From cdd182ce356b697d0c1d029c1f7fe64277d8410f Mon Sep 17 00:00:00 2001 From: Andreas Fischer Date: Wed, 11 Dec 2013 00:13:40 +0100 Subject: Send "SET NAMES utf8" to MySQL for PHP below 5.3.6 --- lib/private/db.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib/private') diff --git a/lib/private/db.php b/lib/private/db.php index 1e5d12649df..562065259fa 100644 --- a/lib/private/db.php +++ b/lib/private/db.php @@ -101,6 +101,9 @@ class OC_DB { ); $connectionParams['adapter'] = '\OC\DB\Adapter'; $connectionParams['wrapperClass'] = 'OC\DB\Connection'; + // Send "SET NAMES utf8". Only required on PHP 5.3 below 5.3.6. + // See http://stackoverflow.com/questions/4361459/php-pdo-charset-set-names#4361485 + $eventManager->addEventSubscriber(new \Doctrine\DBAL\Event\Listeners\MysqlSessionInit); break; case 'pgsql': $connectionParams = array( -- cgit v1.2.3 From 366d75e9479b1ac2b52b6a37389a4aa107b059e3 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Wed, 11 Dec 2013 16:22:26 +0100 Subject: cache the home folder of a User --- lib/private/user/database.php | 124 +++++++++++++++++++++--------------------- lib/private/user/user.php | 16 ++++-- 2 files changed, 73 insertions(+), 67 deletions(-) (limited to 'lib/private') diff --git a/lib/private/user/database.php b/lib/private/user/database.php index 3db770f9898..c99db3b27ca 100644 --- a/lib/private/user/database.php +++ b/lib/private/user/database.php @@ -42,13 +42,13 @@ class OC_User_Database extends OC_User_Backend { /** * @var PasswordHash */ - static private $hasher=null; + static private $hasher = null; private function getHasher() { - if(!self::$hasher) { + if (!self::$hasher) { //we don't want to use DES based crypt(), since it doesn't return a hash with a recognisable prefix - $forcePortable=(CRYPT_BLOWFISH!=1); - self::$hasher=new PasswordHash(8, $forcePortable); + $forcePortable = (CRYPT_BLOWFISH != 1); + self::$hasher = new PasswordHash(8, $forcePortable); } return self::$hasher; @@ -63,14 +63,14 @@ class OC_User_Database extends OC_User_Backend { * Creates a new user. Basic checking of username is done in OC_User * itself, not in its subclasses. */ - public function createUser( $uid, $password ) { - if( $this->userExists($uid) ) { + public function createUser($uid, $password) { + if ($this->userExists($uid)) { return false; - }else{ - $hasher=$this->getHasher(); - $hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', '')); - $query = OC_DB::prepare( 'INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )' ); - $result = $query->execute( array( $uid, $hash)); + } else { + $hasher = $this->getHasher(); + $hash = $hasher->HashPassword($password . OC_Config::getValue('passwordsalt', '')); + $query = OC_DB::prepare('INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )'); + $result = $query->execute(array($uid, $hash)); return $result ? true : false; } @@ -83,10 +83,10 @@ class OC_User_Database extends OC_User_Backend { * * Deletes a user */ - public function deleteUser( $uid ) { + public function deleteUser($uid) { // Delete user-group-relation - $query = OC_DB::prepare( 'DELETE FROM `*PREFIX*users` WHERE `uid` = ?' ); - $query->execute( array( $uid )); + $query = OC_DB::prepare('DELETE FROM `*PREFIX*users` WHERE `uid` = ?'); + $query->execute(array($uid)); return true; } @@ -98,15 +98,15 @@ class OC_User_Database extends OC_User_Backend { * * Change the password of a user */ - public function setPassword( $uid, $password ) { - if( $this->userExists($uid) ) { - $hasher=$this->getHasher(); - $hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', '')); - $query = OC_DB::prepare( 'UPDATE `*PREFIX*users` SET `password` = ? WHERE `uid` = ?' ); - $query->execute( array( $hash, $uid )); + public function setPassword($uid, $password) { + if ($this->userExists($uid)) { + $hasher = $this->getHasher(); + $hash = $hasher->HashPassword($password . OC_Config::getValue('passwordsalt', '')); + $query = OC_DB::prepare('UPDATE `*PREFIX*users` SET `password` = ? WHERE `uid` = ?'); + $query->execute(array($hash, $uid)); return true; - }else{ + } else { return false; } } @@ -119,12 +119,12 @@ class OC_User_Database extends OC_User_Backend { * * Change the display name of a user */ - public function setDisplayName( $uid, $displayName ) { - if( $this->userExists($uid) ) { - $query = OC_DB::prepare( 'UPDATE `*PREFIX*users` SET `displayname` = ? WHERE `uid` = ?' ); - $query->execute( array( $displayName, $uid )); + public function setDisplayName($uid, $displayName) { + if ($this->userExists($uid)) { + $query = OC_DB::prepare('UPDATE `*PREFIX*users` SET `displayname` = ? WHERE LOWER(`uid`) = ?'); + $query->execute(array($displayName, $uid)); return true; - }else{ + } else { return false; } } @@ -132,18 +132,16 @@ class OC_User_Database extends OC_User_Backend { /** * @brief get display name of the user * @param $uid user ID of the user - * @return display name + * @return string display name */ public function getDisplayName($uid) { - if( $this->userExists($uid) ) { - $query = OC_DB::prepare( 'SELECT `displayname` FROM `*PREFIX*users` WHERE `uid` = ?' ); - $result = $query->execute( array( $uid ))->fetchAll(); - $displayName = trim($result[0]['displayname'], ' '); - if ( !empty($displayName) ) { - return $displayName; - } else { - return $uid; - } + $query = OC_DB::prepare('SELECT `displayname` FROM `*PREFIX*users` WHERE `uid` = ?'); + $result = $query->execute(array($uid))->fetchAll(); + $displayName = trim($result[0]['displayname'], ' '); + if (!empty($displayName)) { + return $displayName; + } else { + return $uid; } } @@ -156,9 +154,9 @@ class OC_User_Database extends OC_User_Backend { public function getDisplayNames($search = '', $limit = null, $offset = null) { $displayNames = array(); $query = OC_DB::prepare('SELECT `uid`, `displayname` FROM `*PREFIX*users`' - .' WHERE LOWER(`displayname`) LIKE LOWER(?) OR ' - .'LOWER(`uid`) LIKE LOWER(?)', $limit, $offset); - $result = $query->execute(array($search.'%', $search.'%')); + . ' WHERE LOWER(`displayname`) LIKE LOWER(?) OR ' + . 'LOWER(`uid`) LIKE LOWER(?)', $limit, $offset); + $result = $query->execute(array($search . '%', $search . '%')); $users = array(); while ($row = $result->fetchRow()) { $displayNames[$row['uid']] = $row['displayname']; @@ -176,30 +174,30 @@ class OC_User_Database extends OC_User_Backend { * Check if the password is correct without logging in the user * returns the user id or false */ - public function checkPassword( $uid, $password ) { - $query = OC_DB::prepare( 'SELECT `uid`, `password` FROM `*PREFIX*users` WHERE LOWER(`uid`) = LOWER(?)' ); - $result = $query->execute( array( $uid)); + public function checkPassword($uid, $password) { + $query = OC_DB::prepare('SELECT `uid`, `password` FROM `*PREFIX*users` WHERE LOWER(`uid`) = LOWER(?)'); + $result = $query->execute(array($uid)); - $row=$result->fetchRow(); - if($row) { - $storedHash=$row['password']; - if ($storedHash[0]=='$') {//the new phpass based hashing - $hasher=$this->getHasher(); - if($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $storedHash)) { + $row = $result->fetchRow(); + if ($row) { + $storedHash = $row['password']; + if ($storedHash[0] == '$') { //the new phpass based hashing + $hasher = $this->getHasher(); + if ($hasher->CheckPassword($password . OC_Config::getValue('passwordsalt', ''), $storedHash)) { return $row['uid']; - }else{ + } else { return false; } - }else{//old sha1 based hashing - if(sha1($password)==$storedHash) { + } else { //old sha1 based hashing + if (sha1($password) == $storedHash) { //upgrade to new hashing $this->setPassword($row['uid'], $password); return $row['uid']; - }else{ + } else { return false; } } - }else{ + } else { return false; } } @@ -212,7 +210,7 @@ class OC_User_Database extends OC_User_Backend { */ public function getUsers($search = '', $limit = null, $offset = null) { $query = OC_DB::prepare('SELECT `uid` FROM `*PREFIX*users` WHERE LOWER(`uid`) LIKE LOWER(?)', $limit, $offset); - $result = $query->execute(array($search.'%')); + $result = $query->execute(array($search . '%')); $users = array(); while ($row = $result->fetchRow()) { $users[] = $row['uid']; @@ -226,8 +224,8 @@ class OC_User_Database extends OC_User_Backend { * @return boolean */ public function userExists($uid) { - $query = OC_DB::prepare( 'SELECT COUNT(*) FROM `*PREFIX*users` WHERE LOWER(`uid`) = LOWER(?)' ); - $result = $query->execute( array( $uid )); + $query = OC_DB::prepare('SELECT COUNT(*) FROM `*PREFIX*users` WHERE LOWER(`uid`) = LOWER(?)'); + $result = $query->execute(array($uid)); if (OC_DB::isError($result)) { OC_Log::write('core', OC_DB::getErrorMessage($result), OC_Log::ERROR); return false; @@ -236,14 +234,14 @@ class OC_User_Database extends OC_User_Backend { } /** - * @brief get the user's home directory - * @param string $uid the username - * @return boolean - */ + * @brief get the user's home directory + * @param string $uid the username + * @return boolean + */ public function getHome($uid) { - if($this->userExists($uid)) { - return OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" ) . '/' . $uid; - }else{ + if ($this->userExists($uid)) { + return OC_Config::getValue("datadirectory", OC::$SERVERROOT . "/data") . '/' . $uid; + } else { return false; } } diff --git a/lib/private/user/user.php b/lib/private/user/user.php index e773473ec41..a9e32b5d597 100644 --- a/lib/private/user/user.php +++ b/lib/private/user/user.php @@ -37,6 +37,11 @@ class User { */ private $emitter; + /** + * @var string $home + */ + private $home; + /** * @param string $uid * @param \OC_User_Backend $backend @@ -133,10 +138,13 @@ class User { * @return string */ public function getHome() { - if ($this->backend->implementsActions(\OC_USER_BACKEND_GET_HOME) and $home = $this->backend->getHome($this->uid)) { - return $home; + if (!$this->home) { + if ($this->backend->implementsActions(\OC_USER_BACKEND_GET_HOME) and $home = $this->backend->getHome($this->uid)) { + $this->home = $home; + } + $this->home = \OC_Config::getValue("datadirectory", \OC::$SERVERROOT . "/data") . '/' . $this->uid; //TODO switch to Config object once implemented } - return \OC_Config::getValue("datadirectory", \OC::$SERVERROOT . "/data") . '/' . $this->uid; //TODO switch to Config object once implemented + return $this->home; } /** @@ -145,7 +153,7 @@ class User { * @return bool */ public function canChangeAvatar() { - if($this->backend->implementsActions(\OC_USER_BACKEND_PROVIDE_AVATAR)) { + if ($this->backend->implementsActions(\OC_USER_BACKEND_PROVIDE_AVATAR)) { return $this->backend->canChangeAvatar($this->uid); } return true; -- cgit v1.2.3 From f23b7a262fe4582baf75f9fb968b716c2da3071c Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Thu, 12 Dec 2013 12:57:25 +0100 Subject: fix fallback overwriting result of getHome --- lib/private/user/user.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/private') diff --git a/lib/private/user/user.php b/lib/private/user/user.php index a9e32b5d597..b4f33fa73cc 100644 --- a/lib/private/user/user.php +++ b/lib/private/user/user.php @@ -141,8 +141,9 @@ class User { if (!$this->home) { if ($this->backend->implementsActions(\OC_USER_BACKEND_GET_HOME) and $home = $this->backend->getHome($this->uid)) { $this->home = $home; + } else { + $this->home = \OC_Config::getValue("datadirectory", \OC::$SERVERROOT . "/data") . '/' . $this->uid; //TODO switch to Config object once implemented } - $this->home = \OC_Config::getValue("datadirectory", \OC::$SERVERROOT . "/data") . '/' . $this->uid; //TODO switch to Config object once implemented } return $this->home; } -- cgit v1.2.3 From 91d6a6dd7c350c5ab6e879089a1b7b1be3e82b0f Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Wed, 11 Dec 2013 13:56:45 +0100 Subject: On webdav sesssions, loginname was compared to username which does not need to match necessarily --- lib/base.php | 7 +++---- lib/private/user/session.php | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 4 deletions(-) (limited to 'lib/private') diff --git a/lib/base.php b/lib/base.php index a6033f03f8c..473be9da4b3 100644 --- a/lib/base.php +++ b/lib/base.php @@ -527,10 +527,9 @@ class OC { OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); - if (isset($_SERVER['PHP_AUTH_USER']) && self::$session->exists('user_id') - && $_SERVER['PHP_AUTH_USER'] != self::$session->get('user_id')) { - $sessionUser = self::$session->get('user_id'); + && $_SERVER['PHP_AUTH_USER'] != self::$session->get('loginname')) { + $sessionUser = self::$session->get('loginname'); $serverUser = $_SERVER['PHP_AUTH_USER']; OC_Log::write('core', "Session user-id ($sessionUser) doesn't match SERVER[PHP_AUTH_USER] ($serverUser).", @@ -805,7 +804,7 @@ class OC { if ( OC_Config::getValue('log_authfailip', false) ) { OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:'.$_SERVER['REMOTE_ADDR'], OC_Log::WARN); - } else { + } else { OC_Log::write('core', 'Login failed: user \''.$_POST["user"].'\' , wrong password, IP:set log_authfailip=true in conf', OC_Log::WARN); } diff --git a/lib/private/user/session.php b/lib/private/user/session.php index 9c9bee3da25..c2885d00413 100644 --- a/lib/private/user/session.php +++ b/lib/private/user/session.php @@ -112,6 +112,38 @@ class Session implements Emitter, \OCP\IUserSession { } } + /** + * set the login name + * + * @param string login name for the logged in user + */ + public function setLoginname($loginname) { + if (is_null($loginname)) { + $this->session->remove('loginname'); + } else { + $this->session->set('loginname', $loginname); + } + } + + /** + * get the login name of the current user + * + * @return string + */ + public function getLoginname() { + if ($this->activeUser) { + return $this->session->get('loginname'); + } else { + $uid = $this->session->get('user_id'); + if ($uid) { + $this->activeUser = $this->manager->get($uid); + return $this->session->get('loginname'); + } else { + return null; + } + } + } + /** * try to login with the provided credentials * @@ -126,6 +158,7 @@ class Session implements Emitter, \OCP\IUserSession { if (!is_null($user)) { if ($user->isEnabled()) { $this->setUser($user); + $this->setLoginname($uid); $this->manager->emit('\OC\User', 'postLogin', array($user, $password)); return true; } else { @@ -143,6 +176,7 @@ class Session implements Emitter, \OCP\IUserSession { public function logout() { $this->manager->emit('\OC\User', 'logout'); $this->setUser(null); + $this->setLoginname(null); $this->unsetMagicInCookie(); } -- cgit v1.2.3