2010-04-22 21:03:54 +04:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/**
|
|
|
|
* ownCloud
|
|
|
|
*
|
|
|
|
* @author Frank Karlitschek
|
|
|
|
* @copyright 2010 Frank Karlitschek karlitschek@kde.org
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 3 of the License, or any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
2010-04-24 14:40:20 +04:00
|
|
|
if(!$CONFIG_INSTALLED){
|
|
|
|
$_SESSION['user_id']=false;
|
|
|
|
$_SESSION['username']='';
|
|
|
|
$_SESSION['username_clean']='';
|
|
|
|
}
|
|
|
|
|
2010-06-22 03:27:44 +04:00
|
|
|
//cache the userid's an groupid's
|
|
|
|
if(!isset($_SESSION['user_id_cache'])){
|
|
|
|
$_SESSION['user_id_cache']=array();
|
|
|
|
}
|
|
|
|
if(!isset($_SESSION['group_id_cache'])){
|
|
|
|
$_SESSION['group_id_cache']=array();
|
|
|
|
}
|
|
|
|
|
2010-04-22 21:03:54 +04:00
|
|
|
/**
|
|
|
|
* Class for usermanagement
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
class OC_USER {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* check if the login button is pressed and logg the user in
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function loginlisener(){
|
|
|
|
if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
|
|
|
|
if(OC_USER::login($_POST['login'],$_POST['password'])){
|
2010-07-06 12:30:08 +04:00
|
|
|
echo 1;
|
2010-04-22 21:03:54 +04:00
|
|
|
OC_LOG::event($_SESSION['username'],1,'');
|
2010-07-06 12:30:08 +04:00
|
|
|
echo 2;
|
|
|
|
if((isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') {
|
|
|
|
$url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
|
|
|
|
}else{
|
|
|
|
$url = "http://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
|
|
|
|
}
|
|
|
|
header("Location: $url");
|
|
|
|
die();
|
2010-04-22 21:03:54 +04:00
|
|
|
}else{
|
|
|
|
return('error');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return('');
|
|
|
|
}
|
|
|
|
|
2010-04-22 22:08:38 +04:00
|
|
|
|
2010-04-22 21:03:54 +04:00
|
|
|
/**
|
|
|
|
* try to create a new user
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function createuser($username,$password){
|
2010-07-03 21:38:31 +04:00
|
|
|
global $CONFIG_DBTABLEPREFIX;
|
2010-07-05 13:37:50 +04:00
|
|
|
if(OC_USER::getuserid($username,true)!=0){
|
2010-04-22 21:03:54 +04:00
|
|
|
return false;
|
|
|
|
}else{
|
|
|
|
$usernameclean=strtolower($username);
|
2010-06-20 19:58:39 +04:00
|
|
|
$password=sha1($password);
|
2010-05-23 01:05:49 +04:00
|
|
|
$username=OC_DB::escape($username);
|
|
|
|
$usernameclean=OC_DB::escape($usernameclean);
|
2010-07-05 14:17:31 +04:00
|
|
|
$query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')";
|
2010-04-22 21:03:54 +04:00
|
|
|
$result=OC_DB::query($query);
|
|
|
|
return ($result)?true:false;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* try to login a user
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function login($username,$password){
|
2010-07-03 21:38:31 +04:00
|
|
|
global $CONFIG_DBTABLEPREFIX;
|
|
|
|
|
2010-04-22 21:03:54 +04:00
|
|
|
$password=sha1($password);
|
|
|
|
$usernameclean=strtolower($username);
|
2010-05-23 01:05:49 +04:00
|
|
|
$username=OC_DB::escape($username);
|
|
|
|
$usernameclean=OC_DB::escape($usernameclean);
|
2010-07-04 13:32:39 +04:00
|
|
|
$query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
|
2010-04-22 21:03:54 +04:00
|
|
|
$result=OC_DB::select($query);
|
|
|
|
if(isset($result[0]) && isset($result[0]['user_id'])){
|
|
|
|
$_SESSION['user_id']=$result[0]['user_id'];
|
|
|
|
$_SESSION['username']=$username;
|
|
|
|
$_SESSION['username_clean']=$usernameclean;
|
|
|
|
return true;
|
|
|
|
}else{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* check if the logout button is pressed and logout the user
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function logoutlisener(){
|
|
|
|
if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
|
|
|
|
OC_LOG::event($_SESSION['username'],2,'');
|
|
|
|
$_SESSION['user_id']=false;
|
|
|
|
$_SESSION['username']='';
|
|
|
|
$_SESSION['username_clean']='';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* check if a user is logged in
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function isLoggedIn(){
|
|
|
|
return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* try to create a new group
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function creategroup($groupname){
|
2010-07-03 21:38:31 +04:00
|
|
|
global $CONFIG_DBTABLEPREFIX;
|
2010-07-05 13:37:50 +04:00
|
|
|
if(OC_USER::getgroupid($groupname,true)==0){
|
2010-05-23 01:05:49 +04:00
|
|
|
$groupname=OC_DB::escape($groupname);
|
2010-07-05 14:17:31 +04:00
|
|
|
$query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupname')";
|
2010-04-22 21:03:54 +04:00
|
|
|
$result=OC_DB::query($query);
|
|
|
|
return ($result)?true:false;
|
|
|
|
}else{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get the id of a user
|
|
|
|
*
|
|
|
|
*/
|
2010-07-05 13:37:50 +04:00
|
|
|
public static function getuserid($username,$nocache=false){
|
2010-07-03 21:38:31 +04:00
|
|
|
global $CONFIG_DBTABLEPREFIX;
|
2010-04-22 21:03:54 +04:00
|
|
|
$usernameclean=strtolower($username);
|
2010-07-05 13:37:50 +04:00
|
|
|
if(!$nocache and isset($_SESSION['user_id_cache'][$usernameclean])){//try to use cached value to save an sql query
|
2010-06-22 03:27:44 +04:00
|
|
|
return $_SESSION['user_id_cache'][$usernameclean];
|
|
|
|
}
|
2010-05-23 01:05:49 +04:00
|
|
|
$usernameclean=OC_DB::escape($usernameclean);
|
2010-07-04 13:32:39 +04:00
|
|
|
$query="SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean'";
|
2010-04-22 21:03:54 +04:00
|
|
|
$result=OC_DB::select($query);
|
2010-05-09 18:33:16 +04:00
|
|
|
if(!is_array($result)){
|
|
|
|
return 0;
|
|
|
|
}
|
2010-04-22 21:03:54 +04:00
|
|
|
if(isset($result[0]) && isset($result[0]['user_id'])){
|
2010-06-22 03:27:44 +04:00
|
|
|
$_SESSION['user_id_cache'][$usernameclean]=$result[0]['user_id'];
|
2010-04-22 21:03:54 +04:00
|
|
|
return $result[0]['user_id'];
|
|
|
|
}else{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get the id of a group
|
|
|
|
*
|
|
|
|
*/
|
2010-07-05 13:37:50 +04:00
|
|
|
public static function getgroupid($groupname,$nocache=false){
|
2010-07-03 21:38:31 +04:00
|
|
|
global $CONFIG_DBTABLEPREFIX;
|
2010-07-05 13:37:50 +04:00
|
|
|
if(!$nocache and isset($_SESSION['group_id_cache'][$groupname])){//try to use cached value to save an sql query
|
2010-06-22 03:27:44 +04:00
|
|
|
return $_SESSION['group_id_cache'][$groupname];
|
|
|
|
}
|
2010-05-23 01:05:49 +04:00
|
|
|
$groupname=OC_DB::escape($groupname);
|
2010-07-04 13:32:39 +04:00
|
|
|
$query="SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupname'";
|
2010-04-22 21:03:54 +04:00
|
|
|
$result=OC_DB::select($query);
|
2010-05-09 18:33:16 +04:00
|
|
|
if(!is_array($result)){
|
|
|
|
return 0;
|
|
|
|
}
|
2010-04-22 21:03:54 +04:00
|
|
|
if(isset($result[0]) && isset($result[0]['group_id'])){
|
2010-06-22 03:27:44 +04:00
|
|
|
$_SESSION['group_id_cache'][$groupname]=$result[0]['group_id'];
|
2010-04-22 21:03:54 +04:00
|
|
|
return $result[0]['group_id'];
|
|
|
|
}else{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-04-23 02:05:04 +04:00
|
|
|
/**
|
|
|
|
* get the name of a group
|
|
|
|
*
|
|
|
|
*/
|
2010-07-05 13:37:50 +04:00
|
|
|
public static function getgroupname($groupid,$nocache=false){
|
2010-07-03 21:38:31 +04:00
|
|
|
global $CONFIG_DBTABLEPREFIX;
|
2010-07-05 13:37:50 +04:00
|
|
|
if($nocache and $name=array_search($groupid,$_SESSION['group_id_cache'])){//try to use cached value to save an sql query
|
2010-06-22 03:27:44 +04:00
|
|
|
return $name;
|
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
$groupid=(integer)$groupid;
|
2010-07-04 13:32:39 +04:00
|
|
|
$query="SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupid' LIMIT 1";
|
2010-04-23 02:05:04 +04:00
|
|
|
$result=OC_DB::select($query);
|
|
|
|
if(isset($result[0]) && isset($result[0]['group_name'])){
|
|
|
|
return $result[0]['group_name'];
|
|
|
|
}else{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-04-22 21:03:54 +04:00
|
|
|
/**
|
|
|
|
* check if a user belongs to a group
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function ingroup($username,$groupname){
|
2010-07-03 21:38:31 +04:00
|
|
|
global $CONFIG_DBTABLEPREFIX;
|
|
|
|
|
2010-04-22 21:03:54 +04:00
|
|
|
$userid=OC_USER::getuserid($username);
|
|
|
|
$groupid=OC_USER::getgroupid($groupname);
|
2010-04-24 14:40:20 +04:00
|
|
|
if($groupid>0 and $userid>0){
|
2010-07-05 14:17:31 +04:00
|
|
|
$query="SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupid' AND user_id = '$userid';";
|
2010-04-24 14:40:20 +04:00
|
|
|
$result=OC_DB::select($query);
|
|
|
|
if(isset($result[0]) && isset($result[0]['user_group_id'])){
|
|
|
|
return true;
|
|
|
|
}else{
|
|
|
|
return false;
|
|
|
|
}
|
2010-04-22 21:03:54 +04:00
|
|
|
}else{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* add a user to a group
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function addtogroup($username,$groupname){
|
2010-07-03 21:38:31 +04:00
|
|
|
global $CONFIG_DBTABLEPREFIX;
|
|
|
|
|
2010-04-22 21:03:54 +04:00
|
|
|
if(!OC_USER::ingroup($username,$groupname)){
|
|
|
|
$userid=OC_USER::getuserid($username);
|
|
|
|
$groupid=OC_USER::getgroupid($groupname);
|
|
|
|
if($groupid!=0 and $userid!=0){
|
2010-07-05 14:17:31 +04:00
|
|
|
$query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');";
|
2010-04-22 21:03:54 +04:00
|
|
|
$result=OC_DB::query($query);
|
|
|
|
if($result){
|
|
|
|
return true;
|
|
|
|
}else{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}else{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}else{
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
2010-04-22 22:08:38 +04:00
|
|
|
|
|
|
|
public static function generatepassword(){
|
|
|
|
return uniqid();
|
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
|
|
|
|
/**
|
|
|
|
* get all groups the user belongs to
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function getusergroups($username){
|
2010-07-03 21:38:31 +04:00
|
|
|
global $CONFIG_DBTABLEPREFIX;
|
|
|
|
|
2010-04-23 02:05:04 +04:00
|
|
|
$userid=OC_USER::getuserid($username);
|
2010-07-04 13:32:39 +04:00
|
|
|
$query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userid'";
|
2010-04-23 02:05:04 +04:00
|
|
|
$result=OC_DB::select($query);
|
|
|
|
$groups=array();
|
|
|
|
if(is_array($result)){
|
|
|
|
foreach($result as $group){
|
|
|
|
$groupid=$group['group_id'];
|
|
|
|
$groups[]=OC_USER::getgroupname($groupid);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $groups;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* set the password of a user
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function setpassword($username,$password){
|
2010-07-03 21:38:31 +04:00
|
|
|
global $CONFIG_DBTABLEPREFIX;
|
|
|
|
|
2010-04-23 02:05:04 +04:00
|
|
|
$password=sha1($password);
|
|
|
|
$userid=OC_USER::getuserid($username);
|
2010-07-04 13:32:39 +04:00
|
|
|
$query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userid'";
|
2010-04-23 02:05:04 +04:00
|
|
|
$result=OC_DB::query($query);
|
|
|
|
if($result){
|
|
|
|
return true;
|
|
|
|
}else{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* check the password of a user
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
public static function checkpassword($username,$password){
|
2010-07-03 21:38:31 +04:00
|
|
|
global $CONFIG_DBTABLEPREFIX;
|
|
|
|
|
2010-04-23 02:05:04 +04:00
|
|
|
$password=sha1($password);
|
|
|
|
$usernameclean=strtolower($username);
|
2010-05-23 01:05:49 +04:00
|
|
|
$username=OC_DB::escape($username);
|
|
|
|
$usernameclean=OC_DB::escape($usernameclean);
|
2010-07-04 13:32:39 +04:00
|
|
|
$query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
|
2010-04-23 02:05:04 +04:00
|
|
|
$result=OC_DB::select($query);
|
|
|
|
if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){
|
|
|
|
return true;
|
|
|
|
}else{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
2010-04-22 21:03:54 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
?>
|