summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobin <robin@Amaya.(none)>2010-04-28 12:01:05 +0200
committerRobin <robin@Amaya.(none)>2010-04-28 12:01:05 +0200
commitfb498b9534b545c0e66cb82304e64f199c77a463 (patch)
tree5dee29e558a580fe57d777aa41b493671b0f5a3b
parent09add452d93f185d89ab51b67cda2fc384772db5 (diff)
parent854e0c5a9c9060e827fbbfddffeeeadfc2d27278 (diff)
downloadnextcloud-server-fb498b9534b545c0e66cb82304e64f199c77a463.tar.gz
nextcloud-server-fb498b9534b545c0e66cb82304e64f199c77a463.zip
fix merge conflicts
Diffstat
-rw-r--r--admin/index.php (renamed from files/rename.php)31
-rw-r--r--admin/index.php~1
-rwxr-xr-xcss/default.php91
-rw-r--r--files/api.php (renamed from files/move.php)30
-rw-r--r--files/get_file.php108
-rw-r--r--files/get_files.php49
-rw-r--r--files/new.php38
-rw-r--r--files/upload.php2
-rw-r--r--inc/HTTP/WebDAV/Server.php33
-rw-r--r--inc/HTTP/WebDAV/Server/Filesystem.php726
-rwxr-xr-xinc/lib_base.php203
-rwxr-xr-xinc/lib_config.php359
-rwxr-xr-xinc/lib_files.php408
-rw-r--r--inc/lib_user.php277
-rw-r--r--inc/templates/adminform.php106
-rwxr-xr-xinc/templates/configform.php99
-rwxr-xr-xinc/templates/header.php19
-rw-r--r--js/filebrowser.js6
-rw-r--r--js/lib_api.js (renamed from files/delete.php)26
-rw-r--r--js/lib_files.js116
-rwxr-xr-xwebdav/owncloud.php17
21 files changed, 2153 insertions, 592 deletions
diff --git a/files/rename.php b/admin/index.php
index f0f272f018f..2331c22f062 100644
--- a/files/rename.php
+++ b/admin/index.php
@@ -1,10 +1,10 @@
<?php
/**
-* ownCloud - ajax frontend
+* ownCloud
*
-* @author Robin Appelman
-* @copyright 2010 Robin Appelman icewind1991@gmail.com
+* @author Frank Karlitschek
+* @copyright 2010 Frank Karlitschek karlitschek@kde.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
@@ -20,15 +20,22 @@
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
+
+$CONFIG_ERROR='';
+
require_once('../inc/lib_base.php');
-$dir=$_GET['dir'];
-$file=$_GET['file'];
-$newname=$_GET['newname'];
-if($file!=$newname and $newname!='' and isset($_SESSION['username']) and $_SESSION['username'] and strpos($dir,'..')===false){
- $source=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
- $target=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$newname;
- rename($source,$target);
-}
-?> \ No newline at end of file
+OC_UTIL::showheader();
+
+$FIRSTRUN=false;
+
+echo('<div class="center">');
+OC_CONFIG::showadminform();
+echo('</div>');
+
+
+OC_UTIL::showfooter();
+
+?>
+
diff --git a/admin/index.php~ b/admin/index.php~
new file mode 100644
index 00000000000..8d1c8b69c3f
--- /dev/null
+++ b/admin/index.php~
@@ -0,0 +1 @@
+
diff --git a/css/default.php b/css/default.php
index dd1ad09b015..4d15ef6d6d4 100755
--- a/css/default.php
+++ b/css/default.php
@@ -46,6 +46,7 @@ html,body {
}
body.error {background-color: #F0F0F0;}
+td.error{color:#FF0000; text-align:center}
body,th,td,ul,li,a,div,p,pre {color:#333333; font-family:Verdana,"Bitstream Vera Sans",Arial,Helvetica,Sans,"Bitstream Vera Serif"; font-size:9.0pt;}
a img {
@@ -220,6 +221,7 @@ div.breadcrumb{
}
div.fileactionlist{
+ z-index:50;
position:absolute;
background-color: #DDDDDD;
margin-top:5px;
@@ -260,6 +262,12 @@ td.sizetext{
text-align:right;
}
+
+input.fileSelector{
+ margin-right:17px;
+ float:left;
+}
+
td.fileSelector, td.fileicon{
width:16px;
}
@@ -287,6 +295,7 @@ div.fileList{
height:100%;
min-height:200px;
top:0px;
+<!-- border-bottom: 3px solid #CCC; -->
}
div.fileList table{
@@ -321,4 +330,86 @@ table.browser thead td,table.browser tfoot td{
tr.hint, tr.hint td{
background:transparent;
+}
+
+#debug{
+ position:fixed;
+ bottom:20px;
+ left:20px;
+ border:solid 1px black;
+}
+
+.dragClone{
+ position:absolute;
+}
+
+div.breadcrumb{
+ float:left;
+ background:transparent;
+}
+
+div.moreActionsButton>p{
+ padding:0px;
+ margin:0px;
+ width:100%;
+ height:100%;
+}
+
+div.moreActionsButton{
+ background-color:white;
+ display:inline;
+ border:1px solid black;
+ cursor:pointer;
+ padding-right:10px;
+ text-align:right;
+ width:90px;
+ height:19px;
+ float:right;
+ margin-top:2px !important;
+ right:2px;
+ position:absolute;
+ background:#DDD url(<?php if(isset($WEBROOT)) echo($WEBROOT); ?>/img/arrow_up.png) no-repeat scroll center right;
+}
+
+td.moreActionsButtonClicked{
+ background:#DDD url(<?php if(isset($WEBROOT)) echo($WEBROOT); ?>/img/arrow_down.png) no-repeat scroll center right !important
+}
+
+tr.utilityline{
+ height:24px;
+}
+
+td.actionsSelected{
+ position:absolute;
+ width:790px;
+}
+
+div.moreActionsList{
+ background:#EEE;
+ position:absolute;
+ bottom:19px;
+ right:-2px;
+ border:1px solid black;
+ min-width:330px;
+ text-align:right;
+ float:right;
+}
+
+div.moreActionsList input{
+<!-- float:right; -->
+}
+
+div.moreActionsList>table{
+ width:100%;
+}
+
+div.moreActionsList td{
+ width:300px;
+ text-align:right;
+ padding-top:3px !important;
+ padding-bottom:3px !important;
+}
+
+div.moreActionsList tr:hover{
+ background-color:#DDD;
} \ No newline at end of file
diff --git a/files/move.php b/files/api.php
index 7103662c4a2..5a4c8801d4e 100644
--- a/files/move.php
+++ b/files/api.php
@@ -22,14 +22,28 @@
*/
require_once('../inc/lib_base.php');
-$sourceDir=$_GET['sourcedir'];
-$targetDir=$_GET['targetdir'];
-$source=$_GET['source'];
-$target=$_GET['target'];
-if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($sourceDir,'..')===false and strpos($source,'..')===false and strpos($targetDir,'..')===false and strpos($target,'..')===false){
- $target=$CONFIG_DATADIRECTORY.'/'.$targetDir.'/'.$target.'/'.$source;
- $source=$CONFIG_DATADIRECTORY.'/'.$sourceDir.'/'.$source;
- rename($source,$target);
+$arguments=$_POST;
+
+foreach($arguments as &$argument){
+ $argument=stripslashes($argument);
+}
+ob_clean();
+switch($arguments['action']){
+ case 'delete':
+ OC_FILES::delete($arguments['dir'],$arguments['file']);
+ break;
+ case 'rename':
+ OC_FILES::move($arguments['dir'],$arguments['file'],$arguments['dir'],$arguments['newname']);
+ break;
+ case 'new':
+ OC_FILES::newfile($arguments['dir'],$arguments['name'],$arguments['type']);
+ break;
+ case 'move':
+ OC_FILES::move($arguments['sourcedir'],$arguments['source'],$arguments['targetdir'],$arguments['target']);
+ break;
+ case 'get':
+ OC_FILES::get($arguments['dir'],$arguments['file']);
+ break;
}
?> \ No newline at end of file
diff --git a/files/get_file.php b/files/get_file.php
deleted file mode 100644
index 9ec539ee7e0..00000000000
--- a/files/get_file.php
+++ /dev/null
@@ -1,108 +0,0 @@
-<?php
-/**
-* ownCloud - ajax frontend
-*
-* @author Robin Appelman
-* @copyright 2010 Robin Appelman icewind1991@gmail.com
-*
-* This library is free software; you can redistribute it and/or
-* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
-* License as published by the Free Software Foundation; either
-* version 3 of the License, or any later version.
-*
-* This library is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this library. If not, see <http://www.gnu.org/licenses/>.
-*
-*/
-
-//note this file is for getting files themselves, get_files.php is for getting a list of files.
-
-require_once('../inc/lib_base.php');
-
-if(!function_exists('sys_get_temp_dir')) {
- function sys_get_temp_dir() {
- if( $temp=getenv('TMP') ) return $temp;
- if( $temp=getenv('TEMP') ) return $temp;
- if( $temp=getenv('TMPDIR') ) return $temp;
- $temp=tempnam(__FILE__,'');
- if (file_exists($temp)) {
- unlink($temp);
- return dirname($temp);
- }
- return null;
- }
-}
-
-function addDir($dir,$zip,$internalDir=''){
- $dirname=basename($dir);
- $zip->addEmptyDir($internalDir.$dirname);
- $internalDir.=$dirname.='/';
- $files=OC_FILES::getdirectorycontent($dir);
- foreach($files as $file){
- $filename=$file['name'];
- $file=$dir.'/'.$filename;
- if(is_file($file)){
- $zip->addFile($file,$internalDir.$filename);
- }elseif(is_dir($file)){
- addDir($file,$zip,$internalDir);
- }
- }
-}
-
-$files=$_GET['files'];
-$dir=(isset($_GET['dir']))?$_GET['dir']:'';
-if(strstr($files,'..') or strstr($dir,'..')){
- die();
-}
-if(strpos($files,',')){
- $files=explode(',',$files);
-}
-
-
-if(is_array($files)){
- $zip = new ZipArchive();
- $filename = sys_get_temp_dir()."/ownCloud.zip";
- if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
- exit("cannot open <$filename>\n");
- }
- foreach($files as $file){
- $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
- if(is_file($file)){
- $zip->addFile($file,basename($file));
- }elseif(is_dir($file)){
- addDir($file,$zip);
- }
- }
- $zip->close();
-}elseif(is_dir($CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files)){
- $zip = new ZipArchive();
- $filename = sys_get_temp_dir()."/ownCloud.zip";
- if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
- exit("cannot open <$filename>\n");
- }
- $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
- addDir($file,$zip);
- $zip->close();
-}else{
- $zip=false;
- $filename=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
-}
-header('Content-Description: File Transfer');
-header('Content-Type: application/octet-stream');
-header('Content-Disposition: attachment; filename='.basename($filename));
-header('Content-Transfer-Encoding: binary');
-header('Expires: 0');
-header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
-header('Pragma: public');
-header('Content-Length: ' . filesize($filename));
-ob_end_clean();
-readfile($filename);
-if($zip){
- unlink($filename);
-}
-?> \ No newline at end of file
diff --git a/files/get_files.php b/files/get_files.php
index 287b8cd453e..21866dbf636 100644
--- a/files/get_files.php
+++ b/files/get_files.php
@@ -47,12 +47,14 @@ $dirname=(isset($files[0]))?$files[0]['directory']:'';
$dirname=substr($dirname,strrpos($dirname,'/'));
$max_upload=min(return_bytes(ini_get('post_max_size')),return_bytes(ini_get('upload_max_filesize')));
ob_clean();
-echo "<?xml version='1.0' standalone='yes'?>\n";
+echo "<?xml version='1.0' encoding='UTF-8' standalone='yes'?>\n";
echo "<dir name='$dirname' max_upload='$max_upload'>\n";
if(is_array($files)){
foreach($files as $file){
$attributes='';
foreach($file as $name=>$data){
+ $data=utf8_encode($data);
+ $data=utf8tohtml($data);
$data=str_replace("'",'&#39;',$data);
if (is_string($name)) $attributes.=" $name='$data'";
}
@@ -60,5 +62,48 @@ if(is_array($files)){
echo "<file$attributes/>\n";
}
}
-echo "\n</dir>";
+echo "</dir>";
+
+// converts a UTF8-string into HTML entities
+// - $utf8: the UTF8-string to convert
+// - $encodeTags: booloean. TRUE will convert "<" to "&lt;"
+// - return: returns the converted HTML-string
+function utf8tohtml($utf8, $encodeTags=true) {
+ $result = '';
+ for ($i = 0; $i < strlen($utf8); $i++) {
+ $char = $utf8[$i];
+ $ascii = ord($char);
+ if ($ascii < 128) {
+ // one-byte character
+ $result .= ($encodeTags) ? htmlentities($char) : $char;
+ } else if ($ascii < 192) {
+ // non-utf8 character or not a start byte
+ } else if ($ascii < 224) {
+ // two-byte character
+ $result .= htmlentities(substr($utf8, $i, 2), ENT_QUOTES, 'UTF-8');
+ $i++;
+ } else if ($ascii < 240) {
+ // three-byte character
+ $ascii1 = ord($utf8[$i+1]);
+ $ascii2 = ord($utf8[$i+2]);
+ $unicode = (15 & $ascii) * 4096 +
+ (63 & $ascii1) * 64 +
+ (63 & $ascii2);
+ $result .= "&#$unicode;";
+ $i += 2;
+ } else if ($ascii < 248) {
+ // four-byte character
+ $ascii1 = ord($utf8[$i+1]);
+ $ascii2 = ord($utf8[$i+2]);
+ $ascii3 = ord($utf8[$i+3]);
+ $unicode = (15 & $ascii) * 262144 +
+ (63 & $ascii1) * 4096 +
+ (63 & $ascii2) * 64 +
+ (63 & $ascii3);
+ $result .= "&#$unicode;";
+ $i += 3;
+ }
+ }
+ return $result;
+}
?> \ No newline at end of file
diff --git a/files/new.php b/files/new.php
deleted file mode 100644
index c5d5608a567..00000000000
--- a/files/new.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php
-
-/**
-* ownCloud - ajax frontend
-*
-* @author Robin Appelman
-* @copyright 2010 Robin Appelman icewind1991@gmail.com
-*
-* This library is free software; you can redistribute it and/or
-* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
-* License as published by the Free Software Foundation; either
-* version 3 of the License, or any later version.
-*
-* This library is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this library. If not, see <http://www.gnu.org/licenses/>.
-*
-*/
-require_once('../inc/lib_base.php');
-
-$dir=$_GET['dir'];
-$name=$_GET['name'];
-$type=$_GET['type'];
-if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($dir,'..')===false and strpos($name,'..')===false){
- $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$name;
- if($type=='dir'){
- mkdir($file);
- }elseif($type=='file'){
- $fileHandle=fopen($file, 'w') or die("can't open file");
- fclose($fileHandle);
- }
-}
-
-?> \ No newline at end of file
diff --git a/files/upload.php b/files/upload.php
index b5fed2ed5b1..0aa435cad6f 100644
--- a/files/upload.php
+++ b/files/upload.php
@@ -22,6 +22,8 @@
*/
require_once('../inc/lib_base.php');
+// sleep(5); //immitate slow internet.
+
$fileName=$_FILES['file']['name'];
$source=$_FILES['file']['tmp_name'];
$target=$CONFIG_DATADIRECTORY.'/'.$_GET['dir'].'/'.$fileName;
diff --git a/inc/HTTP/WebDAV/Server.php b/inc/HTTP/WebDAV/Server.php
index e1438b015e3..913550eb150 100644
--- a/inc/HTTP/WebDAV/Server.php
+++ b/inc/HTTP/WebDAV/Server.php
@@ -1,3 +1,4 @@
+<<<<<<< HEAD:inc/HTTP/WebDAV/Server.php
<?php // $Id$
/*
+----------------------------------------------------------------------+
@@ -33,9 +34,35 @@
+----------------------------------------------------------------------+
*/
-require_once "HTTP/WebDAV/Tools/_parse_propfind.php";
-require_once "HTTP/WebDAV/Tools/_parse_proppatch.php";
-require_once "HTTP/WebDAV/Tools/_parse_lockinfo.php";
+oc_require_once "HTTP/WebDAV/Tools/_parse_propfind.php";
+oc_require_once "HTTP/WebDAV/Tools/_parse_proppatch.php";
+oc_require_once "HTTP/WebDAV/Tools/_parse_lockinfo.php";
+=======
+<?php
+//
+// +----------------------------------------------------------------------+
+// | PHP Version 4 |
+// +----------------------------------------------------------------------+
+// | Copyright (c) 1997-2003 The PHP Group |
+// +----------------------------------------------------------------------+
+// | This source file is subject to version 2.02 of the PHP license, |
+// | that is bundled with this package in the file LICENSE, and is |
+// | available at through the world-wide-web at |
+// | http://www.php.net/license/2_02.txt. |
+// | If you did not receive a copy of the PHP license and are unable to |
+// | obtain it through the world-wide-web, please send a note to |
+// | license@php.net so we can mail you a copy immediately. |
+// +----------------------------------------------------------------------+
+// | Authors: Hartmut Holzgraefe <hholzgra@php.net> |
+// | Christian Stocker <chregu@bitflux.ch> |
+// +----------------------------------------------------------------------+
+//
+// $Id: Server.php,v 1.46 2006/03/03 21:43:09 hholzgra Exp $
+//
+oc_require_once("HTTP/WebDAV/Tools/_parse_propfind.php");
+oc_require_once("HTTP/WebDAV/Tools/_parse_proppatch.php");
+oc_require_once("HTTP/WebDAV/Tools/_parse_lockinfo.php");
+>>>>>>> 854e0c5a9c9060e827fbbfddffeeeadfc2d27278:inc/HTTP/WebDAV/Server.php
/**
* Virtual base class for implementing WebDAV servers
diff --git a/inc/HTTP/WebDAV/Server/Filesystem.php b/inc/HTTP/WebDAV/Server/Filesystem.php
index 97f00b25572..d38d05e8f26 100644
--- a/inc/HTTP/WebDAV/Server/Filesystem.php
+++ b/inc/HTTP/WebDAV/Server/Filesystem.php
@@ -1,3 +1,4 @@
+<<<<<<< HEAD:inc/HTTP/WebDAV/Server/Filesystem.php
<?php // $Id$
/*
+----------------------------------------------------------------------+
@@ -32,9 +33,9 @@
| POSSIBILITY OF SUCH DAMAGE. |
+----------------------------------------------------------------------+
*/
- require_once "lib_base.php";
- require_once "HTTP/WebDAV/Server.php";
- require_once "System.php";
+ require_once "../../../lib_base.php";
+ oc_require_once "HTTP/WebDAV/Server.php";
+ oc_require_once "System.php";
/**
* Filesystem access using WebDAV
@@ -853,3 +854,722 @@
* indent-tabs-mode:nil
* End:
*/
+=======
+<?php
+ oc_require_once("HTTP/WebDAV/Server.php");
+ oc_require_once("System.php");
+
+ /**
+ * Filesystem access using WebDAV
+ *
+ * @access public
+ */
+ class HTTP_WebDAV_Server_Filesystem extends HTTP_WebDAV_Server
+ {
+ /**
+ * Root directory for WebDAV access
+ *
+ * Defaults to webserver document root (set by ServeRequest)
+ *
+ * @access private
+ * @var string
+ */
+ var $base = "";
+
+ /**
+ * Serve a webdav request
+ *
+ * @access public
+ * @param string
+ */
+ function ServeRequest($base = false)
+ {
+ // special treatment for litmus compliance test
+ // reply on its identifier header
+ // not needed for the test itself but eases debugging
+ if (function_exists("apache_request_headers")) {
+ foreach(apache_request_headers() as $key => $value) {
+ if (stristr($key,"litmus")) {
+ error_log("Litmus test $value");
+ header("X-Litmus-reply: ".$value);
+ }
+ }
+ }
+
+ // set root directory, defaults to webserver document root if not set
+ if ($base) {
+ $this->base = realpath($base); // TODO throw if not a directory
+ } else if (!$this->base) {
+ $this->base = $_SERVER['DOCUMENT_ROOT'];
+ }
+
+ // let the base class do all the work
+ parent::ServeRequest();
+ }
+
+ /**
+ * No authentication is needed here
+ *
+ * @access private
+ * @param string HTTP Authentication type (Basic, Digest, ...)
+ * @param string Username
+ * @param string Password
+ * @return bool true on successful authentication
+ */
+ function check_auth($type, $user, $pass)
+ {
+ return true;
+ }
+
+
+ /**
+ * PROPFIND method handler
+ *
+ * @param array general parameter passing array
+ * @param array return array for file properties
+ * @return bool true on success
+ */
+ function PROPFIND(&$options, &$files)
+ {
+ // get absolute fs path to requested resource
+ $fspath = $this->base . $options["path"];
+
+ // sanity check
+ if (!file_exists($fspath)) {
+ return false;
+ }
+
+ // prepare property array
+ $files["files"] = array();
+
+ // store information for the requested path itself
+ $files["files"][] = $this->fileinfo($options["path"]);
+
+ // information for contained resources requested?
+ if (!empty($options["depth"])) { // TODO check for is_dir() first?
+
+ // make sure path ends with '/'
+ $options["path"] = $this->_slashify($options["path"]);
+
+ // try to open directory
+ $handle = @opendir($fspath);
+
+ if ($handle) {
+ // ok, now get all its contents
+ while ($filename = readdir($handle)) {
+ if ($filename != "." && $filename != "..") {
+ $files["files"][] = $this->fileinfo($options["path"].$filename);
+ }
+ }
+ // TODO recursion needed if "Depth: infinite"
+ }
+ }
+
+ // ok, all done
+ return true;
+ }
+
+ /**
+ * Get properties for a single file/resource
+ *
+ * @param string resource path
+ * @return array resource properties
+ */
+ function fileinfo($path)
+ {
+ // map URI path to filesystem path
+ $fspath = $this->base . $path;
+
+ // create result array
+ $info = array();
+ // TODO remove slash append code when base clase is able to do it itself
+ $info["path"] = is_dir($fspath) ? $this->_slashify($path) : $path;
+ $info["props"] = array();
+
+ // no special beautified displayname here ...
+ $info["props"][] = $this->mkprop("displayname", strtoupper($path));
+
+ // creation and modification time
+ $info["props"][] = $this->mkprop("creationdate", filectime($fspath));
+ $info["props"][] = $this->mkprop("getlastmodified", filemtime($fspath));
+
+ // type and size (caller already made sure that path exists)
+ if (is_dir($fspath)) {
+ // directory (WebDAV collection)
+ $info["props"][] = $this->mkprop("resourcetype", "collection");
+ $info["props"][] = $this->mkprop("getcontenttype", "httpd/unix-directory");
+ } else {
+ // plain file (WebDAV resource)
+ $info["props"][] = $this->mkprop("resourcetype", "");
+ if (is_readable($fspath)) {
+ $info["props"][] = $this->mkprop("getcontenttype", $this->_mimetype($fspath));
+ } else {
+ $info["props"][] = $this->mkprop("getcontenttype", "application/x-non-readable");
+ }
+ $info["props"][] = $this->mkprop("getcontentlength", filesize($fspath));
+ }
+
+ // get additional properties from database
+ $query = "SELECT ns, name, value FROM properties WHERE path = '$path'";
+ $res = OC_DB::query($query);
+ while ($row = OC_DB::fetch_assoc($res)) {
+ $info["props"][] = $this->mkprop($row["ns"], $row["name"], $row["value"]);
+ }
+ OC_DB::free_result($res);
+
+ return $info;
+ }
+
+ /**
+ * detect if a given program is found in the search PATH
+ *
+ * helper function used by _mimetype() to detect if the
+ * external 'file' utility is available
+ *
+ * @param string program name
+ * @param string optional search path, defaults to $PATH
+ * @return bool true if executable program found in path
+ */
+ function _can_execute($name, $path = false)
+ {
+ // path defaults to PATH from environment if not set
+ if ($path === false) {
+ $path = getenv("PATH");
+ }
+
+ // check method depends on operating system
+ if (!strncmp(PHP_OS, "WIN", 3)) {
+ // on Windows an appropriate COM or EXE file needs to exist
+ $exts = array(".exe", ".com");
+ $check_fn = "file_exists";
+ } else {
+ // anywhere else we look for an executable file of that name
+ $exts = array("");
+ $check_fn = "is_executable";
+ }
+
+ // now check the directories in the path for the program
+ foreach (explode(PATH_SEPARATOR, $path) as $dir) {
+ // skip invalid path entries
+ if (!file_exists($dir)) continue;
+ if (!is_dir($dir)) continue;
+
+ // and now look for the file
+ foreach ($exts as $ext) {
+ if ($check_fn("$dir/$name".$ext)) return true;
+ }
+ }
+
+ return false;
+ }
+
+
+ /**
+ * try to detect the mime type of a file
+ *
+ * @param string file path
+ * @return string guessed mime type
+ */
+ function _mimetype($fspath)
+ {
+ if (@is_dir($fspath)) {
+ // directories are easy
+ return "httpd/unix-directory";
+ } else if (function_exists("mime_content_type")) {
+ // use mime magic extension if available
+ $mime_type = mime_content_type($fspath);
+ } else if ($this->_can_execute("file")) {
+ // it looks like we have a 'file' command,
+ // lets see it it does have mime support
+ $fp = popen("file -i '$fspath' 2>/dev/null", "r");
+ $reply = fgets($fp);
+ pclose($fp);
+
+ // popen will not return an error if the binary was not found
+ // and find may not have mime support using "-i"
+ // so we test the format of the returned string
+
+ // the reply begins with the requested filename
+ if (!strncmp($reply, "$fspath: ", strlen($fspath)+2)) {
+ $reply = substr($reply, strlen($fspath)+2);
+ // followed by the mime type (maybe including options)
+ if (preg_match('/^[[:alnum:]_-]+/[[:alnum:]_-]+;?.*/', $reply, $matches)) {
+ $mime_type = $matches[0];
+ }
+ }
+ }
+
+ if (empty($mime_type)) {
+ // Fallback solution: try to guess the type by the file extension
+ // TODO: add more ...
+ // TODO: it has been suggested to delegate mimetype detection
+ // to apache but this has at least three issues:
+ // - works only with apache
+ // - needs file to be within the document tree
+ // - requires apache mod_magic
+ // TODO: can we use the registry for this on Windows?
+ // OTOH if the server is Windos the clients are likely to
+ // be Windows, too, and tend do ignore the Content-Type
+ // anyway (overriding it with information taken from
+ // the registry)
+ // TODO: have a seperate PEAR class for mimetype detection?
+ switch (strtolower(strrchr(basename($fspath), "."))) {
+ case ".html":
+ $mime_type = "text/html";
+ break;
+ case ".gif":
+ $mime_type = "image/gif";
+ break;
+ case ".jpg":
+ $mime_type = "image/jpeg";
+ break;
+ default:
+ $mime_type = "application/octet-stream";
+ break;
+ }
+ }
+
+ return $mime_type;
+ }
+
+ /**
+ * GET method handler
+ *
+ * @param array parameter passing array
+ * @return bool true on success
+ */
+ function GET(&$options)
+ {
+ // get absolute fs path to requested resource
+ $fspath = $this->base . $options["path"];
+
+ // sanity check
+ if (!file_exists($fspath)) return false;
+
+ // is this a collection?
+ if (is_dir($fspath)) {
+ return $this->GetDir($fspath, $options);
+ }
+
+ // detect resource type
+ $options['mimetype'] = $this->_mimetype($fspath);
+
+ // detect modification time
+ // see rfc2518, section 13.7
+ // some clients seem to treat this as a reverse rule
+ // requiering a Last-Modified header if the getlastmodified header was set
+ $options['mtime'] = filemtime($fspath);
+
+ // detect resource size
+ $options['size'] = filesize($fspath);
+
+ // no need to check result here, it is handled by the base class
+ $options['stream'] = fopen($fspath, "r");
+
+ return true;
+ }
+
+ /**
+ * GET method handler for directories
+ *
+ * This is a very simple mod_index lookalike.
+ * See RFC 2518, Section 8.4 on GET/HEAD for collections
+ *
+ * @param string directory path
+ * @return void function has to handle HTTP response itself
+ */
+ function GetDir($fspath, &$options)
+ {
+ $path = $this->_slashify($options["path"]);
+ if ($path != $options["path"]) {
+ header("Location: ".$this->base_uri.$path);
+ exit;
+ }
+
+ // fixed width directory column format
+ $format = "%15s %-19s %-s\n";
+
+ $handle = @opendir($fspath);
+ if (!$handle) {
+ return false;
+ }
+
+ echo "<html><head><title>Index of ".htmlspecialchars($options['path'])."</title></head>\n";
+
+ echo "<h1>Index of ".htmlspecialchars($options['path'])."</h1>\n";
+
+ echo "<pre>";
+ printf($format, "Size", "Last modified", "Filename");
+ echo "<hr>";
+
+ while ($filename = readdir($handle)) {
+ if ($filename != "." && $filename != "..") {
+ $fullpath = $fspath."/".$filename;
+ $name = htmlspecialchars($filename);
+ printf($format,
+ number_format(filesize($fullpath)),
+ strftime("%Y-%m-%d %H:%M:%S", filemtime($fullpath)),
+ "<a href='$this->base_uri$path$name'>$name</a>");
+ }
+ }
+
+ echo "</pre>";
+
+ closedir($handle);
+
+ echo "</html>\n";
+
+ exit;
+ }
+
+ /**
+ * PUT method handler
+ *
+ * @param array parameter passing array
+ * @return bool true on success
+ */
+ function PUT(&$options)
+ {
+ $fspath = $this->base . $options["path"];
+
+ if (!@is_dir(dirname($fspath))) {
+ return "409 Conflict";
+ }
+
+ $options["new"] = ! file_exists($fspath);
+
+ $fp = fopen($fspath, "w");
+
+ return $fp;
+ }
+
+
+ /**
+ * MKCOL method handler
+ *
+ * @param array general parameter passing array
+ * @return bool true on success
+ */
+ function MKCOL($options)
+ {
+ $path = $this->base .$options["path"];
+ $parent = dirname($path);
+ $name = basename($path);
+
+ if (!file_exists($parent)) {
+ return "409 Conflict";
+ }
+
+ if (!is_dir($parent)) {
+ return "403 Forbidden";
+ }
+
+ if ( file_exists($parent."/".$name) ) {
+ return "405 Method not allowed";
+ }
+
+ if (!empty($_SERVER["CONTENT_LENGTH"])) { // no body parsing yet
+ return "415 Unsupported media type";
+ }
+
+ $stat = mkdir ($parent."/".$name,0777);
+ if (!$stat) {
+ return "403 Forbidden";
+ }
+
+ return ("201 Created");
+ }
+
+
+ /**
+ * DELETE method handler
+ *
+ * @param array general parameter passing array
+ * @return bool true on success
+ */
+ function DELETE($options)
+ {
+ $path = $this->base . "/" .$options["path"];
+
+ if (!file_exists($path)) {
+ return "404 Not found";
+ }
+
+ if (is_dir($path)) {
+ $query = "DELETE FROM properties WHERE path LIKE '".$this->_slashify($options["path"])."%'";
+ OC_DB::query($query);
+ System::rm("-rf $path");
+ } else {
+ unlink ($path);
+ }
+ $query = "DELETE FROM properties WHERE path = '$options[path]'";
+ OC_DB::query($query);
+
+ return "204 No Content";
+ }
+
+
+ /**
+ * MOVE method handler
+ *
+ * @param array general parameter passing array
+ * @return bool true on success
+ */
+ function MOVE($options)
+ {
+ return $this->COPY($options, true);
+ }
+
+ /**
+ * COPY method handler
+ *
+ * @param array general parameter passing array
+ * @return bool true on success
+ */
+ function COPY($options, $del=false)
+ {
+ // TODO Property updates still broken (Litmus should detect this?)
+
+ if (!empty($_SERVER["CONTENT_LENGTH"])) { // no body parsing yet
+ return "415 Unsupported media type";
+ }
+
+ // no copying to different WebDAV Servers yet
+ if (isset($options["dest_url"])) {
+ return "502 bad gateway";
+ }
+
+ $source = $this->base .$options["path"];
+ if (!file_exists($source)) return "404 Not found";
+
+ $dest = $this->base . $options["dest"];
+
+ $new = !file_exists($dest);
+ $existing_col = false;
+
+ if (!$new) {
+ if ($del && is_dir($dest)) {
+ if (!$options["overwrite"]) {
+ return "412 precondition failed";
+ }
+ $dest .= basename($source);
+ if (file_exists($dest)) {
+ $options["dest"] .= basename($source);
+ } else {
+ $new = true;
+ $existing_col = true;
+ }
+ }
+ }
+
+ if (!$new) {
+ if ($options["overwrite"]) {
+ $stat = $this->DELETE(array("path" => $options["dest"]));
+ if (($stat{0} != "2") && (substr($stat, 0, 3) != "404")) {
+ return $stat;
+ }
+ } else {
+ return "412 precondition failed";
+ }
+ }
+
+ if (is_dir($source) && ($options["depth"] != "infinity")) {
+ // RFC 2518 Section 9.2, last paragraph
+ return "400 Bad request";
+ }
+
+ if ($del) {
+ if (!rename($source, $dest)) {
+ return "500 Internal server error";
+ }
+ $destpath = $this->_unslashify($options["dest"]);
+ if (is_dir($source)) {
+ $query = "UPDATE properties
+ SET path = REPLACE(path, '".$options["path"]."', '".$destpath."')
+ WHERE path LIKE '".$this->_slashify($options["path"])."%'";
+ OC_DB::query($query);
+ }
+
+ $query = "UPDATE properties
+ SET path = '".$destpath."'
+ WHERE path = '".$options["path"]."'";
+ OC_DB::query($query);
+ } else {
+ if (is_dir($source)) {
+ $files = System::find($source);
+ $files = array_reverse($files);
+ } else {
+ $files = array($source);
+ }
+
+ if (!is_array($files) || empty($files)) {
+ return "500 Internal server error";
+ }
+
+
+ foreach ($files as $file) {
+ if (is_dir($file)) {
+ $file = $this->_slashify($file);
+ }
+
+ $destfile = str_replace($source, $dest, $file);
+
+ if (is_dir($file)) {
+ if (!is_dir($destfile)) {
+ // TODO "mkdir -p" here? (only natively supported by PHP 5)
+ if (!mkdir($destfile)) {
+ return "409 Conflict";
+ }
+ } else {
+ error_log("existing dir '$destfile'");
+ }
+ } else {
+ if (!copy($file, $destfile)) {
+ return "409 Conflict";
+ }
+ }
+ }
+
+ $query = "INSERT INTO properties SELECT ... FROM properties WHERE path = '".$options['path']."'";
+ }
+
+ return ($new && !$existing_col) ? "201 Created" : "204 No Content";
+ }
+
+ /**
+ * PROPPATCH method handler
+ *
+ * @param array general parameter passing array
+ * @return bool true on success
+ */
+ function PROPPATCH(&$options)
+ {
+ global $prefs, $tab;
+
+ $msg = "";
+
+ $path = $options["path"];
+
+ $dir = dirname($path)."/";
+ $base = basename($path);
+
+ foreach($options["props"] as $key => $prop) {
+ if ($prop["ns"] == "DAV:") {
+ $options["props"][$key]['status'] = "403 Forbidden";
+ } else {
+ if (isset($prop["val"])) {
+ $query = "REPLACE INTO properties SET path = '$options[path]', name = '$prop[name]', ns= '$prop[ns]', value = '$prop[val]'";
+ error_log($query);
+ } else {
+ $query = "DELETE FROM properties WHERE path = '$options[path]' AND name = '$prop[name]' AND ns = '$prop[ns]'";
+ }
+ OC_DB::query($query);
+ }
+ }
+
+ return "";
+ }
+
+
+ /**
+ * LOCK method handler
+ *
+ * @param array general parameter passing array
+ * @return bool true on success
+ */
+ function LOCK(&$options)
+ {
+ if (isset($options["update"])) { // Lock Update
+ $query = "UPDATE locks SET expires = ".(time()+300);
+ OC_DB::query($query);
+
+ if (OC_DB::affected_rows()) {
+ $options["timeout"] = 300; // 5min hardcoded
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ $options["timeout"] = time()+300; // 5min. hardcoded
+
+ $query = "INSERT INTO locks
+ SET token = '$options[locktoken]'
+ , path = '$options[path]'
+ , owner = '$options[owner]'
+ , expires = '$options[timeout]'
+ , exclusivelock = " .($options['scope'] === "exclusive" ? "1" : "0")
+ ;
+ OC_DB::query($query);
+
+ return OC_DB::affected_rows() ? "200 OK" : "409 Conflict";
+ }
+
+ /**
+ * UNLOCK method handler
+ *
+ * @param array general parameter passing array
+ * @return bool true on success
+ */
+ function UNLOCK(&$options)
+ {
+ $query = "DELETE FROM locks
+ WHERE path = '$options[path]'
+ AND token = '$options[token]'";
+ OC_DB::query($query);
+
+ return OC_DB::affected_rows() ? "204 No Content" : "409 Conflict";
+ }
+
+ /**
+ * checkLock() helper
+ *
+ * @param string resource path to check for locks
+ * @return bool true on success
+ */
+ function checkLock($path)
+ {
+ $result = false;
+
+ $query = "SELECT owner, token, expires, exclusivelock
+ FROM locks
+ WHERE path = '$path'
+ ";
+ $res = OC_DB::query($query);
+
+ if ($res) {
+ $row = OC_DB::fetch_assoc($res);
+ OC_DB::free_result($res);
+
+ if ($row) {
+ $result = array( "type" => "write",
+ "scope" => $row["exclusivelock"] ? "exclusive" : "shared",
+ "depth" => 0,
+ "owner" => $row['owner'],
+ "token" => $row['token'],
+ "expires" => $row['expires']
+ );
+ }
+ }
+
+ return $result;
+ }
+
+
+ /**
+ * create database tables for property and lock storage
+ *
+ * @param void
+ * @return bool true on success
+ */
+ function create_database()
+ {
+ // TODO
+ return false;
+ }
+
+ }
+
+
+?>
+>>>>>>> 854e0c5a9c9060e827fbbfddffeeeadfc2d27278:inc/HTTP/WebDAV/Server/Filesystem.php
diff --git a/inc/lib_base.php b/inc/lib_base.php
index e4309261709..851fc254b8e 100755
--- a/inc/lib_base.php
+++ b/inc/lib_base.php
@@ -40,11 +40,10 @@ if($WEBROOT{0}!=='/'){
}
// set the right include path
-set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config');
+// set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config');
// define default config values
-$CONFIG_ADMINLOGIN='';
-$CONFIG_ADMINPASSWORD='';
+$CONFIG_INSTALLED=false;
$CONFIG_DATADIRECTORY=$SERVERROOT.'/data';
$CONFIG_HTTPFORCESSL=false;
$CONFIG_DATEFORMAT='j M Y G:i';
@@ -52,7 +51,7 @@ $CONFIG_DBNAME='owncloud';
$CONFIG_DBTYPE='sqlite';
// include the generated configfile
-@include_once('config.php');
+@oc_include_once('config.php');
// redirect to https site if configured
if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){
@@ -64,12 +63,22 @@ if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){
}
// load core libs
-require_once('lib_files.php');
-require_once('lib_log.php');
-require_once('lib_config.php');
+oc_require_once('lib_files.php');
+oc_require_once('lib_log.php');
+oc_require_once('lib_config.php');
+oc_require_once('lib_user.php');
+oc_require_once('lib_ocs.php');
+
+if(OC_USER::isLoggedIn()){
+ //jail the user in a seperate data folder
+ $CONFIG_DATADIRECTORY=$SERVERROOT.'/data/'.$_SESSION['username_clean'];
+ if(!is_dir($CONFIG_DATADIRECTORY)){
+ mkdir($CONFIG_DATADIRECTORY);
+ }
+}
// load plugins
-$CONFIG_LOADPLUGINS='music';
+$CONFIG_LOADPLUGINS='';
$plugins=explode(' ',$CONFIG_LOADPLUGINS);
if(isset($plugins[0]['url'])) foreach($plugins as $plugin) require_once('plugins/'.$plugin.'/lib_'.$plugin.'.php');
@@ -81,46 +90,6 @@ OC_UTIL::checkserver();
OC_USER::logoutlisener();
$loginresult=OC_USER::loginlisener();
-
-/**
- * Class for usermanagement
- *
- */
-class OC_USER {
-
- /**
- * check if the login button is pressed and logg the user in
- *
- */
- public static function loginlisener(){
- global $CONFIG_ADMINLOGIN;
- global $CONFIG_ADMINPASSWORD;
- if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
- if($_POST['login']==$CONFIG_ADMINLOGIN and $_POST['password']==$CONFIG_ADMINPASSWORD){
- $_SESSION['username']=$_POST['login'];
- OC_LOG::event($_SESSION['username'],1,'');
- return('');
- }else{
- return('error');
- }
- }
- return('');
- }
-
- /**
- * check if the logout button is pressed and logout the user
- *
- */
- public static function logoutlisener(){
- if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
- OC_LOG::event($_SESSION['username'],2,'');
- unset($_SESSION['username']);
- }
- }
-
-}
-
-
/**
* Class for utility functions
*
@@ -163,7 +132,7 @@ class OC_UTIL {
public static function showheader(){
global $CONFIG_ADMINLOGIN;
global $WEBROOT;
- require('templates/header.php');;
+ oc_require('templates/header.php');;
}
/**
@@ -173,7 +142,7 @@ class OC_UTIL {
public static function showfooter(){
global $CONFIG_FOOTEROWNERNAME;
global $CONFIG_FOOTEROWNEREMAIL;
- require('templates/footer.php');;
+ oc_require('templates/footer.php');;
}
/**
@@ -204,8 +173,11 @@ class OC_UTIL {
if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo('<td class="navigationitemselected"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>');
}
- if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>');
- if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>');
+ if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>');
+ if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>');
+ if(OC_USER::ingroup($_SESSION['username'],'admin')){
+ if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>');
+ }
echo('<td class="navigationitem"><a href="?logoutbutton=1">Logout</a></td>');
echo('</tr></table>');
}
@@ -217,7 +189,7 @@ class OC_UTIL {
*/
public static function showloginform(){
global $loginresult;
- require('templates/loginform.php');
+ oc_require('templates/loginform.php');
}
@@ -285,6 +257,32 @@ class OC_DB {
}
/**
+ * executes a query on the database and returns the result in an array
+ *
+ * @param string $cmd
+ * @return result-set
+ */
+ static function select($cmd) {
+ global $CONFIG_DBTYPE;
+ $result=OC_DB::query($cmd);
+ if($result){
+ $data=array();
+ if($CONFIG_DBTYPE=='sqlite'){
+ while($row=$result->fetch(SQLITE_ASSOC)){
+ $data[]=$row;
+ }
+ }elseif($CONFIG_DBTYPE=='mysql'){
+ while($row=$result->fetch_array(MYSQLI_ASSOC)){
+ $data[]=$row;
+ }
+ }
+ return $data;
+ }else{
+ return false;
+ }
+ }
+
+ /**
* executes multiply queries on the database
*
* @param string $cmd
@@ -455,4 +453,101 @@ class OC_DB {
}
-?>
+//custom require/include functions because not all hosts allow us to set the include path
+function oc_require($file){
+ global $SERVERROOT;
+ global $DOCUMENTROOT;
+ global $WEBROOT;
+ global $CONFIG_DBNAME;
+ global $CONFIG_DBHOST;
+ global $CONFIG_DBUSER;
+ global $CONFIG_DBPASSWORD;
+ global $CONFIG_DBTYPE;
+ global $CONFIG_DATADIRECTORY;
+ global $CONFIG_HTTPFORCESSL;
+ global $CONFIG_DATEFORMAT;
+ global $CONFIG_INSTALLED;
+ if(is_file($file)){
+ require($file);
+ }elseif(is_file($SERVERROOT.'/'.$file)){
+ require($SERVERROOT.'/'.$file);
+ }elseif(is_file($SERVERROOT.'/inc/'.$file)){
+ require($SERVERROOT.'/inc/'.$file);
+ }elseif(is_file($SERVERROOT.'/config/'.$file)){
+ require($SERVERROOT.'/config/'.$file);
+ }
+}
+
+function oc_require_once($file){
+ global $SERVERROOT;
+ global $DOCUMENTROOT;
+ global $WEBROOT;
+ global $CONFIG_DBNAME;
+ global $CONFIG_DBHOST;
+ global $CONFIG_DBUSER;
+ global $CONFIG_DBPASSWORD;
+ global $CONFIG_DBTYPE;
+ global $CONFIG_DATADIRECTORY;
+ global $CONFIG_HTTPFORCESSL;
+ global $CONFIG_DATEFORMAT;
+ global $CONFIG_INSTALLED;
+ if(is_file($file)){
+ require_once($file);
+ }elseif(is_file($SERVERROOT.'/'.$file)){
+ require_once($SERVERROOT.'/'.$file);
+ }elseif(is_file($SERVERROOT.'/inc/'.$file)){
+ require_once($SERVERROOT.'/inc/'.$file);
+ }elseif(is_file($SERVERROOT.'/config/'.$file)){
+ require_once($SERVERROOT.'/config/'.$file);
+ }
+}
+
+function oc_include($file){
+ global $SERVERROOT;
+ global $DOCUMENTROOT;
+ global $WEBROOT;
+ global $CONFIG_DBNAME;
+ global $CONFIG_DBHOST;
+ global $CONFIG_DBUSER;
+ global $CONFIG_DBPASSWORD;
+ global $CONFIG_DBTYPE;
+ global $CONFIG_DATADIRECTORY;
+ global $CONFIG_HTTPFORCESSL;
+ global $CONFIG_DATEFORMAT;
+ global $CONFIG_INSTALLED;
+ if(is_file($file)){
+ include($file);
+ }elseif(is_file($SERVERROOT.'/'.$file)){
+ include($SERVERROOT.'/'.$file);
+ }elseif(is_file($SERVERROOT.'/inc/'.$file)){
+ include($SERVERROOT.'/inc/'.$file);
+ }elseif(is_file($SERVERROOT.'/config/'.$file)){
+ include($SERVERROOT.'/config/'.$file);
+ }
+}
+
+function oc_include_once($file){
+ global $SERVERROOT;
+ global $DOCUMENTROOT;
+ global $WEBROOT;
+ global $CONFIG_DBNAME;
+ global $CONFIG_DBHOST;
+ global $CONFIG_DBUSER;
+ global $CONFIG_DBPASSWORD;
+ global $CONFIG_DBTYPE;
+ global $CONFIG_DATADIRECTORY;
+ global $CONFIG_HTTPFORCESSL;
+ global $CONFIG_DATEFORMAT;
+ global $CONFIG_INSTALLED;
+ if(is_file($file)){
+ include_once($file);
+ }elseif(is_file($SERVERROOT.'/'.$file)){
+ include_once($SERVERROOT.'/'.$file);
+ }elseif(is_file($SERVERROOT.'/inc/'.$file)){
+ include_once($SERVERROOT.'/inc/'.$file);
+ }elseif(is_file($SERVERROOT.'/config/'.$file)){
+ include_once($SERVERROOT.'/config/'.$file);
+ }
+}
+
+?> \ No newline at end of file
diff --git a/inc/lib_config.php b/inc/lib_config.php
index a3270ab41b3..389aeff646e 100755
--- a/inc/lib_config.php
+++ b/inc/lib_config.php
@@ -11,122 +11,250 @@ class OC_CONFIG{
global $CONFIG_HTTPFORCESSL;
global $CONFIG_DATEFORMAT;
global $CONFIG_DBNAME;
- require('templates/configform.php');
+ oc_require('templates/configform.php');
}
-
+
/**
- * lisen for configuration changes and write it to the file
+ * show the configform
*
*/
- public static function writeconfiglisener(){
- global $DOCUMENTROOT;
- global $SERVERROOT;
- global $WEBROOT;
- global $CONFIG_DBHOST;
- global $CONFIG_DBNAME;
- global $CONFIG_DBUSER;
- global $CONFIG_DBPASSWORD;
- global $CONFIG_DBTYPE;
+ public static function showadminform(){
global $CONFIG_ADMINLOGIN;
global $CONFIG_ADMINPASSWORD;
- if(isset($_POST['set_config'])){
-
- //checkdata
- $error='';
- $FIRSTRUN=empty($CONFIG_ADMINLOGIN);
- if(!$FIRSTRUN){
- if($_POST['currentpassword']!=$CONFIG_ADMINPASSWORD){
- $error.='wrong password<br />';
+ global $CONFIG_DATADIRECTORY;
+ global $CONFIG_HTTPFORCESSL;
+ global $CONFIG_DATEFORMAT;
+ global $CONFIG_DBNAME;
+ global $CONFIG_INSTALLED;
+ $allow=false;
+ if(!$CONFIG_INSTALLED){
+ $allow=true;
+ }elseif(OC_USER::isLoggedIn()){
+ if(OC_USER::ingroup($_SESSION['username'],'admin')){
+ $allow=true;
}
}
-
- if(!isset($_POST['adminlogin']) or empty($_POST['adminlogin'])) $error.='admin login not set<br />';
- if((!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])) and $FIRSTRUN) $error.='admin password not set<br />';
- if((!isset($_POST['adminpassword2']) or empty($_POST['adminpassword2'])) and $FIRSTRUN) $error.='retype admin password not set<br />';
- if(!isset($_POST['datadirectory']) or empty($_POST['datadirectory'])) $error.='data directory not set<br />';
- if(!isset($_POST['dateformat']) or empty($_POST['dateformat'])) $error.='dateformat not set<br />';
- if(!isset($_POST['dbname']) or empty($_POST['dbname'])) $error.='databasename not set<br />';
- if($_POST['adminpassword']<>$_POST['adminpassword2'] ) $error.='admin passwords are not the same<br />';
- $dbtype=$_POST['dbtype'];
- if($dbtype=='mysql'){
- if(!isset($_POST['dbhost']) or empty($_POST['dbhost'])) $error.='database host not set<br />';
- if(!isset($_POST['dbuser']) or empty($_POST['dbuser'])) $error.='database user not set<br />';
- if($_POST['dbpassword']<>$_POST['dbpassword2'] ) $error.='database passwords are not the same<br />';
-
+ if($allow){
+ oc_require('templates/adminform.php');
+ }
+ }
+
+ public static function createuserlisener(){
+ if(OC_USER::isLoggedIn()){
+ if(OC_USER::ingroup($_SESSION['username'],'admin')){
+ if(isset($_POST['new_username']) and isset($_POST['new_password'])){
+ if(OC_USER::createuser($_POST['new_username'],$_POST['new_password'])){
+ return 'user successfully created';
+ }else{
+ return 'error while trying to create user';
+ }
+ }else{
+ return false;
+ }
+ }else{
+ return false;
+ }
}
- if(!$FIRSTRUN){
- if(!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])){
- $_POST['adminpassword']=$CONFIG_ADMINPASSWORD;
+ }
+
+ public static function creategrouplisener(){
+ if(OC_USER::isLoggedIn()){
+ if(isset($_POST['creategroup']) and $_POST['creategroup']==1){
+ if(OC_USER::creategroup($_POST['groupname'])){
+ if(OC_USER::addtogroup($_SESSION['username'],$_POST['groupname'])){
+ return 'group successfully created';
+ }else{
+ return 'error while trying to add user to the new created group';
+ }
+ }else{
+ return 'error while trying to create group';
+ }
+ }else{
+ return false;
}
- if(!isset($_POST['dbpassword']) or empty($_POST['dbpassword'])){
- $_POST['dbpassword']=$CONFIG_DBPASSWORD;
+ }else{
+ return false;
+ }
+ }
+
+
+ /**
+ * lisen for configuration changes
+ *
+ */
+ public static function configlisener(){
+ if(OC_USER::isLoggedIn()){
+ if(isset($_POST['config']) and $_POST['config']==1){
+ $error='';
+ if(!OC_USER::checkpassword($_SESSION['username'],$_POST['currentpassword'])){
+ $error.='wrong password<br />';
+ }else{
+ if(isset($_POST['changepass']) and $_POST['changepass']==1){
+ if(!isset($_POST['password']) or empty($_POST['password'])) $error.='password not set<br />';
+ if(!isset($_POST['password2']) or empty($_POST['password2'])) $error.='retype password not set<br />';
+ if($_POST['password']<>$_POST['password2'] ) $error.='passwords are not the same<br />';
+ if(empty($error)){
+ if(!OC_USER::setpassword($_SESSION['username'],$_POST['password'])){
+ $error.='error while trying to set password<br />';
+ }
+ }
+ }
+ }
+ return $error;
+ }else{
+ return false;
}
+ }else{
+ return false;
}
- if(empty($error)) {
- //create/fill database
- $CONFIG_DBTYPE=$dbtype;
- $CONFIG_DBNAME=$_POST['dbname'];
- if($dbtype=='mysql'){
- $CONFIG_DBHOST=$_POST['dbhost'];
- $CONFIG_DBUSER=$_POST['dbuser'];
- $CONFIG_DBPASSWORD=$_POST['dbpassword'];
+ }
+
+
+ /**
+ * lisen for admin configuration changes and write it to the file
+ *4bd0be1185e76
+ */
+ public static function writeadminlisener(){
+ global $CONFIG_INSTALLED;
+ $allow=false;
+ if(!$CONFIG_INSTALLED){
+ $allow=true;
+ }elseif(OC_USER::isLoggedIn()){
+ if(OC_USER::ingroup($_SESSION['username'],'admin')){
+ $allow=true;
}
- try{
- if(isset($_POST['createdatabase']) and $CONFIG_DBTYPE=='mysql'){
- self::createdatabase($_POST['dbadminuser'],$_POST['dbadminpwd']);
+ }
+ if($allow){
+ global $DOCUMENTROOT;
+ global $SERVERROOT;
+ global $WEBROOT;
+ global $CONFIG_DBHOST;
+ global $CONFIG_DBNAME;
+ global $CONFIG_DBUSER;
+ global $CONFIG_DBPASSWORD;
+ global $CONFIG_DBTYPE;
+ global $CONFIG_ADMINLOGIN;
+ global $CONFIG_ADMINPASSWORD;
+ if(isset($_POST['set_config'])){
+
+ //checkdata
+ $error='';
+ $FIRSTRUN=empty($CONFIG_ADMINLOGIN);
+ if(!$FIRSTRUN){
+ if($_POST['currentpassword']!=$CONFIG_ADMINPASSWORD){
+ $error.='wrong password<br />';
+ }
}
- }catch(Exception $e){
- $error.='error while trying to create the database<br/>';
- }
- if($CONFIG_DBTYPE=='sqlite'){
- $f=@fopen($SERVERROOT.'/'.$CONFIG_DBNAME,'a+');
- if(!$f){
- $error.='path of sqlite database not writable by server<br/>';
+
+ if(!isset($_POST['adminlogin']) or empty($_POST['adminlogin'])) $error.='admin login not set<br />';
+ if((!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])) and $FIRSTRUN) $error.='admin password not set<br />';
+ if((!isset($_POST['adminpassword2']) or empty($_POST['adminpassword2'])) and $FIRSTRUN) $error.='retype admin password not set<br />';
+ if(!isset($_POST['datadirectory']) or empty($_POST['datadirectory'])) $error.='data directory not set<br />';
+ if(!isset($_POST['dateformat']) or empty($_POST['dateformat'])) $error.='dateformat not set<br />';
+ if(!isset($_POST['dbname']) or empty($_POST['dbname'])) $error.='databasename not set<br />';
+ if($_POST['adminpassword']<>$_POST['adminpassword2'] ) $error.='admin passwords are not the same<br />';
+ $dbtype=$_POST['dbtype'];
+ if($dbtype=='mysql'){
+ if(!isset($_POST['dbhost']) or empty($_POST['dbhost'])) $error.='database host not set<br />';
+ if(!isset($_POST['dbuser']) or empty($_POST['dbuser'])) $error.='database user not set<br />';
+ if($_POST['dbpassword']<>$_POST['dbpassword2'] ) $error.='database passwords are not the same<br />';
+
}
- }
- try{
- if(isset($_POST['filldb'])){
- self::filldatabase();
+ if(!$FIRSTRUN){
+ if(!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])){
+ $_POST['adminpassword']=$CONFIG_ADMINPASSWORD;
+ }
+ if(!isset($_POST['dbpassword']) or empty($_POST['dbpassword'])){
+ $_POST['dbpassword']=$CONFIG_DBPASSWORD;
+ }
}
- }catch(Exception $e){
- $error.='error while trying to fill the database<br/>';
- }
-
- //storedata
- $config='<?php '."\n";
- $config.='$CONFIG_ADMINLOGIN=\''.$_POST['adminlogin']."';\n";
- $config.='$CONFIG_ADMINPASSWORD=\''.$_POST['adminpassword']."';\n";
- $config.='$CONFIG_DATADIRECTORY=\''.$_POST['datadirectory']."';\n";
- if(isset($_POST['forcessl'])) $config.='$CONFIG_HTTPFORCESSL=true'.";\n"; else $config.='$CONFIG_HTTPFORCESSL=false'.";\n";
- $config.='$CONFIG_DATEFORMAT=\''.$_POST['dateformat']."';\n";
- $config.='$CONFIG_DBTYPE=\''.$dbtype."';\n";
- $config.='$CONFIG_DBNAME=\''.$_POST['dbname']."';\n";
- if($dbtype=='mysql'){
- $config.='$CONFIG_DBHOST=\''.$_POST['dbhost']."';\n";
- $config.='$CONFIG_DBUSER=\''.$_POST['dbuser']."';\n";
- $config.='$CONFIG_DBPASSWORD=\''.$_POST['dbpassword']."';\n";
- }
- $config.='?> ';
-
- $filename=$SERVERROOT.'/config/config.php';
- if(empty($error)){
- header("Location: ".$WEBROOT."/");
- try{
- file_put_contents($filename,$config);
- }catch(Exception $e){
- $error.='error while trying to save the configuration file<br/>';
- return $error;
+ if(!is_dir($_POST['datadirectory'])){
+ try{
+ mkdir($_POST['datadirectory']);
+ }catch(Exception $e){
+ $error.='error while trying to create data directory<br/>';
+ }
}
- }else{
- return $error;
- }
+ if(empty($error)) {
+ //create/fill database
+ $CONFIG_DBTYPE=$dbtype;
+ $CONFIG_DBNAME=$_POST['dbname'];
+ if($dbtype=='mysql'){
+ $CONFIG_DBHOST=$_POST['dbhost'];
+ $CONFIG_DBUSER=$_POST['dbuser'];
+ $CONFIG_DBPASSWORD=$_POST['dbpassword'];
+ }
+ try{
+ if(isset($_POST['createdatabase']) and $CONFIG_DBTYPE=='mysql'){
+ self::createdatabase($_POST['dbadminuser'],$_POST['dbadminpwd']);
+ }
+ }catch(Exception $e){
+ $error.='error while trying to create the database<br/>';
+ }
+ if($CONFIG_DBTYPE=='sqlite'){
+ $f=@fopen($SERVERROOT.'/'.$CONFIG_DBNAME,'a+');
+ if(!$f){
+ $error.='path of sqlite database not writable by server<br/>';
+ }
+ }
+ try{
+ if(isset($_POST['filldb'])){
+ self::filldatabase();
+ }
+ }catch(Exception $e){
+ echo 'testin';
+ $error.='error while trying to fill the database<br/>';
+ }
+ if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){
+ $error.='error while trying to create the admin user<br/>';
+ }
+
+ if(OC_USER::getgroupid('admin')==0){
+ if(!OC_USER::creategroup('admin')){
+ $error.='error while trying to create the admin group<br/>';
+ }
+ }
+
+ if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){
+ $error.='error while trying to add the admin user to the admin group<br/>';
+ }
+
+ //storedata
+ $config='<?php '."\n";
+ // $config.='$CONFIG_ADMINLOGIN=\''.$_POST['adminlogin']."';\n";
+ // $config.='$CONFIG_ADMINPASSWORD=\''.$_POST['adminpassword']."';\n";
+ $config.='$CONFIG_INSTALLED=true;'."\n";
+ $config.='$CONFIG_DATADIRECTORY=\''.$_POST['datadirectory']."';\n";
+ if(isset($_POST['forcessl'])) $config.='$CONFIG_HTTPFORCESSL=true'.";\n"; else $config.='$CONFIG_HTTPFORCESSL=false'.";\n";
+ $config.='$CONFIG_DATEFORMAT=\''.$_POST['dateformat']."';\n";
+ $config.='$CONFIG_DBTYPE=\''.$dbtype."';\n";
+ $config.='$CONFIG_DBNAME=\''.$_POST['dbname']."';\n";
+ if($dbtype=='mysql'){
+ $config.='$CONFIG_DBHOST=\''.$_POST['dbhost']."';\n";
+ $config.='$CONFIG_DBUSER=\''.$_POST['dbuser']."';\n";
+ $config.='$CONFIG_DBPASSWORD=\''.$_POST['dbpassword']."';\n";
+ }
+ $config.='?> ';
- }
- return($error);
+ $filename=$SERVERROOT.'/config/config.php';
+ if(empty($error)){
+ header("Location: ".$WEBROOT."/");
+ try{
+ file_put_contents($filename,$config);
+ }catch(Exception $e){
+ $error.='error while trying to save the configuration file<br/>';
+ return $error;
+ }
+ }else{
+ return $error;
+ }
- }
+ }
+ return($error);
- }
+ }
+ }
+ }
/**
* Fills the database with the initial tables
@@ -163,9 +291,19 @@ CREATE TABLE 'properties' (
'ns' varchar(120) NOT NULL DEFAULT 'DAV:',
'value' text,
PRIMARY KEY ('path','name','ns')
-);";
+);
+
+CREATE TABLE 'users' (
+ 'user_id' int(11) NOT NULL,
+ 'user_name' varchar(64) NOT NULL DEFAULT '',
+ 'user_name_clean' varchar(64) NOT NULL DEFAULT '',
+ 'user_password' varchar(40) NOT NULL DEFAULT '',
+ PRIMARY KEY ('user_id'),
+ UNIQUE ('user_name' ,'user_name_clean')
+);
+";
}elseif($CONFIG_DBTYPE=='mysql'){
- $query="SET SQL_MODE=\"NO_AUTO_VALUE_ON_ZERO\";
+ $query="SET SQL_MODE='NO_AUTO_VALUE_ON_ZERO';
CREATE TABLE IF NOT EXISTS `locks` (
`token` varchar(255) NOT NULL DEFAULT '',
@@ -201,6 +339,31 @@ CREATE TABLE IF NOT EXISTS `properties` (
PRIMARY KEY (`path`,`name`,`ns`),
KEY `path` (`path`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+CREATE TABLE IF NOT EXISTS `users` (
+`user_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
+`user_name` VARCHAR( 64 ) NOT NULL ,
+`user_name_clean` VARCHAR( 64 ) NOT NULL ,
+`user_password` VARCHAR( 340) NOT NULL ,
+UNIQUE (
+`user_name` ,
+`user_name_clean`
+)
+) ENGINE = MYISAM ;
+
+CREATE TABLE IF NOT EXISTS `groups` (
+`group_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
+`group_name` VARCHAR( 64 ) NOT NULL ,
+UNIQUE (
+`group_name`
+)
+) ENGINE = MYISAM ;
+
+CREATE TABLE IF NOT EXISTS `user_group` (
+`user_group_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
+`user_id` VARCHAR( 64 ) NOT NULL ,
+`group_id` VARCHAR( 64 ) NOT NULL
+) ENGINE = MYISAM ;
";
}
OC_DB::multiquery($query);
diff --git a/inc/lib_files.php b/inc/lib_files.php
index 9c6cb25346a..2e77067b4a7 100755
--- a/inc/lib_files.php
+++ b/inc/lib_files.php
@@ -29,132 +29,306 @@
*/
class OC_FILES {
- /**
- * show a web GUI filebrowser
- *
- * @param basedir $basedir
- * @param dir $dir
- */
- public static function showbrowser($basedir,$dir){/*
- global $CONFIG_DATEFORMAT;
- global $WEBROOT;
+ /**
+ * show a web GUI filebrowser
+ *
+ * @param basedir $basedir
+ * @param dir $dir
+ */
+ public static function showbrowser($basedir,$dir){
+ echo '<div id="content"></div>';
+ }
- $directory=$basedir.'/'.$dir;
+ /**
+ * get the content of a directory
+ * @param dir $directory
+ */
+ public static function getdirectorycontent($directory){
+ $filesfound=true;
+ $content=array();
+ $dirs=array();
+ $file=array();
+ $files=array();
+ if (is_dir($directory)) {
+ if ($dh = opendir($directory)) {
+ while (($filename = readdir($dh)) !== false) {
+ if($filename<>'.' and $filename<>'..'){
+ $file=array();
+ $filesfound=true;
+ $file['name']=$filename;
+ $file['directory']=$directory;
+ $stat=stat($directory.'/'.$filename);
+ $file=array_merge($file,$stat);
+ $file['mime']=OC_FILES::getMimeType($directory .'/'. $filename);
+ $file['type']=filetype($directory .'/'. $filename);
+ if($file['type']=='dir'){
+ $dirs[$file['name']]=$file;
+ }else{
+ $files[$file['name']]=$file;
+ }
+ }
+ }
+ closedir($dh);
+ }
+ }
+ ksort($dirs);
+ ksort($files);
+ $content=array_merge($dirs,$files);
+ if($filesfound){
+ return $content;
+ }else{
+ return false;
+ }
+ }
- // exit if try to access files outside our directory
- if(strstr($dir,'..')<>false) exit();
- $directory=realpath($directory);
-
- $dirs=explode('/',$dir);
-
- // breadcrumb
- if(count($dirs)>1) {
- echo('<div class="center"><table cellpadding="2" cellspacing="0" border="0"><tr>');
- echo('<td class="nametext"><a href="'.$WEBROOT.'/">home</a></td>');
- $currentdir='';
- foreach($dirs as $d) {
- $currentdir.='/'.$d.'';
- if($d<>'') echo('<td class="nametext"><a href="'.$WEBROOT.'/?dir='.$currentdir.'"><img src="'.$WEBROOT.'/img/arrow.png" />&nbsp;'.$d.'</a></td>');
- }
- echo('</tr></table></div>');
- }
-
- // files and directories
- echo('<div class="center"><table cellpadding="6" cellspacing="0" border="0" class="browser">');
- $filesfound=false;
- $content=self::getdirectorycontent($directory);
- if($content){
- foreach($content as $file){
- echo('<tr class="browserline">');
- OC_UTIL::showicon($file['type']);
- if($file['type']=='dir') echo('<td class="nametext"><a href="'.$WEBROOT.'/?dir='.$dir.'/'.$file['name'].'">'.$file['name'].'</a></td>');
- if($file['type']<>'dir') echo('<td class="nametext"><a href="'.$WEBROOT.'/?dir='.$dir.'&file='.$file['name'].'">'.$file['name'].'</a></td>');
- if($file['type']<>'dir') echo('<td class="sizetext">'.$file['size'].' byte</td>'); else echo('<td></td>');
- echo('<td class="sizetext">'.date($CONFIG_DATEFORMAT,$file['mtime']).'</td>');
- echo('</tr>');
- }
- }
- echo('</table>');
- if(!$content) echo('<p>no files here</p>');
- echo('</div>');*/
- echo '<div id="content"></div>';
- }
-
- /**
- * get the content of a directory
- * @param dir $directory
- */
- public static function getdirectorycontent($directory){
- $filesfound=true;
- $content=array();
- $dirs=array();
- $file=array();
- $files=array();
- if (is_dir($directory)) {
- if ($dh = opendir($directory)) {
- while (($filename = readdir($dh)) !== false) {
- if($filename<>'.' and $filename<>'..'){
- $file=array();
- $filesfound=true;
- $file['name']=$filename;
- $file['directory']=$directory;
- $stat=stat($directory.'/'.$filename);
- $file=array_merge($file,$stat);
- $file['type']=filetype($directory .'/'. $filename);
- if($file['type']=='dir'){
- $dirs[$file['name']]=$file;
- }else{
- $files[$file['name']]=$file;
- }
- }
- }
- closedir($dh);
- }
- }
- ksort($dirs);
- ksort($files);
- $content=array_merge($dirs,$files);
- if($filesfound){
- return $content;
- }else{
- return false;
- }
- }
+ /**
+ * return the content of a file or return a zip file containning multiply files
+ *
+ * @param dir $dir
+ * @param file $file
+ */
+ public static function get($dir,$files){
+ global $CONFIG_DATADIRECTORY;
+ if(strstr($files,'..') or strstr($dir,'..')){
+ die();
+ }
+ if(is_array($files)){
+ $zip = new ZipArchive();
+ $filename = sys_get_temp_dir()."/ownCloud.zip";
+ if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
+ exit("cannot open <$filename>\n");
+ }
+ foreach($files as $file){
+ $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
+ if(is_file($file)){
+ $zip->addFile($file,basename($file));
+ }elseif(is_dir($file)){
+ zipAddDir($file,$zip);
+ }
+ }
+ $zip->close();
+ }elseif(is_dir($CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files)){
+ $zip = new ZipArchive();
+ $filename = sys_get_temp_dir()."/ownCloud.zip";
+ if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
+ exit("cannot open <$filename>\n");
+ }
+ $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
+ zipAddDir($file,$zip);
+ $zip->close();
+ }else{
+ $zip=false;
+ $filename=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
+ }
+ header('Content-Description: File Transfer');
+ header('Content-Type: application/octet-stream');
+ header('Content-Disposition: attachment; filename='.basename($filename));
+ header('Content-Transfer-Encoding: binary');
+ header('Expires: 0');
+ header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+ header('Pragma: public');
+ header('Content-Length: ' . filesize($filename));
+ ob_end_clean();
+ readfile($filename);
+ if($zip){
+ unlink($filename);
+ }
+ }
+
+ /**
+ * move a file or folder
+ *
+ * @param dir $sourceDir
+ * @param file $source
+ * @param dir $targetDir
+ * @param file $target
+ */
+ public static function move($sourceDir,$source,$targetDir,$target){
+ global $CONFIG_DATADIRECTORY;
+ if(OC_USER::isLoggedIn() and strpos($sourceDir,'..')===false and strpos($source,'..')===false and strpos($targetDir,'..')===false and strpos($target,'..')===false){
+ $targetFile=$CONFIG_DATADIRECTORY.'/'.$targetDir.'/'.$target;
+ $sourceFile=$CONFIG_DATADIRECTORY.'/'.$sourceDir.'/'.$source;
+ rename($sourceFile,$targetFile);
+ }
+ }
+
+ /**
+ * create a new file or folder
+ *
+ * @param dir $dir
+ * @param file $name
+ * @param type $type
+ */
+ public static function newfile($dir,$name,$type){
+ global $CONFIG_DATADIRECTORY;
+ if(OC_USER::isLoggedIn() and strpos($dir,'..')===false and strpos($name,'..')===false){
+ $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$name;
+ if($type=='dir'){
+ mkdir($file);
+ }elseif($type=='file'){
+ $fileHandle=fopen($file, 'w') or die("can't open file");
+ fclose($fileHandle);
+ }
+ }
+ }
+
+ /**
+ * deletes a file or folder
+ *
+ * @param dir $dir
+ * @param file $name
+ */
+ public static function delete($dir,$file){
+ global $CONFIG_DATADIRECTORY;
+ if(OC_USER::isLoggedIn() and strpos($dir,'..')===false){
+ $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
+ if(is_file($file)){
+ unlink($file);
+ }elseif(is_dir($file)){
+ rmdir($file);
+ }
+ }
+ }
+
+ /**
+ * try to detect the mime type of a file
+ *
+ * @param string file path
+ * @return string guessed mime type
+ */
+ function getMimeType($fspath){
+ if (@is_dir($fspath)) {
+ // directories are easy
+ return "httpd/unix-directory";
+ } else if (function_exists("mime_content_type")) {
+ // use mime magic extension if available
+ $mime_type = mime_content_type($fspath);
+ } else if (OC_FILES::canExecute("file")) {
+ // it looks like we have a 'file' command,
+ // lets see it it does have mime support
+ $fp = popen("file -i '$fspath' 2>/dev/null", "r");
+ $reply = fgets($fp);
+ pclose($fp);
+
+ // popen will not return an error if the binary was not found
+ // and find may not have mime support using "-i"
+ // so we test the format of the returned string
+
+ // the reply begins with the requested filename
+ if (!strncmp($reply, "$fspath: ", strlen($fspath)+2)) {
+ $reply = substr($reply, strlen($fspath)+2);
+ // followed by the mime type (maybe including options)
+ if (preg_match('/^[[:alnum:]_-]+/[[:alnum:]_-]+;?.*/', $reply, $matches)) {
+ $mime_type = $matches[0];
+ }
+ }
+ }
+ if (empty($mime_type)) {
+ // Fallback solution: try to guess the type by the file extension
+ // TODO: add more ...
+ switch (strtolower(strrchr(basename($fspath), "."))) {
+ case ".html":
+ $mime_type = "text/html";
+ break;
+ case ".txt":
+ $mime_type = "text/plain";
+ break;
+ case ".css":
+ $mime_type = "text/css";
+ break;
+ case ".gif":
+ $mime_type = "image/gif";
+ break;
+ case ".jpg":
+ $mime_type = "image/jpeg";
+ break;
+ case ".jpg":
+ $mime_type = "png/jpeg";
+ break;
+ default:
+ $mime_type = "application/octet-stream";
+ break;
+ }
+ }
+
+ return $mime_type;
+ }
+
+ /**
+ * detect if a given program is found in the search PATH
+ *
+ * helper function used by _mimetype() to detect if the
+ * external 'file' utility is available
+ *
+ * @param string program name
+ * @param string optional search path, defaults to $PATH
+ * @return bool true if executable program found in path
+ */
+ function canExecute($name, $path = false)
+ {
+ // path defaults to PATH from environment if not set
+ if ($path === false) {
+ $path = getenv("PATH");
+ }
+
+ // check method depends on operating system
+ if (!strncmp(PHP_OS, "WIN", 3)) {
+ // on Windows an appropriate COM or EXE file needs to exist
+ $exts = array(".exe", ".com");
+ $check_fn = "file_exists";
+ } else {
+ // anywhere else we look for an executable file of that name
+ $exts = array("");
+ $check_fn = "is_executable";
+ }
+
+ // now check the directories in the path for the program
+ foreach (explode(PATH_SEPARATOR, $path) as $dir) {
+ // skip invalid path entries
+ if (!file_exists($dir)) continue;
+ if (!is_dir($dir)) continue;
- /**
- * return the cntent of a file
- *
- * @param dir $dir
- * @param file $file
- */
- public static function get($dir,$file){
- if(isset($_SESSION['username']) and $_SESSION['username']<>'') {
- global $CONFIG_DATADIRECTORY;
- $filename=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
+ // and now look for the file
+ foreach ($exts as $ext) {
+ if ($check_fn("$dir/$name".$ext)) return true;
+ }
+ }
- // exit if try to access files outside our directory
- if(strstr($filename,'..')<>false) exit();
+ return false;
+ }
- OC_LOG::event($_SESSION['username'],3,$dir.'/'.$file);
+}
- header('Content-Description: File Transfer');
- header('Content-Type: application/octet-stream');
- header('Content-Disposition: attachment; filename='.basename($file));
- header('Content-Transfer-Encoding: binary');
- header('Expires: 0');
- header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
- header('Pragma: public');
- header('Content-Length: ' . filesize($filename));
- readfile($filename);
+function zipAddDir($dir,$zip,$internalDir=''){
+ $dirname=basename($dir);
+ $zip->addEmptyDir($internalDir.$dirname);
+ $internalDir.=$dirname.='/';
+ $files=OC_FILES::getdirectorycontent($dir);
+ foreach($files as $file){
+ $filename=$file['name'];
+ $file=$dir.'/'.$filename;
+ if(is_file($file)){
+ $zip->addFile($file,$internalDir.$filename);
+ }elseif(is_dir($file)){
+ zipAddDir($file,$zip,$internalDir);
+ }
}
- exit;
- }
-
-
}
+if(!function_exists('sys_get_temp_dir')) {
+ function sys_get_temp_dir() {
+ if( $temp=getenv('TMP') ) return $temp;
+ if( $temp=getenv('TEMP') ) return $temp;
+ if( $temp=getenv('TMPDIR') ) return $temp;
+ $temp=tempnam(__FILE__,'');
+ if (file_exists($temp)) {
+ unlink($temp);
+ return dirname($temp);
+ }
+ return null;
+ }
+}
-
-?>
+?> \ No newline at end of file
diff --git a/inc/lib_user.php b/inc/lib_user.php
new file mode 100644
index 00000000000..37e5f0bc217
--- /dev/null
+++ b/inc/lib_user.php
@@ -0,0 +1,277 @@
+<?php
+
+/**
+* ownCloud
+*
+* @author Frank Karlitschek
+* @copyright 2010 Frank Karlitschek karlitschek@kde.org
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+* License as published by the Free Software Foundation; either
+* version 3 of the License, or any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this library. If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+if(!$CONFIG_INSTALLED){
+ $_SESSION['user_id']=false;
+ $_SESSION['username']='';
+ $_SESSION['username_clean']='';
+}
+
+/**
+ * Class for usermanagement
+ *
+ */
+class OC_USER {
+
+ /**
+ * check if the login button is pressed and logg the user in
+ *
+ */
+ public static function loginlisener(){
+ if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
+ if(OC_USER::login($_POST['login'],$_POST['password'])){
+ OC_LOG::event($_SESSION['username'],1,'');
+ return('');
+ }else{
+ return('error');
+ }
+ }
+ return('');
+ }
+
+
+ /**
+ * try to create a new user
+ *
+ */
+ public static function createuser($username,$password){
+ if(OC_USER::getuserid($username)!=0){
+ return false;
+ }else{
+ $password=sha1($password);
+ $usernameclean=strtolower($username);
+ $username=mysql_escape_string($username);
+ $usernameclean=mysql_escape_string($usernameclean);
+ $query="INSERT INTO `users` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`)VALUES (NULL , '$username', '$usernameclean', '$password')";
+ $result=OC_DB::query($query);
+ return ($result)?true:false;
+ }
+
+ }
+
+ /**
+ * try to login a user
+ *
+ */
+ public static function login($username,$password){
+ $password=sha1($password);
+ $usernameclean=strtolower($username);
+ $username=mysql_escape_string($username);
+ $usernameclean=mysql_escape_string($usernameclean);
+ $query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' AND `user_password` = '$password' LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['user_id'])){
+ $_SESSION['user_id']=$result[0]['user_id'];
+ $_SESSION['username']=$username;
+ $_SESSION['username_clean']=$usernameclean;
+ return true;
+ }else{
+ return false;
+ }
+ }
+
+ /**
+ * check if the logout button is pressed and logout the user
+ *
+ */
+ public static function logoutlisener(){
+ if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
+ OC_LOG::event($_SESSION['username'],2,'');
+ $_SESSION['user_id']=false;
+ $_SESSION['username']='';
+ $_SESSION['username_clean']='';
+ }
+ }
+
+ /**
+ * check if a user is logged in
+ *
+ */
+ public static function isLoggedIn(){
+ return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false;
+ }
+
+ /**
+ * try to create a new group
+ *
+ */
+ public static function creategroup($groupname){
+ if(OC_USER::getgroupid($groupname)==0){
+ $groupname=mysql_escape_string($groupname);
+ $query="INSERT INTO `groups` (`group_id` ,`group_name`) VALUES (NULL , '$groupname');";
+ $result=OC_DB::query($query);
+ return ($result)?true:false;
+ }else{
+ return false;
+ }
+ }
+
+ /**
+ * get the id of a user
+ *
+ */
+ public static function getuserid($username){
+ $usernameclean=strtolower($username);
+ $username=mysql_escape_string($username);
+ $usernameclean=mysql_escape_string($usernameclean);
+ $query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['user_id'])){
+ return $result[0]['user_id'];
+ }else{
+ return 0;
+ }
+ }
+
+ /**
+ * get the id of a group
+ *
+ */
+ public static function getgroupid($groupname){
+ $groupname=mysql_escape_string($groupname);
+ $query="SELECT group_id FROM `groups` WHERE `group_name` = '$groupname' LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['group_id'])){
+ return $result[0]['group_id'];
+ }else{
+ return 0;
+ }
+ }
+
+ /**
+ * get the name of a group
+ *
+ */
+ public static function getgroupname($groupid){
+ $groupid=(integer)$groupid;
+ $query="SELECT group_name FROM `groups` WHERE `group_id` = '$groupid' LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['group_name'])){
+ return $result[0]['group_name'];
+ }else{
+ return 0;
+ }
+ }
+
+ /**
+ * check if a user belongs to a group
+ *
+ */
+ public static function ingroup($username,$groupname){
+ $userid=OC_USER::getuserid($username);
+ $groupid=OC_USER::getgroupid($groupname);
+ if($groupid>0 and $userid>0){
+ $query="SELECT user_group_id FROM `user_group` WHERE `group_id` = '$groupid ' AND `user_id` = '$userid 'LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['user_group_id'])){
+ return true;
+ }else{
+ return false;
+ }
+ }else{
+ return false;
+ }
+ }
+
+ /**
+ * add a user to a group
+ *
+ */
+ public static function addtogroup($username,$groupname){
+ if(!OC_USER::ingroup($username,$groupname)){
+ $userid=OC_USER::getuserid($username);
+ $groupid=OC_USER::getgroupid($groupname);
+ if($groupid!=0 and $userid!=0){
+ $query="INSERT INTO `user_group` (`user_group_id` ,`user_id` ,`group_id`) VALUES (NULL , '$userid', '$groupid');";
+ $result=OC_DB::query($query);
+ if($result){
+ return true;
+ }else{
+ return false;
+ }
+ }else{
+ return false;
+ }
+ }else{
+ return true;
+ }
+ }
+
+ public static function generatepassword(){
+ return uniqid();
+ }
+
+ /**
+ * get all groups the user belongs to
+ *
+ */
+ public static function getusergroups($username){
+ $userid=OC_USER::getuserid($username);
+ $query="SELECT group_id FROM `user_group` WHERE `user_id` = '$userid'";
+ $result=OC_DB::select($query);
+ $groups=array();
+ if(is_array($result)){
+ foreach($result as $group){
+ $groupid=$group['group_id'];
+ $groups[]=OC_USER::getgroupname($groupid);
+ }
+ }
+ return $groups;
+ }
+
+ /**
+ * set the password of a user
+ *
+ */
+ public static function setpassword($username,$password){
+ $password=sha1($password);
+ $userid=OC_USER::getuserid($username);
+ $query="UPDATE `users` SET `user_password` = '$password' WHERE `user_id` =$userid LIMIT 1 ;";
+ $result=OC_DB::query($query);
+ if($result){
+ return true;
+ }else{
+ return false;
+ }
+ }
+
+ /**
+ * check the password of a user
+ *
+ */
+ public static function checkpassword($username,$password){
+ $password=sha1($password);
+ $usernameclean=strtolower($username);
+ $username=mysql_escape_string($username);
+ $usernameclean=mysql_escape_string($usernameclean);
+ $query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' AND `user_password` = '$password' LIMIT 1";
+ $result=OC_DB::select($query);
+ if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){
+ return true;
+ }else{
+ return false;
+ }
+ }
+}
+
+?> \ No newline at end of file
diff --git a/inc/templates/adminform.php b/inc/templates/adminform.php
new file mode 100644
index 00000000000..c5e0bca61d3
--- /dev/null
+++ b/inc/templates/adminform.php
@@ -0,0 +1,106 @@
+<?php
+global $FIRSTRUN;
+global $CONFIG_ERROR;
+if(!isset($fillDB)) $fillDB=true;
+if(!isset($CONFIG_DBHOST)) $CONFIG_DBHOST='localhost';
+if(!isset($CONFIG_DBUSER)) $CONFIG_DBUSER='owncloud';
+$newuserpassword=OC_USER::generatepassword();
+?>
+<script type="text/javascript">
+function showDBAdmin(){
+ var show=document.getElementById('dbcreate').checked;
+ document.getElementById('dbAdminUser').style.display=(show)?'table-row':'none';
+ document.getElementById('dbAdminPwd').style.display=(show)?'table-row':'none';
+}
+
+function dbtypechange(){
+ var dropdown=action=document.getElementById('dbtype');
+ var type=dropdown.options[dropdown.selectedIndex].value;
+ var inputs=Array('dbhost','dbuser','dbpass','dbpass_retype','dbcreaterow','dbAdminPwd','dbAdminUser');
+ var id,element;
+ if(type=='sqlite'){
+ for(i in inputs){
+ id=inputs[i];
+ element=document.getElementById(id);
+ if(element){
+ element.style.display='none';
+ }
+ }
+ }else if(type=='mysql'){
+ for(i in inputs){
+ id=inputs[i];
+ element=document.getElementById(id);
+ if(element){
+ element.style.display='table-row';
+ }
+ }
+ showDBAdmin()
+ }
+}
+</script>
+<form method="post" enctype="multipart/form-data">
+<table cellpadding="5" cellspacing="5" border="0" class="loginform">
+<?php
+ if(!empty($CONFIG_ERROR) and !$FIRSTRUN){
+ echo "<tr><td colspan='3' class='error'>$CONFIG_ERROR</td></tr>";
+ }
+ if(!$FIRSTRUN){?>
+ <tr><td>current password</td><td><input type="password" name="currentpassword" size="30" class="formstyle"></input></td></tr>
+ <?php
+ }
+if($FIRSTRUN){?>
+<tr><td>admin login:</td><td><input type="text" name="adminlogin" size="30" class="formstyle" value=""></input></td></tr>
+<tr><td>admin password:</td><td><input type="password" name="adminpassword" size="30" class="formstyle"></input></td><td>(leave empty to keep current password)</td></tr>
+<tr><td>retype admin password:</td><td><input type="password" name="adminpassword2" size="30" class="formstyle"></input></td></tr>
+<?php
+}
+?>
+<tr><td>data directory:</td><td><input type="text" name="datadirectory" size="30" class="formstyle" value="<?php echo($CONFIG_DATADIRECTORY);?>"></input></td></tr>
+<tr><td>force ssl:</td><td><input type="checkbox" name="forcessl" size="30" class="formstyle" value='<?php echo($CONFIG_HTTPFORCESSL);?>'></input></td></tr>
+<tr><td>date format:</td><td><input type="text" name="dateformat" size="30" class="formstyle" value='<?php echo($CONFIG_DATEFORMAT);?>'></input></td></tr>
+<tr><td>database type:</td><td>
+<select id='dbtype' name="dbtype" onchange='dbtypechange()'>
+<?php
+global $CONFIG_DBTYPE;
+if($CONFIG_DBTYPE=='sqlite'){
+?>
+<option value="sqlite">SQLite</option>
+<option value="mysql">MySQL</option>
+<?php
+}else{
+?>
+<option value="mysql">MySQL</option>
+<option value="sqlite">SQLite</option>
+<?php
+}
+?>
+</select>
+</td></tr>
+<tr id='dbhost'><td>database host:</td><td><input type="text" name="dbhost" size="30" class="formstyle" value='<?php echo($CONFIG_DBHOST);?>'></input></td></tr>
+<tr><td>database name:</td><td><input type="text" name="dbname" size="30" class="formstyle" value='<?php echo($CONFIG_DBNAME);?>'></input></td></tr>
+<tr id='dbuser'><td>database user:</td><td><input type="text" name="dbuser" size="30" class="formstyle" value='<?php echo($CONFIG_DBUSER);?>'></input></td></tr>
+<tr id='dbpass'><td>database password:</td><td><input type="password" name="dbpassword" size="30" class="formstyle" value=''></input></td><td>(leave empty to keep current password)</td></tr>
+<tr id='dbpass_retype'><td>retype database password:</td><td><input type="password" name="dbpassword2" size="30" class="formstyle" value=''></input></td></tr>
+<tr id='dbcreaterow'><td>create database and user:</td><td><input id='dbcreate' type="checkbox" name="createdatabase" size="30" class="formstyle" value='1' <?php if($FIRSTRUN) echo 'checked'; ?> onchange='showDBAdmin()'></input></td></tr>
+<tr id='dbAdminUser'><td>database administrative user:</td><td><input type="text" name="dbadminuser" size="30" class="formstyle" value='root'></input></td></tr>
+<tr id='dbAdminPwd'><td>database administrative password:</td><td><input type="password" name="dbadminpwd" size="30" class="formstyle" value=''></input></td></tr>
+<tr><td>automaticly fill initial database:</td><td><input type="checkbox" name="filldb" size="30" class="formstyle" value='1' <?php if($FIRSTRUN) echo 'checked'; ?>></input></td></tr>
+<tr><td></td><td><input type="submit" name="set_config" alt="save" value="save" class="formstyle" /></td></tr>
+</table></form><br/>
+<?php
+if(!$FIRSTRUN){?>
+<br/>
+<form method="post" enctype="multipart/form-data">
+<table cellpadding="5" cellspacing="5" border="0" class="loginform">
+<tr><td colspan='2'>Create new user:</td></tr>
+<tr><td>user name</td><td><input type='text' name='new_username' class="formstyle"></input></td></tr>
+<tr><td>password</td><td><input type='text' name='new_password' class="formstyle" autocomplete="off" value='<?php echo($newuserpassword);?>'></input></td></tr>
+<tr><td></td><td><input type='submit' value='create' class="formstyle"></input></td></tr>
+</table>
+</form>
+<?php
+}
+?>
+<script type="text/javascript">
+ dbtypechange()
+</script> \ No newline at end of file
diff --git a/inc/templates/configform.php b/inc/templates/configform.php
index 61217df2acf..037249a84a2 100755
--- a/inc/templates/configform.php
+++ b/inc/templates/configform.php
@@ -4,85 +4,48 @@ global $CONFIG_ERROR;
if(!isset($fillDB)) $fillDB=true;
if(!isset($CONFIG_DBHOST)) $CONFIG_DBHOST='localhost';
if(!isset($CONFIG_DBUSER)) $CONFIG_DBUSER='owncloud';
+$newuserpassword=OC_USER::generatepassword();
?>
<script type="text/javascript">
-function showDBAdmin(){
- var show=document.getElementById('dbcreate').checked;
- document.getElementById('dbAdminUser').style.display=(show)?'table-row':'none';
- document.getElementById('dbAdminPwd').style.display=(show)?'table-row':'none';
-}
-
-function dbtypechange(){
- var dropdown=action=document.getElementById('dbtype');
- var type=dropdown.options[dropdown.selectedIndex].value;
- var inputs=Array('dbhost','dbuser','dbpass','dbpass_retype','dbcreaterow','dbAdminPwd','dbAdminUser');
- var id,element;
- if(type=='sqlite'){
- for(i in inputs){
- id=inputs[i];
- element=document.getElementById(id);
- if(element){
- element.style.display='none';
- }
- }
- }else if(type=='mysql'){
- for(i in inputs){
- id=inputs[i];
- element=document.getElementById(id);
- if(element){
- element.style.display='table-row';
- }
- }
- showDBAdmin()
- }
+changepassset=function(){
+ var change=document.getElementById('changepass').checked;
+ if(!change){
+ document.getElementById('new_password').style.display='none';
+ document.getElementById('new_password_retype').style.display='none';
+ }else{
+ document.getElementById('new_password').style.display='table-row';
+ document.getElementById('new_password_retype').style.display='table-row';
+ }
}
</script>
<form method="post" enctype="multipart/form-data">
+<input type='hidden' name='config' value='1'>
<table cellpadding="5" cellspacing="5" border="0" class="loginform">
<?php
if(!empty($CONFIG_ERROR) and !$FIRSTRUN){
echo "<tr><td colspan='3' class='error'>$CONFIG_ERROR</td></tr>";
}
- if(!$FIRSTRUN){?>
- <tr><td>current password</td><td><input type="password" name="currentpassword" size="30" class="formstyle"></input></td></tr>
- <?php
- }
-?>
-<tr><td>admin login:</td><td><input type="text" name="adminlogin" size="30" class="formstyle" value="<?php echo($CONFIG_ADMINLOGIN);?>"></input></td></tr>
-<tr><td>admin password:</td><td><input type="password" name="adminpassword" size="30" class="formstyle"></input></td><td>(leave empty to keep current password)</td></tr>
-<tr><td>retype admin password:</td><td><input type="password" name="adminpassword2" size="30" class="formstyle"></input></td></tr>
-<tr><td>data directory:</td><td><input type="text" name="datadirectory" size="30" class="formstyle" value="<?php echo($CONFIG_DATADIRECTORY);?>"></input></td></tr>
-<tr><td>force ssl:</td><td><input type="checkbox" name="forcessl" size="30" class="formstyle" value='<?php echo($CONFIG_HTTPFORCESSL);?>'></input></td></tr>
-<tr><td>date format:</td><td><input type="text" name="dateformat" size="30" class="formstyle" value='<?php echo($CONFIG_DATEFORMAT);?>'></input></td></tr>
-<tr><td>database type:</td><td>
-<select id='dbtype' name="dbtype" onchange='dbtypechange()'>
-<?php
-global $CONFIG_DBTYPE;
-if($CONFIG_DBTYPE=='sqlite'){
?>
-<option value="sqlite">SQLite</option>
-<option value="mysql">MySQL</option>
-<?php
-}else{
-?>
-<option value="mysql">MySQL</option>
-<option value="sqlite">SQLite</option>
+<tr><td>enter password</td><td><input type="password" name="currentpassword" size="30" class="formstyle"></input></td></tr>
+<tr><td>change password:</td><td><input onchange='changepassset()' id='changepass' type="checkbox" name="changepass" size="30" class="formstyle" value='1'></input></td></tr>
+<tr style='display:none' id='new_password'><td>new password:</td><td><input type="password" name="password" size="30" class="formstyle"></input></td></tr>
+<tr style='display:none' id='new_password_retype'><td>retype admin password:</td><td><input type="password" name="password2" size="30" class="formstyle"></input></td></tr>
+</table>
+</form>
+Groups:
+<form method="post" enctype="multipart/form-data">
+<input type='hidden' name='creategroup' value='1'>
+<table cellpadding="5" cellspacing="5" border="0" class="loginform">
+<tr><td colspan='2' class='center'>Current groups</td></tr>
<?php
+$groups=OC_USER::getusergroups($_SESSION['username']);
+foreach($groups as $group){
+ ?>
+ <tr><td><?php echo $group;?></td></tr>
+ <?php
}
?>
-</select>
-</td></tr>
-<tr id='dbhost'><td>database host:</td><td><input type="text" name="dbhost" size="30" class="formstyle" value='<?php echo($CONFIG_DBHOST);?>'></input></td></tr>
-<tr><td>database name:</td><td><input type="text" name="dbname" size="30" class="formstyle" value='<?php echo($CONFIG_DBNAME);?>'></input></td></tr>
-<tr id='dbuser'><td>database user:</td><td><input type="text" name="dbuser" size="30" class="formstyle" value='<?php echo($CONFIG_DBUSER);?>'></input></td></tr>
-<tr id='dbpass'><td>database password:</td><td><input type="password" name="dbpassword" size="30" class="formstyle" value=''></input></td><td>(leave empty to keep current password)</td></tr>
-<tr id='dbpass_retype'><td>retype database password:</td><td><input type="password" name="dbpassword2" size="30" class="formstyle" value=''></input></td></tr>
-<tr id='dbcreaterow'><td>create database and user:</td><td><input id='dbcreate' type="checkbox" name="createdatabase" size="30" class="formstyle" value='1' <?php if($FIRSTRUN) echo 'checked'; ?> onchange='showDBAdmin()'></input></td></tr>
-<tr id='dbAdminUser'><td>database administrative user:</td><td><input type="text" name="dbadminuser" size="30" class="formstyle" value='root'></input></td></tr>
-<tr id='dbAdminPwd'><td>database administrative password:</td><td><input type="password" name="dbadminpwd" size="30" class="formstyle" value=''></input></td></tr>
-<tr><td>automaticly fill initial database:</td><td><input type="checkbox" name="filldb" size="30" class="formstyle" value='1' <?php if($FIRSTRUN) echo 'checked'; ?>></input></td></tr>
-<tr><td></td><td><input type="submit" name="set_config" alt="save" value="save" class="formstyle" /></td></tr>
-</table></form>
-<script type="text/javascript">
- dbtypechange()
-</script> \ No newline at end of file
+<tr><td colspan='2' class='center'>Create new group</td></tr>
+<tr><td><input type='text' name='groupname' class="formstyle"></input></td><td><input type='submit' value='create' class="formstyle"></input></td></tr>
+</table>
+</form>
diff --git a/inc/templates/header.php b/inc/templates/header.php
index c082ea8b3da..51e729cb8e1 100755
--- a/inc/templates/header.php
+++ b/inc/templates/header.php
@@ -4,7 +4,7 @@
<head>
<title>ownCloud</title>
<base href="<?php echo($WEBROOT); ?>/"/>
- <link rel="stylesheet" type="text/css" href="css/default.php"/>
+ <link rel="stylesheet" type="text/css" href="<?php echo($WEBROOT)?>/css/default.php"/>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_ajax.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_timer.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_notification.js'></script>
@@ -12,6 +12,7 @@
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_files.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_event.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_drag.js'></script>
+ <script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_api.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/filebrowser.js'></script>
<?php
foreach(OC_UTIL::$scripts as $script){
@@ -31,15 +32,25 @@ echo('<h1><a id="owncloud-logo" href="'.$WEBROOT.'"><span>ownCloud</span></a></h
// check if already configured. otherwise start configuration wizard
- $error=OC_CONFIG::writeconfiglisener();
+ $error=OC_CONFIG::writeadminlisener();
+ if($e=OC_CONFIG::configlisener()){
+ $error.=$e;
+ }
+ if($e=OC_CONFIG::createuserlisener()){
+ $error.=$e;
+ }
+ if($e=OC_CONFIG::creategrouplisener()){
+ $error.=$e;
+ }
$CONFIG_ERROR=$error;
- if(empty($CONFIG_ADMINLOGIN)) {
+ global $CONFIG_INSTALLED;
+ if(!$CONFIG_INSTALLED) {
global $FIRSTRUN;
$FIRSTRUN=true;
echo('<div class="center">');
echo('<p class="errortext">'.$error.'</p>');
echo('<p class="highlighttext">First Run Wizard</p>');
- OC_CONFIG::showconfigform();
+ OC_CONFIG::showadminform();
echo('</div>');
OC_UTIL::showfooter();
exit();
diff --git a/js/filebrowser.js b/js/filebrowser.js
index f12cec44143..cc03fe33156 100644
--- a/js/filebrowser.js
+++ b/js/filebrowser.js
@@ -129,16 +129,16 @@ OC_FILES.browser.files.show=function(parent,fileList){
for(name in fileList){
file=fileList[name];
if(!OC_FILES.browser.files.fileNodes[file.name]){
- OC_FILES.browser.files.add(file.name,file.type,file.size,file.date);
+ OC_FILES.browser.files.add(file.name,file.type,file.size,file.date,file.mime);
}
}
}
}
-OC_FILES.browser.files.add=function(name,type,size,date){
+OC_FILES.browser.files.add=function(name,type,size,date,mime){
if(name){
if(!size) size=0;
if(!date) date=getTimeString();
- OC_FILES.files[name]=new OC_FILES.file(OC_FILES.dir,name,type);
+ OC_FILES.files[name]=new OC_FILES.file(OC_FILES.dir,name,type,mime);
tr=document.createElement('tr');
OC_FILES.browser.files.fileNodes[name]=tr;
OC_FILES.browser.files.tbody.appendChild(tr);
diff --git a/files/delete.php b/js/lib_api.js
index 7d19a45a73a..51fc843967d 100644
--- a/files/delete.php
+++ b/js/lib_api.js
@@ -1,5 +1,3 @@
-<?php
-
/**
* ownCloud - ajax frontend
*
@@ -20,17 +18,17 @@
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
-require_once('../inc/lib_base.php');
-$dir=$_GET['dir'];
-$file=$_GET['file'];
-if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($dir,'..')===false){
- $file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
- if(is_file($file)){
- unlink($file);
- }elseif(is_dir($file)){
- rmdir($file);
- }
-}
+OC_API=new Object();
-?> \ No newline at end of file
+OC_API.run=function(action,params,callback,callbackparams){
+ var xmlloader=new OCXMLLoader();
+ xmlloader.setCallBack(callback);
+ xmlloader.method="POST";
+ var paramString='action='+action;
+ for(name in params){
+ paramString+='&'+name+'='+encodeURIComponent(params[name]);
+ }
+ xmlloader.arg=callbackparams;
+ xmlloader.load('files/api.php',paramString);
+} \ No newline at end of file
diff --git a/js/lib_files.js b/js/lib_files.js
index c231af2f03f..d1480e36637 100644
--- a/js/lib_files.js
+++ b/js/lib_files.js
@@ -49,7 +49,7 @@ OC_FILES.getdirectorycontent_parse=function(req){
if(fileElements.length>0){
for(index=0;index<fileElements.length;index++){
var file=new Array();
- var attributes=Array('size','name','type','directory','date');
+ var attributes=Array('size','name','type','directory','date','mime');
for(i in attributes){
var name=attributes[i];
file[name]=fileElements.item(index).getAttribute(name);
@@ -87,6 +87,10 @@ OC_FILES.getdirectorycontent=function(dir,callback,refresh){
OC_FILES.dir='';
+OC_FILES.get=function(dir,file){
+ window.location='files/get_file.php?dir='+encodeURIComponent(dir)+'&files='+encodeURIComponent(file);
+}
+
OC_FILES.upload=function(dir,iframeId){
var file=new Object;
var fileSelector=document.getElementById('fileSelector');
@@ -102,6 +106,11 @@ OC_FILES.upload=function(dir,iframeId){
return false;
}
}
+ var mime='';
+ if(fileSelector.files && fileSelector.files[0].type){
+ var mime=fileSelector.files[0].type;
+ }
+ file.dir=dir;
file.dir=dir;
file.name=name;
file.type='file';
@@ -114,9 +123,10 @@ OC_FILES.upload=function(dir,iframeId){
OC_FILES.cache.incomplete[dir][name]['name']=name;
OC_FILES.cache.incomplete[dir][name]['type']='incomplete';
OC_FILES.cache.incomplete[dir][name]['size']=size;
+ OC_FILES.cache.incomplete[dir][name]['mime']=mime;
OC_FILES.uploadIFrames[iframeId].file=file;
OC_FILES.uploadIFrames[iframeId].addEvent('onload',new callBack(OC_FILES.upload_callback,OC_FILES.uploadIFrames[iframeId]));
- OC_FILES.browser.files.add(name,'incomplete',size);
+ OC_FILES.browser.files.add(name,'incomplete',size,null,mime);
OC_FILES.uploadForm.submit();
if(OC_FILES.uploadForm.parentElement){
OC_FILES.uploadForm.className='hidden';
@@ -137,7 +147,7 @@ OC_FILES.upload_callback=function(iframeId){
OC_FILES.cache.files[file.name]['type']=file.type;
this.uploadForm.parentNode.removeChild(this.uploadForm);
this.parentNode.removeChild(this);
- delete OC_FILES.uploadIFrames[file.iframeId];
+ OC_FILES.uploadIFrames[file.iframeId]=null;
OC_FILES.browser.show(file.dir);
}
}
@@ -154,14 +164,12 @@ OC_FILES.rename=function(dir,file,event){
OC_FILES.browser.show(OC_FILES.dir);
return false;
}
- xmlloader=new OCXMLLoader();
- xmlloader.setCallBack(OC_FILES.rename_callback);
- xmlloader.arg=new Object;
- xmlloader.arg.oldname=file;
- xmlloader.arg.newname=newname;
- xmlloader.arg.dir=dir;
- xmlloader.arg.type=OC_FILES.cache.files[file]['type'];
- xmlloader.load('files/rename.php?dir='+dir+'&file='+file+'&newname='+newname);
+ arg=new Object;
+ arg.oldname=file;
+ arg.newname=newname;
+ arg.dir=dir;
+ arg.type=OC_FILES.cache.files[file]['type'];
+ OC_API.run('rename',{dir:dir,file:file,newname:newname},OC_FILES.rename_callback,arg)
if(!OC_FILES.cache.incomplete[dir]){
OC_FILES.cache.incomplete[dir]=Array();
}
@@ -184,12 +192,9 @@ OC_FILES.rename_callback=function(req,file){
}
OC_FILES.remove=function(dir,file){
- remove=confirm('remove file \''+file+'\'?');
+ remove=confirm('delete file \''+file+'\'?');
if(remove){
- xmlloader=new OCXMLLoader();
- xmlloader.setCallBack(OC_FILES.remove_callback);
- xmlloader.arg=file;
- xmlloader.load('files/delete.php?dir='+dir+'&file='+file);
+ OC_API.run('delete',{dir:dir,file:file},OC_FILES.remove_callback,file)
OC_FILES.browser.files.remove(file);
delete OC_FILES.cache.files[file];
}
@@ -212,13 +217,11 @@ OC_FILES.getSelected=function(){
}
OC_FILES.newFile=function(type,name,dir){
- xmlloader=new OCXMLLoader();
- xmlloader.arg=new Object;
- xmlloader.arg.name=name;
- xmlloader.arg.dir=dir;
- xmlloader.arg.type=type;
- xmlloader.setCallBack(OC_FILES.new_callback);
- xmlloader.load('files/new.php?type='+type+'&dir='+dir+'&name='+name);
+ arg=new Object;
+ arg.name=name;
+ arg.dir=dir;
+ arg.type=type;
+ OC_API.run('new',{dir:dir,name:name,type:type},OC_FILES.new_callback,arg)
if(!OC_FILES.cache.incomplete[dir]){
OC_FILES.cache.incomplete[dir]=Array();
}
@@ -233,8 +236,9 @@ OC_FILES.new_callback=function(req,file){
OC_FILES.cache.files[file.name]=OC_FILES.cache.incomplete[file.dir][file.name];
delete OC_FILES.cache.incomplete[file.dir][file.name];
OC_FILES.cache.files[file.name]['type']=file.type;
- OC_FILES.browser.files.remove(name);
- OC_FILES.browser.show(OC_FILES.dir);
+ OC_FILES.browser.files.remove(file.name);
+// OC_FILES.browser.files.add(name);
+ OC_FILES.browser.show(OC_FILES.dir,true);
}
OC_FILES.move=function(source,target,sourceDir,targetDir){
@@ -248,17 +252,15 @@ OC_FILES.move=function(source,target,sourceDir,targetDir){
if(!OC_FILES.cache.incomplete[targetDir+'/'+target]){
OC_FILES.cache.incomplete[targetDir+'/'+target]=Array();
}
- xmlloader=new OCXMLLoader();
- xmlloader.arg=new Object;
- xmlloader.arg.source=source;
- xmlloader.arg.target=target;
- xmlloader.arg.sourceDir=sourceDir;
- xmlloader.arg.targetDir=targetDir;
- xmlloader.arg.type=OC_FILES.cache.files[source]['type'];
+ arg=new Object;
+ arg.source=source;
+ arg.target=target;
+ arg.sourceDir=sourceDir;
+ arg.targetDir=targetDir;
+ arg.type=OC_FILES.cache.files[source]['type'];
OC_FILES.cache.files[source]['type']='incomplete';
- OC_FILES.cache.incomplete[targetDir+'/'+target][source]=OC_FILES.cache.files[source]
- xmlloader.setCallBack(OC_FILES.move_callback);
- xmlloader.load('files/move.php?sourcedir='+sourceDir+'&targetdir='+targetDir+'&source='+source+'&target='+target);
+ OC_FILES.cache.incomplete[targetDir+'/'+target][source]=OC_FILES.cache.files[source];
+ OC_API.run('move',{sourcedir:sourceDir,source:source,targetdir:targetDir,target:target},OC_FILES.move_callback,arg);
}
}
@@ -293,11 +295,12 @@ OC_FILES.actions_selected.download=function(){
if(files.length==0){
return false;
}else if(files.length>1){
- files.join(';');
+ files=files.join(';');
}else{
files=files[0];
}
- window.location=WEBROOT+'/files/get_file.php?dir='+OC_FILES.dir+'&files='+files;
+ OC_FILES.get(dir,files);
+// window.location=WEBROOT+'/files/get_file.php?dir='+OC_FILES.dir+'&files='+files;
}
OC_FILES.actions_selected['delete']=function(){
@@ -309,11 +312,17 @@ OC_FILES.actions_selected['delete']=function(){
OC_FILES.files=Array();
-OC_FILES.file=function(dir,file,type){
+OC_FILES.file=function(dir,file,type,mime){
if(file){
this.type=type;
this.file=file;
this.dir=dir;
+ this.mime=mime;
+ if(mime){
+ var mimeParts=mime.split('/');
+ this.mime1=mimeParts[0];
+ this.mime2=mimeParts[1];
+ }
this.actions=new Object();
if(file.lastIndexOf('.')){
this.extention=file.substr(file.lastIndexOf('.')+1);
@@ -332,10 +341,17 @@ OC_FILES.file=function(dir,file,type){
}
}
}
- if(OC_FILES.fileActions[this.extention]){
- for(index in OC_FILES.fileActions[this.extention]){
- if(OC_FILES.fileActions[this.extention][index].call){
- this.actions[index]=OC_FILES.fileActions[this.extention][index];
+ if(OC_FILES.fileActions[this.mime1]){
+ for(index in OC_FILES.fileActions[this.mime1]){
+ if(OC_FILES.fileActions[this.mime1][index].call){
+ this.actions[index]=OC_FILES.fileActions[this.mime1][index];
+ }
+ }
+ }
+ if(OC_FILES.fileActions[this.mime]){
+ for(index in OC_FILES.fileActions[this.mime]){
+ if(OC_FILES.fileActions[this.mime][index].call){
+ this.actions[index]=OC_FILES.fileActions[this.mime][index];
}
}
}
@@ -361,7 +377,7 @@ OC_FILES.fileActions.all.rename=function(){
OC_FILES.browser.show_rename(this.dir,this.file);
}
OC_FILES.fileActions.all.download=function(){
- window.location=WEBROOT+'/files/get_file.php?dir='+this.dir+'&files='+this.file;
+ OC_FILES.get(this.dir,this.file);
}
OC_FILES.fileActions.all['default']=OC_FILES.fileActions.all.download;
@@ -373,19 +389,13 @@ OC_FILES.fileActions.dir.open=function(){
OC_FILES.fileActions.dir['default']=OC_FILES.fileActions.dir.open;
OC_FILES.fileActions.dir.dropOn=function(file){
- OC_FILES.move(file.file,this.file,file.dir,this.dir);
+ OC_FILES.move(file.file,file.file,file.dir,this.dir+'/'+this.file);
}
-OC_FILES.fileActions.jpg=new Object()
+OC_FILES.fileActions.image=new Object()
-OC_FILES.fileActions.jpg.show=function(){
-// window.open(WEBROOT+'/files/open_file.php?dir='+this.dir+'&file='+this.file);
+OC_FILES.fileActions.image.show=function(){
OC_FILES.browser.showImage(this.dir,this.file);
}
-OC_FILES.fileActions.jpg['default']=OC_FILES.fileActions.jpg.show;
-
-OC_FILES.fileActions.jpeg=OC_FILES.fileActions.jpg
-OC_FILES.fileActions.png=OC_FILES.fileActions.jpg
-OC_FILES.fileActions.gif=OC_FILES.fileActions.jpg
-OC_FILES.fileActions.bmp=OC_FILES.fileActions.jpg \ No newline at end of file
+OC_FILES.fileActions.image['default']=OC_FILES.fileActions.image.show; \ No newline at end of file
diff --git a/webdav/owncloud.php b/webdav/owncloud.php
index 6699526be28..504503b58cc 100755
--- a/webdav/owncloud.php
+++ b/webdav/owncloud.php
@@ -23,7 +23,7 @@
require_once('../inc/lib_base.php');
-require_once('HTTP/WebDAV/Server/Filesystem.php');
+oc_require_once('HTTP/WebDAV/Server/Filesystem.php');
ini_set('default_charset', 'UTF-8');
@@ -38,12 +38,15 @@ if(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['REDIRECT_REMOTE_USER']))
$user=$_SERVER['PHP_AUTH_USER'];
$passwd=$_SERVER['PHP_AUTH_PW'];
-if(($user==$CONFIG_ADMINLOGIN) and ($passwd==$CONFIG_ADMINPASSWORD )){
-
- $server = new HTTP_WebDAV_Server_Filesystem();
- $server->db_name = $CONFIG_DBNAME;
- $server->ServeRequest($CONFIG_DATADIRECTORY);
-
+if(OC_USER::login($user,$passwd)){
+ $CONFIG_DATADIRECTORY=$SERVERROOT.'/data/'.$_SESSION['username_clean'];
+ if(!is_dir($CONFIG_DATADIRECTORY)){
+ mkdir($CONFIG_DATADIRECTORY);
+ }
+ $server = new HTTP_WebDAV_Server_Filesystem();
+ $server->db_name = $CONFIG_DBNAME;
+ $server->ServeRequest($CONFIG_DATADIRECTORY);
+
}else{
header('WWW-Authenticate: Basic realm="ownCloud"');
header('HTTP/1.0 401 Unauthorized');
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-16 02:05:56 +0000