274 lines
7.7 KiB
PHP
274 lines
7.7 KiB
PHP
<?php
|
|
/*
|
|
|
|
gpg-mailgate
|
|
|
|
This file is part of the gpg-mailgate source code.
|
|
|
|
gpg-mailgate is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
gpg-mailgate source code is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with gpg-mailgate source code. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*/
|
|
|
|
function string_begins_with($string, $search)
|
|
{
|
|
return (strncmp($string, $search, strlen($search)) == 0);
|
|
}
|
|
|
|
function boolToString($bool) {
|
|
return $bool ? 'true' : 'false';
|
|
}
|
|
|
|
//returns an absolute path to the include directory
|
|
function includePath() {
|
|
$self = __FILE__;
|
|
$lastSlash = strrpos($self, "/");
|
|
return substr($self, 0, $lastSlash + 1);
|
|
}
|
|
|
|
//returns a relative path to the gpg-mailgate-web web root directory, without trailing slash
|
|
function basePath() {
|
|
$commonPath = __FILE__;
|
|
$requestPath = $_SERVER['SCRIPT_FILENAME'];
|
|
|
|
//count the number of slashes
|
|
// number of .. needed for include level is numslashes(request) - numslashes(common)
|
|
// then add one more to get to base
|
|
$commonSlashes = substr_count($commonPath, '/');
|
|
$requestSlashes = substr_count($requestPath, '/');
|
|
$numParent = $requestSlashes - $commonSlashes + 1;
|
|
|
|
$basePath = ".";
|
|
for($i = 0; $i < $numParent; $i++) {
|
|
$basePath .= "/..";
|
|
}
|
|
|
|
return $basePath;
|
|
}
|
|
|
|
function uid($length) {
|
|
$characters = "0123456789abcdefghijklmnopqrstuvwxyz";
|
|
$string = "";
|
|
|
|
for ($p = 0; $p < $length; $p++) {
|
|
$string .= $characters[secure_random() % strlen($characters)];
|
|
}
|
|
|
|
return $string;
|
|
}
|
|
|
|
function get_page($page, $args = array()) {
|
|
//let pages use some variables
|
|
extract($args);
|
|
$config = $GLOBALS['config'];
|
|
$lang = $GLOBALS['lang'];
|
|
|
|
$basePath = basePath();
|
|
|
|
$themePath = $basePath . "/theme";
|
|
$themePageInclude = "$themePath/$page.php";
|
|
|
|
if(file_exists("$themePath/header.php")) {
|
|
include("$themePath/header.php");
|
|
}
|
|
|
|
if(file_exists($themePageInclude)) {
|
|
include($themePageInclude);
|
|
}
|
|
|
|
if(file_exists("$themePath/footer.php")) {
|
|
include("$themePath/footer.php");
|
|
}
|
|
}
|
|
|
|
function isAscii($str) {
|
|
return 0 == preg_match('/[^\x00-\x7F]/', $str);
|
|
}
|
|
|
|
//returns random number from 0 to 2^24
|
|
function secure_random() {
|
|
return hexdec(bin2hex(secure_random_bytes(3)));
|
|
}
|
|
|
|
function recursiveDelete($dirPath) {
|
|
foreach(
|
|
new RecursiveIteratorIterator(
|
|
new RecursiveDirectoryIterator(
|
|
$dirPath, FilesystemIterator::SKIP_DOTS
|
|
),
|
|
RecursiveIteratorIterator::CHILD_FIRST
|
|
)
|
|
as $path) {
|
|
$path->isFile() ? unlink($path->getPathname()) : rmdir($path->getPathname());
|
|
}
|
|
|
|
rmdir($dirPath);
|
|
}
|
|
|
|
function gpgmw_mail($subject, $body, $to) { //returns true=ok, false=notok
|
|
$config = $GLOBALS['config'];
|
|
$from = filter_var($config['email_from'], FILTER_SANITIZE_EMAIL);
|
|
$to = filter_var($to, FILTER_SANITIZE_EMAIL);
|
|
|
|
if($to === false || $from === false) {
|
|
return false;
|
|
}
|
|
|
|
if(isset($config['mail_smtp']) && $config['mail_smtp']) {
|
|
require_once "Mail.php";
|
|
|
|
$host = $config['mail_smtp_host'];
|
|
$port = $config['mail_smtp_port'];
|
|
$username = $config['mail_smtp_username'];
|
|
$password = $config['mail_smtp_password'];
|
|
$headers = array ('From' => $from,
|
|
'To' => $to,
|
|
'Subject' => $subject,
|
|
'Content-Type' => 'text/plain');
|
|
$smtp = Mail::factory('smtp',
|
|
array ('host' => $host,
|
|
'port' => $port,
|
|
'auth' => true,
|
|
'username' => $username,
|
|
'password' => $password));
|
|
|
|
$mail = $smtp->send($to, $headers, $body);
|
|
|
|
if (PEAR::isError($mail)) {
|
|
return false;
|
|
} else {
|
|
return true;
|
|
}
|
|
} else {
|
|
$headers = "From: $from\r\n";
|
|
$headers .= "Content-type: text/plain\r\n";
|
|
return mail($to, $subject, $body, $headers);
|
|
}
|
|
}
|
|
|
|
//secure_random_bytes from https://github.com/GeorgeArgyros/Secure-random-bytes-in-PHP
|
|
/*
|
|
* The function is providing, at least at the systems tested :),
|
|
* $len bytes of entropy under any PHP installation or operating system.
|
|
* The execution time should be at most 10-20 ms in any system.
|
|
*/
|
|
function secure_random_bytes($len = 10) {
|
|
|
|
/*
|
|
* Our primary choice for a cryptographic strong randomness function is
|
|
* openssl_random_pseudo_bytes.
|
|
*/
|
|
$SSLstr = '4'; // http://xkcd.com/221/
|
|
if (function_exists('openssl_random_pseudo_bytes') &&
|
|
(version_compare(PHP_VERSION, '5.3.4') >= 0 ||
|
|
substr(PHP_OS, 0, 3) !== 'WIN'))
|
|
{
|
|
$SSLstr = openssl_random_pseudo_bytes($len, $strong);
|
|
if ($strong)
|
|
return $SSLstr;
|
|
}
|
|
|
|
/*
|
|
* If mcrypt extension is available then we use it to gather entropy from
|
|
* the operating system's PRNG. This is better than reading /dev/urandom
|
|
* directly since it avoids reading larger blocks of data than needed.
|
|
* Older versions of mcrypt_create_iv may be broken or take too much time
|
|
* to finish so we only use this function with PHP 5.3 and above.
|
|
*/
|
|
if (function_exists('mcrypt_create_iv') &&
|
|
(version_compare(PHP_VERSION, '5.3.0') >= 0 ||
|
|
substr(PHP_OS, 0, 3) !== 'WIN'))
|
|
{
|
|
$str = mcrypt_create_iv($len, MCRYPT_DEV_URANDOM);
|
|
if ($str !== false)
|
|
return $str;
|
|
}
|
|
|
|
|
|
/*
|
|
* No build-in crypto randomness function found. We collect any entropy
|
|
* available in the PHP core PRNGs along with some filesystem info and memory
|
|
* stats. To make this data cryptographically strong we add data either from
|
|
* /dev/urandom or if its unavailable, we gather entropy by measuring the
|
|
* time needed to compute a number of SHA-1 hashes.
|
|
*/
|
|
$str = '';
|
|
$bits_per_round = 2; // bits of entropy collected in each clock drift round
|
|
$msec_per_round = 400; // expected running time of each round in microseconds
|
|
$hash_len = 20; // SHA-1 Hash length
|
|
$total = $len; // total bytes of entropy to collect
|
|
|
|
$handle = @fopen('/dev/urandom', 'rb');
|
|
if ($handle && function_exists('stream_set_read_buffer'))
|
|
@stream_set_read_buffer($handle, 0);
|
|
|
|
do
|
|
{
|
|
$bytes = ($total > $hash_len)? $hash_len : $total;
|
|
$total -= $bytes;
|
|
|
|
//collect any entropy available from the PHP system and filesystem
|
|
$entropy = rand() . uniqid(mt_rand(), true) . $SSLstr;
|
|
$entropy .= implode('', @fstat(@fopen( __FILE__, 'r')));
|
|
$entropy .= memory_get_usage();
|
|
if ($handle)
|
|
{
|
|
$entropy .= @fread($handle, $bytes);
|
|
}
|
|
else
|
|
{
|
|
// Measure the time that the operations will take on average
|
|
for ($i = 0; $i < 3; $i ++)
|
|
{
|
|
$c1 = microtime(true);
|
|
$var = sha1(mt_rand());
|
|
for ($j = 0; $j < 50; $j++)
|
|
{
|
|
$var = sha1($var);
|
|
}
|
|
$c2 = microtime(true);
|
|
$entropy .= $c1 . $c2;
|
|
}
|
|
|
|
// Based on the above measurement determine the total rounds
|
|
// in order to bound the total running time.
|
|
$rounds = (int)($msec_per_round*50 / (int)(($c2-$c1)*1000000));
|
|
|
|
// Take the additional measurements. On average we can expect
|
|
// at least $bits_per_round bits of entropy from each measurement.
|
|
$iter = $bytes*(int)(ceil(8 / $bits_per_round));
|
|
for ($i = 0; $i < $iter; $i ++)
|
|
{
|
|
$c1 = microtime();
|
|
$var = sha1(mt_rand());
|
|
for ($j = 0; $j < $rounds; $j++)
|
|
{
|
|
$var = sha1($var);
|
|
}
|
|
$c2 = microtime();
|
|
$entropy .= $c1 . $c2;
|
|
}
|
|
|
|
}
|
|
// We assume sha1 is a deterministic extractor for the $entropy variable.
|
|
$str .= sha1($entropy, true);
|
|
} while ($len > strlen($str));
|
|
|
|
if ($handle)
|
|
@fclose($handle);
|
|
|
|
return substr($str, 0, $len);
|
|
}
|
|
|
|
?>
|