diff --git a/.codeclimate.yml b/.codeclimate.yml
index 3e60e98a..ecedb6f2 100644
--- a/.codeclimate.yml
+++ b/.codeclimate.yml
@@ -7,4 +7,4 @@ languages:
exclude_paths:
- "admin/languages/locale/*"
- "client/site/libs/*"
- - "vendor/*"
\ No newline at end of file
+ - "vendor/*"
diff --git a/_scripts/_readme.txt b/_scripts/_readme.txt
index 54eabc20..c4fdb9f8 100644
--- a/_scripts/_readme.txt
+++ b/_scripts/_readme.txt
@@ -8,4 +8,4 @@ UPGRADE
-----------
1. Check your database version: SELECT max(version) FROM settings; (if there is no table settings, version = 1)
-2. Run all scripts lower and same than your version.
\ No newline at end of file
+2. Run all scripts lower and same than your version.
diff --git a/admin/class.DbLoader.php b/admin/class.DbLoader.php
index bd0deac8..c5847764 100644
--- a/admin/class.DbLoader.php
+++ b/admin/class.DbLoader.php
@@ -72,4 +72,4 @@ public function getProjectConfigs()
return json_encode(new stdClass); //empty json object
}
}
-}
\ No newline at end of file
+}
diff --git a/admin/class.Helpers.php b/admin/class.Helpers.php
index 437c0141..6fe9a243 100644
--- a/admin/class.Helpers.php
+++ b/admin/class.Helpers.php
@@ -12,6 +12,8 @@
namespace GisApp;
+use SimpleXMLElement;
+
class Helpers
{
@@ -128,10 +130,10 @@ public static function getQgsProject($map){
* Load a layer instance from the project
*
* @param $layername
- * @param $project
+ * @param SimpleXMLElement $project
* @return array
*/
- public static function getLayer($layername, $project){
+ public static function getLayer($layername, SimpleXMLElement $project){
// Caching
static $layers = array();
if(array_key_exists($layername, $layers)){
@@ -149,10 +151,10 @@ public static function getLayer($layername, $project){
*
* Get layer connection and geom info
*
- * @param $layer
+ * @param SimpleXMLElement $layer
* @return array
*/
- public static function getLayerInfo($layer){
+ public static function getLayerInfo(SimpleXMLElement $layer){
// Cache
static $pg_layer_infos = array();
@@ -202,4 +204,4 @@ public static function getMapFromUrl()
return $ret;
}
-}
\ No newline at end of file
+}
diff --git a/admin/class.Login.php b/admin/class.Login.php
index 318150c2..fc708a55 100644
--- a/admin/class.Login.php
+++ b/admin/class.Login.php
@@ -55,21 +55,17 @@ public function __construct()
/**
* Performs a check for minimum requirements to run this application.
- * Does not run the further application when PHP version is lower than 5.3.7
- * Does include the PHP password compatibility library when PHP version lower than 5.5.0
- * (this library adds the PHP 5.5 password hashing functions to older versions of PHP)
+ * Does not run the further application when PHP version is lower than 5.5
* @return bool Success status of minimum requirements check, default is false
*/
private function performMinimumRequirementsCheck()
{
- if (version_compare(PHP_VERSION, '5.3.7', '<')) {
- echo "Sorry, Simple PHP Login does not run on a PHP version older than 5.3.7 !";
- } elseif (version_compare(PHP_VERSION, '5.5.0', '<')) {
- require_once("libraries/password_compatibility_library.php");
- return true;
- } elseif (version_compare(PHP_VERSION, '5.5.0', '>=')) {
+ if (version_compare(PHP_VERSION, '5.5.0', '>=')) {
return true;
}
+ else {
+ echo "Sorry, This app does not run on a PHP version older than 5.5!";
+ }
// default return
return false;
}
diff --git a/admin/libraries/password_compatibility_library.php b/admin/libraries/password_compatibility_library.php
deleted file mode 100644
index 518795a3..00000000
--- a/admin/libraries/password_compatibility_library.php
+++ /dev/null
@@ -1,219 +0,0 @@
-
- * @license http://www.opensource.org/licenses/mit-license.html MIT License
- * @copyright 2012 The Authors
- */
-
-if (!defined('PASSWORD_DEFAULT')) {
-
- define('PASSWORD_BCRYPT', 1);
- define('PASSWORD_DEFAULT', PASSWORD_BCRYPT);
-
- /**
- * Hash the password using the specified algorithm
- *
- * @param string $password The password to hash
- * @param int $algo The algorithm to use (Defined by PASSWORD_* constants)
- * @param array $options The options for the algorithm to use
- *
- * @return string|false The hashed password, or false on error.
- */
- function password_hash($password, $algo, array $options = array()) {
- if (!function_exists('crypt')) {
- trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING);
- return null;
- }
- if (!is_string($password)) {
- trigger_error("password_hash(): Password must be a string", E_USER_WARNING);
- return null;
- }
- if (!is_int($algo)) {
- trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING);
- return null;
- }
- switch ($algo) {
- case PASSWORD_BCRYPT:
- // Note that this is a C constant, but not exposed to PHP, so we don't define it here.
- $cost = 10;
- if (isset($options['cost'])) {
- $cost = $options['cost'];
- if ($cost < 4 || $cost > 31) {
- trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING);
- return null;
- }
- }
- // The length of salt to generate
- $raw_salt_len = 16;
- // The length required in the final serialization
- $required_salt_len = 22;
- $hash_format = sprintf("$2y$%02d$", $cost);
- break;
- default:
- trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING);
- return null;
- }
- if (isset($options['salt'])) {
- switch (gettype($options['salt'])) {
- case 'NULL':
- case 'boolean':
- case 'integer':
- case 'double':
- case 'string':
- $salt = (string) $options['salt'];
- break;
- case 'object':
- if (method_exists($options['salt'], '__tostring')) {
- $salt = (string) $options['salt'];
- }
- break;
- case 'array':
- case 'resource':
- default:
- trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING);
- return null;
- }
- if (strlen($salt) < $required_salt_len) {
- trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", strlen($salt), $required_salt_len), E_USER_WARNING);
- return null;
- } elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) {
- $salt = str_replace('+', '.', base64_encode($salt));
- }
- } else {
- $buffer = '';
- $buffer_valid = false;
- if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) {
- $buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM);
- if ($buffer) {
- $buffer_valid = true;
- }
- }
- if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) {
- $buffer = openssl_random_pseudo_bytes($raw_salt_len);
- if ($buffer) {
- $buffer_valid = true;
- }
- }
- if (!$buffer_valid && is_readable('/dev/urandom')) {
- $f = fopen('/dev/urandom', 'r');
- $read = strlen($buffer);
- while ($read < $raw_salt_len) {
- $buffer .= fread($f, $raw_salt_len - $read);
- $read = strlen($buffer);
- }
- fclose($f);
- if ($read >= $raw_salt_len) {
- $buffer_valid = true;
- }
- }
- if (!$buffer_valid || strlen($buffer) < $raw_salt_len) {
- $bl = strlen($buffer);
- for ($i = 0; $i < $raw_salt_len; $i++) {
- if ($i < $bl) {
- $buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255));
- } else {
- $buffer .= chr(mt_rand(0, 255));
- }
- }
- }
- $salt = str_replace('+', '.', base64_encode($buffer));
- }
- $salt = substr($salt, 0, $required_salt_len);
-
- $hash = $hash_format . $salt;
-
- $ret = crypt($password, $hash);
-
- if (!is_string($ret) || strlen($ret) <= 13) {
- return false;
- }
-
- return $ret;
- }
-
- /**
- * Get information about the password hash. Returns an array of the information
- * that was used to generate the password hash.
- *
- * array(
- * 'algo' => 1,
- * 'algoName' => 'bcrypt',
- * 'options' => array(
- * 'cost' => 10,
- * ),
- * )
- *
- * @param string $hash The password hash to extract info from
- *
- * @return array The array of information about the hash.
- */
- function password_get_info($hash) {
- $return = array(
- 'algo' => 0,
- 'algoName' => 'unknown',
- 'options' => array(),
- );
- if (substr($hash, 0, 4) == '$2y$' && strlen($hash) == 60) {
- $return['algo'] = PASSWORD_BCRYPT;
- $return['algoName'] = 'bcrypt';
- list($cost) = sscanf($hash, "$2y$%d$");
- $return['options']['cost'] = $cost;
- }
- return $return;
- }
-
- /**
- * Determine if the password hash needs to be rehashed according to the options provided
- *
- * If the answer is true, after validating the password using password_verify, rehash it.
- *
- * @param string $hash The hash to test
- * @param int $algo The algorithm used for new password hashes
- * @param array $options The options array passed to password_hash
- *
- * @return boolean True if the password needs to be rehashed.
- */
- function password_needs_rehash($hash, $algo, array $options = array()) {
- $info = password_get_info($hash);
- if ($info['algo'] != $algo) {
- return true;
- }
- switch ($algo) {
- case PASSWORD_BCRYPT:
- $cost = isset($options['cost']) ? $options['cost'] : 10;
- if ($cost != $info['options']['cost']) {
- return true;
- }
- break;
- }
- return false;
- }
-
- /**
- * Verify a password against a hash using a timing attack resistant approach
- *
- * @param string $password The password to verify
- * @param string $hash The hash to verify against
- *
- * @return boolean If the password matches the hash
- */
- function password_verify($password, $hash) {
- if (!function_exists('crypt')) {
- trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING);
- return false;
- }
- $ret = crypt($password, $hash);
- if (!is_string($ret) || strlen($ret) != strlen($hash) || strlen($ret) <= 13) {
- return false;
- }
-
- $status = 0;
- for ($i = 0; $i < strlen($ret); $i++) {
- $status |= (ord($ret[$i]) ^ ord($hash[$i]));
- }
-
- return $status === 0;
- }
-}
diff --git a/client/site/js/GetUrlParams.js b/client/site/js/GetUrlParams.js
index 77c789ae..4288996f 100755
--- a/client/site/js/GetUrlParams.js
+++ b/client/site/js/GetUrlParams.js
@@ -51,7 +51,7 @@ if (serverAndCGI.substr(serverAndCGI.length - 3, 3).toLowerCase() === "cgi") {
//patch ends
if (!norewrite) {
//Get map name from base URL (e.g. http://example.com/maps/mapname)
- var urlBaseArray = urlArray[0].split('/')
+ var urlBaseArray = urlArray[0].split('/');
//Remove host and first element of path. http://example.com/maps/subdir/mapname -> subdir/mapname
var map = urlBaseArray.slice(4).join('/');
//Search for wms directory suffix (maps-protected -> wms-protected)
@@ -107,27 +107,14 @@ if (urlArray.length > 1) {
//if lang is not defined in GlobalOptions.js we set it to "en"
lang = "en";
}
- //if (urlParams.lang) {
- // //check if language is available
- // if (availableLanguages[urlParams.lang]) {
- // lang = urlParams.lang;
- // var xhr = new XMLHttpRequest();
- // xhr.open('HEAD', "help_"+urlParams.lang+".html", false);
- // xhr.send();
- // if (xhr.status!="404"){
- // helpfile="help_"+urlParams.lang+".html";
- // }
- // else{
- // alert("Help file unavailable for this language!");
- // if (typeof helpfile == "undefined") {
- // //if helpfile is not defined in GlobalOptions.js we set it to "help_en.html"
- // helpfile = "help_en.html";
- // }
- // }
- // } else {
- // alert(errMessageInvalidLanguageCodeString1[lang] + "'" + urlParams.lang + "'\n" + errMessageInvalidLanguageCodeString2[lang] + availableLanguages[lang].names[lang] + ".");
- // }
- //}
+ if (urlParams.lang) {
+ //check if language is available
+ if (availableLanguages[urlParams.lang]) {
+ lang = urlParams.lang;
+ } else {
+ alert(errMessageInvalidLanguageCodeString1[lang] + "'" + urlParams.lang + "'\n" + errMessageInvalidLanguageCodeString2[lang] + availableLanguages[lang].names[lang] + ".");
+ }
+ }
if (urlParams.searchtables) {
searchtables = urlParams.searchtables;
}
diff --git a/index.php b/index.php
index e7c2241a..05a10abb 100644
--- a/index.php
+++ b/index.php
@@ -3,28 +3,27 @@
use GisApp\Helpers;
require_once("admin/class.Helpers.php");
+require_once("admin/settings.php");
+
$server_os = php_uname('s');
+$def_lang = strtolower(filter_input(INPUT_GET,'lang',FILTER_SANITIZE_STRING));
+
session_start();
-if(isset($_GET['lang'])) {
- $def_lang = strtolower($_GET['lang']);
- if ($def_lang=='sl' || $def_lang=='en' || $def_lang=='de') {
- //OK
- }
- else {
- $def_lang = "en";
- }
-
+if($def_lang>'') {
+ $lang_fn = filter_input(INPUT_SERVER,'DOCUMENT_ROOT',FILTER_SANITIZE_STRING) . GISAPPURL . 'admin/languages/' . $def_lang . '.js';
+ if(!(file_exists($lang_fn))) {
+ $def_lang = 'en';
+ }
}
-else
- $def_lang = "en";
-
-if (!isset($_SESSION['lang'])) {
- $_SESSION['lang'] = $def_lang;
+else {
+ $def_lang = "en";
}
+$_SESSION['lang'] = $def_lang;
+
if (Helpers::isValidUserProj(Helpers::getMapFromUrl())) {
//Setting some global variables
@@ -135,7 +134,7 @@
-
+
diff --git a/version.txt b/version.txt
index afaf360d..7f207341 100644
--- a/version.txt
+++ b/version.txt
@@ -1 +1 @@
-1.0.0
\ No newline at end of file
+1.0.1
\ No newline at end of file