open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Created class `OC_USER_BACKEND` for general user managment

Browse Source 
It's possible to use `OC_USER` as normal but the real stuff
is done by the `OC_USER::$_backend` class, setted using
`OC_USER::setBackend()` (this is done in inc/lib_user.php)
remotes/origin/stable
Aldo "xoen" Giambelluca 15 years ago
parent 9fe46ef093
commit 68775a282d
7 changed files with 590 additions and 465 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 123
      inc/User/backend.php
  2. 307
      inc/User/database.php
  3. 6
      inc/User/ldap.php
  4. 101
      inc/User/mod_auth.php
  5. 59
      inc/lib_base.php
  6. 85
      inc/lib_config.php
  7. 126
      inc/lib_user.php

123
inc/User/backend.php
Unescape View File

@ -0,0 +1,123 @@
<?php
/**
* ownCloud
*
* @author Frank Karlitschek
* @copyright 2010 Frank Karlitschek karlitschek@kde.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
/**
* Base class for user management
*
* @author Aldo "xoen" Giambelluca <xoen@xoen.org>
* @author fabian <fabian@web2.0-apps.de>
*/
abstract class OC_USER_BACKEND {
/**
* Check if the login button is pressed and logg the user in
*
*/
abstract public static function loginLisener();
/**
* Try to create a new user
*
*/
abstract public static function createUser($username, $password);
/**
* Try to login a user
*
*/
abstract public static function login($username, $password);
/**
* Check if the logout button is pressed and logout the user
*
*/
abstract public static function logoutLisener();
/**
* Check if a user is logged in
*
*/
abstract public static function isLoggedIn();
/**
* Try to create a new group
*
*/
abstract public static function createGroup($groupName);
/**
* Get the ID of a user
*
*/
abstract public static function getUserId($username, $noCache=false);
/**
* Get the ID of a group
*
*/
abstract public static function getGroupId($groupName, $noCache=false);
/**
* Get the name of a group
*
*/
abstract public static function getGroupName($groupId, $noCache=false);
/**
* Check if a user belongs to a group
*
*/
abstract public static function inGroup($username, $groupName);
/**
* Add a user to a group
*
*/
abstract public static function addToGroup($username, $groupName);
/**
* Generate a random password
*/
abstract public static function generatePassword();
/**
* Get all groups the user belongs to
*
*/
abstract public static function getUserGroups($username);
/**
* Set the password of a user
*
*/
abstract public static function setPassword($username, $password);
/**
* Check the password of a user
*
*/
abstract public static function checkPassword($username, $password);
}

307
inc/User/database.php
Unescape View File

@ -21,307 +21,292 @@
* *
*/ */
require_once $SERVERROOT . '/inc/lib_user.php'; oc_require_once('inc/User/backend.php');
/** /**
* Class for usermanagement in a SQL Database (e.g. MySQL, SQLite) * Class for user management in a SQL Database (e.g. MySQL, SQLite)
* *
*/ */
class OC_USER_DATABASE extends OC_USER_ABSTRACT { class OC_USER_DATABASE extends OC_USER_BACKEND {
/** /**
* Check if the login button is pressed and logg the user in * check if the login button is pressed and logg the user in
* *
*/ */
public static function loginLisener() { public static function loginLisener(){
if ( isset($_POST['loginbutton']) AND isset($_POST['password']) AND isset($_POST['login']) ) { if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
if ( self::login($_POST['login'], $_POST['password']) ) { if(OC_USER::login($_POST['login'],$_POST['password'])){
echo 1; echo 1;
OC_LOG::event($_SESSION['username'], 1, ''); OC_LOG::event($_SESSION['username'],1,'');
echo 2; echo 2;
if ( ( isset($CONFIG_HTTPFORCESSL) AND $CONFIG_HTTPFORCESSL ) if((isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') {
OR ( isset($_SERVER['HTTPS']) AND ('on' === $_SERVER['HTTPS']) ) ) { $url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$url = 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; }else{
} else { $url = "http://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
$url = 'http://'. $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
} }
header('Location: $url'); header("Location: $url");
die(); die();
} else { }else{
return 'error'; return('error');
} }
} }
return(''); return('');
} }
/** /**
* Try to create a new user * try to create a new user
* *
*/ */
public static function createUser($username, $password) { public static function createUser($username,$password){
global $CONFIG_DBTABLEPREFIX; global $CONFIG_DBTABLEPREFIX;
if(OC_USER::getuserid($username,true)!=0){
if ( 0 !== self::getUserId($username, true) ) {
return false; return false;
} else { }else{
$usernameClean = strtolower($username); $usernameclean=strtolower($username);
$password = sha1($password); $password=sha1($password);
$username = OC_DB::escape($username); $username=OC_DB::escape($username);
$usernameClean = OC_DB::escape($usernameClean); $usernameclean=OC_DB::escape($usernameclean);
$query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameClean', '$password')"; $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')";
$result = OC_DB::query($query); $result=OC_DB::query($query);
return ($result)?true:false;
return ($result) ? true : false;
} }
} }
/** /**
* Try to login a user * try to login a user
* *
*/ */
public static function login($username, $password) { public static function login($username,$password){
global $CONFIG_DBTABLEPREFIX; global $CONFIG_DBTABLEPREFIX;
$password = sha1($password); $password=sha1($password);
$usernameClean = strtolower($username); $usernameclean=strtolower($username);
$username = OC_DB::escape($username); $username=OC_DB::escape($username);
$usernameClean = OC_DB::escape($usernameClean); $usernameclean=OC_DB::escape($usernameclean);
$query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameClean' AND user_password = '$password' LIMIT 1"; $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$result = OC_DB::select($query); $result=OC_DB::select($query);
if ( isset($result[0]) AND isset($result[0]['user_id']) ) { if(isset($result[0]) && isset($result[0]['user_id'])){
$_SESSION['user_id'] = $result[0]['user_id']; $_SESSION['user_id']=$result[0]['user_id'];
$_SESSION['username'] = $username; $_SESSION['username']=$username;
$_SESSION['username_clean'] = $usernameClean; $_SESSION['username_clean']=$usernameclean;
return true; return true;
} else { }else{
return false; return false;
} }
} }
/** /**
* Check if the logout button is pressed and logout the user * check if the logout button is pressed and logout the user
* *
*/ */
public static function logoutLisener() { public static function logoutLisener(){
if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
OC_LOG::event($_SESSION['username'], 2, ''); OC_LOG::event($_SESSION['username'],2,'');
$_SESSION['user_id'] = false; $_SESSION['user_id']=false;
$_SESSION['username'] = ''; $_SESSION['username']='';
$_SESSION['username_clean'] = ''; $_SESSION['username_clean']='';
} }
} }
/** /**
* Check if a user is logged in * check if a user is logged in
* *
*/ */
public static function isLoggedIn() { public static function isLoggedIn(){
if ( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) { return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false;
return true;
} else {
return false;
}
} }
/** /**
* Try to create a new group * try to create a new group
* *
*/ */
public static function createGroup($groupName) { public static function createGroup($groupname){
global $CONFIG_DBTABLEPREFIX; global $CONFIG_DBTABLEPREFIX;
if(OC_USER::getgroupid($groupname,true)==0){
if ( 0 === self::getGroupId($groupName, true) ) { $groupname=OC_DB::escape($groupname);
$groupName = OC_DB::escape($groupName); $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupname')";
$query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupName')"; $result=OC_DB::query($query);
$result = OC_DB::query($query); return ($result)?true:false;
}else{
return $result ? true : false;
} else {
return false; return false;
} }
} }
/** /**
* Get the ID of a user * get the id of a user
* *
*/ */
public static function getUserId($username, $noCache=false) { public static function getUserId($username,$nocache=false){
global $CONFIG_DBTABLEPREFIX; global $CONFIG_DBTABLEPREFIX;
$usernameclean=strtolower($username);
$usernameClean = strtolower($username); if(!$nocache and isset($_SESSION['user_id_cache'][$usernameclean])){//try to use cached value to save an sql query
//try to use cached value to save an sql query return $_SESSION['user_id_cache'][$usernameclean];
if ( !$noCache AND isset($_SESSION['user_id_cache'][$usernameClean]) ) { }
return $_SESSION['user_id_cache'][$usernameClean]; $usernameclean=OC_DB::escape($usernameclean);
} $query="SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean'";
$usernameClean = OC_DB::escape($usernameClean); $result=OC_DB::select($query);
$query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameClean'"; if(!is_array($result)){
$result = OC_DB::select($query);
if ( !is_array($result) ) {
return 0; return 0;
} }
if ( isset($result[0]) AND isset($result[0]['user_id']) ) { if(isset($result[0]) && isset($result[0]['user_id'])){
$_SESSION['user_id_cache'][$usernameClean] = $result[0]['user_id']; $_SESSION['user_id_cache'][$usernameclean]=$result[0]['user_id'];
return $result[0]['user_id']; return $result[0]['user_id'];
} else { }else{
return 0; return 0;
} }
} }
/** /**
* Get the ID of a group * get the id of a group
* *
*/ */
public static function getGroupId($groupName, $noCache=false) { public static function getGroupId($groupname,$nocache=false){
global $CONFIG_DBTABLEPREFIX; global $CONFIG_DBTABLEPREFIX;
if(!$nocache and isset($_SESSION['group_id_cache'][$groupname])){//try to use cached value to save an sql query
//try to use cached value to save an sql query return $_SESSION['group_id_cache'][$groupname];
if ( !$noCache AND isset($_SESSION['group_id_cache'][$groupName]) ) { }
return $_SESSION['group_id_cache'][$groupName]; $groupname=OC_DB::escape($groupname);
} $query="SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupname'";
$groupName = OC_DB::escape($groupName); $result=OC_DB::select($query);
$query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupName'"; if(!is_array($result)){
$result = OC_DB::select($query);
if ( !is_array($result) ) {
return 0; return 0;
} }
if ( isset($result[0]) AND isset($result[0]['group_id']) ) { if(isset($result[0]) && isset($result[0]['group_id'])){
$_SESSION['group_id_cache'][$groupName] = $result[0]['group_id']; $_SESSION['group_id_cache'][$groupname]=$result[0]['group_id'];
return $result[0]['group_id']; return $result[0]['group_id'];
} else { }else{
return 0; return 0;
} }
} }
/** /**
* Get the name of a group * get the name of a group
* *
*/ */
public static function getGroupName($groupId, $noCache=false) { public static function getGroupName($groupid,$nocache=false){
global $CONFIG_DBTABLEPREFIX; global $CONFIG_DBTABLEPREFIX;
if($nocache and $name=array_search($groupid,$_SESSION['group_id_cache'])){//try to use cached value to save an sql query
//try to use cached value to save an sql query
if ( !$noCache AND ($name = array_search($groupId,$_SESSION['group_id_cache'])) ) {
return $name; return $name;
} }
$groupId = (integer)$groupId; $groupid=(integer)$groupid;
$query = "SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupId' LIMIT 1"; $query="SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupid' LIMIT 1";
$result = OC_DB::select($query); $result=OC_DB::select($query);
if ( isset($result[0]) AND isset($result[0]['group_name']) ) { if(isset($result[0]) && isset($result[0]['group_name'])){
return $result[0]['group_name']; return $result[0]['group_name'];
} else { }else{
return 0; return 0;
} }
} }
/** /**
* Check if a user belongs to a group * check if a user belongs to a group
* *
*/ */
public static function inGroup($username, $groupName) { public static function inGroup($username,$groupname){
global $CONFIG_DBTABLEPREFIX; global $CONFIG_DBTABLEPREFIX;
$userId = self::getUserId($username); $userid=OC_USER::getuserid($username);
$groupId = self::getGroupId($groupName); $groupid=OC_USER::getgroupid($groupname);
if ( ($groupId > 0) AND ($userId > 0) ) { if($groupid>0 and $userid>0){
$query = "SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupId' AND user_id = '$userId';"; $query="SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupid' AND user_id = '$userid';";
$result = OC_DB::select($query); $result=OC_DB::select($query);
if ( isset($result[0]) AND isset($result[0]['user_group_id']) ) { if(isset($result[0]) && isset($result[0]['user_group_id'])){
return true; return true;
} else { }else{
return false; return false;
} }
} else { }else{
return false; return false;
} }
} }
/** /**
* Add a user to a group * add a user to a group
* *
*/ */
public static function addToGroup($username, $groupName) { public static function addToGroup($username,$groupname){
global $CONFIG_DBTABLEPREFIX; global $CONFIG_DBTABLEPREFIX;
if ( !self::inGroup($username, $groupName) ) { if(!OC_USER::ingroup($username,$groupname)){
$userId = self::getuserid($username); $userid=OC_USER::getuserid($username);
$groupId = self::getgroupid($groupName); $groupid=OC_USER::getgroupid($groupname);
if ( (0 !== $groupId) AND (0 !== $userId) ) { if($groupid!=0 and $userid!=0){
$query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userId', '$groupId');"; $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');";
$result = OC_DB::query($query); $result=OC_DB::query($query);
if ( $result ) { if($result){
return true; return true;
} else { }else{
return false; return false;
} }
} else { }else{
return false; return false;
} }
} else { }else{
return true; return true;
} }
} }
public static function generatePassword() { public static function generatePassword(){
return uniqId(); return uniqid();
} }
/** /**
* Get all groups the user belongs to * get all groups the user belongs to
* *
*/ */
public static function getUserGroups($username) { public static function getUserGroups($username){
global $CONFIG_DBTABLEPREFIX; global $CONFIG_DBTABLEPREFIX;
$userId = self::getUserId($username); $userid=OC_USER::getuserid($username);
$query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userId'"; $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userid'";
$result = OC_DB::select($query); $result=OC_DB::select($query);
$groups = array(); $groups=array();
if ( is_array($result) ) { if(is_array($result)){
foreach ( $result as $group ) { foreach($result as $group){
$groupId = $group['group_id']; $groupid=$group['group_id'];
$groups[] = self::getGroupName($groupId); $groups[]=OC_USER::getgroupname($groupid);
} }
} }
return $groups; return $groups;
} }
/** /**
* Set the password of a user * set the password of a user
* *
*/ */
public static function setPassword($username, $password) { public static function setPassword($username,$password){
global $CONFIG_DBTABLEPREFIX; global $CONFIG_DBTABLEPREFIX;
$password = sha1($password); $password=sha1($password);
$userId = self::getUserId($username); $userid=OC_USER::getuserid($username);
$query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userId'"; $query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userid'";
$result = OC_DB::query($query); $result=OC_DB::query($query);
if($result){
return $result ? true : false; return true;
}else{
return false;
}
} }
/** /**
* Check the password of a user * check the password of a user
* *
*/ */
public static function checkPassword($username, $password) { public static function checkPassword($username,$password){
global $CONFIG_DBTABLEPREFIX; global $CONFIG_DBTABLEPREFIX;
$password = sha1($password); $password=sha1($password);
$usernameClean = strtolower($username); $usernameclean=strtolower($username);
$username = OC_DB::escape($username); $username=OC_DB::escape($username);
$usernameClean = OC_DB::escape($usernameClean); $usernameclean=OC_DB::escape($usernameclean);
$query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameClean' AND user_password = '$password' LIMIT 1"; $query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$result = OC_DB::select($query); $result=OC_DB::select($query);
if ( isset($result[0]) AND isset($result[0]['user_id']) AND ($result[0]['user_id'] > 0) ) { if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){
return true; return true;
} else { }else{
return false; return false;
} }
} }

6
inc/User/ldap.php
Unescape View File

@ -21,13 +21,9 @@
* *
*/ */
require_once $SERVERROOT . '/inc/lib_user.php'; oc_require_once('inc/User/mod_auth.php');
require_once $SERVERROOT . '/inc/User/mod_auth.php';
/**
* Class for usermanagement in a SQL Database (e.g. MySql, SQLite)
*/
class OC_USER_LDAP extends OC_USER_MOD_AUTH { class OC_USER_LDAP extends OC_USER_MOD_AUTH {
} }

101
inc/User/mod_auth.php
Unescape View File

@ -21,55 +21,52 @@
* *
*/ */
require_once $SERVERROOT . '/inc/lib_user.php'; oc_require_once('inc/User/backend.php');
/** /**
* Class for usermanagement in a SQL Database (e.g. MySQL, SQLite) * Class for user management
* *
*/ */
class OC_USER_MOD_AUTH extends OC_USER_ABSTRACT { class OC_USER_MOD_AUTH extends OC_USER_BACKEND {
/** /**
* Check if the login button is pressed and logg the user in * check if the login button is pressed and logg the user in
* *
*/ */
public static function loginLisener() { public static function loginLisener(){
return ''; return('');
} }
/** /**
* Try to create a new user * try to create a new user
* *
*/ */
public static function createUser($username, $password) { public static function createUser($username,$password){
return false; return false;
} }
/** /**
* Try to login a user * try to login a user
* *
*/ */
public static function login($username, $password) { public static function login($username,$password){
if ( isset($_SERVER['PHP_AUTH_USER']) AND ('' !== $_SERVER['PHP_AUTH_USER']) ) { if (isset($_SERVER["PHP_AUTH_USER"]) && $_SERVER["PHP_AUTH_USER"] != "") {
$_SESSION['user_id'] = $_SERVER['PHP_AUTH_USER']; $_SESSION['user_id']= $_SERVER["PHP_AUTH_USER"];
$_SESSION['username'] = $_SERVER['PHP_AUTH_USER']; $_SESSION['username']= $_SERVER["PHP_AUTH_USER"];
$_SESSION['username_clean'] = $_SERVER['PHP_AUTH_USER']; $_SESSION['username_clean']= $_SERVER["PHP_AUTH_USER"];
return true; return true;
} }
return false; return false;
} }
/** /**
* Check if the logout button is pressed and logout the user * check if the logout button is pressed and logout the user
* *
*/ */
public static function logoutLisener() { public static function logoutLisener(){
if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
header('WWW-Authenticate: Basic realm="ownCloud"'); header('WWW-Authenticate: Basic realm="ownCloud"');
header('HTTP/1.0 401 Unauthorized'); header('HTTP/1.0 401 Unauthorized');
die('401 Unauthorized'); die('401 Unauthorized');
@ -77,107 +74,105 @@ class OC_USER_MOD_AUTH extends OC_USER_ABSTRACT {
} }
/** /**
* Check if a user is logged in * check if a user is logged in
* *
*/ */
public static function isLoggedIn() { public static function isLoggedIn(){
if ( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) { if (isset($_SESSION['user_id']) && $_SESSION['user_id']) {
return true;
}
else {
if (isset($_SERVER["PHP_AUTH_USER"]) && $_SERVER["PHP_AUTH_USER"] != "") {
$_SESSION['user_id']= $_SERVER["PHP_AUTH_USER"];
$_SESSION['username']= $_SERVER["PHP_AUTH_USER"];
$_SESSION['username_clean']= $_SERVER["PHP_AUTH_USER"];
return true; return true;
} else {
if ( isset($_SERVER['PHP_AUTH_USER']) AND ('' !== $_SERVER['PHP_AUTH_USER']) ) {
$_SESSION['user_id'] = $_SERVER['PHP_AUTH_USER'];
$_SESSION['username'] = $_SERVER['PHP_AUTH_USER'];
$_SESSION['username_clean'] = $_SERVER['PHP_AUTH_USER'];
return true;;
} }
} }
return false; return false;
} }
/** /**
* Try to create a new group * try to create a new group
* *
*/ */
public static function createGroup($groupName) { public static function createGroup($groupname){
// does not work with MOD_AUTH (only or some modules) // does not work with MOD_AUTH (only or some modules)
return false; return false;
} }
/** /**
* Get the ID of a user * get the id of a user
* *
*/ */
public static function getUserId($username, $noCache=false) { public static function getUserId($username,$nocache=false){
// does not work with MOD_AUTH (only or some modules) // does not work with MOD_AUTH (only or some modules)
return 0; return 0;
} }
/** /**
* Get the ID of a group * get the id of a group
* *
*/ */
public static function getGroupId($groupName, $noCache=false) { public static function getGroupId($groupname,$nocache=false){
// does not work with MOD_AUTH (only or some modules) // does not work with MOD_AUTH (only or some modules)
return 0; return 0;
} }
/** /**
* Get the name of a group * get the name of a group
* *
*/ */
public static function getGroupName($groupId, $noCache=false) { public static function getGroupName($groupid,$nocache=false){
// does not work with MOD_AUTH (only or some modules) // does not work with MOD_AUTH (only or some modules)
return 0; return 0;
} }
/** /**
* Check if a user belongs to a group * check if a user belongs to a group
* *
*/ */
public static function inGroup($username, $groupName) { public static function inGroup($username,$groupname){
// does not work with MOD_AUTH (only or some modules) // does not work with MOD_AUTH (only or some modules)
return false; return false;
} }
/** /**
* Add a user to a group * add a user to a group
* *
*/ */
public static function addToGroup($username, $groupName) { public static function addToGroup($username,$groupname){
// does not work with MOD_AUTH (only or some modules) // does not work with MOD_AUTH (only or some modules)
return false; return false;
} }
public static function generatePassword() { public static function generatePassword(){
return uniqId(); return uniqid();
} }
/** /**
* Get all groups the user belongs to * get all groups the user belongs to
* *
*/ */
public static function getUserGroups($username) { public static function getUserGroups($username){
// does not work with MOD_AUTH (only or some modules) // does not work with MOD_AUTH (only or some modules)
$groups = array(); $groups=array();
return $groups; return $groups;
} }
/** /**
* Set the password of a user * set the password of a user
* *
*/ */
public static function setPassword($username, $password) { public static function setPassword($username,$password){
return false; return false;
} }
/** /**
* Check the password of a user * check the password of a user
* *
*/ */
public static function checkPassword($username, $password) { public static function checkPassword($username,$password){
// does not work with MOD_AUTH (only or some modules) // does not work with MOD_AUTH (only or some modules)
return false; return false;
} }

59
inc/lib_base.php
Unescape View File

@ -48,20 +48,20 @@ if($WEBROOT!='' and $WEBROOT[0]!=='/'){
// set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config'); // set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config');
// define default config values // define default config values
$CONFIG_INSTALLED = false; $CONFIG_INSTALLED=false;
$CONFIG_DATADIRECTORY = $SERVERROOT . '/data'; $CONFIG_DATADIRECTORY=$SERVERROOT.'/data';
$CONFIG_BACKUPDIRECTORY = $SERVERROOT . '/backup'; $CONFIG_BACKUPDIRECTORY=$SERVERROOT.'/backup';
$CONFIG_HTTPFORCESSL = false; $CONFIG_HTTPFORCESSL=false;
$CONFIG_ENABLEBACKUP = false; $CONFIG_ENABLEBACKUP=false;
$CONFIG_DATEFORMAT = 'j M Y G:i'; $CONFIG_DATEFORMAT='j M Y G:i';
$CONFIG_DBNAME = 'owncloud'; $CONFIG_DBNAME='owncloud';
$CONFIG_DBTYPE = 'sqlite'; $CONFIG_DBTYPE='sqlite';
// include the generated configfile // include the generated configfile
@include_once($SERVERROOT . '/config/config.php'); @include_once($SERVERROOT.'/config/config.php');
// Store this in a seperate variable so we can change the data directory to jail users.
$CONFIG_DATADIRECTORY_ROOT = $CONFIG_DATADIRECTORY; $CONFIG_DATADIRECTORY_ROOT=$CONFIG_DATADIRECTORY;// store this in a seperate variable so we can change the data directory to jail users.
// redirect to https site if configured // redirect to https site if configured
if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){ if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){
if(!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') { if(!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') {
@ -86,33 +86,10 @@ oc_require_once('lib_connect.php');
oc_require_once('lib_remotestorage.php'); oc_require_once('lib_remotestorage.php');
// Load the choosen user manager
if ( isset($CONFIG_BACKEND) ) {
switch ( $CONFIG_BACKEND ) {
case 'mysql':
case 'sqlite':
require_once 'User/database.php';
$userManager = new OC_USER_DATABASE();
break;
case 'ldap':
require_once 'User/ldap.php';
$userManager = new OC_USER_LDAP();
break;
default:
require_once 'User/database.php';
$userManager = new OC_USER_DATABASE();
break;
}
} else {
require_once 'User/database.php';
$userManager = new OC_USER_DATABASE();
}
if(!is_dir($CONFIG_DATADIRECTORY_ROOT)){ if(!is_dir($CONFIG_DATADIRECTORY_ROOT)){
@mkdir($CONFIG_DATADIRECTORY_ROOT) or die("Can't create data directory ($CONFIG_DATADIRECTORY_ROOT), you can usually fix this by setting the owner of '$SERVERROOT' to the user that the web server uses (www-data for debian/ubuntu)"); @mkdir($CONFIG_DATADIRECTORY_ROOT) or die("Can't create data directory ($CONFIG_DATADIRECTORY_ROOT), you can usually fix this by setting the owner of '$SERVERROOT' to the user that the web server uses (www-data for debian/ubuntu)");
} }
if ( $userManager::isLoggedIn() ) { if(OC_USER::isLoggedIn()){
//jail the user in a seperate data folder //jail the user in a seperate data folder
$CONFIG_DATADIRECTORY=$CONFIG_DATADIRECTORY_ROOT.'/'.$_SESSION['username_clean']; $CONFIG_DATADIRECTORY=$CONFIG_DATADIRECTORY_ROOT.'/'.$_SESSION['username_clean'];
if(!is_dir($CONFIG_DATADIRECTORY)){ if(!is_dir($CONFIG_DATADIRECTORY)){
@ -151,11 +128,11 @@ if(isset($plugins[0])) foreach($plugins as $plugin) require_once($SERVERROOT.'/p
// check if the server is correctly configured for ownCloud // check if the server is correctly configured for ownCloud
OC_UTIL::checkServer(); OC_UTIL::checkserver();
// listen for login or logout actions // listen for login or logout actions
$userManager::logoutLisener(); OC_USER::logoutlisener();
$loginresult = $userManager::loginLisener(); $loginresult=OC_USER::loginlisener();
/** /**
* Class for utility functions * Class for utility functions
@ -288,11 +265,9 @@ class OC_UTIL {
public static function showNavigation(){ public static function showNavigation(){
global $WEBROOT; global $WEBROOT;
global $SERVERROOT; global $SERVERROOT;
global $userManager;
echo('<table class="center" cellpadding="5" cellspacing="0" border="0"><tr>'); echo('<table class="center" cellpadding="5" cellspacing="0" border="0"><tr>');
echo('<td class="navigationitem1"><a href="'.$WEBROOT.'/">'.$_SESSION['username'].'</a></td>'); echo('<td class="navigationitem1"><a href="'.$WEBROOT.'/">'.$_SESSION['username'].'</a></td>');
if ($_SERVER['SCRIPT_NAME']==$WEBROOT.'/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/">Files</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/">Files</a></td>'); if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/">Files</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/">Files</a></td>');
foreach(OC_UTIL::$NAVIGATION as $NAVI) { foreach(OC_UTIL::$NAVIGATION as $NAVI) {
if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo('<td class="navigationitemselected"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>'); if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo('<td class="navigationitemselected"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>');
@ -300,7 +275,7 @@ class OC_UTIL {
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>'); if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>');
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>');
if ( $userManager::inGroup($_SESSION['username'], 'admin') ) { if(OC_USER::ingroup($_SESSION['username'],'admin')){
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>'); if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>');
} }
echo('<td class="navigationitem"><a href="?logoutbutton=1">Logout</a></td>'); echo('<td class="navigationitem"><a href="?logoutbutton=1">Logout</a></td>');

85
inc/lib_config.php
Unescape View File

@ -1,7 +1,5 @@
<?php <?php
class OC_CONFIG{
class OC_CONFIG {
/** /**
* show the configform * show the configform
* *
@ -29,61 +27,53 @@ class OC_CONFIG {
global $CONFIG_DBNAME; global $CONFIG_DBNAME;
global $CONFIG_DBTABLEPREFIX; global $CONFIG_DBTABLEPREFIX;
global $CONFIG_INSTALLED; global $CONFIG_INSTALLED;
$allow=false;
global $userManager; if(!$CONFIG_INSTALLED){
$allow=true;
$allow = false; }elseif(OC_USER::isLoggedIn()){
if ( !$CONFIG_INSTALLED ) { if(OC_USER::ingroup($_SESSION['username'],'admin')){
$allow = true; $allow=true;
} elseif ( $userManager::isLoggedIn() ) {
if ( $userManager::inGroup($_SESSION['username'], 'admin') ) {
$allow = true;
} }
} }
if($allow){
if ( $allow ) {
oc_require('templates/adminform.php'); oc_require('templates/adminform.php');
} }
} }
public static function createUserLisener(){ public static function createUserLisener(){
global $userManager; if(OC_USER::isLoggedIn()){
if(OC_USER::ingroup($_SESSION['username'],'admin')){
if ( $userManager::isLoggedIn() ) { if(isset($_POST['new_username']) and isset($_POST['new_password'])){
if ( $userManager::ingroup($_SESSION['username'], 'admin') ) { if(OC_USER::createuser($_POST['new_username'],$_POST['new_password'])){
if ( isset($_POST['new_username']) AND isset($_POST['new_password']) ) {
if ( $userManager::createUser($_POST['new_username'], $_POST['new_password']) ) {
return 'user successfully created'; return 'user successfully created';
} else { }else{
return 'error while trying to create user'; return 'error while trying to create user';
} }
}else{ }else{
return false; return false;
} }
} else { }else{
return false; return false;
} }
} }
} }
public static function createGroupLisener() { public static function createGroupLisener(){
global $userManager; if(OC_USER::isLoggedIn()){
if(isset($_POST['creategroup']) and $_POST['creategroup']==1){
if ( $userManager::isLoggedIn() ) { if(OC_USER::creategroup($_POST['groupname'])){
if ( isset($_POST['creategroup']) AND 1==$_POST['creategroup'] ) { if(OC_USER::addtogroup($_SESSION['username'],$_POST['groupname'])){
if ( $userManager::createGroup($_POST['groupname']) ) {
if ( $userManager::addTogroup($_SESSION['username'], $_POST['groupname']) ) {
return 'group successfully created'; return 'group successfully created';
} else { }else{
return 'error while trying to add user to the new created group'; return 'error while trying to add user to the new created group';
} }
} else { }else{
return 'error while trying to create group'; return 'error while trying to create group';
} }
} else { }else{
return false; return false;
} }
} else { }else{
return false; return false;
} }
} }
@ -93,13 +83,11 @@ class OC_CONFIG {
* lisen for configuration changes * lisen for configuration changes
* *
*/ */
public static function configLisener() { public static function configLisener(){
global $userManager; if(OC_USER::isLoggedIn()){
if($userManager::isLoggedIn()){
if(isset($_POST['config']) and $_POST['config']==1){ if(isset($_POST['config']) and $_POST['config']==1){
$error=''; $error='';
if(!$userManager::checkpassword($_SESSION['username'],$_POST['currentpassword'])){ if(!OC_USER::checkpassword($_SESSION['username'],$_POST['currentpassword'])){
$error.='wrong password<br />'; $error.='wrong password<br />';
}else{ }else{
if(isset($_POST['changepass']) and $_POST['changepass']==1){ if(isset($_POST['changepass']) and $_POST['changepass']==1){
@ -107,7 +95,7 @@ class OC_CONFIG {
if(!isset($_POST['password2']) or empty($_POST['password2'])) $error.='retype password not set<br />'; if(!isset($_POST['password2']) or empty($_POST['password2'])) $error.='retype password not set<br />';
if($_POST['password']<>$_POST['password2'] ) $error.='passwords are not the same<br />'; if($_POST['password']<>$_POST['password2'] ) $error.='passwords are not the same<br />';
if(empty($error)){ if(empty($error)){
if(!$userManager::setpassword($_SESSION['username'],$_POST['password'])){ if(!OC_USER::setpassword($_SESSION['username'],$_POST['password'])){
$error.='error while trying to set password<br />'; $error.='error while trying to set password<br />';
} }
} }
@ -155,13 +143,11 @@ class OC_CONFIG {
*/ */
public static function writeAdminLisener(){ public static function writeAdminLisener(){
global $CONFIG_INSTALLED; global $CONFIG_INSTALLED;
global $userManager;
$allow=false; $allow=false;
if(!$CONFIG_INSTALLED){ if(!$CONFIG_INSTALLED){
$allow=true; $allow=true;
}elseif($userManager::isLoggedIn()){ }elseif(OC_USER::isLoggedIn()){
if($userManager::ingroup($_SESSION['username'],'admin')){ if(OC_USER::ingroup($_SESSION['username'],'admin')){
$allow=true; $allow=true;
} }
} }
@ -184,7 +170,7 @@ class OC_CONFIG {
$error=''; $error='';
$FIRSTRUN=!$CONFIG_INSTALLED; $FIRSTRUN=!$CONFIG_INSTALLED;
if(!$FIRSTRUN){ if(!$FIRSTRUN){
if(!$userManager::login($_SESSION['username'],$_POST['currentpassword'])){ if(!OC_USER::login($_SESSION['username'],$_POST['currentpassword'])){
$error.='wrong password<br />'; $error.='wrong password<br />';
} }
} }
@ -262,15 +248,15 @@ class OC_CONFIG {
} }
} }
if($FIRSTRUN){ if($FIRSTRUN){
if(!$userManager::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !$userManager::login($_POST['adminlogin'],$_POST['adminpassword'])){ if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){
$error.='error while trying to create the admin user<br/>'; $error.='error while trying to create the admin user<br/>';
} }
if($userManager::getgroupid('admin')==0){ if(OC_USER::getgroupid('admin')==0){
if(!$userManager::creategroup('admin')){ if(!OC_USER::creategroup('admin')){
$error.='error while trying to create the admin group<br/>'; $error.='error while trying to create the admin group<br/>';
} }
} }
if(!$userManager::addtogroup($_POST['adminlogin'],'admin')){ if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){
$error.='error while trying to add the admin user to the admin group<br/>'; $error.='error while trying to add the admin user to the admin group<br/>';
} }
} }
@ -379,3 +365,6 @@ class OC_CONFIG {
} }
} }
} }
?>

126
inc/lib_user.php
Unescape View File

@ -21,6 +21,8 @@
* *
*/ */
global $CONFIG_BACKEND;
if ( !$CONFIG_INSTALLED ) { if ( !$CONFIG_INSTALLED ) {
@ -29,7 +31,7 @@ if ( !$CONFIG_INSTALLED ) {
$_SESSION['username_clean'] = ''; $_SESSION['username_clean'] = '';
} }
// Cache the userid's an groupid's //cache the userid's an groupid's
if ( !isset($_SESSION['user_id_cache']) ) { if ( !isset($_SESSION['user_id_cache']) ) {
$_SESSION['user_id_cache'] = array(); $_SESSION['user_id_cache'] = array();
} }
@ -37,98 +39,158 @@ if ( !isset($_SESSION['group_id_cache']) ) {
$_SESSION['group_id_cache'] = array(); $_SESSION['group_id_cache'] = array();
} }
OC_USER::setBackend($CONFIG_BACKEND);
/** /**
* Class for user management * Class for User Management
* *
*/ */
abstract class OC_USER_ABSTRACT { class OC_USER {
// The backend used for user management
private static $_backend;
/**
* Set the User Authentication Module
*/
public static function setBackend($backend='database') {
if ( (null === $backend) OR (!is_string($backend)) ) {
$backend = 'database';
}
switch ( $backend ) {
case 'mysql':
case 'sqlite':
oc_require_once('inc/User/database.php');
self::$_backend = new OC_USER_DATABASE();
break;
case 'ldap':
oc_require_once('inc/User/ldap.php');
self::$_backend = new OC_USER_LDAP();
break;
default:
oc_require_once('inc/User/database.php');
self::$_backend = new OC_USER_DATABASE();
break;
}
}
/** /**
* Check if the login button is pressed and logg the user in * check if the login button is pressed and logg the user in
* *
*/ */
abstract public static function loginLisener(); public static function loginLisener() {
return self::$_backend->loginLisener();
}
/** /**
* Try to create a new user * try to create a new user
* *
*/ */
abstract public static function createUser($username, $password); public static function createUser($username, $password) {
return self::$_backend->createUser($username, $password);
}
/** /**
* Try to login a user * try to login a user
* *
*/ */
abstract public static function login($username, $password); public static function login($username, $password) {
return self::$_backend->login($username, $password);
}
/** /**
* Check if the logout button is pressed and logout the user * check if the logout button is pressed and logout the user
* *
*/ */
abstract public static function logoutLisener(); public static function logoutLisener() {
return self::$_backend->logoutLisener();
}
/** /**
* Check if a user is logged in * check if a user is logged in
* *
*/ */
abstract public static function isLoggedIn(); public static function isLoggedIn() {
return self::$_backend->isLoggedIn();
}
/** /**
* Try to create a new group * try to create a new group
* *
*/ */
abstract public static function createGroup($groupName); public static function createGroup($groupName) {
return self::$_backend->createGroup($groupName);
}
/** /**
* Get the ID of a user * get the id of a user
* *
*/ */
abstract public static function getUserId($username, $noCache=false); public static function getUserId($username, $noCache=false) {
return self::$_backend->getUserId($username, $noCache=false);
}
/** /**
* Get the ID of a group * get the id of a group
* *
*/ */
abstract public static function getGroupId($groupName, $noCache=false); public static function getGroupId($groupName, $noCache=false) {
return self::$_backend->getGroupId($groupName, $noCache=false);
}
/** /**
* Get the name of a group * get the name of a group
* *
*/ */
abstract public static function getGroupName($groupId, $noCache=false); public static function getGroupName($groupId, $noCache=false) {
return self::$_backend->getGroupName($groupId, $noCache=false);
}
/** /**
* Check if a user belongs to a group * check if a user belongs to a group
* *
*/ */
abstract public static function inGroup($username, $groupName); public static function inGroup($username, $groupName) {
return self::$_backend->inGroup($username, $groupName);
}
/** /**
* Add a user to a group * add a user to a group
* *
*/ */
abstract public static function addToGroup($username, $groupName); public static function addToGroup($username, $groupName) {
return self::$_backend->addToGroup($username, $groupName);
}
abstract public static function generatePassword(); public static function generatePassword() {
return uniqId();
}
/** /**
* Get all groups the user belongs to * get all groups the user belongs to
* *
*/ */
abstract public static function getUserGroups($username); public static function getUserGroups($username) {
return self::$_backend->getUserGroups($username);
}
/** /**
* Set the password of a user * set the password of a user
* *
*/ */
abstract public static function setPassword($username, $password); public static function setPassword($username, $password) {
return self::$_backend->setPassword($username, $password);
}
/** /**
* Check the password of a user * check the password of a user
* *
*/ */
abstract public static function checkPassword($username, $password); public static function checkPassword($username, $password) {
return self::$_backend->checkPassword($username, $password);
}
} }

Write Preview
Loading…
Cancel
Save