From d87f76019fc231ec20d95126a7fee0487e7be5f0 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 14 Aug 2012 10:56:20 -0400
Subject: [PATCH] - Added new web folder named private to web folder layout. The folder is intended to store data that shall not be visible in the web directory, it is owned by the user of the web. - Changed ownership of web root directory to root user in all security modes to prevent symlink attacks. - Apache log files are now owned by user root. - Improved functions in system library.

---
 interface/lib/config.inc.php |  209 ++++++++++++++++++++++++++++------------------------
 1 files changed, 113 insertions(+), 96 deletions(-)

diff --git a/interface/lib/config.inc.php b/interface/lib/config.inc.php
index 2012b7d..3cd1723 100644
--- a/interface/lib/config.inc.php
+++ b/interface/lib/config.inc.php
@@ -1,6 +1,7 @@
 <?php
+
 /*
-Copyright (c) 2007, Till Brehm, Falko Timme, projektfarm Gmbh
+Copyright (c) 2007, Till Brehm, projektfarm Gmbh
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -27,118 +28,134 @@
 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
-header('Pragma: no-cache');
-header('Cache-Control: no-store, no-cache, max-age=0, must-revalidate');
-header('Content-Type: text/html');
-//* TODO: Js caching - pedro
+//** Web-only
+if( !empty($_SERVER['DOCUMENT_ROOT']) ) {
 
-//** Key paramaters
-$conf['app_title'] = 'ISPConfig';
-$conf['app_version'] = '3.0.0';
-$conf['modules_available'] 	= 'admin,mail,sites,monitor,client,dns';
+	Header("Pragma: no-cache");
+	Header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate");
+	Header("Content-Type: text/html; charset=utf-8");
 
-
-//** Future Code  - pedro comments
-/* Database connection
-	The only time its needed is to connectm otherwise it not needed as 
-	variables aronf the application. Connected and done.
-	Prefered is an array as $DB in capitals, ie
-	$DB['host'] = 'type'; 
-	$DB['host'] = 'ip';
-	$DB['user'] = 'me';
-	$DB['password'] = 'secret';
-	$DB['database'] = 'persistent_data_stash';
-	
-	The connection paramaters are all contained within one array structure
-	With this array structure the connection can be passed around, to functions
-	However it can also leak. and be destroyed eg
-	$db->connect($DB);
-	unset($DB); // only the paranoid survive
-		
-	Also there is a scenario where we are devloping and using this file
-	and the database paramaters might leak.
-	To resolve this there is a file called db_local.php.skel which is not detected
-	rename this to db_local.php and edit the paramaters
-	
-	$DB['type']			= 'mysql';
-	$DB['host']			= 'localhost';
-	$DB['database']		= 'ispconfig3';
-	$DB['user']			= 'root';
-	$DB['password']		= '';
-
-	
-*/
-
-//** Detect for local database setting or set and load default params
-if( file_exists('db_local.php') ){
-	require_once('db_local.php');
-	$conf['db_type']			= $DB['type'];
-	$conf['db_host']			= $DB['host'];
-	$conf['db_database']		= $DB['database'];
-	$conf['db_user']			= $DB['user'];
-	$conf['db_password']		= $DB['password'];	
-}else{
-	//** Database Settings
-	$conf['db_type']			= 'mysql';
-	$conf['db_host']			= 'localhost';
-	$conf['db_database']		= 'ispconfig3';
-	$conf['db_user']			= 'root';
-	$conf['db_password']		= '';
+	ini_set('register_globals',0);
 }
 
+//** SVN Revision
+$svn_revision = '$Revision: 1525 $';
+$revision = str_replace(array('Revision:','$',' '), '', $svn_revision);
 
-//** Path Settings (Do not change!)
-$conf['rootpath']			= substr(dirname(__FILE__),0,-4);
-$conf['fs_div']				= '/'; // File system divider, \\ on windows and / on linux and unix
-$conf['classpath']			= $conf['rootpath'].$conf['fs_div'].'lib'.$conf['fs_div'].'classes';
-$conf['temppath']			= $conf['rootpath'].$conf['fs_div'].'temp';
+//** Application
+define('ISPC_APP_TITLE', 'ISPConfig');
+define('ISPC_APP_VERSION', '3.0.2');
+define('DEVSYSTEM', 0);
 
 
-define('DIR_TRENNER', $conf['fs_div']);
-define('SERVER_ROOT', $conf['rootpath']);
-define('INCLUDE_ROOT', SERVER_ROOT.DIR_TRENNER.'lib');
-define('CLASSES_ROOT', INCLUDE_ROOT.DIR_TRENNER.'classes');
+//** Database
+$conf['db_type'] = 'mysql';
+$conf['db_host'] = 'localhost';
+$conf['db_database'] = 'ispconfig3';
+$conf['db_user'] = 'root';
+$conf['db_password'] = '';
+$conf['db_charset'] = 'utf8'; // same charset as html-charset - (HTML --> MYSQL: "utf-8" --> "utf8", "iso-8859-1" --> "latin1")
+$conf['db_new_link'] = false;
+$conf['db_client_flags'] = 0;
 
-/* pedro notes ? this stuff is REALLY not necessay */
-/*
-define('DB_TYPE', $conf['db_type']);
-define('DB_HOST', $conf['db_host']);
+define('DB_TYPE',$conf['db_type']);
+define('DB_HOST',$conf['db_host']);
 define('DB_DATABASE',$conf['db_database']);
-define('DB_USER', $conf['db_user']);
-define('DB_PASSWORD', $conf['db_password']);
-*/
+define('DB_USER',$conf['db_user']);
+define('DB_PASSWORD',$conf['db_password']);
+define('DB_CHARSET',$conf['db_charset']);
 
-//**  External programs
-//$conf["programs"]["convert"]	= "/usr/bin/convert";
-// ?? WTF ?? pedro
-$conf['programs']['wput']		= $conf['rootpath']."\\tools\\wput\\wput.exe";
+
+//** Database settings for the master DB. This setting is only used in multiserver setups
+$conf['dbmaster_type']			= 'mysql';
+$conf['dbmaster_host']			= '{mysql_master_server_host}';
+$conf['dbmaster_database']		= '{mysql_master_server_database}';
+$conf['dbmaster_user']			= '{mysql_master_server_ispconfig_user}';
+$conf['dbmaster_password']		= '{mysql_master_server_ispconfig_password}';
+$conf['dbmaster_new_link'] 		= false;
+$conf['dbmaster_client_flags']  = 0;
+
+
+//** Paths
+$conf['ispconfig_log_dir'] = '/var/log/ispconfig';
+define('ISPC_ROOT_PATH', realpath(dirname(__FILE__).'/../')); // The main ROOT is the parent directory to this file, ie Interface/. NO trailing slashes.
+define('ISPC_LIB_PATH', ISPC_ROOT_PATH.'/lib');
+define('ISPC_CLASS_PATH', ISPC_ROOT_PATH.'/lib/classes');
+define('ISPC_WEB_PATH', ISPC_ROOT_PATH.'/web');
+define('ISPC_THEMES_PATH', ISPC_ROOT_PATH.'/web/themes');
+define('ISPC_WEB_TEMP_PATH', ISPC_WEB_PATH.'/temp'); // Path for downloads, accessible via browser
+define('ISPC_CACHE_PATH', ISPC_ROOT_PATH.'/cache');
+
+//** Paths (Do not change!)
+$conf['rootpath'] = substr(dirname(__FILE__),0,-4);
+$conf['fs_div'] = '/'; // File system separator (divider), "\\" on Windows and "/" on Linux and UNIX
+$conf['classpath'] = $conf['rootpath'].$conf['fs_div'].'lib'.$conf['fs_div'].'classes';
+$conf['temppath'] = $conf['rootpath'].$conf['fs_div'].'temp';
+
+define('FS_DIV',$conf['fs_div']);
+define('SERVER_ROOT',$conf['rootpath']);
+define('INCLUDE_ROOT',SERVER_ROOT.FS_DIV.'lib');
+define('CLASSES_ROOT',INCLUDE_ROOT.FS_DIV.'classes');
+
+
+//** Server
+$conf['app_title'] = ISPC_APP_TITLE;
+$conf['app_version'] = ISPC_APP_VERSION;
+$conf['app_link'] = 'http://www.howtoforge.com/forums/showthread.php?t=26988';
+$conf['modules_available'] = 'admin,mail,sites,monitor,client,dns,help';
+$conf['server_id'] = '1';
+
+
+//** Interface
+$conf['interface_modules_enabled'] = 'dashboard,mail,sites,dns,tools';
+
+//** Demo mode
+/* The demo mode is an option to restrict certain actions in the interface like 
+*  changing the password of users with sys_userid < 3 etc. to be 
+*  able to run the ISPConfig interface as online demo. It does not
+*  affect the server part. The demo mode should be always set to false
+*  on every normal installation
+*/
+$conf['demo_mode'] = false;
+
+
+//** Logging
+$conf['log_file'] = $conf['ispconfig_log_dir'].'/ispconfig.log';
+$conf['log_priority'] = 0; // 0 = Debug, 1 = Warning, 2 = Error
+
+
+//** Allow software package installations
+$conf['software_updates_enabled'] = false;
 
 
 //** Themes
-$conf['theme']					= 'default';
-$conf['html_content_encoding']	= 'text/html; charset=iso-8859-1';
-$conf['logo'] 					= 'themes/default/images/mydnsconfig_logo.gif';
+$conf['theme'] = 'default';
+$conf['html_content_encoding'] = 'utf-8'; // example: utf-8, iso-8859-1, ...
+$conf['logo'] = 'themes/default/images/header_logo.png';
+
+//** Templates
+$conf['templates'] = '/usr/local/ispconfig/server/conf';
 
 //** Default Language
-$conf["language"]                = 'en';
+$conf['language'] = 'en';
+$conf['debug_language'] = false;
 
-//**  Auto Load Modules
-$conf['start_db']		= true;
-$conf['start_session']	= true;
+//** Default Country
+$conf['country'] = 'DE';
 
 
-//** DNS Settings
+//** Misc.
+$conf['interface_logout_url'] = ''; // example: http://www.domain.tld/
 
-//* Automatically create PTR records?
-$conf['auto_create_ptr'] 	 = 1; 
-//* must be set if $conf['auto_create_ptr'] is 1. Don't forget the trailing dot!
-$conf['default_ns'] 		 = 'ns1.example.com.'; 
-//* Admin email address. Must be set if $conf['auto_create_ptr'] is 1. Replace "@" with ".". Don't forget the trailing dot!
-$conf['default_mbox'] 		 = 'admin.example.com.'; 
-$conf['default_ttl'] 		 = 86400;
-$conf['default_refresh'] 	 = 28800;
-$conf['default_retry'] 		 = 7200;
-$conf['default_expire'] 	 = 604800;
-$conf['default_minimum_ttl'] = 86400;
 
-?>
\ No newline at end of file
+//** Auto Load Modules
+$conf['start_db'] = true;
+$conf['start_session'] = true;
+
+
+//** Constants
+define('LOGLEVEL_DEBUG',0);
+define('LOGLEVEL_WARN',1);
+define('LOGLEVEL_ERROR',2);
+
+?>

--
Gitblit v1.9.1