mirror of
https://github.com/icecoder/ICEcoder.git
synced 2026-02-20 01:51:18 +01:00
246 lines
8.6 KiB
PHP
246 lines
8.6 KiB
PHP
<?php
|
|
// Don't display, but log all errors
|
|
ini_set('display_errors', 0);
|
|
ini_set('log_errors', 1);
|
|
ini_set('error_log', dirname(__FILE__).'/../error-log.txt');
|
|
error_reporting(-1);
|
|
|
|
// Set our default timezone and supress warning with @
|
|
@date_default_timezone_set(date_default_timezone_get());
|
|
|
|
// Set a stream context timeout for file reading
|
|
$context = stream_context_create(array('http'=>
|
|
array(
|
|
'timeout' => 60 // secs
|
|
)
|
|
));
|
|
|
|
// Start a session if we haven't already
|
|
if(!isset($_SESSION)) {
|
|
ini_set('session.use_cookies','1'); // Use cookies not URL parameters
|
|
ini_set('session.use_only_cookies','1'); // Force use of cookies and nothing else
|
|
ini_set('session.name','ICEcoder_Cookie'); // Set a seperate cookie session name
|
|
ini_set('session.cookie_lifetime','0'); // Until the browser restarts by default
|
|
ini_set('session.cookie_domain',''); // This domain only
|
|
// ini_set('session.cookie_path',str_replace($_SERVER['DOCUMENT_ROOT'],'',dirname(dirname(__FILE__)))); // ICEcoder path only, fails ON IE
|
|
ini_set('session.use_trans_sid','0'); // Ensure this insecure feature is disabled
|
|
ini_set('session.hash_function','sha512'); // Use Sha512 for session
|
|
ini_set('session.hash_bits_per_character','6'); // Specify hash scheme of 0-9,a-v,A-Z,-,,
|
|
// ini_set('session.use_strict_mode','1'); // Reject any session ID that was user provided and not generated by the session (since PHP 5.5.2)
|
|
ini_set('session.httponly','1'); // Only allow http protocol (ie, not JS) access to the cookie (since PHP 5.2.0)
|
|
ini_set('session.save_path',dirname(__FILE__).'/../tmp'); // Localise the session files to /tmp
|
|
|
|
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
|
|
ini_set('session.cookie_secure','1'); // Only allows access to session ID when protocol is HTTPS, switched on under 'if https' condition
|
|
}
|
|
@session_start(); // Finally, start the session!
|
|
if (!isset($_SESSION['csrf'])){
|
|
session_regenerate_id(true); // Create a new ID to help prevent fixation
|
|
}
|
|
}
|
|
|
|
// Set the language file, if now possible
|
|
if (isset($_SESSION['text'])) {
|
|
$text = $_SESSION['text'];
|
|
$t = $text['settings-common'];
|
|
}
|
|
|
|
// Logout if that's the action we're taking
|
|
if (isset($_GET['logout'])) {
|
|
include(dirname(__FILE__)."/../processes/on-user-logout.php");
|
|
$_SESSION['loggedIn']=false;
|
|
$_SESSION['username']=false;
|
|
session_destroy();
|
|
header("Location: .");
|
|
die("Logging you out...");
|
|
}
|
|
|
|
// If magic quotes are still on (attempted to switch off in php.ini)
|
|
if (get_magic_quotes_gpc ()) {
|
|
function stripslashes_deep($value) {
|
|
$value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
|
|
return $value;
|
|
}
|
|
$_POST = (isset($_POST) && !empty($_POST)) ? array_map('stripslashes_deep', $_POST) : array();
|
|
$_GET = (isset($_GET) && !empty($_GET)) ? array_map('stripslashes_deep', $_GET) : array();
|
|
$_COOKIE = (isset($_COOKIE) && !empty($_COOKIE)) ? array_map('stripslashes_deep', $_COOKIE) : array();
|
|
$_REQUEST = (isset($_REQUEST) && !empty($_REQUEST)) ? array_map('stripslashes_deep', $_REQUEST) : array();
|
|
}
|
|
|
|
// Function to handle salted hashing
|
|
define('SALT_LENGTH',12);
|
|
function generateHash($plainText,$salt=null) {
|
|
if ($salt === null) {
|
|
$salt = substr(md5(uniqid(rand(), true)),0,SALT_LENGTH);
|
|
} else {
|
|
$salt = substr($salt,0,SALT_LENGTH);
|
|
}
|
|
return $salt.sha1($salt.$plainText);
|
|
}
|
|
|
|
// returns converted entities which have HTML entity equivalents
|
|
function strClean($var) {
|
|
return preg_replace("/javascript\:/i","javascript:",htmlentities($var, ENT_QUOTES, "UTF-8"));
|
|
}
|
|
|
|
// returns a number, whole or decimal or null
|
|
function numClean($var) {
|
|
return is_numeric($var) ? floatval($var) : false;
|
|
}
|
|
|
|
// Clean XSS attempts using different contexts
|
|
function xssClean($data,$type) {
|
|
|
|
// === html ===
|
|
if ($type == "html") {
|
|
$bad = array("<", ">");
|
|
$good = array("<", ">");
|
|
}
|
|
|
|
// === style ===
|
|
if ($type == "style") {
|
|
$bad = array("<", ">", "\"", "'", "``", "(", ")", "&", "\\\\");
|
|
$good = array("<", ">", """, "'", "`", "(", ")", "&", "\");
|
|
}
|
|
|
|
// === attribute ===
|
|
if ($type == "attribute") {
|
|
$bad = array("\"", "'", "``");
|
|
$good = array(""", "'", "`");
|
|
}
|
|
|
|
// === script ===
|
|
if ($type == "script") {
|
|
$bad = array("<", ">", "\"", "'", "\\\\", "%", "&");
|
|
$good = array("<", ">", """, "'", "\", "%", "&");
|
|
}
|
|
|
|
// === url ===
|
|
if ($type == "url") {
|
|
if(preg_match("#^(?:(?:https?|ftp):{1})\/\/[^\"\s\\\\]*.[^\"\s\\\\]*$#iu",(string)$data,$match)) {
|
|
return $match[0];
|
|
} else {
|
|
return 'javascript:void(0)';
|
|
}
|
|
}
|
|
|
|
$output = str_replace($bad, $good, $data);
|
|
return $output;
|
|
}
|
|
|
|
// returns a UTF8 based string with any UFT8 BOM removed
|
|
function toUTF8noBOM($string,$message) {
|
|
// Attempt to detect encoding
|
|
if (function_exists('mb_detect_encoding')) {
|
|
$strictUTF8 = mb_detect_encoding($string, 'UTF-8', true);
|
|
// Establish a BOM
|
|
$bom = pack("CCC", 0xef, 0xbb, 0xbf);
|
|
// If there's a BOM in the first few chars
|
|
if (0 === strncmp($string, $bom, 3)) {
|
|
// If there's a BOM followed by a Windows based (2 char) line ending
|
|
// chop BOM off and prefix returned string with a PHP_EOL
|
|
if (0 === strncmp($string, $bom."\r\n", 3)) {
|
|
$string = PHP_EOL.substr($string."YES", 3);
|
|
// Else, simply chop off the BOM
|
|
} else {
|
|
$string = substr($string."NO", 3);
|
|
}
|
|
}
|
|
// Remove any other BOMs from view
|
|
$string = preg_replace('/\x{EF}\x{BB}\x{BF}/','',$string);
|
|
|
|
// Test for any bad characters
|
|
$teststring = $string;
|
|
$teststringBroken = utf8_decode($teststring);
|
|
$teststringConverted = iconv("UTF-8", "UTF-8//IGNORE", $teststringBroken);
|
|
// If we have a matching length, UTF8 encode it
|
|
if (!$strictUTF8 && strlen($teststringConverted) == strlen($teststringBroken)) {
|
|
$string = utf8_encode($string);
|
|
if ($message) {
|
|
echo "top.ICEcoder.message('".$t['Your document does...'].".');";
|
|
}
|
|
}
|
|
}
|
|
return $string;
|
|
}
|
|
|
|
// Polyfill for array_replace_recursive, which is in PHP 5.3+
|
|
if (!function_exists('array_replace_recursive')) {
|
|
function array_replace_recursive($base, $replacements) {
|
|
foreach (array_slice(func_get_args(), 1) as $replacements) {
|
|
$bref_stack = array(&$base);
|
|
$head_stack = array($replacements);
|
|
|
|
do {
|
|
end($bref_stack);
|
|
|
|
$bref = &$bref_stack[key($bref_stack)];
|
|
$head = array_pop($head_stack);
|
|
|
|
unset($bref_stack[key($bref_stack)]);
|
|
|
|
foreach (array_keys($head) as $key) {
|
|
if (isset($key, $bref) && is_array($bref[$key]) && is_array($head[$key])) {
|
|
$bref_stack[] = &$bref[$key];
|
|
$head_stack[] = $head[$key];
|
|
} else {
|
|
$bref[$key] = $head[$key];
|
|
}
|
|
}
|
|
} while(count($head_stack));
|
|
}
|
|
|
|
return $base;
|
|
}
|
|
}
|
|
|
|
// Get number of versions total for a file
|
|
function getVersionsCount($fileLoc,$fileName) {
|
|
global $context;
|
|
$count = 0;
|
|
$dateCounts = array();
|
|
$backupDateDirs = array();
|
|
// Establish the base, host and date dirs within...
|
|
$backupDirBase = str_replace("\\","/",dirname(__FILE__))."/../backups/";
|
|
$backupDirHost = isset($ftpSite) ? parse_url($ftpSite,PHP_URL_HOST) : "localhost";
|
|
// check if folder exists if local before enumerating contents
|
|
if(!isset($ftpSite)) {
|
|
if(is_dir($backupDirBase.$backupDirHost)) {
|
|
$backupDateDirs = scandir($backupDirBase.$backupDirHost,1);
|
|
}
|
|
} else {
|
|
$backupDateDirs = scandir($backupDirBase.$backupDirHost,1);
|
|
}
|
|
// Get rid of . and .. from date dirs array
|
|
for ($i=0; $i<count($backupDateDirs); $i++) {
|
|
if ($backupDateDirs[$i] == "." || $backupDateDirs[$i] == "..") {
|
|
array_splice($backupDateDirs,$i,1);
|
|
$i--;
|
|
}
|
|
}
|
|
// Check the backup index in each dir and add up the counts from matching lines
|
|
for ($i=0; $i<count($backupDateDirs); $i++) {
|
|
$backupIndex = $backupDirBase.$backupDirHost."/".$backupDateDirs[$i]."/.versions-index";
|
|
// Have a .versions-index file? Get contents
|
|
if (file_exists($backupIndex) && is_readable($backupIndex)) {
|
|
$versionsInfo = file_get_contents($backupIndex,false,$context);
|
|
$versionsInfo = explode("\n",$versionsInfo);
|
|
// For each line, check if it's our file and if so, add the count to our $count value and $dateCount array
|
|
for ($j=0; $j<count($versionsInfo); $j++) {
|
|
$fileRef = $fileLoc."/".$fileName." = ";
|
|
if (strpos($versionsInfo[$j],$fileRef) === 0) {
|
|
// We have a match, so split on the " = " and we can grab number as 2nd part
|
|
$lineInfo = explode(" = ",$versionsInfo[$j]);
|
|
$count += intval($lineInfo[1]);
|
|
$dateCounts[$backupDateDirs[$i]] = intval($lineInfo[1]);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return array(
|
|
"count" => $count,
|
|
"dateCounts" => $dateCounts
|
|
);
|
|
}
|
|
?>
|