From 6b5bd8134131c4573f81cfe43fc9bbbe8fb35c05 Mon Sep 17 00:00:00 2001 From: Robin Date: Thu, 22 Apr 2010 19:03:54 +0200 Subject: [PATCH] (very) early multiuser support --- inc/lib_base.php | 86 ++++++++--------- inc/lib_config.php | 44 ++++++++- inc/lib_user.php | 197 +++++++++++++++++++++++++++++++++++++++ inc/templates/header.php | 6 +- 4 files changed, 283 insertions(+), 50 deletions(-) create mode 100644 inc/lib_user.php diff --git a/inc/lib_base.php b/inc/lib_base.php index e430926170..4f58f946c9 100755 --- a/inc/lib_base.php +++ b/inc/lib_base.php @@ -43,8 +43,7 @@ if($WEBROOT{0}!=='/'){ set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config'); // define default config values -$CONFIG_ADMINLOGIN=''; -$CONFIG_ADMINPASSWORD=''; +$CONFIG_INSTALLED=false; $CONFIG_DATADIRECTORY=$SERVERROOT.'/data'; $CONFIG_HTTPFORCESSL=false; $CONFIG_DATEFORMAT='j M Y G:i'; @@ -67,9 +66,18 @@ if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){ require_once('lib_files.php'); require_once('lib_log.php'); require_once('lib_config.php'); +require_once('lib_user.php'); + +if(OC_USER::isLoggedIn()){ + //jail the user in a seperate data folder + $CONFIG_DATADIRECTORY=$SERVERROOT.'/data/'.$_SESSION['username_clean']; + if(!is_dir($CONFIG_DATADIRECTORY)){ + mkdir($CONFIG_DATADIRECTORY); + } +} // load plugins -$CONFIG_LOADPLUGINS='music'; +$CONFIG_LOADPLUGINS=''; $plugins=explode(' ',$CONFIG_LOADPLUGINS); if(isset($plugins[0]['url'])) foreach($plugins as $plugin) require_once('plugins/'.$plugin.'/lib_'.$plugin.'.php'); @@ -81,46 +89,6 @@ OC_UTIL::checkserver(); OC_USER::logoutlisener(); $loginresult=OC_USER::loginlisener(); - -/** - * Class for usermanagement - * - */ -class OC_USER { - - /** - * check if the login button is pressed and logg the user in - * - */ - public static function loginlisener(){ - global $CONFIG_ADMINLOGIN; - global $CONFIG_ADMINPASSWORD; - if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){ - if($_POST['login']==$CONFIG_ADMINLOGIN and $_POST['password']==$CONFIG_ADMINPASSWORD){ - $_SESSION['username']=$_POST['login']; - OC_LOG::event($_SESSION['username'],1,''); - return(''); - }else{ - return('error'); - } - } - return(''); - } - - /** - * check if the logout button is pressed and logout the user - * - */ - public static function logoutlisener(){ - if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ - OC_LOG::event($_SESSION['username'],2,''); - unset($_SESSION['username']); - } - } - -} - - /** * Class for utility functions * @@ -204,8 +172,10 @@ class OC_UTIL { if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo(''.$NAVI['name'].''); else echo(''.$NAVI['name'].''); } - if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('Log'); else echo('Log'); - if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('Settings'); else echo('Settings'); + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('Log'); else echo('Log'); + if(OC_USER::ingroup($_SESSION['username'],'admin')){ + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('Settings'); else echo('Settings'); + } echo('Logout'); echo(''); } @@ -284,6 +254,32 @@ class OC_DB { return $result; } + /** + * executes a query on the database and returns the result in an array + * + * @param string $cmd + * @return result-set + */ + static function select($cmd) { + global $CONFIG_DBTYPE; + $result=OC_DB::query($cmd); + if($result){ + $data=array(); + if($CONFIG_DBTYPE=='sqlite'){ + while($row=$result->fetch(SQLITE_ASSOC)){ + $data[]=$row; + } + }elseif($CONFIG_DBTYPE=='mysql'){ + while($row=$result->fetch_array(MYSQLI_ASSOC)){ + $data[]=$row; + } + } + return $data; + }else{ + return false; + } + } + /** * executes multiply queries on the database * diff --git a/inc/lib_config.php b/inc/lib_config.php index 1c6ba09fbd..0522ef3862 100755 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -99,10 +99,25 @@ class OC_CONFIG{ $error.='error while trying to fill the database
'; } + if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){ + $error.='error while trying to create the admin user
'; + } + + if(OC_USER::getgroupid('admin')==0){ + if(!OC_USER::creategroup('admin')){ + $error.='error while trying to create the admin group
'; + } + } + + if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){ + $error.='error while trying to add the admin user to the admin group
'; + } + //storedata $config='. +* +*/ + +/** + * Class for usermanagement + * + */ +class OC_USER { + + /** + * check if the login button is pressed and logg the user in + * + */ + public static function loginlisener(){ + global $CONFIG_ADMINLOGIN; + global $CONFIG_ADMINPASSWORD; + if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){ + if(OC_USER::login($_POST['login'],$_POST['password'])){ + OC_LOG::event($_SESSION['username'],1,''); + return(''); + }else{ + return('error'); + } + } + return(''); + } + + /** + * try to create a new user + * + */ + public static function createuser($username,$password){ + if(OC_USER::getuserid($username)!=0){ + return false; + }else{ + $password=sha1($password); + $usernameclean=strtolower($username); + $username=mysql_escape_string($username); + $usernameclean=mysql_escape_string($usernameclean); + $query="INSERT INTO `users` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`)VALUES (NULL , '$username', '$usernameclean', '$password')"; + $result=OC_DB::query($query); + return ($result)?true:false; + } + + } + + /** + * try to login a user + * + */ + public static function login($username,$password){ + $password=sha1($password); + $usernameclean=strtolower($username); + $username=mysql_escape_string($username); + $usernameclean=mysql_escape_string($usernameclean); + $query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' AND `user_password` = '$password' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_id'])){ + $_SESSION['user_id']=$result[0]['user_id']; + $_SESSION['username']=$username; + $_SESSION['username_clean']=$usernameclean; + return true; + }else{ + return false; + } + } + + /** + * check if the logout button is pressed and logout the user + * + */ + public static function logoutlisener(){ + if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ + OC_LOG::event($_SESSION['username'],2,''); + $_SESSION['user_id']=false; + $_SESSION['username']=''; + $_SESSION['username_clean']=''; + } + } + + /** + * check if a user is logged in + * + */ + public static function isLoggedIn(){ + return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false; + } + + /** + * try to create a new group + * + */ + public static function creategroup($groupname){ + if(OC_USER::getgroupid($groupname)==0){ + $groupname=mysql_escape_string($groupname); + $query="INSERT INTO `groups` (`group_id` ,`group_name`) VALUES (NULL , '$groupname');"; + $result=OC_DB::query($query); + return ($result)?true:false; + }else{ + return false; + } + } + + /** + * get the id of a user + * + */ + public static function getuserid($username){ + $usernameclean=strtolower($username); + $username=mysql_escape_string($username); + $usernameclean=mysql_escape_string($usernameclean); + $query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_id'])){ + return $result[0]['user_id']; + }else{ + return 0; + } + } + + /** + * get the id of a group + * + */ + public static function getgroupid($groupname){ + $groupname=mysql_escape_string($groupname); + $query="SELECT group_id FROM `groups` WHERE `group_name` = '$groupname' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['group_id'])){ + return $result[0]['group_id']; + }else{ + return 0; + } + } + + /** + * check if a user belongs to a group + * + */ + public static function ingroup($username,$groupname){ + $userid=OC_USER::getuserid($username); + $groupid=OC_USER::getgroupid($groupname); + $query="SELECT user_group_id FROM `user_group` WHERE `group_id` = '$groupid ' AND `user_id` = '$userid 'LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_group_id'])){ + return true; + }else{ + return false; + } + } + + /** + * add a user to a group + * + */ + public static function addtogroup($username,$groupname){ + if(!OC_USER::ingroup($username,$groupname)){ + $userid=OC_USER::getuserid($username); + $groupid=OC_USER::getgroupid($groupname); + if($groupid!=0 and $userid!=0){ + $query="INSERT INTO `user_group` (`user_group_id` ,`user_id` ,`group_id`) VALUES (NULL , '$userid', '$groupid');"; + $result=OC_DB::query($query); + if($result){ + return true; + }else{ + return false; + } + }else{ + return false; + } + }else{ + return true; + } + } +} + +?> \ No newline at end of file diff --git a/inc/templates/header.php b/inc/templates/header.php index c082ea8b3d..bd4ccaf35e 100755 --- a/inc/templates/header.php +++ b/inc/templates/header.php @@ -4,7 +4,7 @@ ownCloud - + @@ -12,6 +12,7 @@ + ');