diff --git a/files/rename.php b/admin/index.php
similarity index 61%
rename from files/rename.php
rename to admin/index.php
index f0f272f018..2331c22f06 100644
--- a/files/rename.php
+++ b/admin/index.php
@@ -1,10 +1,10 @@
.
*
*/
+
+$CONFIG_ERROR='';
+
require_once('../inc/lib_base.php');
-$dir=$_GET['dir'];
-$file=$_GET['file'];
-$newname=$_GET['newname'];
-if($file!=$newname and $newname!='' and isset($_SESSION['username']) and $_SESSION['username'] and strpos($dir,'..')===false){
- $source=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
- $target=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$newname;
- rename($source,$target);
-}
-?>
\ No newline at end of file
+OC_UTIL::showheader();
+
+$FIRSTRUN=false;
+
+echo('
');
+OC_CONFIG::showadminform();
+echo('
');
+
+
+OC_UTIL::showfooter();
+
+?>
+
diff --git a/admin/index.php~ b/admin/index.php~
new file mode 100644
index 0000000000..8d1c8b69c3
--- /dev/null
+++ b/admin/index.php~
@@ -0,0 +1 @@
+
diff --git a/css/default.php b/css/default.php
index dd1ad09b01..4d15ef6d6d 100755
--- a/css/default.php
+++ b/css/default.php
@@ -46,6 +46,7 @@ html,body {
}
body.error {background-color: #F0F0F0;}
+td.error{color:#FF0000; text-align:center}
body,th,td,ul,li,a,div,p,pre {color:#333333; font-family:Verdana,"Bitstream Vera Sans",Arial,Helvetica,Sans,"Bitstream Vera Serif"; font-size:9.0pt;}
a img {
@@ -220,6 +221,7 @@ div.breadcrumb{
}
div.fileactionlist{
+ z-index:50;
position:absolute;
background-color: #DDDDDD;
margin-top:5px;
@@ -260,6 +262,12 @@ td.sizetext{
text-align:right;
}
+
+input.fileSelector{
+ margin-right:17px;
+ float:left;
+}
+
td.fileSelector, td.fileicon{
width:16px;
}
@@ -287,6 +295,7 @@ div.fileList{
height:100%;
min-height:200px;
top:0px;
+
}
div.fileList table{
@@ -321,4 +330,86 @@ table.browser thead td,table.browser tfoot td{
tr.hint, tr.hint td{
background:transparent;
+}
+
+#debug{
+ position:fixed;
+ bottom:20px;
+ left:20px;
+ border:solid 1px black;
+}
+
+.dragClone{
+ position:absolute;
+}
+
+div.breadcrumb{
+ float:left;
+ background:transparent;
+}
+
+div.moreActionsButton>p{
+ padding:0px;
+ margin:0px;
+ width:100%;
+ height:100%;
+}
+
+div.moreActionsButton{
+ background-color:white;
+ display:inline;
+ border:1px solid black;
+ cursor:pointer;
+ padding-right:10px;
+ text-align:right;
+ width:90px;
+ height:19px;
+ float:right;
+ margin-top:2px !important;
+ right:2px;
+ position:absolute;
+ background:#DDD url(/img/arrow_up.png) no-repeat scroll center right;
+}
+
+td.moreActionsButtonClicked{
+ background:#DDD url(/img/arrow_down.png) no-repeat scroll center right !important
+}
+
+tr.utilityline{
+ height:24px;
+}
+
+td.actionsSelected{
+ position:absolute;
+ width:790px;
+}
+
+div.moreActionsList{
+ background:#EEE;
+ position:absolute;
+ bottom:19px;
+ right:-2px;
+ border:1px solid black;
+ min-width:330px;
+ text-align:right;
+ float:right;
+}
+
+div.moreActionsList input{
+
+}
+
+div.moreActionsList>table{
+ width:100%;
+}
+
+div.moreActionsList td{
+ width:300px;
+ text-align:right;
+ padding-top:3px !important;
+ padding-bottom:3px !important;
+}
+
+div.moreActionsList tr:hover{
+ background-color:#DDD;
}
\ No newline at end of file
diff --git a/files/move.php b/files/api.php
similarity index 55%
rename from files/move.php
rename to files/api.php
index 7103662c4a..5a4c8801d4 100644
--- a/files/move.php
+++ b/files/api.php
@@ -22,14 +22,28 @@
*/
require_once('../inc/lib_base.php');
-$sourceDir=$_GET['sourcedir'];
-$targetDir=$_GET['targetdir'];
-$source=$_GET['source'];
-$target=$_GET['target'];
-if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($sourceDir,'..')===false and strpos($source,'..')===false and strpos($targetDir,'..')===false and strpos($target,'..')===false){
- $target=$CONFIG_DATADIRECTORY.'/'.$targetDir.'/'.$target.'/'.$source;
- $source=$CONFIG_DATADIRECTORY.'/'.$sourceDir.'/'.$source;
- rename($source,$target);
+$arguments=$_POST;
+
+foreach($arguments as &$argument){
+ $argument=stripslashes($argument);
+}
+ob_clean();
+switch($arguments['action']){
+ case 'delete':
+ OC_FILES::delete($arguments['dir'],$arguments['file']);
+ break;
+ case 'rename':
+ OC_FILES::move($arguments['dir'],$arguments['file'],$arguments['dir'],$arguments['newname']);
+ break;
+ case 'new':
+ OC_FILES::newfile($arguments['dir'],$arguments['name'],$arguments['type']);
+ break;
+ case 'move':
+ OC_FILES::move($arguments['sourcedir'],$arguments['source'],$arguments['targetdir'],$arguments['target']);
+ break;
+ case 'get':
+ OC_FILES::get($arguments['dir'],$arguments['file']);
+ break;
}
?>
\ No newline at end of file
diff --git a/files/get_file.php b/files/get_file.php
deleted file mode 100644
index 9ec539ee7e..0000000000
--- a/files/get_file.php
+++ /dev/null
@@ -1,108 +0,0 @@
-.
-*
-*/
-
-//note this file is for getting files themselves, get_files.php is for getting a list of files.
-
-require_once('../inc/lib_base.php');
-
-if(!function_exists('sys_get_temp_dir')) {
- function sys_get_temp_dir() {
- if( $temp=getenv('TMP') ) return $temp;
- if( $temp=getenv('TEMP') ) return $temp;
- if( $temp=getenv('TMPDIR') ) return $temp;
- $temp=tempnam(__FILE__,'');
- if (file_exists($temp)) {
- unlink($temp);
- return dirname($temp);
- }
- return null;
- }
-}
-
-function addDir($dir,$zip,$internalDir=''){
- $dirname=basename($dir);
- $zip->addEmptyDir($internalDir.$dirname);
- $internalDir.=$dirname.='/';
- $files=OC_FILES::getdirectorycontent($dir);
- foreach($files as $file){
- $filename=$file['name'];
- $file=$dir.'/'.$filename;
- if(is_file($file)){
- $zip->addFile($file,$internalDir.$filename);
- }elseif(is_dir($file)){
- addDir($file,$zip,$internalDir);
- }
- }
-}
-
-$files=$_GET['files'];
-$dir=(isset($_GET['dir']))?$_GET['dir']:'';
-if(strstr($files,'..') or strstr($dir,'..')){
- die();
-}
-if(strpos($files,',')){
- $files=explode(',',$files);
-}
-
-
-if(is_array($files)){
- $zip = new ZipArchive();
- $filename = sys_get_temp_dir()."/ownCloud.zip";
- if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
- exit("cannot open <$filename>\n");
- }
- foreach($files as $file){
- $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
- if(is_file($file)){
- $zip->addFile($file,basename($file));
- }elseif(is_dir($file)){
- addDir($file,$zip);
- }
- }
- $zip->close();
-}elseif(is_dir($CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files)){
- $zip = new ZipArchive();
- $filename = sys_get_temp_dir()."/ownCloud.zip";
- if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
- exit("cannot open <$filename>\n");
- }
- $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
- addDir($file,$zip);
- $zip->close();
-}else{
- $zip=false;
- $filename=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
-}
-header('Content-Description: File Transfer');
-header('Content-Type: application/octet-stream');
-header('Content-Disposition: attachment; filename='.basename($filename));
-header('Content-Transfer-Encoding: binary');
-header('Expires: 0');
-header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
-header('Pragma: public');
-header('Content-Length: ' . filesize($filename));
-ob_end_clean();
-readfile($filename);
-if($zip){
- unlink($filename);
-}
-?>
\ No newline at end of file
diff --git a/files/get_files.php b/files/get_files.php
index 287b8cd453..21866dbf63 100644
--- a/files/get_files.php
+++ b/files/get_files.php
@@ -47,12 +47,14 @@ $dirname=(isset($files[0]))?$files[0]['directory']:'';
$dirname=substr($dirname,strrpos($dirname,'/'));
$max_upload=min(return_bytes(ini_get('post_max_size')),return_bytes(ini_get('upload_max_filesize')));
ob_clean();
-echo "\n";
+echo "\n";
echo "\n";
if(is_array($files)){
foreach($files as $file){
$attributes='';
foreach($file as $name=>$data){
+ $data=utf8_encode($data);
+ $data=utf8tohtml($data);
$data=str_replace("'",''',$data);
if (is_string($name)) $attributes.=" $name='$data'";
}
@@ -60,5 +62,48 @@ if(is_array($files)){
echo "\n";
}
}
-echo "\n";
+echo "";
+
+// converts a UTF8-string into HTML entities
+// - $utf8: the UTF8-string to convert
+// - $encodeTags: booloean. TRUE will convert "<" to "<"
+// - return: returns the converted HTML-string
+function utf8tohtml($utf8, $encodeTags=true) {
+ $result = '';
+ for ($i = 0; $i < strlen($utf8); $i++) {
+ $char = $utf8[$i];
+ $ascii = ord($char);
+ if ($ascii < 128) {
+ // one-byte character
+ $result .= ($encodeTags) ? htmlentities($char) : $char;
+ } else if ($ascii < 192) {
+ // non-utf8 character or not a start byte
+ } else if ($ascii < 224) {
+ // two-byte character
+ $result .= htmlentities(substr($utf8, $i, 2), ENT_QUOTES, 'UTF-8');
+ $i++;
+ } else if ($ascii < 240) {
+ // three-byte character
+ $ascii1 = ord($utf8[$i+1]);
+ $ascii2 = ord($utf8[$i+2]);
+ $unicode = (15 & $ascii) * 4096 +
+ (63 & $ascii1) * 64 +
+ (63 & $ascii2);
+ $result .= "$unicode;";
+ $i += 2;
+ } else if ($ascii < 248) {
+ // four-byte character
+ $ascii1 = ord($utf8[$i+1]);
+ $ascii2 = ord($utf8[$i+2]);
+ $ascii3 = ord($utf8[$i+3]);
+ $unicode = (15 & $ascii) * 262144 +
+ (63 & $ascii1) * 4096 +
+ (63 & $ascii2) * 64 +
+ (63 & $ascii3);
+ $result .= "$unicode;";
+ $i += 3;
+ }
+ }
+ return $result;
+}
?>
\ No newline at end of file
diff --git a/files/new.php b/files/new.php
deleted file mode 100644
index c5d5608a56..0000000000
--- a/files/new.php
+++ /dev/null
@@ -1,38 +0,0 @@
-.
-*
-*/
-require_once('../inc/lib_base.php');
-
-$dir=$_GET['dir'];
-$name=$_GET['name'];
-$type=$_GET['type'];
-if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($dir,'..')===false and strpos($name,'..')===false){
- $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$name;
- if($type=='dir'){
- mkdir($file);
- }elseif($type=='file'){
- $fileHandle=fopen($file, 'w') or die("can't open file");
- fclose($fileHandle);
- }
-}
-
-?>
\ No newline at end of file
diff --git a/files/upload.php b/files/upload.php
index b5fed2ed5b..0aa435cad6 100644
--- a/files/upload.php
+++ b/files/upload.php
@@ -22,6 +22,8 @@
*/
require_once('../inc/lib_base.php');
+// sleep(5); //immitate slow internet.
+
$fileName=$_FILES['file']['name'];
$source=$_FILES['file']['tmp_name'];
$target=$CONFIG_DATADIRECTORY.'/'.$_GET['dir'].'/'.$fileName;
diff --git a/inc/HTTP/WebDAV/Server.php b/inc/HTTP/WebDAV/Server.php
index e1438b015e..913550eb15 100644
--- a/inc/HTTP/WebDAV/Server.php
+++ b/inc/HTTP/WebDAV/Server.php
@@ -1,3 +1,4 @@
+<<<<<<< HEAD:inc/HTTP/WebDAV/Server.php
|
+// | Christian Stocker |
+// +----------------------------------------------------------------------+
+//
+// $Id: Server.php,v 1.46 2006/03/03 21:43:09 hholzgra Exp $
+//
+oc_require_once("HTTP/WebDAV/Tools/_parse_propfind.php");
+oc_require_once("HTTP/WebDAV/Tools/_parse_proppatch.php");
+oc_require_once("HTTP/WebDAV/Tools/_parse_lockinfo.php");
+>>>>>>> 854e0c5a9c9060e827fbbfddffeeeadfc2d27278:inc/HTTP/WebDAV/Server.php
/**
* Virtual base class for implementing WebDAV servers
diff --git a/inc/HTTP/WebDAV/Server/Filesystem.php b/inc/HTTP/WebDAV/Server/Filesystem.php
index 97f00b2557..d38d05e8f2 100644
--- a/inc/HTTP/WebDAV/Server/Filesystem.php
+++ b/inc/HTTP/WebDAV/Server/Filesystem.php
@@ -1,3 +1,4 @@
+<<<<<<< HEAD:inc/HTTP/WebDAV/Server/Filesystem.php
$value) {
+ if (stristr($key,"litmus")) {
+ error_log("Litmus test $value");
+ header("X-Litmus-reply: ".$value);
+ }
+ }
+ }
+
+ // set root directory, defaults to webserver document root if not set
+ if ($base) {
+ $this->base = realpath($base); // TODO throw if not a directory
+ } else if (!$this->base) {
+ $this->base = $_SERVER['DOCUMENT_ROOT'];
+ }
+
+ // let the base class do all the work
+ parent::ServeRequest();
+ }
+
+ /**
+ * No authentication is needed here
+ *
+ * @access private
+ * @param string HTTP Authentication type (Basic, Digest, ...)
+ * @param string Username
+ * @param string Password
+ * @return bool true on successful authentication
+ */
+ function check_auth($type, $user, $pass)
+ {
+ return true;
+ }
+
+
+ /**
+ * PROPFIND method handler
+ *
+ * @param array general parameter passing array
+ * @param array return array for file properties
+ * @return bool true on success
+ */
+ function PROPFIND(&$options, &$files)
+ {
+ // get absolute fs path to requested resource
+ $fspath = $this->base . $options["path"];
+
+ // sanity check
+ if (!file_exists($fspath)) {
+ return false;
+ }
+
+ // prepare property array
+ $files["files"] = array();
+
+ // store information for the requested path itself
+ $files["files"][] = $this->fileinfo($options["path"]);
+
+ // information for contained resources requested?
+ if (!empty($options["depth"])) { // TODO check for is_dir() first?
+
+ // make sure path ends with '/'
+ $options["path"] = $this->_slashify($options["path"]);
+
+ // try to open directory
+ $handle = @opendir($fspath);
+
+ if ($handle) {
+ // ok, now get all its contents
+ while ($filename = readdir($handle)) {
+ if ($filename != "." && $filename != "..") {
+ $files["files"][] = $this->fileinfo($options["path"].$filename);
+ }
+ }
+ // TODO recursion needed if "Depth: infinite"
+ }
+ }
+
+ // ok, all done
+ return true;
+ }
+
+ /**
+ * Get properties for a single file/resource
+ *
+ * @param string resource path
+ * @return array resource properties
+ */
+ function fileinfo($path)
+ {
+ // map URI path to filesystem path
+ $fspath = $this->base . $path;
+
+ // create result array
+ $info = array();
+ // TODO remove slash append code when base clase is able to do it itself
+ $info["path"] = is_dir($fspath) ? $this->_slashify($path) : $path;
+ $info["props"] = array();
+
+ // no special beautified displayname here ...
+ $info["props"][] = $this->mkprop("displayname", strtoupper($path));
+
+ // creation and modification time
+ $info["props"][] = $this->mkprop("creationdate", filectime($fspath));
+ $info["props"][] = $this->mkprop("getlastmodified", filemtime($fspath));
+
+ // type and size (caller already made sure that path exists)
+ if (is_dir($fspath)) {
+ // directory (WebDAV collection)
+ $info["props"][] = $this->mkprop("resourcetype", "collection");
+ $info["props"][] = $this->mkprop("getcontenttype", "httpd/unix-directory");
+ } else {
+ // plain file (WebDAV resource)
+ $info["props"][] = $this->mkprop("resourcetype", "");
+ if (is_readable($fspath)) {
+ $info["props"][] = $this->mkprop("getcontenttype", $this->_mimetype($fspath));
+ } else {
+ $info["props"][] = $this->mkprop("getcontenttype", "application/x-non-readable");
+ }
+ $info["props"][] = $this->mkprop("getcontentlength", filesize($fspath));
+ }
+
+ // get additional properties from database
+ $query = "SELECT ns, name, value FROM properties WHERE path = '$path'";
+ $res = OC_DB::query($query);
+ while ($row = OC_DB::fetch_assoc($res)) {
+ $info["props"][] = $this->mkprop($row["ns"], $row["name"], $row["value"]);
+ }
+ OC_DB::free_result($res);
+
+ return $info;
+ }
+
+ /**
+ * detect if a given program is found in the search PATH
+ *
+ * helper function used by _mimetype() to detect if the
+ * external 'file' utility is available
+ *
+ * @param string program name
+ * @param string optional search path, defaults to $PATH
+ * @return bool true if executable program found in path
+ */
+ function _can_execute($name, $path = false)
+ {
+ // path defaults to PATH from environment if not set
+ if ($path === false) {
+ $path = getenv("PATH");
+ }
+
+ // check method depends on operating system
+ if (!strncmp(PHP_OS, "WIN", 3)) {
+ // on Windows an appropriate COM or EXE file needs to exist
+ $exts = array(".exe", ".com");
+ $check_fn = "file_exists";
+ } else {
+ // anywhere else we look for an executable file of that name
+ $exts = array("");
+ $check_fn = "is_executable";
+ }
+
+ // now check the directories in the path for the program
+ foreach (explode(PATH_SEPARATOR, $path) as $dir) {
+ // skip invalid path entries
+ if (!file_exists($dir)) continue;
+ if (!is_dir($dir)) continue;
+
+ // and now look for the file
+ foreach ($exts as $ext) {
+ if ($check_fn("$dir/$name".$ext)) return true;
+ }
+ }
+
+ return false;
+ }
+
+
+ /**
+ * try to detect the mime type of a file
+ *
+ * @param string file path
+ * @return string guessed mime type
+ */
+ function _mimetype($fspath)
+ {
+ if (@is_dir($fspath)) {
+ // directories are easy
+ return "httpd/unix-directory";
+ } else if (function_exists("mime_content_type")) {
+ // use mime magic extension if available
+ $mime_type = mime_content_type($fspath);
+ } else if ($this->_can_execute("file")) {
+ // it looks like we have a 'file' command,
+ // lets see it it does have mime support
+ $fp = popen("file -i '$fspath' 2>/dev/null", "r");
+ $reply = fgets($fp);
+ pclose($fp);
+
+ // popen will not return an error if the binary was not found
+ // and find may not have mime support using "-i"
+ // so we test the format of the returned string
+
+ // the reply begins with the requested filename
+ if (!strncmp($reply, "$fspath: ", strlen($fspath)+2)) {
+ $reply = substr($reply, strlen($fspath)+2);
+ // followed by the mime type (maybe including options)
+ if (preg_match('/^[[:alnum:]_-]+/[[:alnum:]_-]+;?.*/', $reply, $matches)) {
+ $mime_type = $matches[0];
+ }
+ }
+ }
+
+ if (empty($mime_type)) {
+ // Fallback solution: try to guess the type by the file extension
+ // TODO: add more ...
+ // TODO: it has been suggested to delegate mimetype detection
+ // to apache but this has at least three issues:
+ // - works only with apache
+ // - needs file to be within the document tree
+ // - requires apache mod_magic
+ // TODO: can we use the registry for this on Windows?
+ // OTOH if the server is Windos the clients are likely to
+ // be Windows, too, and tend do ignore the Content-Type
+ // anyway (overriding it with information taken from
+ // the registry)
+ // TODO: have a seperate PEAR class for mimetype detection?
+ switch (strtolower(strrchr(basename($fspath), "."))) {
+ case ".html":
+ $mime_type = "text/html";
+ break;
+ case ".gif":
+ $mime_type = "image/gif";
+ break;
+ case ".jpg":
+ $mime_type = "image/jpeg";
+ break;
+ default:
+ $mime_type = "application/octet-stream";
+ break;
+ }
+ }
+
+ return $mime_type;
+ }
+
+ /**
+ * GET method handler
+ *
+ * @param array parameter passing array
+ * @return bool true on success
+ */
+ function GET(&$options)
+ {
+ // get absolute fs path to requested resource
+ $fspath = $this->base . $options["path"];
+
+ // sanity check
+ if (!file_exists($fspath)) return false;
+
+ // is this a collection?
+ if (is_dir($fspath)) {
+ return $this->GetDir($fspath, $options);
+ }
+
+ // detect resource type
+ $options['mimetype'] = $this->_mimetype($fspath);
+
+ // detect modification time
+ // see rfc2518, section 13.7
+ // some clients seem to treat this as a reverse rule
+ // requiering a Last-Modified header if the getlastmodified header was set
+ $options['mtime'] = filemtime($fspath);
+
+ // detect resource size
+ $options['size'] = filesize($fspath);
+
+ // no need to check result here, it is handled by the base class
+ $options['stream'] = fopen($fspath, "r");
+
+ return true;
+ }
+
+ /**
+ * GET method handler for directories
+ *
+ * This is a very simple mod_index lookalike.
+ * See RFC 2518, Section 8.4 on GET/HEAD for collections
+ *
+ * @param string directory path
+ * @return void function has to handle HTTP response itself
+ */
+ function GetDir($fspath, &$options)
+ {
+ $path = $this->_slashify($options["path"]);
+ if ($path != $options["path"]) {
+ header("Location: ".$this->base_uri.$path);
+ exit;
+ }
+
+ // fixed width directory column format
+ $format = "%15s %-19s %-s\n";
+
+ $handle = @opendir($fspath);
+ if (!$handle) {
+ return false;
+ }
+
+ echo "Index of ".htmlspecialchars($options['path'])."\n";
+
+ echo "Index of ".htmlspecialchars($options['path'])."
\n";
+
+ echo "";
+ printf($format, "Size", "Last modified", "Filename");
+ echo "
";
+
+ while ($filename = readdir($handle)) {
+ if ($filename != "." && $filename != "..") {
+ $fullpath = $fspath."/".$filename;
+ $name = htmlspecialchars($filename);
+ printf($format,
+ number_format(filesize($fullpath)),
+ strftime("%Y-%m-%d %H:%M:%S", filemtime($fullpath)),
+ "$name");
+ }
+ }
+
+ echo "
";
+
+ closedir($handle);
+
+ echo "\n";
+
+ exit;
+ }
+
+ /**
+ * PUT method handler
+ *
+ * @param array parameter passing array
+ * @return bool true on success
+ */
+ function PUT(&$options)
+ {
+ $fspath = $this->base . $options["path"];
+
+ if (!@is_dir(dirname($fspath))) {
+ return "409 Conflict";
+ }
+
+ $options["new"] = ! file_exists($fspath);
+
+ $fp = fopen($fspath, "w");
+
+ return $fp;
+ }
+
+
+ /**
+ * MKCOL method handler
+ *
+ * @param array general parameter passing array
+ * @return bool true on success
+ */
+ function MKCOL($options)
+ {
+ $path = $this->base .$options["path"];
+ $parent = dirname($path);
+ $name = basename($path);
+
+ if (!file_exists($parent)) {
+ return "409 Conflict";
+ }
+
+ if (!is_dir($parent)) {
+ return "403 Forbidden";
+ }
+
+ if ( file_exists($parent."/".$name) ) {
+ return "405 Method not allowed";
+ }
+
+ if (!empty($_SERVER["CONTENT_LENGTH"])) { // no body parsing yet
+ return "415 Unsupported media type";
+ }
+
+ $stat = mkdir ($parent."/".$name,0777);
+ if (!$stat) {
+ return "403 Forbidden";
+ }
+
+ return ("201 Created");
+ }
+
+
+ /**
+ * DELETE method handler
+ *
+ * @param array general parameter passing array
+ * @return bool true on success
+ */
+ function DELETE($options)
+ {
+ $path = $this->base . "/" .$options["path"];
+
+ if (!file_exists($path)) {
+ return "404 Not found";
+ }
+
+ if (is_dir($path)) {
+ $query = "DELETE FROM properties WHERE path LIKE '".$this->_slashify($options["path"])."%'";
+ OC_DB::query($query);
+ System::rm("-rf $path");
+ } else {
+ unlink ($path);
+ }
+ $query = "DELETE FROM properties WHERE path = '$options[path]'";
+ OC_DB::query($query);
+
+ return "204 No Content";
+ }
+
+
+ /**
+ * MOVE method handler
+ *
+ * @param array general parameter passing array
+ * @return bool true on success
+ */
+ function MOVE($options)
+ {
+ return $this->COPY($options, true);
+ }
+
+ /**
+ * COPY method handler
+ *
+ * @param array general parameter passing array
+ * @return bool true on success
+ */
+ function COPY($options, $del=false)
+ {
+ // TODO Property updates still broken (Litmus should detect this?)
+
+ if (!empty($_SERVER["CONTENT_LENGTH"])) { // no body parsing yet
+ return "415 Unsupported media type";
+ }
+
+ // no copying to different WebDAV Servers yet
+ if (isset($options["dest_url"])) {
+ return "502 bad gateway";
+ }
+
+ $source = $this->base .$options["path"];
+ if (!file_exists($source)) return "404 Not found";
+
+ $dest = $this->base . $options["dest"];
+
+ $new = !file_exists($dest);
+ $existing_col = false;
+
+ if (!$new) {
+ if ($del && is_dir($dest)) {
+ if (!$options["overwrite"]) {
+ return "412 precondition failed";
+ }
+ $dest .= basename($source);
+ if (file_exists($dest)) {
+ $options["dest"] .= basename($source);
+ } else {
+ $new = true;
+ $existing_col = true;
+ }
+ }
+ }
+
+ if (!$new) {
+ if ($options["overwrite"]) {
+ $stat = $this->DELETE(array("path" => $options["dest"]));
+ if (($stat{0} != "2") && (substr($stat, 0, 3) != "404")) {
+ return $stat;
+ }
+ } else {
+ return "412 precondition failed";
+ }
+ }
+
+ if (is_dir($source) && ($options["depth"] != "infinity")) {
+ // RFC 2518 Section 9.2, last paragraph
+ return "400 Bad request";
+ }
+
+ if ($del) {
+ if (!rename($source, $dest)) {
+ return "500 Internal server error";
+ }
+ $destpath = $this->_unslashify($options["dest"]);
+ if (is_dir($source)) {
+ $query = "UPDATE properties
+ SET path = REPLACE(path, '".$options["path"]."', '".$destpath."')
+ WHERE path LIKE '".$this->_slashify($options["path"])."%'";
+ OC_DB::query($query);
+ }
+
+ $query = "UPDATE properties
+ SET path = '".$destpath."'
+ WHERE path = '".$options["path"]."'";
+ OC_DB::query($query);
+ } else {
+ if (is_dir($source)) {
+ $files = System::find($source);
+ $files = array_reverse($files);
+ } else {
+ $files = array($source);
+ }
+
+ if (!is_array($files) || empty($files)) {
+ return "500 Internal server error";
+ }
+
+
+ foreach ($files as $file) {
+ if (is_dir($file)) {
+ $file = $this->_slashify($file);
+ }
+
+ $destfile = str_replace($source, $dest, $file);
+
+ if (is_dir($file)) {
+ if (!is_dir($destfile)) {
+ // TODO "mkdir -p" here? (only natively supported by PHP 5)
+ if (!mkdir($destfile)) {
+ return "409 Conflict";
+ }
+ } else {
+ error_log("existing dir '$destfile'");
+ }
+ } else {
+ if (!copy($file, $destfile)) {
+ return "409 Conflict";
+ }
+ }
+ }
+
+ $query = "INSERT INTO properties SELECT ... FROM properties WHERE path = '".$options['path']."'";
+ }
+
+ return ($new && !$existing_col) ? "201 Created" : "204 No Content";
+ }
+
+ /**
+ * PROPPATCH method handler
+ *
+ * @param array general parameter passing array
+ * @return bool true on success
+ */
+ function PROPPATCH(&$options)
+ {
+ global $prefs, $tab;
+
+ $msg = "";
+
+ $path = $options["path"];
+
+ $dir = dirname($path)."/";
+ $base = basename($path);
+
+ foreach($options["props"] as $key => $prop) {
+ if ($prop["ns"] == "DAV:") {
+ $options["props"][$key]['status'] = "403 Forbidden";
+ } else {
+ if (isset($prop["val"])) {
+ $query = "REPLACE INTO properties SET path = '$options[path]', name = '$prop[name]', ns= '$prop[ns]', value = '$prop[val]'";
+ error_log($query);
+ } else {
+ $query = "DELETE FROM properties WHERE path = '$options[path]' AND name = '$prop[name]' AND ns = '$prop[ns]'";
+ }
+ OC_DB::query($query);
+ }
+ }
+
+ return "";
+ }
+
+
+ /**
+ * LOCK method handler
+ *
+ * @param array general parameter passing array
+ * @return bool true on success
+ */
+ function LOCK(&$options)
+ {
+ if (isset($options["update"])) { // Lock Update
+ $query = "UPDATE locks SET expires = ".(time()+300);
+ OC_DB::query($query);
+
+ if (OC_DB::affected_rows()) {
+ $options["timeout"] = 300; // 5min hardcoded
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ $options["timeout"] = time()+300; // 5min. hardcoded
+
+ $query = "INSERT INTO locks
+ SET token = '$options[locktoken]'
+ , path = '$options[path]'
+ , owner = '$options[owner]'
+ , expires = '$options[timeout]'
+ , exclusivelock = " .($options['scope'] === "exclusive" ? "1" : "0")
+ ;
+ OC_DB::query($query);
+
+ return OC_DB::affected_rows() ? "200 OK" : "409 Conflict";
+ }
+
+ /**
+ * UNLOCK method handler
+ *
+ * @param array general parameter passing array
+ * @return bool true on success
+ */
+ function UNLOCK(&$options)
+ {
+ $query = "DELETE FROM locks
+ WHERE path = '$options[path]'
+ AND token = '$options[token]'";
+ OC_DB::query($query);
+
+ return OC_DB::affected_rows() ? "204 No Content" : "409 Conflict";
+ }
+
+ /**
+ * checkLock() helper
+ *
+ * @param string resource path to check for locks
+ * @return bool true on success
+ */
+ function checkLock($path)
+ {
+ $result = false;
+
+ $query = "SELECT owner, token, expires, exclusivelock
+ FROM locks
+ WHERE path = '$path'
+ ";
+ $res = OC_DB::query($query);
+
+ if ($res) {
+ $row = OC_DB::fetch_assoc($res);
+ OC_DB::free_result($res);
+
+ if ($row) {
+ $result = array( "type" => "write",
+ "scope" => $row["exclusivelock"] ? "exclusive" : "shared",
+ "depth" => 0,
+ "owner" => $row['owner'],
+ "token" => $row['token'],
+ "expires" => $row['expires']
+ );
+ }
+ }
+
+ return $result;
+ }
+
+
+ /**
+ * create database tables for property and lock storage
+ *
+ * @param void
+ * @return bool true on success
+ */
+ function create_database()
+ {
+ // TODO
+ return false;
+ }
+
+ }
+
+
+?>
+>>>>>>> 854e0c5a9c9060e827fbbfddffeeeadfc2d27278:inc/HTTP/WebDAV/Server/Filesystem.php
diff --git a/inc/lib_base.php b/inc/lib_base.php
index e430926170..851fc254b8 100755
--- a/inc/lib_base.php
+++ b/inc/lib_base.php
@@ -40,11 +40,10 @@ if($WEBROOT{0}!=='/'){
}
// set the right include path
-set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config');
+// set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config');
// define default config values
-$CONFIG_ADMINLOGIN='';
-$CONFIG_ADMINPASSWORD='';
+$CONFIG_INSTALLED=false;
$CONFIG_DATADIRECTORY=$SERVERROOT.'/data';
$CONFIG_HTTPFORCESSL=false;
$CONFIG_DATEFORMAT='j M Y G:i';
@@ -52,7 +51,7 @@ $CONFIG_DBNAME='owncloud';
$CONFIG_DBTYPE='sqlite';
// include the generated configfile
-@include_once('config.php');
+@oc_include_once('config.php');
// redirect to https site if configured
if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){
@@ -64,12 +63,22 @@ if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){
}
// load core libs
-require_once('lib_files.php');
-require_once('lib_log.php');
-require_once('lib_config.php');
+oc_require_once('lib_files.php');
+oc_require_once('lib_log.php');
+oc_require_once('lib_config.php');
+oc_require_once('lib_user.php');
+oc_require_once('lib_ocs.php');
+
+if(OC_USER::isLoggedIn()){
+ //jail the user in a seperate data folder
+ $CONFIG_DATADIRECTORY=$SERVERROOT.'/data/'.$_SESSION['username_clean'];
+ if(!is_dir($CONFIG_DATADIRECTORY)){
+ mkdir($CONFIG_DATADIRECTORY);
+ }
+}
// load plugins
-$CONFIG_LOADPLUGINS='music';
+$CONFIG_LOADPLUGINS='';
$plugins=explode(' ',$CONFIG_LOADPLUGINS);
if(isset($plugins[0]['url'])) foreach($plugins as $plugin) require_once('plugins/'.$plugin.'/lib_'.$plugin.'.php');
@@ -81,46 +90,6 @@ OC_UTIL::checkserver();
OC_USER::logoutlisener();
$loginresult=OC_USER::loginlisener();
-
-/**
- * Class for usermanagement
- *
- */
-class OC_USER {
-
- /**
- * check if the login button is pressed and logg the user in
- *
- */
- public static function loginlisener(){
- global $CONFIG_ADMINLOGIN;
- global $CONFIG_ADMINPASSWORD;
- if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
- if($_POST['login']==$CONFIG_ADMINLOGIN and $_POST['password']==$CONFIG_ADMINPASSWORD){
- $_SESSION['username']=$_POST['login'];
- OC_LOG::event($_SESSION['username'],1,'');
- return('');
- }else{
- return('error');
- }
- }
- return('');
- }
-
- /**
- * check if the logout button is pressed and logout the user
- *
- */
- public static function logoutlisener(){
- if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
- OC_LOG::event($_SESSION['username'],2,'');
- unset($_SESSION['username']);
- }
- }
-
-}
-
-
/**
* Class for utility functions
*
@@ -163,7 +132,7 @@ class OC_UTIL {
public static function showheader(){
global $CONFIG_ADMINLOGIN;
global $WEBROOT;
- require('templates/header.php');;
+ oc_require('templates/header.php');;
}
/**
@@ -173,7 +142,7 @@ class OC_UTIL {
public static function showfooter(){
global $CONFIG_FOOTEROWNERNAME;
global $CONFIG_FOOTEROWNEREMAIL;
- require('templates/footer.php');;
+ oc_require('templates/footer.php');;
}
/**
@@ -204,8 +173,11 @@ class OC_UTIL {
if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo(''.$NAVI['name'].' | '); else echo(''.$NAVI['name'].' | ');
}
- if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('Log | '); else echo('Log | ');
- if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('Settings | '); else echo('Settings | ');
+ if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('Log | '); else echo('Log | ');
+ if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('Settings | '); else echo('Settings | ');
+ if(OC_USER::ingroup($_SESSION['username'],'admin')){
+ if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo('Admin Panel | '); else echo('Admin Panel | ');
+ }
echo('Logout | ');
echo('');
}
@@ -217,7 +189,7 @@ class OC_UTIL {
*/
public static function showloginform(){
global $loginresult;
- require('templates/loginform.php');
+ oc_require('templates/loginform.php');
}
@@ -284,6 +256,32 @@ class OC_DB {
return $result;
}
+ /**
+ * executes a query on the database and returns the result in an array
+ *
+ * @param string $cmd
+ * @return result-set
+ */
+ static function select($cmd) {
+ global $CONFIG_DBTYPE;
+ $result=OC_DB::query($cmd);
+ if($result){
+ $data=array();
+ if($CONFIG_DBTYPE=='sqlite'){
+ while($row=$result->fetch(SQLITE_ASSOC)){
+ $data[]=$row;
+ }
+ }elseif($CONFIG_DBTYPE=='mysql'){
+ while($row=$result->fetch_array(MYSQLI_ASSOC)){
+ $data[]=$row;
+ }
+ }
+ return $data;
+ }else{
+ return false;
+ }
+ }
+
/**
* executes multiply queries on the database
*
@@ -455,4 +453,101 @@ class OC_DB {
}
-?>
+//custom require/include functions because not all hosts allow us to set the include path
+function oc_require($file){
+ global $SERVERROOT;
+ global $DOCUMENTROOT;
+ global $WEBROOT;
+ global $CONFIG_DBNAME;
+ global $CONFIG_DBHOST;
+ global $CONFIG_DBUSER;
+ global $CONFIG_DBPASSWORD;
+ global $CONFIG_DBTYPE;
+ global $CONFIG_DATADIRECTORY;
+ global $CONFIG_HTTPFORCESSL;
+ global $CONFIG_DATEFORMAT;
+ global $CONFIG_INSTALLED;
+ if(is_file($file)){
+ require($file);
+ }elseif(is_file($SERVERROOT.'/'.$file)){
+ require($SERVERROOT.'/'.$file);
+ }elseif(is_file($SERVERROOT.'/inc/'.$file)){
+ require($SERVERROOT.'/inc/'.$file);
+ }elseif(is_file($SERVERROOT.'/config/'.$file)){
+ require($SERVERROOT.'/config/'.$file);
+ }
+}
+
+function oc_require_once($file){
+ global $SERVERROOT;
+ global $DOCUMENTROOT;
+ global $WEBROOT;
+ global $CONFIG_DBNAME;
+ global $CONFIG_DBHOST;
+ global $CONFIG_DBUSER;
+ global $CONFIG_DBPASSWORD;
+ global $CONFIG_DBTYPE;
+ global $CONFIG_DATADIRECTORY;
+ global $CONFIG_HTTPFORCESSL;
+ global $CONFIG_DATEFORMAT;
+ global $CONFIG_INSTALLED;
+ if(is_file($file)){
+ require_once($file);
+ }elseif(is_file($SERVERROOT.'/'.$file)){
+ require_once($SERVERROOT.'/'.$file);
+ }elseif(is_file($SERVERROOT.'/inc/'.$file)){
+ require_once($SERVERROOT.'/inc/'.$file);
+ }elseif(is_file($SERVERROOT.'/config/'.$file)){
+ require_once($SERVERROOT.'/config/'.$file);
+ }
+}
+
+function oc_include($file){
+ global $SERVERROOT;
+ global $DOCUMENTROOT;
+ global $WEBROOT;
+ global $CONFIG_DBNAME;
+ global $CONFIG_DBHOST;
+ global $CONFIG_DBUSER;
+ global $CONFIG_DBPASSWORD;
+ global $CONFIG_DBTYPE;
+ global $CONFIG_DATADIRECTORY;
+ global $CONFIG_HTTPFORCESSL;
+ global $CONFIG_DATEFORMAT;
+ global $CONFIG_INSTALLED;
+ if(is_file($file)){
+ include($file);
+ }elseif(is_file($SERVERROOT.'/'.$file)){
+ include($SERVERROOT.'/'.$file);
+ }elseif(is_file($SERVERROOT.'/inc/'.$file)){
+ include($SERVERROOT.'/inc/'.$file);
+ }elseif(is_file($SERVERROOT.'/config/'.$file)){
+ include($SERVERROOT.'/config/'.$file);
+ }
+}
+
+function oc_include_once($file){
+ global $SERVERROOT;
+ global $DOCUMENTROOT;
+ global $WEBROOT;
+ global $CONFIG_DBNAME;
+ global $CONFIG_DBHOST;
+ global $CONFIG_DBUSER;
+ global $CONFIG_DBPASSWORD;
+ global $CONFIG_DBTYPE;
+ global $CONFIG_DATADIRECTORY;
+ global $CONFIG_HTTPFORCESSL;
+ global $CONFIG_DATEFORMAT;
+ global $CONFIG_INSTALLED;
+ if(is_file($file)){
+ include_once($file);
+ }elseif(is_file($SERVERROOT.'/'.$file)){
+ include_once($SERVERROOT.'/'.$file);
+ }elseif(is_file($SERVERROOT.'/inc/'.$file)){
+ include_once($SERVERROOT.'/inc/'.$file);
+ }elseif(is_file($SERVERROOT.'/config/'.$file)){
+ include_once($SERVERROOT.'/config/'.$file);
+ }
+}
+
+?>
\ No newline at end of file
diff --git a/inc/lib_config.php b/inc/lib_config.php
index a3270ab41b..389aeff646 100755
--- a/inc/lib_config.php
+++ b/inc/lib_config.php
@@ -11,122 +11,250 @@ class OC_CONFIG{
global $CONFIG_HTTPFORCESSL;
global $CONFIG_DATEFORMAT;
global $CONFIG_DBNAME;
- require('templates/configform.php');
+ oc_require('templates/configform.php');
}
-
+
/**
- * lisen for configuration changes and write it to the file
+ * show the configform
*
*/
- public static function writeconfiglisener(){
- global $DOCUMENTROOT;
- global $SERVERROOT;
- global $WEBROOT;
- global $CONFIG_DBHOST;
- global $CONFIG_DBNAME;
- global $CONFIG_DBUSER;
- global $CONFIG_DBPASSWORD;
- global $CONFIG_DBTYPE;
+ public static function showadminform(){
global $CONFIG_ADMINLOGIN;
global $CONFIG_ADMINPASSWORD;
- if(isset($_POST['set_config'])){
+ global $CONFIG_DATADIRECTORY;
+ global $CONFIG_HTTPFORCESSL;
+ global $CONFIG_DATEFORMAT;
+ global $CONFIG_DBNAME;
+ global $CONFIG_INSTALLED;
+ $allow=false;
+ if(!$CONFIG_INSTALLED){
+ $allow=true;
+ }elseif(OC_USER::isLoggedIn()){
+ if(OC_USER::ingroup($_SESSION['username'],'admin')){
+ $allow=true;
+ }
+ }
+ if($allow){
+ oc_require('templates/adminform.php');
+ }
+ }
- //checkdata
- $error='';
- $FIRSTRUN=empty($CONFIG_ADMINLOGIN);
- if(!$FIRSTRUN){
- if($_POST['currentpassword']!=$CONFIG_ADMINPASSWORD){
- $error.='wrong password
';
- }
- }
-
- if(!isset($_POST['adminlogin']) or empty($_POST['adminlogin'])) $error.='admin login not set
';
- if((!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])) and $FIRSTRUN) $error.='admin password not set
';
- if((!isset($_POST['adminpassword2']) or empty($_POST['adminpassword2'])) and $FIRSTRUN) $error.='retype admin password not set
';
- if(!isset($_POST['datadirectory']) or empty($_POST['datadirectory'])) $error.='data directory not set
';
- if(!isset($_POST['dateformat']) or empty($_POST['dateformat'])) $error.='dateformat not set
';
- if(!isset($_POST['dbname']) or empty($_POST['dbname'])) $error.='databasename not set
';
- if($_POST['adminpassword']<>$_POST['adminpassword2'] ) $error.='admin passwords are not the same
';
- $dbtype=$_POST['dbtype'];
- if($dbtype=='mysql'){
- if(!isset($_POST['dbhost']) or empty($_POST['dbhost'])) $error.='database host not set
';
- if(!isset($_POST['dbuser']) or empty($_POST['dbuser'])) $error.='database user not set
';
- if($_POST['dbpassword']<>$_POST['dbpassword2'] ) $error.='database passwords are not the same
';
-
- }
- if(!$FIRSTRUN){
- if(!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])){
- $_POST['adminpassword']=$CONFIG_ADMINPASSWORD;
- }
- if(!isset($_POST['dbpassword']) or empty($_POST['dbpassword'])){
- $_POST['dbpassword']=$CONFIG_DBPASSWORD;
- }
- }
- if(empty($error)) {
- //create/fill database
- $CONFIG_DBTYPE=$dbtype;
- $CONFIG_DBNAME=$_POST['dbname'];
- if($dbtype=='mysql'){
- $CONFIG_DBHOST=$_POST['dbhost'];
- $CONFIG_DBUSER=$_POST['dbuser'];
- $CONFIG_DBPASSWORD=$_POST['dbpassword'];
- }
- try{
- if(isset($_POST['createdatabase']) and $CONFIG_DBTYPE=='mysql'){
- self::createdatabase($_POST['dbadminuser'],$_POST['dbadminpwd']);
- }
- }catch(Exception $e){
- $error.='error while trying to create the database
';
- }
- if($CONFIG_DBTYPE=='sqlite'){
- $f=@fopen($SERVERROOT.'/'.$CONFIG_DBNAME,'a+');
- if(!$f){
- $error.='path of sqlite database not writable by server
';
- }
- }
- try{
- if(isset($_POST['filldb'])){
- self::filldatabase();
- }
- }catch(Exception $e){
- $error.='error while trying to fill the database
';
- }
-
- //storedata
- $config=' ';
-
- $filename=$SERVERROOT.'/config/config.php';
- if(empty($error)){
- header("Location: ".$WEBROOT."/");
- try{
- file_put_contents($filename,$config);
- }catch(Exception $e){
- $error.='error while trying to save the configuration file
';
- return $error;
+ public static function createuserlisener(){
+ if(OC_USER::isLoggedIn()){
+ if(OC_USER::ingroup($_SESSION['username'],'admin')){
+ if(isset($_POST['new_username']) and isset($_POST['new_password'])){
+ if(OC_USER::createuser($_POST['new_username'],$_POST['new_password'])){
+ return 'user successfully created';
+ }else{
+ return 'error while trying to create user';
+ }
+ }else{
+ return false;
}
}else{
- return $error;
+ return false;
}
-
}
- return($error);
+ }
+
+ public static function creategrouplisener(){
+ if(OC_USER::isLoggedIn()){
+ if(isset($_POST['creategroup']) and $_POST['creategroup']==1){
+ if(OC_USER::creategroup($_POST['groupname'])){
+ if(OC_USER::addtogroup($_SESSION['username'],$_POST['groupname'])){
+ return 'group successfully created';
+ }else{
+ return 'error while trying to add user to the new created group';
+ }
+ }else{
+ return 'error while trying to create group';
+ }
+ }else{
+ return false;
+ }
+ }else{
+ return false;
+ }
+ }
+
+
+ /**
+ * lisen for configuration changes
+ *
+ */
+ public static function configlisener(){
+ if(OC_USER::isLoggedIn()){
+ if(isset($_POST['config']) and $_POST['config']==1){
+ $error='';
+ if(!OC_USER::checkpassword($_SESSION['username'],$_POST['currentpassword'])){
+ $error.='wrong password
';
+ }else{
+ if(isset($_POST['changepass']) and $_POST['changepass']==1){
+ if(!isset($_POST['password']) or empty($_POST['password'])) $error.='password not set
';
+ if(!isset($_POST['password2']) or empty($_POST['password2'])) $error.='retype password not set
';
+ if($_POST['password']<>$_POST['password2'] ) $error.='passwords are not the same
';
+ if(empty($error)){
+ if(!OC_USER::setpassword($_SESSION['username'],$_POST['password'])){
+ $error.='error while trying to set password
';
+ }
+ }
+ }
+ }
+ return $error;
+ }else{
+ return false;
+ }
+ }else{
+ return false;
+ }
+ }
+
+
+ /**
+ * lisen for admin configuration changes and write it to the file
+ *4bd0be1185e76
+ */
+ public static function writeadminlisener(){
+ global $CONFIG_INSTALLED;
+ $allow=false;
+ if(!$CONFIG_INSTALLED){
+ $allow=true;
+ }elseif(OC_USER::isLoggedIn()){
+ if(OC_USER::ingroup($_SESSION['username'],'admin')){
+ $allow=true;
+ }
+ }
+ if($allow){
+ global $DOCUMENTROOT;
+ global $SERVERROOT;
+ global $WEBROOT;
+ global $CONFIG_DBHOST;
+ global $CONFIG_DBNAME;
+ global $CONFIG_DBUSER;
+ global $CONFIG_DBPASSWORD;
+ global $CONFIG_DBTYPE;
+ global $CONFIG_ADMINLOGIN;
+ global $CONFIG_ADMINPASSWORD;
+ if(isset($_POST['set_config'])){
+
+ //checkdata
+ $error='';
+ $FIRSTRUN=empty($CONFIG_ADMINLOGIN);
+ if(!$FIRSTRUN){
+ if($_POST['currentpassword']!=$CONFIG_ADMINPASSWORD){
+ $error.='wrong password
';
+ }
+ }
+
+ if(!isset($_POST['adminlogin']) or empty($_POST['adminlogin'])) $error.='admin login not set
';
+ if((!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])) and $FIRSTRUN) $error.='admin password not set
';
+ if((!isset($_POST['adminpassword2']) or empty($_POST['adminpassword2'])) and $FIRSTRUN) $error.='retype admin password not set
';
+ if(!isset($_POST['datadirectory']) or empty($_POST['datadirectory'])) $error.='data directory not set
';
+ if(!isset($_POST['dateformat']) or empty($_POST['dateformat'])) $error.='dateformat not set
';
+ if(!isset($_POST['dbname']) or empty($_POST['dbname'])) $error.='databasename not set
';
+ if($_POST['adminpassword']<>$_POST['adminpassword2'] ) $error.='admin passwords are not the same
';
+ $dbtype=$_POST['dbtype'];
+ if($dbtype=='mysql'){
+ if(!isset($_POST['dbhost']) or empty($_POST['dbhost'])) $error.='database host not set
';
+ if(!isset($_POST['dbuser']) or empty($_POST['dbuser'])) $error.='database user not set
';
+ if($_POST['dbpassword']<>$_POST['dbpassword2'] ) $error.='database passwords are not the same
';
+
+ }
+ if(!$FIRSTRUN){
+ if(!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])){
+ $_POST['adminpassword']=$CONFIG_ADMINPASSWORD;
+ }
+ if(!isset($_POST['dbpassword']) or empty($_POST['dbpassword'])){
+ $_POST['dbpassword']=$CONFIG_DBPASSWORD;
+ }
+ }
+ if(!is_dir($_POST['datadirectory'])){
+ try{
+ mkdir($_POST['datadirectory']);
+ }catch(Exception $e){
+ $error.='error while trying to create data directory
';
+ }
+ }
+ if(empty($error)) {
+ //create/fill database
+ $CONFIG_DBTYPE=$dbtype;
+ $CONFIG_DBNAME=$_POST['dbname'];
+ if($dbtype=='mysql'){
+ $CONFIG_DBHOST=$_POST['dbhost'];
+ $CONFIG_DBUSER=$_POST['dbuser'];
+ $CONFIG_DBPASSWORD=$_POST['dbpassword'];
+ }
+ try{
+ if(isset($_POST['createdatabase']) and $CONFIG_DBTYPE=='mysql'){
+ self::createdatabase($_POST['dbadminuser'],$_POST['dbadminpwd']);
+ }
+ }catch(Exception $e){
+ $error.='error while trying to create the database
';
+ }
+ if($CONFIG_DBTYPE=='sqlite'){
+ $f=@fopen($SERVERROOT.'/'.$CONFIG_DBNAME,'a+');
+ if(!$f){
+ $error.='path of sqlite database not writable by server
';
+ }
+ }
+ try{
+ if(isset($_POST['filldb'])){
+ self::filldatabase();
+ }
+ }catch(Exception $e){
+ echo 'testin';
+ $error.='error while trying to fill the database
';
+ }
+ if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){
+ $error.='error while trying to create the admin user
';
+ }
+
+ if(OC_USER::getgroupid('admin')==0){
+ if(!OC_USER::creategroup('admin')){
+ $error.='error while trying to create the admin group
';
+ }
+ }
+
+ if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){
+ $error.='error while trying to add the admin user to the admin group
';
+ }
+
+ //storedata
+ $config=' ';
- }
+ $filename=$SERVERROOT.'/config/config.php';
+ if(empty($error)){
+ header("Location: ".$WEBROOT."/");
+ try{
+ file_put_contents($filename,$config);
+ }catch(Exception $e){
+ $error.='error while trying to save the configuration file
';
+ return $error;
+ }
+ }else{
+ return $error;
+ }
- }
+ }
+ return($error);
+
+ }
+ }
+ }
/**
* Fills the database with the initial tables
@@ -163,9 +291,19 @@ CREATE TABLE 'properties' (
'ns' varchar(120) NOT NULL DEFAULT 'DAV:',
'value' text,
PRIMARY KEY ('path','name','ns')
-);";
+);
+
+CREATE TABLE 'users' (
+ 'user_id' int(11) NOT NULL,
+ 'user_name' varchar(64) NOT NULL DEFAULT '',
+ 'user_name_clean' varchar(64) NOT NULL DEFAULT '',
+ 'user_password' varchar(40) NOT NULL DEFAULT '',
+ PRIMARY KEY ('user_id'),
+ UNIQUE ('user_name' ,'user_name_clean')
+);
+";
}elseif($CONFIG_DBTYPE=='mysql'){
- $query="SET SQL_MODE=\"NO_AUTO_VALUE_ON_ZERO\";
+ $query="SET SQL_MODE='NO_AUTO_VALUE_ON_ZERO';
CREATE TABLE IF NOT EXISTS `locks` (
`token` varchar(255) NOT NULL DEFAULT '',
@@ -201,6 +339,31 @@ CREATE TABLE IF NOT EXISTS `properties` (
PRIMARY KEY (`path`,`name`,`ns`),
KEY `path` (`path`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+CREATE TABLE IF NOT EXISTS `users` (
+`user_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
+`user_name` VARCHAR( 64 ) NOT NULL ,
+`user_name_clean` VARCHAR( 64 ) NOT NULL ,
+`user_password` VARCHAR( 340) NOT NULL ,
+UNIQUE (
+`user_name` ,
+`user_name_clean`
+)
+) ENGINE = MYISAM ;
+
+CREATE TABLE IF NOT EXISTS `groups` (
+`group_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
+`group_name` VARCHAR( 64 ) NOT NULL ,
+UNIQUE (
+`group_name`
+)
+) ENGINE = MYISAM ;
+
+CREATE TABLE IF NOT EXISTS `user_group` (
+`user_group_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
+`user_id` VARCHAR( 64 ) NOT NULL ,
+`group_id` VARCHAR( 64 ) NOT NULL
+) ENGINE = MYISAM ;
";
}
OC_DB::multiquery($query);
diff --git a/inc/lib_files.php b/inc/lib_files.php
index 9c6cb25346..2e77067b4a 100755
--- a/inc/lib_files.php
+++ b/inc/lib_files.php
@@ -29,132 +29,306 @@
*/
class OC_FILES {
- /**
- * show a web GUI filebrowser
- *
- * @param basedir $basedir
- * @param dir $dir
- */
- public static function showbrowser($basedir,$dir){/*
- global $CONFIG_DATEFORMAT;
- global $WEBROOT;
+ /**
+ * show a web GUI filebrowser
+ *
+ * @param basedir $basedir
+ * @param dir $dir
+ */
+ public static function showbrowser($basedir,$dir){
+ echo '';
+ }
- $directory=$basedir.'/'.$dir;
-
- // exit if try to access files outside our directory
- if(strstr($dir,'..')<>false) exit();
- $directory=realpath($directory);
-
- $dirs=explode('/',$dir);
-
- // breadcrumb
- if(count($dirs)>1) {
- echo('');
- echo('home | ');
- $currentdir='';
- foreach($dirs as $d) {
- $currentdir.='/'.$d.'';
- if($d<>'') echo(' '.$d.' | ');
- }
- echo('
');
- }
-
- // files and directories
- echo('');
- $filesfound=false;
- $content=self::getdirectorycontent($directory);
- if($content){
- foreach($content as $file){
- echo('');
- OC_UTIL::showicon($file['type']);
- if($file['type']=='dir') echo(''.$file['name'].' | ');
- if($file['type']<>'dir') echo(''.$file['name'].' | ');
- if($file['type']<>'dir') echo(''.$file['size'].' byte | '); else echo(' | ');
- echo(''.date($CONFIG_DATEFORMAT,$file['mtime']).' | ');
- echo('
');
- }
- }
- echo('
');
- if(!$content) echo('
no files here
');
- echo('
');*/
- echo '';
- }
-
- /**
- * get the content of a directory
- * @param dir $directory
- */
- public static function getdirectorycontent($directory){
- $filesfound=true;
- $content=array();
- $dirs=array();
- $file=array();
- $files=array();
- if (is_dir($directory)) {
- if ($dh = opendir($directory)) {
- while (($filename = readdir($dh)) !== false) {
- if($filename<>'.' and $filename<>'..'){
- $file=array();
- $filesfound=true;
- $file['name']=$filename;
- $file['directory']=$directory;
- $stat=stat($directory.'/'.$filename);
- $file=array_merge($file,$stat);
- $file['type']=filetype($directory .'/'. $filename);
- if($file['type']=='dir'){
- $dirs[$file['name']]=$file;
- }else{
- $files[$file['name']]=$file;
- }
- }
- }
- closedir($dh);
- }
- }
- ksort($dirs);
- ksort($files);
- $content=array_merge($dirs,$files);
- if($filesfound){
- return $content;
- }else{
- return false;
- }
- }
+ /**
+ * get the content of a directory
+ * @param dir $directory
+ */
+ public static function getdirectorycontent($directory){
+ $filesfound=true;
+ $content=array();
+ $dirs=array();
+ $file=array();
+ $files=array();
+ if (is_dir($directory)) {
+ if ($dh = opendir($directory)) {
+ while (($filename = readdir($dh)) !== false) {
+ if($filename<>'.' and $filename<>'..'){
+ $file=array();
+ $filesfound=true;
+ $file['name']=$filename;
+ $file['directory']=$directory;
+ $stat=stat($directory.'/'.$filename);
+ $file=array_merge($file,$stat);
+ $file['mime']=OC_FILES::getMimeType($directory .'/'. $filename);
+ $file['type']=filetype($directory .'/'. $filename);
+ if($file['type']=='dir'){
+ $dirs[$file['name']]=$file;
+ }else{
+ $files[$file['name']]=$file;
+ }
+ }
+ }
+ closedir($dh);
+ }
+ }
+ ksort($dirs);
+ ksort($files);
+ $content=array_merge($dirs,$files);
+ if($filesfound){
+ return $content;
+ }else{
+ return false;
+ }
+ }
- /**
- * return the cntent of a file
- *
- * @param dir $dir
- * @param file $file
- */
- public static function get($dir,$file){
- if(isset($_SESSION['username']) and $_SESSION['username']<>'') {
- global $CONFIG_DATADIRECTORY;
- $filename=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
+ /**
+ * return the content of a file or return a zip file containning multiply files
+ *
+ * @param dir $dir
+ * @param file $file
+ */
+ public static function get($dir,$files){
+ global $CONFIG_DATADIRECTORY;
+ if(strstr($files,'..') or strstr($dir,'..')){
+ die();
+ }
+ if(is_array($files)){
+ $zip = new ZipArchive();
+ $filename = sys_get_temp_dir()."/ownCloud.zip";
+ if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
+ exit("cannot open <$filename>\n");
+ }
+ foreach($files as $file){
+ $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
+ if(is_file($file)){
+ $zip->addFile($file,basename($file));
+ }elseif(is_dir($file)){
+ zipAddDir($file,$zip);
+ }
+ }
+ $zip->close();
+ }elseif(is_dir($CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files)){
+ $zip = new ZipArchive();
+ $filename = sys_get_temp_dir()."/ownCloud.zip";
+ if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
+ exit("cannot open <$filename>\n");
+ }
+ $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
+ zipAddDir($file,$zip);
+ $zip->close();
+ }else{
+ $zip=false;
+ $filename=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
+ }
+ header('Content-Description: File Transfer');
+ header('Content-Type: application/octet-stream');
+ header('Content-Disposition: attachment; filename='.basename($filename));
+ header('Content-Transfer-Encoding: binary');
+ header('Expires: 0');
+ header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+ header('Pragma: public');
+ header('Content-Length: ' . filesize($filename));
+ ob_end_clean();
+ readfile($filename);
+ if($zip){
+ unlink($filename);
+ }
+ }
+
+ /**
+ * move a file or folder
+ *
+ * @param dir $sourceDir
+ * @param file $source
+ * @param dir $targetDir
+ * @param file $target
+ */
+ public static function move($sourceDir,$source,$targetDir,$target){
+ global $CONFIG_DATADIRECTORY;
+ if(OC_USER::isLoggedIn() and strpos($sourceDir,'..')===false and strpos($source,'..')===false and strpos($targetDir,'..')===false and strpos($target,'..')===false){
+ $targetFile=$CONFIG_DATADIRECTORY.'/'.$targetDir.'/'.$target;
+ $sourceFile=$CONFIG_DATADIRECTORY.'/'.$sourceDir.'/'.$source;
+ rename($sourceFile,$targetFile);
+ }
+ }
+
+ /**
+ * create a new file or folder
+ *
+ * @param dir $dir
+ * @param file $name
+ * @param type $type
+ */
+ public static function newfile($dir,$name,$type){
+ global $CONFIG_DATADIRECTORY;
+ if(OC_USER::isLoggedIn() and strpos($dir,'..')===false and strpos($name,'..')===false){
+ $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$name;
+ if($type=='dir'){
+ mkdir($file);
+ }elseif($type=='file'){
+ $fileHandle=fopen($file, 'w') or die("can't open file");
+ fclose($fileHandle);
+ }
+ }
+ }
+
+ /**
+ * deletes a file or folder
+ *
+ * @param dir $dir
+ * @param file $name
+ */
+ public static function delete($dir,$file){
+ global $CONFIG_DATADIRECTORY;
+ if(OC_USER::isLoggedIn() and strpos($dir,'..')===false){
+ $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
+ if(is_file($file)){
+ unlink($file);
+ }elseif(is_dir($file)){
+ rmdir($file);
+ }
+ }
+ }
+
+ /**
+ * try to detect the mime type of a file
+ *
+ * @param string file path
+ * @return string guessed mime type
+ */
+ function getMimeType($fspath){
+ if (@is_dir($fspath)) {
+ // directories are easy
+ return "httpd/unix-directory";
+ } else if (function_exists("mime_content_type")) {
+ // use mime magic extension if available
+ $mime_type = mime_content_type($fspath);
+ } else if (OC_FILES::canExecute("file")) {
+ // it looks like we have a 'file' command,
+ // lets see it it does have mime support
+ $fp = popen("file -i '$fspath' 2>/dev/null", "r");
+ $reply = fgets($fp);
+ pclose($fp);
+
+ // popen will not return an error if the binary was not found
+ // and find may not have mime support using "-i"
+ // so we test the format of the returned string
+
+ // the reply begins with the requested filename
+ if (!strncmp($reply, "$fspath: ", strlen($fspath)+2)) {
+ $reply = substr($reply, strlen($fspath)+2);
+ // followed by the mime type (maybe including options)
+ if (preg_match('/^[[:alnum:]_-]+/[[:alnum:]_-]+;?.*/', $reply, $matches)) {
+ $mime_type = $matches[0];
+ }
+ }
+ }
+ if (empty($mime_type)) {
+ // Fallback solution: try to guess the type by the file extension
+ // TODO: add more ...
+ switch (strtolower(strrchr(basename($fspath), "."))) {
+ case ".html":
+ $mime_type = "text/html";
+ break;
+ case ".txt":
+ $mime_type = "text/plain";
+ break;
+ case ".css":
+ $mime_type = "text/css";
+ break;
+ case ".gif":
+ $mime_type = "image/gif";
+ break;
+ case ".jpg":
+ $mime_type = "image/jpeg";
+ break;
+ case ".jpg":
+ $mime_type = "png/jpeg";
+ break;
+ default:
+ $mime_type = "application/octet-stream";
+ break;
+ }
+ }
+
+ return $mime_type;
+ }
+
+ /**
+ * detect if a given program is found in the search PATH
+ *
+ * helper function used by _mimetype() to detect if the
+ * external 'file' utility is available
+ *
+ * @param string program name
+ * @param string optional search path, defaults to $PATH
+ * @return bool true if executable program found in path
+ */
+ function canExecute($name, $path = false)
+ {
+ // path defaults to PATH from environment if not set
+ if ($path === false) {
+ $path = getenv("PATH");
+ }
+
+ // check method depends on operating system
+ if (!strncmp(PHP_OS, "WIN", 3)) {
+ // on Windows an appropriate COM or EXE file needs to exist
+ $exts = array(".exe", ".com");
+ $check_fn = "file_exists";
+ } else {
+ // anywhere else we look for an executable file of that name
+ $exts = array("");
+ $check_fn = "is_executable";
+ }
+
+ // now check the directories in the path for the program
+ foreach (explode(PATH_SEPARATOR, $path) as $dir) {
+ // skip invalid path entries
+ if (!file_exists($dir)) continue;
+ if (!is_dir($dir)) continue;
- // exit if try to access files outside our directory
- if(strstr($filename,'..')<>false) exit();
-
- OC_LOG::event($_SESSION['username'],3,$dir.'/'.$file);
-
- header('Content-Description: File Transfer');
- header('Content-Type: application/octet-stream');
- header('Content-Disposition: attachment; filename='.basename($file));
- header('Content-Transfer-Encoding: binary');
- header('Expires: 0');
- header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
- header('Pragma: public');
- header('Content-Length: ' . filesize($filename));
- readfile($filename);
- }
- exit;
- }
+ // and now look for the file
+ foreach ($exts as $ext) {
+ if ($check_fn("$dir/$name".$ext)) return true;
+ }
+ }
+ return false;
+ }
}
+function zipAddDir($dir,$zip,$internalDir=''){
+ $dirname=basename($dir);
+ $zip->addEmptyDir($internalDir.$dirname);
+ $internalDir.=$dirname.='/';
+ $files=OC_FILES::getdirectorycontent($dir);
+ foreach($files as $file){
+ $filename=$file['name'];
+ $file=$dir.'/'.$filename;
+ if(is_file($file)){
+ $zip->addFile($file,$internalDir.$filename);
+ }elseif(is_dir($file)){
+ zipAddDir($file,$zip,$internalDir);
+ }
+ }
+}
+if(!function_exists('sys_get_temp_dir')) {
+ function sys_get_temp_dir() {
+ if( $temp=getenv('TMP') ) return $temp;
+ if( $temp=getenv('TEMP') ) return $temp;
+ if( $temp=getenv('TMPDIR') ) return $temp;
+ $temp=tempnam(__FILE__,'');
+ if (file_exists($temp)) {
+ unlink($temp);
+ return dirname($temp);
+ }
+ return null;
+ }
+}
-?>
+?>
\ No newline at end of file
diff --git a/inc/lib_user.php b/inc/lib_user.php
new file mode 100644
index 0000000000..37e5f0bc21
--- /dev/null
+++ b/inc/lib_user.php
@@ -0,0 +1,277 @@
+.
+*
+*/
+
+if(!$CONFIG_INSTALLED){
+ $_SESSION['user_id']=false;
+ $_SESSION['username']='';
+ $_SESSION['username_clean']='';
+}
+
+/**
+ * Class for usermanagement
+ *
+ */
+class OC_USER {
+
+ /**
+ * check if the login button is pressed and logg the user in
+ *
+ */
+ public static function loginlisener(){
+ if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
+ if(OC_USER::login($_POST['login'],$_POST['password'])){
+ OC_LOG::event($_SESSION['username'],1,'');
+ return('');
+ }else{
+ return('error');
+ }
+ }
+ return('');
+ }
+
+
+ /**
+ * try to create a new user
+ *
+ */
+ public static function createuser($username,$password){
+ if(OC_USER::getuserid($username)!=0){
+ return false;
+ }else{
+ $password=sha1($password);
+ $usernameclean=strtolower($username);
+ $username=mysql_escape_string($username);
+ $usernameclean=mysql_escape_string($usernameclean);
+ $query="INSERT INTO `users` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`)VALUES (NULL , '$username', '$usernameclean', '$password')";
+ $result=OC_DB::query($query);
+ return ($result)?true:false;
+ }
+
+ }
+
+ /**
+ * try to login a user
+ *
+ */
+ public static function login($username,$password){
+ $password=sha1($password);
+ $usernameclean=strtolower($username);
+ $username=mysql_escape_string($username);
+ $usernameclean=mysql_escape_string($usernameclean);
+ $query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' AND `user_password` = '$password' LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['user_id'])){
+ $_SESSION['user_id']=$result[0]['user_id'];
+ $_SESSION['username']=$username;
+ $_SESSION['username_clean']=$usernameclean;
+ return true;
+ }else{
+ return false;
+ }
+ }
+
+ /**
+ * check if the logout button is pressed and logout the user
+ *
+ */
+ public static function logoutlisener(){
+ if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
+ OC_LOG::event($_SESSION['username'],2,'');
+ $_SESSION['user_id']=false;
+ $_SESSION['username']='';
+ $_SESSION['username_clean']='';
+ }
+ }
+
+ /**
+ * check if a user is logged in
+ *
+ */
+ public static function isLoggedIn(){
+ return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false;
+ }
+
+ /**
+ * try to create a new group
+ *
+ */
+ public static function creategroup($groupname){
+ if(OC_USER::getgroupid($groupname)==0){
+ $groupname=mysql_escape_string($groupname);
+ $query="INSERT INTO `groups` (`group_id` ,`group_name`) VALUES (NULL , '$groupname');";
+ $result=OC_DB::query($query);
+ return ($result)?true:false;
+ }else{
+ return false;
+ }
+ }
+
+ /**
+ * get the id of a user
+ *
+ */
+ public static function getuserid($username){
+ $usernameclean=strtolower($username);
+ $username=mysql_escape_string($username);
+ $usernameclean=mysql_escape_string($usernameclean);
+ $query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['user_id'])){
+ return $result[0]['user_id'];
+ }else{
+ return 0;
+ }
+ }
+
+ /**
+ * get the id of a group
+ *
+ */
+ public static function getgroupid($groupname){
+ $groupname=mysql_escape_string($groupname);
+ $query="SELECT group_id FROM `groups` WHERE `group_name` = '$groupname' LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['group_id'])){
+ return $result[0]['group_id'];
+ }else{
+ return 0;
+ }
+ }
+
+ /**
+ * get the name of a group
+ *
+ */
+ public static function getgroupname($groupid){
+ $groupid=(integer)$groupid;
+ $query="SELECT group_name FROM `groups` WHERE `group_id` = '$groupid' LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['group_name'])){
+ return $result[0]['group_name'];
+ }else{
+ return 0;
+ }
+ }
+
+ /**
+ * check if a user belongs to a group
+ *
+ */
+ public static function ingroup($username,$groupname){
+ $userid=OC_USER::getuserid($username);
+ $groupid=OC_USER::getgroupid($groupname);
+ if($groupid>0 and $userid>0){
+ $query="SELECT user_group_id FROM `user_group` WHERE `group_id` = '$groupid ' AND `user_id` = '$userid 'LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['user_group_id'])){
+ return true;
+ }else{
+ return false;
+ }
+ }else{
+ return false;
+ }
+ }
+
+ /**
+ * add a user to a group
+ *
+ */
+ public static function addtogroup($username,$groupname){
+ if(!OC_USER::ingroup($username,$groupname)){
+ $userid=OC_USER::getuserid($username);
+ $groupid=OC_USER::getgroupid($groupname);
+ if($groupid!=0 and $userid!=0){
+ $query="INSERT INTO `user_group` (`user_group_id` ,`user_id` ,`group_id`) VALUES (NULL , '$userid', '$groupid');";
+ $result=OC_DB::query($query);
+ if($result){
+ return true;
+ }else{
+ return false;
+ }
+ }else{
+ return false;
+ }
+ }else{
+ return true;
+ }
+ }
+
+ public static function generatepassword(){
+ return uniqid();
+ }
+
+ /**
+ * get all groups the user belongs to
+ *
+ */
+ public static function getusergroups($username){
+ $userid=OC_USER::getuserid($username);
+ $query="SELECT group_id FROM `user_group` WHERE `user_id` = '$userid'";
+ $result=OC_DB::select($query);
+ $groups=array();
+ if(is_array($result)){
+ foreach($result as $group){
+ $groupid=$group['group_id'];
+ $groups[]=OC_USER::getgroupname($groupid);
+ }
+ }
+ return $groups;
+ }
+
+ /**
+ * set the password of a user
+ *
+ */
+ public static function setpassword($username,$password){
+ $password=sha1($password);
+ $userid=OC_USER::getuserid($username);
+ $query="UPDATE `users` SET `user_password` = '$password' WHERE `user_id` =$userid LIMIT 1 ;";
+ $result=OC_DB::query($query);
+ if($result){
+ return true;
+ }else{
+ return false;
+ }
+ }
+
+ /**
+ * check the password of a user
+ *
+ */
+ public static function checkpassword($username,$password){
+ $password=sha1($password);
+ $usernameclean=strtolower($username);
+ $username=mysql_escape_string($username);
+ $usernameclean=mysql_escape_string($usernameclean);
+ $query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' AND `user_password` = '$password' LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){
+ return true;
+ }else{
+ return false;
+ }
+ }
+}
+
+?>
\ No newline at end of file
diff --git a/inc/templates/adminform.php b/inc/templates/adminform.php
new file mode 100644
index 0000000000..c5e0bca61d
--- /dev/null
+++ b/inc/templates/adminform.php
@@ -0,0 +1,106 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/inc/templates/configform.php b/inc/templates/configform.php
index 61217df2ac..037249a84a 100755
--- a/inc/templates/configform.php
+++ b/inc/templates/configform.php
@@ -4,85 +4,48 @@ global $CONFIG_ERROR;
if(!isset($fillDB)) $fillDB=true;
if(!isset($CONFIG_DBHOST)) $CONFIG_DBHOST='localhost';
if(!isset($CONFIG_DBUSER)) $CONFIG_DBUSER='owncloud';
+$newuserpassword=OC_USER::generatepassword();
?>
+Groups:
+
-
\ No newline at end of file
+Create new group |
+ | |
+
+
diff --git a/inc/templates/header.php b/inc/templates/header.php
index c082ea8b3d..51e729cb8e 100755
--- a/inc/templates/header.php
+++ b/inc/templates/header.php
@@ -4,7 +4,7 @@
ownCloud
-
+
@@ -12,6 +12,7 @@
+
ownCloud');
echo(''.$error.'
');
echo('First Run Wizard
');
- OC_CONFIG::showconfigform();
+ OC_CONFIG::showadminform();
echo('');
OC_UTIL::showfooter();
exit();
diff --git a/js/filebrowser.js b/js/filebrowser.js
index f12cec4414..cc03fe3315 100644
--- a/js/filebrowser.js
+++ b/js/filebrowser.js
@@ -129,16 +129,16 @@ OC_FILES.browser.files.show=function(parent,fileList){
for(name in fileList){
file=fileList[name];
if(!OC_FILES.browser.files.fileNodes[file.name]){
- OC_FILES.browser.files.add(file.name,file.type,file.size,file.date);
+ OC_FILES.browser.files.add(file.name,file.type,file.size,file.date,file.mime);
}
}
}
}
-OC_FILES.browser.files.add=function(name,type,size,date){
+OC_FILES.browser.files.add=function(name,type,size,date,mime){
if(name){
if(!size) size=0;
if(!date) date=getTimeString();
- OC_FILES.files[name]=new OC_FILES.file(OC_FILES.dir,name,type);
+ OC_FILES.files[name]=new OC_FILES.file(OC_FILES.dir,name,type,mime);
tr=document.createElement('tr');
OC_FILES.browser.files.fileNodes[name]=tr;
OC_FILES.browser.files.tbody.appendChild(tr);
diff --git a/files/delete.php b/js/lib_api.js
similarity index 67%
rename from files/delete.php
rename to js/lib_api.js
index 7d19a45a73..51fc843967 100644
--- a/files/delete.php
+++ b/js/lib_api.js
@@ -1,5 +1,3 @@
-.
*
*/
-require_once('../inc/lib_base.php');
-$dir=$_GET['dir'];
-$file=$_GET['file'];
-if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($dir,'..')===false){
- $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
- if(is_file($file)){
- unlink($file);
- }elseif(is_dir($file)){
- rmdir($file);
+OC_API=new Object();
+
+OC_API.run=function(action,params,callback,callbackparams){
+ var xmlloader=new OCXMLLoader();
+ xmlloader.setCallBack(callback);
+ xmlloader.method="POST";
+ var paramString='action='+action;
+ for(name in params){
+ paramString+='&'+name+'='+encodeURIComponent(params[name]);
}
-}
-
-?>
\ No newline at end of file
+ xmlloader.arg=callbackparams;
+ xmlloader.load('files/api.php',paramString);
+}
\ No newline at end of file
diff --git a/js/lib_files.js b/js/lib_files.js
index c231af2f03..d1480e3663 100644
--- a/js/lib_files.js
+++ b/js/lib_files.js
@@ -49,7 +49,7 @@ OC_FILES.getdirectorycontent_parse=function(req){
if(fileElements.length>0){
for(index=0;index1){
- files.join(';');
+ files=files.join(';');
}else{
files=files[0];
}
- window.location=WEBROOT+'/files/get_file.php?dir='+OC_FILES.dir+'&files='+files;
+ OC_FILES.get(dir,files);
+// window.location=WEBROOT+'/files/get_file.php?dir='+OC_FILES.dir+'&files='+files;
}
OC_FILES.actions_selected['delete']=function(){
@@ -309,11 +312,17 @@ OC_FILES.actions_selected['delete']=function(){
OC_FILES.files=Array();
-OC_FILES.file=function(dir,file,type){
+OC_FILES.file=function(dir,file,type,mime){
if(file){
this.type=type;
this.file=file;
this.dir=dir;
+ this.mime=mime;
+ if(mime){
+ var mimeParts=mime.split('/');
+ this.mime1=mimeParts[0];
+ this.mime2=mimeParts[1];
+ }
this.actions=new Object();
if(file.lastIndexOf('.')){
this.extention=file.substr(file.lastIndexOf('.')+1);
@@ -332,10 +341,17 @@ OC_FILES.file=function(dir,file,type){
}
}
}
- if(OC_FILES.fileActions[this.extention]){
- for(index in OC_FILES.fileActions[this.extention]){
- if(OC_FILES.fileActions[this.extention][index].call){
- this.actions[index]=OC_FILES.fileActions[this.extention][index];
+ if(OC_FILES.fileActions[this.mime1]){
+ for(index in OC_FILES.fileActions[this.mime1]){
+ if(OC_FILES.fileActions[this.mime1][index].call){
+ this.actions[index]=OC_FILES.fileActions[this.mime1][index];
+ }
+ }
+ }
+ if(OC_FILES.fileActions[this.mime]){
+ for(index in OC_FILES.fileActions[this.mime]){
+ if(OC_FILES.fileActions[this.mime][index].call){
+ this.actions[index]=OC_FILES.fileActions[this.mime][index];
}
}
}
@@ -361,7 +377,7 @@ OC_FILES.fileActions.all.rename=function(){
OC_FILES.browser.show_rename(this.dir,this.file);
}
OC_FILES.fileActions.all.download=function(){
- window.location=WEBROOT+'/files/get_file.php?dir='+this.dir+'&files='+this.file;
+ OC_FILES.get(this.dir,this.file);
}
OC_FILES.fileActions.all['default']=OC_FILES.fileActions.all.download;
@@ -373,19 +389,13 @@ OC_FILES.fileActions.dir.open=function(){
OC_FILES.fileActions.dir['default']=OC_FILES.fileActions.dir.open;
OC_FILES.fileActions.dir.dropOn=function(file){
- OC_FILES.move(file.file,this.file,file.dir,this.dir);
+ OC_FILES.move(file.file,file.file,file.dir,this.dir+'/'+this.file);
}
-OC_FILES.fileActions.jpg=new Object()
+OC_FILES.fileActions.image=new Object()
-OC_FILES.fileActions.jpg.show=function(){
-// window.open(WEBROOT+'/files/open_file.php?dir='+this.dir+'&file='+this.file);
+OC_FILES.fileActions.image.show=function(){
OC_FILES.browser.showImage(this.dir,this.file);
}
-OC_FILES.fileActions.jpg['default']=OC_FILES.fileActions.jpg.show;
-
-OC_FILES.fileActions.jpeg=OC_FILES.fileActions.jpg
-OC_FILES.fileActions.png=OC_FILES.fileActions.jpg
-OC_FILES.fileActions.gif=OC_FILES.fileActions.jpg
-OC_FILES.fileActions.bmp=OC_FILES.fileActions.jpg
\ No newline at end of file
+OC_FILES.fileActions.image['default']=OC_FILES.fileActions.image.show;
\ No newline at end of file
diff --git a/webdav/owncloud.php b/webdav/owncloud.php
index 6699526be2..504503b58c 100755
--- a/webdav/owncloud.php
+++ b/webdav/owncloud.php
@@ -23,7 +23,7 @@
require_once('../inc/lib_base.php');
-require_once('HTTP/WebDAV/Server/Filesystem.php');
+oc_require_once('HTTP/WebDAV/Server/Filesystem.php');
ini_set('default_charset', 'UTF-8');
@@ -38,12 +38,15 @@ if(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['REDIRECT_REMOTE_USER']))
$user=$_SERVER['PHP_AUTH_USER'];
$passwd=$_SERVER['PHP_AUTH_PW'];
-if(($user==$CONFIG_ADMINLOGIN) and ($passwd==$CONFIG_ADMINPASSWORD )){
-
- $server = new HTTP_WebDAV_Server_Filesystem();
- $server->db_name = $CONFIG_DBNAME;
- $server->ServeRequest($CONFIG_DATADIRECTORY);
-
+if(OC_USER::login($user,$passwd)){
+ $CONFIG_DATADIRECTORY=$SERVERROOT.'/data/'.$_SESSION['username_clean'];
+ if(!is_dir($CONFIG_DATADIRECTORY)){
+ mkdir($CONFIG_DATADIRECTORY);
+ }
+ $server = new HTTP_WebDAV_Server_Filesystem();
+ $server->db_name = $CONFIG_DBNAME;
+ $server->ServeRequest($CONFIG_DATADIRECTORY);
+
}else{
header('WWW-Authenticate: Basic realm="ownCloud"');
header('HTTP/1.0 401 Unauthorized');