source: inc/prepend.php @ 3231:bf7f869cfed9

Visit:

Revision 3231:bf7f869cfed9, 12.8 KB checked in by franck <carnet.franck.paul@…>, 9 years ago (diff)

Allow different cryptographic algorithm for user password, choosen algo must provide result longer or equal than 40 characters (as default sha1), closes #1922

The constant DC_CRYPT_ALGO should be defined in config.php, and users will have to use recovery password procedure to set a new one according to the choosen algorithm.

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12
13	/* Start tick */
14	define('DC_START_TIME',microtime(true));
15
16	/* ------------------------------------------------------------------------------------------- */
17	# ClearBricks, DotClear classes auto-loader
18	if (@is_dir('/usr/lib/clearbricks')) {
19	define('CLEARBRICKS_PATH','/usr/lib/clearbricks');
20	} elseif (is_dir(dirname(__FILE__).'/libs/clearbricks')) {
21	define('CLEARBRICKS_PATH',dirname(__FILE__).'/libs/clearbricks');
22	} elseif (isset($_SERVER['CLEARBRICKS_PATH']) && is_dir($_SERVER['CLEARBRICKS_PATH'])) {
23	define('CLEARBRICKS_PATH',$_SERVER['CLEARBRICKS_PATH']);
24	}
25
26	if (!defined('CLEARBRICKS_PATH') \|\| !is_dir(CLEARBRICKS_PATH)) {
27	exit('No clearbricks path defined');
28	}
29
30	require CLEARBRICKS_PATH.'/_common.php';
31
32	$__autoload['dcCore'] = dirname(__FILE__).'/core/class.dc.core.php';
33	$__autoload['dcAuth'] = dirname(__FILE__).'/core/class.dc.auth.php';
34	$__autoload['dcBlog'] = dirname(__FILE__).'/core/class.dc.blog.php';
35	$__autoload['dcCategories'] = dirname(__FILE__).'/core/class.dc.categories.php';
36	$__autoload['dcError'] = dirname(__FILE__).'/core/class.dc.error.php';
37	$__autoload['dcMeta'] = dirname(__FILE__).'/core/class.dc.meta.php';
38	$__autoload['dcMedia'] = dirname(__FILE__).'/core/class.dc.media.php';
39	$__autoload['dcPostMedia'] = dirname(__FILE__).'/core/class.dc.postmedia.php';
40	$__autoload['dcModules'] = dirname(__FILE__).'/core/class.dc.modules.php';
41	$__autoload['dcPlugins'] = dirname(__FILE__).'/core/class.dc.plugins.php';
42	$__autoload['dcThemes'] = dirname(__FILE__).'/core/class.dc.themes.php';
43	$__autoload['dcRestServer'] = dirname(__FILE__).'/core/class.dc.rest.php';
44	$__autoload['dcNamespace'] = dirname(__FILE__).'/core/class.dc.namespace.php';
45	$__autoload['dcSettings'] = dirname(__FILE__).'/core/class.dc.settings.php';
46	$__autoload['dcTrackback'] = dirname(__FILE__).'/core/class.dc.trackback.php';
47	$__autoload['dcUpdate'] = dirname(__FILE__).'/core/class.dc.update.php';
48	$__autoload['dcUtils'] = dirname(__FILE__).'/core/class.dc.utils.php';
49	$__autoload['dcXmlRpc'] = dirname(__FILE__).'/core/class.dc.xmlrpc.php';
50	$__autoload['dcLog'] = dirname(__FILE__).'/core/class.dc.log.php';
51	$__autoload['dcWorkspace'] = dirname(__FILE__).'/core/class.dc.workspace.php';
52	$__autoload['dcPrefs'] = dirname(__FILE__).'/core/class.dc.prefs.php';
53	$__autoload['dcStore'] = dirname(__FILE__).'/core/class.dc.store.php';
54	$__autoload['dcStoreReader'] = dirname(__FILE__).'/core/class.dc.store.reader.php';
55	$__autoload['dcStoreParser'] = dirname(__FILE__).'/core/class.dc.store.parser.php';
56	$__autoload['rsExtPost'] = dirname(__FILE__).'/core/class.dc.rs.extensions.php';
57	$__autoload['rsExtComment'] = dirname(__FILE__).'/core/class.dc.rs.extensions.php';
58	$__autoload['rsExtDates'] = dirname(__FILE__).'/core/class.dc.rs.extensions.php';
59	$__autoload['rsExtUser'] = dirname(__FILE__).'/core/class.dc.rs.extensions.php';
60
61	$__autoload['dcUpgrade'] = dirname(__FILE__).'/dbschema/upgrade.php';
62
63	$__autoload['dcMenu'] = dirname(__FILE__).'/admin/class.dc.menu.php';
64	$__autoload['dcFavorites'] = dirname(__FILE__).'/admin/class.dc.favorites.php';
65	$__autoload['dcPage'] = dirname(__FILE__).'/admin/lib.dc.page.php';
66	$__autoload['adminGenericList'] = dirname(__FILE__).'/admin/lib.pager.php';
67	$__autoload['adminPostList'] = dirname(__FILE__).'/admin/lib.pager.php';
68	$__autoload['adminPostMiniList'] = dirname(__FILE__).'/admin/lib.pager.php';
69	$__autoload['adminCommentList'] = dirname(__FILE__).'/admin/lib.pager.php';
70	$__autoload['adminUserList'] = dirname(__FILE__).'/admin/lib.pager.php';
71	$__autoload['dcPager'] = dirname(__FILE__).'/admin/lib.pager.php';
72	$__autoload['dcAdminCombos'] = dirname(__FILE__).'/admin/lib.admincombos.php';
73	$__autoload['adminModulesList'] = dirname(__FILE__).'/admin/lib.moduleslist.php';
74	$__autoload['adminThemesList'] = dirname(__FILE__).'/admin/lib.moduleslist.php';
75	$__autoload['dcThemeConfig'] = dirname(__FILE__).'/admin/lib.themeconfig.php';
76	$__autoload['dcAdminURL'] = dirname(__FILE__).'/admin/lib.dc.adminurl.php';
77	$__autoload['dcPostsActionsPage'] = dirname(__FILE__).'/admin/actions/class.dcactionposts.php';
78	$__autoload['dcCommentsActionsPage'] = dirname(__FILE__).'/admin/actions/class.dcactioncomments.php';
79	$__autoload['dcActionsPage'] = dirname(__FILE__).'/admin/actions/class.dcaction.php';
80
81	$__autoload['dcTemplate'] = dirname(__FILE__).'/public/class.dc.template.php';
82	$__autoload['context'] = dirname(__FILE__).'/public/lib.tpl.context.php';
83	$__autoload['dcUrlHandlers'] = dirname(__FILE__).'/public/lib.urlhandlers.php';
84
85	# Clearbricks extensions
86	html::$absolute_regs[] = '/(<param\s+name="movie"\s+value=")(.*?)(")/msu';
87	html::$absolute_regs[] = '/(<param\s+name="FlashVars"\s+value=".?(?:mp3\|flv)=)(.?)(&\|")/msu';
88	/* ------------------------------------------------------------------------------------------- */
89
90
91	mb_internal_encoding('UTF-8');
92
93	# Setting timezone
94	dt::setTZ('UTC');
95
96	# CLI_MODE, boolean constant that tell if we are in CLI mode
97	define('CLI_MODE',PHP_SAPI == 'cli');
98
99	# Disallow every special wrapper
100	if (function_exists('stream_wrapper_unregister'))
101	{
102	foreach (array('http','https','ftp','ftps','ssh2.shell','ssh2.exec',
103	'ssh2.tunnel','ssh2.sftp','ssh2.scp','ogg','expect') as $p) {
104	@stream_wrapper_unregister($p);
105	}
106	}
107
108	if (isset($_SERVER['DC_RC_PATH'])) {
109	define('DC_RC_PATH',$_SERVER['DC_RC_PATH']);
110	} elseif (isset($_SERVER['REDIRECT_DC_RC_PATH'])) {
111	define('DC_RC_PATH',$_SERVER['REDIRECT_DC_RC_PATH']);
112	} else {
113	define('DC_RC_PATH',dirname(__FILE__).'/config.php');
114	}
115
116	if (!is_file(DC_RC_PATH))
117	{
118	if (strpos($_SERVER['SCRIPT_FILENAME'],'/admin') === false) {
119	$path = 'admin/install/wizard.php';
120	} else {
121	$path = strpos($_SERVER['PHP_SELF'],'/install') === false ? 'install/wizard.php' : 'wizard.php';
122	}
123	http::redirect($path);
124	}
125
126	require DC_RC_PATH;
127
128	//*== DC_DEBUG ==
129	if (!defined('DC_DEBUG')) {
130	define('DC_DEBUG',true);
131	}
132	if (DC_DEBUG) {
133	ini_set('display_errors',true);
134	error_reporting(E_ALL \| E_STRICT);
135	}
136	//*/
137
138	if (!defined('DC_DEBUG')) {
139	define('DC_DEBUG',false);
140	}
141
142	# Constants
143	define('DC_ROOT',path::real(dirname(__FILE__).'/..'));
144	define('DC_VERSION','2.10-dev');
145	define('DC_DIGESTS',dirname(__FILE__).'/digests');
146	define('DC_L10N_ROOT',dirname(__FILE__).'/../locales');
147	define('DC_L10N_UPDATE_URL','http://services.dotclear.net/dc2.l10n/?version=%s');
148	define('DC_DISTRIB_PLUGINS','aboutConfig,akismet,antispam,attachments,blogroll,blowupConfig,dclegacy,fairTrackbacks,importExport,maintenance,pages,pings,simpleMenu,tags,themeEditor,userPref,widgets,dcLegacyEditor,dcCKEditor,breadcrumb');
149	define('DC_DISTRIB_THEMES','berlin,blueSilence,blowupConfig,customCSS,default,ductile');
150	define('DC_DEFAULT_TPLSET','mustek');
151	define('DC_DEFAULT_JQUERY','1.4.2');
152
153	if (!defined('DC_VENDOR_NAME')) {
154	define('DC_VENDOR_NAME','Dotclear');
155	}
156
157	if (!defined('DC_XMLRPC_URL')) {
158	define('DC_XMLRPC_URL','%1$sxmlrpc/%2$s');
159	}
160
161	if (!defined('DC_SESSION_TTL')) {
162	define('DC_SESSION_TTL',null);
163	}
164
165	if (!defined('DC_ADMIN_SSL')) {
166	define('DC_ADMIN_SSL',false);
167	}
168
169	if (defined('DC_FORCE_SCHEME_443') && DC_FORCE_SCHEME_443) {
170	http::$https_scheme_on_443 = true;
171	}
172
173	if (!defined('DC_DBPERSIST')) {
174	define('DC_DBPERSIST',false);
175	}
176
177	if (!defined('DC_UPDATE_URL')) {
178	define('DC_UPDATE_URL','http://download.dotclear.org/versions.xml');
179	}
180
181	if (!defined('DC_UPDATE_VERSION')) {
182	define('DC_UPDATE_VERSION','stable');
183	}
184
185	if (!defined('DC_NOT_UPDATE')) {
186	define('DC_NOT_UPDATE',false);
187	}
188
189	if (!defined('DC_ALLOW_MULTI_MODULES')) {
190	define('DC_ALLOW_MULTI_MODULES',false);
191	}
192
193	if (!defined('DC_CRYPT_ALGO')) {
194	define('DC_CRYPT_ALGO','sha1'); // As in Dotclear 2.9 and previous
195	} else {
196	// Check length of cryptographic algorithm result and exit if less than 40 characters long
197	if (strlen(crypt::hmac(DC_MASTER_KEY,DC_VENDOR_NAME,DC_CRYPT_ALGO)) < 40) {
198	if (!defined('DC_CONTEXT_ADMIN')) {
199	exit('Site temporarily unavailable');
200	} else {
201	exit(DC_CRYPT_ALGO.' cryptographic algorithm configured is not strong enough, please change it.');
202	}
203	}
204	}
205
206	l10n::init();
207
208	try {
209	$core = new dcCore(DC_DBDRIVER,DC_DBHOST,DC_DBNAME,DC_DBUSER,DC_DBPASSWORD,DC_DBPREFIX,DC_DBPERSIST);
210	} catch (Exception $e) {
211	init_prepend_l10n();
212	if (!defined('DC_CONTEXT_ADMIN')) {
213	__error(__('Site temporarily unavailable'),
214	__('<p>We apologize for this temporary unavailability.<br />'.
215	'Thank you for your understanding.</p>'),
216	20);
217	} else {
218	__error(__('Unable to connect to database')
219	,$e->getCode() == 0 ?
220	sprintf(__('<p>This either means that the username and password information in '.
221	'your <strong>config.php</strong> file is incorrect or we can\'t contact '.
222	'the database server at "<em>%s</em>". This could mean your '.
223	'host\'s database server is down.</p> '.
224	'<ul><li>Are you sure you have the correct username and password?</li>'.
225	'<li>Are you sure that you have typed the correct hostname?</li>'.
226	'<li>Are you sure that the database server is running?</li></ul>'.
227	'<p>If you\'re unsure what these terms mean you should probably contact '.
228	'your host. If you still need help you can always visit the '.
229	'<a href="http://forum.dotclear.net/">Dotclear Support Forums</a>.</p>').
230	(DC_DEBUG ?
231	__('The following error was encountered while trying to read the database:').'</p><ul><li>'.$e->getMessage().'</li></ul>' : '')
232	,(DC_DBHOST != '' ? DC_DBHOST : 'localhost')
233	)
234	: ''
235	,20);
236	}
237	}
238
239	# If we have some __top_behaviors, we load them
240	if (isset($__top_behaviors) && is_array($__top_behaviors))
241	{
242	foreach ($__top_behaviors as $b) {
243	$core->addBehavior($b[0],$b[1]);
244	}
245	unset($b);
246	}
247
248	http::trimRequest();
249	try {
250	http::unsetGlobals();
251	} catch (Exception $e) {
252	header('Content-Type: text/plain');
253	echo $e->getMessage();
254	exit;
255	}
256
257	$core->url->registerDefault(array('dcUrlHandlers','home'));
258	$core->url->registerError(array('dcUrlHandlers','default404'));
259	$core->url->register('lang','','^([a-zA-Z]{2}(?:-[a-z]{2})?(?:/page/[0-9]+)?)$',array('dcUrlHandlers','lang'));
260	$core->url->register('post','post','^post/(.+)$',array('dcUrlHandlers','post'));
261	$core->url->register('preview','preview','^preview/(.+)$',array('dcUrlHandlers','preview'));
262	$core->url->register('category','category','^category/(.+)$',array('dcUrlHandlers','category'));
263	$core->url->register('archive','archive','^archive(/.+)?$',array('dcUrlHandlers','archive'));
264
265	$core->url->register('feed','feed','^feed/(.+)$',array('dcUrlHandlers','feed'));
266	$core->url->register('trackback','trackback','^trackback/(.+)$',array('dcUrlHandlers','trackback'));
267	$core->url->register('rsd','rsd','^rsd$',array('dcUrlHandlers','rsd'));
268	$core->url->register('xmlrpc','xmlrpc','^xmlrpc/(.+)$',array('dcUrlHandlers','xmlrpc'));
269
270	// Should use dcAdminURL class, but only in admin -> to be moved to public/prepend.php and admin/prepend.php ?
271	$core->setPostType('post','post.php?id=%d',$core->url->getURLFor('post','%s'),'Posts');
272
273	# Store upload_max_filesize in bytes
274	$u_max_size = files::str2bytes(ini_get('upload_max_filesize'));
275	$p_max_size = files::str2bytes(ini_get('post_max_size'));
276	if ($p_max_size < $u_max_size) {
277	$u_max_size = $p_max_size;
278	}
279	define('DC_MAX_UPLOAD_SIZE',$u_max_size);
280	unset($u_max_size); unset($p_max_size);
281
282	# Register supplemental mime types
283	files::registerMimeTypes(array(
284	// Audio
285	'aac' => 'audio/aac',
286	'ogg' => 'audio/ogg',
287	'weba' => 'audio/webm',
288	'm4a' => 'audio/mp4',
289	// Video
290	'mp4' => 'video/mp4',
291	'm4p' => 'video/mp4',
292	'webm' => 'video/webm'
293	));
294
295	# Shutdown
296	register_shutdown_function('__shutdown');
297
298	function __shutdown()
299	{
300	global $__shutdown;
301	if (is_array($__shutdown)) {
302	foreach ($__shutdown as $f) {
303	if (is_callable($f)) {
304	call_user_func($f);
305	}
306	}
307	}
308	# Explicitly close session before DB connection
309	try {
310	if (session_id()) {
311	session_write_close();
312	}
313	} catch (Exception $e) {}
314	$GLOBALS['core']->con->close();
315	}
316
317	function __error($summary,$message,$code=0)
318	{
319	# Error codes
320	# 10 : no config file
321	# 20 : database issue
322	# 30 : blog is not defined
323	# 40 : template files creation
324	# 50 : no default theme
325	# 60 : template processing error
326	# 70 : blog is offline
327
328	if (CLI_MODE)
329	{
330	trigger_error($summary,E_USER_ERROR);
331	exit(1);
332	}
333	else
334	{
335	if (defined('DC_ERRORFILE') && is_file(DC_ERRORFILE)) {
336	include DC_ERRORFILE;
337	} else {
338	include dirname(__FILE__).'/core_error.php';
339	}
340	exit;
341	}
342	}
343
344	function init_prepend_l10n()
345	{
346	# Loading locales for detected language
347	$dlang = http::getAcceptLanguages();
348	foreach($dlang as $l)
349	{
350	if ($l == 'en' \|\| l10n::set(dirname(__FILE__).'/../locales/'.$l.'/main') !== false) {
351	l10n::lang($l);
352	break;
353	}
354	}
355	}

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: inc/prepend.php @ 3231:bf7f869cfed9

Download in other formats:

Sites map