more checks on server enviroment and some bugfixes in admin and firstrun dialog

diff --git a/inc/lib_base.php b/inc/lib_base.php
index c501a28f4a5173c1e41887636bda087b3404a211..0685a640c083ace06d9c0e7616c34a28a474d713 100755 (executable)
--- a/inc/lib_base.php
+++ b/inc/lib_base.php
@@ -147,9 +147,53 @@ class OC_UTIL {
    */
   public static function checkserver(){
     global $SERVERROOT;
+    global $CONFIG_DATADIRECTORY_ROOT;
+    global $CONFIG_BACKUPDIRECTORY;
+    global $CONFIG_ENABLEBACKUP;
+    $error='';
     $f=@fopen($SERVERROOT.'/config/config.php','a+');
-    if(!$f) die('Error: Config file (config/config.php) is not writable for the webserver.');
+    if(!$f) $error.='Error: Config file (config/config.php) is not writable for the webserver.<br/>';
     @fclose($f);
+    if(!is_callable('sqlite_open') and !is_callable('mysql_connect')){
+               $error.='No database drivers (sqlite or mysql) installed.<br/>';
+    }
+    global $CONFIG_DBTYPE;
+    global $CONFIG_DBNAME;
+    if($CONFIG_DBTYPE=='sqlite'){
+               $file=$SERVERROOT.'/'.$CONFIG_DBNAME;
+               $prems=substr(decoct(fileperms($file)),-3);
+               if(substr($prems,2,1)!='0'){
+                       @chmod($file,0660);
+                       clearstatcache();
+                       $prems=substr(decoct(fileperms($file)),-3);
+                       if(substr($prems,2,1)!='0'){
+                               $error.='SQLite database file ('.$file.') is readable from the web<br/>';
+                       }
+               }
+       }
+       $prems=substr(decoct(fileperms($CONFIG_DATADIRECTORY_ROOT)),-3);
+       if(substr($CONFIG_DATADIRECTORY_ROOT,2,1)!='0'){
+               chmodr($CONFIG_DATADIRECTORY_ROOT,0770);
+               clearstatcache();
+               $prems=substr(decoct(fileperms($CONFIG_DATADIRECTORY_ROOT)),-3);
+               if(substr($prems,2,1)!='0'){
+                       $error.='Data directory ('.$CONFIG_DATADIRECTORY_ROOT.') is readable from the web<br/>';
+               }
+       }
+       if($CONFIG_ENABLEBACKUP){
+               $prems=substr(decoct(fileperms($CONFIG_BACKUPDIRECTORY)),-3);
+               if(substr($CONFIG_BACKUPDIRECTORY,2,1)!='0'){
+                       chmodr($CONFIG_BACKUPDIRECTORY,0770);
+                       clearstatcache();
+                       $prems=substr(decoct(fileperms($CONFIG_BACKUPDIRECTORY)),-3);
+                       if(substr($prems,2,1)!='0'){
+                               $error.='Data directory ('.$CONFIG_BACKUPDIRECTORY.') is readable from the web<br/>';
+                       }
+               }
+       }
+       if($error){
+               die($error);
+       }
     
   }
 
@@ -496,4 +540,27 @@ function oc_include_once($file){
        }
 }
 
+function chmodr($path, $filemode) { 
+//     echo "$path<br/>";
+       if (!is_dir($path)) 
+               return chmod($path, $filemode); 
+       $dh = opendir($path); 
+       while (($file = readdir($dh)) !== false) { 
+               if($file != '.' && $file != '..') { 
+                       $fullpath = $path.'/'.$file; 
+                       if(is_link($fullpath)) 
+                               return FALSE; 
+                       elseif(!is_dir($fullpath) && !chmod($fullpath, $filemode)) 
+                                       return FALSE; 
+                       elseif(!chmodr($fullpath, $filemode)) 
+                               return FALSE; 
+               } 
+       } 
+       closedir($dh); 
+       if(chmod($path, $filemode)) 
+               return TRUE; 
+       else 
+               return FALSE; 
+}
+
 ?>
\ No newline at end of file

diff --git a/inc/lib_config.php b/inc/lib_config.php
index 845c416ba2f982e3fe3a283274651b724eece527..a6567bc82933bae025e27275e2af41ebe10daca4 100755 (executable)
--- a/inc/lib_config.php
+++ b/inc/lib_config.php
@@ -130,6 +130,7 @@ class OC_CONFIG{
                        global $WEBROOT;
                        global $CONFIG_DBHOST;
                        global $CONFIG_DBNAME;
+                       global $CONFIG_INSTALLED;
                        global $CONFIG_DBUSER;
                        global $CONFIG_DBPASSWORD;
                        global $CONFIG_DBTYPE;
@@ -139,20 +140,20 @@ class OC_CONFIG{
                                
                                //checkdata
                                $error='';
-                               $FIRSTRUN=empty($CONFIG_ADMINLOGIN);
+                               $FIRSTRUN=!$CONFIG_INSTALLED;
                                if(!$FIRSTRUN){
-                                       if($_POST['currentpassword']!=$CONFIG_ADMINPASSWORD){
+                                       if(!OC_USER::login($_SESSION['username'],$_POST['currentpassword'])){
                                        $error.='wrong password<br />';
                                        }
                                }
                                
-                               if(!isset($_POST['adminlogin'])        or empty($_POST['adminlogin']))        $error.='admin login not set<br />';
+                               if((!isset($_POST['adminlogin'])        or empty($_POST['adminlogin'])) and $FIRSTRUN)        $error.='admin login not set<br />';
                                if((!isset($_POST['adminpassword'])     or empty($_POST['adminpassword'])) and $FIRSTRUN)     $error.='admin password not set<br />';
                                if((!isset($_POST['adminpassword2'])    or empty($_POST['adminpassword2'])) and $FIRSTRUN)    $error.='retype admin password not set<br />';
                                if(!isset($_POST['datadirectory'])     or empty($_POST['datadirectory']))     $error.='data directory not set<br />';
                                if(!isset($_POST['dateformat'])        or empty($_POST['dateformat']))        $error.='dateformat not set<br />';
                                if(!isset($_POST['dbname'])            or empty($_POST['dbname']))            $error.='databasename not set<br />';
-                               if($_POST['adminpassword']<>$_POST['adminpassword2'] )                        $error.='admin passwords are not the same<br />';
+                               if($FIRSTRUN and $_POST['adminpassword']<>$_POST['adminpassword2'] )                        $error.='admin passwords are not the same<br />';
                                $dbtype=$_POST['dbtype'];
                                if($dbtype=='mysql'){
                                        if(!isset($_POST['dbhost'])            or empty($_POST['dbhost']))            $error.='database host not set<br />';
@@ -179,50 +180,54 @@ class OC_CONFIG{
                                        }
                                }
                                if(empty($error)) {
-                                       //create/fill database
-                                       $CONFIG_DBTYPE=$dbtype;
-                                       $CONFIG_DBNAME=$_POST['dbname'];
-                                       if($dbtype=='mysql'){
-                                               $CONFIG_DBHOST=$_POST['dbhost'];
-                                               $CONFIG_DBUSER=$_POST['dbuser'];
-                                               $CONFIG_DBPASSWORD=$_POST['dbpassword'];
-                                       }
-                                       try{
-                                               if(isset($_POST['createdatabase']) and $CONFIG_DBTYPE=='mysql'){
-                                                       self::createdatabase($_POST['dbadminuser'],$_POST['dbadminpwd']);
+                                       if($CONFIG_DBTYPE!=$dbtype or $FIRSTRUN){
+                                               //create/fill database
+                                               $CONFIG_DBTYPE=$dbtype;
+                                               $CONFIG_DBNAME=$_POST['dbname'];
+                                               if($dbtype=='mysql'){
+                                                       $CONFIG_DBHOST=$_POST['dbhost'];
+                                                       $CONFIG_DBUSER=$_POST['dbuser'];
+                                                       $CONFIG_DBPASSWORD=$_POST['dbpassword'];
                                                }
-                                       }catch(Exception $e){
-                                               $error.='error while trying to create the database<br/>';
-                                       }
-                                       if($CONFIG_DBTYPE=='sqlite'){
-                                               $f=@fopen($SERVERROOT.'/'.$CONFIG_DBNAME,'a+');
-                                               if(!$f){
-                                                       $error.='path of sqlite database not writable by server<br/>';
+                                               try{
+                                                       if(isset($_POST['createdatabase']) and $CONFIG_DBTYPE=='mysql'){
+                                                               self::createdatabase($_POST['dbadminuser'],$_POST['dbadminpwd']);
+                                                       }
+                                               }catch(Exception $e){
+                                                       $error.='error while trying to create the database<br/>';
                                                }
-                                               OC_DB::disconnect();
-                                               unlink($SERVERROOT.'/'.$CONFIG_DBNAME);
-                                       }
-                                       try{
-                                               if(isset($_POST['filldb'])){
-                                                       self::filldatabase();
+                                               if($CONFIG_DBTYPE=='sqlite'){
+                                                       $f=@fopen($SERVERROOT.'/'.$CONFIG_DBNAME,'a+');
+                                                       if(!$f){
+                                                               $error.='path of sqlite database not writable by server<br/>';
+                                                       }
+                                                       OC_DB::disconnect();
+                                                       unlink($SERVERROOT.'/'.$CONFIG_DBNAME);
                                                }
-                                       }catch(Exception $e){
-                                               echo 'testin';
-                                               $error.='error while trying to fill the database<br/>';
-                                       }
-                                       if($CONFIG_DBTYPE=='sqlite'){
-                                               OC_DB::disconnect();
-                                       }
-                                       if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){
-                                               $error.='error while trying to create the admin user<br/>';
-                                       }
-                                       if(OC_USER::getgroupid('admin')==0){
-                                               if(!OC_USER::creategroup('admin')){
-                                                       $error.='error while trying to create the admin group<br/>';
+                                               try{
+                                                       if(isset($_POST['filldb'])){
+                                                               self::filldatabase();
+                                                       }
+                                               }catch(Exception $e){
+                                                       echo 'testin';
+                                                       $error.='error while trying to fill the database<br/>';
+                                               }
+                                               if($CONFIG_DBTYPE=='sqlite'){
+                                                       OC_DB::disconnect();
                                                }
                                        }
-                                       if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){
-                                               $error.='error while trying to add the admin user to the admin group<br/>';
+                                       if($FIRSTRUN){
+                                               if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){
+                                                       $error.='error while trying to create the admin user<br/>';
+                                               }
+                                               if(OC_USER::getgroupid('admin')==0){
+                                                       if(!OC_USER::creategroup('admin')){
+                                                               $error.='error while trying to create the admin group<br/>';
+                                                       }
+                                               }
+                                               if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){
+                                                       $error.='error while trying to add the admin user to the admin group<br/>';
+                                               }
                                        }
                                        //storedata
                                        $config='<?php '."\n";

diff --git a/inc/lib_user.php b/inc/lib_user.php
index 66d693c2dcfb0b48a8bfa673d2c905967912ba0a..989af7d4261fe6ee1385f2ff508b3bc1e37969d9 100755 (executable)
--- a/inc/lib_user.php
+++ b/inc/lib_user.php
@@ -136,6 +136,9 @@ class OC_USER {
                $usernameclean=mysql_escape_string($usernameclean);
                $query="SELECT user_id FROM  users WHERE user_name_clean = '$usernameclean'";
                $result=OC_DB::select($query);
+               if(!is_array($result)){
+                       return 0;
+               }
                if(isset($result[0]) && isset($result[0]['user_id'])){
                        return $result[0]['user_id'];
                }else{
@@ -151,6 +154,9 @@ class OC_USER {
                $groupname=mysql_escape_string($groupname);
                $query="SELECT group_id FROM groups WHERE  group_name = '$groupname'";
                $result=OC_DB::select($query);
+               if(!is_array($result)){
+                       return 0;
+               }
                if(isset($result[0]) && isset($result[0]['group_id'])){
                        return $result[0]['group_id'];
                }else{

diff --git a/inc/templates/adminform.php b/inc/templates/adminform.php
index 32b4f9ec411c1ca829453e757cec8705d9ca4801..a3150054333a23166ffa1109c46df90d7c85aa3e 100755 (executable)
--- a/inc/templates/adminform.php
+++ b/inc/templates/adminform.php
@@ -1,6 +1,7 @@
 <?php
 global $FIRSTRUN;
 global $CONFIG_ENABLEBACKUP;
+global $CONFIG_DATADIRECTORY_ROOT;
 global $CONFIG_BACKUPDIRECTORY;
 global $CONFIG_ERROR;
 if(!isset($fillDB)) $fillDB=true;
@@ -62,7 +63,7 @@ if($FIRSTRUN){?>
 <?php
 }
 ?>
-<tr><td>data directory:</td><td><input type="text" name="datadirectory" size="30" class="formstyle" value="<?php echo($CONFIG_DATADIRECTORY);?>"></input></td></tr>
+<tr><td>data directory:</td><td><input type="text" name="datadirectory" size="30" class="formstyle" value="<?php echo($CONFIG_DATADIRECTORY_ROOT);?>"></input></td></tr>
 <tr><td>force ssl:</td><td><input type="checkbox" name="forcessl" size="30" class="formstyle" value='1' <?php if($CONFIG_HTTPFORCESSL) echo 'checked'?>></input></td></tr>
 <tr><td>enable automatic backup:</td><td><input type="checkbox" name="enablebackup" id="enablebackup" onchange='showBackupPath()' size="30" class="formstyle" value='1' <?php if($CONFIG_ENABLEBACKUP) echo 'checked'?>></input></td></tr>
 <tr id='backupdir'><td>backup directory:</td><td><input type="text" name="backupdirectory" size="30" class="formstyle" value="<?php echo($CONFIG_BACKUPDIRECTORY);?>"></input></td></tr>
@@ -71,16 +72,24 @@ if($FIRSTRUN){?>
 <select id='dbtype' name="dbtype" onchange='dbtypechange()'>
 <?php
 global $CONFIG_DBTYPE;
+$dbtypes=array();
 if($CONFIG_DBTYPE=='sqlite'){
-?>
-<option value="sqlite">SQLite</option>
-<option value="mysql">MySQL</option>
-<?php
+       if(is_callable('sqlite_open')){
+               $dbtypes[]='SQLite';
+       }
+       if(is_callable('mysql_connect')){
+               $dbtypes[]='MySQL';
+       }
 }else{
-?>
-<option value="mysql">MySQL</option>
-<option value="sqlite">SQLite</option>
-<?php
+       if(is_callable('mysql_connect')){
+               $dbtypes[]='MySQL';
+       }
+       if(is_callable('sqlite_open')){
+               $dbtypes[]='SQLite';
+       }
+}
+foreach($dbtypes as $dbtype){
+       echo "<option value='".strtolower($dbtype)."'>$dbtype</option>";
 }
 ?>
 </select>