diff --git a/inc/lib_base.php b/inc/lib_base.php
index e4309261709e04e63b4f538440f3990054b5dba4..4f58f946c92a7de82ba781804fe45c59090a803a 100755
--- a/inc/lib_base.php
+++ b/inc/lib_base.php
@@ -43,8 +43,7 @@ if($WEBROOT{0}!=='/'){
set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config');
// define default config values
-$CONFIG_ADMINLOGIN='';
-$CONFIG_ADMINPASSWORD='';
+$CONFIG_INSTALLED=false;
$CONFIG_DATADIRECTORY=$SERVERROOT.'/data';
$CONFIG_HTTPFORCESSL=false;
$CONFIG_DATEFORMAT='j M Y G:i';
@@ -67,9 +66,18 @@ if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){
require_once('lib_files.php');
require_once('lib_log.php');
require_once('lib_config.php');
+require_once('lib_user.php');
+
+if(OC_USER::isLoggedIn()){
+ //jail the user in a seperate data folder
+ $CONFIG_DATADIRECTORY=$SERVERROOT.'/data/'.$_SESSION['username_clean'];
+ if(!is_dir($CONFIG_DATADIRECTORY)){
+ mkdir($CONFIG_DATADIRECTORY);
+ }
+}
// load plugins
-$CONFIG_LOADPLUGINS='music';
+$CONFIG_LOADPLUGINS='';
$plugins=explode(' ',$CONFIG_LOADPLUGINS);
if(isset($plugins[0]['url'])) foreach($plugins as $plugin) require_once('plugins/'.$plugin.'/lib_'.$plugin.'.php');
@@ -81,46 +89,6 @@ OC_UTIL::checkserver();
OC_USER::logoutlisener();
$loginresult=OC_USER::loginlisener();
-
-/**
- * Class for usermanagement
- *
- */
-class OC_USER {
-
- /**
- * check if the login button is pressed and logg the user in
- *
- */
- public static function loginlisener(){
- global $CONFIG_ADMINLOGIN;
- global $CONFIG_ADMINPASSWORD;
- if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
- if($_POST['login']==$CONFIG_ADMINLOGIN and $_POST['password']==$CONFIG_ADMINPASSWORD){
- $_SESSION['username']=$_POST['login'];
- OC_LOG::event($_SESSION['username'],1,'');
- return('');
- }else{
- return('error');
- }
- }
- return('');
- }
-
- /**
- * check if the logout button is pressed and logout the user
- *
- */
- public static function logoutlisener(){
- if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
- OC_LOG::event($_SESSION['username'],2,'');
- unset($_SESSION['username']);
- }
- }
-
-}
-
-
/**
* Class for utility functions
*
@@ -204,8 +172,10 @@ class OC_UTIL {
if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo('<td class="navigationitemselected"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>');
}
- if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>');
- if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>');
+ if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>');
+ if(OC_USER::ingroup($_SESSION['username'],'admin')){
+ if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>');
+ }
echo('<td class="navigationitem"><a href="?logoutbutton=1">Logout</a></td>');
echo('</tr></table>');
}
@@ -284,6 +254,32 @@ class OC_DB {
return $result;
}
+ /**
+ * executes a query on the database and returns the result in an array
+ *
+ * @param string $cmd
+ * @return result-set
+ */
+ static function select($cmd) {
+ global $CONFIG_DBTYPE;
+ $result=OC_DB::query($cmd);
+ if($result){
+ $data=array();
+ if($CONFIG_DBTYPE=='sqlite'){
+ while($row=$result->fetch(SQLITE_ASSOC)){
+ $data[]=$row;
+ }
+ }elseif($CONFIG_DBTYPE=='mysql'){
+ while($row=$result->fetch_array(MYSQLI_ASSOC)){
+ $data[]=$row;
+ }
+ }
+ return $data;
+ }else{
+ return false;
+ }
+ }
+
/**
* executes multiply queries on the database
*
diff --git a/inc/lib_config.php b/inc/lib_config.php
index 1c6ba09fbd530bad2f9e4f43a02e52bd75f065fb..0522ef3862f7e0c033c4f7ce36a397aa517938dc 100755
--- a/inc/lib_config.php
+++ b/inc/lib_config.php
@@ -99,10 +99,25 @@ class OC_CONFIG{
$error.='error while trying to fill the database<br/>';
}
+ if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){
+ $error.='error while trying to create the admin user<br/>';
+ }
+
+ if(OC_USER::getgroupid('admin')==0){
+ if(!OC_USER::creategroup('admin')){
+ $error.='error while trying to create the admin group<br/>';
+ }
+ }
+
+ if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){
+ $error.='error while trying to add the admin user to the admin group<br/>';
+ }
+
//storedata
$config='<?php '."\n";
- $config.='$CONFIG_ADMINLOGIN=\''.$_POST['adminlogin']."';\n";
- $config.='$CONFIG_ADMINPASSWORD=\''.$_POST['adminpassword']."';\n";
+// $config.='$CONFIG_ADMINLOGIN=\''.$_POST['adminlogin']."';\n";
+// $config.='$CONFIG_ADMINPASSWORD=\''.$_POST['adminpassword']."';\n";
+ $config.='$CONFIG_INSTALLED=true;'."\n";
$config.='$CONFIG_DATADIRECTORY=\''.$_POST['datadirectory']."';\n";
if(isset($_POST['forcessl'])) $config.='$CONFIG_HTTPFORCESSL=true'.";\n"; else $config.='$CONFIG_HTTPFORCESSL=false'.";\n";
$config.='$CONFIG_DATEFORMAT=\''.$_POST['dateformat']."';\n";
@@ -170,7 +185,17 @@ CREATE TABLE 'properties' (
'ns' varchar(120) NOT NULL DEFAULT 'DAV:',
'value' text,
PRIMARY KEY ('path','name','ns')
-);";
+);
+
+CREATE TABLE 'users' (
+ 'user_id' int(11) NOT NULL,
+ 'user_name' varchar(64) NOT NULL DEFAULT '',
+ 'user_name_clean' varchar(64) NOT NULL DEFAULT '',
+ 'user_password' varchar(40) NOT NULL DEFAULT '',
+ PRIMARY KEY ('user_id'),
+ UNIQUE ('user_name' ,'user_name_clean')
+);
+";
}elseif($CONFIG_DBTYPE=='mysql'){
$query="SET SQL_MODE=\"NO_AUTO_VALUE_ON_ZERO\";
@@ -208,9 +233,22 @@ CREATE TABLE IF NOT EXISTS `properties` (
PRIMARY KEY (`path`,`name`,`ns`),
KEY `path` (`path`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+CREATE TABLE IF NOT EXISTS `users` (
+`user_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
+`user_name` VARCHAR( 64 ) NOT NULL ,
+`user_name_clean` VARCHAR( 64 ) NOT NULL ,
+`user_password` VARCHAR( 340) NOT NULL ,
+UNIQUE (
+`user_name` ,
+`user_name_clean`
+)
+) ENGINE = MYISAM ;
+
";
}
OC_DB::multiquery($query);
+ die();
}
/**
diff --git a/inc/lib_user.php b/inc/lib_user.php
new file mode 100644
index 0000000000000000000000000000000000000000..eb515b92a00129e1df889f183813f4a096d70747
--- /dev/null
+++ b/inc/lib_user.php
@@ -0,0 +1,197 @@
+<?php
+
+/**
+* ownCloud
+*
+* @author Frank Karlitschek
+* @copyright 2010 Frank Karlitschek karlitschek@kde.org
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+* License as published by the Free Software Foundation; either
+* version 3 of the License, or any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this library. If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+/**
+ * Class for usermanagement
+ *
+ */
+class OC_USER {
+
+ /**
+ * check if the login button is pressed and logg the user in
+ *
+ */
+ public static function loginlisener(){
+ global $CONFIG_ADMINLOGIN;
+ global $CONFIG_ADMINPASSWORD;
+ if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
+ if(OC_USER::login($_POST['login'],$_POST['password'])){
+ OC_LOG::event($_SESSION['username'],1,'');
+ return('');
+ }else{
+ return('error');
+ }
+ }
+ return('');
+ }
+
+ /**
+ * try to create a new user
+ *
+ */
+ public static function createuser($username,$password){
+ if(OC_USER::getuserid($username)!=0){
+ return false;
+ }else{
+ $password=sha1($password);
+ $usernameclean=strtolower($username);
+ $username=mysql_escape_string($username);
+ $usernameclean=mysql_escape_string($usernameclean);
+ $query="INSERT INTO `users` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`)VALUES (NULL , '$username', '$usernameclean', '$password')";
+ $result=OC_DB::query($query);
+ return ($result)?true:false;
+ }
+
+ }
+
+ /**
+ * try to login a user
+ *
+ */
+ public static function login($username,$password){
+ $password=sha1($password);
+ $usernameclean=strtolower($username);
+ $username=mysql_escape_string($username);
+ $usernameclean=mysql_escape_string($usernameclean);
+ $query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' AND `user_password` = '$password' LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['user_id'])){
+ $_SESSION['user_id']=$result[0]['user_id'];
+ $_SESSION['username']=$username;
+ $_SESSION['username_clean']=$usernameclean;
+ return true;
+ }else{
+ return false;
+ }
+ }
+
+ /**
+ * check if the logout button is pressed and logout the user
+ *
+ */
+ public static function logoutlisener(){
+ if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
+ OC_LOG::event($_SESSION['username'],2,'');
+ $_SESSION['user_id']=false;
+ $_SESSION['username']='';
+ $_SESSION['username_clean']='';
+ }
+ }
+
+ /**
+ * check if a user is logged in
+ *
+ */
+ public static function isLoggedIn(){
+ return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false;
+ }
+
+ /**
+ * try to create a new group
+ *
+ */
+ public static function creategroup($groupname){
+ if(OC_USER::getgroupid($groupname)==0){
+ $groupname=mysql_escape_string($groupname);
+ $query="INSERT INTO `groups` (`group_id` ,`group_name`) VALUES (NULL , '$groupname');";
+ $result=OC_DB::query($query);
+ return ($result)?true:false;
+ }else{
+ return false;
+ }
+ }
+
+ /**
+ * get the id of a user
+ *
+ */
+ public static function getuserid($username){
+ $usernameclean=strtolower($username);
+ $username=mysql_escape_string($username);
+ $usernameclean=mysql_escape_string($usernameclean);
+ $query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['user_id'])){
+ return $result[0]['user_id'];
+ }else{
+ return 0;
+ }
+ }
+
+ /**
+ * get the id of a group
+ *
+ */
+ public static function getgroupid($groupname){
+ $groupname=mysql_escape_string($groupname);
+ $query="SELECT group_id FROM `groups` WHERE `group_name` = '$groupname' LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['group_id'])){
+ return $result[0]['group_id'];
+ }else{
+ return 0;
+ }
+ }
+
+ /**
+ * check if a user belongs to a group
+ *
+ */
+ public static function ingroup($username,$groupname){
+ $userid=OC_USER::getuserid($username);
+ $groupid=OC_USER::getgroupid($groupname);
+ $query="SELECT user_group_id FROM `user_group` WHERE `group_id` = '$groupid ' AND `user_id` = '$userid 'LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['user_group_id'])){
+ return true;
+ }else{
+ return false;
+ }
+ }
+
+ /**
+ * add a user to a group
+ *
+ */
+ public static function addtogroup($username,$groupname){
+ if(!OC_USER::ingroup($username,$groupname)){
+ $userid=OC_USER::getuserid($username);
+ $groupid=OC_USER::getgroupid($groupname);
+ if($groupid!=0 and $userid!=0){
+ $query="INSERT INTO `user_group` (`user_group_id` ,`user_id` ,`group_id`) VALUES (NULL , '$userid', '$groupid');";
+ $result=OC_DB::query($query);
+ if($result){
+ return true;
+ }else{
+ return false;
+ }
+ }else{
+ return false;
+ }
+ }else{
+ return true;
+ }
+ }
+}
+
+?>
\ No newline at end of file
diff --git a/inc/templates/header.php b/inc/templates/header.php
index c082ea8b3da812abce395c13b65546f8c7798bb8..bd4ccaf35e3d1a4f7a6d454e65f1712a700d569f 100755
--- a/inc/templates/header.php
+++ b/inc/templates/header.php
@@ -4,7 +4,7 @@
<head>
<title>ownCloud</title>
<base href="<?php echo($WEBROOT); ?>/"/>
- <link rel="stylesheet" type="text/css" href="css/default.php"/>
+ <link rel="stylesheet" type="text/css" href="<?php echo($WEBROOT)?>/css/default.php"/>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_ajax.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_timer.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_notification.js'></script>
@@ -12,6 +12,7 @@
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_files.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_event.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_drag.js'></script>
+ <script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_api.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/filebrowser.js'></script>
<?php
foreach(OC_UTIL::$scripts as $script){
@@ -33,7 +34,8 @@ echo('<h1><a id="owncloud-logo" href="'.$WEBROOT.'"><span>ownCloud</span></a></h
// check if already configured. otherwise start configuration wizard
$error=OC_CONFIG::writeconfiglisener();
$CONFIG_ERROR=$error;
- if(empty($CONFIG_ADMINLOGIN)) {
+ global $CONFIG_INSTALLED;
+ if(!$CONFIG_INSTALLED) {
global $FIRSTRUN;
$FIRSTRUN=true;
echo('<div class="center">');