commit | author | age
|
6fa2f1
|
1 |
<?php |
T |
2 |
|
|
3 |
/* |
44d2a7
|
4 |
Copyright (c) 2007 - 2009, Till Brehm, projektfarm Gmbh |
6fa2f1
|
5 |
All rights reserved. |
T |
6 |
|
|
7 |
Redistribution and use in source and binary forms, with or without modification, |
|
8 |
are permitted provided that the following conditions are met: |
|
9 |
|
|
10 |
* Redistributions of source code must retain the above copyright notice, |
|
11 |
this list of conditions and the following disclaimer. |
|
12 |
* Redistributions in binary form must reproduce the above copyright notice, |
|
13 |
this list of conditions and the following disclaimer in the documentation |
|
14 |
and/or other materials provided with the distribution. |
|
15 |
* Neither the name of ISPConfig nor the names of its contributors |
|
16 |
may be used to endorse or promote products derived from this software without |
|
17 |
specific prior written permission. |
|
18 |
|
|
19 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
|
20 |
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
21 |
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
22 |
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
|
23 |
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
|
24 |
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
25 |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
|
26 |
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|
27 |
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, |
|
28 |
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
29 |
*/ |
|
30 |
|
8cf78b
|
31 |
//* Enable gzip compression for the interface |
T |
32 |
ob_start('ob_gzhandler'); |
|
33 |
|
|
34 |
//* Set timezone |
|
35 |
if(isset($conf['timezone']) && $conf['timezone'] != '') date_default_timezone_set($conf['timezone']); |
|
36 |
|
|
37 |
//* Set error reporting level when we are not on a developer system |
|
38 |
if(DEVSYSTEM == 0) { |
|
39 |
@ini_set('error_reporting', E_ALL & ~E_NOTICE & ~E_DEPRECATED); |
|
40 |
} |
|
41 |
|
6fa2f1
|
42 |
/* |
T |
43 |
Application Class |
|
44 |
*/ |
|
45 |
class app { |
|
46 |
|
|
47 |
private $_language_inc = 0; |
|
48 |
private $_wb; |
|
49 |
private $_loaded_classes = array(); |
|
50 |
private $_conf; |
cb1221
|
51 |
private $_security_config; |
357679
|
52 |
|
MC |
53 |
public $loaded_plugins = array(); |
6fa2f1
|
54 |
|
ae3a8a
|
55 |
public function __construct() { |
6fa2f1
|
56 |
global $conf; |
ae3a8a
|
57 |
|
6fa2f1
|
58 |
if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_REQUEST['s']) || isset($_REQUEST['s_old']) || isset($_REQUEST['conf'])) { |
T |
59 |
die('Internal Error: var override attempt detected'); |
|
60 |
} |
357679
|
61 |
|
6fa2f1
|
62 |
$this->_conf = $conf; |
T |
63 |
if($this->_conf['start_db'] == true) { |
|
64 |
$this->load('db_'.$this->_conf['db_type']); |
|
65 |
$this->db = new db; |
|
66 |
} |
ae3a8a
|
67 |
|
6fa2f1
|
68 |
//* Start the session |
T |
69 |
if($this->_conf['start_session'] == true) { |
7fe908
|
70 |
|
a2d572
|
71 |
$this->uses('session'); |
e20f18
|
72 |
$sess_timeout = $this->conf('interface', 'session_timeout'); |
97f28b
|
73 |
$cookie_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']); |
ca9ac3
|
74 |
|
TB |
75 |
// Workaround for Nginx servers |
|
76 |
if($cookie_domain == '_') { |
|
77 |
$tmp = explode(':',$_SERVER["HTTP_HOST"]); |
|
78 |
$cookie_domain = $tmp[0]; |
|
79 |
unset($tmp); |
|
80 |
} |
97f28b
|
81 |
$cookie_secure = ($_SERVER["HTTPS"] == 'on')?true:false; |
e20f18
|
82 |
if($sess_timeout) { |
de0256
|
83 |
/* check if user wants to stay logged in */ |
MC |
84 |
if(isset($_POST['s_mod']) && isset($_POST['s_pg']) && $_POST['s_mod'] == 'login' && $_POST['s_pg'] == 'index' && isset($_POST['stay']) && $_POST['stay'] == '1') { |
|
85 |
/* check if staying logged in is allowed */ |
9540ba
|
86 |
$this->uses('ini_parser'); |
TB |
87 |
$tmp = $this->db->queryOneRecord('SELECT config FROM sys_ini WHERE sysini_id = 1'); |
|
88 |
$tmp = $this->ini_parser->parse_ini_string(stripslashes($tmp['config'])); |
de0256
|
89 |
if(!isset($tmp['misc']['session_allow_endless']) || $tmp['misc']['session_allow_endless'] != 'y') { |
e20f18
|
90 |
$this->session->set_timeout($sess_timeout); |
97f28b
|
91 |
session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short |
de0256
|
92 |
} else { |
MC |
93 |
// we are doing login here, so we need to set the session data |
|
94 |
$this->session->set_permanent(true); |
97f28b
|
95 |
$this->session->set_timeout(365 * 24 * 3600,'/',$cookie_domain,$cookie_secure,true); // one year |
TB |
96 |
session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short |
de0256
|
97 |
} |
MC |
98 |
} else { |
e20f18
|
99 |
$this->session->set_timeout($sess_timeout); |
97f28b
|
100 |
session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short |
de0256
|
101 |
} |
a2d572
|
102 |
} else { |
97f28b
|
103 |
session_set_cookie_params(0,'/',$cookie_domain,$cookie_secure,true); // until browser is closed |
c951bb
|
104 |
} |
MC |
105 |
|
7fe908
|
106 |
session_set_save_handler( array($this->session, 'open'), |
MC |
107 |
array($this->session, 'close'), |
|
108 |
array($this->session, 'read'), |
|
109 |
array($this->session, 'write'), |
|
110 |
array($this->session, 'destroy'), |
|
111 |
array($this->session, 'gc')); |
|
112 |
|
6fa2f1
|
113 |
session_start(); |
a2d572
|
114 |
|
6fa2f1
|
115 |
//* Initialize session variables |
T |
116 |
if(!isset($_SESSION['s']['id']) ) $_SESSION['s']['id'] = session_id(); |
|
117 |
if(empty($_SESSION['s']['theme'])) $_SESSION['s']['theme'] = $conf['theme']; |
|
118 |
if(empty($_SESSION['s']['language'])) $_SESSION['s']['language'] = $conf['language']; |
|
119 |
} |
ae3a8a
|
120 |
|
7fe908
|
121 |
$this->uses('functions'); // we need this before all others! |
cb1221
|
122 |
$this->uses('auth,plugin,ini_parser,getconf'); |
TB |
123 |
|
6fa2f1
|
124 |
} |
7fe908
|
125 |
|
357679
|
126 |
public function __get($prop) { |
MC |
127 |
if(property_exists($this, $prop)) return $this->{$prop}; |
|
128 |
|
|
129 |
$this->uses($prop); |
|
130 |
if(property_exists($this, $prop)) return $this->{$prop}; |
|
131 |
else return null; |
|
132 |
} |
|
133 |
|
b55e2b
|
134 |
public function __destruct() { |
T |
135 |
session_write_close(); |
|
136 |
} |
6fa2f1
|
137 |
|
ae3a8a
|
138 |
public function uses($classes) { |
V |
139 |
$cl = explode(',', $classes); |
6fa2f1
|
140 |
if(is_array($cl)) { |
ae3a8a
|
141 |
foreach($cl as $classname) { |
6fa2f1
|
142 |
$classname = trim($classname); |
ae3a8a
|
143 |
//* Class is not loaded so load it |
357679
|
144 |
if(!array_key_exists($classname, $this->_loaded_classes) && is_file(ISPC_CLASS_PATH."/$classname.inc.php")) { |
7fe908
|
145 |
include_once ISPC_CLASS_PATH."/$classname.inc.php"; |
6fa2f1
|
146 |
$this->$classname = new $classname(); |
T |
147 |
$this->_loaded_classes[$classname] = true; |
|
148 |
} |
|
149 |
} |
|
150 |
} |
|
151 |
} |
|
152 |
|
ae3a8a
|
153 |
public function load($files) { |
6fa2f1
|
154 |
$fl = explode(',', $files); |
T |
155 |
if(is_array($fl)) { |
ae3a8a
|
156 |
foreach($fl as $file) { |
6fa2f1
|
157 |
$file = trim($file); |
7fe908
|
158 |
include_once ISPC_CLASS_PATH."/$file.inc.php"; |
6fa2f1
|
159 |
} |
T |
160 |
} |
|
161 |
} |
e20f18
|
162 |
|
MC |
163 |
public function conf($plugin, $key, $value = null) { |
|
164 |
if(is_null($value)) { |
cc7a82
|
165 |
$tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key); |
e20f18
|
166 |
if($tmpconf) return $tmpconf['value']; |
MC |
167 |
else return null; |
|
168 |
} else { |
|
169 |
if($value === false) { |
cc7a82
|
170 |
$this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key); |
e20f18
|
171 |
return null; |
MC |
172 |
} else { |
cc7a82
|
173 |
$this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value); |
e20f18
|
174 |
return $value; |
MC |
175 |
} |
|
176 |
} |
|
177 |
} |
6fa2f1
|
178 |
|
T |
179 |
/** Priority values are: 0 = DEBUG, 1 = WARNING, 2 = ERROR */ |
7fe908
|
180 |
|
MC |
181 |
|
ae3a8a
|
182 |
public function log($msg, $priority = 0) { |
da1da4
|
183 |
global $conf; |
6fa2f1
|
184 |
if($priority >= $this->_conf['log_priority']) { |
da1da4
|
185 |
// $server_id = $conf["server_id"]; |
T |
186 |
$server_id = 0; |
65ea2e
|
187 |
$priority = $this->functions->intval($priority); |
da1da4
|
188 |
$tstamp = time(); |
cc7a82
|
189 |
$msg = '[INTERFACE]: '.$msg; |
MC |
190 |
$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg); |
da1da4
|
191 |
/* |
6fa2f1
|
192 |
if (is_writable($this->_conf['log_file'])) { |
T |
193 |
if (!$fp = fopen ($this->_conf['log_file'], 'a')) { |
|
194 |
$this->error('Unable to open logfile.'); |
|
195 |
} |
|
196 |
if (!fwrite($fp, date('d.m.Y-H:i').' - '. $msg."\r\n")) { |
|
197 |
$this->error('Unable to write to logfile.'); |
|
198 |
} |
|
199 |
fclose($fp); |
|
200 |
} else { |
|
201 |
$this->error('Unable to write to logfile.'); |
|
202 |
} |
da1da4
|
203 |
*/ |
ae3a8a
|
204 |
} |
V |
205 |
} |
6fa2f1
|
206 |
|
ae3a8a
|
207 |
/** Priority values are: 0 = DEBUG, 1 = WARNING, 2 = ERROR */ |
V |
208 |
public function error($msg, $next_link = '', $stop = true, $priority = 1) { |
6fa2f1
|
209 |
//$this->uses("error"); |
T |
210 |
//$this->error->message($msg, $priority); |
ae3a8a
|
211 |
if($stop == true) { |
903ede
|
212 |
/* |
V |
213 |
* We always have a error. So it is better not to use any more objects like |
|
214 |
* the template or so, because we don't know why the error occours (it could be, that |
|
215 |
* the error occours in one of these objects..) |
|
216 |
*/ |
|
217 |
/* |
|
218 |
* Use the template inside the user-template - Path. If it is not found, fallback to the |
|
219 |
* default-template (the "normal" behaviour of all template - files) |
|
220 |
*/ |
|
221 |
if (file_exists(dirname(__FILE__) . '/../web/themes/' . $_SESSION['s']['theme'] . '/templates/error.tpl.htm')) { |
|
222 |
$content = file_get_contents(dirname(__FILE__) . '/../web/themes/' . $_SESSION['s']['theme'] . '/templates/error.tpl.htm'); |
|
223 |
} else { |
|
224 |
$content = file_get_contents(dirname(__FILE__) . '/../web/themes/default/templates/error.tpl.htm'); |
|
225 |
} |
6fa2f1
|
226 |
if($next_link != '') $msg .= '<a href="'.$next_link.'">Next</a>'; |
ae3a8a
|
227 |
$content = str_replace('###ERRORMSG###', $msg, $content); |
V |
228 |
die($content); |
6fa2f1
|
229 |
} else { |
T |
230 |
echo $msg; |
|
231 |
if($next_link != '') echo "<a href='$next_link'>Next</a>"; |
|
232 |
} |
|
233 |
} |
|
234 |
|
ae3a8a
|
235 |
/** Translates strings in current language */ |
V |
236 |
public function lng($text) { |
c161ea
|
237 |
global $conf; |
6fa2f1
|
238 |
if($this->_language_inc != 1) { |
e83dd1
|
239 |
$language = (isset($_SESSION['s']['language']))?$_SESSION['s']['language']:$conf['language']; |
2eff06
|
240 |
//* loading global Wordbook |
e83dd1
|
241 |
$this->load_language_file('lib/lang/'.$language.'.lng'); |
2eff06
|
242 |
//* Load module wordbook, if it exists |
e83dd1
|
243 |
if(isset($_SESSION['s']['module']['name'])) { |
T |
244 |
$lng_file = 'web/'.$_SESSION['s']['module']['name'].'/lib/lang/'.$language.'.lng'; |
1ca823
|
245 |
if(!file_exists(ISPC_ROOT_PATH.'/'.$lng_file)) $lng_file = '/web/'.$_SESSION['s']['module']['name'].'/lib/lang/en.lng'; |
44d2a7
|
246 |
$this->load_language_file($lng_file); |
6fa2f1
|
247 |
} |
T |
248 |
$this->_language_inc = 1; |
ae3a8a
|
249 |
} |
86e699
|
250 |
if(isset($this->_wb[$text]) && $this->wb[$text] !== '') { |
6fa2f1
|
251 |
$text = $this->_wb[$text]; |
ef3719
|
252 |
} else { |
T |
253 |
if($this->_conf['debug_language']) { |
|
254 |
$text = '#'.$text.'#'; |
|
255 |
} |
6fa2f1
|
256 |
} |
T |
257 |
return $text; |
|
258 |
} |
ae3a8a
|
259 |
|
44d2a7
|
260 |
//** Helper function to load the language files. |
T |
261 |
public function load_language_file($filename) { |
|
262 |
$filename = ISPC_ROOT_PATH.'/'.$filename; |
7fe908
|
263 |
if(substr($filename, -4) != '.lng') $this->error('Language file has wrong extension.'); |
44d2a7
|
264 |
if(file_exists($filename)) { |
7fe908
|
265 |
@include $filename; |
44d2a7
|
266 |
if(is_array($wb)) { |
T |
267 |
if(is_array($this->_wb)) { |
7fe908
|
268 |
$this->_wb = array_merge($this->_wb, $wb); |
44d2a7
|
269 |
} else { |
T |
270 |
$this->_wb = $wb; |
|
271 |
} |
|
272 |
} |
|
273 |
} |
|
274 |
} |
6fa2f1
|
275 |
|
ae3a8a
|
276 |
public function tpl_defaults() { |
6fa2f1
|
277 |
$this->tpl->setVar('app_title', $this->_conf['app_title']); |
b09c9a
|
278 |
if(isset($_SESSION['s']['user'])) { |
T |
279 |
$this->tpl->setVar('app_version', $this->_conf['app_version']); |
7fe908
|
280 |
// get pending datalog changes |
MC |
281 |
$datalog = $this->db->datalogStatus(); |
|
282 |
$this->tpl->setVar('datalog_changes_txt', $this->lng('datalog_changes_txt')); |
|
283 |
$this->tpl->setVar('datalog_changes_end_txt', $this->lng('datalog_changes_end_txt')); |
|
284 |
$this->tpl->setVar('datalog_changes_count', $datalog['count']); |
|
285 |
$this->tpl->setLoop('datalog_changes', $datalog['entries']); |
b09c9a
|
286 |
} else { |
T |
287 |
$this->tpl->setVar('app_version', ''); |
|
288 |
} |
6fa2f1
|
289 |
$this->tpl->setVar('app_link', $this->_conf['app_link']); |
02bf99
|
290 |
/* |
ae3a8a
|
291 |
if(isset($this->_conf['app_logo']) && $this->_conf['app_logo'] != '' && @is_file($this->_conf['app_logo'])) { |
6fa2f1
|
292 |
$this->tpl->setVar('app_logo', '<img src="'.$this->_conf['app_logo'].'">'); |
T |
293 |
} else { |
|
294 |
$this->tpl->setVar('app_logo', ' '); |
|
295 |
} |
02bf99
|
296 |
*/ |
T |
297 |
$this->tpl->setVar('app_logo', $this->_conf['logo']); |
6fa2f1
|
298 |
|
T |
299 |
$this->tpl->setVar('phpsessid', session_id()); |
|
300 |
|
|
301 |
$this->tpl->setVar('theme', $_SESSION['s']['theme']); |
|
302 |
$this->tpl->setVar('html_content_encoding', $this->_conf['html_content_encoding']); |
|
303 |
|
|
304 |
$this->tpl->setVar('delete_confirmation', $this->lng('delete_confirmation')); |
ae3a8a
|
305 |
//print_r($_SESSION); |
6fa2f1
|
306 |
if(isset($_SESSION['s']['module']['name'])) { |
T |
307 |
$this->tpl->setVar('app_module', $_SESSION['s']['module']['name']); |
|
308 |
} |
|
309 |
if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') { |
|
310 |
$this->tpl->setVar('is_admin', 1); |
|
311 |
} |
|
312 |
if(isset($_SESSION['s']['user']) && $this->auth->has_clients($_SESSION['s']['user']['userid'])) { |
|
313 |
$this->tpl->setVar('is_reseller', 1); |
|
314 |
} |
955391
|
315 |
/* Show username */ |
V |
316 |
if(isset($_SESSION['s']['user'])) { |
|
317 |
$this->tpl->setVar('cpuser', $_SESSION['s']['user']['username']); |
8cf78b
|
318 |
$this->tpl->setVar('logout_txt', $this->lng('logout_txt')); |
5c4200
|
319 |
/* Show search field only for normal users, not mail users */ |
7fe908
|
320 |
if(stristr($_SESSION['s']['user']['username'], '@')){ |
5c4200
|
321 |
$this->tpl->setVar('usertype', 'mailuser'); |
F |
322 |
} else { |
|
323 |
$this->tpl->setVar('usertype', 'normaluser'); |
|
324 |
} |
955391
|
325 |
} |
7fe908
|
326 |
|
59118c
|
327 |
/* Global Search */ |
F |
328 |
$this->tpl->setVar('globalsearch_resultslimit_of_txt', $this->lng('globalsearch_resultslimit_of_txt')); |
|
329 |
$this->tpl->setVar('globalsearch_resultslimit_results_txt', $this->lng('globalsearch_resultslimit_results_txt')); |
|
330 |
$this->tpl->setVar('globalsearch_noresults_text_txt', $this->lng('globalsearch_noresults_text_txt')); |
|
331 |
$this->tpl->setVar('globalsearch_noresults_limit_txt', $this->lng('globalsearch_noresults_limit_txt')); |
|
332 |
$this->tpl->setVar('globalsearch_searchfield_watermark_txt', $this->lng('globalsearch_searchfield_watermark_txt')); |
ae3a8a
|
333 |
} |
V |
334 |
|
6fa2f1
|
335 |
} // end class |
T |
336 |
|
|
337 |
//** Initialize application (app) object |
|
338 |
//* possible future = new app($conf); |
|
339 |
$app = new app(); |
|
340 |
|
cb1221
|
341 |
// load and enable PHP Intrusion Detection System (PHPIDS) |
TB |
342 |
$ids_security_config = $app->getconf->get_security_config('ids'); |
|
343 |
|
|
344 |
if(is_dir(ISPC_CLASS_PATH.'/IDS') && $ids_security_config['ids_enabled'] == 'yes') { |
|
345 |
$app->uses('ids'); |
|
346 |
$app->ids->start(); |
|
347 |
} |
|
348 |
unset($ids_security_config); |
|
349 |
|
f5b0ca
|
350 |
?> |