nextcloud/index.php

<?php

/**
* ownCloud
*
* @author Frank Karlitschek
* @copyright 2012 Frank Karlitschek frank@owncloud.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
*
*/


$RUNTIME_NOAPPS = TRUE; //no apps, yet

require_once('lib/base.php');

// Setup required :
$not_installed = !OC_Config::getValue('installed', false);
if($not_installed) {
	// Check for autosetup:
	$autosetup_file = OC::$SERVERROOT."/config/autoconfig.php";
	if( file_exists( $autosetup_file )){
		OC_Log::write('core','Autoconfig file found, setting up owncloud...',OC_Log::INFO);
		include( $autosetup_file );
		$_POST['install'] = 'true';
		$_POST = array_merge ($_POST, $AUTOCONFIG);
	        unlink($autosetup_file);
	}
	OC_Util::addScript('setup');
	require_once('setup.php');
	exit();
}

// Handle WebDAV
if($_SERVER['REQUEST_METHOD']=='PROPFIND'){
	header('location: '.OC_Helper::linkToRemote('webdav'));
	exit();
}
elseif(!OC_User::isLoggedIn() && substr(OC::$REQUESTEDFILE,-3) == 'css'){
	OC_App::loadApps();
	OC::loadfile();
}
// Someone is logged in :
elseif(OC_User::isLoggedIn()) {
	OC_App::loadApps();
	if(isset($_GET["logout"]) and ($_GET["logout"])) {
		OC_User::logout();
		header("Location: ".OC::$WEBROOT.'/');
		exit();
	}else{
		if(is_null(OC::$REQUESTEDFILE)){
			OC::loadapp();
		}else{
			OC::loadfile();
		}
	}

// For all others cases, we display the guest page :
} else {
	OC_App::loadApps(array('prelogin'));
	$error = false;
	// remember was checked after last login
	if(isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) {
		OC_App::loadApps(array('authentication'));
		if(defined("DEBUG") && DEBUG) {
			OC_Log::write('core','Trying to login from cookie',OC_Log::DEBUG);
		}
		// confirm credentials in cookie
		if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) &&
		OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {
			OC_User::setUserId($_COOKIE['oc_username']);
			OC_Util::redirectToDefaultPage();
		}
		else {
			OC_User::unsetMagicInCookie();
		}

	// Someone wants to log in :
	} elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) {
		OC_App::loadApps();
		if(OC_User::login($_POST["user"], $_POST["password"])) {
			if(!empty($_POST["remember_login"])){
				if(defined("DEBUG") && DEBUG) {
					OC_Log::write('core','Setting remember login to cookie',OC_Log::DEBUG);
				}
				$token = md5($_POST["user"].time().$_POST['password']);
				OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
				OC_User::setMagicInCookie($_POST["user"], $token);
			}
			else {
				OC_User::unsetMagicInCookie();
			}
			OC_Util::redirectToDefaultPage();
		} else {
			$error = true;
		}
	
	// The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
	} elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){
		OC_App::loadApps(array('authentication'));
		if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"]))	{
			//OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);
			OC_User::unsetMagicInCookie();
			$_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:'');
			OC_Util::redirectToDefaultPage();
		}else{
			$error = true;
		}
	}
	if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
		$sectoken=rand(1000000,9999999);
		$_SESSION['sectoken']=$sectoken;
		$redirect_url = (isset($_REQUEST['redirect_url'])) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
		OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
	}
}
commiting ownCloud 1.0 beta 1 2010-03-10 15:03:40 +03:00			`<?php`

			`/**`
			`* ownCloud`
			`*`
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00			`* @author Frank Karlitschek`
update copyright 2012-05-26 21:14:24 +04:00			`* @copyright 2012 Frank Karlitschek frank@owncloud.org`
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00			`*`
commiting ownCloud 1.0 beta 1 2010-03-10 15:03:40 +03:00			`* This library is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE`
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00			`* License as published by the Free Software Foundation; either`
commiting ownCloud 1.0 beta 1 2010-03-10 15:03:40 +03:00			`* version 3 of the License, or any later version.`
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00			`*`
commiting ownCloud 1.0 beta 1 2010-03-10 15:03:40 +03:00			`* This library is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU AFFERO GENERAL PUBLIC LICENSE for more details.`
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00			`*`
			`* You should have received a copy of the GNU Affero General Public`
commiting ownCloud 1.0 beta 1 2010-03-10 15:03:40 +03:00			`* License along with this library. If not, see <http://www.gnu.org/licenses/>.`
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00			`*`
commiting ownCloud 1.0 beta 1 2010-03-10 15:03:40 +03:00			`*/`

update copyright 2012-05-26 21:14:24 +04:00
New installer. * Forms have been revamped (CSS + javascript), * Process has been improved : errors are displayed on the form page, * Some changes in the index.php page so that everything related to installation is in lib/setup.php * Also added a small function in OC_HELPER class to set input values. All these should improve the installation process in terms of ergonomics. Well, I do hope so. 2011-05-18 00:34:31 +04:00			`$RUNTIME_NOAPPS = TRUE; //no apps, yet`
create .htaccess files during installation for apache users 2011-04-18 16:05:21 +04:00
Delete requires in applications where possible 2011-07-27 21:25:49 +04:00			`require_once('lib/base.php');`
show server configuration errors on seperate page 2011-04-16 17:47:27 +04:00
Cleanup lib/base.php 2011-09-18 22:57:05 +04:00			`// Setup required :`
Renaming classes :-) 2011-07-29 23:36:03 +04:00			`$not_installed = !OC_Config::getValue('installed', false);`
added infield labels. readded fade in of login button. updated label on install page. 2011-10-03 16:41:55 +04:00			`if($not_installed) {`
add owncloud autosetup option 2011-10-10 13:48:58 +04:00			`// Check for autosetup:`
			`$autosetup_file = OC::$SERVERROOT."/config/autoconfig.php";`
			`if( file_exists( $autosetup_file )){`
use OC_Log instead of error_log 2011-10-16 23:42:24 +04:00			`OC_Log::write('core','Autoconfig file found, setting up owncloud...',OC_Log::INFO);`
add owncloud autosetup option 2011-10-10 13:48:58 +04:00			`include( $autosetup_file );`
			`$_POST['install'] = 'true';`
			`$_POST = array_merge ($_POST, $AUTOCONFIG);`
			`unlink($autosetup_file);`
			`}`
Cleanup lib/base.php 2011-09-18 22:57:05 +04:00			`OC_Util::addScript('setup');`
New installer. * Forms have been revamped (CSS + javascript), * Process has been improved : errors are displayed on the form page, * Some changes in the index.php page so that everything related to installation is in lib/setup.php * Also added a small function in OC_HELPER class to set input values. All these should improve the installation process in terms of ergonomics. Well, I do hope so. 2011-05-18 00:34:31 +04:00			`require_once('setup.php');`
Exit after call to setup 2011-08-07 17:39:01 +04:00			`exit();`
New installer. * Forms have been revamped (CSS + javascript), * Process has been improved : errors are displayed on the form page, * Some changes in the index.php page so that everything related to installation is in lib/setup.php * Also added a small function in OC_HELPER class to set input values. All these should improve the installation process in terms of ergonomics. Well, I do hope so. 2011-05-18 00:34:31 +04:00			`}`

Cleanup lib/base.php 2011-09-18 22:57:05 +04:00			`// Handle WebDAV`
			`if($_SERVER['REQUEST_METHOD']=='PROPFIND'){`
Create a function for linking to remote.php 2012-05-07 22:22:55 +04:00			`header('location: '.OC_Helper::linkToRemote('webdav'));`
redirect index.php to files/webdav.php for webdav (PROPFIND) requests 2011-08-04 22:06:33 +04:00			`exit();`
			`}`
allow loading of css files even if a user isn't logged in 2012-05-17 23:56:33 +04:00			`elseif(!OC_User::isLoggedIn() && substr(OC::$REQUESTEDFILE,-3) == 'css'){`
			`OC_App::loadApps();`
			`OC::loadfile();`
			`}`
New installer. * Forms have been revamped (CSS + javascript), * Process has been improved : errors are displayed on the form page, * Some changes in the index.php page so that everything related to installation is in lib/setup.php * Also added a small function in OC_HELPER class to set input values. All these should improve the installation process in terms of ergonomics. Well, I do hope so. 2011-05-18 00:34:31 +04:00			`// Someone is logged in :`
Renaming classes :-) 2011-07-29 23:36:03 +04:00			`elseif(OC_User::isLoggedIn()) {`
some fixes fore movable apps 2012-04-26 16:52:55 +04:00			`OC_App::loadApps();`
New installer. * Forms have been revamped (CSS + javascript), * Process has been improved : errors are displayed on the form page, * Some changes in the index.php page so that everything related to installation is in lib/setup.php * Also added a small function in OC_HELPER class to set input values. All these should improve the installation process in terms of ergonomics. Well, I do hope so. 2011-05-18 00:34:31 +04:00			`if(isset($_GET["logout"]) and ($_GET["logout"])) {`
Renaming classes :-) 2011-07-29 23:36:03 +04:00			`OC_User::logout();`
Remove global vars and use the OC static version. Removed global vars are DOCUMENTROOT, SERVERROOT, SUBURI, WEBROOT and CONFIG_DATADIRECTORY 2011-09-18 21:37:54 +04:00			`header("Location: ".OC::$WEBROOT.'/');`
redirect to owncloud root after logout 2011-04-16 15:24:26 +04:00			`exit();`
some fixes fore movable apps 2012-04-26 16:52:55 +04:00			`}else{`
add loading of files 2012-04-19 18:44:49 +04:00			`if(is_null(OC::$REQUESTEDFILE)){`
			`OC::loadapp();`
			`}else{`
			`OC::loadfile();`
			`}`
Use OC_CONFIG where possible 2011-04-16 14:18:42 +04:00			`}`
New installer. * Forms have been revamped (CSS + javascript), * Process has been improved : errors are displayed on the form page, * Some changes in the index.php page so that everything related to installation is in lib/setup.php * Also added a small function in OC_HELPER class to set input values. All these should improve the installation process in terms of ergonomics. Well, I do hope so. 2011-05-18 00:34:31 +04:00
fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 13:08:49 +04:00			`// For all others cases, we display the guest page :`
some more csrf fixes 2012-04-27 01:17:46 +04:00			`} else {`
Allow apps to load before login, needed for user_openid 2012-06-18 14:44:06 +04:00			`OC_App::loadApps(array('prelogin'));`
fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 13:08:49 +04:00			`$error = false;`
			`// remember was checked after last login`
			`if(isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) {`
dont load apps when displaying the login page and only load authentication apps during login 2012-06-09 17:25:00 +04:00			`OC_App::loadApps(array('authentication'));`
fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 13:08:49 +04:00			`if(defined("DEBUG") && DEBUG) {`
use OC_Log instead of error_log 2011-10-16 23:42:24 +04:00			`OC_Log::write('core','Trying to login from cookie',OC_Log::DEBUG);`
remember login added 2011-07-20 17:04:14 +04:00			`}`
fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 13:08:49 +04:00			`// confirm credentials in cookie`
			`if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) &&`
			`OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {`
			`OC_User::setUserId($_COOKIE['oc_username']);`
			`OC_Util::redirectToDefaultPage();`
			`}`
remeber cookie bug fixed 2011-10-04 21:41:00 +04:00			`else {`
			`OC_User::unsetMagicInCookie();`
			`}`
load apps before logout so that logout-hook works 2012-02-20 14:21:46 +04:00
fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 13:08:49 +04:00			`// Someone wants to log in :`
some more csrf fixes 2012-04-27 01:17:46 +04:00			`} elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) {`
load all apps when loging in, needed for apps listening to login hooks 2012-06-09 17:57:57 +04:00			`OC_App::loadApps();`
fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 13:08:49 +04:00			`if(OC_User::login($_POST["user"], $_POST["password"])) {`
			`if(!empty($_POST["remember_login"])){`
			`if(defined("DEBUG") && DEBUG) {`
use OC_Log instead of error_log 2011-10-16 23:42:24 +04:00			`OC_Log::write('core','Setting remember login to cookie',OC_Log::DEBUG);`
fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 13:08:49 +04:00			`}`
make remember login token also dependent on password to protect against some brute force attacks on this token 2011-12-14 16:26:34 +04:00			`$token = md5($_POST["user"].time().$_POST['password']);`
fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 13:08:49 +04:00			`OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);`
			`OC_User::setMagicInCookie($_POST["user"], $token);`
			`}`
			`else {`
			`OC_User::unsetMagicInCookie();`
			`}`
			`OC_Util::redirectToDefaultPage();`
			`} else {`
			`$error = true;`
remember login added 2011-07-20 17:04:14 +04:00			`}`
some more csrf fixes 2012-04-27 01:17:46 +04:00
Added export.php for contacts app. Works the same way as the one in the calendar app, except there is no UI for it. Fixed indentation in /index.php 2011-12-01 05:02:45 +04:00			`// The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP`
some more csrf fixes 2012-04-27 01:17:46 +04:00			`} elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){`
dont load apps when displaying the login page and only load authentication apps during login 2012-06-09 17:25:00 +04:00			`OC_App::loadApps(array('authentication'));`
Added export.php for contacts app. Works the same way as the one in the calendar app, except there is no UI for it. Fixed indentation in /index.php 2011-12-01 05:02:45 +04:00			`if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) {`
			`//OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);`
			`OC_User::unsetMagicInCookie();`
Redirect HTTP Auth requests to REQUEST_URI. Partial fix for http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-874 2012-06-11 17:22:58 +04:00			`$_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:'');`
Added export.php for contacts app. Works the same way as the one in the calendar app, except there is no UI for it. Fixed indentation in /index.php 2011-12-01 05:02:45 +04:00			`OC_Util::redirectToDefaultPage();`
			`}else{`
			`$error = true;`
Merge commit 'refs/merge-requests/59' of git://gitorious.org/owncloud/owncloud 2011-10-14 22:33:11 +04:00			`}`
Added export.php for contacts app. Works the same way as the one in the calendar app, except there is no UI for it. Fixed indentation in /index.php 2011-12-01 05:02:45 +04:00			`}`
some changes for login 2012-05-11 18:42:28 +04:00			`if(!array_key_exists('sectoken', $_SESSION) \|\| (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) \|\| substr(OC::$REQUESTEDFILE, -3) == 'php'){`
fix login 2012-04-27 16:55:06 +04:00			`$sectoken=rand(1000000,9999999);`
			`$_SESSION['sectoken']=$sectoken;`
use new sanitize HTML function 2012-06-19 19:24:55 +04:00			`$redirect_url = (isset($_REQUEST['redirect_url'])) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];`
Fix redirect after login, prevent open redirects 2012-05-19 00:56:15 +04:00			`OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));`
fix login 2012-04-27 16:55:06 +04:00			`}`
commiting ownCloud 1.0 beta 1 2010-03-10 15:03:40 +03:00			`}`