open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge commit 'refs/merge-requests/27' of git://gitorious.org/owncloud/owncloud into merge

Browse Source 
Conflicts:
	inc/HTTP/WebDAV/Server/Filesystem.php
	inc/lib_config.php
	inc/lib_log.php
	inc/lib_user.php
	inc/templates/adminform.php
remotes/origin/stable
Robin Appelman 15 years ago
parent 845d534144 76672fe037
commit a73fbc5e32
10 changed files with 70 additions and 31 deletions
  1. 0
      .gitignore
  2. 0
      config/.gitignore
  3. 1
      config/config.sample.php
  4. 0
      css/small.php
  5. 36
      inc/HTTP/WebDAV/Server/Filesystem.php
  6. 5
      inc/lib_config.php
  7. 13
      inc/lib_log.php
  8. 5
      inc/lib_ocs.php
  9. 39
      inc/lib_user.php
  10. 2
      inc/templates/adminform.php

0
.gitignore vendored
Unescape View File

0
config/.gitignore vendored
Unescape View File

1
config/config.sample.php
Unescape View File

@ -8,4 +8,5 @@ $CONFIG_DBHOST='localhost';
$CONFIG_DBNAME='owncloud-db-name';
$CONFIG_DBUSER='user-name';
$CONFIG_DBPASSWORD='password';
$CONFIG_DBTABLEPREFIX = 'oc_';
?>

0
css/small.php
Unescape View File

36
inc/HTTP/WebDAV/Server/Filesystem.php
Unescape View File

@ -150,6 +150,8 @@
*/
function fileinfo($path)
{
global $CONFIG_DBTABLEPREFIX;
// map URI path to filesystem path
$fspath =$path;
@ -183,7 +185,7 @@
$info["props"][] = $this->mkprop("getcontentlength", OC_FILESYSTEM::filesize($fspath));
}
// get additional properties from database
$query = "SELECT ns, name, value FROM properties WHERE path = '$path'";
$query = "SELECT ns, name, value FROM {$CONFIG_DBTABLEPREFIX}properties WHERE path = '$path'";
$res = OC_DB::select($query);
foreach($res as $row){
$info["props"][] = $this->mkprop($row["ns"], $row["name"], $row["value"]);
@ -389,6 +391,7 @@
*/
function DELETE($options)
{
global $CONFIG_DBTABLEPREFIX;
$path =$options["path"];
if (!OC_FILESYSTEM::file_exists($path)) {
return "404 Not found";
@ -402,13 +405,13 @@
}
}
if (OC_FILESYSTEM::is_dir($path)) {
$query = "DELETE FROM properties WHERE path LIKE '".$this->_slashify($options["path"])."%'";
$query = "DELETE FROM {$CONFIG_DBTABLEPREFIX}properties WHERE path LIKE '".$this->_slashify($options["path"])."%'";
OC_DB::query($query);
OC_FILESYSTEM::delTree($path);
} else {
OC_FILESYSTEM::unlink($path);
}
$query = "DELETE FROM properties WHERE path = '$options[path]'";
$query = "DELETE FROM {$CONFIG_DBTABLEPREFIX}properties WHERE path = '$options[path]'";
OC_DB::query($query);
return "204 No Content";
@ -435,6 +438,7 @@
function COPY($options, $del=false)
{
// TODO Property updates still broken (Litmus should detect this?)
global $CONFIG_DBTABLEPREFIX;
if (!empty($this->_SERVER["CONTENT_LENGTH"])) { // no body parsing yet
return "415 Unsupported media type";
@ -508,13 +512,13 @@
}
$destpath = $this->_unslashify($options["dest"]);
if (is_dir($source)) {
$query = "UPDATE properties
$query = "UPDATE {$CONFIG_DBTABLEPREFIX}properties
SET path = REPLACE(path, '".$options["path"]."', '".$destpath."')
WHERE path LIKE '".$this->_slashify($options["path"])."%'";
OC_DB::query($query);
}
$query = "UPDATE properties
$query = "UPDATE {$CONFIG_DBTABLEPREFIX}properties
SET path = '".$destpath."'
WHERE path = '".$options["path"]."'";
OC_DB::query($query);
@ -566,6 +570,7 @@
function PROPPATCH(&$options)
{
global $prefs, $tab;
global $CONFIG_DBTABLEPREFIX;
$msg = "";
$path = $options["path"];
@ -577,9 +582,9 @@
$options["props"][$key]['status'] = "403 Forbidden";
} else {
if (isset($prop["val"])) {
$query = "REPLACE INTO properties SET path = '$options[path]', name = '$prop[name]', ns= '$prop[ns]', value = '$prop[val]'";
$query = "REPLACE INTO {$CONFIG_DBTABLEPREFIX}properties SET path = '$options[path]', name = '$prop[name]', ns= '$prop[ns]', value = '$prop[val]'";
} else {
$query = "DELETE FROM properties WHERE path = '$options[path]' AND name = '$prop[name]' AND ns = '$prop[ns]'";
$query = "DELETE FROM {$CONFIG_DBTABLEPREFIX}properties WHERE path = '$options[path]' AND name = '$prop[name]' AND ns = '$prop[ns]'";
}
OC_DB::query($query);
}
@ -597,6 +602,8 @@
*/
function LOCK(&$options)
{
global $CONFIG_DBTABLEPREFIX;
// get absolute fs path to requested resource
$fspath = $options["path"];
// TODO recursive locks on directories not supported yet
@ -619,12 +626,12 @@
if (isset($options["update"])) { // Lock Update
$where = "WHERE path = '$options[path]' AND token = '$options[update]'";
$query = "SELECT owner, exclusivelock FROM locks $where";
$query = "SELECT owner, exclusivelock FROM {$CONFIG_DBTABLEPREFIX}locks $where";
$res = OC_DB::select($query);
if (is_array($res) and isset($res[0])) {
$row=$res[0];
$query = "UPDATE `locks` SET `expires` = '$options[timeout]', `modified` = ".time()." $where";
$query = "UPDATE `{$CONFIG_DBTABLEPREFIX}locks` SET `expires` = '$options[timeout]', `modified` = ".time()." $where";
OC_DB::query($query);
$options['owner'] = $row['owner'];
@ -652,7 +659,7 @@
}
}
$query = "INSERT INTO `locks`
$query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}locks`
SET `token` = '$options[locktoken]'
, `path` = '$options[path]'
, `created` = ".time()."
@ -677,7 +684,8 @@
*/
function UNLOCK(&$options)
{
$query = "DELETE FROM locks
global $CONFIG_DBTABLEPREFIX;
$query = "DELETE FROM {$CONFIG_DBTABLEPREFIX}locks
WHERE path = '$options[path]'
AND token = '$options[token]'";
OC_DB::query($query);
@ -693,9 +701,11 @@
*/
function checkLock($path)
{
global $CONFIG_DBTABLEPREFIX;
$result = false;
$query = "SELECT *
FROM locks
FROM {$CONFIG_DBTABLEPREFIX}locks
WHERE path = '$path'
";
$res = OC_DB::select($query);
@ -741,4 +751,4 @@
}
}
?>
?>

5
inc/lib_config.php
Unescape View File

@ -25,6 +25,7 @@ class OC_CONFIG{
global $CONFIG_HTTPFORCESSL;
global $CONFIG_DATEFORMAT;
global $CONFIG_DBNAME;
global $CONFIG_DBTABLEPREFIX;
global $CONFIG_INSTALLED;
$allow=false;
if(!$CONFIG_INSTALLED){
@ -130,6 +131,7 @@ class OC_CONFIG{
global $WEBROOT;
global $CONFIG_DBHOST;
global $CONFIG_DBNAME;
global $CONFIG_DBTABLEPREFIX;
global $CONFIG_INSTALLED;
global $CONFIG_DBUSER;
global $CONFIG_DBPASSWORD;
@ -184,6 +186,7 @@ class OC_CONFIG{
//create/fill database
$CONFIG_DBTYPE=$dbtype;
$CONFIG_DBNAME=$_POST['dbname'];
$CONFIG_DBTABLEPREFIX=$_POST['dbtableprefix'];
if($dbtype!='sqlite'){
$CONFIG_DBHOST=$_POST['dbhost'];
$CONFIG_DBUSER=$_POST['dbuser'];
@ -240,6 +243,7 @@ class OC_CONFIG{
$config.='$CONFIG_DATEFORMAT=\''.$_POST['dateformat']."';\n";
$config.='$CONFIG_DBTYPE=\''.$dbtype."';\n";
$config.='$CONFIG_DBNAME=\''.$_POST['dbname']."';\n";
$config.='$CONFIG_DBTABLEPREFIX=\''.$_POST['dbtableprefix']."';\n";
if($dbtype!='sqlite'){
$config.='$CONFIG_DBHOST=\''.$_POST['dbhost']."';\n";
$config.='$CONFIG_DBUSER=\''.$_POST['dbuser']."';\n";
@ -332,6 +336,7 @@ class OC_CONFIG{
$result = pg_exec($connection, $query);
}
}
global $CONFIG_DBTABLEPREFIX;
}
}
?>

13
inc/lib_log.php
Unescape View File

@ -48,7 +48,8 @@ class OC_LOG {
* @param message $message
*/
public static function event($user,$type,$message){
$result = OC_DB::query('INSERT INTO `log` (`timestamp`,`user`,`type`,`message`) VALUES ('.time().',\''.addslashes($user).'\','.addslashes($type).',\''.addslashes($message).'\');');
global $CONFIG_DBTABLEPREFIX;
$result = OC_DB::query('INSERT INTO `' . $CONFIG_DBTABLEPREFIX . 'log` (`timestamp`,`user`,`type`,`message`) VALUES ('.time().',\''.addslashes($user).'\','.addslashes($type).',\''.addslashes($message).'\');');
OC_DB::free_result($result);
}
@ -58,15 +59,17 @@ class OC_LOG {
*
*/
public static function show(){
global $CONFIG_DATEFORMAT;
global $CONFIG_DATEFORMAT;
global $CONFIG_DBTABLEPREFIX;
echo('<div class="center"><table cellpadding="6" cellspacing="0" border="0" class="log">');
if(OC_USER::ingroup($_SESSION['username_clean'],'admin')){
$result = OC_DB::select('select `timestamp`,`user`,`type`,`message` from log order by timestamp desc limit 20');
$result = OC_DB::select('select `timestamp`,`user`,`type`,`message` from '.$CONFIG_DBTABLEPREFIX.'log order by timestamp desc limit 20');
}else{
$user=$_SESSION['username_clean'];
$result = OC_DB::select('select `timestamp`,`user`,`type`,`message` from log where user=\''.$user.'\' order by timestamp desc limit 20');
$result = OC_DB::select('select `timestamp`,`user`,`type`,`message` from '.$CONFIG_DBTABLEPREFIX.'log where user=\''.$user.'\' order by timestamp desc limit 20');
}
$result = OC_DB::select($query);
foreach($result as $entry){
echo('<tr class="browserline">');
echo('<td class="sizetext">'.date($CONFIG_DATEFORMAT,$entry['timestamp']).'</td>');

5
inc/lib_ocs.php
Unescape View File

@ -372,15 +372,16 @@ class OC_OCS {
* @return string xml/json
*/
private static function activityget($format,$page,$pagesize) {
global $CONFIG_DBTABLEPREFIX;
$user=OC_OCS::checkpassword();
$result = OC_DB::query('select count(*) as co from log');
$result = OC_DB::query("select count(*) as co from {$CONFIG_DBTABLEPREFIX}log");
$entry=$result->fetchRow();
$totalcount=$entry['co'];
OC_DB::free_result($result);
$result = OC_DB::select('select id,timestamp,user,type,message from log order by timestamp desc limit '.($page*$pagesize).','.$pagesize);
$result = OC_DB::select("select id,timestamp,user,type,message from {$CONFIG_DBTABLEPREFIX}log order by timestamp desc limit " . ($page*$pagesize) . ",$pagesize");
$itemscount=count($result);
$url='http://'.substr($_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'],0,-11).'';

39
inc/lib_user.php
Unescape View File

@ -63,6 +63,7 @@ class OC_USER {
*
*/
public static function createuser($username,$password){
global $CONFIG_DBTABLEPREFIX;
if(OC_USER::getuserid($username,true)!=0){
return false;
}else{
@ -70,7 +71,7 @@ class OC_USER {
$password=sha1($password);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="INSERT INTO `users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')";
$query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')";
$result=OC_DB::query($query);
return ($result)?true:false;
}
@ -82,11 +83,13 @@ class OC_USER {
*
*/
public static function login($username,$password){
global $CONFIG_DBTABLEPREFIX;
$password=sha1($password);
$usernameclean=strtolower($username);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="SELECT user_id FROM users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['user_id'])){
$_SESSION['user_id']=$result[0]['user_id'];
@ -124,9 +127,10 @@ class OC_USER {
*
*/
public static function creategroup($groupname){
global $CONFIG_DBTABLEPREFIX;
if(OC_USER::getgroupid($groupname,true)==0){
$groupname=OC_DB::escape($groupname);
$query="INSERT INTO `groups` (`group_name`) VALUES ('$groupname')";
$query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupname')";
$result=OC_DB::query($query);
return ($result)?true:false;
}else{
@ -139,12 +143,13 @@ class OC_USER {
*
*/
public static function getuserid($username,$nocache=false){
global $CONFIG_DBTABLEPREFIX;
$usernameclean=strtolower($username);
if(!$nocache and isset($_SESSION['user_id_cache'][$usernameclean])){//try to use cached value to save an sql query
return $_SESSION['user_id_cache'][$usernameclean];
}
$usernameclean=OC_DB::escape($usernameclean);
$query="SELECT user_id FROM users WHERE user_name_clean = '$usernameclean'";
$query="SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean'";
$result=OC_DB::select($query);
if(!is_array($result)){
return 0;
@ -162,11 +167,12 @@ class OC_USER {
*
*/
public static function getgroupid($groupname,$nocache=false){
global $CONFIG_DBTABLEPREFIX;
if(!$nocache and isset($_SESSION['group_id_cache'][$groupname])){//try to use cached value to save an sql query
return $_SESSION['group_id_cache'][$groupname];
}
$groupname=OC_DB::escape($groupname);
$query="SELECT group_id FROM groups WHERE group_name = '$groupname'";
$query="SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupname'";
$result=OC_DB::select($query);
if(!is_array($result)){
return 0;
@ -184,11 +190,12 @@ class OC_USER {
*
*/
public static function getgroupname($groupid,$nocache=false){
global $CONFIG_DBTABLEPREFIX;
if($nocache and $name=array_search($groupid,$_SESSION['group_id_cache'])){//try to use cached value to save an sql query
return $name;
}
$groupid=(integer)$groupid;
$query="SELECT group_name FROM groups WHERE group_id = '$groupid' LIMIT 1";
$query="SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupid' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['group_name'])){
return $result[0]['group_name'];
@ -202,10 +209,12 @@ class OC_USER {
*
*/
public static function ingroup($username,$groupname){
global $CONFIG_DBTABLEPREFIX;
$userid=OC_USER::getuserid($username);
$groupid=OC_USER::getgroupid($groupname);
if($groupid>0 and $userid>0){
$query="SELECT * FROM user_group WHERE group_id = '$groupid' AND user_id = '$userid';";
$query="SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupid' AND user_id = '$userid';";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['user_group_id'])){
return true;
@ -222,11 +231,13 @@ class OC_USER {
*
*/
public static function addtogroup($username,$groupname){
global $CONFIG_DBTABLEPREFIX;
if(!OC_USER::ingroup($username,$groupname)){
$userid=OC_USER::getuserid($username);
$groupid=OC_USER::getgroupid($groupname);
if($groupid!=0 and $userid!=0){
$query="INSERT INTO `user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');";
$query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');";
$result=OC_DB::query($query);
if($result){
return true;
@ -250,8 +261,10 @@ class OC_USER {
*
*/
public static function getusergroups($username){
global $CONFIG_DBTABLEPREFIX;
$userid=OC_USER::getuserid($username);
$query="SELECT group_id FROM user_group WHERE user_id = '$userid'";
$query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userid'";
$result=OC_DB::select($query);
$groups=array();
if(is_array($result)){
@ -268,9 +281,11 @@ class OC_USER {
*
*/
public static function setpassword($username,$password){
global $CONFIG_DBTABLEPREFIX;
$password=sha1($password);
$userid=OC_USER::getuserid($username);
$query="UPDATE users SET user_password = '$password' WHERE user_id ='$userid'";
$query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userid'";
$result=OC_DB::query($query);
if($result){
return true;
@ -284,11 +299,13 @@ class OC_USER {
*
*/
public static function checkpassword($username,$password){
global $CONFIG_DBTABLEPREFIX;
$password=sha1($password);
$usernameclean=strtolower($username);
$username=OC_DB::escape($username);
$usernameclean=OC_DB::escape($usernameclean);
$query="SELECT user_id FROM 'users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){
return true;

2
inc/templates/adminform.php
Unescape View File

@ -10,6 +10,7 @@ if(!$f) die('Error: Config file (config/config.php) is not writable for the webs
if(!isset($fillDB)) $fillDB=true;
if(!isset($CONFIG_DBHOST)) $CONFIG_DBHOST='localhost';
if(!isset($CONFIG_DBUSER)) $CONFIG_DBUSER='owncloud';
if(!isset($CONFIG_DBTABLEPREFIX)) $CONFIG_DBTABLEPREFIX='oc_';
$newuserpassword=OC_USER::generatepassword();
?>
<script type="text/javascript">
@ -116,6 +117,7 @@ if($CONFIG_DBTYPE=='sqlite'){
</td></tr>
<tr id='dbhost'><td>database host:</td><td><input type="text" name="dbhost" size="30" class="formstyle" value='<?php echo($CONFIG_DBHOST);?>'></input></td></tr>
<tr id='dbname'><td>database name:</td><td><input type="text" name="dbname" size="30" class="formstyle" value='<?php echo($CONFIG_DBNAME);?>'></input></td></tr>
<tr id='dbtableprefix'><td>database table prefix:</td><td><input type="text" name="dbtableprefix" size="30" class="formstyle" value='<?php echo($CONFIG_DBTABLEPREFIX);?>'></input></td></tr>
<tr id='dbuser'><td>database user:</td><td><input type="text" name="dbuser" size="30" class="formstyle" value='<?php echo($CONFIG_DBUSER);?>'></input></td></tr>
<tr id='dbpass'><td>database password:</td><td><input type="password" name="dbpassword" size="30" class="formstyle" value=''></input></td><td>(leave empty to keep current password)</td></tr>
<tr id='dbpass_retype'><td>retype database password:</td><td><input type="password" name="dbpassword2" size="30" class="formstyle" value=''></input></td></tr>

Write Preview
Loading…
Cancel
Save