. * */ // set some stuff ob_start(); // error_reporting(E_ALL | E_STRICT); error_reporting(E_ALL); // MDB2 gives loads of strict error, disabling for now date_default_timezone_set('Europe/Berlin'); ini_set('arg_separator.output','&'); ini_set('session.cookie_httponly','1;'); session_start(); // calculate the documentroot $SERVERROOT=substr(__FILE__,0,-17); $DOCUMENTROOT=$_SERVER['DOCUMENT_ROOT']; $SERVERROOT=str_replace("\\",'/',$SERVERROOT); if(strpos($SERVERROOT,$DOCUMENTROOT)===0){ //if the serverroot is a subdir of the documentroot we can use this $count=strlen($DOCUMENTROOT); $WEBROOT=substr($SERVERROOT,$count); }else{ //try some common patterns $WEBROOT=''; if(strpos($_SERVER['REQUEST_URI'],'/~')!==false){ //owncloud is probable installed in a users home folder, extract the username from the uri and use it as base for the webroot $part=substr($_SERVER['REQUEST_URI'],strpos($_SERVER['REQUEST_URI'],'/~')+1); $part=substr($part,0,strpos($part,'/')); $WEBROOT.='/'.$part; } if(strpos($SERVERROOT,'public_html')!==false){ //a common used folder name for websevers to store their sites if($WEBROOT{strlen($WEBROOT)-1}!=='/'){ $WEBROOT.='/'; } $WEBROOT.=substr($SERVERROOT,strpos($SERVERROOT,'public_html')+strlen('public_html')); } } if($WEBROOT{0}!=='/' and $WEBROOT!=''){ $WEBROOT='/'.$WEBROOT; } // $WEBROOT='http://localhost'.$WEBROOT; // set the right include path // set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config'); // define default config values $CONFIG_INSTALLED=false; $CONFIG_DATADIRECTORY=$SERVERROOT.'/data'; $CONFIG_BACKUPDIRECTORY=$SERVERROOT.'/backup'; $CONFIG_HTTPFORCESSL=false; $CONFIG_ENABLEBACKUP=false; $CONFIG_DATEFORMAT='j M Y G:i'; $CONFIG_DBNAME='owncloud'; $CONFIG_DBTYPE='sqlite'; // include the generated configfile @include_once($SERVERROOT.'/config/config.php'); $CONFIG_DATADIRECTORY_ROOT=$CONFIG_DATADIRECTORY;// store this in a seperate variable so we can change the data directory to jail users. // redirect to https site if configured if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){ if(!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') { $url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; header("Location: $url"); exit; } } // load core libs oc_require_once('lib_files.php'); oc_require_once('lib_filesystem.php'); oc_require_once('lib_filestorage.php'); oc_require_once('lib_fileobserver.php'); oc_require_once('lib_log.php'); oc_require_once('lib_config.php'); oc_require_once('lib_user.php'); oc_require_once('lib_ocs.php'); @oc_require_once('MDB2.php'); @oc_require_once('MDB2/Schema.php'); oc_require_once('lib_connect.php'); if(!is_dir($CONFIG_DATADIRECTORY_ROOT)){ @mkdir($CONFIG_DATADIRECTORY_ROOT) or die("Can't create data directory ($CONFIG_DATADIRECTORY_ROOT), you can usually fix this by setting the owner of '$SERVERROOT' to the user that the web server uses (www-data for debian/ubuntu)"); } if(OC_USER::isLoggedIn()){ //jail the user in a seperate data folder $CONFIG_DATADIRECTORY=$CONFIG_DATADIRECTORY_ROOT.'/'.$_SESSION['username_clean']; if(!is_dir($CONFIG_DATADIRECTORY)){ mkdir($CONFIG_DATADIRECTORY); } $rootStorage=new OC_FILESTORAGE_LOCAL(array('datadir'=>$CONFIG_DATADIRECTORY)); if($CONFIG_ENABLEBACKUP){ if(!is_dir($CONFIG_BACKUPDIRECTORY)){ mkdir($CONFIG_BACKUPDIRECTORY); } if(!is_dir($CONFIG_BACKUPDIRECTORY.'/'.$_SESSION['username_clean'])){ mkdir($CONFIG_BACKUPDIRECTORY.'/'.$_SESSION['username_clean']); } $backupStorage=new OC_FILESTORAGE_LOCAL(array('datadir'=>$CONFIG_BACKUPDIRECTORY.'/'.$_SESSION['username_clean'])); $backup=new OC_FILEOBSERVER_BACKUP(array('storage'=>$backupStorage)); $rootStorage->addObserver($backup); } OC_FILESYSTEM::mount($rootStorage,'/'); } // load plugins $CONFIG_LOADPLUGINS=''; $plugins=explode(' ',$CONFIG_LOADPLUGINS); if(isset($plugins[0]['url'])) foreach($plugins as $plugin) oc_require_once('plugins/'.$plugin.'/lib_'.$plugin.'.php'); // check if the server is correctly configured for ownCloud OC_UTIL::checkserver(); // listen for login or logout actions OC_USER::logoutlisener(); $loginresult=OC_USER::loginlisener(); /** * Class for utility functions * */ class OC_UTIL { public static $scripts=array(); /** * add a javascript file * * @param url $url */ public static function addscript($url){ self::$scripts[]=$url; } /** * array to store all the optional navigation buttons of the plugins * */ static private $NAVIGATION = array(); /** * check if the current server configuration is suitable for ownCloud * */ public static function checkserver(){ global $SERVERROOT; global $CONFIG_DATADIRECTORY_ROOT; global $CONFIG_BACKUPDIRECTORY; global $CONFIG_ENABLEBACKUP; global $CONFIG_INSTALLED; $error=''; if(!is_callable('sqlite_open') and !is_callable('mysql_connect')){ $error.='No database drivers (sqlite or mysql) installed.
'; } global $CONFIG_DBTYPE; global $CONFIG_DBNAME; if($CONFIG_DBTYPE=='sqlite'){ $file=$SERVERROOT.'/'.$CONFIG_DBNAME; if(file_exists($file)){ $prems=substr(decoct(fileperms($file)),-3); if(substr($prems,2,1)!='0'){ @chmod($file,0660); clearstatcache(); $prems=substr(decoct(fileperms($file)),-3); if(substr($prems,2,1)!='0'){ $error.='SQLite database file ('.$file.') is readable from the web
'; } } } } $prems=substr(decoct(fileperms($CONFIG_DATADIRECTORY_ROOT)),-3); if(substr($prems,-1)!='0'){ chmodr($CONFIG_DATADIRECTORY_ROOT,0770); clearstatcache(); $prems=substr(decoct(fileperms($CONFIG_DATADIRECTORY_ROOT)),-3); if(substr($prems,2,1)!='0'){ $error.='Data directory ('.$CONFIG_DATADIRECTORY_ROOT.') is readable from the web
'; } } if($CONFIG_ENABLEBACKUP){ $prems=substr(decoct(fileperms($CONFIG_BACKUPDIRECTORY)),-3); if(substr($prems,-1)!='0'){ chmodr($CONFIG_BACKUPDIRECTORY,0770); clearstatcache(); $prems=substr(decoct(fileperms($CONFIG_BACKUPDIRECTORY)),-3); if(substr($prems,2,1)!='0'){ $error.='Data directory ('.$CONFIG_BACKUPDIRECTORY.') is readable from the web
'; } } } if($error){ die($error); } } /** * show the header of the web GUI * */ public static function showheader(){ global $CONFIG_ADMINLOGIN; global $WEBROOT; oc_require('templates/header.php');; } /** * check if we need to use the layout optimized for smaller screen, currently only checks for iPhone/Android * @return bool */ public static function hasSmallScreen(){ $userAgent=strtolower($_SERVER['HTTP_USER_AGENT']); if(strpos($userAgent,'android') or strpos($userAgent,'iphone') or strpos($userAgent,'ipod')){//todo, add support for more devices return true; } return false; } /** * show the footer of the web GUI * */ public static function showfooter(){ global $CONFIG_FOOTEROWNERNAME; global $CONFIG_FOOTEROWNEREMAIL; oc_require('templates/footer.php');; } /** * add an navigationentry to the main navigation * * @param name $name * @param url $url */ public static function addnavigationentry($name,$url) { $entry=array(); $entry['name']=$name; $entry['url']=$url; OC_UTIL::$NAVIGATION[]=$entry; } /** * show the main navigation * */ public static function shownavigation(){ global $WEBROOT; global $SERVERROOT; echo(''); echo(''); if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/index.php') echo(''); else echo(''); foreach(OC_UTIL::$NAVIGATION as $NAVI) { if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo(''); else echo(''); } if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo(''); else echo(''); if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo(''); else echo(''); if(OC_USER::ingroup($_SESSION['username'],'admin')){ if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo(''); else echo(''); } echo(''); echo('
'); } /** * show the loginform * */ public static function showloginform(){ global $loginresult; oc_require('templates/loginform.php'); } /** * show an icon for a filetype * */ public static function showicon($filetype){ global $WEBROOT; if($filetype=='dir'){ echo(''); }elseif($filetype=='foo'){ echo('foo'); }else{ echo(''); } } } /** * Class for database access * */ class OC_DB { static private $DBConnection=false; static private $schema=false; /** * connect to the datbase if not already connected */ public static function connect(){ global $CONFIG_DBNAME; global $CONFIG_DBHOST; global $CONFIG_DBUSER; global $CONFIG_DBPASSWORD; global $CONFIG_DBTYPE; global $DOCUMENTROOT; global $SERVERROOT; if(!self::$DBConnection){ $options = array( 'portability' => MDB2_PORTABILITY_ALL, 'log_line_break' => '
', 'idxname_format' => '%s', 'debug' => false, 'quote_identifier' => true, ); if($CONFIG_DBTYPE=='sqlite'){ $dsn = array( 'phptype' => 'sqlite', 'database' => $SERVERROOT.'/'.$CONFIG_DBNAME, 'mode' => '0644', ); }elseif($CONFIG_DBTYPE=='mysql'){ $dsn = array( 'phptype' => 'mysql', 'username' => $CONFIG_DBUSER, 'password' => $CONFIG_DBPASSWORD, 'hostspec' => $CONFIG_DBHOST, 'database' => $CONFIG_DBNAME, ); } self::$DBConnection=&MDB2::factory($dsn,$options); if (@PEAR::isError(self::$DBConnection)) { echo('can not connect to database, using '.$CONFIG_DBTYPE.'. ('.self::$DBConnection->getUserInfo().')'); die(self::$DBConnection->getMessage()); } self::$DBConnection->setFetchMode(MDB2_FETCHMODE_ASSOC); self::$schema=&MDB2_Schema::factory($dsn,$options); } } /** * executes a query on the database * * @param string $cmd * @return result-set */ static function query($cmd){ global $CONFIG_DBTYPE; if(!trim($cmd)){ return false; } OC_DB::connect(); if($CONFIG_DBTYPE=='sqlite'){//fix differences between sql versions $cmd=str_replace('`','',$cmd); } $result=self::$DBConnection->query($cmd); if (PEAR::isError($result)) { $entry='DB Error: "'.$result->getMessage().'"
'; $entry.='Offending command was: '.$cmd.'
'; die($entry); } return $result; } /** * executes a query on the database and returns the result in an array * * @param string $cmd * @return result-set */ static function select($cmd){ OC_DB::connect(); return self::$DBConnection->queryAll($cmd); } /** * executes multiply queries on the database * * @param string $cmd * @return result-set */ static function multiquery($cmd) { $queries=explode(';',$cmd); foreach($queries as $query){ OC_DB::query($query); } return true; } /** * closing a db connection * * @return bool */ static function close() { self::$DBConnection->disconnect(); self::$DBConnection=false; } /** * Returning primarykey if last statement was an insert. * * @return primarykey */ static function insertid() { $id=self::$DBConnection->lastInsertID(); return $id; } /** * Returning number of rows in a result * * @param resultset $result * @return int */ static function numrows($result) { $result->numRows(); } /** * Returning number of affected rows * * @return int */ static function affected_rows() { self::$DBConnection->affectedRows(); } /** * get a field from the resultset * * @param resultset $result * @param int $i * @param int $field * @return unknown */ static function result($result, $i, $field) { $tmp=$result->fetchRow(MDB2_FETCHMODE_ASSOC,$i); $tmp=$tmp[$field]; return($tmp); } /** * get data-array from resultset * * @param resultset $result * @return data */ static function fetch_assoc($result){ return $result->fetchRow(MDB2_FETCHMODE_ASSOC); } /** * Freeing resultset (performance) * * @param unknown_type $result * @return bool */ static function free_result($result) { $result->free(); } static public function disconnect(){ if(self::$DBConnection){ self::$DBConnection->disconnect(); self::$DBConnection=false; } } /** * escape strings so they can be used in queries * * @param string string * @return string */ static function escape($string){ OC_DB::connect(); return self::$DBConnection->escape($string); } static function getDBStructure($file){ OC_DB::connect(); $definition = self::$schema->getDefinitionFromDatabase(); $dump_options = array( 'output_mode' => 'file', 'output' => $file, 'end_of_line' => "\n" ); self::$schema->dumpDatabase($definition, $dump_options, MDB2_SCHEMA_DUMP_STRUCTURE); } static function createDBFromStructure($file){ OC_DB::connect(); $definition=@self::$schema->parseDatabaseDefinitionFile($file); if($definition instanceof MDB2_Schema_Error){ die($definition->getMessage() . ': ' . $definition->getUserInfo()); } $ret=@self::$schema->createDatabase($definition); if($ret instanceof MDB2_Error) { die ($ret->getMessage() . ': ' . $ret->getUserInfo()); }else{ return true; } } } //custom require/include functions because not all hosts allow us to set the include path function oc_require($file){ global $SERVERROOT; global $DOCUMENTROOT; global $WEBROOT; global $CONFIG_DBNAME; global $CONFIG_DBHOST; global $CONFIG_DBUSER; global $CONFIG_DBPASSWORD; global $CONFIG_DBTYPE; global $CONFIG_DATADIRECTORY; global $CONFIG_HTTPFORCESSL; global $CONFIG_DATEFORMAT; global $CONFIG_INSTALLED; if(is_file($file)){ return require($file); }elseif(is_file($SERVERROOT.'/'.$file)){ return require($SERVERROOT.'/'.$file); }elseif(is_file($SERVERROOT.'/inc/'.$file)){ return require($SERVERROOT.'/inc/'.$file); } } function oc_require_once($file){ global $SERVERROOT; global $DOCUMENTROOT; global $WEBROOT; global $CONFIG_DBNAME; global $CONFIG_DBHOST; global $CONFIG_DBUSER; global $CONFIG_DBPASSWORD; global $CONFIG_DBTYPE; global $CONFIG_DATADIRECTORY; global $CONFIG_HTTPFORCESSL; global $CONFIG_DATEFORMAT; global $CONFIG_INSTALLED; if(is_file($file)){ return require_once($file); }elseif(is_file($SERVERROOT.'/'.$file)){ return require_once($SERVERROOT.'/'.$file); }elseif(is_file($SERVERROOT.'/inc/'.$file)){ return require_once($SERVERROOT.'/inc/'.$file); } } function oc_include($file){ global $SERVERROOT; global $DOCUMENTROOT; global $WEBROOT; global $CONFIG_DBNAME; global $CONFIG_DBHOST; global $CONFIG_DBUSER; global $CONFIG_DBPASSWORD; global $CONFIG_DBTYPE; global $CONFIG_DATADIRECTORY; global $CONFIG_HTTPFORCESSL; global $CONFIG_DATEFORMAT; global $CONFIG_INSTALLED; if(is_file($file)){ return include($file); }elseif(is_file($SERVERROOT.'/'.$file)){ return include($SERVERROOT.'/'.$file); }elseif(is_file($SERVERROOT.'/inc/'.$file)){ return include($SERVERROOT.'/inc/'.$file); } } function oc_include_once($file){ global $SERVERROOT; global $DOCUMENTROOT; global $WEBROOT; global $CONFIG_DBNAME; global $CONFIG_DBHOST; global $CONFIG_DBUSER; global $CONFIG_DBPASSWORD; global $CONFIG_DBTYPE; global $CONFIG_DATADIRECTORY; global $CONFIG_HTTPFORCESSL; global $CONFIG_DATEFORMAT; global $CONFIG_INSTALLED; if(is_file($file)){ return include_once($file); }elseif(is_file($SERVERROOT.'/'.$file)){ return include_once($SERVERROOT.'/'.$file); }elseif(is_file($SERVERROOT.'/inc/'.$file)){ return include_once($SERVERROOT.'/inc/'.$file); } } function chmodr($path, $filemode) { // echo "$path
"; if (!is_dir($path)) return chmod($path, $filemode); $dh = opendir($path); while (($file = readdir($dh)) !== false) { if($file != '.' && $file != '..') { $fullpath = $path.'/'.$file; if(is_link($fullpath)) return FALSE; elseif(!is_dir($fullpath) && !chmod($fullpath, $filemode)) return FALSE; elseif(!chmodr($fullpath, $filemode)) return FALSE; } } closedir($dh); if(chmod($path, $filemode)) return TRUE; else return FALSE; } ?>