Commit 59b1a87bf1681405977bb1cf273b893fdff0cd30

Authored by Alexis Gavoty
1 parent b93276a689
Exists in master

[fix] Apply #4574 fix manually

Showing 1 changed file with 6 additions and 4 deletions Inline Diff

sources/lib/base.php
1 <?php 1 <?php
2 /** 2 /**
3 * ownCloud 3 * ownCloud
4 * 4 *
5 * @author Frank Karlitschek 5 * @author Frank Karlitschek
6 * @copyright 2012 Frank Karlitschek frank@owncloud.org 6 * @copyright 2012 Frank Karlitschek frank@owncloud.org
7 * 7 *
8 * This library is free software; you can redistribute it and/or 8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE 9 * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
10 * License as published by the Free Software Foundation; either 10 * License as published by the Free Software Foundation; either
11 * version 3 of the License, or any later version. 11 * version 3 of the License, or any later version.
12 * 12 *
13 * This library is distributed in the hope that it will be useful, 13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU AFFERO GENERAL PUBLIC LICENSE for more details. 16 * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
17 * 17 *
18 * You should have received a copy of the GNU Affero General Public 18 * You should have received a copy of the GNU Affero General Public
19 * License along with this library. If not, see <http://www.gnu.org/licenses/>. 19 * License along with this library. If not, see <http://www.gnu.org/licenses/>.
20 * 20 *
21 */ 21 */
22 22
23 require_once 'public/constants.php'; 23 require_once 'public/constants.php';
24 24
25 /** 25 /**
26 * Class that is a namespace for all global OC variables 26 * Class that is a namespace for all global OC variables
27 * No, we can not put this class in its own file because it is used by 27 * No, we can not put this class in its own file because it is used by
28 * OC_autoload! 28 * OC_autoload!
29 */ 29 */
30 class OC { 30 class OC {
31 /** 31 /**
32 * Associative array for autoloading. classname => filename 32 * Associative array for autoloading. classname => filename
33 */ 33 */
34 public static $CLASSPATH = array(); 34 public static $CLASSPATH = array();
35 /** 35 /**
36 * The installation path for owncloud on the server (e.g. /srv/http/owncloud) 36 * The installation path for owncloud on the server (e.g. /srv/http/owncloud)
37 */ 37 */
38 public static $SERVERROOT = ''; 38 public static $SERVERROOT = '';
39 /** 39 /**
40 * the current request path relative to the owncloud root (e.g. files/index.php) 40 * the current request path relative to the owncloud root (e.g. files/index.php)
41 */ 41 */
42 private static $SUBURI = ''; 42 private static $SUBURI = '';
43 /** 43 /**
44 * the owncloud root path for http requests (e.g. owncloud/) 44 * the owncloud root path for http requests (e.g. owncloud/)
45 */ 45 */
46 public static $WEBROOT = ''; 46 public static $WEBROOT = '';
47 /** 47 /**
48 * The installation path of the 3rdparty folder on the server (e.g. /srv/http/owncloud/3rdparty) 48 * The installation path of the 3rdparty folder on the server (e.g. /srv/http/owncloud/3rdparty)
49 */ 49 */
50 public static $THIRDPARTYROOT = ''; 50 public static $THIRDPARTYROOT = '';
51 /** 51 /**
52 * the root path of the 3rdparty folder for http requests (e.g. owncloud/3rdparty) 52 * the root path of the 3rdparty folder for http requests (e.g. owncloud/3rdparty)
53 */ 53 */
54 public static $THIRDPARTYWEBROOT = ''; 54 public static $THIRDPARTYWEBROOT = '';
55 /** 55 /**
56 * The installation path array of the apps folder on the server (e.g. /srv/http/owncloud) 'path' and 56 * The installation path array of the apps folder on the server (e.g. /srv/http/owncloud) 'path' and
57 * web path in 'url' 57 * web path in 'url'
58 */ 58 */
59 public static $APPSROOTS = array(); 59 public static $APPSROOTS = array();
60 60
61 public static $configDir; 61 public static $configDir;
62 62
63 /** 63 /**
64 * requested app 64 * requested app
65 */ 65 */
66 public static $REQUESTEDAPP = ''; 66 public static $REQUESTEDAPP = '';
67 67
68 /** 68 /**
69 * check if owncloud runs in cli mode 69 * check if owncloud runs in cli mode
70 */ 70 */
71 public static $CLI = false; 71 public static $CLI = false;
72 72
73 /** 73 /**
74 * @var \OC\Session\Session 74 * @var \OC\Session\Session
75 */ 75 */
76 public static $session = null; 76 public static $session = null;
77 77
78 /** 78 /**
79 * @var \OC\Autoloader $loader 79 * @var \OC\Autoloader $loader
80 */ 80 */
81 public static $loader = null; 81 public static $loader = null;
82 82
83 /** 83 /**
84 * @var \OC\Server 84 * @var \OC\Server
85 */ 85 */
86 public static $server = null; 86 public static $server = null;
87 87
88 public static function initPaths() { 88 public static function initPaths() {
89 // calculate the root directories 89 // calculate the root directories
90 OC::$SERVERROOT = str_replace("\\", '/', substr(__DIR__, 0, -4)); 90 OC::$SERVERROOT = str_replace("\\", '/', substr(__DIR__, 0, -4));
91 91
92 // ensure we can find OC_Config 92 // ensure we can find OC_Config
93 set_include_path( 93 set_include_path(
94 OC::$SERVERROOT . '/lib' . PATH_SEPARATOR . 94 OC::$SERVERROOT . '/lib' . PATH_SEPARATOR .
95 get_include_path() 95 get_include_path()
96 ); 96 );
97 97
98 if(defined('PHPUNIT_CONFIG_DIR')) { 98 if(defined('PHPUNIT_CONFIG_DIR')) {
99 self::$configDir = OC::$SERVERROOT . '/' . PHPUNIT_CONFIG_DIR . '/'; 99 self::$configDir = OC::$SERVERROOT . '/' . PHPUNIT_CONFIG_DIR . '/';
100 } elseif(defined('PHPUNIT_RUN') and PHPUNIT_RUN and is_dir(OC::$SERVERROOT . '/tests/config/')) { 100 } elseif(defined('PHPUNIT_RUN') and PHPUNIT_RUN and is_dir(OC::$SERVERROOT . '/tests/config/')) {
101 self::$configDir = OC::$SERVERROOT . '/tests/config/'; 101 self::$configDir = OC::$SERVERROOT . '/tests/config/';
102 } else { 102 } else {
103 self::$configDir = OC::$SERVERROOT . '/config/'; 103 self::$configDir = OC::$SERVERROOT . '/config/';
104 } 104 }
105 OC_Config::$object = new \OC\Config(self::$configDir); 105 OC_Config::$object = new \OC\Config(self::$configDir);
106 106
107 OC::$SUBURI = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT))); 107 OC::$SUBURI = str_replace("\\", "/", substr(realpath($_SERVER["SCRIPT_FILENAME"]), strlen(OC::$SERVERROOT)));
108 $scriptName = OC_Request::scriptName(); 108 $scriptName = OC_Request::scriptName();
109 if (substr($scriptName, -1) == '/') { 109 if (substr($scriptName, -1) == '/') {
110 $scriptName .= 'index.php'; 110 $scriptName .= 'index.php';
111 //make sure suburi follows the same rules as scriptName 111 //make sure suburi follows the same rules as scriptName
112 if (substr(OC::$SUBURI, -9) != 'index.php') { 112 if (substr(OC::$SUBURI, -9) != 'index.php') {
113 if (substr(OC::$SUBURI, -1) != '/') { 113 if (substr(OC::$SUBURI, -1) != '/') {
114 OC::$SUBURI = OC::$SUBURI . '/'; 114 OC::$SUBURI = OC::$SUBURI . '/';
115 } 115 }
116 OC::$SUBURI = OC::$SUBURI . 'index.php'; 116 OC::$SUBURI = OC::$SUBURI . 'index.php';
117 } 117 }
118 } 118 }
119 119
120 if (substr($scriptName, 0 - strlen(OC::$SUBURI)) === OC::$SUBURI) { 120 if (substr($scriptName, 0 - strlen(OC::$SUBURI)) === OC::$SUBURI) {
121 OC::$WEBROOT = substr($scriptName, 0, 0 - strlen(OC::$SUBURI)); 121 OC::$WEBROOT = substr($scriptName, 0, 0 - strlen(OC::$SUBURI));
122 122
123 if (OC::$WEBROOT != '' && OC::$WEBROOT[0] !== '/') { 123 if (OC::$WEBROOT != '' && OC::$WEBROOT[0] !== '/') {
124 OC::$WEBROOT = '/' . OC::$WEBROOT; 124 OC::$WEBROOT = '/' . OC::$WEBROOT;
125 } 125 }
126 } else { 126 } else {
127 // The scriptName is not ending with OC::$SUBURI 127 // The scriptName is not ending with OC::$SUBURI
128 // This most likely means that we are calling from CLI. 128 // This most likely means that we are calling from CLI.
129 // However some cron jobs still need to generate 129 // However some cron jobs still need to generate
130 // a web URL, so we use overwritewebroot as a fallback. 130 // a web URL, so we use overwritewebroot as a fallback.
131 OC::$WEBROOT = OC_Config::getValue('overwritewebroot', ''); 131 OC::$WEBROOT = OC_Config::getValue('overwritewebroot', '');
132 } 132 }
133 133
134 // search the 3rdparty folder 134 // search the 3rdparty folder
135 if (OC_Config::getValue('3rdpartyroot', '') <> '' and OC_Config::getValue('3rdpartyurl', '') <> '') { 135 if (OC_Config::getValue('3rdpartyroot', '') <> '' and OC_Config::getValue('3rdpartyurl', '') <> '') {
136 OC::$THIRDPARTYROOT = OC_Config::getValue('3rdpartyroot', ''); 136 OC::$THIRDPARTYROOT = OC_Config::getValue('3rdpartyroot', '');
137 OC::$THIRDPARTYWEBROOT = OC_Config::getValue('3rdpartyurl', ''); 137 OC::$THIRDPARTYWEBROOT = OC_Config::getValue('3rdpartyurl', '');
138 } elseif (file_exists(OC::$SERVERROOT . '/3rdparty')) { 138 } elseif (file_exists(OC::$SERVERROOT . '/3rdparty')) {
139 OC::$THIRDPARTYROOT = OC::$SERVERROOT; 139 OC::$THIRDPARTYROOT = OC::$SERVERROOT;
140 OC::$THIRDPARTYWEBROOT = OC::$WEBROOT; 140 OC::$THIRDPARTYWEBROOT = OC::$WEBROOT;
141 } elseif (file_exists(OC::$SERVERROOT . '/../3rdparty')) { 141 } elseif (file_exists(OC::$SERVERROOT . '/../3rdparty')) {
142 OC::$THIRDPARTYWEBROOT = rtrim(dirname(OC::$WEBROOT), '/'); 142 OC::$THIRDPARTYWEBROOT = rtrim(dirname(OC::$WEBROOT), '/');
143 OC::$THIRDPARTYROOT = rtrim(dirname(OC::$SERVERROOT), '/'); 143 OC::$THIRDPARTYROOT = rtrim(dirname(OC::$SERVERROOT), '/');
144 } else { 144 } else {
145 throw new Exception('3rdparty directory not found! Please put the ownCloud 3rdparty' 145 throw new Exception('3rdparty directory not found! Please put the ownCloud 3rdparty'
146 . ' folder in the ownCloud folder or the folder above.' 146 . ' folder in the ownCloud folder or the folder above.'
147 . ' You can also configure the location in the config.php file.'); 147 . ' You can also configure the location in the config.php file.');
148 } 148 }
149 // search the apps folder 149 // search the apps folder
150 $config_paths = OC_Config::getValue('apps_paths', array()); 150 $config_paths = OC_Config::getValue('apps_paths', array());
151 if (!empty($config_paths)) { 151 if (!empty($config_paths)) {
152 foreach ($config_paths as $paths) { 152 foreach ($config_paths as $paths) {
153 if (isset($paths['url']) && isset($paths['path'])) { 153 if (isset($paths['url']) && isset($paths['path'])) {
154 $paths['url'] = rtrim($paths['url'], '/'); 154 $paths['url'] = rtrim($paths['url'], '/');
155 $paths['path'] = rtrim($paths['path'], '/'); 155 $paths['path'] = rtrim($paths['path'], '/');
156 OC::$APPSROOTS[] = $paths; 156 OC::$APPSROOTS[] = $paths;
157 } 157 }
158 } 158 }
159 } elseif (file_exists(OC::$SERVERROOT . '/apps')) { 159 } elseif (file_exists(OC::$SERVERROOT . '/apps')) {
160 OC::$APPSROOTS[] = array('path' => OC::$SERVERROOT . '/apps', 'url' => '/apps', 'writable' => true); 160 OC::$APPSROOTS[] = array('path' => OC::$SERVERROOT . '/apps', 'url' => '/apps', 'writable' => true);
161 } elseif (file_exists(OC::$SERVERROOT . '/../apps')) { 161 } elseif (file_exists(OC::$SERVERROOT . '/../apps')) {
162 OC::$APPSROOTS[] = array( 162 OC::$APPSROOTS[] = array(
163 'path' => rtrim(dirname(OC::$SERVERROOT), '/') . '/apps', 163 'path' => rtrim(dirname(OC::$SERVERROOT), '/') . '/apps',
164 'url' => '/apps', 164 'url' => '/apps',
165 'writable' => true 165 'writable' => true
166 ); 166 );
167 } 167 }
168 168
169 if (empty(OC::$APPSROOTS)) { 169 if (empty(OC::$APPSROOTS)) {
170 throw new Exception('apps directory not found! Please put the ownCloud apps folder in the ownCloud folder' 170 throw new Exception('apps directory not found! Please put the ownCloud apps folder in the ownCloud folder'
171 . ' or the folder above. You can also configure the location in the config.php file.'); 171 . ' or the folder above. You can also configure the location in the config.php file.');
172 } 172 }
173 $paths = array(); 173 $paths = array();
174 foreach (OC::$APPSROOTS as $path) { 174 foreach (OC::$APPSROOTS as $path) {
175 $paths[] = $path['path']; 175 $paths[] = $path['path'];
176 } 176 }
177 177
178 // set the right include path 178 // set the right include path
179 set_include_path( 179 set_include_path(
180 OC::$SERVERROOT . '/lib/private' . PATH_SEPARATOR . 180 OC::$SERVERROOT . '/lib/private' . PATH_SEPARATOR .
181 OC::$SERVERROOT . '/config' . PATH_SEPARATOR . 181 OC::$SERVERROOT . '/config' . PATH_SEPARATOR .
182 OC::$THIRDPARTYROOT . '/3rdparty' . PATH_SEPARATOR . 182 OC::$THIRDPARTYROOT . '/3rdparty' . PATH_SEPARATOR .
183 implode(PATH_SEPARATOR, $paths) . PATH_SEPARATOR . 183 implode(PATH_SEPARATOR, $paths) . PATH_SEPARATOR .
184 get_include_path() . PATH_SEPARATOR . 184 get_include_path() . PATH_SEPARATOR .
185 OC::$SERVERROOT 185 OC::$SERVERROOT
186 ); 186 );
187 } 187 }
188 188
189 public static function checkConfig() { 189 public static function checkConfig() {
190 $l = OC_L10N::get('lib'); 190 $l = OC_L10N::get('lib');
191 if (file_exists(self::$configDir . "/config.php") 191 if (file_exists(self::$configDir . "/config.php")
192 and !is_writable(self::$configDir . "/config.php") 192 and !is_writable(self::$configDir . "/config.php")
193 ) { 193 ) {
194 if (self::$CLI) { 194 if (self::$CLI) {
195 echo $l->t('Cannot write into "config" directory!')."\n"; 195 echo $l->t('Cannot write into "config" directory!')."\n";
196 echo $l->t('This can usually be fixed by giving the webserver write access to the config directory')."\n"; 196 echo $l->t('This can usually be fixed by giving the webserver write access to the config directory')."\n";
197 echo "\n"; 197 echo "\n";
198 echo $l->t('See %s', array(\OC_Helper::linkToDocs('admin-dir_permissions')))."\n"; 198 echo $l->t('See %s', array(\OC_Helper::linkToDocs('admin-dir_permissions')))."\n";
199 exit; 199 exit;
200 } else { 200 } else {
201 OC_Template::printErrorPage( 201 OC_Template::printErrorPage(
202 $l->t('Cannot write into "config" directory!'), 202 $l->t('Cannot write into "config" directory!'),
203 $l->t('This can usually be fixed by ' 203 $l->t('This can usually be fixed by '
204 . '%sgiving the webserver write access to the config directory%s.', 204 . '%sgiving the webserver write access to the config directory%s.',
205 array('<a href="'.\OC_Helper::linkToDocs('admin-dir_permissions').'" target="_blank">', '</a>')) 205 array('<a href="'.\OC_Helper::linkToDocs('admin-dir_permissions').'" target="_blank">', '</a>'))
206 ); 206 );
207 } 207 }
208 } 208 }
209 } 209 }
210 210
211 public static function checkInstalled() { 211 public static function checkInstalled() {
212 // Redirect to installer if not installed 212 // Redirect to installer if not installed
213 if (!OC_Config::getValue('installed', false) && OC::$SUBURI != '/index.php') { 213 if (!OC_Config::getValue('installed', false) && OC::$SUBURI != '/index.php') {
214 if (!OC::$CLI) { 214 if (!OC::$CLI) {
215 $url = 'http://' . $_SERVER['SERVER_NAME'] . OC::$WEBROOT . '/index.php'; 215 $url = 'http://' . $_SERVER['SERVER_NAME'] . OC::$WEBROOT . '/index.php';
216 header("Location: $url"); 216 header("Location: $url");
217 } 217 }
218 exit(); 218 exit();
219 } 219 }
220 } 220 }
221 221
222 public static function checkSSL() { 222 public static function checkSSL() {
223 // redirect to https site if configured 223 // redirect to https site if configured
224 if (OC_Config::getValue("forcessl", false)) { 224 if (OC_Config::getValue("forcessl", false)) {
225 header('Strict-Transport-Security: max-age=31536000'); 225 header('Strict-Transport-Security: max-age=31536000');
226 ini_set("session.cookie_secure", "on"); 226 ini_set("session.cookie_secure", "on");
227 if (OC_Request::serverProtocol() <> 'https' and !OC::$CLI) { 227 if (OC_Request::serverProtocol() <> 'https' and !OC::$CLI) {
228 $url = "https://" . OC_Request::serverHost() . OC_Request::requestUri(); 228 $url = "https://" . OC_Request::serverHost() . OC_Request::requestUri();
229 header("Location: $url"); 229 header("Location: $url");
230 exit(); 230 exit();
231 } 231 }
232 } else { 232 } else {
233 // Invalidate HSTS headers 233 // Invalidate HSTS headers
234 if (OC_Request::serverProtocol() === 'https') { 234 if (OC_Request::serverProtocol() === 'https') {
235 header('Strict-Transport-Security: max-age=0'); 235 header('Strict-Transport-Security: max-age=0');
236 } 236 }
237 } 237 }
238 } 238 }
239 239
240 public static function checkMaintenanceMode() { 240 public static function checkMaintenanceMode() {
241 // Allow ajax update script to execute without being stopped 241 // Allow ajax update script to execute without being stopped
242 if (OC_Config::getValue('maintenance', false) && OC::$SUBURI != '/core/ajax/update.php') { 242 if (OC_Config::getValue('maintenance', false) && OC::$SUBURI != '/core/ajax/update.php') {
243 // send http status 503 243 // send http status 503
244 header('HTTP/1.1 503 Service Temporarily Unavailable'); 244 header('HTTP/1.1 503 Service Temporarily Unavailable');
245 header('Status: 503 Service Temporarily Unavailable'); 245 header('Status: 503 Service Temporarily Unavailable');
246 header('Retry-After: 120'); 246 header('Retry-After: 120');
247 247
248 // render error page 248 // render error page
249 $tmpl = new OC_Template('', 'update.user', 'guest'); 249 $tmpl = new OC_Template('', 'update.user', 'guest');
250 $tmpl->printPage(); 250 $tmpl->printPage();
251 die(); 251 die();
252 } 252 }
253 } 253 }
254 254
255 public static function checkSingleUserMode() { 255 public static function checkSingleUserMode() {
256 $user = OC_User::getUserSession()->getUser(); 256 $user = OC_User::getUserSession()->getUser();
257 $group = OC_Group::getManager()->get('admin'); 257 $group = OC_Group::getManager()->get('admin');
258 if ($user && OC_Config::getValue('singleuser', false) && !$group->inGroup($user)) { 258 if ($user && OC_Config::getValue('singleuser', false) && !$group->inGroup($user)) {
259 // send http status 503 259 // send http status 503
260 header('HTTP/1.1 503 Service Temporarily Unavailable'); 260 header('HTTP/1.1 503 Service Temporarily Unavailable');
261 header('Status: 503 Service Temporarily Unavailable'); 261 header('Status: 503 Service Temporarily Unavailable');
262 header('Retry-After: 120'); 262 header('Retry-After: 120');
263 263
264 // render error page 264 // render error page
265 $tmpl = new OC_Template('', 'singleuser.user', 'guest'); 265 $tmpl = new OC_Template('', 'singleuser.user', 'guest');
266 $tmpl->printPage(); 266 $tmpl->printPage();
267 die(); 267 die();
268 } 268 }
269 } 269 }
270 270
271 /** 271 /**
272 * check if the instance needs to preform an upgrade 272 * check if the instance needs to preform an upgrade
273 * 273 *
274 * @return bool 274 * @return bool
275 * @deprecated use \OCP\Util::needUpgrade instead 275 * @deprecated use \OCP\Util::needUpgrade instead
276 */ 276 */
277 public static function needUpgrade() { 277 public static function needUpgrade() {
278 return \OCP\Util::needUpgrade(); 278 return \OCP\Util::needUpgrade();
279 } 279 }
280 280
281 /** 281 /**
282 * Checks if the version requires an update and shows 282 * Checks if the version requires an update and shows
283 * @param bool $showTemplate Whether an update screen should get shown 283 * @param bool $showTemplate Whether an update screen should get shown
284 * @return bool|void 284 * @return bool|void
285 */ 285 */
286 public static function checkUpgrade($showTemplate = true) { 286 public static function checkUpgrade($showTemplate = true) {
287 if (\OCP\Util::needUpgrade()) { 287 if (\OCP\Util::needUpgrade()) {
288 if ($showTemplate && !OC_Config::getValue('maintenance', false)) { 288 if ($showTemplate && !OC_Config::getValue('maintenance', false)) {
289 $version = OC_Util::getVersion(); 289 $version = OC_Util::getVersion();
290 $oldTheme = OC_Config::getValue('theme'); 290 $oldTheme = OC_Config::getValue('theme');
291 OC_Config::setValue('theme', ''); 291 OC_Config::setValue('theme', '');
292 OC_Util::addScript('config'); // needed for web root 292 OC_Util::addScript('config'); // needed for web root
293 OC_Util::addScript('update'); 293 OC_Util::addScript('update');
294 $tmpl = new OC_Template('', 'update.admin', 'guest'); 294 $tmpl = new OC_Template('', 'update.admin', 'guest');
295 $tmpl->assign('version', OC_Util::getVersionString()); 295 $tmpl->assign('version', OC_Util::getVersionString());
296 296
297 // get third party apps 297 // get third party apps
298 $apps = OC_App::getEnabledApps(); 298 $apps = OC_App::getEnabledApps();
299 $incompatibleApps = array(); 299 $incompatibleApps = array();
300 foreach ($apps as $appId) { 300 foreach ($apps as $appId) {
301 $info = OC_App::getAppInfo($appId); 301 $info = OC_App::getAppInfo($appId);
302 if(!OC_App::isAppCompatible($version, $info)) { 302 if(!OC_App::isAppCompatible($version, $info)) {
303 $incompatibleApps[] = $info; 303 $incompatibleApps[] = $info;
304 } 304 }
305 } 305 }
306 $tmpl->assign('appList', $incompatibleApps); 306 $tmpl->assign('appList', $incompatibleApps);
307 $tmpl->assign('productName', 'ownCloud'); // for now 307 $tmpl->assign('productName', 'ownCloud'); // for now
308 $tmpl->assign('oldTheme', $oldTheme); 308 $tmpl->assign('oldTheme', $oldTheme);
309 $tmpl->printPage(); 309 $tmpl->printPage();
310 exit(); 310 exit();
311 } else { 311 } else {
312 return true; 312 return true;
313 } 313 }
314 } 314 }
315 return false; 315 return false;
316 } 316 }
317 317
318 public static function initTemplateEngine() { 318 public static function initTemplateEngine() {
319 // Add the stuff we need always 319 // Add the stuff we need always
320 // TODO: read from core/js/core.json 320 // TODO: read from core/js/core.json
321 OC_Util::addScript("jquery-1.10.0.min"); 321 OC_Util::addScript("jquery-1.10.0.min");
322 OC_Util::addScript("jquery-migrate-1.2.1.min"); 322 OC_Util::addScript("jquery-migrate-1.2.1.min");
323 OC_Util::addScript("jquery-ui-1.10.0.custom"); 323 OC_Util::addScript("jquery-ui-1.10.0.custom");
324 OC_Util::addScript("jquery-showpassword"); 324 OC_Util::addScript("jquery-showpassword");
325 OC_Util::addScript("placeholders"); 325 OC_Util::addScript("placeholders");
326 OC_Util::addScript("jquery-tipsy"); 326 OC_Util::addScript("jquery-tipsy");
327 OC_Util::addScript("compatibility"); 327 OC_Util::addScript("compatibility");
328 OC_Util::addScript("underscore"); 328 OC_Util::addScript("underscore");
329 OC_Util::addScript("jquery.ocdialog"); 329 OC_Util::addScript("jquery.ocdialog");
330 OC_Util::addScript("oc-dialogs"); 330 OC_Util::addScript("oc-dialogs");
331 OC_Util::addScript("js"); 331 OC_Util::addScript("js");
332 OC_Util::addScript("octemplate"); 332 OC_Util::addScript("octemplate");
333 OC_Util::addScript("eventsource"); 333 OC_Util::addScript("eventsource");
334 OC_Util::addScript("config"); 334 OC_Util::addScript("config");
335 //OC_Util::addScript( "multiselect" ); 335 //OC_Util::addScript( "multiselect" );
336 OC_Util::addScript('search', 'result'); 336 OC_Util::addScript('search', 'result');
337 OC_Util::addScript("oc-requesttoken"); 337 OC_Util::addScript("oc-requesttoken");
338 OC_Util::addScript("apps"); 338 OC_Util::addScript("apps");
339 OC_Util::addScript("snap"); 339 OC_Util::addScript("snap");
340 340
341 // avatars 341 // avatars
342 if (\OC_Config::getValue('enable_avatars', true) === true) { 342 if (\OC_Config::getValue('enable_avatars', true) === true) {
343 \OC_Util::addScript('placeholder'); 343 \OC_Util::addScript('placeholder');
344 \OC_Util::addScript('3rdparty', 'md5/md5.min'); 344 \OC_Util::addScript('3rdparty', 'md5/md5.min');
345 \OC_Util::addScript('jquery.avatar'); 345 \OC_Util::addScript('jquery.avatar');
346 \OC_Util::addScript('avatar'); 346 \OC_Util::addScript('avatar');
347 } 347 }
348 348
349 OC_Util::addStyle("styles"); 349 OC_Util::addStyle("styles");
350 OC_Util::addStyle("header"); 350 OC_Util::addStyle("header");
351 OC_Util::addStyle("mobile"); 351 OC_Util::addStyle("mobile");
352 OC_Util::addStyle("icons"); 352 OC_Util::addStyle("icons");
353 OC_Util::addStyle("fonts"); 353 OC_Util::addStyle("fonts");
354 OC_Util::addStyle("apps"); 354 OC_Util::addStyle("apps");
355 OC_Util::addStyle("fixes"); 355 OC_Util::addStyle("fixes");
356 OC_Util::addStyle("multiselect"); 356 OC_Util::addStyle("multiselect");
357 OC_Util::addStyle("jquery-ui-1.10.0.custom"); 357 OC_Util::addStyle("jquery-ui-1.10.0.custom");
358 OC_Util::addStyle("jquery-tipsy"); 358 OC_Util::addStyle("jquery-tipsy");
359 OC_Util::addStyle("jquery.ocdialog"); 359 OC_Util::addStyle("jquery.ocdialog");
360 } 360 }
361 361
362 public static function initSession() { 362 public static function initSession() {
363 // prevents javascript from accessing php session cookies 363 // prevents javascript from accessing php session cookies
364 ini_set('session.cookie_httponly', '1;'); 364 ini_set('session.cookie_httponly', '1;');
365 365
366 // set the cookie path to the ownCloud directory 366 // set the cookie path to the ownCloud directory
367 $cookie_path = OC::$WEBROOT ? : '/'; 367 $cookie_path = OC::$WEBROOT ? : '/';
368 ini_set('session.cookie_path', $cookie_path); 368 ini_set('session.cookie_path', $cookie_path);
369 369
370 //set the session object to a dummy session so code relying on the session existing still works 370 //set the session object to a dummy session so code relying on the session existing still works
371 self::$session = new \OC\Session\Memory(''); 371 self::$session = new \OC\Session\Memory('');
372 372
373 // Let the session name be changed in the initSession Hook 373 // Let the session name be changed in the initSession Hook
374 $sessionName = OC_Util::getInstanceId(); 374 $sessionName = OC_Util::getInstanceId();
375 375
376 try { 376 try {
377 // Allow session apps to create a custom session object 377 // Allow session apps to create a custom session object
378 $useCustomSession = false; 378 $useCustomSession = false;
379 OC_Hook::emit('OC', 'initSession', array('session' => &self::$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession)); 379 OC_Hook::emit('OC', 'initSession', array('session' => &self::$session, 'sessionName' => &$sessionName, 'useCustomSession' => &$useCustomSession));
380 if(!$useCustomSession) { 380 if(!$useCustomSession) {
381 // set the session name to the instance id - which is unique 381 // set the session name to the instance id - which is unique
382 self::$session = new \OC\Session\Internal($sessionName); 382 self::$session = new \OC\Session\Internal($sessionName);
383 } 383 }
384 // if session cant be started break with http 500 error 384 // if session cant be started break with http 500 error
385 } catch (Exception $e) { 385 } catch (Exception $e) {
386 //show the user a detailed error page 386 //show the user a detailed error page
387 OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR); 387 OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
388 OC_Template::printExceptionErrorPage($e); 388 OC_Template::printExceptionErrorPage($e);
389 } 389 }
390 390
391 $sessionLifeTime = self::getSessionLifeTime(); 391 $sessionLifeTime = self::getSessionLifeTime();
392 // regenerate session id periodically to avoid session fixation 392 // regenerate session id periodically to avoid session fixation
393 if (!self::$session->exists('SID_CREATED')) { 393 if (!self::$session->exists('SID_CREATED')) {
394 self::$session->set('SID_CREATED', time()); 394 self::$session->set('SID_CREATED', time());
395 } else if (time() - self::$session->get('SID_CREATED') > $sessionLifeTime / 2) { 395 } else if (time() - self::$session->get('SID_CREATED') > $sessionLifeTime / 2) {
396 session_regenerate_id(true); 396 session_regenerate_id(true);
397 self::$session->set('SID_CREATED', time()); 397 self::$session->set('SID_CREATED', time());
398 } 398 }
399 399
400 // session timeout 400 // session timeout
401 if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > $sessionLifeTime)) { 401 if (self::$session->exists('LAST_ACTIVITY') && (time() - self::$session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
402 if (isset($_COOKIE[session_name()])) { 402 if (isset($_COOKIE[session_name()])) {
403 setcookie(session_name(), '', time() - 42000, $cookie_path); 403 setcookie(session_name(), '', time() - 42000, $cookie_path);
404 } 404 }
405 session_unset(); 405 session_unset();
406 session_destroy(); 406 session_destroy();
407 session_start(); 407 session_start();
408 } 408 }
409 409
410 self::$session->set('LAST_ACTIVITY', time()); 410 self::$session->set('LAST_ACTIVITY', time());
411 } 411 }
412 412
413 /** 413 /**
414 * @return string 414 * @return string
415 */ 415 */
416 private static function getSessionLifeTime() { 416 private static function getSessionLifeTime() {
417 return OC_Config::getValue('session_lifetime', 60 * 60 * 24); 417 return OC_Config::getValue('session_lifetime', 60 * 60 * 24);
418 } 418 }
419 419
420 public static function loadAppClassPaths() { 420 public static function loadAppClassPaths() {
421 foreach (OC_APP::getEnabledApps() as $app) { 421 foreach (OC_APP::getEnabledApps() as $app) {
422 $file = OC_App::getAppPath($app) . '/appinfo/classpath.php'; 422 $file = OC_App::getAppPath($app) . '/appinfo/classpath.php';
423 if (file_exists($file)) { 423 if (file_exists($file)) {
424 require_once $file; 424 require_once $file;
425 } 425 }
426 } 426 }
427 } 427 }
428 428
429 429
430 public static function init() { 430 public static function init() {
431 // register autoloader 431 // register autoloader
432 require_once __DIR__ . '/autoloader.php'; 432 require_once __DIR__ . '/autoloader.php';
433 self::$loader = new \OC\Autoloader(); 433 self::$loader = new \OC\Autoloader();
434 self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib'); 434 self::$loader->registerPrefix('Doctrine\\Common', 'doctrine/common/lib');
435 self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib'); 435 self::$loader->registerPrefix('Doctrine\\DBAL', 'doctrine/dbal/lib');
436 self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing'); 436 self::$loader->registerPrefix('Symfony\\Component\\Routing', 'symfony/routing');
437 self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console'); 437 self::$loader->registerPrefix('Symfony\\Component\\Console', 'symfony/console');
438 self::$loader->registerPrefix('Patchwork', '3rdparty'); 438 self::$loader->registerPrefix('Patchwork', '3rdparty');
439 self::$loader->registerPrefix('Pimple', '3rdparty/Pimple'); 439 self::$loader->registerPrefix('Pimple', '3rdparty/Pimple');
440 spl_autoload_register(array(self::$loader, 'load')); 440 spl_autoload_register(array(self::$loader, 'load'));
441 441
442 // make a dummy session available as early as possible since error pages need it 442 // make a dummy session available as early as possible since error pages need it
443 self::$session = new \OC\Session\Memory(''); 443 self::$session = new \OC\Session\Memory('');
444 444
445 // set some stuff 445 // set some stuff
446 //ob_start(); 446 //ob_start();
447 error_reporting(E_ALL | E_STRICT); 447 error_reporting(E_ALL | E_STRICT);
448 if (defined('DEBUG') && DEBUG) { 448 if (defined('DEBUG') && DEBUG) {
449 ini_set('display_errors', 1); 449 ini_set('display_errors', 1);
450 } 450 }
451 self::$CLI = (php_sapi_name() == 'cli'); 451 self::$CLI = (php_sapi_name() == 'cli');
452 452
453 date_default_timezone_set('UTC'); 453 date_default_timezone_set('UTC');
454 ini_set('arg_separator.output', '&amp;'); 454 ini_set('arg_separator.output', '&amp;');
455 455
456 // try to switch magic quotes off. 456 // try to switch magic quotes off.
457 if (get_magic_quotes_gpc() == 1) { 457 if (get_magic_quotes_gpc() == 1) {
458 ini_set('magic_quotes_runtime', 0); 458 ini_set('magic_quotes_runtime', 0);
459 } 459 }
460 460
461 //try to configure php to enable big file uploads. 461 //try to configure php to enable big file uploads.
462 //this doesnยดt work always depending on the webserver and php configuration. 462 //this doesnยดt work always depending on the webserver and php configuration.
463 //Letยดs try to overwrite some defaults anyways 463 //Letยดs try to overwrite some defaults anyways
464 464
465 //try to set the maximum execution time to 60min 465 //try to set the maximum execution time to 60min
466 @set_time_limit(3600); 466 @set_time_limit(3600);
467 @ini_set('max_execution_time', 3600); 467 @ini_set('max_execution_time', 3600);
468 @ini_set('max_input_time', 3600); 468 @ini_set('max_input_time', 3600);
469 469
470 //try to set the maximum filesize to 10G 470 //try to set the maximum filesize to 10G
471 @ini_set('upload_max_filesize', '10G'); 471 @ini_set('upload_max_filesize', '10G');
472 @ini_set('post_max_size', '10G'); 472 @ini_set('post_max_size', '10G');
473 @ini_set('file_uploads', '50'); 473 @ini_set('file_uploads', '50');
474 474
475 self::handleAuthHeaders(); 475 self::handleAuthHeaders();
476 self::initPaths(); 476 self::initPaths();
477 self::registerAutoloaderCache(); 477 self::registerAutoloaderCache();
478 478
479 OC_Util::isSetLocaleWorking(); 479 OC_Util::isSetLocaleWorking();
480 480
481 // setup 3rdparty autoloader 481 // setup 3rdparty autoloader
482 $vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php'; 482 $vendorAutoLoad = OC::$THIRDPARTYROOT . '/3rdparty/autoload.php';
483 if (file_exists($vendorAutoLoad)) { 483 if (file_exists($vendorAutoLoad)) {
484 require_once $vendorAutoLoad; 484 require_once $vendorAutoLoad;
485 } 485 }
486 486
487 if (!defined('PHPUNIT_RUN')) { 487 if (!defined('PHPUNIT_RUN')) {
488 OC\Log\ErrorHandler::setLogger(OC_Log::$object); 488 OC\Log\ErrorHandler::setLogger(OC_Log::$object);
489 if (defined('DEBUG') and DEBUG) { 489 if (defined('DEBUG') and DEBUG) {
490 OC\Log\ErrorHandler::register(true); 490 OC\Log\ErrorHandler::register(true);
491 set_exception_handler(array('OC_Template', 'printExceptionErrorPage')); 491 set_exception_handler(array('OC_Template', 'printExceptionErrorPage'));
492 } else { 492 } else {
493 OC\Log\ErrorHandler::register(); 493 OC\Log\ErrorHandler::register();
494 } 494 }
495 } 495 }
496 496
497 // register the stream wrappers 497 // register the stream wrappers
498 stream_wrapper_register('fakedir', 'OC\Files\Stream\Dir'); 498 stream_wrapper_register('fakedir', 'OC\Files\Stream\Dir');
499 stream_wrapper_register('static', 'OC\Files\Stream\StaticStream'); 499 stream_wrapper_register('static', 'OC\Files\Stream\StaticStream');
500 stream_wrapper_register('close', 'OC\Files\Stream\Close'); 500 stream_wrapper_register('close', 'OC\Files\Stream\Close');
501 stream_wrapper_register('quota', 'OC\Files\Stream\Quota'); 501 stream_wrapper_register('quota', 'OC\Files\Stream\Quota');
502 stream_wrapper_register('oc', 'OC\Files\Stream\OC'); 502 stream_wrapper_register('oc', 'OC\Files\Stream\OC');
503 503
504 // setup the basic server 504 // setup the basic server
505 self::$server = new \OC\Server(); 505 self::$server = new \OC\Server();
506 506
507 self::initTemplateEngine(); 507 self::initTemplateEngine();
508 OC_App::loadApps(array('session')); 508 OC_App::loadApps(array('session'));
509 if (!self::$CLI) { 509 if (!self::$CLI) {
510 self::initSession(); 510 self::initSession();
511 } else { 511 } else {
512 self::$session = new \OC\Session\Memory(''); 512 self::$session = new \OC\Session\Memory('');
513 } 513 }
514 self::checkConfig(); 514 self::checkConfig();
515 self::checkInstalled(); 515 self::checkInstalled();
516 self::checkSSL(); 516 self::checkSSL();
517 OC_Response::addSecurityHeaders(); 517 OC_Response::addSecurityHeaders();
518 518
519 $errors = OC_Util::checkServer(); 519 $errors = OC_Util::checkServer();
520 if (count($errors) > 0) { 520 if (count($errors) > 0) {
521 if (self::$CLI) { 521 if (self::$CLI) {
522 foreach ($errors as $error) { 522 foreach ($errors as $error) {
523 echo $error['error'] . "\n"; 523 echo $error['error'] . "\n";
524 echo $error['hint'] . "\n\n"; 524 echo $error['hint'] . "\n\n";
525 } 525 }
526 } else { 526 } else {
527 OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE); 527 OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);
528 OC_Template::printGuestPage('', 'error', array('errors' => $errors)); 528 OC_Template::printGuestPage('', 'error', array('errors' => $errors));
529 } 529 }
530 exit; 530 exit;
531 } 531 }
532 532
533 //try to set the session lifetime 533 //try to set the session lifetime
534 $sessionLifeTime = self::getSessionLifeTime(); 534 $sessionLifeTime = self::getSessionLifeTime();
535 @ini_set('gc_maxlifetime', (string)$sessionLifeTime); 535 @ini_set('gc_maxlifetime', (string)$sessionLifeTime);
536 536
537 // User and Groups 537 // User and Groups
538 if (!OC_Config::getValue("installed", false)) { 538 if (!OC_Config::getValue("installed", false)) {
539 self::$session->set('user_id', ''); 539 self::$session->set('user_id', '');
540 } 540 }
541 541
542 OC_User::useBackend(new OC_User_Database()); 542 OC_User::useBackend(new OC_User_Database());
543 OC_Group::useBackend(new OC_Group_Database()); 543 OC_Group::useBackend(new OC_Group_Database());
544 544
545 //setup extra user backends 545 //setup extra user backends
546 OC_User::setupBackends(); 546 OC_User::setupBackends();
547 547
548 self::registerCacheHooks(); 548 self::registerCacheHooks();
549 self::registerFilesystemHooks(); 549 self::registerFilesystemHooks();
550 self::registerPreviewHooks(); 550 self::registerPreviewHooks();
551 self::registerShareHooks(); 551 self::registerShareHooks();
552 self::registerLogRotate(); 552 self::registerLogRotate();
553 self::registerLocalAddressBook(); 553 self::registerLocalAddressBook();
554 554
555 //make sure temporary files are cleaned up 555 //make sure temporary files are cleaned up
556 register_shutdown_function(array('OC_Helper', 'cleanTmp')); 556 register_shutdown_function(array('OC_Helper', 'cleanTmp'));
557 557
558 if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) { 558 if (OC_Config::getValue('installed', false) && !self::checkUpgrade(false)) {
559 if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') { 559 if (OC_Appconfig::getValue('core', 'backgroundjobs_mode', 'ajax') == 'ajax') {
560 OC_Util::addScript('backgroundjobs'); 560 OC_Util::addScript('backgroundjobs');
561 } 561 }
562 } 562 }
563 } 563 }
564 564
565 private static function registerLocalAddressBook() { 565 private static function registerLocalAddressBook() {
566 self::$server->getContactsManager()->register(function() { 566 self::$server->getContactsManager()->register(function() {
567 $userManager = \OC::$server->getUserManager(); 567 $userManager = \OC::$server->getUserManager();
568 \OC::$server->getContactsManager()->registerAddressBook( 568 \OC::$server->getContactsManager()->registerAddressBook(
569 new \OC\Contacts\LocalAddressBook($userManager)); 569 new \OC\Contacts\LocalAddressBook($userManager));
570 }); 570 });
571 } 571 }
572 572
573 /** 573 /**
574 * register hooks for the cache 574 * register hooks for the cache
575 */ 575 */
576 public static function registerCacheHooks() { 576 public static function registerCacheHooks() {
577 if (OC_Config::getValue('installed', false) && !\OCP\Util::needUpgrade()) { //don't try to do this before we are properly setup 577 if (OC_Config::getValue('installed', false) && !\OCP\Util::needUpgrade()) { //don't try to do this before we are properly setup
578 \OCP\BackgroundJob::registerJob('OC\Cache\FileGlobalGC'); 578 \OCP\BackgroundJob::registerJob('OC\Cache\FileGlobalGC');
579 579
580 // NOTE: This will be replaced to use OCP 580 // NOTE: This will be replaced to use OCP
581 $userSession = \OC_User::getUserSession(); 581 $userSession = \OC_User::getUserSession();
582 $userSession->listen('postLogin', '\OC\Cache\File', 'loginListener'); 582 $userSession->listen('postLogin', '\OC\Cache\File', 'loginListener');
583 } 583 }
584 } 584 }
585 585
586 /** 586 /**
587 * register hooks for the cache 587 * register hooks for the cache
588 */ 588 */
589 public static function registerLogRotate() { 589 public static function registerLogRotate() {
590 if (OC_Config::getValue('installed', false) && OC_Config::getValue('log_rotate_size', false) && !\OCP\Util::needUpgrade()) { 590 if (OC_Config::getValue('installed', false) && OC_Config::getValue('log_rotate_size', false) && !\OCP\Util::needUpgrade()) {
591 //don't try to do this before we are properly setup 591 //don't try to do this before we are properly setup
592 //use custom logfile path if defined, otherwise use default of owncloud.log in data directory 592 //use custom logfile path if defined, otherwise use default of owncloud.log in data directory
593 \OCP\BackgroundJob::registerJob('OC\Log\Rotate', OC_Config::getValue('logfile', OC_Config::getValue("datadirectory", OC::$SERVERROOT . '/data') . '/owncloud.log')); 593 \OCP\BackgroundJob::registerJob('OC\Log\Rotate', OC_Config::getValue('logfile', OC_Config::getValue("datadirectory", OC::$SERVERROOT . '/data') . '/owncloud.log'));
594 } 594 }
595 } 595 }
596 596
597 /** 597 /**
598 * register hooks for the filesystem 598 * register hooks for the filesystem
599 */ 599 */
600 public static function registerFilesystemHooks() { 600 public static function registerFilesystemHooks() {
601 // Check for blacklisted files 601 // Check for blacklisted files
602 OC_Hook::connect('OC_Filesystem', 'write', 'OC\Files\Filesystem', 'isBlacklisted'); 602 OC_Hook::connect('OC_Filesystem', 'write', 'OC\Files\Filesystem', 'isBlacklisted');
603 OC_Hook::connect('OC_Filesystem', 'rename', 'OC\Files\Filesystem', 'isBlacklisted'); 603 OC_Hook::connect('OC_Filesystem', 'rename', 'OC\Files\Filesystem', 'isBlacklisted');
604 } 604 }
605 605
606 /** 606 /**
607 * register hooks for previews 607 * register hooks for previews
608 */ 608 */
609 public static function registerPreviewHooks() { 609 public static function registerPreviewHooks() {
610 OC_Hook::connect('OC_Filesystem', 'post_write', 'OC\Preview', 'post_write'); 610 OC_Hook::connect('OC_Filesystem', 'post_write', 'OC\Preview', 'post_write');
611 OC_Hook::connect('OC_Filesystem', 'delete', 'OC\Preview', 'prepare_delete_files'); 611 OC_Hook::connect('OC_Filesystem', 'delete', 'OC\Preview', 'prepare_delete_files');
612 OC_Hook::connect('\OCP\Versions', 'preDelete', 'OC\Preview', 'prepare_delete'); 612 OC_Hook::connect('\OCP\Versions', 'preDelete', 'OC\Preview', 'prepare_delete');
613 OC_Hook::connect('\OCP\Trashbin', 'preDelete', 'OC\Preview', 'prepare_delete'); 613 OC_Hook::connect('\OCP\Trashbin', 'preDelete', 'OC\Preview', 'prepare_delete');
614 OC_Hook::connect('OC_Filesystem', 'post_delete', 'OC\Preview', 'post_delete_files'); 614 OC_Hook::connect('OC_Filesystem', 'post_delete', 'OC\Preview', 'post_delete_files');
615 OC_Hook::connect('\OCP\Versions', 'delete', 'OC\Preview', 'post_delete'); 615 OC_Hook::connect('\OCP\Versions', 'delete', 'OC\Preview', 'post_delete');
616 OC_Hook::connect('\OCP\Trashbin', 'delete', 'OC\Preview', 'post_delete'); 616 OC_Hook::connect('\OCP\Trashbin', 'delete', 'OC\Preview', 'post_delete');
617 } 617 }
618 618
619 /** 619 /**
620 * register hooks for sharing 620 * register hooks for sharing
621 */ 621 */
622 public static function registerShareHooks() { 622 public static function registerShareHooks() {
623 if (\OC_Config::getValue('installed')) { 623 if (\OC_Config::getValue('installed')) {
624 OC_Hook::connect('OC_User', 'post_deleteUser', 'OC\Share\Hooks', 'post_deleteUser'); 624 OC_Hook::connect('OC_User', 'post_deleteUser', 'OC\Share\Hooks', 'post_deleteUser');
625 OC_Hook::connect('OC_User', 'post_addToGroup', 'OC\Share\Hooks', 'post_addToGroup'); 625 OC_Hook::connect('OC_User', 'post_addToGroup', 'OC\Share\Hooks', 'post_addToGroup');
626 OC_Hook::connect('OC_User', 'post_removeFromGroup', 'OC\Share\Hooks', 'post_removeFromGroup'); 626 OC_Hook::connect('OC_User', 'post_removeFromGroup', 'OC\Share\Hooks', 'post_removeFromGroup');
627 OC_Hook::connect('OC_User', 'post_deleteGroup', 'OC\Share\Hooks', 'post_deleteGroup'); 627 OC_Hook::connect('OC_User', 'post_deleteGroup', 'OC\Share\Hooks', 'post_deleteGroup');
628 } 628 }
629 } 629 }
630 630
631 protected static function registerAutoloaderCache() { 631 protected static function registerAutoloaderCache() {
632 // The class loader takes an optional low-latency cache, which MUST be 632 // The class loader takes an optional low-latency cache, which MUST be
633 // namespaced. The instanceid is used for namespacing, but might be 633 // namespaced. The instanceid is used for namespacing, but might be
634 // unavailable at this point. Futhermore, it might not be possible to 634 // unavailable at this point. Futhermore, it might not be possible to
635 // generate an instanceid via \OC_Util::getInstanceId() because the 635 // generate an instanceid via \OC_Util::getInstanceId() because the
636 // config file may not be writable. As such, we only register a class 636 // config file may not be writable. As such, we only register a class
637 // loader cache if instanceid is available without trying to create one. 637 // loader cache if instanceid is available without trying to create one.
638 $instanceId = OC_Config::getValue('instanceid', null); 638 $instanceId = OC_Config::getValue('instanceid', null);
639 if ($instanceId) { 639 if ($instanceId) {
640 try { 640 try {
641 $memcacheFactory = new \OC\Memcache\Factory($instanceId); 641 $memcacheFactory = new \OC\Memcache\Factory($instanceId);
642 self::$loader->setMemoryCache($memcacheFactory->createLowLatency('Autoloader')); 642 self::$loader->setMemoryCache($memcacheFactory->createLowLatency('Autoloader'));
643 } catch (\Exception $ex) { 643 } catch (\Exception $ex) {
644 } 644 }
645 } 645 }
646 } 646 }
647 647
648 /** 648 /**
649 * Handle the request 649 * Handle the request
650 */ 650 */
651 public static function handleRequest() { 651 public static function handleRequest() {
652 $l = \OC_L10N::get('lib'); 652 $l = \OC_L10N::get('lib');
653 // load all the classpaths from the enabled apps so they are available 653 // load all the classpaths from the enabled apps so they are available
654 // in the routing files of each app 654 // in the routing files of each app
655 OC::loadAppClassPaths(); 655 OC::loadAppClassPaths();
656 656
657 // Check if ownCloud is installed or in maintenance (update) mode 657 // Check if ownCloud is installed or in maintenance (update) mode
658 if (!OC_Config::getValue('installed', false)) { 658 if (!OC_Config::getValue('installed', false)) {
659 $controller = new OC\Core\Setup\Controller(); 659 $controller = new OC\Core\Setup\Controller();
660 $controller->run($_POST); 660 $controller->run($_POST);
661 exit(); 661 exit();
662 } 662 }
663 663
664 $host = OC_Request::insecureServerHost(); 664 $host = OC_Request::insecureServerHost();
665 // if the host passed in headers isn't trusted 665 // if the host passed in headers isn't trusted
666 if (!OC::$CLI 666 if (!OC::$CLI
667 // overwritehost is always trusted 667 // overwritehost is always trusted
668 && OC_Request::getOverwriteHost() === null 668 && OC_Request::getOverwriteHost() === null
669 && !OC_Request::isTrustedDomain($host)) { 669 && !OC_Request::isTrustedDomain($host)) {
670 670
671 header('HTTP/1.1 400 Bad Request'); 671 header('HTTP/1.1 400 Bad Request');
672 header('Status: 400 Bad Request'); 672 header('Status: 400 Bad Request');
673 $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest'); 673 $tmpl = new OCP\Template('core', 'untrustedDomain', 'guest');
674 $tmpl->assign('domain', $_SERVER['SERVER_NAME']); 674 $tmpl->assign('domain', $_SERVER['SERVER_NAME']);
675 $tmpl->printPage(); 675 $tmpl->printPage();
676 return; 676 return;
677 } 677 }
678 678
679 $request = OC_Request::getPathInfo(); 679 $request = OC_Request::getPathInfo();
680 if (substr($request, -3) !== '.js') { // we need these files during the upgrade 680 if (substr($request, -3) !== '.js') { // we need these files during the upgrade
681 self::checkMaintenanceMode(); 681 self::checkMaintenanceMode();
682 self::checkUpgrade(); 682 self::checkUpgrade();
683 } 683 }
684 684
685 if (!OC_User::isLoggedIn()) { 685 if (!OC_User::isLoggedIn()) {
686 // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP 686 // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
687 if (!OC_Config::getValue('maintenance', false) && !self::checkUpgrade(false)) { 687 if (!OC_Config::getValue('maintenance', false) && !self::checkUpgrade(false)) {
688 OC_App::loadApps(array('authentication')); 688 OC_App::loadApps(array('authentication'));
689 } 689 }
690 OC::tryBasicAuthLogin(); 690 OC::tryBasicAuthLogin();
691 } 691 }
692 692
693 693
694 if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) { 694 if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) {
695 try { 695 try {
696 if (!OC_Config::getValue('maintenance', false) && !\OCP\Util::needUpgrade()) { 696 if (!OC_Config::getValue('maintenance', false) && !\OCP\Util::needUpgrade()) {
697 OC_App::loadApps(array('authentication')); 697 OC_App::loadApps(array('authentication'));
698 OC_App::loadApps(array('filesystem', 'logging')); 698 OC_App::loadApps(array('filesystem', 'logging'));
699 OC_App::loadApps(); 699 OC_App::loadApps();
700 } 700 }
701 self::checkSingleUserMode(); 701 self::checkSingleUserMode();
702 OC::$server->getRouter()->match(OC_Request::getRawPathInfo()); 702 OC::$server->getRouter()->match(OC_Request::getRawPathInfo());
703 return; 703 return;
704 } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { 704 } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
705 //header('HTTP/1.0 404 Not Found'); 705 //header('HTTP/1.0 404 Not Found');
706 } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) { 706 } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
707 OC_Response::setStatus(405); 707 OC_Response::setStatus(405);
708 return; 708 return;
709 } 709 }
710 } 710 }
711 711
712 // Load minimum set of apps 712 // Load minimum set of apps
713 if (!self::checkUpgrade(false)) { 713 if (!self::checkUpgrade(false)) {
714 // For logged-in users: Load everything 714 // For logged-in users: Load everything
715 if(OC_User::isLoggedIn()) { 715 if(OC_User::isLoggedIn()) {
716 OC_App::loadApps(); 716 OC_App::loadApps();
717 } else { 717 } else {
718 // For guests: Load only authentication, filesystem and logging 718 // For guests: Load only authentication, filesystem and logging
719 OC_App::loadApps(array('authentication')); 719 OC_App::loadApps(array('authentication'));
720 OC_App::loadApps(array('filesystem', 'logging')); 720 OC_App::loadApps(array('filesystem', 'logging'));
721 } 721 }
722 } 722 }
723 723
724 // Handle redirect URL for logged in users 724 // Handle redirect URL for logged in users
725 if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) { 725 if (isset($_REQUEST['redirect_url']) && OC_User::isLoggedIn()) {
726 $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url'])); 726 $location = OC_Helper::makeURLAbsolute(urldecode($_REQUEST['redirect_url']));
727 727
728 // Deny the redirect if the URL contains a @ 728 // Deny the redirect if the URL contains a @
729 // This prevents unvalidated redirects like ?redirect_url=:user@domain.com 729 // This prevents unvalidated redirects like ?redirect_url=:user@domain.com
730 if (strpos($location, '@') === false) { 730 if (strpos($location, '@') === false) {
731 header('Location: ' . $location); 731 header('Location: ' . $location);
732 return; 732 return;
733 } 733 }
734 } 734 }
735 // Handle WebDAV 735 // Handle WebDAV
736 if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') { 736 if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
737 // not allowed any more to prevent people 737 // not allowed any more to prevent people
738 // mounting this root directly. 738 // mounting this root directly.
739 // Users need to mount remote.php/webdav instead. 739 // Users need to mount remote.php/webdav instead.
740 header('HTTP/1.1 405 Method Not Allowed'); 740 header('HTTP/1.1 405 Method Not Allowed');
741 header('Status: 405 Method Not Allowed'); 741 header('Status: 405 Method Not Allowed');
742 return; 742 return;
743 } 743 }
744 744
745 // Redirect to index if the logout link is accessed without valid session 745 // Redirect to index if the logout link is accessed without valid session
746 // this is needed to prevent "Token expired" messages while login if a session is expired 746 // this is needed to prevent "Token expired" messages while login if a session is expired
747 // @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583 747 // @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
748 if(isset($_GET['logout']) && !OC_User::isLoggedIn()) { 748 if(isset($_GET['logout']) && !OC_User::isLoggedIn()) {
749 header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); 749 header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
750 return; 750 return;
751 } 751 }
752 752
753 // Someone is logged in 753 // Someone is logged in
754 if (OC_User::isLoggedIn()) { 754 if (OC_User::isLoggedIn()) {
755 OC_App::loadApps(); 755 OC_App::loadApps();
756 OC_User::setupBackends(); 756 OC_User::setupBackends();
757 if (isset($_GET["logout"]) and ($_GET["logout"])) { 757 if (isset($_GET["logout"]) and ($_GET["logout"])) {
758 OC_JSON::callCheck(); 758 OC_JSON::callCheck();
759 if (isset($_COOKIE['oc_token'])) { 759 if (isset($_COOKIE['oc_token'])) {
760 OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); 760 OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
761 } 761 }
762 if (isset($_SERVER['PHP_AUTH_USER'])) { 762 if (isset($_SERVER['PHP_AUTH_USER'])) {
763 if (isset($_COOKIE['oc_ignore_php_auth_user'])) { 763 if (isset($_COOKIE['oc_ignore_php_auth_user'])) {
764 // Ignore HTTP Authentication for 5 more mintues. 764 // Ignore HTTP Authentication for 5 more mintues.
765 setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); 765 setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], time() + 300, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
766 } elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) { 766 } elseif ($_SERVER['PHP_AUTH_USER'] === self::$session->get('loginname')) {
767 // Ignore HTTP Authentication to allow a different user to log in. 767 // Ignore HTTP Authentication to allow a different user to log in.
768 setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); 768 setcookie('oc_ignore_php_auth_user', $_SERVER['PHP_AUTH_USER'], 0, OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
769 } 769 }
770 } 770 }
771 OC_User::logout(); 771 OC_User::logout();
772 // redirect to webroot and add slash if webroot is empty 772 // redirect to webroot and add slash if webroot is empty
773 header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); 773 header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
774 } else { 774 } else {
775 // Redirect to default application 775 // Redirect to default application
776 OC_Util::redirectToDefaultPage(); 776 OC_Util::redirectToDefaultPage();
777 } 777 }
778 } else { 778 } else {
779 // Not handled and not logged in 779 // Not handled and not logged in
780 self::handleLogin(); 780 self::handleLogin();
781 } 781 }
782 } 782 }
783 783
784 /** 784 /**
785 * Load a PHP file belonging to the specified application 785 * Load a PHP file belonging to the specified application
786 * @param array $param The application and file to load 786 * @param array $param The application and file to load
787 * @return bool Whether the file has been found (will return 404 and false if not) 787 * @return bool Whether the file has been found (will return 404 and false if not)
788 * @deprecated This function will be removed in ownCloud 8 - use proper routing instead 788 * @deprecated This function will be removed in ownCloud 8 - use proper routing instead
789 * @param $param 789 * @param $param
790 * @return bool Whether the file has been found (will return 404 and false if not) 790 * @return bool Whether the file has been found (will return 404 and false if not)
791 */ 791 */
792 public static function loadAppScriptFile($param) { 792 public static function loadAppScriptFile($param) {
793 OC_App::loadApps(); 793 OC_App::loadApps();
794 $app = $param['app']; 794 $app = $param['app'];
795 $file = $param['file']; 795 $file = $param['file'];
796 $app_path = OC_App::getAppPath($app); 796 $app_path = OC_App::getAppPath($app);
797 $file = $app_path . '/' . $file; 797 $file = $app_path . '/' . $file;
798 798
799 if (OC_App::isEnabled($app) && $app_path !== false && OC_Helper::issubdirectory($file, $app_path)) { 799 if (OC_App::isEnabled($app) && $app_path !== false && OC_Helper::issubdirectory($file, $app_path)) {
800 unset($app, $app_path); 800 unset($app, $app_path);
801 if (file_exists($file)) { 801 if (file_exists($file)) {
802 require_once $file; 802 require_once $file;
803 return true; 803 return true;
804 } 804 }
805 } 805 }
806 header('HTTP/1.0 404 Not Found'); 806 header('HTTP/1.0 404 Not Found');
807 return false; 807 return false;
808 } 808 }
809 809
810 protected static function handleAuthHeaders() { 810 protected static function handleAuthHeaders() {
811 //copy http auth headers for apache+php-fcgid work around 811 //copy http auth headers for apache+php-fcgid work around
812 if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) { 812 if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
813 $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION']; 813 $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
814 } 814 }
815 815
816 // Extract PHP_AUTH_USER/PHP_AUTH_PW from other headers if necessary. 816 // Extract PHP_AUTH_USER/PHP_AUTH_PW from other headers if necessary.
817 $vars = array( 817 $vars = array(
818 'HTTP_AUTHORIZATION', // apache+php-cgi work around 818 'HTTP_AUTHORIZATION', // apache+php-cgi work around
819 'REDIRECT_HTTP_AUTHORIZATION', // apache+php-cgi alternative 819 'REDIRECT_HTTP_AUTHORIZATION', // apache+php-cgi alternative
820 ); 820 );
821 foreach ($vars as $var) { 821 foreach ($vars as $var) {
822 if (isset($_SERVER[$var]) && preg_match('/Basic\s+(.*)$/i', $_SERVER[$var], $matches)) { 822 if (isset($_SERVER[$var]) && preg_match('/Basic\s+(.*)$/i', $_SERVER[$var], $matches)) {
823 list($name, $password) = explode(':', base64_decode($matches[1]), 2); 823 list($name, $password) = explode(':', base64_decode($matches[1]), 2);
824 $_SERVER['PHP_AUTH_USER'] = $name; 824 $_SERVER['PHP_AUTH_USER'] = $name;
825 $_SERVER['PHP_AUTH_PW'] = $password; 825 $_SERVER['PHP_AUTH_PW'] = $password;
826 break; 826 break;
827 } 827 }
828 } 828 }
829 } 829 }
830 830
831 protected static function handleLogin() { 831 protected static function handleLogin() {
832 OC_App::loadApps(array('prelogin')); 832 OC_App::loadApps(array('prelogin'));
833 $error = array(); 833 $error = array();
834 834
835 // auth possible via apache module? 835 // auth possible via apache module?
836 if (OC::tryApacheAuth()) { 836 if (OC::tryApacheAuth()) {
837 $error[] = 'apacheauthfailed'; 837 $error[] = 'apacheauthfailed';
838 } // remember was checked after last login 838 } // remember was checked after last login
839 elseif (OC::tryRememberLogin()) { 839 elseif (OC::tryRememberLogin()) {
840 $error[] = 'invalidcookie'; 840 $error[] = 'invalidcookie';
841 } // logon via web form 841 } // logon via web form
842 elseif (OC::tryFormLogin()) { 842 elseif (OC::tryFormLogin()) {
843 $error[] = 'invalidpassword'; 843 $error[] = 'invalidpassword';
844 } 844 }
845 845
846 OC_Util::displayLoginPage(array_unique($error)); 846 OC_Util::displayLoginPage(array_unique($error));
847 } 847 }
848 848
849 /** 849 /**
850 * Remove outdated and therefore invalid tokens for a user 850 * Remove outdated and therefore invalid tokens for a user
851 * @param string $user 851 * @param string $user
852 */ 852 */
853 protected static function cleanupLoginTokens($user) { 853 protected static function cleanupLoginTokens($user) {
854 $cutoff = time() - OC_Config::getValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15); 854 $cutoff = time() - OC_Config::getValue('remember_login_cookie_lifetime', 60 * 60 * 24 * 15);
855 $tokens = OC_Preferences::getKeys($user, 'login_token'); 855 $tokens = OC_Preferences::getKeys($user, 'login_token');
856 foreach ($tokens as $token) { 856 foreach ($tokens as $token) {
857 $time = OC_Preferences::getValue($user, 'login_token', $token); 857 $time = OC_Preferences::getValue($user, 'login_token', $token);
858 if ($time < $cutoff) { 858 if ($time < $cutoff) {
859 OC_Preferences::deleteKey($user, 'login_token', $token); 859 OC_Preferences::deleteKey($user, 'login_token', $token);
860 } 860 }
861 } 861 }
862 } 862 }
863 863
864 /** 864 /**
865 * Try to login a user via HTTP authentication 865 * Try to login a user via HTTP authentication
866 * @return bool|void 866 * @return bool|void
867 */ 867 */
868 protected static function tryApacheAuth() { 868 protected static function tryApacheAuth() {
869 $return = OC_User::handleApacheAuth(); 869 $return = OC_User::handleApacheAuth();
870 870
871 // if return is true we are logged in -> redirect to the default page 871 // if return is true we are logged in -> redirect to the default page
872 if ($return === true) { 872 if ($return === true) {
873 $_REQUEST['redirect_url'] = \OC_Request::requestUri(); 873 $_REQUEST['redirect_url'] = \OC_Request::requestUri();
874 OC_Util::redirectToDefaultPage(); 874 OC_Util::redirectToDefaultPage();
875 exit; 875 exit;
876 } 876 }
877 877
878 // in case $return is null apache based auth is not enabled 878 // in case $return is null apache based auth is not enabled
879 return is_null($return) ? false : true; 879 return is_null($return) ? false : true;
880 } 880 }
881 881
882 /** 882 /**
883 * Try to login a user using the remember me cookie. 883 * Try to login a user using the remember me cookie.
884 * @return bool Whether the provided cookie was valid 884 * @return bool Whether the provided cookie was valid
885 */ 885 */
886 protected static function tryRememberLogin() { 886 protected static function tryRememberLogin() {
887 if (!isset($_COOKIE["oc_remember_login"]) 887 if (!isset($_COOKIE["oc_remember_login"])
888 || !isset($_COOKIE["oc_token"]) 888 || !isset($_COOKIE["oc_token"])
889 || !isset($_COOKIE["oc_username"]) 889 || !isset($_COOKIE["oc_username"])
890 || !$_COOKIE["oc_remember_login"] 890 || !$_COOKIE["oc_remember_login"]
891 || !OC_Util::rememberLoginAllowed() 891 || !OC_Util::rememberLoginAllowed()
892 ) { 892 ) {
893 return false; 893 return false;
894 } 894 }
895 895
896 if (defined("DEBUG") && DEBUG) { 896 if (defined("DEBUG") && DEBUG) {
897 OC_Log::write('core', 'Trying to login from cookie', OC_Log::DEBUG); 897 OC_Log::write('core', 'Trying to login from cookie', OC_Log::DEBUG);
898 } 898 }
899 899
900 if(OC_User::userExists($_COOKIE['oc_username'])) { 900 if(OC_User::userExists($_COOKIE['oc_username'])) {
901 self::cleanupLoginTokens($_COOKIE['oc_username']); 901 self::cleanupLoginTokens($_COOKIE['oc_username']);
902 // verify whether the supplied "remember me" token was valid 902 // verify whether the supplied "remember me" token was valid
903 $granted = OC_User::loginWithCookie( 903 $granted = OC_User::loginWithCookie(
904 $_COOKIE['oc_username'], $_COOKIE['oc_token']); 904 $_COOKIE['oc_username'], $_COOKIE['oc_token']);
905 if($granted === true) { 905 if($granted === true) {
906 OC_Util::redirectToDefaultPage(); 906 OC_Util::redirectToDefaultPage();
907 // doesn't return 907 // doesn't return
908 } 908 }
909 OC_Log::write('core', 'Authentication cookie rejected for user ' . 909 OC_Log::write('core', 'Authentication cookie rejected for user ' .
910 $_COOKIE['oc_username'], OC_Log::WARN); 910 $_COOKIE['oc_username'], OC_Log::WARN);
911 // if you reach this point you have changed your password 911 // if you reach this point you have changed your password
912 // or you are an attacker 912 // or you are an attacker
913 // we can not delete tokens here because users may reach 913 // we can not delete tokens here because users may reach
914 // this point multiple times after a password change 914 // this point multiple times after a password change
915 } 915 }
916 916
917 OC_User::unsetMagicInCookie(); 917 OC_User::unsetMagicInCookie();
918 return true; 918 return true;
919 } 919 }
920 920
921 /** 921 /**
922 * Tries to login a user using the formbased authentication 922 * Tries to login a user using the formbased authentication
923 * @return bool|void 923 * @return bool|void
924 */ 924 */
925 protected static function tryFormLogin() { 925 protected static function tryFormLogin() {
926 if (!isset($_POST["user"]) || !isset($_POST['password'])) { 926 if (!isset($_POST["user"]) || !isset($_POST['password'])) {
927 return false; 927 return false;
928 } 928 }
929 929
930 OC_JSON::callCheck(); 930 OC_JSON::callCheck();
931 OC_App::loadApps(); 931 OC_App::loadApps();
932 932
933 //setup extra user backends 933 //setup extra user backends
934 OC_User::setupBackends(); 934 OC_User::setupBackends();
935 935
936 if (OC_User::login($_POST["user"], $_POST["password"])) { 936 if (OC_User::login($_POST["user"], $_POST["password"])) {
937 // setting up the time zone 937 // setting up the time zone
938 if (isset($_POST['timezone-offset'])) { 938 if (isset($_POST['timezone-offset'])) {
939 self::$session->set('timezone', $_POST['timezone-offset']); 939 self::$session->set('timezone', $_POST['timezone-offset']);
940 } 940 }
941 941
942 $userid = OC_User::getUser(); 942 $userid = OC_User::getUser();
943 self::cleanupLoginTokens($userid); 943 self::cleanupLoginTokens($userid);
944 if (!empty($_POST["remember_login"])) { 944 if (!empty($_POST["remember_login"])) {
945 if (defined("DEBUG") && DEBUG) { 945 if (defined("DEBUG") && DEBUG) {
946 OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG); 946 OC_Log::write('core', 'Setting remember login to cookie', OC_Log::DEBUG);
947 } 947 }
948 $token = OC_Util::generateRandomBytes(32); 948 $token = OC_Util::generateRandomBytes(32);
949 OC_Preferences::setValue($userid, 'login_token', $token, time()); 949 OC_Preferences::setValue($userid, 'login_token', $token, time());
950 OC_User::setMagicInCookie($userid, $token); 950 OC_User::setMagicInCookie($userid, $token);
951 } else { 951 } else {
952 OC_User::unsetMagicInCookie(); 952 OC_User::unsetMagicInCookie();
953 } 953 }
954 OC_Util::redirectToDefaultPage(); 954 OC_Util::redirectToDefaultPage();
955 exit(); 955 exit();
956 } 956 }
957 return true; 957 return true;
958 } 958 }
959 959
960 /** 960 /**
961 * Try to login a user using HTTP authentication. 961 * Try to login a user using HTTP authentication.
962 * @return bool 962 * @return bool
963 */ 963 */
964 protected static function tryBasicAuthLogin() { 964 protected static function tryBasicAuthLogin() {
965 if (!isset($_SERVER["PHP_AUTH_USER"]) 965 if (!isset($_SERVER["PHP_AUTH_USER"])
966 || !isset($_SERVER["PHP_AUTH_PW"]) 966 || !isset($_SERVER["PHP_AUTH_PW"])
967 || (isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER']) 967 || (isset($_COOKIE['oc_ignore_php_auth_user']) && $_COOKIE['oc_ignore_php_auth_user'] === $_SERVER['PHP_AUTH_USER'])
968 ) { 968 ) {
969 return false; 969 return false;
970 } 970 }
971 971
972 if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) { 972 if (!OC_User::isLoggedIn()) {
973 //OC_Log::write('core',"Logged in with HTTP Authentication", OC_Log::DEBUG); 973 if (OC_User::login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])) {
974 OC_User::unsetMagicInCookie(); 974 //OC_Log::write('core',"Logged in with HTTP Authentication", OC_Log::DEBUG);
975 $_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister(); 975 OC_User::unsetMagicInCookie();
976 $_SERVER['HTTP_REQUESTTOKEN'] = OC_Util::callRegister();
977 }
976 } 978 }
977 return true; 979 return true;
978 } 980 }
979 981
980 } 982 }
981 983
982 if (!function_exists('get_temp_dir')) { 984 if (!function_exists('get_temp_dir')) {
983 /** 985 /**
984 * Get the temporary dir to store uploaded data 986 * Get the temporary dir to store uploaded data
985 * @return null|string Path to the temporary directory or null 987 * @return null|string Path to the temporary directory or null
986 */ 988 */
987 function get_temp_dir() { 989 function get_temp_dir() {
988 if ($temp = ini_get('upload_tmp_dir')) return $temp; 990 if ($temp = ini_get('upload_tmp_dir')) return $temp;
989 if ($temp = getenv('TMP')) return $temp; 991 if ($temp = getenv('TMP')) return $temp;
990 if ($temp = getenv('TEMP')) return $temp; 992 if ($temp = getenv('TEMP')) return $temp;
991 if ($temp = getenv('TMPDIR')) return $temp; 993 if ($temp = getenv('TMPDIR')) return $temp;
992 $temp = tempnam(__FILE__, ''); 994 $temp = tempnam(__FILE__, '');
993 if (file_exists($temp)) { 995 if (file_exists($temp)) {
994 unlink($temp); 996 unlink($temp);
995 return dirname($temp); 997 return dirname($temp);
996 } 998 }
997 if ($temp = sys_get_temp_dir()) return $temp; 999 if ($temp = sys_get_temp_dir()) return $temp;
998 1000
999 return null; 1001 return null;
1000 } 1002 }
1001 } 1003 }
1002 1004
1003 OC::init(); 1005 OC::init();
1004 1006