From 68775a282d46f25f3063182e0d4b02eb18c97c14 Mon Sep 17 00:00:00 2001 From: "Aldo \"xoen\" Giambelluca" Date: Wed, 21 Jul 2010 17:53:51 +0200 Subject: [PATCH] Created class `OC_USER_BACKEND` for general user managment It's possible to use `OC_USER` as normal but the real stuff is done by the `OC_USER::$_backend` class, setted using `OC_USER::setBackend()` (this is done in inc/lib_user.php) --- inc/User/backend.php | 123 ++++++++++++++ inc/User/database.php | 379 ++++++++++++++++++++---------------------- inc/User/ldap.php | 6 +- inc/User/mod_auth.php | 163 +++++++++--------- inc/lib_base.php | 87 ++++------ inc/lib_config.php | 115 ++++++------- inc/lib_user.php | 182 +++++++++++++------- 7 files changed, 590 insertions(+), 465 deletions(-) create mode 100755 inc/User/backend.php diff --git a/inc/User/backend.php b/inc/User/backend.php new file mode 100755 index 00000000000..a036f061443 --- /dev/null +++ b/inc/User/backend.php @@ -0,0 +1,123 @@ +. +* +*/ + + + +/** + * Base class for user management + * + * @author Aldo "xoen" Giambelluca + * @author fabian + */ +abstract class OC_USER_BACKEND { + + /** + * Check if the login button is pressed and logg the user in + * + */ + abstract public static function loginLisener(); + + /** + * Try to create a new user + * + */ + abstract public static function createUser($username, $password); + + /** + * Try to login a user + * + */ + abstract public static function login($username, $password); + + /** + * Check if the logout button is pressed and logout the user + * + */ + abstract public static function logoutLisener(); + + /** + * Check if a user is logged in + * + */ + abstract public static function isLoggedIn(); + + /** + * Try to create a new group + * + */ + abstract public static function createGroup($groupName); + + /** + * Get the ID of a user + * + */ + abstract public static function getUserId($username, $noCache=false); + + /** + * Get the ID of a group + * + */ + abstract public static function getGroupId($groupName, $noCache=false); + + /** + * Get the name of a group + * + */ + abstract public static function getGroupName($groupId, $noCache=false); + + /** + * Check if a user belongs to a group + * + */ + abstract public static function inGroup($username, $groupName); + + /** + * Add a user to a group + * + */ + abstract public static function addToGroup($username, $groupName); + + /** + * Generate a random password + */ + abstract public static function generatePassword(); + + /** + * Get all groups the user belongs to + * + */ + abstract public static function getUserGroups($username); + + /** + * Set the password of a user + * + */ + abstract public static function setPassword($username, $password); + + /** + * Check the password of a user + * + */ + abstract public static function checkPassword($username, $password); + +} diff --git a/inc/User/database.php b/inc/User/database.php index c4239eb07cd..13880f1f662 100755 --- a/inc/User/database.php +++ b/inc/User/database.php @@ -21,307 +21,292 @@ * */ -require_once $SERVERROOT . '/inc/lib_user.php'; +oc_require_once('inc/User/backend.php'); /** - * Class for usermanagement in a SQL Database (e.g. MySQL, SQLite) + * Class for user management in a SQL Database (e.g. MySQL, SQLite) * */ -class OC_USER_DATABASE extends OC_USER_ABSTRACT { +class OC_USER_DATABASE extends OC_USER_BACKEND { /** - * Check if the login button is pressed and logg the user in - * - */ - public static function loginLisener() { - if ( isset($_POST['loginbutton']) AND isset($_POST['password']) AND isset($_POST['login']) ) { - if ( self::login($_POST['login'], $_POST['password']) ) { + * check if the login button is pressed and logg the user in + * + */ + public static function loginLisener(){ + if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){ + if(OC_USER::login($_POST['login'],$_POST['password'])){ echo 1; - OC_LOG::event($_SESSION['username'], 1, ''); + OC_LOG::event($_SESSION['username'],1,''); echo 2; - if ( ( isset($CONFIG_HTTPFORCESSL) AND $CONFIG_HTTPFORCESSL ) - OR ( isset($_SERVER['HTTPS']) AND ('on' === $_SERVER['HTTPS']) ) ) { - $url = 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; - } else { - $url = 'http://'. $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; + if((isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL) or isset($_SERVER['HTTPS']) and $_SERVER['HTTPS'] == 'on') { + $url = "https://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; + }else{ + $url = "http://". $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; } - header('Location: $url'); + header("Location: $url"); die(); - } else { - return 'error'; - } + }else{ + return('error'); + } } - return(''); } /** - * Try to create a new user - * - */ - public static function createUser($username, $password) { + * try to create a new user + * + */ + public static function createUser($username,$password){ global $CONFIG_DBTABLEPREFIX; - - if ( 0 !== self::getUserId($username, true) ) { + if(OC_USER::getuserid($username,true)!=0){ return false; - } else { - $usernameClean = strtolower($username); - $password = sha1($password); - $username = OC_DB::escape($username); - $usernameClean = OC_DB::escape($usernameClean); - $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameClean', '$password')"; - $result = OC_DB::query($query); - - return ($result) ? true : false; + }else{ + $usernameclean=strtolower($username); + $password=sha1($password); + $username=OC_DB::escape($username); + $usernameclean=OC_DB::escape($usernameclean); + $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) VALUES ('$username', '$usernameclean', '$password')"; + $result=OC_DB::query($query); + return ($result)?true:false; } - } + } + /** - * Try to login a user - * - */ - public static function login($username, $password) { + * try to login a user + * + */ + public static function login($username,$password){ global $CONFIG_DBTABLEPREFIX; - $password = sha1($password); - $usernameClean = strtolower($username); - $username = OC_DB::escape($username); - $usernameClean = OC_DB::escape($usernameClean); - $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameClean' AND user_password = '$password' LIMIT 1"; - $result = OC_DB::select($query); - if ( isset($result[0]) AND isset($result[0]['user_id']) ) { - $_SESSION['user_id'] = $result[0]['user_id']; - $_SESSION['username'] = $username; - $_SESSION['username_clean'] = $usernameClean; - + $password=sha1($password); + $usernameclean=strtolower($username); + $username=OC_DB::escape($username); + $usernameclean=OC_DB::escape($usernameclean); + $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_id'])){ + $_SESSION['user_id']=$result[0]['user_id']; + $_SESSION['username']=$username; + $_SESSION['username_clean']=$usernameclean; return true; - } else { + }else{ return false; } } - + /** - * Check if the logout button is pressed and logout the user - * - */ - public static function logoutLisener() { - if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { - OC_LOG::event($_SESSION['username'], 2, ''); - $_SESSION['user_id'] = false; - $_SESSION['username'] = ''; - $_SESSION['username_clean'] = ''; + * check if the logout button is pressed and logout the user + * + */ + public static function logoutLisener(){ + if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ + OC_LOG::event($_SESSION['username'],2,''); + $_SESSION['user_id']=false; + $_SESSION['username']=''; + $_SESSION['username_clean']=''; } } - + /** - * Check if a user is logged in - * - */ - public static function isLoggedIn() { - if ( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) { - return true; - } else { - return false; - } + * check if a user is logged in + * + */ + public static function isLoggedIn(){ + return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false; } - + /** - * Try to create a new group - * - */ - public static function createGroup($groupName) { + * try to create a new group + * + */ + public static function createGroup($groupname){ global $CONFIG_DBTABLEPREFIX; - - if ( 0 === self::getGroupId($groupName, true) ) { - $groupName = OC_DB::escape($groupName); - $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupName')"; - $result = OC_DB::query($query); - - return $result ? true : false; - } else { + if(OC_USER::getgroupid($groupname,true)==0){ + $groupname=OC_DB::escape($groupname); + $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupname')"; + $result=OC_DB::query($query); + return ($result)?true:false; + }else{ return false; } } - + /** - * Get the ID of a user - * - */ - public static function getUserId($username, $noCache=false) { + * get the id of a user + * + */ + public static function getUserId($username,$nocache=false){ global $CONFIG_DBTABLEPREFIX; - - $usernameClean = strtolower($username); - //try to use cached value to save an sql query - if ( !$noCache AND isset($_SESSION['user_id_cache'][$usernameClean]) ) { - return $_SESSION['user_id_cache'][$usernameClean]; + $usernameclean=strtolower($username); + if(!$nocache and isset($_SESSION['user_id_cache'][$usernameclean])){//try to use cached value to save an sql query + return $_SESSION['user_id_cache'][$usernameclean]; } - $usernameClean = OC_DB::escape($usernameClean); - $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameClean'"; - $result = OC_DB::select($query); - if ( !is_array($result) ) { + $usernameclean=OC_DB::escape($usernameclean); + $query="SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameclean'"; + $result=OC_DB::select($query); + if(!is_array($result)){ return 0; } - if ( isset($result[0]) AND isset($result[0]['user_id']) ) { - $_SESSION['user_id_cache'][$usernameClean] = $result[0]['user_id']; + if(isset($result[0]) && isset($result[0]['user_id'])){ + $_SESSION['user_id_cache'][$usernameclean]=$result[0]['user_id']; return $result[0]['user_id']; - } else { + }else{ return 0; } } - + /** - * Get the ID of a group - * - */ - public static function getGroupId($groupName, $noCache=false) { + * get the id of a group + * + */ + public static function getGroupId($groupname,$nocache=false){ global $CONFIG_DBTABLEPREFIX; - - //try to use cached value to save an sql query - if ( !$noCache AND isset($_SESSION['group_id_cache'][$groupName]) ) { - return $_SESSION['group_id_cache'][$groupName]; + if(!$nocache and isset($_SESSION['group_id_cache'][$groupname])){//try to use cached value to save an sql query + return $_SESSION['group_id_cache'][$groupname]; } - $groupName = OC_DB::escape($groupName); - $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupName'"; - $result = OC_DB::select($query); - if ( !is_array($result) ) { + $groupname=OC_DB::escape($groupname); + $query="SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupname'"; + $result=OC_DB::select($query); + if(!is_array($result)){ return 0; } - if ( isset($result[0]) AND isset($result[0]['group_id']) ) { - $_SESSION['group_id_cache'][$groupName] = $result[0]['group_id']; - + if(isset($result[0]) && isset($result[0]['group_id'])){ + $_SESSION['group_id_cache'][$groupname]=$result[0]['group_id']; return $result[0]['group_id']; - } else { + }else{ return 0; } } - + /** - * Get the name of a group - * - */ - public static function getGroupName($groupId, $noCache=false) { + * get the name of a group + * + */ + public static function getGroupName($groupid,$nocache=false){ global $CONFIG_DBTABLEPREFIX; - - //try to use cached value to save an sql query - if ( !$noCache AND ($name = array_search($groupId,$_SESSION['group_id_cache'])) ) { + if($nocache and $name=array_search($groupid,$_SESSION['group_id_cache'])){//try to use cached value to save an sql query return $name; } - $groupId = (integer)$groupId; - $query = "SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupId' LIMIT 1"; - $result = OC_DB::select($query); - if ( isset($result[0]) AND isset($result[0]['group_name']) ) { + $groupid=(integer)$groupid; + $query="SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupid' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['group_name'])){ return $result[0]['group_name']; - } else { + }else{ return 0; } } - + /** - * Check if a user belongs to a group - * - */ - public static function inGroup($username, $groupName) { + * check if a user belongs to a group + * + */ + public static function inGroup($username,$groupname){ global $CONFIG_DBTABLEPREFIX; - $userId = self::getUserId($username); - $groupId = self::getGroupId($groupName); - if ( ($groupId > 0) AND ($userId > 0) ) { - $query = "SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupId' AND user_id = '$userId';"; - $result = OC_DB::select($query); - if ( isset($result[0]) AND isset($result[0]['user_group_id']) ) { + $userid=OC_USER::getuserid($username); + $groupid=OC_USER::getgroupid($groupname); + if($groupid>0 and $userid>0){ + $query="SELECT * FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE group_id = '$groupid' AND user_id = '$userid';"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_group_id'])){ return true; - } else { + }else{ return false; } - } else { + }else{ return false; } } - + /** - * Add a user to a group - * - */ - public static function addToGroup($username, $groupName) { + * add a user to a group + * + */ + public static function addToGroup($username,$groupname){ global $CONFIG_DBTABLEPREFIX; - if ( !self::inGroup($username, $groupName) ) { - $userId = self::getuserid($username); - $groupId = self::getgroupid($groupName); - if ( (0 !== $groupId) AND (0 !== $userId) ) { - $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userId', '$groupId');"; - $result = OC_DB::query($query); - if ( $result ) { + if(!OC_USER::ingroup($username,$groupname)){ + $userid=OC_USER::getuserid($username); + $groupid=OC_USER::getgroupid($groupname); + if($groupid!=0 and $userid!=0){ + $query="INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userid', '$groupid');"; + $result=OC_DB::query($query); + if($result){ return true; - } else { + }else{ return false; } - } else { + }else{ return false; } - } else { + }else{ return true; } } - - public static function generatePassword() { - return uniqId(); + + public static function generatePassword(){ + return uniqid(); } /** - * Get all groups the user belongs to - * - */ - public static function getUserGroups($username) { + * get all groups the user belongs to + * + */ + public static function getUserGroups($username){ global $CONFIG_DBTABLEPREFIX; - $userId = self::getUserId($username); - $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userId'"; - $result = OC_DB::select($query); - $groups = array(); - if ( is_array($result) ) { - foreach ( $result as $group ) { - $groupId = $group['group_id']; - $groups[] = self::getGroupName($groupId); + $userid=OC_USER::getuserid($username); + $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userid'"; + $result=OC_DB::select($query); + $groups=array(); + if(is_array($result)){ + foreach($result as $group){ + $groupid=$group['group_id']; + $groups[]=OC_USER::getgroupname($groupid); } } - return $groups; } - + /** - * Set the password of a user - * - */ - public static function setPassword($username, $password) { + * set the password of a user + * + */ + public static function setPassword($username,$password){ global $CONFIG_DBTABLEPREFIX; - $password = sha1($password); - $userId = self::getUserId($username); - $query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userId'"; - $result = OC_DB::query($query); - - return $result ? true : false; + $password=sha1($password); + $userid=OC_USER::getuserid($username); + $query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userid'"; + $result=OC_DB::query($query); + if($result){ + return true; + }else{ + return false; + } } /** - * Check the password of a user + * check the password of a user * */ - public static function checkPassword($username, $password) { + public static function checkPassword($username,$password){ global $CONFIG_DBTABLEPREFIX; - $password = sha1($password); - $usernameClean = strtolower($username); - $username = OC_DB::escape($username); - $usernameClean = OC_DB::escape($usernameClean); - $query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameClean' AND user_password = '$password' LIMIT 1"; - $result = OC_DB::select($query); - if ( isset($result[0]) AND isset($result[0]['user_id']) AND ($result[0]['user_id'] > 0) ) { + $password=sha1($password); + $usernameclean=strtolower($username); + $username=OC_DB::escape($username); + $usernameclean=OC_DB::escape($usernameclean); + $query = "SELECT user_id FROM '{$CONFIG_DBTABLEPREFIX}users' WHERE user_name_clean = '$usernameclean' AND user_password = '$password' LIMIT 1"; + $result=OC_DB::select($query); + if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){ return true; - } else { + }else{ return false; } } diff --git a/inc/User/ldap.php b/inc/User/ldap.php index 9ce36975bd3..c91f900342e 100755 --- a/inc/User/ldap.php +++ b/inc/User/ldap.php @@ -21,13 +21,9 @@ * */ -require_once $SERVERROOT . '/inc/lib_user.php'; -require_once $SERVERROOT . '/inc/User/mod_auth.php'; +oc_require_once('inc/User/mod_auth.php'); -/** - * Class for usermanagement in a SQL Database (e.g. MySql, SQLite) - */ class OC_USER_LDAP extends OC_USER_MOD_AUTH { } diff --git a/inc/User/mod_auth.php b/inc/User/mod_auth.php index 8bab4394a5d..0595e74024b 100755 --- a/inc/User/mod_auth.php +++ b/inc/User/mod_auth.php @@ -21,55 +21,52 @@ * */ -require_once $SERVERROOT . '/inc/lib_user.php'; +oc_require_once('inc/User/backend.php'); /** - * Class for usermanagement in a SQL Database (e.g. MySQL, SQLite) + * Class for user management * */ -class OC_USER_MOD_AUTH extends OC_USER_ABSTRACT { - +class OC_USER_MOD_AUTH extends OC_USER_BACKEND { + /** - * Check if the login button is pressed and logg the user in - * - */ - public static function loginLisener() { - return ''; + * check if the login button is pressed and logg the user in + * + */ + public static function loginLisener(){ + return(''); } - - + /** - * Try to create a new user - * - */ - public static function createUser($username, $password) { + * try to create a new user + * + */ + public static function createUser($username,$password){ return false; } - - /** - * Try to login a user - * - */ - public static function login($username, $password) { - if ( isset($_SERVER['PHP_AUTH_USER']) AND ('' !== $_SERVER['PHP_AUTH_USER']) ) { - $_SESSION['user_id'] = $_SERVER['PHP_AUTH_USER']; - $_SESSION['username'] = $_SERVER['PHP_AUTH_USER']; - $_SESSION['username_clean'] = $_SERVER['PHP_AUTH_USER']; + /** + * try to login a user + * + */ + public static function login($username,$password){ + if (isset($_SERVER["PHP_AUTH_USER"]) && $_SERVER["PHP_AUTH_USER"] != "") { + $_SESSION['user_id']= $_SERVER["PHP_AUTH_USER"]; + $_SESSION['username']= $_SERVER["PHP_AUTH_USER"]; + $_SESSION['username_clean']= $_SERVER["PHP_AUTH_USER"]; return true; } - return false; } /** - * Check if the logout button is pressed and logout the user - * - */ - public static function logoutLisener() { - if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { + * check if the logout button is pressed and logout the user + * + */ + public static function logoutLisener(){ + if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){ header('WWW-Authenticate: Basic realm="ownCloud"'); header('HTTP/1.0 401 Unauthorized'); die('401 Unauthorized'); @@ -77,107 +74,105 @@ class OC_USER_MOD_AUTH extends OC_USER_ABSTRACT { } /** - * Check if a user is logged in - * - */ - public static function isLoggedIn() { - if ( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) { + * check if a user is logged in + * + */ + public static function isLoggedIn(){ + if (isset($_SESSION['user_id']) && $_SESSION['user_id']) { return true; - } else { - if ( isset($_SERVER['PHP_AUTH_USER']) AND ('' !== $_SERVER['PHP_AUTH_USER']) ) { - $_SESSION['user_id'] = $_SERVER['PHP_AUTH_USER']; - $_SESSION['username'] = $_SERVER['PHP_AUTH_USER']; - $_SESSION['username_clean'] = $_SERVER['PHP_AUTH_USER']; - - return true;; + } + else { + if (isset($_SERVER["PHP_AUTH_USER"]) && $_SERVER["PHP_AUTH_USER"] != "") { + $_SESSION['user_id']= $_SERVER["PHP_AUTH_USER"]; + $_SESSION['username']= $_SERVER["PHP_AUTH_USER"]; + $_SESSION['username_clean']= $_SERVER["PHP_AUTH_USER"]; + return true; } } - return false; } /** - * Try to create a new group - * - */ - public static function createGroup($groupName) { + * try to create a new group + * + */ + public static function createGroup($groupname){ // does not work with MOD_AUTH (only or some modules) return false; } /** - * Get the ID of a user - * - */ - public static function getUserId($username, $noCache=false) { + * get the id of a user + * + */ + public static function getUserId($username,$nocache=false){ // does not work with MOD_AUTH (only or some modules) return 0; } /** - * Get the ID of a group - * - */ - public static function getGroupId($groupName, $noCache=false) { + * get the id of a group + * + */ + public static function getGroupId($groupname,$nocache=false){ // does not work with MOD_AUTH (only or some modules) return 0; } /** - * Get the name of a group - * - */ - public static function getGroupName($groupId, $noCache=false) { + * get the name of a group + * + */ + public static function getGroupName($groupid,$nocache=false){ // does not work with MOD_AUTH (only or some modules) return 0; } /** - * Check if a user belongs to a group - * - */ - public static function inGroup($username, $groupName) { + * check if a user belongs to a group + * + */ + public static function inGroup($username,$groupname){ // does not work with MOD_AUTH (only or some modules) return false; } /** - * Add a user to a group - * - */ - public static function addToGroup($username, $groupName) { + * add a user to a group + * + */ + public static function addToGroup($username,$groupname){ // does not work with MOD_AUTH (only or some modules) return false; } - public static function generatePassword() { - return uniqId(); + public static function generatePassword(){ + return uniqid(); } /** - * Get all groups the user belongs to - * - */ - public static function getUserGroups($username) { + * get all groups the user belongs to + * + */ + public static function getUserGroups($username){ // does not work with MOD_AUTH (only or some modules) - $groups = array(); - + $groups=array(); return $groups; } /** - * Set the password of a user - * - */ - public static function setPassword($username, $password) { + * set the password of a user + * + */ + public static function setPassword($username,$password){ return false; } /** - * Check the password of a user - * - */ - public static function checkPassword($username, $password) { + * check the password of a user + * + */ + public static function checkPassword($username,$password){ // does not work with MOD_AUTH (only or some modules) return false; } diff --git a/inc/lib_base.php b/inc/lib_base.php index 7068aad3f4e..df6df15cc23 100755 --- a/inc/lib_base.php +++ b/inc/lib_base.php @@ -48,20 +48,20 @@ if($WEBROOT!='' and $WEBROOT[0]!=='/'){ // set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config'); // define default config values -$CONFIG_INSTALLED = false; -$CONFIG_DATADIRECTORY = $SERVERROOT . '/data'; -$CONFIG_BACKUPDIRECTORY = $SERVERROOT . '/backup'; -$CONFIG_HTTPFORCESSL = false; -$CONFIG_ENABLEBACKUP = false; -$CONFIG_DATEFORMAT = 'j M Y G:i'; -$CONFIG_DBNAME = 'owncloud'; -$CONFIG_DBTYPE = 'sqlite'; +$CONFIG_INSTALLED=false; +$CONFIG_DATADIRECTORY=$SERVERROOT.'/data'; +$CONFIG_BACKUPDIRECTORY=$SERVERROOT.'/backup'; +$CONFIG_HTTPFORCESSL=false; +$CONFIG_ENABLEBACKUP=false; +$CONFIG_DATEFORMAT='j M Y G:i'; +$CONFIG_DBNAME='owncloud'; +$CONFIG_DBTYPE='sqlite'; // include the generated configfile -@include_once($SERVERROOT . '/config/config.php'); +@include_once($SERVERROOT.'/config/config.php'); -// Store this in a seperate variable so we can change the data directory to jail users. -$CONFIG_DATADIRECTORY_ROOT = $CONFIG_DATADIRECTORY; + +$CONFIG_DATADIRECTORY_ROOT=$CONFIG_DATADIRECTORY;// store this in a seperate variable so we can change the data directory to jail users. // redirect to https site if configured if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){ if(!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] != 'on') { @@ -86,33 +86,10 @@ oc_require_once('lib_connect.php'); oc_require_once('lib_remotestorage.php'); - -// Load the choosen user manager -if ( isset($CONFIG_BACKEND) ) { - switch ( $CONFIG_BACKEND ) { - case 'mysql': - case 'sqlite': - require_once 'User/database.php'; - $userManager = new OC_USER_DATABASE(); - break; - case 'ldap': - require_once 'User/ldap.php'; - $userManager = new OC_USER_LDAP(); - break; - default: - require_once 'User/database.php'; - $userManager = new OC_USER_DATABASE(); - break; - } -} else { - require_once 'User/database.php'; - $userManager = new OC_USER_DATABASE(); -} - if(!is_dir($CONFIG_DATADIRECTORY_ROOT)){ @mkdir($CONFIG_DATADIRECTORY_ROOT) or die("Can't create data directory ($CONFIG_DATADIRECTORY_ROOT), you can usually fix this by setting the owner of '$SERVERROOT' to the user that the web server uses (www-data for debian/ubuntu)"); } -if ( $userManager::isLoggedIn() ) { +if(OC_USER::isLoggedIn()){ //jail the user in a seperate data folder $CONFIG_DATADIRECTORY=$CONFIG_DATADIRECTORY_ROOT.'/'.$_SESSION['username_clean']; if(!is_dir($CONFIG_DATADIRECTORY)){ @@ -151,11 +128,11 @@ if(isset($plugins[0])) foreach($plugins as $plugin) require_once($SERVERROOT.'/p // check if the server is correctly configured for ownCloud -OC_UTIL::checkServer(); +OC_UTIL::checkserver(); // listen for login or logout actions -$userManager::logoutLisener(); -$loginresult = $userManager::loginLisener(); +OC_USER::logoutlisener(); +$loginresult=OC_USER::loginlisener(); /** * Class for utility functions @@ -285,27 +262,25 @@ class OC_UTIL { * show the main navigation * */ - public static function showNavigation(){ - global $WEBROOT; - global $SERVERROOT; - global $userManager; - - echo(''); - echo(''); - if ($_SERVER['SCRIPT_NAME']==$WEBROOT.'/index.php') echo(''); else echo(''); + public static function showNavigation(){ + global $WEBROOT; + global $SERVERROOT; + echo('
'.$_SESSION['username'].'FilesFiles
'); + echo(''); + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/index.php') echo(''); else echo(''); - foreach(OC_UTIL::$NAVIGATION as $NAVI) { - if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo(''); else echo(''); - } + foreach(OC_UTIL::$NAVIGATION as $NAVI) { + if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo(''); else echo(''); + } - if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo(''); else echo(''); - if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo(''); else echo(''); - if ( $userManager::inGroup($_SESSION['username'], 'admin') ) { - if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo(''); else echo(''); - } - echo(''); - echo('
'.$_SESSION['username'].'FilesFiles'.$NAVI['name'].''.$NAVI['name'].''.$NAVI['name'].''.$NAVI['name'].'LogLogSettingsSettingsAdmin PanelAdmin PanelLogout
'); + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('Log'); else echo('Log'); + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('Settings'); else echo('Settings'); + if(OC_USER::ingroup($_SESSION['username'],'admin')){ + if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo('Admin Panel'); else echo('Admin Panel'); } + echo('Logout'); + echo(''); + } /** diff --git a/inc/lib_config.php b/inc/lib_config.php index 8418cd574e7..ff4ead8b6be 100644 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -1,7 +1,5 @@ '; }else{ if(isset($_POST['changepass']) and $_POST['changepass']==1){ @@ -107,7 +95,7 @@ class OC_CONFIG { if(!isset($_POST['password2']) or empty($_POST['password2'])) $error.='retype password not set
'; if($_POST['password']<>$_POST['password2'] ) $error.='passwords are not the same
'; if(empty($error)){ - if(!$userManager::setpassword($_SESSION['username'],$_POST['password'])){ + if(!OC_USER::setpassword($_SESSION['username'],$_POST['password'])){ $error.='error while trying to set password
'; } } @@ -155,13 +143,11 @@ class OC_CONFIG { */ public static function writeAdminLisener(){ global $CONFIG_INSTALLED; - global $userManager; - $allow=false; if(!$CONFIG_INSTALLED){ $allow=true; - }elseif($userManager::isLoggedIn()){ - if($userManager::ingroup($_SESSION['username'],'admin')){ + }elseif(OC_USER::isLoggedIn()){ + if(OC_USER::ingroup($_SESSION['username'],'admin')){ $allow=true; } } @@ -184,7 +170,7 @@ class OC_CONFIG { $error=''; $FIRSTRUN=!$CONFIG_INSTALLED; if(!$FIRSTRUN){ - if(!$userManager::login($_SESSION['username'],$_POST['currentpassword'])){ + if(!OC_USER::login($_SESSION['username'],$_POST['currentpassword'])){ $error.='wrong password
'; } } @@ -262,15 +248,15 @@ class OC_CONFIG { } } if($FIRSTRUN){ - if(!$userManager::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !$userManager::login($_POST['adminlogin'],$_POST['adminpassword'])){ + if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){ $error.='error while trying to create the admin user
'; } - if($userManager::getgroupid('admin')==0){ - if(!$userManager::creategroup('admin')){ + if(OC_USER::getgroupid('admin')==0){ + if(!OC_USER::creategroup('admin')){ $error.='error while trying to create the admin group
'; } } - if(!$userManager::addtogroup($_POST['adminlogin'],'admin')){ + if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){ $error.='error while trying to add the admin user to the admin group
'; } } @@ -379,3 +365,6 @@ class OC_CONFIG { } } } +?> + + diff --git a/inc/lib_user.php b/inc/lib_user.php index 394377984cb..e20c5624f12 100755 --- a/inc/lib_user.php +++ b/inc/lib_user.php @@ -21,6 +21,8 @@ * */ +global $CONFIG_BACKEND; + if ( !$CONFIG_INSTALLED ) { @@ -29,7 +31,7 @@ if ( !$CONFIG_INSTALLED ) { $_SESSION['username_clean'] = ''; } -// Cache the userid's an groupid's +//cache the userid's an groupid's if ( !isset($_SESSION['user_id_cache']) ) { $_SESSION['user_id_cache'] = array(); } @@ -37,98 +39,158 @@ if ( !isset($_SESSION['group_id_cache']) ) { $_SESSION['group_id_cache'] = array(); } +OC_USER::setBackend($CONFIG_BACKEND); + /** - * Class for user management + * Class for User Management * */ -abstract class OC_USER_ABSTRACT { +class OC_USER { + + // The backend used for user management + private static $_backend; + + /** + * Set the User Authentication Module + */ + public static function setBackend($backend='database') { + if ( (null === $backend) OR (!is_string($backend)) ) { + $backend = 'database'; + } + + switch ( $backend ) { + case 'mysql': + case 'sqlite': + oc_require_once('inc/User/database.php'); + self::$_backend = new OC_USER_DATABASE(); + break; + case 'ldap': + oc_require_once('inc/User/ldap.php'); + self::$_backend = new OC_USER_LDAP(); + break; + default: + oc_require_once('inc/User/database.php'); + self::$_backend = new OC_USER_DATABASE(); + break; + } + } /** - * Check if the login button is pressed and logg the user in - * - */ - abstract public static function loginLisener(); + * check if the login button is pressed and logg the user in + * + */ + public static function loginLisener() { + return self::$_backend->loginLisener(); + } /** - * Try to create a new user - * - */ - abstract public static function createUser($username, $password); + * try to create a new user + * + */ + public static function createUser($username, $password) { + return self::$_backend->createUser($username, $password); + } /** - * Try to login a user - * - */ - abstract public static function login($username, $password); + * try to login a user + * + */ + public static function login($username, $password) { + return self::$_backend->login($username, $password); + } /** - * Check if the logout button is pressed and logout the user - * - */ - abstract public static function logoutLisener(); + * check if the logout button is pressed and logout the user + * + */ + public static function logoutLisener() { + return self::$_backend->logoutLisener(); + } /** - * Check if a user is logged in - * - */ - abstract public static function isLoggedIn(); + * check if a user is logged in + * + */ + public static function isLoggedIn() { + return self::$_backend->isLoggedIn(); + } /** - * Try to create a new group - * - */ - abstract public static function createGroup($groupName); + * try to create a new group + * + */ + public static function createGroup($groupName) { + return self::$_backend->createGroup($groupName); + } /** - * Get the ID of a user - * - */ - abstract public static function getUserId($username, $noCache=false); + * get the id of a user + * + */ + public static function getUserId($username, $noCache=false) { + return self::$_backend->getUserId($username, $noCache=false); + } /** - * Get the ID of a group - * - */ - abstract public static function getGroupId($groupName, $noCache=false); + * get the id of a group + * + */ + public static function getGroupId($groupName, $noCache=false) { + return self::$_backend->getGroupId($groupName, $noCache=false); + } /** - * Get the name of a group - * - */ - abstract public static function getGroupName($groupId, $noCache=false); + * get the name of a group + * + */ + public static function getGroupName($groupId, $noCache=false) { + return self::$_backend->getGroupName($groupId, $noCache=false); + } /** - * Check if a user belongs to a group - * - */ - abstract public static function inGroup($username, $groupName); + * check if a user belongs to a group + * + */ + public static function inGroup($username, $groupName) { + return self::$_backend->inGroup($username, $groupName); + } /** - * Add a user to a group - * - */ - abstract public static function addToGroup($username, $groupName); + * add a user to a group + * + */ + public static function addToGroup($username, $groupName) { + return self::$_backend->addToGroup($username, $groupName); + } - abstract public static function generatePassword(); + public static function generatePassword() { + return uniqId(); + } /** - * Get all groups the user belongs to - * - */ - abstract public static function getUserGroups($username); + * get all groups the user belongs to + * + */ + public static function getUserGroups($username) { + return self::$_backend->getUserGroups($username); + } /** - * Set the password of a user - * - */ - abstract public static function setPassword($username, $password); + * set the password of a user + * + */ + public static function setPassword($username, $password) { + return self::$_backend->setPassword($username, $password); + } /** - * Check the password of a user - * - */ - abstract public static function checkPassword($username, $password); + * check the password of a user + * + */ + public static function checkPassword($username, $password) { + return self::$_backend->checkPassword($username, $password); + } } -- 2.39.5