From e4986c2d9f376dc9052d3f2f682d579f51a4bcef Mon Sep 17 00:00:00 2001 From: fabian Date: Thu, 15 Jul 2010 14:09:22 +0200 Subject: [PATCH 01/10] Support for mod_auth added --- inc/User/database.php | 313 ++++++++++++++++++++++++++++++++++++++++++ inc/User/ldap.php | 33 +++++ inc/User/mod_auth.php | 179 ++++++++++++++++++++++++ 3 files changed, 525 insertions(+) create mode 100755 inc/User/database.php create mode 100755 inc/User/ldap.php create mode 100755 inc/User/mod_auth.php diff --git a/inc/User/database.php b/inc/User/database.php new file mode 100755 index 00000000000..926f6f9fbb1 --- /dev/null +++ b/inc/User/database.php @@ -0,0 +1,313 @@ +. +* +*/ + + +/** + * Class for usermanagement in a SQL Database + * eg mysql, sqlite + */ +class OC_USER_Database extends OC_USER { + + /** + * check if the login button is pressed and logg the user in + * + */ + public static function loginLisener(){ + if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){ + if(OC_USER::login($_POST['login'],$_POST['password'])){ + echo 1; + OC_LOG::event($_SESSION['username'],1,''); + echo 2; + if((isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') { + $url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; + }else{ + $url = "http://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; + } + header("Location: $url"); + die(); + }else{ + return('error'); + } + } + return(''); + } + + + /** + * try to create a new user + * + */ + public static function createUser($username,$password){ + global $CONFIG_DBTABLEPREFIX; + if(OC_USER::getuserid($username,true)!=0){ + return false; + }else{ + $usernameclean=strtolower($username); + $password=sha1($password); + $username=OC_DB::escape($username); + $usernameclean=OC_DB::escape($usernameclean); + $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')"; + $result=OC_DB::query($query); + return ($result)?true:false; + } + + } + + /** + * try to login a user + * + */ + public static function login($username,$password){ + global $CONFIG_DBTABLEPREFIX; + + $password=sha1($password); + $usernameclean=strtolower($username); + $username=OC_DB::escape($username); + $usernameclean=OC_DB::escape($usernameclean); + $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_id'])){ + $_SESSION['user_id']=$result[0]['user_id']; + $_SESSION['username']=$username; + $_SESSION['username_clean']=$usernameclean; + return true; + }else{ + return false; + } + } + + /** + * check if the logout button is pressed and logout the user + * + */ + public static function logoutLisener(){ + if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ + OC_LOG::event($_SESSION['username'],2,''); + $_SESSION['user_id']=false; + $_SESSION['username']=''; + $_SESSION['username_clean']=''; + } + } + + /** + * check if a user is logged in + * + */ + public static function isLoggedIn(){ + return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false; + } + + /** + * try to create a new group + * + */ + public static function createGroup($groupname){ + global $CONFIG_DBTABLEPREFIX; + if(OC_USER::getgroupid($groupname,true)==0){ + $groupname=OC_DB::escape($groupname); + $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupname')"; + $result=OC_DB::query($query); + return ($result)?true:false; + }else{ + return false; + } + } + + /** + * get the id of a user + * + */ + public static function getUserId($username,$nocache=false){ + global $CONFIG_DBTABLEPREFIX; + $usernameclean=strtolower($username); + if(!$nocache and isset($_SESSION['user_id_cache'][$usernameclean])){//try to use cached value to save an sql query + return $_SESSION['user_id_cache'][$usernameclean]; + } + $usernameclean=OC_DB::escape($usernameclean); + $query="SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean'"; + $result=OC_DB::select($query); + if(!is_array($result)){ + return 0; + } + if(isset($result[0]) && isset($result[0]['user_id'])){ + $_SESSION['user_id_cache'][$usernameclean]=$result[0]['user_id']; + return $result[0]['user_id']; + }else{ + return 0; + } + } + + /** + * get the id of a group + * + */ + public static function getGroupId($groupname,$nocache=false){ + global $CONFIG_DBTABLEPREFIX; + if(!$nocache and isset($_SESSION['group_id_cache'][$groupname])){//try to use cached value to save an sql query + return $_SESSION['group_id_cache'][$groupname]; + } + $groupname=OC_DB::escape($groupname); + $query="SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupname'"; + $result=OC_DB::select($query); + if(!is_array($result)){ + return 0; + } + if(isset($result[0]) && isset($result[0]['group_id'])){ + $_SESSION['group_id_cache'][$groupname]=$result[0]['group_id']; + return $result[0]['group_id']; + }else{ + return 0; + } + } + + /** + * get the name of a group + * + */ + public static function getGroupName($groupid,$nocache=false){ + global $CONFIG_DBTABLEPREFIX; + if($nocache and $name=array_search($groupid,$_SESSION['group_id_cache'])){//try to use cached value to save an sql query + return $name; + } + $groupid=(integer)$groupid; + $query="SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupid' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['group_name'])){ + return $result[0]['group_name']; + }else{ + return 0; + } + } + + /** + * check if a user belongs to a group + * + */ + public static function inGroup($username,$groupname){ + global $CONFIG_DBTABLEPREFIX; + + $userid=OC_USER::getuserid($username); + $groupid=OC_USER::getgroupid($groupname); + if($groupid>0 and $userid>0){ + $query="SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupid' AND user_id = '$userid';"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_group_id'])){ + return true; + }else{ + return false; + } + }else{ + return false; + } + } + + /** + * add a user to a group + * + */ + public static function addToGroup($username,$groupname){ + global $CONFIG_DBTABLEPREFIX; + + if(!OC_USER::ingroup($username,$groupname)){ + $userid=OC_USER::getuserid($username); + $groupid=OC_USER::getgroupid($groupname); + if($groupid!=0 and $userid!=0){ + $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');"; + $result=OC_DB::query($query); + if($result){ + return true; + }else{ + return false; + } + }else{ + return false; + } + }else{ + return true; + } + } + + public static function generatePassword(){ + return uniqid(); + } + + /** + * get all groups the user belongs to + * + */ + public static function getUserGroups($username){ + global $CONFIG_DBTABLEPREFIX; + + $userid=OC_USER::getuserid($username); + $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userid'"; + $result=OC_DB::select($query); + $groups=array(); + if(is_array($result)){ + foreach($result as $group){ + $groupid=$group['group_id']; + $groups[]=OC_USER::getgroupname($groupid); + } + } + return $groups; + } + + /** + * set the password of a user + * + */ + public static function setPassword($username,$password){ + global $CONFIG_DBTABLEPREFIX; + + $password=sha1($password); + $userid=OC_USER::getuserid($username); + $query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userid'"; + $result=OC_DB::query($query); + if($result){ + return true; + }else{ + return false; + } + } + + /** + * check the password of a user + * + */ + public static function checkPassword($username,$password){ + global $CONFIG_DBTABLEPREFIX; + + $password=sha1($password); + $usernameclean=strtolower($username); + $username=OC_DB::escape($username); + $usernameclean=OC_DB::escape($usernameclean); + $query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){ + return true; + }else{ + return false; + } + } +} + +?> \ No newline at end of file diff --git a/inc/User/ldap.php b/inc/User/ldap.php new file mode 100755 index 00000000000..da0e2d04573 --- /dev/null +++ b/inc/User/ldap.php @@ -0,0 +1,33 @@ +. +* +*/ + +require_once 'mod_auth.php'; + +/** + * Class for usermanagement in a SQL Database + * eg mysql, sqlite + */ +class OC_USER_LDAP extends OC_USER_MOD_AUTH { +} + +?> \ No newline at end of file diff --git a/inc/User/mod_auth.php b/inc/User/mod_auth.php new file mode 100755 index 00000000000..0f44a6fb97e --- /dev/null +++ b/inc/User/mod_auth.php @@ -0,0 +1,179 @@ +. +* +*/ + + +/** + * Class for usermanagement in a SQL Database + * eg mysql, sqlite + */ +class OC_USER_MOD_AUTH extends OC_USER { + + /** + * check if the login button is pressed and logg the user in + * + */ + public static function loginLisener(){ + return(''); + } + + + /** + * try to create a new user + * + */ + public static function createUser($username,$password){ + return false; + } + + /** + * try to login a user + * + */ + public static function login($username,$password){ + if (isset($_SERVER["PHP_AUTH_USER"]) && $_SERVER["PHP_AUTH_USER"] != "") { + $_SESSION['user_id']= $_SERVER["PHP_AUTH_USER"]; + $_SESSION['username']= $_SERVER["PHP_AUTH_USER"]; + $_SESSION['username_clean']= $_SERVER["PHP_AUTH_USER"]; + return true; + } + return false; + } + + /** + * check if the logout button is pressed and logout the user + * + */ + public static function logoutLisener(){ + if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ + header('WWW-Authenticate: Basic realm="ownCloud"'); + header('HTTP/1.0 401 Unauthorized'); + die('401 Unauthorized'); + } + } + + /** + * check if a user is logged in + * + */ + public static function isLoggedIn(){ + if (isset($_SESSION['user_id']) && $_SESSION['user_id']) { + return true; + } + else { + if (isset($_SERVER["PHP_AUTH_USER"]) && $_SERVER["PHP_AUTH_USER"] != "") { + $_SESSION['user_id']= $_SERVER["PHP_AUTH_USER"]; + $_SESSION['username']= $_SERVER["PHP_AUTH_USER"]; + $_SESSION['username_clean']= $_SERVER["PHP_AUTH_USER"]; + return true;; + } + } + return false; + } + + /** + * try to create a new group + * + */ + public static function createGroup($groupname){ + // does not work with MOD_AUTH (only or some modules) + return false; + } + + /** + * get the id of a user + * + */ + public static function getUserId($username,$nocache=false){ + // does not work with MOD_AUTH (only or some modules) + return 0; + } + + /** + * get the id of a group + * + */ + public static function getGroupId($groupname,$nocache=false){ + // does not work with MOD_AUTH (only or some modules) + return 0; + } + + /** + * get the name of a group + * + */ + public static function getGroupName($groupid,$nocache=false){ + // does not work with MOD_AUTH (only or some modules) + return 0; + } + + /** + * check if a user belongs to a group + * + */ + public static function inGroup($username,$groupname){ + // does not work with MOD_AUTH (only or some modules) + return false; + } + + /** + * add a user to a group + * + */ + public static function addToGroup($username,$groupname){ + // does not work with MOD_AUTH (only or some modules) + return false; + } + + public static function generatePassword(){ + return uniqid(); + } + + /** + * get all groups the user belongs to + * + */ + public static function getUserGroups($username){ + // does not work with MOD_AUTH (only or some modules) + $groups=array(); + return $groups; + } + + /** + * set the password of a user + * + */ + public static function setPassword($username,$password){ + return false; + } + + /** + * check the password of a user + * + */ + public static function checkPassword($username,$password){ + // does not work with MOD_AUTH (only or some modules) + return false; + } +} + +?> \ No newline at end of file From 9ff483759f522d9e32daa242dc8bb26d5f36d4b0 Mon Sep 17 00:00:00 2001 From: fabian Date: Thu, 15 Jul 2010 14:11:53 +0200 Subject: [PATCH 02/10] Abstract lib_user --- inc/lib_user.php | 225 ++++++++++------------------------------------- 1 file changed, 47 insertions(+), 178 deletions(-) diff --git a/inc/lib_user.php b/inc/lib_user.php index 5fbde168ace..902c999f0ac 100755 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -41,28 +41,14 @@ if(!isset($_SESSION['group_id_cache'])){ */ class OC_USER { + public static $class_type; + /** * check if the login button is pressed and logg the user in * */ public static function loginLisener(){ - if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){ - if(OC_USER::login($_POST['login'],$_POST['password'])){ - echo 1; - OC_LOG::event($_SESSION['username'],1,''); - echo 2; - if((isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') { - $url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; - }else{ - $url = "http://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; - } - header("Location: $url"); - die(); - }else{ - return('error'); - } - } - return(''); + return self::$class_type->loginLisener(); } @@ -71,19 +57,7 @@ class OC_USER { * */ public static function createUser($username,$password){ - global $CONFIG_DBTABLEPREFIX; - if(OC_USER::getuserid($username,true)!=0){ - return false; - }else{ - $usernameclean=strtolower($username); - $password=sha1($password); - $username=OC_DB::escape($username); - $usernameclean=OC_DB::escape($usernameclean); - $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')"; - $result=OC_DB::query($query); - return ($result)?true:false; - } - + return self::$class_type->createUser($username,$password); } /** @@ -91,22 +65,7 @@ class OC_USER { * */ public static function login($username,$password){ - global $CONFIG_DBTABLEPREFIX; - - $password=sha1($password); - $usernameclean=strtolower($username); - $username=OC_DB::escape($username); - $usernameclean=OC_DB::escape($usernameclean); - $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; - $result=OC_DB::select($query); - if(isset($result[0]) && isset($result[0]['user_id'])){ - $_SESSION['user_id']=$result[0]['user_id']; - $_SESSION['username']=$username; - $_SESSION['username_clean']=$usernameclean; - return true; - }else{ - return false; - } + return self::$class_type->login($username,$password); } /** @@ -114,12 +73,7 @@ class OC_USER { * */ public static function logoutLisener(){ - if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ - OC_LOG::event($_SESSION['username'],2,''); - $_SESSION['user_id']=false; - $_SESSION['username']=''; - $_SESSION['username_clean']=''; - } + return self::$class_type->logoutLisener(); } /** @@ -127,7 +81,7 @@ class OC_USER { * */ public static function isLoggedIn(){ - return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false; + return self::$class_type->isLoggedIn(); } /** @@ -135,15 +89,7 @@ class OC_USER { * */ public static function createGroup($groupname){ - global $CONFIG_DBTABLEPREFIX; - if(OC_USER::getgroupid($groupname,true)==0){ - $groupname=OC_DB::escape($groupname); - $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupname')"; - $result=OC_DB::query($query); - return ($result)?true:false; - }else{ - return false; - } + return self::$class_type->createGroup($groupname); } /** @@ -151,23 +97,7 @@ class OC_USER { * */ public static function getUserId($username,$nocache=false){ - global $CONFIG_DBTABLEPREFIX; - $usernameclean=strtolower($username); - if(!$nocache and isset($_SESSION['user_id_cache'][$usernameclean])){//try to use cached value to save an sql query - return $_SESSION['user_id_cache'][$usernameclean]; - } - $usernameclean=OC_DB::escape($usernameclean); - $query="SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean'"; - $result=OC_DB::select($query); - if(!is_array($result)){ - return 0; - } - if(isset($result[0]) && isset($result[0]['user_id'])){ - $_SESSION['user_id_cache'][$usernameclean]=$result[0]['user_id']; - return $result[0]['user_id']; - }else{ - return 0; - } + return self::$class_type->getUserId($username,$nocache=false); } /** @@ -175,22 +105,7 @@ class OC_USER { * */ public static function getGroupId($groupname,$nocache=false){ - global $CONFIG_DBTABLEPREFIX; - if(!$nocache and isset($_SESSION['group_id_cache'][$groupname])){//try to use cached value to save an sql query - return $_SESSION['group_id_cache'][$groupname]; - } - $groupname=OC_DB::escape($groupname); - $query="SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupname'"; - $result=OC_DB::select($query); - if(!is_array($result)){ - return 0; - } - if(isset($result[0]) && isset($result[0]['group_id'])){ - $_SESSION['group_id_cache'][$groupname]=$result[0]['group_id']; - return $result[0]['group_id']; - }else{ - return 0; - } + return self::$class_type->getGroupId($groupname,$nocache=false); } /** @@ -198,18 +113,7 @@ class OC_USER { * */ public static function getGroupName($groupid,$nocache=false){ - global $CONFIG_DBTABLEPREFIX; - if($nocache and $name=array_search($groupid,$_SESSION['group_id_cache'])){//try to use cached value to save an sql query - return $name; - } - $groupid=(integer)$groupid; - $query="SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupid' LIMIT 1"; - $result=OC_DB::select($query); - if(isset($result[0]) && isset($result[0]['group_name'])){ - return $result[0]['group_name']; - }else{ - return 0; - } + return self::$class_type->getGroupName($groupid,$nocache=false); } /** @@ -217,21 +121,7 @@ class OC_USER { * */ public static function inGroup($username,$groupname){ - global $CONFIG_DBTABLEPREFIX; - - $userid=OC_USER::getuserid($username); - $groupid=OC_USER::getgroupid($groupname); - if($groupid>0 and $userid>0){ - $query="SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupid' AND user_id = '$userid';"; - $result=OC_DB::select($query); - if(isset($result[0]) && isset($result[0]['user_group_id'])){ - return true; - }else{ - return false; - } - }else{ - return false; - } + return self::$class_type->inGroup($username,$groupname); } /** @@ -239,25 +129,7 @@ class OC_USER { * */ public static function addToGroup($username,$groupname){ - global $CONFIG_DBTABLEPREFIX; - - if(!OC_USER::ingroup($username,$groupname)){ - $userid=OC_USER::getuserid($username); - $groupid=OC_USER::getgroupid($groupname); - if($groupid!=0 and $userid!=0){ - $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');"; - $result=OC_DB::query($query); - if($result){ - return true; - }else{ - return false; - } - }else{ - return false; - } - }else{ - return true; - } + return self::$class_type->addToGroup($username,$groupname); } public static function generatePassword(){ @@ -269,19 +141,7 @@ class OC_USER { * */ public static function getUserGroups($username){ - global $CONFIG_DBTABLEPREFIX; - - $userid=OC_USER::getuserid($username); - $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userid'"; - $result=OC_DB::select($query); - $groups=array(); - if(is_array($result)){ - foreach($result as $group){ - $groupid=$group['group_id']; - $groups[]=OC_USER::getgroupname($groupid); - } - } - return $groups; + return self::$class_type->getUserGroups($username); } /** @@ -289,17 +149,7 @@ class OC_USER { * */ public static function setPassword($username,$password){ - global $CONFIG_DBTABLEPREFIX; - - $password=sha1($password); - $userid=OC_USER::getuserid($username); - $query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userid'"; - $result=OC_DB::query($query); - if($result){ - return true; - }else{ - return false; - } + return self::$class_type->setPassword($username,$password); } /** @@ -307,20 +157,39 @@ class OC_USER { * */ public static function checkPassword($username,$password){ - global $CONFIG_DBTABLEPREFIX; - - $password=sha1($password); - $usernameclean=strtolower($username); - $username=OC_DB::escape($username); - $usernameclean=OC_DB::escape($usernameclean); - $query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; - $result=OC_DB::select($query); - if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){ - return true; - }else{ - return false; - } + return self::$class_type->checkPassword($username,$password); } } +/* + * Funtion to set the User Authentication Module + */ +function set_OC_USER() { + global $CONFIG_BACKEND; + if (isset($CONFIG_BACKEND)) { + switch($CONFIG_BACKEND) { + case "mysql": + require_once 'User/database.php'; + OC_USER::$class_type = new OC_USER_Database(); + break; + case "sqlite": + require_once 'User/database.php'; + OC_USER::$class_type = new OC_USER_Database(); + break; + case "ldap": + require_once 'User/ldap.php'; + OC_USER::$class_type = new OC_USER_LDAP(); + break; + default: + require_once 'User/database.php'; + OC_USER::$class_type = new OC_USER_Database(); + break; + } + } + else { + require_once 'User/database.php'; + OC_USER::$class_type = new OC_USER_Database(); + } +} +set_OC_USER(); ?> \ No newline at end of file From 7b84bf5f0e9dd8bbe727f4341f315badd66d25d8 Mon Sep 17 00:00:00 2001 From: "Aldo \"xoen\" Giambelluca" Date: Thu, 15 Jul 2010 19:10:20 +0200 Subject: [PATCH 03/10] Minor style changes * Using camelCase for `$classType` property * Using `self` keyword instead of class name * Added spaces here and there --- inc/User/mod_auth.php | 148 +++++++++++++++--------------- inc/lib_user.php | 203 ++++++++++++++++++++++-------------------- 2 files changed, 179 insertions(+), 172 deletions(-) diff --git a/inc/User/mod_auth.php b/inc/User/mod_auth.php index 0f44a6fb97e..2ca03cee304 100755 --- a/inc/User/mod_auth.php +++ b/inc/User/mod_auth.php @@ -22,6 +22,7 @@ */ + /** * Class for usermanagement in a SQL Database * eg mysql, sqlite @@ -29,42 +30,44 @@ class OC_USER_MOD_AUTH extends OC_USER { /** - * check if the login button is pressed and logg the user in - * - */ - public static function loginLisener(){ - return(''); + * check if the login button is pressed and logg the user in + * + */ + public static function loginLisener() { + return ''; } /** - * try to create a new user - * - */ - public static function createUser($username,$password){ + * try to create a new user + * + */ + public static function createUser($username, $password) { return false; } /** - * try to login a user - * - */ - public static function login($username,$password){ - if (isset($_SERVER["PHP_AUTH_USER"]) && $_SERVER["PHP_AUTH_USER"] != "") { - $_SESSION['user_id']= $_SERVER["PHP_AUTH_USER"]; - $_SESSION['username']= $_SERVER["PHP_AUTH_USER"]; - $_SESSION['username_clean']= $_SERVER["PHP_AUTH_USER"]; + * try to login a user + * + */ + public static function login($username, $password) { + if ( isset($_SERVER['PHP_AUTH_USER']) AND ('' !== $_SERVER['PHP_AUTH_USER']) ) { + $_SESSION['user_id'] = $_SERVER['PHP_AUTH_USER']; + $_SESSION['username'] = $_SERVER['PHP_AUTH_USER']; + $_SESSION['username_clean'] = $_SERVER['PHP_AUTH_USER']; + return true; } + return false; } /** - * check if the logout button is pressed and logout the user - * - */ - public static function logoutLisener(){ - if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ + * check if the logout button is pressed and logout the user + * + */ + public static function logoutLisener() { + if( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { header('WWW-Authenticate: Basic realm="ownCloud"'); header('HTTP/1.0 401 Unauthorized'); die('401 Unauthorized'); @@ -72,108 +75,107 @@ class OC_USER_MOD_AUTH extends OC_USER { } /** - * check if a user is logged in - * - */ - public static function isLoggedIn(){ - if (isset($_SESSION['user_id']) && $_SESSION['user_id']) { + * check if a user is logged in + * + */ + public static function isLoggedIn() { + if ( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) { return true; - } - else { - if (isset($_SERVER["PHP_AUTH_USER"]) && $_SERVER["PHP_AUTH_USER"] != "") { - $_SESSION['user_id']= $_SERVER["PHP_AUTH_USER"]; - $_SESSION['username']= $_SERVER["PHP_AUTH_USER"]; - $_SESSION['username_clean']= $_SERVER["PHP_AUTH_USER"]; + } else { + if ( isset($_SERVER['PHP_AUTH_USER']) AND ('' !== $_SERVER['PHP_AUTH_USER']) ) { + $_SESSION['user_id'] = $_SERVER['PHP_AUTH_USER']; + $_SESSION['username'] = $_SERVER['PHP_AUTH_USER']; + $_SESSION['username_clean'] = $_SERVER['PHP_AUTH_USER']; + return true;; } } + return false; } /** - * try to create a new group - * - */ - public static function createGroup($groupname){ + * try to create a new group + * + */ + public static function createGroup($groupname) { // does not work with MOD_AUTH (only or some modules) return false; } /** - * get the id of a user - * - */ - public static function getUserId($username,$nocache=false){ + * get the id of a user + * + */ + public static function getUserId($username, $nocache=false) { // does not work with MOD_AUTH (only or some modules) return 0; } /** - * get the id of a group - * - */ - public static function getGroupId($groupname,$nocache=false){ + * get the id of a group + * + */ + public static function getGroupId($groupname, $nocache=false) { // does not work with MOD_AUTH (only or some modules) return 0; } /** - * get the name of a group - * - */ - public static function getGroupName($groupid,$nocache=false){ + * get the name of a group + * + */ + public static function getGroupName($groupid, $nocache=false) { // does not work with MOD_AUTH (only or some modules) return 0; } /** - * check if a user belongs to a group - * - */ - public static function inGroup($username,$groupname){ + * check if a user belongs to a group + * + */ + public static function inGroup($username, $groupname) { // does not work with MOD_AUTH (only or some modules) return false; } /** - * add a user to a group - * - */ - public static function addToGroup($username,$groupname){ + * add a user to a group + * + */ + public static function addToGroup($username, $groupname) { // does not work with MOD_AUTH (only or some modules) return false; } - public static function generatePassword(){ + public static function generatePassword() { return uniqid(); } /** - * get all groups the user belongs to - * - */ - public static function getUserGroups($username){ + * get all groups the user belongs to + * + */ + public static function getUserGroups($username) { // does not work with MOD_AUTH (only or some modules) - $groups=array(); + $groups = array(); return $groups; } /** - * set the password of a user - * - */ - public static function setPassword($username,$password){ + * set the password of a user + * + */ + public static function setPassword($username, $password) { return false; } /** - * check the password of a user - * - */ - public static function checkPassword($username,$password){ + * check the password of a user + * + */ + public static function checkPassword($username, $password) { // does not work with MOD_AUTH (only or some modules) return false; } } - -?> \ No newline at end of file diff --git a/inc/lib_user.php b/inc/lib_user.php index 902c999f0ac..f1cc874a459 100755 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -21,175 +21,180 @@ * */ -if(!$CONFIG_INSTALLED){ - $_SESSION['user_id']=false; - $_SESSION['username']=''; - $_SESSION['username_clean']=''; + + +if( !$CONFIG_INSTALLED ) { + $_SESSION['user_id'] = false; + $_SESSION['username'] = ''; + $_SESSION['username_clean'] = ''; } //cache the userid's an groupid's -if(!isset($_SESSION['user_id_cache'])){ - $_SESSION['user_id_cache']=array(); +if( !isset($_SESSION['user_id_cache']) ) { + $_SESSION['user_id_cache'] = array(); } -if(!isset($_SESSION['group_id_cache'])){ - $_SESSION['group_id_cache']=array(); +if( !isset($_SESSION['group_id_cache']) ) { + $_SESSION['group_id_cache'] = array(); } + + /** * Class for usermanagement * */ class OC_USER { - public static $class_type; + public static $classType; /** - * check if the login button is pressed and logg the user in - * - */ - public static function loginLisener(){ - return self::$class_type->loginLisener(); + * check if the login button is pressed and logg the user in + * + */ + public static function loginLisener() { + return self::classType->loginLisener(); } /** - * try to create a new user - * - */ - public static function createUser($username,$password){ - return self::$class_type->createUser($username,$password); + * try to create a new user + * + */ + public static function createUser($username, $password) { + return self::classType->createUser($username, $password); } /** - * try to login a user - * - */ - public static function login($username,$password){ - return self::$class_type->login($username,$password); + * try to login a user + * + */ + public static function login($username, $password) { + return self::classType->login($username, $password); } /** - * check if the logout button is pressed and logout the user - * - */ - public static function logoutLisener(){ - return self::$class_type->logoutLisener(); + * check if the logout button is pressed and logout the user + * + */ + public static function logoutLisener() { + return self::classType->logoutLisener(); } /** - * check if a user is logged in - * - */ - public static function isLoggedIn(){ - return self::$class_type->isLoggedIn(); + * check if a user is logged in + * + */ + public static function isLoggedIn() { + return self::classType->isLoggedIn(); } /** - * try to create a new group - * - */ - public static function createGroup($groupname){ - return self::$class_type->createGroup($groupname); + * try to create a new group + * + */ + public static function createGroup($groupname) { + return self::classType->createGroup($groupname); } /** - * get the id of a user - * - */ - public static function getUserId($username,$nocache=false){ - return self::$class_type->getUserId($username,$nocache=false); + * get the id of a user + * + */ + public static function getUserId($username, $nocache=false) { + return self::classType->getUserId($username, $nocache=false); } /** - * get the id of a group - * - */ - public static function getGroupId($groupname,$nocache=false){ - return self::$class_type->getGroupId($groupname,$nocache=false); + * get the id of a group + * + */ + public static function getGroupId($groupname, $nocache=false) { + return self::classType->getGroupId($groupname, $nocache=false); } /** - * get the name of a group - * - */ - public static function getGroupName($groupid,$nocache=false){ - return self::$class_type->getGroupName($groupid,$nocache=false); + * get the name of a group + * + */ + public static function getGroupName($groupid, $nocache=false) { + return self::classType->getGroupName($groupid, $nocache=false); } /** - * check if a user belongs to a group - * - */ - public static function inGroup($username,$groupname){ - return self::$class_type->inGroup($username,$groupname); + * check if a user belongs to a group + * + */ + public static function inGroup($username, $groupname) { + return self::classType->inGroup($username, $groupname); } /** - * add a user to a group - * - */ - public static function addToGroup($username,$groupname){ - return self::$class_type->addToGroup($username,$groupname); + * add a user to a group + * + */ + public static function addToGroup($username, $groupname) { + return self::classType->addToGroup($username, $groupname); } - public static function generatePassword(){ + public static function generatePassword() { return uniqid(); } /** - * get all groups the user belongs to - * - */ - public static function getUserGroups($username){ - return self::$class_type->getUserGroups($username); + * get all groups the user belongs to + * + */ + public static function getUserGroups($username) { + return self::classType->getUserGroups($username); } /** - * set the password of a user - * - */ - public static function setPassword($username,$password){ - return self::$class_type->setPassword($username,$password); + * set the password of a user + * + */ + public static function setPassword($username, $password) { + return self::classType->setPassword($username, $password); } /** - * check the password of a user - * - */ - public static function checkPassword($username,$password){ - return self::$class_type->checkPassword($username,$password); + * check the password of a user + * + */ + public static function checkPassword($username, $password) { + return self::classType->checkPassword($username, $password); } } -/* + + +/** * Funtion to set the User Authentication Module */ function set_OC_USER() { global $CONFIG_BACKEND; - if (isset($CONFIG_BACKEND)) { - switch($CONFIG_BACKEND) { - case "mysql": + + if ( isset($CONFIG_BACKEND) ) { + switch( $CONFIG_BACKEND ) { + case 'mysql': + case 'sqlite': require_once 'User/database.php'; - OC_USER::$class_type = new OC_USER_Database(); - break; - case "sqlite": - require_once 'User/database.php'; - OC_USER::$class_type = new OC_USER_Database(); - break; - case "ldap": + self::classType = new OC_USER_Database(); + break; + case 'ldap': require_once 'User/ldap.php'; - OC_USER::$class_type = new OC_USER_LDAP(); - break; + self::classType = new OC_USER_LDAP(); + break; default: require_once 'User/database.php'; - OC_USER::$class_type = new OC_USER_Database(); - break; + self::classType = new OC_USER_Database(); + break; } - } - else { + } else { require_once 'User/database.php'; - OC_USER::$class_type = new OC_USER_Database(); + self::classType = new OC_USER_Database(); } } + + + set_OC_USER(); -?> \ No newline at end of file From 64fd3f7aea7e6aa6ca93cd91b17a6f96842a5c02 Mon Sep 17 00:00:00 2001 From: "Aldo \"xoen\" Giambelluca" Date: Thu, 15 Jul 2010 19:56:13 +0200 Subject: [PATCH 04/10] Fixed a cache-check in `OC_USER_Database::getGroupName()` and minor style changes * Added spaces here and there * Using camelCase for same variable --- inc/User/database.php | 351 ++++++++++++++++++++++-------------------- 1 file changed, 183 insertions(+), 168 deletions(-) diff --git a/inc/User/database.php b/inc/User/database.php index 926f6f9fbb1..e2294dc0764 100755 --- a/inc/User/database.php +++ b/inc/User/database.php @@ -22,6 +22,7 @@ */ + /** * Class for usermanagement in a SQL Database * eg mysql, sqlite @@ -29,262 +30,277 @@ class OC_USER_Database extends OC_USER { /** - * check if the login button is pressed and logg the user in - * - */ - public static function loginLisener(){ - if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){ - if(OC_USER::login($_POST['login'],$_POST['password'])){ + * check if the login button is pressed and logg the user in + * + */ + public static function loginLisener() { + if ( isset($_POST['loginbutton']) AND isset($_POST['password']) AND isset($_POST['login']) ) { + if ( OC_USER::login($_POST['login'], $_POST['password']) ) { echo 1; - OC_LOG::event($_SESSION['username'],1,''); + OC_LOG::event($_SESSION['username'], 1, ''); echo 2; - if((isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') { - $url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; - }else{ - $url = "http://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; + if ( ( isset($CONFIG_HTTPFORCESSL) AND $CONFIG_HTTPFORCESSL ) + OR ( isset($_SERVER['HTTPS']) AND ( 'on' === $_SERVER['HTTPS'] ) ) ) { + $url = 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; + } else { + $url = 'http://'. $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; } - header("Location: $url"); + header('Location: $url'); die(); - }else{ - return('error'); - } + } else { + return 'error'; + } } + return(''); } /** - * try to create a new user - * - */ - public static function createUser($username,$password){ + * try to create a new user + * + */ + public static function createUser($username, $password) { global $CONFIG_DBTABLEPREFIX; - if(OC_USER::getuserid($username,true)!=0){ + if ( 0 !== OC_USER::getUserId($username, true) ) { return false; - }else{ - $usernameclean=strtolower($username); - $password=sha1($password); - $username=OC_DB::escape($username); - $usernameclean=OC_DB::escape($usernameclean); - $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')"; - $result=OC_DB::query($query); - return ($result)?true:false; - } + } else { + $usernameclean = strtolower($username); + $password = sha1($password); + $username = OC_DB::escape($username); + $usernameclean = OC_DB::escape($usernameclean); + $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')"; + $result = OC_DB::query($query); + return ($result) ? true : false; + } } /** - * try to login a user - * - */ - public static function login($username,$password){ + * try to login a user + * + */ + public static function login($username, $password) { global $CONFIG_DBTABLEPREFIX; - $password=sha1($password); - $usernameclean=strtolower($username); - $username=OC_DB::escape($username); - $usernameclean=OC_DB::escape($usernameclean); + $password = sha1($password); + $usernameclean = strtolower($username); + $username = OC_DB::escape($username); + $usernameclean = OC_DB::escape($usernameclean); $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; - $result=OC_DB::select($query); - if(isset($result[0]) && isset($result[0]['user_id'])){ - $_SESSION['user_id']=$result[0]['user_id']; - $_SESSION['username']=$username; - $_SESSION['username_clean']=$usernameclean; + $result = OC_DB::select($query); + if ( isset($result[0]) AND isset($result[0]['user_id'])) { + $_SESSION['user_id'] = $result[0]['user_id']; + $_SESSION['username'] = $username; + $_SESSION['username_clean'] = $usernameclean; + return true; - }else{ + } else { return false; } } /** - * check if the logout button is pressed and logout the user - * - */ - public static function logoutLisener(){ - if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ - OC_LOG::event($_SESSION['username'],2,''); - $_SESSION['user_id']=false; - $_SESSION['username']=''; - $_SESSION['username_clean']=''; + * check if the logout button is pressed and logout the user + * + */ + public static function logoutLisener() { + if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { + OC_LOG::event($_SESSION['username'], 2, ''); + $_SESSION['user_id'] = false; + $_SESSION['username'] = ''; + $_SESSION['username_clean'] = ''; } } /** - * check if a user is logged in - * - */ - public static function isLoggedIn(){ - return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false; - } - - /** - * try to create a new group - * - */ - public static function createGroup($groupname){ - global $CONFIG_DBTABLEPREFIX; - if(OC_USER::getgroupid($groupname,true)==0){ - $groupname=OC_DB::escape($groupname); - $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupname')"; - $result=OC_DB::query($query); - return ($result)?true:false; - }else{ + * check if a user is logged in + * + */ + public static function isLoggedIn() { + if ( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) { + return true; + } else { return false; } } /** - * get the id of a user - * - */ - public static function getUserId($username,$nocache=false){ + * try to create a new group + * + */ + public static function createGroup($groupname) { global $CONFIG_DBTABLEPREFIX; - $usernameclean=strtolower($username); - if(!$nocache and isset($_SESSION['user_id_cache'][$usernameclean])){//try to use cached value to save an sql query - return $_SESSION['user_id_cache'][$usernameclean]; + if ( 0 === OC_USER::getGroupId($groupname, true) ) { + $groupname = OC_DB::escape($groupname); + $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupname')"; + $result = OC_DB::query($query); + + return ($result) ? true : false; + } else { + return false; } - $usernameclean=OC_DB::escape($usernameclean); - $query="SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean'"; - $result=OC_DB::select($query); - if(!is_array($result)){ + } + + /** + * get the id of a user + * + */ + public static function getUserId($username, $nocache=false) { + global $CONFIG_DBTABLEPREFIX; + + $usernameClean = strtolower($username); + //try to use cached value to save an sql query + if ( !$nocache AND isset($_SESSION['user_id_cache'][$usernameClean]) ) { + return $_SESSION['user_id_cache'][$usernameClean]; + } + $usernameClean = OC_DB::escape($usernameClean); + $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameClean'"; + $result = OC_DB::select($query); + if ( !is_array($result) ) { return 0; } - if(isset($result[0]) && isset($result[0]['user_id'])){ - $_SESSION['user_id_cache'][$usernameclean]=$result[0]['user_id']; + if ( isset($result[0]) AND isset($result[0]['user_id']) ) { + $_SESSION['user_id_cache'][$usernameClean] = $result[0]['user_id']; return $result[0]['user_id']; - }else{ + } else { return 0; } } /** - * get the id of a group - * - */ - public static function getGroupId($groupname,$nocache=false){ + * get the id of a group + * + */ + public static function getGroupId($groupName, $noCache=false) { global $CONFIG_DBTABLEPREFIX; - if(!$nocache and isset($_SESSION['group_id_cache'][$groupname])){//try to use cached value to save an sql query - return $_SESSION['group_id_cache'][$groupname]; + + //try to use cached value to save an sql query + if ( !$noCache AND isset($_SESSION['group_id_cache'][$groupName]) ) { + return $_SESSION['group_id_cache'][$groupName]; } - $groupname=OC_DB::escape($groupname); - $query="SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupname'"; - $result=OC_DB::select($query); - if(!is_array($result)){ + $groupName = OC_DB::escape($groupName); + $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupName'"; + $result = OC_DB::select($query); + if ( !is_array($result) ) { return 0; } - if(isset($result[0]) && isset($result[0]['group_id'])){ - $_SESSION['group_id_cache'][$groupname]=$result[0]['group_id']; + if ( isset($result[0]) AND isset($result[0]['group_id']) ) { + $_SESSION['group_id_cache'][$groupName] = $result[0]['group_id']; return $result[0]['group_id']; - }else{ + } else { return 0; } } /** - * get the name of a group - * - */ - public static function getGroupName($groupid,$nocache=false){ + * get the name of a group + * + */ + public static function getGroupName($groupId, $noCache=false) { global $CONFIG_DBTABLEPREFIX; - if($nocache and $name=array_search($groupid,$_SESSION['group_id_cache'])){//try to use cached value to save an sql query + + //try to use cached value to save an sql query + if ( !$noCache AND ( $name = array_search($groupId,$_SESSION['group_id_cache']) ) ) { return $name; } - $groupid=(integer)$groupid; - $query="SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupid' LIMIT 1"; - $result=OC_DB::select($query); - if(isset($result[0]) && isset($result[0]['group_name'])){ + $groupId = (integer)$groupId; + $query = "SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupId' LIMIT 1"; + $result = OC_DB::select($query); + if ( isset($result[0]) AND isset($result[0]['group_name']) ) { return $result[0]['group_name']; - }else{ + } else { return 0; } } /** - * check if a user belongs to a group - * - */ - public static function inGroup($username,$groupname){ + * check if a user belongs to a group + * + */ + public static function inGroup($username, $groupName) { global $CONFIG_DBTABLEPREFIX; - $userid=OC_USER::getuserid($username); - $groupid=OC_USER::getgroupid($groupname); - if($groupid>0 and $userid>0){ - $query="SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupid' AND user_id = '$userid';"; - $result=OC_DB::select($query); - if(isset($result[0]) && isset($result[0]['user_group_id'])){ + $userId = OC_USER::getUserId($username); + $groupId = OC_USER::getGroupId($groupName); + if ( ( $groupId > 0 ) AND ( $userId > 0 ) ) { + $query = "SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupId' AND user_id = '$userId';"; + $result = OC_DB::select($query); + if ( isset($result[0]) AND isset($result[0]['user_group_id']) ) { return true; - }else{ + } else { return false; } - }else{ + } else { return false; } } /** - * add a user to a group - * - */ - public static function addToGroup($username,$groupname){ + * add a user to a group + * + */ + public static function addToGroup($username, $groupName) { global $CONFIG_DBTABLEPREFIX; - if(!OC_USER::ingroup($username,$groupname)){ - $userid=OC_USER::getuserid($username); - $groupid=OC_USER::getgroupid($groupname); - if($groupid!=0 and $userid!=0){ - $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');"; - $result=OC_DB::query($query); - if($result){ + if ( !OC_USER::inGroup($username, $groupName) ) { + $userId = OC_USER::getuserid($username); + $groupId = OC_USER::getgroupid($groupName); + if ( ( 0 != $groupId ) AND ( 0 != $userId ) ) { + $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userId', '$groupId');"; + $result = OC_DB::query($query); + if ( $result ) { return true; - }else{ + } else { return false; } - }else{ + } else { return false; } - }else{ + } else { return true; } } - public static function generatePassword(){ + public static function generatePassword() { return uniqid(); } /** - * get all groups the user belongs to - * - */ - public static function getUserGroups($username){ + * get all groups the user belongs to + * + */ + public static function getUserGroups($username) { global $CONFIG_DBTABLEPREFIX; - $userid=OC_USER::getuserid($username); - $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userid'"; - $result=OC_DB::select($query); - $groups=array(); - if(is_array($result)){ - foreach($result as $group){ - $groupid=$group['group_id']; - $groups[]=OC_USER::getgroupname($groupid); + $userId = OC_USER::getUserId($username); + $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userId'"; + $result = OC_DB::select($query); + $groups = array(); + if ( is_array($result) ) { + foreach ( $result as $group ) { + $groupId = $group['group_id']; + $groups[] = OC_USER::getGroupName($groupId); } } + return $groups; } /** - * set the password of a user - * - */ - public static function setPassword($username,$password){ + * set the password of a user + * + */ + public static function setPassword($username, $password) { global $CONFIG_DBTABLEPREFIX; - $password=sha1($password); - $userid=OC_USER::getuserid($username); - $query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userid'"; - $result=OC_DB::query($query); - if($result){ + $password = sha1($password); + $userId = OC_USER::getUserId($username); + $query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userId'"; + $result = OC_DB::query($query); + if ( $result ) { return true; - }else{ + } else { return false; } } @@ -293,21 +309,20 @@ class OC_USER_Database extends OC_USER { * check the password of a user * */ - public static function checkPassword($username,$password){ + public static function checkPassword($username, $password) { global $CONFIG_DBTABLEPREFIX; - $password=sha1($password); - $usernameclean=strtolower($username); - $username=OC_DB::escape($username); - $usernameclean=OC_DB::escape($usernameclean); - $query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; - $result=OC_DB::select($query); - if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){ + $password = sha1($password); + $usernameClean = strtolower($username); + $username = OC_DB::escape($username); + $usernameClean = OC_DB::escape($usernameClean); + $query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameClean' AND user_password = '$password' LIMIT 1"; + $result = OC_DB::select($query); + if ( isset($result[0]) AND isset($result[0]['user_id']) AND ( $result[0]['user_id'] > 0 ) ) { return true; - }else{ + } else { return false; } } -} -?> \ No newline at end of file +} From 42d603c5b3c5e4a8dcde5a1db0bc8b61a0ff38ba Mon Sep 17 00:00:00 2001 From: "Aldo \"xoen\" Giambelluca" Date: Thu, 15 Jul 2010 20:57:14 +0200 Subject: [PATCH 05/10] Minor style changes * camelCase * spaces here and there --- inc/User/database.php | 84 +++++++++++++++++++++---------------------- inc/User/mod_auth.php | 48 +++++++++++++------------ inc/lib_user.php | 60 +++++++++++++++---------------- 3 files changed, 97 insertions(+), 95 deletions(-) diff --git a/inc/User/database.php b/inc/User/database.php index e2294dc0764..e083c30a7dc 100755 --- a/inc/User/database.php +++ b/inc/User/database.php @@ -24,13 +24,13 @@ /** - * Class for usermanagement in a SQL Database - * eg mysql, sqlite + * Class for usermanagement in a SQL Database (e.g. MySQL, SQLite) + * */ class OC_USER_Database extends OC_USER { /** - * check if the login button is pressed and logg the user in + * Check if the login button is pressed and logg the user in * */ public static function loginLisener() { @@ -40,7 +40,7 @@ class OC_USER_Database extends OC_USER { OC_LOG::event($_SESSION['username'], 1, ''); echo 2; if ( ( isset($CONFIG_HTTPFORCESSL) AND $CONFIG_HTTPFORCESSL ) - OR ( isset($_SERVER['HTTPS']) AND ( 'on' === $_SERVER['HTTPS'] ) ) ) { + OR ( isset($_SERVER['HTTPS']) AND ('on' === $_SERVER['HTTPS']) ) ) { $url = 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; } else { $url = 'http://'. $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; @@ -57,19 +57,20 @@ class OC_USER_Database extends OC_USER { /** - * try to create a new user + * Try to create a new user * */ public static function createUser($username, $password) { global $CONFIG_DBTABLEPREFIX; + if ( 0 !== OC_USER::getUserId($username, true) ) { return false; } else { - $usernameclean = strtolower($username); + $usernameClean = strtolower($username); $password = sha1($password); $username = OC_DB::escape($username); - $usernameclean = OC_DB::escape($usernameclean); - $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')"; + $usernameClean = OC_DB::escape($usernameClean); + $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameClean', '$password')"; $result = OC_DB::query($query); return ($result) ? true : false; @@ -77,22 +78,22 @@ class OC_USER_Database extends OC_USER { } /** - * try to login a user + * Try to login a user * */ public static function login($username, $password) { global $CONFIG_DBTABLEPREFIX; $password = sha1($password); - $usernameclean = strtolower($username); + $usernameClean = strtolower($username); $username = OC_DB::escape($username); - $usernameclean = OC_DB::escape($usernameclean); - $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; + $usernameClean = OC_DB::escape($usernameClean); + $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameClean' AND user_password = '$password' LIMIT 1"; $result = OC_DB::select($query); - if ( isset($result[0]) AND isset($result[0]['user_id'])) { + if ( isset($result[0]) AND isset($result[0]['user_id']) ) { $_SESSION['user_id'] = $result[0]['user_id']; $_SESSION['username'] = $username; - $_SESSION['username_clean'] = $usernameclean; + $_SESSION['username_clean'] = $usernameClean; return true; } else { @@ -101,7 +102,7 @@ class OC_USER_Database extends OC_USER { } /** - * check if the logout button is pressed and logout the user + * Check if the logout button is pressed and logout the user * */ public static function logoutLisener() { @@ -114,7 +115,7 @@ class OC_USER_Database extends OC_USER { } /** - * check if a user is logged in + * Check if a user is logged in * */ public static function isLoggedIn() { @@ -126,32 +127,33 @@ class OC_USER_Database extends OC_USER { } /** - * try to create a new group + * Try to create a new group * */ - public static function createGroup($groupname) { + public static function createGroup($groupName) { global $CONFIG_DBTABLEPREFIX; - if ( 0 === OC_USER::getGroupId($groupname, true) ) { - $groupname = OC_DB::escape($groupname); - $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupname')"; + + if ( 0 === OC_USER::getGroupId($groupName, true) ) { + $groupName = OC_DB::escape($groupName); + $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupName')"; $result = OC_DB::query($query); - return ($result) ? true : false; + return $result ? true : false; } else { return false; } } /** - * get the id of a user + * Get the ID of a user * */ - public static function getUserId($username, $nocache=false) { + public static function getUserId($username, $noCache=false) { global $CONFIG_DBTABLEPREFIX; $usernameClean = strtolower($username); //try to use cached value to save an sql query - if ( !$nocache AND isset($_SESSION['user_id_cache'][$usernameClean]) ) { + if ( !$noCache AND isset($_SESSION['user_id_cache'][$usernameClean]) ) { return $_SESSION['user_id_cache'][$usernameClean]; } $usernameClean = OC_DB::escape($usernameClean); @@ -169,7 +171,7 @@ class OC_USER_Database extends OC_USER { } /** - * get the id of a group + * Get the ID of a group * */ public static function getGroupId($groupName, $noCache=false) { @@ -187,6 +189,7 @@ class OC_USER_Database extends OC_USER { } if ( isset($result[0]) AND isset($result[0]['group_id']) ) { $_SESSION['group_id_cache'][$groupName] = $result[0]['group_id']; + return $result[0]['group_id']; } else { return 0; @@ -194,14 +197,14 @@ class OC_USER_Database extends OC_USER { } /** - * get the name of a group + * Get the name of a group * */ public static function getGroupName($groupId, $noCache=false) { global $CONFIG_DBTABLEPREFIX; //try to use cached value to save an sql query - if ( !$noCache AND ( $name = array_search($groupId,$_SESSION['group_id_cache']) ) ) { + if ( !$noCache AND ($name = array_search($groupId,$_SESSION['group_id_cache'])) ) { return $name; } $groupId = (integer)$groupId; @@ -215,7 +218,7 @@ class OC_USER_Database extends OC_USER { } /** - * check if a user belongs to a group + * Check if a user belongs to a group * */ public static function inGroup($username, $groupName) { @@ -223,7 +226,7 @@ class OC_USER_Database extends OC_USER { $userId = OC_USER::getUserId($username); $groupId = OC_USER::getGroupId($groupName); - if ( ( $groupId > 0 ) AND ( $userId > 0 ) ) { + if ( ($groupId > 0) AND ($userId > 0) ) { $query = "SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupId' AND user_id = '$userId';"; $result = OC_DB::select($query); if ( isset($result[0]) AND isset($result[0]['user_group_id']) ) { @@ -237,7 +240,7 @@ class OC_USER_Database extends OC_USER { } /** - * add a user to a group + * Add a user to a group * */ public static function addToGroup($username, $groupName) { @@ -246,7 +249,7 @@ class OC_USER_Database extends OC_USER { if ( !OC_USER::inGroup($username, $groupName) ) { $userId = OC_USER::getuserid($username); $groupId = OC_USER::getgroupid($groupName); - if ( ( 0 != $groupId ) AND ( 0 != $userId ) ) { + if ( (0 !== $groupId) AND (0 !== $userId) ) { $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userId', '$groupId');"; $result = OC_DB::query($query); if ( $result ) { @@ -263,11 +266,11 @@ class OC_USER_Database extends OC_USER { } public static function generatePassword() { - return uniqid(); + return uniqId(); } /** - * get all groups the user belongs to + * Get all groups the user belongs to * */ public static function getUserGroups($username) { @@ -288,7 +291,7 @@ class OC_USER_Database extends OC_USER { } /** - * set the password of a user + * Set the password of a user * */ public static function setPassword($username, $password) { @@ -298,15 +301,12 @@ class OC_USER_Database extends OC_USER { $userId = OC_USER::getUserId($username); $query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userId'"; $result = OC_DB::query($query); - if ( $result ) { - return true; - } else { - return false; - } + + return $result ? true : false; } /** - * check the password of a user + * Check the password of a user * */ public static function checkPassword($username, $password) { @@ -318,7 +318,7 @@ class OC_USER_Database extends OC_USER { $usernameClean = OC_DB::escape($usernameClean); $query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameClean' AND user_password = '$password' LIMIT 1"; $result = OC_DB::select($query); - if ( isset($result[0]) AND isset($result[0]['user_id']) AND ( $result[0]['user_id'] > 0 ) ) { + if ( isset($result[0]) AND isset($result[0]['user_id']) AND ($result[0]['user_id'] > 0) ) { return true; } else { return false; diff --git a/inc/User/mod_auth.php b/inc/User/mod_auth.php index 2ca03cee304..11cb4bafd4a 100755 --- a/inc/User/mod_auth.php +++ b/inc/User/mod_auth.php @@ -24,13 +24,13 @@ /** - * Class for usermanagement in a SQL Database - * eg mysql, sqlite + * Class for usermanagement in a SQL Database (e.g. MySQL, SQLite) + * */ class OC_USER_MOD_AUTH extends OC_USER { /** - * check if the login button is pressed and logg the user in + * Check if the login button is pressed and logg the user in * */ public static function loginLisener() { @@ -39,7 +39,7 @@ class OC_USER_MOD_AUTH extends OC_USER { /** - * try to create a new user + * Try to create a new user * */ public static function createUser($username, $password) { @@ -47,7 +47,7 @@ class OC_USER_MOD_AUTH extends OC_USER { } /** - * try to login a user + * Try to login a user * */ public static function login($username, $password) { @@ -63,7 +63,7 @@ class OC_USER_MOD_AUTH extends OC_USER { } /** - * check if the logout button is pressed and logout the user + * Check if the logout button is pressed and logout the user * */ public static function logoutLisener() { @@ -75,7 +75,7 @@ class OC_USER_MOD_AUTH extends OC_USER { } /** - * check if a user is logged in + * Check if a user is logged in * */ public static function isLoggedIn() { @@ -95,75 +95,76 @@ class OC_USER_MOD_AUTH extends OC_USER { } /** - * try to create a new group + * Try to create a new group * */ - public static function createGroup($groupname) { + public static function createGroup($groupName) { // does not work with MOD_AUTH (only or some modules) return false; } /** - * get the id of a user + * Get the ID of a user * */ - public static function getUserId($username, $nocache=false) { + public static function getUserId($username, $noCache=false) { // does not work with MOD_AUTH (only or some modules) return 0; } /** - * get the id of a group + * Get the ID of a group * */ - public static function getGroupId($groupname, $nocache=false) { + public static function getGroupId($groupName, $noCache=false) { // does not work with MOD_AUTH (only or some modules) return 0; } /** - * get the name of a group + * Get the name of a group * */ - public static function getGroupName($groupid, $nocache=false) { + public static function getGroupName($groupId, $noCache=false) { // does not work with MOD_AUTH (only or some modules) return 0; } /** - * check if a user belongs to a group + * Check if a user belongs to a group * */ - public static function inGroup($username, $groupname) { + public static function inGroup($username, $groupName) { // does not work with MOD_AUTH (only or some modules) return false; } /** - * add a user to a group + * Add a user to a group * */ - public static function addToGroup($username, $groupname) { + public static function addToGroup($username, $groupName) { // does not work with MOD_AUTH (only or some modules) return false; } public static function generatePassword() { - return uniqid(); + return uniqId(); } /** - * get all groups the user belongs to + * Get all groups the user belongs to * */ public static function getUserGroups($username) { // does not work with MOD_AUTH (only or some modules) $groups = array(); + return $groups; } /** - * set the password of a user + * Set the password of a user * */ public static function setPassword($username, $password) { @@ -171,11 +172,12 @@ class OC_USER_MOD_AUTH extends OC_USER { } /** - * check the password of a user + * Check the password of a user * */ public static function checkPassword($username, $password) { // does not work with MOD_AUTH (only or some modules) return false; } + } diff --git a/inc/lib_user.php b/inc/lib_user.php index f1cc874a459..d3c2b9f9109 100755 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -23,14 +23,14 @@ -if( !$CONFIG_INSTALLED ) { +if ( !$CONFIG_INSTALLED ) { $_SESSION['user_id'] = false; $_SESSION['username'] = ''; $_SESSION['username_clean'] = ''; } //cache the userid's an groupid's -if( !isset($_SESSION['user_id_cache']) ) { +if ( !isset($_SESSION['user_id_cache']) ) { $_SESSION['user_id_cache'] = array(); } if( !isset($_SESSION['group_id_cache']) ) { @@ -40,7 +40,7 @@ if( !isset($_SESSION['group_id_cache']) ) { /** - * Class for usermanagement + * Class for user management * */ class OC_USER { @@ -48,7 +48,7 @@ class OC_USER { public static $classType; /** - * check if the login button is pressed and logg the user in + * Check if the login button is pressed and logg the user in * */ public static function loginLisener() { @@ -57,7 +57,7 @@ class OC_USER { /** - * try to create a new user + * Try to create a new user * */ public static function createUser($username, $password) { @@ -65,7 +65,7 @@ class OC_USER { } /** - * try to login a user + * Try to login a user * */ public static function login($username, $password) { @@ -73,7 +73,7 @@ class OC_USER { } /** - * check if the logout button is pressed and logout the user + * Check if the logout button is pressed and logout the user * */ public static function logoutLisener() { @@ -81,7 +81,7 @@ class OC_USER { } /** - * check if a user is logged in + * Check if a user is logged in * */ public static function isLoggedIn() { @@ -89,59 +89,59 @@ class OC_USER { } /** - * try to create a new group + * Try to create a new group * */ - public static function createGroup($groupname) { - return self::classType->createGroup($groupname); + public static function createGroup($groupName) { + return self::classType->createGroup($groupName); } /** - * get the id of a user + * Get the ID of a user * */ - public static function getUserId($username, $nocache=false) { - return self::classType->getUserId($username, $nocache=false); + public static function getUserId($username, $noCache=false) { + return self::classType->getUserId($username, $noCache); } /** - * get the id of a group + * Get the ID of a group * */ - public static function getGroupId($groupname, $nocache=false) { - return self::classType->getGroupId($groupname, $nocache=false); + public static function getGroupId($groupName, $noCache=false) { + return self::classType->getGroupId($groupName, $noCache); } /** - * get the name of a group + * Get the name of a group * */ - public static function getGroupName($groupid, $nocache=false) { - return self::classType->getGroupName($groupid, $nocache=false); + public static function getGroupName($groupId, $noCache=false) { + return self::classType->getGroupName($groupId, $noCache); } /** - * check if a user belongs to a group + * Check if a user belongs to a group * */ - public static function inGroup($username, $groupname) { - return self::classType->inGroup($username, $groupname); + public static function inGroup($username, $groupName) { + return self::classType->inGroup($username, $groupName); } /** - * add a user to a group + * Add a user to a group * */ - public static function addToGroup($username, $groupname) { - return self::classType->addToGroup($username, $groupname); + public static function addToGroup($username, $groupName) { + return self::classType->addToGroup($username, $groupName); } public static function generatePassword() { - return uniqid(); + return uniqId(); } /** - * get all groups the user belongs to + * Get all groups the user belongs to * */ public static function getUserGroups($username) { @@ -149,7 +149,7 @@ class OC_USER { } /** - * set the password of a user + * Set the password of a user * */ public static function setPassword($username, $password) { @@ -157,7 +157,7 @@ class OC_USER { } /** - * check the password of a user + * Check the password of a user * */ public static function checkPassword($username, $password) { From 9c124a8dbf7c63c8353d3ef6148a618620a3ee3c Mon Sep 17 00:00:00 2001 From: "Aldo \"xoen\" Giambelluca" Date: Mon, 19 Jul 2010 18:52:49 +0200 Subject: [PATCH 06/10] Reverted to self::$classType syntax and fixed the use of self in non-object --- inc/User/database.php | 31 +++++++++--------- inc/User/ldap.php | 7 ++-- inc/User/mod_auth.php | 2 +- inc/lib_user.php | 76 +++++++++++++++++++++---------------------- 4 files changed, 57 insertions(+), 59 deletions(-) diff --git a/inc/User/database.php b/inc/User/database.php index e083c30a7dc..d0bcf56fa96 100755 --- a/inc/User/database.php +++ b/inc/User/database.php @@ -28,7 +28,7 @@ * */ class OC_USER_Database extends OC_USER { - + /** * Check if the login button is pressed and logg the user in * @@ -54,8 +54,7 @@ class OC_USER_Database extends OC_USER { return(''); } - - + /** * Try to create a new user * @@ -76,7 +75,7 @@ class OC_USER_Database extends OC_USER { return ($result) ? true : false; } } - + /** * Try to login a user * @@ -100,7 +99,7 @@ class OC_USER_Database extends OC_USER { return false; } } - + /** * Check if the logout button is pressed and logout the user * @@ -113,7 +112,7 @@ class OC_USER_Database extends OC_USER { $_SESSION['username_clean'] = ''; } } - + /** * Check if a user is logged in * @@ -125,7 +124,7 @@ class OC_USER_Database extends OC_USER { return false; } } - + /** * Try to create a new group * @@ -143,7 +142,7 @@ class OC_USER_Database extends OC_USER { return false; } } - + /** * Get the ID of a user * @@ -169,7 +168,7 @@ class OC_USER_Database extends OC_USER { return 0; } } - + /** * Get the ID of a group * @@ -195,7 +194,7 @@ class OC_USER_Database extends OC_USER { return 0; } } - + /** * Get the name of a group * @@ -216,7 +215,7 @@ class OC_USER_Database extends OC_USER { return 0; } } - + /** * Check if a user belongs to a group * @@ -238,7 +237,7 @@ class OC_USER_Database extends OC_USER { return false; } } - + /** * Add a user to a group * @@ -264,11 +263,11 @@ class OC_USER_Database extends OC_USER { return true; } } - + public static function generatePassword() { return uniqId(); } - + /** * Get all groups the user belongs to * @@ -289,7 +288,7 @@ class OC_USER_Database extends OC_USER { return $groups; } - + /** * Set the password of a user * @@ -304,7 +303,7 @@ class OC_USER_Database extends OC_USER { return $result ? true : false; } - + /** * Check the password of a user * diff --git a/inc/User/ldap.php b/inc/User/ldap.php index da0e2d04573..37ca441fc07 100755 --- a/inc/User/ldap.php +++ b/inc/User/ldap.php @@ -23,11 +23,10 @@ require_once 'mod_auth.php'; + + /** - * Class for usermanagement in a SQL Database - * eg mysql, sqlite + * Class for usermanagement in a SQL Database (e.g. MySql, SQLite) */ class OC_USER_LDAP extends OC_USER_MOD_AUTH { } - -?> \ No newline at end of file diff --git a/inc/User/mod_auth.php b/inc/User/mod_auth.php index 11cb4bafd4a..059bb7b5aaa 100755 --- a/inc/User/mod_auth.php +++ b/inc/User/mod_auth.php @@ -67,7 +67,7 @@ class OC_USER_MOD_AUTH extends OC_USER { * */ public static function logoutLisener() { - if( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { + if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { header('WWW-Authenticate: Basic realm="ownCloud"'); header('HTTP/1.0 401 Unauthorized'); die('401 Unauthorized'); diff --git a/inc/lib_user.php b/inc/lib_user.php index d3c2b9f9109..09ab1a3ddb5 100755 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -29,11 +29,11 @@ if ( !$CONFIG_INSTALLED ) { $_SESSION['username_clean'] = ''; } -//cache the userid's an groupid's +// Cache the userid's an groupid's if ( !isset($_SESSION['user_id_cache']) ) { $_SESSION['user_id_cache'] = array(); } -if( !isset($_SESSION['group_id_cache']) ) { +if ( !isset($_SESSION['group_id_cache']) ) { $_SESSION['group_id_cache'] = array(); } @@ -44,125 +44,125 @@ if( !isset($_SESSION['group_id_cache']) ) { * */ class OC_USER { - + public static $classType; - + /** * Check if the login button is pressed and logg the user in * */ public static function loginLisener() { - return self::classType->loginLisener(); + return self::$classType->loginLisener(); } - - + /** * Try to create a new user * */ public static function createUser($username, $password) { - return self::classType->createUser($username, $password); + return self::$classType->createUser($username, $password); } - + /** * Try to login a user * */ public static function login($username, $password) { - return self::classType->login($username, $password); + return self::$classType->login($username, $password); } - + /** * Check if the logout button is pressed and logout the user * */ public static function logoutLisener() { - return self::classType->logoutLisener(); + return self::$classType->logoutLisener(); } - + /** * Check if a user is logged in * */ public static function isLoggedIn() { - return self::classType->isLoggedIn(); + return self::$classType->isLoggedIn(); } - + /** * Try to create a new group * */ public static function createGroup($groupName) { - return self::classType->createGroup($groupName); + return self::$classType->createGroup($groupName); } - + /** * Get the ID of a user * */ public static function getUserId($username, $noCache=false) { - return self::classType->getUserId($username, $noCache); + return self::$classType->getUserId($username, $noCache); } - + /** * Get the ID of a group * */ public static function getGroupId($groupName, $noCache=false) { - return self::classType->getGroupId($groupName, $noCache); + return self::$classType->getGroupId($groupName, $noCache); } - + /** * Get the name of a group * */ public static function getGroupName($groupId, $noCache=false) { - return self::classType->getGroupName($groupId, $noCache); + return self::$classType->getGroupName($groupId, $noCache); } - + /** * Check if a user belongs to a group * */ public static function inGroup($username, $groupName) { - return self::classType->inGroup($username, $groupName); + return self::$classType->inGroup($username, $groupName); } - + /** * Add a user to a group * */ public static function addToGroup($username, $groupName) { - return self::classType->addToGroup($username, $groupName); + return self::$classType->addToGroup($username, $groupName); } - + public static function generatePassword() { return uniqId(); } - + /** * Get all groups the user belongs to * */ public static function getUserGroups($username) { - return self::classType->getUserGroups($username); + return self::$classType->getUserGroups($username); } - + /** * Set the password of a user * */ public static function setPassword($username, $password) { - return self::classType->setPassword($username, $password); + return self::$classType->setPassword($username, $password); } - + /** * Check the password of a user * */ public static function checkPassword($username, $password) { - return self::classType->checkPassword($username, $password); + return self::$classType->checkPassword($username, $password); } + } @@ -174,24 +174,24 @@ function set_OC_USER() { global $CONFIG_BACKEND; if ( isset($CONFIG_BACKEND) ) { - switch( $CONFIG_BACKEND ) { + switch ( $CONFIG_BACKEND ) { case 'mysql': case 'sqlite': require_once 'User/database.php'; - self::classType = new OC_USER_Database(); + OC_USER::$classType = new OC_USER_Database(); break; case 'ldap': require_once 'User/ldap.php'; - self::classType = new OC_USER_LDAP(); + OC_USER::$classType = new OC_USER_LDAP(); break; default: require_once 'User/database.php'; - self::classType = new OC_USER_Database(); + OC_USER::$classType = new OC_USER_Database(); break; } } else { require_once 'User/database.php'; - self::classType = new OC_USER_Database(); + OC_USER::$classType = new OC_USER_Database(); } } From 9fe46ef0937d91c50f8cb2578437bfd740e8c49c Mon Sep 17 00:00:00 2001 From: "Aldo \"xoen\" Giambelluca" Date: Mon, 19 Jul 2010 21:33:29 +0200 Subject: [PATCH 07/10] OC_USER now is an abstract class (OC_USER_ABSTRACT) At start the choosen user manager is created (e.g. OC_USER_DATABASE, OC_USER_LDAP) and put into the global variable `$userManager`. This is the variable to use instead of `OC_USER` class. TODO: A better name than $userManager? --- inc/User/database.php | 26 +++++----- inc/User/ldap.php | 3 +- inc/User/mod_auth.php | 4 +- inc/lib_base.php | 87 ++++++++++++++++++++------------ inc/lib_config.php | 115 +++++++++++++++++++++++------------------- inc/lib_user.php | 98 ++++++----------------------------- 6 files changed, 154 insertions(+), 179 deletions(-) diff --git a/inc/User/database.php b/inc/User/database.php index d0bcf56fa96..c4239eb07cd 100755 --- a/inc/User/database.php +++ b/inc/User/database.php @@ -21,13 +21,15 @@ * */ +require_once $SERVERROOT . '/inc/lib_user.php'; + /** * Class for usermanagement in a SQL Database (e.g. MySQL, SQLite) * */ -class OC_USER_Database extends OC_USER { +class OC_USER_DATABASE extends OC_USER_ABSTRACT { /** * Check if the login button is pressed and logg the user in @@ -35,7 +37,7 @@ class OC_USER_Database extends OC_USER { */ public static function loginLisener() { if ( isset($_POST['loginbutton']) AND isset($_POST['password']) AND isset($_POST['login']) ) { - if ( OC_USER::login($_POST['login'], $_POST['password']) ) { + if ( self::login($_POST['login'], $_POST['password']) ) { echo 1; OC_LOG::event($_SESSION['username'], 1, ''); echo 2; @@ -62,7 +64,7 @@ class OC_USER_Database extends OC_USER { public static function createUser($username, $password) { global $CONFIG_DBTABLEPREFIX; - if ( 0 !== OC_USER::getUserId($username, true) ) { + if ( 0 !== self::getUserId($username, true) ) { return false; } else { $usernameClean = strtolower($username); @@ -132,7 +134,7 @@ class OC_USER_Database extends OC_USER { public static function createGroup($groupName) { global $CONFIG_DBTABLEPREFIX; - if ( 0 === OC_USER::getGroupId($groupName, true) ) { + if ( 0 === self::getGroupId($groupName, true) ) { $groupName = OC_DB::escape($groupName); $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupName')"; $result = OC_DB::query($query); @@ -223,8 +225,8 @@ class OC_USER_Database extends OC_USER { public static function inGroup($username, $groupName) { global $CONFIG_DBTABLEPREFIX; - $userId = OC_USER::getUserId($username); - $groupId = OC_USER::getGroupId($groupName); + $userId = self::getUserId($username); + $groupId = self::getGroupId($groupName); if ( ($groupId > 0) AND ($userId > 0) ) { $query = "SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupId' AND user_id = '$userId';"; $result = OC_DB::select($query); @@ -245,9 +247,9 @@ class OC_USER_Database extends OC_USER { public static function addToGroup($username, $groupName) { global $CONFIG_DBTABLEPREFIX; - if ( !OC_USER::inGroup($username, $groupName) ) { - $userId = OC_USER::getuserid($username); - $groupId = OC_USER::getgroupid($groupName); + if ( !self::inGroup($username, $groupName) ) { + $userId = self::getuserid($username); + $groupId = self::getgroupid($groupName); if ( (0 !== $groupId) AND (0 !== $userId) ) { $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userId', '$groupId');"; $result = OC_DB::query($query); @@ -275,14 +277,14 @@ class OC_USER_Database extends OC_USER { public static function getUserGroups($username) { global $CONFIG_DBTABLEPREFIX; - $userId = OC_USER::getUserId($username); + $userId = self::getUserId($username); $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userId'"; $result = OC_DB::select($query); $groups = array(); if ( is_array($result) ) { foreach ( $result as $group ) { $groupId = $group['group_id']; - $groups[] = OC_USER::getGroupName($groupId); + $groups[] = self::getGroupName($groupId); } } @@ -297,7 +299,7 @@ class OC_USER_Database extends OC_USER { global $CONFIG_DBTABLEPREFIX; $password = sha1($password); - $userId = OC_USER::getUserId($username); + $userId = self::getUserId($username); $query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userId'"; $result = OC_DB::query($query); diff --git a/inc/User/ldap.php b/inc/User/ldap.php index 37ca441fc07..9ce36975bd3 100755 --- a/inc/User/ldap.php +++ b/inc/User/ldap.php @@ -21,7 +21,8 @@ * */ -require_once 'mod_auth.php'; +require_once $SERVERROOT . '/inc/lib_user.php'; +require_once $SERVERROOT . '/inc/User/mod_auth.php'; diff --git a/inc/User/mod_auth.php b/inc/User/mod_auth.php index 059bb7b5aaa..8bab4394a5d 100755 --- a/inc/User/mod_auth.php +++ b/inc/User/mod_auth.php @@ -21,13 +21,15 @@ * */ +require_once $SERVERROOT . '/inc/lib_user.php'; + /** * Class for usermanagement in a SQL Database (e.g. MySQL, SQLite) * */ -class OC_USER_MOD_AUTH extends OC_USER { +class OC_USER_MOD_AUTH extends OC_USER_ABSTRACT { /** * Check if the login button is pressed and logg the user in diff --git a/inc/lib_base.php b/inc/lib_base.php index df6df15cc23..7068aad3f4e 100755 --- a/inc/lib_base.php +++ b/inc/lib_base.php @@ -48,20 +48,20 @@ if($WEBROOT!='' and $WEBROOT[0]!=='/'){ // set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config'); // define default config values -$CONFIG_INSTALLED=false; -$CONFIG_DATADIRECTORY=$SERVERROOT.'/data'; -$CONFIG_BACKUPDIRECTORY=$SERVERROOT.'/backup'; -$CONFIG_HTTPFORCESSL=false; -$CONFIG_ENABLEBACKUP=false; -$CONFIG_DATEFORMAT='j M Y G:i'; -$CONFIG_DBNAME='owncloud'; -$CONFIG_DBTYPE='sqlite'; +$CONFIG_INSTALLED = false; +$CONFIG_DATADIRECTORY = $SERVERROOT . '/data'; +$CONFIG_BACKUPDIRECTORY = $SERVERROOT . '/backup'; +$CONFIG_HTTPFORCESSL = false; +$CONFIG_ENABLEBACKUP = false; +$CONFIG_DATEFORMAT = 'j M Y G:i'; +$CONFIG_DBNAME = 'owncloud'; +$CONFIG_DBTYPE = 'sqlite'; // include the generated configfile -@include_once($SERVERROOT.'/config/config.php'); +@include_once($SERVERROOT . '/config/config.php'); - -$CONFIG_DATADIRECTORY_ROOT=$CONFIG_DATADIRECTORY;// store this in a seperate variable so we can change the data directory to jail users. +// Store this in a seperate variable so we can change the data directory to jail users. +$CONFIG_DATADIRECTORY_ROOT = $CONFIG_DATADIRECTORY; // redirect to https site if configured if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){ if(!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') { @@ -86,10 +86,33 @@ oc_require_once('lib_connect.php'); oc_require_once('lib_remotestorage.php'); + +// Load the choosen user manager +if ( isset($CONFIG_BACKEND) ) { + switch ( $CONFIG_BACKEND ) { + case 'mysql': + case 'sqlite': + require_once 'User/database.php'; + $userManager = new OC_USER_DATABASE(); + break; + case 'ldap': + require_once 'User/ldap.php'; + $userManager = new OC_USER_LDAP(); + break; + default: + require_once 'User/database.php'; + $userManager = new OC_USER_DATABASE(); + break; + } +} else { + require_once 'User/database.php'; + $userManager = new OC_USER_DATABASE(); +} + if(!is_dir($CONFIG_DATADIRECTORY_ROOT)){ @mkdir($CONFIG_DATADIRECTORY_ROOT) or die("Can't create data directory ($CONFIG_DATADIRECTORY_ROOT), you can usually fix this by setting the owner of '$SERVERROOT' to the user that the web server uses (www-data for debian/ubuntu)"); } -if(OC_USER::isLoggedIn()){ +if ( $userManager::isLoggedIn() ) { //jail the user in a seperate data folder $CONFIG_DATADIRECTORY=$CONFIG_DATADIRECTORY_ROOT.'/'.$_SESSION['username_clean']; if(!is_dir($CONFIG_DATADIRECTORY)){ @@ -128,11 +151,11 @@ if(isset($plugins[0])) foreach($plugins as $plugin) require_once($SERVERROOT.'/p // check if the server is correctly configured for ownCloud -OC_UTIL::checkserver(); +OC_UTIL::checkServer(); // listen for login or logout actions -OC_USER::logoutlisener(); -$loginresult=OC_USER::loginlisener(); +$userManager::logoutLisener(); +$loginresult = $userManager::loginLisener(); /** * Class for utility functions @@ -262,25 +285,27 @@ class OC_UTIL { * show the main navigation * */ - public static function showNavigation(){ - global $WEBROOT; - global $SERVERROOT; - echo(''); - echo(''); - if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/index.php') echo(''); else echo(''); + public static function showNavigation(){ + global $WEBROOT; + global $SERVERROOT; + global $userManager; - foreach(OC_UTIL::$NAVIGATION as $NAVI) { - if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo(''); else echo(''); - } + echo('
'.$_SESSION['username'].'FilesFiles'.$NAVI['name'].''.$NAVI['name'].'
'); + echo(''); + if ($_SERVER['SCRIPT_NAME']==$WEBROOT.'/index.php') echo(''); else echo(''); - if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo(''); else echo(''); - if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo(''); else echo(''); - if(OC_USER::ingroup($_SESSION['username'],'admin')){ - if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo(''); else echo(''); + foreach(OC_UTIL::$NAVIGATION as $NAVI) { + if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo(''); else echo(''); + } + + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo(''); else echo(''); + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo(''); else echo(''); + if ( $userManager::inGroup($_SESSION['username'], 'admin') ) { + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo(''); else echo(''); + } + echo(''); + echo('
'.$_SESSION['username'].'FilesFilesLogLogSettingsSettingsAdmin PanelAdmin Panel'.$NAVI['name'].''.$NAVI['name'].'LogLogSettingsSettingsAdmin PanelAdmin PanelLogout
'); } - echo('Logout'); - echo(''); - } /** diff --git a/inc/lib_config.php b/inc/lib_config.php index ff4ead8b6be..8418cd574e7 100644 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -1,5 +1,7 @@ '; }else{ if(isset($_POST['changepass']) and $_POST['changepass']==1){ @@ -95,7 +107,7 @@ class OC_CONFIG{ if(!isset($_POST['password2']) or empty($_POST['password2'])) $error.='retype password not set
'; if($_POST['password']<>$_POST['password2'] ) $error.='passwords are not the same
'; if(empty($error)){ - if(!OC_USER::setpassword($_SESSION['username'],$_POST['password'])){ + if(!$userManager::setpassword($_SESSION['username'],$_POST['password'])){ $error.='error while trying to set password
'; } } @@ -143,11 +155,13 @@ class OC_CONFIG{ */ public static function writeAdminLisener(){ global $CONFIG_INSTALLED; + global $userManager; + $allow=false; if(!$CONFIG_INSTALLED){ $allow=true; - }elseif(OC_USER::isLoggedIn()){ - if(OC_USER::ingroup($_SESSION['username'],'admin')){ + }elseif($userManager::isLoggedIn()){ + if($userManager::ingroup($_SESSION['username'],'admin')){ $allow=true; } } @@ -170,7 +184,7 @@ class OC_CONFIG{ $error=''; $FIRSTRUN=!$CONFIG_INSTALLED; if(!$FIRSTRUN){ - if(!OC_USER::login($_SESSION['username'],$_POST['currentpassword'])){ + if(!$userManager::login($_SESSION['username'],$_POST['currentpassword'])){ $error.='wrong password
'; } } @@ -248,15 +262,15 @@ class OC_CONFIG{ } } if($FIRSTRUN){ - if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){ + if(!$userManager::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !$userManager::login($_POST['adminlogin'],$_POST['adminpassword'])){ $error.='error while trying to create the admin user
'; } - if(OC_USER::getgroupid('admin')==0){ - if(!OC_USER::creategroup('admin')){ + if($userManager::getgroupid('admin')==0){ + if(!$userManager::creategroup('admin')){ $error.='error while trying to create the admin group
'; } } - if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){ + if(!$userManager::addtogroup($_POST['adminlogin'],'admin')){ $error.='error while trying to add the admin user to the admin group
'; } } @@ -365,6 +379,3 @@ class OC_CONFIG{ } } } -?> - - diff --git a/inc/lib_user.php b/inc/lib_user.php index 09ab1a3ddb5..394377984cb 100755 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -43,158 +43,92 @@ if ( !isset($_SESSION['group_id_cache']) ) { * Class for user management * */ -class OC_USER { - - public static $classType; +abstract class OC_USER_ABSTRACT { /** * Check if the login button is pressed and logg the user in * */ - public static function loginLisener() { - return self::$classType->loginLisener(); - } + abstract public static function loginLisener(); /** * Try to create a new user * */ - public static function createUser($username, $password) { - return self::$classType->createUser($username, $password); - } + abstract public static function createUser($username, $password); /** * Try to login a user * */ - public static function login($username, $password) { - return self::$classType->login($username, $password); - } + abstract public static function login($username, $password); /** * Check if the logout button is pressed and logout the user * */ - public static function logoutLisener() { - return self::$classType->logoutLisener(); - } + abstract public static function logoutLisener(); /** * Check if a user is logged in * */ - public static function isLoggedIn() { - return self::$classType->isLoggedIn(); - } + abstract public static function isLoggedIn(); /** * Try to create a new group * */ - public static function createGroup($groupName) { - return self::$classType->createGroup($groupName); - } + abstract public static function createGroup($groupName); /** * Get the ID of a user * */ - public static function getUserId($username, $noCache=false) { - return self::$classType->getUserId($username, $noCache); - } + abstract public static function getUserId($username, $noCache=false); /** * Get the ID of a group * */ - public static function getGroupId($groupName, $noCache=false) { - return self::$classType->getGroupId($groupName, $noCache); - } + abstract public static function getGroupId($groupName, $noCache=false); /** * Get the name of a group * */ - public static function getGroupName($groupId, $noCache=false) { - return self::$classType->getGroupName($groupId, $noCache); - } + abstract public static function getGroupName($groupId, $noCache=false); /** * Check if a user belongs to a group * */ - public static function inGroup($username, $groupName) { - return self::$classType->inGroup($username, $groupName); - } + abstract public static function inGroup($username, $groupName); /** * Add a user to a group * */ - public static function addToGroup($username, $groupName) { - return self::$classType->addToGroup($username, $groupName); - } + abstract public static function addToGroup($username, $groupName); - public static function generatePassword() { - return uniqId(); - } + abstract public static function generatePassword(); /** * Get all groups the user belongs to * */ - public static function getUserGroups($username) { - return self::$classType->getUserGroups($username); - } + abstract public static function getUserGroups($username); /** * Set the password of a user * */ - public static function setPassword($username, $password) { - return self::$classType->setPassword($username, $password); - } + abstract public static function setPassword($username, $password); /** * Check the password of a user * */ - public static function checkPassword($username, $password) { - return self::$classType->checkPassword($username, $password); - } + abstract public static function checkPassword($username, $password); } - - - -/** - * Funtion to set the User Authentication Module - */ -function set_OC_USER() { - global $CONFIG_BACKEND; - - if ( isset($CONFIG_BACKEND) ) { - switch ( $CONFIG_BACKEND ) { - case 'mysql': - case 'sqlite': - require_once 'User/database.php'; - OC_USER::$classType = new OC_USER_Database(); - break; - case 'ldap': - require_once 'User/ldap.php'; - OC_USER::$classType = new OC_USER_LDAP(); - break; - default: - require_once 'User/database.php'; - OC_USER::$classType = new OC_USER_Database(); - break; - } - } else { - require_once 'User/database.php'; - OC_USER::$classType = new OC_USER_Database(); - } -} - - - -set_OC_USER(); From 68775a282d46f25f3063182e0d4b02eb18c97c14 Mon Sep 17 00:00:00 2001 From: "Aldo \"xoen\" Giambelluca" Date: Wed, 21 Jul 2010 17:53:51 +0200 Subject: [PATCH 08/10] Created class `OC_USER_BACKEND` for general user managment It's possible to use `OC_USER` as normal but the real stuff is done by the `OC_USER::$_backend` class, setted using `OC_USER::setBackend()` (this is done in inc/lib_user.php) --- inc/User/backend.php | 123 ++++++++++ inc/User/database.php | 543 ++++++++++++++++++++---------------------- inc/User/ldap.php | 6 +- inc/User/mod_auth.php | 163 ++++++------- inc/lib_base.php | 87 +++---- inc/lib_config.php | 115 ++++----- inc/lib_user.php | 184 +++++++++----- 7 files changed, 673 insertions(+), 548 deletions(-) create mode 100755 inc/User/backend.php diff --git a/inc/User/backend.php b/inc/User/backend.php new file mode 100755 index 00000000000..a036f061443 --- /dev/null +++ b/inc/User/backend.php @@ -0,0 +1,123 @@ +. +* +*/ + + + +/** + * Base class for user management + * + * @author Aldo "xoen" Giambelluca + * @author fabian + */ +abstract class OC_USER_BACKEND { + + /** + * Check if the login button is pressed and logg the user in + * + */ + abstract public static function loginLisener(); + + /** + * Try to create a new user + * + */ + abstract public static function createUser($username, $password); + + /** + * Try to login a user + * + */ + abstract public static function login($username, $password); + + /** + * Check if the logout button is pressed and logout the user + * + */ + abstract public static function logoutLisener(); + + /** + * Check if a user is logged in + * + */ + abstract public static function isLoggedIn(); + + /** + * Try to create a new group + * + */ + abstract public static function createGroup($groupName); + + /** + * Get the ID of a user + * + */ + abstract public static function getUserId($username, $noCache=false); + + /** + * Get the ID of a group + * + */ + abstract public static function getGroupId($groupName, $noCache=false); + + /** + * Get the name of a group + * + */ + abstract public static function getGroupName($groupId, $noCache=false); + + /** + * Check if a user belongs to a group + * + */ + abstract public static function inGroup($username, $groupName); + + /** + * Add a user to a group + * + */ + abstract public static function addToGroup($username, $groupName); + + /** + * Generate a random password + */ + abstract public static function generatePassword(); + + /** + * Get all groups the user belongs to + * + */ + abstract public static function getUserGroups($username); + + /** + * Set the password of a user + * + */ + abstract public static function setPassword($username, $password); + + /** + * Check the password of a user + * + */ + abstract public static function checkPassword($username, $password); + +} diff --git a/inc/User/database.php b/inc/User/database.php index c4239eb07cd..13880f1f662 100755 --- a/inc/User/database.php +++ b/inc/User/database.php @@ -21,307 +21,292 @@ * */ -require_once $SERVERROOT . '/inc/lib_user.php'; +oc_require_once('inc/User/backend.php'); /** - * Class for usermanagement in a SQL Database (e.g. MySQL, SQLite) + * Class for user management in a SQL Database (e.g. MySQL, SQLite) * */ -class OC_USER_DATABASE extends OC_USER_ABSTRACT { +class OC_USER_DATABASE extends OC_USER_BACKEND { /** - * Check if the login button is pressed and logg the user in - * - */ - public static function loginLisener() { - if ( isset($_POST['loginbutton']) AND isset($_POST['password']) AND isset($_POST['login']) ) { - if ( self::login($_POST['login'], $_POST['password']) ) { + * check if the login button is pressed and logg the user in + * + */ + public static function loginLisener(){ + if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){ + if(OC_USER::login($_POST['login'],$_POST['password'])){ echo 1; - OC_LOG::event($_SESSION['username'], 1, ''); + OC_LOG::event($_SESSION['username'],1,''); echo 2; - if ( ( isset($CONFIG_HTTPFORCESSL) AND $CONFIG_HTTPFORCESSL ) - OR ( isset($_SERVER['HTTPS']) AND ('on' === $_SERVER['HTTPS']) ) ) { - $url = 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; - } else { - $url = 'http://'. $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; + if((isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') { + $url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; + }else{ + $url = "http://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; } - header('Location: $url'); + header("Location: $url"); die(); - } else { - return 'error'; - } + }else{ + return('error'); + } } - return(''); } /** - * Try to create a new user - * - */ - public static function createUser($username, $password) { - global $CONFIG_DBTABLEPREFIX; - - if ( 0 !== self::getUserId($username, true) ) { - return false; - } else { - $usernameClean = strtolower($username); - $password = sha1($password); - $username = OC_DB::escape($username); - $usernameClean = OC_DB::escape($usernameClean); - $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameClean', '$password')"; - $result = OC_DB::query($query); - - return ($result) ? true : false; - } - } - - /** - * Try to login a user - * - */ - public static function login($username, $password) { - global $CONFIG_DBTABLEPREFIX; - - $password = sha1($password); - $usernameClean = strtolower($username); - $username = OC_DB::escape($username); - $usernameClean = OC_DB::escape($usernameClean); - $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameClean' AND user_password = '$password' LIMIT 1"; - $result = OC_DB::select($query); - if ( isset($result[0]) AND isset($result[0]['user_id']) ) { - $_SESSION['user_id'] = $result[0]['user_id']; - $_SESSION['username'] = $username; - $_SESSION['username_clean'] = $usernameClean; - - return true; - } else { - return false; - } - } - - /** - * Check if the logout button is pressed and logout the user - * - */ - public static function logoutLisener() { - if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { - OC_LOG::event($_SESSION['username'], 2, ''); - $_SESSION['user_id'] = false; - $_SESSION['username'] = ''; - $_SESSION['username_clean'] = ''; - } - } - - /** - * Check if a user is logged in - * - */ - public static function isLoggedIn() { - if ( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) { - return true; - } else { - return false; - } - } - - /** - * Try to create a new group - * - */ - public static function createGroup($groupName) { - global $CONFIG_DBTABLEPREFIX; - - if ( 0 === self::getGroupId($groupName, true) ) { - $groupName = OC_DB::escape($groupName); - $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupName')"; - $result = OC_DB::query($query); - - return $result ? true : false; - } else { - return false; - } - } - - /** - * Get the ID of a user - * - */ - public static function getUserId($username, $noCache=false) { - global $CONFIG_DBTABLEPREFIX; - - $usernameClean = strtolower($username); - //try to use cached value to save an sql query - if ( !$noCache AND isset($_SESSION['user_id_cache'][$usernameClean]) ) { - return $_SESSION['user_id_cache'][$usernameClean]; - } - $usernameClean = OC_DB::escape($usernameClean); - $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameClean'"; - $result = OC_DB::select($query); - if ( !is_array($result) ) { - return 0; - } - if ( isset($result[0]) AND isset($result[0]['user_id']) ) { - $_SESSION['user_id_cache'][$usernameClean] = $result[0]['user_id']; - return $result[0]['user_id']; - } else { - return 0; - } - } - - /** - * Get the ID of a group - * - */ - public static function getGroupId($groupName, $noCache=false) { - global $CONFIG_DBTABLEPREFIX; - - //try to use cached value to save an sql query - if ( !$noCache AND isset($_SESSION['group_id_cache'][$groupName]) ) { - return $_SESSION['group_id_cache'][$groupName]; - } - $groupName = OC_DB::escape($groupName); - $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupName'"; - $result = OC_DB::select($query); - if ( !is_array($result) ) { - return 0; - } - if ( isset($result[0]) AND isset($result[0]['group_id']) ) { - $_SESSION['group_id_cache'][$groupName] = $result[0]['group_id']; - - return $result[0]['group_id']; - } else { - return 0; - } - } - - /** - * Get the name of a group - * - */ - public static function getGroupName($groupId, $noCache=false) { - global $CONFIG_DBTABLEPREFIX; - - //try to use cached value to save an sql query - if ( !$noCache AND ($name = array_search($groupId,$_SESSION['group_id_cache'])) ) { - return $name; - } - $groupId = (integer)$groupId; - $query = "SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupId' LIMIT 1"; - $result = OC_DB::select($query); - if ( isset($result[0]) AND isset($result[0]['group_name']) ) { - return $result[0]['group_name']; - } else { - return 0; - } - } - - /** - * Check if a user belongs to a group - * - */ - public static function inGroup($username, $groupName) { - global $CONFIG_DBTABLEPREFIX; - - $userId = self::getUserId($username); - $groupId = self::getGroupId($groupName); - if ( ($groupId > 0) AND ($userId > 0) ) { - $query = "SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupId' AND user_id = '$userId';"; - $result = OC_DB::select($query); - if ( isset($result[0]) AND isset($result[0]['user_group_id']) ) { - return true; - } else { - return false; - } - } else { - return false; - } - } - - /** - * Add a user to a group - * - */ - public static function addToGroup($username, $groupName) { - global $CONFIG_DBTABLEPREFIX; - - if ( !self::inGroup($username, $groupName) ) { - $userId = self::getuserid($username); - $groupId = self::getgroupid($groupName); - if ( (0 !== $groupId) AND (0 !== $userId) ) { - $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userId', '$groupId');"; - $result = OC_DB::query($query); - if ( $result ) { - return true; - } else { - return false; - } - } else { - return false; - } - } else { - return true; - } - } - - public static function generatePassword() { - return uniqId(); - } - - /** - * Get all groups the user belongs to - * - */ - public static function getUserGroups($username) { - global $CONFIG_DBTABLEPREFIX; - - $userId = self::getUserId($username); - $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userId'"; - $result = OC_DB::select($query); - $groups = array(); - if ( is_array($result) ) { - foreach ( $result as $group ) { - $groupId = $group['group_id']; - $groups[] = self::getGroupName($groupId); - } - } - - return $groups; - } - - /** - * Set the password of a user - * - */ - public static function setPassword($username, $password) { - global $CONFIG_DBTABLEPREFIX; - - $password = sha1($password); - $userId = self::getUserId($username); - $query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userId'"; - $result = OC_DB::query($query); - - return $result ? true : false; - } - - /** - * Check the password of a user + * try to create a new user * */ - public static function checkPassword($username, $password) { + public static function createUser($username,$password){ + global $CONFIG_DBTABLEPREFIX; + if(OC_USER::getuserid($username,true)!=0){ + return false; + }else{ + $usernameclean=strtolower($username); + $password=sha1($password); + $username=OC_DB::escape($username); + $usernameclean=OC_DB::escape($usernameclean); + $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')"; + $result=OC_DB::query($query); + return ($result)?true:false; + } + + } + + /** + * try to login a user + * + */ + public static function login($username,$password){ global $CONFIG_DBTABLEPREFIX; - $password = sha1($password); - $usernameClean = strtolower($username); - $username = OC_DB::escape($username); - $usernameClean = OC_DB::escape($usernameClean); - $query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameClean' AND user_password = '$password' LIMIT 1"; - $result = OC_DB::select($query); - if ( isset($result[0]) AND isset($result[0]['user_id']) AND ($result[0]['user_id'] > 0) ) { + $password=sha1($password); + $usernameclean=strtolower($username); + $username=OC_DB::escape($username); + $usernameclean=OC_DB::escape($usernameclean); + $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_id'])){ + $_SESSION['user_id']=$result[0]['user_id']; + $_SESSION['username']=$username; + $_SESSION['username_clean']=$usernameclean; return true; - } else { + }else{ + return false; + } + } + + /** + * check if the logout button is pressed and logout the user + * + */ + public static function logoutLisener(){ + if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ + OC_LOG::event($_SESSION['username'],2,''); + $_SESSION['user_id']=false; + $_SESSION['username']=''; + $_SESSION['username_clean']=''; + } + } + + /** + * check if a user is logged in + * + */ + public static function isLoggedIn(){ + return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false; + } + + /** + * try to create a new group + * + */ + public static function createGroup($groupname){ + global $CONFIG_DBTABLEPREFIX; + if(OC_USER::getgroupid($groupname,true)==0){ + $groupname=OC_DB::escape($groupname); + $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupname')"; + $result=OC_DB::query($query); + return ($result)?true:false; + }else{ + return false; + } + } + + /** + * get the id of a user + * + */ + public static function getUserId($username,$nocache=false){ + global $CONFIG_DBTABLEPREFIX; + $usernameclean=strtolower($username); + if(!$nocache and isset($_SESSION['user_id_cache'][$usernameclean])){//try to use cached value to save an sql query + return $_SESSION['user_id_cache'][$usernameclean]; + } + $usernameclean=OC_DB::escape($usernameclean); + $query="SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean'"; + $result=OC_DB::select($query); + if(!is_array($result)){ + return 0; + } + if(isset($result[0]) && isset($result[0]['user_id'])){ + $_SESSION['user_id_cache'][$usernameclean]=$result[0]['user_id']; + return $result[0]['user_id']; + }else{ + return 0; + } + } + + /** + * get the id of a group + * + */ + public static function getGroupId($groupname,$nocache=false){ + global $CONFIG_DBTABLEPREFIX; + if(!$nocache and isset($_SESSION['group_id_cache'][$groupname])){//try to use cached value to save an sql query + return $_SESSION['group_id_cache'][$groupname]; + } + $groupname=OC_DB::escape($groupname); + $query="SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupname'"; + $result=OC_DB::select($query); + if(!is_array($result)){ + return 0; + } + if(isset($result[0]) && isset($result[0]['group_id'])){ + $_SESSION['group_id_cache'][$groupname]=$result[0]['group_id']; + return $result[0]['group_id']; + }else{ + return 0; + } + } + + /** + * get the name of a group + * + */ + public static function getGroupName($groupid,$nocache=false){ + global $CONFIG_DBTABLEPREFIX; + if($nocache and $name=array_search($groupid,$_SESSION['group_id_cache'])){//try to use cached value to save an sql query + return $name; + } + $groupid=(integer)$groupid; + $query="SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupid' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['group_name'])){ + return $result[0]['group_name']; + }else{ + return 0; + } + } + + /** + * check if a user belongs to a group + * + */ + public static function inGroup($username,$groupname){ + global $CONFIG_DBTABLEPREFIX; + + $userid=OC_USER::getuserid($username); + $groupid=OC_USER::getgroupid($groupname); + if($groupid>0 and $userid>0){ + $query="SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupid' AND user_id = '$userid';"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_group_id'])){ + return true; + }else{ + return false; + } + }else{ + return false; + } + } + + /** + * add a user to a group + * + */ + public static function addToGroup($username,$groupname){ + global $CONFIG_DBTABLEPREFIX; + + if(!OC_USER::ingroup($username,$groupname)){ + $userid=OC_USER::getuserid($username); + $groupid=OC_USER::getgroupid($groupname); + if($groupid!=0 and $userid!=0){ + $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');"; + $result=OC_DB::query($query); + if($result){ + return true; + }else{ + return false; + } + }else{ + return false; + } + }else{ + return true; + } + } + + public static function generatePassword(){ + return uniqid(); + } + + /** + * get all groups the user belongs to + * + */ + public static function getUserGroups($username){ + global $CONFIG_DBTABLEPREFIX; + + $userid=OC_USER::getuserid($username); + $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userid'"; + $result=OC_DB::select($query); + $groups=array(); + if(is_array($result)){ + foreach($result as $group){ + $groupid=$group['group_id']; + $groups[]=OC_USER::getgroupname($groupid); + } + } + return $groups; + } + + /** + * set the password of a user + * + */ + public static function setPassword($username,$password){ + global $CONFIG_DBTABLEPREFIX; + + $password=sha1($password); + $userid=OC_USER::getuserid($username); + $query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userid'"; + $result=OC_DB::query($query); + if($result){ + return true; + }else{ + return false; + } + } + + /** + * check the password of a user + * + */ + public static function checkPassword($username,$password){ + global $CONFIG_DBTABLEPREFIX; + + $password=sha1($password); + $usernameclean=strtolower($username); + $username=OC_DB::escape($username); + $usernameclean=OC_DB::escape($usernameclean); + $query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){ + return true; + }else{ return false; } } diff --git a/inc/User/ldap.php b/inc/User/ldap.php index 9ce36975bd3..c91f900342e 100755 --- a/inc/User/ldap.php +++ b/inc/User/ldap.php @@ -21,13 +21,9 @@ * */ -require_once $SERVERROOT . '/inc/lib_user.php'; -require_once $SERVERROOT . '/inc/User/mod_auth.php'; +oc_require_once('inc/User/mod_auth.php'); -/** - * Class for usermanagement in a SQL Database (e.g. MySql, SQLite) - */ class OC_USER_LDAP extends OC_USER_MOD_AUTH { } diff --git a/inc/User/mod_auth.php b/inc/User/mod_auth.php index 8bab4394a5d..0595e74024b 100755 --- a/inc/User/mod_auth.php +++ b/inc/User/mod_auth.php @@ -21,55 +21,52 @@ * */ -require_once $SERVERROOT . '/inc/lib_user.php'; +oc_require_once('inc/User/backend.php'); /** - * Class for usermanagement in a SQL Database (e.g. MySQL, SQLite) + * Class for user management * */ -class OC_USER_MOD_AUTH extends OC_USER_ABSTRACT { - +class OC_USER_MOD_AUTH extends OC_USER_BACKEND { + /** - * Check if the login button is pressed and logg the user in - * - */ - public static function loginLisener() { - return ''; + * check if the login button is pressed and logg the user in + * + */ + public static function loginLisener(){ + return(''); } - - + /** - * Try to create a new user - * - */ - public static function createUser($username, $password) { + * try to create a new user + * + */ + public static function createUser($username,$password){ return false; } - - /** - * Try to login a user - * - */ - public static function login($username, $password) { - if ( isset($_SERVER['PHP_AUTH_USER']) AND ('' !== $_SERVER['PHP_AUTH_USER']) ) { - $_SESSION['user_id'] = $_SERVER['PHP_AUTH_USER']; - $_SESSION['username'] = $_SERVER['PHP_AUTH_USER']; - $_SESSION['username_clean'] = $_SERVER['PHP_AUTH_USER']; + /** + * try to login a user + * + */ + public static function login($username,$password){ + if (isset($_SERVER["PHP_AUTH_USER"]) && $_SERVER["PHP_AUTH_USER"] != "") { + $_SESSION['user_id']= $_SERVER["PHP_AUTH_USER"]; + $_SESSION['username']= $_SERVER["PHP_AUTH_USER"]; + $_SESSION['username_clean']= $_SERVER["PHP_AUTH_USER"]; return true; } - return false; } /** - * Check if the logout button is pressed and logout the user - * - */ - public static function logoutLisener() { - if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { + * check if the logout button is pressed and logout the user + * + */ + public static function logoutLisener(){ + if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ header('WWW-Authenticate: Basic realm="ownCloud"'); header('HTTP/1.0 401 Unauthorized'); die('401 Unauthorized'); @@ -77,107 +74,105 @@ class OC_USER_MOD_AUTH extends OC_USER_ABSTRACT { } /** - * Check if a user is logged in - * - */ - public static function isLoggedIn() { - if ( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) { + * check if a user is logged in + * + */ + public static function isLoggedIn(){ + if (isset($_SESSION['user_id']) && $_SESSION['user_id']) { return true; - } else { - if ( isset($_SERVER['PHP_AUTH_USER']) AND ('' !== $_SERVER['PHP_AUTH_USER']) ) { - $_SESSION['user_id'] = $_SERVER['PHP_AUTH_USER']; - $_SESSION['username'] = $_SERVER['PHP_AUTH_USER']; - $_SESSION['username_clean'] = $_SERVER['PHP_AUTH_USER']; - - return true;; + } + else { + if (isset($_SERVER["PHP_AUTH_USER"]) && $_SERVER["PHP_AUTH_USER"] != "") { + $_SESSION['user_id']= $_SERVER["PHP_AUTH_USER"]; + $_SESSION['username']= $_SERVER["PHP_AUTH_USER"]; + $_SESSION['username_clean']= $_SERVER["PHP_AUTH_USER"]; + return true; } } - return false; } /** - * Try to create a new group - * - */ - public static function createGroup($groupName) { + * try to create a new group + * + */ + public static function createGroup($groupname){ // does not work with MOD_AUTH (only or some modules) return false; } /** - * Get the ID of a user - * - */ - public static function getUserId($username, $noCache=false) { + * get the id of a user + * + */ + public static function getUserId($username,$nocache=false){ // does not work with MOD_AUTH (only or some modules) return 0; } /** - * Get the ID of a group - * - */ - public static function getGroupId($groupName, $noCache=false) { + * get the id of a group + * + */ + public static function getGroupId($groupname,$nocache=false){ // does not work with MOD_AUTH (only or some modules) return 0; } /** - * Get the name of a group - * - */ - public static function getGroupName($groupId, $noCache=false) { + * get the name of a group + * + */ + public static function getGroupName($groupid,$nocache=false){ // does not work with MOD_AUTH (only or some modules) return 0; } /** - * Check if a user belongs to a group - * - */ - public static function inGroup($username, $groupName) { + * check if a user belongs to a group + * + */ + public static function inGroup($username,$groupname){ // does not work with MOD_AUTH (only or some modules) return false; } /** - * Add a user to a group - * - */ - public static function addToGroup($username, $groupName) { + * add a user to a group + * + */ + public static function addToGroup($username,$groupname){ // does not work with MOD_AUTH (only or some modules) return false; } - public static function generatePassword() { - return uniqId(); + public static function generatePassword(){ + return uniqid(); } /** - * Get all groups the user belongs to - * - */ - public static function getUserGroups($username) { + * get all groups the user belongs to + * + */ + public static function getUserGroups($username){ // does not work with MOD_AUTH (only or some modules) - $groups = array(); - + $groups=array(); return $groups; } /** - * Set the password of a user - * - */ - public static function setPassword($username, $password) { + * set the password of a user + * + */ + public static function setPassword($username,$password){ return false; } /** - * Check the password of a user - * - */ - public static function checkPassword($username, $password) { + * check the password of a user + * + */ + public static function checkPassword($username,$password){ // does not work with MOD_AUTH (only or some modules) return false; } diff --git a/inc/lib_base.php b/inc/lib_base.php index 7068aad3f4e..df6df15cc23 100755 --- a/inc/lib_base.php +++ b/inc/lib_base.php @@ -48,20 +48,20 @@ if($WEBROOT!='' and $WEBROOT[0]!=='/'){ // set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config'); // define default config values -$CONFIG_INSTALLED = false; -$CONFIG_DATADIRECTORY = $SERVERROOT . '/data'; -$CONFIG_BACKUPDIRECTORY = $SERVERROOT . '/backup'; -$CONFIG_HTTPFORCESSL = false; -$CONFIG_ENABLEBACKUP = false; -$CONFIG_DATEFORMAT = 'j M Y G:i'; -$CONFIG_DBNAME = 'owncloud'; -$CONFIG_DBTYPE = 'sqlite'; +$CONFIG_INSTALLED=false; +$CONFIG_DATADIRECTORY=$SERVERROOT.'/data'; +$CONFIG_BACKUPDIRECTORY=$SERVERROOT.'/backup'; +$CONFIG_HTTPFORCESSL=false; +$CONFIG_ENABLEBACKUP=false; +$CONFIG_DATEFORMAT='j M Y G:i'; +$CONFIG_DBNAME='owncloud'; +$CONFIG_DBTYPE='sqlite'; // include the generated configfile -@include_once($SERVERROOT . '/config/config.php'); +@include_once($SERVERROOT.'/config/config.php'); -// Store this in a seperate variable so we can change the data directory to jail users. -$CONFIG_DATADIRECTORY_ROOT = $CONFIG_DATADIRECTORY; + +$CONFIG_DATADIRECTORY_ROOT=$CONFIG_DATADIRECTORY;// store this in a seperate variable so we can change the data directory to jail users. // redirect to https site if configured if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){ if(!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') { @@ -86,33 +86,10 @@ oc_require_once('lib_connect.php'); oc_require_once('lib_remotestorage.php'); - -// Load the choosen user manager -if ( isset($CONFIG_BACKEND) ) { - switch ( $CONFIG_BACKEND ) { - case 'mysql': - case 'sqlite': - require_once 'User/database.php'; - $userManager = new OC_USER_DATABASE(); - break; - case 'ldap': - require_once 'User/ldap.php'; - $userManager = new OC_USER_LDAP(); - break; - default: - require_once 'User/database.php'; - $userManager = new OC_USER_DATABASE(); - break; - } -} else { - require_once 'User/database.php'; - $userManager = new OC_USER_DATABASE(); -} - if(!is_dir($CONFIG_DATADIRECTORY_ROOT)){ @mkdir($CONFIG_DATADIRECTORY_ROOT) or die("Can't create data directory ($CONFIG_DATADIRECTORY_ROOT), you can usually fix this by setting the owner of '$SERVERROOT' to the user that the web server uses (www-data for debian/ubuntu)"); } -if ( $userManager::isLoggedIn() ) { +if(OC_USER::isLoggedIn()){ //jail the user in a seperate data folder $CONFIG_DATADIRECTORY=$CONFIG_DATADIRECTORY_ROOT.'/'.$_SESSION['username_clean']; if(!is_dir($CONFIG_DATADIRECTORY)){ @@ -151,11 +128,11 @@ if(isset($plugins[0])) foreach($plugins as $plugin) require_once($SERVERROOT.'/p // check if the server is correctly configured for ownCloud -OC_UTIL::checkServer(); +OC_UTIL::checkserver(); // listen for login or logout actions -$userManager::logoutLisener(); -$loginresult = $userManager::loginLisener(); +OC_USER::logoutlisener(); +$loginresult=OC_USER::loginlisener(); /** * Class for utility functions @@ -285,27 +262,25 @@ class OC_UTIL { * show the main navigation * */ - public static function showNavigation(){ - global $WEBROOT; - global $SERVERROOT; - global $userManager; + public static function showNavigation(){ + global $WEBROOT; + global $SERVERROOT; + echo(''); + echo(''); + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/index.php') echo(''); else echo(''); - echo('
'.$_SESSION['username'].'FilesFiles
'); - echo(''); - if ($_SERVER['SCRIPT_NAME']==$WEBROOT.'/index.php') echo(''); else echo(''); + foreach(OC_UTIL::$NAVIGATION as $NAVI) { + if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo(''); else echo(''); + } - foreach(OC_UTIL::$NAVIGATION as $NAVI) { - if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo(''); else echo(''); - } - - if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo(''); else echo(''); - if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo(''); else echo(''); - if ( $userManager::inGroup($_SESSION['username'], 'admin') ) { - if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo(''); else echo(''); - } - echo(''); - echo('
'.$_SESSION['username'].'FilesFiles'.$NAVI['name'].''.$NAVI['name'].''.$NAVI['name'].''.$NAVI['name'].'LogLogSettingsSettingsAdmin PanelAdmin PanelLogout
'); + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('Log'); else echo('Log'); + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('Settings'); else echo('Settings'); + if(OC_USER::ingroup($_SESSION['username'],'admin')){ + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo('Admin Panel'); else echo('Admin Panel'); } + echo('Logout'); + echo(''); + } /** diff --git a/inc/lib_config.php b/inc/lib_config.php index 8418cd574e7..ff4ead8b6be 100644 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -1,7 +1,5 @@ '; }else{ if(isset($_POST['changepass']) and $_POST['changepass']==1){ @@ -107,7 +95,7 @@ class OC_CONFIG { if(!isset($_POST['password2']) or empty($_POST['password2'])) $error.='retype password not set
'; if($_POST['password']<>$_POST['password2'] ) $error.='passwords are not the same
'; if(empty($error)){ - if(!$userManager::setpassword($_SESSION['username'],$_POST['password'])){ + if(!OC_USER::setpassword($_SESSION['username'],$_POST['password'])){ $error.='error while trying to set password
'; } } @@ -155,13 +143,11 @@ class OC_CONFIG { */ public static function writeAdminLisener(){ global $CONFIG_INSTALLED; - global $userManager; - $allow=false; if(!$CONFIG_INSTALLED){ $allow=true; - }elseif($userManager::isLoggedIn()){ - if($userManager::ingroup($_SESSION['username'],'admin')){ + }elseif(OC_USER::isLoggedIn()){ + if(OC_USER::ingroup($_SESSION['username'],'admin')){ $allow=true; } } @@ -184,7 +170,7 @@ class OC_CONFIG { $error=''; $FIRSTRUN=!$CONFIG_INSTALLED; if(!$FIRSTRUN){ - if(!$userManager::login($_SESSION['username'],$_POST['currentpassword'])){ + if(!OC_USER::login($_SESSION['username'],$_POST['currentpassword'])){ $error.='wrong password
'; } } @@ -262,15 +248,15 @@ class OC_CONFIG { } } if($FIRSTRUN){ - if(!$userManager::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !$userManager::login($_POST['adminlogin'],$_POST['adminpassword'])){ + if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){ $error.='error while trying to create the admin user
'; } - if($userManager::getgroupid('admin')==0){ - if(!$userManager::creategroup('admin')){ + if(OC_USER::getgroupid('admin')==0){ + if(!OC_USER::creategroup('admin')){ $error.='error while trying to create the admin group
'; } } - if(!$userManager::addtogroup($_POST['adminlogin'],'admin')){ + if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){ $error.='error while trying to add the admin user to the admin group
'; } } @@ -379,3 +365,6 @@ class OC_CONFIG { } } } +?> + + diff --git a/inc/lib_user.php b/inc/lib_user.php index 394377984cb..e20c5624f12 100755 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -21,6 +21,8 @@ * */ +global $CONFIG_BACKEND; + if ( !$CONFIG_INSTALLED ) { @@ -29,7 +31,7 @@ if ( !$CONFIG_INSTALLED ) { $_SESSION['username_clean'] = ''; } -// Cache the userid's an groupid's +//cache the userid's an groupid's if ( !isset($_SESSION['user_id_cache']) ) { $_SESSION['user_id_cache'] = array(); } @@ -37,98 +39,158 @@ if ( !isset($_SESSION['group_id_cache']) ) { $_SESSION['group_id_cache'] = array(); } +OC_USER::setBackend($CONFIG_BACKEND); + /** - * Class for user management + * Class for User Management * */ -abstract class OC_USER_ABSTRACT { +class OC_USER { + + // The backend used for user management + private static $_backend; /** - * Check if the login button is pressed and logg the user in - * - */ - abstract public static function loginLisener(); + * Set the User Authentication Module + */ + public static function setBackend($backend='database') { + if ( (null === $backend) OR (!is_string($backend)) ) { + $backend = 'database'; + } + + switch ( $backend ) { + case 'mysql': + case 'sqlite': + oc_require_once('inc/User/database.php'); + self::$_backend = new OC_USER_DATABASE(); + break; + case 'ldap': + oc_require_once('inc/User/ldap.php'); + self::$_backend = new OC_USER_LDAP(); + break; + default: + oc_require_once('inc/User/database.php'); + self::$_backend = new OC_USER_DATABASE(); + break; + } + } /** - * Try to create a new user - * - */ - abstract public static function createUser($username, $password); + * check if the login button is pressed and logg the user in + * + */ + public static function loginLisener() { + return self::$_backend->loginLisener(); + } /** - * Try to login a user - * - */ - abstract public static function login($username, $password); + * try to create a new user + * + */ + public static function createUser($username, $password) { + return self::$_backend->createUser($username, $password); + } /** - * Check if the logout button is pressed and logout the user - * - */ - abstract public static function logoutLisener(); + * try to login a user + * + */ + public static function login($username, $password) { + return self::$_backend->login($username, $password); + } /** - * Check if a user is logged in - * - */ - abstract public static function isLoggedIn(); + * check if the logout button is pressed and logout the user + * + */ + public static function logoutLisener() { + return self::$_backend->logoutLisener(); + } /** - * Try to create a new group - * - */ - abstract public static function createGroup($groupName); + * check if a user is logged in + * + */ + public static function isLoggedIn() { + return self::$_backend->isLoggedIn(); + } /** - * Get the ID of a user - * - */ - abstract public static function getUserId($username, $noCache=false); + * try to create a new group + * + */ + public static function createGroup($groupName) { + return self::$_backend->createGroup($groupName); + } /** - * Get the ID of a group - * - */ - abstract public static function getGroupId($groupName, $noCache=false); + * get the id of a user + * + */ + public static function getUserId($username, $noCache=false) { + return self::$_backend->getUserId($username, $noCache=false); + } /** - * Get the name of a group - * - */ - abstract public static function getGroupName($groupId, $noCache=false); + * get the id of a group + * + */ + public static function getGroupId($groupName, $noCache=false) { + return self::$_backend->getGroupId($groupName, $noCache=false); + } /** - * Check if a user belongs to a group - * - */ - abstract public static function inGroup($username, $groupName); + * get the name of a group + * + */ + public static function getGroupName($groupId, $noCache=false) { + return self::$_backend->getGroupName($groupId, $noCache=false); + } /** - * Add a user to a group - * - */ - abstract public static function addToGroup($username, $groupName); - - abstract public static function generatePassword(); + * check if a user belongs to a group + * + */ + public static function inGroup($username, $groupName) { + return self::$_backend->inGroup($username, $groupName); + } /** - * Get all groups the user belongs to - * - */ - abstract public static function getUserGroups($username); + * add a user to a group + * + */ + public static function addToGroup($username, $groupName) { + return self::$_backend->addToGroup($username, $groupName); + } + + public static function generatePassword() { + return uniqId(); + } /** - * Set the password of a user - * - */ - abstract public static function setPassword($username, $password); + * get all groups the user belongs to + * + */ + public static function getUserGroups($username) { + return self::$_backend->getUserGroups($username); + } /** - * Check the password of a user - * - */ - abstract public static function checkPassword($username, $password); + * set the password of a user + * + */ + public static function setPassword($username, $password) { + return self::$_backend->setPassword($username, $password); + } + + /** + * check the password of a user + * + */ + public static function checkPassword($username, $password) { + return self::$_backend->checkPassword($username, $password); + } } From ccd362108e67e3fc2647adebf2b7bef98081c728 Mon Sep 17 00:00:00 2001 From: "Aldo \"xoen\" Giambelluca" Date: Thu, 22 Jul 2010 23:42:18 +0200 Subject: [PATCH 09/10] Cleaned up and added some documentation --- inc/User/backend.php | 28 ++- inc/User/database.php | 393 +++++++++++++++++++++++------------------- inc/User/mod_auth.php | 186 +++++++++++--------- inc/lib_user.php | 113 +++++++----- 4 files changed, 412 insertions(+), 308 deletions(-) diff --git a/inc/User/backend.php b/inc/User/backend.php index a036f061443..b830859566e 100755 --- a/inc/User/backend.php +++ b/inc/User/backend.php @@ -26,13 +26,11 @@ /** * Base class for user management * - * @author Aldo "xoen" Giambelluca - * @author fabian */ abstract class OC_USER_BACKEND { /** - * Check if the login button is pressed and logg the user in + * Check if the login button is pressed and log the user in * */ abstract public static function loginLisener(); @@ -40,12 +38,16 @@ abstract class OC_USER_BACKEND { /** * Try to create a new user * + * @param string $username The username of the user to create + * @param string $password The password of the new user */ abstract public static function createUser($username, $password); /** * Try to login a user * + * @param string $username The username of the user to log in + * @param string $password The password of the user */ abstract public static function login($username, $password); @@ -56,7 +58,7 @@ abstract class OC_USER_BACKEND { abstract public static function logoutLisener(); /** - * Check if a user is logged in + * Check if some user is logged in * */ abstract public static function isLoggedIn(); @@ -64,36 +66,47 @@ abstract class OC_USER_BACKEND { /** * Try to create a new group * + * @param string $groupName The name of the group to create */ abstract public static function createGroup($groupName); /** * Get the ID of a user * + * @param string $username Name of the user to find the ID + * @param boolean $noCache If false the cache is used to find the ID */ abstract public static function getUserId($username, $noCache=false); /** * Get the ID of a group * + * @param string $groupName Name of the group to find the ID + * @param boolean $noCache If false the cache is used to find the ID */ abstract public static function getGroupId($groupName, $noCache=false); /** * Get the name of a group * + * @param string $groupId ID of the group + * @param boolean $noCache If false the cache is used to find the name of the group */ abstract public static function getGroupName($groupId, $noCache=false); /** * Check if a user belongs to a group * + * @param string $username Name of the user to check + * @param string $groupName Name of the group */ abstract public static function inGroup($username, $groupName); /** * Add a user to a group * + * @param string $username Name of the user to add to group + * @param string $groupName Name of the group in which add the user */ abstract public static function addToGroup($username, $groupName); @@ -105,18 +118,23 @@ abstract class OC_USER_BACKEND { /** * Get all groups the user belongs to * + * @param string $username Name of the user */ abstract public static function getUserGroups($username); /** * Set the password of a user * + * @param string $username User who password will be changed + * @param string $password The new password for the user */ abstract public static function setPassword($username, $password); /** - * Check the password of a user + * Check if the password of the user is correct * + * @param string $username Name of the user + * @param string $password Password of the user */ abstract public static function checkPassword($username, $password); diff --git a/inc/User/database.php b/inc/User/database.php index 13880f1f662..3fed76d7b02 100755 --- a/inc/User/database.php +++ b/inc/User/database.php @@ -32,281 +32,320 @@ oc_require_once('inc/User/backend.php'); class OC_USER_DATABASE extends OC_USER_BACKEND { /** - * check if the login button is pressed and logg the user in - * - */ + * Check if the login button is pressed and log the user in + * + */ public static function loginLisener(){ - if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){ - if(OC_USER::login($_POST['login'],$_POST['password'])){ + if ( isset($_POST['loginbutton']) AND isset($_POST['password']) AND isset($_POST['login']) ) { + if ( OC_USER::login($_POST['login'], $_POST['password']) ) { echo 1; - OC_LOG::event($_SESSION['username'],1,''); + OC_LOG::event($_SESSION['username'], 1, ''); echo 2; - if((isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') { - $url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; - }else{ - $url = "http://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; + if ( (isset($CONFIG_HTTPFORCESSL) AND $CONFIG_HTTPFORCESSL) + OR (isset($_SERVER['HTTPS']) AND ('on' == $_SERVER['HTTPS'])) ) { + $url = 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; + } else { + $url = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; } header("Location: $url"); die(); - }else{ + } else { return('error'); - } + } } return(''); } /** - * try to create a new user - * - */ - public static function createUser($username,$password){ + * Try to create a new user + * + * @param string $username The username of the user to create + * @param string $password The password of the new user + */ + public static function createUser($username, $password) { global $CONFIG_DBTABLEPREFIX; - if(OC_USER::getuserid($username,true)!=0){ - return false; - }else{ - $usernameclean=strtolower($username); - $password=sha1($password); - $username=OC_DB::escape($username); - $usernameclean=OC_DB::escape($usernameclean); - $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')"; - $result=OC_DB::query($query); - return ($result)?true:false; - } + // Check if the user already exists + if ( 0 != OC_USER::getUserId($username, true) ) { + return false; + } else { + $usernameClean = strToLower($username); + $password = sha1($password); + $username = OC_DB::escape($username); + $usernameClean = OC_DB::escape($usernameClean); + $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) " + . "VALUES ('$username', '$usernameClean', '$password')"; + $result = OC_DB::query($query); + return $result ? true : false; + } } - + /** - * try to login a user - * - */ + * Try to login a user + * + * @param string $username The username of the user to log in + * @param string $password The password of the user + */ public static function login($username,$password){ global $CONFIG_DBTABLEPREFIX; - $password=sha1($password); - $usernameclean=strtolower($username); - $username=OC_DB::escape($username); - $usernameclean=OC_DB::escape($usernameclean); - $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; - $result=OC_DB::select($query); - if(isset($result[0]) && isset($result[0]['user_id'])){ - $_SESSION['user_id']=$result[0]['user_id']; - $_SESSION['username']=$username; - $_SESSION['username_clean']=$usernameclean; + $password = sha1($password); + $usernameClean = strtolower($username); + $username = OC_DB::escape($username); + $usernameClean = OC_DB::escape($usernameClean); + $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users " + . "WHERE user_name_clean = '$usernameClean' AND user_password = '$password' LIMIT 1"; + $result = OC_DB::select($query); + if ( isset($result[0]) AND isset($result[0]['user_id']) ) { + $_SESSION['user_id'] = $result[0]['user_id']; + $_SESSION['username'] = $username; + $_SESSION['username_clean'] = $usernameClean; return true; - }else{ + } else { return false; } } - + /** - * check if the logout button is pressed and logout the user - * - */ - public static function logoutLisener(){ - if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ - OC_LOG::event($_SESSION['username'],2,''); - $_SESSION['user_id']=false; - $_SESSION['username']=''; - $_SESSION['username_clean']=''; + * Check if the logout button is pressed and logout the user + * + */ + public static function logoutLisener() { + if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { + OC_LOG::event($_SESSION['username'], 2, ''); + $_SESSION['user_id'] = false; + $_SESSION['username'] = ''; + $_SESSION['username_clean'] = ''; } } - + /** - * check if a user is logged in - * - */ - public static function isLoggedIn(){ - return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false; - } - - /** - * try to create a new group - * - */ - public static function createGroup($groupname){ - global $CONFIG_DBTABLEPREFIX; - if(OC_USER::getgroupid($groupname,true)==0){ - $groupname=OC_DB::escape($groupname); - $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupname')"; - $result=OC_DB::query($query); - return ($result)?true:false; - }else{ + * Check if the user is logged in + * + */ + public static function isLoggedIn() { + if ( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) { + return true; + } else { return false; } } - + /** - * get the id of a user - * - */ - public static function getUserId($username,$nocache=false){ + * Try to create a new group + * + * @param string $groupName The name of the group to create + */ + public static function createGroup($groupName) { global $CONFIG_DBTABLEPREFIX; - $usernameclean=strtolower($username); - if(!$nocache and isset($_SESSION['user_id_cache'][$usernameclean])){//try to use cached value to save an sql query - return $_SESSION['user_id_cache'][$usernameclean]; + + if ( 0 == OC_USER::getGroupId($groupName, true) ) { + $groupName = OC_DB::escape($groupName); + $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupName')"; + $result = OC_DB::query($query); + return $result ? true : false; + } else { + return false; } - $usernameclean=OC_DB::escape($usernameclean); - $query="SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean'"; - $result=OC_DB::select($query); - if(!is_array($result)){ + } + + /** + * Get the ID of a user + * + * @param string $username Name of the user to find the ID + * @param boolean $noCache If false the cache is used to find the ID + */ + public static function getUserId($username, $noCache=false) { + global $CONFIG_DBTABLEPREFIX; + + $usernameClean = strToLower($username); + // Try to use cached value to avoid an SQL query + if ( !$noCache AND isset($_SESSION['user_id_cache'][$usernameClean]) ) { + return $_SESSION['user_id_cache'][$usernameClean]; + } + $usernameClean = OC_DB::escape($usernameClean); + $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameClean'"; + $result = OC_DB::select($query); + if ( !is_array($result) ) { return 0; } - if(isset($result[0]) && isset($result[0]['user_id'])){ - $_SESSION['user_id_cache'][$usernameclean]=$result[0]['user_id']; + if ( isset($result[0]) AND isset($result[0]['user_id']) ) { + $_SESSION['user_id_cache'][$usernameClean] = $result[0]['user_id']; return $result[0]['user_id']; - }else{ + } else { return 0; } } - + /** - * get the id of a group - * - */ - public static function getGroupId($groupname,$nocache=false){ + * Get the ID of a group + * + * @param string $groupName Name of the group to find the ID + * @param boolean $noCache If false the cache is used to find the ID + */ + public static function getGroupId($groupName, $noCache=false) { global $CONFIG_DBTABLEPREFIX; - if(!$nocache and isset($_SESSION['group_id_cache'][$groupname])){//try to use cached value to save an sql query - return $_SESSION['group_id_cache'][$groupname]; + + // Try to use cached value to avoid an SQL query + if ( !$noCache AND isset($_SESSION['group_id_cache'][$groupName]) ) { + return $_SESSION['group_id_cache'][$groupName]; } - $groupname=OC_DB::escape($groupname); - $query="SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupname'"; - $result=OC_DB::select($query); - if(!is_array($result)){ + $groupName = OC_DB::escape($groupName); + $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupName'"; + $result = OC_DB::select($query); + if ( !is_array($result) ) { return 0; } - if(isset($result[0]) && isset($result[0]['group_id'])){ - $_SESSION['group_id_cache'][$groupname]=$result[0]['group_id']; + if ( isset($result[0]) AND isset($result[0]['group_id']) ){ + $_SESSION['group_id_cache'][$groupName] = $result[0]['group_id']; return $result[0]['group_id']; - }else{ + } else { return 0; } } - + /** - * get the name of a group - * - */ - public static function getGroupName($groupid,$nocache=false){ + * Get the name of a group + * + * @param string $groupId ID of the group + * @param boolean $noCache If false the cache is used to find the name of the group + */ + public static function getGroupName($groupId, $noCache=false) { global $CONFIG_DBTABLEPREFIX; - if($nocache and $name=array_search($groupid,$_SESSION['group_id_cache'])){//try to use cached value to save an sql query + + // Try to use cached value to avoid an sql query + if ( !$noCache AND ($name = array_search($groupId, $_SESSION['group_id_cache'])) ) { return $name; } - $groupid=(integer)$groupid; - $query="SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupid' LIMIT 1"; - $result=OC_DB::select($query); - if(isset($result[0]) && isset($result[0]['group_name'])){ + $groupId = (integer)$groupId; + $query = "SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupId' LIMIT 1"; + $result = OC_DB::select($query); + if ( isset($result[0]) AND isset($result[0]['group_name']) ) { return $result[0]['group_name']; - }else{ + } else { return 0; } } - + /** - * check if a user belongs to a group - * - */ - public static function inGroup($username,$groupname){ + * Check if a user belongs to a group + * + * @param string $username Name of the user to check + * @param string $groupName Name of the group + */ + public static function inGroup($username,$groupName) { global $CONFIG_DBTABLEPREFIX; - $userid=OC_USER::getuserid($username); - $groupid=OC_USER::getgroupid($groupname); - if($groupid>0 and $userid>0){ - $query="SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupid' AND user_id = '$userid';"; - $result=OC_DB::select($query); - if(isset($result[0]) && isset($result[0]['user_group_id'])){ + $userId = OC_USER::getuserid($username); + $groupId = OC_USER::getgroupid($groupName); + if ( ($groupId > 0) AND ($userId > 0) ) { + $query = "SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupId' AND user_id = '$userId';"; + $result = OC_DB::select($query); + if ( isset($result[0]) AND isset($result[0]['user_group_id']) ) { return true; - }else{ + } else { return false; } - }else{ + } else { return false; } } - + /** - * add a user to a group - * - */ - public static function addToGroup($username,$groupname){ + * Add a user to a group + * + * @param string $username Name of the user to add to group + * @param string $groupName Name of the group in which add the user + */ + public static function addToGroup($username, $groupName) { global $CONFIG_DBTABLEPREFIX; - if(!OC_USER::ingroup($username,$groupname)){ - $userid=OC_USER::getuserid($username); - $groupid=OC_USER::getgroupid($groupname); - if($groupid!=0 and $userid!=0){ - $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');"; - $result=OC_DB::query($query); - if($result){ + if ( !OC_USER::inGroup($username, $groupName) ) { + $userId = OC_USER::getUserId($username); + $groupId = OC_USER::getGroupId($groupName); + if ( (0 != $groupId) AND (0 != $userId) ) { + $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userId', '$groupId');"; + $result = OC_DB::query($query); + if ( $result ) { return true; - }else{ + } else { return false; } - }else{ + } else { return false; } - }else{ + } else { return true; } } - + + /** + * Generate a random password + */ public static function generatePassword(){ - return uniqid(); + return uniqId(); } /** - * get all groups the user belongs to - * - */ - public static function getUserGroups($username){ + * Get all groups the user belongs to + * + * @param string $username Name of the user + */ + public static function getUserGroups($username) { global $CONFIG_DBTABLEPREFIX; - $userid=OC_USER::getuserid($username); - $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userid'"; - $result=OC_DB::select($query); - $groups=array(); - if(is_array($result)){ - foreach($result as $group){ - $groupid=$group['group_id']; - $groups[]=OC_USER::getgroupname($groupid); + $userId = OC_USER::getUserId($username); + $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userId'"; + $result = OC_DB::select($query); + $groups = array(); + if ( is_array($result) ) { + foreach ( $result as $group ) { + $groupId = $group['group_id']; + $groups[] = OC_USER::getGroupName($groupId); } } return $groups; } - + /** - * set the password of a user - * - */ - public static function setPassword($username,$password){ + * Set the password of a user + * + * @param string $username User who password will be changed + * @param string $password The new password for the user + */ + public static function setPassword($username, $password) { global $CONFIG_DBTABLEPREFIX; - $password=sha1($password); - $userid=OC_USER::getuserid($username); - $query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userid'"; - $result=OC_DB::query($query); - if($result){ + $password = sha1($password); + $userId = OC_USER::getUserId($username); + $query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userId'"; + $result = OC_DB::query($query); + if ( $result ) { return true; - }else{ + } else { return false; } } /** - * check the password of a user - * - */ - public static function checkPassword($username,$password){ + * Check if the password of the user is correct + * + * @param string $username Name of the user + * @param string $password Password of the user + */ + public static function checkPassword($username, $password) { global $CONFIG_DBTABLEPREFIX; - $password=sha1($password); - $usernameclean=strtolower($username); - $username=OC_DB::escape($username); - $usernameclean=OC_DB::escape($usernameclean); - $query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; - $result=OC_DB::select($query); - if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){ + $password = sha1($password); + $usernameClean = strToLower($username); + $usernameClean = OC_DB::escape($usernameClean); + $username = OC_DB::escape($username); + $query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' " + . "WHERE user_name_clean = '$usernameClean' AND user_password = '$password' LIMIT 1"; + $result = OC_DB::select($query); + if ( isset($result[0]) AND isset($result[0]['user_id']) AND ($result[0]['user_id'] > 0) ) { return true; - }else{ + } else { return false; } } diff --git a/inc/User/mod_auth.php b/inc/User/mod_auth.php index 0595e74024b..a037d8abf2c 100755 --- a/inc/User/mod_auth.php +++ b/inc/User/mod_auth.php @@ -32,147 +32,169 @@ oc_require_once('inc/User/backend.php'); class OC_USER_MOD_AUTH extends OC_USER_BACKEND { /** - * check if the login button is pressed and logg the user in - * - */ - public static function loginLisener(){ + * Check if the login button is pressed and log the user in + * + */ + public static function loginLisener() { return(''); } /** - * try to create a new user - * - */ - public static function createUser($username,$password){ + * Try to create a new user + * + * @param string $username The username of the user to create + * @param string $password The password of the new user + */ + public static function createUser($username, $password) { return false; } /** - * try to login a user - * - */ - public static function login($username,$password){ - if (isset($_SERVER["PHP_AUTH_USER"]) && $_SERVER["PHP_AUTH_USER"] != "") { - $_SESSION['user_id']= $_SERVER["PHP_AUTH_USER"]; - $_SESSION['username']= $_SERVER["PHP_AUTH_USER"]; - $_SESSION['username_clean']= $_SERVER["PHP_AUTH_USER"]; + * Try to login a user + * + * @param string $username The username of the user to log in + * @param string $password The password of the user + */ + public static function login($username, $password) { + if ( isset($_SERVER['PHP_AUTH_USER']) AND ('' != $_SERVER['PHP_AUTH_USER']) ) { + $_SESSION['user_id'] = $_SERVER['PHP_AUTH_USER']; + $_SESSION['username'] = $_SERVER['PHP_AUTH_USER']; + $_SESSION['username_clean'] = $_SERVER['PHP_AUTH_USER']; return true; } return false; } - + /** - * check if the logout button is pressed and logout the user - * - */ - public static function logoutLisener(){ - if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ + * Check if the logout button is pressed and logout the user + * + */ + public static function logoutLisener() { + if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { header('WWW-Authenticate: Basic realm="ownCloud"'); header('HTTP/1.0 401 Unauthorized'); die('401 Unauthorized'); } } - + /** - * check if a user is logged in - * - */ + * Check if the user is logged in + * + */ public static function isLoggedIn(){ - if (isset($_SESSION['user_id']) && $_SESSION['user_id']) { + if ( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) { return true; - } - else { - if (isset($_SERVER["PHP_AUTH_USER"]) && $_SERVER["PHP_AUTH_USER"] != "") { - $_SESSION['user_id']= $_SERVER["PHP_AUTH_USER"]; - $_SESSION['username']= $_SERVER["PHP_AUTH_USER"]; - $_SESSION['username_clean']= $_SERVER["PHP_AUTH_USER"]; + } else { + if ( isset($_SERVER['PHP_AUTH_USER']) AND ('' != $_SERVER["PHP_AUTH_USER"]) ) { + $_SESSION['user_id'] = $_SERVER['PHP_AUTH_USER']; + $_SESSION['username'] = $_SERVER['PHP_AUTH_USER']; + $_SESSION['username_clean'] = $_SERVER['PHP_AUTH_USER']; return true; } } return false; } - + /** - * try to create a new group - * - */ - public static function createGroup($groupname){ + * Try to create a new group + * + * @param string $groupName The name of the group to create + */ + public static function createGroup($groupName) { // does not work with MOD_AUTH (only or some modules) return false; } - + /** - * get the id of a user - * - */ - public static function getUserId($username,$nocache=false){ + * Get the ID of a user + * + * @param string $username Name of the user to find the ID + * @param boolean $noCache If false the cache is used to find the ID + */ + public static function getUserId($username, $noCache=false) { // does not work with MOD_AUTH (only or some modules) return 0; } - + /** - * get the id of a group - * - */ - public static function getGroupId($groupname,$nocache=false){ + * Get the ID of a group + * + * @param string $groupName Name of the group to find the ID + * @param boolean $noCache If false the cache is used to find the ID + */ + public static function getGroupId($groupName, $noCache=false) { // does not work with MOD_AUTH (only or some modules) return 0; } - + /** - * get the name of a group - * - */ - public static function getGroupName($groupid,$nocache=false){ + * Get the name of a group + * + * @param string $groupId ID of the group + * @param boolean $noCache If false the cache is used to find the name of the group + */ + public static function getGroupName($groupId, $noCache=false) { // does not work with MOD_AUTH (only or some modules) return 0; } - + /** - * check if a user belongs to a group - * - */ - public static function inGroup($username,$groupname){ + * Check if a user belongs to a group + * + * @param string $username Name of the user to check + * @param string $groupName Name of the group + */ + public static function inGroup($username, $groupName) { // does not work with MOD_AUTH (only or some modules) return false; } - + /** - * add a user to a group - * - */ - public static function addToGroup($username,$groupname){ + * Add a user to a group + * + * @param string $username Name of the user to add to group + * @param string $groupName Name of the group in which add the user + */ + public static function addToGroup($username, $groupName) { // does not work with MOD_AUTH (only or some modules) return false; } - - public static function generatePassword(){ - return uniqid(); - } - + /** - * get all groups the user belongs to - * - */ - public static function getUserGroups($username){ + * Generate a random password + */ + public static function generatePassword() { + return uniqId(); + } + + /** + * Get all groups the user belongs to + * + * @param string $username Name of the user + */ + public static function getUserGroups($username) { // does not work with MOD_AUTH (only or some modules) $groups=array(); return $groups; } - + /** - * set the password of a user - * - */ - public static function setPassword($username,$password){ + * Set the password of a user + * + * @param string $username User who password will be changed + * @param string $password The new password for the user + */ + public static function setPassword($username, $password) { return false; } - + /** - * check the password of a user - * - */ - public static function checkPassword($username,$password){ + * Check if the password of the user is correct + * + * @param string $username Name of the user + * @param string $password Password of the user + */ + public static function checkPassword($username, $password) { // does not work with MOD_AUTH (only or some modules) return false; } diff --git a/inc/lib_user.php b/inc/lib_user.php index e20c5624f12..0f7c01b3818 100755 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -53,8 +53,10 @@ class OC_USER { private static $_backend; /** - * Set the User Authentication Module - */ + * Set the User Authentication Module + * + * @param string $backend The backend to use for user managment + */ public static function setBackend($backend='database') { if ( (null === $backend) OR (!is_string($backend)) ) { $backend = 'database'; @@ -78,117 +80,140 @@ class OC_USER { } /** - * check if the login button is pressed and logg the user in - * - */ + * Check if the login button is pressed and log the user in + * + */ public static function loginLisener() { return self::$_backend->loginLisener(); } /** - * try to create a new user - * - */ + * Try to create a new user + * + * @param string $username The username of the user to create + * @param string $password The password of the new user + */ public static function createUser($username, $password) { return self::$_backend->createUser($username, $password); } /** - * try to login a user - * - */ + * Try to login a user + * + * @param string $username The username of the user to log in + * @param string $password The password of the user + */ public static function login($username, $password) { return self::$_backend->login($username, $password); } /** - * check if the logout button is pressed and logout the user - * - */ + * Check if the logout button is pressed and logout the user + * + */ public static function logoutLisener() { return self::$_backend->logoutLisener(); } /** - * check if a user is logged in - * - */ + * Check if the user is logged in + * + */ public static function isLoggedIn() { return self::$_backend->isLoggedIn(); } /** - * try to create a new group - * - */ + * Try to create a new group + * + * @param string $groupName The name of the group to create + */ public static function createGroup($groupName) { return self::$_backend->createGroup($groupName); } /** - * get the id of a user - * - */ + * Get the ID of a user + * + * @param string $username Name of the user to find the ID + * @param boolean $noCache If false the cache is used to find the ID + */ public static function getUserId($username, $noCache=false) { return self::$_backend->getUserId($username, $noCache=false); } /** - * get the id of a group - * - */ + * Get the ID of a group + * + * @param string $groupName Name of the group to find the ID + * @param boolean $noCache If false the cache is used to find the ID + */ public static function getGroupId($groupName, $noCache=false) { return self::$_backend->getGroupId($groupName, $noCache=false); } /** - * get the name of a group - * - */ + * Get the name of a group + * + * @param string $groupId ID of the group + * @param boolean $noCache If false the cache is used to find the name of the group + */ public static function getGroupName($groupId, $noCache=false) { return self::$_backend->getGroupName($groupId, $noCache=false); } /** - * check if a user belongs to a group - * - */ + * Check if a user belongs to a group + * + * @param string $username Name of the user to check + * @param string $groupName Name of the group + */ public static function inGroup($username, $groupName) { return self::$_backend->inGroup($username, $groupName); } /** - * add a user to a group - * - */ + * Add a user to a group + * + * @param string $username Name of the user to add to group + * @param string $groupName Name of the group in which add the user + */ public static function addToGroup($username, $groupName) { return self::$_backend->addToGroup($username, $groupName); } + /** + * Generate a random password + */ public static function generatePassword() { return uniqId(); } /** - * get all groups the user belongs to - * - */ + * Get all groups the user belongs to + * + * @param string $username Name of the user + */ public static function getUserGroups($username) { return self::$_backend->getUserGroups($username); } /** - * set the password of a user - * - */ + * Set the password of a user + * + * @param string $username User who password will be changed + * @param string $password The new password for the user + */ public static function setPassword($username, $password) { return self::$_backend->setPassword($username, $password); } /** - * check the password of a user - * - */ + * Check if the password of the user is correct + * + * @param string $username Name of the user + * @param string $password Password of the user + */ public static function checkPassword($username, $password) { return self::$_backend->checkPassword($username, $password); } From 11664f3153c86cefc2c366156234f9530777aab3 Mon Sep 17 00:00:00 2001 From: "Aldo \"xoen\" Giambelluca" Date: Fri, 23 Jul 2010 00:48:45 +0200 Subject: [PATCH 10/10] Moved LDAP authentication into a plugin Used the current plugin system to define `USER_OC_LDAP` class that can be used as backend for OC_USER --- inc/User/ldap.php | 29 ------------- inc/lib_base.php | 42 ++++++++++++------- inc/lib_user.php | 11 +++-- .../mod_auth.php => plugins/ldap/lib_ldap.php | 2 +- 4 files changed, 33 insertions(+), 51 deletions(-) delete mode 100755 inc/User/ldap.php rename inc/User/mod_auth.php => plugins/ldap/lib_ldap.php (99%) diff --git a/inc/User/ldap.php b/inc/User/ldap.php deleted file mode 100755 index c91f900342e..00000000000 --- a/inc/User/ldap.php +++ /dev/null @@ -1,29 +0,0 @@ -. -* -*/ - -oc_require_once('inc/User/mod_auth.php'); - - - -class OC_USER_LDAP extends OC_USER_MOD_AUTH { -} diff --git a/inc/lib_base.php b/inc/lib_base.php index df6df15cc23..d0b25834421 100755 --- a/inc/lib_base.php +++ b/inc/lib_base.php @@ -110,21 +110,6 @@ if(OC_USER::isLoggedIn()){ OC_FILESYSTEM::mount($rootStorage,'/'); } -// load plugins -$CONFIG_LOADPLUGINS='all'; -if ($CONFIG_LOADPLUGINS != 'all') - $plugins=explode(' ',$CONFIG_LOADPLUGINS); -else{ - $plugins=array(); - $fd=opendir($SERVERROOT.'/plugins'); - while (($filename = readdir($fd)) !== false) { - if($filename<>'.' and $filename<>'..' and substr($filename,0,1)!='.'){ - $plugins[]=$filename; - } - } - closedir($fd); -} -if(isset($plugins[0])) foreach($plugins as $plugin) require_once($SERVERROOT.'/plugins/'.$plugin.'/lib_'.$plugin.'.php'); // check if the server is correctly configured for ownCloud @@ -305,6 +290,33 @@ class OC_UTIL { } } + /** + * Load the plugins + */ + public static function loadPlugins() { + global $CONFIG_LOADPLUGINS; + global $SERVERROOT; + + $CONFIG_LOADPLUGINS = 'all'; + if ( 'all' !== $CONFIG_LOADPLUGINS ) { + $plugins = explode(' ', $CONFIG_LOADPLUGINS); + } else { + $plugins = array(); + $fd = opendir($SERVERROOT . '/plugins'); + while ( false !== ($filename = readdir($fd)) ) { + if ( $filename<>'.' AND $filename<>'..' AND ('.' != substr($filename, 0, 1)) ) { + $plugins[] = $filename; + } + } + closedir($fd); + } + if ( isset($plugins[0]) ) { + foreach ( $plugins as $plugin ) { + oc_require_once('/plugins/' . $plugin . '/lib_' . $plugin . '.php'); + } + } + } + } diff --git a/inc/lib_user.php b/inc/lib_user.php index 0f7c01b3818..1d0cb86c6a7 100755 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -23,6 +23,8 @@ global $CONFIG_BACKEND; +OC_UTIL::loadPlugins(); + if ( !$CONFIG_INSTALLED ) { @@ -63,18 +65,15 @@ class OC_USER { } switch ( $backend ) { + case 'database': case 'mysql': case 'sqlite': oc_require_once('inc/User/database.php'); self::$_backend = new OC_USER_DATABASE(); break; - case 'ldap': - oc_require_once('inc/User/ldap.php'); - self::$_backend = new OC_USER_LDAP(); - break; default: - oc_require_once('inc/User/database.php'); - self::$_backend = new OC_USER_DATABASE(); + $className = 'OC_USER_' . strToUpper($backend); + self::$_backend = new $className(); break; } } diff --git a/inc/User/mod_auth.php b/plugins/ldap/lib_ldap.php similarity index 99% rename from inc/User/mod_auth.php rename to plugins/ldap/lib_ldap.php index a037d8abf2c..2105ed2464e 100755 --- a/inc/User/mod_auth.php +++ b/plugins/ldap/lib_ldap.php @@ -29,7 +29,7 @@ oc_require_once('inc/User/backend.php'); * Class for user management * */ -class OC_USER_MOD_AUTH extends OC_USER_BACKEND { +class OC_USER_LDAP extends OC_USER_BACKEND { /** * Check if the login button is pressed and log the user in