directories are working
users still have dependencies to database code
This commit is contained in:
Jan Dittberner 2007-11-21 23:00:58 +00:00
parent 5e60bf4a9a
commit 7bffc8bf97
12 changed files with 168 additions and 183 deletions

View File

@ -1,2 +0,0 @@
DirectoryIndex index.php
require group davadmin

View File

@ -27,19 +27,27 @@
* 02110-1301 USA.
*/
if (!isset($_SERVER['DavAdminConfDir'])) {
header('HTTP/1.0 500 Internal Server Error');
header('Status: 500 Internal Server Error');
header('Content-Type: text/plain;charset=utf8');
print("The Server is not configured correctly. " .
"Please tell your Administrator to set the " .
"DavAdminConfDir environment variable.");
exit();
}
/** Include configuration information. */
require_once('config.inc.php');
require_once($_SERVER['DavAdminConfDir'] . '/config.inc.php');
/** DAV administrator group name. */
define(ADMIN_GROUP, 'davadmin');
/** DAV administration application subdirectory. */
define(ADMIN_DIR, 'admin');
/** Include the Smarty template engine. */
require_once("smarty/libs/Smarty.class.php");
/** Global Smarty template engine instance. */
$smarty = new Smarty();
$smarty->compile_dir = $davconfig['compile_dir'];
/** Handle invalid requests to the application. */
function invalidCall() {
@ -64,12 +72,47 @@ function errorAsHtml($errormsg) {
die();
}
/**
* Handle a PDO statement error.
*
* @param PDOStatement $sth statement handle
*/
function statementErrorAsXml(&$sth) {
errorAsXml(utf8_encode(implode("\n", $sth->errorInfo())));
function getFullPath($dirname) {
return $GLOBALS['davconfig']['dav.dir'] . DIRECTORY_SEPARATOR . $dirname;
}
// check configuration
$errmsgs = array();
if (!isset($davconfig['digest.file'])) {
array_push($errmsgs, 'digest.file not defined');
} elseif (!is_readable($davconfig['digest.file']) ||
!is_writable($davconfig['digest.file'])) {
array_push($errmsgs,
'The specified digest file is not readable and writable.');
}
if (!isset($davconfig['group.file'])) {
array_push($errmsgs, 'group.file not defined');
} elseif (!is_readable($davconfig['group.file']) ||
!is_writable($davconfig['group.file'])) {
array_push($errmsgs,
'The specified group file is not readable and writable.');
}
if (!isset($davconfig['namemap.file'])) {
array_push($errmsgs, 'namemap.file not defined');
} elseif (!is_readable($davconfig['namemap.file']) ||
!is_writable($davconfig['namemap.file'])) {
array_push($errmsgs,
'The specified name mapping file is not readable and writable.');
}
if (!isset($davconfig['dav.dir'])) {
array_push($errmsgs, 'dav.dir not defined');
} elseif (!is_dir($davconfig['dav.dir']) ||
!is_readable($davconfig['dav.dir']) ||
!is_writable($davconfig['dav.dir'])) {
array_push($errmsgs,
'The specified DAV directory is no directory or not accessable.');
}
if (!empty($errmsgs)) {
errorAsHtml(implode("<br />", $errmsgs));
}
$namemap = json_decode(readfile($davconfig['namemap.file']), true);
if ($namemap === NULL) {
$namemap = array();
}
?>

View File

@ -53,7 +53,7 @@ $mandatorygroups = array(ADMIN_GROUP);
* @return an array of group names
*/
function getDirGroupsFromHtaccess($dirname) {
$htaccessname = $dirname . DIRECTORY_SEPARATOR . ".htaccess";
$htaccessname = getFullPath($dirname) . DIRECTORY_SEPARATOR . ".htaccess";
$groups = array();
if (false !== ($fh = fopen($htaccessname, "r"))) {
while (!feof($fh)) {
@ -73,17 +73,6 @@ function getDirGroupsFromHtaccess($dirname) {
return $groups;
}
/**
* Gets the names of groups for a directory.
*
* @param string $dirname directory name relative to {@link DAV_ROOT}
* @return an array of group names
* @see #getDirGroupsFromHtaccess(string)
*/
function getDirGroups($dirname) {
return getDirGroupsFromHtaccess(DAV_ROOT . DIRECTORY_SEPARATOR . $dirname);
}
/**
* Counts the visible files and their accumulated size in a directory
* tree.
@ -120,7 +109,7 @@ function getDirectoryData($dirname) {
$dir = array();
$dir['name'] = basename($dirname);
$dir['groups'] = getDirGroupsFromHtaccess($dirname);
list($dir['filecount'], $dir['filesize']) = countFilesRecursive($dirname);
list($dir['filecount'], $dir['filesize']) = countFilesRecursive(getFullPath($dirname));
$dir['maydelete'] = ($dir['filecount'] == 0) ? 1 : 0;
$dir['filesize'] = sprintf("%d kBytes", $dir['filesize'] / 1024);
return $dir;
@ -129,12 +118,12 @@ function getDirectoryData($dirname) {
/**
* Gets XML encoded data of a directory.
*
* @param string $dirname dirname relative to {@link DAV_ROOT}
* @param string $dirname dirname relative to {@link $davconfig['dav.dir']}
* @return XML string
*/
function getDirectoryDataAsXml($dirname) {
if (is_dir(DAV_ROOT . $dirname)) {
$dirdata = getDirectoryData(DAV_ROOT . $dirname);
if (is_dir(getFullPath($dirname))) {
$dirdata = getDirectoryData($dirname);
header("Content-Type: text/xml; charset=UTF-8");
return sprintf('<?xml version="1.0" encoding="utf8"?><directory><dirname>%s</dirname><groups>%s</groups><filecount>%d</filecount><filesize>%s</filesize><maydelete>%d</maydelete></directory>', $dirdata['name'], implode(", ", $dirdata['groups']), $dirdata['filecount'], $dirdata['filesize'], $dirdata['maydelete']);
} else {
@ -145,7 +134,7 @@ function getDirectoryDataAsXml($dirname) {
/**
* Gets XML encoded data of a deleted directory.
*
* @param string $dirname directory name relative to {@link DAV_ROOT}
* @param string $dirname directory name relative to {@link $davconfig['dav.dir']}
* @return XML string
*/
function getDeletedDirectoryData($dirname) {
@ -155,19 +144,19 @@ function getDeletedDirectoryData($dirname) {
/**
* Gets the list of directory data for all valid directories below
* {@link DAV_ROOT}.
* {@link $davconfig['dav.dir']}.
*
* @return array of directory data arrays
* @see #getDirectoryData(string)
*/
function getDirectories() {
$dirs = array();
if (false !== ($entries = scandir(DAV_ROOT))) {
if (false !== ($entries = scandir($GLOBALS['davconfig']['dav.dir']))) {
foreach ($entries as $entry) {
if (is_dir(DAV_ROOT . $entry)) {
if (is_dir(getFullPath($entry))) {
if (strpos($entry, '.') !== 0) {
if ($entry != ADMIN_DIR) {
array_push($dirs, getDirectoryData(DAV_ROOT . $entry));
array_push($dirs, getDirectoryData($entry));
}
}
}
@ -180,11 +169,11 @@ function getDirectories() {
* Sets the groups of a directory in its .htaccess file. Mandatory
* groups are added automatically.
*
* @param string $dirname directory name relative to {@link DAV_ROOT}
* @param string $dirname directory name relative to {@link $davconfig['dav.dir']}
* @param array &$groups reference to a list of group names
*/
function setGroups($dirname, &$groups) {
$fullname = DAV_ROOT . $dirname;
$fullname = getFullPath($dirname);
foreach ($groups as $key => $value) {
$groups[$key] = trim($value);
}
@ -226,13 +215,13 @@ function setGroups($dirname, &$groups) {
* Updates a directory to be accessible by the given list of
* groups. The directory is created if it doesn't exist.
*
* @param string $dirname directory name relative to {@link DAV_ROOT}
* @param string $dirname directory name relative to {@link $davconfig['dav.dir']}
* @param array $groups a list of group names
*/
function updateDirectory($dirname, $groups) {
if (preg_match(DIRNAMERE, $dirname, $matches)) {
if ($dirname != ADMIN_DIR) {
$fullname = DAV_ROOT . $dirname;
$fullname = getFullPath($dirname);
if (file_exists($fullname)) {
if (!is_dir($fullname)) {
errorAsXml(sprintf(_("There already is a directory entry named %s, but it's not a directory!"), $dirname));
@ -273,17 +262,15 @@ function delrecursive($fullname) {
* Deletes the given directory if it has a valid name and is not the
* administration interface directory.
*
* @param string $dirname directory name relative to {@link DAV_ROOT}
* @param string $dirname directory name relative to {@link $davconfig['dav.dir']}
*/
function deleteDirectory($dirname) {
global $davconfig;
if (preg_match(DIRNAMERE, $dirname, $matches)) {
if ($dirname != ADMIN_DIR) {
$fullname = DAV_ROOT . $dirname;
if (is_dir($fullname)) {
return delrecursive($fullname);
}
$fullname = $davconfig['dav.dir'] . DIRECTORY_SEPARATOR . $dirname;
if (is_dir($fullname)) {
return delrecursive($fullname);
}
errorAsXml(_("Tried to delete the administration interface directory!"));
}
errorAsXml(sprintf(_("Invalid directory name %s!"), $dirname));
}

View File

@ -31,18 +31,5 @@
include_once('common.inc.php');
header("Content-Type: text/html; charset=UTF-8");
try {
$dbh = new PDO($dsn, $dbuser, $dbpass);
$query = $dbh->prepare("SELECT firstname, lastname FROM dav_password WHERE username=:username");
$currentuser = $_SERVER['PHP_AUTH_USER'];
$query->execute(array(":username" => $currentuser));
$row = $query->fetch(PDO::FETCH_ASSOC);
$smarty->assign("firstname", $row['firstname']);
$smarty->assign("lastname", $row['lastname']);
$smarty->display("start.html");
$dbh = null;
} catch (PDOException $e) {
$smarty->setErrorMsg($e->getMessage());
$smarty->display("error.html");
}
$smarty->display("start.html");
?>

View File

@ -67,7 +67,7 @@ function displaydirectoryeditor(title, dirname, groups) {
return false;
}
$.post(
"/dav/admin/directories.php",
"/davadmin/directories.php",
{method : 'submitdirectory',
dirname : this.dirname.value,
groups : this.groups.value},

View File

@ -1,7 +1,7 @@
{include file="header.html" title="Verzeichnisverwaltung"}
<script type="text/javascript" src="/dav/admin/scripts/helper.js"></script>
<script type="text/javascript" src="/dav/admin/scripts/autocomplete.js"></script>
<script type="text/javascript" src="/dav/admin/scripts/directories.js"></script><div id="content">
<script type="text/javascript" src="scripts/helper.js"></script>
<script type="text/javascript" src="scripts/autocomplete.js"></script>
<script type="text/javascript" src="scripts/directories.js"></script><div id="content">
<h1>WebDAV-Verwaltung</h1>
<h2>Verzeichnisverwaltung</h2>
<table id="dirtable">

View File

@ -0,0 +1,9 @@
<html>
<head>
<title>DavAdmin - An error occured</title>
</head>
<body>
<h1>DavAdmin - An error occured</h1>
<p>{$errormsg}</p>
</body>
</html>

View File

@ -1,7 +1,6 @@
{include file="header.html"}
<h1>WebDAV-Verwaltung</h1>
<p>Hallo {$firstname} {$lastname},<br />
willkommen zur WebDAV-Verwaltung für {$smarty.server.SERVER_NAME}. Ihnen
<p>Willkommen zur WebDAV-Verwaltung für {$smarty.server.SERVER_NAME}. Ihnen
stehen folgende Möglichkeiten zur Verfügung.</p>
<ul>
<li><a href="directories.php">Verzeichnisse verwalten</a></li>

View File

@ -1,7 +1,7 @@
{include file="header.html" title="Nutzerverwaltung"}
<script type="text/javascript" src="/dav/admin/scripts/helper.js"></script>
<script type="text/javascript" src="/dav/admin/scripts/autocomplete.js"></script>
<script type="text/javascript" src="/dav/admin/scripts/users.js"></script>
<script type="text/javascript" src="scripts/helper.js"></script>
<script type="text/javascript" src="scripts/autocomplete.js"></script>
<script type="text/javascript" src="scripts/users.js"></script>
<div id="content">
<h1>WebDAV-Verwaltung</h1>
<h2>Nutzerverwaltung</h2>

View File

@ -30,6 +30,24 @@
/** Include common code. */
include_once('common.inc.php');
function getGroups($username) {
$groupdata = file($GLOBALS['davconfig']['group.file']);
$retval = array();
foreach ($groupdata as $line) {
$colonpos = strpos($line, ":");
if ($colonpos > 0) {
$groupname = trim(substr($line, 0, $colonpos - 1));
$users = explode(" ", substr($line, $colonpos + 1));
foreach ($users as $user) {
if (trim($user) == $username) {
array_push($retval, $groupname);
}
}
}
}
return $retval;
}
/**
* Gets XML encoded data for a user.
*
@ -37,34 +55,15 @@ include_once('common.inc.php');
* @return XML string
*/
function getUserData($uid) {
if (!is_numeric($uid)) {
if (!(is_numeric($uid) && array_key_exists($uid, $GLOBALS['namemap']))) {
errorAsXml(sprintf(_("Invalid user id %s"), $uid));
}
try {
$currentuser = $_SERVER['PHP_AUTH_USER'];
$dbh = new PDO($GLOBALS['dsn'], $GLOBALS['dbuser'], $GLOBALS['dbpass']);
$sth = $dbh->prepare("SELECT groupname FROM dav_group, dav_password WHERE dav_group.username=dav_password.username AND dav_password.uid=:uid");
if (!$sth->execute(array(':uid' => $uid))) {
statementErrorAsXml($sth);
}
$groups = array();
while ($grouprow = $sth->fetch(PDO::FETCH_ASSOC)) {
array_push($groups, $grouprow['groupname']);
}
$sth = $dbh->prepare("SELECT username, firstname, lastname FROM dav_password WHERE uid=:uid");
if (!$sth->execute(array(':uid' => $uid))) {
statementErrorAsXml($sth);
}
$row = $sth->fetch(PDO::FETCH_ASSOC);
$retval = sprintf('<?xml version="1.0" encoding="utf8"?><userdata><uid>%d</uid><username>%s</username><firstname>%s</firstname><lastname>%s</lastname><groups>%s</groups><loggedin>%d</loggedin></userdata>',
$uid, $row['username'], $row['firstname'],
$row['lastname'], implode(", ", $groups),
($currentuser == $row['username']) ? 1 : 0);
$dbh = null;
} catch (PDOException $e) {
errorAsXml($e->getMessage());
}
$row = $GLOBALS['namemap'][$uid];
$groups = getGroups($row['username']);
$retval = sprintf('<?xml version="1.0" encoding="utf8"?><userdata><uid>%d</uid><username>%s</username><firstname>%s</firstname><lastname>%s</lastname><groups>%s</groups><loggedin>0</loggedin></userdata>',
$uid, $row['username'], $row['firstname'],
$row['lastname'], implode(", ", $groups));
header("Content-Type: text/xml; charset=UTF-8");
return $retval;
}
@ -123,6 +122,11 @@ function validateUserData(&$userdata, $forinsert) {
return $errormsgs;
}
function createDigest($username, $realm, $password) {
return sprintf("%s:%s:%s", $username, $realm,
md5(sprintf("%s:%s:%s", $username, $realm, $password)));
}
/**
* Updates the data of a user in the database.
*
@ -297,21 +301,9 @@ if ($_GET) {
}
} else {
$currentuser = $_SERVER['PHP_AUTH_USER'];
header("Content-Type: text/html; charset=UTF-8");
try {
$dbh = new PDO($dsn, $dbuser, $dbpass);
$query = $dbh->prepare("SELECT uid, username, firstname, lastname FROM dav_password ORDER BY username");
$query->execute();
$rows = $query->fetchall(PDO::FETCH_ASSOC);
foreach ($rows as $key => $value) {
$value['loggedin'] = ($value['username'] == $currentuser);
$rows[$key] = $value;
}
$smarty->assign("users", $rows);
$smarty->display("users.html");
} catch (PDOException $e) {
errorAsHtml($e->getMessage());
}
$smarty->assign("users", $namemap);
$smarty->display("users.html");
}
?>

View File

@ -1,35 +1,14 @@
<?php
/**
* Global configuration for WebDAVAdmin.
*
* @author Jan Dittberner <jan@dittberner.info>
* @version $Id$
* @license GPL
* @package WebDAVAdmin
*
* Copyright (c) 2007 Jan Dittberner
*
* This file is part of WebDAVAdmin.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301 USA.
/*
* DavAdmin configuration file.
*/
/** Absolute path to DAV area root directory with a trailing slash. */
define(DAV_ROOT, '@davrootdirectory@');
/** Include the database settings. */
require_once('@path.to.dbsettings@/dbsettings.inc.php');
?>
$davconfig = array(
// Absolute path to template compile dir
'compile_dir' => '/home/www/dav/templates_c',
'digest.file' => '/home/www/dav/auth/dav.htdigest',
'group.file' => '/home/www/dav/auth/dav.groups',
'namemap.file' => '/home/www/dav/auth/dav.namemap',
'dav.dir' => '/home/www/dav/html/dav',
);
?>

View File

@ -1,52 +1,43 @@
<VirtualHost *:80>
ServerAdmin webmaster@davhost.yourdomain.net
ServerName davhost.yourdomain.net
DavLockDb /var/run/apache2/davlock/davhost.yourdomain.net
DocumentRoot /home/www/usr29/html
<VirtualHost 127.0.0.1:80>
ServerAdmin jan@dittberner.info
ServerName dav.localhost
php_admin_value allow_call_time_pass_reference 1
<Directory /var/www/dav>
Dav on
AllowOverride AuthConfig Indexes
Order Allow,Deny
allow from all
AuthType Basic
AuthName "WebDAV on davhost"
AuthBasicAuthoritative Off
AuthUserFile /etc/apache2/auth/davhost.yourdomain.net
DavLockDb /var/run/apache2/davlock/davhost.localhost
DocumentRoot /home/www/dav/html
Alias /davadmin /home/jan/work/projects/davadmin/trunk/admin
Auth_PG_host localhost
Auth_PG_port 5432
Auth_PG_user @dbuser@
Auth_PG_pwd @dbpassword@
Auth_PG_database @dbname@
php_admin_value allow_call_time_pass_reference 1
<Directory /home/www/dav/html/dav>
Dav on
AllowOverride AuthConfig Indexes
Order Allow,Deny
allow from all
</Directory>
Auth_PG_pwd_table dav_password
Auth_PG_uid_field username
Auth_PG_pwd_field password
Auth_PG_grp_table dav_group
Auth_PG_grp_user_field username
Auth_PG_grp_group_field groupname
Auth_PG_hash_type MD5
<Location /davadmin>
AuthType Digest
AuthName "WebDAV Administration"
AuthDigestDomain /davadmin http://dav.localhost/davadmin
#Auth_PG_log_table dav_log
#Auth_PG_log_uname_field username
#Auth_PG_log_date_field reqdate
#Auth_PG_log_uri_field uri
#Auth_PG_log_addrs_field ipaddr
Auth_PG_authoritative on
SetEnv DavAdminConfDir /home/www/dav/conf
require group davroot
</Directory>
AuthDigestProvider file
AuthUserFile /home/www/dav/auth/davadmin.htdigest
require valid-user
</Location>
ErrorLog /var/log/apache2/davhost.yourdomain.net_error.log
<Location /dav/>
AuthType Digest
AuthName "WebDAV on dav.localhost"
AuthDigestDomain /dav/
AuthDigestProvider file
AuthUserFile /home/www/dav/auth/dav.htdigest
AuthGroupFile /home/www/dav/auth/dav.groups
</Location>
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/davhost.yourdomain.net_access.log combined
ErrorLog /var/log/apache2/davhost.localhost_error.log
LogLevel warn
CustomLog /var/log/apache2/davhost.localhost_access.log combined
</VirtualHost>