Mirrors
/
nextcloud-server
mirror of https://github.com/nextcloud/server
3
0
Fork 0
Code Releases Activity
Browse Source

fix merge conflicts

remotes/origin/stable
Robin 16 years ago
parent
09add452d9 854e0c5a9c
commit
fb498b9534
21 changed files with 2153 additions and 592 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 31
      admin/index.php
  2. 1
      admin/index.php~
  3. 91
      css/default.php
  4. 30
      files/api.php
  5. 108
      files/get_file.php
  6. 49
      files/get_files.php
  7. 38
      files/new.php
  8. 2
      files/upload.php
  9. 33
      inc/HTTP/WebDAV/Server.php
  10. 726
      inc/HTTP/WebDAV/Server/Filesystem.php
  11. 203
      inc/lib_base.php
  12. 359
      inc/lib_config.php
  13. 408
      inc/lib_files.php
  14. 277
      inc/lib_user.php
  15. 106
      inc/templates/adminform.php
  16. 99
      inc/templates/configform.php
  17. 19
      inc/templates/header.php
  18. 6
      js/filebrowser.js
  19. 26
      js/lib_api.js
  20. 116
      js/lib_files.js
  21. 17
      webdav/owncloud.php

31
files/rename.php → admin/index.php
View File

@ -1,10 +1,10 @@
<?php
/**
* ownCloud - ajax frontend
* ownCloud
*
* @author Robin Appelman
* @copyright 2010 Robin Appelman icewind1991@gmail.com
* @author Frank Karlitschek
* @copyright 2010 Frank Karlitschek karlitschek@kde.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
@ -20,15 +20,22 @@
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
$CONFIG_ERROR='';
require_once('../inc/lib_base.php');
$dir=$_GET['dir'];
$file=$_GET['file'];
$newname=$_GET['newname'];
if($file!=$newname and $newname!='' and isset($_SESSION['username']) and $_SESSION['username'] and strpos($dir,'..')===false){
$source=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
$target=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$newname;
rename($source,$target);
}
?>
OC_UTIL::showheader();
$FIRSTRUN=false;
echo('<div class="center">');
OC_CONFIG::showadminform();
echo('</div>');
OC_UTIL::showfooter();
?>

1
admin/index.php~
View File

@ -0,0 +1 @@

91
css/default.php
View File

@ -46,6 +46,7 @@ html,body {
}
body.error {background-color: #F0F0F0;}
td.error{color:#FF0000; text-align:center}
body,th,td,ul,li,a,div,p,pre {color:#333333; font-family:Verdana,"Bitstream Vera Sans",Arial,Helvetica,Sans,"Bitstream Vera Serif"; font-size:9.0pt;}
a img {
@ -220,6 +221,7 @@ div.breadcrumb{
}
div.fileactionlist{
z-index:50;
position:absolute;
background-color: #DDDDDD;
margin-top:5px;
@ -260,6 +262,12 @@ td.sizetext{
text-align:right;
}
input.fileSelector{
margin-right:17px;
float:left;
}
td.fileSelector, td.fileicon{
width:16px;
}
@ -287,6 +295,7 @@ div.fileList{
height:100%;
min-height:200px;
top:0px;
<!-- border-bottom: 3px solid #CCC; -->
}
div.fileList table{
@ -321,4 +330,86 @@ table.browser thead td,table.browser tfoot td{
tr.hint, tr.hint td{
background:transparent;
}
#debug{
position:fixed;
bottom:20px;
left:20px;
border:solid 1px black;
}
.dragClone{
position:absolute;
}
div.breadcrumb{
float:left;
background:transparent;
}
div.moreActionsButton>p{
padding:0px;
margin:0px;
width:100%;
height:100%;
}
div.moreActionsButton{
background-color:white;
display:inline;
border:1px solid black;
cursor:pointer;
padding-right:10px;
text-align:right;
width:90px;
height:19px;
float:right;
margin-top:2px !important;
right:2px;
position:absolute;
background:#DDD url(<?php if(isset($WEBROOT)) echo($WEBROOT); ?>/img/arrow_up.png) no-repeat scroll center right;
}
td.moreActionsButtonClicked{
background:#DDD url(<?php if(isset($WEBROOT)) echo($WEBROOT); ?>/img/arrow_down.png) no-repeat scroll center right !important
}
tr.utilityline{
height:24px;
}
td.actionsSelected{
position:absolute;
width:790px;
}
div.moreActionsList{
background:#EEE;
position:absolute;
bottom:19px;
right:-2px;
border:1px solid black;
min-width:330px;
text-align:right;
float:right;
}
div.moreActionsList input{
<!-- float:right; -->
}
div.moreActionsList>table{
width:100%;
}
div.moreActionsList td{
width:300px;
text-align:right;
padding-top:3px !important;
padding-bottom:3px !important;
}
div.moreActionsList tr:hover{
background-color:#DDD;
}

30
files/move.php → files/api.php
View File

@ -22,14 +22,28 @@
*/
require_once('../inc/lib_base.php');
$sourceDir=$_GET['sourcedir'];
$targetDir=$_GET['targetdir'];
$source=$_GET['source'];
$target=$_GET['target'];
if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($sourceDir,'..')===false and strpos($source,'..')===false and strpos($targetDir,'..')===false and strpos($target,'..')===false){
$target=$CONFIG_DATADIRECTORY.'/'.$targetDir.'/'.$target.'/'.$source;
$source=$CONFIG_DATADIRECTORY.'/'.$sourceDir.'/'.$source;
rename($source,$target);
$arguments=$_POST;
foreach($arguments as &$argument){
$argument=stripslashes($argument);
}
ob_clean();
switch($arguments['action']){
case 'delete':
OC_FILES::delete($arguments['dir'],$arguments['file']);
break;
case 'rename':
OC_FILES::move($arguments['dir'],$arguments['file'],$arguments['dir'],$arguments['newname']);
break;
case 'new':
OC_FILES::newfile($arguments['dir'],$arguments['name'],$arguments['type']);
break;
case 'move':
OC_FILES::move($arguments['sourcedir'],$arguments['source'],$arguments['targetdir'],$arguments['target']);
break;
case 'get':
OC_FILES::get($arguments['dir'],$arguments['file']);
break;
}
?>

108
files/get_file.php
View File

@ -1,108 +0,0 @@
<?php
/**
* ownCloud - ajax frontend
*
* @author Robin Appelman
* @copyright 2010 Robin Appelman icewind1991@gmail.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
//note this file is for getting files themselves, get_files.php is for getting a list of files.
require_once('../inc/lib_base.php');
if(!function_exists('sys_get_temp_dir')) {
function sys_get_temp_dir() {
if( $temp=getenv('TMP') ) return $temp;
if( $temp=getenv('TEMP') ) return $temp;
if( $temp=getenv('TMPDIR') ) return $temp;
$temp=tempnam(__FILE__,'');
if (file_exists($temp)) {
unlink($temp);
return dirname($temp);
}
return null;
}
}
function addDir($dir,$zip,$internalDir=''){
$dirname=basename($dir);
$zip->addEmptyDir($internalDir.$dirname);
$internalDir.=$dirname.='/';
$files=OC_FILES::getdirectorycontent($dir);
foreach($files as $file){
$filename=$file['name'];
$file=$dir.'/'.$filename;
if(is_file($file)){
$zip->addFile($file,$internalDir.$filename);
}elseif(is_dir($file)){
addDir($file,$zip,$internalDir);
}
}
}
$files=$_GET['files'];
$dir=(isset($_GET['dir']))?$_GET['dir']:'';
if(strstr($files,'..') or strstr($dir,'..')){
die();
}
if(strpos($files,',')){
$files=explode(',',$files);
}
if(is_array($files)){
$zip = new ZipArchive();
$filename = sys_get_temp_dir()."/ownCloud.zip";
if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
exit("cannot open <$filename>\n");
}
foreach($files as $file){
$file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
if(is_file($file)){
$zip->addFile($file,basename($file));
}elseif(is_dir($file)){
addDir($file,$zip);
}
}
$zip->close();
}elseif(is_dir($CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files)){
$zip = new ZipArchive();
$filename = sys_get_temp_dir()."/ownCloud.zip";
if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
exit("cannot open <$filename>\n");
}
$file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
addDir($file,$zip);
$zip->close();
}else{
$zip=false;
$filename=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
}
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($filename));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($filename));
ob_end_clean();
readfile($filename);
if($zip){
unlink($filename);
}
?>

49
files/get_files.php
View File

@ -47,12 +47,14 @@ $dirname=(isset($files[0]))?$files[0]['directory']:'';
$dirname=substr($dirname,strrpos($dirname,'/'));
$max_upload=min(return_bytes(ini_get('post_max_size')),return_bytes(ini_get('upload_max_filesize')));
ob_clean();
echo "<?xml version='1.0' standalone='yes'?>\n";
echo "<?xml version='1.0' encoding='UTF-8' standalone='yes'?>\n";
echo "<dir name='$dirname' max_upload='$max_upload'>\n";
if(is_array($files)){
foreach($files as $file){
$attributes='';
foreach($file as $name=>$data){
$data=utf8_encode($data);
$data=utf8tohtml($data);
$data=str_replace("'",'&#39;',$data);
if (is_string($name)) $attributes.=" $name='$data'";
}
@ -60,5 +62,48 @@ if(is_array($files)){
echo "<file$attributes/>\n";
}
}
echo "\n</dir>";
echo "</dir>";
// converts a UTF8-string into HTML entities
// - $utf8: the UTF8-string to convert
// - $encodeTags: booloean. TRUE will convert "<" to "&lt;"
// - return: returns the converted HTML-string
function utf8tohtml($utf8, $encodeTags=true) {
$result = '';
for ($i = 0; $i < strlen($utf8); $i++) {
$char = $utf8[$i];
$ascii = ord($char);
if ($ascii < 128) {
// one-byte character
$result .= ($encodeTags) ? htmlentities($char) : $char;
} else if ($ascii < 192) {
// non-utf8 character or not a start byte
} else if ($ascii < 224) {
// two-byte character
$result .= htmlentities(substr($utf8, $i, 2), ENT_QUOTES, 'UTF-8');
$i++;
} else if ($ascii < 240) {
// three-byte character
$ascii1 = ord($utf8[$i+1]);
$ascii2 = ord($utf8[$i+2]);
$unicode = (15 & $ascii) * 4096 +
(63 & $ascii1) * 64 +
(63 & $ascii2);
$result .= "&#$unicode;";
$i += 2;
} else if ($ascii < 248) {
// four-byte character
$ascii1 = ord($utf8[$i+1]);
$ascii2 = ord($utf8[$i+2]);
$ascii3 = ord($utf8[$i+3]);
$unicode = (15 & $ascii) * 262144 +
(63 & $ascii1) * 4096 +
(63 & $ascii2) * 64 +
(63 & $ascii3);
$result .= "&#$unicode;";
$i += 3;
}
}
return $result;
}
?>

38
files/new.php
View File

@ -1,38 +0,0 @@
<?php
/**
* ownCloud - ajax frontend
*
* @author Robin Appelman
* @copyright 2010 Robin Appelman icewind1991@gmail.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
require_once('../inc/lib_base.php');
$dir=$_GET['dir'];
$name=$_GET['name'];
$type=$_GET['type'];
if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($dir,'..')===false and strpos($name,'..')===false){
$file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$name;
if($type=='dir'){
mkdir($file);
}elseif($type=='file'){
$fileHandle=fopen($file, 'w') or die("can't open file");
fclose($fileHandle);
}
}
?>

2
files/upload.php
View File

@ -22,6 +22,8 @@
*/
require_once('../inc/lib_base.php');
// sleep(5); //immitate slow internet.
$fileName=$_FILES['file']['name'];
$source=$_FILES['file']['tmp_name'];
$target=$CONFIG_DATADIRECTORY.'/'.$_GET['dir'].'/'.$fileName;

33
inc/HTTP/WebDAV/Server.php
View File

@ -1,3 +1,4 @@
<<<<<<< HEAD:inc/HTTP/WebDAV/Server.php
<?php // $Id$
/*
+----------------------------------------------------------------------+
@ -33,9 +34,35 @@
+----------------------------------------------------------------------+
*/
require_once "HTTP/WebDAV/Tools/_parse_propfind.php";
require_once "HTTP/WebDAV/Tools/_parse_proppatch.php";
require_once "HTTP/WebDAV/Tools/_parse_lockinfo.php";
oc_require_once "HTTP/WebDAV/Tools/_parse_propfind.php";
oc_require_once "HTTP/WebDAV/Tools/_parse_proppatch.php";
oc_require_once "HTTP/WebDAV/Tools/_parse_lockinfo.php";
=======
<?php
//
// +----------------------------------------------------------------------+
// | PHP Version 4 |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2003 The PHP Group |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.02 of the PHP license, |
// | that is bundled with this package in the file LICENSE, and is |
// | available at through the world-wide-web at |
// | http://www.php.net/license/2_02.txt. |
// | If you did not receive a copy of the PHP license and are unable to |
// | obtain it through the world-wide-web, please send a note to |
// | license@php.net so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// | Authors: Hartmut Holzgraefe <hholzgra@php.net> |
// | Christian Stocker <chregu@bitflux.ch> |
// +----------------------------------------------------------------------+
//
// $Id: Server.php,v 1.46 2006/03/03 21:43:09 hholzgra Exp $
//
oc_require_once("HTTP/WebDAV/Tools/_parse_propfind.php");
oc_require_once("HTTP/WebDAV/Tools/_parse_proppatch.php");
oc_require_once("HTTP/WebDAV/Tools/_parse_lockinfo.php");
>>>>>>> 854e0c5a9c9060e827fbbfddffeeeadfc2d27278:inc/HTTP/WebDAV/Server.php
/**
* Virtual base class for implementing WebDAV servers

726
inc/HTTP/WebDAV/Server/Filesystem.php
View File

@ -1,3 +1,4 @@
<<<<<<< HEAD:inc/HTTP/WebDAV/Server/Filesystem.php
<?php // $Id$
/*
+----------------------------------------------------------------------+
@ -32,9 +33,9 @@
| POSSIBILITY OF SUCH DAMAGE. |
+----------------------------------------------------------------------+
*/
require_once "lib_base.php";
require_once "HTTP/WebDAV/Server.php";
require_once "System.php";
require_once "../../../lib_base.php";
oc_require_once "HTTP/WebDAV/Server.php";
oc_require_once "System.php";
/**
* Filesystem access using WebDAV
@ -853,3 +854,722 @@
* indent-tabs-mode:nil
* End:
*/
=======
<?php
oc_require_once("HTTP/WebDAV/Server.php");
oc_require_once("System.php");
/**
* Filesystem access using WebDAV
*
* @access public
*/
class HTTP_WebDAV_Server_Filesystem extends HTTP_WebDAV_Server
{
/**
* Root directory for WebDAV access
*
* Defaults to webserver document root (set by ServeRequest)
*
* @access private
* @var string
*/
var $base = "";
/**
* Serve a webdav request
*
* @access public
* @param string
*/
function ServeRequest($base = false)
{
// special treatment for litmus compliance test
// reply on its identifier header
// not needed for the test itself but eases debugging
if (function_exists("apache_request_headers")) {
foreach(apache_request_headers() as $key => $value) {
if (stristr($key,"litmus")) {
error_log("Litmus test $value");
header("X-Litmus-reply: ".$value);
}
}
}
// set root directory, defaults to webserver document root if not set
if ($base) {
$this->base = realpath($base); // TODO throw if not a directory
} else if (!$this->base) {
$this->base = $_SERVER['DOCUMENT_ROOT'];
}
// let the base class do all the work
parent::ServeRequest();
}
/**
* No authentication is needed here
*
* @access private
* @param string HTTP Authentication type (Basic, Digest, ...)
* @param string Username
* @param string Password
* @return bool true on successful authentication
*/
function check_auth($type, $user, $pass)
{
return true;
}
/**
* PROPFIND method handler
*
* @param array general parameter passing array
* @param array return array for file properties
* @return bool true on success
*/
function PROPFIND(&$options, &$files)
{
// get absolute fs path to requested resource
$fspath = $this->base . $options["path"];
// sanity check
if (!file_exists($fspath)) {
return false;
}
// prepare property array
$files["files"] = array();
// store information for the requested path itself
$files["files"][] = $this->fileinfo($options["path"]);
// information for contained resources requested?
if (!empty($options["depth"])) { // TODO check for is_dir() first?
// make sure path ends with '/'
$options["path"] = $this->_slashify($options["path"]);
// try to open directory
$handle = @opendir($fspath);
if ($handle) {
// ok, now get all its contents
while ($filename = readdir($handle)) {
if ($filename != "." && $filename != "..") {
$files["files"][] = $this->fileinfo($options["path"].$filename);
}
}
// TODO recursion needed if "Depth: infinite"
}
}
// ok, all done
return true;
}
/**
* Get properties for a single file/resource
*
* @param string resource path
* @return array resource properties
*/
function fileinfo($path)
{
// map URI path to filesystem path
$fspath = $this->base . $path;
// create result array
$info = array();
// TODO remove slash append code when base clase is able to do it itself
$info["path"] = is_dir($fspath) ? $this->_slashify($path) : $path;
$info["props"] = array();
// no special beautified displayname here ...
$info["props"][] = $this->mkprop("displayname", strtoupper($path));
// creation and modification time
$info["props"][] = $this->mkprop("creationdate", filectime($fspath));
$info["props"][] = $this->mkprop("getlastmodified", filemtime($fspath));
// type and size (caller already made sure that path exists)
if (is_dir($fspath)) {
// directory (WebDAV collection)
$info["props"][] = $this->mkprop("resourcetype", "collection");
$info["props"][] = $this->mkprop("getcontenttype", "httpd/unix-directory");
} else {
// plain file (WebDAV resource)
$info["props"][] = $this->mkprop("resourcetype", "");
if (is_readable($fspath)) {
$info["props"][] = $this->mkprop("getcontenttype", $this->_mimetype($fspath));
} else {
$info["props"][] = $this->mkprop("getcontenttype", "application/x-non-readable");
}
$info["props"][] = $this->mkprop("getcontentlength", filesize($fspath));
}
// get additional properties from database
$query = "SELECT ns, name, value FROM properties WHERE path = '$path'";
$res = OC_DB::query($query);
while ($row = OC_DB::fetch_assoc($res)) {
$info["props"][] = $this->mkprop($row["ns"], $row["name"], $row["value"]);
}
OC_DB::free_result($res);
return $info;
}
/**
* detect if a given program is found in the search PATH
*
* helper function used by _mimetype() to detect if the
* external 'file' utility is available
*
* @param string program name
* @param string optional search path, defaults to $PATH
* @return bool true if executable program found in path
*/
function _can_execute($name, $path = false)
{
// path defaults to PATH from environment if not set
if ($path === false) {
$path = getenv("PATH");
}
// check method depends on operating system
if (!strncmp(PHP_OS, "WIN", 3)) {
// on Windows an appropriate COM or EXE file needs to exist
$exts = array(".exe", ".com");
$check_fn = "file_exists";
} else {
// anywhere else we look for an executable file of that name
$exts = array("");
$check_fn = "is_executable";
}
// now check the directories in the path for the program
foreach (explode(PATH_SEPARATOR, $path) as $dir) {
// skip invalid path entries
if (!file_exists($dir)) continue;
if (!is_dir($dir)) continue;
// and now look for the file
foreach ($exts as $ext) {
if ($check_fn("$dir/$name".$ext)) return true;
}
}
return false;
}
/**
* try to detect the mime type of a file
*
* @param string file path
* @return string guessed mime type
*/
function _mimetype($fspath)
{
if (@is_dir($fspath)) {
// directories are easy
return "httpd/unix-directory";
} else if (function_exists("mime_content_type")) {
// use mime magic extension if available
$mime_type = mime_content_type($fspath);
} else if ($this->_can_execute("file")) {
// it looks like we have a 'file' command,
// lets see it it does have mime support
$fp = popen("file -i '$fspath' 2>/dev/null", "r");
$reply = fgets($fp);
pclose($fp);
// popen will not return an error if the binary was not found
// and find may not have mime support using "-i"
// so we test the format of the returned string
// the reply begins with the requested filename
if (!strncmp($reply, "$fspath: ", strlen($fspath)+2)) {
$reply = substr($reply, strlen($fspath)+2);
// followed by the mime type (maybe including options)
if (preg_match('/^[[:alnum:]_-]+/[[:alnum:]_-]+;?.*/', $reply, $matches)) {
$mime_type = $matches[0];
}
}
}
if (empty($mime_type)) {
// Fallback solution: try to guess the type by the file extension
// TODO: add more ...
// TODO: it has been suggested to delegate mimetype detection
// to apache but this has at least three issues:
// - works only with apache
// - needs file to be within the document tree
// - requires apache mod_magic
// TODO: can we use the registry for this on Windows?
// OTOH if the server is Windos the clients are likely to
// be Windows, too, and tend do ignore the Content-Type
// anyway (overriding it with information taken from
// the registry)
// TODO: have a seperate PEAR class for mimetype detection?
switch (strtolower(strrchr(basename($fspath), "."))) {
case ".html":
$mime_type = "text/html";
break;
case ".gif":
$mime_type = "image/gif";
break;
case ".jpg":
$mime_type = "image/jpeg";
break;
default:
$mime_type = "application/octet-stream";
break;
}
}
return $mime_type;
}
/**
* GET method handler
*
* @param array parameter passing array
* @return bool true on success
*/
function GET(&$options)
{
// get absolute fs path to requested resource
$fspath = $this->base . $options["path"];
// sanity check
if (!file_exists($fspath)) return false;
// is this a collection?
if (is_dir($fspath)) {
return $this->GetDir($fspath, $options);
}
// detect resource type
$options['mimetype'] = $this->_mimetype($fspath);
// detect modification time
// see rfc2518, section 13.7
// some clients seem to treat this as a reverse rule
// requiering a Last-Modified header if the getlastmodified header was set
$options['mtime'] = filemtime($fspath);
// detect resource size
$options['size'] = filesize($fspath);
// no need to check result here, it is handled by the base class
$options['stream'] = fopen($fspath, "r");
return true;
}
/**
* GET method handler for directories
*
* This is a very simple mod_index lookalike.
* See RFC 2518, Section 8.4 on GET/HEAD for collections
*
* @param string directory path
* @return void function has to handle HTTP response itself
*/
function GetDir($fspath, &$options)
{
$path = $this->_slashify($options["path"]);
if ($path != $options["path"]) {
header("Location: ".$this->base_uri.$path);
exit;
}
// fixed width directory column format
$format = "%15s %-19s %-s\n";
$handle = @opendir($fspath);
if (!$handle) {
return false;
}
echo "<html><head><title>Index of ".htmlspecialchars($options['path'])."</title></head>\n";
echo "<h1>Index of ".htmlspecialchars($options['path'])."</h1>\n";
echo "<pre>";
printf($format, "Size", "Last modified", "Filename");
echo "<hr>";
while ($filename = readdir($handle)) {
if ($filename != "." && $filename != "..") {
$fullpath = $fspath."/".$filename;
$name = htmlspecialchars($filename);
printf($format,
number_format(filesize($fullpath)),
strftime("%Y-%m-%d %H:%M:%S", filemtime($fullpath)),
"<a href='$this->base_uri$path$name'>$name</a>");
}
}
echo "</pre>";
closedir($handle);
echo "</html>\n";
exit;
}
/**
* PUT method handler
*
* @param array parameter passing array
* @return bool true on success
*/
function PUT(&$options)
{
$fspath = $this->base . $options["path"];
if (!@is_dir(dirname($fspath))) {
return "409 Conflict";
}
$options["new"] = ! file_exists($fspath);
$fp = fopen($fspath, "w");
return $fp;
}
/**
* MKCOL method handler
*
* @param array general parameter passing array
* @return bool true on success
*/
function MKCOL($options)
{
$path = $this->base .$options["path"];
$parent = dirname($path);
$name = basename($path);
if (!file_exists($parent)) {
return "409 Conflict";
}
if (!is_dir($parent)) {
return "403 Forbidden";
}
if ( file_exists($parent."/".$name) ) {
return "405 Method not allowed";
}
if (!empty($_SERVER["CONTENT_LENGTH"])) { // no body parsing yet
return "415 Unsupported media type";
}
$stat = mkdir ($parent."/".$name,0777);
if (!$stat) {
return "403 Forbidden";
}
return ("201 Created");
}
/**
* DELETE method handler
*
* @param array general parameter passing array
* @return bool true on success
*/
function DELETE($options)
{
$path = $this->base . "/" .$options["path"];
if (!file_exists($path)) {
return "404 Not found";
}
if (is_dir($path)) {
$query = "DELETE FROM properties WHERE path LIKE '".$this->_slashify($options["path"])."%'";
OC_DB::query($query);
System::rm("-rf $path");
} else {
unlink ($path);
}
$query = "DELETE FROM properties WHERE path = '$options[path]'";
OC_DB::query($query);
return "204 No Content";
}
/**
* MOVE method handler
*
* @param array general parameter passing array
* @return bool true on success
*/
function MOVE($options)
{
return $this->COPY($options, true);
}
/**
* COPY method handler
*
* @param array general parameter passing array
* @return bool true on success
*/
function COPY($options, $del=false)
{
// TODO Property updates still broken (Litmus should detect this?)
if (!empty($_SERVER["CONTENT_LENGTH"])) { // no body parsing yet
return "415 Unsupported media type";
}
// no copying to different WebDAV Servers yet
if (isset($options["dest_url"])) {
return "502 bad gateway";
}
$source = $this->base .$options["path"];
if (!file_exists($source)) return "404 Not found";
$dest = $this->base . $options["dest"];
$new = !file_exists($dest);
$existing_col = false;
if (!$new) {
if ($del && is_dir($dest)) {
if (!$options["overwrite"]) {
return "412 precondition failed";
}
$dest .= basename($source);
if (file_exists($dest)) {
$options["dest"] .= basename($source);
} else {
$new = true;
$existing_col = true;
}
}
}
if (!$new) {
if ($options["overwrite"]) {
$stat = $this->DELETE(array("path" => $options["dest"]));
if (($stat{0} != "2") && (substr($stat, 0, 3) != "404")) {
return $stat;
}
} else {
return "412 precondition failed";
}
}
if (is_dir($source) && ($options["depth"] != "infinity")) {
// RFC 2518 Section 9.2, last paragraph
return "400 Bad request";
}
if ($del) {
if (!rename($source, $dest)) {
return "500 Internal server error";
}
$destpath = $this->_unslashify($options["dest"]);
if (is_dir($source)) {
$query = "UPDATE properties
SET path = REPLACE(path, '".$options["path"]."', '".$destpath."')
WHERE path LIKE '".$this->_slashify($options["path"])."%'";
OC_DB::query($query);
}
$query = "UPDATE properties
SET path = '".$destpath."'
WHERE path = '".$options["path"]."'";
OC_DB::query($query);
} else {
if (is_dir($source)) {
$files = System::find($source);
$files = array_reverse($files);
} else {
$files = array($source);
}
if (!is_array($files) || empty($files)) {
return "500 Internal server error";
}
foreach ($files as $file) {
if (is_dir($file)) {
$file = $this->_slashify($file);
}
$destfile = str_replace($source, $dest, $file);
if (is_dir($file)) {
if (!is_dir($destfile)) {
// TODO "mkdir -p" here? (only natively supported by PHP 5)
if (!mkdir($destfile)) {
return "409 Conflict";
}
} else {
error_log("existing dir '$destfile'");
}
} else {
if (!copy($file, $destfile)) {
return "409 Conflict";
}
}
}
$query = "INSERT INTO properties SELECT ... FROM properties WHERE path = '".$options['path']."'";
}
return ($new && !$existing_col) ? "201 Created" : "204 No Content";
}
/**
* PROPPATCH method handler
*
* @param array general parameter passing array
* @return bool true on success
*/
function PROPPATCH(&$options)
{
global $prefs, $tab;
$msg = "";
$path = $options["path"];
$dir = dirname($path)."/";
$base = basename($path);
foreach($options["props"] as $key => $prop) {
if ($prop["ns"] == "DAV:") {
$options["props"][$key]['status'] = "403 Forbidden";
} else {
if (isset($prop["val"])) {
$query = "REPLACE INTO properties SET path = '$options[path]', name = '$prop[name]', ns= '$prop[ns]', value = '$prop[val]'";
error_log($query);
} else {
$query = "DELETE FROM properties WHERE path = '$options[path]' AND name = '$prop[name]' AND ns = '$prop[ns]'";
}
OC_DB::query($query);
}
}
return "";
}
/**
* LOCK method handler
*
* @param array general parameter passing array
* @return bool true on success
*/
function LOCK(&$options)
{
if (isset($options["update"])) { // Lock Update
$query = "UPDATE locks SET expires = ".(time()+300);
OC_DB::query($query);
if (OC_DB::affected_rows()) {
$options["timeout"] = 300; // 5min hardcoded
return true;
} else {
return false;
}
}
$options["timeout"] = time()+300; // 5min. hardcoded
$query = "INSERT INTO locks
SET token = '$options[locktoken]'
, path = '$options[path]'
, owner = '$options[owner]'
, expires = '$options[timeout]'
, exclusivelock = " .($options['scope'] === "exclusive" ? "1" : "0")
;
OC_DB::query($query);
return OC_DB::affected_rows() ? "200 OK" : "409 Conflict";
}
/**
* UNLOCK method handler
*
* @param array general parameter passing array
* @return bool true on success
*/
function UNLOCK(&$options)
{
$query = "DELETE FROM locks
WHERE path = '$options[path]'
AND token = '$options[token]'";
OC_DB::query($query);
return OC_DB::affected_rows() ? "204 No Content" : "409 Conflict";
}
/**
* checkLock() helper
*
* @param string resource path to check for locks
* @return bool true on success
*/
function checkLock($path)
{
$result = false;
$query = "SELECT owner, token, expires, exclusivelock
FROM locks
WHERE path = '$path'
";
$res = OC_DB::query($query);
if ($res) {
$row = OC_DB::fetch_assoc($res);
OC_DB::free_result($res);
if ($row) {
$result = array( "type" => "write",
"scope" => $row["exclusivelock"] ? "exclusive" : "shared",
"depth" => 0,
"owner" => $row['owner'],
"token" => $row['token'],
"expires" => $row['expires']
);
}
}
return $result;
}
/**
* create database tables for property and lock storage
*
* @param void
* @return bool true on success
*/
function create_database()
{
// TODO
return false;
}
}
?>
>>>>>>> 854e0c5a9c9060e827fbbfddffeeeadfc2d27278:inc/HTTP/WebDAV/Server/Filesystem.php

203
inc/lib_base.php
View File

@ -40,11 +40,10 @@ if($WEBROOT{0}!=='/'){
}
// set the right include path
set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config');
// set_include_path(get_include_path().PATH_SEPARATOR.$SERVERROOT.PATH_SEPARATOR.$SERVERROOT.'/inc'.PATH_SEPARATOR.$SERVERROOT.'/config');
// define default config values
$CONFIG_ADMINLOGIN='';
$CONFIG_ADMINPASSWORD='';
$CONFIG_INSTALLED=false;
$CONFIG_DATADIRECTORY=$SERVERROOT.'/data';
$CONFIG_HTTPFORCESSL=false;
$CONFIG_DATEFORMAT='j M Y G:i';
@ -52,7 +51,7 @@ $CONFIG_DBNAME='owncloud';
$CONFIG_DBTYPE='sqlite';
// include the generated configfile
@include_once('config.php');
@oc_include_once('config.php');
// redirect to https site if configured
if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){
@ -64,12 +63,22 @@ if(isset($CONFIG_HTTPFORCESSL) and $CONFIG_HTTPFORCESSL){
}
// load core libs
require_once('lib_files.php');
require_once('lib_log.php');
require_once('lib_config.php');
oc_require_once('lib_files.php');
oc_require_once('lib_log.php');
oc_require_once('lib_config.php');
oc_require_once('lib_user.php');
oc_require_once('lib_ocs.php');
if(OC_USER::isLoggedIn()){
//jail the user in a seperate data folder
$CONFIG_DATADIRECTORY=$SERVERROOT.'/data/'.$_SESSION['username_clean'];
if(!is_dir($CONFIG_DATADIRECTORY)){
mkdir($CONFIG_DATADIRECTORY);
}
}
// load plugins
$CONFIG_LOADPLUGINS='music';
$CONFIG_LOADPLUGINS='';
$plugins=explode(' ',$CONFIG_LOADPLUGINS);
if(isset($plugins[0]['url'])) foreach($plugins as $plugin) require_once('plugins/'.$plugin.'/lib_'.$plugin.'.php');
@ -81,46 +90,6 @@ OC_UTIL::checkserver();
OC_USER::logoutlisener();
$loginresult=OC_USER::loginlisener();
/**
* Class for usermanagement
*
*/
class OC_USER {
/**
* check if the login button is pressed and logg the user in
*
*/
public static function loginlisener(){
global $CONFIG_ADMINLOGIN;
global $CONFIG_ADMINPASSWORD;
if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
if($_POST['login']==$CONFIG_ADMINLOGIN and $_POST['password']==$CONFIG_ADMINPASSWORD){
$_SESSION['username']=$_POST['login'];
OC_LOG::event($_SESSION['username'],1,'');
return('');
}else{
return('error');
}
}
return('');
}
/**
* check if the logout button is pressed and logout the user
*
*/
public static function logoutlisener(){
if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
OC_LOG::event($_SESSION['username'],2,'');
unset($_SESSION['username']);
}
}
}
/**
* Class for utility functions
*
@ -163,7 +132,7 @@ class OC_UTIL {
public static function showheader(){
global $CONFIG_ADMINLOGIN;
global $WEBROOT;
require('templates/header.php');;
oc_require('templates/header.php');;
}
/**
@ -173,7 +142,7 @@ class OC_UTIL {
public static function showfooter(){
global $CONFIG_FOOTEROWNERNAME;
global $CONFIG_FOOTEROWNEREMAIL;
require('templates/footer.php');;
oc_require('templates/footer.php');;
}
/**
@ -204,8 +173,11 @@ class OC_UTIL {
if(dirname($_SERVER['SCRIPT_NAME'])==$WEBROOT.$NAVI['url']) echo('<td class="navigationitemselected"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.$NAVI['url'].'">'.$NAVI['name'].'</a></td>');
}
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>');
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>');
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/log/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/log">Log</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/log">Log</a></td>');
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/settings/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/settings">Settings</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/settings">Settings</a></td>');
if(OC_USER::ingroup($_SESSION['username'],'admin')){
if($_SERVER['SCRIPT_NAME']==$WEBROOT.'/admin/index.php') echo('<td class="navigationitemselected"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>'); else echo('<td class="navigationitem"><a href="'.$WEBROOT.'/admin">Admin Panel</a></td>');
}
echo('<td class="navigationitem"><a href="?logoutbutton=1">Logout</a></td>');
echo('</tr></table>');
}
@ -217,7 +189,7 @@ class OC_UTIL {
*/
public static function showloginform(){
global $loginresult;
require('templates/loginform.php');
oc_require('templates/loginform.php');
}
@ -284,6 +256,32 @@ class OC_DB {
return $result;
}
/**
* executes a query on the database and returns the result in an array
*
* @param string $cmd
* @return result-set
*/
static function select($cmd) {
global $CONFIG_DBTYPE;
$result=OC_DB::query($cmd);
if($result){
$data=array();
if($CONFIG_DBTYPE=='sqlite'){
while($row=$result->fetch(SQLITE_ASSOC)){
$data[]=$row;
}
}elseif($CONFIG_DBTYPE=='mysql'){
while($row=$result->fetch_array(MYSQLI_ASSOC)){
$data[]=$row;
}
}
return $data;
}else{
return false;
}
}
/**
* executes multiply queries on the database
*
@ -455,4 +453,101 @@ class OC_DB {
}
?>
//custom require/include functions because not all hosts allow us to set the include path
function oc_require($file){
global $SERVERROOT;
global $DOCUMENTROOT;
global $WEBROOT;
global $CONFIG_DBNAME;
global $CONFIG_DBHOST;
global $CONFIG_DBUSER;
global $CONFIG_DBPASSWORD;
global $CONFIG_DBTYPE;
global $CONFIG_DATADIRECTORY;
global $CONFIG_HTTPFORCESSL;
global $CONFIG_DATEFORMAT;
global $CONFIG_INSTALLED;
if(is_file($file)){
require($file);
}elseif(is_file($SERVERROOT.'/'.$file)){
require($SERVERROOT.'/'.$file);
}elseif(is_file($SERVERROOT.'/inc/'.$file)){
require($SERVERROOT.'/inc/'.$file);
}elseif(is_file($SERVERROOT.'/config/'.$file)){
require($SERVERROOT.'/config/'.$file);
}
}
function oc_require_once($file){
global $SERVERROOT;
global $DOCUMENTROOT;
global $WEBROOT;
global $CONFIG_DBNAME;
global $CONFIG_DBHOST;
global $CONFIG_DBUSER;
global $CONFIG_DBPASSWORD;
global $CONFIG_DBTYPE;
global $CONFIG_DATADIRECTORY;
global $CONFIG_HTTPFORCESSL;
global $CONFIG_DATEFORMAT;
global $CONFIG_INSTALLED;
if(is_file($file)){
require_once($file);
}elseif(is_file($SERVERROOT.'/'.$file)){
require_once($SERVERROOT.'/'.$file);
}elseif(is_file($SERVERROOT.'/inc/'.$file)){
require_once($SERVERROOT.'/inc/'.$file);
}elseif(is_file($SERVERROOT.'/config/'.$file)){
require_once($SERVERROOT.'/config/'.$file);
}
}
function oc_include($file){
global $SERVERROOT;
global $DOCUMENTROOT;
global $WEBROOT;
global $CONFIG_DBNAME;
global $CONFIG_DBHOST;
global $CONFIG_DBUSER;
global $CONFIG_DBPASSWORD;
global $CONFIG_DBTYPE;
global $CONFIG_DATADIRECTORY;
global $CONFIG_HTTPFORCESSL;
global $CONFIG_DATEFORMAT;
global $CONFIG_INSTALLED;
if(is_file($file)){
include($file);
}elseif(is_file($SERVERROOT.'/'.$file)){
include($SERVERROOT.'/'.$file);
}elseif(is_file($SERVERROOT.'/inc/'.$file)){
include($SERVERROOT.'/inc/'.$file);
}elseif(is_file($SERVERROOT.'/config/'.$file)){
include($SERVERROOT.'/config/'.$file);
}
}
function oc_include_once($file){
global $SERVERROOT;
global $DOCUMENTROOT;
global $WEBROOT;
global $CONFIG_DBNAME;
global $CONFIG_DBHOST;
global $CONFIG_DBUSER;
global $CONFIG_DBPASSWORD;
global $CONFIG_DBTYPE;
global $CONFIG_DATADIRECTORY;
global $CONFIG_HTTPFORCESSL;
global $CONFIG_DATEFORMAT;
global $CONFIG_INSTALLED;
if(is_file($file)){
include_once($file);
}elseif(is_file($SERVERROOT.'/'.$file)){
include_once($SERVERROOT.'/'.$file);
}elseif(is_file($SERVERROOT.'/inc/'.$file)){
include_once($SERVERROOT.'/inc/'.$file);
}elseif(is_file($SERVERROOT.'/config/'.$file)){
include_once($SERVERROOT.'/config/'.$file);
}
}
?>

359
inc/lib_config.php
View File

@ -11,122 +11,250 @@ class OC_CONFIG{
global $CONFIG_HTTPFORCESSL;
global $CONFIG_DATEFORMAT;
global $CONFIG_DBNAME;
require('templates/configform.php');
oc_require('templates/configform.php');
}
/**
* lisen for configuration changes and write it to the file
* show the configform
*
*/
public static function writeconfiglisener(){
global $DOCUMENTROOT;
global $SERVERROOT;
global $WEBROOT;
global $CONFIG_DBHOST;
global $CONFIG_DBNAME;
global $CONFIG_DBUSER;
global $CONFIG_DBPASSWORD;
global $CONFIG_DBTYPE;
public static function showadminform(){
global $CONFIG_ADMINLOGIN;
global $CONFIG_ADMINPASSWORD;
if(isset($_POST['set_config'])){
//checkdata
$error='';
$FIRSTRUN=empty($CONFIG_ADMINLOGIN);
if(!$FIRSTRUN){
if($_POST['currentpassword']!=$CONFIG_ADMINPASSWORD){
$error.='wrong password<br />';
global $CONFIG_DATADIRECTORY;
global $CONFIG_HTTPFORCESSL;
global $CONFIG_DATEFORMAT;
global $CONFIG_DBNAME;
global $CONFIG_INSTALLED;
$allow=false;
if(!$CONFIG_INSTALLED){
$allow=true;
}elseif(OC_USER::isLoggedIn()){
if(OC_USER::ingroup($_SESSION['username'],'admin')){
$allow=true;
}
}
if(!isset($_POST['adminlogin']) or empty($_POST['adminlogin'])) $error.='admin login not set<br />';
if((!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])) and $FIRSTRUN) $error.='admin password not set<br />';
if((!isset($_POST['adminpassword2']) or empty($_POST['adminpassword2'])) and $FIRSTRUN) $error.='retype admin password not set<br />';
if(!isset($_POST['datadirectory']) or empty($_POST['datadirectory'])) $error.='data directory not set<br />';
if(!isset($_POST['dateformat']) or empty($_POST['dateformat'])) $error.='dateformat not set<br />';
if(!isset($_POST['dbname']) or empty($_POST['dbname'])) $error.='databasename not set<br />';
if($_POST['adminpassword']<>$_POST['adminpassword2'] ) $error.='admin passwords are not the same<br />';
$dbtype=$_POST['dbtype'];
if($dbtype=='mysql'){
if(!isset($_POST['dbhost']) or empty($_POST['dbhost'])) $error.='database host not set<br />';
if(!isset($_POST['dbuser']) or empty($_POST['dbuser'])) $error.='database user not set<br />';
if($_POST['dbpassword']<>$_POST['dbpassword2'] ) $error.='database passwords are not the same<br />';
if($allow){
oc_require('templates/adminform.php');
}
}
public static function createuserlisener(){
if(OC_USER::isLoggedIn()){
if(OC_USER::ingroup($_SESSION['username'],'admin')){
if(isset($_POST['new_username']) and isset($_POST['new_password'])){
if(OC_USER::createuser($_POST['new_username'],$_POST['new_password'])){
return 'user successfully created';
}else{
return 'error while trying to create user';
}
}else{
return false;
}
}else{
return false;
}
}
if(!$FIRSTRUN){
if(!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])){
$_POST['adminpassword']=$CONFIG_ADMINPASSWORD;
}
public static function creategrouplisener(){
if(OC_USER::isLoggedIn()){
if(isset($_POST['creategroup']) and $_POST['creategroup']==1){
if(OC_USER::creategroup($_POST['groupname'])){
if(OC_USER::addtogroup($_SESSION['username'],$_POST['groupname'])){
return 'group successfully created';
}else{
return 'error while trying to add user to the new created group';
}
}else{
return 'error while trying to create group';
}
}else{
return false;
}
if(!isset($_POST['dbpassword']) or empty($_POST['dbpassword'])){
$_POST['dbpassword']=$CONFIG_DBPASSWORD;
}else{
return false;
}
}
/**
* lisen for configuration changes
*
*/
public static function configlisener(){
if(OC_USER::isLoggedIn()){
if(isset($_POST['config']) and $_POST['config']==1){
$error='';
if(!OC_USER::checkpassword($_SESSION['username'],$_POST['currentpassword'])){
$error.='wrong password<br />';
}else{
if(isset($_POST['changepass']) and $_POST['changepass']==1){
if(!isset($_POST['password']) or empty($_POST['password'])) $error.='password not set<br />';
if(!isset($_POST['password2']) or empty($_POST['password2'])) $error.='retype password not set<br />';
if($_POST['password']<>$_POST['password2'] ) $error.='passwords are not the same<br />';
if(empty($error)){
if(!OC_USER::setpassword($_SESSION['username'],$_POST['password'])){
$error.='error while trying to set password<br />';
}
}
}
}
return $error;
}else{
return false;
}
}else{
return false;
}
if(empty($error)) {
//create/fill database
$CONFIG_DBTYPE=$dbtype;
$CONFIG_DBNAME=$_POST['dbname'];
if($dbtype=='mysql'){
$CONFIG_DBHOST=$_POST['dbhost'];
$CONFIG_DBUSER=$_POST['dbuser'];
$CONFIG_DBPASSWORD=$_POST['dbpassword'];
}
/**
* lisen for admin configuration changes and write it to the file
*4bd0be1185e76
*/
public static function writeadminlisener(){
global $CONFIG_INSTALLED;
$allow=false;
if(!$CONFIG_INSTALLED){
$allow=true;
}elseif(OC_USER::isLoggedIn()){
if(OC_USER::ingroup($_SESSION['username'],'admin')){
$allow=true;
}
try{
if(isset($_POST['createdatabase']) and $CONFIG_DBTYPE=='mysql'){
self::createdatabase($_POST['dbadminuser'],$_POST['dbadminpwd']);
}
if($allow){
global $DOCUMENTROOT;
global $SERVERROOT;
global $WEBROOT;
global $CONFIG_DBHOST;
global $CONFIG_DBNAME;
global $CONFIG_DBUSER;
global $CONFIG_DBPASSWORD;
global $CONFIG_DBTYPE;
global $CONFIG_ADMINLOGIN;
global $CONFIG_ADMINPASSWORD;
if(isset($_POST['set_config'])){
//checkdata
$error='';
$FIRSTRUN=empty($CONFIG_ADMINLOGIN);
if(!$FIRSTRUN){
if($_POST['currentpassword']!=$CONFIG_ADMINPASSWORD){
$error.='wrong password<br />';
}
}
}catch(Exception $e){
$error.='error while trying to create the database<br/>';
}
if($CONFIG_DBTYPE=='sqlite'){
$f=@fopen($SERVERROOT.'/'.$CONFIG_DBNAME,'a+');
if(!$f){
$error.='path of sqlite database not writable by server<br/>';
if(!isset($_POST['adminlogin']) or empty($_POST['adminlogin'])) $error.='admin login not set<br />';
if((!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])) and $FIRSTRUN) $error.='admin password not set<br />';
if((!isset($_POST['adminpassword2']) or empty($_POST['adminpassword2'])) and $FIRSTRUN) $error.='retype admin password not set<br />';
if(!isset($_POST['datadirectory']) or empty($_POST['datadirectory'])) $error.='data directory not set<br />';
if(!isset($_POST['dateformat']) or empty($_POST['dateformat'])) $error.='dateformat not set<br />';
if(!isset($_POST['dbname']) or empty($_POST['dbname'])) $error.='databasename not set<br />';
if($_POST['adminpassword']<>$_POST['adminpassword2'] ) $error.='admin passwords are not the same<br />';
$dbtype=$_POST['dbtype'];
if($dbtype=='mysql'){
if(!isset($_POST['dbhost']) or empty($_POST['dbhost'])) $error.='database host not set<br />';
if(!isset($_POST['dbuser']) or empty($_POST['dbuser'])) $error.='database user not set<br />';
if($_POST['dbpassword']<>$_POST['dbpassword2'] ) $error.='database passwords are not the same<br />';
}
}
try{
if(isset($_POST['filldb'])){
self::filldatabase();
if(!$FIRSTRUN){
if(!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])){
$_POST['adminpassword']=$CONFIG_ADMINPASSWORD;
}
if(!isset($_POST['dbpassword']) or empty($_POST['dbpassword'])){
$_POST['dbpassword']=$CONFIG_DBPASSWORD;
}
}
}catch(Exception $e){
$error.='error while trying to fill the database<br/>';
}
//storedata
$config='<?php '."\n";
$config.='$CONFIG_ADMINLOGIN=\''.$_POST['adminlogin']."';\n";
$config.='$CONFIG_ADMINPASSWORD=\''.$_POST['adminpassword']."';\n";
$config.='$CONFIG_DATADIRECTORY=\''.$_POST['datadirectory']."';\n";
if(isset($_POST['forcessl'])) $config.='$CONFIG_HTTPFORCESSL=true'.";\n"; else $config.='$CONFIG_HTTPFORCESSL=false'.";\n";
$config.='$CONFIG_DATEFORMAT=\''.$_POST['dateformat']."';\n";
$config.='$CONFIG_DBTYPE=\''.$dbtype."';\n";
$config.='$CONFIG_DBNAME=\''.$_POST['dbname']."';\n";
if($dbtype=='mysql'){
$config.='$CONFIG_DBHOST=\''.$_POST['dbhost']."';\n";
$config.='$CONFIG_DBUSER=\''.$_POST['dbuser']."';\n";
$config.='$CONFIG_DBPASSWORD=\''.$_POST['dbpassword']."';\n";
}
$config.='?> ';
$filename=$SERVERROOT.'/config/config.php';
if(empty($error)){
header("Location: ".$WEBROOT."/");
try{
file_put_contents($filename,$config);
}catch(Exception $e){
$error.='error while trying to save the configuration file<br/>';
return $error;
if(!is_dir($_POST['datadirectory'])){
try{
mkdir($_POST['datadirectory']);
}catch(Exception $e){
$error.='error while trying to create data directory<br/>';
}
}
}else{
return $error;
}
if(empty($error)) {
//create/fill database
$CONFIG_DBTYPE=$dbtype;
$CONFIG_DBNAME=$_POST['dbname'];
if($dbtype=='mysql'){
$CONFIG_DBHOST=$_POST['dbhost'];
$CONFIG_DBUSER=$_POST['dbuser'];
$CONFIG_DBPASSWORD=$_POST['dbpassword'];
}
try{
if(isset($_POST['createdatabase']) and $CONFIG_DBTYPE=='mysql'){
self::createdatabase($_POST['dbadminuser'],$_POST['dbadminpwd']);
}
}catch(Exception $e){
$error.='error while trying to create the database<br/>';
}
if($CONFIG_DBTYPE=='sqlite'){
$f=@fopen($SERVERROOT.'/'.$CONFIG_DBNAME,'a+');
if(!$f){
$error.='path of sqlite database not writable by server<br/>';
}
}
try{
if(isset($_POST['filldb'])){
self::filldatabase();
}
}catch(Exception $e){
echo 'testin';
$error.='error while trying to fill the database<br/>';
}
if(!OC_USER::createuser($_POST['adminlogin'],$_POST['adminpassword']) && !OC_USER::login($_POST['adminlogin'],$_POST['adminpassword'])){
$error.='error while trying to create the admin user<br/>';
}
if(OC_USER::getgroupid('admin')==0){
if(!OC_USER::creategroup('admin')){
$error.='error while trying to create the admin group<br/>';
}
}
if(!OC_USER::addtogroup($_POST['adminlogin'],'admin')){
$error.='error while trying to add the admin user to the admin group<br/>';
}
//storedata
$config='<?php '."\n";
// $config.='$CONFIG_ADMINLOGIN=\''.$_POST['adminlogin']."';\n";
// $config.='$CONFIG_ADMINPASSWORD=\''.$_POST['adminpassword']."';\n";
$config.='$CONFIG_INSTALLED=true;'."\n";
$config.='$CONFIG_DATADIRECTORY=\''.$_POST['datadirectory']."';\n";
if(isset($_POST['forcessl'])) $config.='$CONFIG_HTTPFORCESSL=true'.";\n"; else $config.='$CONFIG_HTTPFORCESSL=false'.";\n";
$config.='$CONFIG_DATEFORMAT=\''.$_POST['dateformat']."';\n";
$config.='$CONFIG_DBTYPE=\''.$dbtype."';\n";
$config.='$CONFIG_DBNAME=\''.$_POST['dbname']."';\n";
if($dbtype=='mysql'){
$config.='$CONFIG_DBHOST=\''.$_POST['dbhost']."';\n";
$config.='$CONFIG_DBUSER=\''.$_POST['dbuser']."';\n";
$config.='$CONFIG_DBPASSWORD=\''.$_POST['dbpassword']."';\n";
}
$config.='?> ';
}
return($error);
$filename=$SERVERROOT.'/config/config.php';
if(empty($error)){
header("Location: ".$WEBROOT."/");
try{
file_put_contents($filename,$config);
}catch(Exception $e){
$error.='error while trying to save the configuration file<br/>';
return $error;
}
}else{
return $error;
}
}
}
return($error);
}
}
}
}
/**
* Fills the database with the initial tables
@ -163,9 +291,19 @@ CREATE TABLE 'properties' (
'ns' varchar(120) NOT NULL DEFAULT 'DAV:',
'value' text,
PRIMARY KEY ('path','name','ns')
);";
);
CREATE TABLE 'users' (
'user_id' int(11) NOT NULL,
'user_name' varchar(64) NOT NULL DEFAULT '',
'user_name_clean' varchar(64) NOT NULL DEFAULT '',
'user_password' varchar(40) NOT NULL DEFAULT '',
PRIMARY KEY ('user_id'),
UNIQUE ('user_name' ,'user_name_clean')
);
";
}elseif($CONFIG_DBTYPE=='mysql'){
$query="SET SQL_MODE=\"NO_AUTO_VALUE_ON_ZERO\";
$query="SET SQL_MODE='NO_AUTO_VALUE_ON_ZERO';
CREATE TABLE IF NOT EXISTS `locks` (
`token` varchar(255) NOT NULL DEFAULT '',
@ -201,6 +339,31 @@ CREATE TABLE IF NOT EXISTS `properties` (
PRIMARY KEY (`path`,`name`,`ns`),
KEY `path` (`path`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
CREATE TABLE IF NOT EXISTS `users` (
`user_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`user_name` VARCHAR( 64 ) NOT NULL ,
`user_name_clean` VARCHAR( 64 ) NOT NULL ,
`user_password` VARCHAR( 340) NOT NULL ,
UNIQUE (
`user_name` ,
`user_name_clean`
)
) ENGINE = MYISAM ;
CREATE TABLE IF NOT EXISTS `groups` (
`group_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`group_name` VARCHAR( 64 ) NOT NULL ,
UNIQUE (
`group_name`
)
) ENGINE = MYISAM ;
CREATE TABLE IF NOT EXISTS `user_group` (
`user_group_id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`user_id` VARCHAR( 64 ) NOT NULL ,
`group_id` VARCHAR( 64 ) NOT NULL
) ENGINE = MYISAM ;
";
}
OC_DB::multiquery($query);

408
inc/lib_files.php
View File

@ -29,132 +29,306 @@
*/
class OC_FILES {
/**
* show a web GUI filebrowser
*
* @param basedir $basedir
* @param dir $dir
*/
public static function showbrowser($basedir,$dir){/*
global $CONFIG_DATEFORMAT;
global $WEBROOT;
/**
* show a web GUI filebrowser
*
* @param basedir $basedir
* @param dir $dir
*/
public static function showbrowser($basedir,$dir){
echo '<div id="content"></div>';
}
$directory=$basedir.'/'.$dir;
/**
* get the content of a directory
* @param dir $directory
*/
public static function getdirectorycontent($directory){
$filesfound=true;
$content=array();
$dirs=array();
$file=array();
$files=array();
if (is_dir($directory)) {
if ($dh = opendir($directory)) {
while (($filename = readdir($dh)) !== false) {
if($filename<>'.' and $filename<>'..'){
$file=array();
$filesfound=true;
$file['name']=$filename;
$file['directory']=$directory;
$stat=stat($directory.'/'.$filename);
$file=array_merge($file,$stat);
$file['mime']=OC_FILES::getMimeType($directory .'/'. $filename);
$file['type']=filetype($directory .'/'. $filename);
if($file['type']=='dir'){
$dirs[$file['name']]=$file;
}else{
$files[$file['name']]=$file;
}
}
}
closedir($dh);
}
}
ksort($dirs);
ksort($files);
$content=array_merge($dirs,$files);
if($filesfound){
return $content;
}else{
return false;
}
}
// exit if try to access files outside our directory
if(strstr($dir,'..')<>false) exit();
$directory=realpath($directory);
$dirs=explode('/',$dir);
// breadcrumb
if(count($dirs)>1) {
echo('<div class="center"><table cellpadding="2" cellspacing="0" border="0"><tr>');
echo('<td class="nametext"><a href="'.$WEBROOT.'/">home</a></td>');
$currentdir='';
foreach($dirs as $d) {
$currentdir.='/'.$d.'';
if($d<>'') echo('<td class="nametext"><a href="'.$WEBROOT.'/?dir='.$currentdir.'"><img src="'.$WEBROOT.'/img/arrow.png" />&nbsp;'.$d.'</a></td>');
}
echo('</tr></table></div>');
}
// files and directories
echo('<div class="center"><table cellpadding="6" cellspacing="0" border="0" class="browser">');
$filesfound=false;
$content=self::getdirectorycontent($directory);
if($content){
foreach($content as $file){
echo('<tr class="browserline">');
OC_UTIL::showicon($file['type']);
if($file['type']=='dir') echo('<td class="nametext"><a href="'.$WEBROOT.'/?dir='.$dir.'/'.$file['name'].'">'.$file['name'].'</a></td>');
if($file['type']<>'dir') echo('<td class="nametext"><a href="'.$WEBROOT.'/?dir='.$dir.'&file='.$file['name'].'">'.$file['name'].'</a></td>');
if($file['type']<>'dir') echo('<td class="sizetext">'.$file['size'].' byte</td>'); else echo('<td></td>');
echo('<td class="sizetext">'.date($CONFIG_DATEFORMAT,$file['mtime']).'</td>');
echo('</tr>');
}
}
echo('</table>');
if(!$content) echo('<p>no files here</p>');
echo('</div>');*/
echo '<div id="content"></div>';
}
/**
* get the content of a directory
* @param dir $directory
*/
public static function getdirectorycontent($directory){
$filesfound=true;
$content=array();
$dirs=array();
$file=array();
$files=array();
if (is_dir($directory)) {
if ($dh = opendir($directory)) {
while (($filename = readdir($dh)) !== false) {
if($filename<>'.' and $filename<>'..'){
$file=array();
$filesfound=true;
$file['name']=$filename;
$file['directory']=$directory;
$stat=stat($directory.'/'.$filename);
$file=array_merge($file,$stat);
$file['type']=filetype($directory .'/'. $filename);
if($file['type']=='dir'){
$dirs[$file['name']]=$file;
}else{
$files[$file['name']]=$file;
}
}
}
closedir($dh);
}
}
ksort($dirs);
ksort($files);
$content=array_merge($dirs,$files);
if($filesfound){
return $content;
}else{
return false;
}
}
/**
* return the content of a file or return a zip file containning multiply files
*
* @param dir $dir
* @param file $file
*/
public static function get($dir,$files){
global $CONFIG_DATADIRECTORY;
if(strstr($files,'..') or strstr($dir,'..')){
die();
}
if(is_array($files)){
$zip = new ZipArchive();
$filename = sys_get_temp_dir()."/ownCloud.zip";
if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
exit("cannot open <$filename>\n");
}
foreach($files as $file){
$file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
if(is_file($file)){
$zip->addFile($file,basename($file));
}elseif(is_dir($file)){
zipAddDir($file,$zip);
}
}
$zip->close();
}elseif(is_dir($CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files)){
$zip = new ZipArchive();
$filename = sys_get_temp_dir()."/ownCloud.zip";
if ($zip->open($filename, ZIPARCHIVE::CREATE)!==TRUE) {
exit("cannot open <$filename>\n");
}
$file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
zipAddDir($file,$zip);
$zip->close();
}else{
$zip=false;
$filename=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$files;
}
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($filename));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($filename));
ob_end_clean();
readfile($filename);
if($zip){
unlink($filename);
}
}
/**
* move a file or folder
*
* @param dir $sourceDir
* @param file $source
* @param dir $targetDir
* @param file $target
*/
public static function move($sourceDir,$source,$targetDir,$target){
global $CONFIG_DATADIRECTORY;
if(OC_USER::isLoggedIn() and strpos($sourceDir,'..')===false and strpos($source,'..')===false and strpos($targetDir,'..')===false and strpos($target,'..')===false){
$targetFile=$CONFIG_DATADIRECTORY.'/'.$targetDir.'/'.$target;
$sourceFile=$CONFIG_DATADIRECTORY.'/'.$sourceDir.'/'.$source;
rename($sourceFile,$targetFile);
}
}
/**
* create a new file or folder
*
* @param dir $dir
* @param file $name
* @param type $type
*/
public static function newfile($dir,$name,$type){
global $CONFIG_DATADIRECTORY;
if(OC_USER::isLoggedIn() and strpos($dir,'..')===false and strpos($name,'..')===false){
$file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$name;
if($type=='dir'){
mkdir($file);
}elseif($type=='file'){
$fileHandle=fopen($file, 'w') or die("can't open file");
fclose($fileHandle);
}
}
}
/**
* deletes a file or folder
*
* @param dir $dir
* @param file $name
*/
public static function delete($dir,$file){
global $CONFIG_DATADIRECTORY;
if(OC_USER::isLoggedIn() and strpos($dir,'..')===false){
$file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
if(is_file($file)){
unlink($file);
}elseif(is_dir($file)){
rmdir($file);
}
}
}
/**
* try to detect the mime type of a file
*
* @param string file path
* @return string guessed mime type
*/
function getMimeType($fspath){
if (@is_dir($fspath)) {
// directories are easy
return "httpd/unix-directory";
} else if (function_exists("mime_content_type")) {
// use mime magic extension if available
$mime_type = mime_content_type($fspath);
} else if (OC_FILES::canExecute("file")) {
// it looks like we have a 'file' command,
// lets see it it does have mime support
$fp = popen("file -i '$fspath' 2>/dev/null", "r");
$reply = fgets($fp);
pclose($fp);
// popen will not return an error if the binary was not found
// and find may not have mime support using "-i"
// so we test the format of the returned string
// the reply begins with the requested filename
if (!strncmp($reply, "$fspath: ", strlen($fspath)+2)) {
$reply = substr($reply, strlen($fspath)+2);
// followed by the mime type (maybe including options)
if (preg_match('/^[[:alnum:]_-]+/[[:alnum:]_-]+;?.*/', $reply, $matches)) {
$mime_type = $matches[0];
}
}
}
if (empty($mime_type)) {
// Fallback solution: try to guess the type by the file extension
// TODO: add more ...
switch (strtolower(strrchr(basename($fspath), "."))) {
case ".html":
$mime_type = "text/html";
break;
case ".txt":
$mime_type = "text/plain";
break;
case ".css":
$mime_type = "text/css";
break;
case ".gif":
$mime_type = "image/gif";
break;
case ".jpg":
$mime_type = "image/jpeg";
break;
case ".jpg":
$mime_type = "png/jpeg";
break;
default:
$mime_type = "application/octet-stream";
break;
}
}
return $mime_type;
}
/**
* detect if a given program is found in the search PATH
*
* helper function used by _mimetype() to detect if the
* external 'file' utility is available
*
* @param string program name
* @param string optional search path, defaults to $PATH
* @return bool true if executable program found in path
*/
function canExecute($name, $path = false)
{
// path defaults to PATH from environment if not set
if ($path === false) {
$path = getenv("PATH");
}
// check method depends on operating system
if (!strncmp(PHP_OS, "WIN", 3)) {
// on Windows an appropriate COM or EXE file needs to exist
$exts = array(".exe", ".com");
$check_fn = "file_exists";
} else {
// anywhere else we look for an executable file of that name
$exts = array("");
$check_fn = "is_executable";
}
// now check the directories in the path for the program
foreach (explode(PATH_SEPARATOR, $path) as $dir) {
// skip invalid path entries
if (!file_exists($dir)) continue;
if (!is_dir($dir)) continue;
/**
* return the cntent of a file
*
* @param dir $dir
* @param file $file
*/
public static function get($dir,$file){
if(isset($_SESSION['username']) and $_SESSION['username']<>'') {
global $CONFIG_DATADIRECTORY;
$filename=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
// and now look for the file
foreach ($exts as $ext) {
if ($check_fn("$dir/$name".$ext)) return true;
}
}
// exit if try to access files outside our directory
if(strstr($filename,'..')<>false) exit();
return false;
}
OC_LOG::event($_SESSION['username'],3,$dir.'/'.$file);
}
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($filename));
readfile($filename);
function zipAddDir($dir,$zip,$internalDir=''){
$dirname=basename($dir);
$zip->addEmptyDir($internalDir.$dirname);
$internalDir.=$dirname.='/';
$files=OC_FILES::getdirectorycontent($dir);
foreach($files as $file){
$filename=$file['name'];
$file=$dir.'/'.$filename;
if(is_file($file)){
$zip->addFile($file,$internalDir.$filename);
}elseif(is_dir($file)){
zipAddDir($file,$zip,$internalDir);
}
}
exit;
}
}
if(!function_exists('sys_get_temp_dir')) {
function sys_get_temp_dir() {
if( $temp=getenv('TMP') ) return $temp;
if( $temp=getenv('TEMP') ) return $temp;
if( $temp=getenv('TMPDIR') ) return $temp;
$temp=tempnam(__FILE__,'');
if (file_exists($temp)) {
unlink($temp);
return dirname($temp);
}
return null;
}
}
?>
?>

277
inc/lib_user.php
View File

@ -0,0 +1,277 @@
<?php
/**
* ownCloud
*
* @author Frank Karlitschek
* @copyright 2010 Frank Karlitschek karlitschek@kde.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
if(!$CONFIG_INSTALLED){
$_SESSION['user_id']=false;
$_SESSION['username']='';
$_SESSION['username_clean']='';
}
/**
* Class for usermanagement
*
*/
class OC_USER {
/**
* check if the login button is pressed and logg the user in
*
*/
public static function loginlisener(){
if(isset($_POST['loginbutton']) and isset($_POST['password']) and isset($_POST['login'])){
if(OC_USER::login($_POST['login'],$_POST['password'])){
OC_LOG::event($_SESSION['username'],1,'');
return('');
}else{
return('error');
}
}
return('');
}
/**
* try to create a new user
*
*/
public static function createuser($username,$password){
if(OC_USER::getuserid($username)!=0){
return false;
}else{
$password=sha1($password);
$usernameclean=strtolower($username);
$username=mysql_escape_string($username);
$usernameclean=mysql_escape_string($usernameclean);
$query="INSERT INTO `users` (`user_id` ,`user_name` ,`user_name_clean` ,`user_password`)VALUES (NULL , '$username', '$usernameclean', '$password')";
$result=OC_DB::query($query);
return ($result)?true:false;
}
}
/**
* try to login a user
*
*/
public static function login($username,$password){
$password=sha1($password);
$usernameclean=strtolower($username);
$username=mysql_escape_string($username);
$usernameclean=mysql_escape_string($usernameclean);
$query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' AND `user_password` = '$password' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['user_id'])){
$_SESSION['user_id']=$result[0]['user_id'];
$_SESSION['username']=$username;
$_SESSION['username_clean']=$usernameclean;
return true;
}else{
return false;
}
}
/**
* check if the logout button is pressed and logout the user
*
*/
public static function logoutlisener(){
if(isset($_GET['logoutbutton']) && isset($_SESSION['username'])){
OC_LOG::event($_SESSION['username'],2,'');
$_SESSION['user_id']=false;
$_SESSION['username']='';
$_SESSION['username_clean']='';
}
}
/**
* check if a user is logged in
*
*/
public static function isLoggedIn(){
return (isset($_SESSION['user_id']) && $_SESSION['user_id'])?true:false;
}
/**
* try to create a new group
*
*/
public static function creategroup($groupname){
if(OC_USER::getgroupid($groupname)==0){
$groupname=mysql_escape_string($groupname);
$query="INSERT INTO `groups` (`group_id` ,`group_name`) VALUES (NULL , '$groupname');";
$result=OC_DB::query($query);
return ($result)?true:false;
}else{
return false;
}
}
/**
* get the id of a user
*
*/
public static function getuserid($username){
$usernameclean=strtolower($username);
$username=mysql_escape_string($username);
$usernameclean=mysql_escape_string($usernameclean);
$query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['user_id'])){
return $result[0]['user_id'];
}else{
return 0;
}
}
/**
* get the id of a group
*
*/
public static function getgroupid($groupname){
$groupname=mysql_escape_string($groupname);
$query="SELECT group_id FROM `groups` WHERE `group_name` = '$groupname' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['group_id'])){
return $result[0]['group_id'];
}else{
return 0;
}
}
/**
* get the name of a group
*
*/
public static function getgroupname($groupid){
$groupid=(integer)$groupid;
$query="SELECT group_name FROM `groups` WHERE `group_id` = '$groupid' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['group_name'])){
return $result[0]['group_name'];
}else{
return 0;
}
}
/**
* check if a user belongs to a group
*
*/
public static function ingroup($username,$groupname){
$userid=OC_USER::getuserid($username);
$groupid=OC_USER::getgroupid($groupname);
if($groupid>0 and $userid>0){
$query="SELECT user_group_id FROM `user_group` WHERE `group_id` = '$groupid ' AND `user_id` = '$userid 'LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['user_group_id'])){
return true;
}else{
return false;
}
}else{
return false;
}
}
/**
* add a user to a group
*
*/
public static function addtogroup($username,$groupname){
if(!OC_USER::ingroup($username,$groupname)){
$userid=OC_USER::getuserid($username);
$groupid=OC_USER::getgroupid($groupname);
if($groupid!=0 and $userid!=0){
$query="INSERT INTO `user_group` (`user_group_id` ,`user_id` ,`group_id`) VALUES (NULL , '$userid', '$groupid');";
$result=OC_DB::query($query);
if($result){
return true;
}else{
return false;
}
}else{
return false;
}
}else{
return true;
}
}
public static function generatepassword(){
return uniqid();
}
/**
* get all groups the user belongs to
*
*/
public static function getusergroups($username){
$userid=OC_USER::getuserid($username);
$query="SELECT group_id FROM `user_group` WHERE `user_id` = '$userid'";
$result=OC_DB::select($query);
$groups=array();
if(is_array($result)){
foreach($result as $group){
$groupid=$group['group_id'];
$groups[]=OC_USER::getgroupname($groupid);
}
}
return $groups;
}
/**
* set the password of a user
*
*/
public static function setpassword($username,$password){
$password=sha1($password);
$userid=OC_USER::getuserid($username);
$query="UPDATE `users` SET `user_password` = '$password' WHERE `user_id` =$userid LIMIT 1 ;";
$result=OC_DB::query($query);
if($result){
return true;
}else{
return false;
}
}
/**
* check the password of a user
*
*/
public static function checkpassword($username,$password){
$password=sha1($password);
$usernameclean=strtolower($username);
$username=mysql_escape_string($username);
$usernameclean=mysql_escape_string($usernameclean);
$query="SELECT user_id FROM `users` WHERE `user_name_clean` = '$usernameclean' AND `user_password` = '$password' LIMIT 1";
$result=OC_DB::select($query);
if(isset($result[0]) && isset($result[0]['user_id']) && $result[0]['user_id']>0){
return true;
}else{
return false;
}
}
}
?>

106
inc/templates/adminform.php
View File

@ -0,0 +1,106 @@
<?php
global $FIRSTRUN;
global $CONFIG_ERROR;
if(!isset($fillDB)) $fillDB=true;
if(!isset($CONFIG_DBHOST)) $CONFIG_DBHOST='localhost';
if(!isset($CONFIG_DBUSER)) $CONFIG_DBUSER='owncloud';
$newuserpassword=OC_USER::generatepassword();
?>
<script type="text/javascript">
function showDBAdmin(){
var show=document.getElementById('dbcreate').checked;
document.getElementById('dbAdminUser').style.display=(show)?'table-row':'none';
document.getElementById('dbAdminPwd').style.display=(show)?'table-row':'none';
}
function dbtypechange(){
var dropdown=action=document.getElementById('dbtype');
var type=dropdown.options[dropdown.selectedIndex].value;
var inputs=Array('dbhost','dbuser','dbpass','dbpass_retype','dbcreaterow','dbAdminPwd','dbAdminUser');
var id,element;
if(type=='sqlite'){
for(i in inputs){
id=inputs[i];
element=document.getElementById(id);
if(element){
element.style.display='none';
}
}
}else if(type=='mysql'){
for(i in inputs){
id=inputs[i];
element=document.getElementById(id);
if(element){
element.style.display='table-row';
}
}
showDBAdmin()
}
}
</script>
<form method="post" enctype="multipart/form-data">
<table cellpadding="5" cellspacing="5" border="0" class="loginform">
<?php
if(!empty($CONFIG_ERROR) and !$FIRSTRUN){
echo "<tr><td colspan='3' class='error'>$CONFIG_ERROR</td></tr>";
}
if(!$FIRSTRUN){?>
<tr><td>current password</td><td><input type="password" name="currentpassword" size="30" class="formstyle"></input></td></tr>
<?php
}
if($FIRSTRUN){?>
<tr><td>admin login:</td><td><input type="text" name="adminlogin" size="30" class="formstyle" value=""></input></td></tr>
<tr><td>admin password:</td><td><input type="password" name="adminpassword" size="30" class="formstyle"></input></td><td>(leave empty to keep current password)</td></tr>
<tr><td>retype admin password:</td><td><input type="password" name="adminpassword2" size="30" class="formstyle"></input></td></tr>
<?php
}
?>
<tr><td>data directory:</td><td><input type="text" name="datadirectory" size="30" class="formstyle" value="<?php echo($CONFIG_DATADIRECTORY);?>"></input></td></tr>
<tr><td>force ssl:</td><td><input type="checkbox" name="forcessl" size="30" class="formstyle" value='<?php echo($CONFIG_HTTPFORCESSL);?>'></input></td></tr>
<tr><td>date format:</td><td><input type="text" name="dateformat" size="30" class="formstyle" value='<?php echo($CONFIG_DATEFORMAT);?>'></input></td></tr>
<tr><td>database type:</td><td>
<select id='dbtype' name="dbtype" onchange='dbtypechange()'>
<?php
global $CONFIG_DBTYPE;
if($CONFIG_DBTYPE=='sqlite'){
?>
<option value="sqlite">SQLite</option>
<option value="mysql">MySQL</option>
<?php
}else{
?>
<option value="mysql">MySQL</option>
<option value="sqlite">SQLite</option>
<?php
}
?>
</select>
</td></tr>
<tr id='dbhost'><td>database host:</td><td><input type="text" name="dbhost" size="30" class="formstyle" value='<?php echo($CONFIG_DBHOST);?>'></input></td></tr>
<tr><td>database name:</td><td><input type="text" name="dbname" size="30" class="formstyle" value='<?php echo($CONFIG_DBNAME);?>'></input></td></tr>
<tr id='dbuser'><td>database user:</td><td><input type="text" name="dbuser" size="30" class="formstyle" value='<?php echo($CONFIG_DBUSER);?>'></input></td></tr>
<tr id='dbpass'><td>database password:</td><td><input type="password" name="dbpassword" size="30" class="formstyle" value=''></input></td><td>(leave empty to keep current password)</td></tr>
<tr id='dbpass_retype'><td>retype database password:</td><td><input type="password" name="dbpassword2" size="30" class="formstyle" value=''></input></td></tr>
<tr id='dbcreaterow'><td>create database and user:</td><td><input id='dbcreate' type="checkbox" name="createdatabase" size="30" class="formstyle" value='1' <?php if($FIRSTRUN) echo 'checked'; ?> onchange='showDBAdmin()'></input></td></tr>
<tr id='dbAdminUser'><td>database administrative user:</td><td><input type="text" name="dbadminuser" size="30" class="formstyle" value='root'></input></td></tr>
<tr id='dbAdminPwd'><td>database administrative password:</td><td><input type="password" name="dbadminpwd" size="30" class="formstyle" value=''></input></td></tr>
<tr><td>automaticly fill initial database:</td><td><input type="checkbox" name="filldb" size="30" class="formstyle" value='1' <?php if($FIRSTRUN) echo 'checked'; ?>></input></td></tr>
<tr><td></td><td><input type="submit" name="set_config" alt="save" value="save" class="formstyle" /></td></tr>
</table></form><br/>
<?php
if(!$FIRSTRUN){?>
<br/>
<form method="post" enctype="multipart/form-data">
<table cellpadding="5" cellspacing="5" border="0" class="loginform">
<tr><td colspan='2'>Create new user:</td></tr>
<tr><td>user name</td><td><input type='text' name='new_username' class="formstyle"></input></td></tr>
<tr><td>password</td><td><input type='text' name='new_password' class="formstyle" autocomplete="off" value='<?php echo($newuserpassword);?>'></input></td></tr>
<tr><td></td><td><input type='submit' value='create' class="formstyle"></input></td></tr>
</table>
</form>
<?php
}
?>
<script type="text/javascript">
dbtypechange()
</script>

99
inc/templates/configform.php
View File

@ -4,85 +4,48 @@ global $CONFIG_ERROR;
if(!isset($fillDB)) $fillDB=true;
if(!isset($CONFIG_DBHOST)) $CONFIG_DBHOST='localhost';
if(!isset($CONFIG_DBUSER)) $CONFIG_DBUSER='owncloud';
$newuserpassword=OC_USER::generatepassword();
?>
<script type="text/javascript">
function showDBAdmin(){
var show=document.getElementById('dbcreate').checked;
document.getElementById('dbAdminUser').style.display=(show)?'table-row':'none';
document.getElementById('dbAdminPwd').style.display=(show)?'table-row':'none';
}
function dbtypechange(){
var dropdown=action=document.getElementById('dbtype');
var type=dropdown.options[dropdown.selectedIndex].value;
var inputs=Array('dbhost','dbuser','dbpass','dbpass_retype','dbcreaterow','dbAdminPwd','dbAdminUser');
var id,element;
if(type=='sqlite'){
for(i in inputs){
id=inputs[i];
element=document.getElementById(id);
if(element){
element.style.display='none';
}
}
}else if(type=='mysql'){
for(i in inputs){
id=inputs[i];
element=document.getElementById(id);
if(element){
element.style.display='table-row';
}
}
showDBAdmin()
}
changepassset=function(){
var change=document.getElementById('changepass').checked;
if(!change){
document.getElementById('new_password').style.display='none';
document.getElementById('new_password_retype').style.display='none';
}else{
document.getElementById('new_password').style.display='table-row';
document.getElementById('new_password_retype').style.display='table-row';
}
}
</script>
<form method="post" enctype="multipart/form-data">
<input type='hidden' name='config' value='1'>
<table cellpadding="5" cellspacing="5" border="0" class="loginform">
<?php
if(!empty($CONFIG_ERROR) and !$FIRSTRUN){
echo "<tr><td colspan='3' class='error'>$CONFIG_ERROR</td></tr>";
}
if(!$FIRSTRUN){?>
<tr><td>current password</td><td><input type="password" name="currentpassword" size="30" class="formstyle"></input></td></tr>
<?php
}
?>
<tr><td>admin login:</td><td><input type="text" name="adminlogin" size="30" class="formstyle" value="<?php echo($CONFIG_ADMINLOGIN);?>"></input></td></tr>
<tr><td>admin password:</td><td><input type="password" name="adminpassword" size="30" class="formstyle"></input></td><td>(leave empty to keep current password)</td></tr>
<tr><td>retype admin password:</td><td><input type="password" name="adminpassword2" size="30" class="formstyle"></input></td></tr>
<tr><td>data directory:</td><td><input type="text" name="datadirectory" size="30" class="formstyle" value="<?php echo($CONFIG_DATADIRECTORY);?>"></input></td></tr>
<tr><td>force ssl:</td><td><input type="checkbox" name="forcessl" size="30" class="formstyle" value='<?php echo($CONFIG_HTTPFORCESSL);?>'></input></td></tr>
<tr><td>date format:</td><td><input type="text" name="dateformat" size="30" class="formstyle" value='<?php echo($CONFIG_DATEFORMAT);?>'></input></td></tr>
<tr><td>database type:</td><td>
<select id='dbtype' name="dbtype" onchange='dbtypechange()'>
<?php
global $CONFIG_DBTYPE;
if($CONFIG_DBTYPE=='sqlite'){
?>
<option value="sqlite">SQLite</option>
<option value="mysql">MySQL</option>
<?php
}else{
?>
<option value="mysql">MySQL</option>
<option value="sqlite">SQLite</option>
<tr><td>enter password</td><td><input type="password" name="currentpassword" size="30" class="formstyle"></input></td></tr>
<tr><td>change password:</td><td><input onchange='changepassset()' id='changepass' type="checkbox" name="changepass" size="30" class="formstyle" value='1'></input></td></tr>
<tr style='display:none' id='new_password'><td>new password:</td><td><input type="password" name="password" size="30" class="formstyle"></input></td></tr>
<tr style='display:none' id='new_password_retype'><td>retype admin password:</td><td><input type="password" name="password2" size="30" class="formstyle"></input></td></tr>
</table>
</form>
Groups:
<form method="post" enctype="multipart/form-data">
<input type='hidden' name='creategroup' value='1'>
<table cellpadding="5" cellspacing="5" border="0" class="loginform">
<tr><td colspan='2' class='center'>Current groups</td></tr>
<?php
$groups=OC_USER::getusergroups($_SESSION['username']);
foreach($groups as $group){
?>
<tr><td><?php echo $group;?></td></tr>
<?php
}
?>
</select>
</td></tr>
<tr id='dbhost'><td>database host:</td><td><input type="text" name="dbhost" size="30" class="formstyle" value='<?php echo($CONFIG_DBHOST);?>'></input></td></tr>
<tr><td>database name:</td><td><input type="text" name="dbname" size="30" class="formstyle" value='<?php echo($CONFIG_DBNAME);?>'></input></td></tr>
<tr id='dbuser'><td>database user:</td><td><input type="text" name="dbuser" size="30" class="formstyle" value='<?php echo($CONFIG_DBUSER);?>'></input></td></tr>
<tr id='dbpass'><td>database password:</td><td><input type="password" name="dbpassword" size="30" class="formstyle" value=''></input></td><td>(leave empty to keep current password)</td></tr>
<tr id='dbpass_retype'><td>retype database password:</td><td><input type="password" name="dbpassword2" size="30" class="formstyle" value=''></input></td></tr>
<tr id='dbcreaterow'><td>create database and user:</td><td><input id='dbcreate' type="checkbox" name="createdatabase" size="30" class="formstyle" value='1' <?php if($FIRSTRUN) echo 'checked'; ?> onchange='showDBAdmin()'></input></td></tr>
<tr id='dbAdminUser'><td>database administrative user:</td><td><input type="text" name="dbadminuser" size="30" class="formstyle" value='root'></input></td></tr>
<tr id='dbAdminPwd'><td>database administrative password:</td><td><input type="password" name="dbadminpwd" size="30" class="formstyle" value=''></input></td></tr>
<tr><td>automaticly fill initial database:</td><td><input type="checkbox" name="filldb" size="30" class="formstyle" value='1' <?php if($FIRSTRUN) echo 'checked'; ?>></input></td></tr>
<tr><td></td><td><input type="submit" name="set_config" alt="save" value="save" class="formstyle" /></td></tr>
</table></form>
<script type="text/javascript">
dbtypechange()
</script>
<tr><td colspan='2' class='center'>Create new group</td></tr>
<tr><td><input type='text' name='groupname' class="formstyle"></input></td><td><input type='submit' value='create' class="formstyle"></input></td></tr>
</table>
</form>

19
inc/templates/header.php
View File

@ -4,7 +4,7 @@
<head>
<title>ownCloud</title>
<base href="<?php echo($WEBROOT); ?>/"/>
<link rel="stylesheet" type="text/css" href="css/default.php"/>
<link rel="stylesheet" type="text/css" href="<?php echo($WEBROOT)?>/css/default.php"/>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_ajax.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_timer.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_notification.js'></script>
@ -12,6 +12,7 @@
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_files.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_event.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_drag.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/lib_api.js'></script>
<script type='text/ecmascript' src='<?php echo($WEBROOT)?>/js/filebrowser.js'></script>
<?php
foreach(OC_UTIL::$scripts as $script){
@ -31,15 +32,25 @@ echo('<h1><a id="owncloud-logo" href="'.$WEBROOT.'"><span>ownCloud</span></a></h
// check if already configured. otherwise start configuration wizard
$error=OC_CONFIG::writeconfiglisener();
$error=OC_CONFIG::writeadminlisener();
if($e=OC_CONFIG::configlisener()){
$error.=$e;
}
if($e=OC_CONFIG::createuserlisener()){
$error.=$e;
}
if($e=OC_CONFIG::creategrouplisener()){
$error.=$e;
}
$CONFIG_ERROR=$error;
if(empty($CONFIG_ADMINLOGIN)) {
global $CONFIG_INSTALLED;
if(!$CONFIG_INSTALLED) {
global $FIRSTRUN;
$FIRSTRUN=true;
echo('<div class="center">');
echo('<p class="errortext">'.$error.'</p>');
echo('<p class="highlighttext">First Run Wizard</p>');
OC_CONFIG::showconfigform();
OC_CONFIG::showadminform();
echo('</div>');
OC_UTIL::showfooter();
exit();

6
js/filebrowser.js
View File

@ -129,16 +129,16 @@ OC_FILES.browser.files.show=function(parent,fileList){
for(name in fileList){
file=fileList[name];
if(!OC_FILES.browser.files.fileNodes[file.name]){
OC_FILES.browser.files.add(file.name,file.type,file.size,file.date);
OC_FILES.browser.files.add(file.name,file.type,file.size,file.date,file.mime);
}
}
}
}
OC_FILES.browser.files.add=function(name,type,size,date){
OC_FILES.browser.files.add=function(name,type,size,date,mime){
if(name){
if(!size) size=0;
if(!date) date=getTimeString();
OC_FILES.files[name]=new OC_FILES.file(OC_FILES.dir,name,type);
OC_FILES.files[name]=new OC_FILES.file(OC_FILES.dir,name,type,mime);
tr=document.createElement('tr');
OC_FILES.browser.files.fileNodes[name]=tr;
OC_FILES.browser.files.tbody.appendChild(tr);

26
files/delete.php → js/lib_api.js
View File

@ -1,5 +1,3 @@
<?php
/**
* ownCloud - ajax frontend
*
@ -20,17 +18,17 @@
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
require_once('../inc/lib_base.php');
$dir=$_GET['dir'];
$file=$_GET['file'];
if(isset($_SESSION['username']) and $_SESSION['username'] and strpos($dir,'..')===false){
$file=$CONFIG_DATADIRECTORY.'/'.$dir.'/'.$file;
if(is_file($file)){
unlink($file);
}elseif(is_dir($file)){
rmdir($file);
}
}
OC_API=new Object();
?>
OC_API.run=function(action,params,callback,callbackparams){
var xmlloader=new OCXMLLoader();
xmlloader.setCallBack(callback);
xmlloader.method="POST";
var paramString='action='+action;
for(name in params){
paramString+='&'+name+'='+encodeURIComponent(params[name]);
}
xmlloader.arg=callbackparams;
xmlloader.load('files/api.php',paramString);
}

116
js/lib_files.js
View File

@ -49,7 +49,7 @@ OC_FILES.getdirectorycontent_parse=function(req){
if(fileElements.length>0){
for(index=0;index<fileElements.length;index++){
var file=new Array();
var attributes=Array('size','name','type','directory','date');
var attributes=Array('size','name','type','directory','date','mime');
for(i in attributes){
var name=attributes[i];
file[name]=fileElements.item(index).getAttribute(name);
@ -87,6 +87,10 @@ OC_FILES.getdirectorycontent=function(dir,callback,refresh){
OC_FILES.dir='';
OC_FILES.get=function(dir,file){
window.location='files/get_file.php?dir='+encodeURIComponent(dir)+'&files='+encodeURIComponent(file);
}
OC_FILES.upload=function(dir,iframeId){
var file=new Object;
var fileSelector=document.getElementById('fileSelector');
@ -102,6 +106,11 @@ OC_FILES.upload=function(dir,iframeId){
return false;
}
}
var mime='';
if(fileSelector.files && fileSelector.files[0].type){
var mime=fileSelector.files[0].type;
}
file.dir=dir;
file.dir=dir;
file.name=name;
file.type='file';
@ -114,9 +123,10 @@ OC_FILES.upload=function(dir,iframeId){
OC_FILES.cache.incomplete[dir][name]['name']=name;
OC_FILES.cache.incomplete[dir][name]['type']='incomplete';
OC_FILES.cache.incomplete[dir][name]['size']=size;
OC_FILES.cache.incomplete[dir][name]['mime']=mime;
OC_FILES.uploadIFrames[iframeId].file=file;
OC_FILES.uploadIFrames[iframeId].addEvent('onload',new callBack(OC_FILES.upload_callback,OC_FILES.uploadIFrames[iframeId]));
OC_FILES.browser.files.add(name,'incomplete',size);
OC_FILES.browser.files.add(name,'incomplete',size,null,mime);
OC_FILES.uploadForm.submit();
if(OC_FILES.uploadForm.parentElement){
OC_FILES.uploadForm.className='hidden';
@ -137,7 +147,7 @@ OC_FILES.upload_callback=function(iframeId){
OC_FILES.cache.files[file.name]['type']=file.type;
this.uploadForm.parentNode.removeChild(this.uploadForm);
this.parentNode.removeChild(this);
delete OC_FILES.uploadIFrames[file.iframeId];
OC_FILES.uploadIFrames[file.iframeId]=null;
OC_FILES.browser.show(file.dir);
}
}
@ -154,14 +164,12 @@ OC_FILES.rename=function(dir,file,event){
OC_FILES.browser.show(OC_FILES.dir);
return false;
}
xmlloader=new OCXMLLoader();
xmlloader.setCallBack(OC_FILES.rename_callback);
xmlloader.arg=new Object;
xmlloader.arg.oldname=file;
xmlloader.arg.newname=newname;
xmlloader.arg.dir=dir;
xmlloader.arg.type=OC_FILES.cache.files[file]['type'];
xmlloader.load('files/rename.php?dir='+dir+'&file='+file+'&newname='+newname);
arg=new Object;
arg.oldname=file;
arg.newname=newname;
arg.dir=dir;
arg.type=OC_FILES.cache.files[file]['type'];
OC_API.run('rename',{dir:dir,file:file,newname:newname},OC_FILES.rename_callback,arg)
if(!OC_FILES.cache.incomplete[dir]){
OC_FILES.cache.incomplete[dir]=Array();
}
@ -184,12 +192,9 @@ OC_FILES.rename_callback=function(req,file){
}
OC_FILES.remove=function(dir,file){
remove=confirm('remove file \''+file+'\'?');
remove=confirm('delete file \''+file+'\'?');
if(remove){
xmlloader=new OCXMLLoader();
xmlloader.setCallBack(OC_FILES.remove_callback);
xmlloader.arg=file;
xmlloader.load('files/delete.php?dir='+dir+'&file='+file);
OC_API.run('delete',{dir:dir,file:file},OC_FILES.remove_callback,file)
OC_FILES.browser.files.remove(file);
delete OC_FILES.cache.files[file];
}
@ -212,13 +217,11 @@ OC_FILES.getSelected=function(){
}
OC_FILES.newFile=function(type,name,dir){
xmlloader=new OCXMLLoader();
xmlloader.arg=new Object;
xmlloader.arg.name=name;
xmlloader.arg.dir=dir;
xmlloader.arg.type=type;
xmlloader.setCallBack(OC_FILES.new_callback);
xmlloader.load('files/new.php?type='+type+'&dir='+dir+'&name='+name);
arg=new Object;
arg.name=name;
arg.dir=dir;
arg.type=type;
OC_API.run('new',{dir:dir,name:name,type:type},OC_FILES.new_callback,arg)
if(!OC_FILES.cache.incomplete[dir]){
OC_FILES.cache.incomplete[dir]=Array();
}
@ -233,8 +236,9 @@ OC_FILES.new_callback=function(req,file){
OC_FILES.cache.files[file.name]=OC_FILES.cache.incomplete[file.dir][file.name];
delete OC_FILES.cache.incomplete[file.dir][file.name];
OC_FILES.cache.files[file.name]['type']=file.type;
OC_FILES.browser.files.remove(name);
OC_FILES.browser.show(OC_FILES.dir);
OC_FILES.browser.files.remove(file.name);
// OC_FILES.browser.files.add(name);
OC_FILES.browser.show(OC_FILES.dir,true);
}
OC_FILES.move=function(source,target,sourceDir,targetDir){
@ -248,17 +252,15 @@ OC_FILES.move=function(source,target,sourceDir,targetDir){
if(!OC_FILES.cache.incomplete[targetDir+'/'+target]){
OC_FILES.cache.incomplete[targetDir+'/'+target]=Array();
}
xmlloader=new OCXMLLoader();
xmlloader.arg=new Object;
xmlloader.arg.source=source;
xmlloader.arg.target=target;
xmlloader.arg.sourceDir=sourceDir;
xmlloader.arg.targetDir=targetDir;
xmlloader.arg.type=OC_FILES.cache.files[source]['type'];
arg=new Object;
arg.source=source;
arg.target=target;
arg.sourceDir=sourceDir;
arg.targetDir=targetDir;
arg.type=OC_FILES.cache.files[source]['type'];
OC_FILES.cache.files[source]['type']='incomplete';
OC_FILES.cache.incomplete[targetDir+'/'+target][source]=OC_FILES.cache.files[source]
xmlloader.setCallBack(OC_FILES.move_callback);
xmlloader.load('files/move.php?sourcedir='+sourceDir+'&targetdir='+targetDir+'&source='+source+'&target='+target);
OC_FILES.cache.incomplete[targetDir+'/'+target][source]=OC_FILES.cache.files[source];
OC_API.run('move',{sourcedir:sourceDir,source:source,targetdir:targetDir,target:target},OC_FILES.move_callback,arg);
}
}
@ -293,11 +295,12 @@ OC_FILES.actions_selected.download=function(){
if(files.length==0){
return false;
}else if(files.length>1){
files.join(';');
files=files.join(';');
}else{
files=files[0];
}
window.location=WEBROOT+'/files/get_file.php?dir='+OC_FILES.dir+'&files='+files;
OC_FILES.get(dir,files);
// window.location=WEBROOT+'/files/get_file.php?dir='+OC_FILES.dir+'&files='+files;
}
OC_FILES.actions_selected['delete']=function(){
@ -309,11 +312,17 @@ OC_FILES.actions_selected['delete']=function(){
OC_FILES.files=Array();
OC_FILES.file=function(dir,file,type){
OC_FILES.file=function(dir,file,type,mime){
if(file){
this.type=type;
this.file=file;
this.dir=dir;
this.mime=mime;
if(mime){
var mimeParts=mime.split('/');
this.mime1=mimeParts[0];
this.mime2=mimeParts[1];
}
this.actions=new Object();
if(file.lastIndexOf('.')){
this.extention=file.substr(file.lastIndexOf('.')+1);
@ -332,10 +341,17 @@ OC_FILES.file=function(dir,file,type){
}
}
}
if(OC_FILES.fileActions[this.extention]){
for(index in OC_FILES.fileActions[this.extention]){
if(OC_FILES.fileActions[this.extention][index].call){
this.actions[index]=OC_FILES.fileActions[this.extention][index];
if(OC_FILES.fileActions[this.mime1]){
for(index in OC_FILES.fileActions[this.mime1]){
if(OC_FILES.fileActions[this.mime1][index].call){
this.actions[index]=OC_FILES.fileActions[this.mime1][index];
}
}
}
if(OC_FILES.fileActions[this.mime]){
for(index in OC_FILES.fileActions[this.mime]){
if(OC_FILES.fileActions[this.mime][index].call){
this.actions[index]=OC_FILES.fileActions[this.mime][index];
}
}
}
@ -361,7 +377,7 @@ OC_FILES.fileActions.all.rename=function(){
OC_FILES.browser.show_rename(this.dir,this.file);
}
OC_FILES.fileActions.all.download=function(){
window.location=WEBROOT+'/files/get_file.php?dir='+this.dir+'&files='+this.file;
OC_FILES.get(this.dir,this.file);
}
OC_FILES.fileActions.all['default']=OC_FILES.fileActions.all.download;
@ -373,19 +389,13 @@ OC_FILES.fileActions.dir.open=function(){
OC_FILES.fileActions.dir['default']=OC_FILES.fileActions.dir.open;
OC_FILES.fileActions.dir.dropOn=function(file){
OC_FILES.move(file.file,this.file,file.dir,this.dir);
OC_FILES.move(file.file,file.file,file.dir,this.dir+'/'+this.file);
}
OC_FILES.fileActions.jpg=new Object()
OC_FILES.fileActions.image=new Object()
OC_FILES.fileActions.jpg.show=function(){
// window.open(WEBROOT+'/files/open_file.php?dir='+this.dir+'&file='+this.file);
OC_FILES.fileActions.image.show=function(){
OC_FILES.browser.showImage(this.dir,this.file);
}
OC_FILES.fileActions.jpg['default']=OC_FILES.fileActions.jpg.show;
OC_FILES.fileActions.jpeg=OC_FILES.fileActions.jpg
OC_FILES.fileActions.png=OC_FILES.fileActions.jpg
OC_FILES.fileActions.gif=OC_FILES.fileActions.jpg
OC_FILES.fileActions.bmp=OC_FILES.fileActions.jpg
OC_FILES.fileActions.image['default']=OC_FILES.fileActions.image.show;

17
webdav/owncloud.php
View File

@ -23,7 +23,7 @@
require_once('../inc/lib_base.php');
require_once('HTTP/WebDAV/Server/Filesystem.php');
oc_require_once('HTTP/WebDAV/Server/Filesystem.php');
ini_set('default_charset', 'UTF-8');
@ -38,12 +38,15 @@ if(empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['REDIRECT_REMOTE_USER']))
$user=$_SERVER['PHP_AUTH_USER'];
$passwd=$_SERVER['PHP_AUTH_PW'];
if(($user==$CONFIG_ADMINLOGIN) and ($passwd==$CONFIG_ADMINPASSWORD )){
$server = new HTTP_WebDAV_Server_Filesystem();
$server->db_name = $CONFIG_DBNAME;
$server->ServeRequest($CONFIG_DATADIRECTORY);
if(OC_USER::login($user,$passwd)){
$CONFIG_DATADIRECTORY=$SERVERROOT.'/data/'.$_SESSION['username_clean'];
if(!is_dir($CONFIG_DATADIRECTORY)){
mkdir($CONFIG_DATADIRECTORY);
}
$server = new HTTP_WebDAV_Server_Filesystem();
$server->db_name = $CONFIG_DBNAME;
$server->ServeRequest($CONFIG_DATADIRECTORY);
}else{
header('WWW-Authenticate: Basic realm="ownCloud"');
header('HTTP/1.0 401 Unauthorized');

Write Preview
Loading…
Cancel
Save