(very) early multiuser support

16 years ago · 6b5bd81341
4 changed files with 283 additions and 50 deletions
--- a/inc/lib_base.php
+++ b/inc/lib_base.php
@ -43,8 +43,7 @@ if($WEBROOT{0}!=='/'){
 set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config');

 // define default config values
-$CONFIG_ADMINLOGIN='';
-$CONFIG_ADMINPASSWORD='';
+$CONFIG_INSTALLED=false;
 $CONFIG_DATADIRECTORY=$SERVERROOT.'/data';
 $CONFIG_HTTPFORCESSL=false;
 $CONFIG_DATEFORMAT='j M Y G:i';
@ -67,9 +66,18 @@ if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){
 require_once('lib_files.php');
 require_once('lib_log.php');
 require_once('lib_config.php');
+require_once('lib_user.php');
+
+if(OC_USER::isLoggedIn()){
+	//jail the user in a seperate data folder
+	$CONFIG_DATADIRECTORY=$SERVERROOT.'/data/'.$_SESSION['username_clean'];
+	if(!is_dir($CONFIG_DATADIRECTORY)){
+		mkdir($CONFIG_DATADIRECTORY);
+	}
+}

 // load plugins
-$CONFIG_LOADPLUGINS='music';
+$CONFIG_LOADPLUGINS='';
 $plugins=explode(' ',$CONFIG_LOADPLUGINS);
 if(isset($plugins[0]['url'])) foreach($plugins as $plugin) require_once('plugins/'.$plugin.'/lib_'.$plugin.'.php');

@ -81,46 +89,6 @@ OC_UTIL::checkserver();
 OC_USER::logoutlisener();
 $loginresult=OC_USER::loginlisener();

-
-/**
- * Class for usermanagement
- *
- */
-class OC_USER {
-  
-  /**
-   * check if the login button is pressed and logg the user in
-   *
-   */
-  public static function loginlisener(){
-    global $CONFIG_ADMINLOGIN;
-    global $CONFIG_ADMINPASSWORD;
-    if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
-      if($_POST['login']==$CONFIG_ADMINLOGIN and $_POST['password']==$CONFIG_ADMINPASSWORD){
-        $_SESSION['username']=$_POST['login'];
-        OC_LOG::event($_SESSION['username'],1,'');
-        return('');
-      }else{
-        return('error');
-      } 
-    }
-    return('');
-  }
-
-  /**
-   * check if the logout button is pressed and logout the user
-   *
-   */
-  public static function logoutlisener(){
-    if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
-      OC_LOG::event($_SESSION['username'],2,'');
-      unset($_SESSION['username']);
-    }
-  }
-
-}
-
-
 /**
 * Class for utility functions
 *
@ -204,8 +172,10 @@ class OC_UTIL {
      if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo('<td class="navigationitemselected"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>');
    }

-    if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>');
-    if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>');
+	if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>');
+	if(OC_USER::ingroup($_SESSION['username'],'admin')){
+		if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>');
+	}
    echo('<td class="navigationitem"><a href="?logoutbutton=1">Logout</a></td>');
    echo('</tr></table>');
  }
@ -284,6 +254,32 @@ class OC_DB {
    return $result;
  } 
  
+  /**
+   * executes a query on the database and returns the result in an array
+   *
+   * @param string $cmd
+   * @return result-set
+   */
+	static function select($cmd) {
+		global $CONFIG_DBTYPE;
+		$result=OC_DB::query($cmd);
+		if($result){
+			$data=array();
+			if($CONFIG_DBTYPE=='sqlite'){
+				while($row=$result->fetch(SQLITE_ASSOC)){
+					$data[]=$row;
+				}
+			}elseif($CONFIG_DBTYPE=='mysql'){
+				while($row=$result->fetch_array(MYSQLI_ASSOC)){
+					$data[]=$row;
+				}
+			}
+			return $data;
+		}else{
+			return false;
+		}
+	} 
+  
  /**
   * executes multiply queries on the database
   *
--- a/inc/lib_config.php
+++ b/inc/lib_config.php
@ -99,10 +99,25 @@ class OC_CONFIG{
 				$error.='error while trying to fill the database<br/>';
 			}
 			
+			if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){
+				$error.='error while trying to create the admin user<br/>';
+			}
+			
+			if(OC_USER::getgroupid('admin')==0){
+				if(!OC_USER::creategroup('admin')){
+					$error.='error while trying to create the admin group<br/>';
+				}
+			}
+			
+			if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){
+				$error.='error while trying to add the admin user to the admin group<br/>';
+			}
+			
 			//storedata
 			$config='<?php '."\n";
-			$config.='$CONFIG_ADMINLOGIN=\''.$_POST['adminlogin']."';\n";
-			$config.='$CONFIG_ADMINPASSWORD=\''.$_POST['adminpassword']."';\n";
+// 			$config.='$CONFIG_ADMINLOGIN=\''.$_POST['adminlogin']."';\n";
+// 			$config.='$CONFIG_ADMINPASSWORD=\''.$_POST['adminpassword']."';\n";
+			$config.='$CONFIG_INSTALLED=true;'."\n";
 			$config.='$CONFIG_DATADIRECTORY=\''.$_POST['datadirectory']."';\n";
 			if(isset($_POST['forcessl'])) $config.='$CONFIG_HTTPFORCESSL=true'.";\n"; else $config.='$CONFIG_HTTPFORCESSL=false'.";\n";
 			$config.='$CONFIG_DATEFORMAT=\''.$_POST['dateformat']."';\n";
@ -170,7 +185,17 @@ CREATE TABLE  'properties' (
  'ns' varchar(120) NOT NULL DEFAULT 'DAV:',
  'value' text,
  PRIMARY KEY ('path','name','ns')
-);";
+);
+
+CREATE TABLE 'users' (
+  'user_id' int(11) NOT NULL,
+  'user_name' varchar(64) NOT NULL DEFAULT '',
+  'user_name_clean' varchar(64) NOT NULL DEFAULT '',
+  'user_password' varchar(40) NOT NULL DEFAULT '',
+  PRIMARY KEY ('user_id'),
+  UNIQUE ('user_name' ,'user_name_clean')
+);
+";
    }elseif($CONFIG_DBTYPE=='mysql'){
      $query="SET SQL_MODE=\"NO_AUTO_VALUE_ON_ZERO\";

@ -208,9 +233,22 @@ CREATE TABLE IF NOT EXISTS `properties` (
  PRIMARY KEY (`path`,`name`,`ns`),
  KEY `path` (`path`)
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
+
+CREATE TABLE IF NOT EXISTS  `users` (
+`user_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
+`user_name` VARCHAR( 64 ) NOT NULL ,
+`user_name_clean` VARCHAR( 64 ) NOT NULL ,
+`user_password` VARCHAR( 340) NOT NULL ,
+UNIQUE (
+`user_name` ,
+`user_name_clean`
+)
+) ENGINE = MYISAM ;
+
 ";
 	}
      OC_DB::multiquery($query);
+      die();
   }
   
   /**
--- a/inc/lib_user.php
+++ b/inc/lib_user.php
@ -0,0 +1,197 @@
+<?php
+
+/**
+* ownCloud
+*
+* @author Frank Karlitschek 
+* @copyright 2010 Frank Karlitschek karlitschek@kde.org 
+* 
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+* License as published by the Free Software Foundation; either 
+* version 3 of the License, or any later version.
+* 
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+*  
+* You should have received a copy of the GNU Lesser General Public 
+* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+* 
+*/
+
+/**
+ * Class for usermanagement
+ *
+ */
+class OC_USER {
+	
+	/**
+	* check if the login button is pressed and logg the user in
+	*
+	*/
+	public static function loginlisener(){
+		global $CONFIG_ADMINLOGIN;
+		global $CONFIG_ADMINPASSWORD;
+		if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
+			if(OC_USER::login($_POST['login'],$_POST['password'])){
+				OC_LOG::event($_SESSION['username'],1,'');
+				return('');
+			}else{
+				return('error');
+			} 
+		}
+		return('');
+	}
+	
+	/**
+	* try to create a new user
+	*
+	*/
+	public static function createuser($username,$password){
+		if(OC_USER::getuserid($username)!=0){
+			return false;
+		}else{
+			$password=sha1($password);
+			$usernameclean=strtolower($username);
+			$username=mysql_escape_string($username);
+			$usernameclean=mysql_escape_string($usernameclean);
+			$query="INSERT INTO  `users` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`)VALUES (NULL ,  '$username',  '$usernameclean',  '$password')";
+			$result=OC_DB::query($query);
+			return ($result)?true:false;
+		}
+
+	}
+	
+	/**
+	* try to login a user
+	*
+	*/
+	public static function login($username,$password){
+		$password=sha1($password);
+		$usernameclean=strtolower($username);
+		$username=mysql_escape_string($username);
+		$usernameclean=mysql_escape_string($usernameclean);
+		$query="SELECT user_id FROM  `users` WHERE  `user_name_clean` =  '$usernameclean' AND  `user_password` =  '$password' LIMIT 1";
+		$result=OC_DB::select($query);
+		if(isset($result[0]) && isset($result[0]['user_id'])){
+			$_SESSION['user_id']=$result[0]['user_id'];
+			$_SESSION['username']=$username;
+			$_SESSION['username_clean']=$usernameclean;
+			return true;
+		}else{
+			return false;
+		}
+	}
+	
+	/**
+	* check if the logout button is pressed and logout the user
+	*
+	*/
+	public static function logoutlisener(){
+		if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
+			OC_LOG::event($_SESSION['username'],2,'');
+			$_SESSION['user_id']=false;
+			$_SESSION['username']='';
+			$_SESSION['username_clean']='';
+		}
+	}
+	
+	/**
+	* check if a user is logged in
+	*
+	*/
+	public static function isLoggedIn(){
+		return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false;
+	}
+	
+	/**
+	* try to create a new group
+	*
+	*/
+	public static function creategroup($groupname){
+		if(OC_USER::getgroupid($groupname)==0){
+			$groupname=mysql_escape_string($groupname);
+			$query="INSERT INTO  `groups` (`group_id` ,`group_name`) VALUES (NULL ,  '$groupname');";
+			$result=OC_DB::query($query);
+			return ($result)?true:false;
+		}else{
+			return false;
+		}
+	}
+	
+	/**
+	* get the id of a user
+	*
+	*/
+	public static function getuserid($username){
+		$usernameclean=strtolower($username);
+		$username=mysql_escape_string($username);
+		$usernameclean=mysql_escape_string($usernameclean);
+		$query="SELECT user_id FROM  `users` WHERE  `user_name_clean` =  '$usernameclean' LIMIT 1";
+		$result=OC_DB::select($query);
+		if(isset($result[0]) && isset($result[0]['user_id'])){
+			return $result[0]['user_id'];
+		}else{
+			return 0;
+		}
+	}
+	
+	/**
+	* get the id of a group
+	*
+	*/
+	public static function getgroupid($groupname){
+		$groupname=mysql_escape_string($groupname);
+		$query="SELECT group_id FROM  `groups` WHERE  `group_name` =  '$groupname' LIMIT 1";
+		$result=OC_DB::select($query);
+		if(isset($result[0]) && isset($result[0]['group_id'])){
+			return $result[0]['group_id'];
+		}else{
+			return 0;
+		}
+	}
+	
+	/**
+	* check if a user belongs to a group
+	*
+	*/
+	public static function ingroup($username,$groupname){
+		$userid=OC_USER::getuserid($username);
+		$groupid=OC_USER::getgroupid($groupname);
+		$query="SELECT user_group_id FROM  `user_group` WHERE  `group_id` =  '$groupid '  AND `user_id` =  '$userid 'LIMIT 1";
+		$result=OC_DB::select($query);
+		if(isset($result[0]) && isset($result[0]['user_group_id'])){
+			return true;
+		}else{
+			return false;
+		}
+	}
+	
+	/**
+	* add a user to a group
+	*
+	*/
+	public static function addtogroup($username,$groupname){
+		if(!OC_USER::ingroup($username,$groupname)){
+			$userid=OC_USER::getuserid($username);
+			$groupid=OC_USER::getgroupid($groupname);
+			if($groupid!=0 and $userid!=0){
+				$query="INSERT INTO  `user_group` (`user_group_id` ,`user_id` ,`group_id`) VALUES (NULL ,  '$userid',  '$groupid');";
+				$result=OC_DB::query($query);
+				if($result){
+					return true;
+				}else{
+					return false;
+				}
+			}else{
+				return false;
+			}
+		}else{
+			return true;
+		}
+	}
+}
+
+?>
--- a/inc/templates/header.php
+++ b/inc/templates/header.php
@ -4,7 +4,7 @@
    <head>
 	<title>ownCloud</title>
 	<base href="<?php echo($WEBROOT); ?>/"/>
-	<link rel="stylesheet" type="text/css" href="css/default.php"/>
+	<link rel="stylesheet" type="text/css" href="<?php echo($WEBROOT)?>/css/default.php"/>
 	<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_ajax.js'></script>
 	<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_timer.js'></script>
 	<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_notification.js'></script>
@ -12,6 +12,7 @@
 	<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_files.js'></script>
 	<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_event.js'></script>
 	<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_drag.js'></script>
+	<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_api.js'></script>
 	<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/filebrowser.js'></script>
 <?php
 foreach(OC_UTIL::$scripts as $script){
@ -33,7 +34,8 @@ echo('<h1><a id="owncloud-logo" href="'.$WEBROOT.'"><span>ownCloud</span></a></h
  // check if already configured. otherwise start configuration wizard
  $error=OC_CONFIG::writeconfiglisener();
  $CONFIG_ERROR=$error;
-  if(empty($CONFIG_ADMINLOGIN)) {
+  global $CONFIG_INSTALLED;
+  if(!$CONFIG_INSTALLED) {
    global $FIRSTRUN;
    $FIRSTRUN=true;
    echo('<div class="center">');