Merge commit 'refs/merge-requests/27' of git://gitorious.org/owncloud/owncloud into merge

Conflicts: inc/HTTP/WebDAV/Server/Filesystem.php inc/lib_config.php inc/lib_log.php inc/lib_user.php inc/templates/adminform.php
2010-07-05 12:17:31 +02:00 · 2010-07-05 12:17:31 +02:00 · a73fbc5e32
parent 845d534144 76672fe037
commit a73fbc5e32
10 changed files with 70 additions and 31 deletions
--- a/.gitignore
+++ b/.gitignore
--- a/config/.gitignore
+++ b/config/.gitignore
--- a/config/config.sample.php
+++ b/config/config.sample.php
@ -8,4 +8,5 @@ $CONFIG_DBHOST='localhost';
 $CONFIG_DBNAME='owncloud-db-name';
 $CONFIG_DBUSER='user-name';
 $CONFIG_DBPASSWORD='password';
 $CONFIG_DBTABLEPREFIX = 'oc_';
 ?>
--- a/css/small.php
+++ b/css/small.php
--- a/inc/HTTP/WebDAV/Server/Filesystem.php
+++ b/inc/HTTP/WebDAV/Server/Filesystem.php
@ -150,6 +150,8 @@
     */
    function fileinfo($path) 
    {
 		global $CONFIG_DBTABLEPREFIX;
        // map URI path to filesystem path
        $fspath =$path;
@ -183,7 +185,7 @@
            $info["props"][] = $this->mkprop("getcontentlength",  OC_FILESYSTEM::filesize($fspath));
        }
        // get additional properties from database
-		$query = "SELECT ns, name, value FROM properties WHERE path = '$path'";
+		$query = "SELECT ns, name, value FROM {$CONFIG_DBTABLEPREFIX}properties WHERE path = '$path'";
 		$res = OC_DB::select($query);
 		foreach($res as $row){
            $info["props"][] = $this->mkprop($row["ns"], $row["name"], $row["value"]);
@ -389,6 +391,7 @@
     */
    function DELETE($options) 
    {
 		global $CONFIG_DBTABLEPREFIX;
        $path =$options["path"];
        if (!OC_FILESYSTEM::file_exists($path)) {
            return "404 Not found";
@ -402,13 +405,13 @@
 			}
 		}
        if (OC_FILESYSTEM::is_dir($path)) {
-                $query = "DELETE FROM properties WHERE path LIKE '".$this->_slashify($options["path"])."%'";
+                $query = "DELETE FROM {$CONFIG_DBTABLEPREFIX}properties WHERE path LIKE '".$this->_slashify($options["path"])."%'";
                OC_DB::query($query);
 				OC_FILESYSTEM::delTree($path);
        } else {
            OC_FILESYSTEM::unlink($path);
        }
-            $query = "DELETE FROM properties WHERE path = '$options[path]'";
+            $query = "DELETE FROM {$CONFIG_DBTABLEPREFIX}properties WHERE path = '$options[path]'";
            OC_DB::query($query);
        return "204 No Content";
@ -435,6 +438,7 @@
    function COPY($options, $del=false) 
    {
        // TODO Property updates still broken (Litmus should detect this?)
 		global $CONFIG_DBTABLEPREFIX;
        if (!empty($this->_SERVER["CONTENT_LENGTH"])) { // no body parsing yet
            return "415 Unsupported media type";
@ -508,13 +512,13 @@
            }
            $destpath = $this->_unslashify($options["dest"]);
            if (is_dir($source)) {
-                    $query = "UPDATE properties 
+                    $query = "UPDATE {$CONFIG_DBTABLEPREFIX}properties 
                                 SET path = REPLACE(path, '".$options["path"]."', '".$destpath."') 
                               WHERE path LIKE '".$this->_slashify($options["path"])."%'";
                    OC_DB::query($query);
            }
-                $query = "UPDATE properties 
+                $query = "UPDATE {$CONFIG_DBTABLEPREFIX}properties 
                             SET path = '".$destpath."'
                           WHERE path = '".$options["path"]."'";
                OC_DB::query($query);
@ -566,6 +570,7 @@
    function PROPPATCH(&$options) 
    {
        global $prefs, $tab;
 		global $CONFIG_DBTABLEPREFIX;
        $msg  = "";
        $path = $options["path"];
@ -577,9 +582,9 @@
                $options["props"][$key]['status'] = "403 Forbidden";
            } else {
                if (isset($prop["val"])) {
-                        $query = "REPLACE INTO properties SET path = '$options[path]', name = '$prop[name]', ns= '$prop[ns]', value = '$prop[val]'";
+                        $query = "REPLACE INTO {$CONFIG_DBTABLEPREFIX}properties SET path = '$options[path]', name = '$prop[name]', ns= '$prop[ns]', value = '$prop[val]'";
                } else {
-                        $query = "DELETE FROM properties WHERE path = '$options[path]' AND name = '$prop[name]' AND ns = '$prop[ns]'";
+                        $query = "DELETE FROM {$CONFIG_DBTABLEPREFIX}properties WHERE path = '$options[path]' AND name = '$prop[name]' AND ns = '$prop[ns]'";
                }       
                    OC_DB::query($query);
            }
@ -597,6 +602,8 @@
     */
    function LOCK(&$options) 
    {
 		global $CONFIG_DBTABLEPREFIX;
        // get absolute fs path to requested resource
        $fspath = $options["path"];
        // TODO recursive locks on directories not supported yet
@ -619,12 +626,12 @@
        if (isset($options["update"])) { // Lock Update
            $where = "WHERE path = '$options[path]' AND token = '$options[update]'";
-            $query = "SELECT owner, exclusivelock FROM locks $where";
+            $query = "SELECT owner, exclusivelock FROM {$CONFIG_DBTABLEPREFIX}locks $where";
            $res   = OC_DB::select($query);
            if (is_array($res) and isset($res[0])) {
 				$row=$res[0];
-                $query = "UPDATE `locks` SET `expires` = '$options[timeout]', `modified` = ".time()." $where";
+                $query = "UPDATE `{$CONFIG_DBTABLEPREFIX}locks` SET `expires` = '$options[timeout]', `modified` = ".time()." $where";
                OC_DB::query($query);
                $options['owner'] = $row['owner'];
@ -652,7 +659,7 @@
            }
        }
-        $query = "INSERT INTO `locks`
+        $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}locks`
                        SET `token`   = '$options[locktoken]'
                          , `path`    = '$options[path]'
                          , `created` = ".time()."
@ -677,7 +684,8 @@
     */
    function UNLOCK(&$options) 
    {
-            $query = "DELETE FROM locks
+		global $CONFIG_DBTABLEPREFIX;
            $query = "DELETE FROM {$CONFIG_DBTABLEPREFIX}locks
                      WHERE path = '$options[path]'
                        AND token = '$options[token]'";
            OC_DB::query($query);
@ -693,9 +701,11 @@
     */
    function checkLock($path) 
    {
 		global $CONFIG_DBTABLEPREFIX;
        $result = false;
        $query = "SELECT *
-                  FROM locks
+                  FROM {$CONFIG_DBTABLEPREFIX}locks
                 WHERE path = '$path'
               ";
            $res = OC_DB::select($query);
--- a/inc/lib_config.php
+++ b/inc/lib_config.php
@ -25,6 +25,7 @@ class OC_CONFIG{
    global $CONFIG_HTTPFORCESSL;
    global $CONFIG_DATEFORMAT;
    global $CONFIG_DBNAME;
 	global $CONFIG_DBTABLEPREFIX;
    global $CONFIG_INSTALLED;
 		$allow=false;
 		if(!$CONFIG_INSTALLED){
@ -130,6 +131,7 @@ class OC_CONFIG{
 			global $WEBROOT;
 			global $CONFIG_DBHOST;
 			global $CONFIG_DBNAME;
 			global $CONFIG_DBTABLEPREFIX;
 			global $CONFIG_INSTALLED;
 			global $CONFIG_DBUSER;
 			global $CONFIG_DBPASSWORD;
@ -184,6 +186,7 @@ class OC_CONFIG{
 						//create/fill database
 						$CONFIG_DBTYPE=$dbtype;
 						$CONFIG_DBNAME=$_POST['dbname'];
 						$CONFIG_DBTABLEPREFIX=$_POST['dbtableprefix'];
 						if($dbtype!='sqlite'){
 							$CONFIG_DBHOST=$_POST['dbhost'];
 							$CONFIG_DBUSER=$_POST['dbuser'];
@ -240,6 +243,7 @@ class OC_CONFIG{
 					$config.='$CONFIG_DATEFORMAT=\''.$_POST['dateformat']."';\n";
 					$config.='$CONFIG_DBTYPE=\''.$dbtype."';\n";
 					$config.='$CONFIG_DBNAME=\''.$_POST['dbname']."';\n";
 					$config.='$CONFIG_DBTABLEPREFIX=\''.$_POST['dbtableprefix']."';\n";
 					if($dbtype!='sqlite'){
 						$config.='$CONFIG_DBHOST=\''.$_POST['dbhost']."';\n";
 						$config.='$CONFIG_DBUSER=\''.$_POST['dbuser']."';\n";
@ -332,6 +336,7 @@ class OC_CONFIG{
 				$result = pg_exec($connection, $query);
 			}
 		}
 		global $CONFIG_DBTABLEPREFIX;
 	}
 }
 ?>
--- a/inc/lib_log.php
+++ b/inc/lib_log.php
@ -48,7 +48,8 @@ class OC_LOG {
   * @param message $message
   */
  public static function event($user,$type,$message){
-    $result = OC_DB::query('INSERT INTO `log` (`timestamp`,`user`,`type`,`message`) VALUES ('.time().',\''.addslashes($user).'\','.addslashes($type).',\''.addslashes($message).'\');');
+	global $CONFIG_DBTABLEPREFIX;
    $result = OC_DB::query('INSERT INTO `' . $CONFIG_DBTABLEPREFIX . 'log` (`timestamp`,`user`,`type`,`message`) VALUES ('.time().',\''.addslashes($user).'\','.addslashes($type).',\''.addslashes($message).'\');');
    OC_DB::free_result($result);
  }
@ -59,14 +60,16 @@ class OC_LOG {
   */
  public static function show(){
 	global $CONFIG_DATEFORMAT;
 	global $CONFIG_DBTABLEPREFIX;
    echo('<div class="center"><table cellpadding="6" cellspacing="0" border="0" class="log">');
 	if(OC_USER::ingroup($_SESSION['username_clean'],'admin')){
-		$result = OC_DB::select('select `timestamp`,`user`,`type`,`message` from log order by timestamp desc limit 20');
+		$result = OC_DB::select('select `timestamp`,`user`,`type`,`message` from '.$CONFIG_DBTABLEPREFIX.'log order by timestamp desc limit 20');
 	}else{
 		$user=$_SESSION['username_clean'];
-		$result = OC_DB::select('select `timestamp`,`user`,`type`,`message` from log where user=\''.$user.'\' order by timestamp desc limit 20');
+		$result = OC_DB::select('select `timestamp`,`user`,`type`,`message` from '.$CONFIG_DBTABLEPREFIX.'log where user=\''.$user.'\' order by timestamp desc limit 20');
 	}
 	$result = OC_DB::select($query);
    foreach($result as $entry){
      echo('<tr class="browserline">');
      echo('<td class="sizetext">'.date($CONFIG_DATEFORMAT,$entry['timestamp']).'</td>');
--- a/inc/lib_ocs.php
+++ b/inc/lib_ocs.php
@ -372,15 +372,16 @@ class OC_OCS {
   * @return string xml/json
   */
  private static function activityget($format,$page,$pagesize) {
 	global $CONFIG_DBTABLEPREFIX;
    $user=OC_OCS::checkpassword();
-    $result = OC_DB::query('select count(*) as co from log');
+    $result = OC_DB::query("select count(*) as co from {$CONFIG_DBTABLEPREFIX}log");
    $entry=$result->fetchRow();
    $totalcount=$entry['co'];
    OC_DB::free_result($result);
-    $result = OC_DB::select('select id,timestamp,user,type,message from log order by timestamp desc limit '.($page*$pagesize).','.$pagesize);
+    $result = OC_DB::select("select id,timestamp,user,type,message from {$CONFIG_DBTABLEPREFIX}log order by timestamp desc limit " . ($page*$pagesize) . ",$pagesize");
    $itemscount=count($result);
    $url='http://'.substr($_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'],0,-11).'';
--- a/inc/lib_user.php
+++ b/inc/lib_user.php
@ -63,6 +63,7 @@ class OC_USER {
 	*
 	*/
 	public static function createuser($username,$password){
 		global $CONFIG_DBTABLEPREFIX;
 		if(OC_USER::getuserid($username,true)!=0){
 			return false;
 		}else{
@ -70,7 +71,7 @@ class OC_USER {
 			$password=sha1($password);
 			$username=OC_DB::escape($username);
 			$usernameclean=OC_DB::escape($usernameclean);
-			$query="INSERT INTO  `users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username',  '$usernameclean',  '$password')";
+			$query="INSERT INTO  `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username',  '$usernameclean',  '$password')";
 			$result=OC_DB::query($query);
 			return ($result)?true:false;
 		}
@ -82,11 +83,13 @@ class OC_USER {
 	*
 	*/
 	public static function login($username,$password){
 		global $CONFIG_DBTABLEPREFIX;
 		$password=sha1($password);
 		$usernameclean=strtolower($username);
 		$username=OC_DB::escape($username);
 		$usernameclean=OC_DB::escape($usernameclean);
-		$query="SELECT user_id FROM  users WHERE  user_name_clean =  '$usernameclean' AND  user_password =  '$password' LIMIT 1";
+		$query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean' AND  user_password =  '$password' LIMIT 1";
 		$result=OC_DB::select($query);
 		if(isset($result[0]) && isset($result[0]['user_id'])){
 			$_SESSION['user_id']=$result[0]['user_id'];
@ -124,9 +127,10 @@ class OC_USER {
 	*
 	*/
 	public static function creategroup($groupname){
 		global $CONFIG_DBTABLEPREFIX;
 		if(OC_USER::getgroupid($groupname,true)==0){
 			$groupname=OC_DB::escape($groupname);
-			$query="INSERT INTO  `groups` (`group_name`) VALUES ('$groupname')";
+			$query="INSERT INTO  `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupname')";
 			$result=OC_DB::query($query);
 			return ($result)?true:false;
 		}else{
@ -139,12 +143,13 @@ class OC_USER {
 	*
 	*/
 	public static function getuserid($username,$nocache=false){
 		global $CONFIG_DBTABLEPREFIX;
 		$usernameclean=strtolower($username);
 		if(!$nocache and isset($_SESSION['user_id_cache'][$usernameclean])){//try to use cached value to save an sql query
 			return $_SESSION['user_id_cache'][$usernameclean];
 		}
 		$usernameclean=OC_DB::escape($usernameclean);
-		$query="SELECT user_id FROM  users WHERE user_name_clean = '$usernameclean'";
+		$query="SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean'";
 		$result=OC_DB::select($query);
 		if(!is_array($result)){
 			return 0;
@ -162,11 +167,12 @@ class OC_USER {
 	*
 	*/
 	public static function getgroupid($groupname,$nocache=false){
 		global $CONFIG_DBTABLEPREFIX;
 		if(!$nocache and isset($_SESSION['group_id_cache'][$groupname])){//try to use cached value to save an sql query
 			return $_SESSION['group_id_cache'][$groupname];
 		}
 		$groupname=OC_DB::escape($groupname);
-		$query="SELECT group_id FROM groups WHERE  group_name = '$groupname'";
+		$query="SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupname'";
 		$result=OC_DB::select($query);
 		if(!is_array($result)){
 			return 0;
@ -184,11 +190,12 @@ class OC_USER {
 	*
 	*/
 	public static function getgroupname($groupid,$nocache=false){
 		global $CONFIG_DBTABLEPREFIX;
 		if($nocache and $name=array_search($groupid,$_SESSION['group_id_cache'])){//try to use cached value to save an sql query
 			return $name;
 		}
 		$groupid=(integer)$groupid;
-		$query="SELECT group_name FROM  groups WHERE  group_id =  '$groupid' LIMIT 1";
+		$query="SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupid' LIMIT 1";
 		$result=OC_DB::select($query);
 		if(isset($result[0]) && isset($result[0]['group_name'])){
 			return $result[0]['group_name'];
@ -202,10 +209,12 @@ class OC_USER {
 	*
 	*/
 	public static function ingroup($username,$groupname){
 		global $CONFIG_DBTABLEPREFIX;
 		$userid=OC_USER::getuserid($username);
 		$groupid=OC_USER::getgroupid($groupname);
 		if($groupid>0 and $userid>0){
-			$query="SELECT * FROM  user_group WHERE group_id = '$groupid'  AND user_id = '$userid';";
+			$query="SELECT * FROM  {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupid'  AND user_id = '$userid';";
 			$result=OC_DB::select($query);
 			if(isset($result[0]) && isset($result[0]['user_group_id'])){
 				return true;
@ -222,11 +231,13 @@ class OC_USER {
 	*
 	*/
 	public static function addtogroup($username,$groupname){
 		global $CONFIG_DBTABLEPREFIX;
 		if(!OC_USER::ingroup($username,$groupname)){
 			$userid=OC_USER::getuserid($username);
 			$groupid=OC_USER::getgroupid($groupname);
 			if($groupid!=0 and $userid!=0){
-				$query="INSERT INTO `user_group` (`user_id` ,`group_id`) VALUES ('$userid',  '$groupid');";
+				$query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userid',  '$groupid');";
 				$result=OC_DB::query($query);
 				if($result){
 					return true;
@ -250,8 +261,10 @@ class OC_USER {
 	*
 	*/
 	public static function getusergroups($username){
 		global $CONFIG_DBTABLEPREFIX;
 		$userid=OC_USER::getuserid($username);
-		$query="SELECT group_id FROM  user_group WHERE  user_id =  '$userid'";
+		$query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userid'";
 		$result=OC_DB::select($query);
 		$groups=array();
 		if(is_array($result)){
@ -268,9 +281,11 @@ class OC_USER {
 	*
 	*/
 	public static function setpassword($username,$password){
 		global $CONFIG_DBTABLEPREFIX;
 		$password=sha1($password);
 		$userid=OC_USER::getuserid($username);
-		$query="UPDATE  users SET  user_password = '$password' WHERE  user_id ='$userid'";
+		$query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userid'";
 		$result=OC_DB::query($query);
 		if($result){
 			return true;
@ -284,11 +299,13 @@ class OC_USER {
 	*
 	*/
 	public static function checkpassword($username,$password){
 		global $CONFIG_DBTABLEPREFIX;
 		$password=sha1($password);
 		$usernameclean=strtolower($username);
 		$username=OC_DB::escape($username);
 		$usernameclean=OC_DB::escape($usernameclean);
-		$query="SELECT user_id FROM  'users' WHERE  user_name_clean =  '$usernameclean' AND  user_password =  '$password' LIMIT 1";
+		$query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameclean' AND user_password =  '$password' LIMIT 1";
 		$result=OC_DB::select($query);
 		if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){
 			return true;
--- a/inc/templates/adminform.php
+++ b/inc/templates/adminform.php
@ -10,6 +10,7 @@ if(!$f) die('Error: Config file (config/config.php) is not writable for the webs
 if(!isset($fillDB)) $fillDB=true;
 if(!isset($CONFIG_DBHOST)) $CONFIG_DBHOST='localhost';
 if(!isset($CONFIG_DBUSER)) $CONFIG_DBUSER='owncloud';
 if(!isset($CONFIG_DBTABLEPREFIX)) $CONFIG_DBTABLEPREFIX='oc_';
 $newuserpassword=OC_USER::generatepassword();
 ?>
 <script type="text/javascript">
@ -116,6 +117,7 @@ if($CONFIG_DBTYPE=='sqlite'){
 </td></tr>
 <tr id='dbhost'><td>database host:</td><td><input type="text" name="dbhost" size="30" class="formstyle" value='<?php echo($CONFIG_DBHOST);?>'></input></td></tr>
 <tr id='dbname'><td>database name:</td><td><input type="text" name="dbname" size="30" class="formstyle" value='<?php echo($CONFIG_DBNAME);?>'></input></td></tr>
 <tr id='dbtableprefix'><td>database table prefix:</td><td><input type="text" name="dbtableprefix" size="30" class="formstyle" value='<?php echo($CONFIG_DBTABLEPREFIX);?>'></input></td></tr>
 <tr id='dbuser'><td>database user:</td><td><input type="text" name="dbuser" size="30" class="formstyle" value='<?php echo($CONFIG_DBUSER);?>'></input></td></tr>
 <tr id='dbpass'><td>database password:</td><td><input type="password" name="dbpassword" size="30" class="formstyle" value=''></input></td><td>(leave empty to keep current password)</td></tr>
 <tr id='dbpass_retype'><td>retype database password:</td><td><input type="password" name="dbpassword2" size="30" class="formstyle" value=''></input></td></tr>