Issues in config.php - Fixed Issues - Inspection of "[i18n] updating translations" - AlternC/AlternC - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — stable-3.1 ( 28f09e...905725 )

by Benjamin

created 2016-05-26 16:38 UTC

bureau/class/config.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
  $Id: config.php,v 1.12 2005/12/18 09:51:32 benjamin Exp $
  ----------------------------------------------------------------------
  AlternC - Web Hosting System
  Copyright (C) 2002 by the AlternC Development Team.
  http://alternc.org/
  ----------------------------------------------------------------------
  Based on:
  Valentin Lacambre's web hosting softwares: http://altern.org/
  ----------------------------------------------------------------------
  LICENSE

  This program is free software; you can redistribute it and/or
  modify it under the terms of the GNU General Public License (GPL)
  as published by the Free Software Foundation; either version 2
  of the License, or (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  To read the license please visit http://www.gnu.org/copyleft/gpl.html
  ----------------------------------------------------------------------
  Original Author of file: Benjamin Sonntag
  Purpose of file: General configuration file for AlternC Desktop
  ----------------------------------------------------------------------
 */

define('DO_XHPROF_STATS', FALSE);
if (DO_XHPROF_STATS) {
    require_once('/usr/share/alternc/panel/admin/xhprof_header.php');
}

// To enable the display of the alternc debug error, do the following :
// # touch /etc/alternc/alternc_display_php_error
if (file_exists('/etc/alternc/alternc_display_php_error')) {
    ini_set('display_errors', '1');
}
session_name('AlternC_Panel');
session_start();

/*
  Si vous voulez mettre le bureau en maintenance, decommentez le code ci-dessous
  et mettez votre ip dans le IF pour que seule votre ip puisse acceder au bureau :
 */

/* * /
  if (getenv("REMOTE_ADDR")!="127.0.0.1") {
  echo "Le bureau AlternC est en vacances jusqu'a minuit pour maintenance.<br>
  Merci de revenir plus tard.";
  exit();
  }
  /* */

if (ini_get("safe_mode")) {
    echo _("SAFE MODE IS ENABLED for the web panel ! It's a bug in your php or apache configuration, please fix it !!");
    exit();
}

// For people who want to authenticate with HTTP AUTH
if (isset($_GET['http_auth']))
    $http_auth = strval($_GET['http_auth']);
if (isset($http_auth)) {
    if (empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW'])) {
        header('WWW-Authenticate: Basic realm="AlternC Authentication"');
        header('HTTP/1.0 401 Unauthorized');
        exit();
    }
}
if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
    // Gruiiik
    $_REQUEST["username"] = $_SERVER['PHP_AUTH_USER'];
    $_REQUEST["password"] = $_SERVER['PHP_AUTH_PW'];
}

// proper srand (not using time(), which is what PHP does!)
list($usec, $sec) = explode(" ", microtime());
srand($usec * 1000000);

$help_baseurl = "http://www.aide-alternc.org/";

/* Server Domain Name */
$host = getenv("HTTP_HOST");

/* Global variables (AlternC configuration) */
require_once(dirname(__FILE__) . "/local.php");

// Define constants from vars of /etc/alternc/local.sh
// The you can't choose where is the AlternC Panel 
define("DEFAULT_PASS_SIZE", 8);
define('ALTERNC_MAIL', "$L_ALTERNC_MAIL");
define('ALTERNC_HTML', "$L_ALTERNC_HTML");
if (isset($L_ALTERNC_LOGS_ARCHIVE)) {
    define('ALTERNC_LOGS_ARCHIVE', "$L_ALTERNC_LOGS_ARCHIVE");
}
define('ALTERNC_LOGS', "$L_ALTERNC_LOGS");
define('ALTERNC_PANEL', "/usr/share/alternc/panel");
define('ALTERNC_LOCALES', ALTERNC_PANEL . "/locales");
define('ALTERNC_LOCK_JOBS', '/var/run/alternc/jobs-lock');
define('ALTERNC_LOCK_PANEL', '/var/lib/alternc/panel/nologin.lock');
define('ALTERNC_APACHE2_GEN_TMPL_DIR', '/etc/alternc/templates/apache2/');
define('ALTERNC_VHOST_DIR', "/var/lib/alternc/apache-vhost/");
define('ALTERNC_VHOST_FILE', ALTERNC_VHOST_DIR . "vhosts_all.conf");
define('ALTERNC_VHOST_MANUALCONF', ALTERNC_VHOST_DIR . "manual/");


/* PHPLIB inclusions : */
$root = ALTERNC_PANEL . "/";

require_once($root . "/class/db_mysql.php");
require_once($root . "/class/functions.php");
require_once($root . "/class/variables.php");

// child class of the phplib parent DB class 
/**
 * Class for MySQL management in the bureau 
 *
 * This class heriting from the db class of the phplib manages
 * the connection to the MySQL database.
 */
class DB_system extends DB_Sql {

    var $Host = null;
    var $Database = null;
    var $User = null;
    var $Password = null;

    /**
     * Creator
     */
    function DB_system() {
        global $L_MYSQL_HOST, $L_MYSQL_DATABASE, $L_MYSQL_LOGIN, $L_MYSQL_PWD;
        $this->Host = $L_MYSQL_HOST;
        $this->Database = $L_MYSQL_DATABASE;
        $this->User = $L_MYSQL_LOGIN;
        $this->Password = $L_MYSQL_PWD;
    }

}

$db = new DB_system();

// https: Redirection if not calling https://!fqdn or if https is forced
if ((variable_get('force_https', '0', "This variable is set to 0 (default) if users can access the management desktop through HTTP, otherwise we force HTTPS")&&(!isset($_SERVER["HTTPS"])|| ($_SERVER["HTTPS"] != "on")))
    ||(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" && $host != $L_FQDN)) {
    // do not redirect if access is not by HTTP(s)
    if (isset($_SERVER['REQUEST_URI'])) {
      header("Location: https://$L_FQDN".$_SERVER['REQUEST_URI']);
      exit;
    }
}

// Current User ID = the user whose commands are made on behalf of.
$cuid = 0;


$classes = array();
/* CLASSES PHP : automatic include : */
foreach (glob($root . "class/m_*.php") as $di) {
    if (preg_match("#${root}class/m_(.*)\\.php$#", $di, $match)) { // $
        $classes[] = $match[1];
        require_once($di);
    }
}
/* THE DEFAULT CLASSES ARE :
  dom, ftp, mail, quota, bro, admin, mem, mysql, err, variables
 */

// Load file for the system class.
// Those class will not be build by default.
// They may contain forbidden action for the panel, for example: exec, system
// or files operations
// We can imagine load those class only for command-line scripts.
foreach (glob($root . "class/class_system_*.php") as $fcs) {
    if (is_readable($fcs))
        require_once($fcs);
}

/* Language */
include_once("lang_env.php");

$mem = new m_mem();
$err = new m_err();
$authip = new m_authip();
$hooks = new m_hooks();

/* Check the User identity (if required) */
if (!defined('NOCHECK')) {
    if (!$mem->checkid()) {
        if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
            header('WWW-Authenticate: Basic realm="AlternC Authentication"');
            header('HTTP/1.0 401 Unauthorized');
            exit();
        }
        $error = $err->errstr();
        include("$root/admin/index.php");
        exit();
    }
}

for ($i = 0; $i < count($classes); $i++) {
    $name2 = $classes[$i];
    if (isset($$name2))
        continue; // for already instancied class like mem, err or authip
    $name1 = "m_" . $name2;
    $$name2 = new $name1();
}

$oldid = intval(isset($_COOKIE['oldid']) ? $_COOKIE['oldid'] : '');
$isinvited = false;
if ($admin->enabled)
    $isinvited = true;

if ($oldid && $oldid != $cuid) {
    $isinvited = true;
}

// Init some vars
variable_get('hosting_tld', '', 'This is a FQDN that designates the main hostname of the service. For example, hosting_tld determines in what TLD the "free" user domain is created. If this is set to "example.com", a checkbox will appear in the user creation dialog requesting the creator if he wants to create the domain "username.example.com".', array('desc' => 'Wanted FQDN', 'type' => 'string'));

variable_get('subadmin_restriction', '0', "This variable sets the way the account list works for accounts other than 'admin' (2000). 0 (default) = admin other than admin/2000 can see their own account, but not the other one 1 = admin other than admin/2000 can see any account by clicking the ''show all accounts'' link.", array('desc' => 'Shared access activated?', 'type' => 'boolean'));

variable_get('auth_ip_ftp_default_yes', '1', "This variable sets if you want to allow all IP address to access FTP by default. If the user start to define some IP or subnet in the allow list, only those he defined will be allowed.", array('desc' => 'Allow by default?', 'type' => 'boolean'));

if ((variable_get('sql_max_username_length', NULL)==NULL)||(variable_get('sql_max_database_length', NULL)==NULL)) {
    $result = $db->query("SELECT (SELECT CHARACTER_MAXIMUM_LENGTH length FROM information_schema.columns  WHERE TABLE_SCHEMA='mysql' and TABLE_NAME='user' and COLUMN_NAME='User') username, (SELECT CHARACTER_MAXIMUM_LENGTH length FROM information_schema.columns  WHERE TABLE_SCHEMA='mysql' and TABLE_NAME='db' and COLUMN_NAME='Db') `database`");
    if ($db->next_record($result)) {
        $variable = $db->Record;

	$variable['username']=min(128, $variable['username']);
	$variable['database']=min($variable['database'], $variable['username']);
	variable_set('sql_max_username_length', $variable['username'], 'Maximum length allowed for SQL usernames by your SQL server (do not modify unless you know what you do)');
	variable_set('sql_max_database_length', $variable['database'], 'Maximum length allowed for SQL database names by your SQL server (do not modify unless you know what you do)');
    }

}


GitHub Access Token became invalid

Push — stable-3.1 ( 28f09e...905725 )

bureau/class/config.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2
3			/*
4			$Id: config.php,v 1.12 2005/12/18 09:51:32 benjamin Exp $
5			----------------------------------------------------------------------
6			AlternC - Web Hosting System
7			Copyright (C) 2002 by the AlternC Development Team.
8			http://alternc.org/
9			----------------------------------------------------------------------
10			Based on:
11			Valentin Lacambre's web hosting softwares: http://altern.org/
12			----------------------------------------------------------------------
13			LICENSE
14
15			This program is free software; you can redistribute it and/or
16			modify it under the terms of the GNU General Public License (GPL)
17			as published by the Free Software Foundation; either version 2
18			of the License, or (at your option) any later version.
19
20			This program is distributed in the hope that it will be useful,
21			but WITHOUT ANY WARRANTY; without even the implied warranty of
22			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23			GNU General Public License for more details.
24
25			To read the license please visit http://www.gnu.org/copyleft/gpl.html
26			----------------------------------------------------------------------
27			Original Author of file: Benjamin Sonntag
28			Purpose of file: General configuration file for AlternC Desktop
29			----------------------------------------------------------------------
30			*/
31
32			define('DO_XHPROF_STATS', FALSE);
33			if (DO_XHPROF_STATS) {
34			require_once('/usr/share/alternc/panel/admin/xhprof_header.php');
35			}
36
37			// To enable the display of the alternc debug error, do the following :
38			// # touch /etc/alternc/alternc_display_php_error
39			if (file_exists('/etc/alternc/alternc_display_php_error')) {
40			ini_set('display_errors', '1');
41			}
42			session_name('AlternC_Panel');
43			session_start();
44
45			/*
46			Si vous voulez mettre le bureau en maintenance, decommentez le code ci-dessous
47			et mettez votre ip dans le IF pour que seule votre ip puisse acceder au bureau :
48			*/
49
50			/* * /
51			if (getenv("REMOTE_ADDR")!="127.0.0.1") {
52			echo "Le bureau AlternC est en vacances jusqu'a minuit pour maintenance.<br>
53			Merci de revenir plus tard.";
54			exit();
55			}
56			/* */
57
58			if (ini_get("safe_mode")) {
59			echo _("SAFE MODE IS ENABLED for the web panel ! It's a bug in your php or apache configuration, please fix it !!");
60			exit();
61			}
62
63			// For people who want to authenticate with HTTP AUTH
64			if (isset($_GET['http_auth']))
65			$http_auth = strval($_GET['http_auth']);
66			if (isset($http_auth)) {
67			if (empty($_SERVER['PHP_AUTH_USER']) \|\| empty($_SERVER['PHP_AUTH_PW'])) {
68			header('WWW-Authenticate: Basic realm="AlternC Authentication"');
69			header('HTTP/1.0 401 Unauthorized');
70			exit();
71			}
72			}
73			if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
74			// Gruiiik
75			$_REQUEST["username"] = $_SERVER['PHP_AUTH_USER'];
76			$_REQUEST["password"] = $_SERVER['PHP_AUTH_PW'];
77			}
78
79			// proper srand (not using time(), which is what PHP does!)
80			list($usec, $sec) = explode(" ", microtime());
81			srand($usec * 1000000);
82
83			$help_baseurl = "http://www.aide-alternc.org/";
84
85			/* Server Domain Name */
86			$host = getenv("HTTP_HOST");
87
88			/* Global variables (AlternC configuration) */
89			require_once(dirname(__FILE__) . "/local.php");
90
91			// Define constants from vars of /etc/alternc/local.sh
92			// The you can't choose where is the AlternC Panel
93			define("DEFAULT_PASS_SIZE", 8);
94			define('ALTERNC_MAIL', "$L_ALTERNC_MAIL");
95			define('ALTERNC_HTML', "$L_ALTERNC_HTML");
96			if (isset($L_ALTERNC_LOGS_ARCHIVE)) {
97			define('ALTERNC_LOGS_ARCHIVE', "$L_ALTERNC_LOGS_ARCHIVE");
98			}
99			define('ALTERNC_LOGS', "$L_ALTERNC_LOGS");
100			define('ALTERNC_PANEL', "/usr/share/alternc/panel");
101			define('ALTERNC_LOCALES', ALTERNC_PANEL . "/locales");
102			define('ALTERNC_LOCK_JOBS', '/var/run/alternc/jobs-lock');
103			define('ALTERNC_LOCK_PANEL', '/var/lib/alternc/panel/nologin.lock');
104			define('ALTERNC_APACHE2_GEN_TMPL_DIR', '/etc/alternc/templates/apache2/');
105			define('ALTERNC_VHOST_DIR', "/var/lib/alternc/apache-vhost/");
106			define('ALTERNC_VHOST_FILE', ALTERNC_VHOST_DIR . "vhosts_all.conf");
107			define('ALTERNC_VHOST_MANUALCONF', ALTERNC_VHOST_DIR . "manual/");
108
109
110			/* PHPLIB inclusions : */
111			$root = ALTERNC_PANEL . "/";
112
113			require_once($root . "/class/db_mysql.php");
114			require_once($root . "/class/functions.php");
115			require_once($root . "/class/variables.php");
116
117			// child class of the phplib parent DB class
118			/**
119			* Class for MySQL management in the bureau
120			*
121			* This class heriting from the db class of the phplib manages
122			* the connection to the MySQL database.
123			*/
124			class DB_system extends DB_Sql {
125
126			var $Host = null;
127			var $Database = null;
128			var $User = null;
129			var $Password = null;
130
131			/**
132			* Creator
133			*/
134			function DB_system() {
135			global $L_MYSQL_HOST, $L_MYSQL_DATABASE, $L_MYSQL_LOGIN, $L_MYSQL_PWD;
136			$this->Host = $L_MYSQL_HOST;
137			$this->Database = $L_MYSQL_DATABASE;
138			$this->User = $L_MYSQL_LOGIN;
139			$this->Password = $L_MYSQL_PWD;
140			}
141
142			}
143
144			$db = new DB_system();
145
146			// https: Redirection if not calling https://!fqdn or if https is forced
147			if ((variable_get('force_https', '0', "This variable is set to 0 (default) if users can access the management desktop through HTTP, otherwise we force HTTPS")&&(!isset($_SERVER["HTTPS"])\|\| ($_SERVER["HTTPS"] != "on")))
148			\|\|(isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on" && $host != $L_FQDN)) {
149			// do not redirect if access is not by HTTP(s)
150			if (isset($_SERVER['REQUEST_URI'])) {
151			header("Location: https://$L_FQDN".$_SERVER['REQUEST_URI']);
152			exit;
153			}
154			}
155
156			// Current User ID = the user whose commands are made on behalf of.
157			$cuid = 0;
158
159
160			$classes = array();
161			/* CLASSES PHP : automatic include : */
162			foreach (glob($root . "class/m_*.php") as $di) {
163			if (preg_match("#${root}class/m_(.*)\\.php$#", $di, $match)) { // $
164			$classes[] = $match[1];
165			require_once($di);
166			}
167			}
168			/* THE DEFAULT CLASSES ARE :
169			dom, ftp, mail, quota, bro, admin, mem, mysql, err, variables
170			*/
171
172			// Load file for the system class.
173			// Those class will not be build by default.
174			// They may contain forbidden action for the panel, for example: exec, system
175			// or files operations
176			// We can imagine load those class only for command-line scripts.
177			foreach (glob($root . "class/class_system_*.php") as $fcs) {
178			if (is_readable($fcs))
179			require_once($fcs);
180			}
181
182			/* Language */
183			include_once("lang_env.php");
184
185			$mem = new m_mem();
186			$err = new m_err();
187			$authip = new m_authip();
188			$hooks = new m_hooks();
189
190			/* Check the User identity (if required) */
191			if (!defined('NOCHECK')) {
192			if (!$mem->checkid()) {
193			if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
194			header('WWW-Authenticate: Basic realm="AlternC Authentication"');
195			header('HTTP/1.0 401 Unauthorized');
196			exit();
197			}
198			$error = $err->errstr();
199			include("$root/admin/index.php");
200			exit();
201			}
202			}
203
204			for ($i = 0; $i < count($classes); $i++) {
205			$name2 = $classes[$i];
206			if (isset($$name2))
207			continue; // for already instancied class like mem, err or authip
208			$name1 = "m_" . $name2;
209			$$name2 = new $name1();
210			}
211
212			$oldid = intval(isset($_COOKIE['oldid']) ? $_COOKIE['oldid'] : '');
213			$isinvited = false;
214			if ($admin->enabled)
215			$isinvited = true;
216
217			if ($oldid && $oldid != $cuid) {
218			$isinvited = true;
219			}
220
221			// Init some vars
222			variable_get('hosting_tld', '', 'This is a FQDN that designates the main hostname of the service. For example, hosting_tld determines in what TLD the "free" user domain is created. If this is set to "example.com", a checkbox will appear in the user creation dialog requesting the creator if he wants to create the domain "username.example.com".', array('desc' => 'Wanted FQDN', 'type' => 'string'));
223
224			variable_get('subadmin_restriction', '0', "This variable sets the way the account list works for accounts other than 'admin' (2000). 0 (default) = admin other than admin/2000 can see their own account, but not the other one 1 = admin other than admin/2000 can see any account by clicking the ''show all accounts'' link.", array('desc' => 'Shared access activated?', 'type' => 'boolean'));
225
226			variable_get('auth_ip_ftp_default_yes', '1', "This variable sets if you want to allow all IP address to access FTP by default. If the user start to define some IP or subnet in the allow list, only those he defined will be allowed.", array('desc' => 'Allow by default?', 'type' => 'boolean'));
227
228			if ((variable_get('sql_max_username_length', NULL)==NULL)\|\|(variable_get('sql_max_database_length', NULL)==NULL)) {
229			$result = $db->query("SELECT (SELECT CHARACTER_MAXIMUM_LENGTH length FROM information_schema.columns WHERE TABLE_SCHEMA='mysql' and TABLE_NAME='user' and COLUMN_NAME='User') username, (SELECT CHARACTER_MAXIMUM_LENGTH length FROM information_schema.columns WHERE TABLE_SCHEMA='mysql' and TABLE_NAME='db' and COLUMN_NAME='Db') `database`");
230			if ($db->next_record($result)) {
231			$variable = $db->Record;
			0 ignored issues – show Bug introduced 2016-04-27 17:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `Record` cannot be accessed from this context as it is declared `private` in class `DB_Sql`. This check looks for access to properties that are not accessible from the current context. If you need to make a property accessible to another context you can either raise its visibility level or provide an accessible getter in the defining class. Loading history...
232			$variable['username']=min(128, $variable['username']);
233			$variable['database']=min($variable['database'], $variable['username']);
234			variable_set('sql_max_username_length', $variable['username'], 'Maximum length allowed for SQL usernames by your SQL server (do not modify unless you know what you do)');
235			variable_set('sql_max_database_length', $variable['database'], 'Maximum length allowed for SQL database names by your SQL server (do not modify unless you know what you do)');
236			}
237
238			}
239

AlternC / AlternC

GitHub Access Token became invalid

Push — stable-3.1 ( 28f09e...905725 )

bureau/class/config.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like