OC_Setup::protectDataDirectory(); $opts = array('hasSQLite' => $hasSQLite, 'hasMySQL' => $hasMySQL, 'hasPostgreSQL' => $hasPostgreSQL, 'hasOracle' => $hasOracle, 'hasMSSQL' => $hasMSSQL, 'directory' => $datadir, 'secureRNG' => OC_Util::secureRNGAvailable(), 'htaccessWorking' => OC_Util::isHtAccessWorking(), 'vulnerableToNullByte' => $vulnerableToNullByte, 'errors' => array(), 'dbIsSet' => $dbIsSet, 'directoryIsSet' => $directoryIsSet); if (isset($_POST['install']) and $_POST['install'] == 'true') { // We have to launch the installation process : $e = OC_Setup::install($_POST); $errors = array('errors' => $e); if (count($e) > 0) { //OC_Template::printGuestPage("", "error", array("errors" => $errors)); $options = array_merge($_POST, $opts, $errors); OC_Template::printGuestPage("", "installation", $options); } else { header('Location: ' . OC_Helper::linkToRoute('post_setup_check')); exit; } } else { OC_Template::printGuestPage("", "installation", $opts); }
//no apps require_once '../../lib/base.php'; // Someone lost their password: if (isset($_POST['user'])) { if (OC_User::userExists($_POST['user'])) { $token = sha1($_POST['user'] . md5(uniqid(rand(), true))); OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token); $email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', ''); if (!empty($email) and isset($_POST['sectoken']) and isset($_SESSION['sectoken']) and $_POST['sectoken'] == $_SESSION['sectoken']) { $link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php') . '?user='******'user'] . '&token=' . $token; $tmpl = new OC_Template('core/lostpassword', 'email'); $tmpl->assign('link', $link); $msg = $tmpl->fetchPage(); $l = OC_L10N::get('core'); $from = 'lostpassword-noreply@' . OC_Helper::serverHost(); OC_MAIL::send($email, $_POST['user'], $l->t('ownCloud password reset'), $msg, $from, 'ownCloud'); echo 'sent'; } $sectoken = rand(1000000, 9999999); $_SESSION['sectoken'] = $sectoken; OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => true, 'sectoken' => $sectoken)); } else { $sectoken = rand(1000000, 9999999); $_SESSION['sectoken'] = $sectoken; OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => true, 'requested' => false, 'sectoken' => $sectoken)); } } else { $sectoken = rand(1000000, 9999999); $_SESSION['sectoken'] = $sectoken; OC_Template::printGuestPage('core/lostpassword', 'lostpassword', array('error' => false, 'requested' => false, 'sectoken' => $sectoken)); }
/** * @param array $errors * @param string[] $messages */ public static function displayLoginPage($errors = array(), $messages = []) { $parameters = array(); foreach ($errors as $value) { $parameters[$value] = true; } $parameters['messages'] = $messages; if (!empty($_REQUEST['user'])) { $parameters["username"] = $_REQUEST['user']; $parameters['user_autofocus'] = false; } else { $parameters["username"] = ''; $parameters['user_autofocus'] = true; } if (isset($_REQUEST['redirect_url'])) { $parameters['redirect_url'] = $_REQUEST['redirect_url']; } $parameters['canResetPassword'] = true; if (!\OC::$server->getSystemConfig()->getValue('lost_password_link')) { if (isset($_REQUEST['user'])) { $user = \OC::$server->getUserManager()->get($_REQUEST['user']); if ($user instanceof IUser) { $parameters['canResetPassword'] = $user->canChangePassword(); } } } $parameters['alt_login'] = OC_App::getAlternativeLogIns(); $parameters['rememberLoginAllowed'] = self::rememberLoginAllowed(); \OC_Hook::emit('OC_Util', 'pre_displayLoginPage', array('parameters' => $parameters)); OC_Template::printGuestPage("", "login", $parameters); }
public static function init() { // register autoloader spl_autoload_register(array('OC', 'autoload')); setlocale(LC_ALL, 'en_US.UTF-8'); // set some stuff //ob_start(); error_reporting(E_ALL | E_STRICT); if (defined('DEBUG') && DEBUG) { ini_set('display_errors', 1); } date_default_timezone_set('UTC'); ini_set('arg_separator.output', '&'); // try to switch magic quotes off. if (function_exists('set_magic_quotes_runtime')) { @set_magic_quotes_runtime(false); } //try to configure php to enable big file uploads. //this doesn´t work always depending on the webserver and php configuration. //Let´s try to overwrite some defaults anyways //try to set the maximum execution time to 60min @set_time_limit(3600); @ini_set('max_execution_time', 3600); @ini_set('max_input_time', 3600); //try to set the maximum filesize to 10G @ini_set('upload_max_filesize', '10G'); @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); //try to set the session lifetime to 60min @ini_set('gc_maxlifetime', '3600'); //set http auth headers for apache+php-cgi work around if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1])); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } //set http auth headers for apache+php-cgi work around if variable gets renamed by apache if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1])); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } self::initPaths(); // register the stream wrappers require_once 'streamwrappers.php'; stream_wrapper_register("fakedir", "OC_FakeDirStream"); stream_wrapper_register('static', 'OC_StaticStreamWrapper'); stream_wrapper_register('close', 'OC_CloseStreamWrapper'); self::checkInstalled(); self::checkSSL(); // CSRF protection if (isset($_SERVER['HTTP_REFERER'])) { $referer = $_SERVER['HTTP_REFERER']; } else { $referer = ''; } $refererhost = parse_url($referer); if (isset($refererhost['host'])) { $refererhost = $refererhost['host']; } else { $refererhost = ''; } $server = OC_Helper::serverHost(); $serverhost = explode(':', $server); $serverhost = $serverhost['0']; if ($_SERVER['REQUEST_METHOD'] == 'POST' and $refererhost != $serverhost) { $url = OC_Helper::serverProtocol() . '://' . $server . OC::$WEBROOT . '/index.php'; header("Location: {$url}"); exit; } self::initSession(); self::initTemplateEngine(); self::checkUpgrade(); $errors = OC_Util::checkServer(); if (count($errors) > 0) { OC_Template::printGuestPage('', 'error', array('errors' => $errors)); exit; } // TODO: we should get rid of this one, too // WARNING: to make everything even more confusing, // DATADIRECTORY is a var that changes and DATADIRECTORY_ROOT // stays the same, but is set by "datadirectory". // Any questions? OC::$CONFIG_DATADIRECTORY = OC_Config::getValue("datadirectory", OC::$SERVERROOT . "/data"); // User and Groups if (!OC_Config::getValue("installed", false)) { $_SESSION['user_id'] = ''; } OC_User::useBackend(OC_Config::getValue("userbackend", "database")); OC_Group::useBackend(new OC_Group_Database()); // Set up file system unless forbidden global $RUNTIME_NOSETUPFS; if (!$RUNTIME_NOSETUPFS) { OC_Util::setupFS(); } // Load Apps // This includes plugins for users and filesystems as well global $RUNTIME_NOAPPS; global $RUNTIME_APPTYPES; if (!$RUNTIME_NOAPPS) { if ($RUNTIME_APPTYPES) { OC_App::loadApps($RUNTIME_APPTYPES); } else { OC_App::loadApps(); } } // Check for blacklisted files OC_Hook::connect('OC_Filesystem', 'write', 'OC_Filesystem', 'isBlacklisted'); //make sure temporary files are cleaned up register_shutdown_function(array('OC_Helper', 'cleanTmp')); //parse the given parameters self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? str_replace(array('\\0', '/', '\\', '..'), '', strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files'); if (substr_count(self::$REQUESTEDAPP, '?') != 0) { $app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?')); $param = substr(self::$REQUESTEDAPP, strpos(self::$REQUESTEDAPP, '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDAPP = $app; $_GET['app'] = $app; } self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null; if (substr_count(self::$REQUESTEDFILE, '?') != 0) { $file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?')); $param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDFILE = $file; $_GET['getfile'] = $file; } if (!is_null(self::$REQUESTEDFILE)) { $subdir = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP . '/' . self::$REQUESTEDFILE; $parent = OC::$APPSROOT . '/apps/' . self::$REQUESTEDAPP; if (!OC_Helper::issubdirectory($subdir, $parent)) { self::$REQUESTEDFILE = null; header('HTTP/1.0 404 Not Found'); exit; } } }
// remember was checked after last login if (isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) { if (defined("DEBUG") && DEBUG) { error_log("Trying to login from cookie"); } // confirm credentials in cookie if (isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) && OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) { OC_User::setUserId($_COOKIE['oc_username']); OC_Util::redirectToDefaultPage(); } else { OC_User::unsetMagicInCookie(); } } elseif (isset($_POST["user"]) && isset($_POST['password'])) { if (OC_User::login($_POST["user"], $_POST["password"])) { if (!empty($_POST["remember_login"])) { if (defined("DEBUG") && DEBUG) { error_log("Setting remember login to cookie"); } $token = md5($_POST["user"] . time()); OC_Preferences::setValue($_POST['user'], 'login', 'token', $token); OC_User::setMagicInCookie($_POST["user"], $token); } else { OC_User::unsetMagicInCookie(); } OC_Util::redirectToDefaultPage(); } else { $error = true; } } OC_Template::printGuestPage('', 'login', array('error' => $error, 'redirect' => isset($_REQUEST['redirect_url']) ? $_REQUEST['redirect_url'] : '')); }
public static function displayLoginPage($parameters = array()) { if (isset($_COOKIE["username"])) { $parameters["username"] = $_COOKIE["username"]; } else { $parameters["username"] = ''; } OC_Template::printGuestPage("", "login", $parameters); }
public static function init() { // calculate the root directories OC::$SERVERROOT = str_replace("\\", '/', substr(__DIR__, 0, -4)); // register autoloader $loaderStart = microtime(true); require_once __DIR__ . '/autoloader.php'; self::$loader = new \OC\Autoloader([OC::$SERVERROOT . '/lib', OC::$SERVERROOT . '/core', OC::$SERVERROOT . '/settings', OC::$SERVERROOT . '/ocs', OC::$SERVERROOT . '/ocs-provider', OC::$SERVERROOT . '/3rdparty']); spl_autoload_register(array(self::$loader, 'load')); $loaderEnd = microtime(true); self::$CLI = php_sapi_name() == 'cli'; try { self::initPaths(); // setup 3rdparty autoloader $vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php'; if (!file_exists($vendorAutoLoad)) { throw new \RuntimeException('Composer autoloader not found, unable to continue. Check the folder "3rdparty". Running "git submodule update --init" will initialize the git submodule that handles the subfolder "3rdparty".'); } require_once $vendorAutoLoad; } catch (\RuntimeException $e) { OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); // we can't use the template error page here, because this needs the // DI container which isn't available yet print $e->getMessage(); exit; } foreach (OC::$APPSROOTS as $appRoot) { self::$loader->addValidRoot($appRoot['path']); } // setup the basic server self::$server = new \OC\Server(\OC::$WEBROOT); \OC::$server->getEventLogger()->log('autoloader', 'Autoloader', $loaderStart, $loaderEnd); \OC::$server->getEventLogger()->start('boot', 'Initialize'); // Don't display errors and log them error_reporting(E_ALL | E_STRICT); @ini_set('display_errors', 0); @ini_set('log_errors', 1); date_default_timezone_set('UTC'); //try to configure php to enable big file uploads. //this doesn´t work always depending on the webserver and php configuration. //Let´s try to overwrite some defaults anyways //try to set the maximum execution time to 60min @set_time_limit(3600); @ini_set('max_execution_time', 3600); @ini_set('max_input_time', 3600); //try to set the maximum filesize to 10G @ini_set('upload_max_filesize', '10G'); @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); self::setRequiredIniValues(); self::handleAuthHeaders(); self::registerAutoloaderCache(); // initialize intl fallback is necessary \Patchwork\Utf8\Bootup::initIntl(); OC_Util::isSetLocaleWorking(); if (!defined('PHPUNIT_RUN')) { $logger = \OC::$server->getLogger(); OC\Log\ErrorHandler::setLogger($logger); if (\OC::$server->getConfig()->getSystemValue('debug', false)) { OC\Log\ErrorHandler::register(true); set_exception_handler(array('OC_Template', 'printExceptionErrorPage')); } else { OC\Log\ErrorHandler::register(); } } // register the stream wrappers stream_wrapper_register('fakedir', 'OC\\Files\\Stream\\Dir'); stream_wrapper_register('static', 'OC\\Files\\Stream\\StaticStream'); stream_wrapper_register('close', 'OC\\Files\\Stream\\Close'); stream_wrapper_register('quota', 'OC\\Files\\Stream\\Quota'); stream_wrapper_register('oc', 'OC\\Files\\Stream\\OC'); \OC::$server->getEventLogger()->start('init_session', 'Initialize session'); OC_App::loadApps(array('session')); if (!self::$CLI) { self::initSession(); } \OC::$server->getEventLogger()->end('init_session'); self::initTemplateEngine(); self::checkConfig(); self::checkInstalled(); OC_Response::addSecurityHeaders(); if (self::$server->getRequest()->getServerProtocol() === 'https') { ini_set('session.cookie_secure', true); } if (!defined('OC_CONSOLE')) { $errors = OC_Util::checkServer(\OC::$server->getConfig()); if (count($errors) > 0) { if (self::$CLI) { // Convert l10n string into regular string for usage in database $staticErrors = []; foreach ($errors as $error) { echo $error['error'] . "\n"; echo $error['hint'] . "\n\n"; $staticErrors[] = ['error' => (string) $error['error'], 'hint' => (string) $error['hint']]; } try { \OC::$server->getConfig()->setAppValue('core', 'cronErrors', json_encode($staticErrors)); } catch (\Exception $e) { echo 'Writing to database failed'; } exit(1); } else { OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); OC_Template::printGuestPage('', 'error', array('errors' => $errors)); exit; } } elseif (self::$CLI && \OC::$server->getConfig()->getSystemValue('installed', false)) { \OC::$server->getConfig()->deleteAppValue('core', 'cronErrors'); } } //try to set the session lifetime $sessionLifeTime = self::getSessionLifeTime(); @ini_set('gc_maxlifetime', (string) $sessionLifeTime); $systemConfig = \OC::$server->getSystemConfig(); // User and Groups if (!$systemConfig->getValue("installed", false)) { self::$server->getSession()->set('user_id', ''); } OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); //setup extra user backends if (!self::checkUpgrade(false)) { OC_User::setupBackends(); } self::registerCacheHooks(); self::registerFilesystemHooks(); if (\OC::$server->getSystemConfig()->getValue('enable_previews', true)) { self::registerPreviewHooks(); } self::registerShareHooks(); self::registerLogRotate(); self::registerLocalAddressBook(); self::registerEncryptionWrapper(); self::registerEncryptionHooks(); //make sure temporary files are cleaned up $tmpManager = \OC::$server->getTempManager(); register_shutdown_function(array($tmpManager, 'clean')); $lockProvider = \OC::$server->getLockingProvider(); register_shutdown_function(array($lockProvider, 'releaseAll')); if ($systemConfig->getValue('installed', false) && !self::checkUpgrade(false)) { if (\OC::$server->getConfig()->getAppValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') { OC_Util::addScript('backgroundjobs'); } } // Check whether the sample configuration has been copied if ($systemConfig->getValue('copied_sample_config', false)) { $l = \OC::$server->getL10N('lib'); header('HTTP/1.1 503 Service Temporarily Unavailable'); header('Status: 503 Service Temporarily Unavailable'); OC_Template::printErrorPage($l->t('Sample configuration detected'), $l->t('It has been detected that the sample configuration has been copied. This can break your installation and is unsupported. Please read the documentation before performing changes on config.php')); return; } $request = \OC::$server->getRequest(); $host = $request->getInsecureServerHost(); /** * if the host passed in headers isn't trusted * FIXME: Should not be in here at all :see_no_evil: */ if (!OC::$CLI && self::$server->getConfig()->getSystemValue('overwritehost') === '' && !\OC::$server->getTrustedDomainHelper()->isTrustedDomain($host) && self::$server->getConfig()->getSystemValue('installed', false)) { header('HTTP/1.1 400 Bad Request'); header('Status: 400 Bad Request'); $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); $tmpl->assign('domain', $request->server['SERVER_NAME']); $tmpl->printPage(); exit; } \OC::$server->getEventLogger()->end('boot'); }
public static function displayLoginPage($parameters = array()) { if (isset($_COOKIE["username"])) { $parameters["username"] = $_COOKIE["username"]; } else { $parameters["username"] = ''; } $sectoken = rand(1000000, 9999999); $_SESSION['sectoken'] = $sectoken; $parameters["sectoken"] = $sectoken; OC_Template::printGuestPage("", "login", $parameters); }
public static function init() { // register autoloader spl_autoload_register(array('OC', 'autoload')); setlocale(LC_ALL, 'en_US.UTF-8'); // set some stuff //ob_start(); error_reporting(E_ALL | E_STRICT); if (defined('DEBUG') && DEBUG) { ini_set('display_errors', 1); } self::$CLI = php_sapi_name() == 'cli'; date_default_timezone_set('UTC'); ini_set('arg_separator.output', '&'); // try to switch magic quotes off. if (function_exists('set_magic_quotes_runtime')) { @set_magic_quotes_runtime(false); } //try to configure php to enable big file uploads. //this doesn´t work always depending on the webserver and php configuration. //Let´s try to overwrite some defaults anyways //try to set the maximum execution time to 60min @set_time_limit(3600); @ini_set('max_execution_time', 3600); @ini_set('max_input_time', 3600); //try to set the maximum filesize to 10G @ini_set('upload_max_filesize', '10G'); @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); //try to set the session lifetime to 60min @ini_set('gc_maxlifetime', '3600'); //set http auth headers for apache+php-cgi work around if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } //set http auth headers for apache+php-cgi work around if variable gets renamed by apache if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } self::initPaths(); // set debug mode if an xdebug session is active if (!defined('DEBUG') || !DEBUG) { if (isset($_COOKIE['XDEBUG_SESSION'])) { define('DEBUG', true); } } // register the stream wrappers require_once 'streamwrappers.php'; stream_wrapper_register("fakedir", "OC_FakeDirStream"); stream_wrapper_register('static', 'OC_StaticStreamWrapper'); stream_wrapper_register('close', 'OC_CloseStreamWrapper'); self::checkInstalled(); self::checkSSL(); self::initSession(); self::initTemplateEngine(); self::checkUpgrade(); $errors = OC_Util::checkServer(); if (count($errors) > 0) { OC_Template::printGuestPage('', 'error', array('errors' => $errors)); exit; } // User and Groups if (!OC_Config::getValue("installed", false)) { $_SESSION['user_id'] = ''; } OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SESSION['user_id']) && $_SERVER['PHP_AUTH_USER'] != $_SESSION['user_id']) { OC_User::logout(); } // Load Apps // This includes plugins for users and filesystems as well global $RUNTIME_NOAPPS; global $RUNTIME_APPTYPES; if (!$RUNTIME_NOAPPS) { if ($RUNTIME_APPTYPES) { OC_App::loadApps($RUNTIME_APPTYPES); } else { OC_App::loadApps(); } } //setup extra user backends OC_User::setupBackends(); // register cache cleanup jobs OC_BackgroundJob_RegularTask::register('OC_Cache_FileGlobal', 'gc'); OC_Hook::connect('OC_User', 'post_login', 'OC_Cache_File', 'loginListener'); // Check for blacklisted files OC_Hook::connect('OC_Filesystem', 'write', 'OC_Filesystem', 'isBlacklisted'); OC_Hook::connect('OC_Filesystem', 'rename', 'OC_Filesystem', 'isBlacklisted'); //make sure temporary files are cleaned up register_shutdown_function(array('OC_Helper', 'cleanTmp')); //parse the given parameters self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? str_replace(array('\\0', '/', '\\', '..'), '', strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files'); if (substr_count(self::$REQUESTEDAPP, '?') != 0) { $app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?')); $param = substr($_GET['app'], strpos($_GET['app'], '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDAPP = $app; $_GET['app'] = $app; } self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null; if (substr_count(self::$REQUESTEDFILE, '?') != 0) { $file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?')); $param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDFILE = $file; $_GET['getfile'] = $file; } if (!is_null(self::$REQUESTEDFILE)) { $subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE; $parent = OC_App::getAppPath(OC::$REQUESTEDAPP); if (!OC_Helper::issubdirectory($subdir, $parent)) { self::$REQUESTEDFILE = null; header('HTTP/1.0 404 Not Found'); exit; } } }
public static function init() { // register autoloader require_once __DIR__ . '/autoloader.php'; self::$loader = new \OC\Autoloader(); self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib'); self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib'); self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing'); self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console'); self::$loader->registerPrefix('Sabre\\VObject', '3rdparty'); self::$loader->registerPrefix('Sabre_', '3rdparty'); self::$loader->registerPrefix('Patchwork', '3rdparty'); spl_autoload_register(array(self::$loader, 'load')); // set some stuff //ob_start(); error_reporting(E_ALL | E_STRICT); if (defined('DEBUG') && DEBUG) { ini_set('display_errors', 1); } self::$CLI = php_sapi_name() == 'cli'; date_default_timezone_set('UTC'); ini_set('arg_separator.output', '&'); // try to switch magic quotes off. if (get_magic_quotes_gpc() == 1) { ini_set('magic_quotes_runtime', 0); } //try to configure php to enable big file uploads. //this doesn´t work always depending on the webserver and php configuration. //Let´s try to overwrite some defaults anyways //try to set the maximum execution time to 60min @set_time_limit(3600); @ini_set('max_execution_time', 3600); @ini_set('max_input_time', 3600); //try to set the maximum filesize to 10G @ini_set('upload_max_filesize', '10G'); @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); //copy http auth headers for apache+php-fcgid work around if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; } //set http auth headers for apache+php-cgi work around if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } //set http auth headers for apache+php-cgi work around if variable gets renamed by apache if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } self::initPaths(); if (OC_Config::getValue('instanceid', false)) { // \OC\Memcache\Cache has a hidden dependency on // OC_Util::getInstanceId() for namespacing. See #5409. try { self::$loader->setMemoryCache(\OC\Memcache\Factory::createLowLatency('Autoloader')); } catch (\Exception $ex) { } } OC_Util::isSetLocaleWorking(); // set debug mode if an xdebug session is active if (!defined('DEBUG') || !DEBUG) { if (isset($_COOKIE['XDEBUG_SESSION'])) { define('DEBUG', true); } } if (!defined('PHPUNIT_RUN')) { if (defined('DEBUG') and DEBUG) { OC\Log\ErrorHandler::register(true); set_exception_handler(array('OC_Template', 'printExceptionErrorPage')); } else { OC\Log\ErrorHandler::register(); } OC\Log\ErrorHandler::setLogger(OC_Log::$object); } // register the stream wrappers stream_wrapper_register('fakedir', 'OC\\Files\\Stream\\Dir'); stream_wrapper_register('static', 'OC\\Files\\Stream\\StaticStream'); stream_wrapper_register('close', 'OC\\Files\\Stream\\Close'); stream_wrapper_register('quota', 'OC\\Files\\Stream\\Quota'); stream_wrapper_register('oc', 'OC\\Files\\Stream\\OC'); // setup the basic server self::$server = new \OC\Server(); self::initTemplateEngine(); OC_App::loadApps(array('session')); if (!self::$CLI) { self::initSession(); } else { self::$session = new \OC\Session\Memory(''); } self::checkConfig(); self::checkInstalled(); self::checkSSL(); self::addSecurityHeaders(); $errors = OC_Util::checkServer(); if (count($errors) > 0) { if (self::$CLI) { foreach ($errors as $error) { echo $error['error'] . "\n"; echo $error['hint'] . "\n\n"; } } else { OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); OC_Template::printGuestPage('', 'error', array('errors' => $errors)); } exit; } //try to set the session lifetime $sessionLifeTime = self::getSessionLifeTime(); @ini_set('gc_maxlifetime', (string) $sessionLifeTime); // User and Groups if (!OC_Config::getValue("installed", false)) { self::$session->set('user_id', ''); } OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('loginname') && $_SERVER['PHP_AUTH_USER'] !== self::$session->get('loginname')) { $sessionUser = self::$session->get('loginname'); $serverUser = $_SERVER['PHP_AUTH_USER']; OC_Log::write('core', "Session loginname ({$sessionUser}) doesn't match SERVER[PHP_AUTH_USER] ({$serverUser}).", OC_Log::WARN); OC_User::logout(); } // Load Apps // This includes plugins for users and filesystems as well global $RUNTIME_NOAPPS; global $RUNTIME_APPTYPES; if (!$RUNTIME_NOAPPS && !self::checkUpgrade(false)) { if ($RUNTIME_APPTYPES) { OC_App::loadApps($RUNTIME_APPTYPES); } else { OC_App::loadApps(); } } //setup extra user backends OC_User::setupBackends(); self::registerCacheHooks(); self::registerFilesystemHooks(); self::registerPreviewHooks(); self::registerShareHooks(); self::registerLogRotate(); //make sure temporary files are cleaned up register_shutdown_function(array('OC_Helper', 'cleanTmp')); //parse the given parameters self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files'); if (substr_count(self::$REQUESTEDAPP, '?') != 0) { $app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?')); $param = substr($_GET['app'], strpos($_GET['app'], '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDAPP = $app; $_GET['app'] = $app; } self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null; if (substr_count(self::$REQUESTEDFILE, '?') != 0) { $file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?')); $param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDFILE = $file; $_GET['getfile'] = $file; } if (!is_null(self::$REQUESTEDFILE)) { $subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE; $parent = OC_App::getAppPath(OC::$REQUESTEDAPP); if (!OC_Helper::issubdirectory($subdir, $parent)) { self::$REQUESTEDFILE = null; header('HTTP/1.0 404 Not Found'); exit; } } if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) { if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') { OC_Util::addScript('backgroundjobs'); } } }
public static function init() { // register autoloader require_once __DIR__ . '/autoloader.php'; self::$loader = new \OC\Autoloader(); self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib'); self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib'); self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing'); self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console'); self::$loader->registerPrefix('Patchwork', '3rdparty'); self::$loader->registerPrefix('Pimple', '3rdparty/Pimple'); spl_autoload_register(array(self::$loader, 'load')); // make a dummy session available as early as possible since error pages need it self::$session = new \OC\Session\Memory(''); // set some stuff //ob_start(); error_reporting(E_ALL | E_STRICT); if (defined('DEBUG') && DEBUG) { ini_set('display_errors', 1); } self::$CLI = php_sapi_name() == 'cli'; date_default_timezone_set('UTC'); ini_set('arg_separator.output', '&'); // try to switch magic quotes off. if (get_magic_quotes_gpc() == 1) { ini_set('magic_quotes_runtime', 0); } //try to configure php to enable big file uploads. //this doesn´t work always depending on the webserver and php configuration. //Let´s try to overwrite some defaults anyways //try to set the maximum execution time to 60min @set_time_limit(3600); @ini_set('max_execution_time', 3600); @ini_set('max_input_time', 3600); //try to set the maximum filesize to 10G @ini_set('upload_max_filesize', '10G'); @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); //copy http auth headers for apache+php-fcgid work around if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; } //set http auth headers for apache+php-cgi work around if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } //set http auth headers for apache+php-cgi work around if variable gets renamed by apache if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } self::initPaths(); if (OC_Config::getValue('instanceid', false)) { // \OC\Memcache\Cache has a hidden dependency on // OC_Util::getInstanceId() for namespacing. See #5409. try { self::$loader->setMemoryCache(\OC\Memcache\Factory::createLowLatency('Autoloader')); } catch (\Exception $ex) { } } OC_Util::isSetLocaleWorking(); // setup 3rdparty autoloader $vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php'; if (file_exists($vendorAutoLoad)) { require_once $vendorAutoLoad; } // set debug mode if an xdebug session is active if (!defined('DEBUG') || !DEBUG) { if (isset($_COOKIE['XDEBUG_SESSION'])) { define('DEBUG', true); } } if (!defined('PHPUNIT_RUN')) { OC\Log\ErrorHandler::setLogger(OC_Log::$object); if (defined('DEBUG') and DEBUG) { OC\Log\ErrorHandler::register(true); set_exception_handler(array('OC_Template', 'printExceptionErrorPage')); } else { OC\Log\ErrorHandler::register(); } } // register the stream wrappers stream_wrapper_register('fakedir', 'OC\\Files\\Stream\\Dir'); stream_wrapper_register('static', 'OC\\Files\\Stream\\StaticStream'); stream_wrapper_register('close', 'OC\\Files\\Stream\\Close'); stream_wrapper_register('quota', 'OC\\Files\\Stream\\Quota'); stream_wrapper_register('oc', 'OC\\Files\\Stream\\OC'); // setup the basic server self::$server = new \OC\Server(); self::initTemplateEngine(); OC_App::loadApps(array('session')); if (!self::$CLI) { self::initSession(); } else { self::$session = new \OC\Session\Memory(''); } self::checkConfig(); self::checkInstalled(); self::checkSSL(); OC_Response::addSecurityHeaders(); $errors = OC_Util::checkServer(); if (count($errors) > 0) { if (self::$CLI) { foreach ($errors as $error) { echo $error['error'] . "\n"; echo $error['hint'] . "\n\n"; } } else { OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); OC_Template::printGuestPage('', 'error', array('errors' => $errors)); } exit; } //try to set the session lifetime $sessionLifeTime = self::getSessionLifeTime(); @ini_set('gc_maxlifetime', (string) $sessionLifeTime); // User and Groups if (!OC_Config::getValue("installed", false)) { self::$session->set('user_id', ''); } OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); //setup extra user backends OC_User::setupBackends(); self::registerCacheHooks(); self::registerFilesystemHooks(); self::registerPreviewHooks(); self::registerShareHooks(); self::registerLogRotate(); //make sure temporary files are cleaned up register_shutdown_function(array('OC_Helper', 'cleanTmp')); if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) { if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') { OC_Util::addScript('backgroundjobs'); } } }
public static function displayLoginPage($display_lostpassword) { $parameters = array(); $parameters['display_lostpassword'] = $display_lostpassword; if (!empty($_POST['user'])) { $parameters["username"] = OC_Util::sanitizeHTML($_POST['user']) . '"'; $parameters['user_autofocus'] = false; } else { $parameters["username"] = ''; $parameters['user_autofocus'] = true; } if (isset($_REQUEST['redirect_url'])) { $redirect_url = OC_Util::sanitizeHTML($_REQUEST['redirect_url']); } else { $redirect_url = $_SERVER['REQUEST_URI']; } $parameters['redirect_url'] = $redirect_url; OC_Template::printGuestPage("", "login", $parameters); }
/** * @param array $errors * @param string[] $messages */ public static function displayLoginPage($errors = array(), $messages = []) { $parameters = array(); foreach ($errors as $value) { $parameters[$value] = true; } $parameters['messages'] = $messages; if (!empty($_REQUEST['user'])) { $parameters["username"] = $_REQUEST['user']; $parameters['user_autofocus'] = false; } else { $parameters["username"] = ''; $parameters['user_autofocus'] = true; } if (isset($_REQUEST['redirect_url'])) { $parameters['redirect_url'] = $_REQUEST['redirect_url']; } $parameters['alt_login'] = OC_App::getAlternativeLogIns(); $parameters['rememberLoginAllowed'] = self::rememberLoginAllowed(); \OC_Hook::emit('OC_Util', 'pre_displayLoginPage', array('parameters' => $parameters)); OC_Template::printGuestPage("", "login", $parameters); }
if (defined("DEBUG") && DEBUG) { OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG); } $token = md5($_POST["user"] . time() . $_POST['password']); OC_Preferences::setValue($_POST['user'], 'login', 'token', $token); OC_User::setMagicInCookie($_POST["user"], $token); } else { OC_User::unsetMagicInCookie(); } OC_Util::redirectToDefaultPage(); } else { $error = true; } // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP } elseif (isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])) { if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) { //OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG); OC_User::unsetMagicInCookie(); $_REQUEST['redirect_url'] = isset($_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : ''; OC_Util::redirectToDefaultPage(); } else { $error = true; } } if (!array_key_exists('sectoken', $_SESSION) || array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE) || substr(OC::$REQUESTEDFILE, -3) == 'php') { $sectoken = rand(1000000, 9999999); $_SESSION['sectoken'] = $sectoken; $redirect_url = isset($_REQUEST['redirect_url']) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI']; OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url)); } }
public static function init() { // register autoloader spl_autoload_register(array('OC', 'autoload')); OC_Util::issetlocaleworking(); // set some stuff //ob_start(); error_reporting(E_ALL | E_STRICT); if (defined('DEBUG') && DEBUG) { ini_set('display_errors', 1); } self::$CLI = php_sapi_name() == 'cli'; date_default_timezone_set('UTC'); ini_set('arg_separator.output', '&'); // try to switch magic quotes off. if (get_magic_quotes_gpc() == 1) { ini_set('magic_quotes_runtime', 0); } //try to configure php to enable big file uploads. //this doesn´t work always depending on the webserver and php configuration. //Let´s try to overwrite some defaults anyways //try to set the maximum execution time to 60min @set_time_limit(3600); @ini_set('max_execution_time', 3600); @ini_set('max_input_time', 3600); //try to set the maximum filesize to 10G @ini_set('upload_max_filesize', '10G'); @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); //copy http auth headers for apache+php-fcgid work around if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; } //set http auth headers for apache+php-cgi work around if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } //set http auth headers for apache+php-cgi work around if variable gets renamed by apache if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) { list($name, $password) = explode(':', base64_decode($matches[1]), 2); $_SERVER['PHP_AUTH_USER'] = strip_tags($name); $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } self::initPaths(); // set debug mode if an xdebug session is active if (!defined('DEBUG') || !DEBUG) { if (isset($_COOKIE['XDEBUG_SESSION'])) { define('DEBUG', true); } } if (!defined('PHPUNIT_RUN') and !(defined('DEBUG') and DEBUG)) { register_shutdown_function(array('OC_Log', 'onShutdown')); set_error_handler(array('OC_Log', 'onError')); set_exception_handler(array('OC_Log', 'onException')); } // register the stream wrappers stream_wrapper_register('fakedir', 'OC\\Files\\Stream\\Dir'); stream_wrapper_register('static', 'OC\\Files\\Stream\\StaticStream'); stream_wrapper_register('close', 'OC\\Files\\Stream\\Close'); stream_wrapper_register('oc', 'OC\\Files\\Stream\\OC'); self::initTemplateEngine(); self::checkConfig(); self::checkInstalled(); self::checkSSL(); self::initSession(); $errors = OC_Util::checkServer(); if (count($errors) > 0) { OC_Template::printGuestPage('', 'error', array('errors' => $errors)); exit; } //try to set the session lifetime $sessionLifeTime = self::getSessionLifeTime(); @ini_set('gc_maxlifetime', (string) $sessionLifeTime); // User and Groups if (!OC_Config::getValue("installed", false)) { $_SESSION['user_id'] = ''; } OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SESSION['user_id']) && $_SERVER['PHP_AUTH_USER'] != $_SESSION['user_id']) { OC_User::logout(); } // Load Apps // This includes plugins for users and filesystems as well global $RUNTIME_NOAPPS; global $RUNTIME_APPTYPES; if (!$RUNTIME_NOAPPS) { if ($RUNTIME_APPTYPES) { OC_App::loadApps($RUNTIME_APPTYPES); } else { OC_App::loadApps(); } } //setup extra user backends OC_User::setupBackends(); self::registerCacheHooks(); self::registerFilesystemHooks(); self::registerShareHooks(); //make sure temporary files are cleaned up register_shutdown_function(array('OC_Helper', 'cleanTmp')); //parse the given parameters self::$REQUESTEDAPP = isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files'); if (substr_count(self::$REQUESTEDAPP, '?') != 0) { $app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?')); $param = substr($_GET['app'], strpos($_GET['app'], '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDAPP = $app; $_GET['app'] = $app; } self::$REQUESTEDFILE = isset($_GET['getfile']) ? $_GET['getfile'] : null; if (substr_count(self::$REQUESTEDFILE, '?') != 0) { $file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?')); $param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1); parse_str($param, $get); $_GET = array_merge($_GET, $get); self::$REQUESTEDFILE = $file; $_GET['getfile'] = $file; } if (!is_null(self::$REQUESTEDFILE)) { $subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE; $parent = OC_App::getAppPath(OC::$REQUESTEDAPP); if (!OC_Helper::issubdirectory($subdir, $parent)) { self::$REQUESTEDFILE = null; header('HTTP/1.0 404 Not Found'); exit; } } // write error into log if locale can't be set if (OC_Util::issetlocaleworking() == false) { OC_Log::write('core', 'setting locale to en_US.UTF-8/en_US.UTF8 failed. Support is probably not installed on your system', OC_Log::ERROR); } if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) { if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') { OC_Util::addScript('backgroundjobs'); } } }
public static function init() { // register autoloader spl_autoload_register(array('OC', 'autoload')); // set some stuff //ob_start(); error_reporting(E_ALL | E_STRICT); date_default_timezone_set('Europe/Berlin'); ini_set('arg_separator.output', '&'); // calculate the documentroot OC::$DOCUMENTROOT = realpath($_SERVER['DOCUMENT_ROOT']); OC::$SERVERROOT = str_replace("\\", '/', substr(__FILE__, 0, -13)); OC::$SUBURI = substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT)); $scriptName = $_SERVER["SCRIPT_NAME"]; if (substr($scriptName, -1) == '/') { $scriptName .= 'index.php'; } OC::$WEBROOT = substr($scriptName, 0, strlen($scriptName) - strlen(OC::$SUBURI)); if (OC::$WEBROOT != '' and OC::$WEBROOT[0] !== '/') { OC::$WEBROOT = '/' . OC::$WEBROOT; } // set the right include path set_include_path(OC::$SERVERROOT . '/lib' . PATH_SEPARATOR . OC::$SERVERROOT . '/config' . PATH_SEPARATOR . OC::$SERVERROOT . '/3rdparty' . PATH_SEPARATOR . get_include_path() . PATH_SEPARATOR . OC::$SERVERROOT); // redirect to https site if configured if (OC_Config::getValue("forcessl", false)) { ini_set("session.cookie_secure", "on"); if (!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') { $url = "https://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; header("Location: {$url}"); exit; } } ini_set('session.cookie_httponly', '1;'); session_start(); // Add the stuff we need always OC_Util::addScript("jquery-1.6.4.min"); OC_Util::addScript("jquery-ui-1.8.14.custom.min"); OC_Util::addScript("jquery-showpassword"); OC_Util::addScript("jquery.infieldlabel.min"); OC_Util::addScript("jquery-tipsy"); OC_Util::addScript("js"); //OC_Util::addScript( "multiselect" ); OC_Util::addScript('search', 'result'); OC_Util::addStyle("styles"); OC_Util::addStyle("multiselect"); OC_Util::addStyle("jquery-ui-1.8.14.custom"); OC_Util::addStyle("jquery-tipsy"); $errors = OC_Util::checkServer(); if (count($errors) > 0) { OC_Template::printGuestPage('', 'error', array('errors' => $errors)); exit; } // TODO: we should get rid of this one, too // WARNING: to make everything even more confusing, // DATADIRECTORY is a var that changes and DATADIRECTORY_ROOT // stays the same, but is set by "datadirectory". // Any questions? OC::$CONFIG_DATADIRECTORY = OC_Config::getValue("datadirectory", OC::$SERVERROOT . "/data"); // User and Groups if (!OC_Config::getValue("installed", false)) { $_SESSION['user_id'] = ''; } OC_User::useBackend(OC_Config::getValue("userbackend", "database")); OC_Group::setBackend(OC_Config::getValue("groupbackend", "database")); // Load Apps // This includes plugins for users and filesystems as well global $RUNTIME_NOAPPS; if (!$RUNTIME_NOAPPS) { OC_App::loadApps(); } // Was in required file ... put it here OC_Filesystem::registerStorageType('local', 'OC_Filestorage_Local', array('datadir' => 'string')); // Set up file system unless forbidden global $RUNTIME_NOSETUPFS; if (!$RUNTIME_NOSETUPFS) { OC_Util::setupFS(); } // Last part: connect some hooks OC_HOOK::connect('OC_User', 'post_createUser', 'OC_Connector_Sabre_Principal', 'addPrincipal'); OC_HOOK::connect('OC_User', 'post_deleteUser', 'OC_Connector_Sabre_Principal', 'deletePrincipal'); }
/** * Check if the user verified the login with his password in the last 15 minutes * If not, the user will be shown a password verification page */ public static function verifyUser() { if (OC_Config::getValue('enhancedauth', false) === true) { // Check password to set session if (isset($_POST['password'])) { if (OC_User::login(OC_User::getUser(), $_POST["password"]) === true) { $_SESSION['verifiedLogin'] = time() + OC_Config::getValue('enhancedauthtime', 15 * 60); } } // Check if the user verified his password if (!isset($_SESSION['verifiedLogin']) or $_SESSION['verifiedLogin'] < time()) { OC_Template::printGuestPage("", "verify", array('username' => OC_User::getUser())); exit; } } }
public static function init() { // register autoloader require_once __DIR__ . '/autoloader.php'; self::$loader = new \OC\Autoloader(); self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib'); self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib'); self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing'); self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console'); self::$loader->registerPrefix('Patchwork', '3rdparty'); self::$loader->registerPrefix('Pimple', '3rdparty/Pimple'); spl_autoload_register(array(self::$loader, 'load')); // make a dummy session available as early as possible since error pages need it self::$session = new \OC\Session\Memory(''); // set some stuff //ob_start(); error_reporting(E_ALL | E_STRICT); if (defined('DEBUG') && DEBUG) { ini_set('display_errors', 1); } self::$CLI = (php_sapi_name() == 'cli'); date_default_timezone_set('UTC'); ini_set('arg_separator.output', '&'); // try to switch magic quotes off. if (get_magic_quotes_gpc() == 1) { ini_set('magic_quotes_runtime', 0); } //try to configure php to enable big file uploads. //this doesn´t work always depending on the webserver and php configuration. //Let´s try to overwrite some defaults anyways //try to set the maximum execution time to 60min @set_time_limit(3600); @ini_set('max_execution_time', 3600); @ini_set('max_input_time', 3600); //try to set the maximum filesize to 10G @ini_set('upload_max_filesize', '10G'); @ini_set('post_max_size', '10G'); @ini_set('file_uploads', '50'); self::handleAuthHeaders(); self::initPaths(); self::registerAutoloaderCache(); OC_Util::isSetLocaleWorking(); // setup 3rdparty autoloader $vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php'; if (file_exists($vendorAutoLoad)) { require_once $vendorAutoLoad; } if (!defined('PHPUNIT_RUN')) { OC\Log\ErrorHandler::setLogger(OC_Log::$object); if (defined('DEBUG') and DEBUG) { OC\Log\ErrorHandler::register(true); set_exception_handler(array('OC_Template', 'printExceptionErrorPage')); } else { OC\Log\ErrorHandler::register(); } } // register the stream wrappers stream_wrapper_register('fakedir', 'OC\Files\Stream\Dir'); stream_wrapper_register('static', 'OC\Files\Stream\StaticStream'); stream_wrapper_register('close', 'OC\Files\Stream\Close'); stream_wrapper_register('quota', 'OC\Files\Stream\Quota'); stream_wrapper_register('oc', 'OC\Files\Stream\OC'); // setup the basic server self::$server = new \OC\Server(); self::initTemplateEngine(); OC_App::loadApps(array('session')); if (!self::$CLI) { self::initSession(); } else { self::$session = new \OC\Session\Memory(''); } self::checkConfig(); self::checkInstalled(); self::checkSSL(); OC_Response::addSecurityHeaders(); $errors = OC_Util::checkServer(\OC::$server->getConfig()); if (count($errors) > 0) { if (self::$CLI) { foreach ($errors as $error) { echo $error['error'] . "\n"; echo $error['hint'] . "\n\n"; } } else { OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); OC_Template::printGuestPage('', 'error', array('errors' => $errors)); } exit; } //try to set the session lifetime $sessionLifeTime = self::getSessionLifeTime(); @ini_set('gc_maxlifetime', (string)$sessionLifeTime); // User and Groups if (!OC_Config::getValue("installed", false)) { self::$session->set('user_id', ''); } OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); //setup extra user backends if (!self::checkUpgrade(false)) { OC_User::setupBackends(); } self::registerCacheHooks(); self::registerFilesystemHooks(); self::registerPreviewHooks(); self::registerShareHooks(); self::registerLogRotate(); self::registerLocalAddressBook(); //make sure temporary files are cleaned up register_shutdown_function(array('OC_Helper', 'cleanTmp')); if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) { if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') { OC_Util::addScript('backgroundjobs'); } } $host = OC_Request::insecureServerHost(); // if the host passed in headers isn't trusted if (!OC::$CLI // overwritehost is always trusted && OC_Request::getOverwriteHost() === null && !OC_Request::isTrustedDomain($host) ) { header('HTTP/1.1 400 Bad Request'); header('Status: 400 Bad Request'); $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); $tmpl->assign('domain', $_SERVER['SERVER_NAME']); $tmpl->printPage(); exit(); } }
/** * @param array $errors */ public static function displayLoginPage($errors = array()) { $parameters = array(); foreach ($errors as $value) { $parameters[$value] = true; } if (!empty($_REQUEST['user'])) { $parameters["username"] = $_REQUEST['user']; $parameters['user_autofocus'] = false; } else { $parameters["username"] = ''; $parameters['user_autofocus'] = true; } if (isset($_REQUEST['redirect_url'])) { $redirectUrl = $_REQUEST['redirect_url']; $parameters['redirect_url'] = urlencode($redirectUrl); } $parameters['alt_login'] = OC_App::getAlternativeLogIns(); $parameters['rememberLoginAllowed'] = self::rememberLoginAllowed(); OC_Template::printGuestPage("", "login", $parameters); }
/** * @brief Print a fatal error page and terminates the script * @param string $error The error message to show * @param string $hint An option hint message */ public static function printErrorPage($error, $hint = '') { $error['error'] = $error; $error['hint'] = $hint; $errors[] = $error; OC_Template::printGuestPage("", "error", array("errors" => $errors)); die; }