"Fossies" - the Fresh Open Source Software Archive

Member "ispconfig3_install/interface/lib/app.inc.php" (8 Jun 2021, 15920 Bytes) of package /linux/privat/ISPConfig-3.2.5.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PHP source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "app.inc.php": 3.2.4_vs_3.2.5.

    1 <?php
    2 
    3 /*
    4 Copyright (c) 2007 - 2009, Till Brehm, projektfarm Gmbh
    5 All rights reserved.
    6 
    7 Redistribution and use in source and binary forms, with or without modification,
    8 are permitted provided that the following conditions are met:
    9 
   10     * Redistributions of source code must retain the above copyright notice,
   11       this list of conditions and the following disclaimer.
   12     * Redistributions in binary form must reproduce the above copyright notice,
   13       this list of conditions and the following disclaimer in the documentation
   14       and/or other materials provided with the distribution.
   15     * Neither the name of ISPConfig nor the names of its contributors
   16       may be used to endorse or promote products derived from this software without
   17       specific prior written permission.
   18 
   19 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
   20 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
   21 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   22 IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
   23 INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
   24 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   25 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
   26 OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
   27 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
   28 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   29 */
   30 
   31 //* Enable gzip compression for the interface
   32 ob_start('ob_gzhandler');
   33 
   34 //* Set timezone
   35 if(isset($conf['timezone']) && $conf['timezone'] != '') date_default_timezone_set($conf['timezone']);
   36 
   37 //* Set error reporting level when we are not on a developer system
   38 if(DEVSYSTEM == 0) {
   39     @ini_set('error_reporting', E_ALL & ~E_NOTICE & ~E_DEPRECATED);
   40 }
   41 
   42 /*
   43     Application Class
   44 */
   45 class app {
   46 
   47     private $_language_inc = 0;
   48     private $_wb;
   49     private $_loaded_classes = array();
   50     private $_conf;
   51     private $_security_config;
   52 
   53     public $loaded_plugins = array();
   54 
   55     public function __construct() {
   56         global $conf;
   57 
   58         if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_REQUEST['s']) || isset($_REQUEST['s_old']) || isset($_REQUEST['conf'])) {
   59             die('Internal Error: var override attempt detected');
   60         }
   61 
   62         $this->_conf = $conf;
   63         if($this->_conf['start_db'] == true) {
   64             $this->load('db_'.$this->_conf['db_type']);
   65             try {
   66                 $this->db = new db;
   67             } catch (Exception $e) {
   68                 $this->db = false;
   69             }
   70         }
   71         $this->uses('functions'); // we need this before all others!
   72         $this->uses('auth,plugin,ini_parser,getconf');
   73 
   74     }
   75 
   76     public function __get($prop) {
   77         if(property_exists($this, $prop)) return $this->{$prop};
   78 
   79         $this->uses($prop);
   80         if(property_exists($this, $prop)) return $this->{$prop};
   81         else trigger_error('Undefined property ' . $prop . ' of class app', E_USER_WARNING);
   82     }
   83 
   84     public function __destruct() {
   85         session_write_close();
   86     }
   87 
   88     public function initialize_session() {
   89         //* Start the session
   90         if($this->_conf['start_session'] == true) {
   91             session_name('ISPCSESS');
   92             $this->uses('session');
   93             $sess_timeout = $this->conf('interface', 'session_timeout');
   94             $cookie_domain = $this->get_cookie_domain();
   95             $this->log("cookie_domain is ".$cookie_domain,0);
   96             $cookie_domain = '';
   97             $cookie_secure = ($_SERVER["HTTPS"] == 'on')?true:false;
   98             if($sess_timeout) {
   99                 /* check if user wants to stay logged in */
  100                 if(isset($_POST['s_mod']) && isset($_POST['s_pg']) && $_POST['s_mod'] == 'login' && $_POST['s_pg'] == 'index' && isset($_POST['stay']) && $_POST['stay'] == '1') {
  101                     /* check if staying logged in is allowed */
  102                     $this->uses('ini_parser');
  103                     $tmp = $this->db->queryOneRecord('SELECT config FROM sys_ini WHERE sysini_id = 1');
  104                     $tmp = $this->ini_parser->parse_ini_string(stripslashes($tmp['config']));
  105                     if(!isset($tmp['misc']['session_allow_endless']) || $tmp['misc']['session_allow_endless'] != 'y') {
  106                         $this->session->set_timeout($sess_timeout);
  107                         session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short
  108                     } else {
  109                         // we are doing login here, so we need to set the session data
  110                         $this->session->set_permanent(true);
  111                         $this->session->set_timeout(365 * 24 * 3600,'/',$cookie_domain,$cookie_secure,true); // one year
  112                         session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short
  113                     }
  114                 } else {
  115                     $this->session->set_timeout($sess_timeout);
  116                     session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short
  117                 }
  118             } else {
  119                 session_set_cookie_params(0,'/',$cookie_domain,$cookie_secure,true); // until browser is closed
  120             }
  121 
  122             session_set_save_handler( array($this->session, 'open'),
  123                 array($this->session, 'close'),
  124                 array($this->session, 'read'),
  125                 array($this->session, 'write'),
  126                 array($this->session, 'destroy'),
  127                 array($this->session, 'gc'));
  128 
  129             ini_set('session.cookie_httponly', true);
  130             @ini_set('session.cookie_samesite', 'Lax');
  131 
  132             session_start();
  133 
  134             //* Initialize session variables
  135             if(!isset($_SESSION['s']['id']) ) $_SESSION['s']['id'] = session_id();
  136             if(empty($_SESSION['s']['theme'])) $_SESSION['s']['theme'] = $this->_conf['theme'];
  137             if(empty($_SESSION['s']['language'])) $_SESSION['s']['language'] = $this->_conf['language'];
  138         }
  139 
  140     }
  141 
  142     public function uses($classes) {
  143         $cl = explode(',', $classes);
  144         if(is_array($cl)) {
  145             foreach($cl as $classname) {
  146                 $classname = trim($classname);
  147                 //* Class is not loaded so load it
  148                 if(!array_key_exists($classname, $this->_loaded_classes) && is_file(ISPC_CLASS_PATH."/$classname.inc.php")) {
  149                     include_once ISPC_CLASS_PATH."/$classname.inc.php";
  150                     $this->$classname = new $classname();
  151                     $this->_loaded_classes[$classname] = true;
  152                 }
  153             }
  154         }
  155     }
  156 
  157     public function load($files) {
  158         $fl = explode(',', $files);
  159         if(is_array($fl)) {
  160             foreach($fl as $file) {
  161                 $file = trim($file);
  162                 include_once ISPC_CLASS_PATH."/$file.inc.php";
  163             }
  164         }
  165     }
  166 
  167     public function conf($plugin, $key, $value = null) {
  168         if(is_null($value)) {
  169             $tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
  170             if($tmpconf) return $tmpconf['value'];
  171             else return null;
  172         } else {
  173             if($value === false) {
  174                 $this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
  175                 return null;
  176             } else {
  177                 $this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value);
  178                 return $value;
  179             }
  180         }
  181     }
  182 
  183     /** Priority values are: 0 = DEBUG, 1 = WARNING,  2 = ERROR */
  184 
  185 
  186     public function log($msg, $priority = 0) {
  187         global $conf;
  188         if($priority >= $this->_conf['log_priority']) {
  189             // $server_id = $conf["server_id"];
  190             $server_id = 0;
  191             $priority = $this->functions->intval($priority);
  192             $tstamp = time();
  193             $msg = '[INTERFACE]: '.$msg;
  194             $this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg);
  195             /*
  196             if (is_writable($this->_conf['log_file'])) {
  197                 if (!$fp = fopen ($this->_conf['log_file'], 'a')) {
  198                     $this->error('Unable to open logfile: ' . $this->_conf['log_file']);
  199                 }
  200                 if (!fwrite($fp, date('d.m.Y-H:i').' - '. $msg."\r\n")) {
  201                     $this->error('Unable to write to logfile: ' . $this->_conf['log_file']);
  202                 }
  203                 fclose($fp);
  204             } else {
  205                 $this->error('Unable to write to logfile: ' . $this->_conf['log_file']);
  206             }
  207             */
  208         }
  209     }
  210 
  211     /** Priority values are: 0 = DEBUG, 1 = WARNING,  2 = ERROR */
  212     public function error($msg, $next_link = '', $stop = true, $priority = 1) {
  213         //$this->uses("error");
  214         //$this->error->message($msg, $priority);
  215         if($stop == true) {
  216             /*
  217              * We always have a error. So it is better not to use any more objects like
  218              * the template or so, because we don't know why the error occours (it could be, that
  219              * the error occours in one of these objects..)
  220              */
  221             /*
  222              * Use the template inside the user-template - Path. If it is not found, fallback to the
  223              * default-template (the "normal" behaviour of all template - files)
  224              */
  225             if (file_exists(dirname(__FILE__) . '/../web/themes/' . $_SESSION['s']['theme'] . '/templates/error.tpl.htm')) {
  226                 $content = file_get_contents(dirname(__FILE__) . '/../web/themes/' . $_SESSION['s']['theme'] . '/templates/error.tpl.htm');
  227             } else {
  228                 $content = file_get_contents(dirname(__FILE__) . '/../web/themes/default/templates/error.tpl.htm');
  229             }
  230             if($next_link != '') $msg .= '<a href="'.$next_link.'">Next</a>';
  231             $content = str_replace('###ERRORMSG###', $msg, $content);
  232             die($content);
  233         } else {
  234             echo $msg;
  235             if($next_link != '') echo "<a href='$next_link'>Next</a>";
  236         }
  237     }
  238 
  239     /** Translates strings in current language */
  240     public function lng($text) {
  241         global $conf;
  242         if($this->_language_inc != 1) {
  243             $language = (isset($_SESSION['s']['language']))?$_SESSION['s']['language']:$conf['language'];
  244             //* loading global Wordbook
  245             $this->load_language_file('lib/lang/'.$language.'.lng');
  246             //* Load module wordbook, if it exists
  247             if(isset($_SESSION['s']['module']['name'])) {
  248                 $lng_file = 'web/'.$_SESSION['s']['module']['name'].'/lib/lang/'.$language.'.lng';
  249                 if(!file_exists(ISPC_ROOT_PATH.'/'.$lng_file)) $lng_file = '/web/'.$_SESSION['s']['module']['name'].'/lib/lang/en.lng';
  250                 $this->load_language_file($lng_file);
  251             }
  252             $this->_language_inc = 1;
  253         }
  254         if(isset($this->_wb[$text]) && $this->_wb[$text] !== '') {
  255             $text = $this->_wb[$text];
  256         } else {
  257             if($this->_conf['debug_language']) {
  258                 $text = '#'.$text.'#';
  259             }
  260         }
  261         return $text;
  262     }
  263 
  264     //** Helper function to load the language files.
  265     public function load_language_file($filename) {
  266         $filename = ISPC_ROOT_PATH.'/'.$filename;
  267         if(substr($filename, -4) != '.lng') $this->error('Language file has wrong extension.');
  268         if(file_exists($filename)) {
  269             @include $filename;
  270             if(is_array($wb)) {
  271                 if(is_array($this->_wb)) {
  272                     $this->_wb = array_merge($this->_wb, $wb);
  273                 } else {
  274                     $this->_wb = $wb;
  275                 }
  276             }
  277         }
  278     }
  279 
  280     public function tpl_defaults() {
  281         $this->tpl->setVar('app_title', $this->_conf['app_title']);
  282         if(isset($_SESSION['s']['user'])) {
  283             $this->tpl->setVar('app_version', $this->_conf['app_version']);
  284             // get pending datalog changes
  285             $datalog = $this->db->datalogStatus();
  286             $this->tpl->setVar('datalog_changes_txt', $this->lng('datalog_changes_txt'));
  287             $this->tpl->setVar('datalog_changes_end_txt', $this->lng('datalog_changes_end_txt'));
  288             $this->tpl->setVar('datalog_changes_count', $datalog['count']);
  289             $this->tpl->setLoop('datalog_changes', $datalog['entries']);
  290             $this->tpl->setVar('datalog_changes_close_txt', $this->lng('datalog_changes_close_txt'));
  291         } else {
  292             $this->tpl->setVar('app_version', '');
  293         }
  294         $this->tpl->setVar('app_link', $this->_conf['app_link']);
  295         /*
  296         if(isset($this->_conf['app_logo']) && $this->_conf['app_logo'] != '' && @is_file($this->_conf['app_logo'])) {
  297             $this->tpl->setVar('app_logo', '<img src="'.$this->_conf['app_logo'].'">');
  298         } else {
  299             $this->tpl->setVar('app_logo', '&nbsp;');
  300         }
  301         */
  302         $this->tpl->setVar('app_logo', $this->_conf['logo']);
  303 
  304         $this->tpl->setVar('phpsessid', session_id());
  305 
  306         $this->tpl->setVar('theme', $_SESSION['s']['theme'], true);
  307         $this->tpl->setVar('html_content_encoding', $this->_conf['html_content_encoding']);
  308 
  309         $this->tpl->setVar('delete_confirmation', $this->lng('delete_confirmation'));
  310         //print_r($_SESSION);
  311         if(isset($_SESSION['s']['module']['name'])) {
  312             $this->tpl->setVar('app_module', $_SESSION['s']['module']['name'], true);
  313             $this->tpl->setVar('session_module', $_SESSION['s']['module']['name'], true);
  314         }
  315         if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') {
  316             $this->tpl->setVar('is_admin', 1);
  317         }
  318         if(isset($_SESSION['s']['user']) && $this->auth->has_clients($_SESSION['s']['user']['userid'])) {
  319             $this->tpl->setVar('is_reseller', 1);
  320         }
  321         /* Show username */
  322         if(isset($_SESSION['s']['user'])) {
  323             $this->tpl->setVar('cpuser', $_SESSION['s']['user']['username'], true);
  324             $this->tpl->setVar('logout_txt', $this->lng('logout_txt'));
  325             /* Show search field only for normal users, not mail users */
  326             if(stristr($_SESSION['s']['user']['username'], '@')){
  327                 $this->tpl->setVar('usertype', 'mailuser');
  328             } else {
  329                 $this->tpl->setVar('usertype', 'normaluser');
  330             }
  331         }
  332 
  333         /* Global Search */
  334         $this->tpl->setVar('globalsearch_resultslimit_of_txt', $this->lng('globalsearch_resultslimit_of_txt'));
  335         $this->tpl->setVar('globalsearch_resultslimit_results_txt', $this->lng('globalsearch_resultslimit_results_txt'));
  336         $this->tpl->setVar('globalsearch_noresults_text_txt', $this->lng('globalsearch_noresults_text_txt'));
  337         $this->tpl->setVar('globalsearch_noresults_limit_txt', $this->lng('globalsearch_noresults_limit_txt'));
  338         $this->tpl->setVar('globalsearch_searchfield_watermark_txt', $this->lng('globalsearch_searchfield_watermark_txt'));
  339     }
  340 
  341     public function is_under_maintenance() {
  342         $system_config_misc = $this->getconf->get_global_config('misc');
  343         $maintenance_mode = 'n';
  344         $maintenance_mode_exclude_ips = [];
  345 
  346         if (!empty($system_config_misc['maintenance_mode'])) {
  347             $maintenance_mode = $system_config_misc['maintenance_mode'];
  348         }
  349 
  350         if (!empty($system_config_misc['maintenance_mode_exclude_ips'])) {
  351             $maintenance_mode_exclude_ips = array_map('trim', explode(',', $system_config_misc['maintenance_mode_exclude_ips']));
  352         }
  353 
  354         return 'y' === $maintenance_mode && !in_array($_SERVER['REMOTE_ADDR'], $maintenance_mode_exclude_ips);
  355     }
  356 
  357     private function get_cookie_domain() {
  358         $sec_config = $this->getconf->get_security_config('permissions');
  359         $proxy_panel_allowed = $sec_config['reverse_proxy_panel_allowed'];
  360         if ($proxy_panel_allowed == 'all') {
  361             return '';
  362         }
  363         /*
  364          * See ticket #5238: It should be ensured, that _SERVER_NAME is always set.
  365          * Otherwise the security improvement doesn't work with nginx. If this is done,
  366          * the check for HTTP_HOST and workaround for nginx is obsolete.
  367          */
  368         $cookie_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']);
  369         // Workaround for Nginx servers
  370         if($cookie_domain == '_') {
  371             $tmp = explode(':',$_SERVER["HTTP_HOST"]);
  372             $cookie_domain = $tmp[0];
  373             unset($tmp);
  374         }
  375         if($proxy_panel_allowed == 'sites') {
  376             $forwarded_host = (isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : null );
  377             if($forwarded_host !== null && $forwarded_host !== $cookie_domain) {
  378                 // Just check for complete domain name and not auto subdomains
  379                 $sql = "SELECT domain_id from web_domain where domain = ?";
  380                 $recs = $this->db->queryOneRecord($sql, $forwarded_host);
  381                 if($recs !== null) {
  382                     $cookie_domain = $forwarded_host;
  383                 }
  384                 unset($forwarded_host);
  385             }
  386         }
  387 
  388         return $cookie_domain;
  389     }
  390 
  391 } // end class
  392 
  393 //** Initialize application (app) object
  394 //* possible future =  new app($conf);
  395 $app = new app();
  396 /*
  397    split session creation out of constructor is IMHO better.
  398    otherwise we have some circular references to global $app like in
  399    getconfig property of App - RA
  400 */
  401 $app->initialize_session();
  402 
  403 // load and enable PHP Intrusion Detection System (PHPIDS)
  404 $ids_security_config = $app->getconf->get_security_config('ids');
  405 
  406 if(is_dir(ISPC_CLASS_PATH.'/IDS') && !defined('REMOTE_API_CALL') && ($ids_security_config['ids_anon_enabled'] == 'yes' || $ids_security_config['ids_user_enabled'] == 'yes' || $ids_security_config['ids_admin_enabled'] == 'yes')) {
  407     $app->uses('ids');
  408     $app->ids->start();
  409 }
  410 unset($ids_security_config);
  411 
  412 ?>