diff options
| author | Jakob Sack <kde@jakobsack.de> | 2011-04-15 17:14:02 +0200 |
|---|---|---|
| committer | Jakob Sack <kde@jakobsack.de> | 2011-04-15 17:14:02 +0200 |
| commit | 149793f2e7c701434698a1e6f8af251fe786d320 (patch) | |
| tree | dc465bef02142c692f49cfc6d61d4c8934182fee /lib | |
| parent | 7c8ae42c6f39b38e2910780944910b5cf9d360c1 (diff) | |
| download | nextcloud-server-149793f2e7c701434698a1e6f8af251fe786d320.tar.gz nextcloud-server-149793f2e7c701434698a1e6f8af251fe786d320.zip | |
First version of the new user management
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Group/backend.php | 74 | ||||
| -rw-r--r-- | lib/Group/database.php | 138 | ||||
| -rw-r--r-- | lib/User/backend.php | 118 | ||||
| -rw-r--r-- | lib/User/database.php | 400 | ||||
| -rw-r--r-- | lib/base.php | 4 | ||||
| -rw-r--r-- | lib/group.php | 137 | ||||
| -rw-r--r-- | lib/user.php | 268 |
7 files changed, 526 insertions, 613 deletions
diff --git a/lib/Group/backend.php b/lib/Group/backend.php new file mode 100644 index 00000000000..c70bd6665cb --- /dev/null +++ b/lib/Group/backend.php @@ -0,0 +1,74 @@ +<?php + +/** +* ownCloud +* +* @author Frank Karlitschek +* @copyright 2010 Frank Karlitschek karlitschek@kde.org +* +* This library is free software; you can redistribute it and/or +* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE +* License as published by the Free Software Foundation; either +* version 3 of the License, or any later version. +* +* This library is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU AFFERO GENERAL PUBLIC LICENSE for more details. +* +* You should have received a copy of the GNU Affero General Public +* License along with this library. If not, see <http://www.gnu.org/licenses/>. +* +*/ + + + +/** + * Base class for user management + * + */ +abstract class OC_GROUP_BACKEND { + /** + * Try to create a new group + * + * @param string $groupName The name of the group to create + */ + abstract public static function createGroup($groupName); + + /** + * Check if a user belongs to a group + * + * @param string $username Name of the user to check + * @param string $groupName Name of the group + */ + abstract public static function inGroup($username, $groupName); + + /** + * Add a user to a group + * + * @param string $username Name of the user to add to group + * @param string $groupName Name of the group in which add the user + */ + abstract public static function addToGroup($username, $groupName); + + /** + * Remove a user from a group + * + * @param string $username Name of the user to remove from group + * @param string $groupName Name of the group from which remove the user + */ + abstract public static function removeFromGroup($username,$groupName); + + /** + * Get all groups the user belongs to + * + * @param string $username Name of the user + */ + abstract public static function getUserGroups($username); + + /** + * get a list of all groups + * + */ + abstract public static function getGroups(); +} diff --git a/lib/Group/database.php b/lib/Group/database.php new file mode 100644 index 00000000000..8e7f1203cd2 --- /dev/null +++ b/lib/Group/database.php @@ -0,0 +1,138 @@ +<?php + +/** + * ownCloud + * + * @author Frank Karlitschek + * @copyright 2010 Frank Karlitschek karlitschek@kde.org + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ +/* + * + * The following SQL statement is just a help for developers and will not be + * executed! + * + * CREATE TABLE `groups` ( + * `gid` varchar(64) COLLATE utf8_unicode_ci NOT NULL, + * PRIMARY KEY (`gid`) + * ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + * + * CREATE TABLE `group_user` ( + * `gid` varchar(64) COLLATE utf8_unicode_ci NOT NULL, + * `uid` varchar(64) COLLATE utf8_unicode_ci NOT NULL + * ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + * + */ + +oc_require_once( 'Group/backend.php' ); + +/** + * Class for group management in a SQL Database (e.g. MySQL, SQLite) + * + */ +class OC_GROUP_DATABASE extends OC_GROUP_BACKEND { + static private $userGroupCache=array(); + + /** + * Try to create a new group + * + * @param string $groupName The name of the group to create + */ + public static function createGroup( $gid ){ + $query = OC_DB::prepare( "SELECT * FROM `*PREFIX*groups` WHERE `gid` = ?" ); + $result = $query->execute( $gid ); + + if( $result->numRows() > 0 ){ + return false; + } + else{ + $query = OC_DB::prepare( "INSERT INTO `*PREFIX*groups` ( `gid` ) VALUES( ? )" ); + $result = $query->prepare( $gid ); + + return $result ? true : false; + } + } + + /** + * Check if a user belongs to a group + * + * @param string $username Name of the user to check + * @param string $groupName Name of the group + */ + public static function inGroup($username,$groupName) { + $query = OC_DB::prepare( "SELECT * FROM `*PREFIX*group_user` WHERE `gid` = ? AND `uid` = ?" ); + $result = $query->execute( $groupName, $username ); + + return $result->numRows() > 0 ? true : false; + } + + /** + * Add a user to a group + * + * @param string $username Name of the user to add to group + * @param string $groupName Name of the group in which add the user + */ + public static function addToGroup($username, $groupName) { + if( !OC_USER::inGroup( $username, $groupName )){ + $query = OC_DB::prepare( "INSERT INTO `*PREFIX*group_user` ( `uid`, `gid` ) VALUES( ?, ? )" ); + $result = $query->execute( $username, $groupName ); + } + } + + /** + * Remove a user from a group + * + * @param string $username Name of the user to remove from group + * @param string $groupName Name of the group from which remove the user + */ + public static function removeFromGroup($username,$groupName){ + $query = OC_DB::prepare( "DELETE FROM `*PREFIX*group_user` WHERE `uid` = ? AND `gid` = ?" ); + $result = $query->execute( $username, $groupName ); + } + + /** + * Get all groups the user belongs to + * + * @param string $username Name of the user + */ + public static function getUserGroups($username) { + $query = OC_DB::prepare( "SELECT * FROM `*PREFIX*group_user` WHERE `uid` = ?" ); + $result = $query->execute( $username ); + + $groups = array(); + while( $row = $result->fetchRow()){ + $groups[] = $row; + } + + return $groups; + } + + /** + * get a list of all groups + * + */ + public static function getGroups() { + $query = OC_DB::prepare( "SELECT * FROM `*PREFIX*groups`" ); + $result = $query->execute(); + + $groups = array(); + while( $row = $result->fetchRow()){ + $groups[] = $row; + } + + return $groups; + } +} diff --git a/lib/User/backend.php b/lib/User/backend.php index a486ea1cbcc..ab053661f88 100644 --- a/lib/User/backend.php +++ b/lib/User/backend.php @@ -1,25 +1,25 @@ <?php /** -* ownCloud -* -* @author Frank Karlitschek -* @copyright 2010 Frank Karlitschek karlitschek@kde.org -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE -* License as published by the Free Software Foundation; either -* version 3 of the License, or any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU AFFERO GENERAL PUBLIC LICENSE for more details. -* -* You should have received a copy of the GNU Affero General Public -* License along with this library. If not, see <http://www.gnu.org/licenses/>. -* -*/ + * ownCloud + * + * @author Frank Karlitschek + * @copyright 2010 Frank Karlitschek karlitschek@kde.org + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ @@ -30,12 +30,6 @@ abstract class OC_USER_BACKEND { /** - * Check if the login button is pressed and log the user in - * - */ - abstract public static function loginListener(); - - /** * Try to create a new user * * @param string $username The username of the user to create @@ -52,85 +46,17 @@ abstract class OC_USER_BACKEND { abstract public static function login($username, $password); /** - * Check if the logout button is pressed and logout the user - * - */ - abstract public static function logoutListener(); - - /** * Check if some user is logged in * */ abstract public static function isLoggedIn(); /** - * Try to create a new group - * - * @param string $groupName The name of the group to create - */ - abstract public static function createGroup($groupName); - - /** - * Get the ID of a user - * - * @param string $username Name of the user to find the ID - * @param boolean $noCache If false the cache is used to find the ID - */ - abstract public static function getUserId($username, $noCache=false); - - /** - * Get the ID of a group - * - * @param string $groupName Name of the group to find the ID - * @param boolean $noCache If false the cache is used to find the ID - */ - abstract public static function getGroupId($groupName, $noCache=false); - - /** - * Get the name of a group - * - * @param string $groupId ID of the group - * @param boolean $noCache If false the cache is used to find the name of the group - */ - abstract public static function getGroupName($groupId, $noCache=false); - - /** - * Check if a user belongs to a group - * - * @param string $username Name of the user to check - * @param string $groupName Name of the group - */ - abstract public static function inGroup($username, $groupName); - - /** - * Add a user to a group - * - * @param string $username Name of the user to add to group - * @param string $groupName Name of the group in which add the user - */ - abstract public static function addToGroup($username, $groupName); - - /** - * Remove a user from a group - * - * @param string $username Name of the user to remove from group - * @param string $groupName Name of the group from which remove the user - */ - abstract public static function removeFromGroup($username,$groupName); - - /** * Generate a random password */ abstract public static function generatePassword(); /** - * Get all groups the user belongs to - * - * @param string $username Name of the user - */ - abstract public static function getUserGroups($username); - - /** * Set the password of a user * * @param string $username User who password will be changed @@ -152,10 +78,4 @@ abstract class OC_USER_BACKEND { * */ abstract public static function getUsers(); - - /** - * get a list of all groups - * - */ - abstract public static function getGroups(); } diff --git a/lib/User/database.php b/lib/User/database.php index defaf7f8f40..b6305220f3d 100644 --- a/lib/User/database.php +++ b/lib/User/database.php @@ -1,30 +1,40 @@ <?php /** -* ownCloud -* -* @author Frank Karlitschek -* @copyright 2010 Frank Karlitschek karlitschek@kde.org -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE -* License as published by the Free Software Foundation; either -* version 3 of the License, or any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU AFFERO GENERAL PUBLIC LICENSE for more details. -* -* You should have received a copy of the GNU Affero General Public -* License along with this library. If not, see <http://www.gnu.org/licenses/>. -* -*/ + * ownCloud + * + * @author Frank Karlitschek + * @copyright 2010 Frank Karlitschek karlitschek@kde.org + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ +/* + * + * The following SQL statement is just a help for developers and will not be + * executed! + * + * CREATE TABLE `users` ( + * `uid` varchar(64) COLLATE utf8_unicode_ci NOT NULL, + * `password` varchar(255) COLLATE utf8_unicode_ci NOT NULL, + * PRIMARY KEY (`uid`) + * ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + * + */ oc_require_once('User/backend.php'); - - /** * Class for user management in a SQL Database (e.g. MySQL, SQLite) * @@ -33,50 +43,23 @@ class OC_USER_DATABASE extends OC_USER_BACKEND { static private $userGroupCache=array(); /** - * Check if the login button is pressed and log the user in - * - */ - public static function loginListener(){ - if ( isset($_POST['loginbutton']) AND isset($_POST['password']) AND isset($_POST['login']) ) { - if ( OC_USER::login($_POST['login'], $_POST['password']) ) { - echo 1; - OC_LOG::event($_SESSION['username'], 1, ''); - echo 2; - if ( (isset($CONFIG_HTTPFORCESSL) AND $CONFIG_HTTPFORCESSL) - OR (isset($_SERVER['HTTPS']) AND ('on' == $_SERVER['HTTPS'])) ) { - $url = 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; - } else { - $url = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; - } - header("Location: $url"); - die(); - } else { - return('error'); - } - } - return(''); - } - - /** * Try to create a new user * * @param string $username The username of the user to create * @param string $password The password of the new user */ - public static function createUser($username, $password) { - self::clearCache(); - global $CONFIG_DBTABLEPREFIX; + public static function createUser( $uid, $password ){ + $query = OC_DB::prepare( "SELECT * FROM `*PREFIX*users` WHERE `uid` = ?" ); + $result = $query->execute( $uid ); + // Check if the user already exists - if ( 0 != OC_USER::getUserId($username, true) ) { + if ( $result->numRows() > 0 ){ return false; - } else { - $usernameClean = strToLower($username); - $password = sha1($password); - $username = OC_DB::escape($username); - $usernameClean = OC_DB::escape($usernameClean); - $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}users` (`user_name` ,`user_name_clean` ,`user_password`) " - . "VALUES ('$username', '$usernameClean', '$password')"; - $result = OC_DB::query($query); + } + else{ + $query = OC_DB::prepare( "INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )" ); + $result = $query->prepare( $uid, sha1( $password )); + return $result ? true : false; } } @@ -87,39 +70,17 @@ class OC_USER_DATABASE extends OC_USER_BACKEND { * @param string $username The username of the user to log in * @param string $password The password of the user */ - public static function login($username,$password){ - global $CONFIG_DBTABLEPREFIX; + public static function login( $username, $password ){ + $query = OC_DB::prepare( "SELECT `uid`, `name` FROM `*PREFIX*users` WHERE `uid` = ? AND `password` = ?" ); + $result = $query->execute( $username, sha1( $password )); - $password = sha1($password); - $usernameClean = strtolower($username); - $username = OC_DB::escape($username); - $usernameClean = OC_DB::escape($usernameClean); - $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users " - . "WHERE user_name_clean = '$usernameClean' AND user_password = '$password' LIMIT 1"; - $result = OC_DB::select($query); - if ( isset($result[0]) AND isset($result[0]['user_id']) ) { - $_SESSION['user_id'] = $result[0]['user_id']; - $_SESSION['username'] = $username; - $_SESSION['username_clean'] = $usernameClean; + if( $result->numRows() > 0 ){ + $row = $result->fetchRow(); + $_SESSION['user_id'] = $row["uid"]; return true; - } else { - return false; } - } - - /** - * Check if the logout button is pressed and logout the user - * - */ - public static function logoutListener() { - global $WEBROOT; - if ( isset($_GET['logoutbutton']) AND isset($_SESSION['username']) ) { - OC_LOG::event($_SESSION['username'], 2, ''); - $_SESSION['user_id'] = false; - $_SESSION['username'] = ''; - $_SESSION['username_clean'] = ''; - - header("location: $WEBROOT"); + else{ + return false; } } @@ -128,10 +89,8 @@ class OC_USER_DATABASE extends OC_USER_BACKEND { * */ public static function logout() { - OC_LOG::event($_SESSION['username'], 2, ''); + OC_LOG::add( "core", $_SESSION['user_id'], "logout" ); $_SESSION['user_id'] = false; - $_SESSION['username'] = ''; - $_SESSION['username_clean'] = ''; } /** @@ -139,180 +98,15 @@ class OC_USER_DATABASE extends OC_USER_BACKEND { * */ public static function isLoggedIn() { - if ( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ) { + if( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ){ return true; - } else { - return false; } - } - - /** - * Try to create a new group - * - * @param string $groupName The name of the group to create - */ - public static function createGroup($groupName) { - self::clearCache(); - global $CONFIG_DBTABLEPREFIX; - if (0 == OC_USER::getGroupId($groupName) ) { - $groupName = OC_DB::escape($groupName); - $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}groups` (`group_name`) VALUES ('$groupName')"; - $result = OC_DB::query($query); - return $result ? true : false; - } else { + else{ return false; } } /** - * Get the ID of a user - * - * @param string $username Name of the user to find the ID - * @param boolean $noCache If false the cache is used to find the ID - */ - public static function getUserId($username, $noCache=false) { - global $CONFIG_DBTABLEPREFIX; - - $usernameClean = strToLower($username); - // Try to use cached value to avoid an SQL query - if ( !$noCache AND isset($_SESSION['user_id_cache'][$usernameClean]) ) { - return $_SESSION['user_id_cache'][$usernameClean]; - } - $usernameClean = OC_DB::escape($usernameClean); - $query = "SELECT user_id FROM {$CONFIG_DBTABLEPREFIX}users WHERE user_name_clean = '$usernameClean'"; - $result = OC_DB::select($query); - if ( !is_array($result) ) { - return 0; - } - if ( isset($result[0]) AND isset($result[0]['user_id']) ) { - $_SESSION['user_id_cache'][$usernameClean] = $result[0]['user_id']; - return $result[0]['user_id']; - } else { - return 0; - } - } - - /** - * Get the ID of a group - * - * @param string $groupName Name of the group to find the ID - * @param boolean $noCache If false the cache is used to find the ID - */ - public static function getGroupId($groupName, $noCache=false) { - global $CONFIG_DBTABLEPREFIX; - - // Try to use cached value to avoid an SQL query - if ( !$noCache AND isset($_SESSION['group_id_cache'][$groupName]) ) { - return $_SESSION['group_id_cache'][$groupName]; - } - $groupName = OC_DB::escape($groupName); - $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_name = '$groupName'"; - $result = OC_DB::select($query); - if ( !is_array($result) ) { - return 0; - } - if ( isset($result[0]) AND isset($result[0]['group_id']) ){ - $_SESSION['group_id_cache'][$groupName] = $result[0]['group_id']; - return $result[0]['group_id']; - } else { - return 0; - } - } - - /** - * Get the name of a group - * - * @param string $groupId ID of the group - * @param boolean $noCache If false the cache is used to find the name of the group - */ - public static function getGroupName($groupId, $noCache=false) { - global $CONFIG_DBTABLEPREFIX; - - // Try to use cached value to avoid an sql query - if ( !$noCache AND ($name = array_search($groupId, $_SESSION['group_id_cache'])) ) { - return $name; - } - $groupId = (integer)$groupId; - $query = "SELECT group_name FROM {$CONFIG_DBTABLEPREFIX}groups WHERE group_id = '$groupId' LIMIT 1"; - $result = OC_DB::select($query); - if ( isset($result[0]) AND isset($result[0]['group_name']) ) { - return $result[0]['group_name']; - } else { - return 0; - } - } - - /** - * Check if a user belongs to a group - * - * @param string $username Name of the user to check - * @param string $groupName Name of the group - */ - public static function inGroup($username,$groupName) { - global $CONFIG_DBTABLEPREFIX; - $userId = OC_USER::getUserId($username); - $groupId = OC_USER::getGroupId($groupName); - self::getUserGroups($username); - $groups=self::$userGroupCache[$userId]; - return (array_search($groupId,$groups)!==false); - } - - /** - * Add a user to a group - * - * @param string $username Name of the user to add to group - * @param string $groupName Name of the group in which add the user - */ - public static function addToGroup($username, $groupName) { - global $CONFIG_DBTABLEPREFIX; - self::clearCache(); - if ( !OC_USER::inGroup($username, $groupName) ) { - $userId = OC_USER::getUserId($username,true); - $groupId = OC_USER::getGroupId($groupName,true); - if ( (0 != $groupId) AND (0 != $userId) ) { - $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}user_group` (`user_id` ,`group_id`) VALUES ('$userId', '$groupId');"; - $result = OC_DB::query($query); - if ( $result ) { - self::clearCache(); - return true; - } else { - return false; - } - } else { - return false; - } - } else { - return true; - } - } - - /** - * Remove a user from a group - * - * @param string $username Name of the user to remove from group - * @param string $groupName Name of the group from which remove the user - */ - public static function removeFromGroup($username,$groupName){ - global $CONFIG_DBTABLEPREFIX; - self::clearCache(); - if (OC_USER::inGroup($username, $groupName) ) { - $userId = OC_USER::getUserId($username,true); - $groupId = OC_USER::getGroupId($groupName,true); - if ( (0 != $groupId) AND (0 != $userId) ) { - $query="DELETE FROM `{$CONFIG_DBTABLEPREFIX}user_group` WHERE `group_id` =$groupId AND `user_id`=$userId"; - $result = OC_DB::query($query); - if ( $result ) { - self::clearCache(); - return true; - } else { - return false; - } - } - } - return false; - } - - /** * Generate a random password */ public static function generatePassword(){ @@ -320,47 +114,19 @@ class OC_USER_DATABASE extends OC_USER_BACKEND { } /** - * Get all groups the user belongs to - * - * @param string $username Name of the user - */ - public static function getUserGroups($username) { - global $CONFIG_DBTABLEPREFIX; - - $userId = OC_USER::getUserId($username); - if(!isset(self::$userGroupCache[$userId])){ - $query = "SELECT group_id FROM {$CONFIG_DBTABLEPREFIX}user_group WHERE user_id = '$userId'"; - $result = OC_DB::select($query); - $groupsId = array(); - if ( is_array($result) ) { - foreach ( $result as $group ) { - $groupId = $group['group_id']; - $groupsId[]=$groupId; - } - } - self::$userGroupCache[$userId]=$groupsId; - return $groupsId; - }else{ - return self::$userGroupCache[$userId]; - } - } - - /** * Set the password of a user * * @param string $username User who password will be changed * @param string $password The new password for the user */ - public static function setPassword($username, $password) { - global $CONFIG_DBTABLEPREFIX; + public static function setPassword( $username, $password ){ + $query = OC_DB::prepare( "UPDATE `*PREFIX*users` SET `password` = ? WHERE `uid` = ?" ); + $result = $query->execute( sha1( $password ), $username ); - $password = sha1($password); - $userId = OC_USER::getUserId($username); - $query = "UPDATE {$CONFIG_DBTABLEPREFIX}users SET user_password = '$password' WHERE user_id ='$userId'"; - $result = OC_DB::query($query); - if ( $result ) { + if( $result->numRows() > 0 ){ return true; - } else { + } + else{ return false; } } @@ -371,19 +137,14 @@ class OC_USER_DATABASE extends OC_USER_BACKEND { * @param string $username Name of the user * @param string $password Password of the user */ - public static function checkPassword($username, $password) { - global $CONFIG_DBTABLEPREFIX; + public static function checkPassword( $username, $password ){ + $query = OC_DB::prepare( "SELECT `uid` FROM `*PREFIX*users` WHERE `uid` = ? AND `password` = ?" ); + $result = $query->execute( $username, sha1( $password )); - $password = sha1($password); - $usernameClean = strToLower($username); - $usernameClean = OC_DB::escape($usernameClean); - $username = OC_DB::escape($username); - $query = "SELECT user_id FROM `{$CONFIG_DBTABLEPREFIX}users` " - . "WHERE user_name_clean = '$usernameClean' AND user_password = '$password' LIMIT 1"; - $result = OC_DB::select($query); - if ( isset($result[0]) AND isset($result[0]['user_id']) AND ($result[0]['user_id'] > 0) ) { + if( $result->numRows() > 0 ){ return true; - } else { + } + else{ return false; } } @@ -392,37 +153,14 @@ class OC_USER_DATABASE extends OC_USER_BACKEND { * get a list of all users * */ - public static function getUsers() { - global $CONFIG_DBTABLEPREFIX; + public static function getUsers(){ + $query = OC_DB::prepare( "SELECT `uid` FROM `*PREFIX*users`" ); + $result = $query->execute(); - $query = "SELECT user_name FROM `{$CONFIG_DBTABLEPREFIX}users`"; - $result = OC_DB::select($query); $users=array(); - foreach($result as $user){ - $users[]=$user['user_name']; + while( $row = $result->fetchRow()){ + $users[] = $row["uid"]; } return $users; } - - /** - * get a list of all groups - * - */ - public static function getGroups() { - global $CONFIG_DBTABLEPREFIX; - - $query = "SELECT group_name FROM `{$CONFIG_DBTABLEPREFIX}groups`"; - $result = OC_DB::select($query); - $groups=array(); - foreach($result as $group){ - $groups[]=$group['group_name']; - } - return $groups; - } - - private static function clearCache(){ - self::$userGroupCache=array(); - $_SESSION['user_id_cache']=array(); - $_SESSION['group_id_cache']=array(); - } } diff --git a/lib/base.php b/lib/base.php index 3bf74e233a5..e29cf5292c2 100644 --- a/lib/base.php +++ b/lib/base.php @@ -22,7 +22,7 @@ // set some stuff -ob_start(); +//ob_start(); // error_reporting(E_ALL | E_STRICT); error_reporting( E_ERROR | E_PARSE | E_WARNING ); // MDB2 gives loads of strict error, disabling for now @@ -30,6 +30,7 @@ date_default_timezone_set('Europe/Berlin'); ini_set('arg_separator.output','&'); ini_set('session.cookie_httponly','1;'); session_start(); + // calculate the documentroot $SERVERROOT=substr(__FILE__,0,-13); $DOCUMENTROOT=realpath($_SERVER['DOCUMENT_ROOT']); @@ -86,6 +87,7 @@ oc_require_once('fileobserver.php'); oc_require_once('log.php'); oc_require_once('config.php'); oc_require_once('user.php'); +oc_require_once('group.php'); oc_require_once('ocs.php'); oc_require_once('connect.php'); oc_require_once('remotestorage.php'); diff --git a/lib/group.php b/lib/group.php new file mode 100644 index 00000000000..0701627e4ee --- /dev/null +++ b/lib/group.php @@ -0,0 +1,137 @@ +<?php +/** + * ownCloud + * + * @author Frank Karlitschek + * @copyright 2010 Frank Karlitschek karlitschek@kde.org + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ + +/** + * This class provides all methods needed for managing groups. + */ +class OC_GROUP { + // The backend used for user management + private static $_backend; + + // Backends available (except database) + private static $_backends = array(); + + /** + * @brief registers backend + * @param $name name of the backend + * @returns true/false + * + * Makes a list of backends that can be used by other modules + */ + public static function registerBackend( $name ){ + self::$_backends[] = $name; + return true; + } + + /** + * @brief gets available backends + * @returns array of backends + * + * Returns the names of all backends. + */ + public static function getBackends(){ + return self::$_backends; + } + + /** + * @brief set the group backend + * @param string $backend The backend to use for user managment + * @returns true/false + */ + public static function setBackend( $backend = 'database' ){ + // You'll never know what happens + if( null === $backend OR !is_string( $backend )){ + $backend = 'database'; + } + + // Load backend + switch( $backend ){ + case 'database': + case 'mysql': + case 'sqlite': + oc_require_once('User/database.php'); + self::$_backend = new OC_USER_DATABASE(); + break; + default: + $className = 'OC_USER_' . strToUpper($backend); + self::$_backend = new $className(); + break; + } + } + + /** + * Get the name of a group + * + * @param string $groupId ID of the group + * @param boolean $noCache If false the cache is used to find the name of the group + */ + public static function getGroupName($groupId, $noCache=false) { + return self::$_backend->getGroupName($groupId, $noCache); + } + + /** + * Check if a user belongs to a group + * + * @param string $username Name of the user to check + * @param string $groupName Name of the group + */ + public static function inGroup($username, $groupName) { + return self::$_backend->inGroup($username, $groupName); + } + + /** + * Add a user to a group + * + * @param string $username Name of the user to add to group + * @param string $groupName Name of the group in which add the user + */ + public static function addToGroup($username, $groupName) { + return self::$_backend->addToGroup($username, $groupName); + } + + /** + * Remove a user from a group + * + * @param string $username Name of the user to remove from group + * @param string $groupName Name of the group from which remove the user + */ + public static function removeFromGroup($username,$groupName){ + return self::$_backend->removeFromGroup($username, $groupName); + } + + /** + * Get all groups the user belongs to + * + * @param string $username Name of the user + */ + public static function getUserGroups($username) { + return self::$_backend->getUserGroups($username); + } + + /** + * get a list of all groups + * + */ + public static function getGroups() { + return self::$_backend->getGroups(); + } +} diff --git a/lib/user.php b/lib/user.php index 431d0bfc359..645bda4ed5d 100644 --- a/lib/user.php +++ b/lib/user.php @@ -1,66 +1,76 @@ <?php - /** -* ownCloud -* -* @author Frank Karlitschek -* @copyright 2010 Frank Karlitschek karlitschek@kde.org -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE -* License as published by the Free Software Foundation; either -* version 3 of the License, or any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU AFFERO GENERAL PUBLIC LICENSE for more details. -* -* You should have received a copy of the GNU Affero General Public -* License along with this library. If not, see <http://www.gnu.org/licenses/>. -* -*/ - - - - -if ( !$CONFIG_INSTALLED ) { - $_SESSION['user_id'] = false; - $_SESSION['username'] = ''; - $_SESSION['username_clean'] = ''; -} + * ownCloud + * + * @author Frank Karlitschek + * @copyright 2010 Frank Karlitschek karlitschek@kde.org + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE + * License as published by the Free Software Foundation; either + * version 3 of the License, or any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU AFFERO GENERAL PUBLIC LICENSE for more details. + * + * You should have received a copy of the GNU Affero General Public + * License along with this library. If not, see <http://www.gnu.org/licenses/>. + * + */ -//cache the userid's an groupid's -if ( !isset($_SESSION['user_id_cache']) ) { - $_SESSION['user_id_cache'] = array(); -} -if ( !isset($_SESSION['group_id_cache']) ) { - $_SESSION['group_id_cache'] = array(); +if( !$CONFIG_INSTALLED ){ + $_SESSION['user_id'] = ''; } - - - /** - * Class for User Management - * + * This class provides all methods for user management. */ class OC_USER { - // The backend used for user management - private static $_backend; + private static $_backend = null; + + // Backends available (except database) + private static $_backends = array(); /** - * Set the User Authentication Module + * @brief registers backend + * @param $name name of the backend + * @returns true/false * - * @param string $backend The backend to use for user managment + * Makes a list of backends that can be used by other modules */ - public static function setBackend($backend='database') { - if ( (null === $backend) OR (!is_string($backend)) ) { + public static function registerBackend( $name ){ + self::$_backends[] = $name; + return true; + } + + /** + * @brief gets available backends + * @returns array of backends + * + * Returns the names of all backends. + */ + public static function getBackends(){ + return self::$_backends; + } + + /** + * @brief Sets the backend + * @param $backend default: database The backend to use for user managment + * @returns true/false + * + * Set the User Authentication Module + */ + public static function setBackend( $backend = 'database' ){ + // You'll never know what happens + if( null === $backend OR !is_string( $backend )){ $backend = 'database'; } - switch ( $backend ) { + // Load backend + switch( $backend ){ case 'database': case 'mysql': case 'sqlite': @@ -72,178 +82,72 @@ class OC_USER { self::$_backend = new $className(); break; } - } - /** - * Check if the login button is pressed and log the user in - * - */ - public static function loginListener() { - return self::$_backend->loginListener(); - } - - /** - * Try to create a new user - * - * @param string $username The username of the user to create - * @param string $password The password of the new user - */ - public static function createUser($username, $password) { - return self::$_backend->createUser($username, $password); + true; } /** - * Try to login a user - * - * @param string $username The username of the user to log in - * @param string $password The password of the user + * @brief Creates a new user + * @param $username The username of the user to create + * @param $password The password of the new user */ - public static function login($username, $password) { - return self::$_backend->login($username, $password); + public static function createUser( $username, $password ){ + return self::$_backend->createUser( $username, $password ); } /** - * Check if the logout button is pressed and logout the user - * + * @brief try to login a user + * @param $username The username of the user to log in + * @param $password The password of the user */ - public static function logoutListener() { - return self::$_backend->logoutListener(); + public static function login( $username, $password ){ + return self::$_backend->login( $username, $password ); } /** - * Kick the user - * + * @brief Kick the user */ - public static function logout() { + public static function logout(){ return self::$_backend->logout(); } /** - * Check if the user is logged in - * + * @brief Check if the user is logged in */ - public static function isLoggedIn() { + public static function isLoggedIn(){ return self::$_backend->isLoggedIn(); } /** - * Try to create a new group - * - * @param string $groupName The name of the group to create + * @brief Generate a random password */ - public static function createGroup($groupName) { - return self::$_backend->createGroup($groupName); + public static function generatePassword(){ + return substr( md5( uniqId().time()), 0, 10 ); } /** - * Get the ID of a user - * - * @param string $username Name of the user to find the ID - * @param boolean $noCache If false the cache is used to find the ID + * @brief Set the password of a user + * @param $username User whose password will be changed + * @param $password The new password for the user */ - public static function getUserId($username, $noCache=false) { - return self::$_backend->getUserId($username, $noCache); + public static function setPassword( $username, $password ){ + return self::$_backend->setPassword( $username, $password ); } /** - * Get the ID of a group - * - * @param string $groupName Name of the group to find the ID - * @param boolean $noCache If false the cache is used to find the ID - */ - public static function getGroupId($groupName, $noCache=false) { - return self::$_backend->getGroupId($groupName, $noCache); - } - - /** - * Get the name of a group - * - * @param string $groupId ID of the group - * @param boolean $noCache If false the cache is used to find the name of the group - */ - public static function getGroupName($groupId, $noCache=false) { - return self::$_backend->getGroupName($groupId, $noCache); - } - - /** - * Check if a user belongs to a group - * - * @param string $username Name of the user to check - * @param string $groupName Name of the group - */ - public static function inGroup($username, $groupName) { - return self::$_backend->inGroup($username, $groupName); - } - - /** - * Add a user to a group - * - * @param string $username Name of the user to add to group - * @param string $groupName Name of the group in which add the user - */ - public static function addToGroup($username, $groupName) { - return self::$_backend->addToGroup($username, $groupName); - } - - /** - * Remove a user from a group - * - * @param string $username Name of the user to remove from group - * @param string $groupName Name of the group from which remove the user - */ - public static function removeFromGroup($username,$groupName){ - return self::$_backend->removeFromGroup($username, $groupName); - } - - /** - * Generate a random password - */ - public static function generatePassword() { - return substr(md5(uniqId().time()),0,10); - } - - /** - * Get all groups the user belongs to - * - * @param string $username Name of the user - */ - public static function getUserGroups($username) { - return self::$_backend->getUserGroups($username); - } - - /** - * Set the password of a user - * - * @param string $username User who password will be changed - * @param string $password The new password for the user - */ - public static function setPassword($username, $password) { - return self::$_backend->setPassword($username, $password); - } - - /** - * Check if the password of the user is correct - * + * @brief Check if the password of the user is correct * @param string $username Name of the user * @param string $password Password of the user */ - public static function checkPassword($username, $password) { - return self::$_backend->checkPassword($username, $password); + public static function checkPassword( $username, $password ){ + return self::$_backend->checkPassword( $username, $password ); } /** - * get a list of all users - * + * @brief get a list of all users + * @returns array with uids */ - public static function getUsers() { + public static function getUsers(){ return self::$_backend->getUsers(); } - - /** - * get a list of all groups - * - */ - public static function getGroups() { - return self::$_backend->getGroups(); - } } |