From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'

---
 interface/lib/app.inc.php |  137 ++++++++++++++++++++++++++++++++++++++-------
 1 files changed, 115 insertions(+), 22 deletions(-)

diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php
index 432fdab..f9ef167 100755
--- a/interface/lib/app.inc.php
+++ b/interface/lib/app.inc.php
@@ -48,6 +48,9 @@
 	private $_wb;
 	private $_loaded_classes = array();
 	private $_conf;
+	private $_security_config;
+	
+	public $loaded_plugins = array();
 
 	public function __construct() {
 		global $conf;
@@ -55,7 +58,7 @@
 		if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_REQUEST['s']) || isset($_REQUEST['s_old']) || isset($_REQUEST['conf'])) {
 			die('Internal Error: var override attempt detected');
 		}
-
+		
 		$this->_conf = $conf;
 		if($this->_conf['start_db'] == true) {
 			$this->load('db_'.$this->_conf['db_type']);
@@ -64,24 +67,68 @@
 
 		//* Start the session
 		if($this->_conf['start_session'] == true) {
-			
-			$this->uses('session');
-			session_set_save_handler(	array($this->session, 'open'),
-										array($this->session, 'close'),
-										array($this->session, 'read'),
-										array($this->session, 'write'),
-										array($this->session, 'destroy'),
-										array($this->session, 'gc'));
-			
-			session_start();
 
+			$this->uses('session');
+			$sess_timeout = $this->conf('interface', 'session_timeout');
+			$cookie_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']);
+			
+			// Workaround for Nginx servers
+			if($cookie_domain == '_') {
+				$tmp = explode(':',$_SERVER["HTTP_HOST"]);
+				$cookie_domain = $tmp[0];
+				unset($tmp);
+			}
+			$cookie_secure = ($_SERVER["HTTPS"] == 'on')?true:false;
+			if($sess_timeout) {
+				/* check if user wants to stay logged in */
+				if(isset($_POST['s_mod']) && isset($_POST['s_pg']) && $_POST['s_mod'] == 'login' && $_POST['s_pg'] == 'index' && isset($_POST['stay']) && $_POST['stay'] == '1') {
+					/* check if staying logged in is allowed */
+					$this->uses('ini_parser');
+					$tmp = $this->db->queryOneRecord('SELECT config FROM sys_ini WHERE sysini_id = 1');
+					$tmp = $this->ini_parser->parse_ini_string(stripslashes($tmp['config']));
+					if(!isset($tmp['misc']['session_allow_endless']) || $tmp['misc']['session_allow_endless'] != 'y') {
+						$this->session->set_timeout($sess_timeout);
+						session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short
+					} else {
+						// we are doing login here, so we need to set the session data
+						$this->session->set_permanent(true);
+						$this->session->set_timeout(365 * 24 * 3600,'/',$cookie_domain,$cookie_secure,true); // one year
+						session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short
+					}
+				} else {
+					$this->session->set_timeout($sess_timeout);
+					session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short
+				}
+			} else {
+				session_set_cookie_params(0,'/',$cookie_domain,$cookie_secure,true); // until browser is closed
+			}
+			
+			session_set_save_handler( array($this->session, 'open'),
+				array($this->session, 'close'),
+				array($this->session, 'read'),
+				array($this->session, 'write'),
+				array($this->session, 'destroy'),
+				array($this->session, 'gc'));
+
+			session_start();
+			
 			//* Initialize session variables
 			if(!isset($_SESSION['s']['id']) ) $_SESSION['s']['id'] = session_id();
 			if(empty($_SESSION['s']['theme'])) $_SESSION['s']['theme'] = $conf['theme'];
 			if(empty($_SESSION['s']['language'])) $_SESSION['s']['language'] = $conf['language'];
 		}
 
-		$this->uses('auth,plugin,functions');
+		$this->uses('functions'); // we need this before all others!
+		$this->uses('auth,plugin,ini_parser,getconf');
+		
+	}
+
+	public function __get($prop) {
+		if(property_exists($this, $prop)) return $this->{$prop};
+		
+		$this->uses($prop);
+		if(property_exists($this, $prop)) return $this->{$prop};
+		else return null;
 	}
 	
 	public function __destruct() {
@@ -94,8 +141,8 @@
 			foreach($cl as $classname) {
 				$classname = trim($classname);
 				//* Class is not loaded so load it
-				if(!array_key_exists($classname, $this->_loaded_classes)) {
-					include_once(ISPC_CLASS_PATH."/$classname.inc.php");
+				if(!array_key_exists($classname, $this->_loaded_classes) && is_file(ISPC_CLASS_PATH."/$classname.inc.php")) {
+					include_once ISPC_CLASS_PATH."/$classname.inc.php";
 					$this->$classname = new $classname();
 					$this->_loaded_classes[$classname] = true;
 				}
@@ -108,21 +155,39 @@
 		if(is_array($fl)) {
 			foreach($fl as $file) {
 				$file = trim($file);
-				include_once(ISPC_CLASS_PATH."/$file.inc.php");
+				include_once ISPC_CLASS_PATH."/$file.inc.php";
+			}
+		}
+	}
+	
+	public function conf($plugin, $key, $value = null) {
+		if(is_null($value)) {
+			$tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
+			if($tmpconf) return $tmpconf['value'];
+			else return null;
+		} else {
+			if($value === false) {
+				$this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
+				return null;
+			} else {
+				$this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value);
+				return $value;
 			}
 		}
 	}
 
 	/** Priority values are: 0 = DEBUG, 1 = WARNING,  2 = ERROR */
+
+
 	public function log($msg, $priority = 0) {
 		global $conf;
 		if($priority >= $this->_conf['log_priority']) {
 			// $server_id = $conf["server_id"];
 			$server_id = 0;
-			$priority = intval($priority);
+			$priority = $this->functions->intval($priority);
 			$tstamp = time();
-			$msg = $this->db->quote('[INTERFACE]: '.$msg);
-			$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ($server_id,0,$priority,$tstamp,'$msg')");
+			$msg = '[INTERFACE]: '.$msg;
+			$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg);
 			/*
 			if (is_writable($this->_conf['log_file'])) {
 				if (!$fp = fopen ($this->_conf['log_file'], 'a')) {
@@ -182,7 +247,7 @@
 			}
 			$this->_language_inc = 1;
 		}
-		if(!empty($this->_wb[$text])) {
+		if(isset($this->_wb[$text]) && $this->wb[$text] !== '') {
 			$text = $this->_wb[$text];
 		} else {
 			if($this->_conf['debug_language']) {
@@ -195,12 +260,12 @@
 	//** Helper function to load the language files.
 	public function load_language_file($filename) {
 		$filename = ISPC_ROOT_PATH.'/'.$filename;
-		if(substr($filename,-4) != '.lng') $this->error('Language file has wrong extension.');
+		if(substr($filename, -4) != '.lng') $this->error('Language file has wrong extension.');
 		if(file_exists($filename)) {
-			@include($filename);
+			@include $filename;
 			if(is_array($wb)) {
 				if(is_array($this->_wb)) {
-					$this->_wb = array_merge($this->_wb,$wb);
+					$this->_wb = array_merge($this->_wb, $wb);
 				} else {
 					$this->_wb = $wb;
 				}
@@ -212,6 +277,12 @@
 		$this->tpl->setVar('app_title', $this->_conf['app_title']);
 		if(isset($_SESSION['s']['user'])) {
 			$this->tpl->setVar('app_version', $this->_conf['app_version']);
+			// get pending datalog changes
+			$datalog = $this->db->datalogStatus();
+			$this->tpl->setVar('datalog_changes_txt', $this->lng('datalog_changes_txt'));
+			$this->tpl->setVar('datalog_changes_end_txt', $this->lng('datalog_changes_end_txt'));
+			$this->tpl->setVar('datalog_changes_count', $datalog['count']);
+			$this->tpl->setLoop('datalog_changes', $datalog['entries']);
 		} else {
 			$this->tpl->setVar('app_version', '');
 		}
@@ -245,7 +316,20 @@
 		if(isset($_SESSION['s']['user'])) {
 			$this->tpl->setVar('cpuser', $_SESSION['s']['user']['username']);
 			$this->tpl->setVar('logout_txt', $this->lng('logout_txt'));
+			/* Show search field only for normal users, not mail users */
+			if(stristr($_SESSION['s']['user']['username'], '@')){
+				$this->tpl->setVar('usertype', 'mailuser');
+			} else {
+				$this->tpl->setVar('usertype', 'normaluser');
+			}
 		}
+
+		/* Global Search */
+		$this->tpl->setVar('globalsearch_resultslimit_of_txt', $this->lng('globalsearch_resultslimit_of_txt'));
+		$this->tpl->setVar('globalsearch_resultslimit_results_txt', $this->lng('globalsearch_resultslimit_results_txt'));
+		$this->tpl->setVar('globalsearch_noresults_text_txt', $this->lng('globalsearch_noresults_text_txt'));
+		$this->tpl->setVar('globalsearch_noresults_limit_txt', $this->lng('globalsearch_noresults_limit_txt'));
+		$this->tpl->setVar('globalsearch_searchfield_watermark_txt', $this->lng('globalsearch_searchfield_watermark_txt'));
 	}
 
 } // end class
@@ -254,4 +338,13 @@
 //* possible future =  new app($conf);
 $app = new app();
 
+// load and enable PHP Intrusion Detection System (PHPIDS)
+$ids_security_config = $app->getconf->get_security_config('ids');
+		
+if(is_dir(ISPC_CLASS_PATH.'/IDS') && $ids_security_config['ids_enabled'] == 'yes') {
+	$app->uses('ids');
+	$app->ids->start();
+}
+unset($ids_security_config);
+
 ?>

--
Gitblit v1.9.1