directories are working
users still have dependencies to database code
This commit is contained in:
Jan Dittberner 2007-11-21 23:00:58 +00:00
parent 5e60bf4a9a
commit 7bffc8bf97
12 changed files with 168 additions and 183 deletions

View file

@ -1,2 +0,0 @@
DirectoryIndex index.php
require group davadmin

View file

@ -27,19 +27,27 @@
* 02110-1301 USA. * 02110-1301 USA.
*/ */
if (!isset($_SERVER['DavAdminConfDir'])) {
header('HTTP/1.0 500 Internal Server Error');
header('Status: 500 Internal Server Error');
header('Content-Type: text/plain;charset=utf8');
print("The Server is not configured correctly. " .
"Please tell your Administrator to set the " .
"DavAdminConfDir environment variable.");
exit();
}
/** Include configuration information. */ /** Include configuration information. */
require_once('config.inc.php'); require_once($_SERVER['DavAdminConfDir'] . '/config.inc.php');
/** DAV administrator group name. */ /** DAV administrator group name. */
define(ADMIN_GROUP, 'davadmin'); define(ADMIN_GROUP, 'davadmin');
/** DAV administration application subdirectory. */
define(ADMIN_DIR, 'admin');
/** Include the Smarty template engine. */ /** Include the Smarty template engine. */
require_once("smarty/libs/Smarty.class.php"); require_once("smarty/libs/Smarty.class.php");
/** Global Smarty template engine instance. */ /** Global Smarty template engine instance. */
$smarty = new Smarty(); $smarty = new Smarty();
$smarty->compile_dir = $davconfig['compile_dir'];
/** Handle invalid requests to the application. */ /** Handle invalid requests to the application. */
function invalidCall() { function invalidCall() {
@ -64,12 +72,47 @@ function errorAsHtml($errormsg) {
die(); die();
} }
/** function getFullPath($dirname) {
* Handle a PDO statement error. return $GLOBALS['davconfig']['dav.dir'] . DIRECTORY_SEPARATOR . $dirname;
* }
* @param PDOStatement $sth statement handle
*/ // check configuration
function statementErrorAsXml(&$sth) { $errmsgs = array();
errorAsXml(utf8_encode(implode("\n", $sth->errorInfo()))); if (!isset($davconfig['digest.file'])) {
array_push($errmsgs, 'digest.file not defined');
} elseif (!is_readable($davconfig['digest.file']) ||
!is_writable($davconfig['digest.file'])) {
array_push($errmsgs,
'The specified digest file is not readable and writable.');
}
if (!isset($davconfig['group.file'])) {
array_push($errmsgs, 'group.file not defined');
} elseif (!is_readable($davconfig['group.file']) ||
!is_writable($davconfig['group.file'])) {
array_push($errmsgs,
'The specified group file is not readable and writable.');
}
if (!isset($davconfig['namemap.file'])) {
array_push($errmsgs, 'namemap.file not defined');
} elseif (!is_readable($davconfig['namemap.file']) ||
!is_writable($davconfig['namemap.file'])) {
array_push($errmsgs,
'The specified name mapping file is not readable and writable.');
}
if (!isset($davconfig['dav.dir'])) {
array_push($errmsgs, 'dav.dir not defined');
} elseif (!is_dir($davconfig['dav.dir']) ||
!is_readable($davconfig['dav.dir']) ||
!is_writable($davconfig['dav.dir'])) {
array_push($errmsgs,
'The specified DAV directory is no directory or not accessable.');
}
if (!empty($errmsgs)) {
errorAsHtml(implode("<br />", $errmsgs));
}
$namemap = json_decode(readfile($davconfig['namemap.file']), true);
if ($namemap === NULL) {
$namemap = array();
} }
?> ?>

View file

@ -53,7 +53,7 @@ $mandatorygroups = array(ADMIN_GROUP);
* @return an array of group names * @return an array of group names
*/ */
function getDirGroupsFromHtaccess($dirname) { function getDirGroupsFromHtaccess($dirname) {
$htaccessname = $dirname . DIRECTORY_SEPARATOR . ".htaccess"; $htaccessname = getFullPath($dirname) . DIRECTORY_SEPARATOR . ".htaccess";
$groups = array(); $groups = array();
if (false !== ($fh = fopen($htaccessname, "r"))) { if (false !== ($fh = fopen($htaccessname, "r"))) {
while (!feof($fh)) { while (!feof($fh)) {
@ -73,17 +73,6 @@ function getDirGroupsFromHtaccess($dirname) {
return $groups; return $groups;
} }
/**
* Gets the names of groups for a directory.
*
* @param string $dirname directory name relative to {@link DAV_ROOT}
* @return an array of group names
* @see #getDirGroupsFromHtaccess(string)
*/
function getDirGroups($dirname) {
return getDirGroupsFromHtaccess(DAV_ROOT . DIRECTORY_SEPARATOR . $dirname);
}
/** /**
* Counts the visible files and their accumulated size in a directory * Counts the visible files and their accumulated size in a directory
* tree. * tree.
@ -120,7 +109,7 @@ function getDirectoryData($dirname) {
$dir = array(); $dir = array();
$dir['name'] = basename($dirname); $dir['name'] = basename($dirname);
$dir['groups'] = getDirGroupsFromHtaccess($dirname); $dir['groups'] = getDirGroupsFromHtaccess($dirname);
list($dir['filecount'], $dir['filesize']) = countFilesRecursive($dirname); list($dir['filecount'], $dir['filesize']) = countFilesRecursive(getFullPath($dirname));
$dir['maydelete'] = ($dir['filecount'] == 0) ? 1 : 0; $dir['maydelete'] = ($dir['filecount'] == 0) ? 1 : 0;
$dir['filesize'] = sprintf("%d kBytes", $dir['filesize'] / 1024); $dir['filesize'] = sprintf("%d kBytes", $dir['filesize'] / 1024);
return $dir; return $dir;
@ -129,12 +118,12 @@ function getDirectoryData($dirname) {
/** /**
* Gets XML encoded data of a directory. * Gets XML encoded data of a directory.
* *
* @param string $dirname dirname relative to {@link DAV_ROOT} * @param string $dirname dirname relative to {@link $davconfig['dav.dir']}
* @return XML string * @return XML string
*/ */
function getDirectoryDataAsXml($dirname) { function getDirectoryDataAsXml($dirname) {
if (is_dir(DAV_ROOT . $dirname)) { if (is_dir(getFullPath($dirname))) {
$dirdata = getDirectoryData(DAV_ROOT . $dirname); $dirdata = getDirectoryData($dirname);
header("Content-Type: text/xml; charset=UTF-8"); header("Content-Type: text/xml; charset=UTF-8");
return sprintf('<?xml version="1.0" encoding="utf8"?><directory><dirname>%s</dirname><groups>%s</groups><filecount>%d</filecount><filesize>%s</filesize><maydelete>%d</maydelete></directory>', $dirdata['name'], implode(", ", $dirdata['groups']), $dirdata['filecount'], $dirdata['filesize'], $dirdata['maydelete']); return sprintf('<?xml version="1.0" encoding="utf8"?><directory><dirname>%s</dirname><groups>%s</groups><filecount>%d</filecount><filesize>%s</filesize><maydelete>%d</maydelete></directory>', $dirdata['name'], implode(", ", $dirdata['groups']), $dirdata['filecount'], $dirdata['filesize'], $dirdata['maydelete']);
} else { } else {
@ -145,7 +134,7 @@ function getDirectoryDataAsXml($dirname) {
/** /**
* Gets XML encoded data of a deleted directory. * Gets XML encoded data of a deleted directory.
* *
* @param string $dirname directory name relative to {@link DAV_ROOT} * @param string $dirname directory name relative to {@link $davconfig['dav.dir']}
* @return XML string * @return XML string
*/ */
function getDeletedDirectoryData($dirname) { function getDeletedDirectoryData($dirname) {
@ -155,19 +144,19 @@ function getDeletedDirectoryData($dirname) {
/** /**
* Gets the list of directory data for all valid directories below * Gets the list of directory data for all valid directories below
* {@link DAV_ROOT}. * {@link $davconfig['dav.dir']}.
* *
* @return array of directory data arrays * @return array of directory data arrays
* @see #getDirectoryData(string) * @see #getDirectoryData(string)
*/ */
function getDirectories() { function getDirectories() {
$dirs = array(); $dirs = array();
if (false !== ($entries = scandir(DAV_ROOT))) { if (false !== ($entries = scandir($GLOBALS['davconfig']['dav.dir']))) {
foreach ($entries as $entry) { foreach ($entries as $entry) {
if (is_dir(DAV_ROOT . $entry)) { if (is_dir(getFullPath($entry))) {
if (strpos($entry, '.') !== 0) { if (strpos($entry, '.') !== 0) {
if ($entry != ADMIN_DIR) { if ($entry != ADMIN_DIR) {
array_push($dirs, getDirectoryData(DAV_ROOT . $entry)); array_push($dirs, getDirectoryData($entry));
} }
} }
} }
@ -180,11 +169,11 @@ function getDirectories() {
* Sets the groups of a directory in its .htaccess file. Mandatory * Sets the groups of a directory in its .htaccess file. Mandatory
* groups are added automatically. * groups are added automatically.
* *
* @param string $dirname directory name relative to {@link DAV_ROOT} * @param string $dirname directory name relative to {@link $davconfig['dav.dir']}
* @param array &$groups reference to a list of group names * @param array &$groups reference to a list of group names
*/ */
function setGroups($dirname, &$groups) { function setGroups($dirname, &$groups) {
$fullname = DAV_ROOT . $dirname; $fullname = getFullPath($dirname);
foreach ($groups as $key => $value) { foreach ($groups as $key => $value) {
$groups[$key] = trim($value); $groups[$key] = trim($value);
} }
@ -226,13 +215,13 @@ function setGroups($dirname, &$groups) {
* Updates a directory to be accessible by the given list of * Updates a directory to be accessible by the given list of
* groups. The directory is created if it doesn't exist. * groups. The directory is created if it doesn't exist.
* *
* @param string $dirname directory name relative to {@link DAV_ROOT} * @param string $dirname directory name relative to {@link $davconfig['dav.dir']}
* @param array $groups a list of group names * @param array $groups a list of group names
*/ */
function updateDirectory($dirname, $groups) { function updateDirectory($dirname, $groups) {
if (preg_match(DIRNAMERE, $dirname, $matches)) { if (preg_match(DIRNAMERE, $dirname, $matches)) {
if ($dirname != ADMIN_DIR) { if ($dirname != ADMIN_DIR) {
$fullname = DAV_ROOT . $dirname; $fullname = getFullPath($dirname);
if (file_exists($fullname)) { if (file_exists($fullname)) {
if (!is_dir($fullname)) { if (!is_dir($fullname)) {
errorAsXml(sprintf(_("There already is a directory entry named %s, but it's not a directory!"), $dirname)); errorAsXml(sprintf(_("There already is a directory entry named %s, but it's not a directory!"), $dirname));
@ -273,18 +262,16 @@ function delrecursive($fullname) {
* Deletes the given directory if it has a valid name and is not the * Deletes the given directory if it has a valid name and is not the
* administration interface directory. * administration interface directory.
* *
* @param string $dirname directory name relative to {@link DAV_ROOT} * @param string $dirname directory name relative to {@link $davconfig['dav.dir']}
*/ */
function deleteDirectory($dirname) { function deleteDirectory($dirname) {
global $davconfig;
if (preg_match(DIRNAMERE, $dirname, $matches)) { if (preg_match(DIRNAMERE, $dirname, $matches)) {
if ($dirname != ADMIN_DIR) { $fullname = $davconfig['dav.dir'] . DIRECTORY_SEPARATOR . $dirname;
$fullname = DAV_ROOT . $dirname;
if (is_dir($fullname)) { if (is_dir($fullname)) {
return delrecursive($fullname); return delrecursive($fullname);
} }
} }
errorAsXml(_("Tried to delete the administration interface directory!"));
}
errorAsXml(sprintf(_("Invalid directory name %s!"), $dirname)); errorAsXml(sprintf(_("Invalid directory name %s!"), $dirname));
} }

View file

@ -31,18 +31,5 @@
include_once('common.inc.php'); include_once('common.inc.php');
header("Content-Type: text/html; charset=UTF-8"); header("Content-Type: text/html; charset=UTF-8");
try { $smarty->display("start.html");
$dbh = new PDO($dsn, $dbuser, $dbpass);
$query = $dbh->prepare("SELECT firstname, lastname FROM dav_password WHERE username=:username");
$currentuser = $_SERVER['PHP_AUTH_USER'];
$query->execute(array(":username" => $currentuser));
$row = $query->fetch(PDO::FETCH_ASSOC);
$smarty->assign("firstname", $row['firstname']);
$smarty->assign("lastname", $row['lastname']);
$smarty->display("start.html");
$dbh = null;
} catch (PDOException $e) {
$smarty->setErrorMsg($e->getMessage());
$smarty->display("error.html");
}
?> ?>

View file

@ -67,7 +67,7 @@ function displaydirectoryeditor(title, dirname, groups) {
return false; return false;
} }
$.post( $.post(
"/dav/admin/directories.php", "/davadmin/directories.php",
{method : 'submitdirectory', {method : 'submitdirectory',
dirname : this.dirname.value, dirname : this.dirname.value,
groups : this.groups.value}, groups : this.groups.value},

View file

@ -1,7 +1,7 @@
{include file="header.html" title="Verzeichnisverwaltung"} {include file="header.html" title="Verzeichnisverwaltung"}
<script type="text/javascript" src="/dav/admin/scripts/helper.js"></script> <script type="text/javascript" src="scripts/helper.js"></script>
<script type="text/javascript" src="/dav/admin/scripts/autocomplete.js"></script> <script type="text/javascript" src="scripts/autocomplete.js"></script>
<script type="text/javascript" src="/dav/admin/scripts/directories.js"></script><div id="content"> <script type="text/javascript" src="scripts/directories.js"></script><div id="content">
<h1>WebDAV-Verwaltung</h1> <h1>WebDAV-Verwaltung</h1>
<h2>Verzeichnisverwaltung</h2> <h2>Verzeichnisverwaltung</h2>
<table id="dirtable"> <table id="dirtable">

View file

@ -0,0 +1,9 @@
<html>
<head>
<title>DavAdmin - An error occured</title>
</head>
<body>
<h1>DavAdmin - An error occured</h1>
<p>{$errormsg}</p>
</body>
</html>

View file

@ -1,7 +1,6 @@
{include file="header.html"} {include file="header.html"}
<h1>WebDAV-Verwaltung</h1> <h1>WebDAV-Verwaltung</h1>
<p>Hallo {$firstname} {$lastname},<br /> <p>Willkommen zur WebDAV-Verwaltung für {$smarty.server.SERVER_NAME}. Ihnen
willkommen zur WebDAV-Verwaltung für {$smarty.server.SERVER_NAME}. Ihnen
stehen folgende Möglichkeiten zur Verfügung.</p> stehen folgende Möglichkeiten zur Verfügung.</p>
<ul> <ul>
<li><a href="directories.php">Verzeichnisse verwalten</a></li> <li><a href="directories.php">Verzeichnisse verwalten</a></li>

View file

@ -1,7 +1,7 @@
{include file="header.html" title="Nutzerverwaltung"} {include file="header.html" title="Nutzerverwaltung"}
<script type="text/javascript" src="/dav/admin/scripts/helper.js"></script> <script type="text/javascript" src="scripts/helper.js"></script>
<script type="text/javascript" src="/dav/admin/scripts/autocomplete.js"></script> <script type="text/javascript" src="scripts/autocomplete.js"></script>
<script type="text/javascript" src="/dav/admin/scripts/users.js"></script> <script type="text/javascript" src="scripts/users.js"></script>
<div id="content"> <div id="content">
<h1>WebDAV-Verwaltung</h1> <h1>WebDAV-Verwaltung</h1>
<h2>Nutzerverwaltung</h2> <h2>Nutzerverwaltung</h2>

View file

@ -30,6 +30,24 @@
/** Include common code. */ /** Include common code. */
include_once('common.inc.php'); include_once('common.inc.php');
function getGroups($username) {
$groupdata = file($GLOBALS['davconfig']['group.file']);
$retval = array();
foreach ($groupdata as $line) {
$colonpos = strpos($line, ":");
if ($colonpos > 0) {
$groupname = trim(substr($line, 0, $colonpos - 1));
$users = explode(" ", substr($line, $colonpos + 1));
foreach ($users as $user) {
if (trim($user) == $username) {
array_push($retval, $groupname);
}
}
}
}
return $retval;
}
/** /**
* Gets XML encoded data for a user. * Gets XML encoded data for a user.
* *
@ -37,34 +55,15 @@ include_once('common.inc.php');
* @return XML string * @return XML string
*/ */
function getUserData($uid) { function getUserData($uid) {
if (!is_numeric($uid)) { if (!(is_numeric($uid) && array_key_exists($uid, $GLOBALS['namemap']))) {
errorAsXml(sprintf(_("Invalid user id %s"), $uid)); errorAsXml(sprintf(_("Invalid user id %s"), $uid));
} }
try {
$currentuser = $_SERVER['PHP_AUTH_USER'];
$dbh = new PDO($GLOBALS['dsn'], $GLOBALS['dbuser'], $GLOBALS['dbpass']); $row = $GLOBALS['namemap'][$uid];
$sth = $dbh->prepare("SELECT groupname FROM dav_group, dav_password WHERE dav_group.username=dav_password.username AND dav_password.uid=:uid"); $groups = getGroups($row['username']);
if (!$sth->execute(array(':uid' => $uid))) { $retval = sprintf('<?xml version="1.0" encoding="utf8"?><userdata><uid>%d</uid><username>%s</username><firstname>%s</firstname><lastname>%s</lastname><groups>%s</groups><loggedin>0</loggedin></userdata>',
statementErrorAsXml($sth);
}
$groups = array();
while ($grouprow = $sth->fetch(PDO::FETCH_ASSOC)) {
array_push($groups, $grouprow['groupname']);
}
$sth = $dbh->prepare("SELECT username, firstname, lastname FROM dav_password WHERE uid=:uid");
if (!$sth->execute(array(':uid' => $uid))) {
statementErrorAsXml($sth);
}
$row = $sth->fetch(PDO::FETCH_ASSOC);
$retval = sprintf('<?xml version="1.0" encoding="utf8"?><userdata><uid>%d</uid><username>%s</username><firstname>%s</firstname><lastname>%s</lastname><groups>%s</groups><loggedin>%d</loggedin></userdata>',
$uid, $row['username'], $row['firstname'], $uid, $row['username'], $row['firstname'],
$row['lastname'], implode(", ", $groups), $row['lastname'], implode(", ", $groups));
($currentuser == $row['username']) ? 1 : 0);
$dbh = null;
} catch (PDOException $e) {
errorAsXml($e->getMessage());
}
header("Content-Type: text/xml; charset=UTF-8"); header("Content-Type: text/xml; charset=UTF-8");
return $retval; return $retval;
} }
@ -123,6 +122,11 @@ function validateUserData(&$userdata, $forinsert) {
return $errormsgs; return $errormsgs;
} }
function createDigest($username, $realm, $password) {
return sprintf("%s:%s:%s", $username, $realm,
md5(sprintf("%s:%s:%s", $username, $realm, $password)));
}
/** /**
* Updates the data of a user in the database. * Updates the data of a user in the database.
* *
@ -299,19 +303,7 @@ if ($_GET) {
$currentuser = $_SERVER['PHP_AUTH_USER']; $currentuser = $_SERVER['PHP_AUTH_USER'];
header("Content-Type: text/html; charset=UTF-8"); header("Content-Type: text/html; charset=UTF-8");
try { $smarty->assign("users", $namemap);
$dbh = new PDO($dsn, $dbuser, $dbpass);
$query = $dbh->prepare("SELECT uid, username, firstname, lastname FROM dav_password ORDER BY username");
$query->execute();
$rows = $query->fetchall(PDO::FETCH_ASSOC);
foreach ($rows as $key => $value) {
$value['loggedin'] = ($value['username'] == $currentuser);
$rows[$key] = $value;
}
$smarty->assign("users", $rows);
$smarty->display("users.html"); $smarty->display("users.html");
} catch (PDOException $e) {
errorAsHtml($e->getMessage());
}
} }
?> ?>

View file

@ -1,35 +1,14 @@
<?php <?php
/** /*
* Global configuration for WebDAVAdmin. * DavAdmin configuration file.
*
* @author Jan Dittberner <jan@dittberner.info>
* @version $Id$
* @license GPL
* @package WebDAVAdmin
*
* Copyright (c) 2007 Jan Dittberner
*
* This file is part of WebDAVAdmin.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301 USA.
*/ */
/** Absolute path to DAV area root directory with a trailing slash. */ $davconfig = array(
define(DAV_ROOT, '@davrootdirectory@'); // Absolute path to template compile dir
'compile_dir' => '/home/www/dav/templates_c',
/** Include the database settings. */ 'digest.file' => '/home/www/dav/auth/dav.htdigest',
require_once('@path.to.dbsettings@/dbsettings.inc.php'); 'group.file' => '/home/www/dav/auth/dav.groups',
'namemap.file' => '/home/www/dav/auth/dav.namemap',
'dav.dir' => '/home/www/dav/html/dav',
);
?> ?>

View file

@ -1,52 +1,43 @@
<VirtualHost *:80> <VirtualHost 127.0.0.1:80>
ServerAdmin webmaster@davhost.yourdomain.net ServerAdmin jan@dittberner.info
ServerName davhost.yourdomain.net ServerName dav.localhost
DavLockDb /var/run/apache2/davlock/davhost.yourdomain.net DavLockDb /var/run/apache2/davlock/davhost.localhost
DocumentRoot /home/www/usr29/html DocumentRoot /home/www/dav/html
Alias /davadmin /home/jan/work/projects/davadmin/trunk/admin
php_admin_value allow_call_time_pass_reference 1 php_admin_value allow_call_time_pass_reference 1
<Directory /var/www/dav> <Directory /home/www/dav/html/dav>
Dav on Dav on
AllowOverride AuthConfig Indexes AllowOverride AuthConfig Indexes
Order Allow,Deny Order Allow,Deny
allow from all allow from all
AuthType Basic
AuthName "WebDAV on davhost"
AuthBasicAuthoritative Off
AuthUserFile /etc/apache2/auth/davhost.yourdomain.net
Auth_PG_host localhost
Auth_PG_port 5432
Auth_PG_user @dbuser@
Auth_PG_pwd @dbpassword@
Auth_PG_database @dbname@
Auth_PG_pwd_table dav_password
Auth_PG_uid_field username
Auth_PG_pwd_field password
Auth_PG_grp_table dav_group
Auth_PG_grp_user_field username
Auth_PG_grp_group_field groupname
Auth_PG_hash_type MD5
#Auth_PG_log_table dav_log
#Auth_PG_log_uname_field username
#Auth_PG_log_date_field reqdate
#Auth_PG_log_uri_field uri
#Auth_PG_log_addrs_field ipaddr
Auth_PG_authoritative on
require group davroot
</Directory> </Directory>
ErrorLog /var/log/apache2/davhost.yourdomain.net_error.log <Location /davadmin>
AuthType Digest
AuthName "WebDAV Administration"
AuthDigestDomain /davadmin http://dav.localhost/davadmin
# Possible values include: debug, info, notice, warn, error, crit, SetEnv DavAdminConfDir /home/www/dav/conf
# alert, emerg.
AuthDigestProvider file
AuthUserFile /home/www/dav/auth/davadmin.htdigest
require valid-user
</Location>
<Location /dav/>
AuthType Digest
AuthName "WebDAV on dav.localhost"
AuthDigestDomain /dav/
AuthDigestProvider file
AuthUserFile /home/www/dav/auth/dav.htdigest
AuthGroupFile /home/www/dav/auth/dav.groups
</Location>
ErrorLog /var/log/apache2/davhost.localhost_error.log
LogLevel warn LogLevel warn
CustomLog /var/log/apache2/davhost.localhost_access.log combined
CustomLog /var/log/apache2/davhost.yourdomain.net_access.log combined
</VirtualHost> </VirtualHost>