diff --git a/admin/.htaccess b/admin/.htaccess
deleted file mode 100644
index ef07044..0000000
--- a/admin/.htaccess
+++ /dev/null
@@ -1,2 +0,0 @@
-DirectoryIndex index.php
-require group davadmin
diff --git a/admin/common.inc.php b/admin/common.inc.php
index 594f641..53b41f0 100644
--- a/admin/common.inc.php
+++ b/admin/common.inc.php
@@ -27,19 +27,27 @@
* 02110-1301 USA.
*/
+if (!isset($_SERVER['DavAdminConfDir'])) {
+ header('HTTP/1.0 500 Internal Server Error');
+ header('Status: 500 Internal Server Error');
+ header('Content-Type: text/plain;charset=utf8');
+ print("The Server is not configured correctly. " .
+ "Please tell your Administrator to set the " .
+ "DavAdminConfDir environment variable.");
+ exit();
+}
/** Include configuration information. */
-require_once('config.inc.php');
+require_once($_SERVER['DavAdminConfDir'] . '/config.inc.php');
/** DAV administrator group name. */
define(ADMIN_GROUP, 'davadmin');
-/** DAV administration application subdirectory. */
-define(ADMIN_DIR, 'admin');
/** Include the Smarty template engine. */
require_once("smarty/libs/Smarty.class.php");
/** Global Smarty template engine instance. */
$smarty = new Smarty();
+$smarty->compile_dir = $davconfig['compile_dir'];
/** Handle invalid requests to the application. */
function invalidCall() {
@@ -64,12 +72,47 @@ function errorAsHtml($errormsg) {
die();
}
-/**
- * Handle a PDO statement error.
- *
- * @param PDOStatement $sth statement handle
- */
-function statementErrorAsXml(&$sth) {
- errorAsXml(utf8_encode(implode("\n", $sth->errorInfo())));
+function getFullPath($dirname) {
+ return $GLOBALS['davconfig']['dav.dir'] . DIRECTORY_SEPARATOR . $dirname;
+}
+
+// check configuration
+$errmsgs = array();
+if (!isset($davconfig['digest.file'])) {
+ array_push($errmsgs, 'digest.file not defined');
+} elseif (!is_readable($davconfig['digest.file']) ||
+ !is_writable($davconfig['digest.file'])) {
+ array_push($errmsgs,
+ 'The specified digest file is not readable and writable.');
+}
+if (!isset($davconfig['group.file'])) {
+ array_push($errmsgs, 'group.file not defined');
+} elseif (!is_readable($davconfig['group.file']) ||
+ !is_writable($davconfig['group.file'])) {
+ array_push($errmsgs,
+ 'The specified group file is not readable and writable.');
+}
+if (!isset($davconfig['namemap.file'])) {
+ array_push($errmsgs, 'namemap.file not defined');
+} elseif (!is_readable($davconfig['namemap.file']) ||
+ !is_writable($davconfig['namemap.file'])) {
+ array_push($errmsgs,
+ 'The specified name mapping file is not readable and writable.');
+}
+if (!isset($davconfig['dav.dir'])) {
+ array_push($errmsgs, 'dav.dir not defined');
+} elseif (!is_dir($davconfig['dav.dir']) ||
+ !is_readable($davconfig['dav.dir']) ||
+ !is_writable($davconfig['dav.dir'])) {
+ array_push($errmsgs,
+ 'The specified DAV directory is no directory or not accessable.');
+}
+if (!empty($errmsgs)) {
+ errorAsHtml(implode("
", $errmsgs));
+}
+
+$namemap = json_decode(readfile($davconfig['namemap.file']), true);
+if ($namemap === NULL) {
+ $namemap = array();
}
?>
\ No newline at end of file
diff --git a/admin/directories.php b/admin/directories.php
index dd2e5c4..6171d0c 100644
--- a/admin/directories.php
+++ b/admin/directories.php
@@ -53,7 +53,7 @@ $mandatorygroups = array(ADMIN_GROUP);
* @return an array of group names
*/
function getDirGroupsFromHtaccess($dirname) {
- $htaccessname = $dirname . DIRECTORY_SEPARATOR . ".htaccess";
+ $htaccessname = getFullPath($dirname) . DIRECTORY_SEPARATOR . ".htaccess";
$groups = array();
if (false !== ($fh = fopen($htaccessname, "r"))) {
while (!feof($fh)) {
@@ -73,17 +73,6 @@ function getDirGroupsFromHtaccess($dirname) {
return $groups;
}
-/**
- * Gets the names of groups for a directory.
- *
- * @param string $dirname directory name relative to {@link DAV_ROOT}
- * @return an array of group names
- * @see #getDirGroupsFromHtaccess(string)
- */
-function getDirGroups($dirname) {
- return getDirGroupsFromHtaccess(DAV_ROOT . DIRECTORY_SEPARATOR . $dirname);
-}
-
/**
* Counts the visible files and their accumulated size in a directory
* tree.
@@ -120,7 +109,7 @@ function getDirectoryData($dirname) {
$dir = array();
$dir['name'] = basename($dirname);
$dir['groups'] = getDirGroupsFromHtaccess($dirname);
- list($dir['filecount'], $dir['filesize']) = countFilesRecursive($dirname);
+ list($dir['filecount'], $dir['filesize']) = countFilesRecursive(getFullPath($dirname));
$dir['maydelete'] = ($dir['filecount'] == 0) ? 1 : 0;
$dir['filesize'] = sprintf("%d kBytes", $dir['filesize'] / 1024);
return $dir;
@@ -129,12 +118,12 @@ function getDirectoryData($dirname) {
/**
* Gets XML encoded data of a directory.
*
- * @param string $dirname dirname relative to {@link DAV_ROOT}
+ * @param string $dirname dirname relative to {@link $davconfig['dav.dir']}
* @return XML string
*/
function getDirectoryDataAsXml($dirname) {
- if (is_dir(DAV_ROOT . $dirname)) {
- $dirdata = getDirectoryData(DAV_ROOT . $dirname);
+ if (is_dir(getFullPath($dirname))) {
+ $dirdata = getDirectoryData($dirname);
header("Content-Type: text/xml; charset=UTF-8");
return sprintf('%s%s%d%s%d', $dirdata['name'], implode(", ", $dirdata['groups']), $dirdata['filecount'], $dirdata['filesize'], $dirdata['maydelete']);
} else {
@@ -145,7 +134,7 @@ function getDirectoryDataAsXml($dirname) {
/**
* Gets XML encoded data of a deleted directory.
*
- * @param string $dirname directory name relative to {@link DAV_ROOT}
+ * @param string $dirname directory name relative to {@link $davconfig['dav.dir']}
* @return XML string
*/
function getDeletedDirectoryData($dirname) {
@@ -155,19 +144,19 @@ function getDeletedDirectoryData($dirname) {
/**
* Gets the list of directory data for all valid directories below
- * {@link DAV_ROOT}.
+ * {@link $davconfig['dav.dir']}.
*
* @return array of directory data arrays
* @see #getDirectoryData(string)
*/
function getDirectories() {
$dirs = array();
- if (false !== ($entries = scandir(DAV_ROOT))) {
+ if (false !== ($entries = scandir($GLOBALS['davconfig']['dav.dir']))) {
foreach ($entries as $entry) {
- if (is_dir(DAV_ROOT . $entry)) {
+ if (is_dir(getFullPath($entry))) {
if (strpos($entry, '.') !== 0) {
if ($entry != ADMIN_DIR) {
- array_push($dirs, getDirectoryData(DAV_ROOT . $entry));
+ array_push($dirs, getDirectoryData($entry));
}
}
}
@@ -180,11 +169,11 @@ function getDirectories() {
* Sets the groups of a directory in its .htaccess file. Mandatory
* groups are added automatically.
*
- * @param string $dirname directory name relative to {@link DAV_ROOT}
+ * @param string $dirname directory name relative to {@link $davconfig['dav.dir']}
* @param array &$groups reference to a list of group names
*/
function setGroups($dirname, &$groups) {
- $fullname = DAV_ROOT . $dirname;
+ $fullname = getFullPath($dirname);
foreach ($groups as $key => $value) {
$groups[$key] = trim($value);
}
@@ -226,13 +215,13 @@ function setGroups($dirname, &$groups) {
* Updates a directory to be accessible by the given list of
* groups. The directory is created if it doesn't exist.
*
- * @param string $dirname directory name relative to {@link DAV_ROOT}
+ * @param string $dirname directory name relative to {@link $davconfig['dav.dir']}
* @param array $groups a list of group names
*/
function updateDirectory($dirname, $groups) {
if (preg_match(DIRNAMERE, $dirname, $matches)) {
if ($dirname != ADMIN_DIR) {
- $fullname = DAV_ROOT . $dirname;
+ $fullname = getFullPath($dirname);
if (file_exists($fullname)) {
if (!is_dir($fullname)) {
errorAsXml(sprintf(_("There already is a directory entry named %s, but it's not a directory!"), $dirname));
@@ -273,17 +262,15 @@ function delrecursive($fullname) {
* Deletes the given directory if it has a valid name and is not the
* administration interface directory.
*
- * @param string $dirname directory name relative to {@link DAV_ROOT}
+ * @param string $dirname directory name relative to {@link $davconfig['dav.dir']}
*/
function deleteDirectory($dirname) {
+ global $davconfig;
if (preg_match(DIRNAMERE, $dirname, $matches)) {
- if ($dirname != ADMIN_DIR) {
- $fullname = DAV_ROOT . $dirname;
- if (is_dir($fullname)) {
- return delrecursive($fullname);
- }
+ $fullname = $davconfig['dav.dir'] . DIRECTORY_SEPARATOR . $dirname;
+ if (is_dir($fullname)) {
+ return delrecursive($fullname);
}
- errorAsXml(_("Tried to delete the administration interface directory!"));
}
errorAsXml(sprintf(_("Invalid directory name %s!"), $dirname));
}
diff --git a/admin/index.php b/admin/index.php
index 5f2bec5..2858173 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -31,18 +31,5 @@
include_once('common.inc.php');
header("Content-Type: text/html; charset=UTF-8");
-try {
- $dbh = new PDO($dsn, $dbuser, $dbpass);
- $query = $dbh->prepare("SELECT firstname, lastname FROM dav_password WHERE username=:username");
- $currentuser = $_SERVER['PHP_AUTH_USER'];
- $query->execute(array(":username" => $currentuser));
- $row = $query->fetch(PDO::FETCH_ASSOC);
- $smarty->assign("firstname", $row['firstname']);
- $smarty->assign("lastname", $row['lastname']);
- $smarty->display("start.html");
- $dbh = null;
-} catch (PDOException $e) {
- $smarty->setErrorMsg($e->getMessage());
- $smarty->display("error.html");
-}
+$smarty->display("start.html");
?>
\ No newline at end of file
diff --git a/admin/scripts/directories.js b/admin/scripts/directories.js
index d340fa5..bde3470 100644
--- a/admin/scripts/directories.js
+++ b/admin/scripts/directories.js
@@ -67,7 +67,7 @@ function displaydirectoryeditor(title, dirname, groups) {
return false;
}
$.post(
- "/dav/admin/directories.php",
+ "/davadmin/directories.php",
{method : 'submitdirectory',
dirname : this.dirname.value,
groups : this.groups.value},
diff --git a/admin/templates/directories.html b/admin/templates/directories.html
index 84d6fff..c6d4860 100644
--- a/admin/templates/directories.html
+++ b/admin/templates/directories.html
@@ -1,7 +1,7 @@
{include file="header.html" title="Verzeichnisverwaltung"}
-
-
-
+
+
+
WebDAV-Verwaltung
Verzeichnisverwaltung
diff --git a/admin/templates/error.html b/admin/templates/error.html
new file mode 100644
index 0000000..f34d8e3
--- /dev/null
+++ b/admin/templates/error.html
@@ -0,0 +1,9 @@
+
+
+ DavAdmin - An error occured
+
+
+ DavAdmin - An error occured
+ {$errormsg}
+
+
diff --git a/admin/templates/start.html b/admin/templates/start.html
index e7f6a41..f939c4f 100644
--- a/admin/templates/start.html
+++ b/admin/templates/start.html
@@ -1,7 +1,6 @@
{include file="header.html"}
WebDAV-Verwaltung
-Hallo {$firstname} {$lastname},
-willkommen zur WebDAV-Verwaltung für {$smarty.server.SERVER_NAME}. Ihnen
+
Willkommen zur WebDAV-Verwaltung für {$smarty.server.SERVER_NAME}. Ihnen
stehen folgende Möglichkeiten zur Verfügung.
- Verzeichnisse verwalten
diff --git a/admin/templates/users.html b/admin/templates/users.html
index 2b14287..3d7f4af 100644
--- a/admin/templates/users.html
+++ b/admin/templates/users.html
@@ -1,7 +1,7 @@
{include file="header.html" title="Nutzerverwaltung"}
-
-
-
+
+
+
WebDAV-Verwaltung
Nutzerverwaltung
diff --git a/admin/users.php b/admin/users.php
index 6342cee..1530f23 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -30,6 +30,24 @@
/** Include common code. */
include_once('common.inc.php');
+function getGroups($username) {
+ $groupdata = file($GLOBALS['davconfig']['group.file']);
+ $retval = array();
+ foreach ($groupdata as $line) {
+ $colonpos = strpos($line, ":");
+ if ($colonpos > 0) {
+ $groupname = trim(substr($line, 0, $colonpos - 1));
+ $users = explode(" ", substr($line, $colonpos + 1));
+ foreach ($users as $user) {
+ if (trim($user) == $username) {
+ array_push($retval, $groupname);
+ }
+ }
+ }
+ }
+ return $retval;
+}
+
/**
* Gets XML encoded data for a user.
*
@@ -37,34 +55,15 @@ include_once('common.inc.php');
* @return XML string
*/
function getUserData($uid) {
- if (!is_numeric($uid)) {
+ if (!(is_numeric($uid) && array_key_exists($uid, $GLOBALS['namemap']))) {
errorAsXml(sprintf(_("Invalid user id %s"), $uid));
}
- try {
- $currentuser = $_SERVER['PHP_AUTH_USER'];
- $dbh = new PDO($GLOBALS['dsn'], $GLOBALS['dbuser'], $GLOBALS['dbpass']);
- $sth = $dbh->prepare("SELECT groupname FROM dav_group, dav_password WHERE dav_group.username=dav_password.username AND dav_password.uid=:uid");
- if (!$sth->execute(array(':uid' => $uid))) {
- statementErrorAsXml($sth);
- }
- $groups = array();
- while ($grouprow = $sth->fetch(PDO::FETCH_ASSOC)) {
- array_push($groups, $grouprow['groupname']);
- }
- $sth = $dbh->prepare("SELECT username, firstname, lastname FROM dav_password WHERE uid=:uid");
- if (!$sth->execute(array(':uid' => $uid))) {
- statementErrorAsXml($sth);
- }
- $row = $sth->fetch(PDO::FETCH_ASSOC);
- $retval = sprintf('%d%s%s%s%s%d',
- $uid, $row['username'], $row['firstname'],
- $row['lastname'], implode(", ", $groups),
- ($currentuser == $row['username']) ? 1 : 0);
- $dbh = null;
- } catch (PDOException $e) {
- errorAsXml($e->getMessage());
- }
+ $row = $GLOBALS['namemap'][$uid];
+ $groups = getGroups($row['username']);
+ $retval = sprintf('%d%s%s%s%s0',
+ $uid, $row['username'], $row['firstname'],
+ $row['lastname'], implode(", ", $groups));
header("Content-Type: text/xml; charset=UTF-8");
return $retval;
}
@@ -123,6 +122,11 @@ function validateUserData(&$userdata, $forinsert) {
return $errormsgs;
}
+function createDigest($username, $realm, $password) {
+ return sprintf("%s:%s:%s", $username, $realm,
+ md5(sprintf("%s:%s:%s", $username, $realm, $password)));
+}
+
/**
* Updates the data of a user in the database.
*
@@ -297,21 +301,9 @@ if ($_GET) {
}
} else {
$currentuser = $_SERVER['PHP_AUTH_USER'];
-
+
header("Content-Type: text/html; charset=UTF-8");
- try {
- $dbh = new PDO($dsn, $dbuser, $dbpass);
- $query = $dbh->prepare("SELECT uid, username, firstname, lastname FROM dav_password ORDER BY username");
- $query->execute();
- $rows = $query->fetchall(PDO::FETCH_ASSOC);
- foreach ($rows as $key => $value) {
- $value['loggedin'] = ($value['username'] == $currentuser);
- $rows[$key] = $value;
- }
- $smarty->assign("users", $rows);
- $smarty->display("users.html");
- } catch (PDOException $e) {
- errorAsHtml($e->getMessage());
- }
+ $smarty->assign("users", $namemap);
+ $smarty->display("users.html");
}
?>
\ No newline at end of file
diff --git a/config/config.inc.php b/config/config.inc.php
index 5f22cba..06c0f07 100644
--- a/config/config.inc.php
+++ b/config/config.inc.php
@@ -1,35 +1,14 @@
- * @version $Id$
- * @license GPL
- * @package WebDAVAdmin
- *
- * Copyright (c) 2007 Jan Dittberner
- *
- * This file is part of WebDAVAdmin.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301 USA.
+/*
+ * DavAdmin configuration file.
*/
-/** Absolute path to DAV area root directory with a trailing slash. */
-define(DAV_ROOT, '@davrootdirectory@');
-
-/** Include the database settings. */
-require_once('@path.to.dbsettings@/dbsettings.inc.php');
-?>
\ No newline at end of file
+$davconfig = array(
+ // Absolute path to template compile dir
+ 'compile_dir' => '/home/www/dav/templates_c',
+ 'digest.file' => '/home/www/dav/auth/dav.htdigest',
+ 'group.file' => '/home/www/dav/auth/dav.groups',
+ 'namemap.file' => '/home/www/dav/auth/dav.namemap',
+ 'dav.dir' => '/home/www/dav/html/dav',
+ );
+?>
diff --git a/setup/webdavadmin.vhost b/setup/webdavadmin.vhost
index 7ea1134..ea11ae0 100644
--- a/setup/webdavadmin.vhost
+++ b/setup/webdavadmin.vhost
@@ -1,52 +1,43 @@
-
- ServerAdmin webmaster@davhost.yourdomain.net
- ServerName davhost.yourdomain.net
-
- DavLockDb /var/run/apache2/davlock/davhost.yourdomain.net
- DocumentRoot /home/www/usr29/html
+
+ ServerAdmin jan@dittberner.info
+ ServerName dav.localhost
- php_admin_value allow_call_time_pass_reference 1
-
- Dav on
- AllowOverride AuthConfig Indexes
- Order Allow,Deny
- allow from all
-
- AuthType Basic
- AuthName "WebDAV on davhost"
- AuthBasicAuthoritative Off
- AuthUserFile /etc/apache2/auth/davhost.yourdomain.net
+ DavLockDb /var/run/apache2/davlock/davhost.localhost
+ DocumentRoot /home/www/dav/html
+ Alias /davadmin /home/jan/work/projects/davadmin/trunk/admin
- Auth_PG_host localhost
- Auth_PG_port 5432
- Auth_PG_user @dbuser@
- Auth_PG_pwd @dbpassword@
- Auth_PG_database @dbname@
+ php_admin_value allow_call_time_pass_reference 1
+
+ Dav on
+ AllowOverride AuthConfig Indexes
+ Order Allow,Deny
+ allow from all
+
- Auth_PG_pwd_table dav_password
- Auth_PG_uid_field username
- Auth_PG_pwd_field password
-
- Auth_PG_grp_table dav_group
- Auth_PG_grp_user_field username
- Auth_PG_grp_group_field groupname
- Auth_PG_hash_type MD5
+
+ AuthType Digest
+ AuthName "WebDAV Administration"
+ AuthDigestDomain /davadmin http://dav.localhost/davadmin
- #Auth_PG_log_table dav_log
- #Auth_PG_log_uname_field username
- #Auth_PG_log_date_field reqdate
- #Auth_PG_log_uri_field uri
- #Auth_PG_log_addrs_field ipaddr
- Auth_PG_authoritative on
+ SetEnv DavAdminConfDir /home/www/dav/conf
- require group davroot
-
+ AuthDigestProvider file
+ AuthUserFile /home/www/dav/auth/davadmin.htdigest
+ require valid-user
+
- ErrorLog /var/log/apache2/davhost.yourdomain.net_error.log
+
+ AuthType Digest
+ AuthName "WebDAV on dav.localhost"
+ AuthDigestDomain /dav/
+
+ AuthDigestProvider file
+ AuthUserFile /home/www/dav/auth/dav.htdigest
+ AuthGroupFile /home/www/dav/auth/dav.groups
+
- # Possible values include: debug, info, notice, warn, error, crit,
- # alert, emerg.
- LogLevel warn
-
- CustomLog /var/log/apache2/davhost.yourdomain.net_access.log combined
+ ErrorLog /var/log/apache2/davhost.localhost_error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/davhost.localhost_access.log combined
+