Page MenuHomePhorge
Files F117886531

No OneTemporary
Actions

Authored By
Unknown
Size
17 KB
Referenced Files
None
Subscribers
None

View Options

diff --git a/lib/functions.php b/lib/functions.php
index d93c44c..8ca6f14 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -1,116 +1,116 @@
<?php
// Initialization and basic functions
// application constants
define('KADM_START', microtime(true));
define('KADM_VERSION', '0.1');
define('KADM_CHARSET', 'utf-8');
define('INSTALL_PATH', dirname(__FILE__));
-
// Check critical PHP settings here.
$crit_opts = array(
'mbstring.func_overload' => 0,
'magic_quotes_runtime' => 0,
);
+
foreach ($crit_opts as $optname => $optval) {
if ($optval != ini_get($optname)) {
die("ERROR: Wrong '$optname' option value!");
}
}
$include_path = INSTALL_PATH . PATH_SEPARATOR;
$include_path .= INSTALL_PATH . '/client' . PATH_SEPARATOR;
$include_path .= INSTALL_PATH . '/api' . PATH_SEPARATOR;
$include_path .= INSTALL_PATH . '/ext' . PATH_SEPARATOR;
$include_path .= ini_get('include_path');
if (set_include_path($include_path) === false) {
die("Fatal error: ini_set/set_include_path does not work.");
}
ini_set('error_reporting', E_ALL&~E_NOTICE);
ini_set('error_log', INSTALL_PATH . '/../logs/errors');
// Set internal charset
mb_internal_encoding(KADM_CHARSET);
@mb_regex_encoding(KADM_CHARSET);
// register autoloader
function class_autoloader($classname) {
$classname = preg_replace('/(Net|MDB2|HTTP)_(.+)/', "\\1/\\2", $classname);
if ($fp = @fopen("$classname.php", 'r', true)) {
include_once("$classname.php");
fclose($fp);
return true;
}
return false;
}
spl_autoload_register('class_autoloader');
function query($query, $_conn = 'kolab_wap') {
require_once('SQL.php');
$sql = SQL::get_instance($_conn);
return $sql->query($query);
}
function need_login() {
print "You are not logged in<br/>";
print '<form method="post">';
print '<input type="text" name="username" /><br/>';
print '<input type="password" name="password" /><br/>';
print '<input type="submit" name="submit" value="Log in"/></form>';
echo "<pre>"; print_r($_SESSION); echo "</pre>";
exit;
}
function valid_login() {
// The $_SESSION variable is controlled through lib/User.php's
// _authenticate()
//
return $_SESSION['user']->authenticated();
}
/**
* Prints debug info into the 'console' log
*/
function console() {
$args = func_get_args();
$msg = array();
foreach ($args as $arg) {
$msg[] = !is_string($arg) ? var_export($arg, true) : $arg;
}
write_log('console', join(";\n", $msg));
}
/**
* Appends a line to a log file in the logs directory.
* Date will be added automatically to the line.
*
* @param string $name Name of the log file
* @param mixed $line Line to append
*/
function write_log($name, $line) {
if (!is_string($line)) {
$line = var_export($line, true);
}
$log_dir = dirname(__FILE__) . '/../logs';
$logfile = $log_dir . '/' . $name;
$date = date('d-M-Y H:i:s O');
$line = sprintf("[%s](%s): %s\n", $date, session_id(), $line);
if ($fp = @fopen($logfile, 'a')) {
fwrite($fp, $line);
fflush($fp);
fclose($fp);
}
}
diff --git a/lib/kolab_client_task.php b/lib/kolab_client_task.php
index d3a9088..e8563e1 100644
--- a/lib/kolab_client_task.php
+++ b/lib/kolab_client_task.php
@@ -1,428 +1,428 @@
<?php
class kolab_client_task
{
/**
* @var kolab_admin_output
*/
protected $output;
/**
* @var kolab_admin_api
*/
protected $api;
protected $ajax_only = false;
protected $page_title = 'Kolab Admin Panel';
protected $menu = array();
protected static $translation = array();
/**
* Class constructor.
*/
public function __construct()
{
$this->config_init();
$this->output_init();
$this->api_init();
ini_set('session.use_cookies', 'On');
session_start();
$this->auth();
}
/**
* Localization initialization.
*/
private function locale_init()
{
$aliases = array(
'de' => 'de_DE',
'en' => 'en_US',
'pl' => 'pl_PL',
);
// UI language
$langs = !empty($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '';
$langs = explode(',', $langs);
if (!empty($_SESSION['user']) && !empty($_SESSION['user']['language'])) {
array_unshift($langs, $_SESSION['user']['language']);
}
while ($lang = array_shift($langs)) {
$lang = explode(';', $lang);
$lang = $lang[0];
$lang = str_replace('-', '_', $lang);
if (file_exists(INSTALL_PATH . "/locale/$lang.php")) {
$language = $lang;
break;
}
if (isset($aliases[$lang]) && ($alias = $aliases[$lang])
&& file_exists(INSTALL_PATH . "/locale/$alias.php")
) {
$language = $alias;
break;
}
}
$LANG = array();
@include INSTALL_PATH . '/locale/en_US.php';
if (isset($language)) {
@include INSTALL_PATH . "/locale/$language.php";
setlocale(LC_ALL, $language . '.utf8', 'en_US.utf8');
}
else {
setlocale(LC_ALL, 'en_US.utf8');
}
self::$translation = $LANG;
}
/**
* Configuration initialization.
*/
private function config_init()
{
$this->config = Conf::get_instance();
}
/**
* Output initialization.
*/
private function output_init()
{
$skin = $this->config_get('skin', 'default');
$this->output = new kolab_client_output($skin);
}
/**
* API initialization
*/
private function api_init()
{
$url = $this->config_get('api_url', '');
$this->api = new kolab_api($url);
}
/**
* User authentication (and authorization).
*/
private function auth()
{
if (isset($_POST['login'])) {
$login = $this->get_input('login', 'POST');
if ($login['username']) {
$result = $this->api->login($login['username'], $login['password']);
if ($token = $result->get('session_token')) {
$user = array('token' => $token, 'domain' => $result->get('domain'));
$this->api->set_session_token($user['token']);
// find user settings
$res = $this->api->get('user.info', array('user' => $login['username']));
$res = $res->get();
if (is_array($res) && ($res = array_shift($res))) {
$user['language'] = $res['preferredlanguage'];
$user['fullname'] = $res['cn'];
}
// Initialize list of user types
$this->user_types();
$_SESSION['user'] = $user;
header('Location: ?');
die;
}
else {
$code = $result->get_error_code();
$str = $result->get_error_str();
$label = 'loginerror';
if ($code == kolab_api::ERROR_INTERNAL
|| $code == kolab_api::ERROR_CONNECTION
) {
$label = 'internalerror';
$this->raise_error(500, 'Login failed. ' . $str);
}
$this->output->command('display_message', $label, 'error');
}
}
}
else if (!empty($_SESSION['user']) && !empty($_SESSION['user']['token'])) {
$this->api->set_session_token($_SESSION['user']['token']);
return;
}
}
/**
* Main execution.
*/
public function run()
{
// Initialize locales
$this->locale_init();
// Run security checks
$this->input_checks();
if (empty($_SESSION['user']) || empty($_SESSION['user']['token'])) {
$this->action_logout();
}
$action = $this->get_input('action', 'GET');
if ($action) {
$method = 'action_' . $action;
if (method_exists($this, $method)) {
$this->$method();
}
}
else if (method_exists($this, 'action_default')) {
$this->action_default();
}
}
/**
* Security checks and input validation.
*/
public function input_checks()
{
$ajax = $this->output->is_ajax();
// Check AJAX-only tasks
if ($this->ajax_only && !$ajax) {
$this->raise_error(500, 'Invalid request type!', null, true);
}
// CSRF prevention
- $token = $ajax ? kolab_utils::request_header('X-KAP-Request') : $this->get_input('token');
+ $token = $ajax ? kolab_utils::get_request_header('X-KAP-Request') : $this->get_input('token');
$task = $this->get_task();
if ($task != 'main' && $token != $_SESSION['user']['token']) {
$this->raise_error(403, 'Invalid request data!', null, true);
}
}
/**
* Logout action.
*/
private function action_logout()
{
if (!empty($_SESSION['user']) && !empty($_SESSION['user']['token'])) {
$this->api->logout();
}
$_SESSION = array();
if ($this->output->is_ajax()) {
$this->output->command('main_logout');
}
else {
$this->output->assign('login', $this->get_input('login', 'POST'));
$this->output->add_translation('loginerror', 'internalerror');
$this->output->send('login');
}
exit;
}
/**
* Error action (with error logging).
*
* @param int $code Error code
* @param string $msg Error message
* @param array $args Optional arguments (type, file, line)
* @param bool $output Enable to send output and finish
*/
public function raise_error($code, $msg, $args = array(), $output = false)
{
$log_line = sprintf("%s Error: %s (%s)",
isset($args['type']) ? $args['type'] : 'PHP',
$msg . (isset($args['file']) ? sprintf(' in %s on line %d', $args['file'], $args['line']) : ''),
$_SERVER['REQUEST_METHOD']);
if (!write_log('errors', $log_line)) {
// send error to PHPs error handler if write_log() didn't succeed
trigger_error($msg);
}
if (!$output) {
return;
}
if ($this->output->is_ajax()) {
header("HTTP/1.0 $code $msg");
die;
}
$this->output->assign('error_code', $code);
$this->output->assign('error_message', $msg);
$this->output->send('error');
exit;
}
/**
* Output sending.
*/
public function send()
{
$template = $this->get_task();
if ($this->page_title) {
$this->output->assign('pagetitle', $this->page_title);
}
$this->output->send($template);
exit;
}
/**
* Returns name of the current task.
*
* @return string Task name
*/
public function get_task()
{
$class_name = get_class($this);
if (preg_match('/^kolab_client_task_([a-z]+)$/', $class_name, $m)) {
return $m[1];
}
}
/**
* Returns configuration option value.
*
* @param string $name Option name
* @param mixed $fallback Default value
*
* @return mixed Option value
*/
public function config_get($name, $fallback = null)
{
$value = $this->config->get('kolab_wap', $name);
return $value !== null ? $value : $fallback;
}
/**
* Returns translation of defined label/message.
*
* @return string Translated string.
*/
public static function translate()
{
$args = func_get_args();
if (is_array($args[0])) {
$args = $args[0];
}
$label = $args[0];
if (isset(self::$translation[$label])) {
$content = trim(self::$translation[$label]);
}
else {
$content = $label;
}
for ($i = 1, $len = count($args); $i < $len; $i++) {
$content = str_replace('$'.$i, $args[$i], $content);
}
return $content;
}
/**
* Returns input parameter value.
*
* @param string $name Parameter name
* @param string $type Parameter type (GET|POST|NULL)
* @param bool $allow_html Enable to strip invalid/unsecure content
*
* @see kolab_utils::get_input
* @return mixed Input value.
*/
public static function get_input($name, $type = null, $allow_html = false)
{
if ($type == 'GET') {
$type = kolab_utils::REQUEST_GET;
}
else if ($type == 'POST') {
$type = kolab_utils::REQUEST_POST;
}
else {
$type = kolab_utils::REQUEST_ANY;
}
return kolab_utils::get_input($name, $type, $allow_html);
}
/**
* Returns task menu output.
*
* @return string HTML output
*/
protected function menu()
{
if (empty($this->menu)) {
return '';
}
$task = $this->get_task();
foreach ($this->menu as $idx => $label) {
if (strpos($idx, '.')) {
$action = $idx;
$class = preg_replace('/\.[a-z_-]+$/', '', $idx);
}
else {
$action = $task . '.' . $idx;
$class = $idx;
}
$menu[$idx] = sprintf('<li class="%s"><a href="#%s" '
.'onclick="return kadm.command(\'%s\', \'\', this)">%s</a></li>',
$class, $idx, $action, $this->translate($label));
}
return '<ul>' . implode("\n", $menu) . '</ul>';
}
/**
* Adds watermark page definition into main page.
*/
protected function watermark($name)
{
$this->output->command('set_watermark', $name);
}
/**
* Returns list of user types.
*
* @param array List of user types
*/
protected function user_types()
{
if (!isset($_SESSION['user_types'])) {
$result = $this->api->post('user_types.list');
$list = $result->get();
if (is_array($list)) {
$_SESSION['user_types'] = $list;
}
}
return $_SESSION['user_types'];
}
}
diff --git a/lib/kolab_utils.php b/lib/kolab_utils.php
index 1acd4ba..db10060 100644
--- a/lib/kolab_utils.php
+++ b/lib/kolab_utils.php
@@ -1,97 +1,97 @@
<?php
class kolab_utils
{
const REQUEST_ANY = 0;
const REQUEST_GET = 1;
const REQUEST_POST = 2;
/**
* Read a specific HTTP request header
*
* @param string $name Header name
*
* @return mixed Header value or null if not available
*/
- public static function request_header($name)
+ public static function get_request_header($name)
{
if (function_exists('getallheaders')) {
$hdrs = array_change_key_case(getallheaders(), CASE_UPPER);
$key = strtoupper($name);
}
else {
$key = 'HTTP_' . strtoupper(strtr($name, '-', '_'));
$hdrs = array_change_key_case($_SERVER, CASE_UPPER);
}
return $hdrs[$key];
}
/**
* Returns input parameter value.
*
* @param string $name Parameter name
* @param int $type Parameter type
* @param bool $allow_html Enable to strip invalid/unsecure content
*
* @return mixed Input value
*/
public static function get_input($name, $type = null, $allow_html = false)
{
if ($type == self::REQUEST_GET) {
$value = isset($_GET[$name]) ? $_GET[$name] : null;
}
else if ($type == self::REQUEST_POST) {
$value = isset($_POST[$name]) ? $_POST[$name] : null;
}
else {
$value = isset($_REQUEST[$name]) ? $_REQUEST[$name] : null;
}
return self::parse_input($value, $allow_html);
}
/**
* Input parsing.
*
* @param mixed $value Input value
* @param bool $allow_html Enable to strip invalid/unsecure content
*
* @return mixed Input value
*/
public static function parse_input($value, $allow_html = false)
{
if (empty($value)) {
return $value;
}
if (is_array($value)) {
foreach ($value as $idx => $val) {
$value[$idx] = self::parse_input($val, $allow_html);
}
}
// remove HTML tags if not allowed
else if (!$allow_html) {
$value = strip_tags($value);
}
return $value;
}
/**
* Make sure the string ends with a slash
*/
public static function slashify($str)
{
return self::unslashify($str).'/';
}
/**
* Remove slash at the end of the string
*/
public static function unslashify($str)
{
return preg_replace('/\/$/', '', $str);
}
}

File Metadata

Mime Type
text/x-diff
Expires
Mon, Apr 6, 2:34 AM (2 w, 3 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18747222
Default Alt Text
(17 KB)

Event Timeline