ISPConfig3 devel
blame | history | patch | commit | commitdiff | ignore whitespace
Marius Burkard
2016-07-10 e1ceb050e19c7574bca146a8da7047ee4ff456b5 
 interface/lib/app.inc.php

old mode 100644
new mode 100755

@@ -28,18 +28,29 @@


EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


*/




//* Enable gzip compression for the interface


ob_start('ob_gzhandler');




//* Set timezone


if(isset($conf['timezone']) && $conf['timezone'] != '') date_default_timezone_set($conf['timezone']);




//* Set error reporting level when we are not on a developer system


if(DEVSYSTEM == 0) {


   @ini_set('error_reporting', E_ALL & ~E_NOTICE & ~E_DEPRECATED);


}




/*


    Application Class


*/




ob_start('ob_gzhandler');




class app {




   private $_language_inc = 0;


   private $_wb;


   private $_loaded_classes = array();


   private $_conf;


   private $_security_config;


	


   public $loaded_plugins = array();




   public function __construct() {


      global $conf;


@@ -47,7 +58,7 @@


      if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_REQUEST['s']) || isset($_REQUEST['s_old']) || isset($_REQUEST['conf'])) {


         die('Internal Error: var override attempt detected');


      }




		


      $this->_conf = $conf;


      if($this->_conf['start_db'] == true) {


         $this->load('db_'.$this->_conf['db_type']);


@@ -56,15 +67,72 @@




      //* Start the session


      if($this->_conf['start_session'] == true) {


         session_start();




         $this->uses('session');


         $sess_timeout = $this->conf('interface', 'session_timeout');


         $cookie_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']);


			


         // Workaround for Nginx servers


         if($cookie_domain == '_') {


            $tmp = explode(':',$_SERVER["HTTP_HOST"]);


            $cookie_domain = $tmp[0];


            unset($tmp);


         }


         $cookie_secure = ($_SERVER["HTTPS"] == 'on')?true:false;


         if($sess_timeout) {


            /* check if user wants to stay logged in */


            if(isset($_POST['s_mod']) && isset($_POST['s_pg']) && $_POST['s_mod'] == 'login' && $_POST['s_pg'] == 'index' && isset($_POST['stay']) && $_POST['stay'] == '1') {


               /* check if staying logged in is allowed */


               $this->uses('ini_parser');


               $tmp = $this->db->queryOneRecord('SELECT config FROM sys_ini WHERE sysini_id = 1');


               $tmp = $this->ini_parser->parse_ini_string(stripslashes($tmp['config']));


               if(!isset($tmp['misc']['session_allow_endless']) || $tmp['misc']['session_allow_endless'] != 'y') {


                  $this->session->set_timeout($sess_timeout);


                  session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short


               } else {


                  // we are doing login here, so we need to set the session data


                  $this->session->set_permanent(true);


                  $this->session->set_timeout(365 * 24 * 3600,'/',$cookie_domain,$cookie_secure,true); // one year


                  session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short


               }


            } else {


               $this->session->set_timeout($sess_timeout);


               session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short


            }


         } else {


            session_set_cookie_params(0,'/',$cookie_domain,$cookie_secure,true); // until browser is closed


         }


			


         session_set_save_handler( array($this->session, 'open'),


            array($this->session, 'close'),


            array($this->session, 'read'),


            array($this->session, 'write'),


            array($this->session, 'destroy'),


            array($this->session, 'gc'));




         session_start();


			


         //* Initialize session variables


         if(!isset($_SESSION['s']['id']) ) $_SESSION['s']['id'] = session_id();


         if(empty($_SESSION['s']['theme'])) $_SESSION['s']['theme'] = $conf['theme'];


         if(empty($_SESSION['s']['language'])) $_SESSION['s']['language'] = $conf['language'];


      }




      $this->uses('auth,plugin');


      $this->uses('functions'); // we need this before all others!


      $this->uses('auth,plugin,ini_parser,getconf');


		


   }




   public function __get($prop) {


      if(property_exists($this, $prop)) return $this->{$prop};


		


      $this->uses($prop);


      if(property_exists($this, $prop)) return $this->{$prop};


      else return null;


   }


	


   public function __destruct() {


      session_write_close();


   }




   public function uses($classes) {


@@ -73,8 +141,8 @@


         foreach($cl as $classname) {


            $classname = trim($classname);


            //* Class is not loaded so load it


            if(!array_key_exists($classname, $this->_loaded_classes)) {


               include_once(ISPC_CLASS_PATH."/$classname.inc.php");


            if(!array_key_exists($classname, $this->_loaded_classes) && is_file(ISPC_CLASS_PATH."/$classname.inc.php")) {


               include_once ISPC_CLASS_PATH."/$classname.inc.php";


               $this->$classname = new $classname();


               $this->_loaded_classes[$classname] = true;


            }


@@ -87,21 +155,39 @@


      if(is_array($fl)) {


         foreach($fl as $file) {


            $file = trim($file);


            include_once(ISPC_CLASS_PATH."/$file.inc.php");


            include_once ISPC_CLASS_PATH."/$file.inc.php";


         }


      }


   }


	


   public function conf($plugin, $key, $value = null) {


      if(is_null($value)) {


         $tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);


         if($tmpconf) return $tmpconf['value'];


         else return null;


      } else {


         if($value === false) {


            $this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);


            return null;


         } else {


            $this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value);


            return $value;


         }


      }


   }




   /** Priority values are: 0 = DEBUG, 1 = WARNING,  2 = ERROR */






   public function log($msg, $priority = 0) {


      global $conf;


      if($priority >= $this->_conf['log_priority']) {


         // $server_id = $conf["server_id"];


         $server_id = 0;


         $priority = intval($priority);


         $priority = $this->functions->intval($priority);


         $tstamp = time();


         $msg = $this->db->quote('[INTERFACE]: '.$msg);


         $this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ($server_id,0,$priority,$tstamp,'$msg')");


         $msg = '[INTERFACE]: '.$msg;


         $this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg);


         /*


         if (is_writable($this->_conf['log_file'])) {


            if (!$fp = fopen ($this->_conf['log_file'], 'a')) {


@@ -123,8 +209,20 @@


      //$this->uses("error");


      //$this->error->message($msg, $priority);


      if($stop == true) {


         $content = file_get_contents(dirname(__FILE__) .


               '/../web/themes/' . $_SESSION['s']['theme'] . '/templates/error.tpl.htm');


         /*


          * We always have a error. So it is better not to use any more objects like


          * the template or so, because we don't know why the error occours (it could be, that


          * the error occours in one of these objects..)


          */


         /*


          * Use the template inside the user-template - Path. If it is not found, fallback to the


          * default-template (the "normal" behaviour of all template - files)


          */


         if (file_exists(dirname(__FILE__) . '/../web/themes/' . $_SESSION['s']['theme'] . '/templates/error.tpl.htm')) {


            $content = file_get_contents(dirname(__FILE__) . '/../web/themes/' . $_SESSION['s']['theme'] . '/templates/error.tpl.htm');


         } else {


            $content = file_get_contents(dirname(__FILE__) . '/../web/themes/default/templates/error.tpl.htm');


         }


         if($next_link != '') $msg .= '<a href="'.$next_link.'">Next</a>';


         $content = str_replace('###ERRORMSG###', $msg, $content);


         die($content);


@@ -136,18 +234,20 @@




   /** Translates strings in current language */


   public function lng($text) {


      global $conf;


      if($this->_language_inc != 1) {


         $language = (isset($_SESSION['s']['language']))?$_SESSION['s']['language']:$conf['language'];


         //* loading global Wordbook


         $this->load_language_file('/lib/lang/'.$_SESSION['s']['language'].'.lng');


         $this->load_language_file('lib/lang/'.$language.'.lng');


         //* Load module wordbook, if it exists


         if(isset($_SESSION['s']['module']['name']) && isset($_SESSION['s']['language'])) {


            $lng_file = '/web/'.$_SESSION['s']['module']['name'].'/lib/lang/'.$_SESSION['s']['language'].'.lng';


            if(!file_exists(ISPC_ROOT_PATH.$lng_file)) $lng_file = '/web/'.$_SESSION['s']['module']['name'].'/lib/lang/en.lng';


         if(isset($_SESSION['s']['module']['name'])) {


            $lng_file = 'web/'.$_SESSION['s']['module']['name'].'/lib/lang/'.$language.'.lng';


            if(!file_exists(ISPC_ROOT_PATH.'/'.$lng_file)) $lng_file = '/web/'.$_SESSION['s']['module']['name'].'/lib/lang/en.lng';


            $this->load_language_file($lng_file);


         }


         $this->_language_inc = 1;


      }


      if(!empty($this->_wb[$text])) {


      if(isset($this->_wb[$text]) && $this->wb[$text] !== '') {


         $text = $this->_wb[$text];


      } else {


         if($this->_conf['debug_language']) {


@@ -160,12 +260,12 @@


   //** Helper function to load the language files.


   public function load_language_file($filename) {


      $filename = ISPC_ROOT_PATH.'/'.$filename;


      if(substr($filename,-4) != '.lng') $this->error('Language file has wrong extension.');


      if(substr($filename, -4) != '.lng') $this->error('Language file has wrong extension.');


      if(file_exists($filename)) {


         @include_once($filename);


         @include $filename;


         if(is_array($wb)) {


            if(is_array($this->_wb)) {


               $this->_wb = array_merge($this->_wb,$wb);


               $this->_wb = array_merge($this->_wb, $wb);


            } else {


               $this->_wb = $wb;


            }


@@ -177,15 +277,24 @@


      $this->tpl->setVar('app_title', $this->_conf['app_title']);


      if(isset($_SESSION['s']['user'])) {


         $this->tpl->setVar('app_version', $this->_conf['app_version']);


         // get pending datalog changes


         $datalog = $this->db->datalogStatus();


         $this->tpl->setVar('datalog_changes_txt', $this->lng('datalog_changes_txt'));


         $this->tpl->setVar('datalog_changes_end_txt', $this->lng('datalog_changes_end_txt'));


         $this->tpl->setVar('datalog_changes_count', $datalog['count']);


         $this->tpl->setLoop('datalog_changes', $datalog['entries']);


      } else {


         $this->tpl->setVar('app_version', '');


      }


      $this->tpl->setVar('app_link', $this->_conf['app_link']);


      /*


      if(isset($this->_conf['app_logo']) && $this->_conf['app_logo'] != '' && @is_file($this->_conf['app_logo'])) {


         $this->tpl->setVar('app_logo', '<img src="'.$this->_conf['app_logo'].'">');


      } else {


         $this->tpl->setVar('app_logo', '&nbsp;');


      }


      */


      $this->tpl->setVar('app_logo', $this->_conf['logo']);




      $this->tpl->setVar('phpsessid', session_id());




@@ -206,7 +315,21 @@


      /* Show username */


      if(isset($_SESSION['s']['user'])) {


         $this->tpl->setVar('cpuser', $_SESSION['s']['user']['username']);


         $this->tpl->setVar('logout_txt', $this->lng('logout_txt'));


         /* Show search field only for normal users, not mail users */


         if(stristr($_SESSION['s']['user']['username'], '@')){


            $this->tpl->setVar('usertype', 'mailuser');


         } else {


            $this->tpl->setVar('usertype', 'normaluser');


         }


      }




      /* Global Search */


      $this->tpl->setVar('globalsearch_resultslimit_of_txt', $this->lng('globalsearch_resultslimit_of_txt'));


      $this->tpl->setVar('globalsearch_resultslimit_results_txt', $this->lng('globalsearch_resultslimit_results_txt'));


      $this->tpl->setVar('globalsearch_noresults_text_txt', $this->lng('globalsearch_noresults_text_txt'));


      $this->tpl->setVar('globalsearch_noresults_limit_txt', $this->lng('globalsearch_noresults_limit_txt'));


      $this->tpl->setVar('globalsearch_searchfield_watermark_txt', $this->lng('globalsearch_searchfield_watermark_txt'));


   }




} // end class


@@ -215,4 +338,13 @@


//* possible future =  new app($conf);


$app = new app();




?>


// load and enable PHP Intrusion Detection System (PHPIDS)


$ids_security_config = $app->getconf->get_security_config('ids');


		


if(is_dir(ISPC_CLASS_PATH.'/IDS') && $ids_security_config['ids_enabled'] == 'yes') {


   $app->uses('ids');


   $app->ids->start();


}


unset($ids_security_config);




?>