WebSVN – oidplus – Blame – /trunk/includes/classes/OIDplus.class.php

Rev	Author	Line No.	Line
2	daniel-mar	1	<?php
		2
		3	/*
		4	* OIDplus 2.0
1073	daniel-mar	5	* Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft
2	daniel-mar	6	*
		7	* Licensed under the Apache License, Version 2.0 (the "License");
		8	* you may not use this file except in compliance with the License.
		9	* You may obtain a copy of the License at
		10	*
		11	* http://www.apache.org/licenses/LICENSE-2.0
		12	*
		13	* Unless required by applicable law or agreed to in writing, software
		14	* distributed under the License is distributed on an "AS IS" BASIS,
		15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		16	* See the License for the specific language governing permissions and
		17	* limitations under the License.
		18	*/
		19
1050	daniel-mar	20	namespace ViaThinkSoft\OIDplus;
511	daniel-mar	21
1086	daniel-mar	22	// phpcs:disable PSR1.Files.SideEffects
		23	\defined('INSIDE_OIDPLUS') or die;
		24	// phpcs:enable PSR1.Files.SideEffects
		25
730	daniel-mar	26	class OIDplus extends OIDplusBaseClass {
281	daniel-mar	27	private static /OIDplusPagePlugin[]/ $pagePlugins = array();
		28	private static /OIDplusAuthPlugin[]/ $authPlugins = array();
289	daniel-mar	29	private static /OIDplusLoggerPlugin[]/ $loggerPlugins = array();
227	daniel-mar	30	private static /OIDplusObjectTypePlugin[]/ $objectTypePlugins = array();
		31	private static /string[]/ $enabledObjectTypes = array();
		32	private static /string[]/ $disabledObjectTypes = array();
		33	private static /OIDplusDatabasePlugin[]/ $dbPlugins = array();
702	daniel-mar	34	private static /OIDplusCaptchaPlugin[]/ $captchaPlugins = array();
274	daniel-mar	35	private static /OIDplusSqlSlangPlugin[]/ $sqlSlangPlugins = array();
355	daniel-mar	36	private static /OIDplusLanguagePlugin[]/ $languagePlugins = array();
449	daniel-mar	37	private static /OIDplusDesignPlugin[]/ $designPlugins = array();
2	daniel-mar	38
280	daniel-mar	39	protected static $html = true;
236	daniel-mar	40
812	daniel-mar	41	/public/ const PATH_RELATIVE = 1; // e.g. "../"
		42	/public/ const PATH_ABSOLUTE = 2; // e.g. "http://www.example.com/oidplus/"
		43	/public/ const PATH_ABSOLUTE_CANONICAL = 3; // e.g. "http://www.example.org/oidplus/" (if baseconfig CANONICAL_SYSTEM_URL is set)
		44	/public/ const PATH_RELATIVE_TO_ROOT = 4; // e.g. "/oidplus/"
		45	/public/ const PATH_RELATIVE_TO_ROOT_CANONICAL = 5; // e.g. "/oidplus/" (if baseconfig CANONICAL_SYSTEM_URL is set)
801	daniel-mar	46
778	daniel-mar	47	// These plugin types can contain HTML code and therefore may
		48	// emit (non-setup) CSS/JS code via their manifest.
1072	daniel-mar	49	// Note that design plugins may only output CSS, not JS.
778	daniel-mar	50	/public/ const INTERACTIVE_PLUGIN_TYPES = array(
		51	'publicPages',
		52	'raPages',
		53	'adminPages',
		54	'objectTypes',
		55	'captcha'
		56	);
		57
1073	daniel-mar	58	const UUID_NAMEBASED_NS_Base64PubKey = 'fd16965c-8bab-11ed-8744-3c4a92df8582';
		59
2	daniel-mar	60	private function __construct() {
		61	}
295	daniel-mar	62
1068	daniel-mar	63	private static function insideSetup(): bool {
		64	if (PHP_SAPI == 'cli') return false;
		65	if (!isset($_SERVER['REQUEST_URI'])) return false;
1055	daniel-mar	66	return (strpos($_SERVER['REQUEST_URI'], OIDplus::webpath(null,OIDplus::PATH_RELATIVE_TO_ROOT).'setup/') === 0);
		67	}
		68
1050	daniel-mar	69	// --- Static classes
274	daniel-mar	70
263	daniel-mar	71	private static $baseConfig = null;
1050	daniel-mar	72	private static $oldConfigFormatLoaded = false;
261	daniel-mar	73	public static function baseConfig() {
263	daniel-mar	74	$first_init = false;
274	daniel-mar	75
263	daniel-mar	76	if ($first_init = is_null(self::$baseConfig)) {
		77	self::$baseConfig = new OIDplusBaseConfig();
261	daniel-mar	78	}
		79
1055	daniel-mar	80	if (self::insideSetup()) return self::$baseConfig;
		81	if ((basename($_SERVER['SCRIPT_NAME']) === 'oidplus.min.js.php') && isset($_REQUEST['noBaseConfig']) && ($_REQUEST['noBaseConfig'] == '1')) return self::$baseConfig;
		82	if ((basename($_SERVER['SCRIPT_NAME']) === 'oidplus.min.css.php') && isset($_REQUEST['noBaseConfig']) && ($_REQUEST['noBaseConfig'] == '1')) return self::$baseConfig;
		83
263	daniel-mar	84	if ($first_init) {
261	daniel-mar	85	// Include a file containing various size/depth limitations of OIDs
294	daniel-mar	86	// It is important to include it before userdata/baseconfig/config.inc.php was included,
		87	// so we can give userdata/baseconfig/config.inc.php the chance to override the values.
261	daniel-mar	88
496	daniel-mar	89	include OIDplus::localpath().'includes/oidplus_limits.inc.php';
261	daniel-mar	90
		91	// Include config file
295	daniel-mar	92
496	daniel-mar	93	$config_file = OIDplus::localpath() . 'userdata/baseconfig/config.inc.php';
		94	$config_file_old = OIDplus::localpath() . 'includes/config.inc.php'; // backwards compatibility
295	daniel-mar	95
294	daniel-mar	96	if (!file_exists($config_file) && file_exists($config_file_old)) {
		97	$config_file = $config_file_old;
		98	}
261	daniel-mar	99
294	daniel-mar	100	if (file_exists($config_file)) {
1050	daniel-mar	101	if (self::$oldConfigFormatLoaded) {
263	daniel-mar	102	// Note: We may only include it once due to backwards compatibility,
		103	// since in version 2.0, the configuration was defined using define() statements
		104	// Attention: This does mean that a full re-init (e.g. for test cases) is not possible
		105	// if a version 2.0 config is used!
1050	daniel-mar	106
		107	// We need to do this, because define() cannot be undone
		108	// Note: This can only happen in very special cases (e.g. test cases) where you call init() twice
		109	throw new OIDplusConfigInitializationException(_L('A full re-initialization is not possible if a version 2.0 config file (containing "defines") is used. Please update to a config 2.1 file by running setup again.'));
263	daniel-mar	110	} else {
1050	daniel-mar	111	$tmp = file_get_contents($config_file);
		112	$ns = "ViaThinkSoft\OIDplus\OIDplus";
		113	$uses = "use $ns;";
		114	if ((strpos($tmp,'OIDplus::') !== false) && (strpos($tmp,$uses) === false)) {
		115	// Migrate config file to namespace class names
		116	// Note: Only config files version 2.1 are affected. Not 2.0 ones
		117
		118	$tmp = "<?php\r\n\r\n$uses /* Automatically added by migration procedure */\r\n?>$tmp";
		119	$tmp = str_replace('?><?php', '', $tmp);
		120
		121	$tmp = str_replace("\$ns\OIDplusCaptchaPluginRecaptcha::", "OIDplusCaptchaPluginRecaptcha::", $tmp);
		122	$tmp = str_replace("OIDplusCaptchaPluginRecaptcha::", "\$ns\OIDplusCaptchaPluginRecaptcha::", $tmp);
		123
		124	$tmp = str_replace('DISABLE_PLUGIN_OIDplusPagePublicRdap',
		125	'DISABLE_PLUGIN_Frdlweb\OIDplus\OIDplusPagePublicRdap', $tmp);
		126	$tmp = str_replace('DISABLE_PLUGIN_OIDplusPagePublicAltIds',
		127	'DISABLE_PLUGIN_Frdlweb\OIDplus\OIDplusPagePublicAltIds', $tmp);
1051	daniel-mar	128	$tmp = str_replace('DISABLE_PLUGIN_OIDplusPagePublicUITweaks',
		129	'DISABLE_PLUGIN_TushevOrg\OIDplus\OIDplusPagePublicUITweaks', $tmp);
1050	daniel-mar	130	$tmp = str_replace('DISABLE_PLUGIN_OIDplus',
		131	'DISABLE_PLUGIN_ViaThinkSoft\OIDplus\OIDplus', $tmp);
		132
		133	if (@file_put_contents($config_file, $tmp) === false) {
		134	eval('?>'.$tmp);
		135	} else {
		136	include $config_file;
		137	}
		138	} else {
		139	include $config_file;
		140	}
263	daniel-mar	141	}
261	daniel-mar	142
1055	daniel-mar	143	// Backwards compatibility 2.0 => 2.1
261	daniel-mar	144	if (defined('OIDPLUS_CONFIG_VERSION') && (OIDPLUS_CONFIG_VERSION == 2.0)) {
1050	daniel-mar	145	self::$oldConfigFormatLoaded = true;
261	daniel-mar	146	foreach (get_defined_constants(true)['user'] as $name => $value) {
		147	$name = str_replace('OIDPLUS_', '', $name);
		148	if ($name == 'SESSION_SECRET') $name = 'SERVER_SECRET';
		149	if ($name == 'MYSQL_QUERYLOG') $name = 'QUERY_LOGFILE';
1050	daniel-mar	150	$name = str_replace('DISABLE_PLUGIN_OIDplusPagePublicRdap',
		151	'DISABLE_PLUGIN_Frdlweb\OIDplus\OIDplusPagePublicRdap', $name);
		152	$name = str_replace('DISABLE_PLUGIN_OIDplusPagePublicAltIds',
		153	'DISABLE_PLUGIN_Frdlweb\OIDplus\OIDplusPagePublicAltIds', $name);
1051	daniel-mar	154	$name = str_replace('DISABLE_PLUGIN_OIDplusPagePublicUITweaks',
		155	'DISABLE_PLUGIN_TushevOrg\OIDplus\OIDplusPagePublicUITweaks', $name);
1050	daniel-mar	156	$name = str_replace('DISABLE_PLUGIN_OIDplus',
		157	'DISABLE_PLUGIN_ViaThinkSoft\OIDplus\OIDplus', $name);
1055	daniel-mar	158	if ($name == 'CONFIG_VERSION') {
		159	$value = 2.1;
		160	} else if (($name == 'MYSQL_PASSWORD') \|\| ($name == 'ODBC_PASSWORD') \|\| ($name == 'PDO_PASSWORD') \|\| ($name == 'PGSQL_PASSWORD')) {
		161	$value = base64_decode($value);
261	daniel-mar	162	}
1055	daniel-mar	163	self::$baseConfig->setValue($name, $value);
261	daniel-mar	164	}
		165	}
		166	} else {
496	daniel-mar	167	if (!is_dir(OIDplus::localpath().'setup')) {
1050	daniel-mar	168	throw new OIDplusConfigInitializationException(_L('File %1 is missing, but setup can\'t be started because its directory missing.',$config_file));
261	daniel-mar	169	} else {
280	daniel-mar	170	if (self::$html) {
1055	daniel-mar	171	if (!self::insideSetup()) {
801	daniel-mar	172	header('Location:'.OIDplus::webpath(null,OIDplus::PATH_RELATIVE).'setup/');
360	daniel-mar	173	die(_L('Redirecting to setup...'));
349	daniel-mar	174	} else {
		175	return self::$baseConfig;
		176	}
261	daniel-mar	177	} else {
		178	// This can be displayed in e.g. ajax.php
1050	daniel-mar	179	throw new OIDplusConfigInitializationException(_L('File %1 is missing. Please run setup again.',$config_file));
261	daniel-mar	180	}
		181	}
		182	}
		183
		184	// Check important config settings
		185
263	daniel-mar	186	if (self::$baseConfig->getValue('CONFIG_VERSION') != 2.1) {
801	daniel-mar	187	if (strpos($_SERVER['REQUEST_URI'], OIDplus::webpath(null,OIDplus::PATH_RELATIVE).'setup/') !== 0) {
503	daniel-mar	188	throw new OIDplusConfigInitializationException(_L("The information located in %1 is outdated.",realpath($config_file)));
		189	}
261	daniel-mar	190	}
		191
263	daniel-mar	192	if (self::$baseConfig->getValue('SERVER_SECRET', '') === '') {
801	daniel-mar	193	if (strpos($_SERVER['REQUEST_URI'], OIDplus::webpath(null,OIDplus::PATH_RELATIVE).'setup/') !== 0) {
503	daniel-mar	194	throw new OIDplusConfigInitializationException(_L("You must set a value for SERVER_SECRET in %1 for the system to operate secure.",realpath($config_file)));
		195	}
261	daniel-mar	196	}
		197	}
		198
263	daniel-mar	199	return self::$baseConfig;
261	daniel-mar	200	}
		201
263	daniel-mar	202	private static $config = null;
2	daniel-mar	203	public static function config() {
263	daniel-mar	204	if ($first_init = is_null(self::$config)) {
		205	self::$config = new OIDplusConfig();
2	daniel-mar	206	}
263	daniel-mar	207
		208	if ($first_init) {
		209	// These are important settings for base functionalities and therefore are not inside plugins
		210	self::$config->prepareConfigKey('system_title', 'What is the name of your RA?', 'OIDplus 2.0', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
		211	if (empty($value)) {
360	daniel-mar	212	throw new OIDplusException(_L('Please enter a value for the system title.'));
263	daniel-mar	213	}
		214	});
		215	self::$config->prepareConfigKey('admin_email', 'E-Mail address of the system administrator', '', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
		216	if (!empty($value) && !OIDplus::mailUtils()->validMailAddress($value)) {
360	daniel-mar	217	throw new OIDplusException(_L('This is not a correct email address'));
263	daniel-mar	218	}
		219	});
875	daniel-mar	220	self::$config->prepareConfigKey('global_cc', 'Global CC for all outgoing emails?', '', OIDplusConfig::PROTECTION_EDITABLE, function(&$value) {
		221	$value = trim($value);
		222	if ($value === '') return;
		223	$addrs = explode(';', $value);
		224	foreach ($addrs as $addr) {
		225	$addr = trim($addr);
		226	if (!empty($addr) && !OIDplus::mailUtils()->validMailAddress($addr)) {
		227	throw new OIDplusException(_L('%1 is not a correct email address',$addr));
		228	}
263	daniel-mar	229	}
		230	});
875	daniel-mar	231	self::$config->prepareConfigKey('global_bcc', 'Global BCC for all outgoing emails?', '', OIDplusConfig::PROTECTION_EDITABLE, function(&$value) {
		232	$value = trim($value);
		233	if ($value === '') return;
		234	$addrs = explode(';', $value);
		235	foreach ($addrs as $addr) {
		236	$addr = trim($addr);
		237	if (!empty($addr) && !OIDplus::mailUtils()->validMailAddress($addr)) {
		238	throw new OIDplusException(_L('%1 is not a correct email address',$addr));
		239	}
		240	}
		241	});
263	daniel-mar	242	self::$config->prepareConfigKey('objecttypes_initialized', 'List of object type plugins that were initialized once', '', OIDplusConfig::PROTECTION_READONLY, function($value) {
		243	// Nothing here yet
		244	});
		245	self::$config->prepareConfigKey('objecttypes_enabled', 'Enabled object types and their order, separated with a semicolon (please reload the page so that the change is applied)', '', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
1050	daniel-mar	246	// TODO: when objecttypes_enabled is changed at the admin control panel, we need to do a reload of the page, so that jsTree will be updated. Is there anything we can do?
263	daniel-mar	247
		248	$ary = explode(';',$value);
		249	$uniq_ary = array_unique($ary);
		250
		251	if (count($ary) != count($uniq_ary)) {
360	daniel-mar	252	throw new OIDplusException(_L('Please check your input. Some object types are double.'));
263	daniel-mar	253	}
		254
		255	foreach ($ary as $ot_check) {
		256	$ns_found = false;
		257	foreach (OIDplus::getEnabledObjectTypes() as $ot) {
		258	if ($ot::ns() == $ot_check) {
		259	$ns_found = true;
		260	break;
		261	}
		262	}
		263	foreach (OIDplus::getDisabledObjectTypes() as $ot) {
		264	if ($ot::ns() == $ot_check) {
		265	$ns_found = true;
		266	break;
		267	}
		268	}
		269	if (!$ns_found) {
360	daniel-mar	270	throw new OIDplusException(_L('Please check your input. Namespace "%1" is not found',$ot_check));
263	daniel-mar	271	}
		272	}
		273	});
		274	self::$config->prepareConfigKey('oidplus_private_key', 'Private key for this system', '', OIDplusConfig::PROTECTION_HIDDEN, function($value) {
		275	// Nothing here yet
		276	});
		277	self::$config->prepareConfigKey('oidplus_public_key', 'Public key for this system. If you "clone" your system, you must delete this key (e.g. using phpMyAdmin), so that a new one is created.', '', OIDplusConfig::PROTECTION_READONLY, function($value) {
		278	// Nothing here yet
		279	});
324	daniel-mar	280	self::$config->prepareConfigKey('last_known_system_url', 'Last known System URL', '', OIDplusConfig::PROTECTION_HIDDEN, function($value) {
		281	// Nothing here yet
		282	});
412	daniel-mar	283	self::$config->prepareConfigKey('last_known_version', 'Last known OIDplus Version', '', OIDplusConfig::PROTECTION_HIDDEN, function($value) {
		284	// Nothing here yet
		285	});
1088	daniel-mar	286	self::$config->prepareConfigKey('default_ra_auth_method', 'Default auth method used for generating password of RAs (must exist in plugins/[vendorname]/auth/)? Empty = OIDplus decides.', '', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
		287	if (trim($value) === '') return; // OIDplus decides
		288
453	daniel-mar	289	$good = true;
		290	if (strpos($value,'/') !== false) $good = false;
		291	if (strpos($value,'\\') !== false) $good = false;
		292	if (strpos($value,'..') !== false) $good = false;
		293	if (!$good) {
		294	throw new OIDplusException(_L('Invalid auth plugin folder name. Do only enter a folder name, not an absolute or relative path'));
		295	}
		296
1099	daniel-mar	297	OIDplus::checkRaAuthPluginAvailable($value, true);
453	daniel-mar	298	});
263	daniel-mar	299	}
		300
		301	return self::$config;
2	daniel-mar	302	}
		303
263	daniel-mar	304	private static $gui = null;
2	daniel-mar	305	public static function gui() {
263	daniel-mar	306	if (is_null(self::$gui)) {
		307	self::$gui = new OIDplusGui();
86	daniel-mar	308	}
263	daniel-mar	309	return self::$gui;
2	daniel-mar	310	}
		311
263	daniel-mar	312	private static $authUtils = null;
2	daniel-mar	313	public static function authUtils() {
263	daniel-mar	314	if (is_null(self::$authUtils)) {
		315	self::$authUtils = new OIDplusAuthUtils();
86	daniel-mar	316	}
263	daniel-mar	317	return self::$authUtils;
2	daniel-mar	318	}
		319
263	daniel-mar	320	private static $mailUtils = null;
250	daniel-mar	321	public static function mailUtils() {
263	daniel-mar	322	if (is_null(self::$mailUtils)) {
		323	self::$mailUtils = new OIDplusMailUtils();
250	daniel-mar	324	}
263	daniel-mar	325	return self::$mailUtils;
250	daniel-mar	326	}
		327
557	daniel-mar	328	private static $cookieUtils = null;
		329	public static function cookieUtils() {
		330	if (is_null(self::$cookieUtils)) {
		331	self::$cookieUtils = new OIDplusCookieUtils();
		332	}
		333	return self::$cookieUtils;
		334	}
		335
263	daniel-mar	336	private static $menuUtils = null;
250	daniel-mar	337	public static function menuUtils() {
263	daniel-mar	338	if (is_null(self::$menuUtils)) {
		339	self::$menuUtils = new OIDplusMenuUtils();
250	daniel-mar	340	}
263	daniel-mar	341	return self::$menuUtils;
250	daniel-mar	342	}
		343
263	daniel-mar	344	private static $logger = null;
115	daniel-mar	345	public static function logger() {
263	daniel-mar	346	if (is_null(self::$logger)) {
		347	self::$logger = new OIDplusLogger();
115	daniel-mar	348	}
263	daniel-mar	349	return self::$logger;
115	daniel-mar	350	}
		351
1050	daniel-mar	352	// --- SQL slang plugin
274	daniel-mar	353
1112	daniel-mar	354	/**
		355	* @return void
		356	*/
274	daniel-mar	357	private static function registerSqlSlangPlugin(OIDplusSqlSlangPlugin $plugin) {
		358	$name = $plugin::id();
		359
1112	daniel-mar	360	if ($name === '') {
		361	throw new OIDplusException(_L('Plugin %1 cannot be registered because it does not return a valid ID', $plugin->getPluginDirectory()));
		362	}
		363
449	daniel-mar	364	if (isset(self::$sqlSlangPlugins[$name])) {
451	daniel-mar	365	$plugintype_hf = _L('SQL slang');
592	daniel-mar	366	throw new OIDplusException(_L('Multiple %1 plugins use the ID %2', $plugintype_hf, $name));
449	daniel-mar	367	}
		368
274	daniel-mar	369	self::$sqlSlangPlugins[$name] = $plugin;
		370	}
		371
		372	public static function getSqlSlangPlugins() {
		373	return self::$sqlSlangPlugins;
		374	}
		375
318	daniel-mar	376	public static function getSqlSlangPlugin($id)/: ?OIDplusSqlSlangPlugin/ {
		377	if (isset(self::$sqlSlangPlugins[$id])) {
		378	return self::$sqlSlangPlugins[$id];
		379	} else {
		380	return null;
		381	}
		382	}
		383
1050	daniel-mar	384	// --- Database plugin
74	daniel-mar	385
1112	daniel-mar	386	/**
		387	* @return void
		388	*/
227	daniel-mar	389	private static function registerDatabasePlugin(OIDplusDatabasePlugin $plugin) {
275	daniel-mar	390	$name = $plugin::id();
150	daniel-mar	391
1112	daniel-mar	392	if ($name === '') {
		393	throw new OIDplusException(_L('Plugin %1 cannot be registered because it does not return a valid ID', $plugin->getPluginDirectory()));
		394	}
		395
449	daniel-mar	396	if (isset(self::$dbPlugins[$name])) {
		397	$plugintype_hf = _L('Database');
592	daniel-mar	398	throw new OIDplusException(_L('Multiple %1 plugins use the ID %2', $plugintype_hf, $name));
449	daniel-mar	399	}
		400
150	daniel-mar	401	self::$dbPlugins[$name] = $plugin;
		402	}
		403
		404	public static function getDatabasePlugins() {
		405	return self::$dbPlugins;
		406	}
		407
295	daniel-mar	408	public static function getActiveDatabasePlugin() {
702	daniel-mar	409	$db_plugin_name = OIDplus::baseConfig()->getValue('DATABASE_PLUGIN','');
		410	if ($db_plugin_name === '') {
360	daniel-mar	411	throw new OIDplusConfigInitializationException(_L('No database plugin selected in config file'));
260	daniel-mar	412	}
1016	daniel-mar	413	foreach (self::$dbPlugins as $name => $plugin) {
		414	if (strtolower($name) == strtolower($db_plugin_name)) {
		415	return $plugin;
		416	}
227	daniel-mar	417	}
1016	daniel-mar	418	throw new OIDplusConfigInitializationException(_L('Database plugin "%1" not found',$db_plugin_name));
227	daniel-mar	419	}
		420
295	daniel-mar	421	private static $dbMainSession = null;
		422	public static function db() {
		423	if (is_null(self::$dbMainSession)) {
		424	self::$dbMainSession = self::getActiveDatabasePlugin()->newConnection();
		425	}
		426	if (!self::$dbMainSession->isConnected()) self::$dbMainSession->connect();
		427	return self::$dbMainSession;
		428	}
		429
		430	private static $dbIsolatedSession = null;
		431	public static function dbIsolated() {
		432	if (is_null(self::$dbIsolatedSession)) {
		433	self::$dbIsolatedSession = self::getActiveDatabasePlugin()->newConnection();
		434	}
		435	if (!self::$dbIsolatedSession->isConnected()) self::$dbIsolatedSession->connect();
		436	return self::$dbIsolatedSession;
		437	}
		438
1050	daniel-mar	439	// --- CAPTCHA plugin
702	daniel-mar	440
1112	daniel-mar	441	/**
		442	* @return void
		443	*/
702	daniel-mar	444	private static function registerCaptchaPlugin(OIDplusCaptchaPlugin $plugin) {
		445	$name = $plugin::id();
		446
1112	daniel-mar	447	if ($name === '') {
		448	throw new OIDplusException(_L('Plugin %1 cannot be registered because it does not return a valid ID', $plugin->getPluginDirectory()));
		449	}
		450
702	daniel-mar	451	if (isset(self::$captchaPlugins[$name])) {
		452	$plugintype_hf = _L('CAPTCHA');
		453	throw new OIDplusException(_L('Multiple %1 plugins use the ID %2', $plugintype_hf, $name));
		454	}
		455
		456	self::$captchaPlugins[$name] = $plugin;
		457	}
		458
		459	public static function getCaptchaPlugins() {
		460	return self::$captchaPlugins;
		461	}
		462
704	daniel-mar	463	public static function getActiveCaptchaPluginId() {
702	daniel-mar	464	$captcha_plugin_name = OIDplus::baseConfig()->getValue('CAPTCHA_PLUGIN', '');
		465
		466	if (OIDplus::baseConfig()->getValue('RECAPTCHA_ENABLED', false) && ($captcha_plugin_name === '')) {
		467	// Legacy config file support!
1016	daniel-mar	468	$captcha_plugin_name = 'reCAPTCHA';
702	daniel-mar	469	}
		470
704	daniel-mar	471	if ($captcha_plugin_name === '') $captcha_plugin_name = 'None'; // the "None" plugin is a must-have!
702	daniel-mar	472
704	daniel-mar	473	return $captcha_plugin_name;
		474	}
		475
		476	public static function getActiveCaptchaPlugin() {
		477	$captcha_plugin_name = OIDplus::getActiveCaptchaPluginId();
1016	daniel-mar	478	foreach (self::$captchaPlugins as $name => $plugin) {
		479	if (strtolower($name) == strtolower($captcha_plugin_name)) {
		480	return $plugin;
		481	}
702	daniel-mar	482	}
1016	daniel-mar	483	throw new OIDplusConfigInitializationException(_L('CAPTCHA plugin "%1" not found',$captcha_plugin_name));
702	daniel-mar	484	}
		485
1050	daniel-mar	486	// --- Page plugin
227	daniel-mar	487
1112	daniel-mar	488	/**
		489	* @return void
		490	*/
224	daniel-mar	491	private static function registerPagePlugin(OIDplusPagePlugin $plugin) {
281	daniel-mar	492	self::$pagePlugins[] = $plugin;
61	daniel-mar	493	}
		494
281	daniel-mar	495	public static function getPagePlugins() {
		496	return self::$pagePlugins;
61	daniel-mar	497	}
		498
1050	daniel-mar	499	// --- Auth plugin
227	daniel-mar	500
1088	daniel-mar	501	public static function getAuthPluginByFoldername($foldername)/: ?OIDplusAuthPlugin/ {
		502	$plugins = OIDplus::getAuthPlugins();
		503	foreach ($plugins as $plugin) {
		504	if (basename($plugin->getPluginDirectory()) === $foldername) {
		505	return $plugin;
		506	}
		507	}
		508	return null;
		509	}
		510
1099	daniel-mar	511	private static function checkRaAuthPluginAvailable($plugin_foldername, $must_hash) {
1088	daniel-mar	512	// if (!wildcard_is_dir(OIDplus::localpath().'plugins/'.'*'.'/auth/'.$plugin_foldername)) {
		513	$plugin = OIDplus::getAuthPluginByFoldername($plugin_foldername);
		514	if (is_null($plugin)) {
		515	throw new OIDplusException(_L('The auth plugin "%1" does not exist in plugin directory %2',$plugin_foldername,'plugins/[vendorname]/auth/'));
		516	}
		517
		518	$reason = '';
1099	daniel-mar	519	if (!$plugin->availableForVerify($reason)) {
		520	throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for password verification on this system.',$plugin_foldername).' '.$reason));
1088	daniel-mar	521	}
1099	daniel-mar	522	if ($must_hash && !$plugin->availableForHash($reason)) {
		523	throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for hashing on this system.',$plugin_foldername).' '.$reason));
		524	}
1088	daniel-mar	525	}
		526
1099	daniel-mar	527	public static function getDefaultRaAuthPlugin($must_hash)/: OIDplusAuthPlugin/ {
1088	daniel-mar	528	// 1. Priority: Use the auth plugin the user prefers
		529	$def_plugin_foldername = OIDplus::config()->getValue('default_ra_auth_method');
		530	if (trim($def_plugin_foldername) !== '') {
1099	daniel-mar	531	OIDplus::checkRaAuthPluginAvailable($def_plugin_foldername, $must_hash);
1088	daniel-mar	532	$plugin = OIDplus::getAuthPluginByFoldername($def_plugin_foldername);
		533	return $plugin;
		534	}
		535
		536	// 2. Priority: If empty (i.e. OIDplus may decide), choose the best ViaThinkSoft plugin that is supported on this system
		537	$preferred_auth_plugins = array(
1099	daniel-mar	538	// Sorted by preference
		539	'A4_argon2', // usually Salted Argon2id
		540	'A3_bcrypt', // usually Salted BCrypt
		541	'A5_vts_mcf', // usually SHA3-512-HMAC
		542	'A6_crypt' // usually Salted SHA512 with 5000 rounds
1088	daniel-mar	543	);
		544	foreach ($preferred_auth_plugins as $plugin_foldername) {
		545	$plugin = OIDplus::getAuthPluginByFoldername($plugin_foldername);
		546	if (is_null($plugin)) continue;
		547
		548	$reason = '';
1099	daniel-mar	549	if (!$plugin->availableForHash($reason)) continue;
		550	if ($must_hash && !$plugin->availableForVerify($reason)) continue;
1088	daniel-mar	551	return $plugin;
		552	}
		553
		554	// 3. Priority: If nothing found, take the first found plugin
		555	$plugins = OIDplus::getAuthPlugins();
1099	daniel-mar	556	foreach ($plugins as $plugin) {
		557	$reason = '';
		558	if (!$plugin->availableForHash($reason)) continue;
		559	if ($must_hash && !$plugin->availableForVerify($reason)) continue;
		560	return $plugin;
1088	daniel-mar	561	}
		562
		563	// 4. Priority: We must deny the creation of the password because we have no auth plugin!
		564	throw new OIDplusException(_L('Could not find a fitting auth plugin!'));
		565	}
		566
1112	daniel-mar	567	/**
		568	* @return void
		569	*/
227	daniel-mar	570	private static function registerAuthPlugin(OIDplusAuthPlugin $plugin) {
1089	daniel-mar	571	$reason = '';
1099	daniel-mar	572	if (OIDplus::baseConfig()->getValue('DEBUG') && $plugin->availableForHash($reason) && $plugin->availableForVerify($reason)) {
456	daniel-mar	573	$password = generateRandomString(25);
459	daniel-mar	574
461	daniel-mar	575	try {
		576	$authInfo = $plugin->generate($password);
		577	} catch (OIDplusException $e) {
1090	daniel-mar	578	// This can happen when the AuthKey is too long for the database field
1088	daniel-mar	579	// Note: The constructor and setters of OIDplusRAAuthInfo() already check for length and null/false values.
461	daniel-mar	580	throw new OIDplusException(_L('Auth plugin "%1" is erroneous: %2',basename($plugin->getPluginDirectory()),$e->getMessage()));
		581	}
1088	daniel-mar	582
461	daniel-mar	583	$authKey = $authInfo->getAuthKey();
459	daniel-mar	584
461	daniel-mar	585	$authInfo_AuthKeyDiff = clone $authInfo;
		586	$authInfo_AuthKeyDiff->setAuthKey(strrev($authInfo_AuthKeyDiff->getAuthKey()));
		587
		588	if ((!$plugin->verify($authInfo,$password)) \|\|
		589	($plugin->verify($authInfo_AuthKeyDiff,$password)) \|\|
		590	($plugin->verify($authInfo,$password.'x'))) {
1088	daniel-mar	591	throw new OIDplusException(_L('Auth plugin "%1" is erroneous: Generate/Verify self-test failed',basename($plugin->getPluginDirectory())));
456	daniel-mar	592	}
453	daniel-mar	593	}
		594
227	daniel-mar	595	self::$authPlugins[] = $plugin;
		596	}
		597
221	daniel-mar	598	public static function getAuthPlugins() {
		599	return self::$authPlugins;
		600	}
		601
1050	daniel-mar	602	// --- Language plugin
355	daniel-mar	603
1112	daniel-mar	604	/**
		605	* @return void
		606	*/
355	daniel-mar	607	private static function registerLanguagePlugin(OIDplusLanguagePlugin $plugin) {
		608	self::$languagePlugins[] = $plugin;
		609	}
		610
		611	public static function getLanguagePlugins() {
		612	return self::$languagePlugins;
		613	}
		614
1050	daniel-mar	615	// --- Design plugin
449	daniel-mar	616
1112	daniel-mar	617	/**
		618	* @return void
		619	*/
449	daniel-mar	620	private static function registerDesignPlugin(OIDplusDesignPlugin $plugin) {
		621	self::$designPlugins[] = $plugin;
		622	}
		623
		624	public static function getDesignPlugins() {
		625	return self::$designPlugins;
		626	}
		627
819	daniel-mar	628	public static function getActiveDesignPlugin() {
		629	$plugins = OIDplus::getDesignPlugins();
		630	foreach ($plugins as $plugin) {
		631	if ((basename($plugin->getPluginDirectory())) == OIDplus::config()->getValue('design','default')) {
		632	return $plugin;
		633	}
		634	}
		635	return null;
		636	}
		637
1050	daniel-mar	638	// --- Logger plugin
289	daniel-mar	639
1112	daniel-mar	640	/**
		641	* @return void
		642	*/
289	daniel-mar	643	private static function registerLoggerPlugin(OIDplusLoggerPlugin $plugin) {
		644	self::$loggerPlugins[] = $plugin;
		645	}
		646
		647	public static function getLoggerPlugins() {
		648	return self::$loggerPlugins;
		649	}
		650
1050	daniel-mar	651	// --- Object type plugin
227	daniel-mar	652
1112	daniel-mar	653	/**
		654	* @return void
		655	*/
227	daniel-mar	656	private static function registerObjectTypePlugin(OIDplusObjectTypePlugin $plugin) {
		657	self::$objectTypePlugins[] = $plugin;
		658
		659	$ot = $plugin::getObjectTypeClassName();
		660	self::registerObjectType($ot);
		661	}
		662
1112	daniel-mar	663	/**
		664	* @return void
		665	*/
224	daniel-mar	666	private static function registerObjectType($ot) {
66	daniel-mar	667	$ns = $ot::ns();
860	daniel-mar	668	if (empty($ns)) throw new OIDplusException(_L('ObjectType plugin %1 is erroneous: Namespace must not be empty',$ot));
66	daniel-mar	669
860	daniel-mar	670	// Currently, we must enforce that namespaces in objectType plugins are lowercase, because prefilterQuery() makes all namespaces lowercase and the DBMS should be case-sensitive
		671	if ($ns != strtolower($ns)) throw new OIDplusException(_L('ObjectType plugin %1 is erroneous: Namespace %2 must be lower-case',$ot,$ns));
66	daniel-mar	672
860	daniel-mar	673	$root = $ot::root();
		674	if (!str_starts_with($root,$ns.':')) throw new OIDplusException(_L('ObjectType plugin %1 is erroneous: Root node (%2) is in wrong namespace (needs starts with %3)!',$ot,$root,$ns.':'));
		675
66	daniel-mar	676	$ns_found = false;
227	daniel-mar	677	foreach (array_merge(OIDplus::getEnabledObjectTypes(), OIDplus::getDisabledObjectTypes()) as $test_ot) {
66	daniel-mar	678	if ($test_ot::ns() == $ns) {
		679	$ns_found = true;
		680	break;
		681	}
		682	}
		683	if ($ns_found) {
360	daniel-mar	684	throw new OIDplusException(_L('Attention: Two objectType plugins use the same namespace "%1"!',$ns));
66	daniel-mar	685	}
		686
		687	$init = OIDplus::config()->getValue("objecttypes_initialized");
		688	$init_ary = empty($init) ? array() : explode(';', $init);
70	daniel-mar	689	$init_ary = array_map('trim', $init_ary);
66	daniel-mar	690
		691	$enabled = OIDplus::config()->getValue("objecttypes_enabled");
		692	$enabled_ary = empty($enabled) ? array() : explode(';', $enabled);
70	daniel-mar	693	$enabled_ary = array_map('trim', $enabled_ary);
66	daniel-mar	694
79	daniel-mar	695	$do_enable = false;
		696	if (in_array($ns, $enabled_ary)) {
447	daniel-mar	697	// If it is in the list of enabled object types, it is enabled (obviously)
79	daniel-mar	698	$do_enable = true;
		699	} else {
447	daniel-mar	700	if (!OIDplus::config()->getValue('oobe_objects_done')) {
		701	// If the OOBE wizard is NOT done, then just enable the "oid" object type by default
79	daniel-mar	702	$do_enable = $ns == 'oid';
		703	} else {
447	daniel-mar	704	// If the OOBE wizard was done (once), then
		705	// we will enable all object types which were never initialized
		706	// (i.e. a plugin folder was freshly added)
79	daniel-mar	707	$do_enable = !in_array($ns, $init_ary);
		708	}
		709	}
		710
		711	if ($do_enable) {
227	daniel-mar	712	self::$enabledObjectTypes[] = $ot;
		713	usort(self::$enabledObjectTypes, function($a, $b) {
66	daniel-mar	714	$enabled = OIDplus::config()->getValue("objecttypes_enabled");
		715	$enabled_ary = explode(';', $enabled);
		716
		717	$idx_a = array_search($a::ns(), $enabled_ary);
		718	$idx_b = array_search($b::ns(), $enabled_ary);
		719
1112	daniel-mar	720	if ($idx_a == $idx_b) return 0;
		721	return ($idx_a > $idx_b) ? +1 : -1;
66	daniel-mar	722	});
74	daniel-mar	723	} else {
		724	self::$disabledObjectTypes[] = $ot;
66	daniel-mar	725	}
		726
		727	if (!in_array($ns, $init_ary)) {
		728	// Was never initialized before, so we add it to the list of enabled object types once
		729
79	daniel-mar	730	if ($do_enable) {
		731	$enabled_ary[] = $ns;
672	daniel-mar	732	// Important: Don't validate the input, because the other object types might not be initialized yet! So use setValueNoCallback() instead setValue().
		733	OIDplus::config()->setValueNoCallback("objecttypes_enabled", implode(';', $enabled_ary));
79	daniel-mar	734	}
66	daniel-mar	735
		736	$init_ary[] = $ns;
		737	OIDplus::config()->setValue("objecttypes_initialized", implode(';', $init_ary));
		738	}
61	daniel-mar	739	}
		740
227	daniel-mar	741	public static function getObjectTypePlugins() {
		742	return self::$objectTypePlugins;
61	daniel-mar	743	}
		744
227	daniel-mar	745	public static function getObjectTypePluginsEnabled() {
		746	$res = array();
		747	foreach (self::$objectTypePlugins as $plugin) {
		748	$ot = $plugin::getObjectTypeClassName();
		749	if (in_array($ot, self::$enabledObjectTypes)) $res[] = $plugin;
		750	}
		751	return $res;
74	daniel-mar	752	}
		753
227	daniel-mar	754	public static function getObjectTypePluginsDisabled() {
		755	$res = array();
		756	foreach (self::$objectTypePlugins as $plugin) {
		757	$ot = $plugin::getObjectTypeClassName();
		758	if (in_array($ot, self::$disabledObjectTypes)) $res[] = $plugin;
74	daniel-mar	759	}
227	daniel-mar	760	return $res;
74	daniel-mar	761	}
		762
227	daniel-mar	763	public static function getEnabledObjectTypes() {
		764	return self::$enabledObjectTypes;
		765	}
74	daniel-mar	766
227	daniel-mar	767	public static function getDisabledObjectTypes() {
		768	return self::$disabledObjectTypes;
		769	}
74	daniel-mar	770
1050	daniel-mar	771	// --- Plugin handling functions
277	daniel-mar	772
320	daniel-mar	773	public static function getAllPlugins()/: array/ {
		774	$res = array();
		775	$res = array_merge($res, self::$pagePlugins);
		776	$res = array_merge($res, self::$authPlugins);
		777	$res = array_merge($res, self::$loggerPlugins);
		778	$res = array_merge($res, self::$objectTypePlugins);
		779	$res = array_merge($res, self::$dbPlugins);
702	daniel-mar	780	$res = array_merge($res, self::$captchaPlugins);
320	daniel-mar	781	$res = array_merge($res, self::$sqlSlangPlugins);
355	daniel-mar	782	$res = array_merge($res, self::$languagePlugins);
449	daniel-mar	783	$res = array_merge($res, self::$designPlugins);
320	daniel-mar	784	return $res;
		785	}
		786
321	daniel-mar	787	public static function getPluginByOid($oid)/: ?OIDplusPlugin/ {
320	daniel-mar	788	$plugins = self::getAllPlugins();
321	daniel-mar	789	foreach ($plugins as $plugin) {
		790	if (oid_dotnotation_equal($plugin->getManifest()->getOid(), $oid)) {
		791	return $plugin;
320	daniel-mar	792	}
		793	}
		794	return null;
		795	}
		796
380	daniel-mar	797	public static function getPluginByClassName($classname)/: ?OIDplusPlugin/ {
		798	$plugins = self::getAllPlugins();
		799	foreach ($plugins as $plugin) {
		800	if (get_class($plugin) === $classname) {
		801	return $plugin;
		802	}
		803	}
		804	return null;
277	daniel-mar	805	}
		806
594	daniel-mar	807	/**
1050	daniel-mar	808	* Checks if the plugin is disabled
		809	* @return boolean true if plugin is enabled, false if plugin is disabled
		810	* @throws OIDplusException if the class name or config file (disabled setting) does not contain a namespace
		811	*/
		812	private static function pluginCheckDisabled($class_name): bool {
		813	$path = explode('\\', $class_name);
		814
		815	if (count($path) == 1) {
		816	throw new OIDplusException(_L('Plugin "%1" is erroneous',$class_name).': '._L('The plugin uses no namespaces. The new version of OIDplus requires plugin class files to be in a namespace. Please notify your plugin author and ask for an update.'));
		817	}
		818
		819	$class_end = end($path);
		820	if (OIDplus::baseConfig()->getValue('DISABLE_PLUGIN_'.$class_end, false)) {
		821	throw new OIDplusConfigInitializationException(_L('Your base configuration file is outdated. Please change "%1" to "%2".','DISABLE_PLUGIN_'.$class_end,'DISABLE_PLUGIN_'.$class_name));
		822	}
		823
		824	if (OIDplus::baseConfig()->getValue('DISABLE_PLUGIN_'.$class_name, false)) {
		825	return false;
		826	}
		827
		828	return true;
		829	}
		830
		831	/**
594	daniel-mar	832	* @return array<OIDplusPluginManifest>\|array<string,array<string,OIDplusPluginManifest>>
		833	*/
693	daniel-mar	834	public static function getAllPluginManifests($pluginFolderMasks='*', $flat=true): array {
277	daniel-mar	835	$out = array();
279	daniel-mar	836	// Note: glob() will sort by default, so we do not need a page priority attribute.
		837	// So you just need to use a numeric plugin directory prefix (padded).
693	daniel-mar	838	$ary = array();
		839	foreach (explode(',',$pluginFolderMasks) as $pluginFolderMask) {
		840	$ary = array_merge($ary,glob(OIDplus::localpath().'plugins/'.''.'/'.$pluginFolderMask.'/'.''.'/manifest.xml'));
		841	}
646	daniel-mar	842
		843	// Sort the plugins by their type and name, as if they would be in a single vendor-folder!
		844	uasort($ary, function($a,$b) {
		845	if ($a == $b) return 0;
		846
		847	$ary = explode('/',$a);
		848	$bry = explode('/',$b);
		849
		850	// First sort by type (publicPage, auth, database, language, ...)
		851	$a_type = $ary[count($ary)-1-2];
		852	$b_type = $bry[count($bry)-1-2];
		853	if ($a_type < $b_type) return -1;
		854	if ($a_type > $b_type) return 1;
		855
		856	// Then sort by name (090_login, 100_whois, etc.)
		857	$a_name = $ary[count($ary)-1-1];
		858	$b_name = $bry[count($bry)-1-1];
		859	if ($a_name < $b_name) return -1;
		860	if ($a_name > $b_name) return 1;
		861
		862	// If it is still equal, then finally sort by vendorname
		863	$a_vendor = $ary[count($ary)-1-3];
		864	$b_vendor = $bry[count($bry)-1-3];
		865	if ($a_vendor < $b_vendor) return -1;
		866	if ($a_vendor > $b_vendor) return 1;
		867	return 0;
		868	});
		869
277	daniel-mar	870	foreach ($ary as $ini) {
		871	if (!file_exists($ini)) continue;
		872
307	daniel-mar	873	$manifest = new OIDplusPluginManifest();
		874	$manifest->loadManifest($ini);
277	daniel-mar	875
473	daniel-mar	876	$class_name = $manifest->getPhpMainClass();
1050	daniel-mar	877	if ($class_name) if (!self::pluginCheckDisabled($class_name)) continue;
473	daniel-mar	878
307	daniel-mar	879	if ($flat) {
		880	$out[] = $manifest;
		881	} else {
		882	$plugintype_folder = basename(dirname(dirname($ini)));
		883	$pluginname_folder = basename(dirname($ini));
		884
		885	if (!isset($out[$plugintype_folder])) $out[$plugintype_folder] = array();
		886	if (!isset($out[$plugintype_folder][$pluginname_folder])) $out[$plugintype_folder][$pluginname_folder] = array();
		887	$out[$plugintype_folder][$pluginname_folder] = $manifest;
		888	}
277	daniel-mar	889	}
		890	return $out;
		891	}
		892
594	daniel-mar	893	/**
		894	* @return array<string>
		895	*/
277	daniel-mar	896	public static function registerAllPlugins($pluginDirName, $expectedPluginClass, $registerCallback): array {
		897	$out = array();
525	daniel-mar	898	if (is_array($pluginDirName)) {
		899	$ary = array();
		900	foreach ($pluginDirName as $pluginDirName_) {
		901	$ary = array_merge($ary, self::getAllPluginManifests($pluginDirName_, false));
		902	}
		903	} else {
		904	$ary = self::getAllPluginManifests($pluginDirName, false);
		905	}
320	daniel-mar	906	$known_plugin_oids = array();
456	daniel-mar	907	if (OIDplus::baseConfig()->getValue('DEBUG')) {
		908	$fake_feature = uuid_to_oid(gen_uuid());
588	daniel-mar	909	} else {
		910	$fake_feature = null;
456	daniel-mar	911	}
277	daniel-mar	912	foreach ($ary as $plugintype_folder => $bry) {
438	daniel-mar	913	foreach ($bry as $pluginname_folder => $manifest) {
		914	$class_name = $manifest->getPhpMainClass();
		915
		916	// Before we load the plugin, we want to make some checks to confirm
		917	// that the plugin is working correctly.
		918
307	daniel-mar	919	if (!$class_name) {
1050	daniel-mar	920	throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('Manifest does not declare a PHP main class'));
277	daniel-mar	921	}
1050	daniel-mar	922	if (!self::pluginCheckDisabled($class_name)) {
		923	continue; // Plugin is disabled
297	daniel-mar	924	}
1072	daniel-mar	925
		926	// Do some basic checks on the plugin PHP main class
292	daniel-mar	927	if (!class_exists($class_name)) {
1050	daniel-mar	928	throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('Manifest declares PHP main class as "%1", but it could not be found',$class_name));
292	daniel-mar	929	}
279	daniel-mar	930	if (!is_subclass_of($class_name, $expectedPluginClass)) {
1050	daniel-mar	931	throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('Plugin main class "%1" is expected to be a subclass of "%2"',$class_name,$expectedPluginClass));
279	daniel-mar	932	}
438	daniel-mar	933	if (($class_name!=$manifest->getTypeClass()) && (!is_subclass_of($class_name,$manifest->getTypeClass()))) {
1050	daniel-mar	934	throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('Plugin main class "%1" is expected to be a subclass of "%2", according to type declared in manifest',$class_name,$manifest->getTypeClass()));
308	daniel-mar	935	}
438	daniel-mar	936	if (($manifest->getTypeClass()!=$expectedPluginClass) && (!is_subclass_of($manifest->getTypeClass(),$expectedPluginClass))) {
1050	daniel-mar	937	throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('Class declared in manifest is "%1" does not fit expected class for this plugin type "%2"',$manifest->getTypeClass(),$expectedPluginClass));
308	daniel-mar	938	}
		939
1072	daniel-mar	940	// Do some basic checks on the plugin OID
438	daniel-mar	941	$plugin_oid = $manifest->getOid();
320	daniel-mar	942	if (!$plugin_oid) {
1050	daniel-mar	943	throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('Does not have an OID'));
320	daniel-mar	944	}
		945	if (!oid_valid_dotnotation($plugin_oid, false, false, 2)) {
1050	daniel-mar	946	throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('Plugin OID "%1" is invalid (needs to be valid dot-notation)',$plugin_oid));
320	daniel-mar	947	}
		948	if (isset($known_plugin_oids[$plugin_oid])) {
1050	daniel-mar	949	throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('The OID "%1" is already used by the plugin "%2"',$plugin_oid,$known_plugin_oids[$plugin_oid]));
320	daniel-mar	950	}
646	daniel-mar	951
1072	daniel-mar	952	// Additional check: Are third-party plugins using ViaThinkSoft plugin folders, OIDs or class namespaces?
632	daniel-mar	953	$full_plugin_dir = dirname($manifest->getManifestFile());
		954	$full_plugin_dir = substr($full_plugin_dir, strlen(OIDplus::localpath()));
988	daniel-mar	955	$dir_is_viathinksoft = str_starts_with($full_plugin_dir, 'plugins/viathinksoft/') \|\| str_starts_with($full_plugin_dir, 'plugins\\viathinksoft\\');
		956	$oid_is_viathinksoft = str_starts_with($plugin_oid, '1.3.6.1.4.1.37476.2.5.2.4.'); // { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 37476 products(2) oidplus(5) v2(2) plugins(4) }
1050	daniel-mar	957	$class_is_viathinksoft = str_starts_with($class_name, 'ViaThinkSoft\\');
1072	daniel-mar	958	if ($oid_is_viathinksoft != $class_is_viathinksoft) {
		959	throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('Third-party plugins must not use the ViaThinkSoft PHP namespace. Please use your own vendor namespace.'));
		960	}
		961	$plugin_is_viathinksoft = $oid_is_viathinksoft && $class_is_viathinksoft;
		962	if ($dir_is_viathinksoft != $plugin_is_viathinksoft) {
1050	daniel-mar	963	throw new OIDplusException(_L('Plugin "%1" is misplaced',$plugintype_folder.'/'.$pluginname_folder).': '._L('The plugin is in the wrong folder. The folder %1 can only be used by official ViaThinkSoft plugins','plugins/viathinksoft/'));
632	daniel-mar	964	}
1072	daniel-mar	965
		966	// Additional check: does the plugin define JS/CSS although it is not an interactive plugin type?
		967	$has_js = $manifest->getJSFiles();
		968	$has_css = $manifest->getCSSFiles();
		969	$is_interactive = in_array(basename($plugintype_folder), OIDplus::INTERACTIVE_PLUGIN_TYPES);
		970	$is_design = basename($plugintype_folder) === 'design';
		971	if (!$is_interactive && $has_js) {
		972	throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('%1 files are included in the manifest XML, but this plugin type does not allow such files.','JavaScript'));
1050	daniel-mar	973	}
1072	daniel-mar	974	if (!$is_interactive && !$is_design && $has_css) {
		975	throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('%1 files are included in the manifest XML, but this plugin type does not allow such files.','CSS'));
		976	}
320	daniel-mar	977
1072	daniel-mar	978	// Additional check: Check "Setup CSS" and "Setup JS" (Allowed for plugin types: database, captcha)
		979	$has_js_setup = $manifest->getJSFilesSetup();
		980	$has_css_setup = $manifest->getCSSFilesSetup();
		981	$is_database = basename($plugintype_folder) === 'database';
		982	$is_captcha = basename($plugintype_folder) === 'captcha';
		983	if (!$is_database && !$is_captcha && $has_js_setup) {
		984	throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('%1 files are included in the manifest XML, but this plugin type does not allow such files.','Setup JavaScript'));
		985	}
		986	if (!$is_database && !$is_captcha && $has_css_setup) {
		987	throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('%1 files are included in the manifest XML, but this plugin type does not allow such files.','Setup CSS'));
		988	}
632	daniel-mar	989
1072	daniel-mar	990	// Additional check: Are all CSS/JS files there?
		991	$tmp = $manifest->getManifestLinkedFiles();
		992	foreach ($tmp as $file) {
		993	if (!file_exists($file)) {
		994	throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('File %1 was defined in manifest, but it is not existing',$file));
		995	}
		996	}
		997
		998	// For the next check, we need an instance of the object
438	daniel-mar	999	$obj = new $class_name();
456	daniel-mar	1000
1072	daniel-mar	1001	// Additional check: Does the plugin misuse implementsFeature()?
		1002	// This is not enabled b default, because the GUID generation is slow on some machines.
		1003	// Also, it is very unlikely that someone misuses implementsFeature().
456	daniel-mar	1004	if (OIDplus::baseConfig()->getValue('DEBUG')) {
		1005	if ($obj->implementsFeature($fake_feature)) {
		1006	// see https://devblogs.microsoft.com/oldnewthing/20040211-00/?p=40663
1050	daniel-mar	1007	throw new OIDplusException(_L('Plugin "%1" is erroneous',$plugintype_folder.'/'.$pluginname_folder).': '._L('implementsFeature() always returns true'));
456	daniel-mar	1008	}
438	daniel-mar	1009	}
		1010
		1011	// Now we can continue
1072	daniel-mar	1012	$known_plugin_oids[$plugin_oid] = $plugintype_folder.'/'.$pluginname_folder;
279	daniel-mar	1013	$out[] = $class_name;
		1014	if (!is_null($registerCallback)) {
438	daniel-mar	1015	call_user_func($registerCallback, $obj);
444	daniel-mar	1016
		1017	// Alternative approaches:
		1018	//$registerCallback[0]::{$registerCallback[1]}($obj);
		1019	// or:
		1020	//forward_static_call($registerCallback, $obj);
279	daniel-mar	1021	}
277	daniel-mar	1022	}
		1023
		1024	}
		1025	return $out;
		1026	}
		1027
1050	daniel-mar	1028	// --- Initialization of OIDplus
206	daniel-mar	1029
374	daniel-mar	1030	public static function init($html=true, $keepBaseConfig=true) {
236	daniel-mar	1031	self::$html = $html;
		1032
263	daniel-mar	1033	// Reset internal state, so we can re-init verything if required
274	daniel-mar	1034
263	daniel-mar	1035	self::$config = null;
374	daniel-mar	1036	if (!$keepBaseConfig) self::$baseConfig = null; // for test cases we need to be able to control base config and setting values manually, so $keepBaseConfig needs to be true
263	daniel-mar	1037	self::$gui = null;
		1038	self::$authUtils = null;
		1039	self::$mailUtils = null;
		1040	self::$menuUtils = null;
		1041	self::$logger = null;
295	daniel-mar	1042	self::$dbMainSession = null;
		1043	self::$dbIsolatedSession = null;
263	daniel-mar	1044	self::$pagePlugins = array();
		1045	self::$authPlugins = array();
289	daniel-mar	1046	self::$loggerPlugins = array();
263	daniel-mar	1047	self::$objectTypePlugins = array();
		1048	self::$enabledObjectTypes = array();
		1049	self::$disabledObjectTypes = array();
		1050	self::$dbPlugins = array();
702	daniel-mar	1051	self::$captchaPlugins = array();
274	daniel-mar	1052	self::$sqlSlangPlugins = array();
355	daniel-mar	1053	self::$languagePlugins = array();
449	daniel-mar	1054	self::$designPlugins = array();
263	daniel-mar	1055	self::$system_id_cache = null;
		1056	self::$sslAvailableCache = null;
468	daniel-mar	1057	self::$translationArray = array();
74	daniel-mar	1058
263	daniel-mar	1059	// Continue...
		1060
294	daniel-mar	1061	OIDplus::baseConfig(); // this loads the base configuration located in userdata/baseconfig/config.inc.php (once!)
263	daniel-mar	1062	// You can do changes to the configuration afterwards using OIDplus::baseConfig()->...
		1063
150	daniel-mar	1064	// Register database types (highest priority)
		1065
274	daniel-mar	1066	// SQL slangs
		1067
1050	daniel-mar	1068	self::registerAllPlugins('sqlSlang', OIDplusSqlSlangPlugin::class, array(OIDplus::class,'registerSqlSlangPlugin'));
274	daniel-mar	1069	foreach (OIDplus::getSqlSlangPlugins() as $plugin) {
		1070	$plugin->init($html);
		1071	}
		1072
		1073	// Database providers
		1074
1050	daniel-mar	1075	self::registerAllPlugins('database', OIDplusDatabasePlugin::class, array(OIDplus::class,'registerDatabasePlugin'));
237	daniel-mar	1076	foreach (OIDplus::getDatabasePlugins() as $plugin) {
		1077	$plugin->init($html);
		1078	}
		1079
42	daniel-mar	1080	// Do redirect stuff etc.
74	daniel-mar	1081
230	daniel-mar	1082	self::isSslAvailable(); // This function does automatic redirects
61	daniel-mar	1083
263	daniel-mar	1084	// Construct the configuration manager
66	daniel-mar	1085
263	daniel-mar	1086	OIDplus::config(); // During the construction, various system settings are prepared if required
66	daniel-mar	1087
74	daniel-mar	1088	// Initialize public / private keys
		1089
227	daniel-mar	1090	OIDplus::getPkiStatus(true);
74	daniel-mar	1091
237	daniel-mar	1092	// Register non-DB plugins
74	daniel-mar	1093
1050	daniel-mar	1094	self::registerAllPlugins(array('publicPages', 'raPages', 'adminPages'), OIDplusPagePlugin::class, array(OIDplus::class,'registerPagePlugin'));
		1095	self::registerAllPlugins('auth', OIDplusAuthPlugin::class, array(OIDplus::class,'registerAuthPlugin'));
		1096	self::registerAllPlugins('logger', OIDplusLoggerPlugin::class, array(OIDplus::class,'registerLoggerPlugin'));
825	daniel-mar	1097	OIDplusLogger::reLogMissing(); // Some previous plugins might have tried to log. Repeat that now.
1050	daniel-mar	1098	self::registerAllPlugins('objectTypes', OIDplusObjectTypePlugin::class, array(OIDplus::class,'registerObjectTypePlugin'));
		1099	self::registerAllPlugins('language', OIDplusLanguagePlugin::class, array(OIDplus::class,'registerLanguagePlugin'));
		1100	self::registerAllPlugins('design', OIDplusDesignPlugin::class, array(OIDplus::class,'registerDesignPlugin'));
		1101	self::registerAllPlugins('captcha', OIDplusCaptchaPlugin::class, array(OIDplus::class,'registerCaptchaPlugin'));
150	daniel-mar	1102
237	daniel-mar	1103	// Initialize non-DB plugins
224	daniel-mar	1104
281	daniel-mar	1105	foreach (OIDplus::getPagePlugins() as $plugin) {
74	daniel-mar	1106	$plugin->init($html);
		1107	}
230	daniel-mar	1108	foreach (OIDplus::getAuthPlugins() as $plugin) {
		1109	$plugin->init($html);
		1110	}
289	daniel-mar	1111	foreach (OIDplus::getLoggerPlugins() as $plugin) {
		1112	$plugin->init($html);
		1113	}
230	daniel-mar	1114	foreach (OIDplus::getObjectTypePlugins() as $plugin) {
		1115	$plugin->init($html);
		1116	}
355	daniel-mar	1117	foreach (OIDplus::getLanguagePlugins() as $plugin) {
		1118	$plugin->init($html);
		1119	}
449	daniel-mar	1120	foreach (OIDplus::getDesignPlugins() as $plugin) {
		1121	$plugin->init($html);
		1122	}
778	daniel-mar	1123	foreach (OIDplus::getCaptchaPlugins() as $plugin) {
		1124	$plugin->init($html);
		1125	}
412	daniel-mar	1126
778	daniel-mar	1127	if (PHP_SAPI != 'cli') {
		1128
		1129	// Prepare some security related response headers (default values)
		1130
		1131	$content_language =
		1132	strtolower(substr(OIDplus::getCurrentLang(),0,2)) . '-' .
		1133	strtoupper(substr(OIDplus::getCurrentLang(),2,2)); // e.g. 'en-US'
		1134
		1135	$http_headers = array(
		1136	"X-Content-Type-Options" => "nosniff",
		1137	"X-XSS-Protection" => "1; mode=block",
		1138	"X-Frame-Options" => "SAMEORIGIN",
		1139	"Referrer-Policy" => array(
		1140	"no-referrer-when-downgrade"
		1141	),
		1142	"Cache-Control" => array(
		1143	"no-cache",
		1144	"no-store",
		1145	"must-revalidate"
		1146	),
		1147	"Pragma" => "no-cache",
		1148	"Content-Language" => $content_language,
		1149	"Expires" => "0",
		1150	"Content-Security-Policy" => array(
1001	daniel-mar	1151	// see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
		1152
		1153	// --- Fetch directives ---
		1154	"child-src" => array(
		1155	"'self'",
		1156	"blob:"
		1157	),
		1158	"connect-src" => array(
		1159	"'self'",
		1160	"blob:"
		1161	),
778	daniel-mar	1162	"default-src" => array(
		1163	"'self'",
		1164	"blob:",
		1165	"https://cdnjs.cloudflare.com/"
		1166	),
1001	daniel-mar	1167	"font-src" => array(
778	daniel-mar	1168	"'self'",
1001	daniel-mar	1169	"blob:"
778	daniel-mar	1170	),
1001	daniel-mar	1171	"frame-src" => array(
		1172	"'self'",
		1173	"blob:"
		1174	),
778	daniel-mar	1175	"img-src" => array(
1001	daniel-mar	1176	"blob:",
778	daniel-mar	1177	"data:",
		1178	"http:",
		1179	"https:"
		1180	),
1001	daniel-mar	1181	"manifest-src" => array(
		1182	"'self'",
		1183	"blob:"
		1184	),
		1185	"media-src" => array(
		1186	"'self'",
		1187	"blob:"
		1188	),
		1189	"object-src" => array(
		1190	"'none'"
		1191	),
		1192	"prefetch-src" => array(
		1193	"'self'",
		1194	"blob:"
		1195	),
778	daniel-mar	1196	"script-src" => array(
		1197	"'self'",
		1198	"'unsafe-inline'",
		1199	"'unsafe-eval'",
		1200	"blob:",
		1201	"https://cdnjs.cloudflare.com/",
		1202	"https://polyfill.io/"
		1203	),
1001	daniel-mar	1204	// script-src-elem not used
		1205	// script-src-attr not used
		1206	"style-src" => array(
		1207	"'self'",
		1208	"'unsafe-inline'",
		1209	"https://cdnjs.cloudflare.com/"
		1210	),
		1211	// style-src-elem not used
		1212	// style-src-attr not used
		1213	"worker-src" => array(
		1214	"'self'",
		1215	"blob:"
		1216	),
		1217
		1218	// --- Navigation directives ---
778	daniel-mar	1219	"frame-ancestors" => array(
1112	daniel-mar	1220	"'none'"
778	daniel-mar	1221	),
		1222	)
		1223	);
		1224
780	daniel-mar	1225	// Give plugins the opportunity to manipulate/extend the headers
778	daniel-mar	1226
		1227	foreach (OIDplus::getSqlSlangPlugins() as $plugin) {
		1228	$plugin->httpHeaderCheck($http_headers);
		1229	}
1015	daniel-mar	1230	//foreach (OIDplus::getDatabasePlugins() as $plugin) {
		1231	if ($plugin = OIDplus::getActiveDatabasePlugin()) {
778	daniel-mar	1232	$plugin->httpHeaderCheck($http_headers);
		1233	}
		1234	foreach (OIDplus::getPagePlugins() as $plugin) {
		1235	$plugin->httpHeaderCheck($http_headers);
		1236	}
		1237	foreach (OIDplus::getAuthPlugins() as $plugin) {
		1238	$plugin->httpHeaderCheck($http_headers);
		1239	}
		1240	foreach (OIDplus::getLoggerPlugins() as $plugin) {
		1241	$plugin->httpHeaderCheck($http_headers);
		1242	}
		1243	foreach (OIDplus::getObjectTypePlugins() as $plugin) {
		1244	$plugin->httpHeaderCheck($http_headers);
		1245	}
		1246	foreach (OIDplus::getLanguagePlugins() as $plugin) {
		1247	$plugin->httpHeaderCheck($http_headers);
		1248	}
		1249	foreach (OIDplus::getDesignPlugins() as $plugin) {
		1250	$plugin->httpHeaderCheck($http_headers);
		1251	}
1015	daniel-mar	1252	//foreach (OIDplus::getCaptchaPlugins() as $plugin) {
		1253	if ($plugin = OIDplus::getActiveCaptchaPlugin()) {
778	daniel-mar	1254	$plugin->httpHeaderCheck($http_headers);
		1255	}
		1256
		1257	// Prepare to send the headers to the client
		1258	// The headers are sent automatically when the first output comes or the script ends
		1259
		1260	foreach ($http_headers as $name => $val) {
		1261
		1262	// Plugins can remove standard OIDplus headers by setting the value to null.
		1263	if (is_null($val)) continue; /** @phpstan-ignore-line */
		1264
		1265	// Some headers can be written as arrays to make it easier for plugin authors
		1266	// to manipulate/extend the contents.
		1267	if (is_array($val)) {
		1268	if ((strtolower($name) == 'cache-control') \|\|
		1269	(strtolower($name) == 'referrer-policy'))
		1270	{
		1271	if (count($val) == 0) continue;
		1272	$val = implode(', ', $val);
		1273	} else if (strtolower($name) == 'content-security-policy') {
		1274	if (count($val) == 0) continue;
780	daniel-mar	1275	foreach ($val as $tmp1 => &$tmp2) {
		1276	$tmp2 = array_unique($tmp2);
		1277	$tmp2 = $tmp1.' '.implode(' ', $tmp2);
		1278	}
778	daniel-mar	1279	$val = implode('; ', $val);
		1280	} else {
779	daniel-mar	1281	throw new OIDplusException(_L('HTTP header "%1" cannot be written as array. A newly installed plugin is probably misusing the method "%2".',$name,'httpHeaderCheck'));
778	daniel-mar	1282	}
		1283	}
		1284
		1285	if (is_string($val)) {
		1286	header("$name: $val");
		1287	}
		1288	}
		1289
		1290	} // endif (PHP_SAPI != 'cli')
		1291
412	daniel-mar	1292	// Initialize other stuff (i.e. things which require the logger!)
		1293
		1294	OIDplus::recognizeSystemUrl(); // Make sure "last_known_system_url" is set
		1295	OIDplus::recognizeVersion(); // Make sure "last_known_version" is set and a log entry is created
2	daniel-mar	1296	}
42	daniel-mar	1297
1050	daniel-mar	1298	// --- System URL, System ID, PKI, and other functions
227	daniel-mar	1299
412	daniel-mar	1300	private static function recognizeSystemUrl() {
		1301	try {
1072	daniel-mar	1302	$url = OIDplus::webpath(null,self::PATH_ABSOLUTE_CANONICAL);
412	daniel-mar	1303	OIDplus::config()->setValue('last_known_system_url', $url);
1050	daniel-mar	1304	} catch (\Exception $e) {
412	daniel-mar	1305	}
		1306	}
497	daniel-mar	1307
496	daniel-mar	1308	private static function getExecutingScriptPathDepth() {
		1309	if (PHP_SAPI == 'cli') {
		1310	global $argv;
		1311	$test_dir = dirname(realpath($argv[0]));
		1312	} else {
		1313	if (!isset($_SERVER["SCRIPT_FILENAME"])) return false;
		1314	$test_dir = dirname($_SERVER['SCRIPT_FILENAME']);
		1315	}
		1316	$test_dir = str_replace('\\', '/', $test_dir);
		1317	$steps_up = 0;
928	daniel-mar	1318	while (!file_exists($test_dir.'/oidplus.min.css.php')) { // We just assume that only the OIDplus base directory contains "oidplus.min.css.php" and not any subordinate directory!
496	daniel-mar	1319	$test_dir = dirname($test_dir);
		1320	$steps_up++;
		1321	if ($steps_up == 1000) return false; // to make sure there will never be an infinite loop
		1322	}
		1323	return $steps_up;
		1324	}
632	daniel-mar	1325
580	daniel-mar	1326	public static function isSSL() {
		1327	return isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] === 'on');
		1328	}
412	daniel-mar	1329
806	daniel-mar	1330	/**
		1331	* Returns the URL of the system.
		1332	* @param int $mode If true or OIDplus::PATH_RELATIVE, the returning path is relative to the currently executed
		1333	* PHP script (i.e. index.php , not the plugin PHP script!). False or OIDplus::PATH_ABSOLUTE is
		1334	* results in an absolute URL. OIDplus::PATH_ABSOLUTE_CANONICAL is an absolute URL,
		1335	* but a canonical path (set by base config setting CANONICAL_SYSTEM_URL) is preferred.
		1336	* @return string\|false The URL, with guaranteed trailing path delimiter for directories
		1337	*/
801	daniel-mar	1338	private static function getSystemUrl($mode) {
806	daniel-mar	1339	if ($mode === self::PATH_RELATIVE) {
778	daniel-mar	1340	$steps_up = self::getExecutingScriptPathDepth();
		1341	if ($steps_up === false) {
		1342	return false;
		1343	} else {
		1344	return str_repeat('../', $steps_up);
		1345	}
		1346	} else {
806	daniel-mar	1347	if ($mode === self::PATH_ABSOLUTE_CANONICAL) {
		1348	$tmp = OIDplus::baseConfig()->getValue('CANONICAL_SYSTEM_URL', '');
		1349	if ($tmp) {
		1350	return rtrim($tmp,'/').'/';
		1351	}
326	daniel-mar	1352	}
778	daniel-mar	1353
495	daniel-mar	1354	if (PHP_SAPI == 'cli') {
494	daniel-mar	1355	try {
		1356	return OIDplus::config()->getValue('last_known_system_url', false);
1050	daniel-mar	1357	} catch (\Exception $e) {
494	daniel-mar	1358	return false;
		1359	}
778	daniel-mar	1360	} else {
		1361	// First, try to find out how many levels we need to go up
		1362	$steps_up = self::getExecutingScriptPathDepth();
326	daniel-mar	1363
778	daniel-mar	1364	// Then go up these amount of levels, based on SCRIPT_NAME/argv[0]
		1365	$res = dirname($_SERVER['SCRIPT_NAME'].'index.php'); // This fake 'index.php' ensures that SCRIPT_NAME does not end with '/', which would make dirname() fail
		1366	for ($i=0; $i<$steps_up; $i++) {
		1367	$res = dirname($res);
		1368	}
		1369	$res = str_replace('\\', '/', $res);
		1370	if ($res == '/') $res = '';
227	daniel-mar	1371
778	daniel-mar	1372	// Add protocol and hostname
580	daniel-mar	1373	$is_ssl = self::isSSL();
495	daniel-mar	1374	$protocol = $is_ssl ? 'https' : 'http'; // do not translate
		1375	$host = $_SERVER['HTTP_HOST']; // includes port if it is not 80/443
778	daniel-mar	1376
		1377	return $protocol.'://'.$host.$res.'/';
495	daniel-mar	1378	}
227	daniel-mar	1379	}
		1380	}
		1381
1073	daniel-mar	1382	private static function pubKeyToRaw($pubKey) {
827	daniel-mar	1383	$m = array();
1073	daniel-mar	1384	if (preg_match('@BEGIN PUBLIC KEY\\-+([^\\-]+)\\-+END PUBLIC KEY@ismU', $pubKey, $m)) {
		1385	return base64_decode($m[1], false);
827	daniel-mar	1386	}
		1387	return false;
		1388	}
		1389
1073	daniel-mar	1390	private static function getSystemIdFromPubKey($pubKey) {
		1391	$rawData = self::pubKeyToRaw($pubKey);
		1392	if ($rawData === false) return false;
		1393	return smallhash($rawData);
		1394	}
		1395
		1396	private static function getSystemGuidFromPubKey($pubKey) {
		1397	$rawData = self::pubKeyToRaw($pubKey);
		1398	if ($rawData === false) return false;
		1399	$normalizedBase64 = base64_encode($rawData);
		1400	return gen_uuid_sha1_namebased(self::UUID_NAMEBASED_NS_Base64PubKey, $normalizedBase64);
		1401	}
		1402
227	daniel-mar	1403	private static $system_id_cache = null;
		1404	public static function getSystemId($oid=false) {
		1405	if (!is_null(self::$system_id_cache)) {
		1406	$out = self::$system_id_cache;
		1407	} else {
		1408	$out = false;
		1409
		1410	if (self::getPkiStatus(true)) {
830	daniel-mar	1411	$pubKey = OIDplus::getSystemPublicKey();
827	daniel-mar	1412	$out = self::getSystemIdFromPubKey($pubKey);
227	daniel-mar	1413	}
		1414	self::$system_id_cache = $out;
		1415	}
350	daniel-mar	1416	if (!$out) return false;
291	daniel-mar	1417	return ($oid ? '1.3.6.1.4.1.37476.30.9.' : '').$out;
227	daniel-mar	1418	}
		1419
1073	daniel-mar	1420	private static $system_guid_cache = null;
		1421	public static function getSystemGuid() {
		1422	if (!is_null(self::$system_guid_cache)) {
		1423	$out = self::$system_guid_cache;
		1424	} else {
		1425	$out = false;
		1426
		1427	if (self::getPkiStatus(true)) {
		1428	$pubKey = OIDplus::getSystemPublicKey();
		1429	$out = self::getSystemGuidFromPubKey($pubKey);
		1430	}
		1431	self::$system_guid_cache = $out;
		1432	}
		1433	if (!$out) return false;
		1434	return $out;
		1435	}
		1436
825	daniel-mar	1437	public static function getOpenSslCnf() {
		1438	// The following functions need a config file, otherway they don't work
		1439	// - openssl_csr_new
		1440	// - openssl_csr_sign
		1441	// - openssl_pkey_export
		1442	// - openssl_pkey_export_to_file
		1443	// - openssl_pkey_new
		1444	$tmp = @getenv('OPENSSL_CONF');
		1445	if ($tmp && file_exists($tmp)) return $tmp;
		1446
		1447	// OpenSSL in XAMPP does not work OOBE, since the OPENSSL_CONF is
		1448	// C:/xampp/apache/bin/openssl.cnf and not C:/xampp/apache/conf/openssl.cnf
		1449	// Bug reports are more than 10 years old and nobody cares...
		1450	// Use our own config file
		1451	return __DIR__.'/../../vendor/phpseclib/phpseclib/phpseclib/openssl.cnf';
		1452	}
		1453
830	daniel-mar	1454	private static function getPrivKeyPassphraseFilename() {
		1455	return OIDplus::localpath() . 'userdata/privkey_secret.php';
		1456	}
227	daniel-mar	1457
830	daniel-mar	1458	private static function tryCreatePrivKeyPassphrase() {
		1459	$file = self::getPrivKeyPassphraseFilename();
827	daniel-mar	1460
830	daniel-mar	1461	$passphrase = generateRandomString(64);
		1462	$cont = "<?php\n";
		1463	$cont .= "// ATTENTION! This file was automatically generated by OIDplus to encrypt the private key\n";
		1464	$cont .= "// that is located in your database configuration table. DO NOT ALTER OR DELETE THIS FILE,\n";
		1465	$cont .= "// otherwise you will lose your OIDplus System-ID and all services connected with it!\n";
831	daniel-mar	1466	$cont .= "// If multiple systems access the same database, then this file must be synchronous\n";
		1467	$cont .= "// between all systems, otherwise you will lose your system ID, too!\n";
830	daniel-mar	1468	$cont .= "\$passphrase = '$passphrase';\n";
		1469	$cont .= "// End of file\n";
		1470
		1471	@file_put_contents($file, $cont);
		1472	}
		1473
		1474	private static function getPrivKeyPassphrase() {
		1475	$file = self::getPrivKeyPassphraseFilename();
		1476	if (!file_exists($file)) return false;
		1477	$cont = file_get_contents($file);
		1478	$m = array();
		1479	if (!preg_match("@'(.+)'@isU", $cont, $m)) return false;
		1480	return $m[1];
		1481	}
		1482
		1483	public static function getSystemPrivateKey() {
227	daniel-mar	1484	$privKey = OIDplus::config()->getValue('oidplus_private_key');
830	daniel-mar	1485	if ($privKey == '') return false;
		1486
		1487	$passphrase = self::getPrivKeyPassphrase();
		1488	if ($passphrase !== false) {
		1489	$privKey = decrypt_private_key($privKey, $passphrase);
		1490	}
		1491
		1492	if (is_privatekey_encrypted($privKey)) {
		1493	// This can happen if the key file has vanished
		1494	return false;
		1495	}
		1496
		1497	return $privKey;
		1498	}
		1499
		1500	public static function getSystemPublicKey() {
227	daniel-mar	1501	$pubKey = OIDplus::config()->getValue('oidplus_public_key');
830	daniel-mar	1502	if ($pubKey == '') return false;
		1503	return $pubKey;
		1504	}
227	daniel-mar	1505
830	daniel-mar	1506	public static function getPkiStatus($try_generate=false) {
		1507	if (!function_exists('openssl_pkey_new')) return false;
227	daniel-mar	1508
830	daniel-mar	1509	if ($try_generate) {
		1510	// For debug purposes: Invalidate current key once:
		1511	//OIDplus::config()->setValue('oidplus_private_key', '');
256	daniel-mar	1512
830	daniel-mar	1513	$privKey = OIDplus::getSystemPrivateKey();
		1514	$pubKey = OIDplus::getSystemPublicKey();
		1515	if (!verify_private_public_key($privKey, $pubKey)) {
		1516	if ($pubKey) {
		1517	OIDplus::logger()->log("[WARN]A!", "The private/public key-pair is broken. A new key-pair will now be generated for your system. Your System-ID will change.");
		1518	}
227	daniel-mar	1519
830	daniel-mar	1520	$pkey_config = array(
		1521	"digest_alg" => "sha512",
		1522	"private_key_bits" => defined('OPENSSL_SUPPLEMENT') ? 1024 : 2048, // openssl_supplement.inc.php is based on phpseclib, which is very slow. So we use 1024 bits instead of 2048 bits
		1523	"private_key_type" => OPENSSL_KEYTYPE_RSA,
		1524	"config" => OIDplus::getOpenSslCnf()
		1525	);
227	daniel-mar	1526
830	daniel-mar	1527	// Create the private and public key
		1528	$res = openssl_pkey_new($pkey_config);
		1529	if ($res === false) return false;
239	daniel-mar	1530
830	daniel-mar	1531	// Extract the private key from $res to $privKey
		1532	if (openssl_pkey_export($res, $privKey, null, $pkey_config) === false) return false;
227	daniel-mar	1533
830	daniel-mar	1534	// Extract the public key from $res to $pubKey
		1535	$tmp = openssl_pkey_get_details($res);
		1536	if ($tmp === false) return false;
		1537	$pubKey = $tmp["key"];
		1538
		1539	// encrypt new keys using a passphrase stored in a secret file
		1540	self::tryCreatePrivKeyPassphrase(); // try (re)generate this file
		1541	$passphrase = self::getPrivKeyPassphrase();
		1542	if ($passphrase !== false) {
		1543	$privKey = encrypt_private_key($privKey, $passphrase);
		1544	}
		1545
		1546	// Calculate the system ID from the public key
		1547	$system_id = self::getSystemIdFromPubKey($pubKey);
		1548	if ($system_id !== false) {
		1549	// Save the key pair to database
		1550	OIDplus::config()->setValue('oidplus_private_key', $privKey);
		1551	OIDplus::config()->setValue('oidplus_public_key', $pubKey);
		1552
		1553	// Log the new system ID
		1554	OIDplus::logger()->log("[INFO]A!", "A new private/public key-pair for your system had been generated. Your SystemID is now $system_id");
		1555	}
		1556	} else {
		1557	$passphrase = self::getPrivKeyPassphrase();
831	daniel-mar	1558	$rawPrivKey = OIDplus::config()->getValue('oidplus_private_key');
		1559	if (($passphrase === false) \|\| !is_privatekey_encrypted($rawPrivKey)) {
830	daniel-mar	1560	// Upgrade to new encrypted keys
		1561	self::tryCreatePrivKeyPassphrase(); // try generate this file
		1562	$passphrase = self::getPrivKeyPassphrase();
		1563	if ($passphrase !== false) {
		1564	$privKey = encrypt_private_key($privKey, $passphrase);
		1565	OIDplus::logger()->log("[INFO]A!", "The private/public key-pair has been upgraded to an encrypted key-pair. The key is saved in ".self::getPrivKeyPassphraseFilename());
		1566	OIDplus::config()->setValue('oidplus_private_key', $privKey);
		1567	}
		1568	}
227	daniel-mar	1569	}
		1570	}
		1571
830	daniel-mar	1572	$privKey = OIDplus::getSystemPrivateKey();
		1573	$pubKey = OIDplus::getSystemPublicKey();
227	daniel-mar	1574	return verify_private_public_key($privKey, $pubKey);
		1575	}
		1576
170	daniel-mar	1577	public static function getInstallType() {
486	daniel-mar	1578	$counter = 0;
		1579
661	daniel-mar	1580	if ($new_version_file_exists = file_exists(OIDplus::localpath().'.version.php')) {
486	daniel-mar	1581	$counter++;
591	daniel-mar	1582	}
661	daniel-mar	1583	if ($old_version_file_exists = file_exists(OIDplus::localpath().'oidplus_version.txt')) {
		1584	$counter++;
		1585	}
		1586	$version_file_exists = $old_version_file_exists \| $new_version_file_exists;
681	daniel-mar	1587	if ($svn_dir_exists = (is_dir(OIDplus::localpath().'.svn') \|\|
		1588	is_dir(OIDplus::localpath().'../.svn'))) { // in case we checked out the root instead of the "trunk"
486	daniel-mar	1589	$counter++;
591	daniel-mar	1590	}
681	daniel-mar	1591	// if ($git_dir_exists = is_dir(OIDplus::localpath().'.git')) {
698	daniel-mar	1592	if ($git_dir_exists = (OIDplus::findGitFolder() !== false)) {
486	daniel-mar	1593	$counter++;
591	daniel-mar	1594	}
486	daniel-mar	1595
		1596	if ($counter === 0) {
360	daniel-mar	1597	return 'unknown'; // do not translate
170	daniel-mar	1598	}
591	daniel-mar	1599	else if ($counter > 1) {
360	daniel-mar	1600	return 'ambigous'; // do not translate
170	daniel-mar	1601	}
591	daniel-mar	1602	else if ($svn_dir_exists) {
360	daniel-mar	1603	return 'svn-wc'; // do not translate
170	daniel-mar	1604	}
591	daniel-mar	1605	else if ($git_dir_exists) {
486	daniel-mar	1606	return 'git-wc'; // do not translate
		1607	}
591	daniel-mar	1608	else if ($version_file_exists) {
360	daniel-mar	1609	return 'svn-snapshot'; // do not translate
170	daniel-mar	1610	}
		1611	}
		1612
412	daniel-mar	1613	private static function recognizeVersion() {
		1614	try {
		1615	$ver_prev = OIDplus::config()->getValue("last_known_version");
		1616	$ver_now = OIDplus::getVersion();
		1617	if (($ver_now != '') && ($ver_prev != '') && ($ver_now != $ver_prev)) {
455	daniel-mar	1618	// TODO: Problem: When the system was updated using SVN, then the IP address of the next random visitor of the website is logged!
1072	daniel-mar	1619	OIDplus::logger()->log("[INFO]A!", "Detected system version change from '$ver_prev' to '$ver_now'");
856	daniel-mar	1620
		1621	// Just to be sure, recanonize objects (we don't do it at every page visit due to performance reasons)
857	daniel-mar	1622	self::recanonizeObjects();
412	daniel-mar	1623	}
		1624	OIDplus::config()->setValue("last_known_version", $ver_now);
1050	daniel-mar	1625	} catch (\Exception $e) {
412	daniel-mar	1626	}
		1627	}
		1628
111	daniel-mar	1629	public static function getVersion() {
412	daniel-mar	1630	static $cachedVersion = null;
		1631	if (!is_null($cachedVersion)) {
		1632	return $cachedVersion;
		1633	}
		1634
486	daniel-mar	1635	$installType = OIDplus::getInstallType();
		1636
		1637	if ($installType === 'svn-wc') {
496	daniel-mar	1638	$ver = get_svn_revision(OIDplus::localpath());
486	daniel-mar	1639	if ($ver)
		1640	return ($cachedVersion = 'svn-'.$ver);
558	daniel-mar	1641	$ver = get_svn_revision(OIDplus::localpath().'../'); // in case we checked out the root instead of the "trunk"
		1642	if ($ver)
		1643	return ($cachedVersion = 'svn-'.$ver);
111	daniel-mar	1644	}
162	daniel-mar	1645
486	daniel-mar	1646	if ($installType === 'git-wc') {
698	daniel-mar	1647	$ver = OIDplus::getGitsvnRevision(OIDplus::localpath());
486	daniel-mar	1648	if ($ver)
		1649	return ($cachedVersion = 'svn-'.$ver);
162	daniel-mar	1650	}
		1651
486	daniel-mar	1652	if ($installType === 'svn-snapshot') {
661	daniel-mar	1653	$cont = '';
		1654	if (file_exists($filename = OIDplus::localpath().'oidplus_version.txt'))
		1655	$cont = file_get_contents($filename);
		1656	if (file_exists($filename = OIDplus::localpath().'.version.php'))
		1657	$cont = file_get_contents($filename);
386	daniel-mar	1658	$m = array();
360	daniel-mar	1659	if (preg_match('@Revision (\d+)@', $cont, $m)) // do not translate
412	daniel-mar	1660	return ($cachedVersion = 'svn-'.$m[1]); // do not translate
162	daniel-mar	1661	}
		1662
486	daniel-mar	1663	return ($cachedVersion = false); // version ambigous or unknown
111	daniel-mar	1664	}
		1665
974	daniel-mar	1666	const ENFORCE_SSL_NO = 0;
		1667	const ENFORCE_SSL_YES = 1;
		1668	const ENFORCE_SSL_AUTO = 2;
230	daniel-mar	1669	private static $sslAvailableCache = null;
		1670	public static function isSslAvailable() {
		1671	if (!is_null(self::$sslAvailableCache)) return self::$sslAvailableCache;
256	daniel-mar	1672
495	daniel-mar	1673	if (PHP_SAPI == 'cli') {
230	daniel-mar	1674	self::$sslAvailableCache = false;
		1675	return false;
		1676	}
		1677
49	daniel-mar	1678	$timeout = 2;
580	daniel-mar	1679	$already_ssl = self::isSSL();
80	daniel-mar	1680	$ssl_port = 443;
1059	daniel-mar	1681	$host_with_port = $_SERVER['HTTP_HOST'];
		1682	$host_no_port = explode(':',$host_with_port)[0];
		1683	$host_ssl = $host_no_port . ($ssl_port != 443 ? ':'.$ssl_port : '');
42	daniel-mar	1684
974	daniel-mar	1685	if ($already_ssl) {
1059	daniel-mar	1686	OIDplus::cookieUtils()->setcookie('SSL_CHECK', '1', 0, true/allowJS/, null/samesite/, true/forceInsecure/);
974	daniel-mar	1687	self::$sslAvailableCache = true;
		1688	return true;
		1689	} else {
		1690	if (isset($_COOKIE['SSL_CHECK']) && ($_COOKIE['SSL_CHECK'] == '1')) {
		1691	// The cookie "SSL_CHECK" is set once a website was loaded with HTTPS.
		1692	// It forces subsequent HTTP calls to redirect to HTTPS (like HSTS).
		1693	// The reason is the following problem:
		1694	// If you open the page with HTTPS first, then the CSRF token cookies will get the "secure" flag
		1695	// If you open the page then with HTTP, the HTTP cannot access the secure CSRF cookies,
		1696	// Chrome will then block "Set-Cookie" since the HTTP cookie would overwrite the HTTPS cookie.
1059	daniel-mar	1697	// So we MUST redirect, even if the Mode is ENFORCE_SSL_NO.
974	daniel-mar	1698	// Note: SSL_CHECK is NOT a replacement for HSTS! You should use HSTS,
1059	daniel-mar	1699	// because on there your browser ensures that HTTPS is called, before the server
		1700	// is even contacted (and therefore, no HTTP connection can be hacked).
974	daniel-mar	1701	$mode = OIDplus::ENFORCE_SSL_YES;
		1702	} else {
		1703	$mode = OIDplus::baseConfig()->getValue('ENFORCE_SSL', OIDplus::ENFORCE_SSL_AUTO);
		1704	}
261	daniel-mar	1705
974	daniel-mar	1706	if ($mode == OIDplus::ENFORCE_SSL_NO) {
		1707	// No SSL available
		1708	self::$sslAvailableCache = false;
		1709	return false;
		1710	} else if ($mode == OIDplus::ENFORCE_SSL_YES) {
		1711	// Force SSL
1059	daniel-mar	1712	$location = 'https://' . $host_ssl . $_SERVER['REQUEST_URI'];
80	daniel-mar	1713	header('Location:'.$location);
360	daniel-mar	1714	die(_L('Redirecting to HTTPS...'));
974	daniel-mar	1715	} else if ($mode == OIDplus::ENFORCE_SSL_AUTO) {
		1716	// Automatic SSL detection
80	daniel-mar	1717	if (isset($_COOKIE['SSL_CHECK'])) {
		1718	// We already had the HTTPS detection done before.
974	daniel-mar	1719	if ($_COOKIE['SSL_CHECK'] == '1') {
80	daniel-mar	1720	// HTTPS was detected before, but we are HTTP. Redirect now
1059	daniel-mar	1721	$location = 'https://' . $host_ssl . $_SERVER['REQUEST_URI'];
80	daniel-mar	1722	header('Location:'.$location);
360	daniel-mar	1723	die(_L('Redirecting to HTTPS...'));
80	daniel-mar	1724	} else {
		1725	// No HTTPS available. Do nothing.
230	daniel-mar	1726	self::$sslAvailableCache = false;
80	daniel-mar	1727	return false;
		1728	}
49	daniel-mar	1729	} else {
80	daniel-mar	1730	// This is our first check (or the browser didn't accept the SSL_CHECK cookie)
386	daniel-mar	1731	$errno = -1;
		1732	$errstr = '';
1059	daniel-mar	1733	if (@fsockopen($host_no_port, $ssl_port, $errno, $errstr, $timeout)) {
80	daniel-mar	1734	// HTTPS detected. Redirect now, and remember that we had detected HTTPS
1059	daniel-mar	1735	OIDplus::cookieUtils()->setcookie('SSL_CHECK', '1', 0, true/allowJS/, null/samesite/, true/forceInsecure/);
		1736	$location = 'https://' . $host_ssl . $_SERVER['REQUEST_URI'];
80	daniel-mar	1737	header('Location:'.$location);
360	daniel-mar	1738	die(_L('Redirecting to HTTPS...'));
80	daniel-mar	1739	} else {
		1740	// No HTTPS detected. Do nothing, and next time, don't try to detect HTTPS again.
1059	daniel-mar	1741	OIDplus::cookieUtils()->setcookie('SSL_CHECK', '0', 0, true/allowJS/, null/samesite/, true/forceInsecure/);
230	daniel-mar	1742	self::$sslAvailableCache = false;
80	daniel-mar	1743	return false;
		1744	}
49	daniel-mar	1745	}
42	daniel-mar	1746	}
		1747	}
		1748	}
497	daniel-mar	1749
496	daniel-mar	1750	/**
		1751	* Gets a local path pointing to a resource
		1752	* @param string $target Target resource (file or directory must exist), or null to get the OIDplus base directory
		1753	* @param boolean $relative If true, the returning path is relative to the currently executed PHP file (not the CLI working directory)
590	daniel-mar	1754	* @return string\|false The local path, with guaranteed trailing path delimiter for directories
496	daniel-mar	1755	*/
		1756	public static function localpath($target=null, $relative=false) {
		1757	if (is_null($target)) {
		1758	$target = __DIR__.'/../../';
		1759	}
241	daniel-mar	1760
496	daniel-mar	1761	if ($relative) {
		1762	// First, try to find out how many levels we need to go up
		1763	$steps_up = self::getExecutingScriptPathDepth();
		1764	if ($steps_up === false) return false;
497	daniel-mar	1765
496	daniel-mar	1766	// Virtually go back from the executing PHP script to the OIDplus base path
		1767	$res = str_repeat('../',$steps_up);
497	daniel-mar	1768
496	daniel-mar	1769	// Then go to the desired location
		1770	$basedir = realpath(__DIR__.'/../../');
		1771	$target = realpath($target);
500	daniel-mar	1772	if ($target === false) return false;
496	daniel-mar	1773	$res .= substr($target, strlen($basedir)+1);
		1774	$res = rtrim($res,'/'); // avoid '..//' for localpath(null,true)
		1775	} else {
		1776	$res = realpath($target);
241	daniel-mar	1777	}
497	daniel-mar	1778
801	daniel-mar	1779	if (is_dir($target)) $res .= '/';
497	daniel-mar	1780
801	daniel-mar	1781	$res = str_replace('/', DIRECTORY_SEPARATOR, $res);
		1782
496	daniel-mar	1783	return $res;
241	daniel-mar	1784	}
355	daniel-mar	1785
496	daniel-mar	1786	/**
		1787	* Gets a URL pointing to a resource
		1788	* @param string $target Target resource (file or directory must exist), or null to get the OIDplus base directory
806	daniel-mar	1789	* @param int\|boolean $mode If true or OIDplus::PATH_RELATIVE, the returning path is relative to the currently executed
		1790	* PHP script (i.e. index.php , not the plugin PHP script!). False or OIDplus::PATH_ABSOLUTE is
		1791	* results in an absolute URL. OIDplus::PATH_ABSOLUTE_CANONICAL is an absolute URL,
		1792	* but a canonical path (set by base config setting CANONICAL_SYSTEM_URL) is preferred.
590	daniel-mar	1793	* @return string\|false The URL, with guaranteed trailing path delimiter for directories
496	daniel-mar	1794	*/
806	daniel-mar	1795	public static function webpath($target=null, $mode=self::PATH_ABSOLUTE_CANONICAL) {
801	daniel-mar	1796	// backwards compatibility
		1797	if ($mode === true) $mode = self::PATH_RELATIVE;
		1798	if ($mode === false) $mode = self::PATH_ABSOLUTE;
		1799
811	daniel-mar	1800	if ($mode == OIDplus::PATH_RELATIVE_TO_ROOT) {
812	daniel-mar	1801	$tmp = OIDplus::webpath($target,OIDplus::PATH_ABSOLUTE);
		1802	if ($tmp === false) return false;
		1803	$tmp = parse_url($tmp);
		1804	if ($tmp === false) return false;
		1805	if (!isset($tmp['path'])) return false;
		1806	return $tmp['path'];
811	daniel-mar	1807	}
		1808
812	daniel-mar	1809	if ($mode == OIDplus::PATH_RELATIVE_TO_ROOT_CANONICAL) {
		1810	$tmp = OIDplus::webpath($target,OIDplus::PATH_ABSOLUTE_CANONICAL);
		1811	if ($tmp === false) return false;
		1812	$tmp = parse_url($tmp);
		1813	if ($tmp === false) return false;
		1814	if (!isset($tmp['path'])) return false;
		1815	return $tmp['path'];
		1816	}
		1817
801	daniel-mar	1818	$res = self::getSystemUrl($mode); // Note: already contains a trailing path delimiter
778	daniel-mar	1819	if ($res === false) return false;
497	daniel-mar	1820
496	daniel-mar	1821	if (!is_null($target)) {
		1822	$basedir = realpath(__DIR__.'/../../');
		1823	$target = realpath($target);
500	daniel-mar	1824	if ($target === false) return false;
496	daniel-mar	1825	$tmp = substr($target, strlen($basedir)+1);
500	daniel-mar	1826	$res .= str_replace(DIRECTORY_SEPARATOR,'/',$tmp); // remove OS specific path delimiters introduced by realpath()
497	daniel-mar	1827	if (is_dir($target)) $res .= '/';
496	daniel-mar	1828	}
497	daniel-mar	1829
496	daniel-mar	1830	return $res;
		1831	}
497	daniel-mar	1832
778	daniel-mar	1833	public static function canonicalURL() {
		1834	// First part: OIDplus system URL (or canonical system URL)
801	daniel-mar	1835	$sysurl = OIDplus::getSystemUrl(self::PATH_ABSOLUTE_CANONICAL);
778	daniel-mar	1836
		1837	// Second part: Directory
		1838	$basedir = realpath(__DIR__.'/../../');
		1839	$target = realpath('.');
		1840	if ($target === false) return false;
		1841	$tmp = substr($target, strlen($basedir)+1);
		1842	$res = str_replace(DIRECTORY_SEPARATOR,'/',$tmp); // remove OS specific path delimiters introduced by realpath()
780	daniel-mar	1843	if (is_dir($target) && ($res != '')) $res .= '/';
778	daniel-mar	1844
		1845	// Third part: File name
		1846	$tmp = explode('/',$_SERVER['SCRIPT_NAME']);
		1847	$tmp = end($tmp);
		1848
		1849	// Fourth part: Query string (ordered)
		1850	$tmp2 = getSortedQuery();
		1851	if ($tmp2 != '') $tmp2 = '?'.$tmp2;
		1852
		1853	return $sysurl.$res.$tmp.$tmp2;
		1854	}
		1855
639	daniel-mar	1856	private static $shutdown_functions = array();
		1857	public static function register_shutdown_function($func) {
		1858	self::$shutdown_functions[] = $func;
		1859	}
		1860
		1861	public static function invoke_shutdown() {
		1862	foreach (self::$shutdown_functions as $func) {
		1863	$func();
		1864	}
		1865	}
		1866
360	daniel-mar	1867	public static function getAvailableLangs() {
		1868	$langs = array();
		1869	foreach (OIDplus::getAllPluginManifests('language') as $pluginManifest) {
389	daniel-mar	1870	$code = $pluginManifest->getLanguageCode();
360	daniel-mar	1871	$langs[] = $code;
		1872	}
		1873	return $langs;
		1874	}
		1875
1041	daniel-mar	1876	public static function getDefaultLang() {
		1877	static $thrownOnce = false; // avoid endless loop inside OIDplusConfigInitializationException
		1878
1049	daniel-mar	1879	$lang = self::baseConfig()->getValue('DEFAULT_LANGUAGE', 'enus');
1041	daniel-mar	1880
		1881	if (!in_array($lang,self::getAvailableLangs())) {
		1882	if (!$thrownOnce) {
		1883	$thrownOnce = true;
1048	daniel-mar	1884	throw new OIDplusConfigInitializationException(_L('DEFAULT_LANGUAGE points to an invalid language plugin. (Consider setting to "enus" = "English USA".)'));
1041	daniel-mar	1885	} else {
		1886	return 'enus';
		1887	}
		1888	}
		1889
		1890	return $lang;
		1891	}
		1892
355	daniel-mar	1893	public static function getCurrentLang() {
360	daniel-mar	1894	if (isset($_GET['lang'])) {
		1895	$lang = $_GET['lang'];
		1896	} else if (isset($_POST['lang'])) {
		1897	$lang = $_POST['lang'];
		1898	} else if (isset($_COOKIE['LANGUAGE'])) {
		1899	$lang = $_COOKIE['LANGUAGE'];
		1900	} else {
1041	daniel-mar	1901	$lang = self::getDefaultLang();
360	daniel-mar	1902	}
		1903	$lang = substr(preg_replace('@[^a-z]@ismU', '', $lang),0,4); // sanitize
355	daniel-mar	1904	return $lang;
		1905	}
		1906
362	daniel-mar	1907	public static function handleLangArgument() {
		1908	if (isset($_GET['lang'])) {
		1909	// The "?lang=" argument is only for NoScript-Browsers/SearchEngines
		1910	// In case someone who has JavaScript clicks a ?lang= link, they should get
		1911	// the page in that language, but the cookie must be set, otherwise
		1912	// the menu and other stuff would be in their cookie-based-language and not the
		1913	// argument-based-language.
557	daniel-mar	1914	OIDplus::cookieUtils()->setcookie('LANGUAGE', $_GET['lang'], 0, true/HttpOnly off, because JavaScript also needs translation/);
362	daniel-mar	1915	} else if (isset($_POST['lang'])) {
557	daniel-mar	1916	OIDplus::cookieUtils()->setcookie('LANGUAGE', $_POST['lang'], 0, true/HttpOnly off, because JavaScript also needs translation/);
362	daniel-mar	1917	}
		1918	}
		1919
468	daniel-mar	1920	private static $translationArray = array();
469	daniel-mar	1921	protected static function getTranslationFileContents($translation_file) {
		1922	// First, try the cache
481	daniel-mar	1923	$cache_file = __DIR__ . '/../../userdata/cache/translation_'.md5($translation_file).'.ser';
469	daniel-mar	1924	if (file_exists($cache_file) && (filemtime($cache_file) == filemtime($translation_file))) {
		1925	$cac = @unserialize(file_get_contents($cache_file));
		1926	if ($cac) return $cac;
		1927	}
481	daniel-mar	1928
469	daniel-mar	1929	// If not successful, then load the XML file
		1930	$xml = @simplexml_load_string(file_get_contents($translation_file));
		1931	if (!$xml) return array(); // if there is an UTF-8 or parsing error, don't output any errors, otherwise the JavaScript is corrupt and the page won't render correctly
		1932	$cac = array();
		1933	foreach ($xml->message as $msg) {
		1934	$src = trim($msg->source->__toString());
		1935	$dst = trim($msg->target->__toString());
		1936	$cac[$src] = $dst;
		1937	}
		1938	@file_put_contents($cache_file,serialize($cac));
		1939	@touch($cache_file,filemtime($translation_file));
		1940	return $cac;
		1941	}
468	daniel-mar	1942	public static function getTranslationArray($requested_lang='*') {
362	daniel-mar	1943	foreach (OIDplus::getAllPluginManifests('language') as $pluginManifest) {
389	daniel-mar	1944	$lang = $pluginManifest->getLanguageCode();
362	daniel-mar	1945	if (strpos($lang,'/') !== false) continue; // just to be sure
		1946	if (strpos($lang,'\\') !== false) continue; // just to be sure
		1947	if (strpos($lang,'..') !== false) continue; // just to be sure
401	daniel-mar	1948
468	daniel-mar	1949	if (($requested_lang != '*') && ($lang != $requested_lang)) continue;
401	daniel-mar	1950
468	daniel-mar	1951	if (!isset(self::$translationArray[$lang])) {
		1952	self::$translationArray[$lang] = array();
		1953
		1954	$wildcard = $pluginManifest->getLanguageMessages();
		1955	if (strpos($wildcard,'/') !== false) continue; // just to be sure
		1956	if (strpos($wildcard,'\\') !== false) continue; // just to be sure
		1957	if (strpos($wildcard,'..') !== false) continue; // just to be sure
		1958
635	daniel-mar	1959	$translation_files = glob(__DIR__.'/../../plugins/'.'*'.'/language/'.$lang.'/'.$wildcard);
468	daniel-mar	1960	sort($translation_files);
		1961	foreach ($translation_files as $translation_file) {
		1962	if (!file_exists($translation_file)) continue;
469	daniel-mar	1963	$cac = self::getTranslationFileContents($translation_file);
		1964	foreach ($cac as $src => $dst) {
		1965	self::$translationArray[$lang][$src] = $dst;
468	daniel-mar	1966	}
401	daniel-mar	1967	}
362	daniel-mar	1968	}
		1969	}
468	daniel-mar	1970	return self::$translationArray;
362	daniel-mar	1971	}
		1972
699	daniel-mar	1973	public static function getEditionInfo() {
		1974	return @parse_ini_file(__DIR__.'/../edition.ini', true)['Edition'];
		1975	}
		1976
698	daniel-mar	1977	public static function findGitFolder() {
		1978	// Git command line saves git information in folder ".git"
		1979	// Plesk git saves git information in folder "../../../git/oidplus/" (or similar)
727	daniel-mar	1980	$dir = OIDplus::localpath();
698	daniel-mar	1981	if (is_dir($dir.'/.git')) return $dir.'/.git';
		1982	$i = 0;
		1983	do {
		1984	if (is_dir($dir.'/git')) {
719	daniel-mar	1985	$confs = @glob($dir.'/git/'.'*'.'/config');
		1986	if ($confs) foreach ($confs as $conf) {
698	daniel-mar	1987	$cont = file_get_contents($conf);
699	daniel-mar	1988	if (isset(OIDplus::getEditionInfo()['gitrepo']) && (OIDplus::getEditionInfo()['gitrepo'] != '') && (strpos($cont, OIDplus::getEditionInfo()['gitrepo']) !== false)) {
698	daniel-mar	1989	return dirname($conf);
		1990	}
		1991	}
		1992	}
		1993	$i++;
719	daniel-mar	1994	} while (($i<100) && ($dir != ($new_dir = @realpath($dir.'/../'))) && ($dir = $new_dir));
698	daniel-mar	1995	return false;
		1996	}
		1997
		1998	public static function getGitsvnRevision($dir='') {
		1999	try {
		2000	// tries command line and binary parsing
699	daniel-mar	2001	// requires vendor/danielmarschall/git_utils.inc.php
698	daniel-mar	2002	$git_dir = OIDplus::findGitFolder();
		2003	if ($git_dir === false) return false;
		2004	$commit_msg = git_get_latest_commit_message($git_dir);
1050	daniel-mar	2005	} catch (\Exception $e) {
698	daniel-mar	2006	return false;
		2007	}
		2008
		2009	$m = array();
		2010	if (preg_match('%git-svn-id: (.+)@(\\d+) %ismU', $commit_msg, $m)) {
		2011	return $m[2];
		2012	} else {
		2013	return false;
		2014	}
		2015	}
		2016
775	daniel-mar	2017	public static function prefilterQuery($static_node_id, $throw_exception) {
		2018	// Let namespace be case-insensitive
		2019	$ary = explode(':', $static_node_id, 2);
		2020	$ary[0] = strtolower($ary[0]);
		2021	$static_node_id = implode(':', $ary);
		2022
889	daniel-mar	2023	// Ask plugins if they want to change the node id
		2024	foreach (OIDplus::getObjectTypePluginsEnabled() as $plugin) {
		2025	$static_node_id = $plugin->prefilterQuery($static_node_id, $throw_exception);
775	daniel-mar	2026	}
		2027
		2028	return $static_node_id;
		2029	}
849	daniel-mar	2030
		2031	public static function isCronjob() {
		2032	return explode('.',basename($_SERVER['SCRIPT_NAME']))[0] === 'cron';
		2033	}
856	daniel-mar	2034
857	daniel-mar	2035	private static function recanonizeObjects() {
1050	daniel-mar	2036	//
		2037	// Since OIDplus svn-184, entries in the database need to have a canonical ID
		2038	// If the ID is not canonical (e.g. GUIDs missing hyphens), the object cannot be opened in OIDplus
		2039	// This script re-canonizes the object IDs if required.
		2040	// In SVN Rev 856, the canonization for GUID, IPv4 and IPv6 have changed, requiring another
		2041	// re-canonization
		2042	//
856	daniel-mar	2043	$res = OIDplus::db()->query("select id from ###objects");
		2044	while ($row = $res->fetch_array()) {
		2045	$ida = $row['id'];
857	daniel-mar	2046	$obj = OIDplusObject::parse($ida);
		2047	if (!$obj) continue;
		2048	$idb = $obj->nodeId();
856	daniel-mar	2049	if (($idb) && ($ida != $idb)) {
		2050	OIDplus::db()->transaction_begin();
		2051	OIDplus::db()->query("update ###objects set id = ? where id = ?", array($idb, $ida));
		2052	OIDplus::db()->query("update ###asn1id set oid = ? where oid = ?", array($idb, $ida));
		2053	OIDplus::db()->query("update ###iri set oid = ? where oid = ?", array($idb, $ida));
		2054	OIDplus::db()->query("update ###log_object set id = ? where id = ?", array($idb, $ida));
		2055	OIDplus::logger()->log("[INFO]A!", "Object name '$ida' has been changed to '$idb' during re-canonization");
		2056	OIDplus::db()->transaction_commit();
978	daniel-mar	2057	OIDplusObject::resetObjectInformationCache();
856	daniel-mar	2058	}
		2059	}
		2060	}
		2061
374	daniel-mar	2062	}

Subversion Repositories oidplus

oidplus/trunk/includes/classes/OIDplus.class.php @ 1127 – Rev 1112