Главная Обзор contacts
Вход
dyokunev
/
nextcloud-mephi
Следить 1
В избранное 0
Ответвить 0
Файлы Обсуждения 0 Запросы на слияние 0 Вики
Дерево: 78c60c25c8
Ветки Метки
nextcloud-me...
/
lib
/
base.php

base.php 28 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * ownCloud
    4. 

  4.  *
    5. 

  5.  * @author Frank Karlitschek
    6. 

  6.  * @copyright 2012 Frank Karlitschek frank@owncloud.org
    7. 

  7.  *
    8. 

  8.  * This library is free software; you can redistribute it and/or
    9. 

  9.  * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
    10. 

  10.  * License as published by the Free Software Foundation; either
    11. 

  11.  * version 3 of the License, or any later version.
    12. 

  12.  *
    13. 

  13.  * This library is distributed in the hope that it will be useful,
    14. 

  14.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    15. 

  15.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    16. 

  16.  * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
    17. 

  17.  *
    18. 

  18.  * You should have received a copy of the GNU Affero General Public
    19. 

  19.  * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
    20. 

  20.  *
    21. 

  21.  */
    22. 

  22. 

  23. require_once 'public/constants.php';
    24. 

  24. 

  25. /**
    26. 

  26.  * Class that is a namespace for all global OC variables
    27. 

  27.  * No, we can not put this class in its own file because it is used by
    28. 

  28.  * OC_autoload!
    29. 

  29.  */
    30. 

  30. class OC {
    31. 

  31. 	/**
    32. 

  32. 	 * Associative array for autoloading. classname => filename
    33. 

  33. 	 */
    34. 

  34. 	public static $CLASSPATH = array();
    35. 

  35. 	/**
    36. 

  36. 	 * The installation path for owncloud on the server (e.g. /srv/http/owncloud)
    37. 

  37. 	 */
    38. 

  38. 	public static $SERVERROOT = '';
    39. 

  39. 	/**
    40. 

  40. 	 * the current request path relative to the owncloud root (e.g. files/index.php)
    41. 

  41. 	 */
    42. 

  42. 	private static $SUBURI = '';
    43. 

  43. 	/**
    44. 

  44. 	 * the owncloud root path for http requests (e.g. owncloud/)
    45. 

  45. 	 */
    46. 

  46. 	public static $WEBROOT = '';
    47. 

  47. 	/**
    48. 

  48. 	 * The installation path of the 3rdparty folder on the server (e.g. /srv/http/owncloud/3rdparty)
    49. 

  49. 	 */
    50. 

  50. 	public static $THIRDPARTYROOT = '';
    51. 

  51. 	/**
    52. 

  52. 	 * the root path of the 3rdparty folder for http requests (e.g. owncloud/3rdparty)
    53. 

  53. 	 */
    54. 

  54. 	public static $THIRDPARTYWEBROOT = '';
    55. 

  55. 	/**
    56. 

  56. 	 * The installation path array of the apps folder on the server (e.g. /srv/http/owncloud) 'path' and
    57. 

  57. 	 * web path in 'url'
    58. 

  58. 	 */
    59. 

  59. 	public static $APPSROOTS = array();
    60. 

  60. 	/*
    61. 

  61. 	 * requested app
    62. 

  62. 	 */
    63. 

  63. 	public static $REQUESTEDAPP = '';
    64. 

  64. 	/*
    65. 

  65. 	 * requested file of app
    66. 

  66. 	 */
    67. 

  67. 	public static $REQUESTEDFILE = '';
    68. 

  68. 	/**
    69. 

  69. 	 * check if owncloud runs in cli mode
    70. 

  70. 	 */
    71. 

  71. 	public static $CLI = false;
    72. 

  72. 	/*
    73. 

  73. 	 * OC router
    74. 

  74. 	 */
    75. 

  75. 	protected static $router = null;
    76. 

  76. 

  77. 	/**
    78. 

  78. 	 * @var \OC\Session\Session
    79. 

  79. 	 */
    80. 

  80. 	public static $session = null;
    81. 

  81. 

  82. 	/**
    83. 

  83. 	 * @var \OC\Autoloader $loader
    84. 

  84. 	 */
    85. 

  85. 	public static $loader = null;
    86. 

  86. 

  87. 	/**
    88. 

  88. 	 * @var \OC\Server
    89. 

  89. 	 */
    90. 

  90. 	public static $server = null;
    91. 

  91. 

  92. 	public static function initPaths() {
    93. 

  93. 		// calculate the root directories
    94. 

  94. 		OC::$SERVERROOT = str_replace("\\", '/', substr(__DIR__, 0, -4));
    95. 

  95. 

  96. 		// ensure we can find OC_Config
    97. 

  97. 		set_include_path(
    98. 

  98. 			OC::$SERVERROOT . '/lib' . PATH_SEPARATOR .
    99. 

  99. 			get_include_path()
    100. 

  100. 		);
    101. 

  101. 

  102. 		OC::$SUBURI = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT)));
    103. 

  103. 		$scriptName = OC_Request::scriptName();
    104. 

  104. 		if (substr($scriptName, -1) == '/') {
    105. 

  105. 			$scriptName .= 'index.php';
    106. 

  106. 			//make sure suburi follows the same rules as scriptName
    107. 

  107. 			if (substr(OC::$SUBURI, -9) != 'index.php') {
    108. 

  108. 				if (substr(OC::$SUBURI, -1) != '/') {
    109. 

  109. 					OC::$SUBURI = OC::$SUBURI . '/';
    110. 

  110. 				}
    111. 

  111. 				OC::$SUBURI = OC::$SUBURI . 'index.php';
    112. 

  112. 			}
    113. 

  113. 		}
    114. 

  114. 

  115. 		OC::$WEBROOT = substr($scriptName, 0, strlen($scriptName) - strlen(OC::$SUBURI));
    116. 

  116. 

  117. 		if (OC::$WEBROOT != '' and OC::$WEBROOT[0] !== '/') {
    118. 

  118. 			OC::$WEBROOT = '/' . OC::$WEBROOT;
    119. 

  119. 		}
    120. 

  120. 

  121. 		// search the 3rdparty folder
    122. 

  122. 		if (OC_Config::getValue('3rdpartyroot', '') <> '' and OC_Config::getValue('3rdpartyurl', '') <> '') {
    123. 

  123. 			OC::$THIRDPARTYROOT = OC_Config::getValue('3rdpartyroot', '');
    124. 

  124. 			OC::$THIRDPARTYWEBROOT = OC_Config::getValue('3rdpartyurl', '');
    125. 

  125. 		} elseif (file_exists(OC::$SERVERROOT . '/3rdparty')) {
    126. 

  126. 			OC::$THIRDPARTYROOT = OC::$SERVERROOT;
    127. 

  127. 			OC::$THIRDPARTYWEBROOT = OC::$WEBROOT;
    128. 

  128. 		} elseif (file_exists(OC::$SERVERROOT . '/../3rdparty')) {
    129. 

  129. 			OC::$THIRDPARTYWEBROOT = rtrim(dirname(OC::$WEBROOT), '/');
    130. 

  130. 			OC::$THIRDPARTYROOT = rtrim(dirname(OC::$SERVERROOT), '/');
    131. 

  131. 		} else {
    132. 

  132. 			throw new Exception('3rdparty directory not found! Please put the ownCloud 3rdparty'
    133. 

  133. 				.' folder in the ownCloud folder or the folder above.'
    134. 

  134. 				.' You can also configure the location in the config.php file.');
    135. 

  135. 		}
    136. 

  136. 		// search the apps folder
    137. 

  137. 		$config_paths = OC_Config::getValue('apps_paths', array());
    138. 

  138. 		if (!empty($config_paths)) {
    139. 

  139. 			foreach ($config_paths as $paths) {
    140. 

  140. 				if (isset($paths['url']) && isset($paths['path'])) {
    141. 

  141. 					$paths['url'] = rtrim($paths['url'], '/');
    142. 

  142. 					$paths['path'] = rtrim($paths['path'], '/');
    143. 

  143. 					OC::$APPSROOTS[] = $paths;
    144. 

  144. 				}
    145. 

  145. 			}
    146. 

  146. 		} elseif (file_exists(OC::$SERVERROOT . '/apps')) {
    147. 

  147. 			OC::$APPSROOTS[] = array('path' => OC::$SERVERROOT . '/apps', 'url' => '/apps', 'writable' => true);
    148. 

  148. 		} elseif (file_exists(OC::$SERVERROOT . '/../apps')) {
    149. 

  149. 			OC::$APPSROOTS[] = array(
    150. 

  150. 				'path' => rtrim(dirname(OC::$SERVERROOT), '/') . '/apps',
    151. 

  151. 				'url' => '/apps',
    152. 

  152. 				'writable' => true
    153. 

  153. 			);
    154. 

  154. 		}
    155. 

  155. 

  156. 		if (empty(OC::$APPSROOTS)) {
    157. 

  157. 			throw new Exception('apps directory not found! Please put the ownCloud apps folder in the ownCloud folder'
    158. 

  158. 				.' or the folder above. You can also configure the location in the config.php file.');
    159. 

  159. 		}
    160. 

  160. 		$paths = array();
    161. 

  161. 		foreach (OC::$APPSROOTS as $path) {
    162. 

  162. 			$paths[] = $path['path'];
    163. 

  163. 		}
    164. 

  164. 

  165. 		// set the right include path
    166. 

  166. 		set_include_path(
    167. 

  167. 			OC::$SERVERROOT . '/lib/private' . PATH_SEPARATOR .
    168. 

  168. 			OC::$SERVERROOT . '/config' . PATH_SEPARATOR .
    169. 

  169. 			OC::$THIRDPARTYROOT . '/3rdparty' . PATH_SEPARATOR .
    170. 

  170. 			implode($paths, PATH_SEPARATOR) . PATH_SEPARATOR .
    171. 

  171. 			get_include_path() . PATH_SEPARATOR .
    172. 

  172. 			OC::$SERVERROOT
    173. 

  173. 		);
    174. 

  174. 	}
    175. 

  175. 

  176. 	public static function checkConfig() {
    177. 

  177. 		if (file_exists(OC::$SERVERROOT . "/config/config.php")
    178. 

  178. 			and !is_writable(OC::$SERVERROOT . "/config/config.php")) {
    179. 

  179. 			$defaults = new OC_Defaults();
    180. 

  180. 			OC_Template::printErrorPage(
    181. 

  181. 				"Can't write into config directory!",
    182. 

  182. 				'This can usually be fixed by '
    183. 

  183. 					.'<a href="' . $defaults->getDocBaseUrl() . '/server/5.0/admin_manual/installation/installation_source.html#set-the-directory-permissions" target="_blank">giving the webserver write access to the config directory</a>.'
    184. 

  184. 			);
    185. 

  185. 		}
    186. 

  186. 	}
    187. 

  187. 

  188. 	public static function checkInstalled() {
    189. 

  189. 		// Redirect to installer if not installed
    190. 

  190. 		if (!OC_Config::getValue('installed', false) && OC::$SUBURI != '/index.php') {
    191. 

  191. 			if (!OC::$CLI) {
    192. 

  192. 				$url = 'http://' . $_SERVER['SERVER_NAME'] . OC::$WEBROOT . '/index.php';
    193. 

  193. 				header("Location: $url");
    194. 

  194. 			}
    195. 

  195. 			exit();
    196. 

  196. 		}
    197. 

  197. 	}
    198. 

  198. 

  199. 	public static function checkSSL() {
    200. 

  200. 		// redirect to https site if configured
    201. 

  201. 		if (OC_Config::getValue("forcessl", false)) {
    202. 

  202. 			header('Strict-Transport-Security: max-age=31536000');
    203. 

  203. 			ini_set("session.cookie_secure", "on");
    204. 

  204. 			if (OC_Request::serverProtocol() <> 'https' and !OC::$CLI) {
    205. 

  205. 				$url = "https://" . OC_Request::serverHost() . OC_Request::requestUri();
    206. 

  206. 				header("Location: $url");
    207. 

  207. 				exit();
    208. 

  208. 			}
    209. 

  209. 		} else {
    210. 

  210. 			// Invalidate HSTS headers
    211. 

  211. 			if (OC_Request::serverProtocol() === 'https') {
    212. 

  212. 				header('Strict-Transport-Security: max-age=0');
    213. 

  213. 			}
    214. 

  214. 		}
    215. 

  215. 	}
    216. 

  216. 

  217. 	public static function checkMaintenanceMode() {
    218. 

  218. 		// Allow ajax update script to execute without being stopped
    219. 

  219. 		if (OC_Config::getValue('maintenance', false) && OC::$SUBURI != '/core/ajax/update.php') {
    220. 

  220. 			// send http status 503
    221. 

  221. 			header('HTTP/1.1 503 Service Temporarily Unavailable');
    222. 

  222. 			header('Status: 503 Service Temporarily Unavailable');
    223. 

  223. 			header('Retry-After: 120');
    224. 

  224. 

  225. 			// render error page
    226. 

  226. 			OC_Template::printErrorPage('ownCloud is in maintenance mode');
    227. 

  227. 		}
    228. 

  228. 	}
    229. 

  229. 

  230. 	public static function checkUpgrade($showTemplate = true) {
    231. 

  231. 		if (OC_Config::getValue('installed', false)) {
    232. 

  232. 			$installedVersion = OC_Config::getValue('version', '0.0.0');
    233. 

  233. 			$currentVersion = implode('.', OC_Util::getVersion());
    234. 

  234. 			if (version_compare($currentVersion, $installedVersion, '>')) {
    235. 

  235. 				if ($showTemplate && !OC_Config::getValue('maintenance', false)) {
    236. 

  236. 					OC_Config::setValue('theme', '');
    237. 

  237. 					$minimizerCSS = new OC_Minimizer_CSS();
    238. 

  238. 					$minimizerCSS->clearCache();
    239. 

  239. 					$minimizerJS = new OC_Minimizer_JS();
    240. 

  240. 					$minimizerJS->clearCache();
    241. 

  241. 					OC_Util::addscript('update');
    242. 

  242. 					$tmpl = new OC_Template('', 'update', 'guest');
    243. 

  243. 					$tmpl->assign('version', OC_Util::getVersionString());
    244. 

  244. 					$tmpl->printPage();
    245. 

  245. 					exit();
    246. 

  246. 				} else {
    247. 

  247. 					return true;
    248. 

  248. 				}
    249. 

  249. 			}
    250. 

  250. 			return false;
    251. 

  251. 		}
    252. 

  252. 	}
    253. 

  253. 

  254. 	public static function initTemplateEngine() {
    255. 

  255. 		// Add the stuff we need always
    256. 

  256. 		OC_Util::addScript("jquery-1.10.0.min");
    257. 

  257. 		OC_Util::addScript("jquery-migrate-1.2.1.min");
    258. 

  258. 		OC_Util::addScript("jquery-ui-1.10.0.custom");
    259. 

  259. 		OC_Util::addScript("jquery-showpassword");
    260. 

  260. 		OC_Util::addScript("jquery.infieldlabel");
    261. 

  261. 		OC_Util::addScript("jquery-tipsy");
    262. 

  262. 		OC_Util::addScript("compatibility");
    263. 

  263. 		OC_Util::addScript("jquery.ocdialog");
    264. 

  264. 		OC_Util::addScript("oc-dialogs");
    265. 

  265. 		OC_Util::addScript("js");
    266. 

  266. 		OC_Util::addScript("octemplate");
    267. 

  267. 		OC_Util::addScript("eventsource");
    268. 

  268. 		OC_Util::addScript("config");
    269. 

  269. 		//OC_Util::addScript( "multiselect" );
    270. 

  270. 		OC_Util::addScript('search', 'result');
    271. 

  271. 		OC_Util::addScript('router');
    272. 

  272. 		OC_Util::addScript("oc-requesttoken");
    273. 

  273. 

  274. 		// avatars
    275. 

  275. 		if (\OC_Config::getValue('enable_avatars', true) === true) {
    276. 

  276. 			\OC_Util::addScript('placeholder');
    277. 

  277. 			\OC_Util::addScript('3rdparty', 'md5/md5.min');
    278. 

  278. 			\OC_Util::addScript('jquery.avatar');
    279. 

  279. 			\OC_Util::addScript('avatar');
    280. 

  280. 		}
    281. 

  281. 

  282. 		OC_Util::addStyle("styles");
    283. 

  283. 		OC_Util::addStyle("apps");
    284. 

  284. 		OC_Util::addStyle("fixes");
    285. 

  285. 		OC_Util::addStyle("multiselect");
    286. 

  286. 		OC_Util::addStyle("jquery-ui-1.10.0.custom");
    287. 

  287. 		OC_Util::addStyle("jquery-tipsy");
    288. 

  288. 		OC_Util::addStyle("jquery.ocdialog");
    289. 

  289. 	}
    290. 

  290. 

  291. 	public static function initSession() {
    292. 

  292. 		// prevents javascript from accessing php session cookies
    293. 

  293. 		ini_set('session.cookie_httponly', '1;');
    294. 

  294. 

  295. 		// set the cookie path to the ownCloud directory
    296. 

  296. 		$cookie_path = OC::$WEBROOT ? : '/';
    297. 

  297. 		ini_set('session.cookie_path', $cookie_path);
    298. 

  298. 

  299. 		//set the session object to a dummy session so code relying on the session existing still works
    300. 

  300. 		self::$session = new \OC\Session\Memory('');
    301. 

  301. 

  302. 		try {
    303. 

  303. 			// set the session name to the instance id - which is unique
    304. 

  304. 			self::$session = new \OC\Session\Internal(OC_Util::getInstanceId());
    305. 

  305. 			// if session cant be started break with http 500 error
    306. 

  306. 		} catch (Exception $e) {
    307. 

  307. 			OC_Log::write('core', 'Session could not be initialized',
    308. 

  308. 				OC_Log::ERROR);
    309. 

  309. 

  310. 			header('HTTP/1.1 500 Internal Server Error');
    311. 

  311. 			OC_Util::addStyle("styles");
    312. 

  312. 			$error = 'Session could not be initialized. Please contact your ';
    313. 

  313. 			$error .= 'system administrator';
    314. 

  314. 

  315. 			OC_Template::printErrorPage($error);
    316. 

  316. 		}
    317. 

  317. 

  318. 		$sessionLifeTime = self::getSessionLifeTime();
    319. 

  319. 		// regenerate session id periodically to avoid session fixation
    320. 

  320. 		if (!self::$session->exists('SID_CREATED')) {
    321. 

  321. 			self::$session->set('SID_CREATED', time());
    322. 

  322. 		} else if (time() - self::$session->get('SID_CREATED') > $sessionLifeTime / 2) {
    323. 

  323. 			session_regenerate_id(true);
    324. 

  324. 			self::$session->set('SID_CREATED', time());
    325. 

  325. 		}
    326. 

  326. 

  327. 		// session timeout
    328. 

  328. 		if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
    329. 

  329. 			if (isset($_COOKIE[session_name()])) {
    330. 

  330. 				setcookie(session_name(), '', time() - 42000, $cookie_path);
    331. 

  331. 			}
    332. 

  332. 			session_unset();
    333. 

  333. 			session_destroy();
    334. 

  334. 			session_start();
    335. 

  335. 		}
    336. 

  336. 

  337. 		self::$session->set('LAST_ACTIVITY', time());
    338. 

  338. 	}
    339. 

  339. 

  340. 	/**
    341. 

  341. 	 * @return int
    342. 

  342. 	 */
    343. 

  343. 	private static function getSessionLifeTime() {
    344. 

  344. 		return OC_Config::getValue('session_lifetime', 60 * 60 * 24);
    345. 

  345. 	}
    346. 

  346. 

  347. 	public static function getRouter() {
    348. 

  348. 		if (!isset(OC::$router)) {
    349. 

  349. 			OC::$router = new OC_Router();
    350. 

  350. 			OC::$router->loadRoutes();
    351. 

  351. 		}
    352. 

  352. 

  353. 		return OC::$router;
    354. 

  354. 	}
    355. 

  355. 

  356. 

  357. 	public static function loadAppClassPaths() {
    358. 

  358. 		foreach (OC_APP::getEnabledApps() as $app) {
    359. 

  359. 			$file = OC_App::getAppPath($app) . '/appinfo/classpath.php';
    360. 

  360. 			if (file_exists($file)) {
    361. 

  361. 				require_once $file;
    362. 

  362. 			}
    363. 

  363. 		}
    364. 

  364. 	}
    365. 

  365. 

  366. 

  367. 	public static function init() {
    368. 

  368. 		// register autoloader
    369. 

  369. 		require_once __DIR__ . '/autoloader.php';
    370. 

  370. 		self::$loader = new \OC\Autoloader();
    371. 

  371. 		self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib');
    372. 

  372. 		self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib');
    373. 

  373. 		self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing');
    374. 

  374. 		self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console');
    375. 

  375. 		self::$loader->registerPrefix('Sabre\\VObject', '3rdparty');
    376. 

  376. 		self::$loader->registerPrefix('Sabre_', '3rdparty');
    377. 

  377. 		self::$loader->registerPrefix('Patchwork', '3rdparty');
    378. 

  378. 		spl_autoload_register(array(self::$loader, 'load'));
    379. 

  379. 

  380. 		// set some stuff
    381. 

  381. 		//ob_start();
    382. 

  382. 		error_reporting(E_ALL | E_STRICT);
    383. 

  383. 		if (defined('DEBUG') && DEBUG) {
    384. 

  384. 			ini_set('display_errors', 1);
    385. 

  385. 		}
    386. 

  386. 		self::$CLI = (php_sapi_name() == 'cli');
    387. 

  387. 

  388. 		date_default_timezone_set('UTC');
    389. 

  389. 		ini_set('arg_separator.output', '&amp;');
    390. 

  390. 

  391. 		// try to switch magic quotes off.
    392. 

  392. 		if (get_magic_quotes_gpc() == 1) {
    393. 

  393. 			ini_set('magic_quotes_runtime', 0);
    394. 

  394. 		}
    395. 

  395. 

  396. 		//try to configure php to enable big file uploads.
    397. 

  397. 		//this doesn´t work always depending on the webserver and php configuration.
    398. 

  398. 		//Let´s try to overwrite some defaults anyways
    399. 

  399. 

  400. 		//try to set the maximum execution time to 60min
    401. 

  401. 		@set_time_limit(3600);
    402. 

  402. 		@ini_set('max_execution_time', 3600);
    403. 

  403. 		@ini_set('max_input_time', 3600);
    404. 

  404. 

  405. 		//try to set the maximum filesize to 10G
    406. 

  406. 		@ini_set('upload_max_filesize', '10G');
    407. 

  407. 		@ini_set('post_max_size', '10G');
    408. 

  408. 		@ini_set('file_uploads', '50');
    409. 

  409. 

  410. 		//copy http auth headers for apache+php-fcgid work around
    411. 

  411. 		if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
    412. 

  412. 			$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
    413. 

  413. 		}
    414. 

  414. 

  415. 		//set http auth headers for apache+php-cgi work around
    416. 

  416. 		if (isset($_SERVER['HTTP_AUTHORIZATION'])
    417. 

  417. 			&& preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)
    418. 

  418. 		) {
    419. 

  419. 			list($name, $password) = explode(':', base64_decode($matches[1]), 2);
    420. 

  420. 			$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
    421. 

  421. 			$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
    422. 

  422. 		}
    423. 

  423. 

  424. 		//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
    425. 

  425. 		if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])
    426. 

  426. 			&& preg_match('/Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)
    427. 

  427. 		) {
    428. 

  428. 			list($name, $password) = explode(':', base64_decode($matches[1]), 2);
    429. 

  429. 			$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
    430. 

  430. 			$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
    431. 

  431. 		}
    432. 

  432. 

  433. 		self::initPaths();
    434. 

  434. 		OC_Util::isSetLocaleWorking();
    435. 

  435. 

  436. 		// set debug mode if an xdebug session is active
    437. 

  437. 		if (!defined('DEBUG') || !DEBUG) {
    438. 

  438. 			if (isset($_COOKIE['XDEBUG_SESSION'])) {
    439. 

  439. 				define('DEBUG', true);
    440. 

  440. 			}
    441. 

  441. 		}
    442. 

  442. 

  443. 		if (!defined('PHPUNIT_RUN')) {
    444. 

  444. 			if (defined('DEBUG') and DEBUG) {
    445. 

  445. 				set_exception_handler(array('OC_Template', 'printExceptionErrorPage'));
    446. 

  446. 			} else {
    447. 

  447. 				OC\Log\ErrorHandler::register();
    448. 

  448. 				OC\Log\ErrorHandler::setLogger(OC_Log::$object);
    449. 

  449. 			}
    450. 

  450. 		}
    451. 

  451. 

  452. 		// register the stream wrappers
    453. 

  453. 		stream_wrapper_register('fakedir', 'OC\Files\Stream\Dir');
    454. 

  454. 		stream_wrapper_register('static', 'OC\Files\Stream\StaticStream');
    455. 

  455. 		stream_wrapper_register('close', 'OC\Files\Stream\Close');
    456. 

  456. 		stream_wrapper_register('quota', 'OC\Files\Stream\Quota');
    457. 

  457. 		stream_wrapper_register('oc', 'OC\Files\Stream\OC');
    458. 

  458. 

  459. 		// setup the basic server
    460. 

  460. 		self::$server = new \OC\Server();
    461. 

  461. 

  462. 		self::initTemplateEngine();
    463. 

  463. 		if (!self::$CLI) {
    464. 

  464. 			self::initSession();
    465. 

  465. 		} else {
    466. 

  466. 			self::$session = new \OC\Session\Memory('');
    467. 

  467. 		}
    468. 

  468. 		self::checkConfig();
    469. 

  469. 		self::checkInstalled();
    470. 

  470. 		self::checkSSL();
    471. 

  471. 

  472. 		$errors = OC_Util::checkServer();
    473. 

  473. 		if (count($errors) > 0) {
    474. 

  474. 			OC_Template::printGuestPage('', 'error', array('errors' => $errors));
    475. 

  475. 			exit;
    476. 

  476. 		}
    477. 

  477. 

  478. 		//try to set the session lifetime
    479. 

  479. 		$sessionLifeTime = self::getSessionLifeTime();
    480. 

  480. 		@ini_set('gc_maxlifetime', (string)$sessionLifeTime);
    481. 

  481. 

  482. 		// User and Groups
    483. 

  483. 		if (!OC_Config::getValue("installed", false)) {
    484. 

  484. 			self::$session->set('user_id', '');
    485. 

  485. 		}
    486. 

  486. 

  487. 		OC_User::useBackend(new OC_User_Database());
    488. 

  488. 		OC_Group::useBackend(new OC_Group_Database());
    489. 

  489. 

  490. 		if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('user_id')
    491. 

  491. 			&& $_SERVER['PHP_AUTH_USER'] != self::$session->get('user_id')) {
    492. 

  492. 			OC_User::logout();
    493. 

  493. 		}
    494. 

  494. 

  495. 		// Load Apps
    496. 

  496. 		// This includes plugins for users and filesystems as well
    497. 

  497. 		global $RUNTIME_NOAPPS;
    498. 

  498. 		global $RUNTIME_APPTYPES;
    499. 

  499. 		if (!$RUNTIME_NOAPPS) {
    500. 

  500. 			if ($RUNTIME_APPTYPES) {
    501. 

  501. 				OC_App::loadApps($RUNTIME_APPTYPES);
    502. 

  502. 			} else {
    503. 

  503. 				OC_App::loadApps();
    504. 

  504. 			}
    505. 

  505. 		}
    506. 

  506. 

  507. 		//setup extra user backends
    508. 

  508. 		OC_User::setupBackends();
    509. 

  509. 

  510. 		self::registerCacheHooks();
    511. 

  511. 		self::registerFilesystemHooks();
    512. 

  512. 		self::registerPreviewHooks();
    513. 

  513. 		self::registerShareHooks();
    514. 

  514. 		self::registerLogRotate();
    515. 

  515. 

  516. 		//make sure temporary files are cleaned up
    517. 

  517. 		register_shutdown_function(array('OC_Helper', 'cleanTmp'));
    518. 

  518. 

  519. 		//parse the given parameters
    520. 

  520. 		self::$REQUESTEDAPP = (isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app']) ? OC_App::cleanAppId(strip_tags($_GET['app'])) : OC_Config::getValue('defaultapp', 'files'));
    521. 

  521. 		if (substr_count(self::$REQUESTEDAPP, '?') != 0) {
    522. 

  522. 			$app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
    523. 

  523. 			$param = substr($_GET['app'], strpos($_GET['app'], '?') + 1);
    524. 

  524. 			parse_str($param, $get);
    525. 

  525. 			$_GET = array_merge($_GET, $get);
    526. 

  526. 			self::$REQUESTEDAPP = $app;
    527. 

  527. 			$_GET['app'] = $app;
    528. 

  528. 		}
    529. 

  529. 		self::$REQUESTEDFILE = (isset($_GET['getfile']) ? $_GET['getfile'] : null);
    530. 

  530. 		if (substr_count(self::$REQUESTEDFILE, '?') != 0) {
    531. 

  531. 			$file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?'));
    532. 

  532. 			$param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1);
    533. 

  533. 			parse_str($param, $get);
    534. 

  534. 			$_GET = array_merge($_GET, $get);
    535. 

  535. 			self::$REQUESTEDFILE = $file;
    536. 

  536. 			$_GET['getfile'] = $file;
    537. 

  537. 		}
    538. 

  538. 		if (!is_null(self::$REQUESTEDFILE)) {
    539. 

  539. 			$subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE;
    540. 

  540. 			$parent = OC_App::getAppPath(OC::$REQUESTEDAPP);
    541. 

  541. 			if (!OC_Helper::issubdirectory($subdir, $parent)) {
    542. 

  542. 				self::$REQUESTEDFILE = null;
    543. 

  543. 				header('HTTP/1.0 404 Not Found');
    544. 

  544. 				exit;
    545. 

  545. 			}
    546. 

  546. 		}
    547. 

  547. 

  548. 		// write error into log if locale can't be set
    549. 

  549. 		if (OC_Util::isSetLocaleWorking() == false) {
    550. 

  550. 			OC_Log::write('core',
    551. 

  551. 				'setting locale to en_US.UTF-8/en_US.UTF8 failed. Support is probably not installed on your system',
    552. 

  552. 				OC_Log::ERROR);
    553. 

  553. 		}
    554. 

  554. 		if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) {
    555. 

  555. 			if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
    556. 

  556. 				OC_Util::addScript('backgroundjobs');
    557. 

  557. 			}
    558. 

  558. 		}
    559. 

  559. 	}
    560. 

  560. 

  561. 	/**
    562. 

  562. 	 * register hooks for the cache
    563. 

  563. 	 */
    564. 

  564. 	public static function registerCacheHooks() {
    565. 

  565. 		if (OC_Config::getValue('installed', false)) { //don't try to do this before we are properly setup
    566. 

  566. 			// register cache cleanup jobs
    567. 

  567. 			try { //if this is executed before the upgrade to the new backgroundjob system is completed it will throw an exception
    568. 

  568. 				\OCP\BackgroundJob::registerJob('OC\Cache\FileGlobalGC');
    569. 

  569. 			} catch (Exception $e) {
    570. 

  570. 

  571. 			}
    572. 

  572. 			// NOTE: This will be replaced to use OCP
    573. 

  573. 			$userSession = \OC_User::getUserSession();
    574. 

  574. 			$userSession->listen('postLogin', '\OC\Cache\File', 'loginListener');
    575. 

  575. 		}
    576. 

  576. 	}
    577. 

  577. 

  578. 	/**
    579. 

  579. 	 * register hooks for the cache
    580. 

  580. 	 */
    581. 

  581. 	public static function registerLogRotate() {
    582. 

  582. 		if (OC_Config::getValue('installed', false) && OC_Config::getValue('log_rotate_size', false)) {
    583. 

  583. 			//don't try to do this before we are properly setup
    584. 

  584. 			// register cache cleanup jobs
    585. 

  585. 			try { //if this is executed before the upgrade to the new backgroundjob system is completed it will throw an exception
    586. 

  586. 				\OCP\BackgroundJob::registerJob('OC\Log\Rotate', OC_Config::getValue("datadirectory", OC::$SERVERROOT.'/data').'/owncloud.log');
    587. 

  587. 			} catch (Exception $e) {
    588. 

  588. 

  589. 			}
    590. 

  590. 		}
    591. 

  591. 	}
    592. 

  592. 

  593. 	/**
    594. 

  594. 	 * register hooks for the filesystem
    595. 

  595. 	 */
    596. 

  596. 	public static function registerFilesystemHooks() {
    597. 

  597. 		// Check for blacklisted files
    598. 

  598. 		OC_Hook::connect('OC_Filesystem', 'write', 'OC_Filesystem', 'isBlacklisted');
    599. 

  599. 		OC_Hook::connect('OC_Filesystem', 'rename', 'OC_Filesystem', 'isBlacklisted');
    600. 

  600. 	}
    601. 

  601. 

  602. 	/**
    603. 

  603. 	 * register hooks for previews
    604. 

  604. 	 */
    605. 

  605. 	public static function registerPreviewHooks() {
    606. 

  606. 		OC_Hook::connect('OC_Filesystem', 'post_write', 'OC\Preview', 'post_write');
    607. 

  607. 		OC_Hook::connect('OC_Filesystem', 'delete', 'OC\Preview', 'post_delete');
    608. 

  608. 	}
    609. 

  609. 

  610. 	/**
    611. 

  611. 	 * register hooks for sharing
    612. 

  612. 	 */
    613. 

  613. 	public static function registerShareHooks() {
    614. 

  614. 		if(\OC_Config::getValue('installed')) {
    615. 

  615. 			OC_Hook::connect('OC_User', 'post_deleteUser', 'OCP\Share', 'post_deleteUser');
    616. 

  616. 			OC_Hook::connect('OC_User', 'post_addToGroup', 'OCP\Share', 'post_addToGroup');
    617. 

  617. 			OC_Hook::connect('OC_User', 'post_removeFromGroup', 'OCP\Share', 'post_removeFromGroup');
    618. 

  618. 			OC_Hook::connect('OC_User', 'post_deleteGroup', 'OCP\Share', 'post_deleteGroup');
    619. 

  619. 		}
    620. 

  620. 	}
    621. 

  621. 

  622. 	/**
    623. 

  623. 	 * @brief Handle the request
    624. 

  624. 	 */
    625. 

  625. 	public static function handleRequest() {
    626. 

  626. 		// load all the classpaths from the enabled apps so they are available
    627. 

  627. 		// in the routing files of each app
    628. 

  628. 		OC::loadAppClassPaths();
    629. 

  629. 

  630. 		// Check if ownCloud is installed or in maintenance (update) mode
    631. 

  631. 		if (!OC_Config::getValue('installed', false)) {
    632. 

  632. 			require_once 'core/setup.php';
    633. 

  633. 			exit();
    634. 

  634. 		}
    635. 

  635. 

  636. 		$request = OC_Request::getPathInfo();
    637. 

  637. 		if(substr($request, -3) !== '.js') {// we need these files during the upgrade
    638. 

  638. 			self::checkMaintenanceMode();
    639. 

  639. 			self::checkUpgrade();
    640. 

  640. 		}
    641. 

  641. 

  642. 		// Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
    643. 

  643. 		OC::tryBasicAuthLogin();
    644. 

  644. 

  645. 		if (!self::$CLI) {
    646. 

  646. 			try {
    647. 

  647. 				if (!OC_Config::getValue('maintenance', false)) {
    648. 

  648. 					OC_App::loadApps();
    649. 

  649. 				}
    650. 

  650. 				OC::getRouter()->match(OC_Request::getRawPathInfo());
    651. 

  651. 				return;
    652. 

  652. 			} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
    653. 

  653. 				//header('HTTP/1.0 404 Not Found');
    654. 

  654. 			} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
    655. 

  655. 				OC_Response::setStatus(405);
    656. 

  656. 				return;
    657. 

  657. 			}
    658. 

  658. 		}
    659. 

  659. 

  660. 		$app = OC::$REQUESTEDAPP;
    661. 

  661. 		$file = OC::$REQUESTEDFILE;
    662. 

  662. 		$param = array('app' => $app, 'file' => $file);
    663. 

  663. 		// Handle app css files
    664. 

  664. 		if (substr($file, -3) == 'css') {
    665. 

  665. 			self::loadCSSFile($param);
    666. 

  666. 			return;
    667. 

  667. 		}
    668. 

  668. 

  669. 		// Handle redirect URL for logged in users
    670. 

  670. 		if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
    671. 

  671. 			$location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
    672. 

  672. 

  673. 			// Deny the redirect if the URL contains a @
    674. 

  674. 			// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
    675. 

  675. 			if (strpos($location, '@') === false) {
    676. 

  676. 				header('Location: ' . $location);
    677. 

  677. 				return;
    678. 

  678. 			}
    679. 

  679. 		}
    680. 

  680. 		// Handle WebDAV
    681. 

  681. 		if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
    682. 

  682. 			header('location: ' . OC_Helper::linkToRemote('webdav'));
    683. 

  683. 			return;
    684. 

  684. 		}
    685. 

  685. 

  686. 		// Someone is logged in :
    687. 

  687. 		if (OC_User::isLoggedIn()) {
    688. 

  688. 			OC_App::loadApps();
    689. 

  689. 			OC_User::setupBackends();
    690. 

  690. 			if (isset($_GET["logout"]) and ($_GET["logout"])) {
    691. 

  691. 				if (isset($_COOKIE['oc_token'])) {
    692. 

  692. 					OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
    693. 

  693. 				}
    694. 

  694. 				OC_User::logout();
    695. 

  695. 				header("Location: " . OC::$WEBROOT . '/');
    696. 

  696. 			} else {
    697. 

  697. 				if (is_null($file)) {
    698. 

  698. 					$param['file'] = 'index.php';
    699. 

  699. 				}
    700. 

  700. 				$file_ext = substr($param['file'], -3);
    701. 

  701. 				if ($file_ext != 'php'
    702. 

  702. 					|| !self::loadAppScriptFile($param)
    703. 

  703. 				) {
    704. 

  704. 					header('HTTP/1.0 404 Not Found');
    705. 

  705. 				}
    706. 

  706. 			}
    707. 

  707. 			return;
    708. 

  708. 		}
    709. 

  709. 		// Not handled and not logged in
    710. 

  710. 		self::handleLogin();
    711. 

  711. 	}
    712. 

  712. 

  713. 	public static function loadAppScriptFile($param) {
    714. 

  714. 		OC_App::loadApps();
    715. 

  715. 		$app = $param['app'];
    716. 

  716. 		$file = $param['file'];
    717. 

  717. 		$app_path = OC_App::getAppPath($app);
    718. 

  718. 		if (OC_App::isEnabled($app) && $app_path !== false) {
    719. 

  719. 			$file = $app_path . '/' . $file;
    720. 

  720. 			unset($app, $app_path);
    721. 

  721. 			if (file_exists($file)) {
    722. 

  722. 				require_once $file;
    723. 

  723. 				return true;
    724. 

  724. 			}
    725. 

  725. 		}
    726. 

  726. 		header('HTTP/1.0 404 Not Found');
    727. 

  727. 		return false;
    728. 

  728. 	}
    729. 

  729. 

  730. 	public static function loadCSSFile($param) {
    731. 

  731. 		$app = $param['app'];
    732. 

  732. 		$file = $param['file'];
    733. 

  733. 		$app_path = OC_App::getAppPath($app);
    734. 

  734. 		if (file_exists($app_path . '/' . $file)) {
    735. 

  735. 			$app_web_path = OC_App::getAppWebPath($app);
    736. 

  736. 			$filepath = $app_web_path . '/' . $file;
    737. 

  737. 			$minimizer = new OC_Minimizer_CSS();
    738. 

  738. 			$info = array($app_path, $app_web_path, $file);
    739. 

  739. 			$minimizer->output(array($info), $filepath);
    740. 

  740. 		}
    741. 

  741. 	}
    742. 

  742. 

  743. 	protected static function handleLogin() {
    744. 

  744. 		OC_App::loadApps(array('prelogin'));
    745. 

  745. 		$error = array();
    746. 

  746. 		// remember was checked after last login
    747. 

  747. 		if (OC::tryRememberLogin()) {
    748. 

  748. 			$error[] = 'invalidcookie';
    749. 

  749. 			// Someone wants to log in :
    750. 

  750. 		} elseif (OC::tryFormLogin()) {
    751. 

  751. 			$error[] = 'invalidpassword';
    752. 

  752. 		}
    753. 

  753. 

  754. 		OC_Util::displayLoginPage(array_unique($error));
    755. 

  755. 	}
    756. 

  756. 

  757. 	protected static function cleanupLoginTokens($user) {
    758. 

  758. 		$cutoff = time() - OC_Config::getValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
    759. 

  759. 		$tokens = OC_Preferences::getKeys($user, 'login_token');
    760. 

  760. 		foreach ($tokens as $token) {
    761. 

  761. 			$time = OC_Preferences::getValue($user, 'login_token', $token);
    762. 

  762. 			if ($time < $cutoff) {
    763. 

  763. 				OC_Preferences::deleteKey($user, 'login_token', $token);
    764. 

  764. 			}
    765. 

  765. 		}
    766. 

  766. 	}
    767. 

  767. 

  768. 	protected static function tryRememberLogin() {
    769. 

  769. 		if (!isset($_COOKIE["oc_remember_login"])
    770. 

  770. 			|| !isset($_COOKIE["oc_token"])
    771. 

  771. 			|| !isset($_COOKIE["oc_username"])
    772. 

  772. 			|| !$_COOKIE["oc_remember_login"]
    773. 

  773. 			|| !OC_Util::rememberLoginAllowed()
    774. 

  774. 		) {
    775. 

  775. 			return false;
    776. 

  776. 		}
    777. 

  777. 		OC_App::loadApps(array('authentication'));
    778. 

  778. 		if (defined("DEBUG") && DEBUG) {
    779. 

  779. 			OC_Log::write('core', 'Trying to login from cookie', OC_Log::DEBUG);
    780. 

  780. 		}
    781. 

  781. 		// confirm credentials in cookie
    782. 

  782. 		if (isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username'])) {
    783. 

  783. 			// delete outdated cookies
    784. 

  784. 			self::cleanupLoginTokens($_COOKIE['oc_username']);
    785. 

  785. 			// get stored tokens
    786. 

  786. 			$tokens = OC_Preferences::getKeys($_COOKIE['oc_username'], 'login_token');
    787. 

  787. 			// test cookies token against stored tokens
    788. 

  788. 			if (in_array($_COOKIE['oc_token'], $tokens, true)) {
    789. 

  789. 				// replace successfully used token with a new one
    790. 

  790. 				OC_Preferences::deleteKey($_COOKIE['oc_username'], 'login_token', $_COOKIE['oc_token']);
    791. 

  791. 				$token = OC_Util::generateRandomBytes(32);
    792. 

  792. 				OC_Preferences::setValue($_COOKIE['oc_username'], 'login_token', $token, time());
    793. 

  793. 				OC_User::setMagicInCookie($_COOKIE['oc_username'], $token);
    794. 

  794. 				// login
    795. 

  795. 				OC_User::setUserId($_COOKIE['oc_username']);
    796. 

  796. 				OC_Util::redirectToDefaultPage();
    797. 

  797. 				// doesn't return
    798. 

  798. 			}
    799. 

  799. 			// if you reach this point you have changed your password
    800. 

  800. 			// or you are an attacker
    801. 

  801. 			// we can not delete tokens here because users may reach
    802. 

  802. 			// this point multiple times after a password change
    803. 

  803. 			OC_Log::write('core', 'Authentication cookie rejected for user ' . $_COOKIE['oc_username'], OC_Log::WARN);
    804. 

  804. 		}
    805. 

  805. 		OC_User::unsetMagicInCookie();
    806. 

  806. 		return true;
    807. 

  807. 	}
    808. 

  808. 

  809. 	protected static function tryFormLogin() {
    810. 

  810. 		if (!isset($_POST["user"]) || !isset($_POST['password'])) {
    811. 

  811. 			return false;
    812. 

  812. 		}
    813. 

  813. 

  814. 		OC_App::loadApps();
    815. 

  815. 

  816. 		//setup extra user backends
    817. 

  817. 		OC_User::setupBackends();
    818. 

  818. 

  819. 		if (OC_User::login($_POST["user"], $_POST["password"])) {
    820. 

  820. 			// setting up the time zone
    821. 

  821. 			if (isset($_POST['timezone-offset'])) {
    822. 

  822. 				self::$session->set('timezone', $_POST['timezone-offset']);
    823. 

  823. 			}
    824. 

  824. 

  825. 			$userid = OC_User::getUser();
    826. 

  826. 			self::cleanupLoginTokens($userid);
    827. 

  827. 			if (!empty($_POST["remember_login"])) {
    828. 

  828. 				if (defined("DEBUG") && DEBUG) {
    829. 

  829. 					OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
    830. 

  830. 				}
    831. 

  831. 				$token = OC_Util::generateRandomBytes(32);
    832. 

  832. 				OC_Preferences::setValue($userid, 'login_token', $token, time());
    833. 

  833. 				OC_User::setMagicInCookie($userid, $token);
    834. 

  834. 			} else {
    835. 

  835. 				OC_User::unsetMagicInCookie();
    836. 

  836. 			}
    837. 

  837. 			OC_Util::redirectToDefaultPage();
    838. 

  838. 			exit();
    839. 

  839. 		}
    840. 

  840. 		return true;
    841. 

  841. 	}
    842. 

  842. 

  843. 	protected static function tryBasicAuthLogin() {
    844. 

  844. 		if (!isset($_SERVER["PHP_AUTH_USER"])
    845. 

  845. 			|| !isset($_SERVER["PHP_AUTH_PW"])
    846. 

  846. 		) {
    847. 

  847. 			return false;
    848. 

  848. 		}
    849. 

  849. 		OC_App::loadApps(array('authentication'));
    850. 

  850. 		if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) {
    851. 

  851. 			//OC_Log::write('core',"Logged in with HTTP Authentication", OC_Log::DEBUG);
    852. 

  852. 			OC_User::unsetMagicInCookie();
    853. 

  853. 			$_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister();
    854. 

  854. 		}
    855. 

  855. 		return true;
    856. 

  856. 	}
    857. 

  857. 

  858. }
    859. 

  859. 

  860. // define runtime variables - unless this already has been done
    861. 

  861. if (!isset($RUNTIME_NOAPPS)) {
    862. 

  862. 	$RUNTIME_NOAPPS = false;
    863. 

  863. }
    864. 

  864. 

  865. if (!function_exists('get_temp_dir')) {
    866. 

  866. 	function get_temp_dir() {
    867. 

  867. 		if ($temp = ini_get('upload_tmp_dir')) return $temp;
    868. 

  868. 		if ($temp = getenv('TMP')) return $temp;
    869. 

  869. 		if ($temp = getenv('TEMP')) return $temp;
    870. 

  870. 		if ($temp = getenv('TMPDIR')) return $temp;
    871. 

  871. 		$temp = tempnam(__FILE__, '');
    872. 

  872. 		if (file_exists($temp)) {
    873. 

  873. 			unlink($temp);
    874. 

  874. 			return dirname($temp);
    875. 

  875. 		}
    876. 

  876. 		if ($temp = sys_get_temp_dir()) return $temp;
    877. 

  877. 

  878. 		return null;
    879. 

  879. 	}
    880. 

  880. }
    881. 

  881. 

  882. OC::init();
    883. 

  883. 

  884.