nextcloud/index.php

<?php

/**
* ownCloud
*
* @author Frank Karlitschek
* @copyright 2012 Frank Karlitschek frank@owncloud.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
*
*/


$RUNTIME_NOAPPS = TRUE; //no apps, yet

require_once('lib/base.php');

if (!OC::handleRequest()) {
// Not handled -> we display the login page:
	OC_App::loadApps(array('prelogin'));
	$error = false;
	// remember was checked after last login
	if(isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) {
		OC_App::loadApps(array('authentication'));
		if(defined("DEBUG") && DEBUG) {
			OC_Log::write('core','Trying to login from cookie',OC_Log::DEBUG);
		}
		// confirm credentials in cookie
		if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) &&
		OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {
			OC_User::setUserId($_COOKIE['oc_username']);
			OC_Util::redirectToDefaultPage();
		}
		else {
			OC_User::unsetMagicInCookie();
		}

	// Someone wants to log in :
	} elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) {
		OC_App::loadApps();
		if(OC_User::login($_POST["user"], $_POST["password"])) {
			if(!empty($_POST["remember_login"])){
				if(defined("DEBUG") && DEBUG) {
					OC_Log::write('core','Setting remember login to cookie',OC_Log::DEBUG);
				}
				$token = md5($_POST["user"].time().$_POST['password']);
				OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
				OC_User::setMagicInCookie($_POST["user"], $token);
			}
			else {
				OC_User::unsetMagicInCookie();
			}
			OC_Util::redirectToDefaultPage();
		} else {
			$error = true;
		}
	
	// The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
	} elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){
		OC_App::loadApps(array('authentication'));
		if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"]))	{
			//OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);
			OC_User::unsetMagicInCookie();
			$_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:'');
			OC_Util::redirectToDefaultPage();
		}else{
			$error = true;
		}
	}
	if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
		$sectoken=rand(1000000,9999999);
		$_SESSION['sectoken']=$sectoken;
		$redirect_url = (isset($_REQUEST['redirect_url'])) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
		OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
	}
}
commiting ownCloud 1.0 beta 1 2010-03-10 15:03:40 +03:00			`<?php`

			`/**`
			`* ownCloud`
			`*`
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00			`* @author Frank Karlitschek`
update copyright 2012-05-26 21:14:24 +04:00			`* @copyright 2012 Frank Karlitschek frank@owncloud.org`
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00			`*`
commiting ownCloud 1.0 beta 1 2010-03-10 15:03:40 +03:00			`* This library is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE`
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00			`* License as published by the Free Software Foundation; either`
commiting ownCloud 1.0 beta 1 2010-03-10 15:03:40 +03:00			`* version 3 of the License, or any later version.`
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00			`*`
commiting ownCloud 1.0 beta 1 2010-03-10 15:03:40 +03:00			`* This library is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU AFFERO GENERAL PUBLIC LICENSE for more details.`
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00			`*`
			`* You should have received a copy of the GNU Affero General Public`
commiting ownCloud 1.0 beta 1 2010-03-10 15:03:40 +03:00			`* License along with this library. If not, see <http://www.gnu.org/licenses/>.`
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00			`*`
commiting ownCloud 1.0 beta 1 2010-03-10 15:03:40 +03:00			`*/`

update copyright 2012-05-26 21:14:24 +04:00
New installer. * Forms have been revamped (CSS + javascript), * Process has been improved : errors are displayed on the form page, * Some changes in the index.php page so that everything related to installation is in lib/setup.php * Also added a small function in OC_HELPER class to set input values. All these should improve the installation process in terms of ergonomics. Well, I do hope so. 2011-05-18 00:34:31 +04:00			`$RUNTIME_NOAPPS = TRUE; //no apps, yet`
create .htaccess files during installation for apache users 2011-04-18 16:05:21 +04:00
Delete requires in applications where possible 2011-07-27 21:25:49 +04:00			`require_once('lib/base.php');`
show server configuration errors on seperate page 2011-04-16 17:47:27 +04:00
Move handling request of index.php to OC class 2012-08-08 23:08:20 +04:00			`if (!OC::handleRequest()) {`
			`// Not handled -> we display the login page:`
Allow apps to load before login, needed for user_openid 2012-06-18 14:44:06 +04:00			`OC_App::loadApps(array('prelogin'));`
fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 13:08:49 +04:00			`$error = false;`
			`// remember was checked after last login`
			`if(isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) {`
dont load apps when displaying the login page and only load authentication apps during login 2012-06-09 17:25:00 +04:00			`OC_App::loadApps(array('authentication'));`
fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 13:08:49 +04:00			`if(defined("DEBUG") && DEBUG) {`
use OC_Log instead of error_log 2011-10-16 23:42:24 +04:00			`OC_Log::write('core','Trying to login from cookie',OC_Log::DEBUG);`
remember login added 2011-07-20 17:04:14 +04:00			`}`
fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 13:08:49 +04:00			`// confirm credentials in cookie`
			`if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) &&`
			`OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {`
			`OC_User::setUserId($_COOKIE['oc_username']);`
			`OC_Util::redirectToDefaultPage();`
			`}`
remeber cookie bug fixed 2011-10-04 21:41:00 +04:00			`else {`
			`OC_User::unsetMagicInCookie();`
			`}`
load apps before logout so that logout-hook works 2012-02-20 14:21:46 +04:00
fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 13:08:49 +04:00			`// Someone wants to log in :`
some more csrf fixes 2012-04-27 01:17:46 +04:00			`} elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) {`
load all apps when loging in, needed for apps listening to login hooks 2012-06-09 17:57:57 +04:00			`OC_App::loadApps();`
fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 13:08:49 +04:00			`if(OC_User::login($_POST["user"], $_POST["password"])) {`
			`if(!empty($_POST["remember_login"])){`
			`if(defined("DEBUG") && DEBUG) {`
use OC_Log instead of error_log 2011-10-16 23:42:24 +04:00			`OC_Log::write('core','Setting remember login to cookie',OC_Log::DEBUG);`
fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 13:08:49 +04:00			`}`
make remember login token also dependent on password to protect against some brute force attacks on this token 2011-12-14 16:26:34 +04:00			`$token = md5($_POST["user"].time().$_POST['password']);`
fixed link to password recovery. removed duplicated and unused code out of index.php. 2011-10-01 13:08:49 +04:00			`OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);`
			`OC_User::setMagicInCookie($_POST["user"], $token);`
			`}`
			`else {`
			`OC_User::unsetMagicInCookie();`
			`}`
			`OC_Util::redirectToDefaultPage();`
			`} else {`
			`$error = true;`
remember login added 2011-07-20 17:04:14 +04:00			`}`
some more csrf fixes 2012-04-27 01:17:46 +04:00
Added export.php for contacts app. Works the same way as the one in the calendar app, except there is no UI for it. Fixed indentation in /index.php 2011-12-01 05:02:45 +04:00			`// The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP`
some more csrf fixes 2012-04-27 01:17:46 +04:00			`} elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){`
dont load apps when displaying the login page and only load authentication apps during login 2012-06-09 17:25:00 +04:00			`OC_App::loadApps(array('authentication'));`
Added export.php for contacts app. Works the same way as the one in the calendar app, except there is no UI for it. Fixed indentation in /index.php 2011-12-01 05:02:45 +04:00			`if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) {`
			`//OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);`
			`OC_User::unsetMagicInCookie();`
Redirect HTTP Auth requests to REQUEST_URI. Partial fix for http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-874 2012-06-11 17:22:58 +04:00			`$_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:'');`
Added export.php for contacts app. Works the same way as the one in the calendar app, except there is no UI for it. Fixed indentation in /index.php 2011-12-01 05:02:45 +04:00			`OC_Util::redirectToDefaultPage();`
			`}else{`
			`$error = true;`
Merge commit 'refs/merge-requests/59' of git://gitorious.org/owncloud/owncloud 2011-10-14 22:33:11 +04:00			`}`
Added export.php for contacts app. Works the same way as the one in the calendar app, except there is no UI for it. Fixed indentation in /index.php 2011-12-01 05:02:45 +04:00			`}`
some changes for login 2012-05-11 18:42:28 +04:00			`if(!array_key_exists('sectoken', $_SESSION) \|\| (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) \|\| substr(OC::$REQUESTEDFILE, -3) == 'php'){`
fix login 2012-04-27 16:55:06 +04:00			`$sectoken=rand(1000000,9999999);`
			`$_SESSION['sectoken']=$sectoken;`
use new sanitize HTML function 2012-06-19 19:24:55 +04:00			`$redirect_url = (isset($_REQUEST['redirect_url'])) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];`
Fix redirect after login, prevent open redirects 2012-05-19 00:56:15 +04:00			`OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));`
fix login 2012-04-27 16:55:06 +04:00			`}`
commiting ownCloud 1.0 beta 1 2010-03-10 15:03:40 +03:00			`}`