From 898d2489bba0a5e7dd349bed19f9c10a7eb05065 Mon Sep 17 00:00:00 2001 From: Robin Date: Sun, 9 May 2010 16:33:16 +0200 Subject: [PATCH] more checks on server enviroment and some bugfixes in admin and firstrun dialog --- inc/lib_base.php | 69 +++++++++++++++++++++++++++- inc/lib_config.php | 91 +++++++++++++++++++------------------ inc/lib_user.php | 6 +++ inc/templates/adminform.php | 27 +++++++---- 4 files changed, 140 insertions(+), 53 deletions(-) diff --git a/inc/lib_base.php b/inc/lib_base.php index c501a28f4a5..0685a640c08 100755 --- a/inc/lib_base.php +++ b/inc/lib_base.php @@ -147,9 +147,53 @@ class OC_UTIL { */ public static function checkserver(){ global $SERVERROOT; + global $CONFIG_DATADIRECTORY_ROOT; + global $CONFIG_BACKUPDIRECTORY; + global $CONFIG_ENABLEBACKUP; + $error=''; $f=@fopen($SERVERROOT.'/config/config.php','a+'); - if(!$f) die('Error: Config file (config/config.php) is not writable for the webserver.'); + if(!$f) $error.='Error: Config file (config/config.php) is not writable for the webserver.
'; @fclose($f); + if(!is_callable('sqlite_open') and !is_callable('mysql_connect')){ + $error.='No database drivers (sqlite or mysql) installed.
'; + } + global $CONFIG_DBTYPE; + global $CONFIG_DBNAME; + if($CONFIG_DBTYPE=='sqlite'){ + $file=$SERVERROOT.'/'.$CONFIG_DBNAME; + $prems=substr(decoct(fileperms($file)),-3); + if(substr($prems,2,1)!='0'){ + @chmod($file,0660); + clearstatcache(); + $prems=substr(decoct(fileperms($file)),-3); + if(substr($prems,2,1)!='0'){ + $error.='SQLite database file ('.$file.') is readable from the web
'; + } + } + } + $prems=substr(decoct(fileperms($CONFIG_DATADIRECTORY_ROOT)),-3); + if(substr($CONFIG_DATADIRECTORY_ROOT,2,1)!='0'){ + chmodr($CONFIG_DATADIRECTORY_ROOT,0770); + clearstatcache(); + $prems=substr(decoct(fileperms($CONFIG_DATADIRECTORY_ROOT)),-3); + if(substr($prems,2,1)!='0'){ + $error.='Data directory ('.$CONFIG_DATADIRECTORY_ROOT.') is readable from the web
'; + } + } + if($CONFIG_ENABLEBACKUP){ + $prems=substr(decoct(fileperms($CONFIG_BACKUPDIRECTORY)),-3); + if(substr($CONFIG_BACKUPDIRECTORY,2,1)!='0'){ + chmodr($CONFIG_BACKUPDIRECTORY,0770); + clearstatcache(); + $prems=substr(decoct(fileperms($CONFIG_BACKUPDIRECTORY)),-3); + if(substr($prems,2,1)!='0'){ + $error.='Data directory ('.$CONFIG_BACKUPDIRECTORY.') is readable from the web
'; + } + } + } + if($error){ + die($error); + } } @@ -496,4 +540,27 @@ function oc_include_once($file){ } } +function chmodr($path, $filemode) { +// echo "$path
"; + if (!is_dir($path)) + return chmod($path, $filemode); + $dh = opendir($path); + while (($file = readdir($dh)) !== false) { + if($file != '.' && $file != '..') { + $fullpath = $path.'/'.$file; + if(is_link($fullpath)) + return FALSE; + elseif(!is_dir($fullpath) && !chmod($fullpath, $filemode)) + return FALSE; + elseif(!chmodr($fullpath, $filemode)) + return FALSE; + } + } + closedir($dh); + if(chmod($path, $filemode)) + return TRUE; + else + return FALSE; +} + ?> \ No newline at end of file diff --git a/inc/lib_config.php b/inc/lib_config.php index 845c416ba2f..a6567bc8293 100755 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -130,6 +130,7 @@ class OC_CONFIG{ global $WEBROOT; global $CONFIG_DBHOST; global $CONFIG_DBNAME; + global $CONFIG_INSTALLED; global $CONFIG_DBUSER; global $CONFIG_DBPASSWORD; global $CONFIG_DBTYPE; @@ -139,20 +140,20 @@ class OC_CONFIG{ //checkdata $error=''; - $FIRSTRUN=empty($CONFIG_ADMINLOGIN); + $FIRSTRUN=!$CONFIG_INSTALLED; if(!$FIRSTRUN){ - if($_POST['currentpassword']!=$CONFIG_ADMINPASSWORD){ + if(!OC_USER::login($_SESSION['username'],$_POST['currentpassword'])){ $error.='wrong password
'; } } - if(!isset($_POST['adminlogin']) or empty($_POST['adminlogin'])) $error.='admin login not set
'; + if((!isset($_POST['adminlogin']) or empty($_POST['adminlogin'])) and $FIRSTRUN) $error.='admin login not set
'; if((!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])) and $FIRSTRUN) $error.='admin password not set
'; if((!isset($_POST['adminpassword2']) or empty($_POST['adminpassword2'])) and $FIRSTRUN) $error.='retype admin password not set
'; if(!isset($_POST['datadirectory']) or empty($_POST['datadirectory'])) $error.='data directory not set
'; if(!isset($_POST['dateformat']) or empty($_POST['dateformat'])) $error.='dateformat not set
'; if(!isset($_POST['dbname']) or empty($_POST['dbname'])) $error.='databasename not set
'; - if($_POST['adminpassword']<>$_POST['adminpassword2'] ) $error.='admin passwords are not the same
'; + if($FIRSTRUN and $_POST['adminpassword']<>$_POST['adminpassword2'] ) $error.='admin passwords are not the same
'; $dbtype=$_POST['dbtype']; if($dbtype=='mysql'){ if(!isset($_POST['dbhost']) or empty($_POST['dbhost'])) $error.='database host not set
'; @@ -179,50 +180,54 @@ class OC_CONFIG{ } } if(empty($error)) { - //create/fill database - $CONFIG_DBTYPE=$dbtype; - $CONFIG_DBNAME=$_POST['dbname']; - if($dbtype=='mysql'){ - $CONFIG_DBHOST=$_POST['dbhost']; - $CONFIG_DBUSER=$_POST['dbuser']; - $CONFIG_DBPASSWORD=$_POST['dbpassword']; - } - try{ - if(isset($_POST['createdatabase']) and $CONFIG_DBTYPE=='mysql'){ - self::createdatabase($_POST['dbadminuser'],$_POST['dbadminpwd']); + if($CONFIG_DBTYPE!=$dbtype or $FIRSTRUN){ + //create/fill database + $CONFIG_DBTYPE=$dbtype; + $CONFIG_DBNAME=$_POST['dbname']; + if($dbtype=='mysql'){ + $CONFIG_DBHOST=$_POST['dbhost']; + $CONFIG_DBUSER=$_POST['dbuser']; + $CONFIG_DBPASSWORD=$_POST['dbpassword']; } - }catch(Exception $e){ - $error.='error while trying to create the database
'; - } - if($CONFIG_DBTYPE=='sqlite'){ - $f=@fopen($SERVERROOT.'/'.$CONFIG_DBNAME,'a+'); - if(!$f){ - $error.='path of sqlite database not writable by server
'; + try{ + if(isset($_POST['createdatabase']) and $CONFIG_DBTYPE=='mysql'){ + self::createdatabase($_POST['dbadminuser'],$_POST['dbadminpwd']); + } + }catch(Exception $e){ + $error.='error while trying to create the database
'; } - OC_DB::disconnect(); - unlink($SERVERROOT.'/'.$CONFIG_DBNAME); - } - try{ - if(isset($_POST['filldb'])){ - self::filldatabase(); + if($CONFIG_DBTYPE=='sqlite'){ + $f=@fopen($SERVERROOT.'/'.$CONFIG_DBNAME,'a+'); + if(!$f){ + $error.='path of sqlite database not writable by server
'; + } + OC_DB::disconnect(); + unlink($SERVERROOT.'/'.$CONFIG_DBNAME); } - }catch(Exception $e){ - echo 'testin'; - $error.='error while trying to fill the database
'; - } - if($CONFIG_DBTYPE=='sqlite'){ - OC_DB::disconnect(); - } - if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){ - $error.='error while trying to create the admin user
'; - } - if(OC_USER::getgroupid('admin')==0){ - if(!OC_USER::creategroup('admin')){ - $error.='error while trying to create the admin group
'; + try{ + if(isset($_POST['filldb'])){ + self::filldatabase(); + } + }catch(Exception $e){ + echo 'testin'; + $error.='error while trying to fill the database
'; + } + if($CONFIG_DBTYPE=='sqlite'){ + OC_DB::disconnect(); } } - if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){ - $error.='error while trying to add the admin user to the admin group
'; + if($FIRSTRUN){ + if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){ + $error.='error while trying to create the admin user
'; + } + if(OC_USER::getgroupid('admin')==0){ + if(!OC_USER::creategroup('admin')){ + $error.='error while trying to create the admin group
'; + } + } + if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){ + $error.='error while trying to add the admin user to the admin group
'; + } } //storedata $config=' -data directory: +data directory: force ssl:> enable automatic backup:> backup directory: @@ -71,16 +72,24 @@ if($FIRSTRUN){?> -- 2.39.5