LEPTON CMS 7.2.0
feel free to keep it strictly simple...
Loading...
Searching...
No Matches
lepton_secure.php
Go to the documentation of this file.
1<?php
2
3declare(strict_types=1);
4
20class LEPTON_secure extends LEPTON_abstract
21{
22 // 0.0 Basics
23 private $admin_dir = "";
24 public static $instance;
25
26 // 0.1 Boolean for the "state"
27 public $bCalledByModule = false;
28
29 // 0.2 For the filepaths
30 private $direct_access_allowed = array();
31
32 // 0.3 List of allowed fils by default
33 private $files_access_allowed = array(
34 'backend' => array(
35 '/access/index.php',
36 '/addons/index.php',
37 '/addons/reload.php',
38 '/admintools/index.php',
39 '/admintools/tool.php',
40 '/groups/add.php',
41 '/groups/groups.php',
42 '/groups/index.php',
43 '/groups/save.php',
44 '/languages/details.php',
45 '/languages/index.php',
46 '/languages/install.php',
47 '/languages/uninstall.php',
48 '/login/index.php',
49 '/login/tfa.php',
50 '/login/forgot/index.php',
51 '/logout/index.php',
52 '/media/thumb.php',
53 '/modules/details.php',
54 '/modules/index.php',
55 '/modules/install.php',
56 '/modules/manual_install.php',
57 '/modules/uninstall.php',
58 '/modules/save_permissions.php',
59 '/pages/add.php',
60 '/pages/delete.php',
61 '/pages/empty_trash.php',
62 '/pages/index.php',
63 '/pages/modify.php',
64 '/pages/move_down.php',
65 '/pages/move_up.php',
66 '/pages/restore.php',
67 '/pages/save.php',
68 '/pages/sections_save.php',
69 '/pages/sections.php',
70 '/pages/settings.php',
71 '/pages/settings2.php',
72 '/preferences/save.php',
73 '/settings/ajax_testmail.php',
74 '/settings/index.php',
75 '/settings/save.php',
76 '/start/index.php',
77 '/templates/details.php',
78 '/templates/index.php',
79 '/templates/install.php',
80 '/templates/uninstall.php',
81 '/users/add.php',
82 '/users/index.php',
83 '/users/save.php',
84 '/users/users.php'
85 ),
86 'account' => array(
87 '/forgot.php',
88 '/login.php',
89 '/logout.php',
90 '/tfa.php',
91 '/new_password.php',
92 '/save_new_password.php',
93 '/preferences.php',
94 '/signup.php'
95 ),
96 'modules' => array(
97 '/cronjob.php', // @ADD_cronjob 20230727, include cronjob file for external call
98 '/edit_module_files.php',
99 '/menu_link/save.php',
100 '/wrapper/save.php',
101 '/jsadmin/move_to.php',
102 '/lib_search/frontend_result.php'
103 )
104 );
105
110 protected function initialize()
111 {
112 $fp = fopen( dirname(dirname(__DIR__))."/config/config.php", "r");
113 $source = fread($fp, 1024);
114 fclose($fp);
115 $pattern = "/ADMIN_PATH', LEPTON_PATH\.'(.*?)'\‍);/i";
116 $founds = array();
117
118 preg_match_all( $pattern, $source, $founds , PREG_SET_ORDER);
119
120 if(isset($founds[0][1]))
121 {
122 self::$instance->admin_dir = $founds[0][1];
123 }
124
125 foreach( self::$instance->files_access_allowed as $key => $value)
126 {
127 $dirname = ($key == 'backend')
128 ? self::$instance->admin_dir
129 : "/".$key
130 ;
131
132 foreach($value as $filename)
133 {
134 static::$instance->direct_access_allowed[] = $dirname.$filename;
135 }
136 }
137 }
138
150 public function accessFiles( $newFileNames = array())
151 {
152 // to avoid unexpected results on local windows installations we coerce the backslashes to slashes:
153 $sServerFileName = str_replace("\\", "/",$_SERVER['SCRIPT_FILENAME']);
154 if( false !== strpos( $sServerFileName, "modules") )
155 {
156 $aTerms = explode("/", $sServerFileName);
157 $sFolder = array_pop($aTerms);
158 $sPrefix = "";
159 $iCounter = 0; // temp. counter var
160 $iMaxCounts = 16; // maximum repeats ...
161 while ($sFolder != "modules")
162 {
163
164 $sFolder = array_pop($aTerms); // get the last array element
165 $sPrefix = "/".$sFolder.$sPrefix; // put the element before the existing one
166
172 if( ++$iCounter > $iMaxCounts )
173 {
174 $sPrefix = "/";
175 break;
176 }
177 }
178
179 foreach($newFileNames as &$ref)
180 {
181 if($ref[0] != "/")
182 {
183 $ref = "/".$ref;
184 }
185
186 if( false === strpos($ref, $sPrefix))
187 {
188 $ref = $sPrefix.$ref;
189 }
190 }
191 }
192
193 static::$instance->direct_access_allowed = $newFileNames;
194 static::$instance->bCalledByModule = true;
195 }
196
203 public function getAllowedFiles() {
204 return static::$instance->direct_access_allowed;
205 }
206
214 public function getAdminDir()
215 {
216 return self::$instance->admin_dir;
217 }
218
226 public function testFile( string $sFilename = "" ) : bool
227 {
228 if(!is_string($sFilename))
229 {
230 return false;
231 }
232
233 if( "" === $sFilename)
234 {
235 return false;
236 }
237
238 foreach( static::$instance->direct_access_allowed as $allowed_file)
239 {
240 if (strpos( $sFilename, $allowed_file) !== false)
241 {
242 return true;
243 }
244 }
245 return false;
246 }
247}
LEPTON_abstract
Definition lepton_abstract.php:25
LEPTON_secure
Definition lepton_secure.php:21
LEPTON_secure\$bCalledByModule
$bCalledByModule
Definition lepton_secure.php:27
LEPTON_secure\getAdminDir
getAdminDir()
Definition lepton_secure.php:214
LEPTON_secure\initialize
initialize()
Definition lepton_secure.php:110
LEPTON_secure\testFile
testFile(string $sFilename="")
Definition lepton_secure.php:226
LEPTON_secure\accessFiles
accessFiles( $newFileNames=array())
Definition lepton_secure.php:150
LEPTON_secure\$instance
static $instance
Definition lepton_secure.php:24
LEPTON_secure\getAllowedFiles
getAllowedFiles()
Definition lepton_secure.php:203