open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

OC_USER now is an abstract class (OC_USER_ABSTRACT)

Browse Source 
At start the choosen user manager is created
(e.g. OC_USER_DATABASE, OC_USER_LDAP)
and put into the global variable `$userManager`.

This is the variable to use instead of `OC_USER` class.

TODO: A better name than $userManager?
remotes/origin/stable
Aldo "xoen" Giambelluca 16 years ago
parent 9c124a8dbf
commit 9fe46ef093
6 changed files with 154 additions and 179 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 26
      inc/User/database.php
  2. 3
      inc/User/ldap.php
  3. 4
      inc/User/mod_auth.php
  4. 87
      inc/lib_base.php
  5. 115
      inc/lib_config.php
  6. 98
      inc/lib_user.php

26
inc/User/database.php
Unescape View File

@ -21,13 +21,15 @@
*
*/
require_once $SERVERROOT . '/inc/lib_user.php';
/**
* Class for usermanagement in a SQL Database (e.g. MySQL, SQLite)
*
*/
class OC_USER_Database extends OC_USER {
class OC_USER_DATABASE extends OC_USER_ABSTRACT {
/**
* Check if the login button is pressed and logg the user in
@ -35,7 +37,7 @@ class OC_USER_Database extends OC_USER {
*/
public static function loginLisener() {
if ( isset($_POST['loginbutton']) AND isset($_POST['password']) AND isset($_POST['login']) ) {
if ( OC_USER::login($_POST['login'], $_POST['password']) ) {
if ( self::login($_POST['login'], $_POST['password']) ) {
echo 1;
OC_LOG::event($_SESSION['username'], 1, '');
echo 2;
@ -62,7 +64,7 @@ class OC_USER_Database extends OC_USER {
public static function createUser($username, $password) {
global $CONFIG_DBTABLEPREFIX;
if ( 0 !== OC_USER::getUserId($username, true) ) {
if ( 0 !== self::getUserId($username, true) ) {
return false;
} else {
$usernameClean = strtolower($username);
@ -132,7 +134,7 @@ class OC_USER_Database extends OC_USER {
public static function createGroup($groupName) {
global $CONFIG_DBTABLEPREFIX;
if ( 0 === OC_USER::getGroupId($groupName, true) ) {
if ( 0 === self::getGroupId($groupName, true) ) {
$groupName = OC_DB::escape($groupName);
$query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupName')";
$result = OC_DB::query($query);
@ -223,8 +225,8 @@ class OC_USER_Database extends OC_USER {
public static function inGroup($username, $groupName) {
global $CONFIG_DBTABLEPREFIX;
$userId = OC_USER::getUserId($username);
$groupId = OC_USER::getGroupId($groupName);
$userId = self::getUserId($username);
$groupId = self::getGroupId($groupName);
if ( ($groupId > 0) AND ($userId > 0) ) {
$query = "SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupId' AND user_id = '$userId';";
$result = OC_DB::select($query);
@ -245,9 +247,9 @@ class OC_USER_Database extends OC_USER {
public static function addToGroup($username, $groupName) {
global $CONFIG_DBTABLEPREFIX;
if ( !OC_USER::inGroup($username, $groupName) ) {
$userId = OC_USER::getuserid($username);
$groupId = OC_USER::getgroupid($groupName);
if ( !self::inGroup($username, $groupName) ) {
$userId = self::getuserid($username);
$groupId = self::getgroupid($groupName);
if ( (0 !== $groupId) AND (0 !== $userId) ) {
$query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userId', '$groupId');";
$result = OC_DB::query($query);
@ -275,14 +277,14 @@ class OC_USER_Database extends OC_USER {
public static function getUserGroups($username) {
global $CONFIG_DBTABLEPREFIX;
$userId = OC_USER::getUserId($username);
$userId = self::getUserId($username);
$query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userId'";
$result = OC_DB::select($query);
$groups = array();
if ( is_array($result) ) {
foreach ( $result as $group ) {
$groupId = $group['group_id'];
$groups[] = OC_USER::getGroupName($groupId);
$groups[] = self::getGroupName($groupId);
}
}
@ -297,7 +299,7 @@ class OC_USER_Database extends OC_USER {
global $CONFIG_DBTABLEPREFIX;
$password = sha1($password);
$userId = OC_USER::getUserId($username);
$userId = self::getUserId($username);
$query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userId'";
$result = OC_DB::query($query);

3
inc/User/ldap.php
Unescape View File

@ -21,7 +21,8 @@
*
*/
require_once 'mod_auth.php';
require_once $SERVERROOT . '/inc/lib_user.php';
require_once $SERVERROOT . '/inc/User/mod_auth.php';

4
inc/User/mod_auth.php
Unescape View File

@ -21,13 +21,15 @@
*
*/
require_once $SERVERROOT . '/inc/lib_user.php';
/**
* Class for usermanagement in a SQL Database (e.g. MySQL, SQLite)
*
*/
class OC_USER_MOD_AUTH extends OC_USER {
class OC_USER_MOD_AUTH extends OC_USER_ABSTRACT {
/**
* Check if the login button is pressed and logg the user in

87
inc/lib_base.php
Unescape View File

@ -48,20 +48,20 @@ if($WEBROOT!='' and $WEBROOT[0]!=='/'){
// set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config');
// define default config values
$CONFIG_INSTALLED=false;
$CONFIG_DATADIRECTORY=$SERVERROOT.'/data';
$CONFIG_BACKUPDIRECTORY=$SERVERROOT.'/backup';
$CONFIG_HTTPFORCESSL=false;
$CONFIG_ENABLEBACKUP=false;
$CONFIG_DATEFORMAT='j M Y G:i';
$CONFIG_DBNAME='owncloud';
$CONFIG_DBTYPE='sqlite';
$CONFIG_INSTALLED = false;
$CONFIG_DATADIRECTORY = $SERVERROOT . '/data';
$CONFIG_BACKUPDIRECTORY = $SERVERROOT . '/backup';
$CONFIG_HTTPFORCESSL = false;
$CONFIG_ENABLEBACKUP = false;
$CONFIG_DATEFORMAT = 'j M Y G:i';
$CONFIG_DBNAME = 'owncloud';
$CONFIG_DBTYPE = 'sqlite';
// include the generated configfile
@include_once($SERVERROOT.'/config/config.php');
@include_once($SERVERROOT . '/config/config.php');
$CONFIG_DATADIRECTORY_ROOT=$CONFIG_DATADIRECTORY;// store this in a seperate variable so we can change the data directory to jail users.
// Store this in a seperate variable so we can change the data directory to jail users.
$CONFIG_DATADIRECTORY_ROOT = $CONFIG_DATADIRECTORY;
// redirect to https site if configured
if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){
if(!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') {
@ -86,10 +86,33 @@ oc_require_once('lib_connect.php');
oc_require_once('lib_remotestorage.php');
// Load the choosen user manager
if ( isset($CONFIG_BACKEND) ) {
switch ( $CONFIG_BACKEND ) {
case 'mysql':
case 'sqlite':
require_once 'User/database.php';
$userManager = new OC_USER_DATABASE();
break;
case 'ldap':
require_once 'User/ldap.php';
$userManager = new OC_USER_LDAP();
break;
default:
require_once 'User/database.php';
$userManager = new OC_USER_DATABASE();
break;
}
} else {
require_once 'User/database.php';
$userManager = new OC_USER_DATABASE();
}
if(!is_dir($CONFIG_DATADIRECTORY_ROOT)){
@mkdir($CONFIG_DATADIRECTORY_ROOT) or die("Can't create data directory ($CONFIG_DATADIRECTORY_ROOT), you can usually fix this by setting the owner of '$SERVERROOT' to the user that the web server uses (www-data for debian/ubuntu)");
}
if(OC_USER::isLoggedIn()){
if ( $userManager::isLoggedIn() ) {
//jail the user in a seperate data folder
$CONFIG_DATADIRECTORY=$CONFIG_DATADIRECTORY_ROOT.'/'.$_SESSION['username_clean'];
if(!is_dir($CONFIG_DATADIRECTORY)){
@ -128,11 +151,11 @@ if(isset($plugins[0])) foreach($plugins as $plugin) require_once($SERVERROOT.'/p
// check if the server is correctly configured for ownCloud
OC_UTIL::checkserver();
OC_UTIL::checkServer();
// listen for login or logout actions
OC_USER::logoutlisener();
$loginresult=OC_USER::loginlisener();
$userManager::logoutLisener();
$loginresult = $userManager::loginLisener();
/**
* Class for utility functions
@ -262,25 +285,27 @@ class OC_UTIL {
* show the main navigation
*
*/
public static function showNavigation(){
global $WEBROOT;
global $SERVERROOT;
echo('<table class="center" cellpadding="5" cellspacing="0" border="0"><tr>');
echo('<td class="navigationitem1"><a href="'.$WEBROOT.'/">'.$_SESSION['username'].'</a></td>');
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/">Files</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/">Files</a></td>');
public static function showNavigation(){
global $WEBROOT;
global $SERVERROOT;
global $userManager;
foreach(OC_UTIL::$NAVIGATION as $NAVI) {
if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo('<td class="navigationitemselected"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>');
}
echo('<table class="center" cellpadding="5" cellspacing="0" border="0"><tr>');
echo('<td class="navigationitem1"><a href="'.$WEBROOT.'/">'.$_SESSION['username'].'</a></td>');
if ($_SERVER['SCRIPT_NAME']==$WEBROOT.'/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/">Files</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/">Files</a></td>');
foreach(OC_UTIL::$NAVIGATION as $NAVI) {
if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo('<td class="navigationitemselected"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>');
}
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>');
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>');
if(OC_USER::ingroup($_SESSION['username'],'admin')){
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>');
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>');
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>');
if ( $userManager::inGroup($_SESSION['username'], 'admin') ) {
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>');
}
echo('<td class="navigationitem"><a href="?logoutbutton=1">Logout</a></td>');
echo('</tr></table>');
}
echo('<td class="navigationitem"><a href="?logoutbutton=1">Logout</a></td>');
echo('</tr></table>');
}
/**

115
inc/lib_config.php
Unescape View File

@ -1,5 +1,7 @@
<?php
class OC_CONFIG{
class OC_CONFIG {
/**
* show the configform
*
@ -14,66 +16,74 @@ class OC_CONFIG{
oc_require('templates/configform.php');
}
/**
* show the configform
*
*/
public static function showAdminForm(){
global $CONFIG_ADMINLOGIN;
global $CONFIG_ADMINPASSWORD;
global $CONFIG_DATADIRECTORY;
global $CONFIG_HTTPFORCESSL;
global $CONFIG_DATEFORMAT;
global $CONFIG_DBNAME;
global $CONFIG_DBTABLEPREFIX;
global $CONFIG_INSTALLED;
$allow=false;
if(!$CONFIG_INSTALLED){
$allow=true;
}elseif(OC_USER::isLoggedIn()){
if(OC_USER::ingroup($_SESSION['username'],'admin')){
$allow=true;
/**
* show the configform
*
*/
public static function showAdminForm(){
global $CONFIG_ADMINLOGIN;
global $CONFIG_ADMINPASSWORD;
global $CONFIG_DATADIRECTORY;
global $CONFIG_HTTPFORCESSL;
global $CONFIG_DATEFORMAT;
global $CONFIG_DBNAME;
global $CONFIG_DBTABLEPREFIX;
global $CONFIG_INSTALLED;
global $userManager;
$allow = false;
if ( !$CONFIG_INSTALLED ) {
$allow = true;
} elseif ( $userManager::isLoggedIn() ) {
if ( $userManager::inGroup($_SESSION['username'], 'admin') ) {
$allow = true;
}
}
if($allow){
oc_require('templates/adminform.php');
if ( $allow ) {
oc_require('templates/adminform.php');
}
}
}
public static function createUserLisener(){
if(OC_USER::isLoggedIn()){
if(OC_USER::ingroup($_SESSION['username'],'admin')){
if(isset($_POST['new_username']) and isset($_POST['new_password'])){
if(OC_USER::createuser($_POST['new_username'],$_POST['new_password'])){
global $userManager;
if ( $userManager::isLoggedIn() ) {
if ( $userManager::ingroup($_SESSION['username'], 'admin') ) {
if ( isset($_POST['new_username']) AND isset($_POST['new_password']) ) {
if ( $userManager::createUser($_POST['new_username'], $_POST['new_password']) ) {
return 'user successfully created';
}else{
} else {
return 'error while trying to create user';
}
}else{
return false;
}
}else{
} else {
return false;
}
}
}
public static function createGroupLisener(){
if(OC_USER::isLoggedIn()){
if(isset($_POST['creategroup']) and $_POST['creategroup']==1){
if(OC_USER::creategroup($_POST['groupname'])){
if(OC_USER::addtogroup($_SESSION['username'],$_POST['groupname'])){
public static function createGroupLisener() {
global $userManager;
if ( $userManager::isLoggedIn() ) {
if ( isset($_POST['creategroup']) AND 1==$_POST['creategroup'] ) {
if ( $userManager::createGroup($_POST['groupname']) ) {
if ( $userManager::addTogroup($_SESSION['username'], $_POST['groupname']) ) {
return 'group successfully created';
}else{
} else {
return 'error while trying to add user to the new created group';
}
}else{
} else {
return 'error while trying to create group';
}
}else{
} else {
return false;
}
}else{
} else {
return false;
}
}
@ -83,11 +93,13 @@ class OC_CONFIG{
* lisen for configuration changes
*
*/
public static function configLisener(){
if(OC_USER::isLoggedIn()){
public static function configLisener() {
global $userManager;
if($userManager::isLoggedIn()){
if(isset($_POST['config']) and $_POST['config']==1){
$error='';
if(!OC_USER::checkpassword($_SESSION['username'],$_POST['currentpassword'])){
if(!$userManager::checkpassword($_SESSION['username'],$_POST['currentpassword'])){
$error.='wrong password<br />';
}else{
if(isset($_POST['changepass']) and $_POST['changepass']==1){
@ -95,7 +107,7 @@ class OC_CONFIG{
if(!isset($_POST['password2']) or empty($_POST['password2'])) $error.='retype password not set<br />';
if($_POST['password']<>$_POST['password2'] ) $error.='passwords are not the same<br />';
if(empty($error)){
if(!OC_USER::setpassword($_SESSION['username'],$_POST['password'])){
if(!$userManager::setpassword($_SESSION['username'],$_POST['password'])){
$error.='error while trying to set password<br />';
}
}
@ -143,11 +155,13 @@ class OC_CONFIG{
*/
public static function writeAdminLisener(){
global $CONFIG_INSTALLED;
global $userManager;
$allow=false;
if(!$CONFIG_INSTALLED){
$allow=true;
}elseif(OC_USER::isLoggedIn()){
if(OC_USER::ingroup($_SESSION['username'],'admin')){
}elseif($userManager::isLoggedIn()){
if($userManager::ingroup($_SESSION['username'],'admin')){
$allow=true;
}
}
@ -170,7 +184,7 @@ class OC_CONFIG{
$error='';
$FIRSTRUN=!$CONFIG_INSTALLED;
if(!$FIRSTRUN){
if(!OC_USER::login($_SESSION['username'],$_POST['currentpassword'])){
if(!$userManager::login($_SESSION['username'],$_POST['currentpassword'])){
$error.='wrong password<br />';
}
}
@ -248,15 +262,15 @@ class OC_CONFIG{
}
}
if($FIRSTRUN){
if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){
if(!$userManager::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !$userManager::login($_POST['adminlogin'],$_POST['adminpassword'])){
$error.='error while trying to create the admin user<br/>';
}
if(OC_USER::getgroupid('admin')==0){
if(!OC_USER::creategroup('admin')){
if($userManager::getgroupid('admin')==0){
if(!$userManager::creategroup('admin')){
$error.='error while trying to create the admin group<br/>';
}
}
if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){
if(!$userManager::addtogroup($_POST['adminlogin'],'admin')){
$error.='error while trying to add the admin user to the admin group<br/>';
}
}
@ -365,6 +379,3 @@ class OC_CONFIG{
}
}
}
?>

98
inc/lib_user.php
Unescape View File

@ -43,158 +43,92 @@ if ( !isset($_SESSION['group_id_cache']) ) {
* Class for user management
*
*/
class OC_USER {
public static $classType;
abstract class OC_USER_ABSTRACT {
/**
* Check if the login button is pressed and logg the user in
*
*/
public static function loginLisener() {
return self::$classType->loginLisener();
}
abstract public static function loginLisener();
/**
* Try to create a new user
*
*/
public static function createUser($username, $password) {
return self::$classType->createUser($username, $password);
}
abstract public static function createUser($username, $password);
/**
* Try to login a user
*
*/
public static function login($username, $password) {
return self::$classType->login($username, $password);
}
abstract public static function login($username, $password);
/**
* Check if the logout button is pressed and logout the user
*
*/
public static function logoutLisener() {
return self::$classType->logoutLisener();
}
abstract public static function logoutLisener();
/**
* Check if a user is logged in
*
*/
public static function isLoggedIn() {
return self::$classType->isLoggedIn();
}
abstract public static function isLoggedIn();
/**
* Try to create a new group
*
*/
public static function createGroup($groupName) {
return self::$classType->createGroup($groupName);
}
abstract public static function createGroup($groupName);
/**
* Get the ID of a user
*
*/
public static function getUserId($username, $noCache=false) {
return self::$classType->getUserId($username, $noCache);
}
abstract public static function getUserId($username, $noCache=false);
/**
* Get the ID of a group
*
*/
public static function getGroupId($groupName, $noCache=false) {
return self::$classType->getGroupId($groupName, $noCache);
}
abstract public static function getGroupId($groupName, $noCache=false);
/**
* Get the name of a group
*
*/
public static function getGroupName($groupId, $noCache=false) {
return self::$classType->getGroupName($groupId, $noCache);
}
abstract public static function getGroupName($groupId, $noCache=false);
/**
* Check if a user belongs to a group
*
*/
public static function inGroup($username, $groupName) {
return self::$classType->inGroup($username, $groupName);
}
abstract public static function inGroup($username, $groupName);
/**
* Add a user to a group
*
*/
public static function addToGroup($username, $groupName) {
return self::$classType->addToGroup($username, $groupName);
}
abstract public static function addToGroup($username, $groupName);
public static function generatePassword() {
return uniqId();
}
abstract public static function generatePassword();
/**
* Get all groups the user belongs to
*
*/
public static function getUserGroups($username) {
return self::$classType->getUserGroups($username);
}
abstract public static function getUserGroups($username);
/**
* Set the password of a user
*
*/
public static function setPassword($username, $password) {
return self::$classType->setPassword($username, $password);
}
abstract public static function setPassword($username, $password);
/**
* Check the password of a user
*
*/
public static function checkPassword($username, $password) {
return self::$classType->checkPassword($username, $password);
}
}
abstract public static function checkPassword($username, $password);
/**
* Funtion to set the User Authentication Module
*/
function set_OC_USER() {
global $CONFIG_BACKEND;
if ( isset($CONFIG_BACKEND) ) {
switch ( $CONFIG_BACKEND ) {
case 'mysql':
case 'sqlite':
require_once 'User/database.php';
OC_USER::$classType = new OC_USER_Database();
break;
case 'ldap':
require_once 'User/ldap.php';
OC_USER::$classType = new OC_USER_LDAP();
break;
default:
require_once 'User/database.php';
OC_USER::$classType = new OC_USER_Database();
break;
}
} else {
require_once 'User/database.php';
OC_USER::$classType = new OC_USER_Database();
}
}
set_OC_USER();

Write Preview
Loading…
Cancel
Save