(very) early multiuser support
This commit is contained in:
parent
643e3726b4
commit
6b5bd81341
|
@ -43,8 +43,7 @@ if($WEBROOT{0}!=='/'){
|
|||
set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config');
|
||||
|
||||
// define default config values
|
||||
$CONFIG_ADMINLOGIN='';
|
||||
$CONFIG_ADMINPASSWORD='';
|
||||
$CONFIG_INSTALLED=false;
|
||||
$CONFIG_DATADIRECTORY=$SERVERROOT.'/data';
|
||||
$CONFIG_HTTPFORCESSL=false;
|
||||
$CONFIG_DATEFORMAT='j M Y G:i';
|
||||
|
@ -67,9 +66,18 @@ if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){
|
|||
require_once('lib_files.php');
|
||||
require_once('lib_log.php');
|
||||
require_once('lib_config.php');
|
||||
require_once('lib_user.php');
|
||||
|
||||
if(OC_USER::isLoggedIn()){
|
||||
//jail the user in a seperate data folder
|
||||
$CONFIG_DATADIRECTORY=$SERVERROOT.'/data/'.$_SESSION['username_clean'];
|
||||
if(!is_dir($CONFIG_DATADIRECTORY)){
|
||||
mkdir($CONFIG_DATADIRECTORY);
|
||||
}
|
||||
}
|
||||
|
||||
// load plugins
|
||||
$CONFIG_LOADPLUGINS='music';
|
||||
$CONFIG_LOADPLUGINS='';
|
||||
$plugins=explode(' ',$CONFIG_LOADPLUGINS);
|
||||
if(isset($plugins[0]['url'])) foreach($plugins as $plugin) require_once('plugins/'.$plugin.'/lib_'.$plugin.'.php');
|
||||
|
||||
|
@ -81,46 +89,6 @@ OC_UTIL::checkserver();
|
|||
OC_USER::logoutlisener();
|
||||
$loginresult=OC_USER::loginlisener();
|
||||
|
||||
|
||||
/**
|
||||
* Class for usermanagement
|
||||
*
|
||||
*/
|
||||
class OC_USER {
|
||||
|
||||
/**
|
||||
* check if the login button is pressed and logg the user in
|
||||
*
|
||||
*/
|
||||
public static function loginlisener(){
|
||||
global $CONFIG_ADMINLOGIN;
|
||||
global $CONFIG_ADMINPASSWORD;
|
||||
if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
|
||||
if($_POST['login']==$CONFIG_ADMINLOGIN and $_POST['password']==$CONFIG_ADMINPASSWORD){
|
||||
$_SESSION['username']=$_POST['login'];
|
||||
OC_LOG::event($_SESSION['username'],1,'');
|
||||
return('');
|
||||
}else{
|
||||
return('error');
|
||||
}
|
||||
}
|
||||
return('');
|
||||
}
|
||||
|
||||
/**
|
||||
* check if the logout button is pressed and logout the user
|
||||
*
|
||||
*/
|
||||
public static function logoutlisener(){
|
||||
if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
|
||||
OC_LOG::event($_SESSION['username'],2,'');
|
||||
unset($_SESSION['username']);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Class for utility functions
|
||||
*
|
||||
|
@ -205,7 +173,9 @@ class OC_UTIL {
|
|||
}
|
||||
|
||||
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>');
|
||||
if(OC_USER::ingroup($_SESSION['username'],'admin')){
|
||||
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>');
|
||||
}
|
||||
echo('<td class="navigationitem"><a href="?logoutbutton=1">Logout</a></td>');
|
||||
echo('</tr></table>');
|
||||
}
|
||||
|
@ -284,6 +254,32 @@ class OC_DB {
|
|||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* executes a query on the database and returns the result in an array
|
||||
*
|
||||
* @param string $cmd
|
||||
* @return result-set
|
||||
*/
|
||||
static function select($cmd) {
|
||||
global $CONFIG_DBTYPE;
|
||||
$result=OC_DB::query($cmd);
|
||||
if($result){
|
||||
$data=array();
|
||||
if($CONFIG_DBTYPE=='sqlite'){
|
||||
while($row=$result->fetch(SQLITE_ASSOC)){
|
||||
$data[]=$row;
|
||||
}
|
||||
}elseif($CONFIG_DBTYPE=='mysql'){
|
||||
while($row=$result->fetch_array(MYSQLI_ASSOC)){
|
||||
$data[]=$row;
|
||||
}
|
||||
}
|
||||
return $data;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* executes multiply queries on the database
|
||||
*
|
||||
|
|
|
@ -99,10 +99,25 @@ class OC_CONFIG{
|
|||
$error.='error while trying to fill the database<br/>';
|
||||
}
|
||||
|
||||
if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){
|
||||
$error.='error while trying to create the admin user<br/>';
|
||||
}
|
||||
|
||||
if(OC_USER::getgroupid('admin')==0){
|
||||
if(!OC_USER::creategroup('admin')){
|
||||
$error.='error while trying to create the admin group<br/>';
|
||||
}
|
||||
}
|
||||
|
||||
if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){
|
||||
$error.='error while trying to add the admin user to the admin group<br/>';
|
||||
}
|
||||
|
||||
//storedata
|
||||
$config='<?php '."\n";
|
||||
$config.='$CONFIG_ADMINLOGIN=\''.$_POST['adminlogin']."';\n";
|
||||
$config.='$CONFIG_ADMINPASSWORD=\''.$_POST['adminpassword']."';\n";
|
||||
// $config.='$CONFIG_ADMINLOGIN=\''.$_POST['adminlogin']."';\n";
|
||||
// $config.='$CONFIG_ADMINPASSWORD=\''.$_POST['adminpassword']."';\n";
|
||||
$config.='$CONFIG_INSTALLED=true;'."\n";
|
||||
$config.='$CONFIG_DATADIRECTORY=\''.$_POST['datadirectory']."';\n";
|
||||
if(isset($_POST['forcessl'])) $config.='$CONFIG_HTTPFORCESSL=true'.";\n"; else $config.='$CONFIG_HTTPFORCESSL=false'.";\n";
|
||||
$config.='$CONFIG_DATEFORMAT=\''.$_POST['dateformat']."';\n";
|
||||
|
@ -170,7 +185,17 @@ CREATE TABLE 'properties' (
|
|||
'ns' varchar(120) NOT NULL DEFAULT 'DAV:',
|
||||
'value' text,
|
||||
PRIMARY KEY ('path','name','ns')
|
||||
);";
|
||||
);
|
||||
|
||||
CREATE TABLE 'users' (
|
||||
'user_id' int(11) NOT NULL,
|
||||
'user_name' varchar(64) NOT NULL DEFAULT '',
|
||||
'user_name_clean' varchar(64) NOT NULL DEFAULT '',
|
||||
'user_password' varchar(40) NOT NULL DEFAULT '',
|
||||
PRIMARY KEY ('user_id'),
|
||||
UNIQUE ('user_name' ,'user_name_clean')
|
||||
);
|
||||
";
|
||||
}elseif($CONFIG_DBTYPE=='mysql'){
|
||||
$query="SET SQL_MODE=\"NO_AUTO_VALUE_ON_ZERO\";
|
||||
|
||||
|
@ -208,9 +233,22 @@ CREATE TABLE IF NOT EXISTS `properties` (
|
|||
PRIMARY KEY (`path`,`name`,`ns`),
|
||||
KEY `path` (`path`)
|
||||
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `users` (
|
||||
`user_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
|
||||
`user_name` VARCHAR( 64 ) NOT NULL ,
|
||||
`user_name_clean` VARCHAR( 64 ) NOT NULL ,
|
||||
`user_password` VARCHAR( 340) NOT NULL ,
|
||||
UNIQUE (
|
||||
`user_name` ,
|
||||
`user_name_clean`
|
||||
)
|
||||
) ENGINE = MYISAM ;
|
||||
|
||||
";
|
||||
}
|
||||
OC_DB::multiquery($query);
|
||||
die();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -0,0 +1,197 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* ownCloud
|
||||
*
|
||||
* @author Frank Karlitschek
|
||||
* @copyright 2010 Frank Karlitschek karlitschek@kde.org
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 3 of the License, or any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* Class for usermanagement
|
||||
*
|
||||
*/
|
||||
class OC_USER {
|
||||
|
||||
/**
|
||||
* check if the login button is pressed and logg the user in
|
||||
*
|
||||
*/
|
||||
public static function loginlisener(){
|
||||
global $CONFIG_ADMINLOGIN;
|
||||
global $CONFIG_ADMINPASSWORD;
|
||||
if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
|
||||
if(OC_USER::login($_POST['login'],$_POST['password'])){
|
||||
OC_LOG::event($_SESSION['username'],1,'');
|
||||
return('');
|
||||
}else{
|
||||
return('error');
|
||||
}
|
||||
}
|
||||
return('');
|
||||
}
|
||||
|
||||
/**
|
||||
* try to create a new user
|
||||
*
|
||||
*/
|
||||
public static function createuser($username,$password){
|
||||
if(OC_USER::getuserid($username)!=0){
|
||||
return false;
|
||||
}else{
|
||||
$password=sha1($password);
|
||||
$usernameclean=strtolower($username);
|
||||
$username=mysql_escape_string($username);
|
||||
$usernameclean=mysql_escape_string($usernameclean);
|
||||
$query="INSERT INTO `users` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`)VALUES (NULL , '$username', '$usernameclean', '$password')";
|
||||
$result=OC_DB::query($query);
|
||||
return ($result)?true:false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* try to login a user
|
||||
*
|
||||
*/
|
||||
public static function login($username,$password){
|
||||
$password=sha1($password);
|
||||
$usernameclean=strtolower($username);
|
||||
$username=mysql_escape_string($username);
|
||||
$usernameclean=mysql_escape_string($usernameclean);
|
||||
$query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' AND `user_password` = '$password' LIMIT 1";
|
||||
$result=OC_DB::select($query);
|
||||
if(isset($result[0]) && isset($result[0]['user_id'])){
|
||||
$_SESSION['user_id']=$result[0]['user_id'];
|
||||
$_SESSION['username']=$username;
|
||||
$_SESSION['username_clean']=$usernameclean;
|
||||
return true;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* check if the logout button is pressed and logout the user
|
||||
*
|
||||
*/
|
||||
public static function logoutlisener(){
|
||||
if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
|
||||
OC_LOG::event($_SESSION['username'],2,'');
|
||||
$_SESSION['user_id']=false;
|
||||
$_SESSION['username']='';
|
||||
$_SESSION['username_clean']='';
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* check if a user is logged in
|
||||
*
|
||||
*/
|
||||
public static function isLoggedIn(){
|
||||
return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false;
|
||||
}
|
||||
|
||||
/**
|
||||
* try to create a new group
|
||||
*
|
||||
*/
|
||||
public static function creategroup($groupname){
|
||||
if(OC_USER::getgroupid($groupname)==0){
|
||||
$groupname=mysql_escape_string($groupname);
|
||||
$query="INSERT INTO `groups` (`group_id` ,`group_name`) VALUES (NULL , '$groupname');";
|
||||
$result=OC_DB::query($query);
|
||||
return ($result)?true:false;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* get the id of a user
|
||||
*
|
||||
*/
|
||||
public static function getuserid($username){
|
||||
$usernameclean=strtolower($username);
|
||||
$username=mysql_escape_string($username);
|
||||
$usernameclean=mysql_escape_string($usernameclean);
|
||||
$query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' LIMIT 1";
|
||||
$result=OC_DB::select($query);
|
||||
if(isset($result[0]) && isset($result[0]['user_id'])){
|
||||
return $result[0]['user_id'];
|
||||
}else{
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* get the id of a group
|
||||
*
|
||||
*/
|
||||
public static function getgroupid($groupname){
|
||||
$groupname=mysql_escape_string($groupname);
|
||||
$query="SELECT group_id FROM `groups` WHERE `group_name` = '$groupname' LIMIT 1";
|
||||
$result=OC_DB::select($query);
|
||||
if(isset($result[0]) && isset($result[0]['group_id'])){
|
||||
return $result[0]['group_id'];
|
||||
}else{
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* check if a user belongs to a group
|
||||
*
|
||||
*/
|
||||
public static function ingroup($username,$groupname){
|
||||
$userid=OC_USER::getuserid($username);
|
||||
$groupid=OC_USER::getgroupid($groupname);
|
||||
$query="SELECT user_group_id FROM `user_group` WHERE `group_id` = '$groupid ' AND `user_id` = '$userid 'LIMIT 1";
|
||||
$result=OC_DB::select($query);
|
||||
if(isset($result[0]) && isset($result[0]['user_group_id'])){
|
||||
return true;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* add a user to a group
|
||||
*
|
||||
*/
|
||||
public static function addtogroup($username,$groupname){
|
||||
if(!OC_USER::ingroup($username,$groupname)){
|
||||
$userid=OC_USER::getuserid($username);
|
||||
$groupid=OC_USER::getgroupid($groupname);
|
||||
if($groupid!=0 and $userid!=0){
|
||||
$query="INSERT INTO `user_group` (`user_group_id` ,`user_id` ,`group_id`) VALUES (NULL , '$userid', '$groupid');";
|
||||
$result=OC_DB::query($query);
|
||||
if($result){
|
||||
return true;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}else{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
|
@ -4,7 +4,7 @@
|
|||
<head>
|
||||
<title>ownCloud</title>
|
||||
<base href="<?php echo($WEBROOT); ?>/"/>
|
||||
<link rel="stylesheet" type="text/css" href="css/default.php"/>
|
||||
<link rel="stylesheet" type="text/css" href="<?php echo($WEBROOT)?>/css/default.php"/>
|
||||
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_ajax.js'></script>
|
||||
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_timer.js'></script>
|
||||
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_notification.js'></script>
|
||||
|
@ -12,6 +12,7 @@
|
|||
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_files.js'></script>
|
||||
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_event.js'></script>
|
||||
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_drag.js'></script>
|
||||
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_api.js'></script>
|
||||
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/filebrowser.js'></script>
|
||||
<?php
|
||||
foreach(OC_UTIL::$scripts as $script){
|
||||
|
@ -33,7 +34,8 @@ echo('<h1><a id="owncloud-logo" href="'.$WEBROOT.'"><span>ownCloud</span></a></h
|
|||
// check if already configured. otherwise start configuration wizard
|
||||
$error=OC_CONFIG::writeconfiglisener();
|
||||
$CONFIG_ERROR=$error;
|
||||
if(empty($CONFIG_ADMINLOGIN)) {
|
||||
global $CONFIG_INSTALLED;
|
||||
if(!$CONFIG_INSTALLED) {
|
||||
global $FIRSTRUN;
|
||||
$FIRSTRUN=true;
|
||||
echo('<div class="center">');
|
||||
|
|
Loading…
Reference in New Issue