2010-03-16 22:25:05 +03:00
|
|
|
<?php
|
|
|
|
|
class OC_CONFIG{
|
|
|
|
|
/**
|
|
|
|
|
* show the configform
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
public static function showconfigform(){
|
|
|
|
|
global $CONFIG_ADMINLOGIN;
|
|
|
|
|
global $CONFIG_ADMINPASSWORD;
|
|
|
|
|
global $CONFIG_DATADIRECTORY;
|
|
|
|
|
global $CONFIG_HTTPFORCESSL;
|
|
|
|
|
global $CONFIG_DATEFORMAT;
|
|
|
|
|
global $CONFIG_DBNAME;
|
2010-04-24 14:40:20 +04:00
|
|
|
oc_require('templates/configform.php');
|
2010-03-16 22:25:05 +03:00
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
|
2010-03-16 22:25:05 +03:00
|
|
|
/**
|
2010-04-23 02:05:04 +04:00
|
|
|
* show the configform
|
2010-03-16 22:25:05 +03:00
|
|
|
*
|
|
|
|
|
*/
|
2010-04-23 02:05:04 +04:00
|
|
|
public static function showadminform(){
|
2010-04-19 21:46:42 +04:00
|
|
|
global $CONFIG_ADMINLOGIN;
|
|
|
|
|
global $CONFIG_ADMINPASSWORD;
|
2010-04-23 02:05:04 +04:00
|
|
|
global $CONFIG_DATADIRECTORY;
|
|
|
|
|
global $CONFIG_HTTPFORCESSL;
|
|
|
|
|
global $CONFIG_DATEFORMAT;
|
|
|
|
|
global $CONFIG_DBNAME;
|
2010-07-04 09:35:05 +04:00
|
|
|
global $CONFIG_DBTABLEPREFIX;
|
2010-04-23 02:05:04 +04:00
|
|
|
global $CONFIG_INSTALLED;
|
2010-04-23 20:27:36 +04:00
|
|
|
$allow=false;
|
|
|
|
|
if(!$CONFIG_INSTALLED){
|
|
|
|
|
$allow=true;
|
|
|
|
|
}elseif(OC_USER::isLoggedIn()){
|
|
|
|
|
if(OC_USER::ingroup($_SESSION['username'],'admin')){
|
|
|
|
|
$allow=true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if($allow){
|
2010-04-24 14:40:20 +04:00
|
|
|
oc_require('templates/adminform.php');
|
2010-04-23 02:05:04 +04:00
|
|
|
}
|
|
|
|
|
}
|
2010-03-16 22:25:05 +03:00
|
|
|
|
2010-04-23 02:05:04 +04:00
|
|
|
public static function createuserlisener(){
|
2010-04-23 20:27:36 +04:00
|
|
|
if(OC_USER::isLoggedIn()){
|
|
|
|
|
if(OC_USER::ingroup($_SESSION['username'],'admin')){
|
|
|
|
|
if(isset($_POST['new_username']) and isset($_POST['new_password'])){
|
|
|
|
|
if(OC_USER::createuser($_POST['new_username'],$_POST['new_password'])){
|
|
|
|
|
return 'user successfully created';
|
|
|
|
|
}else{
|
|
|
|
|
return 'error while trying to create user';
|
|
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
}else{
|
2010-04-23 20:27:36 +04:00
|
|
|
return false;
|
2010-04-23 02:05:04 +04:00
|
|
|
}
|
|
|
|
|
}else{
|
|
|
|
|
return false;
|
2010-04-19 21:46:42 +04:00
|
|
|
}
|
|
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function creategrouplisener(){
|
|
|
|
|
if(OC_USER::isLoggedIn()){
|
|
|
|
|
if(isset($_POST['creategroup']) and $_POST['creategroup']==1){
|
|
|
|
|
if(OC_USER::creategroup($_POST['groupname'])){
|
|
|
|
|
if(OC_USER::addtogroup($_SESSION['username'],$_POST['groupname'])){
|
|
|
|
|
return 'group successfully created';
|
|
|
|
|
}else{
|
|
|
|
|
return 'error while trying to add user to the new created group';
|
|
|
|
|
}
|
|
|
|
|
}else{
|
|
|
|
|
return 'error while trying to create group';
|
|
|
|
|
}
|
|
|
|
|
}else{
|
|
|
|
|
return false;
|
2010-04-19 21:46:42 +04:00
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
}else{
|
|
|
|
|
return false;
|
2010-04-19 21:46:42 +04:00
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* lisen for configuration changes
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
public static function configlisener(){
|
|
|
|
|
if(OC_USER::isLoggedIn()){
|
|
|
|
|
if(isset($_POST['config']) and $_POST['config']==1){
|
|
|
|
|
$error='';
|
|
|
|
|
if(!OC_USER::checkpassword($_SESSION['username'],$_POST['currentpassword'])){
|
|
|
|
|
$error.='wrong password<br />';
|
|
|
|
|
}else{
|
|
|
|
|
if(isset($_POST['changepass']) and $_POST['changepass']==1){
|
|
|
|
|
if(!isset($_POST['password']) or empty($_POST['password'])) $error.='password not set<br />';
|
|
|
|
|
if(!isset($_POST['password2']) or empty($_POST['password2'])) $error.='retype password not set<br />';
|
|
|
|
|
if($_POST['password']<>$_POST['password2'] ) $error.='passwords are not the same<br />';
|
|
|
|
|
if(empty($error)){
|
|
|
|
|
if(!OC_USER::setpassword($_SESSION['username'],$_POST['password'])){
|
|
|
|
|
$error.='error while trying to set password<br />';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $error;
|
|
|
|
|
}else{
|
|
|
|
|
return false;
|
2010-04-21 02:25:34 +04:00
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
}else{
|
|
|
|
|
return false;
|
2010-04-21 02:25:34 +04:00
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* lisen for admin configuration changes and write it to the file
|
|
|
|
|
*4bd0be1185e76
|
|
|
|
|
*/
|
|
|
|
|
public static function writeadminlisener(){
|
|
|
|
|
global $CONFIG_INSTALLED;
|
2010-04-23 02:21:59 +04:00
|
|
|
$allow=false;
|
2010-04-23 20:27:36 +04:00
|
|
|
if(!$CONFIG_INSTALLED){
|
2010-04-23 02:21:59 +04:00
|
|
|
$allow=true;
|
|
|
|
|
}elseif(OC_USER::isLoggedIn()){
|
|
|
|
|
if(OC_USER::ingroup($_SESSION['username'],'admin')){
|
|
|
|
|
$allow=true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if($allow){
|
2010-04-23 02:05:04 +04:00
|
|
|
global $DOCUMENTROOT;
|
|
|
|
|
global $SERVERROOT;
|
|
|
|
|
global $WEBROOT;
|
|
|
|
|
global $CONFIG_DBHOST;
|
|
|
|
|
global $CONFIG_DBNAME;
|
2010-07-04 09:35:05 +04:00
|
|
|
global $CONFIG_DBTABLEPREFIX;
|
2010-05-09 18:33:16 +04:00
|
|
|
global $CONFIG_INSTALLED;
|
2010-04-23 02:05:04 +04:00
|
|
|
global $CONFIG_DBUSER;
|
|
|
|
|
global $CONFIG_DBPASSWORD;
|
|
|
|
|
global $CONFIG_DBTYPE;
|
|
|
|
|
global $CONFIG_ADMINLOGIN;
|
|
|
|
|
global $CONFIG_ADMINPASSWORD;
|
|
|
|
|
if(isset($_POST['set_config'])){
|
|
|
|
|
|
|
|
|
|
//checkdata
|
|
|
|
|
$error='';
|
2010-05-09 18:33:16 +04:00
|
|
|
$FIRSTRUN=!$CONFIG_INSTALLED;
|
2010-04-23 02:05:04 +04:00
|
|
|
if(!$FIRSTRUN){
|
2010-05-09 18:33:16 +04:00
|
|
|
if(!OC_USER::login($_SESSION['username'],$_POST['currentpassword'])){
|
2010-04-23 02:05:04 +04:00
|
|
|
$error.='wrong password<br />';
|
|
|
|
|
}
|
2010-04-19 21:46:42 +04:00
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
|
2010-05-09 18:33:16 +04:00
|
|
|
if((!isset($_POST['adminlogin']) or empty($_POST['adminlogin'])) and $FIRSTRUN) $error.='admin login not set<br />';
|
2010-04-23 02:05:04 +04:00
|
|
|
if((!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])) and $FIRSTRUN) $error.='admin password not set<br />';
|
|
|
|
|
if((!isset($_POST['adminpassword2']) or empty($_POST['adminpassword2'])) and $FIRSTRUN) $error.='retype admin password not set<br />';
|
|
|
|
|
if(!isset($_POST['datadirectory']) or empty($_POST['datadirectory'])) $error.='data directory not set<br />';
|
|
|
|
|
if(!isset($_POST['dateformat']) or empty($_POST['dateformat'])) $error.='dateformat not set<br />';
|
|
|
|
|
if(!isset($_POST['dbname']) or empty($_POST['dbname'])) $error.='databasename not set<br />';
|
2010-05-09 18:33:16 +04:00
|
|
|
if($FIRSTRUN and $_POST['adminpassword']<>$_POST['adminpassword2'] ) $error.='admin passwords are not the same<br />';
|
2010-04-23 02:05:04 +04:00
|
|
|
$dbtype=$_POST['dbtype'];
|
|
|
|
|
if($dbtype=='mysql'){
|
|
|
|
|
if(!isset($_POST['dbhost']) or empty($_POST['dbhost'])) $error.='database host not set<br />';
|
|
|
|
|
if(!isset($_POST['dbuser']) or empty($_POST['dbuser'])) $error.='database user not set<br />';
|
|
|
|
|
if($_POST['dbpassword']<>$_POST['dbpassword2'] ) $error.='database passwords are not the same<br />';
|
|
|
|
|
|
2010-04-19 21:46:42 +04:00
|
|
|
}
|
2010-05-08 23:32:20 +04:00
|
|
|
if(isset($_POST['enablebackup']) and $_POST['enablebackup']==1){
|
|
|
|
|
if(!isset($_POST['backupdirectory']) or empty($_POST['backupdirectory'])) $error.='backup directory not set<br />';
|
|
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
if(!$FIRSTRUN){
|
|
|
|
|
if(!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])){
|
|
|
|
|
$_POST['adminpassword']=$CONFIG_ADMINPASSWORD;
|
|
|
|
|
}
|
|
|
|
|
if(!isset($_POST['dbpassword']) or empty($_POST['dbpassword'])){
|
|
|
|
|
$_POST['dbpassword']=$CONFIG_DBPASSWORD;
|
|
|
|
|
}
|
2010-04-19 21:46:42 +04:00
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
if(!is_dir($_POST['datadirectory'])){
|
|
|
|
|
try{
|
|
|
|
|
mkdir($_POST['datadirectory']);
|
|
|
|
|
}catch(Exception $e){
|
|
|
|
|
$error.='error while trying to create data directory<br/>';
|
|
|
|
|
}
|
2010-04-22 21:03:54 +04:00
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
if(empty($error)) {
|
2010-05-09 18:33:16 +04:00
|
|
|
if($CONFIG_DBTYPE!=$dbtype or $FIRSTRUN){
|
|
|
|
|
//create/fill database
|
|
|
|
|
$CONFIG_DBTYPE=$dbtype;
|
|
|
|
|
$CONFIG_DBNAME=$_POST['dbname'];
|
2010-07-04 09:35:05 +04:00
|
|
|
$CONFIG_DBTABLEPREFIX=$_POST['dbtableprefix'];
|
2010-06-20 19:58:39 +04:00
|
|
|
if($dbtype!='sqlite'){
|
2010-05-09 18:33:16 +04:00
|
|
|
$CONFIG_DBHOST=$_POST['dbhost'];
|
|
|
|
|
$CONFIG_DBUSER=$_POST['dbuser'];
|
|
|
|
|
$CONFIG_DBPASSWORD=$_POST['dbpassword'];
|
2010-04-23 02:05:04 +04:00
|
|
|
}
|
2010-05-09 18:33:16 +04:00
|
|
|
try{
|
2010-06-20 19:58:39 +04:00
|
|
|
if(isset($_POST['createdatabase']) and $CONFIG_DBTYPE!='sqlite'){
|
2010-05-09 18:33:16 +04:00
|
|
|
self::createdatabase($_POST['dbadminuser'],$_POST['dbadminpwd']);
|
|
|
|
|
}
|
|
|
|
|
}catch(Exception $e){
|
|
|
|
|
$error.='error while trying to create the database<br/>';
|
2010-04-23 02:05:04 +04:00
|
|
|
}
|
2010-05-09 18:33:16 +04:00
|
|
|
if($CONFIG_DBTYPE=='sqlite'){
|
|
|
|
|
$f=@fopen($SERVERROOT.'/'.$CONFIG_DBNAME,'a+');
|
|
|
|
|
if(!$f){
|
|
|
|
|
$error.='path of sqlite database not writable by server<br/>';
|
|
|
|
|
}
|
|
|
|
|
OC_DB::disconnect();
|
|
|
|
|
unlink($SERVERROOT.'/'.$CONFIG_DBNAME);
|
2010-04-23 02:05:04 +04:00
|
|
|
}
|
2010-05-09 18:33:16 +04:00
|
|
|
try{
|
|
|
|
|
if(isset($_POST['filldb'])){
|
|
|
|
|
self::filldatabase();
|
|
|
|
|
}
|
|
|
|
|
}catch(Exception $e){
|
|
|
|
|
$error.='error while trying to fill the database<br/>';
|
|
|
|
|
}
|
|
|
|
|
if($CONFIG_DBTYPE=='sqlite'){
|
|
|
|
|
OC_DB::disconnect();
|
2010-04-23 02:05:04 +04:00
|
|
|
}
|
|
|
|
|
}
|
2010-05-09 18:33:16 +04:00
|
|
|
if($FIRSTRUN){
|
|
|
|
|
if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){
|
|
|
|
|
$error.='error while trying to create the admin user<br/>';
|
|
|
|
|
}
|
|
|
|
|
if(OC_USER::getgroupid('admin')==0){
|
|
|
|
|
if(!OC_USER::creategroup('admin')){
|
|
|
|
|
$error.='error while trying to create the admin group<br/>';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){
|
|
|
|
|
$error.='error while trying to add the admin user to the admin group<br/>';
|
|
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
}
|
|
|
|
|
//storedata
|
|
|
|
|
$config='<?php '."\n";
|
|
|
|
|
$config.='$CONFIG_INSTALLED=true;'."\n";
|
|
|
|
|
$config.='$CONFIG_DATADIRECTORY=\''.$_POST['datadirectory']."';\n";
|
|
|
|
|
if(isset($_POST['forcessl'])) $config.='$CONFIG_HTTPFORCESSL=true'.";\n"; else $config.='$CONFIG_HTTPFORCESSL=false'.";\n";
|
2010-05-08 23:32:20 +04:00
|
|
|
if(isset($_POST['enablebackup'])) $config.='$CONFIG_ENABLEBACKUP=true'.";\n"; else $config.='$CONFIG_ENABLEBACKUP=false'.";\n";
|
|
|
|
|
if(isset($_POST['enablebackup']) and $_POST['enablebackup']==1){
|
|
|
|
|
$config.='$CONFIG_BACKUPDIRECTORY=\''.$_POST['backupdirectory']."';\n";
|
|
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
$config.='$CONFIG_DATEFORMAT=\''.$_POST['dateformat']."';\n";
|
|
|
|
|
$config.='$CONFIG_DBTYPE=\''.$dbtype."';\n";
|
|
|
|
|
$config.='$CONFIG_DBNAME=\''.$_POST['dbname']."';\n";
|
2010-07-04 08:48:59 +04:00
|
|
|
$config.='$CONFIG_DBTABLEPREFIX=\''.$_POST['dbtableprefix']."';\n";
|
2010-06-20 19:58:39 +04:00
|
|
|
if($dbtype!='sqlite'){
|
2010-04-23 02:05:04 +04:00
|
|
|
$config.='$CONFIG_DBHOST=\''.$_POST['dbhost']."';\n";
|
|
|
|
|
$config.='$CONFIG_DBUSER=\''.$_POST['dbuser']."';\n";
|
|
|
|
|
$config.='$CONFIG_DBPASSWORD=\''.$_POST['dbpassword']."';\n";
|
|
|
|
|
}
|
|
|
|
|
$config.='?> ';
|
|
|
|
|
|
|
|
|
|
$filename=$SERVERROOT.'/config/config.php';
|
|
|
|
|
if(empty($error)){
|
|
|
|
|
header("Location: ".$WEBROOT."/");
|
|
|
|
|
try{
|
|
|
|
|
file_put_contents($filename,$config);
|
|
|
|
|
}catch(Exception $e){
|
|
|
|
|
$error.='error while trying to save the configuration file<br/>';
|
|
|
|
|
return $error;
|
|
|
|
|
}
|
|
|
|
|
}else{
|
|
|
|
|
return $error;
|
|
|
|
|
}
|
2010-03-16 22:25:05 +03:00
|
|
|
|
2010-04-19 21:46:42 +04:00
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
return($error);
|
2010-04-19 21:46:42 +04:00
|
|
|
|
2010-04-23 02:05:04 +04:00
|
|
|
}
|
2010-04-19 21:46:42 +04:00
|
|
|
}
|
2010-04-23 02:05:04 +04:00
|
|
|
}
|
2010-06-18 22:08:24 +04:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Fills the database with the initial tables
|
|
|
|
|
* Note: while the AUTO_INCREMENT function is not supported by SQLite
|
|
|
|
|
* the same effect can be achieved by accessing the SQLite pseudo-column
|
|
|
|
|
* "rowid"
|
|
|
|
|
*/
|
|
|
|
|
private static function filldatabase(){
|
|
|
|
|
global $SERVERROOT;
|
|
|
|
|
OC_DB::createDBFromStructure($SERVERROOT.'/db_structure.xml');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Create the database and user
|
|
|
|
|
* @param string adminUser
|
|
|
|
|
* @param string adminPwd
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
private static function createdatabase($adminUser,$adminPwd){
|
|
|
|
|
global $CONFIG_DBHOST;
|
|
|
|
|
global $CONFIG_DBNAME;
|
|
|
|
|
global $CONFIG_DBUSER;
|
|
|
|
|
global $CONFIG_DBPWD;
|
2010-06-20 19:58:39 +04:00
|
|
|
global $CONFIG_DBTYPE;
|
2010-06-18 22:08:24 +04:00
|
|
|
//we cant user OC_BD functions here because we need to connect as the administrative user.
|
2010-06-20 19:58:39 +04:00
|
|
|
if($CONFIG_DBTYPE=='mysql'){
|
|
|
|
|
$connection = @new mysqli($CONFIG_DBHOST, $adminUser, $adminPwd);
|
|
|
|
|
if (mysqli_connect_errno()) {
|
|
|
|
|
@ob_end_clean();
|
|
|
|
|
echo('<html><head></head><body bgcolor="#F0F0F0"><br /><br /><center><b>can not connect to database as administrative user.</center></body></html>');
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
$query="SELECT user FROM mysql.user WHERE user='{$_POST['dbuser']}';";
|
|
|
|
|
$result = @$connection->query($query);
|
|
|
|
|
if (!$result) {
|
|
|
|
|
$entry='DB Error: "'.$connection->error.'"<br />';
|
|
|
|
|
$entry.='Offending command was: '.$query.'<br />';
|
|
|
|
|
echo($entry);
|
|
|
|
|
}
|
|
|
|
|
if($result->num_rows==0){
|
|
|
|
|
$query="CREATE USER '{$_POST['dbuser']}' IDENTIFIED BY '{$_POST['dbpassword']}';";
|
|
|
|
|
}else{
|
|
|
|
|
$query='';
|
|
|
|
|
}
|
|
|
|
|
$query.="CREATE DATABASE IF NOT EXISTS `{$_POST['dbname']}`;";
|
|
|
|
|
$query.="GRANT ALL PRIVILEGES ON `{$_POST['dbname']}` . * TO '{$_POST['dbuser']}';";
|
|
|
|
|
$result = @$connection->multi_query($query);
|
|
|
|
|
if (!$result) {
|
|
|
|
|
$entry='DB Error: "'.$connection->error.'"<br />';
|
|
|
|
|
$entry.='Offending command was: '.$query.'<br />';
|
|
|
|
|
echo($entry);
|
|
|
|
|
}
|
|
|
|
|
$connection->close();
|
|
|
|
|
}elseif($CONFIG_DBTYPE=='pgsql'){
|
|
|
|
|
$connection = pg_connect("user='$adminUser' host='$CONFIG_DBHOST' password='$adminPwd'");
|
|
|
|
|
$query="CREATE USER {$_POST['dbuser']} WITH PASSWORD '{$_POST['dbpassword']}' CREATEDB;";
|
|
|
|
|
$result = pg_exec($connection, $query);
|
|
|
|
|
$query="select count(*) from pg_catalog.pg_database where datname = '{$_POST['dbname']}';";
|
|
|
|
|
$result = pg_exec($connection, $query);
|
|
|
|
|
if(pg_result($result,0,0)==0){
|
|
|
|
|
$query="CREATE DATABASE {$_POST['dbname']};";
|
|
|
|
|
$result = pg_exec($connection, $query);
|
|
|
|
|
$query="ALTER DATABASE {$_POST['dbname']} OWNER TO {$_POST['dbuser']};";
|
|
|
|
|
$result = pg_exec($connection, $query);
|
|
|
|
|
}
|
2010-06-18 22:08:24 +04:00
|
|
|
}
|
2010-04-08 16:49:48 +04:00
|
|
|
}
|
2010-03-16 22:25:05 +03:00
|
|
|
}
|
2010-03-24 10:31:30 +03:00
|
|
|
?>
|
2010-04-19 21:46:42 +04:00
|
|
|
|
|
|
|
|
|
