<?php
/**
 * Elgg Actions
 *
 * Actions are one of the primary controllers (The C in MVC) in Elgg. They are
 * registered by {@link register_elgg_action()} and are called by URL
 * http://elggsite.org/action/action_name. For URLs, a rewrite rule in
 * .htaccess passes the action name to engine/handlers/action_handler.php,
 * which dispatches the request for the action.
 *
 * An action name must be registered to a file in the system. Core actions are
 * found in /actions/ and plugin actions are usually under /mod/<plugin>/actions/.
 * It is recommended that actions be namespaced to avoid collisions.
 *
 * All actions require security tokens.  Using the {@elgg_view input/form} view
 * will automatically add tokens as hidden inputs as will the elgg_view_form()
 * function.  To manually add hidden inputs, use the {@elgg_view input/securitytoken} view.
 *
 * To include security tokens for actions called via GET, use
 * {@link elgg_add_security_tokens_to_url()} or specify is_action as true when
 * using {@lgg_view output/url}.
 *
 * Action tokens can be manually generated by using {@link generate_action_token()}.
 *
 * @tip When registered, actions can be restricted to logged in or admin users.
 *
 * @tip Action URLs should be called with a trailing / to prevent 301 redirects.
 *
 * @package Elgg.Core
 * @subpackage Actions
 * @link http://docs.elgg.org/Actions
 * @link http://docs.elgg.org/Actions/Tokens
 */

/**
 * Perform an action.
 *
 * This function executes the action with name $action as registered
 * by {@link elgg_register_action()}.
 *
 * The plugin hook 'action', $action_name will be triggered before the action
 * is executed.  If a handler returns false, it will prevent the action script
 * from being called.
 *
 * @note If an action isn't registered in the system or is registered
 * to an unavailable file the user will be forwarded to the site front
 * page and an error will be emitted via {@link register_error()}.
 *
 * @warning All actions require {@link http://docs.elgg.org/Actions/Tokens Action Tokens}.
 *
 * @param string $action    The requested action
 * @param string $forwarder Optionally, the location to forward to
 *
 * @link http://docs.elgg.org/Actions
 * @see elgg_register_action()
 *
 * @return void
 * @access private
 */
function action($action, $forwarder = "") {
	global $CONFIG;

	$action = rtrim($action, '/');

	// @todo REMOVE THESE ONCE #1509 IS IN PLACE.
	// Allow users to disable plugins without a token in order to
	// remove plugins that are incompatible.
	// Logout for convenience.
	// file/download (see #2010)
	$exceptions = array(
		'admin/plugins/disable',
		'logout',
		'file/download',
	);

	if (!in_array($action, $exceptions)) {
		action_gatekeeper($action);
	}

	$forwarder = str_replace(elgg_get_site_url(), "", $forwarder);
	$forwarder = str_replace("http://", "", $forwarder);
	$forwarder = str_replace("@", "", $forwarder);
	if (substr($forwarder, 0, 1) == "/") {
		$forwarder = substr($forwarder, 1);
	}

	if (!isset($CONFIG->actions[$action])) {
		register_error(elgg_echo('actionundefined', array($action)));
	} elseif (!elgg_is_admin_logged_in() && ($CONFIG->actions[$action]['access'] === 'admin')) {
		register_error(elgg_echo('actionunauthorized'));
	} elseif (!elgg_is_logged_in() && ($CONFIG->actions[$action]['access'] !== 'public')) {
		register_error(elgg_echo('actionloggedout'));
	} else {
		// Returning falsy doesn't produce an error
		// We assume this will be handled in the hook itself.
		if (elgg_trigger_plugin_hook('action', $action, null, true)) {
			if (!include($CONFIG->actions[$action]['file'])) {
				register_error(elgg_echo('actionnotfound', array($action)));
			}
		}
	}

	$forwarder = empty($forwarder) ? REFERER : $forwarder;
	forward($forwarder);
}

/**
 * Registers an action.
 *
 * Actions are registered to a script in the system and are executed
 * either by the URL http://elggsite.org/action/action_name/.
 *
 * $filename must be the full path of the file to register, or a path relative
 * to the core actions/ dir.
 *
 * Actions should be namedspaced for your plugin.  Example:
 * <code>
 * elgg_register_action('myplugin/save_settings', ...);
 * </code>
 *
 * @tip Put action files under the actions/<plugin_name> directory of your plugin.
 *
 * @tip You don't need to include engine/start.php in your action files.
 *
 * @internal Actions are saved in $CONFIG->actions as an array in the form:
 * <code>
 * array(
 * 	'file' => '/location/to/file.php',
 * 	'access' => 'public', 'logged_in', or 'admin'
 * )
 * </code>
 *
 * @param string $action   The name of the action (eg "register", "account/settings/save")
 * @param string $filename Optionally, the filename where this action is located. If not specified,
 *                         will assume the action is in elgg/actions/<action>.php
 * @param string $access   Who is allowed to execute this action: public, logged_in, admin.
 *                         (default: logged_in)
 *
 * @see action()
 * @see http://docs.elgg.org/Actions
 *
 * @return bool
 */
function elgg_register_action($action, $filename = "", $access = 'logged_in') {
	global $CONFIG;

	// plugins are encouraged to call actions with a trailing / to prevent 301
	// redirects but we store the actions without it
	$action = rtrim($action, '/');

	if (!isset($CONFIG->actions)) {
		$CONFIG->actions = array();
	}

	if (empty($filename)) {
		$path = "";
		if (isset($CONFIG->path)) {
			$path = $CONFIG->path;
		}

		$filename = $path . "actions/" . $action . ".php";
	}

	$CONFIG->actions[$action] = array(
		'file' => $filename,
		'access' => $access,
	);
	return true;
}

/**
 * Unregisters an action
 *
 * @param string $action Action name
 * @return bool
 * @since 1.8.1
 */
function elgg_unregister_action($action) {
	global $CONFIG;

	if (isset($CONFIG->actions[$action])) {
		unset($CONFIG->actions[$action]);
		return true;
	} else {
		return false;
	}
}

/**
 * Is the token timestamp within acceptable range?
 * 
 * @param int $ts timestamp from the CSRF token
 * 
 * @return bool
 */
function _elgg_validate_token_timestamp($ts) {
	$action_token_timeout = elgg_get_config('action_token_timeout');
	// default is 2 hours
	$timeout = ($action_token_timeout !== null) ? $action_token_timeout : 2;

	$hour = 60 * 60;
	$timeout = $timeout * $hour;
	$now = time();

	// Validate time to ensure its not crazy
	return ($timeout == 0 || ($ts > $now - $timeout) && ($ts < $now + $timeout));
}

/**
 * Validate an action token.
 *
 * Calls to actions will automatically validate tokens. If tokens are not
 * present or invalid, the action will be denied and the user will be redirected.
 *
 * Plugin authors should never have to manually validate action tokens.
 *
 * @param bool  $visibleerrors Emit {@link register_error()} errors on failure?
 * @param mixed $token         The token to test against. Default: $_REQUEST['__elgg_token']
 * @param mixed $ts            The time stamp to test against. Default: $_REQUEST['__elgg_ts']
 *
 * @return bool
 * @see generate_action_token()
 * @link http://docs.elgg.org/Actions/Tokens
 * @access private
 */
function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL) {
	if (!$token) {
		$token = get_input('__elgg_token');
	}

	if (!$ts) {
		$ts = get_input('__elgg_ts');
	}

	$session_id = session_id();

	if (($token) && ($ts) && ($session_id)) {
		// generate token, check with input and forward if invalid
		$required_token = generate_action_token($ts);

		// Validate token
		if ($token == $required_token) {
			
			if (_elgg_validate_token_timestamp($ts)) {
				// We have already got this far, so unless anything
				// else says something to the contrary we assume we're ok
				$returnval = true;

				$returnval = elgg_trigger_plugin_hook('action_gatekeeper:permissions:check', 'all', array(
					'token' => $token,
					'time' => $ts
				), $returnval);

				if ($returnval) {
					return true;
				} else if ($visibleerrors) {
					register_error(elgg_echo('actiongatekeeper:pluginprevents'));
				}
			} else if ($visibleerrors) {
				// this is necessary because of #5133
				if (elgg_is_xhr()) {
					register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url())));
				} else {
					register_error(elgg_echo('actiongatekeeper:timeerror'));
				}
			}
		} else if ($visibleerrors) {
			// this is necessary because of #5133
			if (elgg_is_xhr()) {
				register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url())));
			} else {
				register_error(elgg_echo('actiongatekeeper:tokeninvalid'));
			}
		}
	} else {
		if (! empty($_SERVER['CONTENT_LENGTH']) && empty($_POST)) {
			// The size of $_POST or uploaded file has exceed the size limit
			$error_msg = elgg_trigger_plugin_hook('action_gatekeeper:upload_exceeded_msg', 'all', array(
				'post_size' => $_SERVER['CONTENT_LENGTH'],
				'visible_errors' => $visibleerrors,
			), elgg_echo('actiongatekeeper:uploadexceeded'));
		} else {
			$error_msg = elgg_echo('actiongatekeeper:missingfields');
		}
		if ($visibleerrors) {
			register_error($error_msg);
		}
	}

	return FALSE;
}

/**
 * Validates the presence of action tokens.
 *
 * This function is called for all actions.  If action tokens are missing,
 * the user will be forwarded to the site front page and an error emitted.
 *
 * This function verifies form input for security features (like a generated token),
 * and forwards if they are invalid.
 *
 * @param string $action The action being performed
 * 
 * @return mixed True if valid or redirects.
 * @access private
 */
function action_gatekeeper($action) {
	if ($action === 'login') {
		if (validate_action_token(false)) {
			return true;
		}
		
		$token = get_input('__elgg_token');
		$ts = (int)get_input('__elgg_ts');
		if ($token && _elgg_validate_token_timestamp($ts)) {
			// The tokens are present and the time looks valid: this is probably a mismatch due to the 
			// login form being on a different domain.
			register_error(elgg_echo('actiongatekeeper:crosssitelogin'));
			
			
			forward('login', 'csrf');
		}
		
		// let the validator send an appropriate msg
		validate_action_token();
		
	} elseif (validate_action_token()) {
		return true;
	}

	forward(REFERER, 'csrf');
}

/**
 * Generate an action token.
 *
 * Action tokens are based on timestamps as returned by {@link time()}.
 * They are valid for one hour.
 *
 * Action tokens should be passed to all actions name __elgg_ts and __elgg_token.
 *
 * @warning Action tokens are required for all actions.
 *
 * @param int $timestamp Unix timestamp
 *
 * @see @elgg_view input/securitytoken
 * @see @elgg_view input/form
 * @example actions/manual_tokens.php
 *
 * @return string|false
 * @access private
 */
function generate_action_token($timestamp) {
	$site_secret = get_site_secret();
	$session_id = session_id();
	// Session token
	$st = $_SESSION['__elgg_session'];

	if (($site_secret) && ($session_id)) {
		return md5($site_secret . $timestamp . $session_id . $st);
	}

	return FALSE;
}

/**
 * Initialise the site secret (32 bytes: "z" to indicate format + 186-bit key in Base64 URL).
 *
 * Used during installation and saves as a datalist.
 *
 * Note: Old secrets were hex encoded.
 *
 * @return mixed The site secret hash or false
 * @access private
 * @todo Move to better file.
 */
function init_site_secret() {
	$secret = 'z' . ElggCrypto::getRandomString(31);

	if (datalist_set('__site_secret__', $secret)) {
		return $secret;
	}

	return FALSE;
}

/**
 * Returns the site secret.
 *
 * Used to generate difficult to guess hashes for sessions and action tokens.
 *
 * @return string Site secret.
 * @access private
 * @todo Move to better file.
 */
function get_site_secret() {
	$secret = datalist_get('__site_secret__');
	if (!$secret) {
		$secret = init_site_secret();
	}

	return $secret;
}

/**
 * Get the strength of the site secret
 *
 * @return string "strong", "moderate", or "weak"
 * @access private
 */
function _elgg_get_site_secret_strength() {
	$secret = get_site_secret();
	if ($secret[0] !== 'z') {
		$rand_max = getrandmax();
		if ($rand_max < pow(2, 16)) {
			return 'weak';
		}
		if ($rand_max < pow(2, 32)) {
			return 'moderate';
		}
	}
	return 'strong';
}

/**
 * Check if an action is registered and its script exists.
 *
 * @param string $action Action name
 *
 * @return bool
 * @since 1.8.0
 */
function elgg_action_exists($action) {
	global $CONFIG;

	return (isset($CONFIG->actions[$action]) && file_exists($CONFIG->actions[$action]['file']));
}

/**
 * Checks whether the request was requested via ajax
 *
 * @return bool whether page was requested via ajax
 * @since 1.8.0
 */
function elgg_is_xhr() {
	return isset($_SERVER['HTTP_X_REQUESTED_WITH'])
		&& strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest' ||
		get_input('X-Requested-With') === 'XMLHttpRequest';
}

/**
 * Catch calls to forward() in ajax request and force an exit.
 *
 * Forces response is json of the following form:
 * <pre>
 * {
 *     "current_url": "the.url.we/were/coming/from",
 *     "forward_url": "the.url.we/were/going/to",
 *     "system_messages": {
 *         "messages": ["msg1", "msg2", ...],
 *         "errors": ["err1", "err2", ...]
 *     },
 *     "status": -1 //or 0 for success if there are no error messages present
 * }
 * </pre>
 * where "system_messages" is all message registers at the point of forwarding
 *
 * @param string $hook
 * @param string $type
 * @param string $reason
 * @param array $params
 * @return void
 * @access private
 */
function ajax_forward_hook($hook, $type, $reason, $params) {
	if (elgg_is_xhr()) {
		// always pass the full structure to avoid boilerplate JS code.
		$params = array(
			'output' => '',
			'status' => 0,
			'system_messages' => array(
				'error' => array(),
				'success' => array()
			)
		);

		//grab any data echo'd in the action
		$output = ob_get_clean();

		//Avoid double-encoding in case data is json
		$json = json_decode($output);
		if (isset($json)) {
			$params['output'] = $json;
		} else {
			$params['output'] = $output;
		}

		//Grab any system messages so we can inject them via ajax too
		$system_messages = system_messages(NULL, "");

		if (isset($system_messages['success'])) {
			$params['system_messages']['success'] = $system_messages['success'];
		}

		if (isset($system_messages['error'])) {
			$params['system_messages']['error'] = $system_messages['error'];
			$params['status'] = -1;
		}

		// Check the requester can accept JSON responses, if not fall back to
		// returning JSON in a plain-text response.  Some libraries request
		// JSON in an invisible iframe which they then read from the iframe,
		// however some browsers will not accept the JSON MIME type.
		if (stripos($_SERVER['HTTP_ACCEPT'], 'application/json') === FALSE) {
			header("Content-type: text/plain");
		} else {
			header("Content-type: application/json");
		}

		echo json_encode($params);
		exit;
	}
}

/**
 * Buffer all output echo'd directly in the action for inclusion in the returned JSON.
 * @return void
 * @access private
 */
function ajax_action_hook() {
	if (elgg_is_xhr()) {
		ob_start();
	}
}

/**
 * Initialize some ajaxy actions features
 * @access private
 */
function actions_init() {
	elgg_register_action('security/refreshtoken', '', 'public');

	elgg_register_simplecache_view('js/languages/en');

	elgg_register_plugin_hook_handler('action', 'all', 'ajax_action_hook');
	elgg_register_plugin_hook_handler('forward', 'all', 'ajax_forward_hook');
}

elgg_register_event_handler('init', 'system', 'actions_init');