2010-03-10 15:03:40 +03:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ownCloud
|
|
|
|
*
|
|
|
|
* @author Frank Karlitschek
|
|
|
|
* @copyright 2010 Frank Karlitschek karlitschek@kde.org
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 3 of the License, or any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
// set some stuff
|
2010-03-16 10:48:36 +03:00
|
|
|
ob_start();
|
2010-03-10 15:03:40 +03:00
|
|
|
error_reporting(E_ALL | E_STRICT);
|
|
|
|
date_default_timezone_set('Europe/Berlin');
|
|
|
|
ini_set('arg_separator.output','&');
|
|
|
|
ini_set('session.cookie_httponly','1;');
|
|
|
|
session_start();
|
|
|
|
|
2010-03-16 10:48:36 +03:00
|
|
|
// calculate the documentroot
|
|
|
|
$DOCUMENTROOT=substr(__FILE__,0,-17);
|
|
|
|
$SERVERROOT=$_SERVER['DOCUMENT_ROOT'];
|
|
|
|
$count=strlen($SERVERROOT);
|
|
|
|
$WEBROOT=substr($DOCUMENTROOT,$count);
|
|
|
|
//echo($WEBROOT);
|
|
|
|
|
|
|
|
// set the right include path
|
|
|
|
set_include_path(get_include_path().PATH_SEPARATOR.$DOCUMENTROOT.PATH_SEPARATOR.$DOCUMENTROOT.'/inc'.PATH_SEPARATOR.$DOCUMENTROOT.'/config');
|
|
|
|
|
|
|
|
// define default config values
|
|
|
|
$CONFIG_ADMINLOGIN='';
|
|
|
|
$CONFIG_ADMINPASSWORD='';
|
|
|
|
$CONFIG_DATADIRECTORY='/var/data';
|
|
|
|
$CONFIG_HTTPFORCESSL=false;
|
|
|
|
$CONFIG_DATEFORMAT='j M Y G:i';
|
|
|
|
$CONFIG_DBHOST='localhost';
|
|
|
|
$CONFIG_DBNAME='owncloud';
|
|
|
|
$CONFIG_DBUSER='';
|
|
|
|
$CONFIG_DBPASSWORD='';
|
|
|
|
|
|
|
|
// include the generated configfile
|
|
|
|
@include_once('config.php');
|
|
|
|
|
2010-03-10 15:03:40 +03:00
|
|
|
// redirect to https site if configured
|
2010-03-16 10:48:36 +03:00
|
|
|
if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){
|
2010-03-10 15:03:40 +03:00
|
|
|
if(!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') {
|
|
|
|
$url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
|
|
|
|
header("Location: $url");
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// load core libs
|
|
|
|
require_once('lib_files.php');
|
|
|
|
require_once('lib_log.php');
|
|
|
|
|
|
|
|
// load plugins
|
2010-03-16 10:48:36 +03:00
|
|
|
$CONFIG_LOADPLUGINS='';
|
2010-03-10 15:03:40 +03:00
|
|
|
$plugins=explode(' ',$CONFIG_LOADPLUGINS);
|
|
|
|
if(isset($plugins[0]['url'])) foreach($plugins as $plugin) require_once('plugins/'.$plugin.'/lib_'.$plugin.'.php');
|
|
|
|
|
|
|
|
|
2010-03-16 10:48:36 +03:00
|
|
|
// check if the server is correctly configured for ownCloud
|
|
|
|
OC_UTIL::checkserver();
|
|
|
|
|
|
|
|
// listen for login or logout actions
|
|
|
|
OC_USER::logoutlisener();
|
|
|
|
$loginresult=OC_USER::loginlisener();
|
|
|
|
|
|
|
|
|
2010-03-10 15:03:40 +03:00
|
|
|
/**
|
|
|
|
* Class for usermanagement
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
class OC_USER {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* check if the login button is pressed and logg the user in
|
|
|
|
*
|
|
|
|
*/
|
2010-03-15 17:41:53 +03:00
|
|
|
public static function loginlisener(){
|
2010-03-10 15:03:40 +03:00
|
|
|
global $CONFIG_ADMINLOGIN;
|
|
|
|
global $CONFIG_ADMINPASSWORD;
|
|
|
|
if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
|
|
|
|
if($_POST['login']==$CONFIG_ADMINLOGIN and $_POST['password']==$CONFIG_ADMINPASSWORD){
|
|
|
|
$_SESSION['username']=$_POST['login'];
|
|
|
|
OC_LOG::event($_SESSION['username'],1,'');
|
2010-03-16 10:48:36 +03:00
|
|
|
return('');
|
2010-03-10 15:03:40 +03:00
|
|
|
}else{
|
2010-03-16 10:48:36 +03:00
|
|
|
return('error');
|
2010-03-10 15:03:40 +03:00
|
|
|
}
|
|
|
|
}
|
2010-03-16 10:48:36 +03:00
|
|
|
return('');
|
2010-03-10 15:03:40 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* check if the logout button is pressed and logout the user
|
|
|
|
*
|
|
|
|
*/
|
2010-03-15 17:41:53 +03:00
|
|
|
public static function logoutlisener(){
|
2010-03-10 15:03:40 +03:00
|
|
|
if(isset($_GET['logoutbutton'])){
|
|
|
|
OC_LOG::event($_SESSION['username'],2,'');
|
|
|
|
if(isset($_SESSION['username'])) unset($_SESSION['username']);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Class for utility functions
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
class OC_UTIL {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* array to store all the optional navigation buttons of the plugins
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
static private $NAVIGATION = array();
|
|
|
|
|
2010-03-16 10:48:36 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* check if the current server configuration is suitable for ownCloud
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function checkserver(){
|
|
|
|
global $DOCUMENTROOT;
|
|
|
|
$f=@fopen($DOCUMENTROOT.'/config/config.php','a+');
|
|
|
|
if(!$f) die('Error: Config file (config/config.php) is not writable for the webserver.');
|
|
|
|
@fclose($f);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2010-03-10 15:03:40 +03:00
|
|
|
/**
|
|
|
|
* show the header of the web GUI
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function showheader(){
|
2010-03-16 10:48:36 +03:00
|
|
|
global $CONFIG_ADMINLOGIN;
|
|
|
|
global $WEBROOT;
|
2010-03-10 15:03:40 +03:00
|
|
|
require('templates/header.php');;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* show the footer of the web GUI
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function showfooter(){
|
|
|
|
global $CONFIG_FOOTEROWNERNAME;
|
|
|
|
global $CONFIG_FOOTEROWNEREMAIL;
|
|
|
|
require('templates/footer.php');;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* add an navigationentry to the main navigation
|
|
|
|
*
|
|
|
|
* @param name $name
|
|
|
|
* @param url $url
|
|
|
|
*/
|
|
|
|
public static function addnavigationentry($name,$url) {
|
|
|
|
$entry=array();
|
|
|
|
$entry['name']=$name;
|
|
|
|
$entry['url']=$url;
|
|
|
|
OC_UTIL::$NAVIGATION[]=$entry;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* show the main navigation
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function shownavigation(){
|
2010-03-16 10:48:36 +03:00
|
|
|
global $WEBROOT;
|
2010-03-10 15:03:40 +03:00
|
|
|
echo('<table cellpadding="5" cellspacing="0" border="0"><tr>');
|
2010-03-16 10:48:36 +03:00
|
|
|
echo('<td class="navigationitem1"><a href="'.$WEBROOT.'/">'.$_SESSION['username'].'</a></td>');
|
|
|
|
if($_SERVER['SCRIPT_NAME']=='/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/">Files</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/">Files</a></td>');
|
2010-03-10 15:03:40 +03:00
|
|
|
|
|
|
|
foreach(OC_UTIL::$NAVIGATION as $NAVI) {
|
|
|
|
if($_SERVER['SCRIPT_NAME']==$NAVI['url']) echo('<td class="navigationitemselected"><a href="'.$NAVI['url'].'">'.$NAVI['name'].'</a></td>'); else echo('<td class="navigationitem"><a href="'.$NAVI['url'].'">'.$NAVI['name'].'</a></td>');
|
|
|
|
}
|
|
|
|
|
2010-03-16 10:48:36 +03:00
|
|
|
if($_SERVER['SCRIPT_NAME']=='/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>');
|
|
|
|
if($_SERVER['SCRIPT_NAME']=='/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>');
|
|
|
|
echo('<td class="navigationitem"><a href="'.$WEBROOT.'?logoutbutton=1">Logout</a></td>');
|
2010-03-10 15:03:40 +03:00
|
|
|
echo('</tr></table>');
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* show the loginform
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function showloginform(){
|
2010-03-16 10:48:36 +03:00
|
|
|
global $loginresult;
|
2010-03-15 17:41:53 +03:00
|
|
|
require('templates/loginform.php');
|
2010-03-10 15:03:40 +03:00
|
|
|
}
|
|
|
|
|
2010-03-16 10:48:36 +03:00
|
|
|
|
2010-03-10 15:03:40 +03:00
|
|
|
/**
|
|
|
|
* show an icon for a filetype
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function showicon($filetype){
|
2010-03-16 10:48:36 +03:00
|
|
|
global $WEBROOT;
|
|
|
|
if($filetype=='dir'){ echo('<td><img src="'.$WEBROOT.'/img/icons/folder.png" width="16" height="16"></td>');
|
2010-03-10 15:03:40 +03:00
|
|
|
}elseif($filetype=='foo'){ echo('<td>foo</td>');
|
2010-03-16 10:48:36 +03:00
|
|
|
}else{ echo('<td><img src="'.$WEBROOT.'/img/icons/other.png" width="16" height="16"></td>');
|
2010-03-10 15:03:40 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-03-16 10:48:36 +03:00
|
|
|
/**
|
|
|
|
* show the configform
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function showconfigform(){
|
|
|
|
global $CONFIG_ADMINLOGIN;
|
|
|
|
global $CONFIG_ADMINPASSWORD;
|
|
|
|
global $CONFIG_DATADIRECTORY;
|
|
|
|
global $CONFIG_HTTPFORCESSL;
|
|
|
|
global $CONFIG_DATEFORMAT;
|
|
|
|
global $CONFIG_DBHOST;
|
|
|
|
global $CONFIG_DBNAME;
|
|
|
|
global $CONFIG_DBUSER;
|
|
|
|
global $CONFIG_DBPASSWORD;
|
|
|
|
require('templates/configform.php');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* lisen for configuration changes and write it to the file
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function writeconfiglisener(){
|
|
|
|
global $DOCUMENTROOT;
|
|
|
|
global $WEBROOT;
|
|
|
|
if(isset($_POST['set_config'])){
|
|
|
|
|
|
|
|
//checkdata
|
|
|
|
$error='';
|
|
|
|
|
|
|
|
if(!isset($_POST['adminlogin']) or empty($_POST['adminlogin'])) $error.='admin login not set<br />';
|
|
|
|
if(!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])) $error.='admin password not set<br />';
|
|
|
|
if(!isset($_POST['adminpassword2']) or empty($_POST['adminpassword2'])) $error.='retype admin password not set<br />';
|
|
|
|
if(!isset($_POST['datadirectory']) or empty($_POST['datadirectory'])) $error.='data directory not set<br />';
|
|
|
|
if(!isset($_POST['dateformat']) or empty($_POST['dateformat'])) $error.='dteformat not set<br />';
|
|
|
|
if(!isset($_POST['dbhost']) or empty($_POST['dbhost'])) $error.='database host not set<br />';
|
|
|
|
if(!isset($_POST['dbname']) or empty($_POST['dbname'])) $error.='databasename not set<br />';
|
|
|
|
if(!isset($_POST['dbuser']) or empty($_POST['dbuser'])) $error.='database user not set<br />';
|
|
|
|
if(!isset($_POST['dbpassword']) or empty($_POST['dbpassword'])) $error.='database password not set<br />';
|
|
|
|
if(!isset($_POST['dbpassword2']) or empty($_POST['dbpassword2'])) $error.='retype database password not set<br />';
|
|
|
|
if($_POST['dbpassword']<>$_POST['dbpassword2'] ) $error.='database passwords are not the same<br />';
|
|
|
|
if($_POST['adminpassword']<>$_POST['adminpassword2'] ) $error.='admin passwords are not the same<br />';
|
|
|
|
|
|
|
|
|
|
|
|
if(empty($error)) {
|
|
|
|
//storedata
|
|
|
|
$config='<?php '."\n";
|
|
|
|
$config.='$CONFIG_ADMINLOGIN=\''.$_POST['adminlogin']."';\n";
|
|
|
|
$config.='$CONFIG_ADMINPASSWORD=\''.$_POST['adminpassword']."';\n";
|
|
|
|
$config.='$CONFIG_DATADIRECTORY=\''.$_POST['datadirectory']."';\n";
|
|
|
|
if(isset($_POST['forcessl'])) $config.='$CONFIG_HTTPFORCESSL=true'.";\n"; else $config.='$CONFIG_HTTPFORCESSL=false'.";\n";
|
|
|
|
$config.='$CONFIG_DATEFORMAT=\''.$_POST['dateformat']."';\n";
|
|
|
|
$config.='$CONFIG_DBHOST=\''.$_POST['dbhost']."';\n";
|
|
|
|
$config.='$CONFIG_DBNAME=\''.$_POST['dbname']."';\n";
|
|
|
|
$config.='$CONFIG_DBUSER=\''.$_POST['dbuser']."';\n";
|
|
|
|
$config.='$CONFIG_DBPASSWORD=\''.$_POST['dbpassword']."';\n";
|
|
|
|
$config.='?> ';
|
|
|
|
|
|
|
|
$filename=$DOCUMENTROOT.'/config/config.php';
|
|
|
|
file_put_contents($filename,$config);
|
|
|
|
header("Location: ".$WEBROOT."/");
|
|
|
|
|
|
|
|
}
|
|
|
|
return($error);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2010-03-10 15:03:40 +03:00
|
|
|
}
|
|
|
|
|
2010-03-16 10:48:36 +03:00
|
|
|
|
2010-03-10 15:03:40 +03:00
|
|
|
/**
|
|
|
|
* Class for database access
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
class OC_DB {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* executes a query on the database
|
|
|
|
*
|
|
|
|
* @param string $cmd
|
|
|
|
* @return result-set
|
|
|
|
*/
|
|
|
|
static function query($cmd) {
|
|
|
|
global $DBConnection;
|
|
|
|
global $CONFIG_DBHOST;
|
|
|
|
global $CONFIG_DBNAME;
|
|
|
|
global $CONFIG_DBUSER;
|
2010-03-16 10:48:36 +03:00
|
|
|
global $CONFIG_DBPASSWORD;
|
2010-03-10 15:03:40 +03:00
|
|
|
if(!isset($DBConnection)) {
|
2010-03-16 10:48:36 +03:00
|
|
|
$DBConnection = @new mysqli($CONFIG_DBHOST, $CONFIG_DBUSER, $CONFIG_DBPASSWORD,$CONFIG_DBNAME);
|
2010-03-10 15:03:40 +03:00
|
|
|
if (mysqli_connect_errno()) {
|
|
|
|
@ob_end_clean();
|
2010-03-16 10:48:36 +03:00
|
|
|
echo('<b>can not connect to database.</center>');
|
2010-03-10 15:03:40 +03:00
|
|
|
exit();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$result = @$DBConnection->query($cmd);
|
|
|
|
if (!$result) {
|
2010-03-15 17:41:53 +03:00
|
|
|
$entry='DB Error: "'.$DBConnection->error.'"<br />';
|
|
|
|
$entry.='Offending command was: '.$cmd.'<br />';
|
2010-03-10 15:03:40 +03:00
|
|
|
echo($entry);
|
|
|
|
}
|
|
|
|
return $result;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* closing a db connection
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
static function close() {
|
|
|
|
global $DBConnection;
|
|
|
|
if(isset($DBConnection)) {
|
|
|
|
return $DBConnection->close();
|
|
|
|
} else {
|
|
|
|
return(false);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returning primarykey if last statement was an insert.
|
|
|
|
*
|
|
|
|
* @return primarykey
|
|
|
|
*/
|
|
|
|
static function insertid() {
|
|
|
|
global $DBConnection;
|
|
|
|
return(mysqli_insert_id($DBConnection));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returning number of rows in a result
|
|
|
|
*
|
|
|
|
* @param resultset $result
|
|
|
|
* @return int
|
|
|
|
*/
|
|
|
|
static function numrows($result) {
|
|
|
|
if(!isset($result) or ($result == false)) return 0;
|
|
|
|
$num= mysqli_num_rows($result);
|
|
|
|
return($num);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returning number of affected rows
|
|
|
|
*
|
|
|
|
* @return int
|
|
|
|
*/
|
|
|
|
static function affected_rows() {
|
|
|
|
global $DBConnection;
|
|
|
|
if(!isset($DBConnection) or ($DBConnection==false)) return 0;
|
|
|
|
$num= mysqli_affected_rows($DBConnection);
|
|
|
|
return($num);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get a field from the resultset
|
|
|
|
*
|
|
|
|
* @param resultset $result
|
|
|
|
* @param int $i
|
|
|
|
* @param int $field
|
|
|
|
* @return unknown
|
|
|
|
*/
|
|
|
|
static function result($result, $i, $field) {
|
|
|
|
//return @mysqli_result($result, $i, $field);
|
|
|
|
|
|
|
|
mysqli_data_seek($result,$i);
|
|
|
|
if (is_string($field))
|
|
|
|
$tmp=mysqli_fetch_array($result,MYSQLI_BOTH);
|
|
|
|
else
|
|
|
|
$tmp=mysqli_fetch_array($result,MYSQLI_NUM);
|
|
|
|
$tmp=$tmp[$field];
|
|
|
|
return($tmp);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get data-array from resultset
|
|
|
|
*
|
|
|
|
* @param resultset $result
|
|
|
|
* @return data
|
|
|
|
*/
|
|
|
|
static function fetch_assoc($result) {
|
|
|
|
return mysqli_fetch_assoc($result);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Freeing resultset (performance)
|
|
|
|
*
|
|
|
|
* @param unknown_type $result
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
static function free_result($result) {
|
|
|
|
return @mysqli_free_result($result);
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
?>
|