| | |
| | | private $_wb; |
| | | private $_loaded_classes = array(); |
| | | private $_conf; |
| | | private $_security_config; |
| | | |
| | | public $loaded_plugins = array(); |
| | | |
| | | public function __construct() { |
| | | global $conf; |
| | |
| | | if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_REQUEST['s']) || isset($_REQUEST['s_old']) || isset($_REQUEST['conf'])) { |
| | | die('Internal Error: var override attempt detected'); |
| | | } |
| | | |
| | | |
| | | $this->_conf = $conf; |
| | | if($this->_conf['start_db'] == true) { |
| | | $this->load('db_'.$this->_conf['db_type']); |
| | |
| | | |
| | | //* Start the session |
| | | if($this->_conf['start_session'] == true) { |
| | | |
| | | $this->uses('session'); |
| | | session_set_save_handler( array($this->session, 'open'), |
| | | array($this->session, 'close'), |
| | | array($this->session, 'read'), |
| | | array($this->session, 'write'), |
| | | array($this->session, 'destroy'), |
| | | array($this->session, 'gc')); |
| | | |
| | | session_start(); |
| | | |
| | | $this->uses('session'); |
| | | $sess_timeout = $this->conf('interface', 'session_timeout'); |
| | | $cookie_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']); |
| | | |
| | | // Workaround for Nginx servers |
| | | if($cookie_domain == '_') { |
| | | $tmp = explode(':',$_SERVER["HTTP_HOST"]); |
| | | $cookie_domain = $tmp[0]; |
| | | unset($tmp); |
| | | } |
| | | $cookie_secure = ($_SERVER["HTTPS"] == 'on')?true:false; |
| | | if($sess_timeout) { |
| | | /* check if user wants to stay logged in */ |
| | | if(isset($_POST['s_mod']) && isset($_POST['s_pg']) && $_POST['s_mod'] == 'login' && $_POST['s_pg'] == 'index' && isset($_POST['stay']) && $_POST['stay'] == '1') { |
| | | /* check if staying logged in is allowed */ |
| | | $this->uses('ini_parser'); |
| | | $tmp = $this->db->queryOneRecord('SELECT config FROM sys_ini WHERE sysini_id = 1'); |
| | | $tmp = $this->ini_parser->parse_ini_string(stripslashes($tmp['config'])); |
| | | if(!isset($tmp['misc']['session_allow_endless']) || $tmp['misc']['session_allow_endless'] != 'y') { |
| | | $this->session->set_timeout($sess_timeout); |
| | | session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short |
| | | } else { |
| | | // we are doing login here, so we need to set the session data |
| | | $this->session->set_permanent(true); |
| | | $this->session->set_timeout(365 * 24 * 3600,'/',$cookie_domain,$cookie_secure,true); // one year |
| | | session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short |
| | | } |
| | | } else { |
| | | $this->session->set_timeout($sess_timeout); |
| | | session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short |
| | | } |
| | | } else { |
| | | session_set_cookie_params(0,'/',$cookie_domain,$cookie_secure,true); // until browser is closed |
| | | } |
| | | |
| | | session_set_save_handler( array($this->session, 'open'), |
| | | array($this->session, 'close'), |
| | | array($this->session, 'read'), |
| | | array($this->session, 'write'), |
| | | array($this->session, 'destroy'), |
| | | array($this->session, 'gc')); |
| | | |
| | | session_start(); |
| | | |
| | | //* Initialize session variables |
| | | if(!isset($_SESSION['s']['id']) ) $_SESSION['s']['id'] = session_id(); |
| | | if(empty($_SESSION['s']['theme'])) $_SESSION['s']['theme'] = $conf['theme']; |
| | | if(empty($_SESSION['s']['language'])) $_SESSION['s']['language'] = $conf['language']; |
| | | } |
| | | |
| | | $this->uses('auth,plugin,functions'); |
| | | $this->uses('functions'); // we need this before all others! |
| | | $this->uses('auth,plugin,ini_parser,getconf'); |
| | | |
| | | } |
| | | |
| | | public function __get($prop) { |
| | | if(property_exists($this, $prop)) return $this->{$prop}; |
| | | |
| | | $this->uses($prop); |
| | | if(property_exists($this, $prop)) return $this->{$prop}; |
| | | else return null; |
| | | } |
| | | |
| | | public function __destruct() { |
| | |
| | | foreach($cl as $classname) { |
| | | $classname = trim($classname); |
| | | //* Class is not loaded so load it |
| | | if(!array_key_exists($classname, $this->_loaded_classes)) { |
| | | include_once(ISPC_CLASS_PATH."/$classname.inc.php"); |
| | | if(!array_key_exists($classname, $this->_loaded_classes) && is_file(ISPC_CLASS_PATH."/$classname.inc.php")) { |
| | | include_once ISPC_CLASS_PATH."/$classname.inc.php"; |
| | | $this->$classname = new $classname(); |
| | | $this->_loaded_classes[$classname] = true; |
| | | } |
| | |
| | | if(is_array($fl)) { |
| | | foreach($fl as $file) { |
| | | $file = trim($file); |
| | | include_once(ISPC_CLASS_PATH."/$file.inc.php"); |
| | | include_once ISPC_CLASS_PATH."/$file.inc.php"; |
| | | } |
| | | } |
| | | } |
| | | |
| | | public function conf($plugin, $key, $value = null) { |
| | | if(is_null($value)) { |
| | | $tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key); |
| | | if($tmpconf) return $tmpconf['value']; |
| | | else return null; |
| | | } else { |
| | | if($value === false) { |
| | | $this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key); |
| | | return null; |
| | | } else { |
| | | $this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value); |
| | | return $value; |
| | | } |
| | | } |
| | | } |
| | | |
| | | /** Priority values are: 0 = DEBUG, 1 = WARNING, 2 = ERROR */ |
| | | |
| | | |
| | | public function log($msg, $priority = 0) { |
| | | global $conf; |
| | | if($priority >= $this->_conf['log_priority']) { |
| | | // $server_id = $conf["server_id"]; |
| | | $server_id = 0; |
| | | $priority = intval($priority); |
| | | $priority = $this->functions->intval($priority); |
| | | $tstamp = time(); |
| | | $msg = $this->db->quote('[INTERFACE]: '.$msg); |
| | | $this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ($server_id,0,$priority,$tstamp,'$msg')"); |
| | | $msg = '[INTERFACE]: '.$msg; |
| | | $this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg); |
| | | /* |
| | | if (is_writable($this->_conf['log_file'])) { |
| | | if (!$fp = fopen ($this->_conf['log_file'], 'a')) { |
| | |
| | | } |
| | | $this->_language_inc = 1; |
| | | } |
| | | if(!empty($this->_wb[$text])) { |
| | | if(isset($this->_wb[$text]) && $this->wb[$text] !== '') { |
| | | $text = $this->_wb[$text]; |
| | | } else { |
| | | if($this->_conf['debug_language']) { |
| | |
| | | //** Helper function to load the language files. |
| | | public function load_language_file($filename) { |
| | | $filename = ISPC_ROOT_PATH.'/'.$filename; |
| | | if(substr($filename,-4) != '.lng') $this->error('Language file has wrong extension.'); |
| | | if(substr($filename, -4) != '.lng') $this->error('Language file has wrong extension.'); |
| | | if(file_exists($filename)) { |
| | | @include($filename); |
| | | @include $filename; |
| | | if(is_array($wb)) { |
| | | if(is_array($this->_wb)) { |
| | | $this->_wb = array_merge($this->_wb,$wb); |
| | | $this->_wb = array_merge($this->_wb, $wb); |
| | | } else { |
| | | $this->_wb = $wb; |
| | | } |
| | |
| | | $this->tpl->setVar('app_title', $this->_conf['app_title']); |
| | | if(isset($_SESSION['s']['user'])) { |
| | | $this->tpl->setVar('app_version', $this->_conf['app_version']); |
| | | // get pending datalog changes |
| | | $datalog = $this->db->datalogStatus(); |
| | | $this->tpl->setVar('datalog_changes_txt', $this->lng('datalog_changes_txt')); |
| | | $this->tpl->setVar('datalog_changes_end_txt', $this->lng('datalog_changes_end_txt')); |
| | | $this->tpl->setVar('datalog_changes_count', $datalog['count']); |
| | | $this->tpl->setLoop('datalog_changes', $datalog['entries']); |
| | | } else { |
| | | $this->tpl->setVar('app_version', ''); |
| | | } |
| | | $this->tpl->setVar('app_link', $this->_conf['app_link']); |
| | | /* |
| | | if(isset($this->_conf['app_logo']) && $this->_conf['app_logo'] != '' && @is_file($this->_conf['app_logo'])) { |
| | | $this->tpl->setVar('app_logo', '<img src="'.$this->_conf['app_logo'].'">'); |
| | | } else { |
| | | $this->tpl->setVar('app_logo', ' '); |
| | | } |
| | | */ |
| | | $this->tpl->setVar('app_logo', $this->_conf['logo']); |
| | | |
| | | $this->tpl->setVar('phpsessid', session_id()); |
| | | |
| | |
| | | if(isset($_SESSION['s']['user'])) { |
| | | $this->tpl->setVar('cpuser', $_SESSION['s']['user']['username']); |
| | | $this->tpl->setVar('logout_txt', $this->lng('logout_txt')); |
| | | /* Show search field only for normal users, not mail users */ |
| | | if(stristr($_SESSION['s']['user']['username'], '@')){ |
| | | $this->tpl->setVar('usertype', 'mailuser'); |
| | | } else { |
| | | $this->tpl->setVar('usertype', 'normaluser'); |
| | | } |
| | | } |
| | | |
| | | /* Global Search */ |
| | | $this->tpl->setVar('globalsearch_resultslimit_of_txt', $this->lng('globalsearch_resultslimit_of_txt')); |
| | | $this->tpl->setVar('globalsearch_resultslimit_results_txt', $this->lng('globalsearch_resultslimit_results_txt')); |
| | | $this->tpl->setVar('globalsearch_noresults_text_txt', $this->lng('globalsearch_noresults_text_txt')); |
| | | $this->tpl->setVar('globalsearch_noresults_limit_txt', $this->lng('globalsearch_noresults_limit_txt')); |
| | | $this->tpl->setVar('globalsearch_searchfield_watermark_txt', $this->lng('globalsearch_searchfield_watermark_txt')); |
| | | } |
| | | |
| | | } // end class |
| | |
| | | //* possible future = new app($conf); |
| | | $app = new app(); |
| | | |
| | | // load and enable PHP Intrusion Detection System (PHPIDS) |
| | | $ids_security_config = $app->getconf->get_security_config('ids'); |
| | | |
| | | if(is_dir(ISPC_CLASS_PATH.'/IDS') && $ids_security_config['ids_enabled'] == 'yes') { |
| | | $app->uses('ids'); |
| | | $app->ids->start(); |
| | | } |
| | | unset($ids_security_config); |
| | | |
| | | ?> |