maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

improved error-message on incorrect ownership of lib/userdata.inc.php; set correct copyright in hint-templates; beautify code in lib/init.php

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2013-10-13 11:51:26 +02:00
parent 4785c19b62
commit 26885b0f35
7 changed files with 183 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

216
lib/init.php
View File

@@ -34,8 +34,7 @@ header("X-Content-Security-Policy: allow 'self'; frame-ancestors 'none'");
header('X-Frame-Options: DENY');
// If Froxlor was called via HTTPS -> enforce it for the next time
if(isset( $_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off' ))
{
if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
header('Strict-Transport-Security: max-age=500');
}
@@ -44,8 +43,7 @@ if(isset( $_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off' ))
header('X-Content-Type-Options: nosniff' );
// ensure that default timezone is set
if(function_exists("date_default_timezone_set") && function_exists("date_default_timezone_get"))
{
if (function_exists("date_default_timezone_set") && function_exists("date_default_timezone_get")) {
@date_default_timezone_set(@date_default_timezone_get());
}
@@ -53,11 +51,8 @@ if(function_exists("date_default_timezone_set") && function_exists("date_default
* Register Globals Security Fix
* - unsetting every variable registered in $_REQUEST and as variable itself
*/
foreach($_REQUEST as $key => $value)
{
if(isset($$key))
{
foreach ($_REQUEST as $key => $value) {
if (isset($$key)) {
unset($$key);
}
}
@@ -65,39 +60,55 @@ foreach($_REQUEST as $key => $value)
unset($_);
unset($value);
unset($key);
$filename = basename($_SERVER['PHP_SELF']);
// keep this for compatibility reasons
$pathtophpfiles = dirname(dirname(__FILE__));
if(!file_exists('lib/userdata.inc.php'))
{
$config_hint = file_get_contents('templates/Froxlor/misc/configurehint.tpl');
// define default theme for configurehint, etc.
$_deftheme = 'Sparkle';
define('FROXLOR_INSTALL_DIR', dirname(dirname(__FILE__)));
// check whether the userdata file exists
if (!file_exists(FROXLOR_INSTALL_DIR.'/lib/userdata.inc.php')) {
$config_hint = file_get_contents(FROXLOR_INSTALL_DIR.'/templates/'.$_deftheme.'/misc/configurehint.tpl');
die($config_hint);
}
if(!is_readable('lib/userdata.inc.php'))
{
die('You have to make the file "lib/userdata.inc.php" readable for the http-process!');
// check whether we can read the userdata file
if (!is_readable(FROXLOR_INSTALL_DIR.'/lib/userdata.inc.php')) {
// get possible owner
$posixusername = posix_getpwuid(posix_getuid());
$posixgroup = posix_getgrgid(posix_getgid());
// get hint-template
$owner_hint = file_get_contents(FROXLOR_INSTALL_DIR.'/templates/'.$_deftheme.'/misc/ownershiphint.tpl');
// replace values
$owner_hint = str_replace("<USER>", $posixusername['name'], $owner_hint);
$owner_hint = str_replace("<GROUP>", $posixgroup['name'], $owner_hint);
$owner_hint = str_replace("<FROXLOR_INSTALL_DIR>", FROXLOR_INSTALL_DIR, $owner_hint);
// show
die($owner_hint);
}
define('FROXLOR_INSTALL_DIR', dirname(dirname(__FILE__)));
/**
* Includes the Usersettings eg. MySQL-Username/Passwort etc.
*/
require (FROXLOR_INSTALL_DIR.'/lib/userdata.inc.php');
require ('lib/userdata.inc.php');
if(!isset($sql)
|| !is_array($sql))
{
$config_hint = file_get_contents('templates/Froxlor/misc/configurehint.tpl');
if (!isset($sql)
|| !is_array($sql)
) {
$config_hint = file_get_contents(FROXLOR_INSTALL_DIR.'/templates/'.$_deftheme.'/misc/configurehint.tpl');
die($config_hint);
}
// Legacy sql-root-information
if(isset($sql['root_user']) && isset($sql['root_password']) && (!isset($sql_root) || !is_array($sql_root)))
{
if (isset($sql['root_user'])
&& isset($sql['root_password'])
&& (!isset($sql_root) || !is_array($sql_root))
) {
$sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'user' => $sql['root_user'], 'password' => $sql['root_password']));
unset($sql['root_user']);
unset($sql['root_password']);
@@ -106,33 +117,27 @@ if(isset($sql['root_user']) && isset($sql['root_password']) && (!isset($sql_root
/**
* Includes the Functions
*/
require ('lib/functions.php');
require (FROXLOR_INSTALL_DIR.'/lib/functions.php');
/**
* Includes the MySQL-Tabledefinitions etc.
*/
require ('lib/tables.inc.php');
require (FROXLOR_INSTALL_DIR.'/lib/tables.inc.php');
/**
* Includes the MySQL-Connection-Class
*/
$db = new db($sql['host'], $sql['user'], $sql['password'], $sql['db']);
unset($sql['password']);
// we will try to unset most of the $sql information if they are not needed
// by the calling script.
if(!isset($need_db_sql_data) || $need_db_sql_data !== true)
{
if (!isset($need_db_sql_data) || $need_db_sql_data !== true) {
unset($sql);
$sql = array();
}
if(!isset($need_root_db_sql_data) || $need_root_db_sql_data !== true)
{
if (!isset($need_root_db_sql_data) || $need_root_db_sql_data !== true) {
unset($sql_root);
$sql_root = array();
}
@@ -140,14 +145,12 @@ if(!isset($need_root_db_sql_data) || $need_root_db_sql_data !== true)
/**
* Create a new idna converter
*/
$idna_convert = new idna_convert_wrapper();
/**
* disable magic_quotes_runtime if enabled
*/
if(get_magic_quotes_runtime())
{
if (get_magic_quotes_runtime()) {
//Deactivate
set_magic_quotes_runtime(false);
}
@@ -155,39 +158,30 @@ if(get_magic_quotes_runtime())
/**
* Reverse magic_quotes_gpc=on to have clean GPC data again
*/
if(get_magic_quotes_gpc())
{
if (get_magic_quotes_gpc()) {
$in = array(&$_GET, &$_POST, &$_COOKIE);
while(list($k, $v) = each($in))
{
foreach($v as $key => $val)
{
if(!is_array($val))
{
while (list($k, $v) = each($in)) {
foreach ($v as $key => $val) {
if (!is_array($val)) {
$in[$k][$key] = stripslashes($val);
continue;
}
$in[] = & $in[$k][$key];
}
}
unset($in);
}
/**
* Selects settings from MySQL-Table
*/
$settings_data = loadConfigArrayDir('actions/admin/settings/');
$settings = loadSettings($settings_data, $db);
/**
* SESSION MANAGEMENT
*/
$remote_addr = $_SERVER['REMOTE_ADDR'];
if (empty($_SERVER['HTTP_USER_AGENT'])) {
@@ -201,30 +195,25 @@ unset($customerid);
unset($adminid);
unset($s);
if(isset($_POST['s']))
{
if (isset($_POST['s'])) {
$s = $_POST['s'];
$nosession = 0;
}
elseif(isset($_GET['s']))
{
} elseif (isset($_GET['s'])) {
$s = $_GET['s'];
$nosession = 0;
}
else
{
} else {
$s = '';
$nosession = 1;
}
$timediff = time() - $settings['session']['sessiontimeout'];
$db->query('DELETE FROM `' . TABLE_PANEL_SESSIONS . '` WHERE `lastactivity` < "' . (int)$timediff . '"');
$userinfo = Array();
$userinfo = array();
if(isset($s)
if (isset($s)
&& $s != ""
&& $nosession != 1)
{
&& $nosession != 1
) {
ini_set("session.name", "s");
ini_set("url_rewriter.tags", "");
ini_set("session.use_cookies", false);
@@ -232,13 +221,10 @@ if(isset($s)
session_start();
$query = 'SELECT `s`.*, `u`.* FROM `' . TABLE_PANEL_SESSIONS . '` `s` LEFT JOIN `';
if(AREA == 'admin')
{
if (AREA == 'admin') {
$query.= TABLE_PANEL_ADMINS . '` `u` ON (`s`.`userid` = `u`.`adminid`)';
$adminsession = '1';
}
else
{
} else {
$query.= TABLE_PANEL_CUSTOMERS . '` `u` ON (`s`.`userid` = `u`.`customerid`)';
$adminsession = '0';
}
@@ -246,28 +232,23 @@ if(isset($s)
$query.= 'WHERE `s`.`hash`="' . $db->escape($s) . '" AND `s`.`ipaddress`="' . $db->escape($remote_addr) . '" AND `s`.`useragent`="' . $db->escape($http_user_agent) . '" AND `s`.`lastactivity` > "' . (int)$timediff . '" AND `s`.`adminsession` = "' . $db->escape($adminsession) . '"';
$userinfo = $db->query_first($query);
if((($userinfo['adminsession'] == '1' && AREA == 'admin' && isset($userinfo['adminid'])) || ($userinfo['adminsession'] == '0' && (AREA == 'customer' || AREA == 'login') && isset($userinfo['customerid'])))
&& (!isset($userinfo['deactivated']) || $userinfo['deactivated'] != '1'))
{
if ((($userinfo['adminsession'] == '1' && AREA == 'admin' && isset($userinfo['adminid'])) || ($userinfo['adminsession'] == '0' && (AREA == 'customer' || AREA == 'login') && isset($userinfo['customerid'])))
&& (!isset($userinfo['deactivated']) || $userinfo['deactivated'] != '1')
) {
$userinfo['newformtoken'] = strtolower(md5(uniqid(microtime(), 1)));
$query = 'UPDATE `' . TABLE_PANEL_SESSIONS . '` SET `lastactivity`="' . time() . '", `formtoken`="' . $userinfo['newformtoken'] . '" WHERE `hash`="' . $db->escape($s) . '" AND `adminsession` = "' . $db->escape($adminsession) . '"';
$db->query($query);
$nosession = 0;
}
else
{
} else {
$nosession = 1;
}
}
else
{
} else {
$nosession = 1;
}
/**
* Language Managament
*/
$langs = array();
$languages = array();
$iso = array();
@@ -277,8 +258,7 @@ $query = 'SELECT * FROM `' . TABLE_PANEL_LANGUAGE . '` ';
$result = $db->query($query);
// presort languages
while($row = $db->fetch_array($result))
{
while ($row = $db->fetch_array($result)) {
$langs[$row['language']][] = $row;
// check for row[iso] cause older froxlor
// versions didn't have that and it will
@@ -290,8 +270,7 @@ while($row = $db->fetch_array($result))
}
// buildup $languages for the login screen
foreach($langs as $key => $value)
{
foreach ($langs as $key => $value) {
$languages[$key] = $key;
}
@@ -335,19 +314,14 @@ if (isset($userinfo['language']) && isset($languages[$userinfo['language']])) {
}
}
// include every english language file we can get
foreach($langs['English'] as $key => $value)
{
foreach ($langs['English'] as $key => $value) {
include_once makeSecurePath($value['file']);
}
// now include the selected language if its not english
if($language != 'English')
{
foreach($langs[$language] as $key => $value)
{
if ($language != 'English') {
foreach ($langs[$language] as $key => $value) {
include_once makeSecurePath($value['file']);
}
}
@@ -356,7 +330,6 @@ if($language != 'English')
include_once makeSecurePath('lng/lng_references.php');
// Initialize our new link - class
$linker = new linker('index.php', $s);
/**
@@ -383,17 +356,14 @@ if (!file_exists('templates/'.$theme.'/index.tpl')) {
$hl_path = 'templates/'.$theme.'/assets/img';
$header_logo = $hl_path.'/logo.png';
if(file_exists($hl_path.'/logo_custom.png')) {
if (file_exists($hl_path.'/logo_custom.png')) {
$header_logo = $hl_path.'/logo_custom.png';
}
/**
* Redirects to index.php (login page) if no session exists
*/
if($nosession == 1
&& AREA != 'login')
{
if ($nosession == 1 && AREA != 'login') {
unset($userinfo);
redirectTo('index.php');
exit;
@@ -402,33 +372,24 @@ if($nosession == 1
/**
* Initialize Template Engine
*/
$templatecache = array();
/**
* Logic moved out of lng-file
*/
if(isset($userinfo['loginname'])
&& $userinfo['loginname'] != '')
{
if (isset($userinfo['loginname'])
&& $userinfo['loginname'] != ''
) {
$lng['menue']['main']['username'].= $userinfo['loginname'];
/**
* Initialize logging
*/
//Initialize logging
$log = FroxlorLogger::getInstanceOf($userinfo, $db, $settings);
}
/**
* Fills variables for navigation, header and footer
*/
if(AREA == 'admin' || AREA == 'customer')
{
if(hasUpdates($version))
{
if (AREA == 'admin' || AREA == 'customer') {
if (hasUpdates($version)) {
/*
* if froxlor-files have been updated
* but not yet configured by the admin
@@ -463,9 +424,7 @@ if(AREA == 'admin' || AREA == 'customer')
),
);
$navigation = buildNavigation($navigation_data['admin'], $userinfo);
}
else
{
} else {
$navigation_data = loadConfigArrayDir('lib/navigation/');
$navigation = buildNavigation($navigation_data[AREA], $userinfo);
}
@@ -478,39 +437,27 @@ eval("\$header = \"" . getTemplate('header', '1') . "\";");
$current_year = date('Y', time());
eval("\$footer = \"" . getTemplate('footer', '1') . "\";");
if(isset($_POST['action']))
{
if (isset($_POST['action'])) {
$action = $_POST['action'];
}
elseif(isset($_GET['action']))
{
} elseif(isset($_GET['action'])) {
$action = $_GET['action'];
}
else
{
} else {
$action = '';
// clear request data
if (isset($_SESSION)) {
unset($_SESSION['requestData']);
}
}
if(isset($_POST['page']))
{
if (isset($_POST['page'])) {
$page = $_POST['page'];
}
elseif(isset($_GET['page']))
{
} elseif(isset($_GET['page'])) {
$page = $_GET['page'];
}
else
{
} else {
$page = '';
}
if($page == '')
{
if ($page == '') {
$page = 'overview';
}
@@ -520,8 +467,7 @@ if($page == '')
$mail = new PHPMailer(true);
$mail->CharSet = "UTF-8";
if(PHPMailer::ValidateAddress($settings['panel']['adminmail']) !== false)
{
if (PHPMailer::ValidateAddress($settings['panel']['adminmail']) !== false) {
// set return-to address and custom sender-name, see #76
$mail->SetFrom($settings['panel']['adminmail'], $settings['panel']['adminmail_defname']);
if ($settings['panel']['adminmail_return'] != '') {

2
templates/Froxlor/misc/alreadyinstalledhint.tpl
View File

@@ -36,7 +36,7 @@
</div>
<footer>
<span>
Froxlor &copy; 2009-2010 by <a href="http://www.froxlor.org/" rel="external">the Froxlor Team</a>
Froxlor &copy; 2009-2013 by <a href="http://www.froxlor.org/" rel="external">the Froxlor Team</a>
</span>
</footer>
</body>

1
templates/Froxlor/misc/configurehint.tpl
View File

@@ -41,4 +41,3 @@
</footer>
</body>
</html>

48
templates/Froxlor/misc/ownershiphint.tpl Normal file
View File

@@ -0,0 +1,48 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="Default-Style" content="text/css" />
<link rel="stylesheet" href="templates/Froxlor/assets/css/main.css" />
<!--[if IE]><link rel="stylesheet" href="templates/Froxlor/assets/css/main_ie.css" /><![endif]-->
<!--[if lt IE 9]><script src="js/html5shiv.js"></script><![endif]-->
<script type="text/javascript" src="js/jquery.min.js"></script>
<script type="text/javascript" src="templates/Froxlor/assets/js/main.js"></script>
<link href="templates/Froxlor/assets/img/favicon.ico" rel="icon" type="image/x-icon" />
<title>Froxlor Server Management Panel - Installation</title>
<style type="text/css">
body {
font-family: Verdana, Geneva, sans-serif;
}
</style>
</head>
<body>
<div class="loginpage">
<article class="login bradius">
<header class="dark">
<img src="templates/Froxlor/assets/img/logo.png" alt="Froxlor Server Management Panel" />
</header>
<section class="loginsec">
<div class="errorcontainer bradius">
<div class="errortitle">Whoops!</div>
<div class="error">
<p>The configuration file <b>lib/userdata.inc.php</b> cannot be read from the webserver.</p>
<p>This mostly happens due to wrong ownership.<br />Try the following command to correct the ownership:</p>
<p><pre>chown -R <USER>:<GROUP> <FROXLOR_INSTALL_DIR></pre></p>
</div>
</div>
<p class="submit">
<a href="index.php" title="Click to refresh">Refresh</a>
</p>
</section>
</article>
</div>
<footer>
<span>
Froxlor &copy; 2009-2013 by <a href="http://www.froxlor.org/" rel="external">the Froxlor Team</a>
</span>
</footer>
</body>
</html>

3
templates/Sparkle/misc/alreadyinstalledhint.tpl vendored
View File

@@ -39,9 +39,8 @@
</div>
<footer>
<span>
Froxlor &copy; 2009-2010 by <a href="http://www.froxlor.org/" rel="external">the Froxlor Team</a>
Froxlor &copy; 2009-2013 by <a href="http://www.froxlor.org/" rel="external">the Froxlor Team</a>
</span>
</footer>
</body>
</html>

1
templates/Sparkle/misc/configurehint.tpl vendored
View File

@@ -42,4 +42,3 @@
</footer>
</body>
</html>

52
templates/Sparkle/misc/ownershiphint.tpl vendored Normal file
View File

@@ -0,0 +1,52 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="Default-Style" content="text/css" />
<link rel="stylesheet" href="templates/Sparkle/assets/css/main.css" />
<!--[if IE]><link rel="stylesheet" href="templates/Sparkle/assets/css/main_ie.css" /><![endif]-->
<!--[if lt IE 9]><script src="js/html5shiv.js"></script><![endif]-->
<script type="text/javascript" src="js/jquery.min.js"></script>
<script type="text/javascript" src="templates/Sparkle/assets/js/main.js"></script>
<link href="templates/Sparkle/assets/img/favicon.ico" rel="icon" type="image/x-icon" />
<title>Froxlor Server Management Panel - Installation</title>
<style type="text/css">
body {
font-family: Verdana, Geneva, sans-serif;
}
</style>
</head>
<body>
<div class="loginpage">
<article class="login bradius">
<header class="dark">
<img src="templates/Sparkle/assets/img/logo.png" alt="Froxlor Server Management Panel" />
</header>
<section class="loginsec">
<div class="errorcontainer bradius">
<div class="errortitle">Whoops!</div>
<div class="error">
<p>The configuration file <b>lib/userdata.inc.php</b> cannot be read from the webserver.</p>
<p>&nbsp;</p>
<p>This mostly happens due to wrong ownership.<br />Try the following command to correct the ownership:</p>
<p>&nbsp;</p>
<p><pre>chown -R <USER>:<GROUP> <FROXLOR_INSTALL_DIR></pre></p>
</div>
</div>
<aside class="right">
<a href="index.php" title="Click to refresh">Refresh</a>
</aside>
</section>
</article>
</div>
<footer>
<span>
Froxlor &copy; 2009-2013 by <a href="http://www.froxlor.org/" rel="external">the Froxlor Team</a>
</span>
</footer>
</body>
</html>