xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
Commit 0d841811babba24b643404169b645379377a92f9

Another round of fixes.
Author: Catalin(ux) M. BOIE
Author date (UTC): 2011-05-03 03:29
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2011-05-03 03:29
Parent(s): 31a2d477a86a3a408c44720bb8c8e280fc4894d2
Signing key:
Tree: 1bcea2273176b80756cb28a77f32bc45ce9f92b1
File Lines added Lines deleted
.gitignore 2 0
TODO 9 2
admin/sql.php 4 4
artwork/rocketgit v1.svg 2 2
inc/admin/admin.php 8 6
inc/admin/repos/repos.php 3 3
inc/admin/users/add.form.php 1 1
inc/admin/users/add.php 8 8
inc/admin/users/users.php 3 3
inc/bye/bye.php 8 0
inc/db.inc.php 25 25
inc/db/struct.inc.php 10 9
inc/dispatch/dispatch.php 63 0
inc/git.inc.php 33 31
inc/home/home.php 9 0
inc/keys.inc.php 75 52
inc/keys/add.form.php 1 1
inc/keys/keys.php 18 17
inc/log.inc.php 36 0
inc/login/login.form.php 3 3
inc/login/login.php 21 10
inc/repo.inc.php 178 149
inc/repo/repo.form.php 2 2
inc/repo/repo.php 20 19
inc/repo/repo_page.php 98 44
inc/repo/rights.form.php 3 3
inc/repo/search.form.php 1 1
inc/sess.inc.php 33 32
inc/state.inc.php 10 10
inc/user.inc.php 169 116
inc/user/forgot.form.php 2 2
inc/user/forgot.php 6 4
inc/user/forgot_mail.php 2 2
inc/util.inc.php 63 7
inc/xlog.inc.php 0 36
root/index.php 53 85
samples/config.php 19 7
samples/cron 2 2
samples/rg 2 2
samples/rg.conf 49 0
scripts/cron.php 23 23
scripts/q.php 28 28
scripts/ssh.php 21 21
tests/Makefile 12 2
tests/db.php 8 7
tests/keys.php 13 13
tests/repo.php 49 11
tests/user.php 8 6
tests/util.php 3 1
File .gitignore added (mode: 100644) (index 0000000..cfce1ad)
1 *.log
2
File TODO changed (mode: 100644) (index a195890..61e6efc)
4 4 [ ] Validate user names. [ ] Validate user names.
5 5 [ ] XSS protection for every cell. [ ] XSS protection for every cell.
6 6 [ ] You cannot admin rights of a repository if is not yours. [ ] You cannot admin rights of a repository if is not yours.
7 [ ] In Admin section we must check if the user has access!
7 8 [ ] [ ]
8 9
9 10 == Low priority == == Low priority ==
11 [ ] We should make a repo dirty ony if user pushed something with success.
12 [ ] <link rel="icon" type="image/png" id="favicon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8%2F9hAAAACGFjVEwAAAASAAAAAJNtBPIAAAAaZmNUTAAAAAAAAAAQAAAAEAAAAAAAAAAALuAD6AABhIDeugAAALhJREFUOI2Nk8sNxCAMRDlGohauXFOMpfTiAlxICqAELltHLqlgctg1InzMRhpFAc%2BLGWTnmoeZYamt78zXdZmaQtQMADlnU0OIAlbmJUBEcO4bRKQY2rUXIPmAGnDuG%2FBx3%2FfvOPVaDUg%2BoAPUf1PArIMCSD5glMEsUGaG%2BkyAFWIBaCsKuA%2BHGCNijLgP133XgOEtaPFMy2vUolEGJoCIzBmoRUR9%2B7rxj16DZaW%2FmgtmxnJ8V3oAnApQwNS5zpcAAAAaZmNUTAAAAAEAAAAQAAAAEAAAAAAAAAAAAB4D6AIB52fclgAAACpmZEFUAAAAAjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9WF%2Bu8QAAABpmY1RMAAAAAwAAABAAAAAQAAAAAAAAAAAAHgPoAgEK8Q9%2FAAAAFmZkQVQAAAAEOI1jYBgFo2AUjAIIAAAEEAAB0xIn4wAAABpmY1RMAAAABQAAABAAAAAQAAAAAAAAAAAAHgPoAgHnO30FAAAAQGZkQVQAAAAGOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVfozYcAAAABpmY1RMAAAABwAAABAAAAAQAAAAAAAAAAAAHgPoAgEKra7sAAAAFmZkQVQAAAAIOI1jYBgFo2AUjAIIAAAEEAABM9s3hAAAABpmY1RMAAAACQAAABAAAAAQAAAAAAAAAAAAHgPoAgHn3p%2BwAAAAKmZkQVQAAAAKOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F1BhPl6AAAAGmZjVEwAAAALAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQpITFkAAAAWZmRBVAAAAAw4jWNrgAWjYBSMArgAAAQQAAHaszpmAAAAGmZjVEwAAAANAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeeCPiMAAABAZmRBVAAAAA44jWNrgJ5gpxrDf2LEcIL%2FpzAVYxPDavP%2FUwz%2FpW79%2F%2F%2F%2FFMP%2FnWoQjC5GOxcgu4QYsVEwCmAAAOE0KxUmBL0KAAAAGmZjVEwAAAAPAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQoU7coAAAAWZmRBVAAAABA4jWNrgAWjYBSMArgAAAQQAAEpOBELAAAAGmZjVEwAAAARAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeYVWtoAAAAqZmRBVAAAABI4jWNrgAVYQXNz839ixHBq3qnG8B9ZAzYx2rlgFIwCcgAA8psX%2FWvpAecAAAAaZmNUTAAAABMAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC4OJMwAAABZmZEFUAAAAFDiNY2AYBaNgFIwCCAAABBAAAcBQHOkAAAAaZmNUTAAAABUAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5kn7SQAAAEBmZEFUAAAAFjiNY2AYnmCnGsN%2FYsRwgv%2BnMBVjE8Nq8%2F9TDP%2Blbv3%2F%2F%2F8Uw%2F%2BdahCMLkY7FyC7hBixUTAKYAAA4TQrFc%2BcEoQAAAAaZmNUTAAAABcAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC98ooAAAABZmZEFUAAAAGDiNY2AYBaNgFIwCCAAABBAAASCZDI4AAAAaZmNUTAAAABkAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5qwZ%2FAAAACpmZEFUAAAAGjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9cjJWbAAAABpmY1RMAAAAGwAAABAAAAAQAAAAAAAAAAAAHgPoAgELOsoVAAAAFmZkQVQAAAAcOI1jYBgFo2AUjAIIAAAEEAAByfEBbAAAABpmY1RMAAAAHQAAABAAAAAQAAAAAAAAAAAAHgPoAgHm8LhvAAAAQGZkQVQAAAAeOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVlxR3%2FgAAABpmY1RMAAAAHwAAABAAAAAQAAAAAAAAAAAAHgPoAgELZmuGAAAAFmZkQVQAAAAgOI1jYBgFo2AUjAIIAAAEEAABHP5cFQAAABpmY1RMAAAAIQAAABAAAAAQAAAAAAAAAAAAHgPoAgHlgtAOAAAAKmZkQVQAAAAiOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F0%2FMvDdAAAAAElFTkSuQmCC"/>
13 [ ] Add key form may be joined with list keys command!
10 14 [ ] Allow to recover a deleted repository. [ ] Allow to recover a deleted repository.
11 15 [ ] Deny access in all functions to deleted repositories. [ ] Deny access in all functions to deleted repositories.
12 16 [ ] Count the numbers of clones/pushes/pulls. [ ] Count the numbers of clones/pushes/pulls.
 
34 38 [ ] Timeout for connections (ssh/git-daemon/etc.)! [ ] Timeout for connections (ssh/git-daemon/etc.)!
35 39 [ ] Check if we have to respect 4HEXA also on SSH. I think not. [ ] Check if we have to respect 4HEXA also on SSH. I think not.
36 40 [ ] Limit number of simultaneously connection per repo and per user. Maybe also the time! [ ] Limit number of simultaneously connection per repo and per user. Maybe also the time!
37 [ ] Add /var/run/gg to spec file, to be created at instalation.
41 [ ] Add /var/run/rg to spec file, to be created at instalation.
38 42 [ ] We should add a dependency on php-process? [ ] We should add a dependency on php-process?
39 [ ] Make everywhere present a "Make a suggestion" area.
43 [ ] Make everywhere present a "Make a surgestion" area.
44 [ ] On rocketgit website, add "Feedback" area.
45 [ ] Do not forget to pack /etc/httpd/conf.d/rg.conf.
46 [ ] Allow multipl virtual hosts, with different configurations.
40 47 [ ] [ ]
File admin/sql.php changed (mode: 100644) (index 31f33cb..96db998)
1 1 <?php <?php
2 2 error_reporting(E_ALL); error_reporting(E_ALL);
3 3
4 require_once("/etc/gg/config.php");
4 require_once("/etc/rg/config.php");
5 5
6 6 $INC = dirname(__FILE__) . "/../inc"; $INC = dirname(__FILE__) . "/../inc";
7 require_once($INC . "/xlog.inc.php");
7 require_once($INC . "/log.inc.php");
8 8 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
9 9 require_once($INC . "/db/struct.inc.php"); require_once($INC . "/db/struct.inc.php");
10 10 require_once($INC . "/repo.inc.php"); require_once($INC . "/repo.inc.php");
11 11
12 $db = sql_open($gg_db);
12 $db = rg_sql_open($rg_db);
13 13 if ($db === FALSE) if ($db === FALSE)
14 14 fatal("Internal error (db)!"); fatal("Internal error (db)!");
15 15
16 gg_db_struct_run($db, TRUE);
16 rg_db_struct_run($db, TRUE);
17 17
18 18 echo "Done!\n"; echo "Done!\n";
19 19 ?> ?>
File artwork/rocketgit v1.svg changed (mode: 100644) (index c25dfd6..f8c426a)
57 57 id="path3786" id="path3786"
58 58 inkscape:connector-curvature="0" inkscape:connector-curvature="0"
59 59 sodipodi:nodetypes="cccccccccccccccc" sodipodi:nodetypes="cccccccccccccccc"
60 inkscape:export-filename="/home/catab/Desktop/gg/text2995.png"
60 inkscape:export-filename="/home/catab/Desktop/rg/text2995.png"
61 61 inkscape:export-xdpi="90" inkscape:export-xdpi="90"
62 62 inkscape:export-ydpi="90" /> inkscape:export-ydpi="90" />
63 63 <path <path
 
66 66 id="path2993" id="path2993"
67 67 inkscape:connector-curvature="0" inkscape:connector-curvature="0"
68 68 sodipodi:nodetypes="ccccccccc" sodipodi:nodetypes="ccccccccc"
69 inkscape:export-filename="/home/catab/Desktop/gg/text2995.png"
69 inkscape:export-filename="/home/catab/Desktop/rg/text2995.png"
70 70 inkscape:export-xdpi="90" inkscape:export-xdpi="90"
71 71 inkscape:export-ydpi="90" /> inkscape:export-ydpi="90" />
72 72 <text <text
File inc/admin/admin.php changed (mode: 100644) (index 9e60be1..d4b0c70)
1 1 <?php <?php
2 xlog("/inc/admin");
2 rg_log("/inc/admin");
3 3
4 if ($gg_ui['is_admin'] != 1) {
5 $_admin = "You do not have access here!";
4 $_admin = "";
5
6 if ($rg_ui['is_admin'] != 1) {
7 $_admin .= "You do not have access here!";
6 8 return; return;
7 9 } }
8 10
9 $subop = @intval($_REQUEST['subop']);
10 11
11 12 // menu // menu
12 $_admin_url = $_SERVER['PHP_SELF'] . "?op=$op";
13 $_admin_url = rg_re_url($op);
13 14 $_admin_menu = ""; $_admin_menu = "";
14 15 $_admin_menu .= "[<a href=\"$_admin_url&amp;subop=1\">Users</a>]"; $_admin_menu .= "[<a href=\"$_admin_url&amp;subop=1\">Users</a>]";
15 16 $_admin_menu .= "&nbsp;[<a href=\"$_admin_url&amp;subop=2\">Repos</a>]"; $_admin_menu .= "&nbsp;[<a href=\"$_admin_url&amp;subop=2\">Repos</a>]";
16 17 $_admin_menu .= "<br />\n"; $_admin_menu .= "<br />\n";
17 18
19
18 20 $_admin_body = ""; $_admin_body = "";
19 21
20 22 switch ($subop) { switch ($subop) {
 
... ... case 2: // repos
29 31 break; break;
30 32 } }
31 33
32 $_admin = $_admin_menu . $_admin_body;
34 $_admin .= $_admin_menu . $_admin_body;
33 35 ?> ?>
File inc/admin/repos/repos.php changed (mode: 100644) (index 23d21f7..980e841)
1 1 <?php <?php
2 xlog("/admin/repos");
2 rg_log("/admin/repos");
3 3
4 $subsubop = @intval($_REQUEST['subsubop']);
5 4
6 5 // menu // menu
7 6 $_admin_repos_url = $_admin_url . "&amp;subop=$subop"; $_admin_repos_url = $_admin_url . "&amp;subop=$subop";
 
... ... $_admin_repos_menu .= "[<a href=\"$_admin_repos_url&amp;subsubop=1\">List</a>]";
11 10 $_admin_repos_menu .= "<br />\n"; $_admin_repos_menu .= "<br />\n";
12 11 $_admin_repos_menu .= "<br />\n"; $_admin_repos_menu .= "<br />\n";
13 12
13
14 14 $_admin_repos_body = ""; $_admin_repos_body = "";
15 15
16 16 switch ($subsubop) { switch ($subsubop) {
17 17 case 1: // list case 1: // list
18 18 $_uid = 0; $_uid = 0;
19 $_admin_repos_body .= repo_list($db, $_admin_repos_url . "&amp;subsubop=$subsubop", $_uid);
19 $_admin_repos_body .= rg_repo_list($db, $_admin_repos_url . "&amp;subsubop=$subsubop", $_uid);
20 20 break; break;
21 21 } }
22 22
File inc/admin/users/add.form.php changed (mode: 100644) (index e42bdc2..d74db8f)
1 1 <?php <?php
2 2
3 3 $_form = ' $_form = '
4 <form type="post" action="' . $_SERVER['PHP_SELF'] . '">
4 <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
5 5 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
6 6 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
7 7 <input type="hidden" name="subsubop" value="' . $subsubop . '"> <input type="hidden" name="subsubop" value="' . $subsubop . '">
File inc/admin/users/add.php changed (mode: 100644) (index 38d55a2..1bad4b9)
1 1 <?php <?php
2 xlog("/admin/users/add");
2 rg_log("/admin/users/add");
3 3
4 4 $_user_add = ""; $_user_add = "";
5 5
6 6 if ($doit == 1) { if ($doit == 1) {
7 $xuser = @$_REQUEST['xuser'];
8 $email = @$_REQUEST['email'];
9 $xpass = @$_REQUEST['xpass'];
10 $is_admin = @intval($_REQUEST['is_admin']);
7 $xuser = rg_var_str("xuser");
8 $email = rg_var_str("email");
9 $xpass = rg_var_str("xpass");
10 $is_admin = rg_var_uint("is_admin");
11 11
12 $_ui = user_info($db, 0, $xuser, "");
12 $_ui = rg_user_info($db, 0, $xuser, "");
13 13 if ($_ui['ok'] == 0) { if ($_ui['ok'] == 0) {
14 14 $_user_add .= "Error: Internal error!"; $_user_add .= "Error: Internal error!";
15 15 } else if ($_ui['exists'] == 0) { } else if ($_ui['exists'] == 0) {
16 if (user_add($db, $xuser, $xpass, $email, $is_admin)) {
16 if (rg_user_add($db, $xuser, $xpass, $email, $is_admin)) {
17 17 $_user_add .= "OK!<br />"; $_user_add .= "OK!<br />";
18 18 } }
19 19 } else { } else {
20 xlog("User already in use!");
20 rg_log("User already in use!");
21 21 $_user_add .= "Error: User already taken!"; $_user_add .= "Error: User already taken!";
22 22 } }
23 23 } else { } else {
File inc/admin/users/users.php changed (mode: 100644) (index c45c3ba..23e12c3)
1 1 <?php <?php
2 xlog("/inc/admin/users");
2 rg_log("/inc/admin/users");
3 3
4 $subsubop = @intval($_REQUEST['subsubop']);
5 4
6 5 // menu // menu
7 6 $_admin_users_url = $_admin_url . "&amp;subop=$subop"; $_admin_users_url = $_admin_url . "&amp;subop=$subop";
 
... ... $_admin_users_menu .= "&nbsp;[<a href=\"$_admin_users_url&amp;subsubop=2\">Add</
11 10 $_admin_users_menu .= "<br />\n"; $_admin_users_menu .= "<br />\n";
12 11 $_admin_users_menu .= "<br />\n"; $_admin_users_menu .= "<br />\n";
13 12
13
14 14 $_admin_users_body = ""; $_admin_users_body = "";
15 15
16 16 switch ($subsubop) { switch ($subsubop) {
17 17 case 1: // list case 1: // list
18 $_admin_users_body .= user_list($db, $_admin_users_url . "&amp;subsubop=$subsubop");
18 $_admin_users_body .= rg_user_list($db, $_admin_users_url . "&amp;subsubop=$subsubop");
19 19 break; break;
20 20
21 21 case 2: //add case 2: //add
File inc/bye/bye.php added (mode: 100644) (index 0000000..a028bc8)
1 <?php
2 rg_log("/inc/bye/bye.php");
3
4 $_bye = "";
5
6 $_bye .= "Bye!";
7
8 ?>
File inc/db.inc.php changed (mode: 100644) (index f3d5de1..510a17a)
1 1 <?php <?php
2 require_once($INC . "/xlog.inc.php");
2 require_once($INC . "/log.inc.php");
3 3
4 $sql_debug = 0;
4 $rg_sql_debug = 0;
5 5
6 $sql_error = "";
6 $rg_sql_error = "";
7 7
8 8 /* /*
9 9 * Set error string * Set error string
10 10 */ */
11 function sql_set_error($str)
11 function rg_sql_set_error($str)
12 12 { {
13 global $sql_error;
13 global $rg_sql_error;
14 14
15 xlog("\tError: $str");
16 $sql_error = $str;
15 rg_log("\tError: $str");
16 $rg_sql_error = $str;
17 17 } }
18 18
19 function sql_error()
19 function rg_sql_error()
20 20 { {
21 global $sql_error;
21 global $rg_sql_error;
22 22
23 return $sql_error;
23 return $rg_sql_error;
24 24 } }
25 25
26 26 /* /*
27 27 * Connect to database * Connect to database
28 28 */ */
29 function sql_open($str)
29 function rg_sql_open($str)
30 30 { {
31 global $sql_debug;
31 global $rg_sql_debug;
32 32
33 if ($sql_debug > 0)
34 xlog("DB: opening [$str]...");
33 if ($rg_sql_debug > 0)
34 rg_log("DB: opening [$str]...");
35 35
36 36 if (strncmp($str, "sqlite:", 7) != 0) { if (strncmp($str, "sqlite:", 7) != 0) {
37 37 sql_set_error("$str connect string not supported"); sql_set_error("$str connect string not supported");
 
... ... function sql_open($str)
42 42
43 43 $db = new SQLite3($file); $db = new SQLite3($file);
44 44 if ($db === FALSE) { if ($db === FALSE) {
45 sql_set_error("Cannot connect to database $file: " . $db->lastErrorMsg());
45 rg_sql_set_error("Cannot connect to database $file: " . $db->lastErrorMsg());
46 46 return FALSE; return FALSE;
47 47 } }
48 48
 
... ... function sql_open($str)
52 52 /* /*
53 53 * Escaping * Escaping
54 54 */ */
55 function sql_escape($db, $str)
55 function rg_sql_escape($db, $str)
56 56 { {
57 57 return $db->escapeString($str); return $db->escapeString($str);
58 58 } }
 
... ... function sql_escape($db, $str)
60 60 /* /*
61 61 * Do a query * Do a query
62 62 */ */
63 function sql_query($db, $sql)
63 function rg_sql_query($db, $sql)
64 64 { {
65 global $sql_debug;
65 global $rg_sql_debug;
66 66
67 if ($sql_debug > 0)
68 xlog("DB: running [$sql]...");
67 if ($rg_sql_debug > 0)
68 rg_log("DB: running [$sql]...");
69 69
70 70 $res = $db->query($sql); $res = $db->query($sql);
71 71 if ($res === FALSE) { if ($res === FALSE) {
72 sql_set_error("$sql: " . $db->lastErrorMsg());
72 rg_sql_set_error("$sql: " . $db->lastErrorMsg());
73 73 return FALSE; return FALSE;
74 74 } }
75 75
 
... ... function sql_query($db, $sql)
79 79 /* /*
80 80 * Close database * Close database
81 81 */ */
82 function sql_close($db)
82 function rg_sql_close($db)
83 83 { {
84 84 $db->close(); $db->close();
85 85 } }
 
... ... function sql_close($db)
87 87 /* /*
88 88 * Free results * Free results
89 89 */ */
90 function sql_free_result($res)
90 function rg_sql_free_result($res)
91 91 { {
92 92 $res->finalize(); $res->finalize();
93 93 } }
 
... ... function sql_free_result($res)
95 95 /* /*
96 96 * Returns a row as an associated array * Returns a row as an associated array
97 97 */ */
98 function sql_fetch_array($res)
98 function rg_sql_fetch_array($res)
99 99 { {
100 100 return $res->fetchArray(SQLITE3_ASSOC); return $res->fetchArray(SQLITE3_ASSOC);
101 101 } }
102 102
103 function sql_last_id($db)
103 function rg_sql_last_id($db)
104 104 { {
105 105 return $db->lastInsertRowID(); return $db->lastInsertRowID();
106 106 } }
File inc/db/struct.inc.php changed (mode: 100644) (index e113643..8fbc9fd)
1 1 <?php <?php
2 2 error_reporting(E_ALL); error_reporting(E_ALL);
3 3
4 $gg_db_struct = array();
4 $rg_db_struct = array();
5 5
6 $gg_db_struct[0] = array(
6 $rg_db_struct[0] = array(
7 7 "repos" => "CREATE TABLE repos" "repos" => "CREATE TABLE repos"
8 8 . " (repo_id INTEGER PRIMARY KEY" . " (repo_id INTEGER PRIMARY KEY"
9 9 . ", name TEXT" . ", name TEXT"
 
... ... $gg_db_struct[0] = array(
28 28 "keys" => "CREATE TABLE keys" "keys" => "CREATE TABLE keys"
29 29 . " (key_id INTEGER PRIMARY KEY" . " (key_id INTEGER PRIMARY KEY"
30 30 . ", itime INTEGER" . ", itime INTEGER"
31 . ", uid INTEGER, key TEXT)",
31 . ", uid INTEGER"
32 . ", key TEXT)",
32 33 "users" => "CREATE TABLE users" "users" => "CREATE TABLE users"
33 34 . " (uid INTEGER PRIMARY KEY" . " (uid INTEGER PRIMARY KEY"
34 35 . ", user TEXT" . ", user TEXT"
 
... ... $gg_db_struct[0] = array(
58 59 /* /*
59 60 * Generate structure * Generate structure
60 61 */ */
61 function gg_db_struct_run($db, $ignore_errors)
62 function rg_db_struct_run($db, $ignore_errors)
62 63 { {
63 global $gg_db_struct;
64 global $rg_db_struct;
64 65
65 foreach ($gg_db_struct as $index => $sqls) {
66 foreach ($rg_db_struct as $index => $sqls) {
66 67 foreach ($sqls as $table => $sql) { foreach ($sqls as $table => $sql) {
67 echo "[$table] Running [$sql]...\n";
68 $res = sql_query($db, $sql);
68 //echo "[$table] Running [$sql]...\n";
69 $res = rg_sql_query($db, $sql);
69 70 if ($res === FALSE) { if ($res === FALSE) {
70 echo "WARN: Cannot create '$table' table!\n";
71 echo "WARN: Cannot create '$table' table ($sql)!\n";
71 72 if (!$ignore_errors) if (!$ignore_errors)
72 73 return FALSE; return FALSE;
73 74 } }
File inc/dispatch/dispatch.php added (mode: 100644) (index 0000000..f21d460)
1 <?php
2 rg_log("/dispatch/dispatch.php");
3
4 $new_op = "";
5
6 switch ($op) {
7 case 'home':
8 include($INC . "/home/home.php");
9 $body .= $_home;
10 break;
11
12 case 'login':
13 include($INC . "/login/login.php");
14 $body .= $_login;
15 break;
16
17 case 'logout':
18 if (rg_sess_destroy($db, $sid, $rg_ui)) {
19 $new_op = "bye";
20 } else {
21 $body .= "Not OK!";
22 }
23 break;
24
25 case 'repo':
26 include($INC . "/repo/repo.php");
27 $body .= $_repo;
28 break;
29
30 case 'repopage':
31 include($INC . "/repo/repo_page.php");
32 $body .= $_repo;
33 break;
34
35 case 'admin':
36 include($INC . "/admin/admin.php");
37 $body .= $_admin;
38 break;
39
40 case 'keys':
41 include($INC . "/keys/keys.php");
42 $body .= $_keys;
43 break;
44
45 case 'forgotlink': // forgot pass link
46 include($INC . "/user/forgot.php");
47 $body .= $_forgot;
48 break;
49
50 case 'forgotmail': // forgot pass - send mail
51 include($INC . "/user/forgot_mail.php");
52 $body .= $_forgot;
53 break;
54
55 case 'bye':
56 include($INC . "/bye/bye.php");
57 $body .= $_bye;
58 break;
59 }
60
61 $op = $new_op;
62 rg_log("new op=$op.");
63 ?>
File inc/git.inc.php changed (mode: 100644) (index 71b60d9..aa6e299)
1 1 <?php <?php
2 2 require_once($INC . "/util.inc.php"); require_once($INC . "/util.inc.php");
3 require_once($INC . "/xlog.inc.php");
3 require_once($INC . "/log.inc.php");
4 4
5 function gg_git_set_error($str)
5 $rg_git_error = "";
6
7 function rg_git_set_error($str)
6 8 { {
7 global $_gg_git_error;
9 global $rg_git_error;
8 10
9 xlog("\tError: $str");
10 $_gg_git_error = $str;
11 rg_log("\tError: $str");
12 $rg_git_error = $str;
11 13 } }
12 14
13 function gg_git_error()
15 function rg_git_error()
14 16 { {
15 global $_gg_git_error;
16 return $_gg_git_error;
17 global $rg_git_error;
18 return $rg_git_error;
17 19 } }
18 20
19 function git_install_hooks($dst)
21 function rg_git_install_hooks($dst)
20 22 { {
21 xlog("git_install_hooks: dst=$dst...");
23 rg_log("git_install_hooks: dst=$dst...");
22 24
23 xlog("\tNot yet implemented!");
25 rg_log("\tNot yet implemented!");
24 26 return TRUE; return TRUE;
25 27 } }
26 28
27 function gg_git_init($dst)
29 function rg_git_init($dst)
28 30 { {
29 xlog("git_init: dst=$dst...");
31 rg_log("git_init: dst=$dst...");
30 32
31 33 $dir = dirname($dst); $dir = dirname($dst);
32 34 if (!file_exists($dir)) { if (!file_exists($dir)) {
33 35 $r = @mkdir($dir, 0755, TRUE); $r = @mkdir($dir, 0755, TRUE);
34 36 if ($r === FALSE) { if ($r === FALSE) {
35 xlog("\tCannot create dir [$dir] ($php_errormsg)!");
37 rg_log("\tCannot create dir [$dir] ($php_errormsg)!");
36 38 return FALSE; return FALSE;
37 39 } }
38 40 } }
39 41
40 if (file_exists($dst . "/gg")) {
41 xlog("\tGit repo was created OK. Skip cloning.");
42 if (file_exists($dst . "/rg")) {
43 rg_log("\tGit repo was created OK. Skip cloning.");
42 44 } else { } else {
43 45 $cmd = "git init --bare '" . escapeshellcmd($dst) . "'"; $cmd = "git init --bare '" . escapeshellcmd($dst) . "'";
44 xlog("\texec $cmd...");
46 rg_log("\texec $cmd...");
45 47 $a = exec($cmd, $output, $err); $a = exec($cmd, $output, $err);
46 48 if ($err != 0) { if ($err != 0) {
47 xlog("\tError $err (" . implode("|", $output) . " ($a)!");
49 rg_log("\tError $err (" . implode("|", $output) . " ($a)!");
48 50 return FALSE; return FALSE;
49 51 } }
50 52
51 if (!@mkdir($dst . "/gg")) {
52 xlog("\tCannot create gg dir ($php_errormsg)!");
53 if (!@mkdir($dst . "/rg")) {
54 rg_log("\tCannot create rg dir ($php_errormsg)!");
53 55 return FALSE; return FALSE;
54 56 } }
55 57 } }
56 58
57 if (git_install_hooks($dst) === FALSE)
59 if (rg_git_install_hooks($dst) === FALSE)
58 60 return FALSE; return FALSE;
59 61
60 62 return TRUE; return TRUE;
61 63 } }
62 64
63 function gg_git_clone($src, $dst)
65 function rg_git_clone($src, $dst)
64 66 { {
65 xlog("git_clone: src=$src, dst=$dst...");
67 rg_log("git_clone: src=$src, dst=$dst...");
66 68
67 69 $dir = dirname($dst); $dir = dirname($dst);
68 70 if (!file_exists($dir)) { if (!file_exists($dir)) {
69 71 $r = @mkdir($dir, 0755, TRUE); $r = @mkdir($dir, 0755, TRUE);
70 72 if ($r === FALSE) { if ($r === FALSE) {
71 xlog("\tCannot create dir [$dir] ($php_errormsg)!");
73 rg_log("\tCannot create dir [$dir] ($php_errormsg)!");
72 74 return FALSE; return FALSE;
73 75 } }
74 76 } }
75 77
76 if (file_exists($dst . "/gg")) {
77 xlog("\tGit repo was created OK. Skip cloning.");
78 if (file_exists($dst . "/rg")) {
79 rg_log("\tGit repo was created OK. Skip cloning.");
78 80 } else { } else {
79 81 $cmd = "git clone --bare '" . escapeshellcmd($src) . "'" $cmd = "git clone --bare '" . escapeshellcmd($src) . "'"
80 82 . " '" . escapeshellcmd($dst) . "'"; . " '" . escapeshellcmd($dst) . "'";
81 xlog("\texec $cmd...");
83 rg_log("\texec $cmd...");
82 84 $a = exec($cmd); $a = exec($cmd);
83 85 if ($err != 0) { if ($err != 0) {
84 xlog("\tError $err (" . implode("|", $output) . " ($a)!");
86 rg_log("\tError $err (" . implode("|", $output) . " ($a)!");
85 87 return FALSE; return FALSE;
86 88 } }
87 89
88 if (!@mkdir($dst . "/gg")) {
89 xlog("\tCannot create gg dir ($php_errormsg)!");
90 if (!@mkdir($dst . "/rg")) {
91 rg_log("\tCannot create rg dir ($php_errormsg)!");
90 92 return FALSE; return FALSE;
91 93 } }
92 94 } }
93 95
94 if (git_install_hooks($dst) === FALSE)
96 if (rg_git_install_hooks($dst) === FALSE)
95 97 return FALSE; return FALSE;
96 98
97 99 return TRUE; return TRUE;
File inc/home/home.php added (mode: 100644) (index 0000000..c05b12a)
1 <?php
2 rg_log("/home/home.php");
3
4 $_home = "";
5
6 $_home .= "Bau!";
7
8 ?>
9
File inc/keys.inc.php changed (mode: 100644) (index 92fd4d2..ddb0b09)
2 2 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
3 3 require_once($INC . "/state.inc.php"); require_once($INC . "/state.inc.php");
4 4
5 $keys_error = "";
5 $rg_keys_error = "";
6 6
7 function keys_set_error($str)
7 function rg_keys_set_error($str)
8 8 { {
9 global $keys_error;
9 global $rg_keys_error;
10 10
11 xlog("\tError: $str");
12 $keys_error = $str;
11 rg_log("\tError: $str");
12 $rg_keys_error = $str;
13 13 } }
14 14
15 function keys_error()
15 function rg_keys_error()
16 16 { {
17 global $keys_error;
18 return $keys_error;
17 global $rg_keys_error;
18 return $rg_keys_error;
19 19 } }
20 20
21 21 /* /*
22 * Generates the fingerprint of a key
22 * Validate key
23 23 */ */
24 function keys_fingerprint($key)
24 function rg_keys_valid($s)
25 25 { {
26 $v = explode(" ", $key);
26 $v = explode(" ", $s);
27 if (!isset($v[1])) {
28 rg_keys_set_error("Malformed input (missing fields)");
29 return FALSE;
30 }
27 31
28 32 $decoded = base64_decode(trim($v[1])); $decoded = base64_decode(trim($v[1]));
33 if ($decoded === FALSE) {
34 rg_keys_set_error("Malformed input (base64 failed)");
35 return FALSE;
36 }
37
38 return $decoded;
39 }
40
41 /*
42 * Generates the fingerprint of a key
43 */
44 function rg_keys_fingerprint($key)
45 {
46 $decoded = rg_keys_valid($key);
47 if ($decoded === FALSE)
48 return rg_keys_error();
49
29 50 $digest = md5($decoded); $digest = md5($decoded);
30 51
31 52 $a = array(); $a = array();
 
... ... function keys_fingerprint($key)
38 59 /* /*
39 60 * Remove a key from database * Remove a key from database
40 61 */ */
41 function keys_remove($db, $uid, $key_id)
62 function rg_keys_remove($db, $rg_ui, $key_id)
42 63 { {
43 64 // mark dirty // mark dirty
44 state_set($db, "authorized_keys", 1);
65 rg_state_set($db, "authorized_keys", 1);
45 66
46 $e_uid = sprintf("%u", $uid);
67 // TODO: move this to caller?
47 68 $e_key_id = sprintf("%u", $key_id); $e_key_id = sprintf("%u", $key_id);
48 69
49 70 $sql = "DELETE FROM keys" $sql = "DELETE FROM keys"
50 . " WHERE uid = $e_uid"
71 . " WHERE uid = " . $rg_ui['uid']
51 72 . " AND key_id = $e_key_id"; . " AND key_id = $e_key_id";
52 $res = sql_query($db, $sql);
73 $res = rg_sql_query($db, $sql);
53 74 if ($res === FALSE) { if ($res === FALSE) {
54 keys_set_error("Cannot delete key $key_id (" . sql_error() . ")");
75 rg_keys_set_error("Cannot delete key $key_id (" . rg_sql_error() . ")");
55 76 return FALSE; return FALSE;
56 77 } }
57 sql_free_result($res);
78 rg_sql_free_result($res);
58 79
59 80 return TRUE; return TRUE;
60 81 } }
 
... ... function keys_remove($db, $uid, $key_id)
63 84 * Add a key * Add a key
64 85 * Returns the key_id of the key. * Returns the key_id of the key.
65 86 */ */
66 function keys_add($db, $uid, $key)
87 function rg_keys_add($db, $rg_ui, $key)
67 88 { {
68 89 $itime = time(); $itime = time();
69 $e_uid = sprintf("%u", $uid);
70 $e_key = sql_escape($db, $key);
90 $e_key = rg_sql_escape($db, $key);
91
92 if (rg_keys_valid($key) === FALSE)
93 return FALSE;
71 94
72 95 // set dirty // set dirty
73 if (state_set($db, "authorized_keys", 1) === FALSE)
96 if (rg_state_set($db, "authorized_keys", 1) === FALSE)
74 97 return FALSE; return FALSE;
75 98
76 99 $sql = "INSERT INTO keys (itime, uid, key)" $sql = "INSERT INTO keys (itime, uid, key)"
77 . " VALUES ($itime, $e_uid, '$e_key')";
78 $res = sql_query($db, $sql);
100 . " VALUES ($itime, " . $rg_ui['uid'] . ", '$e_key')";
101 $res = rg_sql_query($db, $sql);
79 102 if ($res === FALSE) { if ($res === FALSE) {
80 keys_set_error("Cannot insert key (" . sql_error() . ")");
103 rg_keys_set_error("Cannot insert key (" . rg_sql_error() . ")");
81 104 return FALSE; return FALSE;
82 105 } }
83 sql_free_result($res);
106 rg_sql_free_result($res);
84 107
85 return sql_last_id($db);
108 return rg_sql_last_id($db);
86 109 } }
87 110
88 111 /* /*
89 112 * Regenerates authorized_keys files * Regenerates authorized_keys files
90 113 */ */
91 function keys_regen($db)
114 function rg_keys_regen($db)
92 115 { {
93 global $gg_keys_file;
94 global $gg_scripts;
116 global $rg_keys_file;
117 global $rg_scripts;
95 118
96 $dirty = state_get($db, "authorized_keys");
119 $dirty = rg_state_get($db, "authorized_keys");
97 120 if ($dirty == 0) if ($dirty == 0)
98 121 return TRUE; return TRUE;
99 122
100 $tmp = $gg_keys_file . ".tmp";
123 $tmp = $rg_keys_file . ".tmp";
101 124 $f = @fopen($tmp, "w"); $f = @fopen($tmp, "w");
102 125 if ($f === FALSE) { if ($f === FALSE) {
103 keys_set_error("Cannot open file $tmp ($php_errormsg)!");
126 rg_keys_set_error("Cannot open file $tmp ($php_errormsg)!");
104 127 return FALSE; return FALSE;
105 128 } }
106 129
107 130 if (chmod($tmp, 0600) === FALSE) { if (chmod($tmp, 0600) === FALSE) {
108 keys_set_error("Cannot chmod tmp file ($php_errmsg)!");
131 rg_keys_set_error("Cannot chmod tmp file ($php_errmsg)!");
109 132 return FALSE; return FALSE;
110 133 } }
111 134
112 135 $sql = "SELECT uid, key FROM keys"; $sql = "SELECT uid, key FROM keys";
113 $res = sql_query($db, $sql);
136 $res = rg_sql_query($db, $sql);
114 137 if ($res === FALSE) { if ($res === FALSE) {
115 keys_set_error("Cannot query (" . sql_error() . ")");
138 rg_keys_set_error("Cannot query (" . rg_sql_error() . ")");
116 139 return FALSE; return FALSE;
117 140 } }
118 while (($row = sql_fetch_array($res))) {
119 $buf = "command=\"/usr/bin/php " . $gg_scripts . "/ssh.php " . $row['uid'] . "\""
141 while (($row = rg_sql_fetch_array($res))) {
142 $buf = "command=\"/usr/bin/php " . $rg_scripts . "/ssh.php " . $row['uid'] . "\""
120 143 . ",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty" . ",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty"
121 144 . " " . $row['key'] . "\n"; . " " . $row['key'] . "\n";
122 145 if (@fwrite($f, $buf) === FALSE) { if (@fwrite($f, $buf) === FALSE) {
123 keys_set_error("Cannot write. Disk space problems? ($php_errormsg)");
146 rg_keys_set_error("Cannot write. Disk space problems? ($php_errormsg)");
124 147 fclose($f); fclose($f);
125 148 unlink($tmp); unlink($tmp);
126 sql_free_result($res);
149 rg_sql_free_result($res);
127 150 return FALSE; return FALSE;
128 151 } }
129 152 } }
130 sql_free_result($res);
153 rg_sql_free_result($res);
131 154
132 155 fclose($f); fclose($f);
133 156
134 if (@rename($tmp, $gg_keys_file) === FALSE) {
135 keys_set_error("Cannot rename $tmp to $gg_keys_file ($php_errormsg)!");
157 if (@rename($tmp, $rg_keys_file) === FALSE) {
158 rg_keys_set_error("Cannot rename $tmp to $rg_keys_file ($php_errormsg)!");
136 159 unlink($tmp); unlink($tmp);
137 160 return FALSE; return FALSE;
138 161 } }
139 162
140 163 // mark file as clean // mark file as clean
141 state_set($db, "authorized_keys", 0);
164 rg_state_set($db, "authorized_keys", 0);
142 165
143 166 return TRUE; return TRUE;
144 167 } }
 
... ... function keys_regen($db)
146 169 /* /*
147 170 * List keys * List keys
148 171 */ */
149 function keys_list($db, $uid, $url)
172 function rg_keys_list($db, $rg_ui, $url)
150 173 { {
151 xlog("keys_list: uid=$uid, url=$url...");
174 rg_log("keys_list: rg_uid=" . $rg_ui['uid'] . ", url=$url...");
152 175
153 $sql = "SELECT * FROM keys WHERE uid = $uid";
154 $res = sql_query($db, $sql);
176 $sql = "SELECT * FROM keys WHERE uid = " . $rg_ui['uid'];
177 $res = rg_sql_query($db, $sql);
155 178 if ($res === FALSE) { if ($res === FALSE) {
156 keys_set_error("Cannot query (" . sql_error() . ")");
179 rg_keys_set_error("Cannot query (" . rg_sql_error() . ")");
157 180 return FALSE; return FALSE;
158 181 } }
159 182
 
... ... function keys_list($db, $uid, $url)
163 186 $ret .= " <th>Fingerprint</th>\n"; $ret .= " <th>Fingerprint</th>\n";
164 187 $ret .= " <th>Operations</th>\n"; $ret .= " <th>Operations</th>\n";
165 188 $ret .= "</tr>\n"; $ret .= "</tr>\n";
166 while (($row = sql_fetch_array($res))) {
189 while (($row = rg_sql_fetch_array($res))) {
167 190 $ret .= "<tr>\n"; $ret .= "<tr>\n";
168 191 $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n"; $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n";
169 $ret .= " <td>" . keys_fingerprint($row['key']) . "</td>\n";
192 $ret .= " <td>" . rg_keys_fingerprint($row['key']) . "</td>\n";
170 193
171 194 $oper = ""; $oper = "";
172 195 $oper = "[<a href=\"$url&amp;key_id=" . $row['key_id'] $oper = "[<a href=\"$url&amp;key_id=" . $row['key_id']
 
... ... function keys_list($db, $uid, $url)
175 198 $ret .= "</tr>\n"; $ret .= "</tr>\n";
176 199 } }
177 200 $ret .= "</table>\n"; $ret .= "</table>\n";
178 sql_free_result($res);
201 rg_sql_free_result($res);
179 202
180 203 return $ret; return $ret;
181 204 } }
File inc/keys/add.form.php changed (mode: 100644) (index f1896b0..641cf91)
1 1 <?php <?php
2 2
3 3 $_form = ' $_form = '
4 <form type="post" action="' . $_SERVER['PHP_SELF'] . '">
4 <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
5 5 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
6 6 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
7 7 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
File inc/keys/keys.php changed (mode: 100644) (index ee46f0a..a0368e5)
1 1 <?php <?php
2 xlog("/inc/keys/keys.php");
2 rg_log("/inc/keys/keys.php");
3 3
4 if ($gg_uid == 0) {
5 $_body = "You do not have access here!";
4 $_keys = "";
5
6 if ($rg_ui['uid'] == 0) {
7 $_keys .= "You do not have access here!";
6 8 return; return;
7 9 } }
8 10
9 $subop = @intval($_REQUEST['subop']);
10 $key = @$_REQUEST['key'];
11 $key = rg_var_str("key");
11 12 $key = preg_replace("|[^/A-Za-z0-9 @/+_\.\=,-]|", "", $key); $key = preg_replace("|[^/A-Za-z0-9 @/+_\.\=,-]|", "", $key);
12 $key_id = @intval($_REQUEST['key_id']);
13 $key_id = rg_var_uint("key_id");
13 14
14 15 // menu // menu
15 $_url = $_SERVER['PHP_SELF'] . "?op=$op";
16 $_url = rg_re_url($op);
16 17 $_menu = ""; $_menu = "";
17 18 $_menu .= "[<a href=\"$_url&amp;subop=1\">Add</a>]"; $_menu .= "[<a href=\"$_url&amp;subop=1\">Add</a>]";
18 19 $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">List</a>]"; $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">List</a>]";
 
... ... $_body = "";
24 25 switch ($subop) { switch ($subop) {
25 26 case 1: // add case 1: // add
26 27 if ($doit == 1) { if ($doit == 1) {
27 $_r = keys_add($db, $gg_uid, $key);
28 $_r = rg_keys_add($db, $rg_ui, $key);
28 29 if ($_r === FALSE) if ($_r === FALSE)
29 $_body .= keys_error();
30 $_body .= rg_keys_error();
30 31 else else
31 32 $_body = "OK!"; $_body = "OK!";
32 } else {
33 include($INC . "/keys/add.form.php");
34 $_body .= $_form;
35 33 } }
34
35 include($INC . "/keys/add.form.php");
36 $_body .= $_form;
36 37 break; break;
37 38
38 39 case 2: // list case 2: // list
39 if (@$_REQUEST['delete'] == 1) {
40 if (keys_remove($db, $gg_uid, $key_id) === FALSE)
41 $_body .= "Bad: " . keys_error() . "!<br />\n";
40 if (rg_var_uint("delete") == 1) {
41 if (rg_keys_remove($db, $rg_ui, $key_id) === FALSE)
42 $_body .= "Bad: " . rg_keys_error() . "!<br />\n";
42 43 } }
43 44
44 $_body .= keys_list($db, $gg_uid, $_url . "&amp;subop=2");
45 $_body .= rg_keys_list($db, $rg_ui, $_url . "&amp;subop=2");
45 46 break; break;
46 47
47 48 } }
48 49
49 $_keys = $_menu . $_body;
50 $_keys .= $_menu . $_body;
50 51 ?> ?>
File inc/log.inc.php added (mode: 100644) (index 0000000..11c8ca3)
1 <?php
2 require_once($INC . "/util.inc.php");
3
4 $rg_log_file = "/tmp/rg.log";
5 $rg_log_fd = FALSE;
6 $rg_log_sid = rg_id(6);
7
8 function rg_log_set_file($file)
9 {
10 global $rg_log_file;
11
12 $rg_log_file = $file;
13 }
14
15 function rg_log($str)
16 {
17 global $rg_log_file;
18 global $rg_log_fd;
19 global $rg_log_sid;
20
21 if ($rg_log_fd === FALSE) {
22 $rg_log_fd = @fopen($rg_log_file, "a+");
23 if ($rg_log_fd === FALSE)
24 return;
25 // write an empty line
26 fwrite($rg_log_fd, "\n");
27 }
28
29 $t = gettimeofday();
30 $buf = gmdate("Y-m-d H:i:s", $t['sec']) . "." . sprintf("%06d", $t['usec']);
31 $buf .= " " . $rg_log_sid . " " . $str . "\n";
32
33 fwrite($rg_log_fd, $buf);
34 }
35
36 ?>
File inc/login/login.form.php changed (mode: 100644) (index 26ea6eb..29827c0)
1 1 <?php <?php
2 2 $_form = ''; $_form = '';
3 3
4 if (!empty($error))
5 $_form .= "<font color=red>$error</font>\n";
4 if (count($errmsg) > 0)
5 $_form .= "<font color=red>" . implode("<br />\n", $errmsg) . "</font>\n";
6 6
7 7 $_form .= ' $_form .= '
8 8 <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
 
... ... Password: <input type="password" name="pass" value="' . $pass . '"><br />
17 17
18 18 Forgot your password?<br /> Forgot your password?<br />
19 19 <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
20 <input type="hidden" name="op" value="7">
20 <input type="hidden" name="op" value="forgotmail">
21 21 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
22 22
23 23 E-mail: <input type="text" name="email" value=""><br /> E-mail: <input type="text" name="email" value=""><br />
File inc/login/login.php changed (mode: 100644) (index d677c0c..b5edbcd)
1 1 <?php <?php
2 xlog("/inc/login/login.php");
2 rg_log("/inc/login/login.php");
3 3
4 $doit = @intval($_REQUEST['doit']);
5 $user = @$_COOKIE['user'];
6 $pass = "";
4 $user = rg_var_str("user");
5 $pass = rg_var_str("pass");
7 6
8 7 $_login = "<br />\n"; $_login = "<br />\n";
9 8
10 $error = "";
11 if ($doit == 1)
12 $error = "Invalid user and/or pass.";
9 $show_form = 1;
13 10
14 include($INC . "/login/login.form.php");
15 $_login .= $_form;
11 $errmsg = array();
16 12
17 ?>
13 if ($doit == 1) {
14 $r = rg_user_login_by_user_pass($db, $user, $pass, $rg_ui);
15 if ($r === FALSE) {
16 $errmsg[] = rg_user_error();
17 } else {
18 $show_form = 0;
19 $new_op = "home"; // redirect to home page
20 }
21 }
22
23 if ($show_form == 1) {
24 include($INC . "/login/login.form.php");
25 $_login .= $_form;
26 }
27
28 ?>
File inc/repo.inc.php changed (mode: 100644) (index bd1ce29..c641892)
1 1 <?php <?php
2 2 require_once($INC . "/util.inc.php"); require_once($INC . "/util.inc.php");
3 require_once($INC . "/xlog.inc.php");
3 require_once($INC . "/log.inc.php");
4 4 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
5 5 require_once($INC . "/user.inc.php"); require_once($INC . "/user.inc.php");
6 6 require_once($INC . "/git.inc.php"); require_once($INC . "/git.inc.php");
7 7
8 $gg_repo_error = "";
8 $rg_repo_error = "";
9 9
10 $gg_repo_rights = array("A" => "Admin",
10 $rg_repo_rights = array("A" => "Admin",
11 11 "F" => "Fetch", "F" => "Fetch",
12 12 "P" => "Push", "P" => "Push",
13 13 "D" => "Delete branch"); "D" => "Delete branch");
14 14
15 function gg_repo_set_error($str)
15 function rg_repo_set_error($str)
16 16 { {
17 global $gg_repo_error;
17 global $rg_repo_error;
18 18
19 xlog("\tError: $str");
20 $gg_repo_error = $str;
19 rg_log("\tError: $str");
20 $rg_repo_error = $str;
21 21 } }
22 22
23 function gg_repo_error()
23 function rg_repo_error()
24 24 { {
25 global $gg_repo_error;
26 return $gg_repo_error;
25 global $rg_repo_error;
26 return $rg_repo_error;
27 }
28
29 /*
30 * Enforce name
31 */
32 function rg_repo_ok($repo)
33 {
34 global $rg_repo_allow;
35 global $rg_repo_max_len;
36
37 if (rg_chars_allow($repo, $rg_repo_allow) === FALSE) {
38 rg_repo_set_error("Invalid repository name");
39 return FALSE;
40 }
41
42 if (preg_match('/\.\./', $repo)) {
43 rg_repo_set_error("Invalid repository name");
44 return FALSE;
45 }
46
47 if (strlen($repo) > $rg_repo_max_len) {
48 rg_repo_set_error("Repository name is too long");
49 return FALSE;
50 }
51
52 return TRUE;
27 53 } }
28 54
29 55 /* /*
30 56 * Returns the path to a repository based on repo_id * Returns the path to a repository based on repo_id
31 57 */ */
32 function repo_id2base($repo_id)
58 function rg_repo_id2base($repo_id)
33 59 { {
34 global $gg_base_repo;
60 global $rg_base_repo;
35 61
36 62 $r3 = sprintf("%03u", $repo_id % 1000); $r3 = sprintf("%03u", $repo_id % 1000);
37 63
38 return $gg_base_repo . "/"
64 return $rg_base_repo . "/"
39 65 . $r3[0] . "/" . $r3[1] . "/" . $r3[2] . "/"; . $r3[0] . "/" . $r3[1] . "/" . $r3[2] . "/";
40 66 } }
41 67
42 68 /* /*
43 69 * Return info about a repo * Return info about a repo
44 70 */ */
45 function repo_info($db, $repo_id, $repo)
71 function rg_repo_info($db, $repo_id, $repo)
46 72 { {
47 xlog("repo_info: repo_id=$repo_id, repo=$repo...");
73 rg_log("repo_info: repo_id=$repo_id, repo=$repo...");
48 74
49 75 $ret['ok'] = 0; $ret['ok'] = 0;
50 76 $ret['exists'] = 0; $ret['exists'] = 0;
 
... ... function repo_info($db, $repo_id, $repo)
52 78 if ($repo_id > 0) { if ($repo_id > 0) {
53 79 $add = " AND repo_id = $repo_id"; $add = " AND repo_id = $repo_id";
54 80 } else if (!empty($repo)) { } else if (!empty($repo)) {
55 $e_repo = sql_escape($db, $repo);
81 $e_repo = rg_sql_escape($db, $repo);
56 82 $add = " AND name = '$e_repo'"; $add = " AND name = '$e_repo'";
57 83 } else { } else {
58 84 $ret['errmsg'] = "No repo_id or name specified!"; $ret['errmsg'] = "No repo_id or name specified!";
 
... ... function repo_info($db, $repo_id, $repo)
60 86 } }
61 87
62 88 $sql = "SELECT * FROM repos WHERE 1 = 1" . $add; $sql = "SELECT * FROM repos WHERE 1 = 1" . $add;
63 $res = sql_query($db, $sql);
89 $res = rg_sql_query($db, $sql);
64 90 if ($res === FALSE) { if ($res === FALSE) {
65 $ret['errmsg'] = "Cannot query (" . sql_error() . ")";
66 xlog("\t" . $ret['errmsg']);
91 $ret['errmsg'] = "Cannot query (" . rg_sql_error() . ")";
92 rg_log("\t" . $ret['errmsg']);
67 93 return $ret; return $ret;
68 94 } }
69 95 $ret['ok'] = 1; $ret['ok'] = 1;
70 $row = sql_fetch_array($res);
71 sql_free_result($res);
96 $row = rg_sql_fetch_array($res);
97 rg_sql_free_result($res);
72 98 if (!isset($row['repo_id'])) { if (!isset($row['repo_id'])) {
73 xlog("\tRepo not found!");
99 rg_log("\tRepo not found!");
74 100 return $ret; return $ret;
75 101 } }
76 102
 
... ... function repo_info($db, $repo_id, $repo)
82 108 /* /*
83 109 * Check if a uid has access to repository * Check if a uid has access to repository
84 110 */ */
85 function repo_allow($db, $ri, $uid, $needed_rights)
111 function rg_repo_allow($db, $ri, $rg_ui, $needed_rights)
86 112 { {
87 xlog("repo_allow: uid=$uid, needed_rights=$needed_rights...");
113 rg_log("repo_allow: rg_uid=" . $rg_ui['uid']
114 . ", needed_rights=$needed_rights...");
115
116 if ($rg_ui['is_admin'] == 1)
117 return TRUE;
88 118
89 119 if (empty($needed_rights)) { if (empty($needed_rights)) {
90 xlog("\tNo perms passed!");
120 rg_log("\tNo perms passed!");
91 121 return FALSE; return FALSE;
92 122 } }
93 123
94 $rr = gg_repo_rights_get($db, $ri, $uid);
124 $rr = rg_repo_rights_get($db, $ri, $rg_ui['uid']);
95 125 if ($rr['ok'] != 1) { if ($rr['ok'] != 1) {
96 gg_repo_set_error("No access!");
126 rg_repo_set_error("No access!");
97 127 return FALSE; return FALSE;
98 128 } }
99 xlog("\tdb rights: " . $rr['rights']);
129 rg_log("\tdb rights: " . $rr['rights']);
100 130
101 131 $len = strlen($needed_rights); $len = strlen($needed_rights);
102 132 for ($i = 0; $i < $len; $i++) { for ($i = 0; $i < $len; $i++) {
103 133 if (!strstr($rr['rights'], $needed_rights[$i])) { if (!strstr($rr['rights'], $needed_rights[$i])) {
104 gg_repo_set_error("No rights (" . $needed_rights[$i] . ")");
134 rg_repo_set_error("No rights (" . $needed_rights[$i] . ")");
105 135 return FALSE; return FALSE;
106 136 } }
107 137 } }
108 138
109 xlog("\tAllow access!");
139 rg_log("\tAllow access!");
110 140
111 141 return TRUE; return TRUE;
112 142 } }
 
... ... function repo_allow($db, $ri, $uid, $needed_rights)
114 144 /* /*
115 145 * Add a repository * Add a repository
116 146 * @master - makes sense only for clones - who is the master. * @master - makes sense only for clones - who is the master.
147 * TODO: put all fields into an array!
117 148 */ */
118 function repo_create($db, $master, $gg_uid, $name, $max_commit_size, $desc,
149 function rg_repo_create($db, $master, $rg_ui, $name, $max_commit_size, $desc,
119 150 $rights) $rights)
120 151 { {
121 152 // TODO: reorder parameters - are not logical // TODO: reorder parameters - are not logical
122 xlog("repo_create: gg_uid=$gg_uid, name=[$name], master=$master"
153 rg_log("repo_create: rg_uid=" . $rg_ui['uid']
154 . ", name=[$name], master=$master"
123 155 . ", max_commit_size=$max_commit_size, desc=[$desc]" . ", max_commit_size=$max_commit_size, desc=[$desc]"
124 156 . ", rights=$rights..."); . ", rights=$rights...");
125 157
158 if (rg_repo_ok($name) === FALSE)
159 return FALSE;
160
126 161 // First, test if it already exists // First, test if it already exists
127 $ri = repo_info($db, 0, $name);
162 $ri = rg_repo_info($db, 0, $name);
128 163 if ($ri['ok'] != 1) if ($ri['ok'] != 1)
129 164 return FALSE; return FALSE;
130 165 if ($ri['exists'] == 1) { if ($ri['exists'] == 1) {
131 gg_repo_set_error("Repository already exists.");
166 rg_repo_set_error("Repository already exists.");
132 167 return FALSE; return FALSE;
133 168 } }
134 169
135 // XSS protection
136 $name = gg_xss($name);
137 $desc = gg_xss($desc);
170 // XSS protection - TODO: be more specific
171 $name = rg_xss($name);
172 $desc = rg_xss($desc);
138 173
139 $e_name = sql_escape($db, $name);
140 $e_desc = sql_escape($db, $desc);
174 $e_name = rg_sql_escape($db, $name);
175 $e_desc = rg_sql_escape($db, $desc);
141 176
142 177 $itime = time(); $itime = time();
143 178
144 179 $sql = "INSERT INTO repos (uid, master, name, itime" $sql = "INSERT INTO repos (uid, master, name, itime"
145 180 . ", max_commit_size, desc, git_dir_done, default_rights)" . ", max_commit_size, desc, git_dir_done, default_rights)"
146 . " VALUES ($gg_uid, $master, '$e_name', $itime"
181 . " VALUES (" . $rg_ui['uid'] . ", $master, '$e_name', $itime"
147 182 . ", $max_commit_size, '$e_desc', 0, '$rights')"; . ", $max_commit_size, '$e_desc', 0, '$rights')";
148 $res = sql_query($db, $sql);
183 $res = rg_sql_query($db, $sql);
149 184 if ($res === FALSE) { if ($res === FALSE) {
150 gg_repo_set_error("Cannot insert (" . sql_error() . ")");
185 rg_repo_set_error("Cannot insert (" . rg_sql_error() . ")");
151 186 return FALSE; return FALSE;
152 187 } }
153 sql_free_result($res);
188 rg_sql_free_result($res);
154 189
155 190 // git repo creation will be delayed for serialization reasons // git repo creation will be delayed for serialization reasons
156 191 // and for permission reasons (we are apache here) // and for permission reasons (we are apache here)
 
... ... function repo_create($db, $master, $gg_uid, $name, $max_commit_size, $desc,
161 196 /* /*
162 197 * Delete a repo * Delete a repo
163 198 */ */
164 function gg_repo_delete($db, $repo_id, $gg_uid)
199 function rg_repo_delete($db, $repo_id, $rg_ui)
165 200 { {
166 xlog("repo_delete: gg_uid=$gg_uid, repo_id=$repo_id");
201 rg_log("repo_delete: rg_uid=" . $rg_ui['uid'] . ", repo_id=$repo_id");
167 202
168 203 // TODO: Check rights // TODO: Check rights
169 204
170 205 // Only mark it as such, deletion will happen in background // Only mark it as such, deletion will happen in background
171 206 $sql = "UPDATE repos SET deleted = 1 WHERE repo_id = $repo_id"; $sql = "UPDATE repos SET deleted = 1 WHERE repo_id = $repo_id";
172 $res = sql_query($db, $sql);
207 $res = rg_sql_query($db, $sql);
173 208 if ($res === FALSE) { if ($res === FALSE) {
174 gg_repo_set_error("Cannot delete (" . sql_error() . ")");
209 rg_repo_set_error("Cannot delete (" . rg_sql_error() . ")");
175 210 return FALSE; return FALSE;
176 211 } }
177 sql_free_result($res);
212 rg_sql_free_result($res);
178 213
179 214 return TRUE; return TRUE;
180 215 } }
 
... ... function gg_repo_delete($db, $repo_id, $gg_uid)
183 218 * Update a repository * Update a repository
184 219 * TODO: check rights - also for create? * TODO: check rights - also for create?
185 220 */ */
186 function gg_repo_update($db, $repo_id, $gg_uid, $name, $max_commit_size, $desc,
187 $rights)
221 function rg_repo_update($db, &$new)
188 222 { {
189 xlog("repo_update: repo_id=$repo_id, gg_uid=$gg_uid, name=[$name]"
190 . ", max_commit_size=$max_commit_size, desc=[$desc]"
191 . ", rights=$rights...");
223 rg_log("repo_update: repo_id=" . $new['repo_id']
224 . ", name=[" . $new['name'] . "]"
225 . ", max_commit_size=" . $new['max_commit_size']
226 . ", desc=[" . $new['desc'] . "]"
227 . ", default_rights=" . $new['default_rights']);
228
229 if (rg_repo_ok($new['name']) === FALSE)
230 return FALSE;
192 231
193 232 // First, test if it already exists // First, test if it already exists
194 $ri = repo_info($db, 0, $name);
233 $ri = rg_repo_info($db, 0, $new['name']);
195 234 if ($ri['ok'] != 1) if ($ri['ok'] != 1)
196 235 return FALSE; return FALSE;
197 if (($ri['exists'] == 1) && ($ri['repo_id'] != $repo_id)) {
198 gg_repo_set_error("Name already taken.");
236 if (($ri['exists'] == 1) && ($ri['repo_id'] != $new['repo_id'])) {
237 rg_repo_set_error("Name already taken.");
199 238 return FALSE; return FALSE;
200 239 } }
201 240
202 // Second, test if we repo_id is valid
203 $ri = repo_info($db, $repo_id, "");
241 // Second, test if repo_id is valid
242 $ri = rg_repo_info($db, $new['repo_id'], "");
204 243 if ($ri['ok'] != 1) if ($ri['ok'] != 1)
205 244 return FALSE; return FALSE;
206 245 if ($ri['exists'] == 0) { if ($ri['exists'] == 0) {
207 gg_repo_set_error("Repo $repo_id does not eists.");
246 rg_repo_set_error("Repo " . $new['repo_id'] . " does not exists.");
208 247 return FALSE; return FALSE;
209 248 } }
210 249
211 // XSS protection
212 $name = gg_xss($name);
213 $desc = gg_xss($desc);
250 // XSS protection - TODO: move this to the caller!
251 $new['name'] = rg_xss($new['name']);
252 $new['desc'] = rg_xss($new['desc']);
214 253
215 $e_name = sql_escape($db, $name);
216 $e_desc = sql_escape($db, $desc);
254 $e_name = rg_sql_escape($db, $new['name']);
255 $e_desc = rg_sql_escape($db, $new['desc']);
217 256
218 257 $sql = "UPDATE repos SET name = '$e_name'" $sql = "UPDATE repos SET name = '$e_name'"
219 . ", max_commit_size = $max_commit_size"
258 . ", max_commit_size = " . $new['max_commit_size']
220 259 . ", desc = '$e_desc'" . ", desc = '$e_desc'"
221 . ", default_rights = '$rights'"
222 . " WHERE repo_id = $repo_id";
223 $res = sql_query($db, $sql);
260 . ", default_rights = '" . $new['default_rights'] . "'"
261 . " WHERE repo_id = " . $new['repo_id'];
262 $res = rg_sql_query($db, $sql);
224 263 if ($res === FALSE) { if ($res === FALSE) {
225 gg_repo_set_error("Cannot update (" . sql_error() . ")");
264 rg_repo_set_error("Cannot update (" . rg_sql_error() . ")");
226 265 return FALSE; return FALSE;
227 266 } }
228 sql_free_result($res);
267 rg_sql_free_result($res);
229 268
230 269 return TRUE; return TRUE;
231 270 } }
 
... ... function gg_repo_update($db, $repo_id, $gg_uid, $name, $max_commit_size, $desc,
233 272 /* /*
234 273 * List repositories * List repositories
235 274 */ */
236 function repo_list_query($db, $url, $sql)
275 function rg_repo_list_query($db, $url, $sql)
237 276 { {
238 xlog("repo_list_query: url=$url, sql=$sql...");
277 rg_log("repo_list_query: url=$url, sql=$sql...");
239 278
240 $res = sql_query($db, $sql);
279 $res = rg_sql_query($db, $sql);
241 280 if ($res === FALSE) if ($res === FALSE)
242 281 return FALSE; return FALSE;
243 282
 
... ... function repo_list_query($db, $url, $sql)
251 290 $ret .= " <th>Disk current/max</th>\n"; $ret .= " <th>Disk current/max</th>\n";
252 291 $ret .= " <th>Max commit size</th>\n"; $ret .= " <th>Max commit size</th>\n";
253 292 $ret .= "</tr>\n"; $ret .= "</tr>\n";
254 while (($row = sql_fetch_array($res))) {
293 while (($row = rg_sql_fetch_array($res))) {
255 294 $ret .= "<tr>\n"; $ret .= "<tr>\n";
256 $ret .= " <td><a href=\"" . $_SERVER['PHP_SELF'] . "?op=10&amp;repo_id=" . $row['repo_id'] . "\">" . $row['name'] . "</a></td>\n";
295 $_link = rg_re_repopage($row['repo_id'], $row['name']);
296 $ret .= " <td><a href=\"$_link\">" . $row['name'] . "</a></td>\n";
257 297 $ret .= " <td><small>" . nl2br($row['desc']) . "</small></td>\n"; $ret .= " <td><small>" . nl2br($row['desc']) . "</small></td>\n";
258 298 if ($row['master'] > 0) { if ($row['master'] > 0) {
259 299 $master_repo = "?"; $master_repo = "?";
260 $_mi = repo_info($db, $row['master'], "");
300 $_mi = rg_repo_info($db, $row['master'], "");
261 301 if ($_mi['exists'] = 1) if ($_mi['exists'] = 1)
262 302 $master_repo = $_mi['name']; $master_repo = $_mi['name'];
263 303 } }
 
... ... function repo_list_query($db, $url, $sql)
265 305 $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n"; $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n";
266 306
267 307 // rights // rights
268 $_r = implode(", ", gg_repo_rights_text($row['default_rights']));
308 $_r = implode(", ", rg_repo_rights_text($row['default_rights']));
269 309 $ret .= " <td>" . $_r . "</td>\n"; $ret .= " <td>" . $_r . "</td>\n";
270 310
271 311 $_max = "ulimited"; $_max = "ulimited";
272 312 if ($row['disk_quota_mb'] > 0) if ($row['disk_quota_mb'] > 0)
273 $_max = gg_1024($row['disk_quota_mb']);
313 $_max = rg_1024($row['disk_quota_mb']);
274 314 $ret .= " <td>" . $row['disk_mb'] . "/" . $_max . "</td>\n"; $ret .= " <td>" . $row['disk_mb'] . "/" . $_max . "</td>\n";
275 315
276 316 $_v = "ulimited"; $_v = "ulimited";
277 317 if ($row['max_commit_size'] > 0) if ($row['max_commit_size'] > 0)
278 $_v = gg_1024($row['max_commit_size']);
318 $_v = rg_1024($row['max_commit_size']);
279 319 $ret .= " <td>" . $_v . "</td>\n"; $ret .= " <td>" . $_v . "</td>\n";
280 320
281 321 $ret .= "</tr>\n"; $ret .= "</tr>\n";
282 322 } }
283 323 $ret .= "</table>\n"; $ret .= "</table>\n";
284 sql_free_result($res);
324 rg_sql_free_result($res);
285 325
286 326 return $ret; return $ret;
287 327 } }
 
... ... function repo_list_query($db, $url, $sql)
289 329 /* /*
290 330 * *
291 331 */ */
292 function repo_list($db, $url, $uid)
332 function rg_repo_list($db, $url, $rg_ui)
293 333 { {
294 xlog("repo_list: url=$url, uid=$uid...");
334 rg_log("repo_list: url=$url, rg_uid=" . $rg_ui['uid']);
295 335
296 336 $add = ""; $add = "";
297 if ($uid > 0)
298 $add = " AND uid = $uid";
337 if ($rg_ui['uid'] > 0)
338 $add = " AND uid = " . $rg_ui['uid'];
299 339
300 340 $sql = "SELECT * FROM repos" $sql = "SELECT * FROM repos"
301 341 . " WHERE deleted = 0" . " WHERE deleted = 0"
302 342 . $add . $add
303 343 . " ORDER BY name"; . " ORDER BY name";
304 344
305 return repo_list_query($db, $url, $sql);
345 return rg_repo_list_query($db, $url, $sql);
306 346 } }
307 347
308 348 /* /*
309 349 * *
310 350 */ */
311 function repo_search($db, $q, $masters)
351 function rg_repo_search($db, $q, $masters)
312 352 { {
313 xlog("repo_search: q=$q, masters=$masters...");
353 rg_log("repo_search: q=$q, masters=$masters...");
314 354
315 355 $add = ""; $add = "";
316 356 if ($masters == 1) if ($masters == 1)
317 357 $add = " AND master = 0"; $add = " AND master = 0";
318 358
319 $e_q = sql_escape($db, $q);
359 $e_q = rg_sql_escape($db, $q);
320 360
321 361 $sql = "SELECT * FROM repos" $sql = "SELECT * FROM repos"
322 362 . " WHERE deleted = 0" . " WHERE deleted = 0"
 
... ... function repo_search($db, $q, $masters)
325 365 . " ORDER BY name" . " ORDER BY name"
326 366 . " LIMIT 10"; . " LIMIT 10";
327 367
328 return repo_list_query($db, "", $sql);
368 return rg_repo_list_query($db, "", $sql);
329 369 } }
330 370
331 371 /* /*
332 372 * Computes the size of a repository * Computes the size of a repository
333 373 */ */
334 function repo_disk_mb($path)
374 function rg_repo_disk_mb($path)
335 375 { {
336 xlog("repo_disk_mb: path=$path...");
376 rg_log("repo_disk_mb: path=$path...");
337 377
338 378 // TODO // TODO
339 379
 
... ... function repo_disk_mb($path)
343 383 /* /*
344 384 * Mark a git repo as done * Mark a git repo as done
345 385 */ */
346 function repo_git_done($db, $repo_id)
386 function rg_repo_git_done($db, $repo_id)
347 387 { {
348 xlog("repo_git_done: repo_id=$repo_id...");
388 rg_log("repo_git_done: repo_id=$repo_id...");
349 389
350 390 $sql = "UPDATE repos SET git_dir_done = 1" $sql = "UPDATE repos SET git_dir_done = 1"
351 391 . " WHERE repo_id = $repo_id"; . " WHERE repo_id = $repo_id";
352 $res = sql_query($db, $sql);
392 $res = rg_sql_query($db, $sql);
353 393 if ($res === FALSE) { if ($res === FALSE) {
354 gg_repo_set_error("Cannot query (" . sql_error() . ")");
394 rg_repo_set_error("Cannot query (" . rg_sql_error() . ")");
355 395 return FALSE; return FALSE;
356 396 } }
357 sql_free_result($res);
397 rg_sql_free_result($res);
358 398
359 399 return TRUE; return TRUE;
360 400 } }
 
... ... function repo_git_done($db, $repo_id)
365 405 /* /*
366 406 * Combine two repo rights strings * Combine two repo rights strings
367 407 */ */
368 function gg_repo_rights_combine($a, $b)
408 function rg_repo_rights_combine($a, $b)
369 409 { {
370 410 $len = strlen($b); $len = strlen($b);
371 411 for ($i = 0; $i < $len; $i++) for ($i = 0; $i < $len; $i++)
 
... ... function gg_repo_rights_combine($a, $b)
378 418 /* /*
379 419 * Get rights for a user * Get rights for a user
380 420 */ */
381 function gg_repo_rights_get($db, $ri, $uid)
421 function rg_repo_rights_get($db, $ri, $uid)
382 422 { {
383 global $gg_repo_rights;
423 global $rg_repo_rights;
384 424
385 xlog("gg_repo_rights_get: repo_id=" . $ri['repo_id'] . ", uid=$uid...");
425 rg_log("rg_repo_rights_get: repo_id=" . $ri['repo_id'] . ", uid=$uid...");
386 426
387 427 $ret = array(); $ret = array();
388 428 $ret['ok'] = 0; $ret['ok'] = 0;
 
... ... function gg_repo_rights_get($db, $ri, $uid)
390 430 $ret['rights'] = ""; $ret['rights'] = "";
391 431
392 432 $repo_id = $ri['repo_id']; $repo_id = $ri['repo_id'];
393 $dr = $ri['default_rights'];
394 433
395 434 // Give all rights to owner // Give all rights to owner
435 $dr = $ri['default_rights'];
396 436 if ($ri['uid'] == $uid) { if ($ri['uid'] == $uid) {
397 foreach ($gg_repo_rights as $letter => $junk)
398 $dr = gg_repo_rights_combine($dr, $letter);
437 foreach ($rg_repo_rights as $letter => $junk)
438 $dr = rg_repo_rights_combine($dr, $letter);
399 439 } }
400 440
401 441 $sql = "SELECT rights FROM repo_rights" $sql = "SELECT rights FROM repo_rights"
402 442 . " WHERE repo_id = $repo_id" . " WHERE repo_id = $repo_id"
403 443 . " AND uid = $uid" . " AND uid = $uid"
404 444 . " LIMIT 1"; . " LIMIT 1";
405 $res = sql_query($db, $sql);
445 $res = rg_sql_query($db, $sql);
406 446 if ($res === FALSE) { if ($res === FALSE) {
407 gg_repo_set_error("Cannot get info (" . sql_error() . ")!");
447 rg_repo_set_error("Cannot get info (" . rg_sql_error() . ")!");
408 448 return $ret; return $ret;
409 449 } }
410 450
411 451 $ret['ok'] = 1; $ret['ok'] = 1;
412 $row = sql_fetch_array($res);
413 sql_free_result($res);
452 $row = rg_sql_fetch_array($res);
453 rg_sql_free_result($res);
414 454 if (isset($row['rights'])) { if (isset($row['rights'])) {
415 455 $ret['rights'] = $row['rights']; $ret['rights'] = $row['rights'];
416 456 $ret['exists'] = 1; $ret['exists'] = 1;
417 457 } }
418 458
419 $ret['rights'] = gg_repo_rights_combine($dr, $ret['rights']);
459 $ret['rights'] = rg_repo_rights_combine($dr, $ret['rights']);
460 rg_log("\tDEBUG rights=" . $ret['rights']);
420 461
421 462 return $ret; return $ret;
422 463 } }
 
... ... function gg_repo_rights_get($db, $ri, $uid)
424 465 /* /*
425 466 * Add rights for a repo * Add rights for a repo
426 467 */ */
427 function gg_repo_rights_set($db, $ri, $uid, $rights)
468 function rg_repo_rights_set($db, $ri, $uid, $rights)
428 469 { {
429 xlog("gg_repo_rights_set: repo_id=" . $ri['repo_id']
470 rg_log("rg_repo_rights_set: repo_id=" . $ri['repo_id']
430 471 . ", uid=$uid, rights=$rights..."); . ", uid=$uid, rights=$rights...");
431 472
432 473 $repo_id = $ri['repo_id']; $repo_id = $ri['repo_id'];
 
... ... function gg_repo_rights_set($db, $ri, $uid, $rights)
436 477 . " WHERE repo_id = $repo_id" . " WHERE repo_id = $repo_id"
437 478 . " AND uid = $uid"; . " AND uid = $uid";
438 479 } else { } else {
439 $e_rights = sql_escape($db, $rights);
480 $e_rights = rg_sql_escape($db, $rights);
440 481
441 $rr = gg_repo_rights_get($db, $ri, $repo_id);
442 if ($rr === FALSE)
482 $rr = rg_repo_rights_get($db, $ri, $uid);
483 if ($rr === FALSE)
443 484 return $rr; return $rr;
485 rg_log("rr: " . print_r($rr, TRUE));
444 486
445 487 if ($rr['exists'] == 1) { if ($rr['exists'] == 1) {
446 488 $sql = "UPDATE repo_rights" $sql = "UPDATE repo_rights"
 
... ... function gg_repo_rights_set($db, $ri, $uid, $rights)
457 499 } }
458 500 } }
459 501
460 $res = sql_query($db, $sql);
502 $res = rg_sql_query($db, $sql);
461 503 if ($res === FALSE) { if ($res === FALSE) {
462 gg_repo_set_error("Cannot alter rights (" . sql_error() . ")!");
504 rg_repo_set_error("Cannot alter rights (" . rg_sql_error() . ")!");
463 505 return FALSE; return FALSE;
464 506 } }
465 sql_free_result($res);
507 rg_sql_free_result($res);
466 508
467 509 return TRUE; return TRUE;
468 510 } }
 
... ... function gg_repo_rights_set($db, $ri, $uid, $rights)
470 512 /* /*
471 513 * List rights for a repo * List rights for a repo
472 514 */ */
473 function gg_repo_rights_list($db, $repo_id)
515 function rg_repo_rights_list($db, $repo_id, $url)
474 516 { {
475 xlog("gg_repo_rights: repo_id=$repo_id");
517 rg_log("rg_repo_rights_list: repo_id=$repo_id url=$url");
476 518
477 519 $ret = ""; $ret = "";
478 520
479 521 $sql = "SELECT * FROM repo_rights WHERE repo_id = $repo_id"; $sql = "SELECT * FROM repo_rights WHERE repo_id = $repo_id";
480 $res = sql_query($db, $sql);
522 $res = rg_sql_query($db, $sql);
481 523 if ($res === FALSE) { if ($res === FALSE) {
482 gg_repo_set_error("Cannot get info (" . sql_error() . ")!");
524 rg_repo_set_error("Cannot get info (" . rg_sql_error() . ")!");
483 525 return FALSE; return FALSE;
484 526 } }
485 527
 
... ... function gg_repo_rights_list($db, $repo_id)
489 531 $ret .= " <th>Rights</th>\n"; $ret .= " <th>Rights</th>\n";
490 532 $ret .= " <th>Operations</th>\n"; $ret .= " <th>Operations</th>\n";
491 533 $ret .= "</tr>\n"; $ret .= "</tr>\n";
492 while (($row = sql_fetch_array($res))) {
534 while (($row = rg_sql_fetch_array($res))) {
493 535 $ret .= "<tr>\n"; $ret .= "<tr>\n";
494 536
495 537 $_u = $row['uid']; $_u = $row['uid'];
496 $_ui = user_info($db, $row['uid'], "", "");
538 $_ui = rg_user_info($db, $row['uid'], "", "");
497 539 if ($_ui['exists'] == 1) if ($_ui['exists'] == 1)
498 540 $_u = $_ui['user']; $_u = $_ui['user'];
499 541
500 542 $ret .= " <td>" . $_u . "</td>\n"; $ret .= " <td>" . $_u . "</td>\n";
501 543
502 $_r = gg_repo_rights_text($row['rights']);
544 $_r = rg_repo_rights_text($row['rights']);
503 545 $_r = implode("<br />\n", $_r); $_r = implode("<br />\n", $_r);
504 546 $ret .= " <td>" . $_r . "</td>\n"; $ret .= " <td>" . $_r . "</td>\n";
505 547
506 548 // operations // operations
507 // suspend
549 // remove
508 550 $ret .= " <td>"; $ret .= " <td>";
509 /*TODO
510 $_url = $url . "&amp;xuid=" . $row['uid'];
511 $v = 1; $t = "Suspend";
512 if ($row['suspended'] > 0) {
513 $t = "Unsuspend";
514 $v = 0;
515 }
516 $ret .= "[<a href=\"$_url&amp;suspend=$v\">$t</a>]";
517 // admin
518 $v = 1; $t = "Admin";
519 if ($row['is_admin'] == 1) {
520 $t = "Remove admin";
521 $v = 0;
522 }
523 $ret .= "[<a href=\"$_url&amp;admin=$v\">$t</a>]";
524 */
551 $_url = $url . "&amp;subop=2";
552 $v = $row['uid'];
553 $ret .= "[<a href=\"$_url&amp;remove_uid=$v\">Remove</a>]";
525 554 $ret .= " </td>"; $ret .= " </td>";
526 555 $ret .= "</tr>\n"; $ret .= "</tr>\n";
527 556 } }
528 557 $ret .= "</table>\n"; $ret .= "</table>\n";
529 sql_free_result($res);
558 rg_sql_free_result($res);
530 559
531 560 return $ret; return $ret;
532 561 } }
 
... ... function gg_repo_rights_list($db, $repo_id)
534 563 /* /*
535 564 * Rights -> form * Rights -> form
536 565 */ */
537 function gg_repo_rights_checkboxes($def_rights)
566 function rg_repo_rights_checkboxes($def_rights)
538 567 { {
539 global $gg_repo_rights;
568 global $rg_repo_rights;
540 569
541 570 $ret = ""; $ret = "";
542 foreach ($gg_repo_rights as $right => $info) {
571 foreach ($rg_repo_rights as $right => $info) {
543 572 $add = ""; $add = "";
544 573 if (strstr($def_rights, $right)) if (strstr($def_rights, $right))
545 574 $add = " checked"; $add = " checked";
 
... ... function gg_repo_rights_checkboxes($def_rights)
553 582 /* /*
554 583 * List rights as text * List rights as text
555 584 */ */
556 function gg_repo_rights_text($rights)
585 function rg_repo_rights_text($rights)
557 586 { {
558 global $gg_repo_rights;
587 global $rg_repo_rights;
559 588
560 589 $ret = array(); $ret = array();
561 590
 
... ... function gg_repo_rights_text($rights)
564 593 return array("None"); return array("None");
565 594
566 595 for ($i = 0; $i < $len; $i++) { for ($i = 0; $i < $len; $i++) {
567 if (isset($gg_repo_rights[$rights[$i]]))
568 $ret[] = $gg_repo_rights[$rights[$i]];
596 if (isset($rg_repo_rights[$rights[$i]]))
597 $ret[] = $rg_repo_rights[$rights[$i]];
569 598 else else
570 599 $ret[] = "?" . $rights[$i] . "?"; $ret[] = "?" . $rights[$i] . "?";
571 600 } }
 
... ... function gg_repo_rights_text($rights)
576 605 /* /*
577 606 * Transforms rights array into a string * Transforms rights array into a string
578 607 */ */
579 function gg_repo_rights_a2s($a)
608 function rg_repo_rights_a2s($a)
580 609 { {
581 610 $rights = ""; $rights = "";
582 611
File inc/repo/repo.form.php changed (mode: 100644) (index 7c8e9ff..7ebcd93)
1 1 <?php <?php
2 2
3 3 $_form = ' $_form = '
4 <form type="post" action="' . $_SERVER['PHP_SELF'] . '">
4 <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
5 5 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
6 6 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
7 7 <input type="hidden" name="repo_id" value="' . $repo_id . '"> <input type="hidden" name="repo_id" value="' . $repo_id . '">
 
... ... $_form .= '
44 44 <tr> <tr>
45 45 <td>Default rights:</td> <td>Default rights:</td>
46 46 <td> <td>
47 ' . gg_repo_rights_checkboxes($rights) . '
47 ' . rg_repo_rights_checkboxes($rights) . '
48 48 </td> </td>
49 49 </tr> </tr>
50 50
File inc/repo/repo.php changed (mode: 100644) (index 61e3d2d..8b5d91a)
1 1 <?php <?php
2 xlog("/inc/repo/repo.php");
2 rg_log("/inc/repo/repo.php");
3 3
4 if ($gg_uid == 0) {
5 $_body = "You do not have access here!";
4 $_repo = "";
5
6 if ($rg_ui['uid'] == 0) {
7 $_repo .= "You do not have access here!";
6 8 return; return;
7 9 } }
8 10
9 $subop = @intval($_REQUEST['subop']);
10 $name = @$_REQUEST['name'];
11 $max_commit_size = @intval($_REQUEST['max_commit_size']);
12 $desc = @$_REQUEST['desc'];
13 $master_repo_id = sprintf("%u", @$_REQUEST['master_repo_id']);
14 $rights = @$_REQUEST['rights'];
15 $rights = gg_repo_rights_a2s($rights);
16 $repo_id = @intval($_REQUEST['repo_id']);
17 $q = @$_REQUEST['q'];
18 $masters = @intval($_REQUEST['masters']);
11 $name = rg_var_str("name");
12 $max_commit_size = rg_var_uint("max_commit_size");
13 $desc = rg_var_str("desc");
14 $master_repo_id = rg_var_uint("master_repo_id");
15 $rights = rg_var_str("rights");
16 $rights = rg_repo_rights_a2s($rights);
17 $repo_id = rg_var_uint("repo_id");
18 $q = rg_var_str("q");
19 $masters = rg_var_uint("masters");
19 20
20 21
21 22 // menu // menu
22 $_url = $_SERVER['PHP_SELF'] . "?op=$op";
23 $_url = rg_re_url($op);
23 24 $_menu = ""; $_menu = "";
24 25 $_menu .= "[<a href=\"$_url&amp;subop=1\">Create</a>]"; $_menu .= "[<a href=\"$_url&amp;subop=1\">Create</a>]";
25 26 $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">List</a>]"; $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">List</a>]";
 
... ... $_body = "";
32 33 switch ($subop) { switch ($subop) {
33 34 case 1: // create case 1: // create
34 35 if ($doit == 1) { if ($doit == 1) {
35 $_r = repo_create($db, $master_repo_id, $gg_uid, $name,
36 $_r = rg_repo_create($db, $master_repo_id, $rg_ui, $name,
36 37 $max_commit_size, $desc, $rights); $max_commit_size, $desc, $rights);
37 38 if ($_r === FALSE) if ($_r === FALSE)
38 $_body .= gg_repo_error();
39 $_body .= rg_repo_error();
39 40 else else
40 41 $_body .= "OK!"; $_body .= "OK!";
41 42 } else { } else {
 
... ... case 1: // create
46 47 break; break;
47 48
48 49 case 2: // list case 2: // list
49 $_body .= repo_list($db, "", $gg_uid);
50 $_body .= rg_repo_list($db, "", $rg_ui);
50 51 break; break;
51 52
52 53 case 3: // search case 3: // search
53 54 if ($doit == 1) { if ($doit == 1) {
54 $_body .= repo_search($db, $q, $masters);
55 $_body .= rg_repo_search($db, $q, $masters);
55 56 } else { } else {
56 57 include($INC . "/repo/search.form.php"); include($INC . "/repo/search.form.php");
57 58 $_body .= $_form; $_body .= $_form;
 
... ... case 3: // search
59 60 break; break;
60 61 } }
61 62
62 $_repo = $_menu . $_body;
63 $_repo .= $_menu . $_body;
63 64 ?> ?>
File inc/repo/repo_page.php changed (mode: 100644) (index a7f40ec..9fb21c7)
1 1 <?php <?php
2 xlog("/inc/repo/repo_page.php");
3
4 $repo_id = @intval($_REQUEST['repo_id']);
5
6 $subop = @intval($_REQUEST['subop']);
7 $name = @$_REQUEST['name'];
8 $max_commit_size = @intval($_REQUEST['max_commit_size']);
9 $desc = @$_REQUEST['desc'];
10 $rights = @$_REQUEST['rights'];
11 $rights = gg_repo_rights_a2s($rights);
12 $user = @gg_user_fix($_REQUEST['user']);
2 rg_log("/inc/repo/repo_page.php");
3
4 $repo = rg_var_str("repo");
5 $repo_id = rg_var_uint("repo_id");
6 $name = rg_var_str("name");
7 $max_commit_size = rg_var_uint("max_commit_size");
8 $desc = rg_var_str("desc");
9 $rights = @rg_repo_rights_a2s($_REQUEST['rights']);
10 $user = rg_user_fix(rg_var_str("user"));
13 11 $master_repo_id = 0; $master_repo_id = 0;
14 12
15 13 // menu // menu
16 $_url = $_SERVER['PHP_SELF'] . "?op=$op&amp;repo_id=$repo_id";
14 $_url = rg_re_repopage($repo_id, $repo);
17 15 $_menu = ""; $_menu = "";
18 16 $_menu .= "[<a href=\"$_url&amp;subop=1\">Edit</a>]"; $_menu .= "[<a href=\"$_url&amp;subop=1\">Edit</a>]";
19 17 $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">Rights</a>]"; $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">Rights</a>]";
 
... ... $_menu .= "<br />\n";
23 21
24 22 $_body = ""; $_body = "";
25 23
26 $ri = repo_info($db, $repo_id, "");
24 $ri = rg_repo_info($db, $repo_id, $repo);
27 25 if (($ri['ok'] != 1) || ($ri['deleted'] == 1)) { if (($ri['ok'] != 1) || ($ri['deleted'] == 1)) {
28 26 $_body .= "Invalid repository!"; $_body .= "Invalid repository!";
29 27 // force subop 0 // force subop 0
30 28 $subop = 0; $subop = 0;
31 29 } }
30 // we need it in forms
31 $repo_id = $ri['repo_id'];
32 32
33 $_body .= "Repo <b>" . $ri['name'] . "</b><br />\n";
34 if (!empty($ri['desc']))
35 $_body .= "<small>" . $ri['desc'] . "</small><br />\n";
36 $_dr = gg_repo_rights_text($ri['default_rights']);
37 $_body .= "Default rights: " . implode(", ", $_dr) . "<br /><br />\n";
38 $_body .= "Maxim commit size: " . gg_1024($ri['max_commit_size']) . "<br />\n";
39 $_body .= "<br />\n";
40
33 $show_repo_info = 1;
41 34 switch ($subop) { switch ($subop) {
42 35 case 1: // edit case 1: // edit
43 36 if ($doit == 1) { if ($doit == 1) {
44 $_r = gg_repo_update($db, $repo_id, $gg_uid, $name,
45 $max_commit_size, $desc, $rights);
46 if ($_r === FALSE)
47 $_body .= gg_repo_error();
48 else
37 while (1) {
38 if (rg_repo_allow($db, $ri, $rg_ui, "A") === FALSE) {
39 $_body .= "Not allowed!<br />\n";
40 break;
41 }
42
43 $ri['name'] = $name; // TODO: filter name!
44 $ri['max_commit_size'] = $max_commit_size;
45 $ri['desc'] = $desc; // TODO: filter
46 $ri['default_rights'] = $rights; // TODO: filter
47 $_r = rg_repo_update($db, $ri);
48 if ($_r === FALSE) {
49 $_body .= rg_repo_error();
50 break;
51 }
52
49 53 $_body .= "OK!"; $_body .= "OK!";
54 break;
55 }
50 56 } else { } else {
51 57 // load variables // load variables
52 58 $name = $ri['name']; $name = $ri['name'];
 
... ... case 1: // edit
61 67 break; break;
62 68
63 69 case 2: // rights case 2: // rights
64 $errmsg = "";
65 $_errors = 0;
70 $errmsg = array();
71
72 $remove_uid = rg_var_uint("remove_uid");
73 rg_log("\tDEBUG remove_uid=$remove_uid");
74
75 if ($remove_uid + $doit > 0) {
76 if (rg_repo_allow($db, $ri, $rg_ui, "A") === FALSE) {
77 $errmsg[] = "Not allowed!";
78 // cancel further checking
79 $doit = 0;
80 $remove_uid = 0;
81 }
82 }
83
84 while ($remove_uid > 0) {
85 $e = rg_repo_rights_set($db, $ri, $remove_uid, "");
86 if ($e === FALSE) {
87 $errmsg[] = rg_repo_error();
88 break;
89 }
90
91 break;
92 }
66 93
67 94 while ($doit == 1) { while ($doit == 1) {
68 95 // lookup user // lookup user
69 $_ui = user_info($db, 0, $user, "");
96 $_ui = rg_user_info($db, 0, $user, "");
70 97 if ($_ui['exists'] != 1) { if ($_ui['exists'] != 1) {
71 $errmsg .= "User does not exists!";
72 $_errors++;
98 $errmsg[] = "User <b>$user</b> does not exists!";
73 99 break; break;
74 100 } }
75 101
76 // TODO: Check if user is allowed to give rights
77
78 $e = gg_repo_rights_set($db, $ri, $_ui['uid'], $rights);
102 $e = rg_repo_rights_set($db, $ri, $_ui['uid'], $rights);
79 103 if ($e === FALSE) { if ($e === FALSE) {
80 $errmsg .= gg_repo_error();
81 $_errors++;
104 $errmsg[] = rg_repo_error();
82 105 break; break;
83 106 } }
84 107
 
... ... case 2: // rights
86 109 } }
87 110
88 111 // list rights // list rights
89 $_body .= gg_repo_rights_list($db, $repo_id);
112 $_url = rg_re_repopage($ri['repo_id'], $ri['name']);
113 $_body .= rg_repo_rights_list($db, $repo_id, $_url);
90 114
91 // give rights form
92 115 $_body .= "<br />\n"; $_body .= "<br />\n";
93 116
94 117 include($INC . "/repo/rights.form.php"); include($INC . "/repo/rights.form.php");
95 118 $_body .= $_form; $_body .= $_form;
96 119 break; break;
97 120
98 case 3: //delete
99 $r = gg_repo_delete($db, $repo_id, $gg_uid);
100 if ($r === FALSE) {
101 $_body .= "Error: " . gg_repo_error();
121 case 3: // delete
122 $errmsg = array();
123
124 while (1) {
125 if (rg_repo_allow($db, $ri, $rg_ui, "A") === FALSE) {
126 $errmsg[] = "Not allowed!";
127 break;
128 }
129
130 $r = rg_repo_delete($db, $repo_id, $rg_ui);
131 if ($r === FALSE) {
132 $errmsg[] = "Error: " . rg_repo_error();
133 break;
134 }
135
136 break;
137 }
138
139 $_err = implode("<br />\n", $errmsg);
140 if (!empty($_err)) {
141 $_body .= $_err;
102 142 } else { } else {
103 $_body .= "OK!";
143 $_body .= "OK";
144 $show_repo_info = 0;
104 145 } }
105 146
106 147 break; break;
107 148 } }
108 149
109 $_repo = $_menu . $_body;
150 $_rt = "";
151 if ($show_repo_info == 1) {
152 $_rt = "Repo <b>" . $ri['name'] . "</b><br />\n";
153 if (!empty($ri['desc']))
154 $_rt .= "<small>" . $ri['desc'] . "</small><br />\n";
155 $_rt .= "<br />\n";
156 $_dr = rg_repo_rights_text($ri['default_rights']);
157 $_rt .= "Default rights: " . implode(", ", $_dr) . "<br />\n";
158 $_rt .= "Maxim commit size: " . rg_1024($ri['max_commit_size']) . "<br />\n";
159 $_rt .= "Git URL: git://" . $_SERVER['HTTP_HOST'] . "/" . $ri['name'] . ".git<br />\n";
160 $_rt .= "<br />\n";
161 }
162
163 $_repo = $_menu . $_rt . $_body;
110 164 ?> ?>
File inc/repo/rights.form.php changed (mode: 100644) (index c9d07b5..3b7e7ef)
1 1 <?php <?php
2 2
3 3 $_form = ' $_form = '
4 <font color="red">' . $errmsg . '</font><br />
5 <form type="post" action="' . $_SERVER['PHP_SELF'] . '">
4 <font color="red">' . implode("<br />\n", $errmsg) . '</font><br />
5 <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
6 6 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
7 7 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
8 8 <input type="hidden" name="repo_id" value="' . $repo_id . '"> <input type="hidden" name="repo_id" value="' . $repo_id . '">
 
... ... $_form = '
19 19 <tr> <tr>
20 20 <td>Rights:</td> <td>Rights:</td>
21 21 <td> <td>
22 ' . gg_repo_rights_checkboxes($rights) . '
22 ' . rg_repo_rights_checkboxes($rights) . '
23 23 </td> </td>
24 24 </tr> </tr>
25 25
File inc/repo/search.form.php changed (mode: 100644) (index 2491cea..cec795a)
1 1 <?php <?php
2 2
3 3 $_form = ' $_form = '
4 <form type="post" action="' . $_SERVER['PHP_SELF'] . '">
4 <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
5 5 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
6 6 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
7 7 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
File inc/sess.inc.php changed (mode: 100644) (index ef6bff1..81ed5af)
1 1 <?php <?php
2 require_once($INC . "/xlog.inc.php");
2 require_once($INC . "/log.inc.php");
3 3 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
4 4
5 5 /* /*
6 6 * Add a session * Add a session
7 7 */ */
8 function sess_add($db, $uid, $sid, $session_time)
8 function rg_sess_add($db, $uid, $sid, $session_time)
9 9 { {
10 xlog("sess_add: uid=$uid, sid=$sid, session_time=$session_time.");
10 rg_log("sess_add: uid=$uid, sid=$sid, session_time=$session_time.");
11 11
12 12 $ip = @$_SERVER['REMOTE_ADDR']; $ip = @$_SERVER['REMOTE_ADDR'];
13 13 $now = time(); $now = time();
 
... ... function sess_add($db, $uid, $sid, $session_time)
15 15 $sql = "INSERT INTO sess (sid, uid, expire, session_time, ip)" $sql = "INSERT INTO sess (sid, uid, expire, session_time, ip)"
16 16 . " VALUES ('$sid', $uid" . " VALUES ('$sid', $uid"
17 17 . ", " . ($now + $session_time) . ", $session_time, '$ip')"; . ", " . ($now + $session_time) . ", $session_time, '$ip')";
18 $res = sql_query($db, $sql);
18 $res = rg_sql_query($db, $sql);
19 19 if ($res === FALSE) { if ($res === FALSE) {
20 xlog("\tCannot insert (" . sql_error() . ")!");
20 rg_log("\tCannot insert (" . rg_sql_error() . ")!");
21 21 return FALSE; return FALSE;
22 22 } }
23 sql_free_result($res);
23 rg_sql_free_result($res);
24 24
25 25 return TRUE; return TRUE;
26 26 } }
 
... ... function sess_add($db, $uid, $sid, $session_time)
28 28 /* /*
29 29 * Returns if a session is still valid. Will return FALSE or uid * Returns if a session is still valid. Will return FALSE or uid
30 30 */ */
31 function sess_valid($db, $sid)
31 function rg_sess_valid($db, $sid)
32 32 { {
33 xlog("sess_valid: sid=$sid...");
33 rg_log("sess_valid: sid=$sid...");
34 34
35 if (empty($sid))
36 return FALSE;
37
38 $now = time();
39 35 $uid = FALSE; $uid = FALSE;
40 36
41 $e_sid = sql_escape($db, $sid);
37 $e_sid = rg_sql_escape($db, $sid);
42 38
43 39 $sql = "SELECT uid, expire FROM sess WHERE sid = '$e_sid'"; $sql = "SELECT uid, expire FROM sess WHERE sid = '$e_sid'";
44 $res = sql_query($db, $sql);
40 $res = rg_sql_query($db, $sql);
45 41 if ($res === FALSE) { if ($res === FALSE) {
46 xlog("\tCannot select (" . sql_error() . ")!");
42 rg_log("\tCannot select (" . rg_sql_error() . ")!");
47 43 return FALSE; return FALSE;
48 44 } }
49 $row = sql_fetch_array($res);
50 sql_free_result($res);
45 $row = rg_sql_fetch_array($res);
46 rg_sql_free_result($res);
51 47 if (isset($row['uid'])) { if (isset($row['uid'])) {
48 $now = time();
52 49 if ($row['expire'] >= $now) { if ($row['expire'] >= $now) {
53 50 $uid = $row['uid']; $uid = $row['uid'];
54 xlog("\tSession valid, uid=$uid, expire=+" . ($row['expire'] - $now));
51 rg_log("\tSession valid, uid=$uid, expire=+" . ($row['expire'] - $now));
55 52 } else { } else {
56 xlog("\tSession too old (" . ($now - $row['expire']) . "s)");
53 rg_log("\tSession too old (" . ($now - $row['expire']) . "s)");
57 54 } }
58 55 } else { } else {
59 xlog("\tSession not found!");
56 rg_log("\tSession not found!");
60 57 } }
61 58
62 59 return $uid; return $uid;
 
... ... function sess_valid($db, $sid)
65 62 /* /*
66 63 * Refresh a session * Refresh a session
67 64 */ */
68 function sess_update($db, $sid)
65 function rg_sess_update($db, $sid)
69 66 { {
70 xlog("sess_update: sid=$sid...");
67 rg_log("sess_update: sid=$sid...");
71 68
72 $e_sid = sql_escape($db, $sid);
69 $e_sid = rg_sql_escape($db, $sid);
73 70
74 71 $sql = "UPDATE sess SET expire = " . time() . " + session_time" $sql = "UPDATE sess SET expire = " . time() . " + session_time"
75 72 . " WHERE sid = '$e_sid'"; . " WHERE sid = '$e_sid'";
76 $res = sql_query($db, $sql);
73 $res = rg_sql_query($db, $sql);
77 74 if ($res === FALSE) { if ($res === FALSE) {
78 xlog("\tCannot update (" . sql_error() . ")!");
75 rg_log("\tCannot update (" . rg_sql_error() . ")!");
79 76 return FALSE; return FALSE;
80 77 } }
81 sql_free_result($res);
78 rg_sql_free_result($res);
82 79
83 80 return TRUE; return TRUE;
84 81 } }
 
... ... function sess_update($db, $sid)
86 83 /* /*
87 84 * Destroy session * Destroy session
88 85 */ */
89 function sess_destroy($db, $sid)
86 function rg_sess_destroy($db, $sid, &$rg_ui)
90 87 { {
91 xlog("sess_destroy: sid=$sid...");
88 rg_log("sess_destroy: sid=$sid...");
92 89
93 $e_sid = sql_escape($db, $sid);
90 $e_sid = rg_sql_escape($db, $sid);
94 91
95 92 $sql = "DELETE FROM sess WHERE sid = '$e_sid'"; $sql = "DELETE FROM sess WHERE sid = '$e_sid'";
96 $res = sql_query($db, $sql);
93 $res = rg_sql_query($db, $sql);
97 94 if ($res === FALSE) { if ($res === FALSE) {
98 xlog("\tCannot delete (" . sql_error() . ")!");
95 rg_log("\tCannot delete (" . rg_sql_error() . ")!");
99 96 return FALSE; return FALSE;
100 97 } }
101 sql_free_result($res);
98 rg_sql_free_result($res);
99
100 $rg_ui = array();
101 $rg_ui['uid'] = 0;
102 $rg_ui['is_admin'] = 0;
102 103
103 104 return TRUE; return TRUE;
104 105 } }
File inc/state.inc.php changed (mode: 100644) (index 66b2342..6ab5899)
... ... require_once($INC . "/db.inc.php");
4 4 /* /*
5 5 * Set state * Set state
6 6 */ */
7 function state_set($db, $var, $value)
7 function rg_state_set($db, $var, $value)
8 8 { {
9 $e_var = sql_escape($db, $var);
10 $e_value = sql_escape($db, $value);
9 $e_var = rg_sql_escape($db, $var);
10 $e_value = rg_sql_escape($db, $value);
11 11
12 12 $sql = "UPDATE state SET value = '$e_value'" $sql = "UPDATE state SET value = '$e_value'"
13 13 . " WHERE var = '$e_var'"; . " WHERE var = '$e_var'";
14 $res = sql_query($db, $sql);
14 $res = rg_sql_query($db, $sql);
15 15 if ($res === FALSE) if ($res === FALSE)
16 16 return FALSE; return FALSE;
17 sql_free_result($res);
17 rg_sql_free_result($res);
18 18
19 19 return TRUE; return TRUE;
20 20 } }
 
... ... function state_set($db, $var, $value)
22 22 /* /*
23 23 * Get state * Get state
24 24 */ */
25 function state_get($db, $var)
25 function rg_state_get($db, $var)
26 26 { {
27 $e_var = sql_escape($db, $var);
27 $e_var = rg_sql_escape($db, $var);
28 28
29 29 $sql = "SELECT value FROM state WHERE var = '$e_var'"; $sql = "SELECT value FROM state WHERE var = '$e_var'";
30 $res = sql_query($db, $sql);
30 $res = rg_sql_query($db, $sql);
31 31 if ($res === FALSE) if ($res === FALSE)
32 32 return FALSE; return FALSE;
33 33
34 $row = sql_fetch_array($res);
34 $row = rg_sql_fetch_array($res);
35 35 if (!isset($row['value'])) if (!isset($row['value']))
36 36 return FALSE; return FALSE;
37 37
38 sql_free_result($res);
38 rg_sql_free_result($res);
39 39
40 40 return $row['value']; return $row['value'];
41 41 } }
File inc/user.inc.php changed (mode: 100644) (index 4fd43cb..eea1ece)
1 1 <?php <?php
2 2 require_once($INC . "/util.inc.php"); require_once($INC . "/util.inc.php");
3 require_once($INC . "/xlog.inc.php");
3 require_once($INC . "/log.inc.php");
4 4 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
5 5 require_once($INC . "/sess.inc.php"); require_once($INC . "/sess.inc.php");
6 6
7 function gg_user_set_error($str)
7 function rg_user_set_error($str)
8 8 { {
9 global $_gg_user_error;
9 global $_rg_user_error;
10 10
11 xlog("\tError: $str");
12 $_gg_user_error = $str;
11 rg_log("\tError: $str");
12 $_rg_user_error = $str;
13 13 } }
14 14
15 function gg_user_error()
15 function rg_user_error()
16 16 { {
17 global $_gg_user_error;
18 return $_gg_user_error;
17 global $_rg_user_error;
18 return $_rg_user_error;
19 }
20
21 /*
22 * Returns true if the user is ok
23 */
24 function rg_user_ok($user)
25 {
26 global $rg_user_allow;
27 global $rg_user_max_len;
28
29 if (rg_chars_allow($user, $rg_user_allow) === FALSE) {
30 rg_user_set_error("Invalid user name");
31 return FALSE;
32 }
33
34 if (strlen($user) > $rg_user_max_len) {
35 rg_user_set_error("User name too long");
36 return FALSE;
37 }
38
39 return TRUE;
19 40 } }
20 41
21 42 /* /*
22 43 * Add a user * Add a user
23 44 */ */
24 function user_add($db, $user, $pass, $email, $is_admin)
45 function rg_user_add($db, $user, $pass, $email, $is_admin)
25 46 { {
26 global $gg_session_time;
47 global $rg_session_time;
27 48
28 xlog("user_add: user=$user, pass=$pass, email=$email, is_admin=$is_admin...");
49 rg_log("user_add: user=$user, pass=$pass, email=$email, is_admin=$is_admin...");
50
51 if (rg_user_ok($user) === FALSE)
52 return FALSE;
29 53
30 54 $itime = time(); $itime = time();
31 $e_salt = gg_id(40);
55 $e_salt = rg_id(40);
32 56 $e_sha1pass = sha1($e_salt . "===" . $pass); $e_sha1pass = sha1($e_salt . "===" . $pass);
33 $session_time = $gg_session_time;
57 $session_time = $rg_session_time;
34 58
35 $e_user = sql_escape($db, $user);
36 $e_email = sql_escape($db, $email);
59 $e_user = rg_sql_escape($db, $user);
60 $e_email = rg_sql_escape($db, $email);
37 61
38 62 $sql = "INSERT INTO users (user, salt, pass, email, itime, is_admin, session_time)" $sql = "INSERT INTO users (user, salt, pass, email, itime, is_admin, session_time)"
39 63 . " VALUES ('$e_user', '$e_salt', '$e_sha1pass', '$e_email'" . " VALUES ('$e_user', '$e_salt', '$e_sha1pass', '$e_email'"
40 64 . ", $itime, $is_admin, $session_time)"; . ", $itime, $is_admin, $session_time)";
41 $res = sql_query($db, $sql);
65 $res = rg_sql_query($db, $sql);
42 66 if ($res === FALSE) { if ($res === FALSE) {
43 gg_user_set_error("Cannot insert user (" . sql_error() . ")!");
67 rg_user_set_error("Cannot insert user (" . rg_sql_error() . ")!");
44 68 return FALSE; return FALSE;
45 69 } }
46 sql_free_result($res);
70 rg_sql_free_result($res);
47 71
48 72 return TRUE; return TRUE;
49 73 } }
 
... ... function user_add($db, $user, $pass, $email, $is_admin)
51 75 /* /*
52 76 * Delete a user * Delete a user
53 77 */ */
54 function user_remove($db, $uid)
78 function rg_user_remove($db, $uid)
55 79 { {
56 80 $uid = sprintf("%u", $uid); $uid = sprintf("%u", $uid);
57 81
58 82 $sql = "DELETE FROM users WHERE uid = $uid"; $sql = "DELETE FROM users WHERE uid = $uid";
59 $res = sql_query($db, $sql);
83 $res = rg_sql_query($db, $sql);
60 84 if ($res === FALSE) { if ($res === FALSE) {
61 gg_user_set_error("Cannot remove user $uid (" . sql_error() . ")!");
85 rg_user_set_error("Cannot remove user $uid (" . rg_sql_error() . ")!");
62 86 return FALSE; return FALSE;
63 87 } }
64 sql_free_result($res);
88 rg_sql_free_result($res);
65 89
66 90 return TRUE; return TRUE;
67 91 } }
68 92
69 93 /* /*
70 * Returns info about a user (by uid or user fields)
94 * Returns info about a user (by uid, user or e-mail)
71 95 */ */
72 function user_info($db, $uid, $user, $email)
96 function rg_user_info($db, $uid, $user, $email)
73 97 { {
74 xlog("user_info: uid=[$uid], user=[$user], email=[$email]...");
98 rg_log("user_info: uid=[$uid], user=[$user], email=[$email]...");
75 99
76 100 $ret = array(); $ret = array();
77 101 $ret['ok'] = 0; $ret['ok'] = 0;
78 102 $ret['exists'] = 0; $ret['exists'] = 0;
103 $ret['uid'] = 0;
104 $ret['is_admin'] = 0;
79 105
80 106 if ($uid > 0) { if ($uid > 0) {
81 107 $add = " AND uid = " . sprintf("%u", $uid); $add = " AND uid = " . sprintf("%u", $uid);
82 108 } else if (!empty($user)) { } else if (!empty($user)) {
83 $e_user = sql_escape($db, $user);
109 $e_user = rg_sql_escape($db, $user);
84 110 $add = " AND user = '$e_user'"; $add = " AND user = '$e_user'";
85 111 } else if (!empty($email)) { } else if (!empty($email)) {
86 $e_email = sql_escape($db, $email);
112 $e_email = rg_sql_escape($db, $email);
87 113 $add = " AND email = '$e_email'"; $add = " AND email = '$e_email'";
88 114 } else { } else {
89 115 return FALSE; return FALSE;
90 116 } }
91 117
92 118 $sql = "SELECT * FROM users WHERE 1 = 1" . $add; $sql = "SELECT * FROM users WHERE 1 = 1" . $add;
93 $res = sql_query($db, $sql);
119 $res = rg_sql_query($db, $sql);
94 120 if ($res === FALSE) { if ($res === FALSE) {
95 gg_user_set_error("Cannot get info (" . sql_error() . ")!");
121 rg_user_set_error("Cannot get info (" . rg_sql_error() . ")!");
96 122 return $ret; return $ret;
97 123 } }
98 124
99 125 $ret['ok'] = 1; $ret['ok'] = 1;
100 $row = sql_fetch_array($res);
101 sql_free_result($res);
126 $row = rg_sql_fetch_array($res);
127 rg_sql_free_result($res);
102 128 if (!isset($row['user'])) { if (!isset($row['user'])) {
103 gg_user_set_error("User not found!");
129 rg_user_set_error("User not found!");
104 130 return $ret; return $ret;
105 131 } }
106 132
107 133 $row['ok'] = 1; $row['ok'] = 1;
108 134 $row['exists'] = 1; $row['exists'] = 1;
135 rg_log("\tUser found.");
109 136 return $row; return $row;
110 137 } }
111 138
112 139 /* /*
113 * Test if login is OK
140 * Loads rg_ui based on sid, if possible
114 141 */ */
115 function user_login($db, $sid, &$ui)
142 function rg_user_login_by_sid($db, $sid, &$rg_ui)
116 143 { {
117 xlog("user_login: sid=$sid...");
144 rg_log("user_login_by_sid: sid=$sid...");
118 145
119 if (($uid = sess_valid($db, $sid))) {
120 $ui = user_info($db, $uid, "", "");
121 sess_update($db, $sid);
122 return $uid;
123 }
146 // Make sure it is not passed by client
147 $rg_ui = array();
148 $rg_ui['uid'] = 0;
149 $rg_ui['is_admin'] = 0;
150
151 if (empty($sid))
152 return FALSE;
124 153
125 xlog("No sid! Try with user...");
126 $user = @$_REQUEST['user'];
127 $pass = @$_REQUEST['pass'];
128 if (empty($user) || empty($pass))
154 $uid = rg_sess_valid($db, $sid);
155 if ($uid == 0)
129 156 return FALSE; return FALSE;
130 157
131 $ui = user_info($db, 0, $user, "");
132 if ($ui['ok'] == 0) {
133 gg_user_set_error("Internal error");
158 $rg_ui = rg_user_info($db, $uid, "", "");
159 if ($rg_ui['exists'] != 1)
160 rg_user_set_error("Invalid uid!");
161 return FALSE;
162 rg_sess_update($db, $sid);
163 return TRUE;
164 }
165
166 /*
167 * Test if login is OK
168 */
169 function rg_user_login_by_user_pass($db, $user, $pass, &$rg_ui)
170 {
171 rg_log("user_login: user=$user, pass=$pass...");
172
173 $rg_ui = array();
174 $rg_ui['uid'] = 0;
175 $rg_ui['is_admin'] = 0;
176
177 if (empty($user) || empty($pass)) {
178 rg_user_set_error("Invalid user or pass!");
134 179 return FALSE; return FALSE;
135 180 } }
136 181
137 if ($ui['exists'] == 0) {
138 gg_user_set_error("Invalid user or pass!");
182 $rg_ui = rg_user_info($db, 0, $user, "");
183 if ($rg_ui['exists'] != 1) {
184 rg_user_set_error("Invalid user or pass!");
139 185 return FALSE; return FALSE;
140 186 } }
141 xlog("\tui: " . print_r($ui, TRUE));
187 rg_log("\trg_ui: " . print_r($rg_ui, TRUE));
142 188
143 $sha1pass = sha1($ui['salt'] . "===" . $pass);
144 if (strcmp($sha1pass, $ui['pass']) != 0) {
145 gg_user_set_error("Invalid user or pass!");
189 $sha1pass = sha1($rg_ui['salt'] . "===" . $pass);
190 if (strcmp($sha1pass, $rg_ui['pass']) != 0) {
191 rg_user_set_error("Invalid user or pass!");
146 192 return FALSE; return FALSE;
147 193 } }
148 194
149 $sid = gg_id(40);
150 sess_add($db, $ui['uid'], $sid, $ui['session_time']);
195 $sid = rg_id(40);
196 rg_sess_add($db, $rg_ui['uid'], $sid, $rg_ui['session_time']);
151 197 setcookie("sid", $sid, 0); setcookie("sid", $sid, 0);
152 198
153 return $ui['uid'];
199 return TRUE;
154 200 } }
155 201
156 202 /* /*
157 203 * Suspend an account * Suspend an account
158 204 * 1=suspend, 0=unsuspend * 1=suspend, 0=unsuspend
159 205 */ */
160 function user_suspend($db, $uid, $op)
206 function rg_user_suspend($db, $uid, $op)
161 207 { {
162 xlog("user_suspend: uid=$uid, op=$op");
208 rg_log("user_suspend: uid=$uid, op=$op");
163 209
164 210 $now = time(); $now = time();
165 211
 
... ... function user_suspend($db, $uid, $op)
169 215 $v = 0; $v = 0;
170 216
171 217 $sql = "UPDATE users SET suspended = $v WHERE uid = $uid"; $sql = "UPDATE users SET suspended = $v WHERE uid = $uid";
172 $res = sql_query($db, $sql);
218 $res = rg_sql_query($db, $sql);
173 219 if ($res === FALSE) if ($res === FALSE)
174 220 return FALSE; return FALSE;
175 sql_free_result($res);
221 rg_sql_free_result($res);
176 222
177 223 return TRUE; return TRUE;
178 224 } }
 
... ... function user_suspend($db, $uid, $op)
181 227 * Make/remove admin * Make/remove admin
182 228 * 1=make, 0=remove * 1=make, 0=remove
183 229 */ */
184 function user_admin($db, $uid, $op)
230 function rg_user_admin($db, $uid, $op)
185 231 { {
186 xlog("user_admin: uid=$uid, op=$op");
232 rg_log("user_admin: uid=$uid, op=$op");
187 233
188 234 $now = time(); $now = time();
189 235
190 236 $sql = "UPDATE users SET is_admin = $op WHERE uid = $uid"; $sql = "UPDATE users SET is_admin = $op WHERE uid = $uid";
191 $res = sql_query($db, $sql);
237 $res = rg_sql_query($db, $sql);
192 238 if ($res === FALSE) if ($res === FALSE)
193 239 return FALSE; return FALSE;
194 sql_free_result($res);
240 rg_sql_free_result($res);
195 241
196 242 return TRUE; return TRUE;
197 243 } }
 
... ... function user_admin($db, $uid, $op)
199 245 /* /*
200 246 * List users * List users
201 247 */ */
202 function user_list($db, $url)
248 function rg_user_list($db, $url)
203 249 { {
204 xlog("user_list, url=$url...");
250 rg_log("user_list, url=$url...");
205 251
206 252 $ret = ""; $ret = "";
207 253
208 $xuid = sprintf("%u", @$_REQUEST['xuid']);
254 $xuid = rg_var_uint("xuid");
209 255
210 if (isset($_REQUEST['suspend'])) {
211 if (!user_suspend($db, $xuid, $_REQUEST['suspend']))
256 $suspend = rg_var_uint("suspend");
257 if ($suspend == 1) {
258 if (!rg_user_suspend($db, $xuid, 1))
212 259 $ret .= "<font color=red>Cannot suspend!</font><br />"; $ret .= "<font color=red>Cannot suspend!</font><br />";
213 260 } }
214 261
215 if (isset($_REQUEST['admin'])) {
216 if (!user_admin($db, $xuid, $_REQUEST['admin']))
262 $unsuspend = rg_var_uint("unsuspend");
263 if ($unsuspend == 1) {
264 if (!rg_user_suspend($db, $xuid, 0))
265 $ret .= "<font color=red>Cannot unsuspend!</font><br />";
266 }
267
268 $make_admin = rg_var_uint("make_admin");
269 if ($make_admin == 1) {
270 if (!rg_user_admin($db, $xuid, 1))
217 271 $ret .= "<font color=red>Cannot make admin!</font><br />"; $ret .= "<font color=red>Cannot make admin!</font><br />";
218 272 } }
219 273
220 if (isset($_REQUEST['remove'])) {
221 if (!user_remove($db, $xuid))
274 $remove_admin = rg_var_uint("remove_admin");
275 if ($remove_admin == 1) {
276 if (!rg_user_admin($db, $xuid, 0))
277 $ret .= "<font color=red>Cannot remove admin!</font><br />";
278 }
279
280 $remove = rg_var_uint("remove");
281 if ($remove > 0) {
282 if (!rg_user_remove($db, $xuid))
222 283 $ret .= "<font color=red>Cannot remove!</font><br />"; $ret .= "<font color=red>Cannot remove!</font><br />";
223 284 } }
224 285
225 286 $sql = "SELECT * FROM users ORDER BY user"; $sql = "SELECT * FROM users ORDER BY user";
226 $res = sql_query($db, $sql);
287 $res = rg_sql_query($db, $sql);
227 288 if ($res === FALSE) { if ($res === FALSE) {
228 gg_user_set_error("Cannot get info (" . sql_error() . ")!");
289 rg_user_set_error("Cannot get info (" . rg_sql_error() . ")!");
229 290 return FALSE; return FALSE;
230 291 } }
231 292
 
... ... function user_list($db, $url)
241 302 $ret .= " <th>Last seen (UTC)</th>\n"; $ret .= " <th>Last seen (UTC)</th>\n";
242 303 $ret .= " <th>Operations</th>\n"; $ret .= " <th>Operations</th>\n";
243 304 $ret .= "</tr>\n"; $ret .= "</tr>\n";
244 while (($row = sql_fetch_array($res))) {
305 while (($row = rg_sql_fetch_array($res))) {
245 306 $ret .= "<tr>\n"; $ret .= "<tr>\n";
246 307 $ret .= " <td>" . $row['user'] . "</td>\n"; $ret .= " <td>" . $row['user'] . "</td>\n";
247 308 $ret .= " <td>" . $row['email'] . "</td>\n"; $ret .= " <td>" . $row['email'] . "</td>\n";
 
... ... function user_list($db, $url)
249 310 $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n"; $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n";
250 311 $_v = "unlimited"; $_v = "unlimited";
251 312 if ($row['disk_quota_mb'] > 0) if ($row['disk_quota_mb'] > 0)
252 $_v = gg_1024($row['disk_quota_mb']);
313 $_v = rg_1024($row['disk_quota_mb']);
253 314 $ret .= " <td>" . $_v . "</td>\n"; $ret .= " <td>" . $_v . "</td>\n";
254 315 $ret .= " <td>" . ($row['suspended'] == 0 ? "No" : "Yes") . "</th>\n"; $ret .= " <td>" . ($row['suspended'] == 0 ? "No" : "Yes") . "</th>\n";
255 316 $ret .= " <td>" . $row['session_time'] . "s</td>\n"; $ret .= " <td>" . $row['session_time'] . "s</td>\n";
 
... ... function user_list($db, $url)
258 319 // suspend // suspend
259 320 $ret .= " <td>"; $ret .= " <td>";
260 321 $_url = $url . "&amp;xuid=" . $row['uid']; $_url = $url . "&amp;xuid=" . $row['uid'];
261 $v = 1; $t = "Suspend";
322 $v = "suspend=1"; $t = "Suspend";
262 323 if ($row['suspended'] > 0) { if ($row['suspended'] > 0) {
263 324 $t = "Unsuspend"; $t = "Unsuspend";
264 $v = 0;
325 $v = "unsuspend=1";
265 326 } }
266 $ret .= "[<a href=\"$_url&amp;suspend=$v\">$t</a>]";
327 $ret .= "[<a href=\"$_url&amp;$v\">$t</a>]";
267 328 // admin // admin
268 $v = 1; $t = "Admin";
329 $v = "make_admin=1"; $t = "Make admin";
269 330 if ($row['is_admin'] == 1) { if ($row['is_admin'] == 1) {
270 331 $t = "Remove admin"; $t = "Remove admin";
271 $v = 0;
332 $v = "remove_admin=1";
272 333 } }
273 $ret .= "[<a href=\"$_url&amp;admin=$v\">$t</a>]";
334 $ret .= "[<a href=\"$_url&amp;$v\">$t</a>]";
274 335 // remove // remove
275 336 if ($row['suspended'] > 0) if ($row['suspended'] > 0)
276 337 $ret .= "[<a href=\"$_url&amp;remove=1\">Remove!</a>]"; $ret .= "[<a href=\"$_url&amp;remove=1\">Remove!</a>]";
 
... ... function user_list($db, $url)
278 339 $ret .= "</tr>\n"; $ret .= "</tr>\n";
279 340 } }
280 341 $ret .= "</table>\n"; $ret .= "</table>\n";
281 sql_free_result($res);
342 rg_sql_free_result($res);
282 343
283 344 return $ret; return $ret;
284 345 } }
 
... ... function user_list($db, $url)
286 347 /* /*
287 348 * Returns uid by token, if not expired * Returns uid by token, if not expired
288 349 */ */
289 function user_forgot_pass_uid($db, $token)
350 function rg_user_forgot_pass_uid($db, $token)
290 351 { {
291 352 $ret = array(); $ret = array();
292 353 $ret['ok'] = 0; $ret['ok'] = 0;
293 354 $ret['uid'] = 0; $ret['uid'] = 0;
294 355
295 xlog("user_forgot_pass_uid: token=$token");
356 rg_log("user_forgot_pass_uid: token=$token");
296 357
297 358 $now = time(); $now = time();
298 $e_token = sql_escape($db, $token);
359 $e_token = rg_sql_escape($db, $token);
299 360
300 361 $sql = "SELECT uid FROM forgot_pass" $sql = "SELECT uid FROM forgot_pass"
301 362 . " WHERE token = '$e_token'" . " WHERE token = '$e_token'"
302 363 . " AND expire > $now"; . " AND expire > $now";
303 $res = sql_query($db, $sql);
364 $res = rg_sql_query($db, $sql);
304 365 if ($res === FALSE) if ($res === FALSE)
305 366 return $ret; return $ret;
306 367
307 368 $ret['ok'] = 1; $ret['ok'] = 1;
308 369
309 $row = sql_fetch_array($res);
310 sql_free_result($res);
370 $row = rg_sql_fetch_array($res);
371 rg_sql_free_result($res);
311 372 if (!isset($row['uid'])) if (!isset($row['uid']))
312 373 return $ret; return $ret;
313 374
 
... ... function user_forgot_pass_uid($db, $token)
319 380 /* /*
320 381 * Reset password function (send mail) * Reset password function (send mail)
321 382 */ */
322 function user_forgot_pass_mail($db, $email)
383 function rg_user_forgot_pass_mail($db, $email)
323 384 { {
324 xlog("user_forgot_pass_mail: email=$email");
385 rg_log("user_forgot_pass_mail: email=$email");
325 386
326 387 $expire = time() + 24 * 3600; $expire = time() + 24 * 3600;
327 $token = gg_id(40);
388 $token = rg_id(40);
328 389
329 $r = user_info($db, 0, "", $email);
390 $r = rg_user_info($db, 0, "", $email);
330 391 if ($r['ok'] == 0) if ($r['ok'] == 0)
331 392 return FALSE; return FALSE;
332 393 if ($r['exists'] == 0) if ($r['exists'] == 0)
 
... ... function user_forgot_pass_mail($db, $email)
336 397 // store token in database // store token in database
337 398 $sql = "INSERT INTO forgot_pass (token, uid, expire)" $sql = "INSERT INTO forgot_pass (token, uid, expire)"
338 399 . " VALUES ('$token', $uid, $expire)"; . " VALUES ('$token', $uid, $expire)";
339 $res = sql_query($db, $sql);
400 $res = rg_sql_query($db, $sql);
340 401 if ($res === FALSE) { if ($res === FALSE) {
341 gg_user_set_error("Cannot query!");
402 rg_user_set_error("Cannot query!");
342 403 return FALSE; return FALSE;
343 404 } }
344 sql_free_result($res);
405 rg_sql_free_result($res);
345 406
346 407 if (!mail($email, "Forgot password", if (!mail($email, "Forgot password",
347 408 "Hello!\nIf you want to reset the password, follow:\n" "Hello!\nIf you want to reset the password, follow:\n"
348 409 . "http://" . $_SERVER['SERVER_NAME'] . "/" . $_SERVER['PHP_SELF'] . "?op=6&token=$token")) { . "http://" . $_SERVER['SERVER_NAME'] . "/" . $_SERVER['PHP_SELF'] . "?op=6&token=$token")) {
349 gg_user_set_error("Cannot send mail!");
410 rg_user_set_error("Cannot send mail!");
350 411 return FALSE; return FALSE;
351 412 } }
352 413
 
... ... function user_forgot_pass_mail($db, $email)
356 417 /* /*
357 418 * After reseting the pass, we have to destroy all 'reset pass' requests * After reseting the pass, we have to destroy all 'reset pass' requests
358 419 */ */
359 function user_forgot_pass_destroy($db, $uid)
420 function rg_user_forgot_pass_destroy($db, $uid)
360 421 { {
361 xlog("user_forgot_pass_destroy: token=$token");
422 rg_log("user_forgot_pass_destroy: token=$token");
362 423
363 424 $sql = "DELETE FROM forgot_pass WHERE uid = $uid"; $sql = "DELETE FROM forgot_pass WHERE uid = $uid";
364 $res = sql_query($db, $sql);
425 $res = rg_sql_query($db, $sql);
365 426 if ($res === FALSE) { if ($res === FALSE) {
366 gg_user_set_error("Cannot query!");
427 rg_user_set_error("Cannot query!");
367 428 return FALSE; return FALSE;
368 429 } }
369 sql_free_result($res);
430 rg_sql_free_result($res);
370 431
371 432 return TRUE; return TRUE;
372 433 } }
373 434
374 function user_set_pass($db, $uid, $pass)
435 function rg_user_set_pass($db, $uid, $pass)
375 436 { {
376 xlog("user_set_pass...");
437 rg_log("user_set_pass...");
377 438
378 $e_salt = gg_id(40);
439 $e_salt = rg_id(40);
379 440 $e_sha1pass = sha1($e_salt . "===" . $pass); $e_sha1pass = sha1($e_salt . "===" . $pass);
380 441
381 442 $sql = "UPDATE users SET" $sql = "UPDATE users SET"
382 443 ." salt = '$e_salt'" ." salt = '$e_salt'"
383 444 . ", pass = '$e_sha1pass'" . ", pass = '$e_sha1pass'"
384 445 . " WHERE uid = " . $uid; . " WHERE uid = " . $uid;
385 $res = sql_query($db, $sql);
446 $res = rg_sql_query($db, $sql);
386 447 if ($res === FALSE) if ($res === FALSE)
387 448 return FALSE; return FALSE;
388 sql_free_result($res);
449 rg_sql_free_result($res);
389 450
390 451 return TRUE; return TRUE;
391 452 } }
392 453
393 /*
394 * Remove forbidden chars
395 */
396 function gg_user_fix($user)
397 {
398 return preg_replace("/[^A-Za-z0-9_.-]/", "", $user);
399 }
400
401 454 ?> ?>
File inc/user/forgot.form.php changed (mode: 100644) (index c4b1021..e70b08a)
... ... if (!empty($error))
6 6 $_forgot_form .= "<font color=red>$error</font><br />\n"; $_forgot_form .= "<font color=red>$error</font><br />\n";
7 7
8 8 $_forgot_form .= ' $_forgot_form .= '
9 <form type="post" action="' . $_SERVER['PHP_SELF'] . '">
9 <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
10 10 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
11 <input type="hidden" name="token" value="' . $_REQUEST['token'] . '">
11 <input type="hidden" name="token" value="' . rg_var_str("token") . '">
12 12 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
13 13
14 14 <table> <table>
File inc/user/forgot.php changed (mode: 100644) (index 7138b70..d9aa318)
1 1 <?php <?php
2 xlog("/inc/user/forgot.php");
2 rg_log("/inc/user/forgot.php");
3 3
4 $token = @$_REQUEST['token'];
5 $pass1 = @$_REQUEST['pass1'];
6 $pass2 = @$_REQUEST['pass2'];
4 $token = rg_var_str("token");
5 $pass1 = rg_var_str("pass1");
6 $pass2 = rg_var_str("pass2");
7 7
8 8 $_forgot = "<br />\n"; $_forgot = "<br />\n";
9 9
 
... ... if ($doit == 1) {
22 22 } else { } else {
23 23 if (user_set_pass($db, $r['uid'], $pass1)) { if (user_set_pass($db, $r['uid'], $pass1)) {
24 24 user_forgot_pass_destroy($db, $r['uid']); user_forgot_pass_destroy($db, $r['uid']);
25 // auto-login
26 $rg_ui = user_info($db, $r['uid'], "", "");
25 27 $_forgot .= "OK!"; $_forgot .= "OK!";
26 28 $_hide_form = 1; $_hide_form = 1;
27 29 } else { } else {
File inc/user/forgot_mail.php changed (mode: 100644) (index 597f7f1..ca8df55)
1 1 <?php <?php
2 xlog("/inc/user/forgot_mail.php");
2 rg_log("/inc/user/forgot_mail.php");
3 3
4 $email = @$_REQUEST['email'];
4 $email = rg_var_str("email");
5 5
6 6 $_forgot = "<br />\n"; $_forgot = "<br />\n";
7 7
File inc/util.inc.php changed (mode: 100644) (index b2b6d1f..bcb394b)
1 1 <?php <?php
2 2
3 function gg_1024($v)
3 function rg_1024($v)
4 4 { {
5 5 if ($v <= 9999) if ($v <= 9999)
6 6 return number_format($v); return number_format($v);
 
... ... function gg_1024($v)
24 24 /* /*
25 25 * Unique ID generator * Unique ID generator
26 26 */ */
27 function gg_id($len)
27 function rg_id($len)
28 28 { {
29 29 $id = ""; $id = "";
30 30
 
... ... function gg_id($len)
45 45 /* /*
46 46 * XSS protection * XSS protection
47 47 */ */
48 function gg_xss($v)
48 function rg_xss($v)
49 49 { {
50 50 return htmlspecialchars($v, ENT_QUOTES); return htmlspecialchars($v, ENT_QUOTES);
51 51 } }
52 52
53 53 $_lock = FALSE; $_lock = FALSE;
54 function gg_lock_or_exit($file)
54 function rg_lock_or_exit($file)
55 55 { {
56 56 global $_lock; global $_lock;
57 57
58 58 if ($_lock !== FALSE) { if ($_lock !== FALSE) {
59 xlog("\tYou already have a lock on $file! Bad!");
59 rg_log("\tYou already have a lock on $file! Bad!");
60 60 exit(1); exit(1);
61 61 } }
62 62
63 63 $_lock = @fopen($file, "w"); $_lock = @fopen($file, "w");
64 64 if ($_lock === FALSE) { if ($_lock === FALSE) {
65 xlog("\tCannot open $file!");
65 rg_log("\tCannot open $file!");
66 66 exit(1); exit(1);
67 67 } }
68 68
 
... ... function gg_lock_or_exit($file)
74 74 fwrite($_lock, getmypid() . "\n"); fwrite($_lock, getmypid() . "\n");
75 75 } }
76 76
77 function gg_load()
77 function rg_load()
78 78 { {
79 79 return intval(file_get_contents("/proc/loadavg")); return intval(file_get_contents("/proc/loadavg"));
80 80 } }
81
82 /*
83 * Builds URLs
84 */
85 function rg_re_url($op)
86 {
87 if (isset($_REQUEST['rewrite_engine']))
88 return "/+" . $op;
89
90 return $_SERVER['PHP_SELF'] . "?op=" . $op;
91 }
92
93 function rg_re_repopage($repo_id, $repo_name)
94 {
95 if (isset($_REQUEST['rewrite_engine']))
96 return "/" . $repo_name;
97
98 return $_SERVER['PHP_SELF'] . "?op=repo&amp;subop=2&amp;repo_id=" . $repo_id;
99 }
100
101 function rg_var_str($name)
102 {
103 $ret = "";
104
105 if (isset($_COOKIE[$name]))
106 $ret = $_COOKIE[$name];
107
108 if (isset($_POST[$name]))
109 $ret = $_POST[$name];
110
111 if (isset($_GET[$name]))
112 $ret = $_GET[$name];
113
114 return htmlspecialchars($ret, ENT_QUOTES);
115 }
116
117 function rg_var_int($name)
118 {
119 return sprintf("%d", rg_var_str($name));
120 }
121
122 function rg_var_uint($name)
123 {
124 return sprintf("%u", rg_var_str($name));
125 }
126
127 /*
128 * Enforce chars in a name. It is used for user and repo.
129 */
130 function rg_chars_allow($name, $allowed_chars)
131 {
132 if (preg_match($allowed_chars, $name) === FALSE)
133 return FALSE;
134
135 return TRUE;
136 }
81 137 ?> ?>
File inc/xlog.inc.php deleted (index b2cd414..0000000)
1 <?php
2 require_once($INC . "/util.inc.php");
3
4 $_xlog_file = "/tmp/gg.log";
5 $_xlog_fd = FALSE;
6 $_xlog_sid = gg_id(6);
7
8 function xlog_set_file($file)
9 {
10 global $_xlog_file;
11
12 $_xlog_file = $file;
13 }
14
15 function xlog($str)
16 {
17 global $_xlog_file;
18 global $_xlog_fd;
19 global $_xlog_sid;
20
21 if ($_xlog_fd === FALSE) {
22 $_xlog_fd = @fopen($_xlog_file, "a+");
23 if ($_xlog_fd === FALSE)
24 return;
25 // write an empty line
26 fwrite($_xlog_fd, "\n");
27 }
28
29 $t = gettimeofday();
30 $buf = gmdate("Y-m-d H:i:s", $t['sec']) . "." . sprintf("%06d", $t['usec']);
31 $buf .= " " . $_xlog_sid . " " . $str . "\n";
32
33 fwrite($_xlog_fd, $buf);
34 }
35
36 ?>
File root/index.php changed (mode: 100644) (index 4c64719..33792ef)
1 1 <?php <?php
2 2 error_reporting(E_ALL); error_reporting(E_ALL);
3 //phpinfo();
3 4
4 5 $_s = microtime(TRUE); $_s = microtime(TRUE);
5 6
 
... ... $ROOT = dirname(__FILE__);
8 9
9 10 $THEME = $ROOT . "/themes/default"; $THEME = $ROOT . "/themes/default";
10 11
11 require_once("/etc/gg/config.php");
12 require_once($INC . "/xlog.inc.php");
12 require_once("/etc/rg/config.php");
13 require_once($INC . "/log.inc.php");
13 14 include_once($INC . "/db.inc.php"); include_once($INC . "/db.inc.php");
14 15 include_once($INC . "/user.inc.php"); include_once($INC . "/user.inc.php");
15 16 include_once($INC . "/repo.inc.php"); include_once($INC . "/repo.inc.php");
16 17 include_once($INC . "/keys.inc.php"); include_once($INC . "/keys.inc.php");
17 18
18 xlog_set_file("/tmp/gg_web.log");
19 rg_log_set_file("/tmp/rg_web.log");
19 20
20 $sql_debug = $gg_db_debug;
21 $rg_sql_debug = $rg_db_debug;
21 22
22 $op = 0;
23 if (isset($_REQUEST['op']))
24 $op = intval($_REQUEST['op']);
25 $doit = @intval($_REQUEST['doit']);
26 $sid = @$_COOKIE['sid'];
27 if (empty($sid))
28 $sid = @$_REQUEST['sid'];
23 // TODO: make subop and subsubop as strings
24 $op = rg_var_str("op");
25 $subop = rg_var_uint("subop");
26 $subsubop = rg_var_uint("subsubop");
27 $doit = rg_var_uint("doit");
28 $sid = rg_var_str("sid");
29 29
30 xlog("IP: " . @$_SERVER['REMOTE_ADDR']);
31 xlog("_REQUEST: " . print_r($_REQUEST, TRUE));
32 xlog("_COOKIE: " . print_r($_COOKIE, TRUE));
33 xlog("Start! op=$op, doit=$doit, sid=$sid...");
30 rg_log("IP: " . @$_SERVER['REMOTE_ADDR']);
31 rg_log("_REQUEST: " . trim(print_r($_REQUEST, TRUE)));
32 rg_log("_COOKIE: " . trim(print_r($_COOKIE, TRUE)));
33 rg_log("Start! op=$op/$subop/$subsubop, doit=$doit, sid=$sid...");
34 34
35 35
36 36 $head = ""; $head = "";
 
... ... $head .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\""
38 38 . " \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n"; . " \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
39 39 $head .= "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n"; $head .= "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n";
40 40 $head .= "<head>\n"; $head .= "<head>\n";
41 $head .= " <title>GG</title>\n";
41 $head .= " <title>RocketGit</title>\n";
42 42 $head .= " <meta content=\"text/html; charset=UTF-8\" http-equiv=\"content-type\" />\n"; $head .= " <meta content=\"text/html; charset=UTF-8\" http-equiv=\"content-type\" />\n";
43 43 $css = preg_replace("/\n/", " ", @file_get_contents($THEME . "/main.css")); $css = preg_replace("/\n/", " ", @file_get_contents($THEME . "/main.css"));
44 44 $head .= " <style type=\"text/css\">" . $css . "</style>\n"; $head .= " <style type=\"text/css\">" . $css . "</style>\n";
 
... ... $head .= "<body>\n";
47 47
48 48
49 49 // database connection // database connection
50 $db = sql_open($gg_db);
50 $db = rg_sql_open($rg_db);
51 51 if ($db === FALSE) if ($db === FALSE)
52 52 die("Cannot open database!"); die("Cannot open database!");
53 53
54 // deal with login
55 $gg_uid = user_login($db, $sid, $gg_ui);
56 if (($op == 1) && ($doit == 1) && ($gg_uid > 0))
57 $op = 0;
54 rg_user_login_by_sid($db, $sid, $rg_ui);
55 rg_log("After login_by_sid, rg_ui=" . print_r($rg_ui, TRUE));
58 56
59 // deal with logout
60 if ($op == 9) {
61 sess_destroy($db, $sid);
62 $gg_uid = 0;
63 $gg_ui = FALSE;
64 }
57 $body = "";
58 // Chain dispatching
59 do {
60 include($INC . "/dispatch/dispatch.php");
61 } while (strcmp($op, "") != 0);
65 62
66 // auto-login user by forgot-pass token
67 if ($op == 6) {
68 // TODO
69 }
63 $tail = "</body>\n";
64 $tail .= "</html>\n";
70 65
71 // menu
72 $url = $_SERVER['PHP_SELF'] . "?a=1";
73 $menu = "";
74 $menu .= "[<a href=\"$url&amp;op=1\">Login</a>]";
75 if (isset($gg_ui['user'])) {
76 $menu .= "&nbsp;[<a href=\"$url&amp;op=4\">Keys</a>]\n";
77 $menu .= "&nbsp;[<a href=\"$url&amp;op=2\">My repositories</a>]\n";
78 if ($gg_ui['is_admin'] == 1)
79 $menu .= "&nbsp;[<a href=\"$url&amp;op=3\">Admin</a>]\n";
80 66
81 $menu .= "&nbsp;[<a href=\"$url&amp;op=9\">Logout</a>]\n";
67 // menu
68 $amenu = array(
69 "login" => array("text" => "Login"),
70 "repo" => array("text" => "My repositories"),
71 "keys" => array("text" => "SSH keys"),
72 "admin" => array("text" => "Admin", "needs_admin" => 1),
73 "logout" => array("text" => "Logout")
74 );
82 75
83 $menu .= "&nbsp;&nbsp;&nbsp;[" . $gg_ui['user'] . "]\n";
76 $menu = "";
77 $add = "";
78 foreach ($amenu as $_op => $_info) {
79 if (isset($_info['needs_admin']) && ($rg_ui['is_admin'] == 0))
80 continue;
81
82 $_text = $_info['text'];
83 if (strcmp($_op, $op) == 0) {
84 $menu .= $add . "[$_text]\n";
85 } else {
86 $menu .= $add . "[<a href=\""
87 . rg_re_url($_op) . "\">$_text</a>]\n";
88 }
89 $add = "&nbsp;";
84 90 } }
85 $menu .= "<br />\n";
86
87 91
88 $body = "";
89 switch ($op) {
90 case 1:
91 include($INC . "/login/login.php");
92 $body .= $_login;
93 break;
94
95 case 2:
96 include($INC . "/repo/repo.php");
97 $body .= $_repo;
98 break;
99
100 case 3:
101 include($INC . "/admin/admin.php");
102 $body .= $_admin;
103 break;
104
105 case 4: // keys
106 include($INC . "/keys/keys.php");
107 $body .= $_keys;
108 break;
109
110 case 6: // forgot pass link
111 include($INC . "/user/forgot.php");
112 $body .= $_forgot;
113 break;
114
115 case 7: // forgot pass - send mail
116 include($INC . "/user/forgot_mail.php");
117 $body .= $_forgot;
118 break;
119
120 case 10: // repo page
121 include($INC . "/repo/repo_page.php");
122 $body .= $_repo;
123 break;
124 }
92 if (isset($rg_ui['user']))
93 $menu .= "&nbsp;&nbsp;&nbsp;[" . $rg_ui['user'] . "]\n";
94 $menu .= "<br />\n";
125 95
126 $body .= "</body>\n";
127 $body .= "</html>\n";
128 96
129 echo $head . $menu . $body;
97 echo $head . $menu . $body . $tail;
130 98
131 99 $_diff = sprintf("%u", (microtime(TRUE) - $_s) * 1000); $_diff = sprintf("%u", (microtime(TRUE) - $_s) * 1000);
132 xlog("Done in $_diff ms.");
100 rg_log("Done in $_diff ms.");
133 101 ?> ?>
File samples/config.php changed (mode: 100644) (index de5fe71..ca0dee9)
1 1 <?php <?php
2 2 // Base // Base
3 $gg_base = "/home/gg";
3 $rg_base = "/home/rg";
4 4
5 5 // Base for repositories // Base for repositories
6 $gg_base_repo = $gg_base . "/repositories";
6 $rg_base_repo = $rg_base . "/repositories";
7 7
8 8 // Database // Database
9 $gg_db = "sqlite:/tmp/gg.sqlite";
10 $gg_db_debug = 1;
9 $rg_db = "sqlite:/tmp/rg.sqlite";
10 $rg_db_debug = 1;
11 11
12 12 // Session // Session
13 $gg_session_time = 3600;
13 $rg_session_time = 3600;
14 14
15 15 // Keys // Keys
16 $gg_keys_file = $gg_base . "/.ssh/authorized_keys";
16 $rg_keys_file = $rg_base . "/.ssh/authorized_keys";
17 17
18 18 // Scripts // Scripts
19 $gg_scripts = "/BIG1T/sync1/Dev/gg/scripts";
19 $rg_scripts = "/BIG1T/sync1/Dev/rg/scripts";
20
21 // Allowed repo names (regular expression)
22 $rg_repo_allow = '/^[^A-Za-z0-9_.-]$/';
23
24 // Allowed repo name length
25 $rg_repo_max_len = 16;
26
27 // Allowed user names (regular expression)
28 $rg_user_allow = '/^[^A-Za-z0-9_.-]$/';
29
30 // Allowed user name length
31 $rg_user_max_len = 16;
20 32
21 33 ?> ?>
File samples/cron changed (mode: 100644) (index f8ea8c6..a57ca50)
1 * * * * * gg php /BIG1T/sync1/Dev/gg/scripts/cron.php
2 * * * * * gg php /BIG1T/sync1/Dev/gg/scripts/q.php
1 * * * * * rg php /BIG1T/sync1/Dev/rg/scripts/cron.php
2 * * * * * rg php /BIG1T/sync1/Dev/rg/scripts/q.php
File samples/rg renamed from samples/gg (similarity 78%) (mode: 100644) (index d8f2712..bff94f3)
... ... service git
8 8 disable = no disable = no
9 9 socket_type = stream socket_type = stream
10 10 wait = no wait = no
11 user = gg
11 user = rg
12 12 server = /usr/bin/php server = /usr/bin/php
13 server_args = /BIG1T/sync1/Dev/gg/scripts/ssh.php
13 server_args = /BIG1T/sync1/Dev/rg/scripts/ssh.php
14 14 log_on_failure += USERID log_on_failure += USERID
15 15 } }
File samples/rg.conf added (mode: 100644) (index 0000000..0e3b045)
1 # This is the apache configuration file for RocketGit
2
3 <VirtualHost *:80>
4 ServerName rg.embedromix.ro
5 ServerAlias rg
6 DocumentRoot /BIG1T/sync1/Dev/rg/root/
7
8 <Directory "/BIG1T/sync1/Dev/rg/root">
9 AllowOverride All
10 Order allow,deny
11 Allow from all
12 </Directory>
13
14 RewriteEngine On
15 RewriteLog /var/log/httpd/rg-Rewrite.log
16 RewriteLogLevel 3
17
18 # Allow .ico and 'themes' folder
19 RewriteCond %{REQUEST_URI} ^/(favicon\.ico|themes)
20 RewriteRule .* - [L]
21
22 # index.php is special
23 RewriteCond %{REQUEST_URI} ^/index\.php
24 RewriteRule .* /index.php?rewrite_engine=1 [L,QSA]
25
26 RewriteCond %{REQUEST_URI} ^/\+
27 RewriteRule ^/\+(.*) /index.php?rewrite_engine=1&op=$1 [L,QSA]
28
29 RewriteCond %{REQUEST_URI} ^/.+
30 RewriteRule ^/(.+) /index.php?rewrite_engine=1&op=repopage&repo=$1 [L,QSA]
31
32 # Compress
33 AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript
34 DeflateBufferSize 81920
35
36 # Cache at will
37 <FilesMatch "(?i)^.*\.(ico|flv|jpg|jpeg|png|gif|js|css|swf)$">
38 FileETag MTime Size
39 </FilesMatch>
40
41 <IfModule mod_expires.c>
42 ExpiresActive On
43 ExpiresByType image/png "access plus 1 day"
44 ExpiresByType text/css "access plus 1 day"
45 ExpiresByType text/javascript "access plus 1 day"
46 ExpiresByType application/javascript "access plus 1 day"
47 ExpiresByType application/x-javascript "access plus 1 day"
48 </IfModule>
49 </VirtualHost>
File scripts/cron.php changed (mode: 100644) (index 5bd0f77..f98d4cc)
... ... ini_set("track_errors", "On");
5 5
6 6 $now = time(); $now = time();
7 7
8 require_once("/etc/gg/config.php");
8 require_once("/etc/rg/config.php");
9 9
10 10 $INC = dirname(__FILE__) . "/../inc"; $INC = dirname(__FILE__) . "/../inc";
11 require_once($INC . "/xlog.inc.php");
11 require_once($INC . "/log.inc.php");
12 12 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
13 13 require_once($INC . "/repo.inc.php"); require_once($INC . "/repo.inc.php");
14 14 require_once($INC . "/keys.inc.php"); require_once($INC . "/keys.inc.php");
15 15
16 xlog_set_file("/tmp/gg_cron.log");
16 rg_log_set_file("/tmp/rg_cron.log");
17 17
18 18 // locking // locking
19 $lock = "/var/run/gg/cron.lock";
20 gg_lock_or_exit($lock);
19 $lock = "/var/run/rg/cron.lock";
20 rg_lock_or_exit($lock);
21 21
22 $sql_debug = $gg_db_debug;
22 $sql_debug = $rg_db_debug;
23 23
24 xlog("Start: euid=" . posix_geteuid() . "...");
24 rg_log("Start: euid=" . posix_geteuid() . "...");
25 25
26 $db = sql_open($gg_db);
26 $db = sql_open($rg_db);
27 27 if ($db === FALSE) { if ($db === FALSE) {
28 xlog("Cannot connect to database!");
28 rg_log("Cannot connect to database!");
29 29 // TODO: inform admin - already by e-mail? // TODO: inform admin - already by e-mail?
30 30 exit(1); exit(1);
31 31 } }
32 32
33 33 if (date("H") == 0) { if (date("H") == 0) {
34 xlog("Compute repository sizes if dirty...");
34 rg_log("Compute repository sizes if dirty...");
35 35 // delete 'dirty' files // delete 'dirty' files
36 36 $sql = "SELECT * FROM repos"; $sql = "SELECT * FROM repos";
37 37 $res = sql_query($db, $sql); $res = sql_query($db, $sql);
38 38 if ($res === FALSE) { if ($res === FALSE) {
39 xlog("Cannot run query (" . sql_error() . ")!");
39 rg_log("Cannot run query (" . rg_sql_error() . ")!");
40 40 } else { } else {
41 41 while (($row = sql_fetch_array($res))) { while (($row = sql_fetch_array($res))) {
42 xlog("Processing repository [" . $row['name'] . "]...");
42 rg_log("Processing repository [" . $row['name'] . "]...");
43 43 $repo_path = repo_id2base($row['repo_id']) . $row['name'] . ".git"; $repo_path = repo_id2base($row['repo_id']) . $row['name'] . ".git";
44 44 $disk_mb = repo_disk_mb($repo_path); $disk_mb = repo_disk_mb($repo_path);
45 45 $sql = "UPDATE repos SET disk_mb = $disk_mb" $sql = "UPDATE repos SET disk_mb = $disk_mb"
46 46 . " WHERE repo_id = " . $row['repo_id']; . " WHERE repo_id = " . $row['repo_id'];
47 47 $res2 = sql_query($db, $sql); $res2 = sql_query($db, $sql);
48 48 if ($res2 === FALSE) { if ($res2 === FALSE) {
49 xlog("Cannot run query!");
49 rg_log("Cannot run query!");
50 50 } else { } else {
51 @unlink($repo_path . "/gg/dirty");
51 @unlink($repo_path . "/rg/dirty");
52 52 sql_free_result($res2); sql_free_result($res2);
53 53 } }
54 54 } }
 
... ... if (date("H") == 0) {
57 57 } }
58 58
59 59 // TODO // TODO
60 //xlog("Update user quota...");
60 //rg_log("Update user quota...");
61 61
62 62 // TODO // TODO
63 //xlog("Sending notifications...");
63 //rg_log("Sending notifications...");
64 64
65 65 if (date("H") == 0) { if (date("H") == 0) {
66 xlog("Clean old forget_pass entries...");
66 rg_log("Clean old forget_pass entries...");
67 67 $sql = "DELETE FROM forgot_pass WHERE expire < $now"; $sql = "DELETE FROM forgot_pass WHERE expire < $now";
68 68 $res = sql_query($db, $sql); $res = sql_query($db, $sql);
69 69 sql_free_result($res); sql_free_result($res);
70 70 } }
71 71
72 72 if (date("H") == 1) { if (date("H") == 1) {
73 xlog("Clean old sess entries...");
73 rg_log("Clean old sess entries...");
74 74 $sql = "DELETE FROM sess WHERE expire < $now"; $sql = "DELETE FROM sess WHERE expire < $now";
75 75 $res = sql_query($db, $sql); $res = sql_query($db, $sql);
76 76 sql_free_result($res); sql_free_result($res);
77 77 } }
78 78
79 xlog("Regenerate keys...");
79 rg_log("Regenerate keys...");
80 80 keys_regen($db); keys_regen($db);
81 81
82 82 // Arhive deleted repositories // Arhive deleted repositories
83 83 if (date("H") == 23) { if (date("H") == 23) {
84 //TODO: xlog("Delete repositories...");
84 //TODO: rg_log("Delete repositories...");
85 85 } }
86 86
87 87 // this has to be the last thing that touches the database // this has to be the last thing that touches the database
88 88 if (date("H") == 0) { if (date("H") == 0) {
89 xlog("Run VACUUM on database...");
89 rg_log("Run VACUUM on database...");
90 90 $sql = "VACUUM"; $sql = "VACUUM";
91 91 $res = sql_query($db, $sql); $res = sql_query($db, $sql);
92 92 sql_free_result($res); sql_free_result($res);
93 93
94 xlog("Run ANALYZE on database...");
94 rg_log("Run ANALYZE on database...");
95 95 $sql = "ANALYZE"; $sql = "ANALYZE";
96 96 $res = sql_query($db, $sql); $res = sql_query($db, $sql);
97 97 sql_free_result($res); sql_free_result($res);
98 98 } }
99 99
100 xlog("Done!");
100 rg_log("Done!");
101 101 ?> ?>
File scripts/q.php changed (mode: 100644) (index a8ad2c9..23e6bc8)
... ... ini_set("track_errors", "On");
7 7 $now = time(); $now = time();
8 8 $_s = microtime(TRUE); $_s = microtime(TRUE);
9 9
10 require_once("/etc/gg/config.php");
10 require_once("/etc/rg/config.php");
11 11
12 12 $INC = dirname(__FILE__) . "/../inc"; $INC = dirname(__FILE__) . "/../inc";
13 require_once($INC . "/xlog.inc.php");
13 require_once($INC . "/log.inc.php");
14 14 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
15 15 require_once($INC . "/repo.inc.php"); require_once($INC . "/repo.inc.php");
16 16
17 xlog_set_file("/tmp/gg_q.log");
17 rg_log_set_file("/tmp/rg_q.log");
18 18
19 19 // locking // locking
20 $lock = "/var/run/gg/q.lock";
21 gg_lock_or_exit($lock);
20 $lock = "/var/run/rg/q.lock";
21 rg_lock_or_exit($lock);
22 22
23 $sql_debug = $gg_db_debug;
23 $rg_sql_debug = $rg_db_debug;
24 24
25 xlog("Start: euid=" . posix_geteuid() . "...");
25 rg_log("Start: euid=" . posix_geteuid() . "...");
26 26
27 $db = sql_open($gg_db);
27 $db = rg_sql_open($rg_db);
28 28 if ($db === FALSE) { if ($db === FALSE) {
29 xlog("Cannot connect to database!");
29 rg_log("Cannot connect to database!");
30 30 // TODO: inform admin - already by e-mail? // TODO: inform admin - already by e-mail?
31 31 exit(1); exit(1);
32 32 } }
 
... ... $runs = 1;
37 37 while ($runs-- > 0) { while ($runs-- > 0) {
38 38 // check machine load - if too big we will delay // check machine load - if too big we will delay
39 39 while (1) { while (1) {
40 $load = gg_load();
40 $load = rg_load();
41 41 if ($load < 10) if ($load < 10)
42 42 break; break;
43 43
44 xlog("\tLoad too big!");
44 rg_log("\tLoad too big!");
45 45 sleep(10); sleep(10);
46 46 } }
47 47
48 xlog("Check to create not-yet-created repos...");
48 rg_log("Check to create not-yet-created repos...");
49 49 // Ordered by master to create masters first // Ordered by master to create masters first
50 50 $sql = "SELECT repo_id, master, name FROM repos" $sql = "SELECT repo_id, master, name FROM repos"
51 51 . " WHERE deleted = 0" . " WHERE deleted = 0"
52 52 . " AND git_dir_done = 0" . " AND git_dir_done = 0"
53 53 . " ORDER BY master"; . " ORDER BY master";
54 $res = sql_query($db, $sql);
54 $res = rg_sql_query($db, $sql);
55 55 if ($res === FALSE) { if ($res === FALSE) {
56 xlog("\tCannot query!");
56 rg_log("\tCannot query!");
57 57 exit(1); exit(1);
58 58 } }
59 while (($row = sql_fetch_array($res))) {
60 xlog("\tProcess repo " . $row['name'] . "...");
59 while (($row = rg_sql_fetch_array($res))) {
60 rg_log("\tProcess repo " . $row['name'] . "...");
61 61
62 $dst = repo_id2base($row['repo_id']) . $row['name'] . ".git";
62 $dst = rg_repo_id2base($row['repo_id']) . $row['name'] . ".git";
63 63 if ($row['master'] == 0) { if ($row['master'] == 0) {
64 $r = gg_git_init($dst);
64 $r = rg_git_init($dst);
65 65 if ($r === FALSE) { if ($r === FALSE) {
66 xlog("\tCannot init master!");
66 rg_log("\tCannot init master!");
67 67 } else { } else {
68 repo_git_done($db, $row['repo_id']);
68 rg_repo_git_done($db, $row['repo_id']);
69 69 } }
70 70 } else { } else {
71 $mi = repo_info($db, $row['master'], "");
71 $mi = rg_repo_info($db, $row['master'], "");
72 72 if ($mi['exists'] != 1) { if ($mi['exists'] != 1) {
73 xlog("\tCannot find master!");
73 rg_log("\tCannot find master!");
74 74 } else { } else {
75 $src = repo_id2base($mi['repo_id']) . $mi['name'] . ".git";
76 $r = gg_git_clone($src, $dst);
75 $src = rg_repo_id2base($mi['repo_id']) . $mi['name'] . ".git";
76 $r = rg_git_clone($src, $dst);
77 77 if ($r === FALSE) { if ($r === FALSE) {
78 xlog("\tCould not create repo!");
78 rg_log("\tCould not create repo!");
79 79 } else { } else {
80 repo_git_done($db, $row['repo_id']);
80 rg_repo_git_done($db, $row['repo_id']);
81 81 } }
82 82 } }
83 83 } }
84 84 } }
85 sql_free_result($res);
85 rg_sql_free_result($res);
86 86
87 87 sleep(10); sleep(10);
88 88 } }
89 89
90 90 $_diff = sprintf("%u", microtime(TRUE) - $_s); $_diff = sprintf("%u", microtime(TRUE) - $_s);
91 xlog("Done in " . $_diff . "s!");
91 rg_log("Done in " . $_diff . "s!");
92 92 ?> ?>
File scripts/ssh.php changed (mode: 100644) (index c5d1555..06ee476)
... ... ini_set("track_errors", "On");
5 5
6 6 $_start = microtime(TRUE); $_start = microtime(TRUE);
7 7
8 require_once("/etc/gg/config.php");
8 require_once("/etc/rg/config.php");
9 9
10 10 $INC = dirname(__FILE__) . "/../inc"; $INC = dirname(__FILE__) . "/../inc";
11 11 require_once($INC . "/util.inc.php"); require_once($INC . "/util.inc.php");
12 require_once($INC . "/xlog.inc.php");
12 require_once($INC . "/log.inc.php");
13 13 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
14 14 require_once($INC . "/repo.inc.php"); require_once($INC . "/repo.inc.php");
15 15
16 $sql_debug = $gg_db_debug;
16 $rg_sql_debug = $rg_db_debug;
17 17
18 18 function fatal($str) function fatal($str)
19 19 { {
20 20 global $access_type; global $access_type;
21 21
22 xlog("Sending error: " . $str);
22 rg_log("Sending error: " . $str);
23 23 $str2 = "FATAL ERROR: " . $str . "\n"; $str2 = "FATAL ERROR: " . $str . "\n";
24 if ($access_type == 2) { //git
24 if ($access_type == 2) { // git
25 25 $str3 = "\n" . $str2; $str3 = "\n" . $str2;
26 26 $len = strlen($str3) + 4; $len = strlen($str3) + 4;
27 27 $str4 = sprintf("%04x", $len) . $str3; $str4 = sprintf("%04x", $len) . $str3;
 
... ... function fatal($str)
32 32 exit(1); exit(1);
33 33 } }
34 34
35 xlog("Start: euid=" . posix_geteuid() . "...");
36 //xlog("_SERVER: " . print_r($_SERVER, TRUE));
35 rg_log("Start: euid=" . posix_geteuid() . "...");
36 //rg_log("_SERVER: " . print_r($_SERVER, TRUE));
37 37
38 38 umask(0022); umask(0022);
39 39
40 40 if (isset($_SERVER['SSH_CONNECTION'])) { if (isset($_SERVER['SSH_CONNECTION'])) {
41 xlog("SSH connection: " . @$_SERVER['SSH_CONNECTION']);
41 rg_log("SSH connection: " . @$_SERVER['SSH_CONNECTION']);
42 42 $access_type = 1; $access_type = 1;
43 43
44 44 // we do not have host info // we do not have host info
 
... ... if (isset($_SERVER['SSH_CONNECTION'])) {
48 48 $uid = @$_SERVER['argv'][1]; $uid = @$_SERVER['argv'][1];
49 49 if (empty($uid)) if (empty($uid))
50 50 fatal("uid not provided!"); fatal("uid not provided!");
51 xlog("\tuid is $uid.");
51 rg_log("\tuid is $uid.");
52 52
53 53 $cmd_repo = trim(@$_SERVER['SSH_ORIGINAL_COMMAND']); $cmd_repo = trim(@$_SERVER['SSH_ORIGINAL_COMMAND']);
54 54 if (empty($cmd_repo)) if (empty($cmd_repo))
55 55 fatal("No SSH_ORIGINAL_COMMAND provided!"); fatal("No SSH_ORIGINAL_COMMAND provided!");
56 56 } else { } else {
57 xlog("git-daemon connection...");
57 rg_log("git-daemon connection...");
58 58 $access_type = 2; $access_type = 2;
59 59
60 60 // we have no client info // we have no client info
 
... ... $repo = trim($repo, "' ");
99 99 $repo = ltrim($repo, "/"); $repo = ltrim($repo, "/");
100 100 $repo = preg_replace('/\.git$/' , '', $repo); $repo = preg_replace('/\.git$/' , '', $repo);
101 101
102 xlog("host=[$host] cmd=[$cmd] repo=[$repo] perms=[$perms].");
102 rg_log("host=[$host] cmd=[$cmd] repo=[$repo] perms=[$perms].");
103 103
104 104 // validity/security checks // validity/security checks
105 105 if (empty($repo)) if (empty($repo))
 
... ... if (preg_match('/\.\./', $repo))
109 109 if (preg_match('/\//', $repo)) if (preg_match('/\//', $repo))
110 110 fatal("Repo must not contain [/]!"); fatal("Repo must not contain [/]!");
111 111
112 $db = sql_open($gg_db);
112 $db = rg_sql_open($rg_db);
113 113 if ($db === FALSE) if ($db === FALSE)
114 114 fatal("Internal error (db)!"); fatal("Internal error (db)!");
115 115
116 116 // load info about the repository // load info about the repository
117 $ri = repo_info($db, 0, $repo);
117 $ri = rg_repo_info($db, 0, $repo);
118 118 if ($ri['ok'] != 1) if ($ri['ok'] != 1)
119 119 fatal("Temporary error!"); fatal("Temporary error!");
120 120 if ($ri['exists'] != 1) if ($ri['exists'] != 1)
 
... ... if ($ri['exists'] != 1)
122 122 if ($ri['deleted'] == 1) if ($ri['deleted'] == 1)
123 123 fatal("Repo was deleted!"); fatal("Repo was deleted!");
124 124
125 if (!repo_allow($db, $ri, $uid, $perms))
125 if (!rg_repo_allow($db, $ri, $uid, $perms))
126 126 fatal("You do not have this type of access to this repository!"); fatal("You do not have this type of access to this repository!");
127 127
128 128 // TODO: limit per connection // TODO: limit per connection
129 129
130 130 // TODO: limit time and/or cpu // TODO: limit time and/or cpu
131 131
132 $repo_base = repo_id2base($ri['repo_id']);
132 $repo_base = rg_repo_id2base($ri['repo_id']);
133 133 $repo_path = $repo_base . $repo . ".git"; $repo_path = $repo_base . $repo . ".git";
134 xlog("repo_path=$repo_path.");
134 rg_log("repo_path=$repo_path.");
135 135
136 136 $run = "git-shell -c \"" . $cmd . " '" . escapeshellcmd($repo_path) . "'\""; $run = "git-shell -c \"" . $cmd . " '" . escapeshellcmd($repo_path) . "'\"";
137 xlog("Running [$run]...");
137 rg_log("Running [$run]...");
138 138 passthru($run, $ret); passthru($run, $ret);
139 xlog("[$run] returned $ret.");
139 rg_log("[$run] returned $ret.");
140 140
141 141 $diff = sprintf("%u", (microtime(TRUE) - $_start) * 1000); $diff = sprintf("%u", (microtime(TRUE) - $_start) * 1000);
142 xlog("Took " . $diff . "ms.");
142 rg_log("Took " . $diff . "ms.");
143 143
144 @file_put_contents($repo_path . "/gg/last_access",
144 @file_put_contents($repo_path . "/rg/last_access",
145 145 "repo: " . $repo . " ($repo_path)" "repo: " . $repo . " ($repo_path)"
146 146 . "\nat: " . sprintf("%u", $_start) . "\nat: " . sprintf("%u", $_start)
147 147 . "\nuid: " . $uid . "\nuid: " . $uid
 
... ... xlog("Took " . $diff . "ms.");
151 151
152 152 // Mark repository dirty for disk statistics and other stuff // Mark repository dirty for disk statistics and other stuff
153 153 if (strcmp($cmd, "git-receive-pack") == 0) if (strcmp($cmd, "git-receive-pack") == 0)
154 @file_put_contents($gg_path . "/dirty", "");
154 @file_put_contents($rg_path . "/dirty", "");
155 155 ?> ?>
File tests/Makefile changed (mode: 100644) (index 7b3aaa8..bd9be3b)
1 .PHONY: test
2 test:
1 tests := util db keys repo
2 .PHONY: $(tests)
3
4 all: $(tests)
5
6 util:
3 7 php util.php php util.php
8
9 db:
4 10 php db.php php db.php
11
12 keys:
5 13 php keys.php php keys.php
14
15 repo:
6 16 php repo.php php repo.php
File tests/db.php changed (mode: 100644) (index 0ab593c..6f060e6)
... ... require_once($INC . "/db.inc.php");
6 6
7 7 @unlink("test.sqlite"); @unlink("test.sqlite");
8 8
9 $db = sql_open("sqlite:test.sqlite");
9 $db = rg_sql_open("sqlite:test.sqlite");
10 10 if ($db === FALSE) { if ($db === FALSE) {
11 echo "Cannot create a database (" . sql_error() . ")!";
11 echo "Cannot create a database (" . rg_sql_error() . ")!";
12 12 exit(1); exit(1);
13 13 } }
14 14
15 15 // test creation // test creation
16 16 $sql = "CREATE TABLE test (id TEXT PRIMARY KEY)"; $sql = "CREATE TABLE test (id TEXT PRIMARY KEY)";
17 $res = sql_query($db, $sql);
17 $res = rg_sql_query($db, $sql);
18 18 if ($res === FALSE) { if ($res === FALSE) {
19 19 echo "Cannot create table!"; echo "Cannot create table!";
20 20 exit(1); exit(1);
 
... ... if ($res === FALSE) {
22 22
23 23 // test insert // test insert
24 24 $sql = "INSERT INTO test (id) VALUES ('aaa')"; $sql = "INSERT INTO test (id) VALUES ('aaa')";
25 $res = sql_query($db, $sql);
25 $res = rg_sql_query($db, $sql);
26 26 if ($res === FALSE) { if ($res === FALSE) {
27 27 echo "Cannot insert!"; echo "Cannot insert!";
28 28 exit(1); exit(1);
 
... ... if ($res === FALSE) {
30 30
31 31 // test insert with the same key // test insert with the same key
32 32 $sql = "INSERT INTO test (id) VALUES ('aaa')"; $sql = "INSERT INTO test (id) VALUES ('aaa')";
33 $res = @sql_query($db, $sql);
33 $res = @rg_sql_query($db, $sql);
34 34 if ($res !== FALSE) { if ($res !== FALSE) {
35 35 echo "I can do double insert!"; echo "I can do double insert!";
36 36 exit(1); exit(1);
 
... ... if ($res !== FALSE) {
38 38
39 39 // test delete // test delete
40 40 $sql = "DELETE FROM test WHERE id = 'aaa'"; $sql = "DELETE FROM test WHERE id = 'aaa'";
41 $res = sql_query($db, $sql);
41 $res = rg_sql_query($db, $sql);
42 42 if ($res === FALSE) { if ($res === FALSE) {
43 43 echo "Cannot delete!"; echo "Cannot delete!";
44 44 exit(1); exit(1);
45 45 } }
46 46
47 sql_close($db);
47 rg_sql_close($db);
48 48
49 49 @unlink("test.sqlite"); @unlink("test.sqlite");
50 50
51 echo "OK!\n";
51 52 ?> ?>
File tests/keys.php changed (mode: 100644) (index d5e9cee..ec7d3db)
... ... require_once($INC . "/db/struct.inc.php");
7 7
8 8 @unlink("keys.sqlite"); @unlink("keys.sqlite");
9 9
10 $db = sql_open("sqlite:keys.sqlite");
10 $db = rg_sql_open("sqlite:keys.sqlite");
11 11 if ($db === FALSE) { if ($db === FALSE) {
12 echo "Cannot create a database (" . sql_error() . ")!";
12 echo "Cannot create a database (" . rg_sql_error() . ")!";
13 13 exit(1); exit(1);
14 14 } }
15 15
16 16 // state table // state table
17 $r = gg_db_struct_run($db, FALSE);
17 $r = rg_db_struct_run($db, FALSE);
18 18 if ($r === FALSE) { if ($r === FALSE) {
19 19 echo "Cannot create tables!"; echo "Cannot create tables!";
20 20 exit(1); exit(1);
21 21 } }
22 22
23 23 // insert a key // insert a key
24 $uid = 1;
25 $key = "aaa'bbb'ccc";
26 $key_id = keys_add($db, $uid, $key);
24 $rg_ui = array("uid" => 1, "is_admin" => 0);
25 $key = "aaa 'bbb' ccc";
26 $key_id = rg_keys_add($db, $rg_ui, $key);
27 27 if ($key_id === FALSE) { if ($key_id === FALSE) {
28 echo "Cannot add key!";
28 echo "Cannot add key (" . rg_keys_error() . ")!\n";
29 29 exit(1); exit(1);
30 30 } }
31 31
32 32 // delete a key // delete a key
33 $uid = 1;
34 $key = "aaa'bbb'ccc";
35 $r = keys_remove($db, $uid, $key_id);
33 $rg_ui = array("uid" => 1, "is_admin" => 0);
34 $r = rg_keys_remove($db, $rg_ui, $key_id);
36 35 if ($r === FALSE) { if ($r === FALSE) {
37 36 echo "Cannot remove key (" . keys_error() . ")!"; echo "Cannot remove key (" . keys_error() . ")!";
38 37 exit(1); exit(1);
39 38 } }
40 39
41 40 // test key file generation // test key file generation
42 $gg_keys_file = "afile.txt";
43 $r = keys_regen($db);
41 $rg_keys_file = "afile.txt";
42 $r = rg_keys_regen($db);
44 43 if ($r === FALSE) { if ($r === FALSE) {
45 44 echo "Cannot regenerate keys (" . keys_error() . ")!"; echo "Cannot regenerate keys (" . keys_error() . ")!";
46 45 exit(1); exit(1);
47 46 } }
48 47 @unlink("afile.txt"); @unlink("afile.txt");
49 48
50 sql_close($db);
49 rg_sql_close($db);
51 50
52 51 @unlink("keys.sqlite"); @unlink("keys.sqlite");
53 52
53 echo "OK\n";
54 54 ?> ?>
File tests/repo.php changed (mode: 100644) (index 882e6ec..43b75be)
... ... $INC = "../inc";
5 5 require_once($INC . "/repo.inc.php"); require_once($INC . "/repo.inc.php");
6 6 require_once($INC . "/db/struct.inc.php"); require_once($INC . "/db/struct.inc.php");
7 7
8 xlog_set_file(__FILE__ . ".log");
8 rg_log_set_file(__FILE__ . ".log");
9 9
10 10 @unlink("repo.sqlite"); @unlink("repo.sqlite");
11 11
12 $db = sql_open("sqlite:repo.sqlite");
12 $db = rg_sql_open("sqlite:repo.sqlite");
13 13 if ($db === FALSE) { if ($db === FALSE) {
14 echo "Cannot create a database (" . sql_error() . ")!\n";
14 echo "Cannot create a database (" . rg_sql_error() . ")!\n";
15 15 exit(1); exit(1);
16 16 } }
17 17
18 $r = gg_db_struct_run($db, FALSE);
18 $r = rg_db_struct_run($db, FALSE);
19 19 if ($r === FALSE) { if ($r === FALSE) {
20 20 echo "Cannot create struct!\n"; echo "Cannot create struct!\n";
21 21 exit(1); exit(1);
 
... ... $sql = "INSERT INTO repos (repo_id, name, uid, itime"
25 25 . ", disk_quota_mb, max_commit_size" . ", disk_quota_mb, max_commit_size"
26 26 . ", master, desc, git_dir_done, default_rights)" . ", master, desc, git_dir_done, default_rights)"
27 27 . " VALUES (1, 'repo1', 1, 0, 0, 0, 0, 'bla bla desc', 1, '')"; . " VALUES (1, 'repo1', 1, 0, 0, 0, 0, 'bla bla desc', 1, '')";
28 $res = sql_query($db, $sql);
28 $res = rg_sql_query($db, $sql);
29 29 if ($res === FALSE) { if ($res === FALSE) {
30 30 echo "Cannot insert a user!\n"; echo "Cannot insert a user!\n";
31 31 exit(1); exit(1);
32 32 } }
33 33
34 34 $repo_id = 1; $repo_id = 1;
35 $ri = repo_info($db, $repo_id, "");
35 $ri = rg_repo_info($db, $repo_id, "");
36 36 $uid = 10; $uid = 10;
37 $v = gg_repo_rights_set($db, $ri, $uid, "F");
37 $v = rg_repo_rights_set($db, $ri, $uid, "F");
38 38 if ($v === FALSE) { if ($v === FALSE) {
39 39 echo "Cannot give rights (1)!\n"; echo "Cannot give rights (1)!\n";
40 40 exit(1); exit(1);
41 41 } }
42 42
43 @unlink("repo.sqlite");
44
43 45 $a = "AF"; $b = "AD"; $e = "AFD"; $a = "AF"; $b = "AD"; $e = "AFD";
44 $r = gg_repo_rights_combine($a, $b);
46 $r = rg_repo_rights_combine($a, $b);
45 47 if (strcmp($r, $e) != 0) { if (strcmp($r, $e) != 0) {
46 48 echo "Combine rights error1 ([$r] vs [$e])\n"; echo "Combine rights error1 ([$r] vs [$e])\n";
47 49 exit(1); exit(1);
48 50 } }
49 51
50 52 $a = ""; $b = ""; $e = ""; $a = ""; $b = ""; $e = "";
51 $r = gg_repo_rights_combine($a, $b);
53 $r = rg_repo_rights_combine($a, $b);
52 54 if (strcmp($r, $e) != 0) { if (strcmp($r, $e) != 0) {
53 55 echo "Combine rights error1 ([$r] vs [$e])\n"; echo "Combine rights error1 ([$r] vs [$e])\n";
54 56 exit(1); exit(1);
55 57 } }
56 58
57 59 $a = "AXUJUNFUUFU"; $b = ""; $e = $a; $a = "AXUJUNFUUFU"; $b = ""; $e = $a;
58 $r = gg_repo_rights_combine($a, $b);
60 $r = rg_repo_rights_combine($a, $b);
59 61 if (strcmp($r, $e) != 0) { if (strcmp($r, $e) != 0) {
60 62 echo "Combine rights error1 ([$r] vs [$e])\n"; echo "Combine rights error1 ([$r] vs [$e])\n";
61 63 exit(1); exit(1);
62 64 } }
63 65
64 @unlink("repo.sqlite");
66 // test if repo_allow works correctly
67 $rg_repo_allow = '/^[^A-Za-z0-9]*$/';
68 $v = "eyhtmcmet_";
69 $c = rg_repo_ok($v);
70 if ($c !== FALSE) {
71 echo "repo_allow problem for '_' ($c).\n";
72 exit(1);
73 }
74
75 $rg_repo_allow = '/^[^A-Za-z0-9_.-]*$/';
76 $v = ".e&y.h-tmcmet&_.-";
77 $c = rg_repo_ok($v);
78 if ($c !== FALSE) {
79 echo "repo_allow problem for '&'.\n";
80 exit(1);
81 }
82
83 // check if we allow '..'
84 $rg_repo_allow = '/^[^A-Za-z0-9_.-]*$/';
85 $v = "a..b";
86 $c = rg_repo_ok($v);
87 if ($c !== FALSE) {
88 echo "repo_allow problem for '..'.\n";
89 exit(1);
90 }
91
92 // check len
93 $v = "0123456789A";
94 $rg_repo_allow = '/^[^A-Za-z0-9]*$/';
95 $rg_repo_max_len = 10;
96 $c = rg_repo_ok($v);
97 if ($c !== FALSE) {
98 echo "repo_ok: max length is not enforced!\n";
99 exit(1);
100 }
101
102 echo "OK\n";
65 103 ?> ?>
File tests/user.php changed (mode: 100644) (index ce01c95..da193d8)
... ... require_once($INC . "/db/struct.inc.php");
7 7
8 8 @unlink("user.sqlite"); @unlink("user.sqlite");
9 9
10 $db = sql_open("sqlite:user.sqlite");
10 $db = rg_sql_open("sqlite:user.sqlite");
11 11 if ($db === FALSE) { if ($db === FALSE) {
12 echo "Cannot create a database (" . sql_error() . ")!";
12 echo "Cannot create a database (" . rg_sql_error() . ")!";
13 13 exit(1); exit(1);
14 14 } }
15 15
16 $r = gg_db_struct_run($db, FALSE);
16 $r = rg_db_struct_run($db, FALSE);
17 17 if ($r === FALSE) { if ($r === FALSE) {
18 18 echo "Cannot create structure!"; echo "Cannot create structure!";
19 19 exit(1); exit(1);
20 20 } }
21 21
22 $sql = "INSERT INTO users VALUES ('gg@localhost', '', 0)";
23 $res = sql_query($db, $sql);
22 $sql = "INSERT INTO users VALUES ('rg@localhost', '', 0)";
23 $res = rg_sql_query($db, $sql);
24 24 if ($res === FALSE) { if ($res === FALSE) {
25 25 echo "Cannot insert a user!"; echo "Cannot insert a user!";
26 26 exit(1); exit(1);
27 27 } }
28 28
29 $v = user_forgot_pass_mail($db, "gg@localhost");
29 $v = rg_user_forgot_pass_mail($db, "rg@localhost");
30 30 if ($v === FALSE) { if ($v === FALSE) {
31 31 echo "Error: " . user_error() . "!\n"; echo "Error: " . user_error() . "!\n";
32 32 exit(1); exit(1);
33 33 } }
34 34
35 35 @unlink("user.sqlite"); @unlink("user.sqlite");
36
37 echo "OK\n";
36 38 ?> ?>
File tests/util.php changed (mode: 100644) (index bbbbba8..070f43a)
... ... error_reporting(E_ALL | E_STRICT);
4 4 $INC = "../inc"; $INC = "../inc";
5 5 require_once($INC . "/util.inc.php"); require_once($INC . "/util.inc.php");
6 6
7 $id = gg_id(16);
7 $id = rg_id(16);
8 8 if (strlen($id) != 16) { if (strlen($id) != 16) {
9 9 echo "Cannot generate an id!\n"; echo "Cannot generate an id!\n";
10 10 exit(1); exit(1);
11 11 } }
12
13 echo "OK\n";
12 14 ?> ?>
Hints

Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master