-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeployhook.php
More file actions
82 lines (72 loc) · 2.62 KB
/
deployhook.php
File metadata and controls
82 lines (72 loc) · 2.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
<?php
/**
* Safe upgrades to Magento store.
*
* Visit this script to get further help then use the
* pre- and post-deploy URLs as web hooks.
* Upgrades will not work if Magento is not yet installed.
*
* @author Daniel Deady <daniel.deady@knectar.com>
*/
const CHALLENGE_REALM = 'Private deployment webhook';
const QUERY_PRE = 'pre';
const QUERY_POST = 'post';
if (! filter_var(@$_SERVER['HTTPS'], FILTER_VALIDATE_BOOLEAN)) {
header('HTTP/1.0 403 Forbidden');
die ("Request must be <a href='https://{$_SERVER['HTTP_HOST']}{$_SERVER['SCRIPT_NAME']}'>encrypted</a>\n");
}
function check_htpasswd($filename)
{
$user = @$_SERVER['PHP_AUTH_USER'];
$pass = @$_SERVER['PHP_AUTH_PW'];
// apr1 is Apache's implementation of MD5, 2y is bcrypt
$pattern = '/^'.preg_quote($user).':(\$apr1\$(\w+)\$\w+)$/m';
$passwds = (string) @file_get_contents($filename);
if (! preg_match($pattern, $passwds, $passwd)) return false;
list(, $hash, $salt) = $passwd;
$result = exec('openssl passwd -apr1 -salt '.escapeshellarg($salt).' '.escapeshellarg($pass));
return $result === $hash;
}
if (! check_htpasswd('.htpasswd')) {
$access = (string) @file_get_contents('.htaccess');
if (preg_match('/^\s*AuthType\s+Basic$/im', $access) &&
preg_match('/^\s*AuthUserFile\s+(\S+)$/im', $access, $userfile) &&
preg_match('/^\s*AuthName\s+([\'"]?)(.*)\1$/im', $access, $realm))
{
$userfile = $userfile[1];
$realm = $realm[2];
if (check_htpasswd($userfile)) goto action;
}
else
{
$realm = CHALLENGE_REALM;
}
header('WWW-Authenticate: Basic realm="'.addslashes($realm).'"', true, 401);
die ("Not authorized\n");
}
// Let's GOTO like it's 1990!
action:
switch (@$_SERVER['QUERY_STRING']) {
case QUERY_PRE:
touch('maintenance.flag');
if (! file_exists('maintenance.flag')) {
header('HTTP/1.0 500 Internal Server Error');
echo "Could not lock maintenance mode\n";
}
break;
case QUERY_POST:
// force config to be read and updates applied
include 'shell/cleanCache.php';
// Unset maintenance mode
unlink('maintenance.flag');
break;
default:
$uri = 'https://' . @$_SERVER['PHP_AUTH_USER'] . ':' . @$_SERVER['PHP_AUTH_PW'] . '@';
$uri .= $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'];
header('HTTP/1.0 300 Multiple Choices');
echo "<strong>Request either URL</strong>";
echo "<ul>\n";
echo "<li><pre>{$uri}?", QUERY_PRE, "</pre></li>\n";
echo "<li><pre>{$uri}?", QUERY_POST, "</pre></li>\n";
echo "</ul>\n";
}