nextcloud/lib/util.php

712 lines
23 KiB
PHP
Raw Normal View History

2011-07-27 21:07:28 +04:00
<?php
/**
* Class for utility functions
*
*/
2012-10-12 17:37:44 +04:00
2011-07-29 23:36:03 +04:00
class OC_Util {
2011-07-27 21:07:28 +04:00
public static $scripts=array();
public static $styles=array();
public static $headers=array();
private static $rootMounted=false;
2011-07-27 21:07:28 +04:00
private static $fsSetup=false;
public static $core_styles=array();
public static $core_scripts=array();
2011-07-27 21:07:28 +04:00
// Can be set up
2012-09-07 17:22:01 +04:00
public static function setupFS( $user = '' ) {// configure the initial filesystem based on the configuration
if(self::$fsSetup) {//setting up the filesystem twice can only lead to trouble
2011-07-27 21:07:28 +04:00
return false;
}
// If we are not forced to load a specific user we load the one that is logged in
2012-09-07 17:22:01 +04:00
if( $user == "" && OC_User::isLoggedIn()) {
$user = OC_User::getUser();
}
// load all filesystem apps before, so no setup-hook gets lost
if(!isset($RUNTIME_NOAPPS) || !$RUNTIME_NOAPPS) {
OC_App::loadApps(array('filesystem'));
}
// the filesystem will finish when $user is not empty,
// mark fs setup here to avoid doing the setup from loading
// OC_Filesystem
if ($user != '') {
self::$fsSetup=true;
}
$CONFIG_DATADIRECTORY = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
//first set up the local "root" storage
2012-09-07 17:22:01 +04:00
if(!self::$rootMounted) {
2012-10-28 21:12:31 +04:00
OC_Filesystem::mount('OC_Filestorage_Local', array('datadir'=>$CONFIG_DATADIRECTORY), '/');
self::$rootMounted=true;
}
2012-06-20 10:57:21 +04:00
2012-09-07 17:22:01 +04:00
if( $user != "" ) { //if we aren't logged in, there is no use to set up the filesystem
$user_dir = '/'.$user.'/files';
$user_root = OC_User::getHome($user);
$userdirectory = $user_root . '/files';
2012-09-07 17:22:01 +04:00
if( !is_dir( $userdirectory )) {
mkdir( $userdirectory, 0755, true );
2011-07-27 21:07:28 +04:00
}
//jail the user into his "home" directory
OC_Filesystem::mount('OC_Filestorage_Local', array('datadir' => $user_root), $user);
OC_Filesystem::init($user_dir, $user);
$quotaProxy=new OC_FileProxy_Quota();
$fileOperationProxy = new OC_FileProxy_FileOperations();
OC_FileProxy::register($quotaProxy);
OC_FileProxy::register($fileOperationProxy);
// Load personal mount config
self::loadUserMountPoints($user);
OC_Hook::emit('OC_Filesystem', 'setup', array('user' => $user, 'user_dir' => $user_dir));
2011-07-27 21:07:28 +04:00
}
}
2012-09-07 17:22:01 +04:00
public static function tearDownFS() {
2011-07-29 23:36:03 +04:00
OC_Filesystem::tearDown();
2011-07-27 21:07:28 +04:00
self::$fsSetup=false;
}
2012-10-28 16:45:37 +04:00
public static function loadUserMountPoints($user) {
$user_dir = '/'.$user.'/files';
$user_root = OC_User::getHome($user);
$userdirectory = $user_root . '/files';
if (is_file($user_root.'/mount.php')) {
$mountConfig = include $user_root.'/mount.php';
if (isset($mountConfig['user'][$user])) {
foreach ($mountConfig['user'][$user] as $mountPoint => $options) {
OC_Filesystem::mount($options['class'], $options['options'], $mountPoint);
}
}
2012-10-28 16:45:37 +04:00
$mtime=filemtime($user_root.'/mount.php');
2012-10-28 21:12:31 +04:00
$previousMTime=OC_Preferences::getValue($user, 'files', 'mountconfigmtime', 0);
if($mtime>$previousMTime) {//mount config has changed, filecache needs to be updated
OC_FileCache::triggerUpdate($user);
2012-10-28 21:12:31 +04:00
OC_Preferences::setValue($user, 'files', 'mountconfigmtime', $mtime);
}
2012-10-28 16:45:37 +04:00
}
}
2011-07-27 21:07:28 +04:00
/**
* get the current installed version of ownCloud
* @return array
*/
2012-09-07 17:22:01 +04:00
public static function getVersion() {
2012-10-09 18:02:01 +04:00
// hint: We only can count up. So the internal version number of ownCloud 4.5 will be 4.90.0. This is not visible to the user
2012-11-12 17:44:00 +04:00
return array(4, 91, 02);
}
/**
* get the current installed version string of ownCloud
* @return string
*/
2012-09-07 17:22:01 +04:00
public static function getVersionString() {
2012-10-10 17:35:19 +04:00
return '5.0 pre alpha';
2011-07-27 21:07:28 +04:00
}
2012-07-24 02:39:59 +04:00
/**
* get the current installed edition of ownCloud. There is the community edition that just returns an empty string and the enterprise edition that returns "Enterprise".
* @return string
*/
2012-09-07 17:22:01 +04:00
public static function getEditionString() {
2012-07-24 02:39:59 +04:00
return '';
}
2011-07-27 21:07:28 +04:00
/**
* add a javascript file
*
2012-05-01 23:07:08 +04:00
* @param appid $application
* @param filename $file
2011-07-27 21:07:28 +04:00
*/
2012-09-07 17:22:01 +04:00
public static function addScript( $application, $file = null ) {
if( is_null( $file )) {
2011-07-27 21:07:28 +04:00
$file = $application;
$application = "";
}
2012-09-07 17:22:01 +04:00
if( !empty( $application )) {
2011-07-27 21:07:28 +04:00
self::$scripts[] = "$application/js/$file";
}else{
self::$scripts[] = "js/$file";
}
}
/**
* add a css file
*
2012-05-01 23:07:08 +04:00
* @param appid $application
* @param filename $file
2011-07-27 21:07:28 +04:00
*/
2012-09-07 17:22:01 +04:00
public static function addStyle( $application, $file = null ) {
if( is_null( $file )) {
2011-07-27 21:07:28 +04:00
$file = $application;
$application = "";
}
2012-09-07 17:22:01 +04:00
if( !empty( $application )) {
2011-07-27 21:07:28 +04:00
self::$styles[] = "$application/css/$file";
}else{
self::$styles[] = "css/$file";
}
}
/**
* @brief Add a custom element to the header
* @param string tag tag name of the element
* @param array $attributes array of attributes for the element
2011-07-27 21:07:28 +04:00
* @param string $text the text content for the element
*/
2012-09-07 17:22:01 +04:00
public static function addHeader( $tag, $attributes, $text='') {
2012-11-04 14:10:46 +04:00
self::$headers[]=array('tag'=>$tag,'attributes'=>$attributes, 'text'=>$text);
2011-07-27 21:07:28 +04:00
}
2012-07-24 02:39:59 +04:00
/**
* formats a timestamp in the "right" way
*
* @param int timestamp $timestamp
* @param bool dateOnly option to ommit time from the result
*/
2012-11-02 22:53:02 +04:00
public static function formatDate( $timestamp, $dateOnly=false) {
2012-09-07 17:22:01 +04:00
if(isset($_SESSION['timezone'])) {//adjust to clients timezone if we know it
2012-04-16 14:21:12 +04:00
$systemTimeZone = intval(date('O'));
2012-10-28 21:12:31 +04:00
$systemTimeZone=(round($systemTimeZone/100, 0)*60)+($systemTimeZone%100);
2012-04-16 14:21:12 +04:00
$clientTimeZone=$_SESSION['timezone']*60;
$offset=$clientTimeZone-$systemTimeZone;
$timestamp=$timestamp+$offset*60;
}
$l=OC_L10N::get('lib');
return $l->l($dateOnly ? 'date' : 'datetime', $timestamp);
2012-04-16 14:21:12 +04:00
}
2011-07-27 21:07:28 +04:00
/**
* Shows a pagenavi widget where you can jump to different pages.
*
* @param int $pagecount
* @param int $page
* @param string $url
2011-07-29 23:36:03 +04:00
* @return OC_Template
2011-07-27 21:07:28 +04:00
*/
2012-11-04 14:10:46 +04:00
public static function getPageNavi($pagecount, $page, $url) {
2011-07-27 21:07:28 +04:00
$pagelinkcount=8;
if ($pagecount>1) {
$pagestart=$page-$pagelinkcount;
if($pagestart<0) $pagestart=0;
$pagestop=$page+$pagelinkcount;
if($pagestop>$pagecount) $pagestop=$pagecount;
2011-07-29 23:36:03 +04:00
$tmpl = new OC_Template( '', 'part.pagenavi', '' );
2012-10-28 21:12:31 +04:00
$tmpl->assign('page', $page);
$tmpl->assign('pagecount', $pagecount);
$tmpl->assign('pagestart', $pagestart);
$tmpl->assign('pagestop', $pagestop);
$tmpl->assign('url', $url);
2011-07-27 21:07:28 +04:00
return $tmpl;
}
}
/**
* check if the current server configuration is suitable for ownCloud
* @return array arrays with error messages and hints
*/
2012-09-07 17:22:01 +04:00
public static function checkServer() {
2011-07-27 21:07:28 +04:00
$errors=array();
$web_server_restart= false;
2011-07-27 21:07:28 +04:00
//check for database drivers
2012-09-07 17:22:01 +04:00
if(!(is_callable('sqlite_open') or class_exists('SQLite3')) and !is_callable('mysql_connect') and !is_callable('pg_connect')) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>'No database drivers (sqlite, mysql, or postgresql) installed.<br/>', 'hint'=>'');//TODO: sane hint
$web_server_restart= true;
2011-07-27 21:07:28 +04:00
}
//common hint for all file permissons error messages
$permissionsHint="Permissions can usually be fixed by giving the webserver write access to the ownCloud directory";
2011-07-27 21:07:28 +04:00
// Check if config folder is writable.
if(!is_writable(OC::$SERVERROOT."/config/") or !is_readable(OC::$SERVERROOT."/config/")) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>"Can't write into config directory 'config'", 'hint'=>"You can usually fix this by giving the webserver user write access to the config directory in owncloud");
}
2012-06-21 23:35:34 +04:00
// Check if there is a writable install folder.
if(OC_Config::getValue('appstoreenabled', true)) {
if( OC_App::getInstallPath() === null || !is_writable(OC_App::getInstallPath()) || !is_readable(OC_App::getInstallPath()) ) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>"Can't write into apps directory", 'hint'=>"You can usually fix this by giving the webserver user write access to the apps directory
in owncloud or disabling the appstore in the config file.");
2012-06-21 23:35:34 +04:00
}
}
$CONFIG_DATADIRECTORY = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" );
2011-07-27 21:07:28 +04:00
//check for correct file permissions
2012-09-07 17:22:01 +04:00
if(!stristr(PHP_OS, 'WIN')) {
2012-08-29 22:34:44 +04:00
$permissionsModHint="Please change the permissions to 0770 so that the directory cannot be listed by other users.";
2012-10-28 21:12:31 +04:00
$prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY)), -3);
if(substr($prems, -1)!='0') {
OC_Helper::chmodr($CONFIG_DATADIRECTORY, 0770);
2011-07-27 21:07:28 +04:00
clearstatcache();
2012-10-28 21:12:31 +04:00
$prems=substr(decoct(@fileperms($CONFIG_DATADIRECTORY)), -3);
if(substr($prems, 2, 1)!='0') {
$errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY.') is readable for other users<br/>', 'hint'=>$permissionsModHint);
2011-07-27 21:07:28 +04:00
}
}
2012-09-07 17:22:01 +04:00
if( OC_Config::getValue( "enablebackup", false )) {
$CONFIG_BACKUPDIRECTORY = OC_Config::getValue( "backupdirectory", OC::$SERVERROOT."/backup" );
2012-10-28 21:12:31 +04:00
$prems=substr(decoct(@fileperms($CONFIG_BACKUPDIRECTORY)), -3);
if(substr($prems, -1)!='0') {
OC_Helper::chmodr($CONFIG_BACKUPDIRECTORY, 0770);
2011-07-27 21:07:28 +04:00
clearstatcache();
2012-10-28 21:12:31 +04:00
$prems=substr(decoct(@fileperms($CONFIG_BACKUPDIRECTORY)), -3);
if(substr($prems, 2, 1)!='0') {
$errors[]=array('error'=>'Data directory ('.$CONFIG_BACKUPDIRECTORY.') is readable for other users<br/>', 'hint'=>$permissionsModHint);
2011-07-27 21:07:28 +04:00
}
}
}
}else{
2011-09-18 22:57:05 +04:00
//TODO: permissions checks for windows hosts
2011-07-27 21:07:28 +04:00
}
// Create root dir.
2012-09-07 17:22:01 +04:00
if(!is_dir($CONFIG_DATADIRECTORY)) {
$success=@mkdir($CONFIG_DATADIRECTORY);
if(!$success) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>"Can't create data directory (".$CONFIG_DATADIRECTORY.")", 'hint'=>"You can usually fix this by giving the webserver write access to the ownCloud directory '".OC::$SERVERROOT."' (in a terminal, use the command 'chown -R www-data:www-data /path/to/your/owncloud/install/data' ");
}
} else if(!is_writable($CONFIG_DATADIRECTORY) or !is_readable($CONFIG_DATADIRECTORY)) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>'Data directory ('.$CONFIG_DATADIRECTORY.') not writable by ownCloud<br/>', 'hint'=>$permissionsHint);
2011-07-27 21:07:28 +04:00
}
2011-09-27 21:08:38 +04:00
// check if all required php modules are present
2012-09-07 17:22:01 +04:00
if(!class_exists('ZipArchive')) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>'PHP module zip not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
2011-09-27 21:08:38 +04:00
}
2012-09-07 17:22:01 +04:00
if(!function_exists('mb_detect_encoding')) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>'PHP module mb multibyte not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
2011-09-27 21:08:38 +04:00
}
2012-09-07 17:22:01 +04:00
if(!function_exists('ctype_digit')) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>'PHP module ctype is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
2011-09-28 13:47:29 +04:00
}
2012-09-07 17:22:01 +04:00
if(!function_exists('json_encode')) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>'PHP module JSON is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
2012-04-17 21:06:45 +04:00
}
2012-09-07 17:22:01 +04:00
if(!function_exists('imagepng')) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>'PHP module GD is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
2012-04-17 21:09:41 +04:00
}
2012-09-07 17:22:01 +04:00
if(!function_exists('gzencode')) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>'PHP module zlib is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
2012-04-17 21:09:41 +04:00
}
2012-10-25 18:49:55 +04:00
if(!function_exists('iconv')) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>'PHP module iconv is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
2012-10-25 18:49:55 +04:00
$web_server_restart= false;
}
if(!function_exists('simplexml_load_string')) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>'PHP module SimpleXML is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
}
2012-09-07 17:22:01 +04:00
if(floatval(phpversion())<5.3) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>'PHP 5.3 is required.<br/>', 'hint'=>'Please ask your server administrator to update PHP to version 5.3 or higher. PHP 5.2 is no longer supported by ownCloud and the PHP community.');
$web_server_restart= false;
}
2012-09-07 17:22:01 +04:00
if(!defined('PDO::ATTR_DRIVER_NAME')) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>'PHP PDO module is not installed.<br/>', 'hint'=>'Please ask your server administrator to install the module.');
$web_server_restart= false;
}
if($web_server_restart) {
2012-11-04 14:10:46 +04:00
$errors[]=array('error'=>'PHP modules have been installed, but they are still listed as missing?<br/>', 'hint'=>'Please ask your server administrator to restart the web server.');
2012-06-01 22:00:33 +04:00
}
2011-07-27 21:07:28 +04:00
return $errors;
}
public static function displayLoginPage($errors = array()) {
$parameters = array();
foreach( $errors as $key => $value ) {
$parameters[$value] = true;
}
if (!empty($_POST['user'])) {
$parameters["username"] =
OC_Util::sanitizeHTML($_POST['user']).'"';
$parameters['user_autofocus'] = false;
} else {
$parameters["username"] = '';
$parameters['user_autofocus'] = true;
}
if (isset($_REQUEST['redirect_url'])) {
$redirect_url = OC_Util::sanitizeHTML($_REQUEST['redirect_url']);
} else {
$redirect_url = $_SERVER['REQUEST_URI'];
}
$parameters['redirect_url'] = $redirect_url;
OC_Template::printGuestPage("", "login", $parameters);
}
2011-09-28 13:44:46 +04:00
/**
* Check if the app is enabled, redirects to home if not
*/
2012-09-07 17:22:01 +04:00
public static function checkAppEnabled($app) {
if( !OC_App::isEnabled($app)) {
header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' ));
exit();
}
}
/**
* Check if the user is logged in, redirects to home if not. With
* redirect URL parameter to the request URI.
*/
2012-09-07 17:22:01 +04:00
public static function checkLoggedIn() {
// Check if we are a user
2012-09-07 17:22:01 +04:00
if( !OC_User::isLoggedIn()) {
2012-09-29 00:27:52 +04:00
header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php', array('redirect_url' => $_SERVER["REQUEST_URI"])));
exit();
}
}
/**
* Check if the user is a admin, redirects to home if not
*/
2012-09-07 17:22:01 +04:00
public static function checkAdminUser() {
// Check if we are a user
self::checkLoggedIn();
2012-10-15 18:14:24 +04:00
self::verifyUser();
2012-09-07 17:22:01 +04:00
if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) {
header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' ));
exit();
}
}
2012-07-09 23:51:19 +04:00
/**
* Check if the user is a subadmin, redirects to home if not
* @return array $groups where the current user is subadmin
*/
2012-09-07 17:22:01 +04:00
public static function checkSubAdminUser() {
2012-07-09 23:51:19 +04:00
// Check if we are a user
self::checkLoggedIn();
2012-10-15 18:14:24 +04:00
self::verifyUser();
2012-10-28 21:12:31 +04:00
if(OC_Group::inGroup(OC_User::getUser(), 'admin')) {
2012-07-15 18:31:28 +04:00
return true;
2012-07-09 23:51:19 +04:00
}
2012-09-07 17:22:01 +04:00
if(!OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
2012-07-09 23:51:19 +04:00
header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' ));
exit();
}
2012-07-15 18:31:28 +04:00
return true;
2012-07-09 23:51:19 +04:00
}
2012-10-15 18:14:24 +04:00
/**
* Check if the user verified the login with his password in the last 15 minutes
* If not, the user will be shown a password verification page
*/
public static function verifyUser() {
if(OC_Config::getValue('enhancedauth', false) === true) {
2012-10-16 03:08:05 +04:00
// Check password to set session
if(isset($_POST['password'])) {
if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) {
$_SESSION['verifiedLogin']=time() + OC_Config::getValue('enhancedauthtime', 15 * 60);
}
2012-10-15 18:40:47 +04:00
}
2012-10-15 18:14:24 +04:00
2012-10-16 03:02:03 +04:00
// Check if the user verified his password
2012-10-16 03:08:05 +04:00
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
OC_Template::printGuestPage("", "verify", array('username' => OC_User::getUser()));
exit();
}
2012-10-15 18:14:24 +04:00
}
}
2012-10-16 02:47:22 +04:00
/**
2012-10-16 03:02:03 +04:00
* Check if the user verified the login with his password
2012-10-16 02:47:22 +04:00
* @return bool
*/
public static function isUserVerified() {
if(OC_Config::getValue('enhancedauth', false) === true) {
2012-10-16 03:08:05 +04:00
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
return false;
}
2012-10-16 02:47:22 +04:00
}
return true;
2012-10-16 02:47:22 +04:00
}
2012-10-28 16:45:37 +04:00
/**
* Redirect to the user default page
*/
2012-09-07 17:22:01 +04:00
public static function redirectToDefaultPage() {
2012-06-11 17:21:37 +04:00
if(isset($_REQUEST['redirect_url']) && (substr($_REQUEST['redirect_url'], 0, strlen(OC::$WEBROOT)) == OC::$WEBROOT || $_REQUEST['redirect_url'][0] == '/')) {
$location = $_REQUEST['redirect_url'];
}
else if (isset(OC::$REQUESTEDAPP) && !empty(OC::$REQUESTEDAPP)) {
$location = OC_Helper::linkToAbsolute( OC::$REQUESTEDAPP, 'index.php' );
}
else {
$defaultpage = OC_Appconfig::getValue('core', 'defaultpage');
if ($defaultpage) {
2012-08-07 00:15:55 +04:00
$location = OC_Helper::makeURLAbsolute(OC::$WEBROOT.'/'.$defaultpage);
}
else {
$location = OC_Helper::linkToAbsolute( 'files', 'index.php' );
}
2011-10-04 21:27:57 +04:00
}
OC_Log::write('core', 'redirectToDefaultPage: '.$location, OC_Log::DEBUG);
header( 'Location: '.$location );
exit();
}
2012-06-05 21:32:48 +04:00
/**
* get an id unqiue for this instance
* @return string
*/
2012-09-07 17:22:01 +04:00
public static function getInstanceId() {
2012-10-24 00:53:54 +04:00
$id=OC_Config::getValue('instanceid', null);
2012-09-07 17:22:01 +04:00
if(is_null($id)) {
2012-06-05 21:32:48 +04:00
$id=uniqid();
2012-10-28 21:12:31 +04:00
OC_Config::setValue('instanceid', $id);
2012-06-05 21:32:48 +04:00
}
return $id;
}
/**
* @brief Register an get/post call. Important to prevent CSRF attacks.
* @todo Write howto: CSRF protection guide
* @return $token Generated token.
* @description
* Creates a 'request token' (random) and stores it inside the session.
* Ever subsequent (ajax) request must use such a valid token to succeed,
* otherwise the request will be denied as a protection against CSRF.
* @see OC_Util::isCallRegistered()
*/
2012-09-07 17:22:01 +04:00
public static function callRegister() {
2012-10-28 23:50:50 +04:00
// Check if a token exists
if(!isset($_SESSION['requesttoken'])) {
2012-10-28 23:50:50 +04:00
// No valid token found, generate a new one.
$requestToken = self::generate_random_bytes(20);
$_SESSION['requesttoken']=$requestToken;
2012-10-28 23:50:50 +04:00
} else {
// Valid token already exists, send it
$requestToken = $_SESSION['requesttoken'];
}
return($requestToken);
}
/**
* @brief Check an ajax get/post call if the request token is valid.
* @return boolean False if request token is not set or is invalid.
2012-10-28 21:24:11 +04:00
* @see OC_Util::callRegister()
*/
2012-09-07 17:22:01 +04:00
public static function isCallRegistered() {
if(isset($_GET['requesttoken'])) {
$token=$_GET['requesttoken'];
2012-09-07 17:22:01 +04:00
}elseif(isset($_POST['requesttoken'])) {
$token=$_POST['requesttoken'];
2012-09-07 17:22:01 +04:00
}elseif(isset($_SERVER['HTTP_REQUESTTOKEN'])) {
$token=$_SERVER['HTTP_REQUESTTOKEN'];
}else{
//no token found.
return false;
}
2012-10-28 23:50:50 +04:00
// Check if the token is valid
if($token !== $_SESSION['requesttoken']) {
2012-10-28 23:50:50 +04:00
// Not valid
return false;
2012-10-28 23:50:50 +04:00
} else {
// Valid token
return true;
}
}
/**
* @brief Check an ajax get/post call if the request token is valid. exit if not.
* Todo: Write howto
*/
2012-09-07 17:22:01 +04:00
public static function callCheck() {
if(!OC_Util::isCallRegistered()) {
exit;
}
}
2012-08-29 10:38:33 +04:00
/**
* @brief Public function to sanitize HTML
*
2012-06-22 10:17:35 +04:00
* This function is used to sanitize HTML and should be applied on any
* string or array of strings before displaying it on a web page.
2012-08-29 10:38:33 +04:00
*
* @param string or array of strings
2012-06-22 10:17:35 +04:00
* @return array with sanitized strings or a single sanitized string, depends on the input parameter.
*/
2012-09-07 17:22:01 +04:00
public static function sanitizeHTML( &$value ) {
2012-10-28 21:12:31 +04:00
if (is_array($value) || is_object($value)) array_walk_recursive($value, 'OC_Util::sanitizeHTML');
else $value = htmlentities($value, ENT_QUOTES, 'UTF-8'); //Specify encoding for PHP<5.4
return $value;
}
2012-07-24 02:39:59 +04:00
/**
* Check if the htaccess file is working by creating a test file in the data directory and trying to access via http
*/
public static function ishtaccessworking() {
// testdata
$filename='/htaccesstest.txt';
$testcontent='testcontent';
// creating a test file
2012-07-24 02:39:59 +04:00
$testfile = OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" ).'/'.$filename;
if(file_exists($testfile)) {// already running this test, possible recursive call
return false;
}
2012-07-24 02:39:59 +04:00
$fp = @fopen($testfile, 'w');
@fwrite($fp, $testcontent);
@fclose($fp);
// accessing the file via http
2012-08-07 00:15:55 +04:00
$url = OC_Helper::makeURLAbsolute(OC::$WEBROOT.'/data'.$filename);
2012-07-24 02:39:59 +04:00
$fp = @fopen($url, 'r');
$content=@fread($fp, 2048);
@fclose($fp);
// cleanup
@unlink($testfile);
// does it work ?
if($content==$testcontent) {
return(false);
}else{
return(true);
}
2012-07-24 02:39:59 +04:00
}
/**
* Check if the ownCloud server can connect to the internet
*/
public static function isinternetconnectionworking() {
// try to connect to owncloud.org to see if http connections to the internet are possible.
$connected = @fsockopen("www.owncloud.org", 80);
if ($connected) {
fclose($connected);
return true;
}else{
// second try in case one server is down
$connected = @fsockopen("apps.owncloud.com", 80);
if ($connected) {
fclose($connected);
return true;
}else{
return false;
}
}
}
2012-10-15 16:25:40 +04:00
/**
* @brief Generates a cryptographical secure pseudorandom string
* @param Int with the length of the random string
* @return String
* Please also update secureRNG_available if you change something here
2012-09-29 18:44:02 +04:00
*/
public static function generate_random_bytes($length = 30) {
// Try to use openssl_random_pseudo_bytes
2012-10-14 23:04:08 +04:00
if(function_exists('openssl_random_pseudo_bytes')) {
2012-09-29 18:44:02 +04:00
$pseudo_byte = bin2hex(openssl_random_pseudo_bytes($length, $strong));
if($strong == true) {
2012-09-29 18:44:02 +04:00
return substr($pseudo_byte, 0, $length); // Truncate it to match the length
}
}
// Try to use /dev/urandom
$fp = @file_get_contents('/dev/urandom', false, null, 0, $length);
if ($fp !== false) {
2012-10-14 23:04:08 +04:00
$string = substr(bin2hex($fp), 0, $length);
return $string;
}
2012-10-14 23:04:08 +04:00
// Fallback to mt_rand()
2012-09-29 18:44:02 +04:00
$characters = '0123456789';
2012-10-14 23:04:08 +04:00
$characters .= 'abcdefghijklmnopqrstuvwxyz';
2012-09-29 18:44:02 +04:00
$charactersLength = strlen($characters)-1;
$pseudo_byte = "";
// Select some random characters
for ($i = 0; $i < $length; $i++) {
$pseudo_byte .= $characters[mt_rand(0, $charactersLength)];
2012-10-14 23:04:08 +04:00
}
2012-09-29 18:44:02 +04:00
return $pseudo_byte;
}
2012-10-14 23:04:08 +04:00
2012-10-15 16:25:40 +04:00
/**
* @brief Checks if a secure random number generator is available
2012-10-14 23:04:08 +04:00
* @return bool
*/
public static function secureRNG_available() {
// Check openssl_random_pseudo_bytes
2012-10-14 23:04:08 +04:00
if(function_exists('openssl_random_pseudo_bytes')) {
openssl_random_pseudo_bytes(1, $strong);
if($strong == true) {
return true;
}
}
// Check /dev/urandom
$fp = @file_get_contents('/dev/urandom', false, null, 0, 1);
if ($fp !== false) {
return true;
}
return false;
2012-10-14 23:04:08 +04:00
}
2012-11-15 02:14:04 +04:00
/**
* @Brief Get file content via curl.
* @param string $url Url to get content
* @return string of the response or false on error
2012-11-15 02:14:04 +04:00
* This function get the content of a page via curl, if curl is enabled.
* If not, file_get_element is used.
*/
public static function getUrlContent($url){
if (function_exists('curl_init')) {
$curl = curl_init();
curl_setopt($curl, CURLOPT_HEADER, 0);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($curl, CURLOPT_URL, $url);
2012-11-19 21:13:07 +04:00
curl_setopt($curl, CURLOPT_USERAGENT, "ownCloud Server Crawler");
2012-11-15 02:14:04 +04:00
$data = curl_exec($curl);
curl_close($curl);
2012-11-15 02:14:04 +04:00
} else {
$ctx = stream_context_create(
array(
'http' => array(
'timeout' => 10
)
)
);
$data=@file_get_contents($url, 0, $ctx);
}
return $data;
2012-11-15 02:14:04 +04:00
}
}