WebSVN – oidplus – Blame – /trunk/includes/classes/OIDplus.class.php

Rev	Author	Line No.	Line
2	daniel-mar	1	<?php
		2
		3	/*
		4	* OIDplus 2.0
		5	* Copyright 2019 Daniel Marschall, ViaThinkSoft
		6	*
		7	* Licensed under the Apache License, Version 2.0 (the "License");
		8	* you may not use this file except in compliance with the License.
		9	* You may obtain a copy of the License at
		10	*
		11	* http://www.apache.org/licenses/LICENSE-2.0
		12	*
		13	* Unless required by applicable law or agreed to in writing, software
		14	* distributed under the License is distributed on an "AS IS" BASIS,
		15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		16	* See the License for the specific language governing permissions and
		17	* limitations under the License.
		18	*/
		19
		20	class OIDplus {
61	daniel-mar	21	private static /OIDplusPagePlugin[][]/ $pagePlugins = array();
		22	private static /OIDplusObject/ $objectTypes = array();
74	daniel-mar	23	private static /OIDplusObject/ $disabledObjectTypes = array();
2	daniel-mar	24
		25	private function __construct() {
		26	}
		27
		28	public static function db() {
86	daniel-mar	29	static $database = null;
		30	if (is_null($database)) {
		31	$database = new OIDplusDataBaseMySQL();
2	daniel-mar	32	}
86	daniel-mar	33	return $database;
2	daniel-mar	34	}
		35
		36	public static function config() {
86	daniel-mar	37	static $config = null;
		38	if (is_null($config)) {
		39	$config = new OIDplusConfig();
2	daniel-mar	40	}
86	daniel-mar	41	return $config;
2	daniel-mar	42	}
		43
		44	public static function gui() {
86	daniel-mar	45	static $gui = null;
		46	if (is_null($gui)) {
		47	$gui = new OIDplusGui();
		48	}
		49	return $gui;
2	daniel-mar	50	}
		51
		52	public static function authUtils() {
86	daniel-mar	53	static $authUtils = null;
		54	if (is_null($authUtils)) {
		55	$authUtils = new OIDplusAuthUtils();
		56	}
		57	return $authUtils;
2	daniel-mar	58	}
		59
86	daniel-mar	60	public static function sesHandler() {
		61	static $sesHandler = null;
		62	if (is_null($sesHandler)) {
		63	$sesHandler = new OIDplusSessionHandler(OIDPLUS_SESSION_SECRET);
		64	}
		65	return $sesHandler;
		66	}
		67
83	daniel-mar	68	public static function system_url($relative=false) {
74	daniel-mar	69	if (!isset($_SERVER["REQUEST_URI"])) return false;
		70
		71	$test_dir = dirname($_SERVER['SCRIPT_FILENAME']);
		72	$c = 0;
		73	while (!file_exists($test_dir.'/oidplus.js')) {
		74	$test_dir = dirname($test_dir);
		75	$c++;
		76	if ($c == 1000) return false;
		77	}
		78
80	daniel-mar	79	$res = dirname($_SERVER['REQUEST_URI'].'xxx');
74	daniel-mar	80
		81	for ($i=1; $i<=$c; $i++) {
76	daniel-mar	82	$res = dirname($res);
74	daniel-mar	83	}
		84
76	daniel-mar	85	$res .= '/';
		86
83	daniel-mar	87	if (!$relative) {
		88	$res = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]" . $res; // TODO: also add port?
		89	}
82	daniel-mar	90
74	daniel-mar	91	return $res;
2	daniel-mar	92	}
		93
61	daniel-mar	94	public static function registerPagePlugin(OIDplusPagePlugin $plugin) {
		95	$type = $plugin->type();
		96	if ($type === false) return false;
		97
		98	$prio = $plugin->priority();
		99	if ($prio === false) return false;
		100
		101	if (!isset(self::$pagePlugins[$type])) self::$pagePlugins[$type] = array();
		102	self::$pagePlugins[$type][$prio] = $plugin;
		103
		104	return true;
		105	}
		106
		107	public static function getPagePlugins($type) {
		108	if ($type == '*') {
		109	$res = array();
		110	foreach (self::$pagePlugins as $data) {
		111	$res = array_merge($res, $data);
		112	}
		113	} else {
		114	$res = self::$pagePlugins[$type];
		115	}
		116	ksort($res);
		117	return $res;
		118	}
		119
		120	public static function registerObjectType($ot) {
66	daniel-mar	121	$ns = $ot::ns();
		122
		123	if (empty($ns)) die("Attention: Empty NS at $ot\n");
		124
		125	$ns_found = false;
		126	foreach (OIDplus::getRegisteredObjectTypes() as $test_ot) {
		127	if ($test_ot::ns() == $ns) {
		128	$ns_found = true;
		129	break;
		130	}
		131	}
		132	if ($ns_found) {
		133	throw new Exception("Attention: Two objectType plugins use the same namespace \"$ns\"!");
		134	}
		135
		136	$init = OIDplus::config()->getValue("objecttypes_initialized");
		137	$init_ary = empty($init) ? array() : explode(';', $init);
70	daniel-mar	138	$init_ary = array_map('trim', $init_ary);
66	daniel-mar	139
		140	$enabled = OIDplus::config()->getValue("objecttypes_enabled");
		141	$enabled_ary = empty($enabled) ? array() : explode(';', $enabled);
70	daniel-mar	142	$enabled_ary = array_map('trim', $enabled_ary);
66	daniel-mar	143
79	daniel-mar	144	$do_enable = false;
		145	if (in_array($ns, $enabled_ary)) {
		146	$do_enable = true;
		147	} else {
		148	if (!OIDplus::config()->getValue('registration_done')) {
		149	$do_enable = $ns == 'oid';
		150	} else {
		151	$do_enable = !in_array($ns, $init_ary);
		152	}
		153	}
		154
		155	if ($do_enable) {
66	daniel-mar	156	self::$objectTypes[] = $ot;
		157	usort(self::$objectTypes, function($a, $b) {
		158	$enabled = OIDplus::config()->getValue("objecttypes_enabled");
		159	$enabled_ary = explode(';', $enabled);
		160
		161	$idx_a = array_search($a::ns(), $enabled_ary);
		162	$idx_b = array_search($b::ns(), $enabled_ary);
		163
		164	if ($idx_a == $idx_b) {
		165	return 0;
		166	}
		167	return ($idx_a > $idx_b) ? +1 : -1;
		168	});
74	daniel-mar	169	} else {
		170	self::$disabledObjectTypes[] = $ot;
66	daniel-mar	171	}
		172
		173	if (!in_array($ns, $init_ary)) {
		174	// Was never initialized before, so we add it to the list of enabled object types once
		175
79	daniel-mar	176	if ($do_enable) {
		177	$enabled_ary[] = $ns;
		178	OIDplus::config()->setValue("objecttypes_enabled", implode(';', $enabled_ary));
		179	}
66	daniel-mar	180
		181	$init_ary[] = $ns;
		182	OIDplus::config()->setValue("objecttypes_initialized", implode(';', $init_ary));
		183	}
61	daniel-mar	184	}
		185
		186	public static function getRegisteredObjectTypes() {
		187	return self::$objectTypes;
		188	}
		189
74	daniel-mar	190	public static function getDisabledObjectTypes() {
		191	return self::$disabledObjectTypes;
		192	}
		193
		194	public static function system_id($oid=false) {
		195	if (!self::pkiStatus(true)) return false;
		196	$pubKey = OIDplus::config()->getValue('oidplus_public_key');
		197	if (preg_match('@BEGIN PUBLIC KEY\-+(.+)\-+END PUBLIC KEY@ismU', $pubKey, $m)) {
		198	return ($oid ? '1.3.6.1.4.1.37476.30.9.' : '').smallhash(base64_decode($m[1]));
		199	}
		200	return false;
		201	}
		202
		203	public static function pkiStatus($try_generate=true) {
		204	if (!function_exists('openssl_pkey_new')) return false;
		205
		206	$privKey = OIDplus::config()->getValue('oidplus_private_key');
		207	$pubKey = OIDplus::config()->getValue('oidplus_public_key');
		208
		209	if ($try_generate && !verify_private_public_key($privKey, $pubKey)) {
		210	$config = array(
		211	"digest_alg" => "sha512",
		212	"private_key_bits" => 2048,
		213	"private_key_type" => OPENSSL_KEYTYPE_RSA,
		214	);
		215
		216	// Create the private and public key
		217	$res = openssl_pkey_new($config);
		218
		219	// Extract the private key from $res to $privKey
		220	openssl_pkey_export($res, $privKey);
		221
		222	OIDplus::config()->setValue('oidplus_private_key', $privKey);
		223
		224	// Extract the public key from $res to $pubKey
		225	$pubKey = openssl_pkey_get_details($res);
		226	$pubKey = $pubKey["key"];
		227
		228	OIDplus::config()->setValue('oidplus_public_key', $pubKey);
		229	}
		230
		231	return verify_private_public_key($privKey, $pubKey);
		232	}
		233
2	daniel-mar	234	public static function init($html=true) {
42	daniel-mar	235	define('OIDPLUS_HTML_OUTPUT', $html);
		236
2	daniel-mar	237	// Include config file
74	daniel-mar	238
2	daniel-mar	239	if (file_exists(__DIR__ . '/../config.inc.php')) {
		240	include_once __DIR__ . '/../config.inc.php';
		241	} else {
		242	if ($html) {
74	daniel-mar	243	if (!is_dir('setup')) {
2	daniel-mar	244	echo 'Error: Setup directory missing.';
		245	} else {
42	daniel-mar	246	header('Location:setup/');
2	daniel-mar	247	}
		248	} else {
		249	echo 'Error: Setup directory missing!';
		250	}
		251	die();
		252	}
		253
		254	// Auto-fill non-existing config values
74	daniel-mar	255
2	daniel-mar	256	if (!defined('OIDPLUS_CONFIG_VERSION')) define('OIDPLUS_CONFIG_VERSION', 0.0);
		257	if (!defined('OIDPLUS_ADMIN_PASSWORD')) define('OIDPLUS_ADMIN_PASSWORD', '');
		258	if (!defined('OIDPLUS_MYSQL_HOST')) define('OIDPLUS_MYSQL_HOST', 'localhost');
		259	if (!defined('OIDPLUS_MYSQL_USERNAME')) define('OIDPLUS_MYSQL_USERNAME', 'root');
		260	if (!defined('OIDPLUS_MYSQL_PASSWORD')) define('OIDPLUS_MYSQL_PASSWORD', '');
		261	if (!defined('OIDPLUS_MYSQL_DATABASE')) define('OIDPLUS_MYSQL_DATABASE', 'oidplus');
		262	if (!defined('OIDPLUS_TABLENAME_PREFIX')) define('OIDPLUS_TABLENAME_PREFIX', '');
		263	if (!defined('OIDPLUS_SESSION_SECRET')) define('OIDPLUS_SESSION_SECRET', '');
27	daniel-mar	264	if (!defined('RECAPTCHA_ENABLED')) define('RECAPTCHA_ENABLED', false);
		265	if (!defined('RECAPTCHA_PUBLIC')) define('RECAPTCHA_PUBLIC', '');
		266	if (!defined('RECAPTCHA_PRIVATE')) define('RECAPTCHA_PRIVATE', '');
80	daniel-mar	267	if (!defined('OIDPLUS_ENFORCE_SSL')) define('OIDPLUS_ENFORCE_SSL', 2);
2	daniel-mar	268
		269	// Check version of the config file
74	daniel-mar	270
76	daniel-mar	271	if (OIDPLUS_CONFIG_VERSION != 2.0) {
2	daniel-mar	272	if ($html) {
		273	echo '<h1>Error</h1><p>The information located in <b>includes/config.inc.php</b> is outdated.</p><p>Please run <a href="setup/">setup</a> again.</p>';
		274	} else {
		275	echo 'The information located in includes/config.inc.php is outdated. Please run setup again.';
		276	}
		277	die();
		278	}
42	daniel-mar	279
		280	// Do redirect stuff etc.
74	daniel-mar	281
42	daniel-mar	282	define('OIDPLUS_SSL_AVAILABLE', self::isSslAvailable());
61	daniel-mar	283
66	daniel-mar	284	// System config settings
		285
75	daniel-mar	286	OIDplus::config()->prepareConfigKey('objecttypes_initialized', 'List of object type plugins that were initialized once', '', 1, 1);
		287	OIDplus::config()->prepareConfigKey('objecttypes_enabled', 'Enabled object types and their order, separated with a semicolon (please reload the page so that the change is applied)', '', 0, 1);
66	daniel-mar	288
75	daniel-mar	289	OIDplus::config()->prepareConfigKey('oidplus_private_key', 'Private key for this system', '', 1, 0);
80	daniel-mar	290	OIDplus::config()->prepareConfigKey('oidplus_public_key', 'Public key for this system. If you "clone" your system, you must delete this key (e.g. using phpMyAdmin), so that a new one is created.', '', 1, 1);
74	daniel-mar	291
		292	// Initialize public / private keys
		293
		294	OIDplus::pkiStatus(true);
		295
61	daniel-mar	296	// Register plugins
74	daniel-mar	297
		298	$ary = glob(__DIR__ . '/../../plugins/system/'.'*'.'/plugin.inc.php');
		299	foreach ($ary as $a) include $a;
61	daniel-mar	300	$ary = glob(__DIR__ . '/../../plugins/publicPages/'.'*'.'/plugin.inc.php');
		301	foreach ($ary as $a) include $a;
		302	$ary = glob(__DIR__ . '/../../plugins/raPages/'.'*'.'/plugin.inc.php');
		303	foreach ($ary as $a) include $a;
		304	$ary = glob(__DIR__ . '/../../plugins/adminPages/'.'*'.'/plugin.inc.php');
		305	foreach ($ary as $a) include $a;
66	daniel-mar	306	$ary = glob(__DIR__ . '/../../plugins/objectTypes/'.''.'/.class.php');
		307	foreach ($ary as $a) include $a;
74	daniel-mar	308
		309	// Initialize plugins
		310
		311	foreach (OIDplus::getPagePlugins('*') as $plugin) {
		312	$plugin->init($html);
		313	}
2	daniel-mar	314	}
42	daniel-mar	315
		316	private static function isSslAvailable() {
49	daniel-mar	317	$timeout = 2;
80	daniel-mar	318	$already_ssl = isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == "on");
		319	$ssl_port = 443;
83	daniel-mar	320	$cookie_path = OIDplus::system_url(true);
		321	if (empty($cookie_path)) $cookie_path = '/';
42	daniel-mar	322
54	daniel-mar	323	if (php_sapi_name() == 'cli') return false;
		324
80	daniel-mar	325	if (OIDPLUS_ENFORCE_SSL == 0) {
		326	// No SSL available
		327	return $already_ssl;
		328	}
		329
		330	if (OIDPLUS_ENFORCE_SSL == 1) {
		331	// Force SSL
		332	if ($already_ssl) {
		333	return true;
42	daniel-mar	334	} else {
80	daniel-mar	335	$location = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
		336	header('Location:'.$location);
		337	die('Redirect to HTTPS');
		338	return true;
		339	}
		340	}
		341
		342	if (OIDPLUS_ENFORCE_SSL == 2) {
		343	// Automatic SSL detection
		344
		345	if ($already_ssl) {
		346	// we are already on HTTPS
83	daniel-mar	347	setcookie('SSL_CHECK', '1', 0, $cookie_path, '', false, true);
80	daniel-mar	348	return true;
		349	} else {
		350	if (isset($_COOKIE['SSL_CHECK'])) {
		351	// We already had the HTTPS detection done before.
		352	if ($_COOKIE['SSL_CHECK']) {
		353	// HTTPS was detected before, but we are HTTP. Redirect now
		354	$location = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
		355	header('Location:'.$location);
		356	die('Redirect to HTTPS');
		357	return true;
		358	} else {
		359	// No HTTPS available. Do nothing.
		360	return false;
		361	}
49	daniel-mar	362	} else {
80	daniel-mar	363	// This is our first check (or the browser didn't accept the SSL_CHECK cookie)
		364	if (@fsockopen($_SERVER['HTTP_HOST'], $ssl_port, $errno, $errstr, $timeout)) {
		365	// HTTPS detected. Redirect now, and remember that we had detected HTTPS
83	daniel-mar	366	setcookie('SSL_CHECK', '1', 0, $cookie_path, '', false, true);
80	daniel-mar	367	$location = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
		368	header('Location:'.$location);
		369	die('Redirect to HTTPS');
		370	return true;
		371	} else {
		372	// No HTTPS detected. Do nothing, and next time, don't try to detect HTTPS again.
83	daniel-mar	373	setcookie('SSL_CHECK', '0', 0, $cookie_path, '', false, true);
80	daniel-mar	374	return false;
		375	}
49	daniel-mar	376	}
42	daniel-mar	377	}
		378	}
		379	}
2	daniel-mar	380	}

Subversion Repositories oidplus

oidplus/trunk/includes/classes/OIDplus.class.php @ 1127 – Rev 86