improved error-message on incorrect ownership of lib/userdata.inc.php; set correct copyright in hint-templates; beautify code in lib/init.php

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
2013-10-13 11:51:26 +02:00
parent 4785c19b62
commit 26885b0f35
7 changed files with 183 additions and 140 deletions
--- a/lib/init.php
+++ b/lib/init.php
@@ -34,8 +34,7 @@ header("X-Content-Security-Policy: allow 'self'; frame-ancestors 'none'");
 header('X-Frame-Options: DENY');
 // If Froxlor was called via HTTPS -> enforce it for the next time
-if(isset( $_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off' ))
+if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
 {
 	header('Strict-Transport-Security: max-age=500');
 }
@@ -44,8 +43,7 @@ if(isset( $_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off' ))
 header('X-Content-Type-Options: nosniff' );
 // ensure that default timezone is set
-if(function_exists("date_default_timezone_set") && function_exists("date_default_timezone_get"))
+if (function_exists("date_default_timezone_set") && function_exists("date_default_timezone_get")) {
 {
 	@date_default_timezone_set(@date_default_timezone_get());
 }
@@ -53,11 +51,8 @@ if(function_exists("date_default_timezone_set") && function_exists("date_default
 * Register Globals Security Fix
 * - unsetting every variable registered in $_REQUEST and as variable itself
 */
-
+foreach ($_REQUEST as $key => $value) {
-foreach($_REQUEST as $key => $value)
+	if (isset($$key)) {
 {
 	if(isset($$key))
 	{
 		unset($$key);
 	}
 }
@@ -65,39 +60,55 @@ foreach($_REQUEST as $key => $value)
 unset($_);
 unset($value);
 unset($key);
 $filename = basename($_SERVER['PHP_SELF']);
 // keep this for compatibility reasons
 $pathtophpfiles = dirname(dirname(__FILE__));
-if(!file_exists('lib/userdata.inc.php'))
+// define default theme for configurehint, etc.
-{
+$_deftheme = 'Sparkle';
-	$config_hint = file_get_contents('templates/Froxlor/misc/configurehint.tpl');
+
 define('FROXLOR_INSTALL_DIR', dirname(dirname(__FILE__)));
 // check whether the userdata file exists
 if (!file_exists(FROXLOR_INSTALL_DIR.'/lib/userdata.inc.php')) {
 	$config_hint = file_get_contents(FROXLOR_INSTALL_DIR.'/templates/'.$_deftheme.'/misc/configurehint.tpl');
 	die($config_hint);
 }
-if(!is_readable('lib/userdata.inc.php'))
+// check whether we can read the userdata file
-{
+if (!is_readable(FROXLOR_INSTALL_DIR.'/lib/userdata.inc.php')) {
-	die('You have to make the file "lib/userdata.inc.php" readable for the http-process!');
+	// get possible owner
 	$posixusername = posix_getpwuid(posix_getuid());
 	$posixgroup = posix_getgrgid(posix_getgid());
 	// get hint-template
 	$owner_hint = file_get_contents(FROXLOR_INSTALL_DIR.'/templates/'.$_deftheme.'/misc/ownershiphint.tpl');
 	// replace values
 	$owner_hint = str_replace("<USER>", $posixusername['name'], $owner_hint);
 	$owner_hint = str_replace("<GROUP>", $posixgroup['name'], $owner_hint);
 	$owner_hint = str_replace("<FROXLOR_INSTALL_DIR>", FROXLOR_INSTALL_DIR, $owner_hint);
 	// show
 	die($owner_hint);
 }
 define('FROXLOR_INSTALL_DIR', dirname(dirname(__FILE__)));
 /**
 * Includes the Usersettings eg. MySQL-Username/Passwort etc.
 */
 require (FROXLOR_INSTALL_DIR.'/lib/userdata.inc.php');
-require ('lib/userdata.inc.php');
+if (!isset($sql)
-
+   || !is_array($sql)
-if(!isset($sql)
+) {
-   || !is_array($sql))
+	$config_hint = file_get_contents(FROXLOR_INSTALL_DIR.'/templates/'.$_deftheme.'/misc/configurehint.tpl');
 {
 	$config_hint = file_get_contents('templates/Froxlor/misc/configurehint.tpl');
 	die($config_hint);
 }
 // Legacy sql-root-information
-if(isset($sql['root_user']) && isset($sql['root_password']) && (!isset($sql_root) || !is_array($sql_root)))
+if (isset($sql['root_user'])
-{
+	&& isset($sql['root_password'])
 	&& (!isset($sql_root) || !is_array($sql_root))
 ) {
 	$sql_root = array(0 => array('caption' => 'Default', 'host' => $sql['host'], 'user' => $sql['root_user'], 'password' => $sql['root_password']));
 	unset($sql['root_user']);
 	unset($sql['root_password']);
@@ -106,33 +117,27 @@ if(isset($sql['root_user']) && isset($sql['root_password']) && (!isset($sql_root
 /**
 * Includes the Functions
 */
-
+require (FROXLOR_INSTALL_DIR.'/lib/functions.php');
 require ('lib/functions.php');
 /**
 * Includes the MySQL-Tabledefinitions etc.
 */
-
+require (FROXLOR_INSTALL_DIR.'/lib/tables.inc.php');
 require ('lib/tables.inc.php');
 /**
 * Includes the MySQL-Connection-Class
 */
 $db = new db($sql['host'], $sql['user'], $sql['password'], $sql['db']);
 unset($sql['password']);
 // we will try to unset most of the $sql information if they are not needed
 // by the calling script.
-
+if (!isset($need_db_sql_data) || $need_db_sql_data !== true) {
 if(!isset($need_db_sql_data) || $need_db_sql_data !== true)
 {
 	unset($sql);
 	$sql = array();
 }
-if(!isset($need_root_db_sql_data) || $need_root_db_sql_data !== true)
+if (!isset($need_root_db_sql_data) || $need_root_db_sql_data !== true) {
 {
 	unset($sql_root);
 	$sql_root = array();
 }
@@ -140,14 +145,12 @@ if(!isset($need_root_db_sql_data) || $need_root_db_sql_data !== true)
 /**
 * Create a new idna converter
 */
 $idna_convert = new idna_convert_wrapper();
 /**
 * disable magic_quotes_runtime if enabled
 */
-if(get_magic_quotes_runtime())
+if (get_magic_quotes_runtime()) {
 {
 	//Deactivate
 	set_magic_quotes_runtime(false);
 }
@@ -155,39 +158,30 @@ if(get_magic_quotes_runtime())
 /**
 * Reverse magic_quotes_gpc=on to have clean GPC data again
 */
-
+if (get_magic_quotes_gpc()) {
 if(get_magic_quotes_gpc())
 {
 	$in = array(&$_GET, &$_POST, &$_COOKIE);
-	while(list($k, $v) = each($in))
+	while (list($k, $v) = each($in)) {
-	{
+		foreach ($v as $key => $val) {
-		foreach($v as $key => $val)
+			if (!is_array($val)) {
 		{
 			if(!is_array($val))
 			{
 				$in[$k][$key] = stripslashes($val);
 				continue;
 			}
 			$in[] = & $in[$k][$key];
 		}
 	}
 	unset($in);
 }
 /**
 * Selects settings from MySQL-Table
 */
 $settings_data = loadConfigArrayDir('actions/admin/settings/');
 $settings = loadSettings($settings_data, $db);
 /**
 * SESSION MANAGEMENT
 */
 $remote_addr = $_SERVER['REMOTE_ADDR'];
 if (empty($_SERVER['HTTP_USER_AGENT'])) {
@@ -201,30 +195,25 @@ unset($customerid);
 unset($adminid);
 unset($s);
-if(isset($_POST['s']))
+if (isset($_POST['s'])) {
 {
 	$s = $_POST['s'];
 	$nosession = 0;
-}
+} elseif (isset($_GET['s'])) {
 elseif(isset($_GET['s']))
 {
 	$s = $_GET['s'];
 	$nosession = 0;
-}
+} else {
 else
 {
 	$s = '';
 	$nosession = 1;
 }
 $timediff = time() - $settings['session']['sessiontimeout'];
 $db->query('DELETE FROM `' . TABLE_PANEL_SESSIONS . '` WHERE `lastactivity` < "' . (int)$timediff . '"');
-$userinfo = Array();
+$userinfo = array();
-if(isset($s)
+if (isset($s)
   && $s != ""
-   && $nosession != 1)
+   && $nosession != 1
-{
+) {
 	ini_set("session.name", "s");
 	ini_set("url_rewriter.tags", "");
 	ini_set("session.use_cookies", false);
@@ -232,13 +221,10 @@ if(isset($s)
 	session_start();
 	$query = 'SELECT `s`.*, `u`.* FROM `' . TABLE_PANEL_SESSIONS . '` `s` LEFT JOIN `';
-	if(AREA == 'admin')
+	if (AREA == 'admin') {
 	{
 		$query.= TABLE_PANEL_ADMINS . '` `u` ON (`s`.`userid` = `u`.`adminid`)';
 		$adminsession = '1';
-	}
+	} else {
 	else
 	{
 		$query.= TABLE_PANEL_CUSTOMERS . '` `u` ON (`s`.`userid` = `u`.`customerid`)';
 		$adminsession = '0';
 	}
@@ -246,28 +232,23 @@ if(isset($s)
 	$query.= 'WHERE `s`.`hash`="' . $db->escape($s) . '" AND `s`.`ipaddress`="' . $db->escape($remote_addr) . '" AND `s`.`useragent`="' . $db->escape($http_user_agent) . '" AND `s`.`lastactivity` > "' . (int)$timediff . '" AND `s`.`adminsession` = "' . $db->escape($adminsession) . '"';
 	$userinfo = $db->query_first($query);
-	if((($userinfo['adminsession'] == '1' && AREA == 'admin' && isset($userinfo['adminid'])) || ($userinfo['adminsession'] == '0' && (AREA == 'customer' || AREA == 'login') && isset($userinfo['customerid'])))
+	if ((($userinfo['adminsession'] == '1' && AREA == 'admin' && isset($userinfo['adminid'])) || ($userinfo['adminsession'] == '0' && (AREA == 'customer' || AREA == 'login') && isset($userinfo['customerid'])))
-	   && (!isset($userinfo['deactivated']) || $userinfo['deactivated'] != '1'))
+	   && (!isset($userinfo['deactivated']) || $userinfo['deactivated'] != '1')
-	{
+	) {
 		$userinfo['newformtoken'] = strtolower(md5(uniqid(microtime(), 1)));
 		$query = 'UPDATE `' . TABLE_PANEL_SESSIONS . '` SET `lastactivity`="' . time() . '", `formtoken`="' . $userinfo['newformtoken'] . '" WHERE `hash`="' . $db->escape($s) . '" AND `adminsession` = "' . $db->escape($adminsession) . '"';
 		$db->query($query);
 		$nosession = 0;
-	}
+	} else {
 	else
 	{
 		$nosession = 1;
 	}
-}
+} else {
 else
 {
 	$nosession = 1;
 }
 /**
 * Language Managament
 */
 $langs = array();
 $languages = array();
 $iso = array();
@@ -277,8 +258,7 @@ $query = 'SELECT * FROM `' . TABLE_PANEL_LANGUAGE . '` ';
 $result = $db->query($query);
 // presort languages
-while($row = $db->fetch_array($result))
+while ($row = $db->fetch_array($result)) {
 {
 	$langs[$row['language']][] = $row;
 	// check for row[iso] cause older froxlor
 	// versions didn't have that and it will
@@ -290,8 +270,7 @@ while($row = $db->fetch_array($result))
 }
 // buildup $languages for the login screen
-foreach($langs as $key => $value)
+foreach ($langs as $key => $value) {
 {
 	$languages[$key] = $key;
 }
@@ -335,19 +314,14 @@ if (isset($userinfo['language']) && isset($languages[$userinfo['language']])) {
 	}
 }
 // include every english language file we can get
-foreach($langs['English'] as $key => $value)
+foreach ($langs['English'] as $key => $value) {
 {
 	include_once makeSecurePath($value['file']);
 }
 // now include the selected language if its not english
-
+if ($language != 'English') {
-if($language != 'English')
+	foreach ($langs[$language] as $key => $value) {
 {
 	foreach($langs[$language] as $key => $value)
 	{
 		include_once makeSecurePath($value['file']);
 	}
 }
@@ -356,7 +330,6 @@ if($language != 'English')
 include_once makeSecurePath('lng/lng_references.php');
 // Initialize our new link - class
 $linker = new linker('index.php', $s);
 /**
@@ -383,17 +356,14 @@ if (!file_exists('templates/'.$theme.'/index.tpl')) {
 $hl_path = 'templates/'.$theme.'/assets/img';
 $header_logo = $hl_path.'/logo.png';
-if(file_exists($hl_path.'/logo_custom.png')) {
+if (file_exists($hl_path.'/logo_custom.png')) {
 	$header_logo = $hl_path.'/logo_custom.png';
 }
 /**
 * Redirects to index.php (login page) if no session exists
 */
-
+if ($nosession == 1 && AREA != 'login') {
 if($nosession == 1
   && AREA != 'login')
 {
 	unset($userinfo);
 	redirectTo('index.php');
 	exit;
@@ -402,33 +372,24 @@ if($nosession == 1
 /**
 * Initialize Template Engine
 */
 $templatecache = array();
 /**
 * Logic moved out of lng-file
 */
-
+if (isset($userinfo['loginname'])
-if(isset($userinfo['loginname'])
+   && $userinfo['loginname'] != ''
-   && $userinfo['loginname'] != '')
+) {
 {
 	$lng['menue']['main']['username'].= $userinfo['loginname'];
-
+	//Initialize logging
 	/**
 	 * Initialize logging
 	 */
 	$log = FroxlorLogger::getInstanceOf($userinfo, $db, $settings);
 }
 /**
 * Fills variables for navigation, header and footer
 */
-
+if (AREA == 'admin' || AREA == 'customer') {
-if(AREA == 'admin' || AREA == 'customer')
+	if (hasUpdates($version)) {
 {
 	if(hasUpdates($version))
 	{
 		/*
 		 * if froxlor-files have been updated
 		 * but not yet configured by the admin
@@ -463,9 +424,7 @@ if(AREA == 'admin' || AREA == 'customer')
 			),
 		);
 		$navigation = buildNavigation($navigation_data['admin'], $userinfo);
-	}
+	} else {
 	else
 	{
 		$navigation_data = loadConfigArrayDir('lib/navigation/');
 		$navigation = buildNavigation($navigation_data[AREA], $userinfo);
 	}
@@ -478,39 +437,27 @@ eval("\$header = \"" . getTemplate('header', '1') . "\";");
 $current_year = date('Y', time());
 eval("\$footer = \"" . getTemplate('footer', '1') . "\";");
-if(isset($_POST['action']))
+if (isset($_POST['action'])) {
 {
 	$action = $_POST['action'];
-}
+} elseif(isset($_GET['action'])) {
 elseif(isset($_GET['action']))
 {
 	$action = $_GET['action'];
-}
+} else {
 else
 {
 	$action = '';
 	// clear request data
 	if (isset($_SESSION)) {
 		unset($_SESSION['requestData']);
 	}
 }
-if(isset($_POST['page']))
+if (isset($_POST['page'])) {
 {
 	$page = $_POST['page'];
-}
+} elseif(isset($_GET['page'])) {
 elseif(isset($_GET['page']))
 {
 	$page = $_GET['page'];
-}
+} else {
 else
 {
 	$page = '';
 }
-if($page == '')
+if ($page == '') {
 {
 	$page = 'overview';
 }
@@ -520,8 +467,7 @@ if($page == '')
 $mail = new PHPMailer(true);
 $mail->CharSet = "UTF-8";
-if(PHPMailer::ValidateAddress($settings['panel']['adminmail']) !== false)
+if (PHPMailer::ValidateAddress($settings['panel']['adminmail']) !== false) {
 {
 	// set return-to address and custom sender-name, see #76
 	$mail->SetFrom($settings['panel']['adminmail'], $settings['panel']['adminmail_defname']);
 	if ($settings['panel']['adminmail_return'] != '') {
--- a/templates/Froxlor/misc/alreadyinstalledhint.tpl
+++ b/templates/Froxlor/misc/alreadyinstalledhint.tpl
@@ -36,7 +36,7 @@
 </div>
 <footer>
 	<span>
-		Froxlor &copy; 2009-2010 by <a href="http://www.froxlor.org/" rel="external">the Froxlor Team</a>
+		Froxlor &copy; 2009-2013 by <a href="http://www.froxlor.org/" rel="external">the Froxlor Team</a>
 	</span>
 </footer>
 </body>
--- a/templates/Froxlor/misc/configurehint.tpl
+++ b/templates/Froxlor/misc/configurehint.tpl
@@ -41,4 +41,3 @@
 </footer>
 </body>
 </html>
--- a/templates/Froxlor/misc/ownershiphint.tpl
+++ b/templates/Froxlor/misc/ownershiphint.tpl
@@ -0,0 +1,48 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
 	<meta charset="utf-8" />
 	<meta http-equiv="Default-Style" content="text/css" />
 	<link rel="stylesheet" href="templates/Froxlor/assets/css/main.css" />
 	<!--[if IE]><link rel="stylesheet" href="templates/Froxlor/assets/css/main_ie.css" /><![endif]-->
 	<!--[if lt IE 9]><script src="js/html5shiv.js"></script><![endif]-->
 	<script type="text/javascript" src="js/jquery.min.js"></script>
 	<script type="text/javascript" src="templates/Froxlor/assets/js/main.js"></script>
 	<link href="templates/Froxlor/assets/img/favicon.ico" rel="icon" type="image/x-icon" />
 	<title>Froxlor Server Management Panel - Installation</title>
 	<style type="text/css">
 	body {
        font-family: Verdana, Geneva, sans-serif;
 	}
 	</style>
 </head>
 <body>
 <div class="loginpage">
 	<article class="login bradius">
 		<header class="dark">
 			<img src="templates/Froxlor/assets/img/logo.png" alt="Froxlor Server Management Panel" />
 		</header>
 		<section class="loginsec">
 			<div class="errorcontainer bradius">
 				<div class="errortitle">Whoops!</div>
 				<div class="error">
 					<p>The configuration file <b>lib/userdata.inc.php</b> cannot be read from the webserver.</p>
 					<p>This mostly happens due to wrong ownership.<br />Try the following command to correct the ownership:</p>
 					<p><pre>chown -R <USER>:<GROUP> <FROXLOR_INSTALL_DIR></pre></p>
 				</div>
 			</div>
 			<p class="submit">
 				<a href="index.php" title="Click to refresh">Refresh</a>
 			</p>
 		</section>
 	</article>
 </div>
 <footer>
 	<span>
 		Froxlor &copy; 2009-2013 by <a href="http://www.froxlor.org/" rel="external">the Froxlor Team</a>
 	</span>
 </footer>
 </body>
 </html>
--- a/templates/Sparkle/misc/alreadyinstalledhint.tpl
+++ b/templates/Sparkle/misc/alreadyinstalledhint.tpl
@@ -39,9 +39,8 @@
 </div>
 <footer>
 	<span>
-		Froxlor &copy; 2009-2010 by <a href="http://www.froxlor.org/" rel="external">the Froxlor Team</a>
+		Froxlor &copy; 2009-2013 by <a href="http://www.froxlor.org/" rel="external">the Froxlor Team</a>
 	</span>
 </footer>
 </body>
 </html>
--- a/templates/Sparkle/misc/configurehint.tpl
+++ b/templates/Sparkle/misc/configurehint.tpl
@@ -42,4 +42,3 @@
 </footer>
 </body>
 </html>
--- a/templates/Sparkle/misc/ownershiphint.tpl
+++ b/templates/Sparkle/misc/ownershiphint.tpl
@@ -0,0 +1,52 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
 	<meta charset="utf-8" />
 	<meta http-equiv="Default-Style" content="text/css" />
 	<link rel="stylesheet" href="templates/Sparkle/assets/css/main.css" />
 	<!--[if IE]><link rel="stylesheet" href="templates/Sparkle/assets/css/main_ie.css" /><![endif]-->
 	<!--[if lt IE 9]><script src="js/html5shiv.js"></script><![endif]-->
 	<script type="text/javascript" src="js/jquery.min.js"></script>
 	<script type="text/javascript" src="templates/Sparkle/assets/js/main.js"></script>
 	<link href="templates/Sparkle/assets/img/favicon.ico" rel="icon" type="image/x-icon" />
 	<title>Froxlor Server Management Panel - Installation</title>
 	<style type="text/css">
 	body {
        font-family: Verdana, Geneva, sans-serif;
 	}
 	</style>
 </head>
 <body>
 <div class="loginpage">
 	<article class="login bradius">
 		<header class="dark">
 			<img src="templates/Sparkle/assets/img/logo.png" alt="Froxlor Server Management Panel" />
 		</header>
 		<section class="loginsec">
 			<div class="errorcontainer bradius">
 				<div class="errortitle">Whoops!</div>
 				<div class="error">
 					<p>The configuration file <b>lib/userdata.inc.php</b> cannot be read from the webserver.</p>
 					<p>&nbsp;</p>
 					<p>This mostly happens due to wrong ownership.<br />Try the following command to correct the ownership:</p>
 					<p>&nbsp;</p>
 					<p><pre>chown -R <USER>:<GROUP> <FROXLOR_INSTALL_DIR></pre></p>
 				</div>
 			</div>
 			<aside class="right">
 				<a href="index.php" title="Click to refresh">Refresh</a>
 			</aside>
 		</section>
 	</article>
 </div>
 <footer>
 	<span>
 		Froxlor &copy; 2009-2013 by <a href="http://www.froxlor.org/" rel="external">the Froxlor Team</a>
 	</span>
 </footer>
 </body>
 </html>