app.inc.php 13.3 KB
Newer Older
1 2 3
<?php

/*
4
Copyright (c) 2007 - 2009, Till Brehm, projektfarm Gmbh
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,
      this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice,
      this list of conditions and the following disclaimer in the documentation
      and/or other materials provided with the distribution.
    * Neither the name of ISPConfig nor the names of its contributors
      may be used to endorse or promote products derived from this software without
      specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

31 32 33 34 35 36 37 38 39 40 41
//* Enable gzip compression for the interface
ob_start('ob_gzhandler');

//* Set timezone
if(isset($conf['timezone']) && $conf['timezone'] != '') date_default_timezone_set($conf['timezone']);

//* Set error reporting level when we are not on a developer system
if(DEVSYSTEM == 0) {
	@ini_set('error_reporting', E_ALL & ~E_NOTICE & ~E_DEPRECATED);
}

42 43 44 45 46 47 48 49 50
/*
    Application Class
*/
class app {

	private $_language_inc = 0;
	private $_wb;
	private $_loaded_classes = array();
	private $_conf;
51
	private $_security_config;
52 53
	
	public $loaded_plugins = array();
54

vogelor's avatar
vogelor committed
55
	public function __construct() {
56
		global $conf;
vogelor's avatar
vogelor committed
57

58 59 60
		if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']) || isset($_REQUEST['s']) || isset($_REQUEST['s_old']) || isset($_REQUEST['conf'])) {
			die('Internal Error: var override attempt detected');
		}
61
		
62 63 64
		$this->_conf = $conf;
		if($this->_conf['start_db'] == true) {
			$this->load('db_'.$this->_conf['db_type']);
65 66 67 68 69
			try {
				$this->db = new db;
			} catch (Exception $e) {
				$this->db = false;
			}
70
		}
vogelor's avatar
vogelor committed
71

72 73
		//* Start the session
		if($this->_conf['start_session'] == true) {
74

75
			$this->uses('session');
Marius Cramer's avatar
Marius Cramer committed
76
			$sess_timeout = $this->conf('interface', 'session_timeout');
77
			$cookie_domain = (isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']);
78 79 80 81 82 83 84
			
			// Workaround for Nginx servers
			if($cookie_domain == '_') {
				$tmp = explode(':',$_SERVER["HTTP_HOST"]);
				$cookie_domain = $tmp[0];
				unset($tmp);
			}
85
			$cookie_secure = ($_SERVER["HTTPS"] == 'on')?true:false;
Marius Cramer's avatar
Marius Cramer committed
86
			if($sess_timeout) {
87 88 89
				/* check if user wants to stay logged in */
				if(isset($_POST['s_mod']) && isset($_POST['s_pg']) && $_POST['s_mod'] == 'login' && $_POST['s_pg'] == 'index' && isset($_POST['stay']) && $_POST['stay'] == '1') {
					/* check if staying logged in is allowed */
90 91 92
					$this->uses('ini_parser');
					$tmp = $this->db->queryOneRecord('SELECT config FROM sys_ini WHERE sysini_id = 1');
					$tmp = $this->ini_parser->parse_ini_string(stripslashes($tmp['config']));
93
					if(!isset($tmp['misc']['session_allow_endless']) || $tmp['misc']['session_allow_endless'] != 'y') {
Marius Cramer's avatar
Marius Cramer committed
94
						$this->session->set_timeout($sess_timeout);
95
						session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short
96 97 98
					} else {
						// we are doing login here, so we need to set the session data
						$this->session->set_permanent(true);
99 100
						$this->session->set_timeout(365 * 24 * 3600,'/',$cookie_domain,$cookie_secure,true); // one year
						session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short
101 102
					}
				} else {
Marius Cramer's avatar
Marius Cramer committed
103
					$this->session->set_timeout($sess_timeout);
104
					session_set_cookie_params(3600 * 24 * 365,'/',$cookie_domain,$cookie_secure,true); // cookie timeout is never updated, so it must not be short
105
				}
106
			} else {
107
				session_set_cookie_params(0,'/',$cookie_domain,$cookie_secure,true); // until browser is closed
108 109
			}
			
110 111 112 113 114 115 116
			session_set_save_handler( array($this->session, 'open'),
				array($this->session, 'close'),
				array($this->session, 'read'),
				array($this->session, 'write'),
				array($this->session, 'destroy'),
				array($this->session, 'gc'));

117
			session_start();
118
			
119 120 121 122 123
			//* Initialize session variables
			if(!isset($_SESSION['s']['id']) ) $_SESSION['s']['id'] = session_id();
			if(empty($_SESSION['s']['theme'])) $_SESSION['s']['theme'] = $conf['theme'];
			if(empty($_SESSION['s']['language'])) $_SESSION['s']['language'] = $conf['language'];
		}
vogelor's avatar
vogelor committed
124

125
		$this->uses('functions'); // we need this before all others!
126 127
		$this->uses('auth,plugin,ini_parser,getconf');
		
128
	}
129

130 131 132 133 134 135 136 137
	public function __get($prop) {
		if(property_exists($this, $prop)) return $this->{$prop};
		
		$this->uses($prop);
		if(property_exists($this, $prop)) return $this->{$prop};
		else return null;
	}
	
138 139 140
	public function __destruct() {
		session_write_close();
	}
141

vogelor's avatar
vogelor committed
142 143
	public function uses($classes) {
		$cl = explode(',', $classes);
144
		if(is_array($cl)) {
vogelor's avatar
vogelor committed
145
			foreach($cl as $classname) {
146
				$classname = trim($classname);
vogelor's avatar
vogelor committed
147
				//* Class is not loaded so load it
148
				if(!array_key_exists($classname, $this->_loaded_classes) && is_file(ISPC_CLASS_PATH."/$classname.inc.php")) {
149
					include_once ISPC_CLASS_PATH."/$classname.inc.php";
150 151 152 153 154 155 156
					$this->$classname = new $classname();
					$this->_loaded_classes[$classname] = true;
				}
			}
		}
	}

vogelor's avatar
vogelor committed
157
	public function load($files) {
158 159
		$fl = explode(',', $files);
		if(is_array($fl)) {
vogelor's avatar
vogelor committed
160
			foreach($fl as $file) {
161
				$file = trim($file);
162
				include_once ISPC_CLASS_PATH."/$file.inc.php";
163 164 165
			}
		}
	}
Marius Cramer's avatar
Marius Cramer committed
166 167 168
	
	public function conf($plugin, $key, $value = null) {
		if(is_null($value)) {
169
			$tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
Marius Cramer's avatar
Marius Cramer committed
170 171 172 173
			if($tmpconf) return $tmpconf['value'];
			else return null;
		} else {
			if($value === false) {
174
				$this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
Marius Cramer's avatar
Marius Cramer committed
175 176
				return null;
			} else {
177
				$this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value);
Marius Cramer's avatar
Marius Cramer committed
178 179 180 181
				return $value;
			}
		}
	}
182 183

	/** Priority values are: 0 = DEBUG, 1 = WARNING,  2 = ERROR */
184 185


vogelor's avatar
vogelor committed
186
	public function log($msg, $priority = 0) {
187
		global $conf;
188
		if($priority >= $this->_conf['log_priority']) {
189 190
			// $server_id = $conf["server_id"];
			$server_id = 0;
191
			$priority = $this->functions->intval($priority);
192
			$tstamp = time();
193 194
			$msg = '[INTERFACE]: '.$msg;
			$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg);
195
			/*
196 197 198 199 200 201 202 203 204 205 206
			if (is_writable($this->_conf['log_file'])) {
				if (!$fp = fopen ($this->_conf['log_file'], 'a')) {
					$this->error('Unable to open logfile.');
				}
				if (!fwrite($fp, date('d.m.Y-H:i').' - '. $msg."\r\n")) {
					$this->error('Unable to write to logfile.');
				}
				fclose($fp);
			} else {
				$this->error('Unable to write to logfile.');
			}
207
			*/
vogelor's avatar
vogelor committed
208 209
		}
	}
210

vogelor's avatar
vogelor committed
211 212
	/** Priority values are: 0 = DEBUG, 1 = WARNING,  2 = ERROR */
	public function error($msg, $next_link = '', $stop = true, $priority = 1) {
213 214
		//$this->uses("error");
		//$this->error->message($msg, $priority);
vogelor's avatar
vogelor committed
215
		if($stop == true) {
216 217 218 219 220 221 222 223 224 225 226 227 228 229
			/*
			 * We always have a error. So it is better not to use any more objects like
			 * the template or so, because we don't know why the error occours (it could be, that
			 * the error occours in one of these objects..)
			 */
			/*
			 * Use the template inside the user-template - Path. If it is not found, fallback to the
			 * default-template (the "normal" behaviour of all template - files)
			 */
			if (file_exists(dirname(__FILE__) . '/../web/themes/' . $_SESSION['s']['theme'] . '/templates/error.tpl.htm')) {
				$content = file_get_contents(dirname(__FILE__) . '/../web/themes/' . $_SESSION['s']['theme'] . '/templates/error.tpl.htm');
			} else {
				$content = file_get_contents(dirname(__FILE__) . '/../web/themes/default/templates/error.tpl.htm');
			}
230
			if($next_link != '') $msg .= '<a href="'.$next_link.'">Next</a>';
vogelor's avatar
vogelor committed
231 232
			$content = str_replace('###ERRORMSG###', $msg, $content);
			die($content);
233 234 235 236 237 238
		} else {
			echo $msg;
			if($next_link != '') echo "<a href='$next_link'>Next</a>";
		}
	}

vogelor's avatar
vogelor committed
239 240
	/** Translates strings in current language */
	public function lng($text) {
tbrehm's avatar
tbrehm committed
241
		global $conf;
242
		if($this->_language_inc != 1) {
243
			$language = (isset($_SESSION['s']['language']))?$_SESSION['s']['language']:$conf['language'];
244
			//* loading global Wordbook
245
			$this->load_language_file('lib/lang/'.$language.'.lng');
246
			//* Load module wordbook, if it exists
247 248
			if(isset($_SESSION['s']['module']['name'])) {
				$lng_file = 'web/'.$_SESSION['s']['module']['name'].'/lib/lang/'.$language.'.lng';
249
				if(!file_exists(ISPC_ROOT_PATH.'/'.$lng_file)) $lng_file = '/web/'.$_SESSION['s']['module']['name'].'/lib/lang/en.lng';
250
				$this->load_language_file($lng_file);
251 252
			}
			$this->_language_inc = 1;
vogelor's avatar
vogelor committed
253
		}
254
		if(isset($this->_wb[$text]) && $this->wb[$text] !== '') {
255
			$text = $this->_wb[$text];
256 257 258 259
		} else {
			if($this->_conf['debug_language']) {
				$text = '#'.$text.'#';
			}
260 261 262
		}
		return $text;
	}
vogelor's avatar
vogelor committed
263

264 265 266
	//** Helper function to load the language files.
	public function load_language_file($filename) {
		$filename = ISPC_ROOT_PATH.'/'.$filename;
267
		if(substr($filename, -4) != '.lng') $this->error('Language file has wrong extension.');
268
		if(file_exists($filename)) {
269
			@include $filename;
270 271
			if(is_array($wb)) {
				if(is_array($this->_wb)) {
272
					$this->_wb = array_merge($this->_wb, $wb);
273 274 275 276 277 278
				} else {
					$this->_wb = $wb;
				}
			}
		}
	}
279

vogelor's avatar
vogelor committed
280
	public function tpl_defaults() {
281
		$this->tpl->setVar('app_title', $this->_conf['app_title']);
282 283
		if(isset($_SESSION['s']['user'])) {
			$this->tpl->setVar('app_version', $this->_conf['app_version']);
284 285 286 287 288 289
			// get pending datalog changes
			$datalog = $this->db->datalogStatus();
			$this->tpl->setVar('datalog_changes_txt', $this->lng('datalog_changes_txt'));
			$this->tpl->setVar('datalog_changes_end_txt', $this->lng('datalog_changes_end_txt'));
			$this->tpl->setVar('datalog_changes_count', $datalog['count']);
			$this->tpl->setLoop('datalog_changes', $datalog['entries']);
290 291 292
		} else {
			$this->tpl->setVar('app_version', '');
		}
293
		$this->tpl->setVar('app_link', $this->_conf['app_link']);
294
		/*
vogelor's avatar
vogelor committed
295
		if(isset($this->_conf['app_logo']) && $this->_conf['app_logo'] != '' && @is_file($this->_conf['app_logo'])) {
296 297 298 299
			$this->tpl->setVar('app_logo', '<img src="'.$this->_conf['app_logo'].'">');
		} else {
			$this->tpl->setVar('app_logo', '&nbsp;');
		}
300 301
		*/
		$this->tpl->setVar('app_logo', $this->_conf['logo']);
302 303 304

		$this->tpl->setVar('phpsessid', session_id());

305
		$this->tpl->setVar('theme', $_SESSION['s']['theme'], true);
306 307 308
		$this->tpl->setVar('html_content_encoding', $this->_conf['html_content_encoding']);

		$this->tpl->setVar('delete_confirmation', $this->lng('delete_confirmation'));
vogelor's avatar
vogelor committed
309
		//print_r($_SESSION);
310
		if(isset($_SESSION['s']['module']['name'])) {
311 312
			$this->tpl->setVar('app_module', $_SESSION['s']['module']['name'], true);
			$this->tpl->setVar('session_module', $_SESSION['s']['module']['name'], true);
313 314 315 316 317 318 319
		}
		if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') {
			$this->tpl->setVar('is_admin', 1);
		}
		if(isset($_SESSION['s']['user']) && $this->auth->has_clients($_SESSION['s']['user']['userid'])) {
			$this->tpl->setVar('is_reseller', 1);
		}
320 321
		/* Show username */
		if(isset($_SESSION['s']['user'])) {
322
			$this->tpl->setVar('cpuser', $_SESSION['s']['user']['username'], true);
323
			$this->tpl->setVar('logout_txt', $this->lng('logout_txt'));
324
			/* Show search field only for normal users, not mail users */
325
			if(stristr($_SESSION['s']['user']['username'], '@')){
326 327 328 329
				$this->tpl->setVar('usertype', 'mailuser');
			} else {
				$this->tpl->setVar('usertype', 'normaluser');
			}
330
		}
331

332 333 334 335 336 337
		/* Global Search */
		$this->tpl->setVar('globalsearch_resultslimit_of_txt', $this->lng('globalsearch_resultslimit_of_txt'));
		$this->tpl->setVar('globalsearch_resultslimit_results_txt', $this->lng('globalsearch_resultslimit_results_txt'));
		$this->tpl->setVar('globalsearch_noresults_text_txt', $this->lng('globalsearch_noresults_text_txt'));
		$this->tpl->setVar('globalsearch_noresults_limit_txt', $this->lng('globalsearch_noresults_limit_txt'));
		$this->tpl->setVar('globalsearch_searchfield_watermark_txt', $this->lng('globalsearch_searchfield_watermark_txt'));
vogelor's avatar
vogelor committed
338 339
	}

340 341 342 343 344 345
} // end class

//** Initialize application (app) object
//* possible future =  new app($conf);
$app = new app();

346 347 348
// load and enable PHP Intrusion Detection System (PHPIDS)
$ids_security_config = $app->getconf->get_security_config('ids');
		
349
if(is_dir(ISPC_CLASS_PATH.'/IDS') && !defined('REMOTE_API_CALL') && ($ids_security_config['ids_anon_enabled'] == 'yes' || $ids_security_config['ids_user_enabled'] == 'yes' || $ids_security_config['ids_admin_enabled'] == 'yes')) {
350 351 352 353 354
	$app->uses('ids');
	$app->ids->start();
}
unset($ids_security_config);

355
?>