open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Created class `OC_USER_BACKEND` for general user managment

Browse Source 
It's possible to use `OC_USER` as normal but the real stuff
is done by the `OC_USER::$_backend` class, setted using
`OC_USER::setBackend()` (this is done in inc/lib_user.php)
remotes/origin/stable
Aldo "xoen" Giambelluca 15 years ago
parent 9fe46ef093
commit 68775a282d
7 changed files with 590 additions and 465 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 123
      inc/User/backend.php
  2. 379
      inc/User/database.php
  3. 6
      inc/User/ldap.php
  4. 163
      inc/User/mod_auth.php
  5. 87
      inc/lib_base.php
  6. 115
      inc/lib_config.php
  7. 182
      inc/lib_user.php

123
inc/User/backend.php
Unescape View File

@ -0,0 +1,123 @@
<?php
/**
* ownCloud
*
* @author Frank Karlitschek
* @copyright 2010 Frank Karlitschek karlitschek@kde.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
/**
* Base class for user management
*
* @author Aldo "xoen" Giambelluca <xoen@xoen.org>
* @author fabian <fabian@web2.0-apps.de>
*/
abstract class OC_USER_BACKEND {
/**
* Check if the login button is pressed and logg the user in
*
*/
abstract public static function loginLisener();
/**
* Try to create a new user
*
*/
abstract public static function createUser($username, $password);
/**
* Try to login a user
*
*/
abstract public static function login($username, $password);
/**
* Check if the logout button is pressed and logout the user
*
*/
abstract public static function logoutLisener();
/**
* Check if a user is logged in
*
*/
abstract public static function isLoggedIn();
/**
* Try to create a new group
*
*/
abstract public static function createGroup($groupName);
/**
* Get the ID of a user
*
*/
abstract public static function getUserId($username, $noCache=false);
/**
* Get the ID of a group
*
*/
abstract public static function getGroupId($groupName, $noCache=false);
/**
* Get the name of a group
*
*/
abstract public static function getGroupName($groupId, $noCache=false);
/**
* Check if a user belongs to a group
*
*/
abstract public static function inGroup($username, $groupName);
/**
* Add a user to a group
*
*/
abstract public static function addToGroup($username, $groupName);
/**
* Generate a random password
*/
abstract public static function generatePassword();
/**
* Get all groups the user belongs to
*
*/
abstract public static function getUserGroups($username);
/**
* Set the password of a user
*
*/
abstract public static function setPassword($username, $password);
/**
* Check the password of a user
*
*/
abstract public static function checkPassword($username, $password);
}

379
inc/User/database.php
Unescape View File

@ -21,307 +21,292 @@
*
*/
require_once $SERVERROOT . '/inc/lib_user.php';
oc_require_once('inc/User/backend.php');
/**
* Class for usermanagement in a SQL Database (e.g. MySQL, SQLite)
* Class for user management in a SQL Database (e.g. MySQL, SQLite)
*
*/
class OC_USER_DATABASE extends OC_USER_ABSTRACT {
class OC_USER_DATABASE extends OC_USER_BACKEND {
/**
* Check if the login button is pressed and logg the user in
*
*/
public static function loginLisener() {
if ( isset($_POST['loginbutton']) AND isset($_POST['password']) AND isset($_POST['login']) ) {
if ( self::login($_POST['login'], $_POST['password']) ) {
* check if the login button is pressed and logg the user in
*
*/
public static function loginLisener(){
if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
if(OC_USER::login($_POST['login'],$_POST['password'])){
echo 1;
OC_LOG::event($_SESSION['username'], 1, '');
OC_LOG::event($_SESSION['username'],1,'');
echo 2;
if ( ( isset($CONFIG_HTTPFORCESSL) AND $CONFIG_HTTPFORCESSL )
OR ( isset($_SERVER['HTTPS']) AND ('on' === $_SERVER['HTTPS']) ) ) {
$url = 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
} else {
$url = 'http://'. $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
if((isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') {
$url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
}else{
$url = "http://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
}
header('Location: $url');
header("Location: $url");
die();
} else {
return 'error';
}
}else{
return('error');
}
}
return('');
}
/**
* Try to create a new user
*
*/
public static function createUser($username, $password) {
* try to create a new user
*
*/
public static function createUser($username,$password){
global $CONFIG_DBTABLEPREFIX;
if ( 0 !== self::getUserId($username, true) ) {
if(OC_USER::getuserid($username,true)!=0){
return false;
} else {
$usernameClean = strtolower($username);
$password = sha1($password);
$username = OC_DB::escape($username);
$usernameClean = OC_DB::escape($usernameClean);
$query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameClean', '$password')";
$result = OC_DB::query($query);
return ($result) ? true : false;
}else{
$usernameclean=strtolower($username);
$password=sha1($password);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')";
$result=OC_DB::query($query);
return ($result)?true:false;
}
}
}
/**
* Try to login a user
*
*/
public static function login($username, $password) {
* try to login a user
*
*/
public static function login($username,$password){
global $CONFIG_DBTABLEPREFIX;
$password = sha1($password);
$usernameClean = strtolower($username);
$username = OC_DB::escape($username);
$usernameClean = OC_DB::escape($usernameClean);
$query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameClean' AND user_password = '$password' LIMIT 1";
$result = OC_DB::select($query);
if ( isset($result[0]) AND isset($result[0]['user_id']) ) {
$_SESSION['user_id'] = $result[0]['user_id'];
$_SESSION['username'] = $username;
$_SESSION['username_clean'] = $usernameClean;
$password=sha1($password);
$usernameclean=strtolower($username);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['user_id'])){
$_SESSION['user_id']=$result[0]['user_id'];
$_SESSION['username']=$username;
$_SESSION['username_clean']=$usernameclean;
return true;
} else {
}else{
return false;
}
}
/**
* Check if the logout button is pressed and logout the user
*
*/
public static function logoutLisener() {
if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) {
OC_LOG::event($_SESSION['username'], 2, '');
$_SESSION['user_id'] = false;
$_SESSION['username'] = '';
$_SESSION['username_clean'] = '';
* check if the logout button is pressed and logout the user
*
*/
public static function logoutLisener(){
if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
OC_LOG::event($_SESSION['username'],2,'');
$_SESSION['user_id']=false;
$_SESSION['username']='';
$_SESSION['username_clean']='';
}
}
/**
* Check if a user is logged in
*
*/
public static function isLoggedIn() {
if ( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) {
return true;
} else {
return false;
}
* check if a user is logged in
*
*/
public static function isLoggedIn(){
return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false;
}
/**
* Try to create a new group
*
*/
public static function createGroup($groupName) {
* try to create a new group
*
*/
public static function createGroup($groupname){
global $CONFIG_DBTABLEPREFIX;
if ( 0 === self::getGroupId($groupName, true) ) {
$groupName = OC_DB::escape($groupName);
$query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupName')";
$result = OC_DB::query($query);
return $result ? true : false;
} else {
if(OC_USER::getgroupid($groupname,true)==0){
$groupname=OC_DB::escape($groupname);
$query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupname')";
$result=OC_DB::query($query);
return ($result)?true:false;
}else{
return false;
}
}
/**
* Get the ID of a user
*
*/
public static function getUserId($username, $noCache=false) {
* get the id of a user
*
*/
public static function getUserId($username,$nocache=false){
global $CONFIG_DBTABLEPREFIX;
$usernameClean = strtolower($username);
//try to use cached value to save an sql query
if ( !$noCache AND isset($_SESSION['user_id_cache'][$usernameClean]) ) {
return $_SESSION['user_id_cache'][$usernameClean];
$usernameclean=strtolower($username);
if(!$nocache and isset($_SESSION['user_id_cache'][$usernameclean])){//try to use cached value to save an sql query
return $_SESSION['user_id_cache'][$usernameclean];
}
$usernameClean = OC_DB::escape($usernameClean);
$query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameClean'";
$result = OC_DB::select($query);
if ( !is_array($result) ) {
$usernameclean=OC_DB::escape($usernameclean);
$query="SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean'";
$result=OC_DB::select($query);
if(!is_array($result)){
return 0;
}
if ( isset($result[0]) AND isset($result[0]['user_id']) ) {
$_SESSION['user_id_cache'][$usernameClean] = $result[0]['user_id'];
if(isset($result[0]) && isset($result[0]['user_id'])){
$_SESSION['user_id_cache'][$usernameclean]=$result[0]['user_id'];
return $result[0]['user_id'];
} else {
}else{
return 0;
}
}
/**
* Get the ID of a group
*
*/
public static function getGroupId($groupName, $noCache=false) {
* get the id of a group
*
*/
public static function getGroupId($groupname,$nocache=false){
global $CONFIG_DBTABLEPREFIX;
//try to use cached value to save an sql query
if ( !$noCache AND isset($_SESSION['group_id_cache'][$groupName]) ) {
return $_SESSION['group_id_cache'][$groupName];
if(!$nocache and isset($_SESSION['group_id_cache'][$groupname])){//try to use cached value to save an sql query
return $_SESSION['group_id_cache'][$groupname];
}
$groupName = OC_DB::escape($groupName);
$query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupName'";
$result = OC_DB::select($query);
if ( !is_array($result) ) {
$groupname=OC_DB::escape($groupname);
$query="SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupname'";
$result=OC_DB::select($query);
if(!is_array($result)){
return 0;
}
if ( isset($result[0]) AND isset($result[0]['group_id']) ) {
$_SESSION['group_id_cache'][$groupName] = $result[0]['group_id'];
if(isset($result[0]) && isset($result[0]['group_id'])){
$_SESSION['group_id_cache'][$groupname]=$result[0]['group_id'];
return $result[0]['group_id'];
} else {
}else{
return 0;
}
}
/**
* Get the name of a group
*
*/
public static function getGroupName($groupId, $noCache=false) {
* get the name of a group
*
*/
public static function getGroupName($groupid,$nocache=false){
global $CONFIG_DBTABLEPREFIX;
//try to use cached value to save an sql query
if ( !$noCache AND ($name = array_search($groupId,$_SESSION['group_id_cache'])) ) {
if($nocache and $name=array_search($groupid,$_SESSION['group_id_cache'])){//try to use cached value to save an sql query
return $name;
}
$groupId = (integer)$groupId;
$query = "SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupId' LIMIT 1";
$result = OC_DB::select($query);
if ( isset($result[0]) AND isset($result[0]['group_name']) ) {
$groupid=(integer)$groupid;
$query="SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupid' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['group_name'])){
return $result[0]['group_name'];
} else {
}else{
return 0;
}
}
/**
* Check if a user belongs to a group
*
*/
public static function inGroup($username, $groupName) {
* check if a user belongs to a group
*
*/
public static function inGroup($username,$groupname){
global $CONFIG_DBTABLEPREFIX;
$userId = self::getUserId($username);
$groupId = self::getGroupId($groupName);
if ( ($groupId > 0) AND ($userId > 0) ) {
$query = "SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupId' AND user_id = '$userId';";
$result = OC_DB::select($query);
if ( isset($result[0]) AND isset($result[0]['user_group_id']) ) {
$userid=OC_USER::getuserid($username);
$groupid=OC_USER::getgroupid($groupname);
if($groupid>0 and $userid>0){
$query="SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupid' AND user_id = '$userid';";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['user_group_id'])){
return true;
} else {
}else{
return false;
}
} else {
}else{
return false;
}
}
/**
* Add a user to a group
*
*/
public static function addToGroup($username, $groupName) {
* add a user to a group
*
*/
public static function addToGroup($username,$groupname){
global $CONFIG_DBTABLEPREFIX;
if ( !self::inGroup($username, $groupName) ) {
$userId = self::getuserid($username);
$groupId = self::getgroupid($groupName);
if ( (0 !== $groupId) AND (0 !== $userId) ) {
$query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userId', '$groupId');";
$result = OC_DB::query($query);
if ( $result ) {
if(!OC_USER::ingroup($username,$groupname)){
$userid=OC_USER::getuserid($username);
$groupid=OC_USER::getgroupid($groupname);
if($groupid!=0 and $userid!=0){
$query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');";
$result=OC_DB::query($query);
if($result){
return true;
} else {
}else{
return false;
}
} else {
}else{
return false;
}
} else {
}else{
return true;
}
}
public static function generatePassword() {
return uniqId();
public static function generatePassword(){
return uniqid();
}
/**
* Get all groups the user belongs to
*
*/
public static function getUserGroups($username) {
* get all groups the user belongs to
*
*/
public static function getUserGroups($username){
global $CONFIG_DBTABLEPREFIX;
$userId = self::getUserId($username);
$query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userId'";
$result = OC_DB::select($query);
$groups = array();
if ( is_array($result) ) {
foreach ( $result as $group ) {
$groupId = $group['group_id'];
$groups[] = self::getGroupName($groupId);
$userid=OC_USER::getuserid($username);
$query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userid'";
$result=OC_DB::select($query);
$groups=array();
if(is_array($result)){
foreach($result as $group){
$groupid=$group['group_id'];
$groups[]=OC_USER::getgroupname($groupid);
}
}
return $groups;
}
/**
* Set the password of a user
*
*/
public static function setPassword($username, $password) {
* set the password of a user
*
*/
public static function setPassword($username,$password){
global $CONFIG_DBTABLEPREFIX;
$password = sha1($password);
$userId = self::getUserId($username);
$query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userId'";
$result = OC_DB::query($query);
return $result ? true : false;
$password=sha1($password);
$userid=OC_USER::getuserid($username);
$query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userid'";
$result=OC_DB::query($query);
if($result){
return true;
}else{
return false;
}
}
/**
* Check the password of a user
* check the password of a user
*
*/
public static function checkPassword($username, $password) {
public static function checkPassword($username,$password){
global $CONFIG_DBTABLEPREFIX;
$password = sha1($password);
$usernameClean = strtolower($username);
$username = OC_DB::escape($username);
$usernameClean = OC_DB::escape($usernameClean);
$query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameClean' AND user_password = '$password' LIMIT 1";
$result = OC_DB::select($query);
if ( isset($result[0]) AND isset($result[0]['user_id']) AND ($result[0]['user_id'] > 0) ) {
$password=sha1($password);
$usernameclean=strtolower($username);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){
return true;
} else {
}else{
return false;
}
}

6
inc/User/ldap.php
Unescape View File

@ -21,13 +21,9 @@
*
*/
require_once $SERVERROOT . '/inc/lib_user.php';
require_once $SERVERROOT . '/inc/User/mod_auth.php';
oc_require_once('inc/User/mod_auth.php');
/**
* Class for usermanagement in a SQL Database (e.g. MySql, SQLite)
*/
class OC_USER_LDAP extends OC_USER_MOD_AUTH {
}

163
inc/User/mod_auth.php
Unescape View File

@ -21,55 +21,52 @@
*
*/
require_once $SERVERROOT . '/inc/lib_user.php';
oc_require_once('inc/User/backend.php');
/**
* Class for usermanagement in a SQL Database (e.g. MySQL, SQLite)
* Class for user management
*
*/
class OC_USER_MOD_AUTH extends OC_USER_ABSTRACT {
class OC_USER_MOD_AUTH extends OC_USER_BACKEND {
/**
* Check if the login button is pressed and logg the user in
*
*/
public static function loginLisener() {
return '';
* check if the login button is pressed and logg the user in
*
*/
public static function loginLisener(){
return('');
}
/**
* Try to create a new user
*
*/
public static function createUser($username, $password) {
* try to create a new user
*
*/
public static function createUser($username,$password){
return false;
}
/**
* Try to login a user
*
*/
public static function login($username, $password) {
if ( isset($_SERVER['PHP_AUTH_USER']) AND ('' !== $_SERVER['PHP_AUTH_USER']) ) {
$_SESSION['user_id'] = $_SERVER['PHP_AUTH_USER'];
$_SESSION['username'] = $_SERVER['PHP_AUTH_USER'];
$_SESSION['username_clean'] = $_SERVER['PHP_AUTH_USER'];
/**
* try to login a user
*
*/
public static function login($username,$password){
if (isset($_SERVER["PHP_AUTH_USER"]) && $_SERVER["PHP_AUTH_USER"] != "") {
$_SESSION['user_id']= $_SERVER["PHP_AUTH_USER"];
$_SESSION['username']= $_SERVER["PHP_AUTH_USER"];
$_SESSION['username_clean']= $_SERVER["PHP_AUTH_USER"];
return true;
}
return false;
}
/**
* Check if the logout button is pressed and logout the user
*
*/
public static function logoutLisener() {
if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) {
* check if the logout button is pressed and logout the user
*
*/
public static function logoutLisener(){
if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
header('WWW-Authenticate: Basic realm="ownCloud"');
header('HTTP/1.0 401 Unauthorized');
die('401 Unauthorized');
@ -77,107 +74,105 @@ class OC_USER_MOD_AUTH extends OC_USER_ABSTRACT {
}
/**
* Check if a user is logged in
*
*/
public static function isLoggedIn() {
if ( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) {
* check if a user is logged in
*
*/
public static function isLoggedIn(){
if (isset($_SESSION['user_id']) && $_SESSION['user_id']) {
return true;
} else {
if ( isset($_SERVER['PHP_AUTH_USER']) AND ('' !== $_SERVER['PHP_AUTH_USER']) ) {
$_SESSION['user_id'] = $_SERVER['PHP_AUTH_USER'];
$_SESSION['username'] = $_SERVER['PHP_AUTH_USER'];
$_SESSION['username_clean'] = $_SERVER['PHP_AUTH_USER'];
return true;;
}
else {
if (isset($_SERVER["PHP_AUTH_USER"]) && $_SERVER["PHP_AUTH_USER"] != "") {
$_SESSION['user_id']= $_SERVER["PHP_AUTH_USER"];
$_SESSION['username']= $_SERVER["PHP_AUTH_USER"];
$_SESSION['username_clean']= $_SERVER["PHP_AUTH_USER"];
return true;
}
}
return false;
}
/**
* Try to create a new group
*
*/
public static function createGroup($groupName) {
* try to create a new group
*
*/
public static function createGroup($groupname){
// does not work with MOD_AUTH (only or some modules)
return false;
}
/**
* Get the ID of a user
*
*/
public static function getUserId($username, $noCache=false) {
* get the id of a user
*
*/
public static function getUserId($username,$nocache=false){
// does not work with MOD_AUTH (only or some modules)
return 0;
}
/**
* Get the ID of a group
*
*/
public static function getGroupId($groupName, $noCache=false) {
* get the id of a group
*
*/
public static function getGroupId($groupname,$nocache=false){
// does not work with MOD_AUTH (only or some modules)
return 0;
}
/**
* Get the name of a group
*
*/
public static function getGroupName($groupId, $noCache=false) {
* get the name of a group
*
*/
public static function getGroupName($groupid,$nocache=false){
// does not work with MOD_AUTH (only or some modules)
return 0;
}
/**
* Check if a user belongs to a group
*
*/
public static function inGroup($username, $groupName) {
* check if a user belongs to a group
*
*/
public static function inGroup($username,$groupname){
// does not work with MOD_AUTH (only or some modules)
return false;
}
/**
* Add a user to a group
*
*/
public static function addToGroup($username, $groupName) {
* add a user to a group
*
*/
public static function addToGroup($username,$groupname){
// does not work with MOD_AUTH (only or some modules)
return false;
}
public static function generatePassword() {
return uniqId();
public static function generatePassword(){
return uniqid();
}
/**
* Get all groups the user belongs to
*
*/
public static function getUserGroups($username) {
* get all groups the user belongs to
*
*/
public static function getUserGroups($username){
// does not work with MOD_AUTH (only or some modules)
$groups = array();
$groups=array();
return $groups;
}
/**
* Set the password of a user
*
*/
public static function setPassword($username, $password) {
* set the password of a user
*
*/
public static function setPassword($username,$password){
return false;
}
/**
* Check the password of a user
*
*/
public static function checkPassword($username, $password) {
* check the password of a user
*
*/
public static function checkPassword($username,$password){
// does not work with MOD_AUTH (only or some modules)
return false;
}

87
inc/lib_base.php
Unescape View File

@ -48,20 +48,20 @@ if($WEBROOT!='' and $WEBROOT[0]!=='/'){
// set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config');
// define default config values
$CONFIG_INSTALLED = false;
$CONFIG_DATADIRECTORY = $SERVERROOT . '/data';
$CONFIG_BACKUPDIRECTORY = $SERVERROOT . '/backup';
$CONFIG_HTTPFORCESSL = false;
$CONFIG_ENABLEBACKUP = false;
$CONFIG_DATEFORMAT = 'j M Y G:i';
$CONFIG_DBNAME = 'owncloud';
$CONFIG_DBTYPE = 'sqlite';
$CONFIG_INSTALLED=false;
$CONFIG_DATADIRECTORY=$SERVERROOT.'/data';
$CONFIG_BACKUPDIRECTORY=$SERVERROOT.'/backup';
$CONFIG_HTTPFORCESSL=false;
$CONFIG_ENABLEBACKUP=false;
$CONFIG_DATEFORMAT='j M Y G:i';
$CONFIG_DBNAME='owncloud';
$CONFIG_DBTYPE='sqlite';
// include the generated configfile
@include_once($SERVERROOT . '/config/config.php');
@include_once($SERVERROOT.'/config/config.php');
// Store this in a seperate variable so we can change the data directory to jail users.
$CONFIG_DATADIRECTORY_ROOT = $CONFIG_DATADIRECTORY;
$CONFIG_DATADIRECTORY_ROOT=$CONFIG_DATADIRECTORY;// store this in a seperate variable so we can change the data directory to jail users.
// redirect to https site if configured
if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){
if(!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') {
@ -86,33 +86,10 @@ oc_require_once('lib_connect.php');
oc_require_once('lib_remotestorage.php');
// Load the choosen user manager
if ( isset($CONFIG_BACKEND) ) {
switch ( $CONFIG_BACKEND ) {
case 'mysql':
case 'sqlite':
require_once 'User/database.php';
$userManager = new OC_USER_DATABASE();
break;
case 'ldap':
require_once 'User/ldap.php';
$userManager = new OC_USER_LDAP();
break;
default:
require_once 'User/database.php';
$userManager = new OC_USER_DATABASE();
break;
}
} else {
require_once 'User/database.php';
$userManager = new OC_USER_DATABASE();
}
if(!is_dir($CONFIG_DATADIRECTORY_ROOT)){
@mkdir($CONFIG_DATADIRECTORY_ROOT) or die("Can't create data directory ($CONFIG_DATADIRECTORY_ROOT), you can usually fix this by setting the owner of '$SERVERROOT' to the user that the web server uses (www-data for debian/ubuntu)");
}
if ( $userManager::isLoggedIn() ) {
if(OC_USER::isLoggedIn()){
//jail the user in a seperate data folder
$CONFIG_DATADIRECTORY=$CONFIG_DATADIRECTORY_ROOT.'/'.$_SESSION['username_clean'];
if(!is_dir($CONFIG_DATADIRECTORY)){
@ -151,11 +128,11 @@ if(isset($plugins[0])) foreach($plugins as $plugin) require_once($SERVERROOT.'/p
// check if the server is correctly configured for ownCloud
OC_UTIL::checkServer();
OC_UTIL::checkserver();
// listen for login or logout actions
$userManager::logoutLisener();
$loginresult = $userManager::loginLisener();
OC_USER::logoutlisener();
$loginresult=OC_USER::loginlisener();
/**
* Class for utility functions
@ -285,27 +262,25 @@ class OC_UTIL {
* show the main navigation
*
*/
public static function showNavigation(){
global $WEBROOT;
global $SERVERROOT;
global $userManager;
echo('<table class="center" cellpadding="5" cellspacing="0" border="0"><tr>');
echo('<td class="navigationitem1"><a href="'.$WEBROOT.'/">'.$_SESSION['username'].'</a></td>');
if ($_SERVER['SCRIPT_NAME']==$WEBROOT.'/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/">Files</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/">Files</a></td>');
public static function showNavigation(){
global $WEBROOT;
global $SERVERROOT;
echo('<table class="center" cellpadding="5" cellspacing="0" border="0"><tr>');
echo('<td class="navigationitem1"><a href="'.$WEBROOT.'/">'.$_SESSION['username'].'</a></td>');
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/">Files</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/">Files</a></td>');
foreach(OC_UTIL::$NAVIGATION as $NAVI) {
if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo('<td class="navigationitemselected"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>');
}
foreach(OC_UTIL::$NAVIGATION as $NAVI) {
if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo('<td class="navigationitemselected"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>');
}
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>');
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>');
if ( $userManager::inGroup($_SESSION['username'], 'admin') ) {
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>');
}
echo('<td class="navigationitem"><a href="?logoutbutton=1">Logout</a></td>');
echo('</tr></table>');
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>');
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>');
if(OC_USER::ingroup($_SESSION['username'],'admin')){
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>');
}
echo('<td class="navigationitem"><a href="?logoutbutton=1">Logout</a></td>');
echo('</tr></table>');
}
/**

115
inc/lib_config.php
Unescape View File

@ -1,7 +1,5 @@
<?php
class OC_CONFIG {
class OC_CONFIG{
/**
* show the configform
*
@ -16,74 +14,66 @@ class OC_CONFIG {
oc_require('templates/configform.php');
}
/**
* show the configform
*
*/
public static function showAdminForm(){
global $CONFIG_ADMINLOGIN;
global $CONFIG_ADMINPASSWORD;
global $CONFIG_DATADIRECTORY;
global $CONFIG_HTTPFORCESSL;
global $CONFIG_DATEFORMAT;
global $CONFIG_DBNAME;
global $CONFIG_DBTABLEPREFIX;
global $CONFIG_INSTALLED;
global $userManager;
$allow = false;
if ( !$CONFIG_INSTALLED ) {
$allow = true;
} elseif ( $userManager::isLoggedIn() ) {
if ( $userManager::inGroup($_SESSION['username'], 'admin') ) {
$allow = true;
/**
* show the configform
*
*/
public static function showAdminForm(){
global $CONFIG_ADMINLOGIN;
global $CONFIG_ADMINPASSWORD;
global $CONFIG_DATADIRECTORY;
global $CONFIG_HTTPFORCESSL;
global $CONFIG_DATEFORMAT;
global $CONFIG_DBNAME;
global $CONFIG_DBTABLEPREFIX;
global $CONFIG_INSTALLED;
$allow=false;
if(!$CONFIG_INSTALLED){
$allow=true;
}elseif(OC_USER::isLoggedIn()){
if(OC_USER::ingroup($_SESSION['username'],'admin')){
$allow=true;
}
}
if ( $allow ) {
oc_require('templates/adminform.php');
}
if($allow){
oc_require('templates/adminform.php');
}
}
public static function createUserLisener(){
global $userManager;
if ( $userManager::isLoggedIn() ) {
if ( $userManager::ingroup($_SESSION['username'], 'admin') ) {
if ( isset($_POST['new_username']) AND isset($_POST['new_password']) ) {
if ( $userManager::createUser($_POST['new_username'], $_POST['new_password']) ) {
if(OC_USER::isLoggedIn()){
if(OC_USER::ingroup($_SESSION['username'],'admin')){
if(isset($_POST['new_username']) and isset($_POST['new_password'])){
if(OC_USER::createuser($_POST['new_username'],$_POST['new_password'])){
return 'user successfully created';
} else {
}else{
return 'error while trying to create user';
}
}else{
return false;
}
} else {
}else{
return false;
}
}
}
public static function createGroupLisener() {
global $userManager;
if ( $userManager::isLoggedIn() ) {
if ( isset($_POST['creategroup']) AND 1==$_POST['creategroup'] ) {
if ( $userManager::createGroup($_POST['groupname']) ) {
if ( $userManager::addTogroup($_SESSION['username'], $_POST['groupname']) ) {
public static function createGroupLisener(){
if(OC_USER::isLoggedIn()){
if(isset($_POST['creategroup']) and $_POST['creategroup']==1){
if(OC_USER::creategroup($_POST['groupname'])){
if(OC_USER::addtogroup($_SESSION['username'],$_POST['groupname'])){
return 'group successfully created';
} else {
}else{
return 'error while trying to add user to the new created group';
}
} else {
}else{
return 'error while trying to create group';
}
} else {
}else{
return false;
}
} else {
}else{
return false;
}
}
@ -93,13 +83,11 @@ class OC_CONFIG {
* lisen for configuration changes
*
*/
public static function configLisener() {
global $userManager;
if($userManager::isLoggedIn()){
public static function configLisener(){
if(OC_USER::isLoggedIn()){
if(isset($_POST['config']) and $_POST['config']==1){
$error='';
if(!$userManager::checkpassword($_SESSION['username'],$_POST['currentpassword'])){
if(!OC_USER::checkpassword($_SESSION['username'],$_POST['currentpassword'])){
$error.='wrong password<br />';
}else{
if(isset($_POST['changepass']) and $_POST['changepass']==1){
@ -107,7 +95,7 @@ class OC_CONFIG {
if(!isset($_POST['password2']) or empty($_POST['password2'])) $error.='retype password not set<br />';
if($_POST['password']<>$_POST['password2'] ) $error.='passwords are not the same<br />';
if(empty($error)){
if(!$userManager::setpassword($_SESSION['username'],$_POST['password'])){
if(!OC_USER::setpassword($_SESSION['username'],$_POST['password'])){
$error.='error while trying to set password<br />';
}
}
@ -155,13 +143,11 @@ class OC_CONFIG {
*/
public static function writeAdminLisener(){
global $CONFIG_INSTALLED;
global $userManager;
$allow=false;
if(!$CONFIG_INSTALLED){
$allow=true;
}elseif($userManager::isLoggedIn()){
if($userManager::ingroup($_SESSION['username'],'admin')){
}elseif(OC_USER::isLoggedIn()){
if(OC_USER::ingroup($_SESSION['username'],'admin')){
$allow=true;
}
}
@ -184,7 +170,7 @@ class OC_CONFIG {
$error='';
$FIRSTRUN=!$CONFIG_INSTALLED;
if(!$FIRSTRUN){
if(!$userManager::login($_SESSION['username'],$_POST['currentpassword'])){
if(!OC_USER::login($_SESSION['username'],$_POST['currentpassword'])){
$error.='wrong password<br />';
}
}
@ -262,15 +248,15 @@ class OC_CONFIG {
}
}
if($FIRSTRUN){
if(!$userManager::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !$userManager::login($_POST['adminlogin'],$_POST['adminpassword'])){
if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){
$error.='error while trying to create the admin user<br/>';
}
if($userManager::getgroupid('admin')==0){
if(!$userManager::creategroup('admin')){
if(OC_USER::getgroupid('admin')==0){
if(!OC_USER::creategroup('admin')){
$error.='error while trying to create the admin group<br/>';
}
}
if(!$userManager::addtogroup($_POST['adminlogin'],'admin')){
if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){
$error.='error while trying to add the admin user to the admin group<br/>';
}
}
@ -379,3 +365,6 @@ class OC_CONFIG {
}
}
}
?>

182
inc/lib_user.php
Unescape View File

@ -21,6 +21,8 @@
*
*/
global $CONFIG_BACKEND;
if ( !$CONFIG_INSTALLED ) {
@ -29,7 +31,7 @@ if ( !$CONFIG_INSTALLED ) {
$_SESSION['username_clean'] = '';
}
// Cache the userid's an groupid's
//cache the userid's an groupid's
if ( !isset($_SESSION['user_id_cache']) ) {
$_SESSION['user_id_cache'] = array();
}
@ -37,98 +39,158 @@ if ( !isset($_SESSION['group_id_cache']) ) {
$_SESSION['group_id_cache'] = array();
}
OC_USER::setBackend($CONFIG_BACKEND);
/**
* Class for user management
* Class for User Management
*
*/
abstract class OC_USER_ABSTRACT {
class OC_USER {
// The backend used for user management
private static $_backend;
/**
* Set the User Authentication Module
*/
public static function setBackend($backend='database') {
if ( (null === $backend) OR (!is_string($backend)) ) {
$backend = 'database';
}
switch ( $backend ) {
case 'mysql':
case 'sqlite':
oc_require_once('inc/User/database.php');
self::$_backend = new OC_USER_DATABASE();
break;
case 'ldap':
oc_require_once('inc/User/ldap.php');
self::$_backend = new OC_USER_LDAP();
break;
default:
oc_require_once('inc/User/database.php');
self::$_backend = new OC_USER_DATABASE();
break;
}
}
/**
* Check if the login button is pressed and logg the user in
*
*/
abstract public static function loginLisener();
* check if the login button is pressed and logg the user in
*
*/
public static function loginLisener() {
return self::$_backend->loginLisener();
}
/**
* Try to create a new user
*
*/
abstract public static function createUser($username, $password);
* try to create a new user
*
*/
public static function createUser($username, $password) {
return self::$_backend->createUser($username, $password);
}
/**
* Try to login a user
*
*/
abstract public static function login($username, $password);
* try to login a user
*
*/
public static function login($username, $password) {
return self::$_backend->login($username, $password);
}
/**
* Check if the logout button is pressed and logout the user
*
*/
abstract public static function logoutLisener();
* check if the logout button is pressed and logout the user
*
*/
public static function logoutLisener() {
return self::$_backend->logoutLisener();
}
/**
* Check if a user is logged in
*
*/
abstract public static function isLoggedIn();
* check if a user is logged in
*
*/
public static function isLoggedIn() {
return self::$_backend->isLoggedIn();
}
/**
* Try to create a new group
*
*/
abstract public static function createGroup($groupName);
* try to create a new group
*
*/
public static function createGroup($groupName) {
return self::$_backend->createGroup($groupName);
}
/**
* Get the ID of a user
*
*/
abstract public static function getUserId($username, $noCache=false);
* get the id of a user
*
*/
public static function getUserId($username, $noCache=false) {
return self::$_backend->getUserId($username, $noCache=false);
}
/**
* Get the ID of a group
*
*/
abstract public static function getGroupId($groupName, $noCache=false);
* get the id of a group
*
*/
public static function getGroupId($groupName, $noCache=false) {
return self::$_backend->getGroupId($groupName, $noCache=false);
}
/**
* Get the name of a group
*
*/
abstract public static function getGroupName($groupId, $noCache=false);
* get the name of a group
*
*/
public static function getGroupName($groupId, $noCache=false) {
return self::$_backend->getGroupName($groupId, $noCache=false);
}
/**
* Check if a user belongs to a group
*
*/
abstract public static function inGroup($username, $groupName);
* check if a user belongs to a group
*
*/
public static function inGroup($username, $groupName) {
return self::$_backend->inGroup($username, $groupName);
}
/**
* Add a user to a group
*
*/
abstract public static function addToGroup($username, $groupName);
* add a user to a group
*
*/
public static function addToGroup($username, $groupName) {
return self::$_backend->addToGroup($username, $groupName);
}
abstract public static function generatePassword();
public static function generatePassword() {
return uniqId();
}
/**
* Get all groups the user belongs to
*
*/
abstract public static function getUserGroups($username);
* get all groups the user belongs to
*
*/
public static function getUserGroups($username) {
return self::$_backend->getUserGroups($username);
}
/**
* Set the password of a user
*
*/
abstract public static function setPassword($username, $password);
* set the password of a user
*
*/
public static function setPassword($username, $password) {
return self::$_backend->setPassword($username, $password);
}
/**
* Check the password of a user
*
*/
abstract public static function checkPassword($username, $password);
* check the password of a user
*
*/
public static function checkPassword($username, $password) {
return self::$_backend->checkPassword($username, $password);
}
}

Write Preview
Loading…
Cancel
Save