2022-08-30 05:01:39 +00:00
< ? php
namespace KaraDAV ;
use KD2\ErrorManager ;
2022-08-31 06:06:27 +00:00
spl_autoload_register ( function ( $class ) {
$class = str_replace ( '\\' , '/' , $class );
require_once __DIR__ . '/../lib/' . $class . '.php' ;
});
2022-08-30 05:01:39 +00:00
ErrorManager :: enable ( ErrorManager :: DEVELOPMENT );
2022-08-31 06:06:27 +00:00
ErrorManager :: setLogFile ( __DIR__ . '/../error.log' );
2022-08-30 05:01:39 +00:00
2022-10-29 22:52:35 +00:00
$cfg_file = __DIR__ . '/../config.local.php' ;
if ( ! file_exists ( $cfg_file )) {
2022-08-30 05:01:39 +00:00
die ( 'This server is not configured yet. Please copy config.dist.php to config.local.php and edit it.' );
}
2022-10-29 22:52:35 +00:00
require $cfg_file ;
// Create random secret key
if ( ! defined ( 'KaraDAV\SECRET_KEY' )) {
$cfg = file_get_contents ( $cfg_file );
if ( false == strpos ( $cfg , 'SECRET_KEY' )) {
$secret = base64_encode ( random_bytes ( 16 ));
$c = sprintf ( " \n \n // Randomly generated secret key, please change only if necessary \n const SECRET_KEY = %s; \n \n " ,
var_export ( $secret , true ));
2022-10-29 23:07:42 +00:00
if ( ! is_writeable ( $cfg_file )) {
echo " <h2>Configuration missing</h2> " ;
echo " <h4>KaraDAV cannot write to <tt>config.local.php</tt></h4> " ;
echo " <p>Please append the following code to the <tt>config.local.php</tt> file:</p> " ;
printf ( '<textarea onclick="this.select();" cols="70" rows="5">%s</textarea>' , htmlspecialchars ( $c ));
exit ( 1 );
}
2022-10-29 22:52:35 +00:00
$cfg = preg_replace ( '/\?>\s*$|$/' , $c , $cfg , 1 );
file_put_contents ( $cfg_file , $cfg );
2022-10-29 23:07:42 +00:00
define ( 'KaraDAV\SECRET_KEY' , $secret );
2022-10-29 22:52:35 +00:00
unset ( $secret , $cfg_file , $cfg );
}
}
2022-08-31 06:06:27 +00:00
// Init database
if ( ! file_exists ( DB_FILE )) {
$db = DB :: getInstance ();
$db -> exec ( 'BEGIN;' );
$db -> exec ( file_get_contents ( __DIR__ . '/../schema.sql' ));
2022-10-24 22:35:52 +00:00
if ( ! LDAP :: enabled ()) {
$users = new Users ;
$p = 'karadavdemo' ;
$users -> create ( 'demo' , $p , 10 , true );
$users -> login ( 'demo' , $p );
2022-10-28 21:42:55 +00:00
$_SESSION [ 'install_password' ] = $p ;
2022-10-24 22:35:52 +00:00
}
2022-08-31 06:06:27 +00:00
$db -> exec ( 'END;' );
}
2022-08-31 07:57:49 +00:00
function html_head ( string $title ) : void
2022-08-31 06:06:27 +00:00
{
$title = htmlspecialchars ( $title );
echo <<< EOF
2022-08-31 07:57:49 +00:00
<! DOCTYPE html >
< html >
< head >
< meta charset = " utf-8 " />
2022-10-24 17:06:00 +00:00
< meta name = " viewport " content = " width=device-width, initial-scale=1.0, target-densitydpi=device-dpi " />
2022-08-31 07:57:49 +00:00
< title > { $title } </ title >
2022-10-24 17:06:00 +00:00
< link rel = " stylesheet " type = " text/css " href = " /ui.css " />
2022-08-31 07:57:49 +00:00
</ head >
< body >
< h1 > { $title } </ h1 >
2022-10-24 17:06:00 +00:00
< main >
2022-08-31 06:06:27 +00:00
EOF ;
2022-10-24 17:06:00 +00:00
if ( isset ( $_SESSION [ 'install_password' ])) {
printf ( '<p class="info">Your server has been installed with a user named <tt>demo</tt> and the password <tt>%s</tt>, please change it.<br /><br />This message will disappear when you log out.</p>' , htmlspecialchars ( $_SESSION [ 'install_password' ]));
}
2022-08-31 07:57:49 +00:00
}
2022-08-31 06:06:27 +00:00
2022-08-31 07:57:49 +00:00
function html_foot () : void
{
echo '
2022-10-24 17:06:00 +00:00
</ main >
2022-08-31 07:57:49 +00:00
< footer >
2022-09-30 13:17:47 +00:00
Powered by < a href = " https://github.com/kd2org/karadav/ " > KaraDAV </ a >
2022-08-31 07:57:49 +00:00
</ footer >
</ body >
</ html > ' ;
2022-08-31 06:06:27 +00:00
}
2022-10-10 13:20:41 +00:00
function format_bytes ( int $bytes , string $unit = 'B' ) : string
{
if ( $bytes >= 1024 * 1024 * 1024 ) {
return round ( $bytes / ( 1024 * 1024 * 1024 ), 1 ) . ' G' . $unit ;
}
elseif ( $bytes >= 1024 * 1024 ) {
return round ( $bytes / ( 1024 * 1024 ), 1 ) . ' M' . $unit ;
}
elseif ( $bytes >= 1024 ) {
return round ( $bytes / 1024 , 1 ) . ' K' . $unit ;
}
else {
return $bytes . ' ' . $unit ;
}
}
2022-10-21 16:21:38 +00:00
function http_log ( string $message , ... $params ) : void
{
2022-10-24 18:02:24 +00:00
if ( ! LOG_FILE ) {
2022-10-21 16:21:38 +00:00
return ;
}
$msg = vsprintf ( $message , $params ) . " \n \n " ;
if ( LOG_FILE ) {
file_put_contents ( LOG_FILE , $msg , FILE_APPEND );
}
}
2022-10-28 21:42:55 +00:00
function html_csrf ()
{
$expire = time () + 1800 ;
$random = random_bytes ( 10 );
$action = $_SERVER [ 'REQUEST_URI' ];
$token = hash_hmac ( 'sha256' , $expire . $random . $action , STORAGE_PATH . session_id ());
return sprintf ( '<input type="hidden" name="_c_" value="%s:%s:%s" />' , $token , base64_encode ( $random ), $expire );
}
function csrf_check () : bool
{
if ( empty ( $_POST [ '_c_' ])) {
return false ;
}
$verify = strtok ( $_POST [ '_c_' ], ':' );
$random = base64_decode ( strtok ( ':' ));
$expire = strtok ( false );
if ( $expire < time ()) {
return false ;
}
$action = $_SERVER [ 'REQUEST_URI' ];
$token = hash_hmac ( 'sha256' , $expire . $random . $action , STORAGE_PATH . session_id ());
return hash_equals ( $token , $verify );
}
function html_csrf_error ()
{
if ( empty ( $_POST [ '_c_' ])) {
return ;
}
if ( ! csrf_check ()) {
echo '<p class="error">Sorry, but the form expired, please submit it again.</p>' ;
}
}