From 947c569779940c04c3989d900d3092d327530c52 Mon Sep 17 00:00:00 2001 From: Robin Date: Tue, 20 Apr 2010 17:36:38 +0200 Subject: [PATCH 01/16] css fixes --- css/default.php | 91 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/css/default.php b/css/default.php index dd1ad09b015..4d15ef6d6d4 100755 --- a/css/default.php +++ b/css/default.php @@ -46,6 +46,7 @@ html,body { } body.error {background-color: #F0F0F0;} +td.error{color:#FF0000; text-align:center} body,th,td,ul,li,a,div,p,pre {color:#333333; font-family:Verdana,"Bitstream Vera Sans",Arial,Helvetica,Sans,"Bitstream Vera Serif"; font-size:9.0pt;} a img { @@ -220,6 +221,7 @@ div.breadcrumb{ } div.fileactionlist{ + z-index:50; position:absolute; background-color: #DDDDDD; margin-top:5px; @@ -260,6 +262,12 @@ td.sizetext{ text-align:right; } + +input.fileSelector{ + margin-right:17px; + float:left; +} + td.fileSelector, td.fileicon{ width:16px; } @@ -287,6 +295,7 @@ div.fileList{ height:100%; min-height:200px; top:0px; + } div.fileList table{ @@ -321,4 +330,86 @@ table.browser thead td,table.browser tfoot td{ tr.hint, tr.hint td{ background:transparent; +} + +#debug{ + position:fixed; + bottom:20px; + left:20px; + border:solid 1px black; +} + +.dragClone{ + position:absolute; +} + +div.breadcrumb{ + float:left; + background:transparent; +} + +div.moreActionsButton>p{ + padding:0px; + margin:0px; + width:100%; + height:100%; +} + +div.moreActionsButton{ + background-color:white; + display:inline; + border:1px solid black; + cursor:pointer; + padding-right:10px; + text-align:right; + width:90px; + height:19px; + float:right; + margin-top:2px !important; + right:2px; + position:absolute; + background:#DDD url(/img/arrow_up.png) no-repeat scroll center right; +} + +td.moreActionsButtonClicked{ + background:#DDD url(/img/arrow_down.png) no-repeat scroll center right !important +} + +tr.utilityline{ + height:24px; +} + +td.actionsSelected{ + position:absolute; + width:790px; +} + +div.moreActionsList{ + background:#EEE; + position:absolute; + bottom:19px; + right:-2px; + border:1px solid black; + min-width:330px; + text-align:right; + float:right; +} + +div.moreActionsList input{ + +} + +div.moreActionsList>table{ + width:100%; +} + +div.moreActionsList td{ + width:300px; + text-align:right; + padding-top:3px !important; + padding-bottom:3px !important; +} + +div.moreActionsList tr:hover{ + background-color:#DDD; } \ No newline at end of file From 643e3726b4b728e2acdde9ce54b730e17ad4afd0 Mon Sep 17 00:00:00 2001 From: Robin Date: Wed, 21 Apr 2010 00:25:34 +0200 Subject: [PATCH 02/16] create data directory if it doesn't exist --- inc/lib_config.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/inc/lib_config.php b/inc/lib_config.php index a3270ab41b3..1c6ba09fbd5 100755 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -62,6 +62,13 @@ class OC_CONFIG{ $_POST['dbpassword']=$CONFIG_DBPASSWORD; } } + if(!is_dir($_POST['datadirectory'])){ + try{ + mkdir($_POST['datadirectory']); + }catch(Exception $e){ + $error.='error while trying to create data directory
'; + } + } if(empty($error)) { //create/fill database $CONFIG_DBTYPE=$dbtype; From 6b5bd8134131c4573f81cfe43fc9bbbe8fb35c05 Mon Sep 17 00:00:00 2001 From: Robin Date: Thu, 22 Apr 2010 19:03:54 +0200 Subject: [PATCH 03/16] (very) early multiuser support --- inc/lib_base.php | 86 ++++++++--------- inc/lib_config.php | 44 ++++++++- inc/lib_user.php | 197 +++++++++++++++++++++++++++++++++++++++ inc/templates/header.php | 6 +- 4 files changed, 283 insertions(+), 50 deletions(-) create mode 100644 inc/lib_user.php diff --git a/inc/lib_base.php b/inc/lib_base.php index e4309261709..4f58f946c92 100755 --- a/inc/lib_base.php +++ b/inc/lib_base.php @@ -43,8 +43,7 @@ if($WEBROOT{0}!=='/'){ set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config'); // define default config values -$CONFIG_ADMINLOGIN=''; -$CONFIG_ADMINPASSWORD=''; +$CONFIG_INSTALLED=false; $CONFIG_DATADIRECTORY=$SERVERROOT.'/data'; $CONFIG_HTTPFORCESSL=false; $CONFIG_DATEFORMAT='j M Y G:i'; @@ -67,9 +66,18 @@ if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){ require_once('lib_files.php'); require_once('lib_log.php'); require_once('lib_config.php'); +require_once('lib_user.php'); + +if(OC_USER::isLoggedIn()){ + //jail the user in a seperate data folder + $CONFIG_DATADIRECTORY=$SERVERROOT.'/data/'.$_SESSION['username_clean']; + if(!is_dir($CONFIG_DATADIRECTORY)){ + mkdir($CONFIG_DATADIRECTORY); + } +} // load plugins -$CONFIG_LOADPLUGINS='music'; +$CONFIG_LOADPLUGINS=''; $plugins=explode(' ',$CONFIG_LOADPLUGINS); if(isset($plugins[0]['url'])) foreach($plugins as $plugin) require_once('plugins/'.$plugin.'/lib_'.$plugin.'.php'); @@ -81,46 +89,6 @@ OC_UTIL::checkserver(); OC_USER::logoutlisener(); $loginresult=OC_USER::loginlisener(); - -/** - * Class for usermanagement - * - */ -class OC_USER { - - /** - * check if the login button is pressed and logg the user in - * - */ - public static function loginlisener(){ - global $CONFIG_ADMINLOGIN; - global $CONFIG_ADMINPASSWORD; - if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){ - if($_POST['login']==$CONFIG_ADMINLOGIN and $_POST['password']==$CONFIG_ADMINPASSWORD){ - $_SESSION['username']=$_POST['login']; - OC_LOG::event($_SESSION['username'],1,''); - return(''); - }else{ - return('error'); - } - } - return(''); - } - - /** - * check if the logout button is pressed and logout the user - * - */ - public static function logoutlisener(){ - if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ - OC_LOG::event($_SESSION['username'],2,''); - unset($_SESSION['username']); - } - } - -} - - /** * Class for utility functions * @@ -204,8 +172,10 @@ class OC_UTIL { if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo(''.$NAVI['name'].''); else echo(''.$NAVI['name'].''); } - if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('Log'); else echo('Log'); - if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('Settings'); else echo('Settings'); + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('Log'); else echo('Log'); + if(OC_USER::ingroup($_SESSION['username'],'admin')){ + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('Settings'); else echo('Settings'); + } echo('Logout'); echo(''); } @@ -284,6 +254,32 @@ class OC_DB { return $result; } + /** + * executes a query on the database and returns the result in an array + * + * @param string $cmd + * @return result-set + */ + static function select($cmd) { + global $CONFIG_DBTYPE; + $result=OC_DB::query($cmd); + if($result){ + $data=array(); + if($CONFIG_DBTYPE=='sqlite'){ + while($row=$result->fetch(SQLITE_ASSOC)){ + $data[]=$row; + } + }elseif($CONFIG_DBTYPE=='mysql'){ + while($row=$result->fetch_array(MYSQLI_ASSOC)){ + $data[]=$row; + } + } + return $data; + }else{ + return false; + } + } + /** * executes multiply queries on the database * diff --git a/inc/lib_config.php b/inc/lib_config.php index 1c6ba09fbd5..0522ef3862f 100755 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -99,10 +99,25 @@ class OC_CONFIG{ $error.='error while trying to fill the database
'; } + if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){ + $error.='error while trying to create the admin user
'; + } + + if(OC_USER::getgroupid('admin')==0){ + if(!OC_USER::creategroup('admin')){ + $error.='error while trying to create the admin group
'; + } + } + + if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){ + $error.='error while trying to add the admin user to the admin group
'; + } + //storedata $config='. +* +*/ + +/** + * Class for usermanagement + * + */ +class OC_USER { + + /** + * check if the login button is pressed and logg the user in + * + */ + public static function loginlisener(){ + global $CONFIG_ADMINLOGIN; + global $CONFIG_ADMINPASSWORD; + if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){ + if(OC_USER::login($_POST['login'],$_POST['password'])){ + OC_LOG::event($_SESSION['username'],1,''); + return(''); + }else{ + return('error'); + } + } + return(''); + } + + /** + * try to create a new user + * + */ + public static function createuser($username,$password){ + if(OC_USER::getuserid($username)!=0){ + return false; + }else{ + $password=sha1($password); + $usernameclean=strtolower($username); + $username=mysql_escape_string($username); + $usernameclean=mysql_escape_string($usernameclean); + $query="INSERT INTO `users` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`)VALUES (NULL , '$username', '$usernameclean', '$password')"; + $result=OC_DB::query($query); + return ($result)?true:false; + } + + } + + /** + * try to login a user + * + */ + public static function login($username,$password){ + $password=sha1($password); + $usernameclean=strtolower($username); + $username=mysql_escape_string($username); + $usernameclean=mysql_escape_string($usernameclean); + $query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' AND `user_password` = '$password' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_id'])){ + $_SESSION['user_id']=$result[0]['user_id']; + $_SESSION['username']=$username; + $_SESSION['username_clean']=$usernameclean; + return true; + }else{ + return false; + } + } + + /** + * check if the logout button is pressed and logout the user + * + */ + public static function logoutlisener(){ + if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ + OC_LOG::event($_SESSION['username'],2,''); + $_SESSION['user_id']=false; + $_SESSION['username']=''; + $_SESSION['username_clean']=''; + } + } + + /** + * check if a user is logged in + * + */ + public static function isLoggedIn(){ + return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false; + } + + /** + * try to create a new group + * + */ + public static function creategroup($groupname){ + if(OC_USER::getgroupid($groupname)==0){ + $groupname=mysql_escape_string($groupname); + $query="INSERT INTO `groups` (`group_id` ,`group_name`) VALUES (NULL , '$groupname');"; + $result=OC_DB::query($query); + return ($result)?true:false; + }else{ + return false; + } + } + + /** + * get the id of a user + * + */ + public static function getuserid($username){ + $usernameclean=strtolower($username); + $username=mysql_escape_string($username); + $usernameclean=mysql_escape_string($usernameclean); + $query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_id'])){ + return $result[0]['user_id']; + }else{ + return 0; + } + } + + /** + * get the id of a group + * + */ + public static function getgroupid($groupname){ + $groupname=mysql_escape_string($groupname); + $query="SELECT group_id FROM `groups` WHERE `group_name` = '$groupname' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['group_id'])){ + return $result[0]['group_id']; + }else{ + return 0; + } + } + + /** + * check if a user belongs to a group + * + */ + public static function ingroup($username,$groupname){ + $userid=OC_USER::getuserid($username); + $groupid=OC_USER::getgroupid($groupname); + $query="SELECT user_group_id FROM `user_group` WHERE `group_id` = '$groupid ' AND `user_id` = '$userid 'LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_group_id'])){ + return true; + }else{ + return false; + } + } + + /** + * add a user to a group + * + */ + public static function addtogroup($username,$groupname){ + if(!OC_USER::ingroup($username,$groupname)){ + $userid=OC_USER::getuserid($username); + $groupid=OC_USER::getgroupid($groupname); + if($groupid!=0 and $userid!=0){ + $query="INSERT INTO `user_group` (`user_group_id` ,`user_id` ,`group_id`) VALUES (NULL , '$userid', '$groupid');"; + $result=OC_DB::query($query); + if($result){ + return true; + }else{ + return false; + } + }else{ + return false; + } + }else{ + return true; + } + } +} + +?> \ No newline at end of file diff --git a/inc/templates/header.php b/inc/templates/header.php index c082ea8b3da..bd4ccaf35e3 100755 --- a/inc/templates/header.php +++ b/inc/templates/header.php @@ -4,7 +4,7 @@ ownCloud - + @@ -12,6 +12,7 @@ + '); From 07a8992a84c252ab10d6047e3de1ce16ac3c6b0b Mon Sep 17 00:00:00 2001 From: Robin Date: Thu, 22 Apr 2010 20:08:38 +0200 Subject: [PATCH 04/16] admins can now create new users --- inc/lib_config.php | 12 ++++++++++++ inc/lib_user.php | 7 +++++-- inc/templates/configform.php | 12 +++++++++++- inc/templates/header.php | 3 +++ 4 files changed, 31 insertions(+), 3 deletions(-) diff --git a/inc/lib_config.php b/inc/lib_config.php index 0522ef3862f..5fa6b5f7c64 100755 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -14,6 +14,18 @@ class OC_CONFIG{ require('templates/configform.php'); } + public static function createuserlisener(){ + if(isset($_POST['new_username']) and isset($_POST['new_password'])){ + if(OC_USER::createuser($_POST['new_username'],$_POST['new_password'])){ + return 'user successfully created'; + }else{ + return 'error while trying to create user'; + } + }else{ + return false; + } + } + /** * lisen for configuration changes and write it to the file * diff --git a/inc/lib_user.php b/inc/lib_user.php index eb515b92a00..e7855b5b7b3 100644 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -32,8 +32,6 @@ class OC_USER { * */ public static function loginlisener(){ - global $CONFIG_ADMINLOGIN; - global $CONFIG_ADMINPASSWORD; if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){ if(OC_USER::login($_POST['login'],$_POST['password'])){ OC_LOG::event($_SESSION['username'],1,''); @@ -45,6 +43,7 @@ class OC_USER { return(''); } + /** * try to create a new user * @@ -192,6 +191,10 @@ class OC_USER { return true; } } + + public static function generatepassword(){ + return uniqid(); + } } ?> \ No newline at end of file diff --git a/inc/templates/configform.php b/inc/templates/configform.php index 61217df2acf..ba946fc67b0 100755 --- a/inc/templates/configform.php +++ b/inc/templates/configform.php @@ -4,6 +4,7 @@ global $CONFIG_ERROR; if(!isset($fillDB)) $fillDB=true; if(!isset($CONFIG_DBHOST)) $CONFIG_DBHOST='localhost'; if(!isset($CONFIG_DBUSER)) $CONFIG_DBUSER='owncloud'; +$newuserpassword=OC_USER::generatepassword(); ?> \ No newline at end of file diff --git a/inc/templates/header.php b/inc/templates/header.php index bd4ccaf35e3..46c64bfd645 100755 --- a/inc/templates/header.php +++ b/inc/templates/header.php @@ -33,6 +33,9 @@ echo('

Date: Fri, 23 Apr 2010 00:05:04 +0200 Subject: [PATCH 05/16] change the config system to support multi user --- admin/index.php | 41 +++++ admin/index.php~ | 1 + inc/lib_base.php | 3 +- inc/lib_config.php | 344 +++++++++++++++++++++-------------- inc/lib_user.php | 67 +++++++ inc/templates/adminform.php | 106 +++++++++++ inc/templates/configform.php | 109 ++++------- inc/templates/header.php | 12 +- 8 files changed, 467 insertions(+), 216 deletions(-) create mode 100644 admin/index.php create mode 100644 admin/index.php~ create mode 100644 inc/templates/adminform.php diff --git a/admin/index.php b/admin/index.php new file mode 100644 index 00000000000..2331c22f062 --- /dev/null +++ b/admin/index.php @@ -0,0 +1,41 @@ +. +* +*/ + +$CONFIG_ERROR=''; + +require_once('../inc/lib_base.php'); + + +OC_UTIL::showheader(); + +$FIRSTRUN=false; + +echo('
'); +OC_CONFIG::showadminform(); +echo('
'); + + +OC_UTIL::showfooter(); + +?> + diff --git a/admin/index.php~ b/admin/index.php~ new file mode 100644 index 00000000000..8d1c8b69c3f --- /dev/null +++ b/admin/index.php~ @@ -0,0 +1 @@ + diff --git a/inc/lib_base.php b/inc/lib_base.php index 4f58f946c92..5a70db535db 100755 --- a/inc/lib_base.php +++ b/inc/lib_base.php @@ -173,8 +173,9 @@ class OC_UTIL { } if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('Log'); else echo('Log'); + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('Settings'); else echo('Settings'); if(OC_USER::ingroup($_SESSION['username'],'admin')){ - if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('Settings'); else echo('Settings'); + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo('Admin Panel'); else echo('Admin Panel'); } echo('Logout'); echo(''); diff --git a/inc/lib_config.php b/inc/lib_config.php index 5fa6b5f7c64..98099cad72a 100755 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -13,154 +13,230 @@ class OC_CONFIG{ global $CONFIG_DBNAME; require('templates/configform.php'); } + + /** + * show the configform + * + */ + public static function showadminform(){ + global $CONFIG_ADMINLOGIN; + global $CONFIG_ADMINPASSWORD; + global $CONFIG_DATADIRECTORY; + global $CONFIG_HTTPFORCESSL; + global $CONFIG_DATEFORMAT; + global $CONFIG_DBNAME; + global $CONFIG_INSTALLED; + if(OC_USER::ingroup($_SESSION['username'],'admin') or $CONFIG_INSTALLED==false){ + require('templates/adminform.php'); + } + } public static function createuserlisener(){ - if(isset($_POST['new_username']) and isset($_POST['new_password'])){ - if(OC_USER::createuser($_POST['new_username'],$_POST['new_password'])){ - return 'user successfully created'; + if(OC_USER::ingroup($_SESSION['username'],'admin')){ + if(isset($_POST['new_username']) and isset($_POST['new_password'])){ + if(OC_USER::createuser($_POST['new_username'],$_POST['new_password'])){ + return 'user successfully created'; + }else{ + return 'error while trying to create user'; + } }else{ - return 'error while trying to create user'; + return false; } }else{ return false; } } - - /** - * lisen for configuration changes and write it to the file - * - */ - public static function writeconfiglisener(){ - global $DOCUMENTROOT; - global $SERVERROOT; - global $WEBROOT; - global $CONFIG_DBHOST; - global $CONFIG_DBNAME; - global $CONFIG_DBUSER; - global $CONFIG_DBPASSWORD; - global $CONFIG_DBTYPE; - global $CONFIG_ADMINLOGIN; - global $CONFIG_ADMINPASSWORD; - if(isset($_POST['set_config'])){ - - //checkdata - $error=''; - $FIRSTRUN=empty($CONFIG_ADMINLOGIN); - if(!$FIRSTRUN){ - if($_POST['currentpassword']!=$CONFIG_ADMINPASSWORD){ - $error.='wrong password
'; - } - } - - if(!isset($_POST['adminlogin']) or empty($_POST['adminlogin'])) $error.='admin login not set
'; - if((!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])) and $FIRSTRUN) $error.='admin password not set
'; - if((!isset($_POST['adminpassword2']) or empty($_POST['adminpassword2'])) and $FIRSTRUN) $error.='retype admin password not set
'; - if(!isset($_POST['datadirectory']) or empty($_POST['datadirectory'])) $error.='data directory not set
'; - if(!isset($_POST['dateformat']) or empty($_POST['dateformat'])) $error.='dateformat not set
'; - if(!isset($_POST['dbname']) or empty($_POST['dbname'])) $error.='databasename not set
'; - if($_POST['adminpassword']<>$_POST['adminpassword2'] ) $error.='admin passwords are not the same
'; - $dbtype=$_POST['dbtype']; - if($dbtype=='mysql'){ - if(!isset($_POST['dbhost']) or empty($_POST['dbhost'])) $error.='database host not set
'; - if(!isset($_POST['dbuser']) or empty($_POST['dbuser'])) $error.='database user not set
'; - if($_POST['dbpassword']<>$_POST['dbpassword2'] ) $error.='database passwords are not the same
'; - - } - if(!$FIRSTRUN){ - if(!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])){ - $_POST['adminpassword']=$CONFIG_ADMINPASSWORD; - } - if(!isset($_POST['dbpassword']) or empty($_POST['dbpassword'])){ - $_POST['dbpassword']=$CONFIG_DBPASSWORD; - } - } - if(!is_dir($_POST['datadirectory'])){ - try{ - mkdir($_POST['datadirectory']); - }catch(Exception $e){ - $error.='error while trying to create data directory
'; - } - } - if(empty($error)) { - //create/fill database - $CONFIG_DBTYPE=$dbtype; - $CONFIG_DBNAME=$_POST['dbname']; - if($dbtype=='mysql'){ - $CONFIG_DBHOST=$_POST['dbhost']; - $CONFIG_DBUSER=$_POST['dbuser']; - $CONFIG_DBPASSWORD=$_POST['dbpassword']; - } - try{ - if(isset($_POST['createdatabase']) and $CONFIG_DBTYPE=='mysql'){ - self::createdatabase($_POST['dbadminuser'],$_POST['dbadminpwd']); - } - }catch(Exception $e){ - $error.='error while trying to create the database
'; - } - if($CONFIG_DBTYPE=='sqlite'){ - $f=@fopen($SERVERROOT.'/'.$CONFIG_DBNAME,'a+'); - if(!$f){ - $error.='path of sqlite database not writable by server
'; - } - } - try{ - if(isset($_POST['filldb'])){ - self::filldatabase(); - } - }catch(Exception $e){ - $error.='error while trying to fill the database
'; - } - - if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){ - $error.='error while trying to create the admin user
'; - } - - if(OC_USER::getgroupid('admin')==0){ - if(!OC_USER::creategroup('admin')){ - $error.='error while trying to create the admin group
'; - } - } - - if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){ - $error.='error while trying to add the admin user to the admin group
'; - } - - //storedata - $config=' '; - - $filename=$SERVERROOT.'/config/config.php'; - if(empty($error)){ - header("Location: ".$WEBROOT."/"); - try{ - file_put_contents($filename,$config); - }catch(Exception $e){ - $error.='error while trying to save the configuration file
'; - return $error; + + public static function creategrouplisener(){ + if(OC_USER::isLoggedIn()){ + if(isset($_POST['creategroup']) and $_POST['creategroup']==1){ + if(OC_USER::creategroup($_POST['groupname'])){ + if(OC_USER::addtogroup($_SESSION['username'],$_POST['groupname'])){ + return 'group successfully created'; + }else{ + return 'error while trying to add user to the new created group'; + } + }else{ + return 'error while trying to create group'; } }else{ - return $error; + return false; } - + }else{ + return false; } - return($error); + } + + + /** + * lisen for configuration changes + * + */ + public static function configlisener(){ + if(OC_USER::isLoggedIn()){ + if(isset($_POST['config']) and $_POST['config']==1){ + $error=''; + if(!OC_USER::checkpassword($_SESSION['username'],$_POST['currentpassword'])){ + $error.='wrong password
'; + }else{ + if(isset($_POST['changepass']) and $_POST['changepass']==1){ + if(!isset($_POST['password']) or empty($_POST['password'])) $error.='password not set
'; + if(!isset($_POST['password2']) or empty($_POST['password2'])) $error.='retype password not set
'; + if($_POST['password']<>$_POST['password2'] ) $error.='passwords are not the same
'; + if(empty($error)){ + if(!OC_USER::setpassword($_SESSION['username'],$_POST['password'])){ + $error.='error while trying to set password
'; + } + } + } + } + return $error; + }else{ + return false; + } + }else{ + return false; + } + } + + + /** + * lisen for admin configuration changes and write it to the file + *4bd0be1185e76 + */ + public static function writeadminlisener(){ + global $CONFIG_INSTALLED; + if(OC_USER::ingroup($_SESSION['username'],'admin') or $CONFIG_INSTALLED==false){ + global $DOCUMENTROOT; + global $SERVERROOT; + global $WEBROOT; + global $CONFIG_DBHOST; + global $CONFIG_DBNAME; + global $CONFIG_DBUSER; + global $CONFIG_DBPASSWORD; + global $CONFIG_DBTYPE; + global $CONFIG_ADMINLOGIN; + global $CONFIG_ADMINPASSWORD; + if(isset($_POST['set_config'])){ + + //checkdata + $error=''; + $FIRSTRUN=empty($CONFIG_ADMINLOGIN); + if(!$FIRSTRUN){ + if($_POST['currentpassword']!=$CONFIG_ADMINPASSWORD){ + $error.='wrong password
'; + } + } + + if(!isset($_POST['adminlogin']) or empty($_POST['adminlogin'])) $error.='admin login not set
'; + if((!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])) and $FIRSTRUN) $error.='admin password not set
'; + if((!isset($_POST['adminpassword2']) or empty($_POST['adminpassword2'])) and $FIRSTRUN) $error.='retype admin password not set
'; + if(!isset($_POST['datadirectory']) or empty($_POST['datadirectory'])) $error.='data directory not set
'; + if(!isset($_POST['dateformat']) or empty($_POST['dateformat'])) $error.='dateformat not set
'; + if(!isset($_POST['dbname']) or empty($_POST['dbname'])) $error.='databasename not set
'; + if($_POST['adminpassword']<>$_POST['adminpassword2'] ) $error.='admin passwords are not the same
'; + $dbtype=$_POST['dbtype']; + if($dbtype=='mysql'){ + if(!isset($_POST['dbhost']) or empty($_POST['dbhost'])) $error.='database host not set
'; + if(!isset($_POST['dbuser']) or empty($_POST['dbuser'])) $error.='database user not set
'; + if($_POST['dbpassword']<>$_POST['dbpassword2'] ) $error.='database passwords are not the same
'; + + } + if(!$FIRSTRUN){ + if(!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])){ + $_POST['adminpassword']=$CONFIG_ADMINPASSWORD; + } + if(!isset($_POST['dbpassword']) or empty($_POST['dbpassword'])){ + $_POST['dbpassword']=$CONFIG_DBPASSWORD; + } + } + if(!is_dir($_POST['datadirectory'])){ + try{ + mkdir($_POST['datadirectory']); + }catch(Exception $e){ + $error.='error while trying to create data directory
'; + } + } + if(empty($error)) { + //create/fill database + $CONFIG_DBTYPE=$dbtype; + $CONFIG_DBNAME=$_POST['dbname']; + if($dbtype=='mysql'){ + $CONFIG_DBHOST=$_POST['dbhost']; + $CONFIG_DBUSER=$_POST['dbuser']; + $CONFIG_DBPASSWORD=$_POST['dbpassword']; + } + try{ + if(isset($_POST['createdatabase']) and $CONFIG_DBTYPE=='mysql'){ + self::createdatabase($_POST['dbadminuser'],$_POST['dbadminpwd']); + } + }catch(Exception $e){ + $error.='error while trying to create the database
'; + } + if($CONFIG_DBTYPE=='sqlite'){ + $f=@fopen($SERVERROOT.'/'.$CONFIG_DBNAME,'a+'); + if(!$f){ + $error.='path of sqlite database not writable by server
'; + } + } + try{ + if(isset($_POST['filldb'])){ + self::filldatabase(); + } + }catch(Exception $e){ + $error.='error while trying to fill the database
'; + } + + if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){ + $error.='error while trying to create the admin user
'; + } + + if(OC_USER::getgroupid('admin')==0){ + if(!OC_USER::creategroup('admin')){ + $error.='error while trying to create the admin group
'; + } + } + + if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){ + $error.='error while trying to add the admin user to the admin group
'; + } + + //storedata + $config=' '; - } + $filename=$SERVERROOT.'/config/config.php'; + if(empty($error)){ + header("Location: ".$WEBROOT."/"); + try{ + file_put_contents($filename,$config); + }catch(Exception $e){ + $error.='error while trying to save the configuration file
'; + return $error; + } + }else{ + return $error; + } - } + } + return($error); + + } + } + } /** * Fills the database with the initial tables diff --git a/inc/lib_user.php b/inc/lib_user.php index e7855b5b7b3..30dbdcd2fec 100644 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -152,6 +152,21 @@ class OC_USER { } } + /** + * get the name of a group + * + */ + public static function getgroupname($groupid){ + $groupid=(integer)$groupid; + $query="SELECT group_name FROM `groups` WHERE `group_id` = '$groupid' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['group_name'])){ + return $result[0]['group_name']; + }else{ + return 0; + } + } + /** * check if a user belongs to a group * @@ -195,6 +210,58 @@ class OC_USER { public static function generatepassword(){ return uniqid(); } + + /** + * get all groups the user belongs to + * + */ + public static function getusergroups($username){ + $userid=OC_USER::getuserid($username); + $query="SELECT group_id FROM `user_group` WHERE `user_id` = '$userid'"; + $result=OC_DB::select($query); + $groups=array(); + if(is_array($result)){ + foreach($result as $group){ + $groupid=$group['group_id']; + $groups[]=OC_USER::getgroupname($groupid); + } + } + return $groups; + } + + /** + * set the password of a user + * + */ + public static function setpassword($username,$password){ + $password=sha1($password); + $userid=OC_USER::getuserid($username); + $query="UPDATE `users` SET `user_password` = '$password' WHERE `user_id` =$userid LIMIT 1 ;"; + $result=OC_DB::query($query); + if($result){ + return true; + }else{ + return false; + } + } + + /** + * check the password of a user + * + */ + public static function checkpassword($username,$password){ + $password=sha1($password); + $usernameclean=strtolower($username); + $username=mysql_escape_string($username); + $usernameclean=mysql_escape_string($usernameclean); + $query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' AND `user_password` = '$password' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){ + return true; + }else{ + return false; + } + } } ?> \ No newline at end of file diff --git a/inc/templates/adminform.php b/inc/templates/adminform.php new file mode 100644 index 00000000000..38d2b14a57e --- /dev/null +++ b/inc/templates/adminform.php @@ -0,0 +1,106 @@ + + +
+ +"; + } + if(!$FIRSTRUN){?> + + + + + + + + + + + + + + + + + + + + +
$CONFIG_ERROR
current password
admin login:
admin password:(leave empty to keep current password)
retype admin password:
data directory:
force ssl:
date format:
database type: + +
database host:
database name:
database user:
database password:(leave empty to keep current password)
retype database password:
create database and user: onchange='showDBAdmin()'>
database administrative user:
database administrative password:
automaticly fill initial database:>

+ +
+
+ + + + + +
Create new user:
user name
password
+
+ + \ No newline at end of file diff --git a/inc/templates/configform.php b/inc/templates/configform.php index ba946fc67b0..037249a84a2 100755 --- a/inc/templates/configform.php +++ b/inc/templates/configform.php @@ -7,92 +7,45 @@ if(!isset($CONFIG_DBUSER)) $CONFIG_DBUSER='owncloud'; $newuserpassword=OC_USER::generatepassword(); ?>
+ "; } - if(!$FIRSTRUN){?> - - - - - - - - - - - - - - - - - - - -
$CONFIG_ERROR
current password
admin login:
admin password:(leave empty to keep current password)
retype admin password:
data directory:
force ssl:
date format:
database type: - -
database host:
database name:
database user:
database password:(leave empty to keep current password)
retype database password:
create database and user: onchange='showDBAdmin()'>
database administrative user:
database administrative password:
automaticly fill initial database:>

-
-
- - - - - + + + + +
Create new user:
user name
password
enter password
change password:
+
+Groups: +
+ + + + + + + +
Current groups
Create new group
- \ No newline at end of file diff --git a/inc/templates/header.php b/inc/templates/header.php index 46c64bfd645..51e729cb8e1 100755 --- a/inc/templates/header.php +++ b/inc/templates/header.php @@ -32,9 +32,15 @@ echo('

'); echo('

'.$error.'

'); echo('

First Run Wizard

'); - OC_CONFIG::showconfigform(); + OC_CONFIG::showadminform(); echo(''); OC_UTIL::showfooter(); exit(); From 112a4b7e7352b7329b2544eb65b5600e6975bdc4 Mon Sep 17 00:00:00 2001 From: Robin Date: Fri, 23 Apr 2010 00:16:20 +0200 Subject: [PATCH 06/16] bug fix first run wizzard --- inc/lib_config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inc/lib_config.php b/inc/lib_config.php index 98099cad72a..bbbe96e019e 100755 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -106,7 +106,7 @@ class OC_CONFIG{ */ public static function writeadminlisener(){ global $CONFIG_INSTALLED; - if(OC_USER::ingroup($_SESSION['username'],'admin') or $CONFIG_INSTALLED==false){ + if($CONFIG_INSTALLED==false or OC_USER::ingroup($_SESSION['username'],'admin')){ global $DOCUMENTROOT; global $SERVERROOT; global $WEBROOT; From 4fcc717d534f0d049addb363adc5d51e3b5a03f8 Mon Sep 17 00:00:00 2001 From: Robin Date: Fri, 23 Apr 2010 00:21:59 +0200 Subject: [PATCH 07/16] bug fix first run wizzard take 2 --- inc/lib_config.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/inc/lib_config.php b/inc/lib_config.php index bbbe96e019e..bf9dd5fd3d8 100755 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -106,7 +106,15 @@ class OC_CONFIG{ */ public static function writeadminlisener(){ global $CONFIG_INSTALLED; - if($CONFIG_INSTALLED==false or OC_USER::ingroup($_SESSION['username'],'admin')){ + $allow=false; + if($CONFIG_INSTALLED==false){ + $allow=true; + }elseif(OC_USER::isLoggedIn()){ + if(OC_USER::ingroup($_SESSION['username'],'admin')){ + $allow=true; + } + } + if($allow){ global $DOCUMENTROOT; global $SERVERROOT; global $WEBROOT; From 9be88c0080263b3ac4106b277520705415d74e3f Mon Sep 17 00:00:00 2001 From: Robin Date: Fri, 23 Apr 2010 18:27:36 +0200 Subject: [PATCH 08/16] bug fix first run wizzard take 3 --- inc/lib_config.php | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/inc/lib_config.php b/inc/lib_config.php index bf9dd5fd3d8..70de1b96d7e 100755 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -26,24 +26,34 @@ class OC_CONFIG{ global $CONFIG_DATEFORMAT; global $CONFIG_DBNAME; global $CONFIG_INSTALLED; - if(OC_USER::ingroup($_SESSION['username'],'admin') or $CONFIG_INSTALLED==false){ + $allow=false; + if(!$CONFIG_INSTALLED){ + $allow=true; + }elseif(OC_USER::isLoggedIn()){ + if(OC_USER::ingroup($_SESSION['username'],'admin')){ + $allow=true; + } + } + if($allow){ require('templates/adminform.php'); } } public static function createuserlisener(){ - if(OC_USER::ingroup($_SESSION['username'],'admin')){ - if(isset($_POST['new_username']) and isset($_POST['new_password'])){ - if(OC_USER::createuser($_POST['new_username'],$_POST['new_password'])){ - return 'user successfully created'; + if(OC_USER::isLoggedIn()){ + if(OC_USER::ingroup($_SESSION['username'],'admin')){ + if(isset($_POST['new_username']) and isset($_POST['new_password'])){ + if(OC_USER::createuser($_POST['new_username'],$_POST['new_password'])){ + return 'user successfully created'; + }else{ + return 'error while trying to create user'; + } }else{ - return 'error while trying to create user'; + return false; } }else{ return false; } - }else{ - return false; } } @@ -107,7 +117,7 @@ class OC_CONFIG{ public static function writeadminlisener(){ global $CONFIG_INSTALLED; $allow=false; - if($CONFIG_INSTALLED==false){ + if(!$CONFIG_INSTALLED){ $allow=true; }elseif(OC_USER::isLoggedIn()){ if(OC_USER::ingroup($_SESSION['username'],'admin')){ From d9e0d5decad7c52d2e78606d7be7570e675b0dbb Mon Sep 17 00:00:00 2001 From: Robin Date: Sat, 24 Apr 2010 12:40:20 +0200 Subject: [PATCH 09/16] remove dependency on set_include_path because not all hosts support it --- inc/lib_base.php | 117 +++++++++++++++++++++++++++++++++--- inc/lib_config.php | 4 +- inc/lib_user.php | 18 ++++-- inc/templates/adminform.php | 2 +- webdav/owncloud.php | 2 +- 5 files changed, 125 insertions(+), 18 deletions(-) diff --git a/inc/lib_base.php b/inc/lib_base.php index 5a70db535db..5992004f537 100755 --- a/inc/lib_base.php +++ b/inc/lib_base.php @@ -40,7 +40,7 @@ if($WEBROOT{0}!=='/'){ } // set the right include path -set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config'); +// set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config'); // define default config values $CONFIG_INSTALLED=false; @@ -51,7 +51,7 @@ $CONFIG_DBNAME='owncloud'; $CONFIG_DBTYPE='sqlite'; // include the generated configfile -@include_once('config.php'); +@oc_include_once('config.php'); // redirect to https site if configured if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){ @@ -63,10 +63,10 @@ if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){ } // load core libs -require_once('lib_files.php'); -require_once('lib_log.php'); -require_once('lib_config.php'); -require_once('lib_user.php'); +oc_require_once('lib_files.php'); +oc_require_once('lib_log.php'); +oc_require_once('lib_config.php'); +oc_require_once('lib_user.php'); if(OC_USER::isLoggedIn()){ //jail the user in a seperate data folder @@ -131,7 +131,7 @@ class OC_UTIL { public static function showheader(){ global $CONFIG_ADMINLOGIN; global $WEBROOT; - require('templates/header.php');; + oc_require('templates/header.php');; } /** @@ -141,7 +141,7 @@ class OC_UTIL { public static function showfooter(){ global $CONFIG_FOOTEROWNERNAME; global $CONFIG_FOOTEROWNEREMAIL; - require('templates/footer.php');; + oc_require('templates/footer.php');; } /** @@ -188,7 +188,7 @@ class OC_UTIL { */ public static function showloginform(){ global $loginresult; - require('templates/loginform.php'); + oc_require('templates/loginform.php'); } @@ -452,4 +452,101 @@ class OC_DB { } -?> +//custom require/include functions because not all hosts allow us to set the include path +function oc_require($file){ + global $SERVERROOT; + global $DOCUMENTROOT; + global $WEBROOT; + global $CONFIG_DBNAME; + global $CONFIG_DBHOST; + global $CONFIG_DBUSER; + global $CONFIG_DBPASSWORD; + global $CONFIG_DBTYPE; + global $CONFIG_DATADIRECTORY; + global $CONFIG_HTTPFORCESSL; + global $CONFIG_DATEFORMAT; + global $CONFIG_INSTALLED; + if(is_file($file)){ + require($file); + }elseif(is_file($SERVERROOT.'/'.$file)){ + require($SERVERROOT.'/'.$file); + }elseif(is_file($SERVERROOT.'/inc/'.$file)){ + require($SERVERROOT.'/inc/'.$file); + }elseif(is_file($SERVERROOT.'/config/'.$file)){ + require($SERVERROOT.'/config/'.$file); + } +} + +function oc_require_once($file){ + global $SERVERROOT; + global $DOCUMENTROOT; + global $WEBROOT; + global $CONFIG_DBNAME; + global $CONFIG_DBHOST; + global $CONFIG_DBUSER; + global $CONFIG_DBPASSWORD; + global $CONFIG_DBTYPE; + global $CONFIG_DATADIRECTORY; + global $CONFIG_HTTPFORCESSL; + global $CONFIG_DATEFORMAT; + global $CONFIG_INSTALLED; + if(is_file($file)){ + require_once($file); + }elseif(is_file($SERVERROOT.'/'.$file)){ + require_once($SERVERROOT.'/'.$file); + }elseif(is_file($SERVERROOT.'/inc/'.$file)){ + require_once($SERVERROOT.'/inc/'.$file); + }elseif(is_file($SERVERROOT.'/config/'.$file)){ + require_once($SERVERROOT.'/config/'.$file); + } +} + +function oc_include($file){ + global $SERVERROOT; + global $DOCUMENTROOT; + global $WEBROOT; + global $CONFIG_DBNAME; + global $CONFIG_DBHOST; + global $CONFIG_DBUSER; + global $CONFIG_DBPASSWORD; + global $CONFIG_DBTYPE; + global $CONFIG_DATADIRECTORY; + global $CONFIG_HTTPFORCESSL; + global $CONFIG_DATEFORMAT; + global $CONFIG_INSTALLED; + if(is_file($file)){ + include($file); + }elseif(is_file($SERVERROOT.'/'.$file)){ + include($SERVERROOT.'/'.$file); + }elseif(is_file($SERVERROOT.'/inc/'.$file)){ + include($SERVERROOT.'/inc/'.$file); + }elseif(is_file($SERVERROOT.'/config/'.$file)){ + include($SERVERROOT.'/config/'.$file); + } +} + +function oc_include_once($file){ + global $SERVERROOT; + global $DOCUMENTROOT; + global $WEBROOT; + global $CONFIG_DBNAME; + global $CONFIG_DBHOST; + global $CONFIG_DBUSER; + global $CONFIG_DBPASSWORD; + global $CONFIG_DBTYPE; + global $CONFIG_DATADIRECTORY; + global $CONFIG_HTTPFORCESSL; + global $CONFIG_DATEFORMAT; + global $CONFIG_INSTALLED; + if(is_file($file)){ + include_once($file); + }elseif(is_file($SERVERROOT.'/'.$file)){ + include_once($SERVERROOT.'/'.$file); + }elseif(is_file($SERVERROOT.'/inc/'.$file)){ + include_once($SERVERROOT.'/inc/'.$file); + }elseif(is_file($SERVERROOT.'/config/'.$file)){ + include_once($SERVERROOT.'/config/'.$file); + } +} + +?> \ No newline at end of file diff --git a/inc/lib_config.php b/inc/lib_config.php index 70de1b96d7e..130731b79f9 100755 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -11,7 +11,7 @@ class OC_CONFIG{ global $CONFIG_HTTPFORCESSL; global $CONFIG_DATEFORMAT; global $CONFIG_DBNAME; - require('templates/configform.php'); + oc_require('templates/configform.php'); } /** @@ -35,7 +35,7 @@ class OC_CONFIG{ } } if($allow){ - require('templates/adminform.php'); + oc_require('templates/adminform.php'); } } diff --git a/inc/lib_user.php b/inc/lib_user.php index 30dbdcd2fec..37e5f0bc217 100644 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -21,6 +21,12 @@ * */ +if(!$CONFIG_INSTALLED){ + $_SESSION['user_id']=false; + $_SESSION['username']=''; + $_SESSION['username_clean']=''; +} + /** * Class for usermanagement * @@ -174,10 +180,14 @@ class OC_USER { public static function ingroup($username,$groupname){ $userid=OC_USER::getuserid($username); $groupid=OC_USER::getgroupid($groupname); - $query="SELECT user_group_id FROM `user_group` WHERE `group_id` = '$groupid ' AND `user_id` = '$userid 'LIMIT 1"; - $result=OC_DB::select($query); - if(isset($result[0]) && isset($result[0]['user_group_id'])){ - return true; + if($groupid>0 and $userid>0){ + $query="SELECT user_group_id FROM `user_group` WHERE `group_id` = '$groupid ' AND `user_id` = '$userid 'LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_group_id'])){ + return true; + }else{ + return false; + } }else{ return false; } diff --git a/inc/templates/adminform.php b/inc/templates/adminform.php index 38d2b14a57e..c5e0bca61d3 100644 --- a/inc/templates/adminform.php +++ b/inc/templates/adminform.php @@ -49,7 +49,7 @@ function dbtypechange(){ -admin login: +admin login: admin password:(leave empty to keep current password) retype admin password: Date: Sat, 24 Apr 2010 13:05:13 +0200 Subject: [PATCH 10/16] fix broken requires in webdav --- inc/HTTP/WebDAV/Server.php | 6 +++--- inc/HTTP/WebDAV/Server/Filesystem.php | 6 ++---- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/inc/HTTP/WebDAV/Server.php b/inc/HTTP/WebDAV/Server.php index d9800426cbe..5c1844af57d 100755 --- a/inc/HTTP/WebDAV/Server.php +++ b/inc/HTTP/WebDAV/Server.php @@ -19,9 +19,9 @@ // // $Id: Server.php,v 1.46 2006/03/03 21:43:09 hholzgra Exp $ // -require_once "HTTP/WebDAV/Tools/_parse_propfind.php"; -require_once "HTTP/WebDAV/Tools/_parse_proppatch.php"; -require_once "HTTP/WebDAV/Tools/_parse_lockinfo.php"; +oc_require_once("HTTP/WebDAV/Tools/_parse_propfind.php"); +oc_require_once("HTTP/WebDAV/Tools/_parse_proppatch.php"); +oc_require_once("HTTP/WebDAV/Tools/_parse_lockinfo.php"); diff --git a/inc/HTTP/WebDAV/Server/Filesystem.php b/inc/HTTP/WebDAV/Server/Filesystem.php index 81dd64983ff..cecde206f60 100755 --- a/inc/HTTP/WebDAV/Server/Filesystem.php +++ b/inc/HTTP/WebDAV/Server/Filesystem.php @@ -1,8 +1,6 @@ Date: Sat, 24 Apr 2010 13:08:18 +0200 Subject: [PATCH 11/16] port webdav authentication to the multiuser system --- webdav/owncloud.php | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/webdav/owncloud.php b/webdav/owncloud.php index ac831789a08..504503b58cc 100755 --- a/webdav/owncloud.php +++ b/webdav/owncloud.php @@ -38,12 +38,15 @@ if(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['REDIRECT_REMOTE_USER'])) $user=$_SERVER['PHP_AUTH_USER']; $passwd=$_SERVER['PHP_AUTH_PW']; -if(($user==$CONFIG_ADMINLOGIN) and ($passwd==$CONFIG_ADMINPASSWORD )){ - - $server = new HTTP_WebDAV_Server_Filesystem(); - $server->db_name = $CONFIG_DBNAME; - $server->ServeRequest($CONFIG_DATADIRECTORY); - +if(OC_USER::login($user,$passwd)){ + $CONFIG_DATADIRECTORY=$SERVERROOT.'/data/'.$_SESSION['username_clean']; + if(!is_dir($CONFIG_DATADIRECTORY)){ + mkdir($CONFIG_DATADIRECTORY); + } + $server = new HTTP_WebDAV_Server_Filesystem(); + $server->db_name = $CONFIG_DBNAME; + $server->ServeRequest($CONFIG_DATADIRECTORY); + }else{ header('WWW-Authenticate: Basic realm="ownCloud"'); header('HTTP/1.0 401 Unauthorized'); From c2bdd6134be53dcf822632192af10cf3cf80be1e Mon Sep 17 00:00:00 2001 From: Robin Date: Sun, 25 Apr 2010 14:21:04 +0200 Subject: [PATCH 12/16] some cleanup/refactoring --- files/{rename.php => api.php} | 29 ++- files/get_file.php | 108 ----------- files/get_files.php | 49 ++++- files/move.php | 35 ---- files/new.php | 38 ---- inc/lib_files.php | 307 ++++++++++++++++++------------ files/delete.php => js/lib_api.js | 26 ++- js/lib_files.js | 67 +++---- 8 files changed, 298 insertions(+), 361 deletions(-) rename files/{rename.php => api.php} (55%) delete mode 100644 files/get_file.php delete mode 100644 files/move.php delete mode 100644 files/new.php rename files/delete.php => js/lib_api.js (67%) diff --git a/files/rename.php b/files/api.php similarity index 55% rename from files/rename.php rename to files/api.php index f0f272f018f..5a4c8801d4e 100644 --- a/files/rename.php +++ b/files/api.php @@ -22,13 +22,28 @@ */ require_once('../inc/lib_base.php'); -$dir=$_GET['dir']; -$file=$_GET['file']; -$newname=$_GET['newname']; -if($file!=$newname and $newname!='' and isset($_SESSION['username']) and $_SESSION['username'] and strpos($dir,'..')===false){ - $source=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file; - $target=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$newname; - rename($source,$target); +$arguments=$_POST; + +foreach($arguments as &$argument){ + $argument=stripslashes($argument); +} +ob_clean(); +switch($arguments['action']){ + case 'delete': + OC_FILES::delete($arguments['dir'],$arguments['file']); + break; + case 'rename': + OC_FILES::move($arguments['dir'],$arguments['file'],$arguments['dir'],$arguments['newname']); + break; + case 'new': + OC_FILES::newfile($arguments['dir'],$arguments['name'],$arguments['type']); + break; + case 'move': + OC_FILES::move($arguments['sourcedir'],$arguments['source'],$arguments['targetdir'],$arguments['target']); + break; + case 'get': + OC_FILES::get($arguments['dir'],$arguments['file']); + break; } ?> \ No newline at end of file diff --git a/files/get_file.php b/files/get_file.php deleted file mode 100644 index 9ec539ee7e0..00000000000 --- a/files/get_file.php +++ /dev/null @@ -1,108 +0,0 @@ -. -* -*/ - -//note this file is for getting files themselves, get_files.php is for getting a list of files. - -require_once('../inc/lib_base.php'); - -if(!function_exists('sys_get_temp_dir')) { - function sys_get_temp_dir() { - if( $temp=getenv('TMP') ) return $temp; - if( $temp=getenv('TEMP') ) return $temp; - if( $temp=getenv('TMPDIR') ) return $temp; - $temp=tempnam(__FILE__,''); - if (file_exists($temp)) { - unlink($temp); - return dirname($temp); - } - return null; - } -} - -function addDir($dir,$zip,$internalDir=''){ - $dirname=basename($dir); - $zip->addEmptyDir($internalDir.$dirname); - $internalDir.=$dirname.='/'; - $files=OC_FILES::getdirectorycontent($dir); - foreach($files as $file){ - $filename=$file['name']; - $file=$dir.'/'.$filename; - if(is_file($file)){ - $zip->addFile($file,$internalDir.$filename); - }elseif(is_dir($file)){ - addDir($file,$zip,$internalDir); - } - } -} - -$files=$_GET['files']; -$dir=(isset($_GET['dir']))?$_GET['dir']:''; -if(strstr($files,'..') or strstr($dir,'..')){ - die(); -} -if(strpos($files,',')){ - $files=explode(',',$files); -} - - -if(is_array($files)){ - $zip = new ZipArchive(); - $filename = sys_get_temp_dir()."/ownCloud.zip"; - if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) { - exit("cannot open <$filename>\n"); - } - foreach($files as $file){ - $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file; - if(is_file($file)){ - $zip->addFile($file,basename($file)); - }elseif(is_dir($file)){ - addDir($file,$zip); - } - } - $zip->close(); -}elseif(is_dir($CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files)){ - $zip = new ZipArchive(); - $filename = sys_get_temp_dir()."/ownCloud.zip"; - if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) { - exit("cannot open <$filename>\n"); - } - $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files; - addDir($file,$zip); - $zip->close(); -}else{ - $zip=false; - $filename=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files; -} -header('Content-Description: File Transfer'); -header('Content-Type: application/octet-stream'); -header('Content-Disposition: attachment; filename='.basename($filename)); -header('Content-Transfer-Encoding: binary'); -header('Expires: 0'); -header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); -header('Pragma: public'); -header('Content-Length: ' . filesize($filename)); -ob_end_clean(); -readfile($filename); -if($zip){ - unlink($filename); -} -?> \ No newline at end of file diff --git a/files/get_files.php b/files/get_files.php index 287b8cd453e..21866dbf636 100644 --- a/files/get_files.php +++ b/files/get_files.php @@ -47,12 +47,14 @@ $dirname=(isset($files[0]))?$files[0]['directory']:''; $dirname=substr($dirname,strrpos($dirname,'/')); $max_upload=min(return_bytes(ini_get('post_max_size')),return_bytes(ini_get('upload_max_filesize'))); ob_clean(); -echo "\n"; +echo "\n"; echo "\n"; if(is_array($files)){ foreach($files as $file){ $attributes=''; foreach($file as $name=>$data){ + $data=utf8_encode($data); + $data=utf8tohtml($data); $data=str_replace("'",''',$data); if (is_string($name)) $attributes.=" $name='$data'"; } @@ -60,5 +62,48 @@ if(is_array($files)){ echo "\n"; } } -echo "\n"; +echo ""; + +// converts a UTF8-string into HTML entities +// - $utf8: the UTF8-string to convert +// - $encodeTags: booloean. TRUE will convert "<" to "<" +// - return: returns the converted HTML-string +function utf8tohtml($utf8, $encodeTags=true) { + $result = ''; + for ($i = 0; $i < strlen($utf8); $i++) { + $char = $utf8[$i]; + $ascii = ord($char); + if ($ascii < 128) { + // one-byte character + $result .= ($encodeTags) ? htmlentities($char) : $char; + } else if ($ascii < 192) { + // non-utf8 character or not a start byte + } else if ($ascii < 224) { + // two-byte character + $result .= htmlentities(substr($utf8, $i, 2), ENT_QUOTES, 'UTF-8'); + $i++; + } else if ($ascii < 240) { + // three-byte character + $ascii1 = ord($utf8[$i+1]); + $ascii2 = ord($utf8[$i+2]); + $unicode = (15 & $ascii) * 4096 + + (63 & $ascii1) * 64 + + (63 & $ascii2); + $result .= "&#$unicode;"; + $i += 2; + } else if ($ascii < 248) { + // four-byte character + $ascii1 = ord($utf8[$i+1]); + $ascii2 = ord($utf8[$i+2]); + $ascii3 = ord($utf8[$i+3]); + $unicode = (15 & $ascii) * 262144 + + (63 & $ascii1) * 4096 + + (63 & $ascii2) * 64 + + (63 & $ascii3); + $result .= "&#$unicode;"; + $i += 3; + } + } + return $result; +} ?> \ No newline at end of file diff --git a/files/move.php b/files/move.php deleted file mode 100644 index 7103662c4a2..00000000000 --- a/files/move.php +++ /dev/null @@ -1,35 +0,0 @@ -. -* -*/ -require_once('../inc/lib_base.php'); - -$sourceDir=$_GET['sourcedir']; -$targetDir=$_GET['targetdir']; -$source=$_GET['source']; -$target=$_GET['target']; -if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($sourceDir,'..')===false and strpos($source,'..')===false and strpos($targetDir,'..')===false and strpos($target,'..')===false){ - $target=$CONFIG_DATADIRECTORY.'/'.$targetDir.'/'.$target.'/'.$source; - $source=$CONFIG_DATADIRECTORY.'/'.$sourceDir.'/'.$source; - rename($source,$target); -} - -?> \ No newline at end of file diff --git a/files/new.php b/files/new.php deleted file mode 100644 index c5d5608a567..00000000000 --- a/files/new.php +++ /dev/null @@ -1,38 +0,0 @@ -. -* -*/ -require_once('../inc/lib_base.php'); - -$dir=$_GET['dir']; -$name=$_GET['name']; -$type=$_GET['type']; -if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($dir,'..')===false and strpos($name,'..')===false){ - $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$name; - if($type=='dir'){ - mkdir($file); - }elseif($type=='file'){ - $fileHandle=fopen($file, 'w') or die("can't open file"); - fclose($fileHandle); - } -} - -?> \ No newline at end of file diff --git a/inc/lib_files.php b/inc/lib_files.php index 9c6cb25346a..a4e1c6a5a4f 100755 --- a/inc/lib_files.php +++ b/inc/lib_files.php @@ -29,132 +29,197 @@ */ class OC_FILES { - /** - * show a web GUI filebrowser - * - * @param basedir $basedir - * @param dir $dir - */ - public static function showbrowser($basedir,$dir){/* - global $CONFIG_DATEFORMAT; - global $WEBROOT; + /** + * show a web GUI filebrowser + * + * @param basedir $basedir + * @param dir $dir + */ + public static function showbrowser($basedir,$dir){ + echo '
'; + } - $directory=$basedir.'/'.$dir; - - // exit if try to access files outside our directory - if(strstr($dir,'..')<>false) exit(); - $directory=realpath($directory); - - $dirs=explode('/',$dir); - - // breadcrumb - if(count($dirs)>1) { - echo('
'); - echo(''); - $currentdir=''; - foreach($dirs as $d) { - $currentdir.='/'.$d.''; - if($d<>'') echo(''); - } - echo('
home '.$d.'
'); - } - - // files and directories - echo('
'); - $filesfound=false; - $content=self::getdirectorycontent($directory); - if($content){ - foreach($content as $file){ - echo(''); - OC_UTIL::showicon($file['type']); - if($file['type']=='dir') echo(''); - if($file['type']<>'dir') echo(''); - if($file['type']<>'dir') echo(''); else echo(''); - echo(''); - echo(''); - } - } - echo('
'.$file['name'].''.$file['name'].''.$file['size'].' byte'.date($CONFIG_DATEFORMAT,$file['mtime']).'
'); - if(!$content) echo('

no files here

'); - echo('
');*/ - echo '
'; - } - - /** - * get the content of a directory - * @param dir $directory - */ - public static function getdirectorycontent($directory){ - $filesfound=true; - $content=array(); - $dirs=array(); - $file=array(); - $files=array(); - if (is_dir($directory)) { - if ($dh = opendir($directory)) { - while (($filename = readdir($dh)) !== false) { - if($filename<>'.' and $filename<>'..'){ - $file=array(); - $filesfound=true; - $file['name']=$filename; - $file['directory']=$directory; - $stat=stat($directory.'/'.$filename); - $file=array_merge($file,$stat); - $file['type']=filetype($directory .'/'. $filename); - if($file['type']=='dir'){ - $dirs[$file['name']]=$file; - }else{ - $files[$file['name']]=$file; - } - } - } - closedir($dh); - } - } - ksort($dirs); - ksort($files); - $content=array_merge($dirs,$files); - if($filesfound){ - return $content; - }else{ - return false; - } - } + /** + * get the content of a directory + * @param dir $directory + */ + public static function getdirectorycontent($directory){ + $filesfound=true; + $content=array(); + $dirs=array(); + $file=array(); + $files=array(); + if (is_dir($directory)) { + if ($dh = opendir($directory)) { + while (($filename = readdir($dh)) !== false) { + if($filename<>'.' and $filename<>'..'){ + $file=array(); + $filesfound=true; + $file['name']=$filename; + $file['directory']=$directory; + $stat=stat($directory.'/'.$filename); + $file=array_merge($file,$stat); + $file['type']=filetype($directory .'/'. $filename); + if($file['type']=='dir'){ + $dirs[$file['name']]=$file; + }else{ + $files[$file['name']]=$file; + } + } + } + closedir($dh); + } + } + ksort($dirs); + ksort($files); + $content=array_merge($dirs,$files); + if($filesfound){ + return $content; + }else{ + return false; + } + } - /** - * return the cntent of a file - * - * @param dir $dir - * @param file $file - */ - public static function get($dir,$file){ - if(isset($_SESSION['username']) and $_SESSION['username']<>'') { - global $CONFIG_DATADIRECTORY; - $filename=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file; - - // exit if try to access files outside our directory - if(strstr($filename,'..')<>false) exit(); - - OC_LOG::event($_SESSION['username'],3,$dir.'/'.$file); - - header('Content-Description: File Transfer'); - header('Content-Type: application/octet-stream'); - header('Content-Disposition: attachment; filename='.basename($file)); - header('Content-Transfer-Encoding: binary'); - header('Expires: 0'); - header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); - header('Pragma: public'); - header('Content-Length: ' . filesize($filename)); - readfile($filename); - } - exit; - } - - + /** + * return the content of a file or return a zip file containning multiply files + * + * @param dir $dir + * @param file $file + */ + public static function get($dir,$files){ + global $CONFIG_DATADIRECTORY; + if(strstr($files,'..') or strstr($dir,'..')){ + die(); + } + if(is_array($files)){ + $zip = new ZipArchive(); + $filename = sys_get_temp_dir()."/ownCloud.zip"; + if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) { + exit("cannot open <$filename>\n"); + } + foreach($files as $file){ + $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file; + if(is_file($file)){ + $zip->addFile($file,basename($file)); + }elseif(is_dir($file)){ + zipAddDir($file,$zip); + } + } + $zip->close(); + }elseif(is_dir($CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files)){ + $zip = new ZipArchive(); + $filename = sys_get_temp_dir()."/ownCloud.zip"; + if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) { + exit("cannot open <$filename>\n"); + } + $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files; + zipAddDir($file,$zip); + $zip->close(); + }else{ + $zip=false; + $filename=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files; + } + header('Content-Description: File Transfer'); + header('Content-Type: application/octet-stream'); + header('Content-Disposition: attachment; filename='.basename($filename)); + header('Content-Transfer-Encoding: binary'); + header('Expires: 0'); + header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); + header('Pragma: public'); + header('Content-Length: ' . filesize($filename)); + ob_end_clean(); + readfile($filename); + if($zip){ + unlink($filename); + } + } + + /** + * move a file or folder + * + * @param dir $sourceDir + * @param file $source + * @param dir $targetDir + * @param file $target + */ + public static function move($sourceDir,$source,$targetDir,$target){ + global $CONFIG_DATADIRECTORY; + if(OC_USER::isLoggedIn() and strpos($sourceDir,'..')===false and strpos($source,'..')===false and strpos($targetDir,'..')===false and strpos($target,'..')===false){ + $targetFile=$CONFIG_DATADIRECTORY.'/'.$targetDir.'/'.$target; + $sourceFile=$CONFIG_DATADIRECTORY.'/'.$sourceDir.'/'.$source; + rename($sourceFile,$targetFile); + } + } + + /** + * create a new file or folder + * + * @param dir $dir + * @param file $name + * @param type $type + */ + public static function newfile($dir,$name,$type){ + global $CONFIG_DATADIRECTORY; + if(OC_USER::isLoggedIn() and strpos($dir,'..')===false and strpos($name,'..')===false){ + $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$name; + if($type=='dir'){ + mkdir($file); + }elseif($type=='file'){ + $fileHandle=fopen($file, 'w') or die("can't open file"); + fclose($fileHandle); + } + } + } + + /** + * deletes a file or folder + * + * @param dir $dir + * @param file $name + */ + public static function delete($dir,$file){ + global $CONFIG_DATADIRECTORY; + if(OC_USER::isLoggedIn() and strpos($dir,'..')===false){ + $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file; + if(is_file($file)){ + unlink($file); + }elseif(is_dir($file)){ + rmdir($file); + } + } + } } +function zipAddDir($dir,$zip,$internalDir=''){ + $dirname=basename($dir); + $zip->addEmptyDir($internalDir.$dirname); + $internalDir.=$dirname.='/'; + $files=OC_FILES::getdirectorycontent($dir); + foreach($files as $file){ + $filename=$file['name']; + $file=$dir.'/'.$filename; + if(is_file($file)){ + $zip->addFile($file,$internalDir.$filename); + }elseif(is_dir($file)){ + zipAddDir($file,$zip,$internalDir); + } + } +} +if(!function_exists('sys_get_temp_dir')) { + function sys_get_temp_dir() { + if( $temp=getenv('TMP') ) return $temp; + if( $temp=getenv('TEMP') ) return $temp; + if( $temp=getenv('TMPDIR') ) return $temp; + $temp=tempnam(__FILE__,''); + if (file_exists($temp)) { + unlink($temp); + return dirname($temp); + } + return null; + } +} -?> +?> \ No newline at end of file diff --git a/files/delete.php b/js/lib_api.js similarity index 67% rename from files/delete.php rename to js/lib_api.js index 7d19a45a73a..51fc843967d 100644 --- a/files/delete.php +++ b/js/lib_api.js @@ -1,5 +1,3 @@ -. * */ -require_once('../inc/lib_base.php'); -$dir=$_GET['dir']; -$file=$_GET['file']; -if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($dir,'..')===false){ - $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file; - if(is_file($file)){ - unlink($file); - }elseif(is_dir($file)){ - rmdir($file); +OC_API=new Object(); + +OC_API.run=function(action,params,callback,callbackparams){ + var xmlloader=new OCXMLLoader(); + xmlloader.setCallBack(callback); + xmlloader.method="POST"; + var paramString='action='+action; + for(name in params){ + paramString+='&'+name+'='+encodeURIComponent(params[name]); } -} - -?> \ No newline at end of file + xmlloader.arg=callbackparams; + xmlloader.load('files/api.php',paramString); +} \ No newline at end of file diff --git a/js/lib_files.js b/js/lib_files.js index c231af2f03f..7c23ee16a9d 100644 --- a/js/lib_files.js +++ b/js/lib_files.js @@ -87,6 +87,10 @@ OC_FILES.getdirectorycontent=function(dir,callback,refresh){ OC_FILES.dir=''; +OC_FILES.get=function(dir,file){ + window.location='files/get_file.php?dir='+encodeURIComponent(dir)+'&files='+encodeURIComponent(file); +} + OC_FILES.upload=function(dir,iframeId){ var file=new Object; var fileSelector=document.getElementById('fileSelector'); @@ -133,7 +137,7 @@ OC_FILES.upload_callback=function(iframeId){ if(OC_FILES.cache.incomplete[file.dir][file.name]){ OC_FILES.browser.files.remove(file.name); OC_FILES.cache.files[file.name]=OC_FILES.cache.incomplete[file.dir][file.name] - delete OC_FILES.cache.incomplete[file.dir][file.name]; + OC_FILES.cache.incomplete[file.dir][file.name]=null; OC_FILES.cache.files[file.name]['type']=file.type; this.uploadForm.parentNode.removeChild(this.uploadForm); this.parentNode.removeChild(this); @@ -154,14 +158,12 @@ OC_FILES.rename=function(dir,file,event){ OC_FILES.browser.show(OC_FILES.dir); return false; } - xmlloader=new OCXMLLoader(); - xmlloader.setCallBack(OC_FILES.rename_callback); - xmlloader.arg=new Object; - xmlloader.arg.oldname=file; - xmlloader.arg.newname=newname; - xmlloader.arg.dir=dir; - xmlloader.arg.type=OC_FILES.cache.files[file]['type']; - xmlloader.load('files/rename.php?dir='+dir+'&file='+file+'&newname='+newname); + arg=new Object; + arg.oldname=file; + arg.newname=newname; + arg.dir=dir; + arg.type=OC_FILES.cache.files[file]['type']; + OC_API.run('rename',{dir:dir,file:file,newname:newname},OC_FILES.rename_callback,arg) if(!OC_FILES.cache.incomplete[dir]){ OC_FILES.cache.incomplete[dir]=Array(); } @@ -184,12 +186,9 @@ OC_FILES.rename_callback=function(req,file){ } OC_FILES.remove=function(dir,file){ - remove=confirm('remove file \''+file+'\'?'); + remove=confirm('delete file \''+file+'\'?'); if(remove){ - xmlloader=new OCXMLLoader(); - xmlloader.setCallBack(OC_FILES.remove_callback); - xmlloader.arg=file; - xmlloader.load('files/delete.php?dir='+dir+'&file='+file); + OC_API.run('delete',{dir:dir,file:file},OC_FILES.remove_callback,file) OC_FILES.browser.files.remove(file); delete OC_FILES.cache.files[file]; } @@ -212,13 +211,11 @@ OC_FILES.getSelected=function(){ } OC_FILES.newFile=function(type,name,dir){ - xmlloader=new OCXMLLoader(); - xmlloader.arg=new Object; - xmlloader.arg.name=name; - xmlloader.arg.dir=dir; - xmlloader.arg.type=type; - xmlloader.setCallBack(OC_FILES.new_callback); - xmlloader.load('files/new.php?type='+type+'&dir='+dir+'&name='+name); + arg=new Object; + arg.name=name; + arg.dir=dir; + arg.type=type; + OC_API.run('new',{dir:dir,name:name,type:type},OC_FILES.new_callback,arg) if(!OC_FILES.cache.incomplete[dir]){ OC_FILES.cache.incomplete[dir]=Array(); } @@ -248,17 +245,15 @@ OC_FILES.move=function(source,target,sourceDir,targetDir){ if(!OC_FILES.cache.incomplete[targetDir+'/'+target]){ OC_FILES.cache.incomplete[targetDir+'/'+target]=Array(); } - xmlloader=new OCXMLLoader(); - xmlloader.arg=new Object; - xmlloader.arg.source=source; - xmlloader.arg.target=target; - xmlloader.arg.sourceDir=sourceDir; - xmlloader.arg.targetDir=targetDir; - xmlloader.arg.type=OC_FILES.cache.files[source]['type']; + arg=new Object; + arg.source=source; + arg.target=target; + arg.sourceDir=sourceDir; + arg.targetDir=targetDir; + arg.type=OC_FILES.cache.files[source]['type']; OC_FILES.cache.files[source]['type']='incomplete'; - OC_FILES.cache.incomplete[targetDir+'/'+target][source]=OC_FILES.cache.files[source] - xmlloader.setCallBack(OC_FILES.move_callback); - xmlloader.load('files/move.php?sourcedir='+sourceDir+'&targetdir='+targetDir+'&source='+source+'&target='+target); + OC_FILES.cache.incomplete[targetDir+'/'+target][source]=OC_FILES.cache.files[source]; + OC_API.run('move',{sourcedir:sourceDir,source:source,targetdir:targetDir,target:target},OC_FILES.move_callback,arg); } } @@ -293,11 +288,12 @@ OC_FILES.actions_selected.download=function(){ if(files.length==0){ return false; }else if(files.length>1){ - files.join(';'); + files=files.join(';'); }else{ files=files[0]; } - window.location=WEBROOT+'/files/get_file.php?dir='+OC_FILES.dir+'&files='+files; + OC_FILES.get(dir,files); +// window.location=WEBROOT+'/files/get_file.php?dir='+OC_FILES.dir+'&files='+files; } OC_FILES.actions_selected['delete']=function(){ @@ -361,7 +357,7 @@ OC_FILES.fileActions.all.rename=function(){ OC_FILES.browser.show_rename(this.dir,this.file); } OC_FILES.fileActions.all.download=function(){ - window.location=WEBROOT+'/files/get_file.php?dir='+this.dir+'&files='+this.file; + OC_FILES.get(this.dir,this.file); } OC_FILES.fileActions.all['default']=OC_FILES.fileActions.all.download; @@ -373,13 +369,12 @@ OC_FILES.fileActions.dir.open=function(){ OC_FILES.fileActions.dir['default']=OC_FILES.fileActions.dir.open; OC_FILES.fileActions.dir.dropOn=function(file){ - OC_FILES.move(file.file,this.file,file.dir,this.dir); + OC_FILES.move(file.file,file.file,file.dir,this.dir+'/'+this.file); } OC_FILES.fileActions.jpg=new Object() OC_FILES.fileActions.jpg.show=function(){ -// window.open(WEBROOT+'/files/open_file.php?dir='+this.dir+'&file='+this.file); OC_FILES.browser.showImage(this.dir,this.file); } From afc0ef420b58b92e38ea600c2eac972ed132fbac Mon Sep 17 00:00:00 2001 From: Robin Date: Sun, 25 Apr 2010 15:04:13 +0200 Subject: [PATCH 13/16] bug fix when starting multiply uploads while the old ones arent finsihed, detect file actions on mimetype not on extention --- files/upload.php | 2 ++ inc/lib_files.php | 66 +++++++++++++++++++++++++++++++++++++++++++++++ js/filebrowser.js | 6 ++--- js/lib_files.js | 48 ++++++++++++++++++++++------------ 4 files changed, 102 insertions(+), 20 deletions(-) diff --git a/files/upload.php b/files/upload.php index b5fed2ed5b1..0aa435cad6f 100644 --- a/files/upload.php +++ b/files/upload.php @@ -22,6 +22,8 @@ */ require_once('../inc/lib_base.php'); +// sleep(5); //immitate slow internet. + $fileName=$_FILES['file']['name']; $source=$_FILES['file']['tmp_name']; $target=$CONFIG_DATADIRECTORY.'/'.$_GET['dir'].'/'.$fileName; diff --git a/inc/lib_files.php b/inc/lib_files.php index a4e1c6a5a4f..6188723c028 100755 --- a/inc/lib_files.php +++ b/inc/lib_files.php @@ -59,6 +59,7 @@ class OC_FILES { $file['directory']=$directory; $stat=stat($directory.'/'.$filename); $file=array_merge($file,$stat); + $file['mime']=OC_FILES::getMimeType($directory .'/'. $filename); $file['type']=filetype($directory .'/'. $filename); if($file['type']=='dir'){ $dirs[$file['name']]=$file; @@ -190,6 +191,71 @@ class OC_FILES { } } } + + /** + * try to detect the mime type of a file + * + * @param string file path + * @return string guessed mime type + */ + function getMimeType($fspath){ + if (@is_dir($fspath)) { + // directories are easy + return "httpd/unix-directory"; + } else if (function_exists("mime_content_type")) { + // use mime magic extension if available + $mime_type = mime_content_type($fspath); + } else if ($this->_can_execute("file")) { + // it looks like we have a 'file' command, + // lets see it it does have mime support + $fp = popen("file -i '$fspath' 2>/dev/null", "r"); + $reply = fgets($fp); + pclose($fp); + + // popen will not return an error if the binary was not found + // and find may not have mime support using "-i" + // so we test the format of the returned string + + // the reply begins with the requested filename + if (!strncmp($reply, "$fspath: ", strlen($fspath)+2)) { + $reply = substr($reply, strlen($fspath)+2); + // followed by the mime type (maybe including options) + if (preg_match('/^[[:alnum:]_-]+/[[:alnum:]_-]+;?.*/', $reply, $matches)) { + $mime_type = $matches[0]; + } + } + } + if (empty($mime_type)) { + // Fallback solution: try to guess the type by the file extension + // TODO: add more ... + switch (strtolower(strrchr(basename($fspath), "."))) { + case ".html": + $mime_type = "text/html"; + break; + case ".txt": + $mime_type = "text/plain"; + break; + case ".css": + $mime_type = "text/css"; + break; + case ".gif": + $mime_type = "image/gif"; + break; + case ".jpg": + $mime_type = "image/jpeg"; + break; + case ".jpg": + $mime_type = "png/jpeg"; + break; + default: + $mime_type = "application/octet-stream"; + break; + } + } + + return $mime_type; + } + } function zipAddDir($dir,$zip,$internalDir=''){ diff --git a/js/filebrowser.js b/js/filebrowser.js index f12cec44143..cc03fe33156 100644 --- a/js/filebrowser.js +++ b/js/filebrowser.js @@ -129,16 +129,16 @@ OC_FILES.browser.files.show=function(parent,fileList){ for(name in fileList){ file=fileList[name]; if(!OC_FILES.browser.files.fileNodes[file.name]){ - OC_FILES.browser.files.add(file.name,file.type,file.size,file.date); + OC_FILES.browser.files.add(file.name,file.type,file.size,file.date,file.mime); } } } } -OC_FILES.browser.files.add=function(name,type,size,date){ +OC_FILES.browser.files.add=function(name,type,size,date,mime){ if(name){ if(!size) size=0; if(!date) date=getTimeString(); - OC_FILES.files[name]=new OC_FILES.file(OC_FILES.dir,name,type); + OC_FILES.files[name]=new OC_FILES.file(OC_FILES.dir,name,type,mime); tr=document.createElement('tr'); OC_FILES.browser.files.fileNodes[name]=tr; OC_FILES.browser.files.tbody.appendChild(tr); diff --git a/js/lib_files.js b/js/lib_files.js index 7c23ee16a9d..f60b399746d 100644 --- a/js/lib_files.js +++ b/js/lib_files.js @@ -49,7 +49,7 @@ OC_FILES.getdirectorycontent_parse=function(req){ if(fileElements.length>0){ for(index=0;index Date: Sun, 25 Apr 2010 15:18:00 +0200 Subject: [PATCH 14/16] small bugfix when creatring new files/folders --- js/lib_files.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/js/lib_files.js b/js/lib_files.js index f60b399746d..d1480e36637 100644 --- a/js/lib_files.js +++ b/js/lib_files.js @@ -236,8 +236,9 @@ OC_FILES.new_callback=function(req,file){ OC_FILES.cache.files[file.name]=OC_FILES.cache.incomplete[file.dir][file.name]; delete OC_FILES.cache.incomplete[file.dir][file.name]; OC_FILES.cache.files[file.name]['type']=file.type; - OC_FILES.browser.files.remove(name); - OC_FILES.browser.show(OC_FILES.dir); + OC_FILES.browser.files.remove(file.name); +// OC_FILES.browser.files.add(name); + OC_FILES.browser.show(OC_FILES.dir,true); } OC_FILES.move=function(source,target,sourceDir,targetDir){ From eaf0024c0f56b33754217d6ddb95ba021deefccf Mon Sep 17 00:00:00 2001 From: Robin Date: Sun, 25 Apr 2010 18:18:04 +0200 Subject: [PATCH 15/16] bugfix when filling the database in first run dialog --- inc/lib_base.php | 1 + inc/lib_config.php | 18 +++++++++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/inc/lib_base.php b/inc/lib_base.php index 5992004f537..851fc254b8e 100755 --- a/inc/lib_base.php +++ b/inc/lib_base.php @@ -67,6 +67,7 @@ oc_require_once('lib_files.php'); oc_require_once('lib_log.php'); oc_require_once('lib_config.php'); oc_require_once('lib_user.php'); +oc_require_once('lib_ocs.php'); if(OC_USER::isLoggedIn()){ //jail the user in a seperate data folder diff --git a/inc/lib_config.php b/inc/lib_config.php index 130731b79f9..389aeff646e 100755 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -202,9 +202,9 @@ class OC_CONFIG{ self::filldatabase(); } }catch(Exception $e){ + echo 'testin'; $error.='error while trying to fill the database
'; } - if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){ $error.='error while trying to create the admin user
'; } @@ -303,7 +303,7 @@ CREATE TABLE 'users' ( ); "; }elseif($CONFIG_DBTYPE=='mysql'){ - $query="SET SQL_MODE=\"NO_AUTO_VALUE_ON_ZERO\"; + $query="SET SQL_MODE='NO_AUTO_VALUE_ON_ZERO'; CREATE TABLE IF NOT EXISTS `locks` ( `token` varchar(255) NOT NULL DEFAULT '', @@ -351,10 +351,22 @@ UNIQUE ( ) ) ENGINE = MYISAM ; +CREATE TABLE IF NOT EXISTS `groups` ( +`group_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , +`group_name` VARCHAR( 64 ) NOT NULL , +UNIQUE ( +`group_name` +) +) ENGINE = MYISAM ; + +CREATE TABLE IF NOT EXISTS `user_group` ( +`user_group_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , +`user_id` VARCHAR( 64 ) NOT NULL , +`group_id` VARCHAR( 64 ) NOT NULL +) ENGINE = MYISAM ; "; } OC_DB::multiquery($query); - die(); } /** From 854e0c5a9c9060e827fbbfddffeeeadfc2d27278 Mon Sep 17 00:00:00 2001 From: Robin Date: Sun, 25 Apr 2010 18:27:02 +0200 Subject: [PATCH 16/16] bug fix in mimetype detect code --- inc/lib_files.php | 45 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/inc/lib_files.php b/inc/lib_files.php index 6188723c028..2e77067b4a7 100755 --- a/inc/lib_files.php +++ b/inc/lib_files.php @@ -205,7 +205,7 @@ class OC_FILES { } else if (function_exists("mime_content_type")) { // use mime magic extension if available $mime_type = mime_content_type($fspath); - } else if ($this->_can_execute("file")) { + } else if (OC_FILES::canExecute("file")) { // it looks like we have a 'file' command, // lets see it it does have mime support $fp = popen("file -i '$fspath' 2>/dev/null", "r"); @@ -255,6 +255,49 @@ class OC_FILES { return $mime_type; } + + /** + * detect if a given program is found in the search PATH + * + * helper function used by _mimetype() to detect if the + * external 'file' utility is available + * + * @param string program name + * @param string optional search path, defaults to $PATH + * @return bool true if executable program found in path + */ + function canExecute($name, $path = false) + { + // path defaults to PATH from environment if not set + if ($path === false) { + $path = getenv("PATH"); + } + + // check method depends on operating system + if (!strncmp(PHP_OS, "WIN", 3)) { + // on Windows an appropriate COM or EXE file needs to exist + $exts = array(".exe", ".com"); + $check_fn = "file_exists"; + } else { + // anywhere else we look for an executable file of that name + $exts = array(""); + $check_fn = "is_executable"; + } + + // now check the directories in the path for the program + foreach (explode(PATH_SEPARATOR, $path) as $dir) { + // skip invalid path entries + if (!file_exists($dir)) continue; + if (!is_dir($dir)) continue; + + // and now look for the file + foreach ($exts as $ext) { + if ($check_fn("$dir/$name".$ext)) return true; + } + } + + return false; + } }