From a945fa10a639cdee9e5e712cd48e8c911a8d9821 Mon Sep 17 00:00:00 2001 From: Frank Karlitschek Date: Sat, 26 May 2012 19:14:24 +0200 Subject: update copyright --- index.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) mode change 100644 => 100755 index.php (limited to 'index.php') diff --git a/index.php b/index.php old mode 100644 new mode 100755 index 690fc90e752..d552c149df8 --- a/index.php +++ b/index.php @@ -4,7 +4,7 @@ * ownCloud * * @author Frank Karlitschek -* @copyright 2010 Frank Karlitschek karlitschek@kde.org +* @copyright 2012 Frank Karlitschek frank@owncloud.org * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE @@ -21,6 +21,7 @@ * */ + $RUNTIME_NOAPPS = TRUE; //no apps, yet require_once('lib/base.php'); -- cgit v1.2.3 From ec55eaef5bf5f198dd9fdc46d41fa9e62105f281 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sat, 9 Jun 2012 15:25:00 +0200 Subject: dont load apps when displaying the login page and only load authentication apps during login --- index.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'index.php') diff --git a/index.php b/index.php index d552c149df8..940bb797207 100755 --- a/index.php +++ b/index.php @@ -69,10 +69,10 @@ elseif(OC_User::isLoggedIn()) { // For all others cases, we display the guest page : } else { - OC_App::loadApps(); $error = false; // remember was checked after last login if(isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) { + OC_App::loadApps(array('authentication')); if(defined("DEBUG") && DEBUG) { OC_Log::write('core','Trying to login from cookie',OC_Log::DEBUG); } @@ -88,6 +88,7 @@ elseif(OC_User::isLoggedIn()) { // Someone wants to log in : } elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) { + OC_App::loadApps(array('authentication')); if(OC_User::login($_POST["user"], $_POST["password"])) { if(!empty($_POST["remember_login"])){ if(defined("DEBUG") && DEBUG) { @@ -107,6 +108,7 @@ elseif(OC_User::isLoggedIn()) { // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP } elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){ + OC_App::loadApps(array('authentication')); if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) { //OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG); OC_User::unsetMagicInCookie(); -- cgit v1.2.3 From ba1dec64c174793a714346871c58387cb2578527 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sat, 9 Jun 2012 15:57:57 +0200 Subject: load all apps when loging in, needed for apps listening to login hooks --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'index.php') diff --git a/index.php b/index.php index 940bb797207..07f8436720d 100755 --- a/index.php +++ b/index.php @@ -88,7 +88,7 @@ elseif(OC_User::isLoggedIn()) { // Someone wants to log in : } elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) { - OC_App::loadApps(array('authentication')); + OC_App::loadApps(); if(OC_User::login($_POST["user"], $_POST["password"])) { if(!empty($_POST["remember_login"])){ if(defined("DEBUG") && DEBUG) { -- cgit v1.2.3 From 4f6978c30f5e64c4194ebe46c8c78d8ef1c002fd Mon Sep 17 00:00:00 2001 From: Thomas Tanghus Date: Mon, 11 Jun 2012 15:22:58 +0200 Subject: Redirect HTTP Auth requests to REQUEST_URI. Partial fix for http://bugs.owncloud.org/thebuggenie/owncloud/issues/oc-874 --- index.php | 1 + 1 file changed, 1 insertion(+) (limited to 'index.php') diff --git a/index.php b/index.php index 07f8436720d..b90b1b310a9 100755 --- a/index.php +++ b/index.php @@ -112,6 +112,7 @@ elseif(OC_User::isLoggedIn()) { if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) { //OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG); OC_User::unsetMagicInCookie(); + $_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:''); OC_Util::redirectToDefaultPage(); }else{ $error = true; -- cgit v1.2.3 From 3ddaedee3bcc498b144d3f5df1356eccee7fbb49 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Fri, 15 Jun 2012 15:51:06 +0200 Subject: fixed xss vulnerability --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'index.php') diff --git a/index.php b/index.php index b90b1b310a9..32b3c88df1d 100755 --- a/index.php +++ b/index.php @@ -121,7 +121,7 @@ elseif(OC_User::isLoggedIn()) { if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){ $sectoken=rand(1000000,9999999); $_SESSION['sectoken']=$sectoken; - $redirect_url = (isset($_REQUEST['redirect_url'])) ? $_REQUEST['redirect_url'] : $_SERVER['REQUEST_URI']; + $redirect_url = (isset($_REQUEST['redirect_url'])) ? strip_tags($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI']; OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url)); } } -- cgit v1.2.3 From 79f9d61ec84041c61a8d00042dfeb28afd8219a6 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Mon, 18 Jun 2012 12:44:06 +0200 Subject: Allow apps to load before login, needed for user_openid --- apps/user_openid/appinfo/info.xml | 1 + index.php | 1 + 2 files changed, 2 insertions(+) (limited to 'index.php') diff --git a/apps/user_openid/appinfo/info.xml b/apps/user_openid/appinfo/info.xml index 268af239738..7aae4271fa8 100644 --- a/apps/user_openid/appinfo/info.xml +++ b/apps/user_openid/appinfo/info.xml @@ -8,6 +8,7 @@ 4 true + diff --git a/index.php b/index.php index 32b3c88df1d..1171c0fe0cf 100755 --- a/index.php +++ b/index.php @@ -69,6 +69,7 @@ elseif(OC_User::isLoggedIn()) { // For all others cases, we display the guest page : } else { + OC_App::loadApps(array('prelogin')); $error = false; // remember was checked after last login if(isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) { -- cgit v1.2.3 From 089ae980c40544de54a10d407fd366f61ef5ec48 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Tue, 19 Jun 2012 17:24:55 +0200 Subject: use new sanitize HTML function --- index.php | 2 +- lib/template.php | 8 +------- settings/admin.php | 2 +- settings/ajax/getlog.php | 2 +- settings/js/log.js | 2 +- 5 files changed, 5 insertions(+), 11 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 1171c0fe0cf..e3c94adf66f 100755 --- a/index.php +++ b/index.php @@ -122,7 +122,7 @@ elseif(OC_User::isLoggedIn()) { if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){ $sectoken=rand(1000000,9999999); $_SESSION['sectoken']=$sectoken; - $redirect_url = (isset($_REQUEST['redirect_url'])) ? strip_tags($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI']; + $redirect_url = (isset($_REQUEST['redirect_url'])) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI']; OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url)); } } diff --git a/lib/template.php b/lib/template.php index 77e9332d5b3..75b33d8aace 100644 --- a/lib/template.php +++ b/lib/template.php @@ -308,13 +308,7 @@ class OC_Template{ * If the key existed before, it will be overwritten */ public function assign( $key, $value, $sanitizeHTML=true ){ - if($sanitizeHTML == true) { - if(is_array($value)) { - array_walk_recursive($value,'OC_Template::sanitizeHTML'); - } else { - $value = OC_Template::sanitizeHTML($value); - } - } + if($sanitizeHTML == true) $value=OC_Util::sanitizeHTML($value); $this->vars[$key] = $value; return true; } diff --git a/settings/admin.php b/settings/admin.php index 4cbd67c3678..a997bad4e3c 100644 --- a/settings/admin.php +++ b/settings/admin.php @@ -23,7 +23,7 @@ function compareEntries($a,$b){ usort($entries, 'compareEntries'); $tmpl->assign('loglevel',OC_Config::getValue( "loglevel", 2 )); -$tmpl->assign('entries',$entries,false); +$tmpl->assign('entries',$entries); $tmpl->assign('forms',array()); foreach($forms as $form){ $tmpl->append('forms',$form); diff --git a/settings/ajax/getlog.php b/settings/ajax/getlog.php index ed48b2cae1a..d9e80de37ba 100644 --- a/settings/ajax/getlog.php +++ b/settings/ajax/getlog.php @@ -14,4 +14,4 @@ $count=(isset($_GET['count']))?$_GET['count']:50; $offset=(isset($_GET['offset']))?$_GET['offset']:0; $entries=OC_Log_Owncloud::getEntries($count,$offset); -OC_JSON::success(array("data" => $entries)); +OC_JSON::success(array("data" => OC_Util::sanitizeHTML($entries))); diff --git a/settings/js/log.js b/settings/js/log.js index bde8b8b104c..6063c7d9a9f 100644 --- a/settings/js/log.js +++ b/settings/js/log.js @@ -39,7 +39,7 @@ OC.Log={ row.append(appTd); var messageTd=$(''); - messageTd.text(entry.message.replace(//, ">")); + messageTd.text(entry.message); row.append(messageTd); var timeTd=$(''); -- cgit v1.2.3 From 9156fb73fdd8385f891842a94eb414cb7fc5e35c Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Wed, 8 Aug 2012 21:08:20 +0200 Subject: Move handling request of index.php to OC class --- index.php | 45 ++------------------------------------------- lib/base.php | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 43 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index e3c94adf66f..94893e475a2 100755 --- a/index.php +++ b/index.php @@ -26,49 +26,8 @@ $RUNTIME_NOAPPS = TRUE; //no apps, yet require_once('lib/base.php'); -// Setup required : -$not_installed = !OC_Config::getValue('installed', false); -if($not_installed) { - // Check for autosetup: - $autosetup_file = OC::$SERVERROOT."/config/autoconfig.php"; - if( file_exists( $autosetup_file )){ - OC_Log::write('core','Autoconfig file found, setting up owncloud...',OC_Log::INFO); - include( $autosetup_file ); - $_POST['install'] = 'true'; - $_POST = array_merge ($_POST, $AUTOCONFIG); - unlink($autosetup_file); - } - OC_Util::addScript('setup'); - require_once('setup.php'); - exit(); -} - -// Handle WebDAV -if($_SERVER['REQUEST_METHOD']=='PROPFIND'){ - header('location: '.OC_Helper::linkToRemote('webdav')); - exit(); -} -elseif(!OC_User::isLoggedIn() && substr(OC::$REQUESTEDFILE,-3) == 'css'){ - OC_App::loadApps(); - OC::loadfile(); -} -// Someone is logged in : -elseif(OC_User::isLoggedIn()) { - OC_App::loadApps(); - if(isset($_GET["logout"]) and ($_GET["logout"])) { - OC_User::logout(); - header("Location: ".OC::$WEBROOT.'/'); - exit(); - }else{ - if(is_null(OC::$REQUESTEDFILE)){ - OC::loadapp(); - }else{ - OC::loadfile(); - } - } - -// For all others cases, we display the guest page : -} else { +if (!OC::handleRequest()) { +// Not handled -> we display the login page: OC_App::loadApps(array('prelogin')); $error = false; // remember was checked after last login diff --git a/lib/base.php b/lib/base.php index c5827064d75..b91945ab97b 100644 --- a/lib/base.php +++ b/lib/base.php @@ -398,6 +398,54 @@ class OC{ } } } + + /** + * @brief Try to handle request + * @return true when the request is handled here + */ + public static function handleRequest() { + if (!OC_Config::getValue('installed', false)) { + // Check for autosetup: + $autosetup_file = OC::$SERVERROOT."/config/autoconfig.php"; + if( file_exists( $autosetup_file )){ + OC_Log::write('core','Autoconfig file found, setting up owncloud...',OC_Log::INFO); + include( $autosetup_file ); + $_POST['install'] = 'true'; + $_POST = array_merge ($_POST, $AUTOCONFIG); + unlink($autosetup_file); + } + OC_Util::addScript('setup'); + require_once('setup.php'); + exit(); + } + // Handle WebDAV + if($_SERVER['REQUEST_METHOD']=='PROPFIND'){ + header('location: '.OC_Helper::linkToRemote('webdav')); + return true; + } + if(!OC_User::isLoggedIn() && substr(OC::$REQUESTEDFILE,-3) == 'css') { + OC_App::loadApps(); + OC::loadfile(); + return true; + } + // Someone is logged in : + if(OC_User::isLoggedIn()) { + OC_App::loadApps(); + if(isset($_GET["logout"]) and ($_GET["logout"])) { + OC_User::logout(); + header("Location: ".OC::$WEBROOT.'/'); + }else{ + if(is_null(OC::$REQUESTEDFILE)) { + OC::loadapp(); + }else{ + OC::loadfile(); + } + } + return true; + } + return false; + } + } // define runtime variables - unless this already has been done -- cgit v1.2.3 From 3387454094318676aa78d87d098b038219e3dccb Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Wed, 8 Aug 2012 22:42:45 +0200 Subject: Move login code from index.php to OC class --- index.php | 48 ++++++--------------------------------------- lib/base.php | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+), 42 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 94893e475a2..4ffd013aa86 100755 --- a/index.php +++ b/index.php @@ -31,52 +31,16 @@ if (!OC::handleRequest()) { OC_App::loadApps(array('prelogin')); $error = false; // remember was checked after last login - if(isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) { - OC_App::loadApps(array('authentication')); - if(defined("DEBUG") && DEBUG) { - OC_Log::write('core','Trying to login from cookie',OC_Log::DEBUG); - } - // confirm credentials in cookie - if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) && - OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) { - OC_User::setUserId($_COOKIE['oc_username']); - OC_Util::redirectToDefaultPage(); - } - else { - OC_User::unsetMagicInCookie(); - } + if (OC::tryRememberLogin()) { + // nothing more to do // Someone wants to log in : - } elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) { - OC_App::loadApps(); - if(OC_User::login($_POST["user"], $_POST["password"])) { - if(!empty($_POST["remember_login"])){ - if(defined("DEBUG") && DEBUG) { - OC_Log::write('core','Setting remember login to cookie',OC_Log::DEBUG); - } - $token = md5($_POST["user"].time().$_POST['password']); - OC_Preferences::setValue($_POST['user'], 'login', 'token', $token); - OC_User::setMagicInCookie($_POST["user"], $token); - } - else { - OC_User::unsetMagicInCookie(); - } - OC_Util::redirectToDefaultPage(); - } else { - $error = true; - } + } elseif (OC::tryFormLogin()) { + $error = true; // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP - } elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){ - OC_App::loadApps(array('authentication')); - if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) { - //OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG); - OC_User::unsetMagicInCookie(); - $_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:''); - OC_Util::redirectToDefaultPage(); - }else{ - $error = true; - } + } elseif(OC::tryBasicAuthLogin()) { + $error = true; } if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){ $sectoken=rand(1000000,9999999); diff --git a/lib/base.php b/lib/base.php index b91945ab97b..6514a0c0b0c 100644 --- a/lib/base.php +++ b/lib/base.php @@ -446,6 +446,70 @@ class OC{ return false; } + public static function tryRememberLogin() { + if(!isset($_COOKIE["oc_remember_login"]) + || !isset($_COOKIE["oc_token"]) + || !isset($_COOKIE["oc_username"]) + || !$_COOKIE["oc_remember_login"]) { + return false; + } + OC_App::loadApps(array('authentication')); + if(defined("DEBUG") && DEBUG) { + OC_Log::write('core','Trying to login from cookie',OC_Log::DEBUG); + } + // confirm credentials in cookie + if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) && + OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) { + OC_User::setUserId($_COOKIE['oc_username']); + OC_Util::redirectToDefaultPage(); + } + else { + OC_User::unsetMagicInCookie(); + } + return true; + } + + public static function tryFormLogin() { + if(!isset($_POST["user"]) + || !isset($_POST['password']) + || !isset($_SESSION['sectoken']) + || !isset($_POST['sectoken']) + || ($_SESSION['sectoken']!=$_POST['sectoken']) ) { + return false; + } + OC_App::loadApps(); + if(OC_User::login($_POST["user"], $_POST["password"])) { + if(!empty($_POST["remember_login"])){ + if(defined("DEBUG") && DEBUG) { + OC_Log::write('core','Setting remember login to cookie', OC_Log::DEBUG); + } + $token = md5($_POST["user"].time().$_POST['password']); + OC_Preferences::setValue($_POST['user'], 'login', 'token', $token); + OC_User::setMagicInCookie($_POST["user"], $token); + } + else { + OC_User::unsetMagicInCookie(); + } + OC_Util::redirectToDefaultPage(); + } + return true; + } + + public static function tryBasicAuthLogin() { + if (!isset($_SERVER["PHP_AUTH_USER"]) + || !isset($_SERVER["PHP_AUTH_PW"])){ + return false; + } + OC_App::loadApps(array('authentication')); + if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) { + //OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG); + OC_User::unsetMagicInCookie(); + $_REQUEST['redirect_url'] = (isset($_SERVER['REQUEST_URI'])?$_SERVER['REQUEST_URI']:''); + OC_Util::redirectToDefaultPage(); + } + return true; + } + } // define runtime variables - unless this already has been done -- cgit v1.2.3 From 667cd318fe19c11a19883536501d9cd562cd6201 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Thu, 9 Aug 2012 18:27:59 +0200 Subject: Use OC_Util::displayLoginPage and cleanup the function --- core/templates/login.php | 6 +++--- index.php | 5 +---- lib/util.php | 17 ++++++++++++++--- 3 files changed, 18 insertions(+), 10 deletions(-) (limited to 'index.php') diff --git a/core/templates/login.php b/core/templates/login.php index b35c4a33be8..2c9b766aa4d 100644 --- a/core/templates/login.php +++ b/core/templates/login.php @@ -2,16 +2,16 @@
'; } ?> - + t('Lost your password?'); ?>

- autocomplete="on" required /> + autocomplete="on" required />

- /> + />

diff --git a/index.php b/index.php index 4ffd013aa86..86d268bf285 100755 --- a/index.php +++ b/index.php @@ -43,9 +43,6 @@ if (!OC::handleRequest()) { $error = true; } if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){ - $sectoken=rand(1000000,9999999); - $_SESSION['sectoken']=$sectoken; - $redirect_url = (isset($_REQUEST['redirect_url'])) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI']; - OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url)); + OC_Util::displayLoginPage($error); } } diff --git a/lib/util.php b/lib/util.php index 4c5d416f9f2..732acbb9205 100755 --- a/lib/util.php +++ b/lib/util.php @@ -271,15 +271,26 @@ class OC_Util { return $errors; } - public static function displayLoginPage($parameters = array()){ - if(isset($_COOKIE["username"])){ - $parameters["username"] = $_COOKIE["username"]; + public static function displayLoginPage($display_lostpassword) { + $parameters = array(); + $parameters['display_lostpassword'] = $display_lostpassword; + if (!empty($_POST['user'])) { + $parameters["username"] = + OC_Util::sanitizeHTML($_POST['user']).'"'; + $parameters['user_autofocus'] = false; } else { $parameters["username"] = ''; + $parameters['user_autofocus'] = true; } $sectoken=rand(1000000,9999999); $_SESSION['sectoken']=$sectoken; $parameters["sectoken"] = $sectoken; + if (isset($_REQUEST['redirect_url'])) { + $redirect_url = OC_Util::sanitizeHTML($_REQUEST['redirect_url']); + } else { + $redirect_url = $_SERVER['REQUEST_URI']; + } + $parameters['redirect_url'] = $redirect_url; OC_Template::printGuestPage("", "login", $parameters); } -- cgit v1.2.3 From 1823dafe448070137ce0ac06ff2731e87627c598 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Fri, 10 Aug 2012 12:09:15 +0200 Subject: Remove checks before displaying login page At that point the checks are already done before --- index.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 86d268bf285..12a4d4918df 100755 --- a/index.php +++ b/index.php @@ -42,7 +42,5 @@ if (!OC::handleRequest()) { } elseif(OC::tryBasicAuthLogin()) { $error = true; } - if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){ - OC_Util::displayLoginPage($error); - } + OC_Util::displayLoginPage($error); } -- cgit v1.2.3 From 5e7086adc93c501b6fcef8650d6552e95a1b6b28 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Fri, 10 Aug 2012 12:17:13 +0200 Subject: Move login handling to OC class --- index.php | 20 +------------------- lib/base.php | 37 ++++++++++++++++++++++++++++--------- 2 files changed, 29 insertions(+), 28 deletions(-) (limited to 'index.php') diff --git a/index.php b/index.php index 12a4d4918df..331d7fae8e0 100755 --- a/index.php +++ b/index.php @@ -21,26 +21,8 @@ * */ - $RUNTIME_NOAPPS = TRUE; //no apps, yet require_once('lib/base.php'); -if (!OC::handleRequest()) { -// Not handled -> we display the login page: - OC_App::loadApps(array('prelogin')); - $error = false; - // remember was checked after last login - if (OC::tryRememberLogin()) { - // nothing more to do - - // Someone wants to log in : - } elseif (OC::tryFormLogin()) { - $error = true; - - // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP - } elseif(OC::tryBasicAuthLogin()) { - $error = true; - } - OC_Util::displayLoginPage($error); -} +OC::handleRequest(); diff --git a/lib/base.php b/lib/base.php index 5132a822927..b200da77ba5 100644 --- a/lib/base.php +++ b/lib/base.php @@ -389,18 +389,18 @@ class OC{ } /** - * @brief Try to handle request - * @return true when the request is handled here + * @brief Handle the request */ public static function handleRequest() { // Handle WebDAV if($_SERVER['REQUEST_METHOD']=='PROPFIND'){ header('location: '.OC_Helper::linkToRemote('webdav')); - return true; + return; } + // Handle app css files if(substr(OC::$REQUESTEDFILE,-3) == 'css') { self::loadCSSFile(); - return true; + return; } // Someone is logged in : if(OC_User::isLoggedIn()) { @@ -415,9 +415,10 @@ class OC{ self::loadfile(); } } - return true; + return; } - return false; + // Not handled and not logged in + self::handleLogin(); } protected static function loadapp() { @@ -461,7 +462,25 @@ class OC{ } } - public static function tryRememberLogin() { + protected static function handleLogin() { + OC_App::loadApps(array('prelogin')); + $error = false; + // remember was checked after last login + if (OC::tryRememberLogin()) { + // nothing more to do + + // Someone wants to log in : + } elseif (OC::tryFormLogin()) { + $error = true; + + // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP + } elseif (OC::tryBasicAuthLogin()) { + $error = true; + } + OC_Util::displayLoginPage($error); + } + + protected static function tryRememberLogin() { if(!isset($_COOKIE["oc_remember_login"]) || !isset($_COOKIE["oc_token"]) || !isset($_COOKIE["oc_username"]) @@ -484,7 +503,7 @@ class OC{ return true; } - public static function tryFormLogin() { + protected static function tryFormLogin() { if(!isset($_POST["user"]) || !isset($_POST['password']) || !isset($_SESSION['sectoken']) @@ -510,7 +529,7 @@ class OC{ return true; } - public static function tryBasicAuthLogin() { + protected static function tryBasicAuthLogin() { if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"])){ return false; -- cgit v1.2.3