WebSVN – oidplus – Blame – /trunk/includes/classes/OIDplus.class.php

Rev	Author	Line No.	Line
2	daniel-mar	1	<?php
		2
		3	/*
		4	* OIDplus 2.0
1073	daniel-mar	5	* Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft
2	daniel-mar	6	*
		7	* Licensed under the Apache License, Version 2.0 (the "License");
		8	* you may not use this file except in compliance with the License.
		9	* You may obtain a copy of the License at
		10	*
		11	* http://www.apache.org/licenses/LICENSE-2.0
		12	*
		13	* Unless required by applicable law or agreed to in writing, software
		14	* distributed under the License is distributed on an "AS IS" BASIS,
		15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		16	* See the License for the specific language governing permissions and
		17	* limitations under the License.
		18	*/
		19
1050	daniel-mar	20	namespace ViaThinkSoft\OIDplus;
511	daniel-mar	21
1086	daniel-mar	22	// phpcs:disable PSR1.Files.SideEffects
		23	\defined('INSIDE_OIDPLUS') or die;
		24	// phpcs:enable PSR1.Files.SideEffects
		25
730	daniel-mar	26	class OIDplus extends OIDplusBaseClass {
1116	daniel-mar	27	/**
		28	* @var OIDplusPagePlugin[]
		29	*/
281	daniel-mar	30	private static /OIDplusPagePlugin[]/ $pagePlugins = array();
1116	daniel-mar	31	/**
		32	* @var OIDplusAuthPlugin[]
		33	*/
281	daniel-mar	34	private static /OIDplusAuthPlugin[]/ $authPlugins = array();
1116	daniel-mar	35	/**
		36	* @var OIDplusLoggerPlugin[]
		37	*/
289	daniel-mar	38	private static /OIDplusLoggerPlugin[]/ $loggerPlugins = array();
1116	daniel-mar	39	/**
		40	* @var OIDplusObjectTypePlugin[]
		41	*/
227	daniel-mar	42	private static /OIDplusObjectTypePlugin[]/ $objectTypePlugins = array();
1116	daniel-mar	43	/**
		44	* @var string[]\|OIDplusObject[] Classnames of OIDplusObject classes
		45	*/
227	daniel-mar	46	private static /string[]/ $enabledObjectTypes = array();
1116	daniel-mar	47	/**
		48	* @var string[]\|OIDplusObject[] Classnames of OIDplusObject classes
		49	*/
227	daniel-mar	50	private static /string[]/ $disabledObjectTypes = array();
1116	daniel-mar	51	/**
		52	* @var OIDplusDatabasePlugin[]
		53	*/
227	daniel-mar	54	private static /OIDplusDatabasePlugin[]/ $dbPlugins = array();
1116	daniel-mar	55	/**
		56	* @var OIDplusCaptchaPlugin[]
		57	*/
702	daniel-mar	58	private static /OIDplusCaptchaPlugin[]/ $captchaPlugins = array();
1116	daniel-mar	59	/**
		60	* @var OIDplusSqlSlangPlugin[]
		61	*/
274	daniel-mar	62	private static /OIDplusSqlSlangPlugin[]/ $sqlSlangPlugins = array();
1116	daniel-mar	63	/**
		64	* @var OIDplusLanguagePlugin[]
		65	*/
355	daniel-mar	66	private static /OIDplusLanguagePlugin[]/ $languagePlugins = array();
1116	daniel-mar	67	/**
		68	* @var OIDplusDesignPlugin[]
		69	*/
449	daniel-mar	70	private static /OIDplusDesignPlugin[]/ $designPlugins = array();
2	daniel-mar	71
1116	daniel-mar	72	/**
		73	* @var bool
		74	*/
280	daniel-mar	75	protected static $html = true;
236	daniel-mar	76
1116	daniel-mar	77	/**
		78	* e.g. "../"
		79	*/
		80	/public/ const PATH_RELATIVE = 1;
801	daniel-mar	81
1116	daniel-mar	82	/**
		83	* e.g. "http://www.example.com/oidplus/"
		84	*/
		85	/public/ const PATH_ABSOLUTE = 2;
		86
		87	/**
		88	* e.g. "http://www.example.org/oidplus/" (if baseconfig CANONICAL_SYSTEM_URL is set)
		89	*/
		90	/public/ const PATH_ABSOLUTE_CANONICAL = 3;
		91
		92	/**
		93	* e.g. "/oidplus/"
		94	*/
		95	/public/ const PATH_RELATIVE_TO_ROOT = 4;
		96
		97	/**
		98	* e.g. "/oidplus/" (if baseconfig CANONICAL_SYSTEM_URL is set)
		99	*/
		100	/public/ const PATH_RELATIVE_TO_ROOT_CANONICAL = 5;
		101
		102	/**
		103	* These plugin types can contain HTML code and therefore may
		104	* emit (non-setup) CSS/JS code via their manifest.
		105	* Note that design plugins may only output CSS, not JS.
		106	*/
778	daniel-mar	107	/public/ const INTERACTIVE_PLUGIN_TYPES = array(
1199	daniel-mar	108	'publicPages',
		109	'raPages',
		110	'adminPages',
		111	'objectTypes',
		112	'captcha'
		113	);
778	daniel-mar	114
1073	daniel-mar	115	const UUID_NAMEBASED_NS_Base64PubKey = 'fd16965c-8bab-11ed-8744-3c4a92df8582';
		116
1116	daniel-mar	117	/**
		118	* Private constructor (Singleton)
		119	*/
2	daniel-mar	120	private function __construct() {
		121	}
295	daniel-mar	122
1116	daniel-mar	123	/**
		124	* @return bool
		125	* @throws OIDplusException
		126	*/
1068	daniel-mar	127	private static function insideSetup(): bool {
		128	if (PHP_SAPI == 'cli') return false;
		129	if (!isset($_SERVER['REQUEST_URI'])) return false;
1055	daniel-mar	130	return (strpos($_SERVER['REQUEST_URI'], OIDplus::webpath(null,OIDplus::PATH_RELATIVE_TO_ROOT).'setup/') === 0);
		131	}
		132
1050	daniel-mar	133	// --- Static classes
274	daniel-mar	134
263	daniel-mar	135	private static $baseConfig = null;
1050	daniel-mar	136	private static $oldConfigFormatLoaded = false;
274	daniel-mar	137
1116	daniel-mar	138	/**
		139	* @return OIDplusBaseConfig
		140	* @throws OIDplusException, OIDplusConfigInitializationException
		141	*/
		142	public static function baseConfig(): OIDplusBaseConfig {
263	daniel-mar	143	if ($first_init = is_null(self::$baseConfig)) {
		144	self::$baseConfig = new OIDplusBaseConfig();
261	daniel-mar	145	}
		146
1169	daniel-mar	147	if ($first_init) {
		148	if (self::insideSetup()) return self::$baseConfig;
		149	if ((basename($_SERVER['SCRIPT_NAME']) === 'oidplus.min.js.php') && isset($_REQUEST['noBaseConfig']) && ($_REQUEST['noBaseConfig'] == '1')) return self::$baseConfig;
		150	if ((basename($_SERVER['SCRIPT_NAME']) === 'oidplus.min.css.php') && isset($_REQUEST['noBaseConfig']) && ($_REQUEST['noBaseConfig'] == '1')) return self::$baseConfig;
1055	daniel-mar	151
261	daniel-mar	152	// Include a file containing various size/depth limitations of OIDs
294	daniel-mar	153	// It is important to include it before userdata/baseconfig/config.inc.php was included,
		154	// so we can give userdata/baseconfig/config.inc.php the chance to override the values.
261	daniel-mar	155
496	daniel-mar	156	include OIDplus::localpath().'includes/oidplus_limits.inc.php';
261	daniel-mar	157
		158	// Include config file
295	daniel-mar	159
496	daniel-mar	160	$config_file = OIDplus::localpath() . 'userdata/baseconfig/config.inc.php';
		161	$config_file_old = OIDplus::localpath() . 'includes/config.inc.php'; // backwards compatibility
295	daniel-mar	162
294	daniel-mar	163	if (!file_exists($config_file) && file_exists($config_file_old)) {
		164	$config_file = $config_file_old;
		165	}
261	daniel-mar	166
294	daniel-mar	167	if (file_exists($config_file)) {
1050	daniel-mar	168	if (self::$oldConfigFormatLoaded) {
263	daniel-mar	169	// Note: We may only include it once due to backwards compatibility,
		170	// since in version 2.0, the configuration was defined using define() statements
		171	// Attention: This does mean that a full re-init (e.g. for test cases) is not possible
		172	// if a version 2.0 config is used!
1050	daniel-mar	173
		174	// We need to do this, because define() cannot be undone
		175	// Note: This can only happen in very special cases (e.g. test cases) where you call init() twice
		176	throw new OIDplusConfigInitializationException(_L('A full re-initialization is not possible if a version 2.0 config file (containing "defines") is used. Please update to a config 2.1 file by running setup again.'));
263	daniel-mar	177	} else {
1050	daniel-mar	178	$tmp = file_get_contents($config_file);
		179	$ns = "ViaThinkSoft\OIDplus\OIDplus";
		180	$uses = "use $ns;";
		181	if ((strpos($tmp,'OIDplus::') !== false) && (strpos($tmp,$uses) === false)) {
		182	// Migrate config file to namespace class names
		183	// Note: Only config files version 2.1 are affected. Not 2.0 ones
		184
		185	$tmp = "<?php\r\n\r\n$uses /* Automatically added by migration procedure */\r\n?>$tmp";
		186	$tmp = str_replace('?><?php', '', $tmp);
		187
		188	$tmp = str_replace("\$ns\OIDplusCaptchaPluginRecaptcha::", "OIDplusCaptchaPluginRecaptcha::", $tmp);
		189	$tmp = str_replace("OIDplusCaptchaPluginRecaptcha::", "\$ns\OIDplusCaptchaPluginRecaptcha::", $tmp);
		190
		191	$tmp = str_replace('DISABLE_PLUGIN_OIDplusPagePublicRdap',
1122	daniel-mar	192	'DISABLE_PLUGIN_Frdlweb\OIDplus\OIDplusPagePublicRdap', $tmp);
1050	daniel-mar	193	$tmp = str_replace('DISABLE_PLUGIN_OIDplusPagePublicAltIds',
1122	daniel-mar	194	'DISABLE_PLUGIN_Frdlweb\OIDplus\OIDplusPagePublicAltIds', $tmp);
1051	daniel-mar	195	$tmp = str_replace('DISABLE_PLUGIN_OIDplusPagePublicUITweaks',
1122	daniel-mar	196	'DISABLE_PLUGIN_TushevOrg\OIDplus\OIDplusPagePublicUITweaks', $tmp);
1050	daniel-mar	197	$tmp = str_replace('DISABLE_PLUGIN_OIDplus',
1122	daniel-mar	198	'DISABLE_PLUGIN_ViaThinkSoft\OIDplus\OIDplus', $tmp);
1050	daniel-mar	199
		200	if (@file_put_contents($config_file, $tmp) === false) {
		201	eval('?>'.$tmp);
		202	} else {
		203	include $config_file;
		204	}
		205	} else {
		206	include $config_file;
		207	}
263	daniel-mar	208	}
261	daniel-mar	209
1055	daniel-mar	210	// Backwards compatibility 2.0 => 2.1
261	daniel-mar	211	if (defined('OIDPLUS_CONFIG_VERSION') && (OIDPLUS_CONFIG_VERSION == 2.0)) {
1050	daniel-mar	212	self::$oldConfigFormatLoaded = true;
261	daniel-mar	213	foreach (get_defined_constants(true)['user'] as $name => $value) {
		214	$name = str_replace('OIDPLUS_', '', $name);
		215	if ($name == 'SESSION_SECRET') $name = 'SERVER_SECRET';
		216	if ($name == 'MYSQL_QUERYLOG') $name = 'QUERY_LOGFILE';
1050	daniel-mar	217	$name = str_replace('DISABLE_PLUGIN_OIDplusPagePublicRdap',
1122	daniel-mar	218	'DISABLE_PLUGIN_Frdlweb\OIDplus\OIDplusPagePublicRdap', $name);
1050	daniel-mar	219	$name = str_replace('DISABLE_PLUGIN_OIDplusPagePublicAltIds',
1122	daniel-mar	220	'DISABLE_PLUGIN_Frdlweb\OIDplus\OIDplusPagePublicAltIds', $name);
1051	daniel-mar	221	$name = str_replace('DISABLE_PLUGIN_OIDplusPagePublicUITweaks',
1122	daniel-mar	222	'DISABLE_PLUGIN_TushevOrg\OIDplus\OIDplusPagePublicUITweaks', $name);
1050	daniel-mar	223	$name = str_replace('DISABLE_PLUGIN_OIDplus',
1122	daniel-mar	224	'DISABLE_PLUGIN_ViaThinkSoft\OIDplus\OIDplus', $name);
1055	daniel-mar	225	if ($name == 'CONFIG_VERSION') {
		226	$value = 2.1;
		227	} else if (($name == 'MYSQL_PASSWORD') \|\| ($name == 'ODBC_PASSWORD') \|\| ($name == 'PDO_PASSWORD') \|\| ($name == 'PGSQL_PASSWORD')) {
		228	$value = base64_decode($value);
261	daniel-mar	229	}
1055	daniel-mar	230	self::$baseConfig->setValue($name, $value);
261	daniel-mar	231	}
		232	}
		233	} else {
496	daniel-mar	234	if (!is_dir(OIDplus::localpath().'setup')) {
1050	daniel-mar	235	throw new OIDplusConfigInitializationException(_L('File %1 is missing, but setup can\'t be started because its directory missing.',$config_file));
261	daniel-mar	236	} else {
280	daniel-mar	237	if (self::$html) {
1055	daniel-mar	238	if (!self::insideSetup()) {
801	daniel-mar	239	header('Location:'.OIDplus::webpath(null,OIDplus::PATH_RELATIVE).'setup/');
360	daniel-mar	240	die(_L('Redirecting to setup...'));
349	daniel-mar	241	} else {
		242	return self::$baseConfig;
		243	}
261	daniel-mar	244	} else {
		245	// This can be displayed in e.g. ajax.php
1050	daniel-mar	246	throw new OIDplusConfigInitializationException(_L('File %1 is missing. Please run setup again.',$config_file));
261	daniel-mar	247	}
		248	}
		249	}
		250
		251	// Check important config settings
		252
263	daniel-mar	253	if (self::$baseConfig->getValue('CONFIG_VERSION') != 2.1) {
801	daniel-mar	254	if (strpos($_SERVER['REQUEST_URI'], OIDplus::webpath(null,OIDplus::PATH_RELATIVE).'setup/') !== 0) {
503	daniel-mar	255	throw new OIDplusConfigInitializationException(_L("The information located in %1 is outdated.",realpath($config_file)));
		256	}
261	daniel-mar	257	}
		258
263	daniel-mar	259	if (self::$baseConfig->getValue('SERVER_SECRET', '') === '') {
801	daniel-mar	260	if (strpos($_SERVER['REQUEST_URI'], OIDplus::webpath(null,OIDplus::PATH_RELATIVE).'setup/') !== 0) {
503	daniel-mar	261	throw new OIDplusConfigInitializationException(_L("You must set a value for SERVER_SECRET in %1 for the system to operate secure.",realpath($config_file)));
		262	}
261	daniel-mar	263	}
		264	}
		265
263	daniel-mar	266	return self::$baseConfig;
261	daniel-mar	267	}
		268
263	daniel-mar	269	private static $config = null;
1116	daniel-mar	270
		271	/**
		272	* @return OIDplusConfig
		273	* @throws OIDplusException
		274	*/
		275	public static function config(): OIDplusConfig {
263	daniel-mar	276	if ($first_init = is_null(self::$config)) {
		277	self::$config = new OIDplusConfig();
2	daniel-mar	278	}
263	daniel-mar	279
		280	if ($first_init) {
		281	// These are important settings for base functionalities and therefore are not inside plugins
		282	self::$config->prepareConfigKey('system_title', 'What is the name of your RA?', 'OIDplus 2.0', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
		283	if (empty($value)) {
360	daniel-mar	284	throw new OIDplusException(_L('Please enter a value for the system title.'));
263	daniel-mar	285	}
		286	});
		287	self::$config->prepareConfigKey('admin_email', 'E-Mail address of the system administrator', '', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
		288	if (!empty($value) && !OIDplus::mailUtils()->validMailAddress($value)) {
360	daniel-mar	289	throw new OIDplusException(_L('This is not a correct email address'));
263	daniel-mar	290	}
		291	});
875	daniel-mar	292	self::$config->prepareConfigKey('global_cc', 'Global CC for all outgoing emails?', '', OIDplusConfig::PROTECTION_EDITABLE, function(&$value) {
		293	$value = trim($value);
		294	if ($value === '') return;
		295	$addrs = explode(';', $value);
		296	foreach ($addrs as $addr) {
		297	$addr = trim($addr);
		298	if (!empty($addr) && !OIDplus::mailUtils()->validMailAddress($addr)) {
		299	throw new OIDplusException(_L('%1 is not a correct email address',$addr));
		300	}
263	daniel-mar	301	}
		302	});
875	daniel-mar	303	self::$config->prepareConfigKey('global_bcc', 'Global BCC for all outgoing emails?', '', OIDplusConfig::PROTECTION_EDITABLE, function(&$value) {
		304	$value = trim($value);
		305	if ($value === '') return;
		306	$addrs = explode(';', $value);
		307	foreach ($addrs as $addr) {
		308	$addr = trim($addr);
		309	if (!empty($addr) && !OIDplus::mailUtils()->validMailAddress($addr)) {
		310	throw new OIDplusException(_L('%1 is not a correct email address',$addr));
		311	}
		312	}
		313	});
263	daniel-mar	314	self::$config->prepareConfigKey('objecttypes_initialized', 'List of object type plugins that were initialized once', '', OIDplusConfig::PROTECTION_READONLY, function($value) {
		315	// Nothing here yet
		316	});
		317	self::$config->prepareConfigKey('objecttypes_enabled', 'Enabled object types and their order, separated with a semicolon (please reload the page so that the change is applied)', '', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
1050	daniel-mar	318	// TODO: when objecttypes_enabled is changed at the admin control panel, we need to do a reload of the page, so that jsTree will be updated. Is there anything we can do?
263	daniel-mar	319
		320	$ary = explode(';',$value);
		321	$uniq_ary = array_unique($ary);
		322
		323	if (count($ary) != count($uniq_ary)) {
360	daniel-mar	324	throw new OIDplusException(_L('Please check your input. Some object types are double.'));
263	daniel-mar	325	}
		326
		327	foreach ($ary as $ot_check) {
		328	$ns_found = false;
		329	foreach (OIDplus::getEnabledObjectTypes() as $ot) {
		330	if ($ot::ns() == $ot_check) {
		331	$ns_found = true;
		332	break;
		333	}
		334	}
		335	foreach (OIDplus::getDisabledObjectTypes() as $ot) {
		336	if ($ot::ns() == $ot_check) {
		337	$ns_found = true;
		338	break;
		339	}
		340	}
		341	if (!$ns_found) {
360	daniel-mar	342	throw new OIDplusException(_L('Please check your input. Namespace "%1" is not found',$ot_check));
263	daniel-mar	343	}
		344	}
		345	});
		346	self::$config->prepareConfigKey('oidplus_private_key', 'Private key for this system', '', OIDplusConfig::PROTECTION_HIDDEN, function($value) {
		347	// Nothing here yet
		348	});
		349	self::$config->prepareConfigKey('oidplus_public_key', 'Public key for this system. If you "clone" your system, you must delete this key (e.g. using phpMyAdmin), so that a new one is created.', '', OIDplusConfig::PROTECTION_READONLY, function($value) {
		350	// Nothing here yet
		351	});
324	daniel-mar	352	self::$config->prepareConfigKey('last_known_system_url', 'Last known System URL', '', OIDplusConfig::PROTECTION_HIDDEN, function($value) {
		353	// Nothing here yet
		354	});
412	daniel-mar	355	self::$config->prepareConfigKey('last_known_version', 'Last known OIDplus Version', '', OIDplusConfig::PROTECTION_HIDDEN, function($value) {
		356	// Nothing here yet
		357	});
1088	daniel-mar	358	self::$config->prepareConfigKey('default_ra_auth_method', 'Default auth method used for generating password of RAs (must exist in plugins/[vendorname]/auth/)? Empty = OIDplus decides.', '', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
		359	if (trim($value) === '') return; // OIDplus decides
		360
453	daniel-mar	361	$good = true;
		362	if (strpos($value,'/') !== false) $good = false;
		363	if (strpos($value,'\\') !== false) $good = false;
		364	if (strpos($value,'..') !== false) $good = false;
		365	if (!$good) {
1212	daniel-mar	366	throw new OIDplusException(_L('Invalid auth plugin name. It is usually the folder name, without path, e.g. "%1"', 'A4_argon2'));
453	daniel-mar	367	}
		368
1099	daniel-mar	369	OIDplus::checkRaAuthPluginAvailable($value, true);
453	daniel-mar	370	});
263	daniel-mar	371	}
		372
		373	return self::$config;
2	daniel-mar	374	}
		375
263	daniel-mar	376	private static $gui = null;
1116	daniel-mar	377
		378	/**
		379	* @return OIDplusGui
		380	*/
		381	public static function gui(): OIDplusGui {
263	daniel-mar	382	if (is_null(self::$gui)) {
		383	self::$gui = new OIDplusGui();
86	daniel-mar	384	}
263	daniel-mar	385	return self::$gui;
2	daniel-mar	386	}
		387
263	daniel-mar	388	private static $authUtils = null;
1116	daniel-mar	389
		390	/**
		391	* @return OIDplusAuthUtils
		392	*/
		393	public static function authUtils(): OIDplusAuthUtils {
263	daniel-mar	394	if (is_null(self::$authUtils)) {
		395	self::$authUtils = new OIDplusAuthUtils();
86	daniel-mar	396	}
263	daniel-mar	397	return self::$authUtils;
2	daniel-mar	398	}
		399
263	daniel-mar	400	private static $mailUtils = null;
1116	daniel-mar	401
		402	/**
		403	* @return OIDplusMailUtils
		404	*/
		405	public static function mailUtils(): OIDplusMailUtils {
263	daniel-mar	406	if (is_null(self::$mailUtils)) {
		407	self::$mailUtils = new OIDplusMailUtils();
250	daniel-mar	408	}
263	daniel-mar	409	return self::$mailUtils;
250	daniel-mar	410	}
		411
557	daniel-mar	412	private static $cookieUtils = null;
1116	daniel-mar	413
		414	/**
		415	* @return OIDplusCookieUtils
		416	*/
		417	public static function cookieUtils(): OIDplusCookieUtils {
557	daniel-mar	418	if (is_null(self::$cookieUtils)) {
		419	self::$cookieUtils = new OIDplusCookieUtils();
		420	}
		421	return self::$cookieUtils;
		422	}
		423
263	daniel-mar	424	private static $menuUtils = null;
1116	daniel-mar	425
		426	/**
		427	* @return OIDplusMenuUtils
		428	*/
		429	public static function menuUtils(): OIDplusMenuUtils {
263	daniel-mar	430	if (is_null(self::$menuUtils)) {
		431	self::$menuUtils = new OIDplusMenuUtils();
250	daniel-mar	432	}
263	daniel-mar	433	return self::$menuUtils;
250	daniel-mar	434	}
		435
263	daniel-mar	436	private static $logger = null;
1116	daniel-mar	437
		438	/**
		439	* @return OIDplusLogger
		440	*/
		441	public static function logger(): OIDplusLogger {
263	daniel-mar	442	if (is_null(self::$logger)) {
		443	self::$logger = new OIDplusLogger();
115	daniel-mar	444	}
263	daniel-mar	445	return self::$logger;
115	daniel-mar	446	}
		447
1050	daniel-mar	448	// --- SQL slang plugin
274	daniel-mar	449
1112	daniel-mar	450	/**
1116	daniel-mar	451	* @param OIDplusSqlSlangPlugin $plugin
		452	* @return void
		453	* @throws OIDplusException
		454	*/
274	daniel-mar	455	private static function registerSqlSlangPlugin(OIDplusSqlSlangPlugin $plugin) {
		456	$name = $plugin::id();
		457
1112	daniel-mar	458	if ($name === '') {
		459	throw new OIDplusException(_L('Plugin %1 cannot be registered because it does not return a valid ID', $plugin->getPluginDirectory()));
		460	}
		461
449	daniel-mar	462	if (isset(self::$sqlSlangPlugins[$name])) {
451	daniel-mar	463	$plugintype_hf = _L('SQL slang');
592	daniel-mar	464	throw new OIDplusException(_L('Multiple %1 plugins use the ID %2', $plugintype_hf, $name));
449	daniel-mar	465	}
		466
274	daniel-mar	467	self::$sqlSlangPlugins[$name] = $plugin;
		468	}
		469
1116	daniel-mar	470	/**
		471	* @return OIDplusSqlSlangPlugin[]
		472	*/
		473	public static function getSqlSlangPlugins(): array {
274	daniel-mar	474	return self::$sqlSlangPlugins;
		475	}
		476
1116	daniel-mar	477	/**
		478	* @param string $id
		479	* @return OIDplusSqlSlangPlugin\|null
		480	*/
		481	public static function getSqlSlangPlugin(string $id)/: ?OIDplusSqlSlangPlugin/ {
1130	daniel-mar	482	return self::$sqlSlangPlugins[$id] ?? null;
318	daniel-mar	483	}
		484
1050	daniel-mar	485	// --- Database plugin
74	daniel-mar	486
1112	daniel-mar	487	/**
1116	daniel-mar	488	* @param OIDplusDatabasePlugin $plugin
		489	* @return void
		490	* @throws OIDplusException
		491	*/
227	daniel-mar	492	private static function registerDatabasePlugin(OIDplusDatabasePlugin $plugin) {
275	daniel-mar	493	$name = $plugin::id();
150	daniel-mar	494
1112	daniel-mar	495	if ($name === '') {
		496	throw new OIDplusException(_L('Plugin %1 cannot be registered because it does not return a valid ID', $plugin->getPluginDirectory()));
		497	}
		498
449	daniel-mar	499	if (isset(self::$dbPlugins[$name])) {
		500	$plugintype_hf = _L('Database');
592	daniel-mar	501	throw new OIDplusException(_L('Multiple %1 plugins use the ID %2', $plugintype_hf, $name));
449	daniel-mar	502	}
		503
150	daniel-mar	504	self::$dbPlugins[$name] = $plugin;
		505	}
		506
1116	daniel-mar	507	/**
		508	* @return OIDplusDatabasePlugin[]
		509	*/
		510	public static function getDatabasePlugins(): array {
150	daniel-mar	511	return self::$dbPlugins;
		512	}
		513
1116	daniel-mar	514	/**
		515	* @return OIDplusDatabasePlugin
		516	* @throws OIDplusException, OIDplusConfigInitializationException
		517	*/
		518	public static function getActiveDatabasePlugin(): OIDplusDatabasePlugin {
702	daniel-mar	519	$db_plugin_name = OIDplus::baseConfig()->getValue('DATABASE_PLUGIN','');
		520	if ($db_plugin_name === '') {
360	daniel-mar	521	throw new OIDplusConfigInitializationException(_L('No database plugin selected in config file'));
260	daniel-mar	522	}
1016	daniel-mar	523	foreach (self::$dbPlugins as $name => $plugin) {
		524	if (strtolower($name) == strtolower($db_plugin_name)) {
		525	return $plugin;
		526	}
227	daniel-mar	527	}
1016	daniel-mar	528	throw new OIDplusConfigInitializationException(_L('Database plugin "%1" not found',$db_plugin_name));
227	daniel-mar	529	}
		530
1116	daniel-mar	531	/**
		532	* @var OIDplusDatabaseConnection\|null
		533	*/
295	daniel-mar	534	private static $dbMainSession = null;
1116	daniel-mar	535
		536	/**
		537	* @return OIDplusDatabaseConnection
		538	* @throws OIDplusException, OIDplusConfigInitializationException
		539	*/
		540	public static function db(): OIDplusDatabaseConnection {
295	daniel-mar	541	if (is_null(self::$dbMainSession)) {
		542	self::$dbMainSession = self::getActiveDatabasePlugin()->newConnection();
		543	}
		544	if (!self::$dbMainSession->isConnected()) self::$dbMainSession->connect();
		545	return self::$dbMainSession;
		546	}
		547
1116	daniel-mar	548	/**
		549	* @var OIDplusDatabaseConnection\|null
		550	*/
295	daniel-mar	551	private static $dbIsolatedSession = null;
1116	daniel-mar	552
		553	/**
		554	* @return OIDplusDatabaseConnection
		555	* @throws OIDplusException, OIDplusConfigInitializationException
		556	*/
		557	public static function dbIsolated(): OIDplusDatabaseConnection {
295	daniel-mar	558	if (is_null(self::$dbIsolatedSession)) {
		559	self::$dbIsolatedSession = self::getActiveDatabasePlugin()->newConnection();
		560	}
		561	if (!self::$dbIsolatedSession->isConnected()) self::$dbIsolatedSession->connect();
		562	return self::$dbIsolatedSession;
		563	}
		564
1050	daniel-mar	565	// --- CAPTCHA plugin
702	daniel-mar	566
1112	daniel-mar	567	/**
1116	daniel-mar	568	* @param OIDplusCaptchaPlugin $plugin
		569	* @return void
		570	* @throws OIDplusException
		571	*/
702	daniel-mar	572	private static function registerCaptchaPlugin(OIDplusCaptchaPlugin $plugin) {
		573	$name = $plugin::id();
		574
1112	daniel-mar	575	if ($name === '') {
		576	throw new OIDplusException(_L('Plugin %1 cannot be registered because it does not return a valid ID', $plugin->getPluginDirectory()));
		577	}
		578
702	daniel-mar	579	if (isset(self::$captchaPlugins[$name])) {
		580	$plugintype_hf = _L('CAPTCHA');
		581	throw new OIDplusException(_L('Multiple %1 plugins use the ID %2', $plugintype_hf, $name));
		582	}
		583
		584	self::$captchaPlugins[$name] = $plugin;
		585	}
		586
1116	daniel-mar	587	/**
		588	* @return OIDplusCaptchaPlugin[]
		589	*/
		590	public static function getCaptchaPlugins(): array {
702	daniel-mar	591	return self::$captchaPlugins;
		592	}
		593
1116	daniel-mar	594	/**
		595	* @return string
		596	* @throws OIDplusException, OIDplusConfigInitializationException
		597	*/
		598	public static function getActiveCaptchaPluginId(): string {
702	daniel-mar	599	$captcha_plugin_name = OIDplus::baseConfig()->getValue('CAPTCHA_PLUGIN', '');
		600
		601	if (OIDplus::baseConfig()->getValue('RECAPTCHA_ENABLED', false) && ($captcha_plugin_name === '')) {
		602	// Legacy config file support!
1016	daniel-mar	603	$captcha_plugin_name = 'reCAPTCHA';
702	daniel-mar	604	}
		605
704	daniel-mar	606	if ($captcha_plugin_name === '') $captcha_plugin_name = 'None'; // the "None" plugin is a must-have!
702	daniel-mar	607
704	daniel-mar	608	return $captcha_plugin_name;
		609	}
		610
1116	daniel-mar	611	/**
		612	* @return OIDplusCaptchaPlugin
		613	* @throws OIDplusException, OIDplusConfigInitializationException
		614	*/
		615	public static function getActiveCaptchaPlugin(): OIDplusCaptchaPlugin {
704	daniel-mar	616	$captcha_plugin_name = OIDplus::getActiveCaptchaPluginId();
1016	daniel-mar	617	foreach (self::$captchaPlugins as $name => $plugin) {
		618	if (strtolower($name) == strtolower($captcha_plugin_name)) {
		619	return $plugin;
		620	}
702	daniel-mar	621	}
1016	daniel-mar	622	throw new OIDplusConfigInitializationException(_L('CAPTCHA plugin "%1" not found',$captcha_plugin_name));
702	daniel-mar	623	}
		624
1050	daniel-mar	625	// --- Page plugin
227	daniel-mar	626
1112	daniel-mar	627	/**
1116	daniel-mar	628	* @param OIDplusPagePlugin $plugin
		629	* @return void
		630	*/
224	daniel-mar	631	private static function registerPagePlugin(OIDplusPagePlugin $plugin) {
281	daniel-mar	632	self::$pagePlugins[] = $plugin;
61	daniel-mar	633	}
		634
1116	daniel-mar	635	/**
		636	* @return OIDplusPagePlugin[]
		637	*/
		638	public static function getPagePlugins(): array {
281	daniel-mar	639	return self::$pagePlugins;
61	daniel-mar	640	}
		641
1050	daniel-mar	642	// --- Auth plugin
227	daniel-mar	643
1116	daniel-mar	644	/**
1212	daniel-mar	645	* @param string $id
1116	daniel-mar	646	* @return OIDplusAuthPlugin\|null
		647	*/
1212	daniel-mar	648	public static function getAuthPluginById(string $id)/: ?OIDplusAuthPlugin/ {
1088	daniel-mar	649	$plugins = OIDplus::getAuthPlugins();
		650	foreach ($plugins as $plugin) {
1212	daniel-mar	651	if ($plugin->id() == $id) {
1088	daniel-mar	652	return $plugin;
		653	}
		654	}
		655	return null;
		656	}
		657
1116	daniel-mar	658	/**
1212	daniel-mar	659	* @param string $plugin_id
1116	daniel-mar	660	* @param bool $must_hash
		661	* @return void
		662	* @throws OIDplusException
		663	*/
1212	daniel-mar	664	private static function checkRaAuthPluginAvailable(string $plugin_id, bool $must_hash) {
1122	daniel-mar	665	// if (!wildcard_is_dir(OIDplus::localpath().'plugins/'.'*'.'/auth/'.$plugin_foldername)) {
1212	daniel-mar	666	$plugin = OIDplus::getAuthPluginById($plugin_id);
1122	daniel-mar	667	if (is_null($plugin)) {
1212	daniel-mar	668	throw new OIDplusException(_L('The auth plugin "%1" does not exist in plugin directory %2',$plugin_id,'plugins/[vendorname]/auth/'));
1122	daniel-mar	669	}
1088	daniel-mar	670
1122	daniel-mar	671	$reason = '';
		672	if (!$plugin->availableForVerify($reason)) {
1212	daniel-mar	673	throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for password verification on this system.',$plugin_id).' '.$reason));
1122	daniel-mar	674	}
		675	if ($must_hash && !$plugin->availableForHash($reason)) {
1212	daniel-mar	676	throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for hashing on this system.',$plugin_id).' '.$reason));
1122	daniel-mar	677	}
1088	daniel-mar	678	}
		679
1116	daniel-mar	680	/**
		681	* @param bool $must_hash
		682	* @return OIDplusAuthPlugin\|null
		683	* @throws OIDplusException
		684	*/
		685	public static function getDefaultRaAuthPlugin(bool $must_hash)/: OIDplusAuthPlugin/ {
1088	daniel-mar	686	// 1. Priority: Use the auth plugin the user prefers
1212	daniel-mar	687	$def_plugin_id = OIDplus::config()->getValue('default_ra_auth_method');
		688	if (trim($def_plugin_id) !== '') {
		689	OIDplus::checkRaAuthPluginAvailable($def_plugin_id, $must_hash);
		690	return OIDplus::getAuthPluginById($def_plugin_id);
1088	daniel-mar	691	}
		692
		693	// 2. Priority: If empty (i.e. OIDplus may decide), choose the best ViaThinkSoft plugin that is supported on this system
		694	$preferred_auth_plugins = array(
1099	daniel-mar	695	// Sorted by preference
		696	'A4_argon2', // usually Salted Argon2id
		697	'A3_bcrypt', // usually Salted BCrypt
		698	'A5_vts_mcf', // usually SHA3-512-HMAC
		699	'A6_crypt' // usually Salted SHA512 with 5000 rounds
1088	daniel-mar	700	);
1212	daniel-mar	701	foreach ($preferred_auth_plugins as $plugin_id) {
		702	$plugin = OIDplus::getAuthPluginById($plugin_id);
1088	daniel-mar	703	if (is_null($plugin)) continue;
		704
		705	$reason = '';
1099	daniel-mar	706	if (!$plugin->availableForHash($reason)) continue;
		707	if ($must_hash && !$plugin->availableForVerify($reason)) continue;
1088	daniel-mar	708	return $plugin;
		709	}
		710
		711	// 3. Priority: If nothing found, take the first found plugin
		712	$plugins = OIDplus::getAuthPlugins();
1099	daniel-mar	713	foreach ($plugins as $plugin) {
		714	$reason = '';
		715	if (!$plugin->availableForHash($reason)) continue;
		716	if ($must_hash && !$plugin->availableForVerify($reason)) continue;
		717	return $plugin;
1088	daniel-mar	718	}
		719
		720	// 4. Priority: We must deny the creation of the password because we have no auth plugin!
		721	throw new OIDplusException(_L('Could not find a fitting auth plugin!'));
		722	}
		723
1112	daniel-mar	724	/**
1116	daniel-mar	725	* @param OIDplusAuthPlugin $plugin
		726	* @return void
		727	* @throws OIDplusConfigInitializationException
		728	* @throws OIDplusException
		729	*/
227	daniel-mar	730	private static function registerAuthPlugin(OIDplusAuthPlugin $plugin) {
1089	daniel-mar	731	$reason = '';
1099	daniel-mar	732	if (OIDplus::baseConfig()->getValue('DEBUG') && $plugin->availableForHash($reason) && $plugin->availableForVerify($reason)) {
456	daniel-mar	733	$password = generateRandomString(25);
459	daniel-mar	734
461	daniel-mar	735	try {
		736	$authInfo = $plugin->generate($password);
1201	daniel-mar	737	} catch (\Exception $e) {
1090	daniel-mar	738	// This can happen when the AuthKey is too long for the database field
1088	daniel-mar	739	// Note: The constructor and setters of OIDplusRAAuthInfo() already check for length and null/false values.
461	daniel-mar	740	throw new OIDplusException(_L('Auth plugin "%1" is erroneous: %2',basename($plugin->getPluginDirectory()),$e->getMessage()));
		741	}
1088	daniel-mar	742
461	daniel-mar	743	$authInfo_AuthKeyDiff = clone $authInfo;
		744	$authInfo_AuthKeyDiff->setAuthKey(strrev($authInfo_AuthKeyDiff->getAuthKey()));
		745
		746	if ((!$plugin->verify($authInfo,$password)) \|\|
1122	daniel-mar	747	($plugin->verify($authInfo_AuthKeyDiff,$password)) \|\|
		748	($plugin->verify($authInfo,$password.'x'))) {
1088	daniel-mar	749	throw new OIDplusException(_L('Auth plugin "%1" is erroneous: Generate/Verify self-test failed',basename($plugin->getPluginDirectory())));
456	daniel-mar	750	}
453	daniel-mar	751	}
		752
227	daniel-mar	753	self::$authPlugins[] = $plugin;
		754	}
		755
1116	daniel-mar	756	/**
		757	* @return OIDplusAuthPlugin[]
		758	*/
		759	public static function getAuthPlugins(): array {
221	daniel-mar	760	return self::$authPlugins;
		761	}
		762
1050	daniel-mar	763	// --- Language plugin
355	daniel-mar	764
1112	daniel-mar	765	/**
1116	daniel-mar	766	* @param OIDplusLanguagePlugin $plugin
		767	* @return void
		768	*/
355	daniel-mar	769	private static function registerLanguagePlugin(OIDplusLanguagePlugin $plugin) {
		770	self::$languagePlugins[] = $plugin;
		771	}
		772
1116	daniel-mar	773	/**
		774	* @return OIDplusLanguagePlugin[]
		775	*/
		776	public static function getLanguagePlugins(): array {
355	daniel-mar	777	return self::$languagePlugins;
		778	}
		779
1050	daniel-mar	780	// --- Design plugin
449	daniel-mar	781
1112	daniel-mar	782	/**
1116	daniel-mar	783	* @param OIDplusDesignPlugin $plugin
		784	* @return void
		785	*/
449	daniel-mar	786	private static function registerDesignPlugin(OIDplusDesignPlugin $plugin) {
		787	self::$designPlugins[] = $plugin;
		788	}
		789
1116	daniel-mar	790	/**
		791	* @return OIDplusDesignPlugin[]
		792	*/
		793	public static function getDesignPlugins(): array {
449	daniel-mar	794	return self::$designPlugins;
		795	}
		796
1116	daniel-mar	797	/**
		798	* @return OIDplusDesignPlugin\|null
		799	* @throws OIDplusException
		800	*/
		801	public static function getActiveDesignPlugin()/: ?OIDplusDesignPlugin/ {
819	daniel-mar	802	$plugins = OIDplus::getDesignPlugins();
		803	foreach ($plugins as $plugin) {
1212	daniel-mar	804	if ($plugin->id() == OIDplus::config()->getValue('design','default')) {
819	daniel-mar	805	return $plugin;
		806	}
		807	}
		808	return null;
		809	}
		810
1050	daniel-mar	811	// --- Logger plugin
289	daniel-mar	812
1112	daniel-mar	813	/**
1116	daniel-mar	814	* @param OIDplusLoggerPlugin $plugin
		815	* @return void
		816	*/
289	daniel-mar	817	private static function registerLoggerPlugin(OIDplusLoggerPlugin $plugin) {
		818	self::$loggerPlugins[] = $plugin;
		819	}
		820
1116	daniel-mar	821	/**
		822	* @return OIDplusLoggerPlugin[]
		823	*/
		824	public static function getLoggerPlugins(): array {
289	daniel-mar	825	return self::$loggerPlugins;
		826	}
		827
1050	daniel-mar	828	// --- Object type plugin
227	daniel-mar	829
1112	daniel-mar	830	/**
1116	daniel-mar	831	* @param OIDplusObjectTypePlugin $plugin
		832	* @return void
		833	* @throws OIDplusException
		834	*/
227	daniel-mar	835	private static function registerObjectTypePlugin(OIDplusObjectTypePlugin $plugin) {
		836	self::$objectTypePlugins[] = $plugin;
		837
		838	$ot = $plugin::getObjectTypeClassName();
		839	self::registerObjectType($ot);
		840	}
		841
1112	daniel-mar	842	/**
1116	daniel-mar	843	* @param string\|OIDplusObject $ot Object type class name (OIDplusObject)
		844	* @return void
		845	* @throws OIDplusException
		846	*/
224	daniel-mar	847	private static function registerObjectType($ot) {
66	daniel-mar	848	$ns = $ot::ns();
860	daniel-mar	849	if (empty($ns)) throw new OIDplusException(_L('ObjectType plugin %1 is erroneous: Namespace must not be empty',$ot));
66	daniel-mar	850
860	daniel-mar	851	// Currently, we must enforce that namespaces in objectType plugins are lowercase, because prefilterQuery() makes all namespaces lowercase and the DBMS should be case-sensitive
		852	if ($ns != strtolower($ns)) throw new OIDplusException(_L('ObjectType plugin %1 is erroneous: Namespace %2 must be lower-case',$ot,$ns));
66	daniel-mar	853
860	daniel-mar	854	$root = $ot::root();
		855	if (!str_starts_with($root,$ns.':')) throw new OIDplusException(_L('ObjectType plugin %1 is erroneous: Root node (%2) is in wrong namespace (needs starts with %3)!',$ot,$root,$ns.':'));
		856
66	daniel-mar	857	$ns_found = false;
227	daniel-mar	858	foreach (array_merge(OIDplus::getEnabledObjectTypes(), OIDplus::getDisabledObjectTypes()) as $test_ot) {
66	daniel-mar	859	if ($test_ot::ns() == $ns) {
		860	$ns_found = true;
		861	break;
		862	}
		863	}
		864	if ($ns_found) {
360	daniel-mar	865	throw new OIDplusException(_L('Attention: Two objectType plugins use the same namespace "%1"!',$ns));
66	daniel-mar	866	}
		867
		868	$init = OIDplus::config()->getValue("objecttypes_initialized");
		869	$init_ary = empty($init) ? array() : explode(';', $init);
70	daniel-mar	870	$init_ary = array_map('trim', $init_ary);
66	daniel-mar	871
		872	$enabled = OIDplus::config()->getValue("objecttypes_enabled");
		873	$enabled_ary = empty($enabled) ? array() : explode(';', $enabled);
70	daniel-mar	874	$enabled_ary = array_map('trim', $enabled_ary);
66	daniel-mar	875
79	daniel-mar	876	if (in_array($ns, $enabled_ary)) {
447	daniel-mar	877	// If it is in the list of enabled object types, it is enabled (obviously)
79	daniel-mar	878	$do_enable = true;
		879	} else {
447	daniel-mar	880	if (!OIDplus::config()->getValue('oobe_objects_done')) {
		881	// If the OOBE wizard is NOT done, then just enable the "oid" object type by default
79	daniel-mar	882	$do_enable = $ns == 'oid';
		883	} else {
447	daniel-mar	884	// If the OOBE wizard was done (once), then
		885	// we will enable all object types which were never initialized
		886	// (i.e. a plugin folder was freshly added)
79	daniel-mar	887	$do_enable = !in_array($ns, $init_ary);
		888	}
		889	}
		890
		891	if ($do_enable) {
227	daniel-mar	892	self::$enabledObjectTypes[] = $ot;
		893	usort(self::$enabledObjectTypes, function($a, $b) {
66	daniel-mar	894	$enabled = OIDplus::config()->getValue("objecttypes_enabled");
		895	$enabled_ary = explode(';', $enabled);
		896
		897	$idx_a = array_search($a::ns(), $enabled_ary);
		898	$idx_b = array_search($b::ns(), $enabled_ary);
		899
1112	daniel-mar	900	if ($idx_a == $idx_b) return 0;
		901	return ($idx_a > $idx_b) ? +1 : -1;
66	daniel-mar	902	});
74	daniel-mar	903	} else {
		904	self::$disabledObjectTypes[] = $ot;
66	daniel-mar	905	}
		906
		907	if (!in_array($ns, $init_ary)) {
		908	// Was never initialized before, so we add it to the list of enabled object types once
		909
79	daniel-mar	910	if ($do_enable) {
		911	$enabled_ary[] = $ns;
672	daniel-mar	912	// Important: Don't validate the input, because the other object types might not be initialized yet! So use setValueNoCallback() instead setValue().
		913	OIDplus::config()->setValueNoCallback("objecttypes_enabled", implode(';', $enabled_ary));
79	daniel-mar	914	}
66	daniel-mar	915
		916	$init_ary[] = $ns;
		917	OIDplus::config()->setValue("objecttypes_initialized", implode(';', $init_ary));
		918	}
61	daniel-mar	919	}
		920
1116	daniel-mar	921	/**
		922	* @return OIDplusObjectTypePlugin[]
		923	*/
		924	public static function getObjectTypePlugins(): array {
227	daniel-mar	925	return self::$objectTypePlugins;
61	daniel-mar	926	}
		927
1116	daniel-mar	928	/**
		929	* @return OIDplusObjectTypePlugin[]
		930	*/
		931	public static function getObjectTypePluginsEnabled(): array {
227	daniel-mar	932	$res = array();
		933	foreach (self::$objectTypePlugins as $plugin) {
		934	$ot = $plugin::getObjectTypeClassName();
		935	if (in_array($ot, self::$enabledObjectTypes)) $res[] = $plugin;
		936	}
		937	return $res;
74	daniel-mar	938	}
		939
1116	daniel-mar	940	/**
		941	* @return OIDplusObjectTypePlugin[]
		942	*/
		943	public static function getObjectTypePluginsDisabled(): array {
227	daniel-mar	944	$res = array();
		945	foreach (self::$objectTypePlugins as $plugin) {
		946	$ot = $plugin::getObjectTypeClassName();
		947	if (in_array($ot, self::$disabledObjectTypes)) $res[] = $plugin;
74	daniel-mar	948	}
227	daniel-mar	949	return $res;
74	daniel-mar	950	}
		951
1116	daniel-mar	952	/**
		953	* @return string[]\|OIDplusObject[] Classname of a OIDplusObject class
		954	*/
		955	public static function getEnabledObjectTypes(): array {
227	daniel-mar	956	return self::$enabledObjectTypes;
		957	}
74	daniel-mar	958
1116	daniel-mar	959	/**
		960	* @return string[]\|OIDplusObject[] Classname of a OIDplusObject class
		961	*/
		962	public static function getDisabledObjectTypes(): array {
227	daniel-mar	963	return self::$disabledObjectTypes;
		964	}
74	daniel-mar	965
1050	daniel-mar	966	// --- Plugin handling functions
277	daniel-mar	967
1116	daniel-mar	968	/**
		969	* @return OIDplusPlugin[]
		970	*/
		971	public static function getAllPlugins(): array {
320	daniel-mar	972	$res = array();
		973	$res = array_merge($res, self::$pagePlugins);
		974	$res = array_merge($res, self::$authPlugins);
		975	$res = array_merge($res, self::$loggerPlugins);
		976	$res = array_merge($res, self::$objectTypePlugins);
		977	$res = array_merge($res, self::$dbPlugins);
702	daniel-mar	978	$res = array_merge($res, self::$captchaPlugins);
320	daniel-mar	979	$res = array_merge($res, self::$sqlSlangPlugins);
355	daniel-mar	980	$res = array_merge($res, self::$languagePlugins);
1116	daniel-mar	981	return array_merge($res, self::$designPlugins);
320	daniel-mar	982	}
		983
1116	daniel-mar	984	/**
		985	* @param string $oid
		986	* @return OIDplusPlugin\|null
		987	*/
		988	public static function getPluginByOid(string $oid)/: ?OIDplusPlugin/ {
320	daniel-mar	989	$plugins = self::getAllPlugins();
321	daniel-mar	990	foreach ($plugins as $plugin) {
		991	if (oid_dotnotation_equal($plugin->getManifest()->getOid(), $oid)) {
		992	return $plugin;
320	daniel-mar	993	}
		994	}
		995	return null;
		996	}
		997
1116	daniel-mar	998	/**
		999	* @param string $classname
		1000	* @return OIDplusPlugin\|null
		1001	*/
		1002	public static function getPluginByClassName(string $classname)/: ?OIDplusPlugin/ {
380	daniel-mar	1003	$plugins = self::getAllPlugins();
		1004	foreach ($plugins as $plugin) {
		1005	if (get_class($plugin) === $classname) {
		1006	return $plugin;
		1007	}
		1008	}
		1009	return null;
277	daniel-mar	1010	}
		1011
594	daniel-mar	1012	/**
1122	daniel-mar	1013	* Checks if the plugin is disabled
		1014	* @return bool true if plugin is enabled, false if plugin is disabled
		1015	* @throws OIDplusException if the class name or config file (disabled setting) does not contain a namespace
		1016	*/
1050	daniel-mar	1017	private static function pluginCheckDisabled($class_name): bool {
		1018	$path = explode('\\', $class_name);
		1019
		1020	if (count($path) == 1) {
		1021	throw new OIDplusException(_L('Plugin "%1" is erroneous',$class_name).': '._L('The plugin uses no namespaces. The new version of OIDplus requires plugin class files to be in a namespace. Please notify your plugin author and ask for an update.'));
		1022	}
		1023
		1024	$class_end = end($path);
		1025	if (OIDplus::baseConfig()->getValue('DISABLE_PLUGIN_'.$class_end, false)) {
		1026	throw new OIDplusConfigInitializationException(_L('Your base configuration file is outdated. Please change "%1" to "%2".','DISABLE_PLUGIN_'.$class_end,'DISABLE_PLUGIN_'.$class_name));
		1027	}
		1028
		1029	if (OIDplus::baseConfig()->getValue('DISABLE_PLUGIN_'.$class_name, false)) {
		1030	return false;
		1031	}
		1032
		1033	return true;
		1034	}
		1035
		1036	/**
1116	daniel-mar	1037	* @param string $pluginFolderMasks
		1038	* @param bool $flat
		1039	* @return OIDplusPluginManifest[]\|array<string,array<string,OIDplusPluginManifest>>
		1040	* @throws OIDplusException
		1041	*/
		1042	public static function getAllPluginManifests(string $pluginFolderMasks='*', bool $flat=true): array {
277	daniel-mar	1043	$out = array();
279	daniel-mar	1044	// Note: glob() will sort by default, so we do not need a page priority attribute.
		1045	// So you just need to use a numeric plugin directory prefix (padded).
693	daniel-mar	1046	$ary = array();
		1047	foreach (explode(',',$pluginFolderMasks) as $pluginFolderMask) {
		1048	$ary = array_merge($ary,glob(OIDplus::localpath().'plugins/'.''.'/'.$pluginFolderMask.'/'.''.'/manifest.xml'));
		1049	}
646	daniel-mar	1050
		1051	// Sort the plugins by their type and name, as if they would be in a single vendor-folder!
		1052	uasort($ary, function($a,$b) {
		1053	if ($a == $b) return 0;
		1054
1122	daniel-mar	1055	$a = str_replace('\\', '/', $a);
646	daniel-mar	1056	$ary = explode('/',$a);
		1057	$bry = explode('/',$b);
		1058
		1059	// First sort by type (publicPage, auth, database, language, ...)
		1060	$a_type = $ary[count($ary)-1-2];
		1061	$b_type = $bry[count($bry)-1-2];
		1062	if ($a_type < $b_type) return -1;
		1063	if ($a_type > $b_type) return 1;
		1064
		1065	// Then sort by name (090_login, 100_whois, etc.)
		1066	$a_name = $ary[count($ary)-1-1];
		1067	$b_name = $bry[count($bry)-1-1];
		1068	if ($a_name < $b_name) return -1;
		1069	if ($a_name > $b_name) return 1;
		1070
		1071	// If it is still equal, then finally sort by vendorname
		1072	$a_vendor = $ary[count($ary)-1-3];
		1073	$b_vendor = $bry[count($bry)-1-3];
		1074	if ($a_vendor < $b_vendor) return -1;
		1075	if ($a_vendor > $b_vendor) return 1;
		1076	return 0;
		1077	});
		1078
277	daniel-mar	1079	foreach ($ary as $ini) {
		1080	if (!file_exists($ini)) continue;
		1081
307	daniel-mar	1082	$manifest = new OIDplusPluginManifest();
		1083	$manifest->loadManifest($ini);
277	daniel-mar	1084
473	daniel-mar	1085	$class_name = $manifest->getPhpMainClass();
1050	daniel-mar	1086	if ($class_name) if (!self::pluginCheckDisabled($class_name)) continue;
473	daniel-mar	1087
307	daniel-mar	1088	if ($flat) {
		1089	$out[] = $manifest;
		1090	} else {
1122	daniel-mar	1091	$vendor_folder = basename(dirname($ini, 3));
1116	daniel-mar	1092	$plugintype_folder = basename(dirname($ini, 2));
307	daniel-mar	1093	$pluginname_folder = basename(dirname($ini));
		1094
		1095	if (!isset($out[$plugintype_folder])) $out[$plugintype_folder] = array();
1122	daniel-mar	1096	if (!isset($out[$plugintype_folder][$vendor_folder])) $out[$plugintype_folder][$vendor_folder] = array();
		1097	$out[$plugintype_folder][$vendor_folder][$pluginname_folder] = $manifest;
307	daniel-mar	1098	}
277	daniel-mar	1099	}
		1100	return $out;
		1101	}
		1102
594	daniel-mar	1103	/**
1130	daniel-mar	1104	* @param string\|array $pluginDirName
		1105	* @param string $expectedPluginClass
		1106	* @param callable\|null $registerCallback
1116	daniel-mar	1107	* @return string[]
		1108	* @throws OIDplusConfigInitializationException
		1109	* @throws OIDplusException
		1110	* @throws \ReflectionException
		1111	*/
1130	daniel-mar	1112	public static function registerAllPlugins($pluginDirName, string $expectedPluginClass, callable $registerCallback=null): array {
277	daniel-mar	1113	$out = array();
525	daniel-mar	1114	if (is_array($pluginDirName)) {
		1115	$ary = array();
		1116	foreach ($pluginDirName as $pluginDirName_) {
		1117	$ary = array_merge($ary, self::getAllPluginManifests($pluginDirName_, false));
		1118	}
		1119	} else {
		1120	$ary = self::getAllPluginManifests($pluginDirName, false);
		1121	}
320	daniel-mar	1122	$known_plugin_oids = array();
1123	daniel-mar	1123	$known_main_classes_no_namespace = array();
277	daniel-mar	1124	foreach ($ary as $plugintype_folder => $bry) {
1122	daniel-mar	1125	foreach ($bry as $vendor_folder => $cry) {
		1126	foreach ($cry as $pluginname_folder => $manifest) {
		1127	$class_name = $manifest->getPhpMainClass();
438	daniel-mar	1128
1122	daniel-mar	1129	// Before we load the plugin, we want to make some checks to confirm
		1130	// that the plugin is working correctly.
438	daniel-mar	1131
1122	daniel-mar	1132	if (!$class_name) {
		1133	throw new OIDplusException(_L('Plugin "%1" is erroneous', $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder) . ': ' . _L('Manifest does not declare a PHP main class'));
		1134	}
		1135	if (!self::pluginCheckDisabled($class_name)) {
		1136	continue; // Plugin is disabled
		1137	}
1072	daniel-mar	1138
1123	daniel-mar	1139	// The auto-loader of OIDplus currently does not accept PHP namespaces.
		1140	// Reason: The autoloader detects the classes inside plugins////.class.php, but it cannot know
		1141	// which namespace these files have, because their folder names do not reveal the namespace.
		1142	// So it just ignores the namespace and loads all classes with the same name.
		1143	// TODO: Think about a solution; There was a discussion here https://github.com/frdl/frdl-oidplus-plugin-type-pen/issues/1
		1144	$tmp = explode('\\',$class_name);
		1145	$class_name_no_namespace = end($tmp);
		1146	if (in_array($class_name_no_namespace, $known_main_classes_no_namespace)) {
1127	daniel-mar	1147	// Removed check for now, since everything should work correctly
		1148	// throw new OIDplusException(_L('More than one plugin has the PHP class name "%1". This is currently no supported, not even if they are in different namespaces.', $class_name_no_namespace));
1123	daniel-mar	1149	}
		1150	$known_main_classes_no_namespace[] = $class_name_no_namespace;
		1151
1122	daniel-mar	1152	// Do some basic checks on the plugin PHP main class
		1153	if (!class_exists($class_name)) {
		1154	throw new OIDplusException(_L('Plugin "%1" is erroneous', $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder) . ': ' . _L('Manifest declares PHP main class as "%1", but it could not be found', $class_name));
		1155	}
		1156	if (!is_subclass_of($class_name, $expectedPluginClass)) {
		1157	throw new OIDplusException(_L('Plugin "%1" is erroneous', $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder) . ': ' . _L('Plugin main class "%1" is expected to be a subclass of "%2"', $class_name, $expectedPluginClass));
		1158	}
		1159	if (($class_name != $manifest->getTypeClass()) && (!is_subclass_of($class_name, $manifest->getTypeClass()))) {
		1160	throw new OIDplusException(_L('Plugin "%1" is erroneous', $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder) . ': ' . _L('Plugin main class "%1" is expected to be a subclass of "%2", according to type declared in manifest', $class_name, $manifest->getTypeClass()));
		1161	}
		1162	if (($manifest->getTypeClass() != $expectedPluginClass) && (!is_subclass_of($manifest->getTypeClass(), $expectedPluginClass))) {
		1163	throw new OIDplusException(_L('Plugin "%1" is erroneous', $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder) . ': ' . _L('Class declared in manifest is "%1" does not fit expected class for this plugin type "%2"', $manifest->getTypeClass(), $expectedPluginClass));
		1164	}
308	daniel-mar	1165
1122	daniel-mar	1166	// Do some basic checks on the plugin OID
		1167	$plugin_oid = $manifest->getOid();
		1168	if (!$plugin_oid) {
		1169	throw new OIDplusException(_L('Plugin "%1" is erroneous', $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder) . ': ' . _L('Does not have an OID'));
		1170	}
		1171	if (!oid_valid_dotnotation($plugin_oid, false, false, 2)) {
		1172	throw new OIDplusException(_L('Plugin "%1" is erroneous', $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder) . ': ' . _L('Plugin OID "%1" is invalid (needs to be valid dot-notation)', $plugin_oid));
		1173	}
		1174	if (isset($known_plugin_oids[$plugin_oid])) {
		1175	throw new OIDplusException(_L('Plugin "%1" is erroneous', $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder) . ': ' . _L('The OID "%1" is already used by the plugin "%2"', $plugin_oid, $known_plugin_oids[$plugin_oid]));
		1176	}
646	daniel-mar	1177
1122	daniel-mar	1178	// Additional check: Are third-party plugins using ViaThinkSoft plugin folders, OIDs or class namespaces?
		1179	$full_plugin_dir = dirname($manifest->getManifestFile());
		1180	$full_plugin_dir = substr($full_plugin_dir, strlen(OIDplus::localpath()));
		1181	$dir_is_viathinksoft = str_starts_with($full_plugin_dir, 'plugins/viathinksoft/') \|\| str_starts_with($full_plugin_dir, 'plugins\\viathinksoft\\');
		1182	$oid_is_viathinksoft = str_starts_with($plugin_oid, '1.3.6.1.4.1.37476.2.5.2.4.'); // { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 37476 products(2) oidplus(5) v2(2) plugins(4) }
		1183	$class_is_viathinksoft = str_starts_with($class_name, 'ViaThinkSoft\\');
		1184	if ($oid_is_viathinksoft != $class_is_viathinksoft) {
		1185	throw new OIDplusException(_L('Plugin "%1" is erroneous', $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder) . ': ' . _L('Third-party plugins must not use the ViaThinkSoft PHP namespace. Please use your own vendor namespace.'));
		1186	}
		1187	$plugin_is_viathinksoft = $oid_is_viathinksoft && $class_is_viathinksoft;
		1188	if ($dir_is_viathinksoft != $plugin_is_viathinksoft) {
		1189	throw new OIDplusException(_L('Plugin "%1" is misplaced', $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder) . ': ' . _L('The plugin is in the wrong folder. The folder %1 can only be used by official ViaThinkSoft plugins', 'plugins/viathinksoft/'));
		1190	}
1072	daniel-mar	1191
1122	daniel-mar	1192	// Additional check: does the plugin define JS/CSS although it is not an interactive plugin type?
		1193	$has_js = $manifest->getJSFiles();
		1194	$has_css = $manifest->getCSSFiles();
		1195	$is_interactive = in_array(basename($plugintype_folder), OIDplus::INTERACTIVE_PLUGIN_TYPES);
		1196	$is_design = basename($plugintype_folder) === 'design';
		1197	if (!$is_interactive && $has_js) {
		1198	throw new OIDplusException(_L('Plugin "%1" is erroneous', $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder) . ': ' . _L('%1 files are included in the manifest XML, but this plugin type does not allow such files.', 'JavaScript'));
		1199	}
		1200	if (!$is_interactive && !$is_design && $has_css) {
		1201	throw new OIDplusException(_L('Plugin "%1" is erroneous', $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder) . ': ' . _L('%1 files are included in the manifest XML, but this plugin type does not allow such files.', 'CSS'));
		1202	}
320	daniel-mar	1203
1122	daniel-mar	1204	// Additional check: Check "Setup CSS" and "Setup JS" (Allowed for plugin types: database, captcha)
		1205	$has_js_setup = $manifest->getJSFilesSetup();
		1206	$has_css_setup = $manifest->getCSSFilesSetup();
		1207	$is_database = basename($plugintype_folder) === 'database';
		1208	$is_captcha = basename($plugintype_folder) === 'captcha';
		1209	if (!$is_database && !$is_captcha && $has_js_setup) {
		1210	throw new OIDplusException(_L('Plugin "%1" is erroneous', $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder) . ': ' . _L('%1 files are included in the manifest XML, but this plugin type does not allow such files.', 'Setup JavaScript'));
		1211	}
		1212	if (!$is_database && !$is_captcha && $has_css_setup) {
		1213	throw new OIDplusException(_L('Plugin "%1" is erroneous', $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder) . ': ' . _L('%1 files are included in the manifest XML, but this plugin type does not allow such files.', 'Setup CSS'));
		1214	}
632	daniel-mar	1215
1122	daniel-mar	1216	// Additional check: Are all CSS/JS files there?
		1217	$tmp = $manifest->getManifestLinkedFiles();
		1218	foreach ($tmp as $file) {
		1219	if (!file_exists($file)) {
		1220	throw new OIDplusException(_L('Plugin "%1" is erroneous', $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder) . ': ' . _L('File %1 was defined in manifest, but it is not existing', $file));
		1221	}
1072	daniel-mar	1222	}
		1223
1122	daniel-mar	1224	// For the next check, we need an instance of the object
		1225	$obj = new $class_name();
456	daniel-mar	1226
1122	daniel-mar	1227	// Now we can continue
		1228	$known_plugin_oids[$plugin_oid] = $vendor_folder . '/' . $plugintype_folder . '/' . $pluginname_folder;
		1229	$out[] = $class_name;
		1230	if (!is_null($registerCallback)) {
		1231	call_user_func($registerCallback, $obj);
444	daniel-mar	1232
1122	daniel-mar	1233	// Alternative approaches:
		1234	//$registerCallback[0]::{$registerCallback[1]}($obj);
		1235	// or:
		1236	//forward_static_call($registerCallback, $obj);
		1237	}
279	daniel-mar	1238	}
277	daniel-mar	1239	}
		1240	}
		1241	return $out;
		1242	}
		1243
1050	daniel-mar	1244	// --- Initialization of OIDplus
206	daniel-mar	1245
1116	daniel-mar	1246	/**
		1247	* @param bool $html
		1248	* @param bool $keepBaseConfig
		1249	* @return void
1130	daniel-mar	1250	* @throws OIDplusConfigInitializationException\|OIDplusException\|\ReflectionException
1116	daniel-mar	1251	*/
		1252	public static function init(bool $html=true, bool $keepBaseConfig=true) {
236	daniel-mar	1253	self::$html = $html;
		1254
263	daniel-mar	1255	// Reset internal state, so we can re-init verything if required
274	daniel-mar	1256
263	daniel-mar	1257	self::$config = null;
374	daniel-mar	1258	if (!$keepBaseConfig) self::$baseConfig = null; // for test cases we need to be able to control base config and setting values manually, so $keepBaseConfig needs to be true
263	daniel-mar	1259	self::$gui = null;
		1260	self::$authUtils = null;
		1261	self::$mailUtils = null;
		1262	self::$menuUtils = null;
		1263	self::$logger = null;
295	daniel-mar	1264	self::$dbMainSession = null;
		1265	self::$dbIsolatedSession = null;
263	daniel-mar	1266	self::$pagePlugins = array();
		1267	self::$authPlugins = array();
289	daniel-mar	1268	self::$loggerPlugins = array();
263	daniel-mar	1269	self::$objectTypePlugins = array();
		1270	self::$enabledObjectTypes = array();
		1271	self::$disabledObjectTypes = array();
		1272	self::$dbPlugins = array();
702	daniel-mar	1273	self::$captchaPlugins = array();
274	daniel-mar	1274	self::$sqlSlangPlugins = array();
355	daniel-mar	1275	self::$languagePlugins = array();
449	daniel-mar	1276	self::$designPlugins = array();
263	daniel-mar	1277	self::$system_id_cache = null;
		1278	self::$sslAvailableCache = null;
468	daniel-mar	1279	self::$translationArray = array();
74	daniel-mar	1280
263	daniel-mar	1281	// Continue...
		1282
294	daniel-mar	1283	OIDplus::baseConfig(); // this loads the base configuration located in userdata/baseconfig/config.inc.php (once!)
1122	daniel-mar	1284	// You can do changes to the configuration afterwards using OIDplus::baseConfig()->...
263	daniel-mar	1285
150	daniel-mar	1286	// Register database types (highest priority)
		1287
274	daniel-mar	1288	// SQL slangs
		1289
1050	daniel-mar	1290	self::registerAllPlugins('sqlSlang', OIDplusSqlSlangPlugin::class, array(OIDplus::class,'registerSqlSlangPlugin'));
274	daniel-mar	1291	foreach (OIDplus::getSqlSlangPlugins() as $plugin) {
		1292	$plugin->init($html);
		1293	}
		1294
		1295	// Database providers
		1296
1050	daniel-mar	1297	self::registerAllPlugins('database', OIDplusDatabasePlugin::class, array(OIDplus::class,'registerDatabasePlugin'));
237	daniel-mar	1298	foreach (OIDplus::getDatabasePlugins() as $plugin) {
		1299	$plugin->init($html);
		1300	}
		1301
42	daniel-mar	1302	// Do redirect stuff etc.
74	daniel-mar	1303
230	daniel-mar	1304	self::isSslAvailable(); // This function does automatic redirects
61	daniel-mar	1305
263	daniel-mar	1306	// Construct the configuration manager
66	daniel-mar	1307
263	daniel-mar	1308	OIDplus::config(); // During the construction, various system settings are prepared if required
66	daniel-mar	1309
74	daniel-mar	1310	// Initialize public / private keys
		1311
227	daniel-mar	1312	OIDplus::getPkiStatus(true);
74	daniel-mar	1313
237	daniel-mar	1314	// Register non-DB plugins
74	daniel-mar	1315
1050	daniel-mar	1316	self::registerAllPlugins(array('publicPages', 'raPages', 'adminPages'), OIDplusPagePlugin::class, array(OIDplus::class,'registerPagePlugin'));
		1317	self::registerAllPlugins('auth', OIDplusAuthPlugin::class, array(OIDplus::class,'registerAuthPlugin'));
		1318	self::registerAllPlugins('logger', OIDplusLoggerPlugin::class, array(OIDplus::class,'registerLoggerPlugin'));
1185	daniel-mar	1319	self::logger()->reLogMissing(); // Some previous plugins might have tried to log. Repeat that now.
1050	daniel-mar	1320	self::registerAllPlugins('objectTypes', OIDplusObjectTypePlugin::class, array(OIDplus::class,'registerObjectTypePlugin'));
		1321	self::registerAllPlugins('language', OIDplusLanguagePlugin::class, array(OIDplus::class,'registerLanguagePlugin'));
		1322	self::registerAllPlugins('design', OIDplusDesignPlugin::class, array(OIDplus::class,'registerDesignPlugin'));
		1323	self::registerAllPlugins('captcha', OIDplusCaptchaPlugin::class, array(OIDplus::class,'registerCaptchaPlugin'));
150	daniel-mar	1324
237	daniel-mar	1325	// Initialize non-DB plugins
224	daniel-mar	1326
281	daniel-mar	1327	foreach (OIDplus::getPagePlugins() as $plugin) {
74	daniel-mar	1328	$plugin->init($html);
		1329	}
230	daniel-mar	1330	foreach (OIDplus::getAuthPlugins() as $plugin) {
		1331	$plugin->init($html);
		1332	}
289	daniel-mar	1333	foreach (OIDplus::getLoggerPlugins() as $plugin) {
		1334	$plugin->init($html);
		1335	}
230	daniel-mar	1336	foreach (OIDplus::getObjectTypePlugins() as $plugin) {
		1337	$plugin->init($html);
		1338	}
355	daniel-mar	1339	foreach (OIDplus::getLanguagePlugins() as $plugin) {
		1340	$plugin->init($html);
		1341	}
449	daniel-mar	1342	foreach (OIDplus::getDesignPlugins() as $plugin) {
		1343	$plugin->init($html);
		1344	}
778	daniel-mar	1345	foreach (OIDplus::getCaptchaPlugins() as $plugin) {
		1346	$plugin->init($html);
		1347	}
412	daniel-mar	1348
778	daniel-mar	1349	if (PHP_SAPI != 'cli') {
		1350
		1351	// Prepare some security related response headers (default values)
		1352
		1353	$content_language =
		1354	strtolower(substr(OIDplus::getCurrentLang(),0,2)) . '-' .
		1355	strtoupper(substr(OIDplus::getCurrentLang(),2,2)); // e.g. 'en-US'
		1356
		1357	$http_headers = array(
		1358	"X-Content-Type-Options" => "nosniff",
		1359	"X-XSS-Protection" => "1; mode=block",
		1360	"X-Frame-Options" => "SAMEORIGIN",
		1361	"Referrer-Policy" => array(
		1362	"no-referrer-when-downgrade"
		1363	),
		1364	"Cache-Control" => array(
		1365	"no-cache",
		1366	"no-store",
		1367	"must-revalidate"
		1368	),
		1369	"Pragma" => "no-cache",
		1370	"Content-Language" => $content_language,
		1371	"Expires" => "0",
		1372	"Content-Security-Policy" => array(
1001	daniel-mar	1373	// see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
		1374
		1375	// --- Fetch directives ---
		1376	"child-src" => array(
		1377	"'self'",
		1378	"blob:"
		1379	),
		1380	"connect-src" => array(
		1381	"'self'",
		1382	"blob:"
		1383	),
778	daniel-mar	1384	"default-src" => array(
		1385	"'self'",
		1386	"blob:",
		1387	"https://cdnjs.cloudflare.com/"
		1388	),
1001	daniel-mar	1389	"font-src" => array(
778	daniel-mar	1390	"'self'",
1001	daniel-mar	1391	"blob:"
778	daniel-mar	1392	),
1001	daniel-mar	1393	"frame-src" => array(
		1394	"'self'",
		1395	"blob:"
		1396	),
778	daniel-mar	1397	"img-src" => array(
1001	daniel-mar	1398	"blob:",
778	daniel-mar	1399	"data:",
		1400	"http:",
		1401	"https:"
		1402	),
1001	daniel-mar	1403	"manifest-src" => array(
		1404	"'self'",
		1405	"blob:"
		1406	),
		1407	"media-src" => array(
		1408	"'self'",
		1409	"blob:"
		1410	),
		1411	"object-src" => array(
		1412	"'none'"
		1413	),
		1414	"prefetch-src" => array(
		1415	"'self'",
		1416	"blob:"
		1417	),
778	daniel-mar	1418	"script-src" => array(
		1419	"'self'",
		1420	"'unsafe-inline'",
		1421	"'unsafe-eval'",
		1422	"blob:",
		1423	"https://cdnjs.cloudflare.com/",
		1424	"https://polyfill.io/"
		1425	),
1001	daniel-mar	1426	// script-src-elem not used
		1427	// script-src-attr not used
		1428	"style-src" => array(
		1429	"'self'",
		1430	"'unsafe-inline'",
		1431	"https://cdnjs.cloudflare.com/"
		1432	),
		1433	// style-src-elem not used
		1434	// style-src-attr not used
		1435	"worker-src" => array(
		1436	"'self'",
		1437	"blob:"
		1438	),
		1439
		1440	// --- Navigation directives ---
778	daniel-mar	1441	"frame-ancestors" => array(
1112	daniel-mar	1442	"'none'"
778	daniel-mar	1443	),
		1444	)
		1445	);
		1446
780	daniel-mar	1447	// Give plugins the opportunity to manipulate/extend the headers
778	daniel-mar	1448
		1449	foreach (OIDplus::getSqlSlangPlugins() as $plugin) {
		1450	$plugin->httpHeaderCheck($http_headers);
		1451	}
1015	daniel-mar	1452	//foreach (OIDplus::getDatabasePlugins() as $plugin) {
		1453	if ($plugin = OIDplus::getActiveDatabasePlugin()) {
778	daniel-mar	1454	$plugin->httpHeaderCheck($http_headers);
		1455	}
		1456	foreach (OIDplus::getPagePlugins() as $plugin) {
		1457	$plugin->httpHeaderCheck($http_headers);
		1458	}
		1459	foreach (OIDplus::getAuthPlugins() as $plugin) {
		1460	$plugin->httpHeaderCheck($http_headers);
		1461	}
		1462	foreach (OIDplus::getLoggerPlugins() as $plugin) {
		1463	$plugin->httpHeaderCheck($http_headers);
		1464	}
		1465	foreach (OIDplus::getObjectTypePlugins() as $plugin) {
		1466	$plugin->httpHeaderCheck($http_headers);
		1467	}
		1468	foreach (OIDplus::getLanguagePlugins() as $plugin) {
		1469	$plugin->httpHeaderCheck($http_headers);
		1470	}
		1471	foreach (OIDplus::getDesignPlugins() as $plugin) {
		1472	$plugin->httpHeaderCheck($http_headers);
		1473	}
1015	daniel-mar	1474	//foreach (OIDplus::getCaptchaPlugins() as $plugin) {
		1475	if ($plugin = OIDplus::getActiveCaptchaPlugin()) {
778	daniel-mar	1476	$plugin->httpHeaderCheck($http_headers);
		1477	}
		1478
		1479	// Prepare to send the headers to the client
		1480	// The headers are sent automatically when the first output comes or the script ends
		1481
		1482	foreach ($http_headers as $name => $val) {
		1483
		1484	// Plugins can remove standard OIDplus headers by setting the value to null.
1116	daniel-mar	1485	if (is_null($val)) continue;
778	daniel-mar	1486
		1487	// Some headers can be written as arrays to make it easier for plugin authors
		1488	// to manipulate/extend the contents.
		1489	if (is_array($val)) {
		1490	if ((strtolower($name) == 'cache-control') \|\|
1122	daniel-mar	1491	(strtolower($name) == 'referrer-policy'))
778	daniel-mar	1492	{
		1493	if (count($val) == 0) continue;
		1494	$val = implode(', ', $val);
		1495	} else if (strtolower($name) == 'content-security-policy') {
		1496	if (count($val) == 0) continue;
780	daniel-mar	1497	foreach ($val as $tmp1 => &$tmp2) {
		1498	$tmp2 = array_unique($tmp2);
		1499	$tmp2 = $tmp1.' '.implode(' ', $tmp2);
		1500	}
778	daniel-mar	1501	$val = implode('; ', $val);
		1502	} else {
779	daniel-mar	1503	throw new OIDplusException(_L('HTTP header "%1" cannot be written as array. A newly installed plugin is probably misusing the method "%2".',$name,'httpHeaderCheck'));
778	daniel-mar	1504	}
		1505	}
		1506
		1507	if (is_string($val)) {
1160	daniel-mar	1508	@header("$name: $val");
778	daniel-mar	1509	}
		1510	}
		1511
		1512	} // endif (PHP_SAPI != 'cli')
		1513
412	daniel-mar	1514	// Initialize other stuff (i.e. things which require the logger!)
		1515
		1516	OIDplus::recognizeSystemUrl(); // Make sure "last_known_system_url" is set
		1517	OIDplus::recognizeVersion(); // Make sure "last_known_version" is set and a log entry is created
2	daniel-mar	1518	}
42	daniel-mar	1519
1050	daniel-mar	1520	// --- System URL, System ID, PKI, and other functions
227	daniel-mar	1521
1116	daniel-mar	1522	/**
		1523	* @return void
		1524	*/
412	daniel-mar	1525	private static function recognizeSystemUrl() {
		1526	try {
1072	daniel-mar	1527	$url = OIDplus::webpath(null,self::PATH_ABSOLUTE_CANONICAL);
412	daniel-mar	1528	OIDplus::config()->setValue('last_known_system_url', $url);
1050	daniel-mar	1529	} catch (\Exception $e) {
412	daniel-mar	1530	}
		1531	}
497	daniel-mar	1532
1116	daniel-mar	1533	/**
		1534	* @return false\|int
		1535	*/
496	daniel-mar	1536	private static function getExecutingScriptPathDepth() {
		1537	if (PHP_SAPI == 'cli') {
		1538	global $argv;
		1539	$test_dir = dirname(realpath($argv[0]));
		1540	} else {
		1541	if (!isset($_SERVER["SCRIPT_FILENAME"])) return false;
		1542	$test_dir = dirname($_SERVER['SCRIPT_FILENAME']);
		1543	}
		1544	$test_dir = str_replace('\\', '/', $test_dir);
		1545	$steps_up = 0;
928	daniel-mar	1546	while (!file_exists($test_dir.'/oidplus.min.css.php')) { // We just assume that only the OIDplus base directory contains "oidplus.min.css.php" and not any subordinate directory!
496	daniel-mar	1547	$test_dir = dirname($test_dir);
		1548	$steps_up++;
		1549	if ($steps_up == 1000) return false; // to make sure there will never be an infinite loop
		1550	}
		1551	return $steps_up;
		1552	}
632	daniel-mar	1553
1116	daniel-mar	1554	/**
		1555	* @return bool
		1556	*/
		1557	public static function isSSL(): bool {
580	daniel-mar	1558	return isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] === 'on');
		1559	}
412	daniel-mar	1560
806	daniel-mar	1561	/**
		1562	* Returns the URL of the system.
		1563	* @param int $mode If true or OIDplus::PATH_RELATIVE, the returning path is relative to the currently executed
		1564	* PHP script (i.e. index.php , not the plugin PHP script!). False or OIDplus::PATH_ABSOLUTE is
		1565	* results in an absolute URL. OIDplus::PATH_ABSOLUTE_CANONICAL is an absolute URL,
		1566	* but a canonical path (set by base config setting CANONICAL_SYSTEM_URL) is preferred.
		1567	* @return string\|false The URL, with guaranteed trailing path delimiter for directories
1116	daniel-mar	1568	* @throws OIDplusException
806	daniel-mar	1569	*/
1116	daniel-mar	1570	private static function getSystemUrl(int $mode) {
806	daniel-mar	1571	if ($mode === self::PATH_RELATIVE) {
778	daniel-mar	1572	$steps_up = self::getExecutingScriptPathDepth();
		1573	if ($steps_up === false) {
		1574	return false;
		1575	} else {
		1576	return str_repeat('../', $steps_up);
		1577	}
		1578	} else {
806	daniel-mar	1579	if ($mode === self::PATH_ABSOLUTE_CANONICAL) {
		1580	$tmp = OIDplus::baseConfig()->getValue('CANONICAL_SYSTEM_URL', '');
		1581	if ($tmp) {
		1582	return rtrim($tmp,'/').'/';
		1583	}
326	daniel-mar	1584	}
778	daniel-mar	1585
495	daniel-mar	1586	if (PHP_SAPI == 'cli') {
494	daniel-mar	1587	try {
		1588	return OIDplus::config()->getValue('last_known_system_url', false);
1050	daniel-mar	1589	} catch (\Exception $e) {
494	daniel-mar	1590	return false;
		1591	}
778	daniel-mar	1592	} else {
		1593	// First, try to find out how many levels we need to go up
		1594	$steps_up = self::getExecutingScriptPathDepth();
326	daniel-mar	1595
778	daniel-mar	1596	// Then go up these amount of levels, based on SCRIPT_NAME/argv[0]
		1597	$res = dirname($_SERVER['SCRIPT_NAME'].'index.php'); // This fake 'index.php' ensures that SCRIPT_NAME does not end with '/', which would make dirname() fail
		1598	for ($i=0; $i<$steps_up; $i++) {
		1599	$res = dirname($res);
		1600	}
		1601	$res = str_replace('\\', '/', $res);
		1602	if ($res == '/') $res = '';
227	daniel-mar	1603
778	daniel-mar	1604	// Add protocol and hostname
580	daniel-mar	1605	$is_ssl = self::isSSL();
495	daniel-mar	1606	$protocol = $is_ssl ? 'https' : 'http'; // do not translate
		1607	$host = $_SERVER['HTTP_HOST']; // includes port if it is not 80/443
778	daniel-mar	1608
		1609	return $protocol.'://'.$host.$res.'/';
495	daniel-mar	1610	}
227	daniel-mar	1611	}
		1612	}
		1613
1116	daniel-mar	1614	/**
1130	daniel-mar	1615	* @param string $pubKey
1116	daniel-mar	1616	* @return false\|string
		1617	*/
1130	daniel-mar	1618	private static function pubKeyToRaw(string $pubKey) {
827	daniel-mar	1619	$m = array();
1140	daniel-mar	1620	if (preg_match('@BEGIN PUBLIC KEY\\-+([^\\-]+)\\-+END PUBLIC KEY@imU', $pubKey, $m)) {
1073	daniel-mar	1621	return base64_decode($m[1], false);
827	daniel-mar	1622	}
		1623	return false;
		1624	}
		1625
1116	daniel-mar	1626	/**
1130	daniel-mar	1627	* @param string $pubKey
1116	daniel-mar	1628	* @return false\|int
		1629	*/
1130	daniel-mar	1630	private static function getSystemIdFromPubKey(string $pubKey) {
1073	daniel-mar	1631	$rawData = self::pubKeyToRaw($pubKey);
		1632	if ($rawData === false) return false;
		1633	return smallhash($rawData);
		1634	}
		1635
1116	daniel-mar	1636	/**
1130	daniel-mar	1637	* @param string $pubKey
1116	daniel-mar	1638	* @return false\|string
		1639	*/
1130	daniel-mar	1640	private static function getSystemGuidFromPubKey(string $pubKey) {
1073	daniel-mar	1641	$rawData = self::pubKeyToRaw($pubKey);
		1642	if ($rawData === false) return false;
		1643	$normalizedBase64 = base64_encode($rawData);
		1644	return gen_uuid_sha1_namebased(self::UUID_NAMEBASED_NS_Base64PubKey, $normalizedBase64);
		1645	}
		1646
227	daniel-mar	1647	private static $system_id_cache = null;
1116	daniel-mar	1648
		1649	/**
		1650	* @param bool $oid
		1651	* @return false\|string
		1652	* @throws OIDplusException
		1653	*/
		1654	public static function getSystemId(bool $oid=false) {
227	daniel-mar	1655	if (!is_null(self::$system_id_cache)) {
		1656	$out = self::$system_id_cache;
		1657	} else {
		1658	$out = false;
		1659
		1660	if (self::getPkiStatus(true)) {
830	daniel-mar	1661	$pubKey = OIDplus::getSystemPublicKey();
827	daniel-mar	1662	$out = self::getSystemIdFromPubKey($pubKey);
227	daniel-mar	1663	}
		1664	self::$system_id_cache = $out;
		1665	}
350	daniel-mar	1666	if (!$out) return false;
291	daniel-mar	1667	return ($oid ? '1.3.6.1.4.1.37476.30.9.' : '').$out;
227	daniel-mar	1668	}
		1669
1073	daniel-mar	1670	private static $system_guid_cache = null;
1116	daniel-mar	1671
		1672	/**
		1673	* @return false\|string
		1674	* @throws OIDplusException
		1675	*/
1073	daniel-mar	1676	public static function getSystemGuid() {
		1677	if (!is_null(self::$system_guid_cache)) {
		1678	$out = self::$system_guid_cache;
		1679	} else {
		1680	$out = false;
		1681
		1682	if (self::getPkiStatus(true)) {
		1683	$pubKey = OIDplus::getSystemPublicKey();
		1684	$out = self::getSystemGuidFromPubKey($pubKey);
		1685	}
		1686	self::$system_guid_cache = $out;
		1687	}
		1688	if (!$out) return false;
		1689	return $out;
		1690	}
		1691
1116	daniel-mar	1692	/**
		1693	* @return array\|string
		1694	*/
825	daniel-mar	1695	public static function getOpenSslCnf() {
		1696	// The following functions need a config file, otherway they don't work
		1697	// - openssl_csr_new
		1698	// - openssl_csr_sign
		1699	// - openssl_pkey_export
		1700	// - openssl_pkey_export_to_file
		1701	// - openssl_pkey_new
		1702	$tmp = @getenv('OPENSSL_CONF');
		1703	if ($tmp && file_exists($tmp)) return $tmp;
		1704
		1705	// OpenSSL in XAMPP does not work OOBE, since the OPENSSL_CONF is
		1706	// C:/xampp/apache/bin/openssl.cnf and not C:/xampp/apache/conf/openssl.cnf
		1707	// Bug reports are more than 10 years old and nobody cares...
		1708	// Use our own config file
		1709	return __DIR__.'/../../vendor/phpseclib/phpseclib/phpseclib/openssl.cnf';
		1710	}
		1711
1116	daniel-mar	1712	/**
		1713	* @return string
		1714	*/
		1715	private static function getPrivKeyPassphraseFilename(): string {
830	daniel-mar	1716	return OIDplus::localpath() . 'userdata/privkey_secret.php';
		1717	}
227	daniel-mar	1718
1116	daniel-mar	1719	/**
		1720	* @return void
		1721	*/
830	daniel-mar	1722	private static function tryCreatePrivKeyPassphrase() {
		1723	$file = self::getPrivKeyPassphraseFilename();
827	daniel-mar	1724
830	daniel-mar	1725	$passphrase = generateRandomString(64);
		1726	$cont = "<?php\n";
		1727	$cont .= "// ATTENTION! This file was automatically generated by OIDplus to encrypt the private key\n";
		1728	$cont .= "// that is located in your database configuration table. DO NOT ALTER OR DELETE THIS FILE,\n";
		1729	$cont .= "// otherwise you will lose your OIDplus System-ID and all services connected with it!\n";
831	daniel-mar	1730	$cont .= "// If multiple systems access the same database, then this file must be synchronous\n";
		1731	$cont .= "// between all systems, otherwise you will lose your system ID, too!\n";
830	daniel-mar	1732	$cont .= "\$passphrase = '$passphrase';\n";
		1733	$cont .= "// End of file\n";
		1734
		1735	@file_put_contents($file, $cont);
		1736	}
		1737
1116	daniel-mar	1738	/**
		1739	* @return string\|false
		1740	*/
830	daniel-mar	1741	private static function getPrivKeyPassphrase() {
		1742	$file = self::getPrivKeyPassphraseFilename();
		1743	if (!file_exists($file)) return false;
		1744	$cont = file_get_contents($file);
		1745	$m = array();
		1746	if (!preg_match("@'(.+)'@isU", $cont, $m)) return false;
		1747	return $m[1];
		1748	}
		1749
1116	daniel-mar	1750	/**
		1751	* @return string\|false
		1752	* @throws OIDplusException
		1753	*/
830	daniel-mar	1754	public static function getSystemPrivateKey() {
227	daniel-mar	1755	$privKey = OIDplus::config()->getValue('oidplus_private_key');
830	daniel-mar	1756	if ($privKey == '') return false;
		1757
		1758	$passphrase = self::getPrivKeyPassphrase();
		1759	if ($passphrase !== false) {
		1760	$privKey = decrypt_private_key($privKey, $passphrase);
		1761	}
		1762
		1763	if (is_privatekey_encrypted($privKey)) {
		1764	// This can happen if the key file has vanished
		1765	return false;
		1766	}
		1767
		1768	return $privKey;
		1769	}
		1770
1116	daniel-mar	1771	/**
		1772	* @return string\|false
		1773	* @throws OIDplusException
		1774	*/
830	daniel-mar	1775	public static function getSystemPublicKey() {
227	daniel-mar	1776	$pubKey = OIDplus::config()->getValue('oidplus_public_key');
830	daniel-mar	1777	if ($pubKey == '') return false;
		1778	return $pubKey;
		1779	}
227	daniel-mar	1780
1116	daniel-mar	1781	/**
		1782	* @param bool $try_generate
		1783	* @return bool
		1784	* @throws OIDplusException
		1785	*/
		1786	public static function getPkiStatus(bool $try_generate=false): bool {
830	daniel-mar	1787	if (!function_exists('openssl_pkey_new')) return false;
227	daniel-mar	1788
830	daniel-mar	1789	if ($try_generate) {
		1790	// For debug purposes: Invalidate current key once:
		1791	//OIDplus::config()->setValue('oidplus_private_key', '');
256	daniel-mar	1792
830	daniel-mar	1793	$privKey = OIDplus::getSystemPrivateKey();
		1794	$pubKey = OIDplus::getSystemPublicKey();
		1795	if (!verify_private_public_key($privKey, $pubKey)) {
		1796	if ($pubKey) {
		1797	OIDplus::logger()->log("[WARN]A!", "The private/public key-pair is broken. A new key-pair will now be generated for your system. Your System-ID will change.");
		1798	}
227	daniel-mar	1799
830	daniel-mar	1800	$pkey_config = array(
1116	daniel-mar	1801	"digest_alg" => "sha512",
		1802	"private_key_bits" => defined('OPENSSL_SUPPLEMENT') ? 1024 : 2048, // openssl_supplement.inc.php is based on phpseclib, which is very slow. So we use 1024 bits instead of 2048 bits
		1803	"private_key_type" => OPENSSL_KEYTYPE_RSA,
		1804	"config" => OIDplus::getOpenSslCnf()
830	daniel-mar	1805	);
227	daniel-mar	1806
830	daniel-mar	1807	// Create the private and public key
		1808	$res = openssl_pkey_new($pkey_config);
		1809	if ($res === false) return false;
239	daniel-mar	1810
830	daniel-mar	1811	// Extract the private key from $res to $privKey
		1812	if (openssl_pkey_export($res, $privKey, null, $pkey_config) === false) return false;
227	daniel-mar	1813
830	daniel-mar	1814	// Extract the public key from $res to $pubKey
		1815	$tmp = openssl_pkey_get_details($res);
		1816	if ($tmp === false) return false;
		1817	$pubKey = $tmp["key"];
		1818
		1819	// encrypt new keys using a passphrase stored in a secret file
		1820	self::tryCreatePrivKeyPassphrase(); // try (re)generate this file
		1821	$passphrase = self::getPrivKeyPassphrase();
		1822	if ($passphrase !== false) {
		1823	$privKey = encrypt_private_key($privKey, $passphrase);
		1824	}
		1825
		1826	// Calculate the system ID from the public key
		1827	$system_id = self::getSystemIdFromPubKey($pubKey);
		1828	if ($system_id !== false) {
		1829	// Save the key pair to database
		1830	OIDplus::config()->setValue('oidplus_private_key', $privKey);
		1831	OIDplus::config()->setValue('oidplus_public_key', $pubKey);
		1832
		1833	// Log the new system ID
1199	daniel-mar	1834	OIDplus::logger()->log("[INFO]A!", "A new private/public key-pair for your system had been generated. Your SystemID is now %1", $system_id);
830	daniel-mar	1835	}
		1836	} else {
		1837	$passphrase = self::getPrivKeyPassphrase();
831	daniel-mar	1838	$rawPrivKey = OIDplus::config()->getValue('oidplus_private_key');
		1839	if (($passphrase === false) \|\| !is_privatekey_encrypted($rawPrivKey)) {
830	daniel-mar	1840	// Upgrade to new encrypted keys
		1841	self::tryCreatePrivKeyPassphrase(); // try generate this file
		1842	$passphrase = self::getPrivKeyPassphrase();
		1843	if ($passphrase !== false) {
		1844	$privKey = encrypt_private_key($privKey, $passphrase);
1199	daniel-mar	1845	OIDplus::logger()->log("[INFO]A!", "The private/public key-pair has been upgraded to an encrypted key-pair. The key is saved in %1", self::getPrivKeyPassphraseFilename());
830	daniel-mar	1846	OIDplus::config()->setValue('oidplus_private_key', $privKey);
		1847	}
		1848	}
227	daniel-mar	1849	}
		1850	}
		1851
830	daniel-mar	1852	$privKey = OIDplus::getSystemPrivateKey();
		1853	$pubKey = OIDplus::getSystemPublicKey();
227	daniel-mar	1854	return verify_private_public_key($privKey, $pubKey);
		1855	}
		1856
1116	daniel-mar	1857	/**
		1858	* @return string\|void
		1859	*/
170	daniel-mar	1860	public static function getInstallType() {
486	daniel-mar	1861	$counter = 0;
		1862
661	daniel-mar	1863	if ($new_version_file_exists = file_exists(OIDplus::localpath().'.version.php')) {
486	daniel-mar	1864	$counter++;
591	daniel-mar	1865	}
661	daniel-mar	1866	if ($old_version_file_exists = file_exists(OIDplus::localpath().'oidplus_version.txt')) {
		1867	$counter++;
		1868	}
		1869	$version_file_exists = $old_version_file_exists \| $new_version_file_exists;
1195	daniel-mar	1870
		1871	if ($svn_dir_exists = (OIDplus::findSvnFolder() !== false)) {
486	daniel-mar	1872	$counter++;
591	daniel-mar	1873	}
698	daniel-mar	1874	if ($git_dir_exists = (OIDplus::findGitFolder() !== false)) {
486	daniel-mar	1875	$counter++;
591	daniel-mar	1876	}
486	daniel-mar	1877
		1878	if ($counter === 0) {
360	daniel-mar	1879	return 'unknown'; // do not translate
170	daniel-mar	1880	}
591	daniel-mar	1881	else if ($counter > 1) {
360	daniel-mar	1882	return 'ambigous'; // do not translate
170	daniel-mar	1883	}
591	daniel-mar	1884	else if ($svn_dir_exists) {
360	daniel-mar	1885	return 'svn-wc'; // do not translate
170	daniel-mar	1886	}
591	daniel-mar	1887	else if ($git_dir_exists) {
486	daniel-mar	1888	return 'git-wc'; // do not translate
		1889	}
591	daniel-mar	1890	else if ($version_file_exists) {
360	daniel-mar	1891	return 'svn-snapshot'; // do not translate
170	daniel-mar	1892	}
		1893	}
		1894
1116	daniel-mar	1895	/**
		1896	* @return void
		1897	*/
412	daniel-mar	1898	private static function recognizeVersion() {
		1899	try {
1194	daniel-mar	1900	if ($ver_now = OIDplus::getVersion()) {
		1901	$ver_prev = OIDplus::config()->getValue("last_known_version");
		1902	if (($ver_prev) && ($ver_now != $ver_prev)) {
		1903	// TODO: Problem: When the system was updated using SVN or GIT in the console, then the IP address of the next random visitor of the website is logged!
		1904	// Idea: Maybe we should extend the mask code with some kind of magic constant "[NO_IP]", so that no IP is logged for that event?
1199	daniel-mar	1905	OIDplus::logger()->log("[INFO]A!", "Detected system version change from '%1' to '%2'", $ver_prev, $ver_now);
856	daniel-mar	1906
1194	daniel-mar	1907	// Just to be sure, recanonize objects (we don't do it at every page visit due to performance reasons)
		1908	self::recanonizeObjects();
		1909	}
		1910	OIDplus::config()->setValue("last_known_version", $ver_now);
412	daniel-mar	1911	}
1050	daniel-mar	1912	} catch (\Exception $e) {
412	daniel-mar	1913	}
		1914	}
		1915
1116	daniel-mar	1916	/**
1194	daniel-mar	1917	* @return false\|string
1116	daniel-mar	1918	*/
111	daniel-mar	1919	public static function getVersion() {
412	daniel-mar	1920	static $cachedVersion = null;
		1921	if (!is_null($cachedVersion)) {
		1922	return $cachedVersion;
		1923	}
		1924
486	daniel-mar	1925	$installType = OIDplus::getInstallType();
		1926
		1927	if ($installType === 'svn-wc') {
1198	daniel-mar	1928	if (is_dir($svn_dir = OIDplus::findSvnFolder())) {
		1929	$ver = get_svn_revision($svn_dir);
		1930	if ($ver)
		1931	return ($cachedVersion = 'svn-'.$ver);
		1932	}
111	daniel-mar	1933	}
162	daniel-mar	1934
486	daniel-mar	1935	if ($installType === 'git-wc') {
1116	daniel-mar	1936	$ver = OIDplus::getGitsvnRevision();
486	daniel-mar	1937	if ($ver)
		1938	return ($cachedVersion = 'svn-'.$ver);
162	daniel-mar	1939	}
		1940
486	daniel-mar	1941	if ($installType === 'svn-snapshot') {
661	daniel-mar	1942	$cont = '';
		1943	if (file_exists($filename = OIDplus::localpath().'oidplus_version.txt'))
		1944	$cont = file_get_contents($filename);
		1945	if (file_exists($filename = OIDplus::localpath().'.version.php'))
		1946	$cont = file_get_contents($filename);
386	daniel-mar	1947	$m = array();
360	daniel-mar	1948	if (preg_match('@Revision (\d+)@', $cont, $m)) // do not translate
412	daniel-mar	1949	return ($cachedVersion = 'svn-'.$m[1]); // do not translate
162	daniel-mar	1950	}
		1951
486	daniel-mar	1952	return ($cachedVersion = false); // version ambigous or unknown
111	daniel-mar	1953	}
		1954
974	daniel-mar	1955	const ENFORCE_SSL_NO = 0;
		1956	const ENFORCE_SSL_YES = 1;
		1957	const ENFORCE_SSL_AUTO = 2;
1117	daniel-mar	1958
		1959	/**
		1960	* @var bool\|null
		1961	*/
230	daniel-mar	1962	private static $sslAvailableCache = null;
1116	daniel-mar	1963
		1964	/**
1117	daniel-mar	1965	* @return bool
1116	daniel-mar	1966	* @throws OIDplusException, OIDplusConfigInitializationException
		1967	*/
1117	daniel-mar	1968	public static function isSslAvailable(): bool {
230	daniel-mar	1969	if (!is_null(self::$sslAvailableCache)) return self::$sslAvailableCache;
256	daniel-mar	1970
495	daniel-mar	1971	if (PHP_SAPI == 'cli') {
230	daniel-mar	1972	self::$sslAvailableCache = false;
		1973	return false;
		1974	}
		1975
49	daniel-mar	1976	$timeout = 2;
580	daniel-mar	1977	$already_ssl = self::isSSL();
80	daniel-mar	1978	$ssl_port = 443;
1059	daniel-mar	1979	$host_with_port = $_SERVER['HTTP_HOST'];
		1980	$host_no_port = explode(':',$host_with_port)[0];
1117	daniel-mar	1981	$host_ssl = $host_no_port . ($ssl_port != 443 ? ':'.$ssl_port : '');
42	daniel-mar	1982
974	daniel-mar	1983	if ($already_ssl) {
1059	daniel-mar	1984	OIDplus::cookieUtils()->setcookie('SSL_CHECK', '1', 0, true/allowJS/, null/samesite/, true/forceInsecure/);
974	daniel-mar	1985	self::$sslAvailableCache = true;
		1986	return true;
		1987	} else {
		1988	if (isset($_COOKIE['SSL_CHECK']) && ($_COOKIE['SSL_CHECK'] == '1')) {
		1989	// The cookie "SSL_CHECK" is set once a website was loaded with HTTPS.
		1990	// It forces subsequent HTTP calls to redirect to HTTPS (like HSTS).
		1991	// The reason is the following problem:
		1992	// If you open the page with HTTPS first, then the CSRF token cookies will get the "secure" flag
		1993	// If you open the page then with HTTP, the HTTP cannot access the secure CSRF cookies,
		1994	// Chrome will then block "Set-Cookie" since the HTTP cookie would overwrite the HTTPS cookie.
1059	daniel-mar	1995	// So we MUST redirect, even if the Mode is ENFORCE_SSL_NO.
974	daniel-mar	1996	// Note: SSL_CHECK is NOT a replacement for HSTS! You should use HSTS,
1059	daniel-mar	1997	// because on there your browser ensures that HTTPS is called, before the server
		1998	// is even contacted (and therefore, no HTTP connection can be hacked).
974	daniel-mar	1999	$mode = OIDplus::ENFORCE_SSL_YES;
		2000	} else {
		2001	$mode = OIDplus::baseConfig()->getValue('ENFORCE_SSL', OIDplus::ENFORCE_SSL_AUTO);
		2002	}
261	daniel-mar	2003
974	daniel-mar	2004	if ($mode == OIDplus::ENFORCE_SSL_NO) {
		2005	// No SSL available
		2006	self::$sslAvailableCache = false;
		2007	return false;
		2008	} else if ($mode == OIDplus::ENFORCE_SSL_YES) {
		2009	// Force SSL
1059	daniel-mar	2010	$location = 'https://' . $host_ssl . $_SERVER['REQUEST_URI'];
80	daniel-mar	2011	header('Location:'.$location);
360	daniel-mar	2012	die(_L('Redirecting to HTTPS...'));
974	daniel-mar	2013	} else if ($mode == OIDplus::ENFORCE_SSL_AUTO) {
		2014	// Automatic SSL detection
80	daniel-mar	2015	if (isset($_COOKIE['SSL_CHECK'])) {
		2016	// We already had the HTTPS detection done before.
974	daniel-mar	2017	if ($_COOKIE['SSL_CHECK'] == '1') {
80	daniel-mar	2018	// HTTPS was detected before, but we are HTTP. Redirect now
1059	daniel-mar	2019	$location = 'https://' . $host_ssl . $_SERVER['REQUEST_URI'];
80	daniel-mar	2020	header('Location:'.$location);
360	daniel-mar	2021	die(_L('Redirecting to HTTPS...'));
80	daniel-mar	2022	} else {
		2023	// No HTTPS available. Do nothing.
230	daniel-mar	2024	self::$sslAvailableCache = false;
80	daniel-mar	2025	return false;
		2026	}
49	daniel-mar	2027	} else {
80	daniel-mar	2028	// This is our first check (or the browser didn't accept the SSL_CHECK cookie)
386	daniel-mar	2029	$errno = -1;
		2030	$errstr = '';
1059	daniel-mar	2031	if (@fsockopen($host_no_port, $ssl_port, $errno, $errstr, $timeout)) {
80	daniel-mar	2032	// HTTPS detected. Redirect now, and remember that we had detected HTTPS
1059	daniel-mar	2033	OIDplus::cookieUtils()->setcookie('SSL_CHECK', '1', 0, true/allowJS/, null/samesite/, true/forceInsecure/);
		2034	$location = 'https://' . $host_ssl . $_SERVER['REQUEST_URI'];
80	daniel-mar	2035	header('Location:'.$location);
360	daniel-mar	2036	die(_L('Redirecting to HTTPS...'));
80	daniel-mar	2037	} else {
		2038	// No HTTPS detected. Do nothing, and next time, don't try to detect HTTPS again.
1059	daniel-mar	2039	OIDplus::cookieUtils()->setcookie('SSL_CHECK', '0', 0, true/allowJS/, null/samesite/, true/forceInsecure/);
230	daniel-mar	2040	self::$sslAvailableCache = false;
80	daniel-mar	2041	return false;
		2042	}
49	daniel-mar	2043	}
1117	daniel-mar	2044	} else {
		2045	assert(false);
		2046	return false;
42	daniel-mar	2047	}
		2048	}
		2049	}
497	daniel-mar	2050
496	daniel-mar	2051	/**
		2052	* Gets a local path pointing to a resource
1116	daniel-mar	2053	* @param string\|null $target Target resource (file or directory must exist), or null to get the OIDplus base directory
		2054	* @param bool $relative If true, the returning path is relative to the currently executed PHP file (not the CLI working directory)
590	daniel-mar	2055	* @return string\|false The local path, with guaranteed trailing path delimiter for directories
496	daniel-mar	2056	*/
1116	daniel-mar	2057	public static function localpath(string $target=null, bool $relative=false) {
496	daniel-mar	2058	if (is_null($target)) {
		2059	$target = __DIR__.'/../../';
		2060	}
241	daniel-mar	2061
496	daniel-mar	2062	if ($relative) {
		2063	// First, try to find out how many levels we need to go up
		2064	$steps_up = self::getExecutingScriptPathDepth();
		2065	if ($steps_up === false) return false;
497	daniel-mar	2066
496	daniel-mar	2067	// Virtually go back from the executing PHP script to the OIDplus base path
		2068	$res = str_repeat('../',$steps_up);
497	daniel-mar	2069
496	daniel-mar	2070	// Then go to the desired location
		2071	$basedir = realpath(__DIR__.'/../../');
		2072	$target = realpath($target);
500	daniel-mar	2073	if ($target === false) return false;
496	daniel-mar	2074	$res .= substr($target, strlen($basedir)+1);
		2075	$res = rtrim($res,'/'); // avoid '..//' for localpath(null,true)
		2076	} else {
		2077	$res = realpath($target);
241	daniel-mar	2078	}
497	daniel-mar	2079
801	daniel-mar	2080	if (is_dir($target)) $res .= '/';
497	daniel-mar	2081
1116	daniel-mar	2082	return str_replace('/', DIRECTORY_SEPARATOR, $res);
241	daniel-mar	2083	}
355	daniel-mar	2084
496	daniel-mar	2085	/**
		2086	* Gets a URL pointing to a resource
1116	daniel-mar	2087	* @param string\|null $target Target resource (file or directory must exist), or null to get the OIDplus base directory
		2088	* @param int\|bool $mode If true or OIDplus::PATH_RELATIVE, the returning path is relative to the currently executed
806	daniel-mar	2089	* PHP script (i.e. index.php , not the plugin PHP script!). False or OIDplus::PATH_ABSOLUTE is
		2090	* results in an absolute URL. OIDplus::PATH_ABSOLUTE_CANONICAL is an absolute URL,
		2091	* but a canonical path (set by base config setting CANONICAL_SYSTEM_URL) is preferred.
590	daniel-mar	2092	* @return string\|false The URL, with guaranteed trailing path delimiter for directories
1116	daniel-mar	2093	* @throws OIDplusException
496	daniel-mar	2094	*/
1116	daniel-mar	2095	public static function webpath(string $target=null, $mode=self::PATH_ABSOLUTE_CANONICAL) {
801	daniel-mar	2096	// backwards compatibility
		2097	if ($mode === true) $mode = self::PATH_RELATIVE;
		2098	if ($mode === false) $mode = self::PATH_ABSOLUTE;
		2099
811	daniel-mar	2100	if ($mode == OIDplus::PATH_RELATIVE_TO_ROOT) {
812	daniel-mar	2101	$tmp = OIDplus::webpath($target,OIDplus::PATH_ABSOLUTE);
		2102	if ($tmp === false) return false;
		2103	$tmp = parse_url($tmp);
		2104	if ($tmp === false) return false;
		2105	if (!isset($tmp['path'])) return false;
		2106	return $tmp['path'];
811	daniel-mar	2107	}
		2108
812	daniel-mar	2109	if ($mode == OIDplus::PATH_RELATIVE_TO_ROOT_CANONICAL) {
		2110	$tmp = OIDplus::webpath($target,OIDplus::PATH_ABSOLUTE_CANONICAL);
		2111	if ($tmp === false) return false;
		2112	$tmp = parse_url($tmp);
		2113	if ($tmp === false) return false;
		2114	if (!isset($tmp['path'])) return false;
		2115	return $tmp['path'];
		2116	}
		2117
801	daniel-mar	2118	$res = self::getSystemUrl($mode); // Note: already contains a trailing path delimiter
778	daniel-mar	2119	if ($res === false) return false;
497	daniel-mar	2120
496	daniel-mar	2121	if (!is_null($target)) {
		2122	$basedir = realpath(__DIR__.'/../../');
		2123	$target = realpath($target);
500	daniel-mar	2124	if ($target === false) return false;
496	daniel-mar	2125	$tmp = substr($target, strlen($basedir)+1);
500	daniel-mar	2126	$res .= str_replace(DIRECTORY_SEPARATOR,'/',$tmp); // remove OS specific path delimiters introduced by realpath()
497	daniel-mar	2127	if (is_dir($target)) $res .= '/';
496	daniel-mar	2128	}
497	daniel-mar	2129
496	daniel-mar	2130	return $res;
		2131	}
497	daniel-mar	2132
1116	daniel-mar	2133	/**
		2134	* @return false\|string
		2135	* @throws OIDplusException
		2136	*/
778	daniel-mar	2137	public static function canonicalURL() {
		2138	// First part: OIDplus system URL (or canonical system URL)
801	daniel-mar	2139	$sysurl = OIDplus::getSystemUrl(self::PATH_ABSOLUTE_CANONICAL);
778	daniel-mar	2140
		2141	// Second part: Directory
		2142	$basedir = realpath(__DIR__.'/../../');
		2143	$target = realpath('.');
		2144	if ($target === false) return false;
		2145	$tmp = substr($target, strlen($basedir)+1);
		2146	$res = str_replace(DIRECTORY_SEPARATOR,'/',$tmp); // remove OS specific path delimiters introduced by realpath()
780	daniel-mar	2147	if (is_dir($target) && ($res != '')) $res .= '/';
778	daniel-mar	2148
		2149	// Third part: File name
		2150	$tmp = explode('/',$_SERVER['SCRIPT_NAME']);
		2151	$tmp = end($tmp);
		2152
		2153	// Fourth part: Query string (ordered)
		2154	$tmp2 = getSortedQuery();
		2155	if ($tmp2 != '') $tmp2 = '?'.$tmp2;
		2156
		2157	return $sysurl.$res.$tmp.$tmp2;
		2158	}
		2159
639	daniel-mar	2160	private static $shutdown_functions = array();
1116	daniel-mar	2161
		2162	/**
1130	daniel-mar	2163	* @param callable $func
1116	daniel-mar	2164	* @return void
		2165	*/
1130	daniel-mar	2166	public static function register_shutdown_function(callable $func) {
639	daniel-mar	2167	self::$shutdown_functions[] = $func;
		2168	}
		2169
1116	daniel-mar	2170	/**
		2171	* @return void
		2172	*/
639	daniel-mar	2173	public static function invoke_shutdown() {
		2174	foreach (self::$shutdown_functions as $func) {
		2175	$func();
		2176	}
		2177	}
		2178
1116	daniel-mar	2179	/**
		2180	* @return string[]
		2181	* @throws OIDplusException
		2182	*/
		2183	public static function getAvailableLangs(): array {
360	daniel-mar	2184	$langs = array();
		2185	foreach (OIDplus::getAllPluginManifests('language') as $pluginManifest) {
389	daniel-mar	2186	$code = $pluginManifest->getLanguageCode();
360	daniel-mar	2187	$langs[] = $code;
		2188	}
		2189	return $langs;
		2190	}
		2191
1116	daniel-mar	2192	/**
		2193	* @return string
		2194	* @throws OIDplusConfigInitializationException
		2195	* @throws OIDplusException
		2196	*/
		2197	public static function getDefaultLang(): string {
1041	daniel-mar	2198	static $thrownOnce = false; // avoid endless loop inside OIDplusConfigInitializationException
		2199
1049	daniel-mar	2200	$lang = self::baseConfig()->getValue('DEFAULT_LANGUAGE', 'enus');
1041	daniel-mar	2201
		2202	if (!in_array($lang,self::getAvailableLangs())) {
		2203	if (!$thrownOnce) {
		2204	$thrownOnce = true;
1048	daniel-mar	2205	throw new OIDplusConfigInitializationException(_L('DEFAULT_LANGUAGE points to an invalid language plugin. (Consider setting to "enus" = "English USA".)'));
1041	daniel-mar	2206	} else {
		2207	return 'enus';
		2208	}
		2209	}
		2210
		2211	return $lang;
		2212	}
		2213
1116	daniel-mar	2214	/**
		2215	* @return false\|string
		2216	* @throws OIDplusConfigInitializationException
		2217	* @throws OIDplusException
		2218	*/
355	daniel-mar	2219	public static function getCurrentLang() {
360	daniel-mar	2220	if (isset($_GET['lang'])) {
		2221	$lang = $_GET['lang'];
		2222	} else if (isset($_POST['lang'])) {
		2223	$lang = $_POST['lang'];
		2224	} else if (isset($_COOKIE['LANGUAGE'])) {
		2225	$lang = $_COOKIE['LANGUAGE'];
		2226	} else {
1041	daniel-mar	2227	$lang = self::getDefaultLang();
360	daniel-mar	2228	}
1140	daniel-mar	2229	return substr(preg_replace('@[^a-z]@imU', '', $lang),0,4); // sanitize
355	daniel-mar	2230	}
		2231
1116	daniel-mar	2232	/**
		2233	* @return void
		2234	* @throws OIDplusException
		2235	*/
362	daniel-mar	2236	public static function handleLangArgument() {
		2237	if (isset($_GET['lang'])) {
		2238	// The "?lang=" argument is only for NoScript-Browsers/SearchEngines
		2239	// In case someone who has JavaScript clicks a ?lang= link, they should get
		2240	// the page in that language, but the cookie must be set, otherwise
		2241	// the menu and other stuff would be in their cookie-based-language and not the
		2242	// argument-based-language.
557	daniel-mar	2243	OIDplus::cookieUtils()->setcookie('LANGUAGE', $_GET['lang'], 0, true/HttpOnly off, because JavaScript also needs translation/);
362	daniel-mar	2244	} else if (isset($_POST['lang'])) {
557	daniel-mar	2245	OIDplus::cookieUtils()->setcookie('LANGUAGE', $_POST['lang'], 0, true/HttpOnly off, because JavaScript also needs translation/);
362	daniel-mar	2246	}
		2247	}
		2248
468	daniel-mar	2249	private static $translationArray = array();
1116	daniel-mar	2250
		2251	/**
1130	daniel-mar	2252	* @param string $translation_file
		2253	* @return array
1116	daniel-mar	2254	*/
1130	daniel-mar	2255	protected static function getTranslationFileContents(string $translation_file): array {
469	daniel-mar	2256	// First, try the cache
481	daniel-mar	2257	$cache_file = __DIR__ . '/../../userdata/cache/translation_'.md5($translation_file).'.ser';
469	daniel-mar	2258	if (file_exists($cache_file) && (filemtime($cache_file) == filemtime($translation_file))) {
		2259	$cac = @unserialize(file_get_contents($cache_file));
		2260	if ($cac) return $cac;
		2261	}
481	daniel-mar	2262
469	daniel-mar	2263	// If not successful, then load the XML file
		2264	$xml = @simplexml_load_string(file_get_contents($translation_file));
		2265	if (!$xml) return array(); // if there is an UTF-8 or parsing error, don't output any errors, otherwise the JavaScript is corrupt and the page won't render correctly
		2266	$cac = array();
		2267	foreach ($xml->message as $msg) {
		2268	$src = trim($msg->source->__toString());
		2269	$dst = trim($msg->target->__toString());
		2270	$cac[$src] = $dst;
		2271	}
		2272	@file_put_contents($cache_file,serialize($cac));
		2273	@touch($cache_file,filemtime($translation_file));
		2274	return $cac;
		2275	}
1116	daniel-mar	2276
		2277	/**
		2278	* @param string $requested_lang
		2279	* @return array
		2280	* @throws OIDplusException
		2281	*/
		2282	public static function getTranslationArray(string $requested_lang='*'): array {
362	daniel-mar	2283	foreach (OIDplus::getAllPluginManifests('language') as $pluginManifest) {
389	daniel-mar	2284	$lang = $pluginManifest->getLanguageCode();
362	daniel-mar	2285	if (strpos($lang,'/') !== false) continue; // just to be sure
		2286	if (strpos($lang,'\\') !== false) continue; // just to be sure
		2287	if (strpos($lang,'..') !== false) continue; // just to be sure
401	daniel-mar	2288
468	daniel-mar	2289	if (($requested_lang != '*') && ($lang != $requested_lang)) continue;
401	daniel-mar	2290
468	daniel-mar	2291	if (!isset(self::$translationArray[$lang])) {
		2292	self::$translationArray[$lang] = array();
		2293
		2294	$wildcard = $pluginManifest->getLanguageMessages();
		2295	if (strpos($wildcard,'/') !== false) continue; // just to be sure
		2296	if (strpos($wildcard,'\\') !== false) continue; // just to be sure
		2297	if (strpos($wildcard,'..') !== false) continue; // just to be sure
		2298
635	daniel-mar	2299	$translation_files = glob(__DIR__.'/../../plugins/'.'*'.'/language/'.$lang.'/'.$wildcard);
468	daniel-mar	2300	sort($translation_files);
		2301	foreach ($translation_files as $translation_file) {
		2302	if (!file_exists($translation_file)) continue;
469	daniel-mar	2303	$cac = self::getTranslationFileContents($translation_file);
		2304	foreach ($cac as $src => $dst) {
		2305	self::$translationArray[$lang][$src] = $dst;
468	daniel-mar	2306	}
401	daniel-mar	2307	}
362	daniel-mar	2308	}
		2309	}
468	daniel-mar	2310	return self::$translationArray;
362	daniel-mar	2311	}
		2312
1116	daniel-mar	2313	/**
		2314	* @return mixed
		2315	*/
699	daniel-mar	2316	public static function getEditionInfo() {
		2317	return @parse_ini_file(__DIR__.'/../edition.ini', true)['Edition'];
		2318	}
		2319
1116	daniel-mar	2320	/**
1195	daniel-mar	2321	* @return false\|string The git path, with guaranteed trailing path delimiter for directories
1116	daniel-mar	2322	*/
698	daniel-mar	2323	public static function findGitFolder() {
1195	daniel-mar	2324	$dir = rtrim(OIDplus::localpath(), DIRECTORY_SEPARATOR);
		2325
698	daniel-mar	2326	// Git command line saves git information in folder ".git"
1195	daniel-mar	2327	if (is_dir($res = $dir.'/.git')) {
		2328	return str_replace('/', DIRECTORY_SEPARATOR, $res.'/');
		2329	}
		2330
698	daniel-mar	2331	// Plesk git saves git information in folder "../../../git/oidplus/" (or similar)
		2332	$i = 0;
		2333	do {
		2334	if (is_dir($dir.'/git')) {
719	daniel-mar	2335	$confs = @glob($dir.'/git/'.'*'.'/config');
		2336	if ($confs) foreach ($confs as $conf) {
698	daniel-mar	2337	$cont = file_get_contents($conf);
699	daniel-mar	2338	if (isset(OIDplus::getEditionInfo()['gitrepo']) && (OIDplus::getEditionInfo()['gitrepo'] != '') && (strpos($cont, OIDplus::getEditionInfo()['gitrepo']) !== false)) {
1195	daniel-mar	2339	$res = dirname($conf);
		2340	return str_replace('/', DIRECTORY_SEPARATOR, $res.'/');
698	daniel-mar	2341	}
		2342	}
		2343	}
		2344	$i++;
719	daniel-mar	2345	} while (($i<100) && ($dir != ($new_dir = @realpath($dir.'/../'))) && ($dir = $new_dir));
1195	daniel-mar	2346
698	daniel-mar	2347	return false;
		2348	}
		2349
1116	daniel-mar	2350	/**
1195	daniel-mar	2351	* @return false\|string The SVN path, with guaranteed trailing path delimiter for directories
		2352	*/
		2353	public static function findSvnFolder() {
		2354	$dir = rtrim(OIDplus::localpath(), DIRECTORY_SEPARATOR);
		2355
1198	daniel-mar	2356	if (is_dir($res = $dir.'/.svn')) {
1195	daniel-mar	2357	return str_replace('/', DIRECTORY_SEPARATOR, $res.'/');
		2358	}
		2359
		2360	// in case we checked out the root instead of the "trunk"
1198	daniel-mar	2361	if (is_dir($res = $dir.'/../.svn')) {
1195	daniel-mar	2362	return str_replace('/', DIRECTORY_SEPARATOR, $res.'/');
		2363	}
		2364
		2365	return false;
		2366	}
		2367
		2368	/**
1116	daniel-mar	2369	* @return false\|string
		2370	*/
		2371	public static function getGitsvnRevision() {
698	daniel-mar	2372	try {
		2373	$git_dir = OIDplus::findGitFolder();
		2374	if ($git_dir === false) return false;
1191	daniel-mar	2375
		2376	// git_get_latest_commit_message() tries command line and binary parsing
		2377	// requires vendor/danielmarschall/php_utils/git_utils.inc.php
698	daniel-mar	2378	$commit_msg = git_get_latest_commit_message($git_dir);
1050	daniel-mar	2379	} catch (\Exception $e) {
698	daniel-mar	2380	return false;
		2381	}
		2382
		2383	$m = array();
		2384	if (preg_match('%git-svn-id: (.+)@(\\d+) %ismU', $commit_msg, $m)) {
		2385	return $m[2];
		2386	} else {
		2387	return false;
		2388	}
		2389	}
		2390
1116	daniel-mar	2391	/**
		2392	* @param string $static_node_id
		2393	* @param bool $throw_exception
		2394	* @return string
		2395	*/
		2396	public static function prefilterQuery(string $static_node_id, bool $throw_exception): string {
775	daniel-mar	2397	// Let namespace be case-insensitive
		2398	$ary = explode(':', $static_node_id, 2);
		2399	$ary[0] = strtolower($ary[0]);
		2400	$static_node_id = implode(':', $ary);
		2401
889	daniel-mar	2402	// Ask plugins if they want to change the node id
		2403	foreach (OIDplus::getObjectTypePluginsEnabled() as $plugin) {
		2404	$static_node_id = $plugin->prefilterQuery($static_node_id, $throw_exception);
775	daniel-mar	2405	}
		2406
		2407	return $static_node_id;
		2408	}
849	daniel-mar	2409
1116	daniel-mar	2410	/**
		2411	* @return bool
		2412	*/
		2413	public static function isCronjob(): bool {
849	daniel-mar	2414	return explode('.',basename($_SERVER['SCRIPT_NAME']))[0] === 'cron';
		2415	}
856	daniel-mar	2416
1116	daniel-mar	2417	/**
		2418	* Since OIDplus svn-184, entries in the database need to have a canonical ID
		2419	* If the ID is not canonical (e.g. GUIDs missing hyphens), the object cannot be opened in OIDplus
		2420	* This script re-canonizes the object IDs if required.
		2421	* In SVN Rev 856, the canonization for GUID, IPv4 and IPv6 have changed, requiring another
		2422	* re-canonization
		2423	* @return void
		2424	* @throws OIDplusException
		2425	*/
857	daniel-mar	2426	private static function recanonizeObjects() {
856	daniel-mar	2427	$res = OIDplus::db()->query("select id from ###objects");
		2428	while ($row = $res->fetch_array()) {
		2429	$ida = $row['id'];
857	daniel-mar	2430	$obj = OIDplusObject::parse($ida);
		2431	if (!$obj) continue;
		2432	$idb = $obj->nodeId();
856	daniel-mar	2433	if (($idb) && ($ida != $idb)) {
		2434	OIDplus::db()->transaction_begin();
		2435	OIDplus::db()->query("update ###objects set id = ? where id = ?", array($idb, $ida));
		2436	OIDplus::db()->query("update ###asn1id set oid = ? where oid = ?", array($idb, $ida));
		2437	OIDplus::db()->query("update ###iri set oid = ? where oid = ?", array($idb, $ida));
		2438	OIDplus::db()->query("update ###log_object set id = ? where id = ?", array($idb, $ida));
1199	daniel-mar	2439	OIDplus::logger()->log("[INFO]A!", "Object name '%1' has been changed to '%2' during re-canonization", $ida, $idb);
856	daniel-mar	2440	OIDplus::db()->transaction_commit();
978	daniel-mar	2441	OIDplusObject::resetObjectInformationCache();
856	daniel-mar	2442	}
		2443	}
		2444	}
		2445
374	daniel-mar	2446	}

Subversion Repositories oidplus

oidplus/trunk/includes/classes/OIDplus.class.php – Rev 1212