Home Explore contacts
Sign In
dyokunev
/
nextcloud-mephi
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e4e0b5a822
Branches Tags
nextcloud-me...
/
lib
/
base.php

base.php 19 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * ownCloud
    4. 

  4.  *
    5. 

  5.  * @author Frank Karlitschek
    6. 

  6.  * @copyright 2012 Frank Karlitschek frank@owncloud.org
    7. 

  7.  *
    8. 

  8.  * This library is free software; you can redistribute it and/or
    9. 

  9.  * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
    10. 

  10.  * License as published by the Free Software Foundation; either
    11. 

  11.  * version 3 of the License, or any later version.
    12. 

  12.  *
    13. 

  13.  * This library is distributed in the hope that it will be useful,
    14. 

  14.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    15. 

  15.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    16. 

  16.  * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
    17. 

  17.  *
    18. 

  18.  * You should have received a copy of the GNU Affero General Public
    19. 

  19.  * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
    20. 

  20.  *
    21. 

  21.  */
    22. 

  22. 

  23. /**
    24. 

  24.  * Class that is a namespace for all global OC variables
    25. 

  25.  * No, we can not put this class in its own file because it is used by
    26. 

  26.  * OC_autoload!
    27. 

  27.  */
    28. 

  28. class OC{
    29. 

  29. 	/**
    30. 

  30. 	 * Assoziative array for autoloading. classname => filename
    31. 

  31. 	 */
    32. 

  32. 	public static $CLASSPATH = array();
    33. 

  33. 	/**
    34. 

  34. 	 * The installation path for owncloud on the server (e.g. /srv/http/owncloud)
    35. 

  35. 	 */
    36. 

  36. 	public static $SERVERROOT = '';
    37. 

  37. 	/**
    38. 

  38. 	 * the current request path relative to the owncloud root (e.g. files/index.php)
    39. 

  39. 	 */
    40. 

  40. 	private static $SUBURI = '';
    41. 

  41. 	/**
    42. 

  42. 	 * the owncloud root path for http requests (e.g. owncloud/)
    43. 

  43. 	 */
    44. 

  44. 	public static $WEBROOT = '';
    45. 

  45. 	/**
    46. 

  46. 	 * The installation path of the 3rdparty folder on the server (e.g. /srv/http/owncloud/3rdparty)
    47. 

  47. 	 */
    48. 

  48. 	public static $THIRDPARTYROOT = '';
    49. 

  49. 	/**
    50. 

  50. 	 * the root path of the 3rdparty folder for http requests (e.g. owncloud/3rdparty)
    51. 

  51. 	 */
    52. 

  52. 	public static $THIRDPARTYWEBROOT = '';
    53. 

  53. 	/**
    54. 

  54. 	 * The installation path array of the apps folder on the server (e.g. /srv/http/owncloud) 'path' and web path in 'url'
    55. 

  55. 	 */
    56. 

  56. 	public static $APPSROOTS = array();
    57. 

  57. 	/*
    58. 

  58. 	 * requested app
    59. 

  59. 	 */
    60. 

  60. 	public static $REQUESTEDAPP = '';
    61. 

  61. 	/*
    62. 

  62. 	 * requested file of app
    63. 

  63. 	 */
    64. 

  64. 	public static $REQUESTEDFILE = '';
    65. 

  65. 	/**
    66. 

  66. 	 * check if owncloud runs in cli mode
    67. 

  67. 	 */
    68. 

  68. 	public static $CLI = false;
    69. 

  69. 	/**
    70. 

  70. 	 * SPL autoload
    71. 

  71. 	 */
    72. 

  72. 	public static function autoload($className){
    73. 

  73. 		if(array_key_exists($className, OC::$CLASSPATH)) {
    74. 

  74. 			/** @TODO: Remove this when necessary
    75. 

  75. 			 Remove "apps/" from inclusion path for smooth migration to mutli app dir
    76. 

  76. 			*/
    77. 

  77. 			$path = preg_replace('/apps\//', '', OC::$CLASSPATH[$className]);
    78. 

  78. 			require_once $path;
    79. 

  79. 		}
    80. 

  80. 		elseif(strpos($className, 'OC_')===0) {
    81. 

  81. 			$path = strtolower(str_replace('_', '/', substr($className,3)) . '.php');
    82. 

  82. 		}
    83. 

  83. 		elseif(strpos($className, 'OCP\\')===0) {
    84. 

  84. 			$path = 'public/'.strtolower(str_replace('\\',' /',s ubstr($className,3)) . '.php');
    85. 

  85. 		}
    86. 

  86. 		elseif(strpos($className, 'OCA\\')===0) {
    87. 

  87. 			$path = 'apps/'.strtolower(str_replace('\\', '/', substr($className,3)) . '.php');
    88. 

  88. 		}
    89. 

  89. 		elseif(strpos($className, 'Sabre_')===0) {
    90. 

  90. 			$path =  str_replace('_', '/', $className) . '.php';
    91. 

  91. 		}
    92. 

  92. 		elseif(strpos($className,'Test_')===0) {
    93. 

  93. 			$path =  'tests/lib/'.strtolower(str_replace('_', '/', substr($className,5 )) . '.php');
    94. 

  94. 		}else{
    95. 

  95. 			return false;
    96. 

  96. 		}
    97. 

  97. 		
    98. 

  98. 		if($fullPath = stream_resolve_include_path($path)) {
    99. 

  99. 			require_once $path;
    100. 

  100. 		}
    101. 

  101. 		return false;
    102. 

  102. 	}
    103. 

  103. 

  104. 	public static function initPaths(){
    105. 

  105. 		// calculate the root directories
    106. 

  106. 		OC::$SERVERROOT=str_replace("\\", '/', substr(__FILE__, 0, -13));
    107. 

  107. 		OC::$SUBURI= str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT)));
    108. 

  108. 		$scriptName=$_SERVER["SCRIPT_NAME"];
    109. 

  109. 		if(substr($scriptName, -1)=='/') {
    110. 

  110. 			$scriptName.='index.php';
    111. 

  111. 			//make sure suburi follows the same rules as scriptName
    112. 

  112. 			if(substr(OC::$SUBURI, -9)!='index.php') {
    113. 

  113. 				if(substr(OC::$SUBURI,-1)!='/' {
    114. 

  114. 					OC::$SUBURI=OC::$SUBURI.'/';
    115. 

  115. 				}
    116. 

  116. 				OC::$SUBURI=OC::$SUBURI.'index.php';
    117. 

  117. 			}
    118. 

  118. 		}
    119. 

  119. 

  120. 		OC::$WEBROOT=substr($scriptName, 0, strlen($scriptName)-strlen(OC::$SUBURI));
    121. 

  121. 

  122. 		if(OC::$WEBROOT!='' and OC::$WEBROOT[0]!=='/') {
    123. 

  123. 			OC::$WEBROOT='/'.OC::$WEBROOT;
    124. 

  124. 		}
    125. 

  125. 

  126. 		// ensure we can find OC_Config
    127. 

  127. 		set_include_path(
    128. 

  128. 			OC::$SERVERROOT.'/lib'.PATH_SEPARATOR.
    129. 

  129. 			get_include_path()
    130. 

  130. 		);
    131. 

  131. 

  132. 		// search the 3rdparty folder
    133. 

  133. 		if(OC_Config::getValue('3rdpartyroot', '')<>'' and OC_Config::getValue('3rdpartyurl', '')<>'') {
    134. 

  134. 			OC::$THIRDPARTYROOT=OC_Config::getValue('3rdpartyroot', '');
    135. 

  135. 			OC::$THIRDPARTYWEBROOT=OC_Config::getValue('3rdpartyurl', '');
    136. 

  136. 		}elseif(file_exists(OC::$SERVERROOT.'/3rdparty')) {
    137. 

  137. 			OC::$THIRDPARTYROOT=OC::$SERVERROOT;
    138. 

  138. 			OC::$THIRDPARTYWEBROOT=OC::$WEBROOT;
    139. 

  139. 		}elseif(file_exists(OC::$SERVERROOT.'/../3rdparty')) {
    140. 

  140. 			OC::$THIRDPARTYWEBROOT=rtrim(dirname(OC::$WEBROOT), '/');
    141. 

  141. 			OC::$THIRDPARTYROOT=rtrim(dirname(OC::$SERVERROOT), '/');
    142. 

  142. 		}else{
    143. 

  143. 			echo("3rdparty directory not found! Please put the ownCloud 3rdparty folder in the ownCloud folder or the folder above. You can also configure the location in the config.php file.");
    144. 

  144. 			exit;
    145. 

  145. 		}
    146. 

  146. 		// search the apps folder
    147. 

  147. 		$config_paths = OC_Config::getValue('apps_paths', array());
    148. 

  148. 		if(! empty($config_paths)) {
    149. 

  149. 			foreach($config_paths as $paths) {
    150. 

  150. 				if( isset($paths['url']) && isset($paths['path'])) {
    151. 

  151. 					$paths['url'] = rtrim($paths['url'], '/');
    152. 

  152. 					$paths['path'] = rtrim($paths['path'], '/');
    153. 

  153. 					OC::$APPSROOTS[] = $paths;
    154. 

  154. 				}
    155. 

  155. 			}
    156. 

  156. 		}elseif(file_exists(OC::$SERVERROOT.'/apps')) {
    157. 

  157. 			OC::$APPSROOTS[] = array('path'=> OC::$SERVERROOT.'/apps', 'url' => '/apps', 'writable' => true);
    158. 

  158. 		}elseif(file_exists(OC::$SERVERROOT.'/../apps')) {
    159. 

  159. 			OC::$APPSROOTS[] = array('path'=> rtrim(dirname(OC::$SERVERROOT), '/').'/apps', 'url' => '/apps', 'writable' => true);
    160. 

  160. 		}
    161. 

  161. 

  162. 		if(empty(OC::$APPSROOTS)) {
    163. 

  163. 			echo("apps directory not found! Please put the ownCloud apps folder in the ownCloud folder or the folder above. You can also configure the location in the config.php file.");
    164. 

  164. 			exit;
    165. 

  165. 		}
    166. 

  166. 		$paths = array();
    167. 

  167. 		foreach( OC::$APPSROOTS as $path)
    168. 

  168. 			$paths[] = $path['path'];
    169. 

  169. 

  170. 		// set the right include path
    171. 

  171. 		set_include_path(
    172. 

  172. 			OC::$SERVERROOT.'/lib'.PATH_SEPARATOR.
    173. 

  173. 			OC::$SERVERROOT.'/config'.PATH_SEPARATOR.
    174. 

  174. 			OC::$THIRDPARTYROOT.'/3rdparty'.PATH_SEPARATOR.
    175. 

  175. 			implode($paths,PATH_SEPARATOR).PATH_SEPARATOR.
    176. 

  176. 			get_include_path().PATH_SEPARATOR.
    177. 

  177. 			OC::$SERVERROOT
    178. 

  178. 		);
    179. 

  179. 	}
    180. 

  180. 

  181. 	public static function checkInstalled() {
    182. 

  182. 		// Redirect to installer if not installed
    183. 

  183. 		if (!OC_Config::getValue('installed', false) && OC::$SUBURI != '/index.php') {
    184. 

  184. 			if(!OC::$CLI) {
    185. 

  185. 				$url = 'http://'.$_SERVER['SERVER_NAME'].OC::$WEBROOT.'/index.php';
    186. 

  186. 				header("Location: $url");
    187. 

  187. 			}
    188. 

  188. 			exit();
    189. 

  189. 		}
    190. 

  190. 	}
    191. 

  191. 

  192. 	public static function checkSSL() {
    193. 

  193. 		// redirect to https site if configured
    194. 

  194. 		if( OC_Config::getValue( "forcessl", false )) {
    195. 

  195. 			ini_set("session.cookie_secure", "on");
    196. 

  196. 			if(OC_Request::serverProtocol()<>'https' and !OC::$CLI) {
    197. 

  197. 				$url = "https://". OC_Request::serverHost() . $_SERVER['REQUEST_URI'];
    198. 

  198. 				header("Location: $url");
    199. 

  199. 				exit();
    200. 

  200. 			}
    201. 

  201. 		}
    202. 

  202. 	}
    203. 

  203. 

  204. 	public static function checkUpgrade() {
    205. 

  205. 		if(OC_Config::getValue('installed', false)) {
    206. 

  206. 			$installedVersion=OC_Config::getValue('version', '0.0.0');
    207. 

  207. 			$currentVersion=implode('.', OC_Util::getVersion());
    208. 

  208. 			if (version_compare($currentVersion, $installedVersion, '>')) {
    209. 

  209. 				OC_Log::write('core', 'starting upgrade from '.$installedVersion.' to '.$currentVersion, OC_Log::DEBUG);
    210. 

  210. 				$result=OC_DB::updateDbFromStructure(OC::$SERVERROOT.'/db_structure.xml');
    211. 

  211. 				if(!$result) {
    212. 

  212. 					echo 'Error while upgrading the database';
    213. 

  213. 					die();
    214. 

  214. 				}
    215. 

  215. 				if(file_exists(OC::$SERVERROOT."/config/config.php") and !is_writable(OC::$SERVERROOT."/config/config.php")) {
    216. 

  216. 					$tmpl = new OC_Template( '', 'error', 'guest' );
    217. 

  217. 					$tmpl->assign('errors', array(1=>array('error'=>"Can't write into config directory 'config'",'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud")));
    218. 

  218. 					$tmpl->printPage();
    219. 

  219. 					exit;
    220. 

  220. 				}
    221. 

  221. 

  222. 				OC_Config::setValue('version', implode('.', OC_Util::getVersion()));
    223. 

  223. 				OC_App::checkAppsRequirements();
    224. 

  224. 				// load all apps to also upgrade enabled apps
    225. 

  225. 				OC_App::loadApps();
    226. 

  226. 			}
    227. 

  227. 		}
    228. 

  228. 	}
    229. 

  229. 

  230. 	public static function initTemplateEngine() {
    231. 

  231. 		// Add the stuff we need always
    232. 

  232. 		OC_Util::addScript( "jquery-1.7.2.min" );
    233. 

  233. 		OC_Util::addScript( "jquery-ui-1.8.16.custom.min" );
    234. 

  234. 		OC_Util::addScript( "jquery-showpassword" );
    235. 

  235. 		OC_Util::addScript( "jquery.infieldlabel.min" );
    236. 

  236. 		OC_Util::addScript( "jquery-tipsy" );
    237. 

  237. 		OC_Util::addScript( "oc-dialogs" );
    238. 

  238. 		OC_Util::addScript( "js" );
    239. 

  239. 		OC_Util::addScript( "eventsource" );
    240. 

  240. 		OC_Util::addScript( "config" );
    241. 

  241. 		//OC_Util::addScript( "multiselect" );
    242. 

  242. 		OC_Util::addScript('search', 'result');
    243. 

  243. 

  244. 		if( OC_Config::getValue( 'installed', false )){
    245. 

  245. 			if( OC_Appconfig::getValue( 'core', 'backgroundjobs_mode', 'ajax' ) == 'ajax' ) {
    246. 

  246. 				OC_Util::addScript( 'backgroundjobs' );
    247. 

  247. 			}
    248. 

  248. 		}
    249. 

  249. 

  250. 		OC_Util::addStyle( "styles" );
    251. 

  251. 		OC_Util::addStyle( "multiselect" );
    252. 

  252. 		OC_Util::addStyle( "jquery-ui-1.8.16.custom" );
    253. 

  253. 		OC_Util::addStyle( "jquery-tipsy" );
    254. 

  254. 	}
    255. 

  255. 

  256. 	public static function initSession() {
    257. 

  257. 		ini_set('session.cookie_httponly', '1;');
    258. 

  258. 		session_start();
    259. 

  259. 	}
    260. 

  260. 

  261. 	public static function init(){
    262. 

  262. 		// register autoloader
    263. 

  263. 		spl_autoload_register(array('OC','autoload'));
    264. 

  264. 		setlocale(LC_ALL, 'en_US.UTF-8');
    265. 

  265. 

  266. 		// set some stuff
    267. 

  267. 		//ob_start();
    268. 

  268. 		error_reporting(E_ALL | E_STRICT);
    269. 

  269. 		if (defined('DEBUG') && DEBUG) {
    270. 

  270. 			ini_set('display_errors', 1);
    271. 

  271. 		}
    272. 

  272. 		self::$CLI=(php_sapi_name() == 'cli');
    273. 

  273. 

  274. 		date_default_timezone_set('UTC');
    275. 

  275. 		ini_set('arg_separator.output', '&amp;');
    276. 

  276. 

  277. 		// try to switch magic quotes off.
    278. 

  278. 		if(function_exists('set_magic_quotes_runtime')) {
    279. 

  279. 			@set_magic_quotes_runtime(false);
    280. 

  280. 		}
    281. 

  281. 

  282. 		//try to configure php to enable big file uploads.
    283. 

  283. 		//this doesn´t work always depending on the webserver and php configuration.
    284. 

  284. 		//Let´s try to overwrite some defaults anyways
    285. 

  285. 

  286. 		//try to set the maximum execution time to 60min
    287. 

  287. 		@set_time_limit(3600);
    288. 

  288. 		@ini_set('max_execution_time', 3600);
    289. 

  289. 		@ini_set('max_input_time', 3600);
    290. 

  290. 

  291. 		//try to set the maximum filesize to 10G
    292. 

  292. 		@ini_set('upload_max_filesize', '10G');
    293. 

  293. 		@ini_set('post_max_size', '10G');
    294. 

  294. 		@ini_set('file_uploads', '50');
    295. 

  295. 

  296. 		//try to set the session lifetime to 60min
    297. 

  297. 		@ini_set('gc_maxlifetime', '3600');
    298. 

  298. 

  299. 

  300. 		//set http auth headers for apache+php-cgi work around
    301. 

  301. 		if (isset($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['HTTP_AUTHORIZATION'], $matches)) {
    302. 

  302. 			list($name, $password) = explode(':', base64_decode($matches[1]));
    303. 

  303. 			$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
    304. 

  304. 			$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
    305. 

  305. 		}
    306. 

  306. 

  307. 		//set http auth headers for apache+php-cgi work around if variable gets renamed by apache
    308. 

  308. 		if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) && preg_match('/Basic\s+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches)) {
    309. 

  309. 			list($name, $password) = explode(':', base64_decode($matches[1]));
    310. 

  310. 			$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
    311. 

  311. 			$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
    312. 

  312. 		}
    313. 

  313. 

  314. 		self::initPaths();
    315. 

  315. 

  316. 		// set debug mode if an xdebug session is active
    317. 

  317. 		if (!defined('DEBUG') || !DEBUG) {
    318. 

  318. 			if(isset($_COOKIE['XDEBUG_SESSION'])) {
    319. 

  319. 				define('DEBUG',true);
    320. 

  320. 			}
    321. 

  321. 		}
    322. 

  322. 

  323. 		// register the stream wrappers
    324. 

  324. 		require_once 'streamwrappers.php';
    325. 

  325. 		stream_wrapper_register("fakedir", "OC_FakeDirStream");
    326. 

  326. 		stream_wrapper_register('static', 'OC_StaticStreamWrapper');
    327. 

  327. 		stream_wrapper_register('close', 'OC_CloseStreamWrapper');
    328. 

  328. 

  329. 		self::checkInstalled();
    330. 

  330. 		self::checkSSL();
    331. 

  331. 		self::initSession();
    332. 

  332. 		self::initTemplateEngine();
    333. 

  333. 		self::checkUpgrade();
    334. 

  334. 

  335. 		$errors=OC_Util::checkServer();
    336. 

  336. 		if(count($errors)>0) {
    337. 

  337. 			OC_Template::printGuestPage('', 'error', array('errors' => $errors));
    338. 

  338. 			exit;
    339. 

  339. 		}
    340. 

  340. 

  341. 		// User and Groups
    342. 

  342. 		if( !OC_Config::getValue( "installed", false )) {
    343. 

  343. 			$_SESSION['user_id'] = '';
    344. 

  344. 		}
    345. 

  345. 

  346. 		OC_User::useBackend(new OC_User_Database());
    347. 

  347. 		OC_Group::useBackend(new OC_Group_Database());
    348. 

  348. 

  349. 		// Load Apps
    350. 

  350. 		// This includes plugins for users and filesystems as well
    351. 

  351. 		global $RUNTIME_NOAPPS;
    352. 

  352. 		global $RUNTIME_APPTYPES;
    353. 

  353. 		if(!$RUNTIME_NOAPPS ) {
    354. 

  354. 			if($RUNTIME_APPTYPES) {
    355. 

  355. 				OC_App::loadApps($RUNTIME_APPTYPES);
    356. 

  356. 			}else{
    357. 

  357. 				OC_App::loadApps();
    358. 

  358. 			}
    359. 

  359. 		}
    360. 

  360. 

  361. 		//setup extra user backends
    362. 

  362. 		OC_User::setupBackends();
    363. 

  363. 

  364. 		// register cache cleanup jobs
    365. 

  365. 		OC_BackgroundJob_RegularTask::register('OC_Cache_FileGlobal', 'gc');
    366. 

  366. 		OC_Hook::connect('OC_User', 'post_login', 'OC_Cache_File', 'loginListener');
    367. 

  367. 

  368. 		// Check for blacklisted files
    369. 

  369. 		OC_Hook::connect('OC_Filesystem','write', 'OC_Filesystem', 'isBlacklisted');
    370. 

  370. 		OC_Hook::connect('OC_Filesystem', 'rename', 'OC_Filesystem', 'isBlacklisted');
    371. 

  371. 

  372. 		//make sure temporary files are cleaned up
    373. 

  373. 		register_shutdown_function(array('OC_Helper','cleanTmp'));
    374. 

  374. 

  375. 		//parse the given parameters
    376. 

  376. 		self::$REQUESTEDAPP = (isset($_GET['app']) && trim($_GET['app']) != '' && !is_null($_GET['app'])?str_replace(array('\0', '/', '\\', '..'), '', strip_tags($_GET['app'])):OC_Config::getValue('defaultapp', 'files'));
    377. 

  377. 		if(substr_count(self::$REQUESTEDAPP, '?') != 0) {
    378. 

  378. 			$app = substr(self::$REQUESTEDAPP, 0, strpos(self::$REQUESTEDAPP, '?'));
    379. 

  379. 			$param = substr($_GET['app'], strpos($_GET['app'], '?') + 1);
    380. 

  380. 			parse_str($param, $get);
    381. 

  381. 			$_GET = array_merge($_GET, $get);
    382. 

  382. 			self::$REQUESTEDAPP = $app;
    383. 

  383. 			$_GET['app'] = $app;
    384. 

  384. 		}
    385. 

  385. 		self::$REQUESTEDFILE = (isset($_GET['getfile'])?$_GET['getfile']:null);
    386. 

  386. 		if(substr_count(self::$REQUESTEDFILE, '?') != 0) {
    387. 

  387. 			$file = substr(self::$REQUESTEDFILE, 0, strpos(self::$REQUESTEDFILE, '?'));
    388. 

  388. 			$param = substr(self::$REQUESTEDFILE, strpos(self::$REQUESTEDFILE, '?') + 1);
    389. 

  389. 			parse_str($param, $get);
    390. 

  390. 			$_GET = array_merge($_GET, $get);
    391. 

  391. 			self::$REQUESTEDFILE = $file;
    392. 

  392. 			$_GET['getfile'] = $file;
    393. 

  393. 		}
    394. 

  394. 		if(!is_null(self::$REQUESTEDFILE)) {
    395. 

  395. 			$subdir = OC_App::getAppPath(OC::$REQUESTEDAPP) . '/' . self::$REQUESTEDFILE;
    396. 

  396. 			$parent = OC_App::getAppPath(OC::$REQUESTEDAPP);
    397. 

  397. 			if(!OC_Helper::issubdirectory($subdir, $parent)) {
    398. 

  398. 				self::$REQUESTEDFILE = null;
    399. 

  399. 				header('HTTP/1.0 404 Not Found');
    400. 

  400. 				exit;
    401. 

  401. 			}
    402. 

  402. 		}
    403. 

  403. 	}
    404. 

  404. 

  405. 	/**
    406. 

  406. 	 * @brief Handle the request
    407. 

  407. 	 */
    408. 

  408. 	public static function handleRequest() {
    409. 

  409. 		if (!OC_Config::getValue('installed', false)) {
    410. 

  410. 			// Check for autosetup:
    411. 

  411. 			$autosetup_file = OC::$SERVERROOT."/config/autoconfig.php";
    412. 

  412. 			if( file_exists( $autosetup_file )) {
    413. 

  413. 				OC_Log::write('core', 'Autoconfig file found, setting up owncloud...', OC_Log::INFO);
    414. 

  414. 				include $autosetup_file;
    415. 

  415. 				$_POST['install'] = 'true';
    416. 

  416. 				$_POST = array_merge ($_POST, $AUTOCONFIG);
    417. 

  417. 				unlink($autosetup_file);
    418. 

  418. 			}
    419. 

  419. 			OC_Util::addScript('setup');
    420. 

  420. 			require_once 'setup.php';
    421. 

  421. 			exit();
    422. 

  422. 		}
    423. 

  423. 		// Handle WebDAV
    424. 

  424. 		if($_SERVER['REQUEST_METHOD']=='PROPFIND') {
    425. 

  425. 			header('location: '.OC_Helper::linkToRemote('webdav'));
    426. 

  426. 			return;
    427. 

  427. 		}
    428. 

  428. 		// Handle app css files
    429. 

  429. 		if(substr(OC::$REQUESTEDFILE, -3) == 'css') {
    430. 

  430. 			self::loadCSSFile();
    431. 

  431. 			return;
    432. 

  432. 		}
    433. 

  433. 		// Someone is logged in :
    434. 

  434. 		if(OC_User::isLoggedIn()) {
    435. 

  435. 			OC_App::loadApps();
    436. 

  436. 			OC_User::setupBackends();
    437. 

  437. 			if(isset($_GET["logout"]) and ($_GET["logout"])) {
    438. 

  438. 				OC_User::logout();
    439. 

  439. 				header("Location: ".OC::$WEBROOT.'/');
    440. 

  440. 			}else{
    441. 

  441. 				$app = OC::$REQUESTEDAPP;
    442. 

  442. 				$file = OC::$REQUESTEDFILE;
    443. 

  443. 				if(is_null($file)) {
    444. 

  444. 					$file = 'index.php';
    445. 

  445. 				}
    446. 

  446. 				$file_ext = substr($file, -3);
    447. 

  447. 				if ($file_ext != 'php'|| !self::loadAppScriptFile($app, $file)) {
    448. 

  448. 					header('HTTP/1.0 404 Not Found');
    449. 

  449. 				}
    450. 

  450. 			}
    451. 

  451. 			return;
    452. 

  452. 		}
    453. 

  453. 		// Not handled and not logged in
    454. 

  454. 		self::handleLogin();
    455. 

  455. 	}
    456. 

  456. 

  457. 	protected static function loadAppScriptFile($app, $file) {
    458. 

  458. 		$app_path = OC_App::getAppPath($app);
    459. 

  459. 		$file = $app_path . '/' . $file;
    460. 

  460. 		unset($app, $app_path);
    461. 

  461. 		if (file_exists($file)) {
    462. 

  462. 			require_once $file;
    463. 

  463. 			return true;
    464. 

  464. 		}
    465. 

  465. 		return false;
    466. 

  466. 	}
    467. 

  467. 

  468. 	protected static function loadCSSFile() {
    469. 

  469. 		$app = OC::$REQUESTEDAPP;
    470. 

  470. 		$file = OC::$REQUESTEDFILE;
    471. 

  471. 		$app_path = OC_App::getAppPath($app);
    472. 

  472. 		if (file_exists($app_path . '/' . $file)) {
    473. 

  473. 			$app_web_path = OC_App::getAppWebPath($app);
    474. 

  474. 			$filepath = $app_web_path . '/' . $file;
    475. 

  475. 			$minimizer = new OC_Minimizer_CSS();
    476. 

  476. 			$info = array($app_path, $app_web_path, $file);
    477. 

  477. 			$minimizer->output(array($info), $filepath);
    478. 

  478. 		}
    479. 

  479. 	}
    480. 

  480. 

  481. 	protected static function handleLogin() {
    482. 

  482. 		OC_App::loadApps(array('prelogin'));
    483. 

  483. 		$error = false;
    484. 

  484. 		// remember was checked after last login
    485. 

  485. 		if (OC::tryRememberLogin()) {
    486. 

  486. 			// nothing more to do
    487. 

  487. 

  488. 		// Someone wants to log in :
    489. 

  489. 		} elseif (OC::tryFormLogin()) {
    490. 

  490. 			$error = true;
    491. 

  491. 

  492. 		// The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
    493. 

  493. 		} elseif (OC::tryBasicAuthLogin()) {
    494. 

  494. 			$error = true;
    495. 

  495. 		}
    496. 

  496. 		OC_Util::displayLoginPage($error);
    497. 

  497. 	}
    498. 

  498. 

  499. 	protected static function tryRememberLogin() {
    500. 

  500. 		if(!isset($_COOKIE["oc_remember_login"])
    501. 

  501. 			|| !isset($_COOKIE["oc_token"])
    502. 

  502. 			|| !isset($_COOKIE["oc_username"])
    503. 

  503. 			|| !$_COOKIE["oc_remember_login"])
    504. 

  504. 		{
    505. 

  505. 			return false;
    506. 

  506. 		}
    507. 

  507. 		OC_App::loadApps(array('authentication'));
    508. 

  508. 		if(defined("DEBUG") && DEBUG) {
    509. 

  509. 			OC_Log::write('core', 'Trying to login from cookie', OC_Log::DEBUG);
    510. 

  510. 		}
    511. 

  511. 		// confirm credentials in cookie
    512. 

  512. 		if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) &&
    513. 

  513. 			OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") === $_COOKIE['oc_token'])
    514. 

  514. 		{
    515. 

  515. 			OC_User::setUserId($_COOKIE['oc_username']);
    516. 

  516. 			OC_Util::redirectToDefaultPage();
    517. 

  517. 		}
    518. 

  518. 		else {
    519. 

  519. 			OC_User::unsetMagicInCookie();
    520. 

  520. 		}
    521. 

  521. 		return true;
    522. 

  522. 	}
    523. 

  523. 

  524. 	protected static function tryFormLogin() {
    525. 

  525. 		if(!isset($_POST["user"])
    526. 

  526. 		|| !isset($_POST['password'])
    527. 

  527. 		|| !isset($_SESSION['sectoken'])
    528. 

  528. 		|| !isset($_POST['sectoken'])
    529. 

  529. 		|| ($_SESSION['sectoken']!=$_POST['sectoken']) ) {
    530. 

  530. 			return false;
    531. 

  531. 		}
    532. 

  532. 

  533. 		OC_App::loadApps();
    534. 

  534. 		
    535. 

  535. 		//setup extra user backends
    536. 

  536. 		OC_User::setupBackends();
    537. 

  537. 		
    538. 

  538. 		if(OC_User::login($_POST["user"], $_POST["password"])) {
    539. 

  539. 			if(!empty($_POST["remember_login"])) {
    540. 

  540. 				if(defined("DEBUG") && DEBUG) {
    541. 

  541. 					OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
    542. 

  542. 				}
    543. 

  543. 				$token = md5($_POST["user"].time().$_POST['password']);
    544. 

  544. 				OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
    545. 

  545. 				OC_User::setMagicInCookie($_POST["user"], $token);
    546. 

  546. 			}
    547. 

  547. 			else {
    548. 

  548. 				OC_User::unsetMagicInCookie();
    549. 

  549. 			}
    550. 

  550. 			OC_Util::redirectToDefaultPage();
    551. 

  551. 		}
    552. 

  552. 		return true;
    553. 

  553. 	}
    554. 

  554. 

  555. 	protected static function tryBasicAuthLogin() {
    556. 

  556. 		if (!isset($_SERVER["PHP_AUTH_USER"])
    557. 

  557. 		 || !isset($_SERVER["PHP_AUTH_PW"])){
    558. 

  558. 			return false;
    559. 

  559. 		}
    560. 

  560. 		OC_App::loadApps(array('authentication'));
    561. 

  561. 		if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) {
    562. 

  562. 			//OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);
    563. 

  563. 			OC_User::unsetMagicInCookie();
    564. 

  564. 			$_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:'');
    565. 

  565. 			OC_Util::redirectToDefaultPage();
    566. 

  566. 		}
    567. 

  567. 		return true;
    568. 

  568. 	}
    569. 

  569. 

  570. }
    571. 

  571. 

  572. // define runtime variables - unless this already has been done
    573. 

  573. if( !isset( $RUNTIME_NOAPPS )) {
    574. 

  574. 	$RUNTIME_NOAPPS = false;
    575. 

  575. }
    576. 

  576. 

  577. if(!function_exists('get_temp_dir')) {
    578. 

  578. 	function get_temp_dir() {
    579. 

  579. 		if( $temp=ini_get('upload_tmp_dir') )        return $temp;
    580. 

  580. 		if( $temp=getenv('TMP') )        return $temp;
    581. 

  581. 		if( $temp=getenv('TEMP') )        return $temp;
    582. 

  582. 		if( $temp=getenv('TMPDIR') )    return $temp;
    583. 

  583. 		$temp=tempnam(__FILE__, '');
    584. 

  584. 		if (file_exists($temp)) {
    585. 

  585. 			unlink($temp);
    586. 

  586. 			return dirname($temp);
    587. 

  587. 		}
    588. 

  588. 		if( $temp=sys_get_temp_dir())    return $temp;
    589. 

  589. 

  590. 		return null;
    591. 

  591. 	}
    592. 

  592. }
    593. 

  593. 

  594. OC::init();
    595. 

  595.