WebSVN – oidplus – Diff – /trunk/plugins/viathinksoft/adminPages/901_vnag_version_check/vnag.php


<?php
 
/*
 * OIDplus 2.0
 * Copyright 2019 - 2022 Daniel Marschall, ViaThinkSoft
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 
use ViaThinkSoft\OIDplus\OIDplus;
use ViaThinkSoft\OIDplus\OIDplusException;
use ViaThinkSoft\OIDplus\OIDplusPageAdminVNagVersionCheck;
 
include __DIR__ . '/../../../../vendor/danielmarschall/vnag/framework/vnag_framework.inc.php';
include __DIR__ . '/../../../../includes/oidplus.inc.php';
 
const OIDPLUS_VNAG_MAX_CACHE_AGE = 60; // seconds (TODO: in base config?)
 
OIDplus::init(false);
 
if (OIDplus::baseConfig()->getValue('DISABLE_PLUGIN_ViaThinkSoft\OIDplus\OIDplusPageAdminVNagVersionCheck', false)) {
        throw new OIDplusException(_L('This plugin was disabled by the system administrator!'));
}
 
class VNagMonitorDummy extends VNag {
 
        private $status;
 
        private $content;
 
        public function __construct($status, $content) {
                parent::__construct();
                $this->status = $status;
                $this->content = $content;
        }
 
        protected function cbRun($optional_args = array()) {
                $this->setStatus($this->status);
                $this->setHeadline($this->content);
        }
}
 
$cache_file = OIDplus::localpath() . 'userdata/cache/vnag_version_check.ser';
 
if ((file_exists($cache_file)) && (time()-filemtime($cache_file) <= OIDPLUS_VNAG_MAX_CACHE_AGE)) {
        // Anti DoS
 
        // TODO: There is a small flaw: If the admin fails to secure the "cache/" folder
        //       from the public, then people can read the version file, even if the
        //       VNag script is intended to be protected by a vnag_password.
        list($out_stat, $out_msg) = unserialize(file_get_contents($cache_file));
 
} else {
 
        $installType = OIDplus::getInstallType();
 
        if ($installType === 'ambigous') {
                $out_stat = VNag::STATUS_UNKNOWN;
                $out_msg  = 'Multiple version files/directories (oidplus_version.txt, .version.php, .git, or .svn) are existing! Therefore, the version is ambiguous!'; // do not translate
        } else if ($installType === 'unknown') {
                $out_stat = VNag::STATUS_UNKNOWN;
                $out_msg  = 'The version cannot be determined, and the update needs to be applied manually!'; // do not translate
        } else if (($installType === 'svn-wc') || ($installType === 'git-wc')) {
                $local_installation = OIDplus::getVersion();
                $newest_version = getLatestRevision();
 
                $requireInfo = ($installType === 'svn-wc') ? 'shell access with svn/svnversion tool, or PDO/SQLite3 PHP extension' : 'shell access with Git client'; // do not translate
                $updateCommand = ($installType === 'svn-wc') ? 'svn update' : 'git pull';
 
                if (!$newest_version) {
                        $out_stat = VNag::STATUS_UNKNOWN;
                        $out_msg  = 'OIDplus could not determine the latest version. Probably the ViaThinkSoft server could not be reached.'; // do not translate
                } else if (!$local_installation) {
                        $out_stat = VNag::STATUS_UNKNOWN;
                        $out_msg  = 'OIDplus could not determine its version (Required: ' . $requireInfo . '). Please update your system manually via the "' . $updateCommand . '" command regularly.'; // do not translate
                } else if (version_compare($local_installation, $newest_version) >= 0) {
                        $out_stat = VNag::STATUS_OK;
                        $out_msg  = 'You are using the latest version of OIDplus (' . $local_installation . ' local / ' . $newest_version . ' remote)'; // do not translate
                } else {
                        $out_stat = VNag::STATUS_WARNING;
                        $out_msg  = 'OIDplus is outdated. (' . $local_installation . ' local / ' . $newest_version . ' remote)'; // do not translate
                }
        } else if ($installType === 'svn-snapshot') {
                $local_installation = OIDplus::getVersion();
                $newest_version = getLatestRevision();
 
                if (!$newest_version) {
                        $out_stat = VNag::STATUS_UNKNOWN;
                        $out_msg  = 'OIDplus could not determine the latest version. Probably the ViaThinkSoft server could not be reached.'; // do not translate
                } else if (!$local_installation) {
                        $out_stat = 'WARN';
                        $out_msg  = 'OIDplus could not determine its version. Please update your system manually by downloading the latest archive file from oidplus.com.'; // do not translate
                } else if (version_compare($local_installation, $newest_version) >= 0) {
                        $out_stat = VNag::STATUS_OK;
                        $out_msg  = 'You are using the latest version of OIDplus (' . $local_installation . ' local / ' . $newest_version . ' remote)'; // do not translate
                } else {
                        $out_stat = VNag::STATUS_WARNING;
                        $out_msg  = 'OIDplus is outdated. (' . $local_installation . ' local / ' . $newest_version . ' remote)'; // do not translate
                }
        } else {
                assert(false);
                die();
        }
 
        @file_put_contents($cache_file, serialize(array($out_stat, $out_msg)));
}
 
$job = new VNagMonitorDummy($out_stat, $out_msg);
if (OIDplus::config()->getValue('vnag_version_check_password_protected','1') == '1') {
        $job->http_visual_output = VNag::OUTPUT_NEVER;
        $job->password_out = OIDplusPageAdminVNagVersionCheck::vnag_password();
        $job->outputHTML(_L('This page contains an encrypted VNag machine-readable status.'));
} else {
        $job->http_visual_output = VNag::OUTPUT_ALWAYS;
}
if (OIDplus::getPkiStatus()) {
        $job->privkey = OIDplus::getSystemPrivateKey();
}
$job->run();
unset($job);
 
OIDplus::invoke_shutdown();
 
# ---
 
function getLatestRevision() {
        try {
                if (function_exists('gzdecode')) {
                        $url = OIDplus::getEditionInfo()['revisionlog_gz'];
                        $cont = url_get_contents($url);
                        if ($cont !== false) $cont = @gzdecode($cont);
                } else {
                        $url = OIDplus::getEditionInfo()['revisionlog'];
                        $cont = url_get_contents($url);
                }
                if ($cont === false) return false;
                $ary = @unserialize($cont);
                if ($ary === false) return false;
                krsort($ary);
                $max_rev = array_keys($ary)[0];
                return 'svn-' . $max_rev;
        } catch (\Exception $e) {
                return false;
        }
}
 
 

Subversion Repositories oidplus

oidplus/trunk/plugins/viathinksoft/adminPages/901_vnag_version_check/vnag.php – Rev 1116 → 1143

Rev 1116		Rev 1143
1	<?php	1	<?php
2		2
3	/*	3	/*
4	* OIDplus 2.0	4	* OIDplus 2.0
5	* Copyright 2019 - 2022 Daniel Marschall, ViaThinkSoft	5	* Copyright 2019 - 2022 Daniel Marschall, ViaThinkSoft
6	*	6	*
7	* Licensed under the Apache License, Version 2.0 (the "License");	7	* Licensed under the Apache License, Version 2.0 (the "License");
8	* you may not use this file except in compliance with the License.	8	* you may not use this file except in compliance with the License.
9	* You may obtain a copy of the License at	9	* You may obtain a copy of the License at
10	*	10	*
11	* http://www.apache.org/licenses/LICENSE-2.0	11	* http://www.apache.org/licenses/LICENSE-2.0
12	*	12	*
13	* Unless required by applicable law or agreed to in writing, software	13	* Unless required by applicable law or agreed to in writing, software
14	* distributed under the License is distributed on an "AS IS" BASIS,	14	* distributed under the License is distributed on an "AS IS" BASIS,
15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.	15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16	* See the License for the specific language governing permissions and	16	* See the License for the specific language governing permissions and
17	* limitations under the License.	17	* limitations under the License.
18	*/	18	*/
19		19
20	use ViaThinkSoft\OIDplus\OIDplus;	20	use ViaThinkSoft\OIDplus\OIDplus;
21	use ViaThinkSoft\OIDplus\OIDplusException;	21	use ViaThinkSoft\OIDplus\OIDplusException;
22	use ViaThinkSoft\OIDplus\OIDplusPageAdminVNagVersionCheck;	22	use ViaThinkSoft\OIDplus\OIDplusPageAdminVNagVersionCheck;
23		23
24	include __DIR__ . '/../../../../vendor/danielmarschall/vnag/framework/vnag_framework.inc.php';	24	include __DIR__ . '/../../../../vendor/danielmarschall/vnag/framework/vnag_framework.inc.php';
25	include __DIR__ . '/../../../../includes/oidplus.inc.php';	25	include __DIR__ . '/../../../../includes/oidplus.inc.php';
26		26
27	const OIDPLUS_VNAG_MAX_CACHE_AGE = 60; // seconds (TODO: in base config?)	27	const OIDPLUS_VNAG_MAX_CACHE_AGE = 60; // seconds (TODO: in base config?)
28		28
29	OIDplus::init(false);	29	OIDplus::init(false);
30		30
31	if (OIDplus::baseConfig()->getValue('DISABLE_PLUGIN_ViaThinkSoft\OIDplus\OIDplusPageAdminVNagVersionCheck', false)) {	31	if (OIDplus::baseConfig()->getValue('DISABLE_PLUGIN_ViaThinkSoft\OIDplus\OIDplusPageAdminVNagVersionCheck', false)) {
32	throw new OIDplusException(_L('This plugin was disabled by the system administrator!'));	32	throw new OIDplusException(_L('This plugin was disabled by the system administrator!'));
33	}	33	}
34		34
35	class VNagMonitorDummy extends VNag {	35	class VNagMonitorDummy extends VNag {
36		36
37	private $status;	37	private $status;
38		38
39	private $content;	39	private $content;
40		40
41	public function __construct($status, $content) {	41	public function __construct($status, $content) {
42	parent::__construct();	42	parent::__construct();
43	$this->status = $status;	43	$this->status = $status;
44	$this->content = $content;	44	$this->content = $content;
45	}	45	}
46		46
47	protected function cbRun($optional_args = array()) {	47	protected function cbRun($optional_args = array()) {
48	$this->setStatus($this->status);	48	$this->setStatus($this->status);
49	$this->setHeadline($this->content);	49	$this->setHeadline($this->content);
50	}	50	}
51	}	51	}
52		52
53	$cache_file = OIDplus::localpath() . 'userdata/cache/vnag_version_check.ser';	53	$cache_file = OIDplus::localpath() . 'userdata/cache/vnag_version_check.ser';
54		54
55	if ((file_exists($cache_file)) && (time()-filemtime($cache_file) <= OIDPLUS_VNAG_MAX_CACHE_AGE)) {	55	if ((file_exists($cache_file)) && (time()-filemtime($cache_file) <= OIDPLUS_VNAG_MAX_CACHE_AGE)) {
56	// Anti DoS	56	// Anti DoS
57		57
58	// TODO: There is a small flaw: If the admin fails to secure the "cache/" folder	58	// TODO: There is a small flaw: If the admin fails to secure the "cache/" folder
59	// from the public, then people can read the version file, even if the	59	// from the public, then people can read the version file, even if the
60	// VNag script is intended to be protected by a vnag_password.	60	// VNag script is intended to be protected by a vnag_password.
61	list($out_stat, $out_msg) = unserialize(file_get_contents($cache_file));	61	list($out_stat, $out_msg) = unserialize(file_get_contents($cache_file));
62		62
63	} else {	63	} else {
64		64
65	$installType = OIDplus::getInstallType();	65	$installType = OIDplus::getInstallType();
66		66
67	if ($installType === 'ambigous') {	67	if ($installType === 'ambigous') {
68	$out_stat = VNag::STATUS_UNKNOWN;	68	$out_stat = VNag::STATUS_UNKNOWN;
69	$out_msg = 'Multiple version files/directories (oidplus_version.txt, .version.php, .git, or .svn) are existing! Therefore, the version is ambiguous!'; // do not translate	69	$out_msg = 'Multiple version files/directories (oidplus_version.txt, .version.php, .git, or .svn) are existing! Therefore, the version is ambiguous!'; // do not translate
70	} else if ($installType === 'unknown') {	70	} else if ($installType === 'unknown') {
71	$out_stat = VNag::STATUS_UNKNOWN;	71	$out_stat = VNag::STATUS_UNKNOWN;
72	$out_msg = 'The version cannot be determined, and the update needs to be applied manually!'; // do not translate	72	$out_msg = 'The version cannot be determined, and the update needs to be applied manually!'; // do not translate
73	} else if (($installType === 'svn-wc') \|\| ($installType === 'git-wc')) {	73	} else if (($installType === 'svn-wc') \|\| ($installType === 'git-wc')) {
74	$local_installation = OIDplus::getVersion();	74	$local_installation = OIDplus::getVersion();
75	$newest_version = getLatestRevision();	75	$newest_version = getLatestRevision();
76		76
77	$requireInfo = ($installType === 'svn-wc') ? 'shell access with svn/svnversion tool, or PDO/SQLite3 PHP extension' : 'shell access with Git client'; // do not translate	77	$requireInfo = ($installType === 'svn-wc') ? 'shell access with svn/svnversion tool, or PDO/SQLite3 PHP extension' : 'shell access with Git client'; // do not translate
78	$updateCommand = ($installType === 'svn-wc') ? 'svn update' : 'git pull';	78	$updateCommand = ($installType === 'svn-wc') ? 'svn update' : 'git pull';
79		79
80	if (!$newest_version) {	80	if (!$newest_version) {
81	$out_stat = VNag::STATUS_UNKNOWN;	81	$out_stat = VNag::STATUS_UNKNOWN;
82	$out_msg = 'OIDplus could not determine the latest version. Probably the ViaThinkSoft server could not be reached.'; // do not translate	82	$out_msg = 'OIDplus could not determine the latest version. Probably the ViaThinkSoft server could not be reached.'; // do not translate
83	} else if (!$local_installation) {	83	} else if (!$local_installation) {
84	$out_stat = VNag::STATUS_UNKNOWN;	84	$out_stat = VNag::STATUS_UNKNOWN;
85	$out_msg = 'OIDplus could not determine its version (Required: ' . $requireInfo . '). Please update your system manually via the "' . $updateCommand . '" command regularly.'; // do not translate	85	$out_msg = 'OIDplus could not determine its version (Required: ' . $requireInfo . '). Please update your system manually via the "' . $updateCommand . '" command regularly.'; // do not translate
86	} else if (version_compare($local_installation, $newest_version) >= 0) {	86	} else if (version_compare($local_installation, $newest_version) >= 0) {
87	$out_stat = VNag::STATUS_OK;	87	$out_stat = VNag::STATUS_OK;
88	$out_msg = 'You are using the latest version of OIDplus (' . $local_installation . ' local / ' . $newest_version . ' remote)'; // do not translate	88	$out_msg = 'You are using the latest version of OIDplus (' . $local_installation . ' local / ' . $newest_version . ' remote)'; // do not translate
89	} else {	89	} else {
90	$out_stat = VNag::STATUS_WARNING;	90	$out_stat = VNag::STATUS_WARNING;
91	$out_msg = 'OIDplus is outdated. (' . $local_installation . ' local / ' . $newest_version . ' remote)'; // do not translate	91	$out_msg = 'OIDplus is outdated. (' . $local_installation . ' local / ' . $newest_version . ' remote)'; // do not translate
92	}	92	}
93	} else if ($installType === 'svn-snapshot') {	93	} else if ($installType === 'svn-snapshot') {
94	$local_installation = OIDplus::getVersion();	94	$local_installation = OIDplus::getVersion();
95	$newest_version = getLatestRevision();	95	$newest_version = getLatestRevision();
96		96
97	if (!$newest_version) {	97	if (!$newest_version) {
98	$out_stat = VNag::STATUS_UNKNOWN;	98	$out_stat = VNag::STATUS_UNKNOWN;
99	$out_msg = 'OIDplus could not determine the latest version. Probably the ViaThinkSoft server could not be reached.'; // do not translate	99	$out_msg = 'OIDplus could not determine the latest version. Probably the ViaThinkSoft server could not be reached.'; // do not translate
-		100	} else if (!$local_installation) {
-		101	$out_stat = 'WARN';
-		102	$out_msg = 'OIDplus could not determine its version. Please update your system manually by downloading the latest archive file from oidplus.com.'; // do not translate
100	} else if (version_compare($local_installation, $newest_version) >= 0) {	103	} else if (version_compare($local_installation, $newest_version) >= 0) {
101	$out_stat = VNag::STATUS_OK;	104	$out_stat = VNag::STATUS_OK;
102	$out_msg = 'You are using the latest version of OIDplus (' . $local_installation . ' local / ' . $newest_version . ' remote)'; // do not translate	105	$out_msg = 'You are using the latest version of OIDplus (' . $local_installation . ' local / ' . $newest_version . ' remote)'; // do not translate
103	} else {	106	} else {
104	$out_stat = VNag::STATUS_WARNING;	107	$out_stat = VNag::STATUS_WARNING;
105	$out_msg = 'OIDplus is outdated. (' . $local_installation . ' local / ' . $newest_version . ' remote)'; // do not translate	108	$out_msg = 'OIDplus is outdated. (' . $local_installation . ' local / ' . $newest_version . ' remote)'; // do not translate
106	}	109	}
107	} else {	110	} else {
108	assert(false);	111	assert(false);
109	die();	112	die();
110	}	113	}
111		114
112	@file_put_contents($cache_file, serialize(array($out_stat, $out_msg)));	115	@file_put_contents($cache_file, serialize(array($out_stat, $out_msg)));
113	}	116	}
114		117
115	$job = new VNagMonitorDummy($out_stat, $out_msg);	118	$job = new VNagMonitorDummy($out_stat, $out_msg);
116	if (OIDplus::config()->getValue('vnag_version_check_password_protected','1') == '1') {	119	if (OIDplus::config()->getValue('vnag_version_check_password_protected','1') == '1') {
117	$job->http_visual_output = VNag::OUTPUT_NEVER;	120	$job->http_visual_output = VNag::OUTPUT_NEVER;
118	$job->password_out = OIDplusPageAdminVNagVersionCheck::vnag_password();	121	$job->password_out = OIDplusPageAdminVNagVersionCheck::vnag_password();
119	$job->outputHTML(_L('This page contains an encrypted VNag machine-readable status.'));	122	$job->outputHTML(_L('This page contains an encrypted VNag machine-readable status.'));
120	} else {	123	} else {
121	$job->http_visual_output = VNag::OUTPUT_ALWAYS;	124	$job->http_visual_output = VNag::OUTPUT_ALWAYS;
122	}	125	}
123	if (OIDplus::getPkiStatus()) {	126	if (OIDplus::getPkiStatus()) {
124	$job->privkey = OIDplus::getSystemPrivateKey();	127	$job->privkey = OIDplus::getSystemPrivateKey();
125	}	128	}
126	$job->run();	129	$job->run();
127	unset($job);	130	unset($job);
128		131
129	OIDplus::invoke_shutdown();	132	OIDplus::invoke_shutdown();
130		133
131	# ---	134	# ---
132		135
133	function getLatestRevision() {	136	function getLatestRevision() {
134	try {	137	try {
135	if (function_exists('gzdecode')) {	138	if (function_exists('gzdecode')) {
136	$url = OIDplus::getEditionInfo()['revisionlog_gz'];	139	$url = OIDplus::getEditionInfo()['revisionlog_gz'];
137	$cont = url_get_contents($url);	140	$cont = url_get_contents($url);
138	if ($cont !== false) $cont = @gzdecode($cont);	141	if ($cont !== false) $cont = @gzdecode($cont);
139	} else {	142	} else {
140	$url = OIDplus::getEditionInfo()['revisionlog'];	143	$url = OIDplus::getEditionInfo()['revisionlog'];
141	$cont = url_get_contents($url);	144	$cont = url_get_contents($url);
142	}	145	}
143	if ($cont === false) return false;	146	if ($cont === false) return false;
144	$ary = @unserialize($cont);	147	$ary = @unserialize($cont);
145	if ($ary === false) return false;	148	if ($ary === false) return false;
146	krsort($ary);	149	krsort($ary);
147	$max_rev = array_keys($ary)[0];	150	$max_rev = array_keys($ary)[0];
148	return 'svn-' . $max_rev;	151	return 'svn-' . $max_rev;
149	} catch (\Exception $e) {	152	} catch (\Exception $e) {
150	return false;	153	return false;
151	}	154	}
152	}	155	}
153		156
154		157