diff --git a/lib/init.php b/lib/init.php index cca75f17..1c6598c3 100644 --- a/lib/init.php +++ b/lib/init.php @@ -34,8 +34,7 @@ header("X-Content-Security-Policy: allow 'self'; frame-ancestors 'none'"); header('X-Frame-Options: DENY'); // If Froxlor was called via HTTPS -> enforce it for the next time -if(isset( $_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off' )) -{ +if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) { header('Strict-Transport-Security: max-age=500'); } @@ -44,8 +43,7 @@ if(isset( $_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off' )) header('X-Content-Type-Options: nosniff' ); // ensure that default timezone is set -if(function_exists("date_default_timezone_set") && function_exists("date_default_timezone_get")) -{ +if (function_exists("date_default_timezone_set") && function_exists("date_default_timezone_get")) { @date_default_timezone_set(@date_default_timezone_get()); } @@ -53,11 +51,8 @@ if(function_exists("date_default_timezone_set") && function_exists("date_default * Register Globals Security Fix * - unsetting every variable registered in $_REQUEST and as variable itself */ - -foreach($_REQUEST as $key => $value) -{ - if(isset($$key)) - { +foreach ($_REQUEST as $key => $value) { + if (isset($$key)) { unset($$key); } } @@ -65,39 +60,55 @@ foreach($_REQUEST as $key => $value) unset($_); unset($value); unset($key); + $filename = basename($_SERVER['PHP_SELF']); +// keep this for compatibility reasons $pathtophpfiles = dirname(dirname(__FILE__)); -if(!file_exists('lib/userdata.inc.php')) -{ - $config_hint = file_get_contents('templates/Froxlor/misc/configurehint.tpl'); +// define default theme for configurehint, etc. +$_deftheme = 'Sparkle'; + +define('FROXLOR_INSTALL_DIR', dirname(dirname(__FILE__))); + +// check whether the userdata file exists +if (!file_exists(FROXLOR_INSTALL_DIR.'/lib/userdata.inc.php')) { + $config_hint = file_get_contents(FROXLOR_INSTALL_DIR.'/templates/'.$_deftheme.'/misc/configurehint.tpl'); die($config_hint); } -if(!is_readable('lib/userdata.inc.php')) -{ - die('You have to make the file "lib/userdata.inc.php" readable for the http-process!'); +// check whether we can read the userdata file +if (!is_readable(FROXLOR_INSTALL_DIR.'/lib/userdata.inc.php')) { + // get possible owner + $posixusername = posix_getpwuid(posix_getuid()); + $posixgroup = posix_getgrgid(posix_getgid()); + // get hint-template + $owner_hint = file_get_contents(FROXLOR_INSTALL_DIR.'/templates/'.$_deftheme.'/misc/ownershiphint.tpl'); + // replace values + $owner_hint = str_replace("", $posixusername['name'], $owner_hint); + $owner_hint = str_replace("", $posixgroup['name'], $owner_hint); + $owner_hint = str_replace("", FROXLOR_INSTALL_DIR, $owner_hint); + // show + die($owner_hint); } -define('FROXLOR_INSTALL_DIR', dirname(dirname(__FILE__))); - /** * Includes the Usersettings eg. MySQL-Username/Passwort etc. */ +require (FROXLOR_INSTALL_DIR.'/lib/userdata.inc.php'); -require ('lib/userdata.inc.php'); - -if(!isset($sql) - || !is_array($sql)) -{ - $config_hint = file_get_contents('templates/Froxlor/misc/configurehint.tpl'); +if (!isset($sql) + || !is_array($sql) +) { + $config_hint = file_get_contents(FROXLOR_INSTALL_DIR.'/templates/'.$_deftheme.'/misc/configurehint.tpl'); die($config_hint); } // Legacy sql-root-information -if(isset($sql['root_user']) && isset($sql['root_password']) && (!isset($sql_root) || !is_array($sql_root))) -{ +if (isset($sql['root_user']) + && isset($sql['root_password']) + && (!isset($sql_root) || !is_array($sql_root)) +) { $sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'user' => $sql['root_user'], 'password' => $sql['root_password'])); unset($sql['root_user']); unset($sql['root_password']); @@ -106,33 +117,27 @@ if(isset($sql['root_user']) && isset($sql['root_password']) && (!isset($sql_root /** * Includes the Functions */ - -require ('lib/functions.php'); +require (FROXLOR_INSTALL_DIR.'/lib/functions.php'); /** * Includes the MySQL-Tabledefinitions etc. */ - -require ('lib/tables.inc.php'); +require (FROXLOR_INSTALL_DIR.'/lib/tables.inc.php'); /** * Includes the MySQL-Connection-Class */ - $db = new db($sql['host'], $sql['user'], $sql['password'], $sql['db']); unset($sql['password']); // we will try to unset most of the $sql information if they are not needed // by the calling script. - -if(!isset($need_db_sql_data) || $need_db_sql_data !== true) -{ +if (!isset($need_db_sql_data) || $need_db_sql_data !== true) { unset($sql); $sql = array(); } -if(!isset($need_root_db_sql_data) || $need_root_db_sql_data !== true) -{ +if (!isset($need_root_db_sql_data) || $need_root_db_sql_data !== true) { unset($sql_root); $sql_root = array(); } @@ -140,14 +145,12 @@ if(!isset($need_root_db_sql_data) || $need_root_db_sql_data !== true) /** * Create a new idna converter */ - $idna_convert = new idna_convert_wrapper(); /** * disable magic_quotes_runtime if enabled */ -if(get_magic_quotes_runtime()) -{ +if (get_magic_quotes_runtime()) { //Deactivate set_magic_quotes_runtime(false); } @@ -155,39 +158,30 @@ if(get_magic_quotes_runtime()) /** * Reverse magic_quotes_gpc=on to have clean GPC data again */ - -if(get_magic_quotes_gpc()) -{ +if (get_magic_quotes_gpc()) { $in = array(&$_GET, &$_POST, &$_COOKIE); - while(list($k, $v) = each($in)) - { - foreach($v as $key => $val) - { - if(!is_array($val)) - { + while (list($k, $v) = each($in)) { + foreach ($v as $key => $val) { + if (!is_array($val)) { $in[$k][$key] = stripslashes($val); continue; } - $in[] = & $in[$k][$key]; } } - unset($in); } /** * Selects settings from MySQL-Table */ - $settings_data = loadConfigArrayDir('actions/admin/settings/'); $settings = loadSettings($settings_data, $db); /** * SESSION MANAGEMENT */ - $remote_addr = $_SERVER['REMOTE_ADDR']; if (empty($_SERVER['HTTP_USER_AGENT'])) { @@ -201,30 +195,25 @@ unset($customerid); unset($adminid); unset($s); -if(isset($_POST['s'])) -{ +if (isset($_POST['s'])) { $s = $_POST['s']; $nosession = 0; -} -elseif(isset($_GET['s'])) -{ +} elseif (isset($_GET['s'])) { $s = $_GET['s']; $nosession = 0; -} -else -{ +} else { $s = ''; $nosession = 1; } $timediff = time() - $settings['session']['sessiontimeout']; $db->query('DELETE FROM `' . TABLE_PANEL_SESSIONS . '` WHERE `lastactivity` < "' . (int)$timediff . '"'); -$userinfo = Array(); +$userinfo = array(); -if(isset($s) +if (isset($s) && $s != "" - && $nosession != 1) -{ + && $nosession != 1 +) { ini_set("session.name", "s"); ini_set("url_rewriter.tags", ""); ini_set("session.use_cookies", false); @@ -232,13 +221,10 @@ if(isset($s) session_start(); $query = 'SELECT `s`.*, `u`.* FROM `' . TABLE_PANEL_SESSIONS . '` `s` LEFT JOIN `'; - if(AREA == 'admin') - { + if (AREA == 'admin') { $query.= TABLE_PANEL_ADMINS . '` `u` ON (`s`.`userid` = `u`.`adminid`)'; $adminsession = '1'; - } - else - { + } else { $query.= TABLE_PANEL_CUSTOMERS . '` `u` ON (`s`.`userid` = `u`.`customerid`)'; $adminsession = '0'; } @@ -246,28 +232,23 @@ if(isset($s) $query.= 'WHERE `s`.`hash`="' . $db->escape($s) . '" AND `s`.`ipaddress`="' . $db->escape($remote_addr) . '" AND `s`.`useragent`="' . $db->escape($http_user_agent) . '" AND `s`.`lastactivity` > "' . (int)$timediff . '" AND `s`.`adminsession` = "' . $db->escape($adminsession) . '"'; $userinfo = $db->query_first($query); - if((($userinfo['adminsession'] == '1' && AREA == 'admin' && isset($userinfo['adminid'])) || ($userinfo['adminsession'] == '0' && (AREA == 'customer' || AREA == 'login') && isset($userinfo['customerid']))) - && (!isset($userinfo['deactivated']) || $userinfo['deactivated'] != '1')) - { + if ((($userinfo['adminsession'] == '1' && AREA == 'admin' && isset($userinfo['adminid'])) || ($userinfo['adminsession'] == '0' && (AREA == 'customer' || AREA == 'login') && isset($userinfo['customerid']))) + && (!isset($userinfo['deactivated']) || $userinfo['deactivated'] != '1') + ) { $userinfo['newformtoken'] = strtolower(md5(uniqid(microtime(), 1))); $query = 'UPDATE `' . TABLE_PANEL_SESSIONS . '` SET `lastactivity`="' . time() . '", `formtoken`="' . $userinfo['newformtoken'] . '" WHERE `hash`="' . $db->escape($s) . '" AND `adminsession` = "' . $db->escape($adminsession) . '"'; $db->query($query); $nosession = 0; - } - else - { + } else { $nosession = 1; } -} -else -{ +} else { $nosession = 1; } /** * Language Managament */ - $langs = array(); $languages = array(); $iso = array(); @@ -277,8 +258,7 @@ $query = 'SELECT * FROM `' . TABLE_PANEL_LANGUAGE . '` '; $result = $db->query($query); // presort languages -while($row = $db->fetch_array($result)) -{ +while ($row = $db->fetch_array($result)) { $langs[$row['language']][] = $row; // check for row[iso] cause older froxlor // versions didn't have that and it will @@ -290,8 +270,7 @@ while($row = $db->fetch_array($result)) } // buildup $languages for the login screen -foreach($langs as $key => $value) -{ +foreach ($langs as $key => $value) { $languages[$key] = $key; } @@ -335,19 +314,14 @@ if (isset($userinfo['language']) && isset($languages[$userinfo['language']])) { } } - // include every english language file we can get -foreach($langs['English'] as $key => $value) -{ +foreach ($langs['English'] as $key => $value) { include_once makeSecurePath($value['file']); } // now include the selected language if its not english - -if($language != 'English') -{ - foreach($langs[$language] as $key => $value) - { +if ($language != 'English') { + foreach ($langs[$language] as $key => $value) { include_once makeSecurePath($value['file']); } } @@ -356,7 +330,6 @@ if($language != 'English') include_once makeSecurePath('lng/lng_references.php'); // Initialize our new link - class - $linker = new linker('index.php', $s); /** @@ -383,17 +356,14 @@ if (!file_exists('templates/'.$theme.'/index.tpl')) { $hl_path = 'templates/'.$theme.'/assets/img'; $header_logo = $hl_path.'/logo.png'; -if(file_exists($hl_path.'/logo_custom.png')) { +if (file_exists($hl_path.'/logo_custom.png')) { $header_logo = $hl_path.'/logo_custom.png'; } /** * Redirects to index.php (login page) if no session exists */ - -if($nosession == 1 - && AREA != 'login') -{ +if ($nosession == 1 && AREA != 'login') { unset($userinfo); redirectTo('index.php'); exit; @@ -402,33 +372,24 @@ if($nosession == 1 /** * Initialize Template Engine */ - $templatecache = array(); /** * Logic moved out of lng-file */ - -if(isset($userinfo['loginname']) - && $userinfo['loginname'] != '') -{ +if (isset($userinfo['loginname']) + && $userinfo['loginname'] != '' +) { $lng['menue']['main']['username'].= $userinfo['loginname']; - - /** - * Initialize logging - */ - + //Initialize logging $log = FroxlorLogger::getInstanceOf($userinfo, $db, $settings); } /** * Fills variables for navigation, header and footer */ - -if(AREA == 'admin' || AREA == 'customer') -{ - if(hasUpdates($version)) - { +if (AREA == 'admin' || AREA == 'customer') { + if (hasUpdates($version)) { /* * if froxlor-files have been updated * but not yet configured by the admin @@ -463,9 +424,7 @@ if(AREA == 'admin' || AREA == 'customer') ), ); $navigation = buildNavigation($navigation_data['admin'], $userinfo); - } - else - { + } else { $navigation_data = loadConfigArrayDir('lib/navigation/'); $navigation = buildNavigation($navigation_data[AREA], $userinfo); } @@ -478,39 +437,27 @@ eval("\$header = \"" . getTemplate('header', '1') . "\";"); $current_year = date('Y', time()); eval("\$footer = \"" . getTemplate('footer', '1') . "\";"); -if(isset($_POST['action'])) -{ +if (isset($_POST['action'])) { $action = $_POST['action']; -} -elseif(isset($_GET['action'])) -{ +} elseif(isset($_GET['action'])) { $action = $_GET['action']; -} -else -{ +} else { $action = ''; - // clear request data if (isset($_SESSION)) { unset($_SESSION['requestData']); } } -if(isset($_POST['page'])) -{ +if (isset($_POST['page'])) { $page = $_POST['page']; -} -elseif(isset($_GET['page'])) -{ +} elseif(isset($_GET['page'])) { $page = $_GET['page']; -} -else -{ +} else { $page = ''; } -if($page == '') -{ +if ($page == '') { $page = 'overview'; } @@ -520,8 +467,7 @@ if($page == '') $mail = new PHPMailer(true); $mail->CharSet = "UTF-8"; -if(PHPMailer::ValidateAddress($settings['panel']['adminmail']) !== false) -{ +if (PHPMailer::ValidateAddress($settings['panel']['adminmail']) !== false) { // set return-to address and custom sender-name, see #76 $mail->SetFrom($settings['panel']['adminmail'], $settings['panel']['adminmail_defname']); if ($settings['panel']['adminmail_return'] != '') { diff --git a/templates/Froxlor/misc/alreadyinstalledhint.tpl b/templates/Froxlor/misc/alreadyinstalledhint.tpl index c77d7aac..18b725e6 100644 --- a/templates/Froxlor/misc/alreadyinstalledhint.tpl +++ b/templates/Froxlor/misc/alreadyinstalledhint.tpl @@ -36,7 +36,7 @@ diff --git a/templates/Froxlor/misc/configurehint.tpl b/templates/Froxlor/misc/configurehint.tpl index 4cb01e22..7c2f8f62 100644 --- a/templates/Froxlor/misc/configurehint.tpl +++ b/templates/Froxlor/misc/configurehint.tpl @@ -41,4 +41,3 @@ - diff --git a/templates/Froxlor/misc/ownershiphint.tpl b/templates/Froxlor/misc/ownershiphint.tpl new file mode 100644 index 00000000..26e49e7a --- /dev/null +++ b/templates/Froxlor/misc/ownershiphint.tpl @@ -0,0 +1,48 @@ + + + + + + + + + + + + Froxlor Server Management Panel - Installation + + + +
+ +
+ + + diff --git a/templates/Sparkle/misc/alreadyinstalledhint.tpl b/templates/Sparkle/misc/alreadyinstalledhint.tpl index e2baaff7..5c056e8e 100644 --- a/templates/Sparkle/misc/alreadyinstalledhint.tpl +++ b/templates/Sparkle/misc/alreadyinstalledhint.tpl @@ -39,9 +39,8 @@ - diff --git a/templates/Sparkle/misc/configurehint.tpl b/templates/Sparkle/misc/configurehint.tpl index 2c806055..b377ed17 100644 --- a/templates/Sparkle/misc/configurehint.tpl +++ b/templates/Sparkle/misc/configurehint.tpl @@ -42,4 +42,3 @@ - diff --git a/templates/Sparkle/misc/ownershiphint.tpl b/templates/Sparkle/misc/ownershiphint.tpl new file mode 100644 index 00000000..dd9838a5 --- /dev/null +++ b/templates/Sparkle/misc/ownershiphint.tpl @@ -0,0 +1,52 @@ + + + + + + + + + + + + Froxlor Server Management Panel - Installation + + + +
+ + + +
+ + +