updateHost ?: 'removed.upgrade.host'; }else{ $updateHost = 'removed.upgrade.host'; } define('XENTRAL_UPDATE_HOST', $updateHost); class erpAPI_Update { function __construct($app) { $this->app=$app; } function Branch() { return ''; } function Version() { return ''; } function RevisionPlain() { return ''; } function Revision() { return ''; } function Startseite() { if($this->app->User->GetID()!='') { $rand = md5(mt_rand()); header('Location: update.php?rand='.$rand); exit; } } function calledOnceAfterLogin() { } function Firmendaten($value) { $id = $this->app->DB->Select("SELECT max(id) FROM firmendaten"); if($id) { return $this->app->DB->Select("SELECT $value FROM firmendaten WHERE id = '$id' LIMIT 1"); } return ''; } /** * @param $name * * @return mixed */ public function GetKonfiguration($name) { return $this->app->DB->Select("SELECT wert FROM konfiguration WHERE name='$name' LIMIT 1"); } /** * @param string $name * @param string $value */ public function SetKonfigurationValue($name, $value) { $this->app->DB->Delete("DELETE FROM konfiguration WHERE name='$name' LIMIT 1"); $this->app->DB->Insert("INSERT INTO konfiguration (name,wert,firma,adresse) VALUES ('$name','$value',1,0)"); } /** * @param bool $active */ public function setMaintainance($active = true, $mode = 'updatedb') { $tags = json_encode('update'); if(!$active) { if($this->GetKonfiguration('update_maintenance') == '0') { return; } $this->SetKonfigurationValue('update_maintenance', 0); $this->SetKonfigurationValue('update_maintenance_mode', ''); $this->app->DB->Delete("DELETE FROM notification_message WHERE tags = '$tags'"); return; } if(true) { return;//@todo remove in 20.1 } if($this->GetKonfiguration('update_maintenance') == '1') { $this->SetKonfigurationValue('update_maintenance_time', time()); return; } $this->app->DB->Insert( "INSERT INTO notification_message (user_id, type, title, message, tags, options_json, priority, created_at) SELECT u.id, 'warning', 'laufender Updateprozess','Bitte schließen Sie Ihre Aufgaben','$tags','',1,NOW() FROM `user` AS u INNER JOIN useronline uo on u.id = uo.user_id AND uo.login = 1" ); $this->SetKonfigurationValue('update_maintenance', 1); $this->SetKonfigurationValue('update_maintenance_time', time()); } function ClearDataBeforeOutput($text) { $text = str_replace('form action=""','form action="#"',$text); $text = str_replace('NONBLOCKINGZERO','',$text); $text = str_replace("'","'",$text); return $text; } function convertToHtml($str) { if (version_compare(PHP_VERSION, '5.3.4') >= 0) { $trans_tbl = array_flip(get_html_translation_table(HTML_ENTITIES, ENT_COMPAT, 'UTF-8')); } else { $trans_tbl = array_flip(get_html_translation_table(HTML_ENTITIES, ENT_COMPAT)); if (!empty($trans_tbl)) { foreach ($trans_tbl as $key => $entry) { $trans_tbl[$key] = utf8_encode($entry); } } } // MS Word strangeness.. // smart single/ double quotes: $trans_tbl[chr(39)] = '''; $trans_tbl[chr(145)] = '\''; $trans_tbl[chr(146)] = '\''; //$trans_tbl[chr(147)] = '"'; $trans_tbl[chr(148)] = '"'; $trans_tbl[chr(142)] = 'é'; // //$trans_tbl[$this->unicode_chr(65279)] = "BENE"; //$str = str_replace("\xFF\xFE", "BENE", $str); return strtr ($str, $trans_tbl); } function superentities( $str ){ // get rid of existing entities else double-escape $str = html_entity_decode(stripslashes($str),ENT_QUOTES| ENT_HTML5,'UTF-8'); // $str = str_replace("'","'",$str); // return $str; $ar = preg_split('/(? 1) || /* multi-byte [unicode] */ ($o <32 || $o > 126) || /* <- control / latin weirdos -> */ ($o >33 && $o < 35) ||/* quotes + ambersand */ ($o >35 && $o < 40) ||/* quotes + ambersand */ ($o >59 && $o < 63) /* html */ ) { // convert to numeric entity //$c = @mb_encode_numericentity($c,array (0x0, 0xffff, 0, 0xffff), 'UTF-8'); $c = $this->convertToHtml($c); } if(!isset($str2))$str2 = ''; $str2 .= $c; } return $str2; } } class UpdateerpooSystem extends UpdateApplication { public $obj; public $starttime; public $endtime; public function __construct($config,$group="") { parent::__construct($config,$group); if(isset($_GET['action']) && $_GET['action'] == 'ajax' && isset($_GET['cmd']) && 'upgradedb' == $_GET['cmd']) { $className = 'erpAPI'; //$methodName = 'UpgradeDatabase'; if(file_exists(__DIR__.'/lib/class.erpapi.php')) { include_once(__DIR__.'/lib/class.erpapi.php'); } if(file_exists(__DIR__.'/lib/class.erpapi_custom.php')) { include_once(__DIR__.'/lib/class.erpapi_custom.php'); $className = 'erpAPICustom'; } //$r = new ReflectionMethod($className, $methodName); //$params = $r->getParameters(); //$anzargs = count($params); $this->erp = new $className($this); }else{ $this->erp = new erpAPI_Update($this); } } } class Md5Dateien { var $Dateien; function __construct($quellverzeichnis) { $this->getVerzeichnis($quellverzeichnis, '', 0, ''); } function getVerzeichnis($quellverzeichnis, $zielverzeichnis, $lvl, $relativ){ //echo "Verzeichnis: ".$quellverzeichnis." ".$zielverzeichnis. "\r\n"; $quelllast = $quellverzeichnis; if($quellverzeichnis[strlen($quellverzeichnis) - 1] === '/') { $quelllast = substr($quellverzeichnis, 0, strlen($quellverzeichnis) - 1); } $path_parts = pathinfo($quelllast); $quelllast = $path_parts['basename']; if(file_exists($quellverzeichnis)) { if(($quelllast !== 'importer' && $quelllast !== 'userdata') || $lvl != 1){ if ($handle = opendir($quellverzeichnis)) { while (false !== ($entry = readdir($handle))) { if($entry !== '.' && $entry !== '..' && $entry !== '.git' && $entry !== '.svn' && $entry != 'user.inc.php' && $entry != 'user_db_version.php' && $entry != 'pygen') { if(is_dir($quellverzeichnis.'/'.$entry)) { if(!($lvl == 1 && $entry === 'vorlagen' && strpos($quellverzeichnis,'www'))) { $this->getVerzeichnis($quellverzeichnis.(strrpos($quellverzeichnis,'/')!==strlen($quellverzeichnis)-1?'/':'').$entry,$zielverzeichnis .(strrpos($zielverzeichnis,'/')!==strlen($zielverzeichnis)-1?'/':'').$entry, $lvl + 1,$relativ.'/'.$entry); } } else { if(!($lvl == 0 && ($entry === 'INSTALL' || $entry === 'LICENSE_LIST' || $entry == 'LICENSE' || $entry == 'README' || $entry == 'gitlog.txt'))) { //$this->getFile($quellverzeichnis.(strrpos($quellverzeichnis,'/')!==strlen($quellverzeichnis)-1?'/':'').$entry,$zielverzeichnis .(strrpos($zielverzeichnis,'/')!==strlen($zielverzeichnis)-1?'/':'').$entry,$relativ.'/'.$entry); if(strtolower(substr($entry,-4)) === '.php') { $this->Dateien[$relativ.'/'.$entry] = md5_file($quellverzeichnis.(strrpos($quellverzeichnis,'/')!==strlen($quellverzeichnis)-1?'/':'').$entry); } } } } } @closedir($handle); } } } return true; } } class UpdateDB{ var $dbname; var $connection; function __construct($dbhost,$dbname,$dbuser,$dbpass,&$app="",$dbport=3306) { $this->app = &$app; $this->dbname=$dbname; $this->connection = mysqli_connect($dbhost, $dbuser, $dbpass, '', $dbport); mysqli_select_db($this->connection,$dbname); mysqli_query($this->connection,"SET NAMES 'utf8'"); mysqli_query($this->connection,"SET SESSION SQL_MODE := ''"); mysqli_query($this->connection,"SET CHARACTER SET 'utf8'"); mysqli_query($this->connection,'SET lc_time_names = "de_DE" '); } /** * @return string */ public function GetVersion() { if(empty($this->connection)) { return ''; } $version_string = mysqli_get_server_info($this->connection); $version_string = substr($version_string,0,3); $version_string = str_replace('.','',$version_string); if($version_string < 57) { $version = $this->Select('SELECT VERSION()'); if(strripos($version, 'maria') !== false && $version[0] === '1' && str_replace('.','', substr($version,0,4)) >= 102) { return '57'; } } return $version_string; } function Close() { mysqli_close($this->connection); } function SelectDB($database) { mysqli_select_db($database); } function Fetch_Assoc($sql) { return mysqli_fetch_assoc($sql); } function free($query = null){ // Speicher freimachen if(is_null($query))return mysqli_free_result($this->_result); return mysqli_free_result($query); } function ColumnExists($table, $column) { if($table=='' || $column=='') return false; $exists = $this->Select("SELECT COUNT(*) FROM information_schema.columns WHERE table_schema = '{$this->dbname}' AND table_name = '$table' AND column_name = '$column'"); return $exists; } function Select($sql){ if(mysqli_query($this->connection,$sql)){ $this->results = mysqli_query($this->connection,$sql); /** * Abbrechen query mit SET beginnt */ if (substr(strtolower($sql),0,3) === 'set') { return ""; } $count = 0; $data = array(); while( $row = @mysqli_fetch_array($this->results)){ $data[$count] = $row; $count++; } @mysqli_free_result($this->results); } else return false; if(is_array($data)) { if(count($data) === 1) { return $data[0][0]; } if(count($data) < 1) { $data=''; } } else { $data=''; } return $data; } public function SelectRow($sql) { if(empty($sql) || empty($this->connection)) { return null; } $this->results = @mysqli_query($this->connection,$sql); if(!$this->results) { return null; } $count = 0; $data = null; if( $row = @mysqli_fetch_array($this->results)){ unset($ArrData); // erstelle datensatz array foreach($row as $key=>$value){ if(!is_numeric($key)) { $ArrData[$key]=$value; } } if(!empty($ArrData)){ $data = $ArrData; } $count++; } @mysqli_free_result($this->results); return $data; } function SelectArr($sql){ //if(mysqli_query($this->connection,$sql)){ if(1){ $this->results = mysqli_query($this->connection,$sql); $count = 0; $data = array(); while( $row = @mysqli_fetch_array($this->results)){ unset($ArrData); // erstelle datensatz array foreach($row as $key=>$value){ if(!is_numeric($key)) { $ArrData[$key]=$value; } } $data[$count] = $ArrData; $count++; } @mysqli_free_result($this->results); } return $data; } function Result($sql){ return mysqli_result(mysqli_query($this->connection,$sql), 0);} function GetInsertID(){ return mysqli_insert_id($this->connection);} function GetArray($sql){ $i=0; $result = mysqli_query($this->connection,$sql); while($row = mysqli_fetch_assoc($result)) { foreach ($row as $key=>$value){ $tmp[$i][$key]=$value; } $i++; } return $tmp; } function Insert($sql){ $this->LogSQL($sql,"insert"); return mysqli_query($this->connection,$sql); } function InsertWithoutLog($sql){ return mysqli_query($this->connection,$sql); } function Update($sql){$this->LogSQL($sql,"update"); return mysqli_query($this->connection,$sql); } function UpdateWithoutLog($sql){ return mysqli_query($this->connection,$sql); } function Delete($sql){$this->LogSQL($sql,"delete"); return mysqli_query($this->connection,$sql); } function LogSQL($sql,$befehl) { } function Count($sql){ if(mysqli_query($this->connection,$sql)){ return mysqli_num_rows(mysqli_query($this->connection,$sql)); } return 0; } function CheckTableExistence($table){ $result = mysqli_query($this->connection,"SELECT * FROM $table LIMIT 1"); if (!$result) { return false; } return true; } function CheckColExistence($table,$col) { if($this->CheckTableExistence($table)){ $result = mysqli_query($this->connection,"SHOW COLUMNS FROM $table"); if (!$result) { echo 'Could not run query: ' . mysqli_error(); exit; } if (mysqli_num_rows($result) > 0) { while ($row = mysqli_fetch_assoc($result)) { if($row['Field']==$col) return true; } } } return false; } function GetColArray($table) { if($this->CheckTableExistence($table)){ $result = mysqli_query($this->connection,"SHOW COLUMNS FROM $table"); if (!$result) { echo 'Could not run query: ' . mysqli_error(); exit; } if (mysqli_num_rows($result) > 0) { while ($row = mysqli_fetch_assoc($result)) { $ret[]=$row['Field']; } return $ret; } } } function GetColAssocArray($table) { if($this->CheckTableExistence($table)){ $result = mysqli_query($this->connection,"SHOW COLUMNS FROM $table"); if (!$result) { echo 'Could not run query: ' . mysqli_error(); exit; } if (mysqli_num_rows($result) > 0) { while ($row = mysqli_fetch_assoc($result)) { $ret[$row['Field']]=""; } return $ret; } } } function UpdateArr($tablename,$pk,$pkname,$ArrCols, $escape = false) { if(count($ArrCols)>0){ $zielspalten = $this->SelectArr("show columns from `$tablename`"); if($zielspalten) { foreach($zielspalten as $val)$ziel[$val['Field']] = true; } $sql = "UPDATE `$tablename` SET "; foreach($ArrCols as $key=>$value) { if($key!=$pkname && (isset($ziel[$key]) || !$zielspalten)) { $sqla[] = $key." = '".($escape?$this->real_escape_string($value):$value)."' "; } } $sql .= implode(', ',$sqla)." WHERE `$pkname`='$pk' LIMIT 1"; $this->Update($sql); if(mysqli_error($this->connection)) { foreach($ArrCols as $key=>$value){ if($key!=$pkname) { $this->Query("UPDATE `$tablename` SET `$key`='$value' WHERE `$pkname`='$pk' LIMIT 1"); } } } } } function InsertArr($tablename,$pkname,$ArrCols) { // save primary than update $this->Query("INSERT INTO `$tablename` (id) VALUES ('')"); $pk = $this->GetInsertID(); $this->UpdateArr($tablename,$pk,$pkname,$ArrCols); } /// get table content with specified cols function SelectTable($tablename,$cols){ $firstcol = true; if(count($cols)==0) $selection = '*'; else { $selection = ''; foreach($cols as $value) { if(!$firstcol) $selection .= ','; $selection .= $value; $firstcol=false; } } $sql = "SELECT $selection FROM $tablename"; return $this->SelectArr($sql); } function Query($query){ $ret = mysqli_query($this->connection,$query); if(mysqli_errno($this->connection) == 1118) { mysqli_query($this->connection, 'SET innodb_strict_mode = OFF'); $ret = mysqli_query($this->connection, $query); } return $ret; } function Fetch_Array($sql) { return mysqli_fetch_array($sql); } function MysqlCopyRow($TableName, $IDFieldName, $IDToDuplicate) { if ($TableName AND $IDFieldName AND $IDToDuplicate > 0) { $sql = "SELECT * FROM $TableName WHERE $IDFieldName = $IDToDuplicate"; $result = @mysqli_query($this->connection,$sql); if ($result) { $sql = "INSERT INTO $TableName SET "; $row = mysqli_fetch_array($result); $RowKeys = array_keys($row); $RowValues = array_values($row); $cKey = count($RowKeys); for ($i=3;$i<$cKey;$i+=2) { if ($i!=3) { $sql .= ", "; } $sql .= $RowKeys[$i] . " = '" . $RowValues[$i] . "'"; } @mysqli_query($this->connection,$sql); return $this->GetInsertID(); } } } function real_escape_string($value) { return mysqli_real_escape_string($this->connection, $value); } function affected_rows() { return mysqli_affected_rows($this->connection); } function error() { return mysqli_error($this->connection); } } class UpgradeClient { var $localmd5sums; var $erp; var $http_code; public $errormsg; function __construct($conf, $app) { $this->app = $app; $this->erp = $app->erp; $this->conf = $conf; } function Connect() { // check connection then stop } function CheckCRT() { $updateHost = XENTRAL_UPDATE_HOST; $cert = shell_exec("openssl s_client -connect {$updateHost}:443 < /dev/null 2>/dev/null | openssl x509 -in /dev/stdin"); if($cert==$this->conf['cert']."\n") { return 1; } echo "wrong\n"; exit; } function TestModul($modul) { $parameter['version']=@$this->conf['version']; $parameter['module'] = $modul; return $this->Request('settestmodul',$parameter); } function CheckVersionen($funktionen = null, $returnfirst = false) { $phpversion = PHP_VERSION; $ioncube_loader_version = ''; $this->app->Tpl->Set('PHPVERSION',$phpversion); $this->app->Tpl->Set('IONCUBEVERSION',''); if(!is_dir(dirname(__DIR__).'/download')){ if(!@mkdir(dirname(__DIR__) . '/download') && !is_dir(dirname(__DIR__) . '/download')){ $message = 'Im Hauptordner von xentral kann der Ordner "download" Verzeichnis nicht angelegt werden, Prüfen Sie die Rechte'; if($returnfirst) { return ['error'=>$message,'version'=>'']; } return $message; } } if(function_exists('ioncube_loader_version')) { $ioncube_loader_version = (String)ioncube_loader_version(); $this->app->Tpl->Set('IONCUBEVERSION',$ioncube_loader_version); } if($funktionen) { $parameter['funktionen'] = $funktionen; } $parameter['version']=@$this->conf['version']; $parameter['phpversion'] = $phpversion; $parameter['mysqlversion'] = $this->app->DB->GetVersion(); if(property_exists($this->app, 'multidb')){ $parameter['multidb'] = !empty($this->app->multidb); } $result = $this->Request('versionen',$parameter); if($result == ''){ $result = $this->Request('versionen',$parameter); } if($result == ''){ $message = 'Der Updateserver scheint nicht erreichbar zu sein Bitte prüfen Sie die Netzwerkeinstellungen'; if($returnfirst) { return ['error'=>$message,'version'=>'']; } return $message; } $ret = ''; $aktvers = ''; $masterkey1erlaubt = $ioncube_loader_version?true:false; $masterkey2erlaubt = $ioncube_loader_version?true:false; $masterkey3erlaubt = $ioncube_loader_version?true:false; $masterkey4erlaubt = $ioncube_loader_version?true:false; $isPhp72 = (float)substr($phpversion,0,3) >= 7.2; $isPhp73 = (float)substr($phpversion,0,3) >= 7.3; $php73Warning = false; $isMysql57 = $this->app->DB->GetVersion() >= 57; $allow201 = $isPhp72 && $isMysql57; if(!$allow201) { $masterkey4erlaubt = false; } if(strlen($phpversion) > 2 && $phpversion[0] == '5' && $phpversion[2] < 6) { $masterkey2erlaubt = false; $masterkey3erlaubt = false; $masterkey4erlaubt = false; } if((int)$phpversion[0] < 7) { $masterkey3erlaubt = false; $masterkey4erlaubt = false; } if($phpversion && $phpversion[0] === '8') { $masterkey1erlaubt = false; $masterkey2erlaubt = false; } if($phpversion && $phpversion[0] === '7') { $masterkey1erlaubt = false; } if(strlen($phpversion) > 2 && $phpversion[0] === '7' && $phpversion[2] !== '0') { $masterkey1erlaubt = false; $masterkey2erlaubt = false; } if(strlen($phpversion) > 2 && $phpversion[0] === '7' && $phpversion[2] === '0') { $masterkey1erlaubt = false; $masterkey3erlaubt = false; $masterkey4erlaubt = false; } if(strlen($ioncube_loader_version) > 2 && $ioncube_loader_version[0]< 5 && $ioncube_loader_version[1] === '.') { $masterkey1erlaubt = false; $masterkey2erlaubt = false; } $return = []; if(strpos($result, 'ERROR') === false) { $resulta = explode(';',$result); if($masterkey1erlaubt && $masterkey2erlaubt && $masterkey3erlaubt) //Pruefung der PHP-Version ist fehlgeschlagen => nehme aktuelle Version als Basis { $versa = explode(':',$resulta[0],2); $aktvers = $versa[0]; $revision = explode('_', $aktvers); $revision = $revision[count($revision)-1]; if(strpos($aktvers, 'masterkey1') !== false) { $aktmasterkey = 'masterkey1'; } elseif(strpos($aktvers, 'masterkey2') !== false) { $aktmasterkey = 'masterkey2'; } elseif(strpos($aktvers, 'masterkey3') !== false) { $aktmasterkey = 'masterkey3'; } elseif(strpos($aktvers, 'masterkey3') !== false) { $aktmasterkey = 'masterkey3'; } elseif(strpos($aktvers, 'masterkey4') !== false) { $aktmasterkey = 'masterkey4'; } else { $aktmasterkey = ''; } if($aktmasterkey === 'masterkey3' && $revision >= 20.2 && !$allow201) { $aktvers = ''; } elseif($aktmasterkey === 'masterkey4' && $revision >= 20.3 && !$allow201) { $aktvers = ''; } else{ if($aktmasterkey === 'masterkey1') { $masterkey2erlaubt = false; $masterkey3erlaubt = false; $masterkey4erlaubt = false; } elseif($aktmasterkey === 'masterkey2') { $masterkey1erlaubt = false; $masterkey3erlaubt = false; $masterkey4erlaubt = false; } elseif($aktmasterkey === 'masterkey3') { $masterkey1erlaubt = false; $masterkey2erlaubt = false; } elseif($aktmasterkey === 'masterkey4') { $masterkey1erlaubt = false; $masterkey2erlaubt = false; } } } foreach($resulta as $k => $v) { $versa = explode(':',$resulta[$k],2); $revision = explode('_', $versa[0]); $revision = $revision[count($revision)-1]; if($returnfirst && empty($return)){ $return['current_version'] = $versa[0]; } if(!$masterkey1erlaubt && strpos($versa[0], 'masterkey1')!== false) { unset($resulta[$k]); } elseif(!$masterkey2erlaubt && strpos($versa[0], 'masterkey2')!== false) { unset($resulta[$k]); } elseif(!$masterkey3erlaubt && strpos($versa[0], 'masterkey3')!== false) { unset($resulta[$k]); } elseif(!$masterkey4erlaubt && strpos($versa[0], 'masterkey4')!== false) { unset($resulta[$k]); } elseif($revision >= 20.2 && !$allow201 && strpos($versa[0], 'masterkey3')!== false) { unset($resulta[$k]); } elseif($revision >= 20.3 && !$allow201 && strpos($versa[0], 'masterkey4')!== false) { unset($resulta[$k]); } elseif($revision >= 21.1 && !$isPhp73 && strpos($versa[0], 'masterkey4')!== false) { $php73Warning = true; unset($resulta[$k]); } elseif($aktvers == '') { $aktvers = $versa[0]; if(strpos($aktvers, 'masterkey1') !== false) { $aktmasterkey = 'masterkey1'; } elseif(strpos($aktvers, 'masterkey2') !== false) { $aktmasterkey = 'masterkey2'; } elseif(strpos($aktvers, 'masterkey3') !== false) { $aktmasterkey = 'masterkey3'; } elseif(strpos($aktvers, 'masterkey3') !== false) { $aktmasterkey = 'masterkey3'; } elseif(strpos($aktvers, 'masterkey4') !== false) { $aktmasterkey = 'masterkey4'; } else { $aktmasterkey = ''; } } } foreach($resulta as $k => $v) { $versa = explode(':',$resulta[$k],2); if(!$aktvers) { $aktvers = $versa[0]; if(strpos($aktvers, 'masterkey1') !== false) { $aktmasterkey = 'masterkey1'; } elseif(strpos($aktvers, 'masterkey2') !== false) { $aktmasterkey = 'masterkey2'; } elseif(strpos($aktvers, 'masterkey3') !== false) { $aktmasterkey = 'masterkey3'; } elseif(strpos($aktvers, 'masterkey3') !== false) { $aktmasterkey = 'masterkey3'; } elseif(strpos($aktvers, 'masterkey4') !== false) { $aktmasterkey = 'masterkey4'; } else { $aktmasterkey = ''; } if($aktmasterkey === 'masterkey1' && !$masterkey1erlaubt) { $aktmasterkey = ''; } if($aktmasterkey === 'masterkey2' && !$masterkey2erlaubt) { $aktmasterkey = ''; } if($aktmasterkey === 'masterkey3' && !$masterkey3erlaubt) { $aktmasterkey = ''; } if($aktmasterkey === 'masterkey4' && !$masterkey4erlaubt) { $aktmasterkey = ''; } } if(strpos($versa[0],'masterkey')!== false) { if(!$ioncube_loader_version) { unset($resulta[$k]); }else{ if(strpos($versa[0],'masterkey2')!== false) { if($phpversion && $phpversion[0] == '5' && $phpversion[2] < 6) { unset($resulta[$k]); if(in_array($aktmasterkey, ['masterkey2','masterkey3','masterkey4'])) { $aktmasterkey = ''; } }else{ if(in_array($aktmasterkey, ['masterkey3','masterkey4']) && (int)$phpversion[0] < 7) { $aktmasterkey = ''; } if(in_array($aktmasterkey, ['masterkey3','masterkey4']) && ($phpversion[0] == '7' && $phpversion[2] == '0')) { $aktmasterkey = ''; } if($ioncube_loader_version[0]< 5 && $ioncube_loader_version[1] === '.') { unset($resulta[$k]); if(in_array($aktmasterkey, ['masterkey2','masterkey3','masterkey4'])) { $aktmasterkey = ""; } }elseif($phpversion && $phpversion[0] == '7' && (int)$phpversion[2] > 0) { unset($resulta[$k]); if($aktmasterkey === 'masterkey2')$aktmasterkey = ""; } } } elseif(strpos($versa[0],'masterkey1')!== false) { if($phpversion && (int)$phpversion[0] >= '7') { unset($resulta[$k]); if($aktmasterkey === 'masterkey1')$aktmasterkey = ""; } } elseif(strpos($versa[0],'masterkey3')!== false) { if($phpversion && $phpversion[0] == '5' && $phpversion[2] < 6) { unset($resulta[$k]); if(in_array($aktmasterkey, ['masterkey2','masterkey3','masterkey4'])) { $aktmasterkey = ''; } }else{ if((int)$phpversion[0] < 7) { unset($resulta[$k]); if($aktmasterkey === 'masterkey3')$aktmasterkey = ""; } if($phpversion[0] === '7' && $phpversion[2] === '0') { if(in_array($aktmasterkey, ['masterkey3','masterkey4'])) { $aktmasterkey = ''; } unset($resulta[$k]); } if($ioncube_loader_version[0]< 5 && $ioncube_loader_version[1] === '.') { unset($resulta[$k]); if(in_array($aktmasterkey, ['masterkey2','masterkey3','masterkey4'])) { $aktmasterkey = ''; } } } } elseif(strpos($versa[0],'masterkey4') !== false) { if(!$masterkey4erlaubt) { unset($resulta[$k]); } } } if(isset($resulta[$k])) { if($masterkey1erlaubt && strpos($versa[0],'masterkey1')!== false && $aktmasterkey == '') { $aktmasterkey = 'masterkey1'; } elseif($masterkey2erlaubt && strpos($versa[0],'masterkey2')!== false && $aktmasterkey == '') { $aktmasterkey = 'masterkey2'; } elseif($masterkey3erlaubt && strpos($versa[0],'masterkey3')!== false && $aktmasterkey == '') { $aktmasterkey = 'masterkey3'; } elseif($masterkey4erlaubt && strpos($versa[0],'masterkey4')!== false && $aktmasterkey == '') { $aktmasterkey = 'masterkey4'; } $nochioncubes[$versa[0]] = $k; } } } if(count($resulta) > 1) { foreach($resulta as $k => $v) { $versa = explode(':',$resulta[$k],2); if(strpos($versa[0], 'masterkey') !== false) { if(!isset($nochioncubes[$versa[0]])) { unset($resulta[$k]); } else{ $key1 = str_replace(['masterkey2','masterkey3','masterkey4',],'masterkey1', $versa[0]); $key2 = str_replace(['masterkey1','masterkey3','masterkey4',],'masterkey2', $versa[0]); $key3 = str_replace(['masterkey1','masterkey2','masterkey4',],'masterkey3', $versa[0]); $key4 = str_replace(['masterkey1','masterkey2','masterkey3',],'masterkey4', $versa[0]); switch($aktmasterkey) { case 'masterkey1': if(isset($nochioncubes[$key1]) && isset($nochioncubes[$key2])) { unset($nochioncubes[$key2]); } if(isset($nochioncubes[$key1]) && isset($nochioncubes[$key3])) { unset($nochioncubes[$key3]); } if(isset($nochioncubes[$key1]) && isset($nochioncubes[$key4])) { unset($nochioncubes[$key4]); } if(isset($nochioncubes[$key2]) && isset($nochioncubes[$key3])) { unset($nochioncubes[$key3]); } break; case 'masterkey2': if(isset($nochioncubes[$key2]) && isset($nochioncubes[$key1])) { unset($nochioncubes[$key1]); } if(isset($nochioncubes[$key2]) && isset($nochioncubes[$key3])) { unset($nochioncubes[$key3]); } if(isset($nochioncubes[$key2]) && isset($nochioncubes[$key4])) { unset($nochioncubes[$key4]); } if(isset($nochioncubes[$key1]) && isset($nochioncubes[$key3])) { unset($nochioncubes[$key3]); } break; case 'masterkey3': if(isset($nochioncubes[$key3]) && isset($nochioncubes[$key1])) { unset($nochioncubes[$key1]); } if(isset($nochioncubes[$key3]) && isset($nochioncubes[$key2])) { unset($nochioncubes[$key2]); } if(isset($nochioncubes[$key1]) && isset($nochioncubes[$key2])) { unset($nochioncubes[$key1]); } break; case 'masterkey4': if(isset($nochioncubes[$key4]) && isset($nochioncubes[$key1])) { unset($nochioncubes[$key1]); } if(isset($nochioncubes[$key4]) && isset($nochioncubes[$key2])) { unset($nochioncubes[$key2]); } if(isset($nochioncubes[$key4]) && isset($nochioncubes[$key3])) { unset($nochioncubes[$key3]); } if(isset($nochioncubes[$key1]) && isset($nochioncubes[$key2])) { unset($nochioncubes[$key1]); } break; } if(!isset($nochioncubes[$versa[0]])) { unset($resulta[$k]); } } } } } if(count($resulta) > 1) { $ret = ''; $ret .= ''; if($isVersion211Exists){ $ret .= '
Um beim Versand von Versandbestätigungen (Trackingmails) an Ihre Kunden mehr Flexibilität zu bieten,
kann der Versand sowohl pro Projekt als auch pro Versandart aktiviert werden.
Einstellungen in einer einzelnen Versandart stechen die aus dem Projekt.
Es empfiehlt sich daher, die Einstellungen gemäß der eigenen Anforderungen zu überprüfen.
Für jede Versandart, für die Versandbestätigungen per E-Mail an die Kunden gesendet werden sollen,
ist die Einstellung in der Versandart zu setzen.
Eine genaue Erläuterung über das aktuelle Verhalten findet sich hier
'; } } elseif(count($resulta) == 1) { $resu = reset($resulta); //foreach($resulta as $resu) //{ $versa = explode(':',$resu,2); if($returnfirst) { $return['version'] = $versa[0]; return $return; } $this->app->Tpl->Set('AKTVERSION', $versa[0]); $ret .= ''; //} }else{ if($ioncube_loader_version !== '' && !$masterkey1erlaubt && !$masterkey2erlaubt && !$masterkey3erlaubt) { $message = 'Die Ioncubeversion ist zu alt'; $ret .= $message; }else{ $message = 'Ioncube nicht verfügbar'; $ret .= $message; } if($returnfirst) { return ['error' => $message, 'version' => '']; } } if($php73Warning && count($resulta) > 0) { $ret .= '
'.' Fehler: Ihre PHP-Version ' . $phpversion . ' ist nicht kompatibel mit xentral 21.1 (Es wird mindestens PHP 7.3 benötigt) '; } } else{ $this->errormsg = substr($result, 6); if($returnfirst) { return ['error'=>$this->errormsg,'version'=>'']; } return $result; } return $ret; } function CheckMd5() { $parameter['version']=@$this->conf['version']; $parameter['withsize'] = 1; return $this->Request('md5list',$parameter); } function CopyFile($files, $maxtime = 10) { $parameter['versionname']=@$this->conf['versionname']; $startzeit = microtime(true); if(empty($files)) { return array('tocopy'=>null); } foreach($files as $k => $file) { $file = json_decode(json_encode($file),true); if(isset($file['typ'])) { switch($file['typ']) { case 'getfile': case 'getfilecustom': case 'getfilemodules': break; default: $file['typ'] = ''; break; } } else { $file['typ'] = ''; } if(!isset($file['file']) || !isset($file['md5sum']) || !$file['file'] || $file['typ'] === '') { unset($files[$k]); } else{ $parameter['file']=$file['file']; $parameter['md5sum']=$file['md5sum']; $ffile = $file['file']; $_file = dirname(__DIR__).'/download/'.$ffile; $_fileto = dirname(__DIR__).'/'.$ffile; $ffa = explode('/',$ffile); $_f = ''; $cffa = count($ffa)-1; for($i = 0; $i < $cffa; $i++) { $_f .= $ffa[$i]; if(is_file(dirname(__DIR__).'/'.$_f)) { $this->removeEmptyFile(dirname(__DIR__).'/'.$_f); } if(!is_dir(dirname(__DIR__).'/'.$_f) && !@mkdir(dirname(__DIR__).'/'.$_f) && !is_dir(dirname(__DIR__).'/'.$_f) ) { continue; } $_f .= '/'; } if(file_exists($_file)) { if(substr($file['md5sum'],0,3)=== 'DEL') { if($this->CheckVersandZahlungsweise($_file)) { @unlink($_file); } } elseif(md5_file($_file)==$file['md5sum']) { if(is_dir($_fileto) && is_file($_file)){ $this->removeEmptyFolder($_fileto); } if(@copy($_file,$_fileto)) { if(md5_file($_fileto)==$file['md5sum']){ unset($files[$k]); } } } } if(substr($file['md5sum'],0,3)=== 'DEL') { unset($files[$k]); } } if($maxtime > 0 && microtime(true) - $startzeit > $maxtime) { break; } } if(empty($files)) { return array('tocopy'=>null); } foreach($files as $k => $file) { $data[] = $file; } return array('tocopy'=>$data); } function CheckVersandZahlungsweise($datei){ if(strpos($datei, 'versandart') !== false) { $dateia = pathinfo($datei); $versandart = $dateia['filename']; if(strpos($versandart, 'versandarten_')) { $versandart = str_replace('versandarten_', '', $versandart); } if($this->app->DB->Select( "SELECT id FROM versandarten WHERE modul = '".$this->app->DB->real_escape_string($versandart)."' AND ifnull(geloescht,0) = 0 AND aktiv = 1 LIMIT 1" )) { return false; } return true; } if(strpos($datei, 'zahlungsweise') !== false) { $dateia = pathinfo($datei); $zahlungsweise = $dateia['filename']; if($this->app->DB->Select( "SELECT id FROM `zahlungsweisen` WHERE modul = '".$this->app->DB->real_escape_string($zahlungsweise)."' AND ifnull(geloescht,0) = 0 AND aktiv = 1 LIMIT 1" )) { return false; } return true; } if(strpos($datei, 'cronjobs') !== false) { $dateia = pathinfo($datei); $cronjob = $dateia['filename']; if($this->app->DB->Select( "SELECT id FROM `prozessstarter` WHERE parameter = '".$this->app->DB->real_escape_string($cronjob)."' AND aktiv = 1 LIMIT 1" )) { return false; } } return true; } function ChangeVersion() { $parameter['version']=@$this->conf['version']; $parameter['versionname']=@$this->conf['versionname']; if($parameter['versionname'] && $parameter['versionname'] != $parameter['version']) { $changeversion = $this->Request('changeversion',$parameter); } return $changeversion; } function removeEmptyFile($file) { if(is_file($file) && filesize($file) === 0) { @unlink($file); } } function removeEmptyFolder($folder) { if(empty($folder) || !is_dir($folder)){ return; } if(!($handle = opendir($folder))) { return; } while (false !== ($entry = readdir($handle))) { if($entry !== '.' && $entry !== '..') { closedir($handle); return; } } closedir($handle); rmdir($folder); } function DownloadFile($files, $maxtime = 15, $echo = false) { $startzeit = microtime(true); $parameter['version']=@$this->conf['version']; $parameter['versionname']=@$this->conf['versionname']; $parameter['version']=@$this->conf['version']; $parameter['versionname']=@$this->conf['versionname']; if($parameter['versionname'] && $parameter['versionname'] != $parameter['version']) { $changeversion = $this->Request('changeversion',$parameter); } if(empty($files)) { return array('todownload'=>null); } $countFiles = count($files); $batches = []; $batch = []; $keyToBatch = []; foreach($files as $k => $file) { $file = json_decode(json_encode($file), true); if(isset($file['typ'])){ switch ($file['typ']) { case 'getfile': case 'getfilecustom': case 'getfilemodules': break; default: $file['typ'] = ''; break; } }else{ $file['typ'] = ''; } if(!isset($file['file']) || !isset($file['md5sum']) || !$file['file'] || $file['typ'] === ''){ $files[$k]['error'] = $file['file']; unset($files[$k]); }else{ if(substr($file['md5sum'], 0, 3) === 'DEL'){ continue; } $parameter['file'] = $file['file']; $parameter['md5sum'] = $file['md5sum']; $ffile = $file['file']; $_file = dirname(__DIR__) . '/download/' . $ffile; $ffa = explode('/', $ffile); $_f = ''; for ($i = 0; $i < count($ffa) - 1; $i++) { $_f .= $ffa[$i]; if(is_file(dirname(__DIR__) . '/download/' . $_f)){ @unlink(dirname(__DIR__) . '/download/' . $_f); } if(!is_dir(dirname(__DIR__) . '/download/' . $_f) && !@mkdir(dirname(__DIR__) . '/download/' . $_f) && !is_dir(dirname(__DIR__) . '/download/' . $_f)){ continue; } $_f .= '/'; } } switch($file['typ']) { case 'getfile': $batch[] = $k; $keyToBatch[$k] = count($batches); if(count($batch) >= 10) { $batches[] = $batch; $batch = []; } break; } } if(!empty($batch)) { $batches[] = $batch; } foreach($files as $k => $file) { $file = json_decode(json_encode($file),true); if(isset($file['typ'])) { switch($file['typ']) { case 'getfile': case 'getfilecustom': case 'getfilemodules': break; default: $file['typ'] = ''; break; } } else { $file['typ'] = ''; } if(!isset($file['file']) || !isset($file['md5sum']) || !$file['file'] || $file['typ'] === '') { $files[$k]['error'] = $file['file']; unset($files[$k]); } else{ if(substr($file['md5sum'],0,3) === 'DEL') { continue; } $parameter['file']=$file['file']; $parameter['md5sum']=$file['md5sum']; $ffile = $file['file']; $_file = dirname(__DIR__).'/download/'.$ffile; $ffa = explode('/',$ffile); $_f = ''; for($i = 0; $i < count($ffa)-1; $i++) { $_f .= $ffa[$i]; if(is_file(dirname(__DIR__).'/download/'.$_f)) { @unlink(dirname(__DIR__).'/download/'.$_f); } if(!is_dir(dirname(__DIR__).'/download/'.$_f) && !@mkdir(dirname(__DIR__).'/download/'.$_f) && !is_dir(dirname(__DIR__).'/download/'.$_f)) { continue; } $_f .= '/'; } if($echo) { echo "\rDownload Files: ".($k < $countFiles?$k+1:$countFiles).' / '.$countFiles."... "; } if(isset($keyToBatch[$k]) && isset($batches[$keyToBatch[$k]])) { $batch = $batches[$keyToBatch[$k]]; if(count($batch) > 1) { $parameter2 = $parameter; $parameter2['parameters'] = []; foreach ($batch as $key2) { $file2 = $files[$key2]; $parameter2['parameters'][] = $parameter; $parameter2['parameters'][count($parameter2['parameters']) - 1]['file'] = $file2['file']; $parameter2['parameters'][count($parameter2['parameters']) - 1]['md5sum'] = $file2['md5sum']; } $result2 = explode('|', $this->Request('getfiles', $parameter2)); if(count($result2) === count($batch)) { foreach ($batch as $bachKey => $key2) { $file2 = $files[$key2]; if( @file_put_contents(dirname(__DIR__).'/download/'.$file2['file'], @base64_decode($result2[$bachKey])) ) { if(dirname(__DIR__).'/download/'.$file2['file'] === $file2['md5sum']){ unset($files[$key2]); } } } } unset($result2); } unset($batches[$keyToBatch[$k]]); } if(is_file($_file) && md5_file($_file)==$file['md5sum']) { unset($files[$k]); continue; } $result = $this->Request($file['typ'],$parameter); $output = @base64_decode($result); if(strlen($output) > 0 && is_dir($_file)) { $this->removeEmptyFolder($_file); } if(@file_put_contents($_file, $output)) { if(md5_file($_file)==$file['md5sum']) { unset($files[$k]); } else { $files[$k]['error'] = 'md5 failed'; } } else{ $files[$k]['error'] = 'file_put_contents ' .$_file. ' failed '.$file['typ'].' ' .json_encode($parameter); } } if($maxtime > 0 && microtime(true) - $startzeit > $maxtime) { break; } } if(empty($files)) { return array('todownload'=>null); } foreach($files as $k => $file) { if(substr($file['md5sum'],0,3) !== 'DEL'){ $data[] = $file; } } return array('todownload'=>$data); } /** * @return int[]|string|string[] */ public function downloadZips() { @clearstatcache(); if(!function_exists('system')) { return ['zip' => 'system not found']; } $this->app->erp->setMaintainance(true); $parameter['version']=@$this->conf['version']; $parameter['versionname']=@$this->conf['versionname']; if($parameter['versionname'] !== 'ent_masterkey4_20.3') { return ['zip' => 'not ent_masterkey4_20.3']; } $parameter['withsize'] = 1; if(!is_dir(dirname(__DIR__).'/download/')) { if(!@mkdir(dirname(__DIR__).'/download/') && !is_dir(dirname(__DIR__).'/download/')) { $this->app->erp->setMaintainance(false); return 'ERROR: Downloadverzeichnis konnte nicht erstellt werden'; } } $ret = ['zip' => 0]; foreach([ 'ent_masterkey4_20.3_4_wo_userdata.zip' => '', 'ent_masterkey4_20.3_4_vendor.zip' => '/vendor', 'ent_masterkey4_20.3_4_www.zip' => '/zip', ] as $file => $subfolder ) { $parameter['file'] = $file; if(file_put_contents( dirname(__DIR__) . '/download/' . $file, $this->Request('getversionzip', $parameter) )) { if( !is_dir(dirname(__DIR__).'/download' . $subfolder) && !@mkdir(dirname(__DIR__).'/download/' . $subfolder) && !is_dir(dirname(__DIR__).'/download/' . $subfolder) ) { continue; } system( 'cd '.dirname(__DIR__).'/download' .' && unzip '.$file.' -d ' .dirname(__DIR__).'/download'.$subfolder ); unlink(dirname(__DIR__).'/download/' . $subfolder); $ret['zip']++; } else { $ret['zip_error'][] = 'coudl not save '.$file; } } return $ret; } /** * @param bool $updatefiles * * @return array|mixed|string */ public function CheckFiles($updatefiles = false) { @clearstatcache(); $this->app->erp->setMaintainance(true); $parameter['version']=@$this->conf['version']; $parameter['versionname']=@$this->conf['versionname']; $parameter['withsize'] = 1; if(!is_dir(dirname(__DIR__).'/download/')) { if(!@mkdir(dirname(__DIR__).'/download/') && !is_dir(dirname(__DIR__).'/download/')) { $this->app->erp->setMaintainance(false); return 'ERROR: Downloadverzeichnis konnte nicht erstellt werden'; } } $tmpfile = md5(microtime(true)); if(!($fh = fopen(dirname(__DIR__).'/download/'.$tmpfile,'w'))) { $this->app->erp->setMaintainance(false); return 'ERROR: Downloadverzeichnis hat keine Schreibrechte'; } fclose($fh); $eigenguser = fileowner(dirname(__DIR__).'/download/'.$tmpfile); $eigengroup = filegroup(dirname(__DIR__).'/download/'.$tmpfile); @unlink(dirname(__DIR__).'/download/'.$tmpfile); $_result = $this->Request('md5list', $parameter); $maxRetries = 5; while(empty($_result) && $maxRetries > 0) { $maxRetries--; usleep(2000000); $_result = $this->Request('md5list', $parameter); } if(isset($this->errormsg) && $this->errormsg) { $this->app->erp->setMaintainance(false); return 'ERROR: '.$this->errormsg; } if($_result==='ERROR') { $this->app->erp->setMaintainance(false); return 'ERROR FROM SERVER (Perhaps a wrong license?)'; } $_result2 = ''; $_result3 = ''; if(!$updatefiles){ $_result2 = $this->Request('md5listmodules', $parameter); if(empty($_result2) && (!empty($this->http_code) && strpos($this->http_code,'5') === 0)){ usleep(1000000); $_result2 = $this->Request('md5listmodules', $parameter); } if($_result2 === 'ERROR'){ $this->app->erp->setMaintainance(false); return "ERROR FROM SERVER (Perhaps a wrong license?)"; } $_result3 = $this->Request('md5listcustom', $parameter); if(empty($_result3)){ usleep(2000000); $_result3 = $this->Request('md5listcustom', $parameter); } if($_result3 === 'ERROR'){ $this->app->erp->setMaintainance(false); return "ERROR FROM SERVER (Perhaps a wrong license?)"; } } $result = ''; $result2 = ''; $result3 = ''; $resulta = explode(';',$_result); $resulta2 = explode(';',$_result2); $resulta3 = explode(';',$_result3); unset($_result, $_result2, $_result3); if($resulta3) { foreach($resulta3 as $r) { if($r) { $result3.= 'getfilecustom:'.$r.';'; $ra = explode(':',$r); $dats[] = $ra[0]; } } unset($resulta3); } if($resulta2){ foreach($resulta2 as $r) { if($r) { $ra = explode(':',$r); if(!isset($dats) || !in_array($ra[0], $dats)) { $result2.= 'getfilemodules:'.$r.';'; $dats[] = $ra[0]; } } } unset($resulta2); } if($resulta) { foreach($resulta as $r) { if($r) { $ra = explode(':',$r); if(!isset($dats) || !in_array($ra[0], $dats)) { $result.= 'getfile:'.$r.';'; } } } unset($resulta); } $result .= $result2.$result3; unset($result2, $result3, $dats); //$rows = explode(";",$result); $rows = explode(';',$result); $res['result'] = $result; $res['parameter'] = $parameter; $downloadind = 0; $copyind = 0; if(count($rows)>0) { foreach($rows as $value) { unset($single_row); $single_row = explode(':',$value); if(!(count($single_row)>=3 && strlen($single_row[0])>4 && strlen($single_row[2])>3)) { continue; } $typ = $single_row[0]; $file = $single_row[1]; $file_lokal = dirname(__DIR__).'/'.($file); $md5sum = $single_row[2]; $size = isset($single_row[3])?$single_row[3]:false; $parameter['file']=$file; $parameter['md5sum']=$md5sum; if($file==='./upgradesystemclient.php') { continue; } if( (!$updatefiles && ($file==="./www/update.php" || $file==="./www/update.tpl" || $file==="./www/updatelogin.tpl" || $file === './www/jquery-update.js' || $file === './www/jquery-ui-update.js' || $file === 'jquery-ui.min.css')) || ($updatefiles && ($file!=="./www/update.php" && $file!=="./www/update.tpl" && $file!=="./www/updatelogin.tpl" && $file !== './www/jquery-update.js' && $file !== './www/jquery-ui-update.js' && $file !== 'jquery-ui.min.css')) ){ continue; } $bla[] = $file_lokal; if(is_file($file_lokal)){ if(substr($md5sum,0,3) === 'DEL'){ if($this->CheckVersandZahlungsweise($file_lokal)) { @unlink($file_lokal); } continue; } if(md5_file($file_lokal)==$md5sum){ continue; } $fileowner = fileowner($file_lokal); $filegroup = filegroup($file_lokal); $perms = fileperms($file_lokal); $o = ($perms & 0x0080); $g = ($perms & 0x0010); $a = ($perms & 0x0002); // pruefe ob datei angelegt werden kann, wenn das passt ist eh alles gut if(touch(dirname(__DIR__).'/download/chkrights') && file_exists(dirname(__DIR__).'/download/chkrights')) { @unlink(dirname(__DIR__).'/download/chkrights'); } else if($eigenguser && $eigengroup){ if($fileowner != $eigenguser){ if($filegroup != $eigengroup){ if(!$a){ return array('error'=>'ERROR Fehlende Schreibrechte in '.$file_lokal); } } else{ if(!$g) { return array('error'=>'ERROR Fehlende Schreibrechte in '.$file_lokal); } } } else { if(!$o) { return array('error'=>'ERROR Fehlende Schreibrechte in '.$file_lokal); } } } $bla[] = array( 'fileowner'=>$fileowner, 'filegroup'=>$filegroup, 'perms'=>$perms, 'o'=>$o, 'g'=>$g, 'a'=>$a, ); if(is_file(dirname(__DIR__).'/download/'.$file)){ if(md5_file(dirname(__DIR__).'/download/'.$file)!=$md5sum){ $res['download'][$downloadind] = array('typ'=>$typ,'file'=>$file,'md5sum'=>$md5sum,'size'=>$size); $downloadexists[$typ][$file] = $downloadind; $downloadind++; } else{ $res['copy'][$copyind] = array('typ'=>$typ,'file'=>$file,'md5sum'=>$md5sum,'size'=>$size); $copyexists[$typ][$file] = $copyind; $copyind++; } } else{ $res['download'][$downloadind] = array('typ'=>$typ,'file'=>$file,'md5sum'=>$md5sum,'size'=>$size); $downloadexists[$typ][$file] = $downloadind; $downloadind++; } } else if($file!='') { if(substr($md5sum,0,3) === 'DEL') { continue; } if(is_file(dirname(__DIR__).'/download/'.$file)) { if(md5_file(dirname(__DIR__).'/download/'.$file)!=$md5sum) { $fileowner = fileowner(dirname(__DIR__).'/download/'.ltrim($file,'.')); $filegroup = filegroup(dirname(__DIR__).'/download/'.ltrim($file,'.')); $perms = fileperms(dirname(__DIR__).'/download/'.ltrim($file,'.')); $o = ($perms & 0x0080); $g = ($perms & 0x0010); $a = ($perms & 0x0002); // pruefe ob datei angelegt werden kann, wenn das passt ist eh alles gut if(touch(dirname(__DIR__).'/download/chkrights')) { unlink(dirname(__DIR__).'/download/chkrights'); } else if($eigenguser && $eigengroup) { if($fileowner != $eigenguser) { if($filegroup != $eigengroup) { if(!$a) { return array('error'=>'ERROR Fehlende Schreibrechte im Downloadordner'); } } else{ if(!$g) { return array('error'=>'ERROR Fehlende Schreibrechte im Downloadordner'); } } } else{ if(!$o) { return array('error'=>'ERROR Fehlende Schreibrechte im Downloadordner'); } } } $res['download'][$downloadind] = array('typ'=>$typ,'file'=>$file,'md5sum'=>$md5sum,'size'=>$size); $downloadexists[$typ][$file] = $downloadind; $downloadind++; } else{ $res['copy'][$copyind] = array('typ'=>$typ,'file'=>$file,'md5sum'=>$md5sum,'size'=>$size); $copyexists[$typ][$file] = $copyind; $copyind++; } } else { $res['download'][$downloadind] = array('typ'=>$typ,'file'=>$file,'md5sum'=>$md5sum,'size'=>$size); $downloadexists[$typ][$file] = $downloadind; $downloadind++; } } } } if(!empty($res['download']) && count($res['download']) > 0) { foreach($res['download'] as $key => $val) { if(isset($val['md5sum']) && substr($val['md5sum'],0,3) === 'DEL') { unset($res['download'][$key]); } } } return $this->CheckRights($res, $eigenguser, $eigengroup); } protected function CheckFileFolder($file, $eigenguser, $eigengroup) { if(is_file($file)) { if($handle = @fopen($file,'a+')) { fclose($handle); return false; } $fileowner = fileowner($file); if($fileowner !== $eigenguser) { if(@chown($file,$eigenguser) && ($handle = @fopen($file,'a+'))) { fclose($handle); return false; } } $perms = fileperms($file); $filegroup = filegroup($file); if($fileowner === $eigenguser) { if(@chmod($file, $perms | 0600)) { return false; } } if($filegroup === $eigengroup) { if(@chmod($file, $perms | 0060)) { return false; } } if(@chown($file,$perms | 0006)) { return false; } return true; } if(!is_dir($file)) { return false; } if(is_file($file.'/chkrights')) { @unlink($file.'/chkrights'); } if(!is_file($file.'/chkrights') && @touch($file.'/chkrights')){ if(is_file($file.'/chkrights')){ @unlink($file . '/chkrights'); return false; } return true; } $fileowner = fileowner($file); if($fileowner !== $eigenguser) { if(chown($file,$eigenguser) && @touch($file.'/chkrights')) { @unlink($file.'/chkrights'); return false; } } $perms = fileperms($file); $filegroup = filegroup($file); if($fileowner === $eigenguser) { if(@chmod($file, $perms | 0700) && @touch($file.'/chkrights')) { @unlink($file.'/chkrights'); return false; } } if($filegroup === $eigengroup) { if(@chmod($file, $perms | 0070) && @touch($file.'/chkrights')) { @unlink($file.'/chkrights'); return false; } } if(@chown($file,$perms | 0007) && @touch($file.'/chkrights')) { @unlink($file.'/chkrights'); return false; } return true; } protected function CheckRights($res, $eigenguser, $eigengroup) { $foldertocheck = []; if(!empty($res['download'])) { foreach($res['download'] as $k => $v) { $file = ltrim(ltrim($v['file'],'.'),'/'); if($file === '.') { continue; } if($this->CheckFileFolder(dirname(__DIR__).'/'.$file, $eigenguser, $eigengroup)) { $res['FileError'][] = dirname(__DIR__).'/'.$file; } if($this->CheckFileFolder(dirname(__DIR__).'/download/'.$file, $eigenguser, $eigengroup)) { $res['FileError'][] = dirname(__DIR__).'/download/'.$file; } $dfile = dirname($file); if($dfile === '.') { $folder = dirname(__DIR__); } else{ $folder = dirname(__DIR__) . '/' . $dfile; } $foldertocheck[substr_count($folder,'/')][$folder] = true; if($dfile === '.') { $folder = dirname(__DIR__). '/download'; } else{ $folder = dirname(__DIR__) . '/download/' . $dfile; } $foldertocheck[substr_count($folder,'/')][$folder] = true; } } if(!empty($res['copy'])) { foreach($res['copy'] as $k => $v) { $file = ltrim(ltrim($v['file'],'.'),'/'); if($file === '.') { continue; } if($this->CheckFileFolder(dirname(__DIR__).'/'.$file, $eigenguser, $eigengroup)) { $res['FileError'][] = dirname(__DIR__).'/'.$file; } $dfile = dirname($file); if($dfile === '.') { $folder = dirname(__DIR__); } else { $folder = dirname(__DIR__) . '/' . $dfile; } $foldertocheck[substr_count($folder,'/')][$folder] = true; } } if(!empty($foldertocheck)) { foreach($foldertocheck as $lvl => $folderarr) { foreach($folderarr as $k => $v) { if($this->CheckFileFolder($k, $eigenguser, $eigengroup)) { $res['FolderError'][] = $k; } } } } return $res; } function CheckUpdate() { $parameter['version']=@$this->conf['version']; $result = $this->Request('md5list',$parameter); if($result==='ERROR') { echo "Updates: ERROR FROM SERVER (Perhaps a wrong license?)\n"; return; } $rows = explode(";",$result); if(count($rows)>0) { foreach($rows as $value) { unset($single_row); $single_row = explode(":",$value); if(count($single_row)>=2 && strlen($single_row[0])>3 && strlen($single_row[1])>3) { $file = $single_row[0]; $md5sum = $single_row[1]; if(substr($md5sum,0,3) === 'DEL')continue; $parameter['file']=$file; $parameter['md5sum']=$md5sum; if($file==='./upgradesystemclient.php') { } else if(is_file($file)) { // pruefe md5sum if(md5_file($file)!=$md5sum) { // wenn update dann UPD_ echo "update <- $file\n"; $result = $this->Request("getfile",$parameter); $output = (base64_decode($result)); //$output = preg_replace('/[^(\x22-\x7F)\x0A]*/','', $output); file_put_contents($file."UPD", $output); /* $fp = fopen($file."UPD","wb+"); fwrite($fp,base64_decode($result)); fclose($fp); */ // pruefsuemme neu berechnen wenn passt umbenennen und ins archiv echo md5_file($file."UPD"); echo "-".$md5sum."\n"; if(md5_file($file."UPD")==$md5sum) { echo "update ok $file\n"; rename($file."UPD",$file); } } } else if($file!="") { echo "datei <- $file\n"; // pruefe ob es verzeichnis gibt $verzeichnis = dirname($file); if(!is_dir($verzeichnis)) { echo "verzeichnis <- $verzeichnis\n"; mkdir($verzeichnis,0777,true); } $result = $this->Request("getfile",$parameter); $output = base64_decode($result); //$output = iconv("UTF-8","ISO-8859-1//IGNORE",$output); //$output = iconv("ISO-8859-1","UTF-8",$output); //$output = preg_replace('/[^(\x20-\x7F)\x0A]*/','', $output); file_put_contents($file."NEW", $output); /*$fp = fopen($file."NEW","wb+"); fwrite($fp,base64_decode($result)); fclose($fp); */ if(md5_file($file."NEW")==$md5sum) { echo "datei ok $file\n"; rename($file."NEW",$file); } } } } } } function CheckUpdateModules() { //$this->dir_rekursiv("./"); //$parameter['md5sums'] = $this->localmd5sums; //shell_exec('find ./ -exec md5sum "{}" \;'); $parameter['version']=@$this->conf['version']; $result = $this->Request('md5listmodules',$parameter); if($result==='ERROR') { echo "Modules: ERROR FROM SERVER (Perhaps a wrong license?)\n"; return; } $rows = explode(";",$result); if(count($rows)>0) { foreach($rows as $value) { unset($single_row); $single_row = explode(":",$value); if(count($single_row)>=2 && strlen($single_row[0])>3 && strlen($single_row[1])>3) { $file = $single_row[0]; $md5sum = $single_row[1]; if(substr($md5sum,0,3) === 'DEL') { continue; } $parameter['file']=$file; $parameter['md5sum']=$md5sum; if($file==="./upgradesystemclient.php") { } else if(is_file($file)) { // pruefe md5sum if(md5_file($file)!=$md5sum) { // wenn update dann UPD_ echo "update (M) <- $file\n"; $result = $this->Request("getfilemodules",$parameter); $output = (base64_decode($result)); //$output = preg_replace('/[^(\x22-\x7F)\x0A]*/','', $output); file_put_contents($file."UPD", $output); /* $fp = fopen($file."UPD","wb+"); fwrite($fp,base64_decode($result)); fclose($fp); */ // pruefsuemme neu berechnen wenn passt umbenennen und ins archiv echo md5_file($file."UPD"); echo "-".$md5sum."\n"; if(md5_file($file."UPD")==$md5sum) { echo "update (M) ok $file\n"; rename($file."UPD",$file); } } } else if($file!='') { echo "datei (M) <- $file\n"; // pruefe ob es verzeichnis gibt $verzeichnis = dirname($file); if(!is_dir($verzeichnis)) { echo "verzeichnis (M) <- $verzeichnis\n"; mkdir($verzeichnis,0777,true); } $result = $this->Request("getfilemodules",$parameter); $output = base64_decode($result); //$output = iconv("UTF-8","ISO-8859-1//IGNORE",$output); //$output = iconv("ISO-8859-1","UTF-8",$output); //$output = preg_replace('/[^(\x20-\x7F)\x0A]*/','', $output); file_put_contents($file."NEW", $output); /*$fp = fopen($file."NEW","wb+"); fwrite($fp,base64_decode($result)); fclose($fp); */ if(md5_file($file."NEW")==$md5sum) { echo "datei (M) ok $file\n"; rename($file."NEW",$file); } } } } } } function CheckUpdateCustom() { $parameter['version']=@$this->conf['version']; $result = $this->Request("md5listcustom",$parameter); if($result==='ERROR') { echo "Custom: ERROR FROM SERVER (Perhaps a wrong license?)\n"; return; } $rows = explode(";",$result); if(count($rows)>0) { foreach($rows as $value) { unset($single_row); $single_row = explode(":",$value); if(count($single_row)>=2 && strlen($single_row[0])>3 && strlen($single_row[1])>3) { $file = $single_row[0]; $md5sum = $single_row[1]; $parameter['file']=$file; $parameter['md5sum']=$md5sum; if(substr($md5sum,0,3) === 'DEL') { continue; } if($file==='./upgradesystemclient.php') { } else if(is_file($file)) { // pruefe md5sum if(md5_file($file)!=$md5sum) { // wenn update dann UPD_ echo "update (C) <- $file\n"; $result = $this->Request("getfilecustom",$parameter); $output = (base64_decode($result)); //$output = preg_replace('/[^(\x22-\x7F)\x0A]*/','', $output); file_put_contents($file."UPD", $output); /* $fp = fopen($file."UPD","wb+"); fwrite($fp,base64_decode($result)); fclose($fp); */ // pruefsuemme neu berechnen wenn passt umbenennen und ins archiv echo md5_file($file."UPD"); echo "-".$md5sum."\n"; if(md5_file($file."UPD")==$md5sum) { echo "update (C) ok $file\n"; rename($file."UPD",$file); } } } else if($file!="") { echo "datei (C) <- $file\n"; // pruefe ob es verzeichnis gibt $verzeichnis = dirname($file); if(!is_dir($verzeichnis)) { echo "verzeichnis (C) <- $verzeichnis\n"; mkdir($verzeichnis,0777,true); } $result = $this->Request("getfilecustom",$parameter); $output = base64_decode($result); //$output = iconv("UTF-8","ISO-8859-1//IGNORE",$output); //$output = iconv("ISO-8859-1","UTF-8",$output); //$output = preg_replace('/[^(\x20-\x7F)\x0A]*/','', $output); file_put_contents($file."NEW", $output); /*$fp = fopen($file."NEW","wb+"); fwrite($fp,base64_decode($result)); fclose($fp); */ if(md5_file($file."NEW")==$md5sum) { echo "datei (C) ok $file\n"; rename($file."NEW",$file); } } } } } } function DownloadUpdate() { } function CheckDownloadedUpdate() { } function ExecuteUpdate() { } function Request($command,$parameter) { $erp = $this->erp; $auth['serial']=trim($erp->Firmendaten('lizenz'));//$this->conf['serial']; $auth['authkey']=trim($erp->Firmendaten('schluessel'));//$this->conf['authkey']; if(empty($auth['serial']) || empty($auth['authkey'])) { $this->errormsg = 'Bitte tragen Sie die Lizenzdaten in den Grundeinstellungen ein.'; return ''; } if(!empty($_SERVER['SERVER_NAME']) && $_SERVER['SERVER_NAME'] !== '') { $auth['SERVER_NAME'] = $_SERVER['SERVER_NAME']; } elseif(!empty($_SERVER['HTTP_HOST'])) { $auth['SERVER_NAME'] = $_SERVER['HTTP_HOST']; } else { $auth['SERVER_NAME'] = ''; } $auth = base64_encode(json_encode($auth)); $parameter = base64_encode(json_encode($parameter)); $client = new UpdateHttpClient($this->conf['host'],$this->conf['port']); $client->post('/upgradesystem.php', [ 'authjson' => $auth, 'parameterjson'=>$parameter, 'command'=>(String)$command , 'withdel' => 1 ] ); $pageContents = $client->getContent(); if(!empty($client->errormsg)){ $this->errormsg = $client->errormsg; } $this->http_code = (string)$client->getStatus(); return $pageContents; } function dir_rekursiv($verzeichnis) { $handle = opendir($verzeichnis); while ($datei = readdir($handle)) { if ($datei !== '.' && $datei !== '..') { if (is_dir($verzeichnis.$datei)) // Wenn Verzeichniseintrag ein Verzeichnis ist { // Erneuter Funktionsaufruf, um das aktuelle Verzeichnis auszulesen $this->dir_rekursiv($verzeichnis.$datei.'/'); } else { // Wenn Verzeichnis-Eintrag eine Datei ist, diese ausgeben $this->localmd5sums[$verzeichnis.$datei] = md5_file($verzeichnis.$datei); } } } closedir($handle); } } /* Version 0.9, 6th April 2003 - Simon Willison ( http://simon.incutio.com/ ) Manual: http://scripts.incutio.com/httpclient/ */ class UpdateHttpClient { // Request vars var $host; var $port; var $path; var $method; var $postdata = ''; var $cookies = array(); var $referer; var $accept = 'text/xml,application/xml,application/xhtml+xml,text/html,text/plain,image/png,image/jpeg,image/gif,*/*'; var $accept_encoding = 'gzip'; var $accept_language = 'en-us'; var $user_agent = 'Incutio HttpClient v0.9'; // Options var $timeout = 20; var $use_gzip = true; var $persist_cookies = true; // If true, received cookies are placed in the $this->cookies array ready for the next request // Note: This currently ignores the cookie path (and time) completely. Time is not important, // but path could possibly lead to security problems. var $persist_referers = true; // For each request, sends path of last request as referer var $debug = false; var $handle_redirects = true; // Auaomtically redirect if Location or URI header is found var $max_redirects = 5; var $headers_only = false; // If true, stops receiving once headers have been read. // Basic authorization variables var $username; var $password; // Response vars var $status; var $headers = array(); var $content = ''; var $errormsg; // Tracker variables var $redirect_count = 0; var $cookie_host = ''; function __construct($host, $port=80) { $this->host = $host; $this->port = $port; } function get($path, $data = false) { $this->path = $path; $this->method = 'GET'; if ($data) { $this->path .= '?'.$this->buildQueryString($data); } return $this->doRequest(); } function post($path, $data) { $this->path = $path; $this->method = 'POST'; $this->postdata = $this->buildQueryString($data); return $this->doRequest(); } function buildQueryString($data) { $querystring = ''; if (is_array($data)) { // Change data in to postable data foreach ($data as $key => $val) { if (is_array($val)) { foreach ($val as $val2) { $querystring .= urlencode($key).'='.urlencode($val2).'&'; } } else { $querystring .= urlencode($key).'='.urlencode($val).'&'; } } $querystring = substr($querystring, 0, -1); // Eliminate unnecessary & } else { $querystring = $data; } return $querystring; } function doRequest() { // Performs the actual HTTP request, returning true or false depending on outcome if(!@fsockopen('ssl://'.$this->host, $this->port, $errno, $errstr, $this->timeout) && $this->port==443) { $this->port=80; } if($this->port==443){ $url = 'ssl://' . $this->host; } else{ $url = $this->host; } if (!$fp = @fsockopen($url, $this->port, $errno, $errstr, $this->timeout)) { // Set error message switch($errno) { case -3: $this->errormsg = 'Socket creation failed (-3)'; $this->errormsg .= ' '.$errstr; $this->debug($this->errormsg); break; case -4: $this->errormsg = 'DNS lookup failure (-4)'; $this->errormsg .= ' '.$errstr; $this->debug($this->errormsg); break; case -5: $this->errormsg = 'Connection refused or timed out (-5)'; $this->errormsg .= ' '.$errstr; $this->debug($this->errormsg); break; default: $this->errormsg = 'Connection failed ('.$errno.')'; $this->errormsg .= ' '.$errstr; $this->debug($this->errormsg); } return false; } stream_set_timeout($fp, $this->timeout); $request = $this->buildRequest(); $this->debug('Request', $request); fwrite($fp, $request); // Reset all the variables that should not persist between requests $this->headers = array(); $this->content = ''; $this->errormsg = ''; // Set a couple of flags $inHeaders = true; $atStart = true; // Now start reading back the response while (!feof($fp)) { $line = fgets($fp, 4096); if ($atStart) { // Deal with first line of returned data $atStart = false; if (!preg_match('/HTTP\/(\\d\\.\\d)\\s*(\\d+)\\s*(.*)/', $line, $m)) { $this->errormsg = "Status code line invalid: ".htmlentities($line); $this->debug($this->errormsg); //return false; } $http_version = $m[1]; // not used $this->status = $m[2]; $status_string = $m[3]; // not used $this->debug(trim($line)); continue; } if ($inHeaders) { if (trim($line) == '') { $inHeaders = false; $this->debug('Received Headers', $this->headers); if ($this->headers_only) { break; // Skip the rest of the input } continue; } if (!preg_match('/([^:]+):\\s*(.*)/', $line, $m)) { // Skip to the next header continue; } $key = strtolower(trim($m[1])); $val = trim($m[2]); // Deal with the possibility of multiple headers of same name if (isset($this->headers[$key])) { if (is_array($this->headers[$key])) { $this->headers[$key][] = $val; } else { $this->headers[$key] = array($this->headers[$key], $val); } } else { $this->headers[$key] = $val; } continue; } // We're not in the headers, so append the line to the contents $this->content .= $line; } fclose($fp); // If data is compressed, uncompress it if (isset($this->headers['content-encoding']) && $this->headers['content-encoding'] == 'gzip') { $this->debug('Content is gzip encoded, unzipping it'); $this->content = substr($this->content, 10); // See http://www.php.net/manual/en/function.gzencode.php $this->content = gzinflate($this->content); } // If $persist_cookies, deal with any cookies if ($this->persist_cookies && isset($this->headers['set-cookie']) && $this->host == $this->cookie_host) { $cookies = $this->headers['set-cookie']; if (!is_array($cookies)) { $cookies = array($cookies); } foreach ($cookies as $cookie) { if (preg_match('/([^=]+)=([^;]+);/', $cookie, $m)) { $this->cookies[$m[1]] = $m[2]; } } // Record domain of cookies for security reasons $this->cookie_host = $this->host; } // If $persist_referers, set the referer ready for the next request if ($this->persist_referers) { $this->debug('Persisting referer: '.$this->getRequestURL()); $this->referer = $this->getRequestURL(); } // Finally, if handle_redirects and a redirect is sent, do that if ($this->handle_redirects) { if (++$this->redirect_count >= $this->max_redirects) { $this->errormsg = 'Verbindung konnte nicht aufgebaut werden. Bitte wenden Sie sich an Ihre IT. Eventuell sind SSL-Zertifikate nicht vorhanden bzw. abgelaufen'; $this->debug($this->errormsg); $this->redirect_count = 0; return false; } $location = isset($this->headers['location']) ? $this->headers['location'] : ''; $uri = isset($this->headers['uri']) ? $this->headers['uri'] : ''; if ($location || $uri) { $url = parse_url($location.$uri); // This will FAIL if redirect is to a different site return $this->get($url['path']); } } return true; } function buildRequest() { $headers = array(); $headers[] = "{$this->method} {$this->path} HTTP/1.0"; // Using 1.1 leads to all manner of problems, such as "chunked" encoding $headers[] = "Host: {$this->host}"; $headers[] = "User-Agent: {$this->user_agent}"; $headers[] = "Accept: {$this->accept}"; if ($this->use_gzip) { $headers[] = "Accept-encoding: {$this->accept_encoding}"; } $headers[] = "Accept-language: {$this->accept_language}"; if ($this->referer) { $headers[] = "Referer: {$this->referer}"; } // Cookies if ($this->cookies) { $cookie = 'Cookie: '; foreach ($this->cookies as $key => $value) { $cookie .= "$key=$value; "; } $headers[] = $cookie; } // Basic authentication if ($this->username && $this->password) { $headers[] = 'Authorization: BASIC '.base64_encode($this->username.':'.$this->password); } // If this is a POST, set the content type and length if ($this->postdata) { $headers[] = 'Content-Type: application/x-www-form-urlencoded'; $headers[] = 'Content-Length: '.strlen($this->postdata); } $request = implode("\r\n", $headers)."\r\n\r\n".$this->postdata; return $request; } function getStatus() { return $this->status; } function getContent() { return $this->content; } function getHeaders() { return $this->headers; } function getHeader($header) { $header = strtolower($header); if (isset($this->headers[$header])) { return $this->headers[$header]; } return false; } function getError() { return $this->errormsg; } function getCookies() { return $this->cookies; } function getRequestURL() { $url = 'http://'.$this->host; if ($this->port != 80) { $url .= ':'.$this->port; } $url .= $this->path; return $url; } // Setter methods function setUserAgent($string) { $this->user_agent = $string; } function setAuthorization($username, $password) { $this->username = $username; $this->password = $password; } function setCookies($array) { $this->cookies = $array; } // Option setting methods function useGzip($boolean) { $this->use_gzip = $boolean; } function setPersistCookies($boolean) { $this->persist_cookies = $boolean; } function setPersistReferers($boolean) { $this->persist_referers = $boolean; } function setHandleRedirects($boolean) { $this->handle_redirects = $boolean; } function setMaxRedirects($num) { $this->max_redirects = $num; } function setHeadersOnly($boolean) { $this->headers_only = $boolean; } function setDebug($boolean) { $this->debug = $boolean; } // "Quick" static methods function quickGet($url) { $bits = parse_url($url); $host = $bits['host']; $port = isset($bits['port']) ? $bits['port'] : 80; $path = isset($bits['path']) ? $bits['path'] : '/'; if (isset($bits['query'])) { $path .= '?'.$bits['query']; } $client = new UpdateHttpClient($host, $port); if (!$client->get($path)) { return false; } return $client->getContent(); } function quickPost($url, $data) { $bits = parse_url($url); $host = $bits['host']; $port = isset($bits['port']) ? $bits['port'] : 80; $path = isset($bits['path']) ? $bits['path'] : '/'; $client = new UpdateHttpClient($host, $port); if (!$client->post($path, $data)) { return false; } return $client->getContent(); } function debug($msg, $object = false) { if ($this->debug) { print '
HttpClient Debug: '.$msg; if ($object) { ob_start(); print_r($object); $content = htmlentities(ob_get_contents()); ob_end_clean(); print '
'.$content.'
'; } print '
'; } } } class UpdatePage { var $engine; function __construct(&$app) { $this->app = &$app; //$this->engine = &$engine; } /// load a themeset set function LoadTheme($theme) { //$this->app->Tpl->ReadTemplatesFromPath("themes/$theme/templates/"); $this->app->Tpl->ReadTemplatesFromPath("themes/$theme/templates/"); } /// show complete page function Show() { return $this->app->Tpl->FinalParse('update.tpl'); } } class UpdateSession { // set check to true when user have permissions private $check = false; public $module; public $action; // application object public $app; public $reason; function __construct() { } function Check($appObj) { $this->app = $appObj; $this->check = true; if(!$this->app->acl->CheckTimeOut()){ $this->check = false; $this->reason = 'PLEASE_LOGIN'; } else { //benutzer ist schon mal erfolgreich angemeldet if($this->app->User->GetType()==='admin'){ $this->check = true; } else { $this->reason = 'NO_PERMISSIONS'; $this->check = false; } } } function GetCheck() { return $this->check; } function UserSessionCheck() { $this->check=false; $this->reason='PLEASE_LOGIN'; //$this->reason="SESSION_TIMEOUT"; return true; } } class UpdateWawiString { function __construct() { } function Convert($value,$input,$output) { if($input==''){ return $value; } $array = $this->FindPercentValues($input); $regexp = $this->BuildRegExp($array); $elements = preg_split($regexp,$value,-1,PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY); // input und elements stimmmen ueberein $newout = $output; $i = 0; foreach($array as $key=>$v) { $newout = str_replace($key,$elements[$i],$newout); $i++; } return $newout; } function BuildRegExp($array) { $regexp = '/^'; foreach($array as $value) { $value = str_replace('.','\.',$value); $value = str_replace('+','\+',$value); $value = str_replace('*','\*',$value); $value = str_replace('?','\?',$value); $regexp .= '(\S+)'.$value; } $regexp .= '/'; return $regexp; } function FindPercentValues($pattern) { $hash = ''; $collect = ''; preg_match_all('/(?:(%[0-9]+)|.)/i', $pattern, $matches); $hash = ''; $collect = ''; $start = true; foreach($matches[1] as $key=>$value) { if($value==''){ $collecting = true; } else { $collecting = false; $oldhash = $hash; $hash = $value; } if(!$collecting) { if(!$start){ $replace[$oldhash] = $collect; } $collect=''; } else{ $collect .= $matches[0][$key]; } $start = false; } $replace[$hash] = $collect; return $replace; } function encodeText($string) { $string = str_replace("\\r\\n","#BR#",$string); $string = str_replace("\n","#BR#",$string); $encoded = htmlspecialchars(stripslashes($string), ENT_QUOTES); return $encoded; } function decodeText($_str, $_form=true) { if ($_form) { $_str = str_replace("#BR#", "\r\n", $_str); } else { $_str = str_replace("#BR#", "
", $_str); } return($_str); } function valid_utf8( $string ) { return !((bool)preg_match('~\xF5\xF6\xF7\xF8\xF9\xFA\xFB\xFC\xFD\xFE\xFF\xC0\xC1~ms',$string)); } } class UpdatephpWFAPI { function __construct(&$app) { $this->app=&$app; } function ReBuildPageFrame() { $this->app->Tpl->ResetParser(); $this->BuildPageFrame(); } function BuildPageFrame() { $this->app->Tpl->ReadTemplatesFromPath("phpwf/defaulttemplates/"); // build template tree $this->app->Page->LoadTheme($this->app->WFconf[defaulttheme]); // start acutally application instance $this->app->Tpl->ReadTemplatesFromPath("pages/content/_gen"); $this->app->Tpl->ReadTemplatesFromPath("pages/content/"); } function StartRequestedCommand() { $defaultpage = $this->app->WFconf['defaultpage']; $defaultpageaction = $this->app->WFconf['defaultpageaction']; $module = $this->app->Secure->GetGET('module','alpha'); $action = $this->app->Secure->GetGET('action','alpha'); if(!file_exists("pages/".$module.".php")) $module = $defaultpage; if($action=='') { $action = $defaultpageaction; } if(!$this->app->acl->Check($this->app->User->GetType(),$module,$action)) return; // start module if(file_exists("pages/".$module.".php")) { include("pages/".$module.".php"); //create dynamical an object $constr=strtoupper($module[0]).substr($module, 1); $myApp = new $constr($this->app); } else { echo $this->app->WFM->Error("Module $module doesn't exists in pages/"); } $this->app->acl->CheckTimeOut(); } /// mit dem "erstellen Formular" einfach bearbeiten liste + formular anzeigen function EasyTableList($tablename,$cols,$parsetarget,$pkname,$delmsg,$delmsgcol) { // show list // create html table $table = new HTMLTable("0","100%"); $table->AddRowAsHeading($cols); $all = $this->app->DB->SelectTable($tablename,$cols); $table->AddField($all); $action = $this->app->Secure->GetGET("action","alpha"); $module = $this->app->Secure->GetGET("module","alpha"); $table->AddCompleteCol(0, "bearbeiten"); $table->AddCompleteCol(0, " loeschen",$delmsgcol); $table->ChangingRowColors('#ffffff','#dddddd'); $this->app->Tpl->Set($parsetarget,$table->Get()); } function Message($msg,$parsetarget='MSGBOX') { $this->app->Tpl->Add('MSGBOXTEXT',$msg); $this->app->Tpl->Parse($parsetarget,"messagebox.tpl"); } // emailvorlage aus db senden function EmailFromTemplate($template,$to,$values) { $betreff = $this->app->DB->Select("SELECT betreff FROM emailvorlagen WHERE name='$template' LIMIT 1"); $nachricht = $this->app->DB->Select("SELECT nachricht FROM emailvorlagen WHERE name='$template' LIMIT 1"); if(count($values) > 0) { foreach($values as $key=>$value) { $nachricht = str_replace("%".$key."%",$value,$nachricht); $betreff = str_replace("%".$key."%",$value,$betreff); } } $nachricht = str_replace('#BR#',"\n",$nachricht); mail($to,$betreff,$nachricht,"From: ActConnect Team "); } } class UpdateSecure { var $GET; var $POST; function __construct(&$app){ $this->app = &$app; // clear global variables, that everybody have to go over secure layer $this->GET = $_GET; // $_GET=""; $this->POST = $_POST; // $_POST=""; $this->AddRule('notempty','reg','.'); // at least one sign $this->AddRule('alpha','reg','[a-zA-Z]'); $this->AddRule('digit','reg','[0-9]'); $this->AddRule('space','reg','[ ]'); $this->AddRule('specialchars','reg','[_-]'); $this->AddRule('email','reg','^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$'); $this->AddRule('datum','reg','([0-9]{1,2})\.([0-9]{1,2})\.([0-9]{4})'); $this->AddRule('username','glue','alpha+digit'); $this->AddRule('password','glue','alpha+digit+specialchars'); } function GetGET($name,$rule="",$maxlength="",$sqlcheckoff="") { return $this->Syntax(isset($this->GET[$name])?$this->GET[$name]:'',$rule,$maxlength,$sqlcheckoff); } function GetPOST($name,$rule="",$maxlength="",$sqlcheckoff="") { return $this->Syntax(isset($this->POST[$name])?$this->POST[$name]:'',$rule,$maxlength,$sqlcheckoff); } function GetPOSTForForms($name,$rule="",$maxlength="",$sqlcheckoff="") { return $this->SyntaxForForms($this->POST[$name],$rule,$maxlength,$sqlcheckoff); } function GetPOSTArray() { if(count($this->POST)>0) { foreach($this->POST as $key=>$value) { $key = $this->GetPOST($key,"alpha+digit+specialchars",20); $ret[$key]=$this->GetPOST($value); } } if(isset($ret))return $ret; } function GetGETArray() { if(count($this->GET)>0) { foreach($this->GET as $key=>$value) { $key = $this->GetGET($key,"alpha+digit+specialchars",20); $ret[$key]=$this->GetGET($value); } } if(isset($ret)) { return $ret; } } function stripallslashes($string) { while(strstr($string,'\\')) { $string = stripslashes($string); } return $string; } function smartstripslashes($str) { $cd1 = substr_count($str, "\""); $cd2 = substr_count($str, "\\\""); $cs1 = substr_count($str, "'"); $cs2 = substr_count($str, "\\'"); $tmp = strtr($str, array("\\\"" => "", "\\'" => "")); $cb1 = substr_count($tmp, "\\"); $cb2 = substr_count($tmp, "\\\\"); if ($cd1 == $cd2 && $cs1 == $cs2 && $cb1 == 2 * $cb2) { return strtr($str, array("\\\"" => "\"", "\\'" => "'", "\\\\" => "\\")); } return $str; } function SyntaxForForms($value,$rule,$maxlength="",$sqlcheckoff="") { return $value;//mysqli_real_escape_string($this->app->DB->connection,$value);//mysqli_real_escape_string($value); } // check actual value with given rule function Syntax($value,$rule,$maxlength="",$sqlcheckoff="") { $value = str_replace("\xef\xbb\xbf","NONBLOCKINGZERO",$value); if(is_array($value)) { return $value; } $value = $this->stripallslashes($value); $value = $this->smartstripslashes($value); $value = $this->app->erp->superentities($value); if($rule=='' && $sqlcheckoff == '') { return mysqli_real_escape_string($this->app->DB->connection,$value);//mysqli_real_escape_string($value); } if($rule=='' && $sqlcheckoff != '') { return $value; } // build complete regexp // check if rule exists if($this->GetRegexp($rule)!=""){ //$v = '/^['.$this->GetRegexp($rule).']+$/'; $v = $this->GetRegexp($rule); if (preg_match_all('/'.$v.'/i', $value, $teffer) ) { if($sqlcheckoff==""){ return mysqli_real_escape_string($this->app->DB->connection, $value);//mysqli_real_escape_string($value); } return $value; } return ''; } echo "
Rule $rule doesn't exists!
"; return ''; } function RuleCheck($value,$rule) { $v = $this->GetRegexp($rule); if (preg_match_all('/'.$v.'/i', $value, $teffer) ){ return true; } return false; } function AddRule($name,$type,$rule) { // type: reg = regular expression // type: glue ( already exists rules copy to new e.g. number+digit) $this->rules[$name]=array('type'=>$type,'rule'=>$rule); } // get complete regexp by rule name function GetRegexp($rule) { $rules = explode("+",$rule); $ret = ''; foreach($rules as $key) { // check if rule is last in glue string if($this->rules[$key]['type']==="glue") { $subrules = explode("+",$this->rules[$key]['rule']); if(count($subrules)>0) { foreach($subrules as $subkey) { $ret .= $this->GetRegexp($subkey); } } } elseif($this->rules[$key]['type']==="reg") { $ret .= $this->rules[$key]['rule']; } } if($ret=="") $ret = "none"; return $ret; } } class UpdateAcl { /** @var UpdateApplication */ public $app; public function __construct($app) { $this->app = $app; if(!empty($_COOKIE['DBSELECTED'])) { $this->app->changeDbConf($_COOKIE['DBSELECTED']); } } function CheckTimeOut() { $this->session_id = session_id(); if(isset($_COOKIE['CH42SESSION']) && $_COOKIE['CH42SESSION']!='') { $this->session_id = $_COOKIE["CH42SESSION"]; $this->app->DB->Update("UPDATE useronline SET time=NOW(),login=1 WHERE sessionid='".$this->app->DB->real_escape_string($_COOKIE["CH42SESSION"])."' LIMIT 1"); } // check if user is applied // $this->app->DB->Delete("DELETE FROM useronline WHERE user_id='".$this->app->User->GetID()."' AND sessionid!='".$this->session_id."'"); $sessid = $this->app->DB->Select("SELECT sessionid FROM useronline,user WHERE login='1' AND sessionid='".$this->app->DB->real_escape_string($this->session_id)."' AND user.id=useronline.user_id AND user.activ='1' LIMIT 1"); if($this->session_id == $sessid) { // check if time is expired $time = $this->app->DB->Select("SELECT UNIX_TIMESTAMP(time) FROM useronline,user WHERE login='1' AND sessionid='".$this->app->DB->real_escape_string($this->session_id)."' AND user.id=useronline.user_id AND user.activ='1' LIMIT 1"); if((time()-$time) > $this->app->Conf->WFconf['logintimeout']) { if(!isset($_COOKIE['CH42SESSION']) || $_COOKIE['CH42SESSION']=='') { //$this->app->WF->ReBuildPageFrame(); $this->Logout("Ihre Zeit ist abgelaufen, bitte melden Sie sich erneut an.",true); return false; } } else { // update time $this->app->DB->Update("UPDATE useronline,user SET useronline.time=NOW() WHERE login='1' AND sessionid='".$this->app->DB->real_escape_string($this->session_id)."' AND user.id=useronline.user_id AND user.activ='1'"); session_write_close(); // Blockade wegnehmen return true; } } } function Check($usertype,$module='',$action='', $userid='') { return $usertype==='admin'; } function Login() { $multidbs = $this->app->getDbs(); if(count($multidbs) > 1) { $options = ''; foreach($multidbs as $k => $v) { $options .= '