WebSVN – oidplus – Blame – /trunk/includes/classes/OIDplus.class.php

Rev	Author	Line No.	Line
2	daniel-mar	1	<?php
		2
		3	/*
		4	* OIDplus 2.0
778	daniel-mar	5	* Copyright 2019 - 2022 Daniel Marschall, ViaThinkSoft
2	daniel-mar	6	*
		7	* Licensed under the Apache License, Version 2.0 (the "License");
		8	* you may not use this file except in compliance with the License.
		9	* You may obtain a copy of the License at
		10	*
		11	* http://www.apache.org/licenses/LICENSE-2.0
		12	*
		13	* Unless required by applicable law or agreed to in writing, software
		14	* distributed under the License is distributed on an "AS IS" BASIS,
		15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		16	* See the License for the specific language governing permissions and
		17	* limitations under the License.
		18	*/
		19
511	daniel-mar	20	if (!defined('INSIDE_OIDPLUS')) die();
		21
730	daniel-mar	22	class OIDplus extends OIDplusBaseClass {
281	daniel-mar	23	private static /OIDplusPagePlugin[]/ $pagePlugins = array();
		24	private static /OIDplusAuthPlugin[]/ $authPlugins = array();
289	daniel-mar	25	private static /OIDplusLoggerPlugin[]/ $loggerPlugins = array();
227	daniel-mar	26	private static /OIDplusObjectTypePlugin[]/ $objectTypePlugins = array();
		27	private static /string[]/ $enabledObjectTypes = array();
		28	private static /string[]/ $disabledObjectTypes = array();
		29	private static /OIDplusDatabasePlugin[]/ $dbPlugins = array();
702	daniel-mar	30	private static /OIDplusCaptchaPlugin[]/ $captchaPlugins = array();
274	daniel-mar	31	private static /OIDplusSqlSlangPlugin[]/ $sqlSlangPlugins = array();
355	daniel-mar	32	private static /OIDplusLanguagePlugin[]/ $languagePlugins = array();
449	daniel-mar	33	private static /OIDplusDesignPlugin[]/ $designPlugins = array();
2	daniel-mar	34
280	daniel-mar	35	protected static $html = true;
236	daniel-mar	36
812	daniel-mar	37	/public/ const PATH_RELATIVE = 1; // e.g. "../"
		38	/public/ const PATH_ABSOLUTE = 2; // e.g. "http://www.example.com/oidplus/"
		39	/public/ const PATH_ABSOLUTE_CANONICAL = 3; // e.g. "http://www.example.org/oidplus/" (if baseconfig CANONICAL_SYSTEM_URL is set)
		40	/public/ const PATH_RELATIVE_TO_ROOT = 4; // e.g. "/oidplus/"
		41	/public/ const PATH_RELATIVE_TO_ROOT_CANONICAL = 5; // e.g. "/oidplus/" (if baseconfig CANONICAL_SYSTEM_URL is set)
801	daniel-mar	42
778	daniel-mar	43	// These plugin types can contain HTML code and therefore may
		44	// emit (non-setup) CSS/JS code via their manifest.
		45	/public/ const INTERACTIVE_PLUGIN_TYPES = array(
		46	'publicPages',
		47	'raPages',
		48	'adminPages',
		49	'objectTypes',
		50	'captcha'
		51	);
		52
2	daniel-mar	53	private function __construct() {
		54	}
295	daniel-mar	55
263	daniel-mar	56	# --- Static classes
274	daniel-mar	57
263	daniel-mar	58	private static $baseConfig = null;
		59	private static $old_config_format = false;
261	daniel-mar	60	public static function baseConfig() {
263	daniel-mar	61	$first_init = false;
274	daniel-mar	62
263	daniel-mar	63	if ($first_init = is_null(self::$baseConfig)) {
		64	self::$baseConfig = new OIDplusBaseConfig();
261	daniel-mar	65	}
		66
263	daniel-mar	67	if ($first_init) {
261	daniel-mar	68	// Include a file containing various size/depth limitations of OIDs
294	daniel-mar	69	// It is important to include it before userdata/baseconfig/config.inc.php was included,
		70	// so we can give userdata/baseconfig/config.inc.php the chance to override the values.
261	daniel-mar	71
496	daniel-mar	72	include OIDplus::localpath().'includes/oidplus_limits.inc.php';
261	daniel-mar	73
		74	// Include config file
295	daniel-mar	75
496	daniel-mar	76	$config_file = OIDplus::localpath() . 'userdata/baseconfig/config.inc.php';
		77	$config_file_old = OIDplus::localpath() . 'includes/config.inc.php'; // backwards compatibility
295	daniel-mar	78
294	daniel-mar	79	if (!file_exists($config_file) && file_exists($config_file_old)) {
		80	$config_file = $config_file_old;
		81	}
261	daniel-mar	82
294	daniel-mar	83	if (file_exists($config_file)) {
263	daniel-mar	84	if (self::$old_config_format) {
		85	// Note: We may only include it once due to backwards compatibility,
		86	// since in version 2.0, the configuration was defined using define() statements
		87	// Attention: This does mean that a full re-init (e.g. for test cases) is not possible
		88	// if a version 2.0 config is used!
294	daniel-mar	89	include_once $config_file;
263	daniel-mar	90	} else {
294	daniel-mar	91	include $config_file;
263	daniel-mar	92	}
261	daniel-mar	93
		94	if (defined('OIDPLUS_CONFIG_VERSION') && (OIDPLUS_CONFIG_VERSION == 2.0)) {
263	daniel-mar	95	self::$old_config_format = true;
274	daniel-mar	96
261	daniel-mar	97	// Backwards compatibility 2.0 => 2.1
		98	foreach (get_defined_constants(true)['user'] as $name => $value) {
		99	$name = str_replace('OIDPLUS_', '', $name);
		100	if ($name == 'SESSION_SECRET') $name = 'SERVER_SECRET';
		101	if ($name == 'MYSQL_QUERYLOG') $name = 'QUERY_LOGFILE';
		102	if (($name == 'MYSQL_PASSWORD') \|\| ($name == 'ODBC_PASSWORD') \|\| ($name == 'PDO_PASSWORD') \|\| ($name == 'PGSQL_PASSWORD')) {
263	daniel-mar	103	self::$baseConfig->setValue($name, base64_decode($value));
261	daniel-mar	104	} else {
		105	if ($name == 'CONFIG_VERSION') $value = 2.1;
263	daniel-mar	106	self::$baseConfig->setValue($name, $value);
261	daniel-mar	107	}
		108	}
		109	}
		110	} else {
496	daniel-mar	111	if (!is_dir(OIDplus::localpath().'setup')) {
360	daniel-mar	112	throw new OIDplusConfigInitializationException(_L('File %1 is missing, but setup can\'t be started because its directory missing.','userdata/baseconfig/config.inc.php'));
261	daniel-mar	113	} else {
280	daniel-mar	114	if (self::$html) {
811	daniel-mar	115	if (strpos($_SERVER['REQUEST_URI'], OIDplus::webpath(null,OIDplus::PATH_RELATIVE_TO_ROOT).'setup/') !== 0) {
801	daniel-mar	116	header('Location:'.OIDplus::webpath(null,OIDplus::PATH_RELATIVE).'setup/');
360	daniel-mar	117	die(_L('Redirecting to setup...'));
349	daniel-mar	118	} else {
		119	return self::$baseConfig;
		120	}
261	daniel-mar	121	} else {
		122	// This can be displayed in e.g. ajax.php
360	daniel-mar	123	throw new OIDplusConfigInitializationException(_L('File %1 is missing. Please run setup again.','userdata/baseconfig/config.inc.php'));
261	daniel-mar	124	}
		125	}
		126	}
		127
		128	// Check important config settings
		129
263	daniel-mar	130	if (self::$baseConfig->getValue('CONFIG_VERSION') != 2.1) {
801	daniel-mar	131	if (strpos($_SERVER['REQUEST_URI'], OIDplus::webpath(null,OIDplus::PATH_RELATIVE).'setup/') !== 0) {
503	daniel-mar	132	throw new OIDplusConfigInitializationException(_L("The information located in %1 is outdated.",realpath($config_file)));
		133	}
261	daniel-mar	134	}
		135
263	daniel-mar	136	if (self::$baseConfig->getValue('SERVER_SECRET', '') === '') {
801	daniel-mar	137	if (strpos($_SERVER['REQUEST_URI'], OIDplus::webpath(null,OIDplus::PATH_RELATIVE).'setup/') !== 0) {
503	daniel-mar	138	throw new OIDplusConfigInitializationException(_L("You must set a value for SERVER_SECRET in %1 for the system to operate secure.",realpath($config_file)));
		139	}
261	daniel-mar	140	}
		141	}
		142
263	daniel-mar	143	return self::$baseConfig;
261	daniel-mar	144	}
		145
263	daniel-mar	146	private static $config = null;
2	daniel-mar	147	public static function config() {
263	daniel-mar	148	if ($first_init = is_null(self::$config)) {
		149	self::$config = new OIDplusConfig();
2	daniel-mar	150	}
263	daniel-mar	151
		152	if ($first_init) {
		153	// These are important settings for base functionalities and therefore are not inside plugins
		154	self::$config->prepareConfigKey('system_title', 'What is the name of your RA?', 'OIDplus 2.0', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
		155	if (empty($value)) {
360	daniel-mar	156	throw new OIDplusException(_L('Please enter a value for the system title.'));
263	daniel-mar	157	}
		158	});
		159	self::$config->prepareConfigKey('admin_email', 'E-Mail address of the system administrator', '', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
		160	if (!empty($value) && !OIDplus::mailUtils()->validMailAddress($value)) {
360	daniel-mar	161	throw new OIDplusException(_L('This is not a correct email address'));
263	daniel-mar	162	}
		163	});
875	daniel-mar	164	self::$config->prepareConfigKey('global_cc', 'Global CC for all outgoing emails?', '', OIDplusConfig::PROTECTION_EDITABLE, function(&$value) {
		165	$value = trim($value);
		166	if ($value === '') return;
		167	$addrs = explode(';', $value);
		168	foreach ($addrs as $addr) {
		169	$addr = trim($addr);
		170	if (!empty($addr) && !OIDplus::mailUtils()->validMailAddress($addr)) {
		171	throw new OIDplusException(_L('%1 is not a correct email address',$addr));
		172	}
263	daniel-mar	173	}
		174	});
875	daniel-mar	175	self::$config->prepareConfigKey('global_bcc', 'Global BCC for all outgoing emails?', '', OIDplusConfig::PROTECTION_EDITABLE, function(&$value) {
		176	$value = trim($value);
		177	if ($value === '') return;
		178	$addrs = explode(';', $value);
		179	foreach ($addrs as $addr) {
		180	$addr = trim($addr);
		181	if (!empty($addr) && !OIDplus::mailUtils()->validMailAddress($addr)) {
		182	throw new OIDplusException(_L('%1 is not a correct email address',$addr));
		183	}
		184	}
		185	});
263	daniel-mar	186	self::$config->prepareConfigKey('objecttypes_initialized', 'List of object type plugins that were initialized once', '', OIDplusConfig::PROTECTION_READONLY, function($value) {
		187	// Nothing here yet
		188	});
		189	self::$config->prepareConfigKey('objecttypes_enabled', 'Enabled object types and their order, separated with a semicolon (please reload the page so that the change is applied)', '', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
		190	# TODO: when objecttypes_enabled is changed at the admin control panel, we need to do a reload of the page, so that jsTree will be updated. Is there anything we can do?
		191
		192	$ary = explode(';',$value);
		193	$uniq_ary = array_unique($ary);
		194
		195	if (count($ary) != count($uniq_ary)) {
360	daniel-mar	196	throw new OIDplusException(_L('Please check your input. Some object types are double.'));
263	daniel-mar	197	}
		198
		199	foreach ($ary as $ot_check) {
		200	$ns_found = false;
		201	foreach (OIDplus::getEnabledObjectTypes() as $ot) {
		202	if ($ot::ns() == $ot_check) {
		203	$ns_found = true;
		204	break;
		205	}
		206	}
		207	foreach (OIDplus::getDisabledObjectTypes() as $ot) {
		208	if ($ot::ns() == $ot_check) {
		209	$ns_found = true;
		210	break;
		211	}
		212	}
		213	if (!$ns_found) {
360	daniel-mar	214	throw new OIDplusException(_L('Please check your input. Namespace "%1" is not found',$ot_check));
263	daniel-mar	215	}
		216	}
		217	});
		218	self::$config->prepareConfigKey('oidplus_private_key', 'Private key for this system', '', OIDplusConfig::PROTECTION_HIDDEN, function($value) {
		219	// Nothing here yet
		220	});
		221	self::$config->prepareConfigKey('oidplus_public_key', 'Public key for this system. If you "clone" your system, you must delete this key (e.g. using phpMyAdmin), so that a new one is created.', '', OIDplusConfig::PROTECTION_READONLY, function($value) {
		222	// Nothing here yet
		223	});
324	daniel-mar	224	self::$config->prepareConfigKey('last_known_system_url', 'Last known System URL', '', OIDplusConfig::PROTECTION_HIDDEN, function($value) {
		225	// Nothing here yet
		226	});
412	daniel-mar	227	self::$config->prepareConfigKey('last_known_version', 'Last known OIDplus Version', '', OIDplusConfig::PROTECTION_HIDDEN, function($value) {
		228	// Nothing here yet
		229	});
635	daniel-mar	230	self::$config->prepareConfigKey('default_ra_auth_method', 'Default auth method used for generating password of RAs (must exist in plugins/[vendorname]/auth/)?', 'A3_bcrypt', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
453	daniel-mar	231	$good = true;
		232	if (strpos($value,'/') !== false) $good = false;
		233	if (strpos($value,'\\') !== false) $good = false;
		234	if (strpos($value,'..') !== false) $good = false;
		235	if (!$good) {
		236	throw new OIDplusException(_L('Invalid auth plugin folder name. Do only enter a folder name, not an absolute or relative path'));
		237	}
		238
926	daniel-mar	239	if (!wildcard_is_dir(OIDplus::localpath().'plugins/'.'*'.'/auth/'.$value)) {
635	daniel-mar	240	throw new OIDplusException(_L('The auth plugin "%1" does not exist in plugin directory %2',$value,'plugins/[vendorname]/auth/'));
453	daniel-mar	241	}
		242	});
263	daniel-mar	243	}
		244
		245	return self::$config;
2	daniel-mar	246	}
		247
263	daniel-mar	248	private static $gui = null;
2	daniel-mar	249	public static function gui() {
263	daniel-mar	250	if (is_null(self::$gui)) {
		251	self::$gui = new OIDplusGui();
86	daniel-mar	252	}
263	daniel-mar	253	return self::$gui;
2	daniel-mar	254	}
		255
263	daniel-mar	256	private static $authUtils = null;
2	daniel-mar	257	public static function authUtils() {
263	daniel-mar	258	if (is_null(self::$authUtils)) {
		259	self::$authUtils = new OIDplusAuthUtils();
86	daniel-mar	260	}
263	daniel-mar	261	return self::$authUtils;
2	daniel-mar	262	}
		263
263	daniel-mar	264	private static $mailUtils = null;
250	daniel-mar	265	public static function mailUtils() {
263	daniel-mar	266	if (is_null(self::$mailUtils)) {
		267	self::$mailUtils = new OIDplusMailUtils();
250	daniel-mar	268	}
263	daniel-mar	269	return self::$mailUtils;
250	daniel-mar	270	}
		271
557	daniel-mar	272	private static $cookieUtils = null;
		273	public static function cookieUtils() {
		274	if (is_null(self::$cookieUtils)) {
		275	self::$cookieUtils = new OIDplusCookieUtils();
		276	}
		277	return self::$cookieUtils;
		278	}
		279
263	daniel-mar	280	private static $menuUtils = null;
250	daniel-mar	281	public static function menuUtils() {
263	daniel-mar	282	if (is_null(self::$menuUtils)) {
		283	self::$menuUtils = new OIDplusMenuUtils();
250	daniel-mar	284	}
263	daniel-mar	285	return self::$menuUtils;
250	daniel-mar	286	}
		287
263	daniel-mar	288	private static $logger = null;
115	daniel-mar	289	public static function logger() {
263	daniel-mar	290	if (is_null(self::$logger)) {
		291	self::$logger = new OIDplusLogger();
115	daniel-mar	292	}
263	daniel-mar	293	return self::$logger;
115	daniel-mar	294	}
		295
274	daniel-mar	296	# --- SQL slang plugin
		297
		298	private static function registerSqlSlangPlugin(OIDplusSqlSlangPlugin $plugin) {
		299	$name = $plugin::id();
591	daniel-mar	300	if ($name === '') return false;
274	daniel-mar	301
449	daniel-mar	302	if (isset(self::$sqlSlangPlugins[$name])) {
451	daniel-mar	303	$plugintype_hf = _L('SQL slang');
592	daniel-mar	304	throw new OIDplusException(_L('Multiple %1 plugins use the ID %2', $plugintype_hf, $name));
449	daniel-mar	305	}
		306
274	daniel-mar	307	self::$sqlSlangPlugins[$name] = $plugin;
		308
		309	return true;
		310	}
		311
		312	public static function getSqlSlangPlugins() {
		313	return self::$sqlSlangPlugins;
		314	}
		315
318	daniel-mar	316	public static function getSqlSlangPlugin($id)/: ?OIDplusSqlSlangPlugin/ {
		317	if (isset(self::$sqlSlangPlugins[$id])) {
		318	return self::$sqlSlangPlugins[$id];
		319	} else {
		320	return null;
		321	}
		322	}
		323
230	daniel-mar	324	# --- Database plugin
74	daniel-mar	325
227	daniel-mar	326	private static function registerDatabasePlugin(OIDplusDatabasePlugin $plugin) {
275	daniel-mar	327	$name = $plugin::id();
591	daniel-mar	328	if ($name === '') return false;
150	daniel-mar	329
449	daniel-mar	330	if (isset(self::$dbPlugins[$name])) {
		331	$plugintype_hf = _L('Database');
592	daniel-mar	332	throw new OIDplusException(_L('Multiple %1 plugins use the ID %2', $plugintype_hf, $name));
449	daniel-mar	333	}
		334
150	daniel-mar	335	self::$dbPlugins[$name] = $plugin;
		336
		337	return true;
		338	}
		339
		340	public static function getDatabasePlugins() {
		341	return self::$dbPlugins;
		342	}
		343
295	daniel-mar	344	public static function getActiveDatabasePlugin() {
702	daniel-mar	345	$db_plugin_name = OIDplus::baseConfig()->getValue('DATABASE_PLUGIN','');
		346	if ($db_plugin_name === '') {
360	daniel-mar	347	throw new OIDplusConfigInitializationException(_L('No database plugin selected in config file'));
260	daniel-mar	348	}
1016	daniel-mar	349	foreach (self::$dbPlugins as $name => $plugin) {
		350	if (strtolower($name) == strtolower($db_plugin_name)) {
		351	return $plugin;
		352	}
227	daniel-mar	353	}
1016	daniel-mar	354	throw new OIDplusConfigInitializationException(_L('Database plugin "%1" not found',$db_plugin_name));
227	daniel-mar	355	}
		356
295	daniel-mar	357	private static $dbMainSession = null;
		358	public static function db() {
		359	if (is_null(self::$dbMainSession)) {
		360	self::$dbMainSession = self::getActiveDatabasePlugin()->newConnection();
		361	}
		362	if (!self::$dbMainSession->isConnected()) self::$dbMainSession->connect();
		363	return self::$dbMainSession;
		364	}
		365
		366	private static $dbIsolatedSession = null;
		367	public static function dbIsolated() {
		368	if (is_null(self::$dbIsolatedSession)) {
		369	self::$dbIsolatedSession = self::getActiveDatabasePlugin()->newConnection();
		370	}
		371	if (!self::$dbIsolatedSession->isConnected()) self::$dbIsolatedSession->connect();
		372	return self::$dbIsolatedSession;
		373	}
		374
702	daniel-mar	375	# --- CAPTCHA plugin
		376
		377	private static function registerCaptchaPlugin(OIDplusCaptchaPlugin $plugin) {
		378	$name = $plugin::id();
		379	if ($name === '') return false;
		380
		381	if (isset(self::$captchaPlugins[$name])) {
		382	$plugintype_hf = _L('CAPTCHA');
		383	throw new OIDplusException(_L('Multiple %1 plugins use the ID %2', $plugintype_hf, $name));
		384	}
		385
		386	self::$captchaPlugins[$name] = $plugin;
		387
		388	return true;
		389	}
		390
		391	public static function getCaptchaPlugins() {
		392	return self::$captchaPlugins;
		393	}
		394
704	daniel-mar	395	public static function getActiveCaptchaPluginId() {
702	daniel-mar	396	$captcha_plugin_name = OIDplus::baseConfig()->getValue('CAPTCHA_PLUGIN', '');
		397
		398	if (OIDplus::baseConfig()->getValue('RECAPTCHA_ENABLED', false) && ($captcha_plugin_name === '')) {
		399	// Legacy config file support!
1016	daniel-mar	400	$captcha_plugin_name = 'reCAPTCHA';
702	daniel-mar	401	}
		402
704	daniel-mar	403	if ($captcha_plugin_name === '') $captcha_plugin_name = 'None'; // the "None" plugin is a must-have!
702	daniel-mar	404
704	daniel-mar	405	return $captcha_plugin_name;
		406	}
		407
		408	public static function getActiveCaptchaPlugin() {
		409	$captcha_plugin_name = OIDplus::getActiveCaptchaPluginId();
1016	daniel-mar	410	foreach (self::$captchaPlugins as $name => $plugin) {
		411	if (strtolower($name) == strtolower($captcha_plugin_name)) {
		412	return $plugin;
		413	}
702	daniel-mar	414	}
1016	daniel-mar	415	throw new OIDplusConfigInitializationException(_L('CAPTCHA plugin "%1" not found',$captcha_plugin_name));
702	daniel-mar	416	}
		417
227	daniel-mar	418	# --- Page plugin
		419
224	daniel-mar	420	private static function registerPagePlugin(OIDplusPagePlugin $plugin) {
281	daniel-mar	421	self::$pagePlugins[] = $plugin;
61	daniel-mar	422
		423	return true;
		424	}
		425
281	daniel-mar	426	public static function getPagePlugins() {
		427	return self::$pagePlugins;
61	daniel-mar	428	}
		429
227	daniel-mar	430	# --- Auth plugin
		431
		432	private static function registerAuthPlugin(OIDplusAuthPlugin $plugin) {
456	daniel-mar	433	if (OIDplus::baseConfig()->getValue('DEBUG')) {
		434	$password = generateRandomString(25);
459	daniel-mar	435
461	daniel-mar	436	try {
		437	$authInfo = $plugin->generate($password);
		438	} catch (OIDplusException $e) {
		439	// This can happen when the AuthKey or Salt is too long
		440	throw new OIDplusException(_L('Auth plugin "%1" is erroneous: %2',basename($plugin->getPluginDirectory()),$e->getMessage()));
		441	}
459	daniel-mar	442	$salt = $authInfo->getSalt();
461	daniel-mar	443	$authKey = $authInfo->getAuthKey();
459	daniel-mar	444
461	daniel-mar	445	$authInfo_SaltDiff = clone $authInfo;
		446	$authInfo_SaltDiff->setSalt(strrev($authInfo_SaltDiff->getSalt()));
		447
		448	$authInfo_AuthKeyDiff = clone $authInfo;
		449	$authInfo_AuthKeyDiff->setAuthKey(strrev($authInfo_AuthKeyDiff->getAuthKey()));
		450
		451	if ((!$plugin->verify($authInfo,$password)) \|\|
		452	(!empty($salt) && $plugin->verify($authInfo_SaltDiff,$password)) \|\|
		453	($plugin->verify($authInfo_AuthKeyDiff,$password)) \|\|
		454	($plugin->verify($authInfo,$password.'x'))) {
456	daniel-mar	455	throw new OIDplusException(_L('Auth plugin "%1" is erroneous: Generate/Verify self test failed',basename($plugin->getPluginDirectory())));
		456	}
453	daniel-mar	457	}
		458
227	daniel-mar	459	self::$authPlugins[] = $plugin;
		460	return true;
		461	}
		462
221	daniel-mar	463	public static function getAuthPlugins() {
		464	return self::$authPlugins;
		465	}
		466
355	daniel-mar	467	# --- Language plugin
		468
		469	private static function registerLanguagePlugin(OIDplusLanguagePlugin $plugin) {
		470	self::$languagePlugins[] = $plugin;
		471	return true;
		472	}
		473
		474	public static function getLanguagePlugins() {
		475	return self::$languagePlugins;
		476	}
		477
449	daniel-mar	478	# --- Design plugin
		479
		480	private static function registerDesignPlugin(OIDplusDesignPlugin $plugin) {
		481	self::$designPlugins[] = $plugin;
		482	return true;
		483	}
		484
		485	public static function getDesignPlugins() {
		486	return self::$designPlugins;
		487	}
		488
819	daniel-mar	489	public static function getActiveDesignPlugin() {
		490	$plugins = OIDplus::getDesignPlugins();
		491	foreach ($plugins as $plugin) {
		492	if ((basename($plugin->getPluginDirectory())) == OIDplus::config()->getValue('design','default')) {
		493	return $plugin;
		494	}
		495	}
		496	return null;
		497	}
		498
289	daniel-mar	499	# --- Logger plugin
		500
		501	private static function registerLoggerPlugin(OIDplusLoggerPlugin $plugin) {
		502	self::$loggerPlugins[] = $plugin;
		503	return true;
		504	}
		505
		506	public static function getLoggerPlugins() {
		507	return self::$loggerPlugins;
		508	}
		509
227	daniel-mar	510	# --- Object type plugin
		511
		512	private static function registerObjectTypePlugin(OIDplusObjectTypePlugin $plugin) {
		513	self::$objectTypePlugins[] = $plugin;
		514
		515	$ot = $plugin::getObjectTypeClassName();
		516	self::registerObjectType($ot);
		517
		518	return true;
		519	}
		520
224	daniel-mar	521	private static function registerObjectType($ot) {
66	daniel-mar	522	$ns = $ot::ns();
860	daniel-mar	523	if (empty($ns)) throw new OIDplusException(_L('ObjectType plugin %1 is erroneous: Namespace must not be empty',$ot));
66	daniel-mar	524
860	daniel-mar	525	// Currently, we must enforce that namespaces in objectType plugins are lowercase, because prefilterQuery() makes all namespaces lowercase and the DBMS should be case-sensitive
		526	if ($ns != strtolower($ns)) throw new OIDplusException(_L('ObjectType plugin %1 is erroneous: Namespace %2 must be lower-case',$ot,$ns));
66	daniel-mar	527
860	daniel-mar	528	$root = $ot::root();
		529	if (!str_starts_with($root,$ns.':')) throw new OIDplusException(_L('ObjectType plugin %1 is erroneous: Root node (%2) is in wrong namespace (needs starts with %3)!',$ot,$root,$ns.':'));
		530
66	daniel-mar	531	$ns_found = false;
227	daniel-mar	532	foreach (array_merge(OIDplus::getEnabledObjectTypes(), OIDplus::getDisabledObjectTypes()) as $test_ot) {
66	daniel-mar	533	if ($test_ot::ns() == $ns) {
		534	$ns_found = true;
		535	break;
		536	}
		537	}
		538	if ($ns_found) {
360	daniel-mar	539	throw new OIDplusException(_L('Attention: Two objectType plugins use the same namespace "%1"!',$ns));
66	daniel-mar	540	}
		541
		542	$init = OIDplus::config()->getValue("objecttypes_initialized");
		543	$init_ary = empty($init) ? array() : explode(';', $init);
70	daniel-mar	544	$init_ary = array_map('trim', $init_ary);
66	daniel-mar	545
		546	$enabled = OIDplus::config()->getValue("objecttypes_enabled");
		547	$enabled_ary = empty($enabled) ? array() : explode(';', $enabled);
70	daniel-mar	548	$enabled_ary = array_map('trim', $enabled_ary);
66	daniel-mar	549
79	daniel-mar	550	$do_enable = false;
		551	if (in_array($ns, $enabled_ary)) {
447	daniel-mar	552	// If it is in the list of enabled object types, it is enabled (obviously)
79	daniel-mar	553	$do_enable = true;
		554	} else {
447	daniel-mar	555	if (!OIDplus::config()->getValue('oobe_objects_done')) {
		556	// If the OOBE wizard is NOT done, then just enable the "oid" object type by default
79	daniel-mar	557	$do_enable = $ns == 'oid';
		558	} else {
447	daniel-mar	559	// If the OOBE wizard was done (once), then
		560	// we will enable all object types which were never initialized
		561	// (i.e. a plugin folder was freshly added)
79	daniel-mar	562	$do_enable = !in_array($ns, $init_ary);
		563	}
		564	}
		565
		566	if ($do_enable) {
227	daniel-mar	567	self::$enabledObjectTypes[] = $ot;
		568	usort(self::$enabledObjectTypes, function($a, $b) {
66	daniel-mar	569	$enabled = OIDplus::config()->getValue("objecttypes_enabled");
		570	$enabled_ary = explode(';', $enabled);
		571
		572	$idx_a = array_search($a::ns(), $enabled_ary);
		573	$idx_b = array_search($b::ns(), $enabled_ary);
		574
		575	if ($idx_a == $idx_b) {
		576	return 0;
		577	}
		578	return ($idx_a > $idx_b) ? +1 : -1;
		579	});
74	daniel-mar	580	} else {
		581	self::$disabledObjectTypes[] = $ot;
66	daniel-mar	582	}
		583
		584	if (!in_array($ns, $init_ary)) {
		585	// Was never initialized before, so we add it to the list of enabled object types once
		586
79	daniel-mar	587	if ($do_enable) {
		588	$enabled_ary[] = $ns;
672	daniel-mar	589	// Important: Don't validate the input, because the other object types might not be initialized yet! So use setValueNoCallback() instead setValue().
		590	OIDplus::config()->setValueNoCallback("objecttypes_enabled", implode(';', $enabled_ary));
79	daniel-mar	591	}
66	daniel-mar	592
		593	$init_ary[] = $ns;
		594	OIDplus::config()->setValue("objecttypes_initialized", implode(';', $init_ary));
		595	}
61	daniel-mar	596	}
		597
227	daniel-mar	598	public static function getObjectTypePlugins() {
		599	return self::$objectTypePlugins;
61	daniel-mar	600	}
		601
227	daniel-mar	602	public static function getObjectTypePluginsEnabled() {
		603	$res = array();
		604	foreach (self::$objectTypePlugins as $plugin) {
		605	$ot = $plugin::getObjectTypeClassName();
		606	if (in_array($ot, self::$enabledObjectTypes)) $res[] = $plugin;
		607	}
		608	return $res;
74	daniel-mar	609	}
		610
227	daniel-mar	611	public static function getObjectTypePluginsDisabled() {
		612	$res = array();
		613	foreach (self::$objectTypePlugins as $plugin) {
		614	$ot = $plugin::getObjectTypeClassName();
		615	if (in_array($ot, self::$disabledObjectTypes)) $res[] = $plugin;
74	daniel-mar	616	}
227	daniel-mar	617	return $res;
74	daniel-mar	618	}
		619
227	daniel-mar	620	public static function getEnabledObjectTypes() {
		621	return self::$enabledObjectTypes;
		622	}
74	daniel-mar	623
227	daniel-mar	624	public static function getDisabledObjectTypes() {
		625	return self::$disabledObjectTypes;
		626	}
74	daniel-mar	627
277	daniel-mar	628	# --- Plugin handling functions
		629
320	daniel-mar	630	public static function getAllPlugins()/: array/ {
		631	$res = array();
		632	$res = array_merge($res, self::$pagePlugins);
		633	$res = array_merge($res, self::$authPlugins);
		634	$res = array_merge($res, self::$loggerPlugins);
		635	$res = array_merge($res, self::$objectTypePlugins);
		636	$res = array_merge($res, self::$dbPlugins);
702	daniel-mar	637	$res = array_merge($res, self::$captchaPlugins);
320	daniel-mar	638	$res = array_merge($res, self::$sqlSlangPlugins);
355	daniel-mar	639	$res = array_merge($res, self::$languagePlugins);
449	daniel-mar	640	$res = array_merge($res, self::$designPlugins);
320	daniel-mar	641	return $res;
		642	}
		643
321	daniel-mar	644	public static function getPluginByOid($oid)/: ?OIDplusPlugin/ {
320	daniel-mar	645	$plugins = self::getAllPlugins();
321	daniel-mar	646	foreach ($plugins as $plugin) {
		647	if (oid_dotnotation_equal($plugin->getManifest()->getOid(), $oid)) {
		648	return $plugin;
320	daniel-mar	649	}
		650	}
		651	return null;
		652	}
		653
380	daniel-mar	654	public static function getPluginByClassName($classname)/: ?OIDplusPlugin/ {
		655	$plugins = self::getAllPlugins();
		656	foreach ($plugins as $plugin) {
		657	if (get_class($plugin) === $classname) {
		658	return $plugin;
		659	}
		660	}
		661	return null;
277	daniel-mar	662	}
		663
594	daniel-mar	664	/**
		665	* @return array<OIDplusPluginManifest>\|array<string,array<string,OIDplusPluginManifest>>
		666	*/
693	daniel-mar	667	public static function getAllPluginManifests($pluginFolderMasks='*', $flat=true): array {
277	daniel-mar	668	$out = array();
279	daniel-mar	669	// Note: glob() will sort by default, so we do not need a page priority attribute.
		670	// So you just need to use a numeric plugin directory prefix (padded).
693	daniel-mar	671	$ary = array();
		672	foreach (explode(',',$pluginFolderMasks) as $pluginFolderMask) {
		673	$ary = array_merge($ary,glob(OIDplus::localpath().'plugins/'.''.'/'.$pluginFolderMask.'/'.''.'/manifest.xml'));
		674	}
646	daniel-mar	675
		676	// Sort the plugins by their type and name, as if they would be in a single vendor-folder!
		677	uasort($ary, function($a,$b) {
		678	if ($a == $b) return 0;
		679
		680	$ary = explode('/',$a);
		681	$bry = explode('/',$b);
		682
		683	// First sort by type (publicPage, auth, database, language, ...)
		684	$a_type = $ary[count($ary)-1-2];
		685	$b_type = $bry[count($bry)-1-2];
		686	if ($a_type < $b_type) return -1;
		687	if ($a_type > $b_type) return 1;
		688
		689	// Then sort by name (090_login, 100_whois, etc.)
		690	$a_name = $ary[count($ary)-1-1];
		691	$b_name = $bry[count($bry)-1-1];
		692	if ($a_name < $b_name) return -1;
		693	if ($a_name > $b_name) return 1;
		694
		695	// If it is still equal, then finally sort by vendorname
		696	$a_vendor = $ary[count($ary)-1-3];
		697	$b_vendor = $bry[count($bry)-1-3];
		698	if ($a_vendor < $b_vendor) return -1;
		699	if ($a_vendor > $b_vendor) return 1;
		700	return 0;
		701	});
		702
277	daniel-mar	703	foreach ($ary as $ini) {
		704	if (!file_exists($ini)) continue;
		705
307	daniel-mar	706	$manifest = new OIDplusPluginManifest();
		707	$manifest->loadManifest($ini);
277	daniel-mar	708
473	daniel-mar	709	$class_name = $manifest->getPhpMainClass();
		710	if (OIDplus::baseConfig()->getValue('DISABLE_PLUGIN_'.$class_name, false)) {
		711	continue;
		712	}
		713
307	daniel-mar	714	if ($flat) {
		715	$out[] = $manifest;
		716	} else {
		717	$plugintype_folder = basename(dirname(dirname($ini)));
		718	$pluginname_folder = basename(dirname($ini));
		719
		720	if (!isset($out[$plugintype_folder])) $out[$plugintype_folder] = array();
		721	if (!isset($out[$plugintype_folder][$pluginname_folder])) $out[$plugintype_folder][$pluginname_folder] = array();
		722	$out[$plugintype_folder][$pluginname_folder] = $manifest;
		723	}
277	daniel-mar	724	}
		725	return $out;
		726	}
		727
594	daniel-mar	728	/**
		729	* @return array<string>
		730	*/
277	daniel-mar	731	public static function registerAllPlugins($pluginDirName, $expectedPluginClass, $registerCallback): array {
		732	$out = array();
525	daniel-mar	733	if (is_array($pluginDirName)) {
		734	$ary = array();
		735	foreach ($pluginDirName as $pluginDirName_) {
		736	$ary = array_merge($ary, self::getAllPluginManifests($pluginDirName_, false));
		737	}
		738	} else {
		739	$ary = self::getAllPluginManifests($pluginDirName, false);
		740	}
320	daniel-mar	741	$known_plugin_oids = array();
456	daniel-mar	742	if (OIDplus::baseConfig()->getValue('DEBUG')) {
		743	$fake_feature = uuid_to_oid(gen_uuid());
588	daniel-mar	744	} else {
		745	$fake_feature = null;
456	daniel-mar	746	}
277	daniel-mar	747	foreach ($ary as $plugintype_folder => $bry) {
438	daniel-mar	748	foreach ($bry as $pluginname_folder => $manifest) {
		749	$class_name = $manifest->getPhpMainClass();
		750
		751	// Before we load the plugin, we want to make some checks to confirm
		752	// that the plugin is working correctly.
		753
307	daniel-mar	754	if (!$class_name) {
438	daniel-mar	755	throw new OIDplusException(_L('Plugin "%1/%2" is erroneous',$plugintype_folder,$pluginname_folder).': '._L('Manifest does not declare a PHP main class'));
277	daniel-mar	756	}
297	daniel-mar	757	if (OIDplus::baseConfig()->getValue('DISABLE_PLUGIN_'.$class_name, false)) {
		758	continue;
		759	}
292	daniel-mar	760	if (!class_exists($class_name)) {
438	daniel-mar	761	throw new OIDplusException(_L('Plugin "%1/%2" is erroneous',$plugintype_folder,$pluginname_folder).': '._L('Manifest declares PHP main class as "%1", but it could not be found',$class_name));
292	daniel-mar	762	}
279	daniel-mar	763	if (!is_subclass_of($class_name, $expectedPluginClass)) {
438	daniel-mar	764	throw new OIDplusException(_L('Plugin "%1/%2" is erroneous',$plugintype_folder,$pluginname_folder).': '._L('Plugin main class "%1" is expected to be a subclass of "%2"',$class_name,$expectedPluginClass));
279	daniel-mar	765	}
438	daniel-mar	766	if (($class_name!=$manifest->getTypeClass()) && (!is_subclass_of($class_name,$manifest->getTypeClass()))) {
		767	throw new OIDplusException(_L('Plugin "%1/%2" is erroneous',$plugintype_folder,$pluginname_folder).': '._L('Plugin main class "%1" is expected to be a subclass of "%2", according to type declared in manifest',$class_name,$manifest->getTypeClass()));
308	daniel-mar	768	}
438	daniel-mar	769	if (($manifest->getTypeClass()!=$expectedPluginClass) && (!is_subclass_of($manifest->getTypeClass(),$expectedPluginClass))) {
		770	throw new OIDplusException(_L('Plugin "%1/%2" is erroneous',$plugintype_folder,$pluginname_folder).': '._L('Class declared in manifest is "%1" does not fit expected class for this plugin type "%2"',$manifest->getTypeClass(),$expectedPluginClass));
308	daniel-mar	771	}
		772
438	daniel-mar	773	$plugin_oid = $manifest->getOid();
320	daniel-mar	774	if (!$plugin_oid) {
438	daniel-mar	775	throw new OIDplusException(_L('Plugin "%1/%2" is erroneous',$plugintype_folder,$pluginname_folder).': '._L('Does not have an OID'));
320	daniel-mar	776	}
		777	if (!oid_valid_dotnotation($plugin_oid, false, false, 2)) {
438	daniel-mar	778	throw new OIDplusException(_L('Plugin "%1/%2" is erroneous',$plugintype_folder,$pluginname_folder).': '._L('Plugin OID "%1" is invalid (needs to be valid dot-notation)',$plugin_oid));
320	daniel-mar	779	}
		780	if (isset($known_plugin_oids[$plugin_oid])) {
438	daniel-mar	781	throw new OIDplusException(_L('Plugin "%1/%2" is erroneous',$plugintype_folder,$pluginname_folder).': '._L('The OID "%1" is already used by the plugin "%2"',$plugin_oid,$known_plugin_oids[$plugin_oid]));
320	daniel-mar	782	}
646	daniel-mar	783
632	daniel-mar	784	$full_plugin_dir = dirname($manifest->getManifestFile());
		785	$full_plugin_dir = substr($full_plugin_dir, strlen(OIDplus::localpath()));
988	daniel-mar	786
		787	$dir_is_viathinksoft = str_starts_with($full_plugin_dir, 'plugins/viathinksoft/') \|\| str_starts_with($full_plugin_dir, 'plugins\\viathinksoft\\');
		788	$oid_is_viathinksoft = str_starts_with($plugin_oid, '1.3.6.1.4.1.37476.2.5.2.4.'); // { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 37476 products(2) oidplus(5) v2(2) plugins(4) }
		789	if ($dir_is_viathinksoft != $oid_is_viathinksoft) {
635	daniel-mar	790	throw new OIDplusException(_L('Plugin "%1/%2" is misplaced',$plugintype_folder,$pluginname_folder).': '._L('The plugin is in the wrong folder. The folder %1 can only be used by official ViaThinkSoft plugins','plugins/viathinksoft/'));
632	daniel-mar	791	}
320	daniel-mar	792
632	daniel-mar	793	$known_plugin_oids[$plugin_oid] = $plugintype_folder.'/'.$pluginname_folder;
		794
438	daniel-mar	795	$obj = new $class_name();
456	daniel-mar	796
		797	if (OIDplus::baseConfig()->getValue('DEBUG')) {
		798	if ($obj->implementsFeature($fake_feature)) {
		799	// see https://devblogs.microsoft.com/oldnewthing/20040211-00/?p=40663
		800	throw new OIDplusException(_L('Plugin "%1/%2" is erroneous',$plugintype_folder,$pluginname_folder).': '._L('implementsFeature() always returns true'));
		801	}
438	daniel-mar	802	}
		803
778	daniel-mar	804	// TODO: Maybe as additional plugin-test, we should also check if plugins are allowed to define CSS/JS, i.e. the plugin type is element of OIDplus::INTERACTIVE_PLUGIN_TYPES
988	daniel-mar	805	$tmp = $manifest->getManifestLinkedFiles();
438	daniel-mar	806	foreach ($tmp as $file) {
		807	if (!file_exists($file)) {
		808	throw new OIDplusException(_L('Plugin "%1/%2" is erroneous',$plugintype_folder,$pluginname_folder).': '._L('File %1 was defined in manifest, but it is not existing',$file));
		809	}
		810	}
		811
		812	// Now we can continue
		813
279	daniel-mar	814	$out[] = $class_name;
		815	if (!is_null($registerCallback)) {
438	daniel-mar	816	call_user_func($registerCallback, $obj);
444	daniel-mar	817
		818	// Alternative approaches:
		819	//$registerCallback[0]::{$registerCallback[1]}($obj);
		820	// or:
		821	//forward_static_call($registerCallback, $obj);
279	daniel-mar	822	}
277	daniel-mar	823	}
		824
		825	}
		826	return $out;
		827	}
		828
227	daniel-mar	829	# --- Initialization of OIDplus
206	daniel-mar	830
374	daniel-mar	831	public static function init($html=true, $keepBaseConfig=true) {
236	daniel-mar	832	self::$html = $html;
		833
263	daniel-mar	834	// Reset internal state, so we can re-init verything if required
274	daniel-mar	835
263	daniel-mar	836	if (self::$old_config_format) {
778	daniel-mar	837	// We need to do this, because define() cannot be undone
263	daniel-mar	838	// Note: This can only happen in very special cases (e.g. test cases) where you call init() twice
360	daniel-mar	839	throw new OIDplusConfigInitializationException(_L('A full re-initialization is not possible if a version 2.0 config file (containing "defines") is used. Please update to a config 2.1 file by running setup again.'));
263	daniel-mar	840	}
274	daniel-mar	841
263	daniel-mar	842	self::$config = null;
374	daniel-mar	843	if (!$keepBaseConfig) self::$baseConfig = null; // for test cases we need to be able to control base config and setting values manually, so $keepBaseConfig needs to be true
263	daniel-mar	844	self::$gui = null;
		845	self::$authUtils = null;
		846	self::$mailUtils = null;
		847	self::$menuUtils = null;
		848	self::$logger = null;
295	daniel-mar	849	self::$dbMainSession = null;
		850	self::$dbIsolatedSession = null;
263	daniel-mar	851	self::$pagePlugins = array();
		852	self::$authPlugins = array();
289	daniel-mar	853	self::$loggerPlugins = array();
263	daniel-mar	854	self::$objectTypePlugins = array();
		855	self::$enabledObjectTypes = array();
		856	self::$disabledObjectTypes = array();
		857	self::$dbPlugins = array();
702	daniel-mar	858	self::$captchaPlugins = array();
274	daniel-mar	859	self::$sqlSlangPlugins = array();
355	daniel-mar	860	self::$languagePlugins = array();
449	daniel-mar	861	self::$designPlugins = array();
263	daniel-mar	862	self::$system_id_cache = null;
		863	self::$sslAvailableCache = null;
468	daniel-mar	864	self::$translationArray = array();
74	daniel-mar	865
263	daniel-mar	866	// Continue...
		867
294	daniel-mar	868	OIDplus::baseConfig(); // this loads the base configuration located in userdata/baseconfig/config.inc.php (once!)
263	daniel-mar	869	// You can do changes to the configuration afterwards using OIDplus::baseConfig()->...
		870
150	daniel-mar	871	// Register database types (highest priority)
		872
274	daniel-mar	873	// SQL slangs
		874
294	daniel-mar	875	self::registerAllPlugins('sqlSlang', 'OIDplusSqlSlangPlugin', array('OIDplus','registerSqlSlangPlugin'));
274	daniel-mar	876	foreach (OIDplus::getSqlSlangPlugins() as $plugin) {
		877	$plugin->init($html);
		878	}
		879
		880	// Database providers
		881
277	daniel-mar	882	self::registerAllPlugins('database', 'OIDplusDatabasePlugin', array('OIDplus','registerDatabasePlugin'));
237	daniel-mar	883	foreach (OIDplus::getDatabasePlugins() as $plugin) {
		884	$plugin->init($html);
		885	}
		886
42	daniel-mar	887	// Do redirect stuff etc.
74	daniel-mar	888
230	daniel-mar	889	self::isSslAvailable(); // This function does automatic redirects
61	daniel-mar	890
263	daniel-mar	891	// Construct the configuration manager
66	daniel-mar	892
263	daniel-mar	893	OIDplus::config(); // During the construction, various system settings are prepared if required
66	daniel-mar	894
74	daniel-mar	895	// Initialize public / private keys
		896
227	daniel-mar	897	OIDplus::getPkiStatus(true);
74	daniel-mar	898
237	daniel-mar	899	// Register non-DB plugins
74	daniel-mar	900
525	daniel-mar	901	self::registerAllPlugins(array('publicPages', 'raPages', 'adminPages'), 'OIDplusPagePlugin', array('OIDplus','registerPagePlugin'));
277	daniel-mar	902	self::registerAllPlugins('auth', 'OIDplusAuthPlugin', array('OIDplus','registerAuthPlugin'));
289	daniel-mar	903	self::registerAllPlugins('logger', 'OIDplusLoggerPlugin', array('OIDplus','registerLoggerPlugin'));
825	daniel-mar	904	OIDplusLogger::reLogMissing(); // Some previous plugins might have tried to log. Repeat that now.
277	daniel-mar	905	self::registerAllPlugins('objectTypes', 'OIDplusObjectTypePlugin', array('OIDplus','registerObjectTypePlugin'));
355	daniel-mar	906	self::registerAllPlugins('language', 'OIDplusLanguagePlugin', array('OIDplus','registerLanguagePlugin'));
449	daniel-mar	907	self::registerAllPlugins('design', 'OIDplusDesignPlugin', array('OIDplus','registerDesignPlugin'));
778	daniel-mar	908	self::registerAllPlugins('captcha', 'OIDplusCaptchaPlugin', array('OIDplus','registerCaptchaPlugin'));
150	daniel-mar	909
237	daniel-mar	910	// Initialize non-DB plugins
224	daniel-mar	911
281	daniel-mar	912	foreach (OIDplus::getPagePlugins() as $plugin) {
74	daniel-mar	913	$plugin->init($html);
		914	}
230	daniel-mar	915	foreach (OIDplus::getAuthPlugins() as $plugin) {
		916	$plugin->init($html);
		917	}
289	daniel-mar	918	foreach (OIDplus::getLoggerPlugins() as $plugin) {
		919	$plugin->init($html);
		920	}
230	daniel-mar	921	foreach (OIDplus::getObjectTypePlugins() as $plugin) {
		922	$plugin->init($html);
		923	}
355	daniel-mar	924	foreach (OIDplus::getLanguagePlugins() as $plugin) {
		925	$plugin->init($html);
		926	}
449	daniel-mar	927	foreach (OIDplus::getDesignPlugins() as $plugin) {
		928	$plugin->init($html);
		929	}
778	daniel-mar	930	foreach (OIDplus::getCaptchaPlugins() as $plugin) {
		931	$plugin->init($html);
		932	}
412	daniel-mar	933
778	daniel-mar	934	if (PHP_SAPI != 'cli') {
		935
		936	// Prepare some security related response headers (default values)
		937
		938	$content_language =
		939	strtolower(substr(OIDplus::getCurrentLang(),0,2)) . '-' .
		940	strtoupper(substr(OIDplus::getCurrentLang(),2,2)); // e.g. 'en-US'
		941
		942	$http_headers = array(
		943	"X-Content-Type-Options" => "nosniff",
		944	"X-XSS-Protection" => "1; mode=block",
		945	"X-Frame-Options" => "SAMEORIGIN",
		946	"Referrer-Policy" => array(
		947	"no-referrer-when-downgrade"
		948	),
		949	"Cache-Control" => array(
		950	"no-cache",
		951	"no-store",
		952	"must-revalidate"
		953	),
		954	"Pragma" => "no-cache",
		955	"Content-Language" => $content_language,
		956	"Expires" => "0",
		957	"Content-Security-Policy" => array(
1001	daniel-mar	958	// see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
		959
		960	// --- Fetch directives ---
		961	"child-src" => array(
		962	"'self'",
		963	"blob:"
		964	),
		965	"connect-src" => array(
		966	"'self'",
		967	"blob:"
		968	),
778	daniel-mar	969	"default-src" => array(
		970	"'self'",
		971	"blob:",
		972	"https://cdnjs.cloudflare.com/"
		973	),
1001	daniel-mar	974	"font-src" => array(
778	daniel-mar	975	"'self'",
1001	daniel-mar	976	"blob:"
778	daniel-mar	977	),
1001	daniel-mar	978	"frame-src" => array(
		979	"'self'",
		980	"blob:"
		981	),
778	daniel-mar	982	"img-src" => array(
1001	daniel-mar	983	"blob:",
778	daniel-mar	984	"data:",
		985	"http:",
		986	"https:"
		987	),
1001	daniel-mar	988	"manifest-src" => array(
		989	"'self'",
		990	"blob:"
		991	),
		992	"media-src" => array(
		993	"'self'",
		994	"blob:"
		995	),
		996	"object-src" => array(
		997	"'none'"
		998	),
		999	"prefetch-src" => array(
		1000	"'self'",
		1001	"blob:"
		1002	),
778	daniel-mar	1003	"script-src" => array(
		1004	"'self'",
		1005	"'unsafe-inline'",
		1006	"'unsafe-eval'",
		1007	"blob:",
		1008	"https://cdnjs.cloudflare.com/",
		1009	"https://polyfill.io/"
		1010	),
1001	daniel-mar	1011	// script-src-elem not used
		1012	// script-src-attr not used
		1013	"style-src" => array(
		1014	"'self'",
		1015	"'unsafe-inline'",
		1016	"https://cdnjs.cloudflare.com/"
		1017	),
		1018	// style-src-elem not used
		1019	// style-src-attr not used
		1020	"worker-src" => array(
		1021	"'self'",
		1022	"blob:"
		1023	),
		1024
		1025	// --- Navigation directives ---
778	daniel-mar	1026	"frame-ancestors" => array(
		1027	"'none'"
		1028	),
		1029	)
		1030	);
		1031
780	daniel-mar	1032	// Give plugins the opportunity to manipulate/extend the headers
778	daniel-mar	1033
		1034	foreach (OIDplus::getSqlSlangPlugins() as $plugin) {
		1035	$plugin->httpHeaderCheck($http_headers);
		1036	}
1015	daniel-mar	1037	//foreach (OIDplus::getDatabasePlugins() as $plugin) {
		1038	if ($plugin = OIDplus::getActiveDatabasePlugin()) {
778	daniel-mar	1039	$plugin->httpHeaderCheck($http_headers);
		1040	}
		1041	foreach (OIDplus::getPagePlugins() as $plugin) {
		1042	$plugin->httpHeaderCheck($http_headers);
		1043	}
		1044	foreach (OIDplus::getAuthPlugins() as $plugin) {
		1045	$plugin->httpHeaderCheck($http_headers);
		1046	}
		1047	foreach (OIDplus::getLoggerPlugins() as $plugin) {
		1048	$plugin->httpHeaderCheck($http_headers);
		1049	}
		1050	foreach (OIDplus::getObjectTypePlugins() as $plugin) {
		1051	$plugin->httpHeaderCheck($http_headers);
		1052	}
		1053	foreach (OIDplus::getLanguagePlugins() as $plugin) {
		1054	$plugin->httpHeaderCheck($http_headers);
		1055	}
		1056	foreach (OIDplus::getDesignPlugins() as $plugin) {
		1057	$plugin->httpHeaderCheck($http_headers);
		1058	}
1015	daniel-mar	1059	//foreach (OIDplus::getCaptchaPlugins() as $plugin) {
		1060	if ($plugin = OIDplus::getActiveCaptchaPlugin()) {
778	daniel-mar	1061	$plugin->httpHeaderCheck($http_headers);
		1062	}
		1063
		1064	// Prepare to send the headers to the client
		1065	// The headers are sent automatically when the first output comes or the script ends
		1066
		1067	foreach ($http_headers as $name => $val) {
		1068
		1069	// Plugins can remove standard OIDplus headers by setting the value to null.
		1070	if (is_null($val)) continue; /** @phpstan-ignore-line */
		1071
		1072	// Some headers can be written as arrays to make it easier for plugin authors
		1073	// to manipulate/extend the contents.
		1074	if (is_array($val)) {
		1075	if ((strtolower($name) == 'cache-control') \|\|
		1076	(strtolower($name) == 'referrer-policy'))
		1077	{
		1078	if (count($val) == 0) continue;
		1079	$val = implode(', ', $val);
		1080	} else if (strtolower($name) == 'content-security-policy') {
		1081	if (count($val) == 0) continue;
780	daniel-mar	1082	foreach ($val as $tmp1 => &$tmp2) {
		1083	$tmp2 = array_unique($tmp2);
		1084	$tmp2 = $tmp1.' '.implode(' ', $tmp2);
		1085	}
778	daniel-mar	1086	$val = implode('; ', $val);
		1087	} else {
779	daniel-mar	1088	throw new OIDplusException(_L('HTTP header "%1" cannot be written as array. A newly installed plugin is probably misusing the method "%2".',$name,'httpHeaderCheck'));
778	daniel-mar	1089	}
		1090	}
		1091
		1092	if (is_string($val)) {
		1093	header("$name: $val");
		1094	}
		1095	}
		1096
		1097	} // endif (PHP_SAPI != 'cli')
		1098
412	daniel-mar	1099	// Initialize other stuff (i.e. things which require the logger!)
		1100
		1101	OIDplus::recognizeSystemUrl(); // Make sure "last_known_system_url" is set
		1102	OIDplus::recognizeVersion(); // Make sure "last_known_version" is set and a log entry is created
2	daniel-mar	1103	}
42	daniel-mar	1104
227	daniel-mar	1105	# --- System URL, System ID, PKI, and other functions
		1106
412	daniel-mar	1107	private static function recognizeSystemUrl() {
		1108	try {
801	daniel-mar	1109	$url = OIDplus::webpath(null,self::PATH_ABSOLUTE_CANONICAL); // TODO: canonical or not?
412	daniel-mar	1110	OIDplus::config()->setValue('last_known_system_url', $url);
		1111	} catch (Exception $e) {
		1112	}
		1113	}
497	daniel-mar	1114
496	daniel-mar	1115	private static function getExecutingScriptPathDepth() {
		1116	if (PHP_SAPI == 'cli') {
		1117	global $argv;
		1118	$test_dir = dirname(realpath($argv[0]));
		1119	} else {
		1120	if (!isset($_SERVER["SCRIPT_FILENAME"])) return false;
		1121	$test_dir = dirname($_SERVER['SCRIPT_FILENAME']);
		1122	}
		1123	$test_dir = str_replace('\\', '/', $test_dir);
		1124	$steps_up = 0;
928	daniel-mar	1125	while (!file_exists($test_dir.'/oidplus.min.css.php')) { // We just assume that only the OIDplus base directory contains "oidplus.min.css.php" and not any subordinate directory!
496	daniel-mar	1126	$test_dir = dirname($test_dir);
		1127	$steps_up++;
		1128	if ($steps_up == 1000) return false; // to make sure there will never be an infinite loop
		1129	}
		1130	return $steps_up;
		1131	}
632	daniel-mar	1132
580	daniel-mar	1133	public static function isSSL() {
		1134	return isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] === 'on');
		1135	}
412	daniel-mar	1136
806	daniel-mar	1137	/**
		1138	* Returns the URL of the system.
		1139	* @param int $mode If true or OIDplus::PATH_RELATIVE, the returning path is relative to the currently executed
		1140	* PHP script (i.e. index.php , not the plugin PHP script!). False or OIDplus::PATH_ABSOLUTE is
		1141	* results in an absolute URL. OIDplus::PATH_ABSOLUTE_CANONICAL is an absolute URL,
		1142	* but a canonical path (set by base config setting CANONICAL_SYSTEM_URL) is preferred.
		1143	* @return string\|false The URL, with guaranteed trailing path delimiter for directories
		1144	*/
801	daniel-mar	1145	private static function getSystemUrl($mode) {
806	daniel-mar	1146	if ($mode === self::PATH_RELATIVE) {
778	daniel-mar	1147	$steps_up = self::getExecutingScriptPathDepth();
		1148	if ($steps_up === false) {
		1149	return false;
		1150	} else {
		1151	return str_repeat('../', $steps_up);
		1152	}
		1153	} else {
806	daniel-mar	1154	if ($mode === self::PATH_ABSOLUTE_CANONICAL) {
		1155	$tmp = OIDplus::baseConfig()->getValue('CANONICAL_SYSTEM_URL', '');
		1156	if ($tmp) {
		1157	return rtrim($tmp,'/').'/';
		1158	}
326	daniel-mar	1159	}
778	daniel-mar	1160
495	daniel-mar	1161	if (PHP_SAPI == 'cli') {
494	daniel-mar	1162	try {
		1163	return OIDplus::config()->getValue('last_known_system_url', false);
		1164	} catch (Exception $e) {
		1165	return false;
		1166	}
778	daniel-mar	1167	} else {
		1168	// First, try to find out how many levels we need to go up
		1169	$steps_up = self::getExecutingScriptPathDepth();
326	daniel-mar	1170
778	daniel-mar	1171	// Then go up these amount of levels, based on SCRIPT_NAME/argv[0]
		1172	$res = dirname($_SERVER['SCRIPT_NAME'].'index.php'); // This fake 'index.php' ensures that SCRIPT_NAME does not end with '/', which would make dirname() fail
		1173	for ($i=0; $i<$steps_up; $i++) {
		1174	$res = dirname($res);
		1175	}
		1176	$res = str_replace('\\', '/', $res);
		1177	if ($res == '/') $res = '';
227	daniel-mar	1178
778	daniel-mar	1179	// Add protocol and hostname
580	daniel-mar	1180	$is_ssl = self::isSSL();
495	daniel-mar	1181	$protocol = $is_ssl ? 'https' : 'http'; // do not translate
		1182	$host = $_SERVER['HTTP_HOST']; // includes port if it is not 80/443
778	daniel-mar	1183
		1184	return $protocol.'://'.$host.$res.'/';
495	daniel-mar	1185	}
227	daniel-mar	1186	}
		1187	}
		1188
827	daniel-mar	1189	private static function getSystemIdFromPubKey($pubKey) {
		1190	$m = array();
		1191	if (preg_match('@BEGIN PUBLIC KEY\-+(.+)\-+END PUBLIC KEY@ismU', $pubKey, $m)) {
		1192	return smallhash(base64_decode($m[1]));
		1193	}
		1194	return false;
		1195	}
		1196
227	daniel-mar	1197	private static $system_id_cache = null;
		1198	public static function getSystemId($oid=false) {
		1199	if (!is_null(self::$system_id_cache)) {
		1200	$out = self::$system_id_cache;
		1201	} else {
		1202	$out = false;
		1203
		1204	if (self::getPkiStatus(true)) {
830	daniel-mar	1205	$pubKey = OIDplus::getSystemPublicKey();
827	daniel-mar	1206	$out = self::getSystemIdFromPubKey($pubKey);
227	daniel-mar	1207	}
		1208	self::$system_id_cache = $out;
		1209	}
350	daniel-mar	1210	if (!$out) return false;
291	daniel-mar	1211	return ($oid ? '1.3.6.1.4.1.37476.30.9.' : '').$out;
227	daniel-mar	1212	}
		1213
825	daniel-mar	1214	public static function getOpenSslCnf() {
		1215	// The following functions need a config file, otherway they don't work
		1216	// - openssl_csr_new
		1217	// - openssl_csr_sign
		1218	// - openssl_pkey_export
		1219	// - openssl_pkey_export_to_file
		1220	// - openssl_pkey_new
		1221	$tmp = @getenv('OPENSSL_CONF');
		1222	if ($tmp && file_exists($tmp)) return $tmp;
		1223
		1224	// OpenSSL in XAMPP does not work OOBE, since the OPENSSL_CONF is
		1225	// C:/xampp/apache/bin/openssl.cnf and not C:/xampp/apache/conf/openssl.cnf
		1226	// Bug reports are more than 10 years old and nobody cares...
		1227	// Use our own config file
		1228	return __DIR__.'/../../vendor/phpseclib/phpseclib/phpseclib/openssl.cnf';
		1229	}
		1230
830	daniel-mar	1231	private static function getPrivKeyPassphraseFilename() {
		1232	return OIDplus::localpath() . 'userdata/privkey_secret.php';
		1233	}
227	daniel-mar	1234
830	daniel-mar	1235	private static function tryCreatePrivKeyPassphrase() {
		1236	$file = self::getPrivKeyPassphraseFilename();
827	daniel-mar	1237
830	daniel-mar	1238	$passphrase = generateRandomString(64);
		1239	$cont = "<?php\n";
		1240	$cont .= "// ATTENTION! This file was automatically generated by OIDplus to encrypt the private key\n";
		1241	$cont .= "// that is located in your database configuration table. DO NOT ALTER OR DELETE THIS FILE,\n";
		1242	$cont .= "// otherwise you will lose your OIDplus System-ID and all services connected with it!\n";
831	daniel-mar	1243	$cont .= "// If multiple systems access the same database, then this file must be synchronous\n";
		1244	$cont .= "// between all systems, otherwise you will lose your system ID, too!\n";
830	daniel-mar	1245	$cont .= "\$passphrase = '$passphrase';\n";
		1246	$cont .= "// End of file\n";
		1247
		1248	@file_put_contents($file, $cont);
		1249	}
		1250
		1251	private static function getPrivKeyPassphrase() {
		1252	$file = self::getPrivKeyPassphraseFilename();
		1253	if (!file_exists($file)) return false;
		1254	$cont = file_get_contents($file);
		1255	$m = array();
		1256	if (!preg_match("@'(.+)'@isU", $cont, $m)) return false;
		1257	return $m[1];
		1258	}
		1259
		1260	public static function getSystemPrivateKey() {
227	daniel-mar	1261	$privKey = OIDplus::config()->getValue('oidplus_private_key');
830	daniel-mar	1262	if ($privKey == '') return false;
		1263
		1264	$passphrase = self::getPrivKeyPassphrase();
		1265	if ($passphrase !== false) {
		1266	$privKey = decrypt_private_key($privKey, $passphrase);
		1267	}
		1268
		1269	if (is_privatekey_encrypted($privKey)) {
		1270	// This can happen if the key file has vanished
		1271	return false;
		1272	}
		1273
		1274	return $privKey;
		1275	}
		1276
		1277	public static function getSystemPublicKey() {
227	daniel-mar	1278	$pubKey = OIDplus::config()->getValue('oidplus_public_key');
830	daniel-mar	1279	if ($pubKey == '') return false;
		1280	return $pubKey;
		1281	}
227	daniel-mar	1282
830	daniel-mar	1283	public static function getPkiStatus($try_generate=false) {
		1284	if (!function_exists('openssl_pkey_new')) return false;
227	daniel-mar	1285
830	daniel-mar	1286	if ($try_generate) {
		1287	// For debug purposes: Invalidate current key once:
		1288	//OIDplus::config()->setValue('oidplus_private_key', '');
256	daniel-mar	1289
830	daniel-mar	1290	$privKey = OIDplus::getSystemPrivateKey();
		1291	$pubKey = OIDplus::getSystemPublicKey();
		1292	if (!verify_private_public_key($privKey, $pubKey)) {
		1293	if ($pubKey) {
		1294	OIDplus::logger()->log("[WARN]A!", "The private/public key-pair is broken. A new key-pair will now be generated for your system. Your System-ID will change.");
		1295	}
227	daniel-mar	1296
830	daniel-mar	1297	$pkey_config = array(
		1298	"digest_alg" => "sha512",
		1299	"private_key_bits" => defined('OPENSSL_SUPPLEMENT') ? 1024 : 2048, // openssl_supplement.inc.php is based on phpseclib, which is very slow. So we use 1024 bits instead of 2048 bits
		1300	"private_key_type" => OPENSSL_KEYTYPE_RSA,
		1301	"config" => OIDplus::getOpenSslCnf()
		1302	);
227	daniel-mar	1303
830	daniel-mar	1304	// Create the private and public key
		1305	$res = openssl_pkey_new($pkey_config);
		1306	if ($res === false) return false;
239	daniel-mar	1307
830	daniel-mar	1308	// Extract the private key from $res to $privKey
		1309	if (openssl_pkey_export($res, $privKey, null, $pkey_config) === false) return false;
227	daniel-mar	1310
830	daniel-mar	1311	// Extract the public key from $res to $pubKey
		1312	$tmp = openssl_pkey_get_details($res);
		1313	if ($tmp === false) return false;
		1314	$pubKey = $tmp["key"];
		1315
		1316	// encrypt new keys using a passphrase stored in a secret file
		1317	self::tryCreatePrivKeyPassphrase(); // try (re)generate this file
		1318	$passphrase = self::getPrivKeyPassphrase();
		1319	if ($passphrase !== false) {
		1320	$privKey = encrypt_private_key($privKey, $passphrase);
		1321	}
		1322
		1323	// Calculate the system ID from the public key
		1324	$system_id = self::getSystemIdFromPubKey($pubKey);
		1325	if ($system_id !== false) {
		1326	// Save the key pair to database
		1327	OIDplus::config()->setValue('oidplus_private_key', $privKey);
		1328	OIDplus::config()->setValue('oidplus_public_key', $pubKey);
		1329
		1330	// Log the new system ID
		1331	OIDplus::logger()->log("[INFO]A!", "A new private/public key-pair for your system had been generated. Your SystemID is now $system_id");
		1332	}
		1333	} else {
		1334	$passphrase = self::getPrivKeyPassphrase();
831	daniel-mar	1335	$rawPrivKey = OIDplus::config()->getValue('oidplus_private_key');
		1336	if (($passphrase === false) \|\| !is_privatekey_encrypted($rawPrivKey)) {
830	daniel-mar	1337	// Upgrade to new encrypted keys
		1338	self::tryCreatePrivKeyPassphrase(); // try generate this file
		1339	$passphrase = self::getPrivKeyPassphrase();
		1340	if ($passphrase !== false) {
		1341	$privKey = encrypt_private_key($privKey, $passphrase);
		1342	OIDplus::logger()->log("[INFO]A!", "The private/public key-pair has been upgraded to an encrypted key-pair. The key is saved in ".self::getPrivKeyPassphraseFilename());
		1343	OIDplus::config()->setValue('oidplus_private_key', $privKey);
		1344	}
		1345	}
227	daniel-mar	1346	}
		1347	}
		1348
830	daniel-mar	1349	$privKey = OIDplus::getSystemPrivateKey();
		1350	$pubKey = OIDplus::getSystemPublicKey();
227	daniel-mar	1351	return verify_private_public_key($privKey, $pubKey);
		1352	}
		1353
170	daniel-mar	1354	public static function getInstallType() {
486	daniel-mar	1355	$counter = 0;
		1356
661	daniel-mar	1357	if ($new_version_file_exists = file_exists(OIDplus::localpath().'.version.php')) {
486	daniel-mar	1358	$counter++;
591	daniel-mar	1359	}
661	daniel-mar	1360	if ($old_version_file_exists = file_exists(OIDplus::localpath().'oidplus_version.txt')) {
		1361	$counter++;
		1362	}
		1363	$version_file_exists = $old_version_file_exists \| $new_version_file_exists;
681	daniel-mar	1364	if ($svn_dir_exists = (is_dir(OIDplus::localpath().'.svn') \|\|
		1365	is_dir(OIDplus::localpath().'../.svn'))) { // in case we checked out the root instead of the "trunk"
486	daniel-mar	1366	$counter++;
591	daniel-mar	1367	}
681	daniel-mar	1368	// if ($git_dir_exists = is_dir(OIDplus::localpath().'.git')) {
698	daniel-mar	1369	if ($git_dir_exists = (OIDplus::findGitFolder() !== false)) {
486	daniel-mar	1370	$counter++;
591	daniel-mar	1371	}
486	daniel-mar	1372
		1373	if ($counter === 0) {
360	daniel-mar	1374	return 'unknown'; // do not translate
170	daniel-mar	1375	}
591	daniel-mar	1376	else if ($counter > 1) {
360	daniel-mar	1377	return 'ambigous'; // do not translate
170	daniel-mar	1378	}
591	daniel-mar	1379	else if ($svn_dir_exists) {
360	daniel-mar	1380	return 'svn-wc'; // do not translate
170	daniel-mar	1381	}
591	daniel-mar	1382	else if ($git_dir_exists) {
486	daniel-mar	1383	return 'git-wc'; // do not translate
		1384	}
591	daniel-mar	1385	else if ($version_file_exists) {
360	daniel-mar	1386	return 'svn-snapshot'; // do not translate
170	daniel-mar	1387	}
		1388	}
		1389
412	daniel-mar	1390	private static function recognizeVersion() {
		1391	try {
		1392	$ver_prev = OIDplus::config()->getValue("last_known_version");
		1393	$ver_now = OIDplus::getVersion();
		1394	if (($ver_now != '') && ($ver_prev != '') && ($ver_now != $ver_prev)) {
455	daniel-mar	1395	// TODO: Problem: When the system was updated using SVN, then the IP address of the next random visitor of the website is logged!
412	daniel-mar	1396	OIDplus::logger()->log("[INFO]A!", "System version changed from '$ver_prev' to '$ver_now'");
856	daniel-mar	1397
		1398	// Just to be sure, recanonize objects (we don't do it at every page visit due to performance reasons)
857	daniel-mar	1399	self::recanonizeObjects();
412	daniel-mar	1400	}
		1401	OIDplus::config()->setValue("last_known_version", $ver_now);
		1402	} catch (Exception $e) {
		1403	}
		1404	}
		1405
111	daniel-mar	1406	public static function getVersion() {
412	daniel-mar	1407	static $cachedVersion = null;
		1408	if (!is_null($cachedVersion)) {
		1409	return $cachedVersion;
		1410	}
		1411
486	daniel-mar	1412	$installType = OIDplus::getInstallType();
		1413
		1414	if ($installType === 'svn-wc') {
496	daniel-mar	1415	$ver = get_svn_revision(OIDplus::localpath());
486	daniel-mar	1416	if ($ver)
		1417	return ($cachedVersion = 'svn-'.$ver);
558	daniel-mar	1418	$ver = get_svn_revision(OIDplus::localpath().'../'); // in case we checked out the root instead of the "trunk"
		1419	if ($ver)
		1420	return ($cachedVersion = 'svn-'.$ver);
111	daniel-mar	1421	}
162	daniel-mar	1422
486	daniel-mar	1423	if ($installType === 'git-wc') {
698	daniel-mar	1424	$ver = OIDplus::getGitsvnRevision(OIDplus::localpath());
486	daniel-mar	1425	if ($ver)
		1426	return ($cachedVersion = 'svn-'.$ver);
162	daniel-mar	1427	}
		1428
486	daniel-mar	1429	if ($installType === 'svn-snapshot') {
661	daniel-mar	1430	$cont = '';
		1431	if (file_exists($filename = OIDplus::localpath().'oidplus_version.txt'))
		1432	$cont = file_get_contents($filename);
		1433	if (file_exists($filename = OIDplus::localpath().'.version.php'))
		1434	$cont = file_get_contents($filename);
386	daniel-mar	1435	$m = array();
360	daniel-mar	1436	if (preg_match('@Revision (\d+)@', $cont, $m)) // do not translate
412	daniel-mar	1437	return ($cachedVersion = 'svn-'.$m[1]); // do not translate
162	daniel-mar	1438	}
		1439
486	daniel-mar	1440	return ($cachedVersion = false); // version ambigous or unknown
111	daniel-mar	1441	}
		1442
974	daniel-mar	1443	const ENFORCE_SSL_NO = 0;
		1444	const ENFORCE_SSL_YES = 1;
		1445	const ENFORCE_SSL_AUTO = 2;
230	daniel-mar	1446	private static $sslAvailableCache = null;
		1447	public static function isSslAvailable() {
		1448	if (!is_null(self::$sslAvailableCache)) return self::$sslAvailableCache;
256	daniel-mar	1449
495	daniel-mar	1450	if (PHP_SAPI == 'cli') {
230	daniel-mar	1451	self::$sslAvailableCache = false;
		1452	return false;
		1453	}
		1454
49	daniel-mar	1455	$timeout = 2;
580	daniel-mar	1456	$already_ssl = self::isSSL();
80	daniel-mar	1457	$ssl_port = 443;
42	daniel-mar	1458
974	daniel-mar	1459	if ($already_ssl) {
		1460	OIDplus::cookieUtils()->setcookie('SSL_CHECK', '1', 0, false, null, true/forceInsecure/);
		1461	self::$sslAvailableCache = true;
		1462	return true;
		1463	} else {
		1464	if (isset($_COOKIE['SSL_CHECK']) && ($_COOKIE['SSL_CHECK'] == '1')) {
		1465	// The cookie "SSL_CHECK" is set once a website was loaded with HTTPS.
		1466	// It forces subsequent HTTP calls to redirect to HTTPS (like HSTS).
		1467	// The reason is the following problem:
		1468	// If you open the page with HTTPS first, then the CSRF token cookies will get the "secure" flag
		1469	// If you open the page then with HTTP, the HTTP cannot access the secure CSRF cookies,
		1470	// Chrome will then block "Set-Cookie" since the HTTP cookie would overwrite the HTTPS cookie.
		1471	// Note: SSL_CHECK is NOT a replacement for HSTS! You should use HSTS,
		1472	// because on there your browser ensures that HTTPS is called, before the server
		1473	// is even contacted (and therefore, no HTTP connection can be hacked).
		1474	$mode = OIDplus::ENFORCE_SSL_YES;
		1475	} else {
		1476	$mode = OIDplus::baseConfig()->getValue('ENFORCE_SSL', OIDplus::ENFORCE_SSL_AUTO);
		1477	}
261	daniel-mar	1478
974	daniel-mar	1479	if ($mode == OIDplus::ENFORCE_SSL_NO) {
		1480	// No SSL available
		1481	self::$sslAvailableCache = false;
		1482	return false;
		1483	} else if ($mode == OIDplus::ENFORCE_SSL_YES) {
		1484	// Force SSL
80	daniel-mar	1485	$location = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
		1486	header('Location:'.$location);
360	daniel-mar	1487	die(_L('Redirecting to HTTPS...'));
974	daniel-mar	1488	} else if ($mode == OIDplus::ENFORCE_SSL_AUTO) {
		1489	// Automatic SSL detection
80	daniel-mar	1490	if (isset($_COOKIE['SSL_CHECK'])) {
		1491	// We already had the HTTPS detection done before.
974	daniel-mar	1492	if ($_COOKIE['SSL_CHECK'] == '1') {
80	daniel-mar	1493	// HTTPS was detected before, but we are HTTP. Redirect now
		1494	$location = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
		1495	header('Location:'.$location);
360	daniel-mar	1496	die(_L('Redirecting to HTTPS...'));
80	daniel-mar	1497	} else {
		1498	// No HTTPS available. Do nothing.
230	daniel-mar	1499	self::$sslAvailableCache = false;
80	daniel-mar	1500	return false;
		1501	}
49	daniel-mar	1502	} else {
80	daniel-mar	1503	// This is our first check (or the browser didn't accept the SSL_CHECK cookie)
386	daniel-mar	1504	$errno = -1;
		1505	$errstr = '';
80	daniel-mar	1506	if (@fsockopen($_SERVER['HTTP_HOST'], $ssl_port, $errno, $errstr, $timeout)) {
		1507	// HTTPS detected. Redirect now, and remember that we had detected HTTPS
974	daniel-mar	1508	OIDplus::cookieUtils()->setcookie('SSL_CHECK', '1', 0, false, null, true/forceInsecure/);
80	daniel-mar	1509	$location = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
		1510	header('Location:'.$location);
360	daniel-mar	1511	die(_L('Redirecting to HTTPS...'));
80	daniel-mar	1512	} else {
		1513	// No HTTPS detected. Do nothing, and next time, don't try to detect HTTPS again.
974	daniel-mar	1514	OIDplus::cookieUtils()->setcookie('SSL_CHECK', '0', 0, false, null, true/forceInsecure/);
230	daniel-mar	1515	self::$sslAvailableCache = false;
80	daniel-mar	1516	return false;
		1517	}
49	daniel-mar	1518	}
42	daniel-mar	1519	}
		1520	}
		1521	}
497	daniel-mar	1522
496	daniel-mar	1523	/**
		1524	* Gets a local path pointing to a resource
		1525	* @param string $target Target resource (file or directory must exist), or null to get the OIDplus base directory
		1526	* @param boolean $relative If true, the returning path is relative to the currently executed PHP file (not the CLI working directory)
590	daniel-mar	1527	* @return string\|false The local path, with guaranteed trailing path delimiter for directories
496	daniel-mar	1528	*/
		1529	public static function localpath($target=null, $relative=false) {
		1530	if (is_null($target)) {
		1531	$target = __DIR__.'/../../';
		1532	}
241	daniel-mar	1533
496	daniel-mar	1534	if ($relative) {
		1535	// First, try to find out how many levels we need to go up
		1536	$steps_up = self::getExecutingScriptPathDepth();
		1537	if ($steps_up === false) return false;
497	daniel-mar	1538
496	daniel-mar	1539	// Virtually go back from the executing PHP script to the OIDplus base path
		1540	$res = str_repeat('../',$steps_up);
497	daniel-mar	1541
496	daniel-mar	1542	// Then go to the desired location
		1543	$basedir = realpath(__DIR__.'/../../');
		1544	$target = realpath($target);
500	daniel-mar	1545	if ($target === false) return false;
496	daniel-mar	1546	$res .= substr($target, strlen($basedir)+1);
		1547	$res = rtrim($res,'/'); // avoid '..//' for localpath(null,true)
		1548	} else {
		1549	$res = realpath($target);
241	daniel-mar	1550	}
497	daniel-mar	1551
801	daniel-mar	1552	if (is_dir($target)) $res .= '/';
497	daniel-mar	1553
801	daniel-mar	1554	$res = str_replace('/', DIRECTORY_SEPARATOR, $res);
		1555
496	daniel-mar	1556	return $res;
241	daniel-mar	1557	}
355	daniel-mar	1558
496	daniel-mar	1559	/**
		1560	* Gets a URL pointing to a resource
		1561	* @param string $target Target resource (file or directory must exist), or null to get the OIDplus base directory
806	daniel-mar	1562	* @param int\|boolean $mode If true or OIDplus::PATH_RELATIVE, the returning path is relative to the currently executed
		1563	* PHP script (i.e. index.php , not the plugin PHP script!). False or OIDplus::PATH_ABSOLUTE is
		1564	* results in an absolute URL. OIDplus::PATH_ABSOLUTE_CANONICAL is an absolute URL,
		1565	* but a canonical path (set by base config setting CANONICAL_SYSTEM_URL) is preferred.
590	daniel-mar	1566	* @return string\|false The URL, with guaranteed trailing path delimiter for directories
496	daniel-mar	1567	*/
806	daniel-mar	1568	public static function webpath($target=null, $mode=self::PATH_ABSOLUTE_CANONICAL) {
801	daniel-mar	1569	// backwards compatibility
		1570	if ($mode === true) $mode = self::PATH_RELATIVE;
		1571	if ($mode === false) $mode = self::PATH_ABSOLUTE;
		1572
811	daniel-mar	1573	if ($mode == OIDplus::PATH_RELATIVE_TO_ROOT) {
812	daniel-mar	1574	$tmp = OIDplus::webpath($target,OIDplus::PATH_ABSOLUTE);
		1575	if ($tmp === false) return false;
		1576	$tmp = parse_url($tmp);
		1577	if ($tmp === false) return false;
		1578	if (!isset($tmp['path'])) return false;
		1579	return $tmp['path'];
811	daniel-mar	1580	}
		1581
812	daniel-mar	1582	if ($mode == OIDplus::PATH_RELATIVE_TO_ROOT_CANONICAL) {
		1583	$tmp = OIDplus::webpath($target,OIDplus::PATH_ABSOLUTE_CANONICAL);
		1584	if ($tmp === false) return false;
		1585	$tmp = parse_url($tmp);
		1586	if ($tmp === false) return false;
		1587	if (!isset($tmp['path'])) return false;
		1588	return $tmp['path'];
		1589	}
		1590
801	daniel-mar	1591	$res = self::getSystemUrl($mode); // Note: already contains a trailing path delimiter
778	daniel-mar	1592	if ($res === false) return false;
497	daniel-mar	1593
496	daniel-mar	1594	if (!is_null($target)) {
		1595	$basedir = realpath(__DIR__.'/../../');
		1596	$target = realpath($target);
500	daniel-mar	1597	if ($target === false) return false;
496	daniel-mar	1598	$tmp = substr($target, strlen($basedir)+1);
500	daniel-mar	1599	$res .= str_replace(DIRECTORY_SEPARATOR,'/',$tmp); // remove OS specific path delimiters introduced by realpath()
497	daniel-mar	1600	if (is_dir($target)) $res .= '/';
496	daniel-mar	1601	}
497	daniel-mar	1602
496	daniel-mar	1603	return $res;
		1604	}
497	daniel-mar	1605
778	daniel-mar	1606	public static function canonicalURL() {
		1607	// First part: OIDplus system URL (or canonical system URL)
801	daniel-mar	1608	$sysurl = OIDplus::getSystemUrl(self::PATH_ABSOLUTE_CANONICAL);
778	daniel-mar	1609
		1610	// Second part: Directory
		1611	$basedir = realpath(__DIR__.'/../../');
		1612	$target = realpath('.');
		1613	if ($target === false) return false;
		1614	$tmp = substr($target, strlen($basedir)+1);
		1615	$res = str_replace(DIRECTORY_SEPARATOR,'/',$tmp); // remove OS specific path delimiters introduced by realpath()
780	daniel-mar	1616	if (is_dir($target) && ($res != '')) $res .= '/';
778	daniel-mar	1617
		1618	// Third part: File name
		1619	$tmp = explode('/',$_SERVER['SCRIPT_NAME']);
		1620	$tmp = end($tmp);
		1621
		1622	// Fourth part: Query string (ordered)
		1623	$tmp2 = getSortedQuery();
		1624	if ($tmp2 != '') $tmp2 = '?'.$tmp2;
		1625
		1626	return $sysurl.$res.$tmp.$tmp2;
		1627	}
		1628
639	daniel-mar	1629	private static $shutdown_functions = array();
		1630	public static function register_shutdown_function($func) {
		1631	self::$shutdown_functions[] = $func;
		1632	}
		1633
		1634	public static function invoke_shutdown() {
		1635	foreach (self::$shutdown_functions as $func) {
		1636	$func();
		1637	}
		1638	}
		1639
360	daniel-mar	1640	public static function getAvailableLangs() {
		1641	$langs = array();
		1642	foreach (OIDplus::getAllPluginManifests('language') as $pluginManifest) {
389	daniel-mar	1643	$code = $pluginManifest->getLanguageCode();
360	daniel-mar	1644	$langs[] = $code;
		1645	}
		1646	return $langs;
		1647	}
		1648
1041	daniel-mar	1649	public static function getDefaultLang() {
		1650	static $thrownOnce = false; // avoid endless loop inside OIDplusConfigInitializationException
		1651
		1652	$lang = self::$baseConfig->getValue('DEFAULT_LANGUAGE', 'enus');
		1653
		1654	if (!in_array($lang,self::getAvailableLangs())) {
		1655	if (!$thrownOnce) {
		1656	$thrownOnce = true;
		1657	throw new OIDplusConfigInitializationException(_L('DEFAULT_LANGUAGE points to an invalid language plugin (Consider setting to "enus" = "English USA").'));
		1658	} else {
		1659	return 'enus';
		1660	}
		1661	}
		1662
		1663	return $lang;
		1664	}
		1665
355	daniel-mar	1666	public static function getCurrentLang() {
360	daniel-mar	1667	if (isset($_GET['lang'])) {
		1668	$lang = $_GET['lang'];
		1669	} else if (isset($_POST['lang'])) {
		1670	$lang = $_POST['lang'];
		1671	} else if (isset($_COOKIE['LANGUAGE'])) {
		1672	$lang = $_COOKIE['LANGUAGE'];
		1673	} else {
1041	daniel-mar	1674	$lang = self::getDefaultLang();
360	daniel-mar	1675	}
		1676	$lang = substr(preg_replace('@[^a-z]@ismU', '', $lang),0,4); // sanitize
355	daniel-mar	1677	return $lang;
		1678	}
		1679
362	daniel-mar	1680	public static function handleLangArgument() {
		1681	if (isset($_GET['lang'])) {
		1682	// The "?lang=" argument is only for NoScript-Browsers/SearchEngines
		1683	// In case someone who has JavaScript clicks a ?lang= link, they should get
		1684	// the page in that language, but the cookie must be set, otherwise
		1685	// the menu and other stuff would be in their cookie-based-language and not the
		1686	// argument-based-language.
557	daniel-mar	1687	OIDplus::cookieUtils()->setcookie('LANGUAGE', $_GET['lang'], 0, true/HttpOnly off, because JavaScript also needs translation/);
362	daniel-mar	1688	} else if (isset($_POST['lang'])) {
557	daniel-mar	1689	OIDplus::cookieUtils()->setcookie('LANGUAGE', $_POST['lang'], 0, true/HttpOnly off, because JavaScript also needs translation/);
362	daniel-mar	1690	}
		1691	}
		1692
468	daniel-mar	1693	private static $translationArray = array();
469	daniel-mar	1694	protected static function getTranslationFileContents($translation_file) {
		1695	// First, try the cache
481	daniel-mar	1696	$cache_file = __DIR__ . '/../../userdata/cache/translation_'.md5($translation_file).'.ser';
469	daniel-mar	1697	if (file_exists($cache_file) && (filemtime($cache_file) == filemtime($translation_file))) {
		1698	$cac = @unserialize(file_get_contents($cache_file));
		1699	if ($cac) return $cac;
		1700	}
481	daniel-mar	1701
469	daniel-mar	1702	// If not successful, then load the XML file
		1703	$xml = @simplexml_load_string(file_get_contents($translation_file));
		1704	if (!$xml) return array(); // if there is an UTF-8 or parsing error, don't output any errors, otherwise the JavaScript is corrupt and the page won't render correctly
		1705	$cac = array();
		1706	foreach ($xml->message as $msg) {
		1707	$src = trim($msg->source->__toString());
		1708	$dst = trim($msg->target->__toString());
		1709	$cac[$src] = $dst;
		1710	}
		1711	@file_put_contents($cache_file,serialize($cac));
		1712	@touch($cache_file,filemtime($translation_file));
		1713	return $cac;
		1714	}
468	daniel-mar	1715	public static function getTranslationArray($requested_lang='*') {
362	daniel-mar	1716	foreach (OIDplus::getAllPluginManifests('language') as $pluginManifest) {
389	daniel-mar	1717	$lang = $pluginManifest->getLanguageCode();
362	daniel-mar	1718	if (strpos($lang,'/') !== false) continue; // just to be sure
		1719	if (strpos($lang,'\\') !== false) continue; // just to be sure
		1720	if (strpos($lang,'..') !== false) continue; // just to be sure
401	daniel-mar	1721
468	daniel-mar	1722	if (($requested_lang != '*') && ($lang != $requested_lang)) continue;
401	daniel-mar	1723
468	daniel-mar	1724	if (!isset(self::$translationArray[$lang])) {
		1725	self::$translationArray[$lang] = array();
		1726
		1727	$wildcard = $pluginManifest->getLanguageMessages();
		1728	if (strpos($wildcard,'/') !== false) continue; // just to be sure
		1729	if (strpos($wildcard,'\\') !== false) continue; // just to be sure
		1730	if (strpos($wildcard,'..') !== false) continue; // just to be sure
		1731
635	daniel-mar	1732	$translation_files = glob(__DIR__.'/../../plugins/'.'*'.'/language/'.$lang.'/'.$wildcard);
468	daniel-mar	1733	sort($translation_files);
		1734	foreach ($translation_files as $translation_file) {
		1735	if (!file_exists($translation_file)) continue;
469	daniel-mar	1736	$cac = self::getTranslationFileContents($translation_file);
		1737	foreach ($cac as $src => $dst) {
		1738	self::$translationArray[$lang][$src] = $dst;
468	daniel-mar	1739	}
401	daniel-mar	1740	}
362	daniel-mar	1741	}
		1742	}
468	daniel-mar	1743	return self::$translationArray;
362	daniel-mar	1744	}
		1745
699	daniel-mar	1746	public static function getEditionInfo() {
		1747	return @parse_ini_file(__DIR__.'/../edition.ini', true)['Edition'];
		1748	}
		1749
698	daniel-mar	1750	public static function findGitFolder() {
		1751	// Git command line saves git information in folder ".git"
		1752	// Plesk git saves git information in folder "../../../git/oidplus/" (or similar)
727	daniel-mar	1753	$dir = OIDplus::localpath();
698	daniel-mar	1754	if (is_dir($dir.'/.git')) return $dir.'/.git';
		1755	$i = 0;
		1756	do {
		1757	if (is_dir($dir.'/git')) {
719	daniel-mar	1758	$confs = @glob($dir.'/git/'.'*'.'/config');
		1759	if ($confs) foreach ($confs as $conf) {
698	daniel-mar	1760	$cont = file_get_contents($conf);
699	daniel-mar	1761	if (isset(OIDplus::getEditionInfo()['gitrepo']) && (OIDplus::getEditionInfo()['gitrepo'] != '') && (strpos($cont, OIDplus::getEditionInfo()['gitrepo']) !== false)) {
698	daniel-mar	1762	return dirname($conf);
		1763	}
		1764	}
		1765	}
		1766	$i++;
719	daniel-mar	1767	} while (($i<100) && ($dir != ($new_dir = @realpath($dir.'/../'))) && ($dir = $new_dir));
698	daniel-mar	1768	return false;
		1769	}
		1770
		1771	public static function getGitsvnRevision($dir='') {
		1772	try {
		1773	// tries command line and binary parsing
699	daniel-mar	1774	// requires vendor/danielmarschall/git_utils.inc.php
698	daniel-mar	1775	$git_dir = OIDplus::findGitFolder();
		1776	if ($git_dir === false) return false;
		1777	$commit_msg = git_get_latest_commit_message($git_dir);
		1778	} catch (Exception $e) {
		1779	return false;
		1780	}
		1781
		1782	$m = array();
		1783	if (preg_match('%git-svn-id: (.+)@(\\d+) %ismU', $commit_msg, $m)) {
		1784	return $m[2];
		1785	} else {
		1786	return false;
		1787	}
		1788	}
		1789
775	daniel-mar	1790	public static function prefilterQuery($static_node_id, $throw_exception) {
		1791	// Let namespace be case-insensitive
		1792	$ary = explode(':', $static_node_id, 2);
		1793	$ary[0] = strtolower($ary[0]);
		1794	$static_node_id = implode(':', $ary);
		1795
889	daniel-mar	1796	// Ask plugins if they want to change the node id
		1797	foreach (OIDplus::getObjectTypePluginsEnabled() as $plugin) {
		1798	$static_node_id = $plugin->prefilterQuery($static_node_id, $throw_exception);
775	daniel-mar	1799	}
		1800
		1801	return $static_node_id;
		1802	}
849	daniel-mar	1803
		1804	public static function isCronjob() {
		1805	return explode('.',basename($_SERVER['SCRIPT_NAME']))[0] === 'cron';
		1806	}
856	daniel-mar	1807
857	daniel-mar	1808	private static function recanonizeObjects() {
856	daniel-mar	1809	#
		1810	# Since OIDplus svn-184, entries in the database need to have a canonical ID
		1811	# If the ID is not canonical (e.g. GUIDs missing hyphens), the object cannot be opened in OIDplus
		1812	# This script re-canonizes the object IDs if required.
		1813	# In SVN Rev 856, the canonization for GUID, IPv4 and IPv6 have changed, requiring another
		1814	# re-canonization
		1815	#
		1816	$res = OIDplus::db()->query("select id from ###objects");
		1817	while ($row = $res->fetch_array()) {
		1818	$ida = $row['id'];
857	daniel-mar	1819	$obj = OIDplusObject::parse($ida);
		1820	if (!$obj) continue;
		1821	$idb = $obj->nodeId();
856	daniel-mar	1822	if (($idb) && ($ida != $idb)) {
		1823	OIDplus::db()->transaction_begin();
		1824	OIDplus::db()->query("update ###objects set id = ? where id = ?", array($idb, $ida));
		1825	OIDplus::db()->query("update ###asn1id set oid = ? where oid = ?", array($idb, $ida));
		1826	OIDplus::db()->query("update ###iri set oid = ? where oid = ?", array($idb, $ida));
		1827	OIDplus::db()->query("update ###log_object set id = ? where id = ?", array($idb, $ida));
		1828	OIDplus::logger()->log("[INFO]A!", "Object name '$ida' has been changed to '$idb' during re-canonization");
		1829	OIDplus::db()->transaction_commit();
978	daniel-mar	1830	OIDplusObject::resetObjectInformationCache();
856	daniel-mar	1831	}
		1832	}
		1833	}
		1834
374	daniel-mar	1835	}

Subversion Repositories oidplus

oidplus/trunk/includes/classes/OIDplus.class.php @ 1127 – Rev 1041