xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
Clone URLs: https://code.reversed.top/user/xaizek/rocketgit ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit
v0.0 v0.1 v0.10 v0.11 v0.12 v0.13 v0.14 v0.15 v0.17 v0.18 v0.19 v0.2 v0.20 v0.21 v0.22 v0.23 v0.24 v0.25 v0.27 v0.28 v0.29 v0.31 v0.32 v0.33 v0.34 v0.35 v0.36 v0.38 v0.39 v0.40 v0.41 v0.42 v0.43 v0.44 v0.45 v0.46 v0.47 v0.48 v0.49 v0.50 v0.51 v0.52 v0.53 v0.54 v0.55 v0.56 v0.57 v0.58 v0.60 v0.61 v0.62 v0.63 v0.64 v0.65 v0.66 v0.67 v0.68 v0.69 v0.70 local master
Commit 0d841811babba24b643404169b645379377a92f9

Another round of fixes.
Author: Catalin(ux) M. BOIE
Author date (UTC): 2011-05-03 03:29
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2011-05-03 03:29
Parent(s): 31a2d477a86a3a408c44720bb8c8e280fc4894d2
Signing key:
Tree: 1bcea2273176b80756cb28a77f32bc45ce9f92b1
File Lines added Lines deleted
.gitignore 2 0
TODO 9 2
admin/sql.php 4 4
artwork/rocketgit v1.svg 2 2
inc/admin/admin.php 8 6
inc/admin/repos/repos.php 3 3
inc/admin/users/add.form.php 1 1
inc/admin/users/add.php 8 8
inc/admin/users/users.php 3 3
inc/bye/bye.php 8 0
inc/db.inc.php 25 25
inc/db/struct.inc.php 10 9
inc/dispatch/dispatch.php 63 0
inc/git.inc.php 33 31
inc/home/home.php 9 0
inc/keys.inc.php 75 52
inc/keys/add.form.php 1 1
inc/keys/keys.php 18 17
inc/log.inc.php 36 0
inc/login/login.form.php 3 3
inc/login/login.php 21 10
inc/repo.inc.php 178 149
inc/repo/repo.form.php 2 2
inc/repo/repo.php 20 19
inc/repo/repo_page.php 98 44
inc/repo/rights.form.php 3 3
inc/repo/search.form.php 1 1
inc/sess.inc.php 33 32
inc/state.inc.php 10 10
inc/user.inc.php 169 116
inc/user/forgot.form.php 2 2
inc/user/forgot.php 6 4
inc/user/forgot_mail.php 2 2
inc/util.inc.php 63 7
inc/xlog.inc.php 0 36
root/index.php 53 85
samples/config.php 19 7
samples/cron 2 2
samples/rg 2 2
samples/rg.conf 49 0
scripts/cron.php 23 23
scripts/q.php 28 28
scripts/ssh.php 21 21
tests/Makefile 12 2
tests/db.php 8 7
tests/keys.php 13 13
tests/repo.php 49 11
tests/user.php 8 6
tests/util.php 3 1
File .gitignore added (mode: 100644) (index 0000000..cfce1ad)
1 *.log
2
File TODO changed (mode: 100644) (index a195890..61e6efc)
4 4 [ ] Validate user names. [ ] Validate user names.
5 5 [ ] XSS protection for every cell. [ ] XSS protection for every cell.
6 6 [ ] You cannot admin rights of a repository if is not yours. [ ] You cannot admin rights of a repository if is not yours.
7 [ ] In Admin section we must check if the user has access!
7 8 [ ] [ ]
8 9
9 10 == Low priority == == Low priority ==
11 [ ] We should make a repo dirty ony if user pushed something with success.
12 [ ] <link rel="icon" type="image/png" id="favicon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8%2F9hAAAACGFjVEwAAAASAAAAAJNtBPIAAAAaZmNUTAAAAAAAAAAQAAAAEAAAAAAAAAAALuAD6AABhIDeugAAALhJREFUOI2Nk8sNxCAMRDlGohauXFOMpfTiAlxICqAELltHLqlgctg1InzMRhpFAc%2BLGWTnmoeZYamt78zXdZmaQtQMADlnU0OIAlbmJUBEcO4bRKQY2rUXIPmAGnDuG%2FBx3%2FfvOPVaDUg%2BoAPUf1PArIMCSD5glMEsUGaG%2BkyAFWIBaCsKuA%2BHGCNijLgP133XgOEtaPFMy2vUolEGJoCIzBmoRUR9%2B7rxj16DZaW%2FmgtmxnJ8V3oAnApQwNS5zpcAAAAaZmNUTAAAAAEAAAAQAAAAEAAAAAAAAAAAAB4D6AIB52fclgAAACpmZEFUAAAAAjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9WF%2Bu8QAAABpmY1RMAAAAAwAAABAAAAAQAAAAAAAAAAAAHgPoAgEK8Q9%2FAAAAFmZkQVQAAAAEOI1jYBgFo2AUjAIIAAAEEAAB0xIn4wAAABpmY1RMAAAABQAAABAAAAAQAAAAAAAAAAAAHgPoAgHnO30FAAAAQGZkQVQAAAAGOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVfozYcAAAABpmY1RMAAAABwAAABAAAAAQAAAAAAAAAAAAHgPoAgEKra7sAAAAFmZkQVQAAAAIOI1jYBgFo2AUjAIIAAAEEAABM9s3hAAAABpmY1RMAAAACQAAABAAAAAQAAAAAAAAAAAAHgPoAgHn3p%2BwAAAAKmZkQVQAAAAKOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F1BhPl6AAAAGmZjVEwAAAALAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQpITFkAAAAWZmRBVAAAAAw4jWNrgAWjYBSMArgAAAQQAAHaszpmAAAAGmZjVEwAAAANAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeeCPiMAAABAZmRBVAAAAA44jWNrgJ5gpxrDf2LEcIL%2FpzAVYxPDavP%2FUwz%2FpW79%2F%2F%2F%2FFMP%2FnWoQjC5GOxcgu4QYsVEwCmAAAOE0KxUmBL0KAAAAGmZjVEwAAAAPAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQoU7coAAAAWZmRBVAAAABA4jWNrgAWjYBSMArgAAAQQAAEpOBELAAAAGmZjVEwAAAARAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeYVWtoAAAAqZmRBVAAAABI4jWNrgAVYQXNz839ixHBq3qnG8B9ZAzYx2rlgFIwCcgAA8psX%2FWvpAecAAAAaZmNUTAAAABMAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC4OJMwAAABZmZEFUAAAAFDiNY2AYBaNgFIwCCAAABBAAAcBQHOkAAAAaZmNUTAAAABUAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5kn7SQAAAEBmZEFUAAAAFjiNY2AYnmCnGsN%2FYsRwgv%2BnMBVjE8Nq8%2F9TDP%2Blbv3%2F%2F%2F8Uw%2F%2BdahCMLkY7FyC7hBixUTAKYAAA4TQrFc%2BcEoQAAAAaZmNUTAAAABcAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC98ooAAAABZmZEFUAAAAGDiNY2AYBaNgFIwCCAAABBAAASCZDI4AAAAaZmNUTAAAABkAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5qwZ%2FAAAACpmZEFUAAAAGjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9cjJWbAAAABpmY1RMAAAAGwAAABAAAAAQAAAAAAAAAAAAHgPoAgELOsoVAAAAFmZkQVQAAAAcOI1jYBgFo2AUjAIIAAAEEAAByfEBbAAAABpmY1RMAAAAHQAAABAAAAAQAAAAAAAAAAAAHgPoAgHm8LhvAAAAQGZkQVQAAAAeOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVlxR3%2FgAAABpmY1RMAAAAHwAAABAAAAAQAAAAAAAAAAAAHgPoAgELZmuGAAAAFmZkQVQAAAAgOI1jYBgFo2AUjAIIAAAEEAABHP5cFQAAABpmY1RMAAAAIQAAABAAAAAQAAAAAAAAAAAAHgPoAgHlgtAOAAAAKmZkQVQAAAAiOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F0%2FMvDdAAAAAElFTkSuQmCC"/>
13 [ ] Add key form may be joined with list keys command!
10 14 [ ] Allow to recover a deleted repository. [ ] Allow to recover a deleted repository.
11 15 [ ] Deny access in all functions to deleted repositories. [ ] Deny access in all functions to deleted repositories.
12 16 [ ] Count the numbers of clones/pushes/pulls. [ ] Count the numbers of clones/pushes/pulls.
 
34 38 [ ] Timeout for connections (ssh/git-daemon/etc.)! [ ] Timeout for connections (ssh/git-daemon/etc.)!
35 39 [ ] Check if we have to respect 4HEXA also on SSH. I think not. [ ] Check if we have to respect 4HEXA also on SSH. I think not.
36 40 [ ] Limit number of simultaneously connection per repo and per user. Maybe also the time! [ ] Limit number of simultaneously connection per repo and per user. Maybe also the time!
37 [ ] Add /var/run/gg to spec file, to be created at instalation.
41 [ ] Add /var/run/rg to spec file, to be created at instalation.
38 42 [ ] We should add a dependency on php-process? [ ] We should add a dependency on php-process?
39 [ ] Make everywhere present a "Make a suggestion" area.
43 [ ] Make everywhere present a "Make a surgestion" area.
44 [ ] On rocketgit website, add "Feedback" area.
45 [ ] Do not forget to pack /etc/httpd/conf.d/rg.conf.
46 [ ] Allow multipl virtual hosts, with different configurations.
40 47 [ ] [ ]
File admin/sql.php changed (mode: 100644) (index 31f33cb..96db998)
1 1 <?php <?php
2 2 error_reporting(E_ALL); error_reporting(E_ALL);
3 3
4 require_once("/etc/gg/config.php");
4 require_once("/etc/rg/config.php");
5 5
6 6 $INC = dirname(__FILE__) . "/../inc"; $INC = dirname(__FILE__) . "/../inc";
7 require_once($INC . "/xlog.inc.php");
7 require_once($INC . "/log.inc.php");
8 8 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
9 9 require_once($INC . "/db/struct.inc.php"); require_once($INC . "/db/struct.inc.php");
10 10 require_once($INC . "/repo.inc.php"); require_once($INC . "/repo.inc.php");
11 11
12 $db = sql_open($gg_db);
12 $db = rg_sql_open($rg_db);
13 13 if ($db === FALSE) if ($db === FALSE)
14 14 fatal("Internal error (db)!"); fatal("Internal error (db)!");
15 15
16 gg_db_struct_run($db, TRUE);
16 rg_db_struct_run($db, TRUE);
17 17
18 18 echo "Done!\n"; echo "Done!\n";
19 19 ?> ?>
File artwork/rocketgit v1.svg changed (mode: 100644) (index c25dfd6..f8c426a)
57 57 id="path3786" id="path3786"
58 58 inkscape:connector-curvature="0" inkscape:connector-curvature="0"
59 59 sodipodi:nodetypes="cccccccccccccccc" sodipodi:nodetypes="cccccccccccccccc"
60 inkscape:export-filename="/home/catab/Desktop/gg/text2995.png"
60 inkscape:export-filename="/home/catab/Desktop/rg/text2995.png"
61 61 inkscape:export-xdpi="90" inkscape:export-xdpi="90"
62 62 inkscape:export-ydpi="90" /> inkscape:export-ydpi="90" />
63 63 <path <path
 
66 66 id="path2993" id="path2993"
67 67 inkscape:connector-curvature="0" inkscape:connector-curvature="0"
68 68 sodipodi:nodetypes="ccccccccc" sodipodi:nodetypes="ccccccccc"
69 inkscape:export-filename="/home/catab/Desktop/gg/text2995.png"
69 inkscape:export-filename="/home/catab/Desktop/rg/text2995.png"
70 70 inkscape:export-xdpi="90" inkscape:export-xdpi="90"
71 71 inkscape:export-ydpi="90" /> inkscape:export-ydpi="90" />
72 72 <text <text
File inc/admin/admin.php changed (mode: 100644) (index 9e60be1..d4b0c70)
1 1 <?php <?php
2 xlog("/inc/admin");
2 rg_log("/inc/admin");
3 3
4 if ($gg_ui['is_admin'] != 1) {
5 $_admin = "You do not have access here!";
4 $_admin = "";
5
6 if ($rg_ui['is_admin'] != 1) {
7 $_admin .= "You do not have access here!";
6 8 return; return;
7 9 } }
8 10
9 $subop = @intval($_REQUEST['subop']);
10 11
11 12 // menu // menu
12 $_admin_url = $_SERVER['PHP_SELF'] . "?op=$op";
13 $_admin_url = rg_re_url($op);
13 14 $_admin_menu = ""; $_admin_menu = "";
14 15 $_admin_menu .= "[<a href=\"$_admin_url&amp;subop=1\">Users</a>]"; $_admin_menu .= "[<a href=\"$_admin_url&amp;subop=1\">Users</a>]";
15 16 $_admin_menu .= "&nbsp;[<a href=\"$_admin_url&amp;subop=2\">Repos</a>]"; $_admin_menu .= "&nbsp;[<a href=\"$_admin_url&amp;subop=2\">Repos</a>]";
16 17 $_admin_menu .= "<br />\n"; $_admin_menu .= "<br />\n";
17 18
19
18 20 $_admin_body = ""; $_admin_body = "";
19 21
20 22 switch ($subop) { switch ($subop) {
 
... ... case 2: // repos
29 31 break; break;
30 32 } }
31 33
32 $_admin = $_admin_menu . $_admin_body;
34 $_admin .= $_admin_menu . $_admin_body;
33 35 ?> ?>
File inc/admin/repos/repos.php changed (mode: 100644) (index 23d21f7..980e841)
1 1 <?php <?php
2 xlog("/admin/repos");
2 rg_log("/admin/repos");
3 3
4 $subsubop = @intval($_REQUEST['subsubop']);
5 4
6 5 // menu // menu
7 6 $_admin_repos_url = $_admin_url . "&amp;subop=$subop"; $_admin_repos_url = $_admin_url . "&amp;subop=$subop";
 
... ... $_admin_repos_menu .= "[<a href=\"$_admin_repos_url&amp;subsubop=1\">List</a>]";
11 10 $_admin_repos_menu .= "<br />\n"; $_admin_repos_menu .= "<br />\n";
12 11 $_admin_repos_menu .= "<br />\n"; $_admin_repos_menu .= "<br />\n";
13 12
13
14 14 $_admin_repos_body = ""; $_admin_repos_body = "";
15 15
16 16 switch ($subsubop) { switch ($subsubop) {
17 17 case 1: // list case 1: // list
18 18 $_uid = 0; $_uid = 0;
19 $_admin_repos_body .= repo_list($db, $_admin_repos_url . "&amp;subsubop=$subsubop", $_uid);
19 $_admin_repos_body .= rg_repo_list($db, $_admin_repos_url . "&amp;subsubop=$subsubop", $_uid);
20 20 break; break;
21 21 } }
22 22
File inc/admin/users/add.form.php changed (mode: 100644) (index e42bdc2..d74db8f)
1 1 <?php <?php
2 2
3 3 $_form = ' $_form = '
4 <form type="post" action="' . $_SERVER['PHP_SELF'] . '">
4 <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
5 5 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
6 6 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
7 7 <input type="hidden" name="subsubop" value="' . $subsubop . '"> <input type="hidden" name="subsubop" value="' . $subsubop . '">
File inc/admin/users/add.php changed (mode: 100644) (index 38d55a2..1bad4b9)
1 1 <?php <?php
2 xlog("/admin/users/add");
2 rg_log("/admin/users/add");
3 3
4 4 $_user_add = ""; $_user_add = "";
5 5
6 6 if ($doit == 1) { if ($doit == 1) {
7 $xuser = @$_REQUEST['xuser'];
8 $email = @$_REQUEST['email'];
9 $xpass = @$_REQUEST['xpass'];
10 $is_admin = @intval($_REQUEST['is_admin']);
7 $xuser = rg_var_str("xuser");
8 $email = rg_var_str("email");
9 $xpass = rg_var_str("xpass");
10 $is_admin = rg_var_uint("is_admin");
11 11
12 $_ui = user_info($db, 0, $xuser, "");
12 $_ui = rg_user_info($db, 0, $xuser, "");
13 13 if ($_ui['ok'] == 0) { if ($_ui['ok'] == 0) {
14 14 $_user_add .= "Error: Internal error!"; $_user_add .= "Error: Internal error!";
15 15 } else if ($_ui['exists'] == 0) { } else if ($_ui['exists'] == 0) {
16 if (user_add($db, $xuser, $xpass, $email, $is_admin)) {
16 if (rg_user_add($db, $xuser, $xpass, $email, $is_admin)) {
17 17 $_user_add .= "OK!<br />"; $_user_add .= "OK!<br />";
18 18 } }
19 19 } else { } else {
20 xlog("User already in use!");
20 rg_log("User already in use!");
21 21 $_user_add .= "Error: User already taken!"; $_user_add .= "Error: User already taken!";
22 22 } }
23 23 } else { } else {
File inc/admin/users/users.php changed (mode: 100644) (index c45c3ba..23e12c3)
1 1 <?php <?php
2 xlog("/inc/admin/users");
2 rg_log("/inc/admin/users");
3 3
4 $subsubop = @intval($_REQUEST['subsubop']);
5 4
6 5 // menu // menu
7 6 $_admin_users_url = $_admin_url . "&amp;subop=$subop"; $_admin_users_url = $_admin_url . "&amp;subop=$subop";
 
... ... $_admin_users_menu .= "&nbsp;[<a href=\"$_admin_users_url&amp;subsubop=2\">Add</
11 10 $_admin_users_menu .= "<br />\n"; $_admin_users_menu .= "<br />\n";
12 11 $_admin_users_menu .= "<br />\n"; $_admin_users_menu .= "<br />\n";
13 12
13
14 14 $_admin_users_body = ""; $_admin_users_body = "";
15 15
16 16 switch ($subsubop) { switch ($subsubop) {
17 17 case 1: // list case 1: // list
18 $_admin_users_body .= user_list($db, $_admin_users_url . "&amp;subsubop=$subsubop");
18 $_admin_users_body .= rg_user_list($db, $_admin_users_url . "&amp;subsubop=$subsubop");
19 19 break; break;
20 20
21 21 case 2: //add case 2: //add
File inc/bye/bye.php added (mode: 100644) (index 0000000..a028bc8)
1 <?php
2 rg_log("/inc/bye/bye.php");
3
4 $_bye = "";
5
6 $_bye .= "Bye!";
7
8 ?>
File inc/db.inc.php changed (mode: 100644) (index f3d5de1..510a17a)
1 1 <?php <?php
2 require_once($INC . "/xlog.inc.php");
2 require_once($INC . "/log.inc.php");
3 3
4 $sql_debug = 0;
4 $rg_sql_debug = 0;
5 5
6 $sql_error = "";
6 $rg_sql_error = "";
7 7
8 8 /* /*
9 9 * Set error string * Set error string
10 10 */ */
11 function sql_set_error($str)
11 function rg_sql_set_error($str)
12 12 { {
13 global $sql_error;
13 global $rg_sql_error;
14 14
15 xlog("\tError: $str");
16 $sql_error = $str;
15 rg_log("\tError: $str");
16 $rg_sql_error = $str;
17 17 } }
18 18
19 function sql_error()
19 function rg_sql_error()
20 20 { {
21 global $sql_error;
21 global $rg_sql_error;
22 22
23 return $sql_error;
23 return $rg_sql_error;
24 24 } }
25 25
26 26 /* /*
27 27 * Connect to database * Connect to database
28 28 */ */
29 function sql_open($str)
29 function rg_sql_open($str)
30 30 { {
31 global $sql_debug;
31 global $rg_sql_debug;
32 32
33 if ($sql_debug > 0)
34 xlog("DB: opening [$str]...");
33 if ($rg_sql_debug > 0)
34 rg_log("DB: opening [$str]...");
35 35
36 36 if (strncmp($str, "sqlite:", 7) != 0) { if (strncmp($str, "sqlite:", 7) != 0) {
37 37 sql_set_error("$str connect string not supported"); sql_set_error("$str connect string not supported");
 
... ... function sql_open($str)
42 42
43 43 $db = new SQLite3($file); $db = new SQLite3($file);
44 44 if ($db === FALSE) { if ($db === FALSE) {
45 sql_set_error("Cannot connect to database $file: " . $db->lastErrorMsg());
45 rg_sql_set_error("Cannot connect to database $file: " . $db->lastErrorMsg());
46 46 return FALSE; return FALSE;
47 47 } }
48 48
 
... ... function sql_open($str)
52 52 /* /*
53 53 * Escaping * Escaping
54 54 */ */
55 function sql_escape($db, $str)
55 function rg_sql_escape($db, $str)
56 56 { {
57 57 return $db->escapeString($str); return $db->escapeString($str);
58 58 } }
 
... ... function sql_escape($db, $str)
60 60 /* /*
61 61 * Do a query * Do a query
62 62 */ */
63 function sql_query($db, $sql)
63 function rg_sql_query($db, $sql)
64 64 { {
65 global $sql_debug;
65 global $rg_sql_debug;
66 66
67 if ($sql_debug > 0)
68 xlog("DB: running [$sql]...");
67 if ($rg_sql_debug > 0)
68 rg_log("DB: running [$sql]...");
69 69
70 70 $res = $db->query($sql); $res = $db->query($sql);
71 71 if ($res === FALSE) { if ($res === FALSE) {
72 sql_set_error("$sql: " . $db->lastErrorMsg());
72 rg_sql_set_error("$sql: " . $db->lastErrorMsg());
73 73 return FALSE; return FALSE;
74 74 } }
75 75
 
... ... function sql_query($db, $sql)
79 79 /* /*
80 80 * Close database * Close database
81 81 */ */
82 function sql_close($db)
82 function rg_sql_close($db)
83 83 { {
84 84 $db->close(); $db->close();
85 85 } }
 
... ... function sql_close($db)
87 87 /* /*
88 88 * Free results * Free results
89 89 */ */
90 function sql_free_result($res)
90 function rg_sql_free_result($res)
91 91 { {
92 92 $res->finalize(); $res->finalize();
93 93 } }
 
... ... function sql_free_result($res)
95 95 /* /*
96 96 * Returns a row as an associated array * Returns a row as an associated array
97 97 */ */
98 function sql_fetch_array($res)
98 function rg_sql_fetch_array($res)
99 99 { {
100 100 return $res->fetchArray(SQLITE3_ASSOC); return $res->fetchArray(SQLITE3_ASSOC);
101 101 } }
102 102
103 function sql_last_id($db)
103 function rg_sql_last_id($db)
104 104 { {
105 105 return $db->lastInsertRowID(); return $db->lastInsertRowID();
106 106 } }
File inc/db/struct.inc.php changed (mode: 100644) (index e113643..8fbc9fd)
1 1 <?php <?php
2 2 error_reporting(E_ALL); error_reporting(E_ALL);
3 3
4 $gg_db_struct = array();
4 $rg_db_struct = array();
5 5
6 $gg_db_struct[0] = array(
6 $rg_db_struct[0] = array(
7 7 "repos" => "CREATE TABLE repos" "repos" => "CREATE TABLE repos"
8 8 . " (repo_id INTEGER PRIMARY KEY" . " (repo_id INTEGER PRIMARY KEY"
9 9 . ", name TEXT" . ", name TEXT"
 
... ... $gg_db_struct[0] = array(
28 28 "keys" => "CREATE TABLE keys" "keys" => "CREATE TABLE keys"
29 29 . " (key_id INTEGER PRIMARY KEY" . " (key_id INTEGER PRIMARY KEY"
30 30 . ", itime INTEGER" . ", itime INTEGER"
31 . ", uid INTEGER, key TEXT)",
31 . ", uid INTEGER"
32 . ", key TEXT)",
32 33 "users" => "CREATE TABLE users" "users" => "CREATE TABLE users"
33 34 . " (uid INTEGER PRIMARY KEY" . " (uid INTEGER PRIMARY KEY"
34 35 . ", user TEXT" . ", user TEXT"
 
... ... $gg_db_struct[0] = array(
58 59 /* /*
59 60 * Generate structure * Generate structure
60 61 */ */
61 function gg_db_struct_run($db, $ignore_errors)
62 function rg_db_struct_run($db, $ignore_errors)
62 63 { {
63 global $gg_db_struct;
64 global $rg_db_struct;
64 65
65 foreach ($gg_db_struct as $index => $sqls) {
66 foreach ($rg_db_struct as $index => $sqls) {
66 67 foreach ($sqls as $table => $sql) { foreach ($sqls as $table => $sql) {
67 echo "[$table] Running [$sql]...\n";
68 $res = sql_query($db, $sql);
68 //echo "[$table] Running [$sql]...\n";
69 $res = rg_sql_query($db, $sql);
69 70 if ($res === FALSE) { if ($res === FALSE) {
70 echo "WARN: Cannot create '$table' table!\n";
71 echo "WARN: Cannot create '$table' table ($sql)!\n";
71 72 if (!$ignore_errors) if (!$ignore_errors)
72 73 return FALSE; return FALSE;
73 74 } }
File inc/dispatch/dispatch.php added (mode: 100644) (index 0000000..f21d460)
1 <?php
2 rg_log("/dispatch/dispatch.php");
3
4 $new_op = "";
5
6 switch ($op) {
7 case 'home':
8 include($INC . "/home/home.php");
9 $body .= $_home;
10 break;
11
12 case 'login':
13 include($INC . "/login/login.php");
14 $body .= $_login;
15 break;
16
17 case 'logout':
18 if (rg_sess_destroy($db, $sid, $rg_ui)) {
19 $new_op = "bye";
20 } else {
21 $body .= "Not OK!";
22 }
23 break;
24
25 case 'repo':
26 include($INC . "/repo/repo.php");
27 $body .= $_repo;
28 break;
29
30 case 'repopage':
31 include($INC . "/repo/repo_page.php");
32 $body .= $_repo;
33 break;
34
35 case 'admin':
36 include($INC . "/admin/admin.php");
37 $body .= $_admin;
38 break;
39
40 case 'keys':
41 include($INC . "/keys/keys.php");
42 $body .= $_keys;
43 break;
44
45 case 'forgotlink': // forgot pass link
46 include($INC . "/user/forgot.php");
47 $body .= $_forgot;
48 break;
49
50 case 'forgotmail': // forgot pass - send mail
51 include($INC . "/user/forgot_mail.php");
52 $body .= $_forgot;
53 break;
54
55 case 'bye':
56 include($INC . "/bye/bye.php");
57 $body .= $_bye;
58 break;
59 }
60
61 $op = $new_op;
62 rg_log("new op=$op.");
63 ?>
File inc/git.inc.php changed (mode: 100644) (index 71b60d9..aa6e299)
1 1 <?php <?php
2 2 require_once($INC . "/util.inc.php"); require_once($INC . "/util.inc.php");
3 require_once($INC . "/xlog.inc.php");
3 require_once($INC . "/log.inc.php");
4 4
5 function gg_git_set_error($str)
5 $rg_git_error = "";
6
7 function rg_git_set_error($str)
6 8 { {
7 global $_gg_git_error;
9 global $rg_git_error;
8 10
9 xlog("\tError: $str");
10 $_gg_git_error = $str;
11 rg_log("\tError: $str");
12 $rg_git_error = $str;
11 13 } }
12 14
13 function gg_git_error()
15 function rg_git_error()
14 16 { {
15 global $_gg_git_error;
16 return $_gg_git_error;
17 global $rg_git_error;
18 return $rg_git_error;
17 19 } }
18 20
19 function git_install_hooks($dst)
21 function rg_git_install_hooks($dst)
20 22 { {
21 xlog("git_install_hooks: dst=$dst...");
23 rg_log("git_install_hooks: dst=$dst...");
22 24
23 xlog("\tNot yet implemented!");
25 rg_log("\tNot yet implemented!");
24 26 return TRUE; return TRUE;
25 27 } }
26 28
27 function gg_git_init($dst)
29 function rg_git_init($dst)
28 30 { {
29 xlog("git_init: dst=$dst...");
31 rg_log("git_init: dst=$dst...");
30 32
31 33 $dir = dirname($dst); $dir = dirname($dst);
32 34 if (!file_exists($dir)) { if (!file_exists($dir)) {
33 35 $r = @mkdir($dir, 0755, TRUE); $r = @mkdir($dir, 0755, TRUE);
34 36 if ($r === FALSE) { if ($r === FALSE) {
35 xlog("\tCannot create dir [$dir] ($php_errormsg)!");
37 rg_log("\tCannot create dir [$dir] ($php_errormsg)!");
36 38 return FALSE; return FALSE;
37 39 } }
38 40 } }
39 41
40 if (file_exists($dst . "/gg")) {
41 xlog("\tGit repo was created OK. Skip cloning.");
42 if (file_exists($dst . "/rg")) {
43 rg_log("\tGit repo was created OK. Skip cloning.");
42 44 } else { } else {
43 45 $cmd = "git init --bare '" . escapeshellcmd($dst) . "'"; $cmd = "git init --bare '" . escapeshellcmd($dst) . "'";
44 xlog("\texec $cmd...");
46 rg_log("\texec $cmd...");
45 47 $a = exec($cmd, $output, $err); $a = exec($cmd, $output, $err);
46 48 if ($err != 0) { if ($err != 0) {
47 xlog("\tError $err (" . implode("|", $output) . " ($a)!");
49 rg_log("\tError $err (" . implode("|", $output) . " ($a)!");
48 50 return FALSE; return FALSE;
49 51 } }
50 52
51 if (!@mkdir($dst . "/gg")) {
52 xlog("\tCannot create gg dir ($php_errormsg)!");
53 if (!@mkdir($dst . "/rg")) {
54 rg_log("\tCannot create rg dir ($php_errormsg)!");
53 55 return FALSE; return FALSE;
54 56 } }
55 57 } }
56 58
57 if (git_install_hooks($dst) === FALSE)
59 if (rg_git_install_hooks($dst) === FALSE)
58 60 return FALSE; return FALSE;
59 61
60 62 return TRUE; return TRUE;
61 63 } }
62 64
63 function gg_git_clone($src, $dst)
65 function rg_git_clone($src, $dst)
64 66 { {
65 xlog("git_clone: src=$src, dst=$dst...");
67 rg_log("git_clone: src=$src, dst=$dst...");
66 68
67 69 $dir = dirname($dst); $dir = dirname($dst);
68 70 if (!file_exists($dir)) { if (!file_exists($dir)) {
69 71 $r = @mkdir($dir, 0755, TRUE); $r = @mkdir($dir, 0755, TRUE);
70 72 if ($r === FALSE) { if ($r === FALSE) {
71 xlog("\tCannot create dir [$dir] ($php_errormsg)!");
73 rg_log("\tCannot create dir [$dir] ($php_errormsg)!");
72 74 return FALSE; return FALSE;
73 75 } }
74 76 } }
75 77
76 if (file_exists($dst . "/gg")) {
77 xlog("\tGit repo was created OK. Skip cloning.");
78 if (file_exists($dst . "/rg")) {
79 rg_log("\tGit repo was created OK. Skip cloning.");
78 80 } else { } else {
79 81 $cmd = "git clone --bare '" . escapeshellcmd($src) . "'" $cmd = "git clone --bare '" . escapeshellcmd($src) . "'"
80 82 . " '" . escapeshellcmd($dst) . "'"; . " '" . escapeshellcmd($dst) . "'";
81 xlog("\texec $cmd...");
83 rg_log("\texec $cmd...");
82 84 $a = exec($cmd); $a = exec($cmd);
83 85 if ($err != 0) { if ($err != 0) {
84 xlog("\tError $err (" . implode("|", $output) . " ($a)!");
86 rg_log("\tError $err (" . implode("|", $output) . " ($a)!");
85 87 return FALSE; return FALSE;
86 88 } }
87 89
88 if (!@mkdir($dst . "/gg")) {
89 xlog("\tCannot create gg dir ($php_errormsg)!");
90 if (!@mkdir($dst . "/rg")) {
91 rg_log("\tCannot create rg dir ($php_errormsg)!");
90 92 return FALSE; return FALSE;
91 93 } }
92 94 } }
93 95
94 if (git_install_hooks($dst) === FALSE)
96 if (rg_git_install_hooks($dst) === FALSE)
95 97 return FALSE; return FALSE;
96 98
97 99 return TRUE; return TRUE;
File inc/home/home.php added (mode: 100644) (index 0000000..c05b12a)
1 <?php
2 rg_log("/home/home.php");
3
4 $_home = "";
5
6 $_home .= "Bau!";
7
8 ?>
9
File inc/keys.inc.php changed (mode: 100644) (index 92fd4d2..ddb0b09)
2 2 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
3 3 require_once($INC . "/state.inc.php"); require_once($INC . "/state.inc.php");
4 4
5 $keys_error = "";
5 $rg_keys_error = "";
6 6
7 function keys_set_error($str)
7 function rg_keys_set_error($str)
8 8 { {
9 global $keys_error;
9 global $rg_keys_error;
10 10
11 xlog("\tError: $str");
12 $keys_error = $str;
11 rg_log("\tError: $str");
12 $rg_keys_error = $str;
13 13 } }
14 14
15 function keys_error()
15 function rg_keys_error()
16 16 { {
17 global $keys_error;
18 return $keys_error;
17 global $rg_keys_error;
18 return $rg_keys_error;
19 19 } }
20 20
21 21 /* /*
22 * Generates the fingerprint of a key
22 * Validate key
23 23 */ */
24 function keys_fingerprint($key)
24 function rg_keys_valid($s)
25 25 { {
26 $v = explode(" ", $key);
26 $v = explode(" ", $s);
27 if (!isset($v[1])) {
28 rg_keys_set_error("Malformed input (missing fields)");
29 return FALSE;
30 }
27 31
28 32 $decoded = base64_decode(trim($v[1])); $decoded = base64_decode(trim($v[1]));
33 if ($decoded === FALSE) {
34 rg_keys_set_error("Malformed input (base64 failed)");
35 return FALSE;
36 }
37
38 return $decoded;
39 }
40
41 /*
42 * Generates the fingerprint of a key
43 */
44 function rg_keys_fingerprint($key)
45 {
46 $decoded = rg_keys_valid($key);
47 if ($decoded === FALSE)
48 return rg_keys_error();
49
29 50 $digest = md5($decoded); $digest = md5($decoded);
30 51
31 52 $a = array(); $a = array();
 
... ... function keys_fingerprint($key)
38 59 /* /*
39 60 * Remove a key from database * Remove a key from database
40 61 */ */
41 function keys_remove($db, $uid, $key_id)
62 function rg_keys_remove($db, $rg_ui, $key_id)
42 63 { {
43 64 // mark dirty // mark dirty
44 state_set($db, "authorized_keys", 1);
65 rg_state_set($db, "authorized_keys", 1);
45 66
46 $e_uid = sprintf("%u", $uid);
67 // TODO: move this to caller?
47 68 $e_key_id = sprintf("%u", $key_id); $e_key_id = sprintf("%u", $key_id);
48 69
49 70 $sql = "DELETE FROM keys" $sql = "DELETE FROM keys"
50 . " WHERE uid = $e_uid"
71 . " WHERE uid = " . $rg_ui['uid']
51 72 . " AND key_id = $e_key_id"; . " AND key_id = $e_key_id";
52 $res = sql_query($db, $sql);
73 $res = rg_sql_query($db, $sql);
53 74 if ($res === FALSE) { if ($res === FALSE) {
54 keys_set_error("Cannot delete key $key_id (" . sql_error() . ")");
75 rg_keys_set_error("Cannot delete key $key_id (" . rg_sql_error() . ")");
55 76 return FALSE; return FALSE;
56 77 } }
57 sql_free_result($res);
78 rg_sql_free_result($res);
58 79
59 80 return TRUE; return TRUE;
60 81 } }
 
... ... function keys_remove($db, $uid, $key_id)
63 84 * Add a key * Add a key
64 85 * Returns the key_id of the key. * Returns the key_id of the key.
65 86 */ */
66 function keys_add($db, $uid, $key)
87 function rg_keys_add($db, $rg_ui, $key)
67 88 { {
68 89 $itime = time(); $itime = time();
69 $e_uid = sprintf("%u", $uid);
70 $e_key = sql_escape($db, $key);
90 $e_key = rg_sql_escape($db, $key);
91
92 if (rg_keys_valid($key) === FALSE)
93 return FALSE;
71 94
72 95 // set dirty // set dirty
73 if (state_set($db, "authorized_keys", 1) === FALSE)
96 if (rg_state_set($db, "authorized_keys", 1) === FALSE)
74 97 return FALSE; return FALSE;
75 98
76 99 $sql = "INSERT INTO keys (itime, uid, key)" $sql = "INSERT INTO keys (itime, uid, key)"
77 . " VALUES ($itime, $e_uid, '$e_key')";
78 $res = sql_query($db, $sql);
100 . " VALUES ($itime, " . $rg_ui['uid'] . ", '$e_key')";
101 $res = rg_sql_query($db, $sql);
79 102 if ($res === FALSE) { if ($res === FALSE) {
80 keys_set_error("Cannot insert key (" . sql_error() . ")");
103 rg_keys_set_error("Cannot insert key (" . rg_sql_error() . ")");
81 104 return FALSE; return FALSE;
82 105 } }
83 sql_free_result($res);
106 rg_sql_free_result($res);
84 107
85 return sql_last_id($db);
108 return rg_sql_last_id($db);
86 109 } }
87 110
88 111 /* /*
89 112 * Regenerates authorized_keys files * Regenerates authorized_keys files
90 113 */ */
91 function keys_regen($db)
114 function rg_keys_regen($db)
92 115 { {
93 global $gg_keys_file;
94 global $gg_scripts;
116 global $rg_keys_file;
117 global $rg_scripts;
95 118
96 $dirty = state_get($db, "authorized_keys");
119 $dirty = rg_state_get($db, "authorized_keys");
97 120 if ($dirty == 0) if ($dirty == 0)
98 121 return TRUE; return TRUE;
99 122
100 $tmp = $gg_keys_file . ".tmp";
123 $tmp = $rg_keys_file . ".tmp";
101 124 $f = @fopen($tmp, "w"); $f = @fopen($tmp, "w");
102 125 if ($f === FALSE) { if ($f === FALSE) {
103 keys_set_error("Cannot open file $tmp ($php_errormsg)!");
126 rg_keys_set_error("Cannot open file $tmp ($php_errormsg)!");
104 127 return FALSE; return FALSE;
105 128 } }
106 129
107 130 if (chmod($tmp, 0600) === FALSE) { if (chmod($tmp, 0600) === FALSE) {
108 keys_set_error("Cannot chmod tmp file ($php_errmsg)!");
131 rg_keys_set_error("Cannot chmod tmp file ($php_errmsg)!");
109 132 return FALSE; return FALSE;
110 133 } }
111 134
112 135 $sql = "SELECT uid, key FROM keys"; $sql = "SELECT uid, key FROM keys";
113 $res = sql_query($db, $sql);
136 $res = rg_sql_query($db, $sql);
114 137 if ($res === FALSE) { if ($res === FALSE) {
115 keys_set_error("Cannot query (" . sql_error() . ")");
138 rg_keys_set_error("Cannot query (" . rg_sql_error() . ")");
116 139 return FALSE; return FALSE;
117 140 } }
118 while (($row = sql_fetch_array($res))) {
119 $buf = "command=\"/usr/bin/php " . $gg_scripts . "/ssh.php " . $row['uid'] . "\""
141 while (($row = rg_sql_fetch_array($res))) {
142 $buf = "command=\"/usr/bin/php " . $rg_scripts . "/ssh.php " . $row['uid'] . "\""
120 143 . ",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty" . ",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty"
121 144 . " " . $row['key'] . "\n"; . " " . $row['key'] . "\n";
122 145 if (@fwrite($f, $buf) === FALSE) { if (@fwrite($f, $buf) === FALSE) {
123 keys_set_error("Cannot write. Disk space problems? ($php_errormsg)");
146 rg_keys_set_error("Cannot write. Disk space problems? ($php_errormsg)");
124 147 fclose($f); fclose($f);
125 148 unlink($tmp); unlink($tmp);
126 sql_free_result($res);
149 rg_sql_free_result($res);
127 150 return FALSE; return FALSE;
128 151 } }
129 152 } }
130 sql_free_result($res);
153 rg_sql_free_result($res);
131 154
132 155 fclose($f); fclose($f);
133 156
134 if (@rename($tmp, $gg_keys_file) === FALSE) {
135 keys_set_error("Cannot rename $tmp to $gg_keys_file ($php_errormsg)!");
157 if (@rename($tmp, $rg_keys_file) === FALSE) {
158 rg_keys_set_error("Cannot rename $tmp to $rg_keys_file ($php_errormsg)!");
136 159 unlink($tmp); unlink($tmp);
137 160 return FALSE; return FALSE;
138 161 } }
139 162
140 163 // mark file as clean // mark file as clean
141 state_set($db, "authorized_keys", 0);
164 rg_state_set($db, "authorized_keys", 0);
142 165
143 166 return TRUE; return TRUE;
144 167 } }
 
... ... function keys_regen($db)
146 169 /* /*
147 170 * List keys * List keys
148 171 */ */
149 function keys_list($db, $uid, $url)
172 function rg_keys_list($db, $rg_ui, $url)
150 173 { {
151 xlog("keys_list: uid=$uid, url=$url...");
174 rg_log("keys_list: rg_uid=" . $rg_ui['uid'] . ", url=$url...");
152 175
153 $sql = "SELECT * FROM keys WHERE uid = $uid";
154 $res = sql_query($db, $sql);
176 $sql = "SELECT * FROM keys WHERE uid = " . $rg_ui['uid'];
177 $res = rg_sql_query($db, $sql);
155 178 if ($res === FALSE) { if ($res === FALSE) {
156 keys_set_error("Cannot query (" . sql_error() . ")");
179 rg_keys_set_error("Cannot query (" . rg_sql_error() . ")");
157 180 return FALSE; return FALSE;
158 181 } }
159 182
 
... ... function keys_list($db, $uid, $url)
163 186 $ret .= " <th>Fingerprint</th>\n"; $ret .= " <th>Fingerprint</th>\n";
164 187 $ret .= " <th>Operations</th>\n"; $ret .= " <th>Operations</th>\n";
165 188 $ret .= "</tr>\n"; $ret .= "</tr>\n";
166 while (($row = sql_fetch_array($res))) {
189 while (($row = rg_sql_fetch_array($res))) {
167 190 $ret .= "<tr>\n"; $ret .= "<tr>\n";
168 191 $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n"; $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n";
169 $ret .= " <td>" . keys_fingerprint($row['key']) . "</td>\n";
192 $ret .= " <td>" . rg_keys_fingerprint($row['key']) . "</td>\n";
170 193
171 194 $oper = ""; $oper = "";
172 195 $oper = "[<a href=\"$url&amp;key_id=" . $row['key_id'] $oper = "[<a href=\"$url&amp;key_id=" . $row['key_id']
 
... ... function keys_list($db, $uid, $url)
175 198 $ret .= "</tr>\n"; $ret .= "</tr>\n";
176 199 } }
177 200 $ret .= "</table>\n"; $ret .= "</table>\n";
178 sql_free_result($res);
201 rg_sql_free_result($res);
179 202
180 203 return $ret; return $ret;
181 204 } }
File inc/keys/add.form.php changed (mode: 100644) (index f1896b0..641cf91)
1 1 <?php <?php
2 2
3 3 $_form = ' $_form = '
4 <form type="post" action="' . $_SERVER['PHP_SELF'] . '">
4 <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
5 5 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
6 6 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
7 7 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
File inc/keys/keys.php changed (mode: 100644) (index ee46f0a..a0368e5)
1 1 <?php <?php
2 xlog("/inc/keys/keys.php");
2 rg_log("/inc/keys/keys.php");
3 3
4 if ($gg_uid == 0) {
5 $_body = "You do not have access here!";
4 $_keys = "";
5
6 if ($rg_ui['uid'] == 0) {
7 $_keys .= "You do not have access here!";
6 8 return; return;
7 9 } }
8 10
9 $subop = @intval($_REQUEST['subop']);
10 $key = @$_REQUEST['key'];
11 $key = rg_var_str("key");
11 12 $key = preg_replace("|[^/A-Za-z0-9 @/+_\.\=,-]|", "", $key); $key = preg_replace("|[^/A-Za-z0-9 @/+_\.\=,-]|", "", $key);
12 $key_id = @intval($_REQUEST['key_id']);
13 $key_id = rg_var_uint("key_id");
13 14
14 15 // menu // menu
15 $_url = $_SERVER['PHP_SELF'] . "?op=$op";
16 $_url = rg_re_url($op);
16 17 $_menu = ""; $_menu = "";
17 18 $_menu .= "[<a href=\"$_url&amp;subop=1\">Add</a>]"; $_menu .= "[<a href=\"$_url&amp;subop=1\">Add</a>]";
18 19 $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">List</a>]"; $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">List</a>]";
 
... ... $_body = "";
24 25 switch ($subop) { switch ($subop) {
25 26 case 1: // add case 1: // add
26 27 if ($doit == 1) { if ($doit == 1) {
27 $_r = keys_add($db, $gg_uid, $key);
28 $_r = rg_keys_add($db, $rg_ui, $key);
28 29 if ($_r === FALSE) if ($_r === FALSE)
29 $_body .= keys_error();
30 $_body .= rg_keys_error();
30 31 else else
31 32 $_body = "OK!"; $_body = "OK!";
32 } else {
33 include($INC . "/keys/add.form.php");
34 $_body .= $_form;
35 33 } }
34
35 include($INC . "/keys/add.form.php");
36 $_body .= $_form;
36 37 break; break;
37 38
38 39 case 2: // list case 2: // list
39 if (@$_REQUEST['delete'] == 1) {
40 if (keys_remove($db, $gg_uid, $key_id) === FALSE)
41 $_body .= "Bad: " . keys_error() . "!<br />\n";
40 if (rg_var_uint("delete") == 1) {
41 if (rg_keys_remove($db, $rg_ui, $key_id) === FALSE)
42 $_body .= "Bad: " . rg_keys_error() . "!<br />\n";
42 43 } }
43 44
44 $_body .= keys_list($db, $gg_uid, $_url . "&amp;subop=2");
45 $_body .= rg_keys_list($db, $rg_ui, $_url . "&amp;subop=2");
45 46 break; break;
46 47
47 48 } }
48 49
49 $_keys = $_menu . $_body;
50 $_keys .= $_menu . $_body;
50 51 ?> ?>
File inc/log.inc.php added (mode: 100644) (index 0000000..11c8ca3)
1 <?php
2 require_once($INC . "/util.inc.php");
3
4 $rg_log_file = "/tmp/rg.log";
5 $rg_log_fd = FALSE;
6 $rg_log_sid = rg_id(6);
7
8 function rg_log_set_file($file)
9 {
10 global $rg_log_file;
11
12 $rg_log_file = $file;
13 }
14
15 function rg_log($str)
16 {
17 global $rg_log_file;
18 global $rg_log_fd;
19 global $rg_log_sid;
20
21 if ($rg_log_fd === FALSE) {
22 $rg_log_fd = @fopen($rg_log_file, "a+");
23 if ($rg_log_fd === FALSE)
24 return;
25 // write an empty line
26 fwrite($rg_log_fd, "\n");
27 }
28
29 $t = gettimeofday();
30 $buf = gmdate("Y-m-d H:i:s", $t['sec']) . "." . sprintf("%06d", $t['usec']);
31 $buf .= " " . $rg_log_sid . " " . $str . "\n";
32
33 fwrite($rg_log_fd, $buf);
34 }
35
36 ?>
File inc/login/login.form.php changed (mode: 100644) (index 26ea6eb..29827c0)
1 1 <?php <?php
2 2 $_form = ''; $_form = '';
3 3
4 if (!empty($error))
5 $_form .= "<font color=red>$error</font>\n";
4 if (count($errmsg) > 0)
5 $_form .= "<font color=red>" . implode("<br />\n", $errmsg) . "</font>\n";
6 6
7 7 $_form .= ' $_form .= '
8 8 <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
 
... ... Password: <input type="password" name="pass" value="' . $pass . '"><br />
17 17
18 18 Forgot your password?<br /> Forgot your password?<br />
19 19 <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
20 <input type="hidden" name="op" value="7">
20 <input type="hidden" name="op" value="forgotmail">
21 21 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
22 22
23 23 E-mail: <input type="text" name="email" value=""><br /> E-mail: <input type="text" name="email" value=""><br />
File inc/login/login.php changed (mode: 100644) (index d677c0c..b5edbcd)
1 1 <?php <?php
2 xlog("/inc/login/login.php");
2 rg_log("/inc/login/login.php");
3 3
4 $doit = @intval($_REQUEST['doit']);
5 $user = @$_COOKIE['user'];
6 $pass = "";
4 $user = rg_var_str("user");
5 $pass = rg_var_str("pass");
7 6
8 7 $_login = "<br />\n"; $_login = "<br />\n";
9 8
10 $error = "";
11 if ($doit == 1)
12 $error = "Invalid user and/or pass.";
9 $show_form = 1;
13 10
14 include($INC . "/login/login.form.php");
15 $_login .= $_form;
11 $errmsg = array();
16 12
17 ?>
13 if ($doit == 1) {
14 $r = rg_user_login_by_user_pass($db, $user, $pass, $rg_ui);
15 if ($r === FALSE) {
16 $errmsg[] = rg_user_error();
17 } else {
18 $show_form = 0;
19 $new_op = "home"; // redirect to home page
20 }
21 }
22
23 if ($show_form == 1) {
24 include($INC . "/login/login.form.php");
25 $_login .= $_form;
26 }
27
28 ?>
File inc/repo.inc.php changed (mode: 100644) (index bd1ce29..c641892)
1 1 <?php <?php
2 2 require_once($INC . "/util.inc.php"); require_once($INC . "/util.inc.php");
3 require_once($INC . "/xlog.inc.php");
3 require_once($INC . "/log.inc.php");
4 4 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
5 5 require_once($INC . "/user.inc.php"); require_once($INC . "/user.inc.php");
6 6 require_once($INC . "/git.inc.php"); require_once($INC . "/git.inc.php");
7 7
8 $gg_repo_error = "";
8 $rg_repo_error = "";
9 9
10 $gg_repo_rights = array("A" => "Admin",
10 $rg_repo_rights = array("A" => "Admin",
11 11 "F" => "Fetch", "F" => "Fetch",
12 12 "P" => "Push", "P" => "Push",
13 13 "D" => "Delete branch"); "D" => "Delete branch");
14 14
15 function gg_repo_set_error($str)
15 function rg_repo_set_error($str)
16 16 { {
17 global $gg_repo_error;
17 global $rg_repo_error;
18 18
19 xlog("\tError: $str");
20 $gg_repo_error = $str;
19 rg_log("\tError: $str");
20 $rg_repo_error = $str;
21 21 } }
22 22
23 function gg_repo_error()
23 function rg_repo_error()
24 24 { {
25 global $gg_repo_error;
26 return $gg_repo_error;
25 global $rg_repo_error;
26 return $rg_repo_error;
27 }
28
29 /*
30 * Enforce name
31 */
32 function rg_repo_ok($repo)
33 {
34 global $rg_repo_allow;
35 global $rg_repo_max_len;
36
37 if (rg_chars_allow($repo, $rg_repo_allow) === FALSE) {
38 rg_repo_set_error("Invalid repository name");
39 return FALSE;
40 }
41
42 if (preg_match('/\.\./', $repo)) {
43 rg_repo_set_error("Invalid repository name");
44 return FALSE;
45 }
46
47 if (strlen($repo) > $rg_repo_max_len) {
48 rg_repo_set_error("Repository name is too long");
49 return FALSE;
50 }
51
52 return TRUE;
27 53 } }
28 54
29 55 /* /*
30 56 * Returns the path to a repository based on repo_id * Returns the path to a repository based on repo_id
31 57 */ */
32 function repo_id2base($repo_id)
58 function rg_repo_id2base($repo_id)
33 59 { {
34 global $gg_base_repo;
60 global $rg_base_repo;
35 61
36 62 $r3 = sprintf("%03u", $repo_id % 1000); $r3 = sprintf("%03u", $repo_id % 1000);
37 63
38 return $gg_base_repo . "/"
64 return $rg_base_repo . "/"
39 65 . $r3[0] . "/" . $r3[1] . "/" . $r3[2] . "/"; . $r3[0] . "/" . $r3[1] . "/" . $r3[2] . "/";
40 66 } }
41 67
42 68 /* /*
43 69 * Return info about a repo * Return info about a repo
44 70 */ */
45 function repo_info($db, $repo_id, $repo)
71 function rg_repo_info($db, $repo_id, $repo)
46 72 { {
47 xlog("repo_info: repo_id=$repo_id, repo=$repo...");
73 rg_log("repo_info: repo_id=$repo_id, repo=$repo...");
48 74
49 75 $ret['ok'] = 0; $ret['ok'] = 0;
50 76 $ret['exists'] = 0; $ret['exists'] = 0;
 
... ... function repo_info($db, $repo_id, $repo)
52 78 if ($repo_id > 0) { if ($repo_id > 0) {
53 79 $add = " AND repo_id = $repo_id"; $add = " AND repo_id = $repo_id";
54 80 } else if (!empty($repo)) { } else if (!empty($repo)) {
55 $e_repo = sql_escape($db, $repo);
81 $e_repo = rg_sql_escape($db, $repo);
56 82 $add = " AND name = '$e_repo'"; $add = " AND name = '$e_repo'";
57 83 } else { } else {
58 84 $ret['errmsg'] = "No repo_id or name specified!"; $ret['errmsg'] = "No repo_id or name specified!";
 
... ... function repo_info($db, $repo_id, $repo)
60 86 } }
61 87
62 88 $sql = "SELECT * FROM repos WHERE 1 = 1" . $add; $sql = "SELECT * FROM repos WHERE 1 = 1" . $add;
63 $res = sql_query($db, $sql);
89 $res = rg_sql_query($db, $sql);
64 90 if ($res === FALSE) { if ($res === FALSE) {
65 $ret['errmsg'] = "Cannot query (" . sql_error() . ")";
66 xlog("\t" . $ret['errmsg']);
91 $ret['errmsg'] = "Cannot query (" . rg_sql_error() . ")";
92 rg_log("\t" . $ret['errmsg']);
67 93 return $ret; return $ret;
68 94 } }
69 95 $ret['ok'] = 1; $ret['ok'] = 1;
70 $row = sql_fetch_array($res);
71 sql_free_result($res);
96 $row = rg_sql_fetch_array($res);
97 rg_sql_free_result($res);
72 98 if (!isset($row['repo_id'])) { if (!isset($row['repo_id'])) {
73 xlog("\tRepo not found!");
99 rg_log("\tRepo not found!");
74 100 return $ret; return $ret;
75 101 } }
76 102
 
... ... function repo_info($db, $repo_id, $repo)
82 108 /* /*
83 109 * Check if a uid has access to repository * Check if a uid has access to repository
84 110 */ */
85 function repo_allow($db, $ri, $uid, $needed_rights)
111 function rg_repo_allow($db, $ri, $rg_ui, $needed_rights)
86 112 { {
87 xlog("repo_allow: uid=$uid, needed_rights=$needed_rights...");
113 rg_log("repo_allow: rg_uid=" . $rg_ui['uid']
114 . ", needed_rights=$needed_rights...");
115
116 if ($rg_ui['is_admin'] == 1)
117 return TRUE;
88 118
89 119 if (empty($needed_rights)) { if (empty($needed_rights)) {
90 xlog("\tNo perms passed!");
120 rg_log("\tNo perms passed!");
91 121 return FALSE; return FALSE;
92 122 } }
93 123
94 $rr = gg_repo_rights_get($db, $ri, $uid);
124 $rr = rg_repo_rights_get($db, $ri, $rg_ui['uid']);
95 125 if ($rr['ok'] != 1) { if ($rr['ok'] != 1) {
96 gg_repo_set_error("No access!");
126 rg_repo_set_error("No access!");
97 127 return FALSE; return FALSE;
98 128 } }
99 xlog("\tdb rights: " . $rr['rights']);
129 rg_log("\tdb rights: " . $rr['rights']);
100 130
101 131 $len = strlen($needed_rights); $len = strlen($needed_rights);
102 132 for ($i = 0; $i < $len; $i++) { for ($i = 0; $i < $len; $i++) {
103 133 if (!strstr($rr['rights'], $needed_rights[$i])) { if (!strstr($rr['rights'], $needed_rights[$i])) {
104 gg_repo_set_error("No rights (" . $needed_rights[$i] . ")");
134 rg_repo_set_error("No rights (" . $needed_rights[$i] . ")");
105 135 return FALSE; return FALSE;
106 136 } }
107 137 } }
108 138
109 xlog("\tAllow access!");
139 rg_log("\tAllow access!");
110 140
111 141 return TRUE; return TRUE;
112 142 } }
 
... ... function repo_allow($db, $ri, $uid, $needed_rights)
114 144 /* /*
115 145 * Add a repository * Add a repository
116 146 * @master - makes sense only for clones - who is the master. * @master - makes sense only for clones - who is the master.
147 * TODO: put all fields into an array!
117 148 */ */
118 function repo_create($db, $master, $gg_uid, $name, $max_commit_size, $desc,
149 function rg_repo_create($db, $master, $rg_ui, $name, $max_commit_size, $desc,
119 150 $rights) $rights)
120 151 { {
121 152 // TODO: reorder parameters - are not logical // TODO: reorder parameters - are not logical
122 xlog("repo_create: gg_uid=$gg_uid, name=[$name], master=$master"
153 rg_log("repo_create: rg_uid=" . $rg_ui['uid']
154 . ", name=[$name], master=$master"
123 155 . ", max_commit_size=$max_commit_size, desc=[$desc]" . ", max_commit_size=$max_commit_size, desc=[$desc]"
124 156 . ", rights=$rights..."); . ", rights=$rights...");
125 157
158 if (rg_repo_ok($name) === FALSE)
159 return FALSE;
160
126 161 // First, test if it already exists // First, test if it already exists
127 $ri = repo_info($db, 0, $name);
162 $ri = rg_repo_info($db, 0, $name);
128 163 if ($ri['ok'] != 1) if ($ri['ok'] != 1)
129 164 return FALSE; return FALSE;
130 165 if ($ri['exists'] == 1) { if ($ri['exists'] == 1) {
131 gg_repo_set_error("Repository already exists.");
166 rg_repo_set_error("Repository already exists.");
132 167 return FALSE; return FALSE;
133 168 } }
134 169
135 // XSS protection
136 $name = gg_xss($name);
137 $desc = gg_xss($desc);
170 // XSS protection - TODO: be more specific
171 $name = rg_xss($name);
172 $desc = rg_xss($desc);
138 173
139 $e_name = sql_escape($db, $name);
140 $e_desc = sql_escape($db, $desc);
174 $e_name = rg_sql_escape($db, $name);
175 $e_desc = rg_sql_escape($db, $desc);
141 176
142 177 $itime = time(); $itime = time();
143 178
144 179 $sql = "INSERT INTO repos (uid, master, name, itime" $sql = "INSERT INTO repos (uid, master, name, itime"
145 180 . ", max_commit_size, desc, git_dir_done, default_rights)" . ", max_commit_size, desc, git_dir_done, default_rights)"
146 . " VALUES ($gg_uid, $master, '$e_name', $itime"
181 . " VALUES (" . $rg_ui['uid'] . ", $master, '$e_name', $itime"
147 182 . ", $max_commit_size, '$e_desc', 0, '$rights')"; . ", $max_commit_size, '$e_desc', 0, '$rights')";
148 $res = sql_query($db, $sql);
183 $res = rg_sql_query($db, $sql);
149 184 if ($res === FALSE) { if ($res === FALSE) {
150 gg_repo_set_error("Cannot insert (" . sql_error() . ")");
185 rg_repo_set_error("Cannot insert (" . rg_sql_error() . ")");
151 186 return FALSE; return FALSE;
152 187 } }
153 sql_free_result($res);
188 rg_sql_free_result($res);
154 189
155 190 // git repo creation will be delayed for serialization reasons // git repo creation will be delayed for serialization reasons
156 191 // and for permission reasons (we are apache here) // and for permission reasons (we are apache here)
 
... ... function repo_create($db, $master, $gg_uid, $name, $max_commit_size, $desc,
161 196 /* /*
162 197 * Delete a repo * Delete a repo
163 198 */ */
164 function gg_repo_delete($db, $repo_id, $gg_uid)
199 function rg_repo_delete($db, $repo_id, $rg_ui)
165 200 { {
166 xlog("repo_delete: gg_uid=$gg_uid, repo_id=$repo_id");
201 rg_log("repo_delete: rg_uid=" . $rg_ui['uid'] . ", repo_id=$repo_id");
167 202
168 203 // TODO: Check rights // TODO: Check rights
169 204
170 205 // Only mark it as such, deletion will happen in background // Only mark it as such, deletion will happen in background
171 206 $sql = "UPDATE repos SET deleted = 1 WHERE repo_id = $repo_id"; $sql = "UPDATE repos SET deleted = 1 WHERE repo_id = $repo_id";
172 $res = sql_query($db, $sql);
207 $res = rg_sql_query($db, $sql);
173 208 if ($res === FALSE) { if ($res === FALSE) {
174 gg_repo_set_error("Cannot delete (" . sql_error() . ")");
209 rg_repo_set_error("Cannot delete (" . rg_sql_error() . ")");
175 210 return FALSE; return FALSE;
176 211 } }
177 sql_free_result($res);
212 rg_sql_free_result($res);
178 213
179 214 return TRUE; return TRUE;
180 215 } }
 
... ... function gg_repo_delete($db, $repo_id, $gg_uid)
183 218 * Update a repository * Update a repository
184 219 * TODO: check rights - also for create? * TODO: check rights - also for create?
185 220 */ */
186 function gg_repo_update($db, $repo_id, $gg_uid, $name, $max_commit_size, $desc,
187 $rights)
221 function rg_repo_update($db, &$new)
188 222 { {
189 xlog("repo_update: repo_id=$repo_id, gg_uid=$gg_uid, name=[$name]"
190 . ", max_commit_size=$max_commit_size, desc=[$desc]"
191 . ", rights=$rights...");
223 rg_log("repo_update: repo_id=" . $new['repo_id']
224 . ", name=[" . $new['name'] . "]"
225 . ", max_commit_size=" . $new['max_commit_size']
226 . ", desc=[" . $new['desc'] . "]"
227 . ", default_rights=" . $new['default_rights']);
228
229 if (rg_repo_ok($new['name']) === FALSE)
230 return FALSE;
192 231
193 232 // First, test if it already exists // First, test if it already exists
194 $ri = repo_info($db, 0, $name);
233 $ri = rg_repo_info($db, 0, $new['name']);
195 234 if ($ri['ok'] != 1) if ($ri['ok'] != 1)
196 235 return FALSE; return FALSE;
197 if (($ri['exists'] == 1) && ($ri['repo_id'] != $repo_id)) {
198 gg_repo_set_error("Name already taken.");
236 if (($ri['exists'] == 1) && ($ri['repo_id'] != $new['repo_id'])) {
237 rg_repo_set_error("Name already taken.");
199 238 return FALSE; return FALSE;
200 239 } }
201 240
202 // Second, test if we repo_id is valid
203 $ri = repo_info($db, $repo_id, "");
241 // Second, test if repo_id is valid
242 $ri = rg_repo_info($db, $new['repo_id'], "");
204 243 if ($ri['ok'] != 1) if ($ri['ok'] != 1)
205 244 return FALSE; return FALSE;
206 245 if ($ri['exists'] == 0) { if ($ri['exists'] == 0) {
207 gg_repo_set_error("Repo $repo_id does not eists.");
246 rg_repo_set_error("Repo " . $new['repo_id'] . " does not exists.");
208 247 return FALSE; return FALSE;
209 248 } }
210 249
211 // XSS protection
212 $name = gg_xss($name);
213 $desc = gg_xss($desc);
250 // XSS protection - TODO: move this to the caller!
251 $new['name'] = rg_xss($new['name']);
252 $new['desc'] = rg_xss($new['desc']);
214 253
215 $e_name = sql_escape($db, $name);
216 $e_desc = sql_escape($db, $desc);
254 $e_name = rg_sql_escape($db, $new['name']);
255 $e_desc = rg_sql_escape($db, $new['desc']);
217 256
218 257 $sql = "UPDATE repos SET name = '$e_name'" $sql = "UPDATE repos SET name = '$e_name'"
219 . ", max_commit_size = $max_commit_size"
258 . ", max_commit_size = " . $new['max_commit_size']
220 259 . ", desc = '$e_desc'" . ", desc = '$e_desc'"
221 . ", default_rights = '$rights'"
222 . " WHERE repo_id = $repo_id";
223 $res = sql_query($db, $sql);
260 . ", default_rights = '" . $new['default_rights'] . "'"
261 . " WHERE repo_id = " . $new['repo_id'];
262 $res = rg_sql_query($db, $sql);
224 263 if ($res === FALSE) { if ($res === FALSE) {
225 gg_repo_set_error("Cannot update (" . sql_error() . ")");
264 rg_repo_set_error("Cannot update (" . rg_sql_error() . ")");
226 265 return FALSE; return FALSE;
227 266 } }
228 sql_free_result($res);
267 rg_sql_free_result($res);
229 268
230 269 return TRUE; return TRUE;
231 270 } }
 
... ... function gg_repo_update($db, $repo_id, $gg_uid, $name, $max_commit_size, $desc,
233 272 /* /*
234 273 * List repositories * List repositories
235 274 */ */
236 function repo_list_query($db, $url, $sql)
275 function rg_repo_list_query($db, $url, $sql)
237 276 { {
238 xlog("repo_list_query: url=$url, sql=$sql...");
277 rg_log("repo_list_query: url=$url, sql=$sql...");
239 278
240 $res = sql_query($db, $sql);
279 $res = rg_sql_query($db, $sql);
241 280 if ($res === FALSE) if ($res === FALSE)
242 281 return FALSE; return FALSE;
243 282
 
... ... function repo_list_query($db, $url, $sql)
251 290 $ret .= " <th>Disk current/max</th>\n"; $ret .= " <th>Disk current/max</th>\n";
252 291 $ret .= " <th>Max commit size</th>\n"; $ret .= " <th>Max commit size</th>\n";
253 292 $ret .= "</tr>\n"; $ret .= "</tr>\n";
254 while (($row = sql_fetch_array($res))) {
293 while (($row = rg_sql_fetch_array($res))) {
255 294 $ret .= "<tr>\n"; $ret .= "<tr>\n";
256 $ret .= " <td><a href=\"" . $_SERVER['PHP_SELF'] . "?op=10&amp;repo_id=" . $row['repo_id'] . "\">" . $row['name'] . "</a></td>\n";
295 $_link = rg_re_repopage($row['repo_id'], $row['name']);
296 $ret .= " <td><a href=\"$_link\">" . $row['name'] . "</a></td>\n";
257 297 $ret .= " <td><small>" . nl2br($row['desc']) . "</small></td>\n"; $ret .= " <td><small>" . nl2br($row['desc']) . "</small></td>\n";
258 298 if ($row['master'] > 0) { if ($row['master'] > 0) {
259 299 $master_repo = "?"; $master_repo = "?";
260 $_mi = repo_info($db, $row['master'], "");
300 $_mi = rg_repo_info($db, $row['master'], "");
261 301 if ($_mi['exists'] = 1) if ($_mi['exists'] = 1)
262 302 $master_repo = $_mi['name']; $master_repo = $_mi['name'];
263 303 } }
 
... ... function repo_list_query($db, $url, $sql)
265 305 $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n"; $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n";
266 306
267 307 // rights // rights
268 $_r = implode(", ", gg_repo_rights_text($row['default_rights']));
308 $_r = implode(", ", rg_repo_rights_text($row['default_rights']));
269 309 $ret .= " <td>" . $_r . "</td>\n"; $ret .= " <td>" . $_r . "</td>\n";
270 310
271 311 $_max = "ulimited"; $_max = "ulimited";
272 312 if ($row['disk_quota_mb'] > 0) if ($row['disk_quota_mb'] > 0)
273 $_max = gg_1024($row['disk_quota_mb']);
313 $_max = rg_1024($row['disk_quota_mb']);
274 314 $ret .= " <td>" . $row['disk_mb'] . "/" . $_max . "</td>\n"; $ret .= " <td>" . $row['disk_mb'] . "/" . $_max . "</td>\n";
275 315
276 316 $_v = "ulimited"; $_v = "ulimited";
277 317 if ($row['max_commit_size'] > 0) if ($row['max_commit_size'] > 0)
278 $_v = gg_1024($row['max_commit_size']);
318 $_v = rg_1024($row['max_commit_size']);
279 319 $ret .= " <td>" . $_v . "</td>\n"; $ret .= " <td>" . $_v . "</td>\n";
280 320
281 321 $ret .= "</tr>\n"; $ret .= "</tr>\n";
282 322 } }
283 323 $ret .= "</table>\n"; $ret .= "</table>\n";
284 sql_free_result($res);
324 rg_sql_free_result($res);
285 325
286 326 return $ret; return $ret;
287 327 } }
 
... ... function repo_list_query($db, $url, $sql)
289 329 /* /*
290 330 * *
291 331 */ */
292 function repo_list($db, $url, $uid)
332 function rg_repo_list($db, $url, $rg_ui)
293 333 { {
294 xlog("repo_list: url=$url, uid=$uid...");
334 rg_log("repo_list: url=$url, rg_uid=" . $rg_ui['uid']);
295 335
296 336 $add = ""; $add = "";
297 if ($uid > 0)
298 $add = " AND uid = $uid";
337 if ($rg_ui['uid'] > 0)
338 $add = " AND uid = " . $rg_ui['uid'];
299 339
300 340 $sql = "SELECT * FROM repos" $sql = "SELECT * FROM repos"
301 341 . " WHERE deleted = 0" . " WHERE deleted = 0"
302 342 . $add . $add
303 343 . " ORDER BY name"; . " ORDER BY name";
304 344
305 return repo_list_query($db, $url, $sql);
345 return rg_repo_list_query($db, $url, $sql);
306 346 } }
307 347
308 348 /* /*
309 349 * *
310 350 */ */
311 function repo_search($db, $q, $masters)
351 function rg_repo_search($db, $q, $masters)
312 352 { {
313 xlog("repo_search: q=$q, masters=$masters...");
353 rg_log("repo_search: q=$q, masters=$masters...");
314 354
315 355 $add = ""; $add = "";
316 356 if ($masters == 1) if ($masters == 1)
317 357 $add = " AND master = 0"; $add = " AND master = 0";
318 358
319 $e_q = sql_escape($db, $q);
359 $e_q = rg_sql_escape($db, $q);
320 360
321 361 $sql = "SELECT * FROM repos" $sql = "SELECT * FROM repos"
322 362 . " WHERE deleted = 0" . " WHERE deleted = 0"
 
... ... function repo_search($db, $q, $masters)
325 365 . " ORDER BY name" . " ORDER BY name"
326 366 . " LIMIT 10"; . " LIMIT 10";
327 367
328 return repo_list_query($db, "", $sql);
368 return rg_repo_list_query($db, "", $sql);
329 369 } }
330 370
331 371 /* /*
332 372 * Computes the size of a repository * Computes the size of a repository
333 373 */ */
334 function repo_disk_mb($path)
374 function rg_repo_disk_mb($path)
335 375 { {
336 xlog("repo_disk_mb: path=$path...");
376 rg_log("repo_disk_mb: path=$path...");
337 377
338 378 // TODO // TODO
339 379
 
... ... function repo_disk_mb($path)
343 383 /* /*
344 384 * Mark a git repo as done * Mark a git repo as done
345 385 */ */
346 function repo_git_done($db, $repo_id)
386 function rg_repo_git_done($db, $repo_id)
347 387 { {
348 xlog("repo_git_done: repo_id=$repo_id...");
388 rg_log("repo_git_done: repo_id=$repo_id...");
349 389
350 390 $sql = "UPDATE repos SET git_dir_done = 1" $sql = "UPDATE repos SET git_dir_done = 1"
351 391 . " WHERE repo_id = $repo_id"; . " WHERE repo_id = $repo_id";
352 $res = sql_query($db, $sql);
392 $res = rg_sql_query($db, $sql);
353 393 if ($res === FALSE) { if ($res === FALSE) {
354 gg_repo_set_error("Cannot query (" . sql_error() . ")");
394 rg_repo_set_error("Cannot query (" . rg_sql_error() . ")");
355 395 return FALSE; return FALSE;
356 396 } }
357 sql_free_result($res);
397 rg_sql_free_result($res);
358 398
359 399 return TRUE; return TRUE;
360 400 } }
 
... ... function repo_git_done($db, $repo_id)
365 405 /* /*
366 406 * Combine two repo rights strings * Combine two repo rights strings
367 407 */ */
368 function gg_repo_rights_combine($a, $b)
408 function rg_repo_rights_combine($a, $b)
369 409 { {
370 410 $len = strlen($b); $len = strlen($b);
371 411 for ($i = 0; $i < $len; $i++) for ($i = 0; $i < $len; $i++)
 
... ... function gg_repo_rights_combine($a, $b)
378 418 /* /*
379 419 * Get rights for a user * Get rights for a user
380 420 */ */
381 function gg_repo_rights_get($db, $ri, $uid)
421 function rg_repo_rights_get($db, $ri, $uid)
382 422 { {
383 global $gg_repo_rights;
423 global $rg_repo_rights;
384 424
385 xlog("gg_repo_rights_get: repo_id=" . $ri['repo_id'] . ", uid=$uid...");
425 rg_log("rg_repo_rights_get: repo_id=" . $ri['repo_id'] . ", uid=$uid...");
386 426
387 427 $ret = array(); $ret = array();
388 428 $ret['ok'] = 0; $ret['ok'] = 0;
 
... ... function gg_repo_rights_get($db, $ri, $uid)
390 430 $ret['rights'] = ""; $ret['rights'] = "";
391 431
392 432 $repo_id = $ri['repo_id']; $repo_id = $ri['repo_id'];
393 $dr = $ri['default_rights'];
394 433
395 434 // Give all rights to owner // Give all rights to owner
435 $dr = $ri['default_rights'];
396 436 if ($ri['uid'] == $uid) { if ($ri['uid'] == $uid) {
397 foreach ($gg_repo_rights as $letter => $junk)
398 $dr = gg_repo_rights_combine($dr, $letter);
437 foreach ($rg_repo_rights as $letter => $junk)
438 $dr = rg_repo_rights_combine($dr, $letter);
399 439 } }
400 440
401 441 $sql = "SELECT rights FROM repo_rights" $sql = "SELECT rights FROM repo_rights"
402 442 . " WHERE repo_id = $repo_id" . " WHERE repo_id = $repo_id"
403 443 . " AND uid = $uid" . " AND uid = $uid"
404 444 . " LIMIT 1"; . " LIMIT 1";
405 $res = sql_query($db, $sql);
445 $res = rg_sql_query($db, $sql);
406 446 if ($res === FALSE) { if ($res === FALSE) {
407 gg_repo_set_error("Cannot get info (" . sql_error() . ")!");
447 rg_repo_set_error("Cannot get info (" . rg_sql_error() . ")!");
408 448 return $ret; return $ret;
409 449 } }
410 450
411 451 $ret['ok'] = 1; $ret['ok'] = 1;
412 $row = sql_fetch_array($res);
413 sql_free_result($res);
452 $row = rg_sql_fetch_array($res);
453 rg_sql_free_result($res);
414 454 if (isset($row['rights'])) { if (isset($row['rights'])) {
415 455 $ret['rights'] = $row['rights']; $ret['rights'] = $row['rights'];
416 456 $ret['exists'] = 1; $ret['exists'] = 1;
417 457 } }
418 458
419 $ret['rights'] = gg_repo_rights_combine($dr, $ret['rights']);
459 $ret['rights'] = rg_repo_rights_combine($dr, $ret['rights']);
460 rg_log("\tDEBUG rights=" . $ret['rights']);
420 461
421 462 return $ret; return $ret;
422 463 } }
 
... ... function gg_repo_rights_get($db, $ri, $uid)
424 465 /* /*
425 466 * Add rights for a repo * Add rights for a repo
426 467 */ */
427 function gg_repo_rights_set($db, $ri, $uid, $rights)
468 function rg_repo_rights_set($db, $ri, $uid, $rights)
428 469 { {
429 xlog("gg_repo_rights_set: repo_id=" . $ri['repo_id']
470 rg_log("rg_repo_rights_set: repo_id=" . $ri['repo_id']
430 471 . ", uid=$uid, rights=$rights..."); . ", uid=$uid, rights=$rights...");
431 472
432 473 $repo_id = $ri['repo_id']; $repo_id = $ri['repo_id'];
 
... ... function gg_repo_rights_set($db, $ri, $uid, $rights)
436 477 . " WHERE repo_id = $repo_id" . " WHERE repo_id = $repo_id"
437 478 . " AND uid = $uid"; . " AND uid = $uid";
438 479 } else { } else {
439 $e_rights = sql_escape($db, $rights);
480 $e_rights = rg_sql_escape($db, $rights);
440 481
441 $rr = gg_repo_rights_get($db, $ri, $repo_id);
442 if ($rr === FALSE)
482 $rr = rg_repo_rights_get($db, $ri, $uid);
483 if ($rr === FALSE)
443 484 return $rr; return $rr;
485 rg_log("rr: " . print_r($rr, TRUE));
444 486
445 487 if ($rr['exists'] == 1) { if ($rr['exists'] == 1) {
446 488 $sql = "UPDATE repo_rights" $sql = "UPDATE repo_rights"
 
... ... function gg_repo_rights_set($db, $ri, $uid, $rights)
457 499 } }
458 500 } }
459 501
460 $res = sql_query($db, $sql);
502 $res = rg_sql_query($db, $sql);
461 503 if ($res === FALSE) { if ($res === FALSE) {
462 gg_repo_set_error("Cannot alter rights (" . sql_error() . ")!");
504 rg_repo_set_error("Cannot alter rights (" . rg_sql_error() . ")!");
463 505 return FALSE; return FALSE;
464 506 } }
465 sql_free_result($res);
507 rg_sql_free_result($res);
466 508
467 509 return TRUE; return TRUE;
468 510 } }
 
... ... function gg_repo_rights_set($db, $ri, $uid, $rights)
470 512 /* /*
471 513 * List rights for a repo * List rights for a repo
472 514 */ */
473 function gg_repo_rights_list($db, $repo_id)
515 function rg_repo_rights_list($db, $repo_id, $url)
474 516 { {
475 xlog("gg_repo_rights: repo_id=$repo_id");
517 rg_log("rg_repo_rights_list: repo_id=$repo_id url=$url");
476 518
477 519 $ret = ""; $ret = "";
478 520
479 521 $sql = "SELECT * FROM repo_rights WHERE repo_id = $repo_id"; $sql = "SELECT * FROM repo_rights WHERE repo_id = $repo_id";
480 $res = sql_query($db, $sql);
522 $res = rg_sql_query($db, $sql);
481 523 if ($res === FALSE) { if ($res === FALSE) {
482 gg_repo_set_error("Cannot get info (" . sql_error() . ")!");
524 rg_repo_set_error("Cannot get info (" . rg_sql_error() . ")!");
483 525 return FALSE; return FALSE;
484 526 } }
485 527
 
... ... function gg_repo_rights_list($db, $repo_id)
489 531 $ret .= " <th>Rights</th>\n"; $ret .= " <th>Rights</th>\n";
490 532 $ret .= " <th>Operations</th>\n"; $ret .= " <th>Operations</th>\n";
491 533 $ret .= "</tr>\n"; $ret .= "</tr>\n";
492 while (($row = sql_fetch_array($res))) {
534 while (($row = rg_sql_fetch_array($res))) {
493 535 $ret .= "<tr>\n"; $ret .= "<tr>\n";
494 536
495 537 $_u = $row['uid']; $_u = $row['uid'];
496 $_ui = user_info($db, $row['uid'], "", "");
538 $_ui = rg_user_info($db, $row['uid'], "", "");
497 539 if ($_ui['exists'] == 1) if ($_ui['exists'] == 1)
498 540 $_u = $_ui['user']; $_u = $_ui['user'];
499 541
500 542 $ret .= " <td>" . $_u . "</td>\n"; $ret .= " <td>" . $_u . "</td>\n";
501 543
502 $_r = gg_repo_rights_text($row['rights']);
544 $_r = rg_repo_rights_text($row['rights']);
503 545 $_r = implode("<br />\n", $_r); $_r = implode("<br />\n", $_r);
504 546 $ret .= " <td>" . $_r . "</td>\n"; $ret .= " <td>" . $_r . "</td>\n";
505 547
506 548 // operations // operations
507 // suspend
549 // remove
508 550 $ret .= " <td>"; $ret .= " <td>";
509 /*TODO
510 $_url = $url . "&amp;xuid=" . $row['uid'];
511 $v = 1; $t = "Suspend";
512 if ($row['suspended'] > 0) {
513 $t = "Unsuspend";
514 $v = 0;
515 }
516 $ret .= "[<a href=\"$_url&amp;suspend=$v\">$t</a>]";
517 // admin
518 $v = 1; $t = "Admin";
519 if ($row['is_admin'] == 1) {
520 $t = "Remove admin";
521 $v = 0;
522 }
523 $ret .= "[<a href=\"$_url&amp;admin=$v\">$t</a>]";
524 */
551 $_url = $url . "&amp;subop=2";
552 $v = $row['uid'];
553 $ret .= "[<a href=\"$_url&amp;remove_uid=$v\">Remove</a>]";
525 554 $ret .= " </td>"; $ret .= " </td>";
526 555 $ret .= "</tr>\n"; $ret .= "</tr>\n";
527 556 } }
528 557 $ret .= "</table>\n"; $ret .= "</table>\n";
529 sql_free_result($res);
558 rg_sql_free_result($res);
530 559
531 560 return $ret; return $ret;
532 561 } }
 
... ... function gg_repo_rights_list($db, $repo_id)
534 563 /* /*
535 564 * Rights -> form * Rights -> form
536 565 */ */
537 function gg_repo_rights_checkboxes($def_rights)
566 function rg_repo_rights_checkboxes($def_rights)
538 567 { {
539 global $gg_repo_rights;
568 global $rg_repo_rights;
540 569
541 570 $ret = ""; $ret = "";
542 foreach ($gg_repo_rights as $right => $info) {
571 foreach ($rg_repo_rights as $right => $info) {
543 572 $add = ""; $add = "";
544 573 if (strstr($def_rights, $right)) if (strstr($def_rights, $right))
545 574 $add = " checked"; $add = " checked";
 
... ... function gg_repo_rights_checkboxes($def_rights)
553 582 /* /*
554 583 * List rights as text * List rights as text
555 584 */ */
556 function gg_repo_rights_text($rights)
585 function rg_repo_rights_text($rights)
557 586 { {
558 global $gg_repo_rights;
587 global $rg_repo_rights;
559 588
560 589 $ret = array(); $ret = array();
561 590
 
... ... function gg_repo_rights_text($rights)
564 593 return array("None"); return array("None");
565 594
566 595 for ($i = 0; $i < $len; $i++) { for ($i = 0; $i < $len; $i++) {
567 if (isset($gg_repo_rights[$rights[$i]]))
568 $ret[] = $gg_repo_rights[$rights[$i]];
596 if (isset($rg_repo_rights[$rights[$i]]))
597 $ret[] = $rg_repo_rights[$rights[$i]];
569 598 else else
570 599 $ret[] = "?" . $rights[$i] . "?"; $ret[] = "?" . $rights[$i] . "?";
571 600 } }
 
... ... function gg_repo_rights_text($rights)
576 605 /* /*
577 606 * Transforms rights array into a string * Transforms rights array into a string
578 607 */ */
579 function gg_repo_rights_a2s($a)
608 function rg_repo_rights_a2s($a)
580 609 { {
581 610 $rights = ""; $rights = "";
582 611
File inc/repo/repo.form.php changed (mode: 100644) (index 7c8e9ff..7ebcd93)
1 1 <?php <?php
2 2
3 3 $_form = ' $_form = '
4 <form type="post" action="' . $_SERVER['PHP_SELF'] . '">
4 <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
5 5 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
6 6 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
7 7 <input type="hidden" name="repo_id" value="' . $repo_id . '"> <input type="hidden" name="repo_id" value="' . $repo_id . '">
 
... ... $_form .= '
44 44 <tr> <tr>
45 45 <td>Default rights:</td> <td>Default rights:</td>
46 46 <td> <td>
47 ' . gg_repo_rights_checkboxes($rights) . '
47 ' . rg_repo_rights_checkboxes($rights) . '
48 48 </td> </td>
49 49 </tr> </tr>
50 50
File inc/repo/repo.php changed (mode: 100644) (index 61e3d2d..8b5d91a)
1 1 <?php <?php
2 xlog("/inc/repo/repo.php");
2 rg_log("/inc/repo/repo.php");
3 3
4 if ($gg_uid == 0) {
5 $_body = "You do not have access here!";
4 $_repo = "";
5
6 if ($rg_ui['uid'] == 0) {
7 $_repo .= "You do not have access here!";
6 8 return; return;
7 9 } }
8 10
9 $subop = @intval($_REQUEST['subop']);
10 $name = @$_REQUEST['name'];
11 $max_commit_size = @intval($_REQUEST['max_commit_size']);
12 $desc = @$_REQUEST['desc'];
13 $master_repo_id = sprintf("%u", @$_REQUEST['master_repo_id']);
14 $rights = @$_REQUEST['rights'];
15 $rights = gg_repo_rights_a2s($rights);
16 $repo_id = @intval($_REQUEST['repo_id']);
17 $q = @$_REQUEST['q'];
18 $masters = @intval($_REQUEST['masters']);
11 $name = rg_var_str("name");
12 $max_commit_size = rg_var_uint("max_commit_size");
13 $desc = rg_var_str("desc");
14 $master_repo_id = rg_var_uint("master_repo_id");
15 $rights = rg_var_str("rights");
16 $rights = rg_repo_rights_a2s($rights);
17 $repo_id = rg_var_uint("repo_id");
18 $q = rg_var_str("q");
19 $masters = rg_var_uint("masters");
19 20
20 21
21 22 // menu // menu
22 $_url = $_SERVER['PHP_SELF'] . "?op=$op";
23 $_url = rg_re_url($op);
23 24 $_menu = ""; $_menu = "";
24 25 $_menu .= "[<a href=\"$_url&amp;subop=1\">Create</a>]"; $_menu .= "[<a href=\"$_url&amp;subop=1\">Create</a>]";
25 26 $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">List</a>]"; $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">List</a>]";
 
... ... $_body = "";
32 33 switch ($subop) { switch ($subop) {
33 34 case 1: // create case 1: // create
34 35 if ($doit == 1) { if ($doit == 1) {
35 $_r = repo_create($db, $master_repo_id, $gg_uid, $name,
36 $_r = rg_repo_create($db, $master_repo_id, $rg_ui, $name,
36 37 $max_commit_size, $desc, $rights); $max_commit_size, $desc, $rights);
37 38 if ($_r === FALSE) if ($_r === FALSE)
38 $_body .= gg_repo_error();
39 $_body .= rg_repo_error();
39 40 else else
40 41 $_body .= "OK!"; $_body .= "OK!";
41 42 } else { } else {
 
... ... case 1: // create
46 47 break; break;
47 48
48 49 case 2: // list case 2: // list
49 $_body .= repo_list($db, "", $gg_uid);
50 $_body .= rg_repo_list($db, "", $rg_ui);
50 51 break; break;
51 52
52 53 case 3: // search case 3: // search
53 54 if ($doit == 1) { if ($doit == 1) {
54 $_body .= repo_search($db, $q, $masters);
55 $_body .= rg_repo_search($db, $q, $masters);
55 56 } else { } else {
56 57 include($INC . "/repo/search.form.php"); include($INC . "/repo/search.form.php");
57 58 $_body .= $_form; $_body .= $_form;
 
... ... case 3: // search
59 60 break; break;
60 61 } }
61 62
62 $_repo = $_menu . $_body;
63 $_repo .= $_menu . $_body;
63 64 ?> ?>
File inc/repo/repo_page.php changed (mode: 100644) (index a7f40ec..9fb21c7)
1 1 <?php <?php
2 xlog("/inc/repo/repo_page.php");
3
4 $repo_id = @intval($_REQUEST['repo_id']);
5
6 $subop = @intval($_REQUEST['subop']);
7 $name = @$_REQUEST['name'];
8 $max_commit_size = @intval($_REQUEST['max_commit_size']);
9 $desc = @$_REQUEST['desc'];
10 $rights = @$_REQUEST['rights'];
11 $rights = gg_repo_rights_a2s($rights);
12 $user = @gg_user_fix($_REQUEST['user']);
2 rg_log("/inc/repo/repo_page.php");
3
4 $repo = rg_var_str("repo");
5 $repo_id = rg_var_uint("repo_id");
6 $name = rg_var_str("name");
7 $max_commit_size = rg_var_uint("max_commit_size");
8 $desc = rg_var_str("desc");
9 $rights = @rg_repo_rights_a2s($_REQUEST['rights']);
10 $user = rg_user_fix(rg_var_str("user"));
13 11 $master_repo_id = 0; $master_repo_id = 0;
14 12
15 13 // menu // menu
16 $_url = $_SERVER['PHP_SELF'] . "?op=$op&amp;repo_id=$repo_id";
14 $_url = rg_re_repopage($repo_id, $repo);
17 15 $_menu = ""; $_menu = "";
18 16 $_menu .= "[<a href=\"$_url&amp;subop=1\">Edit</a>]"; $_menu .= "[<a href=\"$_url&amp;subop=1\">Edit</a>]";
19 17 $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">Rights</a>]"; $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">Rights</a>]";
 
... ... $_menu .= "<br />\n";
23 21
24 22 $_body = ""; $_body = "";
25 23
26 $ri = repo_info($db, $repo_id, "");
24 $ri = rg_repo_info($db, $repo_id, $repo);
27 25 if (($ri['ok'] != 1) || ($ri['deleted'] == 1)) { if (($ri['ok'] != 1) || ($ri['deleted'] == 1)) {
28 26 $_body .= "Invalid repository!"; $_body .= "Invalid repository!";
29 27 // force subop 0 // force subop 0
30 28 $subop = 0; $subop = 0;
31 29 } }
30 // we need it in forms
31 $repo_id = $ri['repo_id'];
32 32
33 $_body .= "Repo <b>" . $ri['name'] . "</b><br />\n";
34 if (!empty($ri['desc']))
35 $_body .= "<small>" . $ri['desc'] . "</small><br />\n";
36 $_dr = gg_repo_rights_text($ri['default_rights']);
37 $_body .= "Default rights: " . implode(", ", $_dr) . "<br /><br />\n";
38 $_body .= "Maxim commit size: " . gg_1024($ri['max_commit_size']) . "<br />\n";
39 $_body .= "<br />\n";
40
33 $show_repo_info = 1;
41 34 switch ($subop) { switch ($subop) {
42 35 case 1: // edit case 1: // edit
43 36 if ($doit == 1) { if ($doit == 1) {
44 $_r = gg_repo_update($db, $repo_id, $gg_uid, $name,
45 $max_commit_size, $desc, $rights);
46 if ($_r === FALSE)
47 $_body .= gg_repo_error();
48 else
37 while (1) {
38 if (rg_repo_allow($db, $ri, $rg_ui, "A") === FALSE) {
39 $_body .= "Not allowed!<br />\n";
40 break;
41 }
42
43 $ri['name'] = $name; // TODO: filter name!
44 $ri['max_commit_size'] = $max_commit_size;
45 $ri['desc'] = $desc; // TODO: filter
46 $ri['default_rights'] = $rights; // TODO: filter
47 $_r = rg_repo_update($db, $ri);
48 if ($_r === FALSE) {
49 $_body .= rg_repo_error();
50 break;
51 }
52
49 53 $_body .= "OK!"; $_body .= "OK!";
54 break;
55 }
50 56 } else { } else {
51 57 // load variables // load variables
52 58 $name = $ri['name']; $name = $ri['name'];
 
... ... case 1: // edit
61 67 break; break;
62 68
63 69 case 2: // rights case 2: // rights
64 $errmsg = "";
65 $_errors = 0;
70 $errmsg = array();
71
72 $remove_uid = rg_var_uint("remove_uid");
73 rg_log("\tDEBUG remove_uid=$remove_uid");
74
75 if ($remove_uid + $doit > 0) {
76 if (rg_repo_allow($db, $ri, $rg_ui, "A") === FALSE) {
77 $errmsg[] = "Not allowed!";
78 // cancel further checking
79 $doit = 0;
80 $remove_uid = 0;
81 }
82 }
83
84 while ($remove_uid > 0) {
85 $e = rg_repo_rights_set($db, $ri, $remove_uid, "");
86 if ($e === FALSE) {
87 $errmsg[] = rg_repo_error();
88 break;
89 }
90
91 break;
92 }
66 93
67 94 while ($doit == 1) { while ($doit == 1) {
68 95 // lookup user // lookup user
69 $_ui = user_info($db, 0, $user, "");
96 $_ui = rg_user_info($db, 0, $user, "");
70 97 if ($_ui['exists'] != 1) { if ($_ui['exists'] != 1) {
71 $errmsg .= "User does not exists!";
72 $_errors++;
98 $errmsg[] = "User <b>$user</b> does not exists!";
73 99 break; break;
74 100 } }
75 101
76 // TODO: Check if user is allowed to give rights
77
78 $e = gg_repo_rights_set($db, $ri, $_ui['uid'], $rights);
102 $e = rg_repo_rights_set($db, $ri, $_ui['uid'], $rights);
79 103 if ($e === FALSE) { if ($e === FALSE) {
80 $errmsg .= gg_repo_error();
81 $_errors++;
104 $errmsg[] = rg_repo_error();
82 105 break; break;
83 106 } }
84 107
 
... ... case 2: // rights
86 109 } }
87 110
88 111 // list rights // list rights
89 $_body .= gg_repo_rights_list($db, $repo_id);
112 $_url = rg_re_repopage($ri['repo_id'], $ri['name']);
113 $_body .= rg_repo_rights_list($db, $repo_id, $_url);
90 114
91 // give rights form
92 115 $_body .= "<br />\n"; $_body .= "<br />\n";
93 116
94 117 include($INC . "/repo/rights.form.php"); include($INC . "/repo/rights.form.php");
95 118 $_body .= $_form; $_body .= $_form;
96 119 break; break;
97 120
98 case 3: //delete
99 $r = gg_repo_delete($db, $repo_id, $gg_uid);
100 if ($r === FALSE) {
101 $_body .= "Error: " . gg_repo_error();
121 case 3: // delete
122 $errmsg = array();
123
124 while (1) {
125 if (rg_repo_allow($db, $ri, $rg_ui, "A") === FALSE) {
126 $errmsg[] = "Not allowed!";
127 break;
128 }
129
130 $r = rg_repo_delete($db, $repo_id, $rg_ui);
131 if ($r === FALSE) {
132 $errmsg[] = "Error: " . rg_repo_error();
133 break;
134 }
135
136 break;
137 }
138
139 $_err = implode("<br />\n", $errmsg);
140 if (!empty($_err)) {
141 $_body .= $_err;
102 142 } else { } else {
103 $_body .= "OK!";
143 $_body .= "OK";
144 $show_repo_info = 0;
104 145 } }
105 146
106 147 break; break;
107 148 } }
108 149
109 $_repo = $_menu . $_body;
150 $_rt = "";
151 if ($show_repo_info == 1) {
152 $_rt = "Repo <b>" . $ri['name'] . "</b><br />\n";
153 if (!empty($ri['desc']))
154 $_rt .= "<small>" . $ri['desc'] . "</small><br />\n";
155 $_rt .= "<br />\n";
156 $_dr = rg_repo_rights_text($ri['default_rights']);
157 $_rt .= "Default rights: " . implode(", ", $_dr) . "<br />\n";
158 $_rt .= "Maxim commit size: " . rg_1024($ri['max_commit_size']) . "<br />\n";
159 $_rt .= "Git URL: git://" . $_SERVER['HTTP_HOST'] . "/" . $ri['name'] . ".git<br />\n";
160 $_rt .= "<br />\n";
161 }
162
163 $_repo = $_menu . $_rt . $_body;
110 164 ?> ?>
File inc/repo/rights.form.php changed (mode: 100644) (index c9d07b5..3b7e7ef)
1 1 <?php <?php
2 2
3 3 $_form = ' $_form = '
4 <font color="red">' . $errmsg . '</font><br />
5 <form type="post" action="' . $_SERVER['PHP_SELF'] . '">
4 <font color="red">' . implode("<br />\n", $errmsg) . '</font><br />
5 <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
6 6 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
7 7 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
8 8 <input type="hidden" name="repo_id" value="' . $repo_id . '"> <input type="hidden" name="repo_id" value="' . $repo_id . '">
 
... ... $_form = '
19 19 <tr> <tr>
20 20 <td>Rights:</td> <td>Rights:</td>
21 21 <td> <td>
22 ' . gg_repo_rights_checkboxes($rights) . '
22 ' . rg_repo_rights_checkboxes($rights) . '
23 23 </td> </td>
24 24 </tr> </tr>
25 25
File inc/repo/search.form.php changed (mode: 100644) (index 2491cea..cec795a)
1 1 <?php <?php
2 2
3 3 $_form = ' $_form = '
4 <form type="post" action="' . $_SERVER['PHP_SELF'] . '">
4 <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
5 5 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
6 6 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
7 7 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
File inc/sess.inc.php changed (mode: 100644) (index ef6bff1..81ed5af)
1 1 <?php <?php
2 require_once($INC . "/xlog.inc.php");
2 require_once($INC . "/log.inc.php");
3 3 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
4 4
5 5 /* /*
6 6 * Add a session * Add a session
7 7 */ */
8 function sess_add($db, $uid, $sid, $session_time)
8 function rg_sess_add($db, $uid, $sid, $session_time)
9 9 { {
10 xlog("sess_add: uid=$uid, sid=$sid, session_time=$session_time.");
10 rg_log("sess_add: uid=$uid, sid=$sid, session_time=$session_time.");
11 11
12 12 $ip = @$_SERVER['REMOTE_ADDR']; $ip = @$_SERVER['REMOTE_ADDR'];
13 13 $now = time(); $now = time();
 
... ... function sess_add($db, $uid, $sid, $session_time)
15 15 $sql = "INSERT INTO sess (sid, uid, expire, session_time, ip)" $sql = "INSERT INTO sess (sid, uid, expire, session_time, ip)"
16 16 . " VALUES ('$sid', $uid" . " VALUES ('$sid', $uid"
17 17 . ", " . ($now + $session_time) . ", $session_time, '$ip')"; . ", " . ($now + $session_time) . ", $session_time, '$ip')";
18 $res = sql_query($db, $sql);
18 $res = rg_sql_query($db, $sql);
19 19 if ($res === FALSE) { if ($res === FALSE) {
20 xlog("\tCannot insert (" . sql_error() . ")!");
20 rg_log("\tCannot insert (" . rg_sql_error() . ")!");
21 21 return FALSE; return FALSE;
22 22 } }
23 sql_free_result($res);
23 rg_sql_free_result($res);
24 24
25 25 return TRUE; return TRUE;
26 26 } }
 
... ... function sess_add($db, $uid, $sid, $session_time)
28 28 /* /*
29 29 * Returns if a session is still valid. Will return FALSE or uid * Returns if a session is still valid. Will return FALSE or uid
30 30 */ */
31 function sess_valid($db, $sid)
31 function rg_sess_valid($db, $sid)
32 32 { {
33 xlog("sess_valid: sid=$sid...");
33 rg_log("sess_valid: sid=$sid...");
34 34
35 if (empty($sid))
36 return FALSE;
37
38 $now = time();
39 35 $uid = FALSE; $uid = FALSE;
40 36
41 $e_sid = sql_escape($db, $sid);
37 $e_sid = rg_sql_escape($db, $sid);
42 38
43 39 $sql = "SELECT uid, expire FROM sess WHERE sid = '$e_sid'"; $sql = "SELECT uid, expire FROM sess WHERE sid = '$e_sid'";
44 $res = sql_query($db, $sql);
40 $res = rg_sql_query($db, $sql);
45 41 if ($res === FALSE) { if ($res === FALSE) {
46 xlog("\tCannot select (" . sql_error() . ")!");
42 rg_log("\tCannot select (" . rg_sql_error() . ")!");
47 43 return FALSE; return FALSE;
48 44 } }
49 $row = sql_fetch_array($res);
50 sql_free_result($res);
45 $row = rg_sql_fetch_array($res);
46 rg_sql_free_result($res);
51 47 if (isset($row['uid'])) { if (isset($row['uid'])) {
48 $now = time();
52 49 if ($row['expire'] >= $now) { if ($row['expire'] >= $now) {
53 50 $uid = $row['uid']; $uid = $row['uid'];
54 xlog("\tSession valid, uid=$uid, expire=+" . ($row['expire'] - $now));
51 rg_log("\tSession valid, uid=$uid, expire=+" . ($row['expire'] - $now));
55 52 } else { } else {
56 xlog("\tSession too old (" . ($now - $row['expire']) . "s)");
53 rg_log("\tSession too old (" . ($now - $row['expire']) . "s)");
57 54 } }
58 55 } else { } else {
59 xlog("\tSession not found!");
56 rg_log("\tSession not found!");
60 57 } }
61 58
62 59 return $uid; return $uid;
 
... ... function sess_valid($db, $sid)
65 62 /* /*
66 63 * Refresh a session * Refresh a session
67 64 */ */
68 function sess_update($db, $sid)
65 function rg_sess_update($db, $sid)
69 66 { {
70 xlog("sess_update: sid=$sid...");
67 rg_log("sess_update: sid=$sid...");
71 68
72 $e_sid = sql_escape($db, $sid);
69 $e_sid = rg_sql_escape($db, $sid);
73 70
74 71 $sql = "UPDATE sess SET expire = " . time() . " + session_time" $sql = "UPDATE sess SET expire = " . time() . " + session_time"
75 72 . " WHERE sid = '$e_sid'"; . " WHERE sid = '$e_sid'";
76 $res = sql_query($db, $sql);
73 $res = rg_sql_query($db, $sql);
77 74 if ($res === FALSE) { if ($res === FALSE) {
78 xlog("\tCannot update (" . sql_error() . ")!");
75 rg_log("\tCannot update (" . rg_sql_error() . ")!");
79 76 return FALSE; return FALSE;
80 77 } }
81 sql_free_result($res);
78 rg_sql_free_result($res);
82 79
83 80 return TRUE; return TRUE;
84 81 } }
 
... ... function sess_update($db, $sid)
86 83 /* /*
87 84 * Destroy session * Destroy session
88 85 */ */
89 function sess_destroy($db, $sid)
86 function rg_sess_destroy($db, $sid, &$rg_ui)
90 87 { {
91 xlog("sess_destroy: sid=$sid...");
88 rg_log("sess_destroy: sid=$sid...");
92 89
93 $e_sid = sql_escape($db, $sid);
90 $e_sid = rg_sql_escape($db, $sid);
94 91
95 92 $sql = "DELETE FROM sess WHERE sid = '$e_sid'"; $sql = "DELETE FROM sess WHERE sid = '$e_sid'";
96 $res = sql_query($db, $sql);
93 $res = rg_sql_query($db, $sql);
97 94 if ($res === FALSE) { if ($res === FALSE) {
98 xlog("\tCannot delete (" . sql_error() . ")!");
95 rg_log("\tCannot delete (" . rg_sql_error() . ")!");
99 96 return FALSE; return FALSE;
100 97 } }
101 sql_free_result($res);
98 rg_sql_free_result($res);
99
100 $rg_ui = array();
101 $rg_ui['uid'] = 0;
102 $rg_ui['is_admin'] = 0;
102 103
103 104 return TRUE; return TRUE;
104 105 } }
File inc/state.inc.php changed (mode: 100644) (index 66b2342..6ab5899)
... ... require_once($INC . "/db.inc.php");
4 4 /* /*
5 5 * Set state * Set state
6 6 */ */
7 function state_set($db, $var, $value)
7 function rg_state_set($db, $var, $value)
8 8 { {
9 $e_var = sql_escape($db, $var);
10 $e_value = sql_escape($db, $value);
9 $e_var = rg_sql_escape($db, $var);
10 $e_value = rg_sql_escape($db, $value);
11 11
12 12 $sql = "UPDATE state SET value = '$e_value'" $sql = "UPDATE state SET value = '$e_value'"
13 13 . " WHERE var = '$e_var'"; . " WHERE var = '$e_var'";
14 $res = sql_query($db, $sql);
14 $res = rg_sql_query($db, $sql);
15 15 if ($res === FALSE) if ($res === FALSE)
16 16 return FALSE; return FALSE;
17 sql_free_result($res);
17 rg_sql_free_result($res);
18 18
19 19 return TRUE; return TRUE;
20 20 } }
 
... ... function state_set($db, $var, $value)
22 22 /* /*
23 23 * Get state * Get state
24 24 */ */
25 function state_get($db, $var)
25 function rg_state_get($db, $var)
26 26 { {
27 $e_var = sql_escape($db, $var);
27 $e_var = rg_sql_escape($db, $var);
28 28
29 29 $sql = "SELECT value FROM state WHERE var = '$e_var'"; $sql = "SELECT value FROM state WHERE var = '$e_var'";
30 $res = sql_query($db, $sql);
30 $res = rg_sql_query($db, $sql);
31 31 if ($res === FALSE) if ($res === FALSE)
32 32 return FALSE; return FALSE;
33 33
34 $row = sql_fetch_array($res);
34 $row = rg_sql_fetch_array($res);
35 35 if (!isset($row['value'])) if (!isset($row['value']))
36 36 return FALSE; return FALSE;
37 37
38 sql_free_result($res);
38 rg_sql_free_result($res);
39 39
40 40 return $row['value']; return $row['value'];
41 41 } }
File inc/user.inc.php changed (mode: 100644) (index 4fd43cb..eea1ece)
1 1 <?php <?php
2 2 require_once($INC . "/util.inc.php"); require_once($INC . "/util.inc.php");
3 require_once($INC . "/xlog.inc.php");
3 require_once($INC . "/log.inc.php");
4 4 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
5 5 require_once($INC . "/sess.inc.php"); require_once($INC . "/sess.inc.php");
6 6
7 function gg_user_set_error($str)
7 function rg_user_set_error($str)
8 8 { {
9 global $_gg_user_error;
9 global $_rg_user_error;
10 10
11 xlog("\tError: $str");
12 $_gg_user_error = $str;
11 rg_log("\tError: $str");
12 $_rg_user_error = $str;
13 13 } }
14 14
15 function gg_user_error()
15 function rg_user_error()
16 16 { {
17 global $_gg_user_error;
18 return $_gg_user_error;
17 global $_rg_user_error;
18 return $_rg_user_error;
19 }
20
21 /*
22 * Returns true if the user is ok
23 */
24 function rg_user_ok($user)
25 {
26 global $rg_user_allow;
27 global $rg_user_max_len;
28
29 if (rg_chars_allow($user, $rg_user_allow) === FALSE) {
30 rg_user_set_error("Invalid user name");
31 return FALSE;
32 }
33
34 if (strlen($user) > $rg_user_max_len) {
35 rg_user_set_error("User name too long");
36 return FALSE;
37 }
38
39 return TRUE;
19 40 } }
20 41
21 42 /* /*
22 43 * Add a user * Add a user
23 44 */ */
24 function user_add($db, $user, $pass, $email, $is_admin)
45 function rg_user_add($db, $user, $pass, $email, $is_admin)
25 46 { {
26 global $gg_session_time;
47 global $rg_session_time;
27 48
28 xlog("user_add: user=$user, pass=$pass, email=$email, is_admin=$is_admin...");
49 rg_log("user_add: user=$user, pass=$pass, email=$email, is_admin=$is_admin...");
50
51 if (rg_user_ok($user) === FALSE)
52 return FALSE;
29 53
30 54 $itime = time(); $itime = time();
31 $e_salt = gg_id(40);
55 $e_salt = rg_id(40);
32 56 $e_sha1pass = sha1($e_salt . "===" . $pass); $e_sha1pass = sha1($e_salt . "===" . $pass);
33 $session_time = $gg_session_time;
57 $session_time = $rg_session_time;
34 58
35 $e_user = sql_escape($db, $user);
36 $e_email = sql_escape($db, $email);
59 $e_user = rg_sql_escape($db, $user);
60 $e_email = rg_sql_escape($db, $email);
37 61
38 62 $sql = "INSERT INTO users (user, salt, pass, email, itime, is_admin, session_time)" $sql = "INSERT INTO users (user, salt, pass, email, itime, is_admin, session_time)"
39 63 . " VALUES ('$e_user', '$e_salt', '$e_sha1pass', '$e_email'" . " VALUES ('$e_user', '$e_salt', '$e_sha1pass', '$e_email'"
40 64 . ", $itime, $is_admin, $session_time)"; . ", $itime, $is_admin, $session_time)";
41 $res = sql_query($db, $sql);
65 $res = rg_sql_query($db, $sql);
42 66 if ($res === FALSE) { if ($res === FALSE) {
43 gg_user_set_error("Cannot insert user (" . sql_error() . ")!");
67 rg_user_set_error("Cannot insert user (" . rg_sql_error() . ")!");
44 68 return FALSE; return FALSE;
45 69 } }
46 sql_free_result($res);
70 rg_sql_free_result($res);
47 71
48 72 return TRUE; return TRUE;
49 73 } }
 
... ... function user_add($db, $user, $pass, $email, $is_admin)
51 75 /* /*
52 76 * Delete a user * Delete a user
53 77 */ */
54 function user_remove($db, $uid)
78 function rg_user_remove($db, $uid)
55 79 { {
56 80 $uid = sprintf("%u", $uid); $uid = sprintf("%u", $uid);
57 81
58 82 $sql = "DELETE FROM users WHERE uid = $uid"; $sql = "DELETE FROM users WHERE uid = $uid";
59 $res = sql_query($db, $sql);
83 $res = rg_sql_query($db, $sql);
60 84 if ($res === FALSE) { if ($res === FALSE) {
61 gg_user_set_error("Cannot remove user $uid (" . sql_error() . ")!");
85 rg_user_set_error("Cannot remove user $uid (" . rg_sql_error() . ")!");
62 86 return FALSE; return FALSE;
63 87 } }
64 sql_free_result($res);
88 rg_sql_free_result($res);
65 89
66 90 return TRUE; return TRUE;
67 91 } }
68 92
69 93 /* /*
70 * Returns info about a user (by uid or user fields)
94 * Returns info about a user (by uid, user or e-mail)
71 95 */ */
72 function user_info($db, $uid, $user, $email)
96 function rg_user_info($db, $uid, $user, $email)
73 97 { {
74 xlog("user_info: uid=[$uid], user=[$user], email=[$email]...");
98 rg_log("user_info: uid=[$uid], user=[$user], email=[$email]...");
75 99
76 100 $ret = array(); $ret = array();
77 101 $ret['ok'] = 0; $ret['ok'] = 0;
78 102 $ret['exists'] = 0; $ret['exists'] = 0;
103 $ret['uid'] = 0;
104 $ret['is_admin'] = 0;
79 105
80 106 if ($uid > 0) { if ($uid > 0) {
81 107 $add = " AND uid = " . sprintf("%u", $uid); $add = " AND uid = " . sprintf("%u", $uid);
82 108 } else if (!empty($user)) { } else if (!empty($user)) {
83 $e_user = sql_escape($db, $user);
109 $e_user = rg_sql_escape($db, $user);
84 110 $add = " AND user = '$e_user'"; $add = " AND user = '$e_user'";
85 111 } else if (!empty($email)) { } else if (!empty($email)) {
86 $e_email = sql_escape($db, $email);
112 $e_email = rg_sql_escape($db, $email);
87 113 $add = " AND email = '$e_email'"; $add = " AND email = '$e_email'";
88 114 } else { } else {
89 115 return FALSE; return FALSE;
90 116 } }
91 117
92 118 $sql = "SELECT * FROM users WHERE 1 = 1" . $add; $sql = "SELECT * FROM users WHERE 1 = 1" . $add;
93 $res = sql_query($db, $sql);
119 $res = rg_sql_query($db, $sql);
94 120 if ($res === FALSE) { if ($res === FALSE) {
95 gg_user_set_error("Cannot get info (" . sql_error() . ")!");
121 rg_user_set_error("Cannot get info (" . rg_sql_error() . ")!");
96 122 return $ret; return $ret;
97 123 } }
98 124
99 125 $ret['ok'] = 1; $ret['ok'] = 1;
100 $row = sql_fetch_array($res);
101 sql_free_result($res);
126 $row = rg_sql_fetch_array($res);
127 rg_sql_free_result($res);
102 128 if (!isset($row['user'])) { if (!isset($row['user'])) {
103 gg_user_set_error("User not found!");
129 rg_user_set_error("User not found!");
104 130 return $ret; return $ret;
105 131 } }
106 132
107 133 $row['ok'] = 1; $row['ok'] = 1;
108 134 $row['exists'] = 1; $row['exists'] = 1;
135 rg_log("\tUser found.");
109 136 return $row; return $row;
110 137 } }
111 138
112 139 /* /*
113 * Test if login is OK
140 * Loads rg_ui based on sid, if possible
114 141 */ */
115 function user_login($db, $sid, &$ui)
142 function rg_user_login_by_sid($db, $sid, &$rg_ui)
116 143 { {
117 xlog("user_login: sid=$sid...");
144 rg_log("user_login_by_sid: sid=$sid...");
118 145
119 if (($uid = sess_valid($db, $sid))) {
120 $ui = user_info($db, $uid, "", "");
121 sess_update($db, $sid);
122 return $uid;
123 }
146 // Make sure it is not passed by client
147 $rg_ui = array();
148 $rg_ui['uid'] = 0;
149 $rg_ui['is_admin'] = 0;
150
151 if (empty($sid))
152 return FALSE;
124 153
125 xlog("No sid! Try with user...");
126 $user = @$_REQUEST['user'];
127 $pass = @$_REQUEST['pass'];
128 if (empty($user) || empty($pass))
154 $uid = rg_sess_valid($db, $sid);
155 if ($uid == 0)
129 156 return FALSE; return FALSE;
130 157
131 $ui = user_info($db, 0, $user, "");
132 if ($ui['ok'] == 0) {
133 gg_user_set_error("Internal error");
158 $rg_ui = rg_user_info($db, $uid, "", "");
159 if ($rg_ui['exists'] != 1)
160 rg_user_set_error("Invalid uid!");
161 return FALSE;
162 rg_sess_update($db, $sid);
163 return TRUE;
164 }
165
166 /*
167 * Test if login is OK
168 */
169 function rg_user_login_by_user_pass($db, $user, $pass, &$rg_ui)
170 {
171 rg_log("user_login: user=$user, pass=$pass...");
172
173 $rg_ui = array();
174 $rg_ui['uid'] = 0;
175 $rg_ui['is_admin'] = 0;
176
177 if (empty($user) || empty($pass)) {
178 rg_user_set_error("Invalid user or pass!");
134 179 return FALSE; return FALSE;
135 180 } }
136 181
137 if ($ui['exists'] == 0) {
138 gg_user_set_error("Invalid user or pass!");
182 $rg_ui = rg_user_info($db, 0, $user, "");
183 if ($rg_ui['exists'] != 1) {
184 rg_user_set_error("Invalid user or pass!");
139 185 return FALSE; return FALSE;
140 186 } }
141 xlog("\tui: " . print_r($ui, TRUE));
187 rg_log("\trg_ui: " . print_r($rg_ui, TRUE));
142 188
143 $sha1pass = sha1($ui['salt'] . "===" . $pass);
144 if (strcmp($sha1pass, $ui['pass']) != 0) {
145 gg_user_set_error("Invalid user or pass!");
189 $sha1pass = sha1($rg_ui['salt'] . "===" . $pass);
190 if (strcmp($sha1pass, $rg_ui['pass']) != 0) {
191 rg_user_set_error("Invalid user or pass!");
146 192 return FALSE; return FALSE;
147 193 } }
148 194
149 $sid = gg_id(40);
150 sess_add($db, $ui['uid'], $sid, $ui['session_time']);
195 $sid = rg_id(40);
196 rg_sess_add($db, $rg_ui['uid'], $sid, $rg_ui['session_time']);
151 197 setcookie("sid", $sid, 0); setcookie("sid", $sid, 0);
152 198
153 return $ui['uid'];
199 return TRUE;
154 200 } }
155 201
156 202 /* /*
157 203 * Suspend an account * Suspend an account
158 204 * 1=suspend, 0=unsuspend * 1=suspend, 0=unsuspend
159 205 */ */
160 function user_suspend($db, $uid, $op)
206 function rg_user_suspend($db, $uid, $op)
161 207 { {
162 xlog("user_suspend: uid=$uid, op=$op");
208 rg_log("user_suspend: uid=$uid, op=$op");
163 209
164 210 $now = time(); $now = time();
165 211
 
... ... function user_suspend($db, $uid, $op)
169 215 $v = 0; $v = 0;
170 216
171 217 $sql = "UPDATE users SET suspended = $v WHERE uid = $uid"; $sql = "UPDATE users SET suspended = $v WHERE uid = $uid";
172 $res = sql_query($db, $sql);
218 $res = rg_sql_query($db, $sql);
173 219 if ($res === FALSE) if ($res === FALSE)
174 220 return FALSE; return FALSE;
175 sql_free_result($res);
221 rg_sql_free_result($res);
176 222
177 223 return TRUE; return TRUE;
178 224 } }
 
... ... function user_suspend($db, $uid, $op)
181 227 * Make/remove admin * Make/remove admin
182 228 * 1=make, 0=remove * 1=make, 0=remove
183 229 */ */
184 function user_admin($db, $uid, $op)
230 function rg_user_admin($db, $uid, $op)
185 231 { {
186 xlog("user_admin: uid=$uid, op=$op");
232 rg_log("user_admin: uid=$uid, op=$op");
187 233
188 234 $now = time(); $now = time();
189 235
190 236 $sql = "UPDATE users SET is_admin = $op WHERE uid = $uid"; $sql = "UPDATE users SET is_admin = $op WHERE uid = $uid";
191 $res = sql_query($db, $sql);
237 $res = rg_sql_query($db, $sql);
192 238 if ($res === FALSE) if ($res === FALSE)
193 239 return FALSE; return FALSE;
194 sql_free_result($res);
240 rg_sql_free_result($res);
195 241
196 242 return TRUE; return TRUE;
197 243 } }
 
... ... function user_admin($db, $uid, $op)
199 245 /* /*
200 246 * List users * List users
201 247 */ */
202 function user_list($db, $url)
248 function rg_user_list($db, $url)
203 249 { {
204 xlog("user_list, url=$url...");
250 rg_log("user_list, url=$url...");
205 251
206 252 $ret = ""; $ret = "";
207 253
208 $xuid = sprintf("%u", @$_REQUEST['xuid']);
254 $xuid = rg_var_uint("xuid");
209 255
210 if (isset($_REQUEST['suspend'])) {
211 if (!user_suspend($db, $xuid, $_REQUEST['suspend']))
256 $suspend = rg_var_uint("suspend");
257 if ($suspend == 1) {
258 if (!rg_user_suspend($db, $xuid, 1))
212 259 $ret .= "<font color=red>Cannot suspend!</font><br />"; $ret .= "<font color=red>Cannot suspend!</font><br />";
213 260 } }
214 261
215 if (isset($_REQUEST['admin'])) {
216 if (!user_admin($db, $xuid, $_REQUEST['admin']))
262 $unsuspend = rg_var_uint("unsuspend");
263 if ($unsuspend == 1) {
264 if (!rg_user_suspend($db, $xuid, 0))
265 $ret .= "<font color=red>Cannot unsuspend!</font><br />";
266 }
267
268 $make_admin = rg_var_uint("make_admin");
269 if ($make_admin == 1) {
270 if (!rg_user_admin($db, $xuid, 1))
217 271 $ret .= "<font color=red>Cannot make admin!</font><br />"; $ret .= "<font color=red>Cannot make admin!</font><br />";
218 272 } }
219 273
220 if (isset($_REQUEST['remove'])) {
221 if (!user_remove($db, $xuid))
274 $remove_admin = rg_var_uint("remove_admin");
275 if ($remove_admin == 1) {
276 if (!rg_user_admin($db, $xuid, 0))
277 $ret .= "<font color=red>Cannot remove admin!</font><br />";
278 }
279
280 $remove = rg_var_uint("remove");
281 if ($remove > 0) {
282 if (!rg_user_remove($db, $xuid))
222 283 $ret .= "<font color=red>Cannot remove!</font><br />"; $ret .= "<font color=red>Cannot remove!</font><br />";
223 284 } }
224 285
225 286 $sql = "SELECT * FROM users ORDER BY user"; $sql = "SELECT * FROM users ORDER BY user";
226 $res = sql_query($db, $sql);
287 $res = rg_sql_query($db, $sql);
227 288 if ($res === FALSE) { if ($res === FALSE) {
228 gg_user_set_error("Cannot get info (" . sql_error() . ")!");
289 rg_user_set_error("Cannot get info (" . rg_sql_error() . ")!");
229 290 return FALSE; return FALSE;
230 291 } }
231 292
 
... ... function user_list($db, $url)
241 302 $ret .= " <th>Last seen (UTC)</th>\n"; $ret .= " <th>Last seen (UTC)</th>\n";
242 303 $ret .= " <th>Operations</th>\n"; $ret .= " <th>Operations</th>\n";
243 304 $ret .= "</tr>\n"; $ret .= "</tr>\n";
244 while (($row = sql_fetch_array($res))) {
305 while (($row = rg_sql_fetch_array($res))) {
245 306 $ret .= "<tr>\n"; $ret .= "<tr>\n";
246 307 $ret .= " <td>" . $row['user'] . "</td>\n"; $ret .= " <td>" . $row['user'] . "</td>\n";
247 308 $ret .= " <td>" . $row['email'] . "</td>\n"; $ret .= " <td>" . $row['email'] . "</td>\n";
 
... ... function user_list($db, $url)
249 310 $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n"; $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n";
250 311 $_v = "unlimited"; $_v = "unlimited";
251 312 if ($row['disk_quota_mb'] > 0) if ($row['disk_quota_mb'] > 0)
252 $_v = gg_1024($row['disk_quota_mb']);
313 $_v = rg_1024($row['disk_quota_mb']);
253 314 $ret .= " <td>" . $_v . "</td>\n"; $ret .= " <td>" . $_v . "</td>\n";
254 315 $ret .= " <td>" . ($row['suspended'] == 0 ? "No" : "Yes") . "</th>\n"; $ret .= " <td>" . ($row['suspended'] == 0 ? "No" : "Yes") . "</th>\n";
255 316 $ret .= " <td>" . $row['session_time'] . "s</td>\n"; $ret .= " <td>" . $row['session_time'] . "s</td>\n";
 
... ... function user_list($db, $url)
258 319 // suspend // suspend
259 320 $ret .= " <td>"; $ret .= " <td>";
260 321 $_url = $url . "&amp;xuid=" . $row['uid']; $_url = $url . "&amp;xuid=" . $row['uid'];
261 $v = 1; $t = "Suspend";
322 $v = "suspend=1"; $t = "Suspend";
262 323 if ($row['suspended'] > 0) { if ($row['suspended'] > 0) {
263 324 $t = "Unsuspend"; $t = "Unsuspend";
264 $v = 0;
325 $v = "unsuspend=1";
265 326 } }
266 $ret .= "[<a href=\"$_url&amp;suspend=$v\">$t</a>]";
327 $ret .= "[<a href=\"$_url&amp;$v\">$t</a>]";
267 328 // admin // admin
268 $v = 1; $t = "Admin";
329 $v = "make_admin=1"; $t = "Make admin";
269 330 if ($row['is_admin'] == 1) { if ($row['is_admin'] == 1) {
270 331 $t = "Remove admin"; $t = "Remove admin";
271 $v = 0;
332 $v = "remove_admin=1";
272 333 } }
273 $ret .= "[<a href=\"$_url&amp;admin=$v\">$t</a>]";
334 $ret .= "[<a href=\"$_url&amp;$v\">$t</a>]";
274 335 // remove // remove
275 336 if ($row['suspended'] > 0) if ($row['suspended'] > 0)
276 337 $ret .= "[<a href=\"$_url&amp;remove=1\">Remove!</a>]"; $ret .= "[<a href=\"$_url&amp;remove=1\">Remove!</a>]";
 
... ... function user_list($db, $url)
278 339 $ret .= "</tr>\n"; $ret .= "</tr>\n";
279 340 } }
280 341 $ret .= "</table>\n"; $ret .= "</table>\n";
281 sql_free_result($res);
342 rg_sql_free_result($res);
282 343
283 344 return $ret; return $ret;
284 345 } }
 
... ... function user_list($db, $url)
286 347 /* /*
287 348 * Returns uid by token, if not expired * Returns uid by token, if not expired
288 349 */ */
289 function user_forgot_pass_uid($db, $token)
350 function rg_user_forgot_pass_uid($db, $token)
290 351 { {
291 352 $ret = array(); $ret = array();
292 353 $ret['ok'] = 0; $ret['ok'] = 0;
293 354 $ret['uid'] = 0; $ret['uid'] = 0;
294 355
295 xlog("user_forgot_pass_uid: token=$token");
356 rg_log("user_forgot_pass_uid: token=$token");
296 357
297 358 $now = time(); $now = time();
298 $e_token = sql_escape($db, $token);
359 $e_token = rg_sql_escape($db, $token);
299 360
300 361 $sql = "SELECT uid FROM forgot_pass" $sql = "SELECT uid FROM forgot_pass"
301 362 . " WHERE token = '$e_token'" . " WHERE token = '$e_token'"
302 363 . " AND expire > $now"; . " AND expire > $now";
303 $res = sql_query($db, $sql);
364 $res = rg_sql_query($db, $sql);
304 365 if ($res === FALSE) if ($res === FALSE)
305 366 return $ret; return $ret;
306 367
307 368 $ret['ok'] = 1; $ret['ok'] = 1;
308 369
309 $row = sql_fetch_array($res);
310 sql_free_result($res);
370 $row = rg_sql_fetch_array($res);
371 rg_sql_free_result($res);
311 372 if (!isset($row['uid'])) if (!isset($row['uid']))
312 373 return $ret; return $ret;
313 374
 
... ... function user_forgot_pass_uid($db, $token)
319 380 /* /*
320 381 * Reset password function (send mail) * Reset password function (send mail)
321 382 */ */
322 function user_forgot_pass_mail($db, $email)
383 function rg_user_forgot_pass_mail($db, $email)
323 384 { {
324 xlog("user_forgot_pass_mail: email=$email");
385 rg_log("user_forgot_pass_mail: email=$email");
325 386
326 387 $expire = time() + 24 * 3600; $expire = time() + 24 * 3600;
327 $token = gg_id(40);
388 $token = rg_id(40);
328 389
329 $r = user_info($db, 0, "", $email);
390 $r = rg_user_info($db, 0, "", $email);
330 391 if ($r['ok'] == 0) if ($r['ok'] == 0)
331 392 return FALSE; return FALSE;
332 393 if ($r['exists'] == 0) if ($r['exists'] == 0)
 
... ... function user_forgot_pass_mail($db, $email)
336 397 // store token in database // store token in database
337 398 $sql = "INSERT INTO forgot_pass (token, uid, expire)" $sql = "INSERT INTO forgot_pass (token, uid, expire)"
338 399 . " VALUES ('$token', $uid, $expire)"; . " VALUES ('$token', $uid, $expire)";
339 $res = sql_query($db, $sql);
400 $res = rg_sql_query($db, $sql);
340 401 if ($res === FALSE) { if ($res === FALSE) {
341 gg_user_set_error("Cannot query!");
402 rg_user_set_error("Cannot query!");
342 403 return FALSE; return FALSE;
343 404 } }
344 sql_free_result($res);
405 rg_sql_free_result($res);
345 406
346 407 if (!mail($email, "Forgot password", if (!mail($email, "Forgot password",
347 408 "Hello!\nIf you want to reset the password, follow:\n" "Hello!\nIf you want to reset the password, follow:\n"
348 409 . "http://" . $_SERVER['SERVER_NAME'] . "/" . $_SERVER['PHP_SELF'] . "?op=6&token=$token")) { . "http://" . $_SERVER['SERVER_NAME'] . "/" . $_SERVER['PHP_SELF'] . "?op=6&token=$token")) {
349 gg_user_set_error("Cannot send mail!");
410 rg_user_set_error("Cannot send mail!");
350 411 return FALSE; return FALSE;
351 412 } }
352 413
 
... ... function user_forgot_pass_mail($db, $email)
356 417 /* /*
357 418 * After reseting the pass, we have to destroy all 'reset pass' requests * After reseting the pass, we have to destroy all 'reset pass' requests
358 419 */ */
359 function user_forgot_pass_destroy($db, $uid)
420 function rg_user_forgot_pass_destroy($db, $uid)
360 421 { {
361 xlog("user_forgot_pass_destroy: token=$token");
422 rg_log("user_forgot_pass_destroy: token=$token");
362 423
363 424 $sql = "DELETE FROM forgot_pass WHERE uid = $uid"; $sql = "DELETE FROM forgot_pass WHERE uid = $uid";
364 $res = sql_query($db, $sql);
425 $res = rg_sql_query($db, $sql);
365 426 if ($res === FALSE) { if ($res === FALSE) {
366 gg_user_set_error("Cannot query!");
427 rg_user_set_error("Cannot query!");
367 428 return FALSE; return FALSE;
368 429 } }
369 sql_free_result($res);
430 rg_sql_free_result($res);
370 431
371 432 return TRUE; return TRUE;
372 433 } }
373 434
374 function user_set_pass($db, $uid, $pass)
435 function rg_user_set_pass($db, $uid, $pass)
375 436 { {
376 xlog("user_set_pass...");
437 rg_log("user_set_pass...");
377 438
378 $e_salt = gg_id(40);
439 $e_salt = rg_id(40);
379 440 $e_sha1pass = sha1($e_salt . "===" . $pass); $e_sha1pass = sha1($e_salt . "===" . $pass);
380 441
381 442 $sql = "UPDATE users SET" $sql = "UPDATE users SET"
382 443 ." salt = '$e_salt'" ." salt = '$e_salt'"
383 444 . ", pass = '$e_sha1pass'" . ", pass = '$e_sha1pass'"
384 445 . " WHERE uid = " . $uid; . " WHERE uid = " . $uid;
385 $res = sql_query($db, $sql);
446 $res = rg_sql_query($db, $sql);
386 447 if ($res === FALSE) if ($res === FALSE)
387 448 return FALSE; return FALSE;
388 sql_free_result($res);
449 rg_sql_free_result($res);
389 450
390 451 return TRUE; return TRUE;
391 452 } }
392 453
393 /*
394 * Remove forbidden chars
395 */
396 function gg_user_fix($user)
397 {
398 return preg_replace("/[^A-Za-z0-9_.-]/", "", $user);
399 }
400
401 454 ?> ?>
File inc/user/forgot.form.php changed (mode: 100644) (index c4b1021..e70b08a)
... ... if (!empty($error))
6 6 $_forgot_form .= "<font color=red>$error</font><br />\n"; $_forgot_form .= "<font color=red>$error</font><br />\n";
7 7
8 8 $_forgot_form .= ' $_forgot_form .= '
9 <form type="post" action="' . $_SERVER['PHP_SELF'] . '">
9 <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
10 10 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
11 <input type="hidden" name="token" value="' . $_REQUEST['token'] . '">
11 <input type="hidden" name="token" value="' . rg_var_str("token") . '">
12 12 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
13 13
14 14 <table> <table>
File inc/user/forgot.php changed (mode: 100644) (index 7138b70..d9aa318)
1 1 <?php <?php
2 xlog("/inc/user/forgot.php");
2 rg_log("/inc/user/forgot.php");
3 3
4 $token = @$_REQUEST['token'];
5 $pass1 = @$_REQUEST['pass1'];
6 $pass2 = @$_REQUEST['pass2'];
4 $token = rg_var_str("token");
5 $pass1 = rg_var_str("pass1");
6 $pass2 = rg_var_str("pass2");
7 7
8 8 $_forgot = "<br />\n"; $_forgot = "<br />\n";
9 9
 
... ... if ($doit == 1) {
22 22 } else { } else {
23 23 if (user_set_pass($db, $r['uid'], $pass1)) { if (user_set_pass($db, $r['uid'], $pass1)) {
24 24 user_forgot_pass_destroy($db, $r['uid']); user_forgot_pass_destroy($db, $r['uid']);
25 // auto-login
26 $rg_ui = user_info($db, $r['uid'], "", "");
25 27 $_forgot .= "OK!"; $_forgot .= "OK!";
26 28 $_hide_form = 1; $_hide_form = 1;
27 29 } else { } else {
File inc/user/forgot_mail.php changed (mode: 100644) (index 597f7f1..ca8df55)
1 1 <?php <?php
2 xlog("/inc/user/forgot_mail.php");
2 rg_log("/inc/user/forgot_mail.php");
3 3
4 $email = @$_REQUEST['email'];
4 $email = rg_var_str("email");
5 5
6 6 $_forgot = "<br />\n"; $_forgot = "<br />\n";
7 7
File inc/util.inc.php changed (mode: 100644) (index b2b6d1f..bcb394b)
1 1 <?php <?php
2 2
3 function gg_1024($v)
3 function rg_1024($v)
4 4 { {
5 5 if ($v <= 9999) if ($v <= 9999)
6 6 return number_format($v); return number_format($v);
 
... ... function gg_1024($v)
24 24 /* /*
25 25 * Unique ID generator * Unique ID generator
26 26 */ */
27 function gg_id($len)
27 function rg_id($len)
28 28 { {
29 29 $id = ""; $id = "";
30 30
 
... ... function gg_id($len)
45 45 /* /*
46 46 * XSS protection * XSS protection
47 47 */ */
48 function gg_xss($v)
48 function rg_xss($v)
49 49 { {
50 50 return htmlspecialchars($v, ENT_QUOTES); return htmlspecialchars($v, ENT_QUOTES);
51 51 } }
52 52
53 53 $_lock = FALSE; $_lock = FALSE;
54 function gg_lock_or_exit($file)
54 function rg_lock_or_exit($file)
55 55 { {
56 56 global $_lock; global $_lock;
57 57
58 58 if ($_lock !== FALSE) { if ($_lock !== FALSE) {
59 xlog("\tYou already have a lock on $file! Bad!");
59 rg_log("\tYou already have a lock on $file! Bad!");
60 60 exit(1); exit(1);
61 61 } }
62 62
63 63 $_lock = @fopen($file, "w"); $_lock = @fopen($file, "w");
64 64 if ($_lock === FALSE) { if ($_lock === FALSE) {
65 xlog("\tCannot open $file!");
65 rg_log("\tCannot open $file!");
66 66 exit(1); exit(1);
67 67 } }
68 68
 
... ... function gg_lock_or_exit($file)
74 74 fwrite($_lock, getmypid() . "\n"); fwrite($_lock, getmypid() . "\n");
75 75 } }
76 76
77 function gg_load()
77 function rg_load()
78 78 { {
79 79 return intval(file_get_contents("/proc/loadavg")); return intval(file_get_contents("/proc/loadavg"));
80 80 } }
81
82 /*
83 * Builds URLs
84 */
85 function rg_re_url($op)
86 {
87 if (isset($_REQUEST['rewrite_engine']))
88 return "/+" . $op;
89
90 return $_SERVER['PHP_SELF'] . "?op=" . $op;
91 }
92
93 function rg_re_repopage($repo_id, $repo_name)
94 {
95 if (isset($_REQUEST['rewrite_engine']))
96 return "/" . $repo_name;
97
98 return $_SERVER['PHP_SELF'] . "?op=repo&amp;subop=2&amp;repo_id=" . $repo_id;
99 }
100
101 function rg_var_str($name)
102 {
103 $ret = "";
104
105 if (isset($_COOKIE[$name]))
106 $ret = $_COOKIE[$name];
107
108 if (isset($_POST[$name]))
109 $ret = $_POST[$name];
110
111 if (isset($_GET[$name]))
112 $ret = $_GET[$name];
113
114 return htmlspecialchars($ret, ENT_QUOTES);
115 }
116
117 function rg_var_int($name)
118 {
119 return sprintf("%d", rg_var_str($name));
120 }
121
122 function rg_var_uint($name)
123 {
124 return sprintf("%u", rg_var_str($name));
125 }
126
127 /*
128 * Enforce chars in a name. It is used for user and repo.
129 */
130 function rg_chars_allow($name, $allowed_chars)
131 {
132 if (preg_match($allowed_chars, $name) === FALSE)
133 return FALSE;
134
135 return TRUE;
136 }
81 137 ?> ?>
File inc/xlog.inc.php deleted (index b2cd414..0000000)
1 <?php
2 require_once($INC . "/util.inc.php");
3
4 $_xlog_file = "/tmp/gg.log";
5 $_xlog_fd = FALSE;
6 $_xlog_sid = gg_id(6);
7
8 function xlog_set_file($file)
9 {
10 global $_xlog_file;
11
12 $_xlog_file = $file;
13 }
14
15 function xlog($str)
16 {
17 global $_xlog_file;
18 global $_xlog_fd;
19 global $_xlog_sid;
20
21 if ($_xlog_fd === FALSE) {
22 $_xlog_fd = @fopen($_xlog_file, "a+");
23 if ($_xlog_fd === FALSE)
24 return;
25 // write an empty line
26 fwrite($_xlog_fd, "\n");
27 }
28
29 $t = gettimeofday();
30 $buf = gmdate("Y-m-d H:i:s", $t['sec']) . "." . sprintf("%06d", $t['usec']);
31 $buf .= " " . $_xlog_sid . " " . $str . "\n";
32
33 fwrite($_xlog_fd, $buf);
34 }
35
36 ?>
File root/index.php changed (mode: 100644) (index 4c64719..33792ef)
1 1 <?php <?php
2 2 error_reporting(E_ALL); error_reporting(E_ALL);
3 //phpinfo();
3 4
4 5 $_s = microtime(TRUE); $_s = microtime(TRUE);
5 6
 
... ... $ROOT = dirname(__FILE__);
8 9
9 10 $THEME = $ROOT . "/themes/default"; $THEME = $ROOT . "/themes/default";
10 11
11 require_once("/etc/gg/config.php");
12 require_once($INC . "/xlog.inc.php");
12 require_once("/etc/rg/config.php");
13 require_once($INC . "/log.inc.php");
13 14 include_once($INC . "/db.inc.php"); include_once($INC . "/db.inc.php");
14 15 include_once($INC . "/user.inc.php"); include_once($INC . "/user.inc.php");
15 16 include_once($INC . "/repo.inc.php"); include_once($INC . "/repo.inc.php");
16 17 include_once($INC . "/keys.inc.php"); include_once($INC . "/keys.inc.php");
17 18
18 xlog_set_file("/tmp/gg_web.log");
19 rg_log_set_file("/tmp/rg_web.log");
19 20
20 $sql_debug = $gg_db_debug;
21 $rg_sql_debug = $rg_db_debug;
21 22
22 $op = 0;
23 if (isset($_REQUEST['op']))
24 $op = intval($_REQUEST['op']);
25 $doit = @intval($_REQUEST['doit']);
26 $sid = @$_COOKIE['sid'];
27 if (empty($sid))
28 $sid = @$_REQUEST['sid'];
23 // TODO: make subop and subsubop as strings
24 $op = rg_var_str("op");
25 $subop = rg_var_uint("subop");
26 $subsubop = rg_var_uint("subsubop");
27 $doit = rg_var_uint("doit");
28 $sid = rg_var_str("sid");
29 29
30 xlog("IP: " . @$_SERVER['REMOTE_ADDR']);
31 xlog("_REQUEST: " . print_r($_REQUEST, TRUE));
32 xlog("_COOKIE: " . print_r($_COOKIE, TRUE));
33 xlog("Start! op=$op, doit=$doit, sid=$sid...");
30 rg_log("IP: " . @$_SERVER['REMOTE_ADDR']);
31 rg_log("_REQUEST: " . trim(print_r($_REQUEST, TRUE)));
32 rg_log("_COOKIE: " . trim(print_r($_COOKIE, TRUE)));
33 rg_log("Start! op=$op/$subop/$subsubop, doit=$doit, sid=$sid...");
34 34
35 35
36 36 $head = ""; $head = "";
 
... ... $head .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\""
38 38 . " \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n"; . " \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
39 39 $head .= "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n"; $head .= "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n";
40 40 $head .= "<head>\n"; $head .= "<head>\n";
41 $head .= " <title>GG</title>\n";
41 $head .= " <title>RocketGit</title>\n";
42 42 $head .= " <meta content=\"text/html; charset=UTF-8\" http-equiv=\"content-type\" />\n"; $head .= " <meta content=\"text/html; charset=UTF-8\" http-equiv=\"content-type\" />\n";
43 43 $css = preg_replace("/\n/", " ", @file_get_contents($THEME . "/main.css")); $css = preg_replace("/\n/", " ", @file_get_contents($THEME . "/main.css"));
44 44 $head .= " <style type=\"text/css\">" . $css . "</style>\n"; $head .= " <style type=\"text/css\">" . $css . "</style>\n";
 
... ... $head .= "<body>\n";
47 47
48 48
49 49 // database connection // database connection
50 $db = sql_open($gg_db);
50 $db = rg_sql_open($rg_db);
51 51 if ($db === FALSE) if ($db === FALSE)
52 52 die("Cannot open database!"); die("Cannot open database!");
53 53
54 // deal with login
55 $gg_uid = user_login($db, $sid, $gg_ui);
56 if (($op == 1) && ($doit == 1) && ($gg_uid > 0))
57 $op = 0;
54 rg_user_login_by_sid($db, $sid, $rg_ui);
55 rg_log("After login_by_sid, rg_ui=" . print_r($rg_ui, TRUE));
58 56
59 // deal with logout
60 if ($op == 9) {
61 sess_destroy($db, $sid);
62 $gg_uid = 0;
63 $gg_ui = FALSE;
64 }
57 $body = "";
58 // Chain dispatching
59 do {
60 include($INC . "/dispatch/dispatch.php");
61 } while (strcmp($op, "") != 0);
65 62
66 // auto-login user by forgot-pass token
67 if ($op == 6) {
68 // TODO
69 }
63 $tail = "</body>\n";
64 $tail .= "</html>\n";
70 65
71 // menu
72 $url = $_SERVER['PHP_SELF'] . "?a=1";
73 $menu = "";
74 $menu .= "[<a href=\"$url&amp;op=1\">Login</a>]";
75 if (isset($gg_ui['user'])) {
76 $menu .= "&nbsp;[<a href=\"$url&amp;op=4\">Keys</a>]\n";
77 $menu .= "&nbsp;[<a href=\"$url&amp;op=2\">My repositories</a>]\n";
78 if ($gg_ui['is_admin'] == 1)
79 $menu .= "&nbsp;[<a href=\"$url&amp;op=3\">Admin</a>]\n";
80 66
81 $menu .= "&nbsp;[<a href=\"$url&amp;op=9\">Logout</a>]\n";
67 // menu
68 $amenu = array(
69 "login" => array("text" => "Login"),
70 "repo" => array("text" => "My repositories"),
71 "keys" => array("text" => "SSH keys"),
72 "admin" => array("text" => "Admin", "needs_admin" => 1),
73 "logout" => array("text" => "Logout")
74 );
82 75
83 $menu .= "&nbsp;&nbsp;&nbsp;[" . $gg_ui['user'] . "]\n";
76 $menu = "";
77 $add = "";
78 foreach ($amenu as $_op => $_info) {
79 if (isset($_info['needs_admin']) && ($rg_ui['is_admin'] == 0))
80 continue;
81
82 $_text = $_info['text'];
83 if (strcmp($_op, $op) == 0) {
84 $menu .= $add . "[$_text]\n";
85 } else {
86 $menu .= $add . "[<a href=\""
87 . rg_re_url($_op) . "\">$_text</a>]\n";
88 }
89 $add = "&nbsp;";
84 90 } }
85 $menu .= "<br />\n";
86
87 91
88 $body = "";
89 switch ($op) {
90 case 1:
91 include($INC . "/login/login.php");
92 $body .= $_login;
93 break;
94
95 case 2:
96 include($INC . "/repo/repo.php");
97 $body .= $_repo;
98 break;
99
100 case 3:
101 include($INC . "/admin/admin.php");
102 $body .= $_admin;
103 break;
104
105 case 4: // keys
106 include($INC . "/keys/keys.php");
107 $body .= $_keys;
108 break;
109
110 case 6: // forgot pass link
111 include($INC . "/user/forgot.php");
112 $body .= $_forgot;
113 break;
114
115 case 7: // forgot pass - send mail
116 include($INC . "/user/forgot_mail.php");
117 $body .= $_forgot;
118 break;
119
120 case 10: // repo page
121 include($INC . "/repo/repo_page.php");
122 $body .= $_repo;
123 break;
124 }
92 if (isset($rg_ui['user']))
93 $menu .= "&nbsp;&nbsp;&nbsp;[" . $rg_ui['user'] . "]\n";
94 $menu .= "<br />\n";
125 95
126 $body .= "</body>\n";
127 $body .= "</html>\n";
128 96
129 echo $head . $menu . $body;
97 echo $head . $menu . $body . $tail;
130 98
131 99 $_diff = sprintf("%u", (microtime(TRUE) - $_s) * 1000); $_diff = sprintf("%u", (microtime(TRUE) - $_s) * 1000);
132 xlog("Done in $_diff ms.");
100 rg_log("Done in $_diff ms.");
133 101 ?> ?>
File samples/config.php changed (mode: 100644) (index de5fe71..ca0dee9)
1 1 <?php <?php
2 2 // Base // Base
3 $gg_base = "/home/gg";
3 $rg_base = "/home/rg";
4 4
5 5 // Base for repositories // Base for repositories
6 $gg_base_repo = $gg_base . "/repositories";
6 $rg_base_repo = $rg_base . "/repositories";
7 7
8 8 // Database // Database
9 $gg_db = "sqlite:/tmp/gg.sqlite";
10 $gg_db_debug = 1;
9 $rg_db = "sqlite:/tmp/rg.sqlite";
10 $rg_db_debug = 1;
11 11
12 12 // Session // Session
13 $gg_session_time = 3600;
13 $rg_session_time = 3600;
14 14
15 15 // Keys // Keys
16 $gg_keys_file = $gg_base . "/.ssh/authorized_keys";
16 $rg_keys_file = $rg_base . "/.ssh/authorized_keys";
17 17
18 18 // Scripts // Scripts
19 $gg_scripts = "/BIG1T/sync1/Dev/gg/scripts";
19 $rg_scripts = "/BIG1T/sync1/Dev/rg/scripts";
20
21 // Allowed repo names (regular expression)
22 $rg_repo_allow = '/^[^A-Za-z0-9_.-]$/';
23
24 // Allowed repo name length
25 $rg_repo_max_len = 16;
26
27 // Allowed user names (regular expression)
28 $rg_user_allow = '/^[^A-Za-z0-9_.-]$/';
29
30 // Allowed user name length
31 $rg_user_max_len = 16;
20 32
21 33 ?> ?>
File samples/cron changed (mode: 100644) (index f8ea8c6..a57ca50)
1 * * * * * gg php /BIG1T/sync1/Dev/gg/scripts/cron.php
2 * * * * * gg php /BIG1T/sync1/Dev/gg/scripts/q.php
1 * * * * * rg php /BIG1T/sync1/Dev/rg/scripts/cron.php
2 * * * * * rg php /BIG1T/sync1/Dev/rg/scripts/q.php
File samples/rg renamed from samples/gg (similarity 78%) (mode: 100644) (index d8f2712..bff94f3)
... ... service git
8 8 disable = no disable = no
9 9 socket_type = stream socket_type = stream
10 10 wait = no wait = no
11 user = gg
11 user = rg
12 12 server = /usr/bin/php server = /usr/bin/php
13 server_args = /BIG1T/sync1/Dev/gg/scripts/ssh.php
13 server_args = /BIG1T/sync1/Dev/rg/scripts/ssh.php
14 14 log_on_failure += USERID log_on_failure += USERID
15 15 } }
File samples/rg.conf added (mode: 100644) (index 0000000..0e3b045)
1 # This is the apache configuration file for RocketGit
2
3 <VirtualHost *:80>
4 ServerName rg.embedromix.ro
5 ServerAlias rg
6 DocumentRoot /BIG1T/sync1/Dev/rg/root/
7
8 <Directory "/BIG1T/sync1/Dev/rg/root">
9 AllowOverride All
10 Order allow,deny
11 Allow from all
12 </Directory>
13
14 RewriteEngine On
15 RewriteLog /var/log/httpd/rg-Rewrite.log
16 RewriteLogLevel 3
17
18 # Allow .ico and 'themes' folder
19 RewriteCond %{REQUEST_URI} ^/(favicon\.ico|themes)
20 RewriteRule .* - [L]
21
22 # index.php is special
23 RewriteCond %{REQUEST_URI} ^/index\.php
24 RewriteRule .* /index.php?rewrite_engine=1 [L,QSA]
25
26 RewriteCond %{REQUEST_URI} ^/\+
27 RewriteRule ^/\+(.*) /index.php?rewrite_engine=1&op=$1 [L,QSA]
28
29 RewriteCond %{REQUEST_URI} ^/.+
30 RewriteRule ^/(.+) /index.php?rewrite_engine=1&op=repopage&repo=$1 [L,QSA]
31
32 # Compress
33 AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript
34 DeflateBufferSize 81920
35
36 # Cache at will
37 <FilesMatch "(?i)^.*\.(ico|flv|jpg|jpeg|png|gif|js|css|swf)$">
38 FileETag MTime Size
39 </FilesMatch>
40
41 <IfModule mod_expires.c>
42 ExpiresActive On
43 ExpiresByType image/png "access plus 1 day"
44 ExpiresByType text/css "access plus 1 day"
45 ExpiresByType text/javascript "access plus 1 day"
46 ExpiresByType application/javascript "access plus 1 day"
47 ExpiresByType application/x-javascript "access plus 1 day"
48 </IfModule>
49 </VirtualHost>
File scripts/cron.php changed (mode: 100644) (index 5bd0f77..f98d4cc)
... ... ini_set("track_errors", "On");
5 5
6 6 $now = time(); $now = time();
7 7
8 require_once("/etc/gg/config.php");
8 require_once("/etc/rg/config.php");
9 9
10 10 $INC = dirname(__FILE__) . "/../inc"; $INC = dirname(__FILE__) . "/../inc";
11 require_once($INC . "/xlog.inc.php");
11 require_once($INC . "/log.inc.php");
12 12 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
13 13 require_once($INC . "/repo.inc.php"); require_once($INC . "/repo.inc.php");
14 14 require_once($INC . "/keys.inc.php"); require_once($INC . "/keys.inc.php");
15 15
16 xlog_set_file("/tmp/gg_cron.log");
16 rg_log_set_file("/tmp/rg_cron.log");
17 17
18 18 // locking // locking
19 $lock = "/var/run/gg/cron.lock";
20 gg_lock_or_exit($lock);
19 $lock = "/var/run/rg/cron.lock";
20 rg_lock_or_exit($lock);
21 21
22 $sql_debug = $gg_db_debug;
22 $sql_debug = $rg_db_debug;
23 23
24 xlog("Start: euid=" . posix_geteuid() . "...");
24 rg_log("Start: euid=" . posix_geteuid() . "...");
25 25
26 $db = sql_open($gg_db);
26 $db = sql_open($rg_db);
27 27 if ($db === FALSE) { if ($db === FALSE) {
28 xlog("Cannot connect to database!");
28 rg_log("Cannot connect to database!");
29 29 // TODO: inform admin - already by e-mail? // TODO: inform admin - already by e-mail?
30 30 exit(1); exit(1);
31 31 } }
32 32
33 33 if (date("H") == 0) { if (date("H") == 0) {
34 xlog("Compute repository sizes if dirty...");
34 rg_log("Compute repository sizes if dirty...");
35 35 // delete 'dirty' files // delete 'dirty' files
36 36 $sql = "SELECT * FROM repos"; $sql = "SELECT * FROM repos";
37 37 $res = sql_query($db, $sql); $res = sql_query($db, $sql);
38 38 if ($res === FALSE) { if ($res === FALSE) {
39 xlog("Cannot run query (" . sql_error() . ")!");
39 rg_log("Cannot run query (" . rg_sql_error() . ")!");
40 40 } else { } else {
41 41 while (($row = sql_fetch_array($res))) { while (($row = sql_fetch_array($res))) {
42 xlog("Processing repository [" . $row['name'] . "]...");
42 rg_log("Processing repository [" . $row['name'] . "]...");
43 43 $repo_path = repo_id2base($row['repo_id']) . $row['name'] . ".git"; $repo_path = repo_id2base($row['repo_id']) . $row['name'] . ".git";
44 44 $disk_mb = repo_disk_mb($repo_path); $disk_mb = repo_disk_mb($repo_path);
45 45 $sql = "UPDATE repos SET disk_mb = $disk_mb" $sql = "UPDATE repos SET disk_mb = $disk_mb"
46 46 . " WHERE repo_id = " . $row['repo_id']; . " WHERE repo_id = " . $row['repo_id'];
47 47 $res2 = sql_query($db, $sql); $res2 = sql_query($db, $sql);
48 48 if ($res2 === FALSE) { if ($res2 === FALSE) {
49 xlog("Cannot run query!");
49 rg_log("Cannot run query!");
50 50 } else { } else {
51 @unlink($repo_path . "/gg/dirty");
51 @unlink($repo_path . "/rg/dirty");
52 52 sql_free_result($res2); sql_free_result($res2);
53 53 } }
54 54 } }
 
... ... if (date("H") == 0) {
57 57 } }
58 58
59 59 // TODO // TODO
60 //xlog("Update user quota...");
60 //rg_log("Update user quota...");
61 61
62 62 // TODO // TODO
63 //xlog("Sending notifications...");
63 //rg_log("Sending notifications...");
64 64
65 65 if (date("H") == 0) { if (date("H") == 0) {
66 xlog("Clean old forget_pass entries...");
66 rg_log("Clean old forget_pass entries...");
67 67 $sql = "DELETE FROM forgot_pass WHERE expire < $now"; $sql = "DELETE FROM forgot_pass WHERE expire < $now";
68 68 $res = sql_query($db, $sql); $res = sql_query($db, $sql);
69 69 sql_free_result($res); sql_free_result($res);
70 70 } }
71 71
72 72 if (date("H") == 1) { if (date("H") == 1) {
73 xlog("Clean old sess entries...");
73 rg_log("Clean old sess entries...");
74 74 $sql = "DELETE FROM sess WHERE expire < $now"; $sql = "DELETE FROM sess WHERE expire < $now";
75 75 $res = sql_query($db, $sql); $res = sql_query($db, $sql);
76 76 sql_free_result($res); sql_free_result($res);
77 77 } }
78 78
79 xlog("Regenerate keys...");
79 rg_log("Regenerate keys...");
80 80 keys_regen($db); keys_regen($db);
81 81
82 82 // Arhive deleted repositories // Arhive deleted repositories
83 83 if (date("H") == 23) { if (date("H") == 23) {
84 //TODO: xlog("Delete repositories...");
84 //TODO: rg_log("Delete repositories...");
85 85 } }
86 86
87 87 // this has to be the last thing that touches the database // this has to be the last thing that touches the database
88 88 if (date("H") == 0) { if (date("H") == 0) {
89 xlog("Run VACUUM on database...");
89 rg_log("Run VACUUM on database...");
90 90 $sql = "VACUUM"; $sql = "VACUUM";
91 91 $res = sql_query($db, $sql); $res = sql_query($db, $sql);
92 92 sql_free_result($res); sql_free_result($res);
93 93
94 xlog("Run ANALYZE on database...");
94 rg_log("Run ANALYZE on database...");
95 95 $sql = "ANALYZE"; $sql = "ANALYZE";
96 96 $res = sql_query($db, $sql); $res = sql_query($db, $sql);
97 97 sql_free_result($res); sql_free_result($res);
98 98 } }
99 99
100 xlog("Done!");
100 rg_log("Done!");
101 101 ?> ?>
File scripts/q.php changed (mode: 100644) (index a8ad2c9..23e6bc8)
... ... ini_set("track_errors", "On");
7 7 $now = time(); $now = time();
8 8 $_s = microtime(TRUE); $_s = microtime(TRUE);
9 9
10 require_once("/etc/gg/config.php");
10 require_once("/etc/rg/config.php");
11 11
12 12 $INC = dirname(__FILE__) . "/../inc"; $INC = dirname(__FILE__) . "/../inc";
13 require_once($INC . "/xlog.inc.php");
13 require_once($INC . "/log.inc.php");
14 14 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
15 15 require_once($INC . "/repo.inc.php"); require_once($INC . "/repo.inc.php");
16 16
17 xlog_set_file("/tmp/gg_q.log");
17 rg_log_set_file("/tmp/rg_q.log");
18 18
19 19 // locking // locking
20 $lock = "/var/run/gg/q.lock";
21 gg_lock_or_exit($lock);
20 $lock = "/var/run/rg/q.lock";
21 rg_lock_or_exit($lock);
22 22
23 $sql_debug = $gg_db_debug;
23 $rg_sql_debug = $rg_db_debug;
24 24
25 xlog("Start: euid=" . posix_geteuid() . "...");
25 rg_log("Start: euid=" . posix_geteuid() . "...");
26 26
27 $db = sql_open($gg_db);
27 $db = rg_sql_open($rg_db);
28 28 if ($db === FALSE) { if ($db === FALSE) {
29 xlog("Cannot connect to database!");
29 rg_log("Cannot connect to database!");
30 30 // TODO: inform admin - already by e-mail? // TODO: inform admin - already by e-mail?
31 31 exit(1); exit(1);
32 32 } }
 
... ... $runs = 1;
37 37 while ($runs-- > 0) { while ($runs-- > 0) {
38 38 // check machine load - if too big we will delay // check machine load - if too big we will delay
39 39 while (1) { while (1) {
40 $load = gg_load();
40 $load = rg_load();
41 41 if ($load < 10) if ($load < 10)
42 42 break; break;
43 43
44 xlog("\tLoad too big!");
44 rg_log("\tLoad too big!");
45 45 sleep(10); sleep(10);
46 46 } }
47 47
48 xlog("Check to create not-yet-created repos...");
48 rg_log("Check to create not-yet-created repos...");
49 49 // Ordered by master to create masters first // Ordered by master to create masters first
50 50 $sql = "SELECT repo_id, master, name FROM repos" $sql = "SELECT repo_id, master, name FROM repos"
51 51 . " WHERE deleted = 0" . " WHERE deleted = 0"
52 52 . " AND git_dir_done = 0" . " AND git_dir_done = 0"
53 53 . " ORDER BY master"; . " ORDER BY master";
54 $res = sql_query($db, $sql);
54 $res = rg_sql_query($db, $sql);
55 55 if ($res === FALSE) { if ($res === FALSE) {
56 xlog("\tCannot query!");
56 rg_log("\tCannot query!");
57 57 exit(1); exit(1);
58 58 } }
59 while (($row = sql_fetch_array($res))) {
60 xlog("\tProcess repo " . $row['name'] . "...");
59 while (($row = rg_sql_fetch_array($res))) {
60 rg_log("\tProcess repo " . $row['name'] . "...");
61 61
62 $dst = repo_id2base($row['repo_id']) . $row['name'] . ".git";
62 $dst = rg_repo_id2base($row['repo_id']) . $row['name'] . ".git";
63 63 if ($row['master'] == 0) { if ($row['master'] == 0) {
64 $r = gg_git_init($dst);
64 $r = rg_git_init($dst);
65 65 if ($r === FALSE) { if ($r === FALSE) {
66 xlog("\tCannot init master!");
66 rg_log("\tCannot init master!");
67 67 } else { } else {
68 repo_git_done($db, $row['repo_id']);
68 rg_repo_git_done($db, $row['repo_id']);
69 69 } }
70 70 } else { } else {
71 $mi = repo_info($db, $row['master'], "");
71 $mi = rg_repo_info($db, $row['master'], "");
72 72 if ($mi['exists'] != 1) { if ($mi['exists'] != 1) {
73 xlog("\tCannot find master!");
73 rg_log("\tCannot find master!");
74 74 } else { } else {
75 $src = repo_id2base($mi['repo_id']) . $mi['name'] . ".git";
76 $r = gg_git_clone($src, $dst);
75 $src = rg_repo_id2base($mi['repo_id']) . $mi['name'] . ".git";
76 $r = rg_git_clone($src, $dst);
77 77 if ($r === FALSE) { if ($r === FALSE) {
78 xlog("\tCould not create repo!");
78 rg_log("\tCould not create repo!");
79 79 } else { } else {
80 repo_git_done($db, $row['repo_id']);
80 rg_repo_git_done($db, $row['repo_id']);
81 81 } }
82 82 } }
83 83 } }
84 84 } }
85 sql_free_result($res);
85 rg_sql_free_result($res);
86 86
87 87 sleep(10); sleep(10);
88 88 } }
89 89
90 90 $_diff = sprintf("%u", microtime(TRUE) - $_s); $_diff = sprintf("%u", microtime(TRUE) - $_s);
91 xlog("Done in " . $_diff . "s!");
91 rg_log("Done in " . $_diff . "s!");
92 92 ?> ?>
File scripts/ssh.php changed (mode: 100644) (index c5d1555..06ee476)
... ... ini_set("track_errors", "On");
5 5
6 6 $_start = microtime(TRUE); $_start = microtime(TRUE);
7 7
8 require_once("/etc/gg/config.php");
8 require_once("/etc/rg/config.php");
9 9
10 10 $INC = dirname(__FILE__) . "/../inc"; $INC = dirname(__FILE__) . "/../inc";
11 11 require_once($INC . "/util.inc.php"); require_once($INC . "/util.inc.php");
12 require_once($INC . "/xlog.inc.php");
12 require_once($INC . "/log.inc.php");
13 13 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
14 14 require_once($INC . "/repo.inc.php"); require_once($INC . "/repo.inc.php");
15 15
16 $sql_debug = $gg_db_debug;
16 $rg_sql_debug = $rg_db_debug;
17 17
18 18 function fatal($str) function fatal($str)
19 19 { {
20 20 global $access_type; global $access_type;
21 21
22 xlog("Sending error: " . $str);
22 rg_log("Sending error: " . $str);
23 23 $str2 = "FATAL ERROR: " . $str . "\n"; $str2 = "FATAL ERROR: " . $str . "\n";
24 if ($access_type == 2) { //git
24 if ($access_type == 2) { // git
25 25 $str3 = "\n" . $str2; $str3 = "\n" . $str2;
26 26 $len = strlen($str3) + 4; $len = strlen($str3) + 4;
27 27 $str4 = sprintf("%04x", $len) . $str3; $str4 = sprintf("%04x", $len) . $str3;
 
... ... function fatal($str)
32 32 exit(1); exit(1);
33 33 } }
34 34
35 xlog("Start: euid=" . posix_geteuid() . "...");
36 //xlog("_SERVER: " . print_r($_SERVER, TRUE));
35 rg_log("Start: euid=" . posix_geteuid() . "...");
36 //rg_log("_SERVER: " . print_r($_SERVER, TRUE));
37 37
38 38 umask(0022); umask(0022);
39 39
40 40 if (isset($_SERVER['SSH_CONNECTION'])) { if (isset($_SERVER['SSH_CONNECTION'])) {
41 xlog("SSH connection: " . @$_SERVER['SSH_CONNECTION']);
41 rg_log("SSH connection: " . @$_SERVER['SSH_CONNECTION']);
42 42 $access_type = 1; $access_type = 1;
43 43
44 44 // we do not have host info // we do not have host info
 
... ... if (isset($_SERVER['SSH_CONNECTION'])) {
48 48 $uid = @$_SERVER['argv'][1]; $uid = @$_SERVER['argv'][1];
49 49 if (empty($uid)) if (empty($uid))
50 50 fatal("uid not provided!"); fatal("uid not provided!");
51 xlog("\tuid is $uid.");
51 rg_log("\tuid is $uid.");
52 52
53 53 $cmd_repo = trim(@$_SERVER['SSH_ORIGINAL_COMMAND']); $cmd_repo = trim(@$_SERVER['SSH_ORIGINAL_COMMAND']);
54 54 if (empty($cmd_repo)) if (empty($cmd_repo))
55 55 fatal("No SSH_ORIGINAL_COMMAND provided!"); fatal("No SSH_ORIGINAL_COMMAND provided!");
56 56 } else { } else {
57 xlog("git-daemon connection...");
57 rg_log("git-daemon connection...");
58 58 $access_type = 2; $access_type = 2;
59 59
60 60 // we have no client info // we have no client info
 
... ... $repo = trim($repo, "' ");
99 99 $repo = ltrim($repo, "/"); $repo = ltrim($repo, "/");
100 100 $repo = preg_replace('/\.git$/' , '', $repo); $repo = preg_replace('/\.git$/' , '', $repo);
101 101
102 xlog("host=[$host] cmd=[$cmd] repo=[$repo] perms=[$perms].");
102 rg_log("host=[$host] cmd=[$cmd] repo=[$repo] perms=[$perms].");
103 103
104 104 // validity/security checks // validity/security checks
105 105 if (empty($repo)) if (empty($repo))
 
... ... if (preg_match('/\.\./', $repo))
109 109 if (preg_match('/\//', $repo)) if (preg_match('/\//', $repo))
110 110 fatal("Repo must not contain [/]!"); fatal("Repo must not contain [/]!");
111 111
112 $db = sql_open($gg_db);
112 $db = rg_sql_open($rg_db);
113 113 if ($db === FALSE) if ($db === FALSE)
114 114 fatal("Internal error (db)!"); fatal("Internal error (db)!");
115 115
116 116 // load info about the repository // load info about the repository
117 $ri = repo_info($db, 0, $repo);
117 $ri = rg_repo_info($db, 0, $repo);
118 118 if ($ri['ok'] != 1) if ($ri['ok'] != 1)
119 119 fatal("Temporary error!"); fatal("Temporary error!");
120 120 if ($ri['exists'] != 1) if ($ri['exists'] != 1)
 
... ... if ($ri['exists'] != 1)
122 122 if ($ri['deleted'] == 1) if ($ri['deleted'] == 1)
123 123 fatal("Repo was deleted!"); fatal("Repo was deleted!");
124 124
125 if (!repo_allow($db, $ri, $uid, $perms))
125 if (!rg_repo_allow($db, $ri, $uid, $perms))
126 126 fatal("You do not have this type of access to this repository!"); fatal("You do not have this type of access to this repository!");
127 127
128 128 // TODO: limit per connection // TODO: limit per connection
129 129
130 130 // TODO: limit time and/or cpu // TODO: limit time and/or cpu
131 131
132 $repo_base = repo_id2base($ri['repo_id']);
132 $repo_base = rg_repo_id2base($ri['repo_id']);
133 133 $repo_path = $repo_base . $repo . ".git"; $repo_path = $repo_base . $repo . ".git";
134 xlog("repo_path=$repo_path.");
134 rg_log("repo_path=$repo_path.");
135 135
136 136 $run = "git-shell -c \"" . $cmd . " '" . escapeshellcmd($repo_path) . "'\""; $run = "git-shell -c \"" . $cmd . " '" . escapeshellcmd($repo_path) . "'\"";
137 xlog("Running [$run]...");
137 rg_log("Running [$run]...");
138 138 passthru($run, $ret); passthru($run, $ret);
139 xlog("[$run] returned $ret.");
139 rg_log("[$run] returned $ret.");
140 140
141 141 $diff = sprintf("%u", (microtime(TRUE) - $_start) * 1000); $diff = sprintf("%u", (microtime(TRUE) - $_start) * 1000);
142 xlog("Took " . $diff . "ms.");
142 rg_log("Took " . $diff . "ms.");
143 143
144 @file_put_contents($repo_path . "/gg/last_access",
144 @file_put_contents($repo_path . "/rg/last_access",
145 145 "repo: " . $repo . " ($repo_path)" "repo: " . $repo . " ($repo_path)"
146 146 . "\nat: " . sprintf("%u", $_start) . "\nat: " . sprintf("%u", $_start)
147 147 . "\nuid: " . $uid . "\nuid: " . $uid
 
... ... xlog("Took " . $diff . "ms.");
151 151
152 152 // Mark repository dirty for disk statistics and other stuff // Mark repository dirty for disk statistics and other stuff
153 153 if (strcmp($cmd, "git-receive-pack") == 0) if (strcmp($cmd, "git-receive-pack") == 0)
154 @file_put_contents($gg_path . "/dirty", "");
154 @file_put_contents($rg_path . "/dirty", "");
155 155 ?> ?>
File tests/Makefile changed (mode: 100644) (index 7b3aaa8..bd9be3b)
1 .PHONY: test
2 test:
1 tests := util db keys repo
2 .PHONY: $(tests)
3
4 all: $(tests)
5
6 util:
3 7 php util.php php util.php
8
9 db:
4 10 php db.php php db.php
11
12 keys:
5 13 php keys.php php keys.php
14
15 repo:
6 16 php repo.php php repo.php
File tests/db.php changed (mode: 100644) (index 0ab593c..6f060e6)
... ... require_once($INC . "/db.inc.php");
6 6
7 7 @unlink("test.sqlite"); @unlink("test.sqlite");
8 8
9 $db = sql_open("sqlite:test.sqlite");
9 $db = rg_sql_open("sqlite:test.sqlite");
10 10 if ($db === FALSE) { if ($db === FALSE) {
11 echo "Cannot create a database (" . sql_error() . ")!";
11 echo "Cannot create a database (" . rg_sql_error() . ")!";
12 12 exit(1); exit(1);
13 13 } }
14 14
15 15 // test creation // test creation
16 16 $sql = "CREATE TABLE test (id TEXT PRIMARY KEY)"; $sql = "CREATE TABLE test (id TEXT PRIMARY KEY)";
17 $res = sql_query($db, $sql);
17 $res = rg_sql_query($db, $sql);
18 18 if ($res === FALSE) { if ($res === FALSE) {
19 19 echo "Cannot create table!"; echo "Cannot create table!";
20 20 exit(1); exit(1);
 
... ... if ($res === FALSE) {
22 22
23 23 // test insert // test insert
24 24 $sql = "INSERT INTO test (id) VALUES ('aaa')"; $sql = "INSERT INTO test (id) VALUES ('aaa')";
25 $res = sql_query($db, $sql);
25 $res = rg_sql_query($db, $sql);
26 26 if ($res === FALSE) { if ($res === FALSE) {
27 27 echo "Cannot insert!"; echo "Cannot insert!";
28 28 exit(1); exit(1);
 
... ... if ($res === FALSE) {
30 30
31 31 // test insert with the same key // test insert with the same key
32 32 $sql = "INSERT INTO test (id) VALUES ('aaa')"; $sql = "INSERT INTO test (id) VALUES ('aaa')";
33 $res = @sql_query($db, $sql);
33 $res = @rg_sql_query($db, $sql);
34 34 if ($res !== FALSE) { if ($res !== FALSE) {
35 35 echo "I can do double insert!"; echo "I can do double insert!";
36 36 exit(1); exit(1);
 
... ... if ($res !== FALSE) {
38 38
39 39 // test delete // test delete
40 40 $sql = "DELETE FROM test WHERE id = 'aaa'"; $sql = "DELETE FROM test WHERE id = 'aaa'";
41 $res = sql_query($db, $sql);
41 $res = rg_sql_query($db, $sql);
42 42 if ($res === FALSE) { if ($res === FALSE) {
43 43 echo "Cannot delete!"; echo "Cannot delete!";
44 44 exit(1); exit(1);
45 45 } }
46 46
47 sql_close($db);
47 rg_sql_close($db);
48 48
49 49 @unlink("test.sqlite"); @unlink("test.sqlite");
50 50
51 echo "OK!\n";
51 52 ?> ?>
File tests/keys.php changed (mode: 100644) (index d5e9cee..ec7d3db)
... ... require_once($INC . "/db/struct.inc.php");
7 7
8 8 @unlink("keys.sqlite"); @unlink("keys.sqlite");
9 9
10 $db = sql_open("sqlite:keys.sqlite");
10 $db = rg_sql_open("sqlite:keys.sqlite");
11 11 if ($db === FALSE) { if ($db === FALSE) {
12 echo "Cannot create a database (" . sql_error() . ")!";
12 echo "Cannot create a database (" . rg_sql_error() . ")!";
13 13 exit(1); exit(1);
14 14 } }
15 15
16 16 // state table // state table
17 $r = gg_db_struct_run($db, FALSE);
17 $r = rg_db_struct_run($db, FALSE);
18 18 if ($r === FALSE) { if ($r === FALSE) {
19 19 echo "Cannot create tables!"; echo "Cannot create tables!";
20 20 exit(1); exit(1);
21 21 } }
22 22
23 23 // insert a key // insert a key
24 $uid = 1;
25 $key = "aaa'bbb'ccc";
26 $key_id = keys_add($db, $uid, $key);
24 $rg_ui = array("uid" => 1, "is_admin" => 0);
25 $key = "aaa 'bbb' ccc";
26 $key_id = rg_keys_add($db, $rg_ui, $key);
27 27 if ($key_id === FALSE) { if ($key_id === FALSE) {
28 echo "Cannot add key!";
28 echo "Cannot add key (" . rg_keys_error() . ")!\n";
29 29 exit(1); exit(1);
30 30 } }
31 31
32 32 // delete a key // delete a key
33 $uid = 1;
34 $key = "aaa'bbb'ccc";
35 $r = keys_remove($db, $uid, $key_id);
33 $rg_ui = array("uid" => 1, "is_admin" => 0);
34 $r = rg_keys_remove($db, $rg_ui, $key_id);
36 35 if ($r === FALSE) { if ($r === FALSE) {
37 36 echo "Cannot remove key (" . keys_error() . ")!"; echo "Cannot remove key (" . keys_error() . ")!";
38 37 exit(1); exit(1);
39 38 } }
40 39
41 40 // test key file generation // test key file generation
42 $gg_keys_file = "afile.txt";
43 $r = keys_regen($db);
41 $rg_keys_file = "afile.txt";
42 $r = rg_keys_regen($db);
44 43 if ($r === FALSE) { if ($r === FALSE) {
45 44 echo "Cannot regenerate keys (" . keys_error() . ")!"; echo "Cannot regenerate keys (" . keys_error() . ")!";
46 45 exit(1); exit(1);
47 46 } }
48 47 @unlink("afile.txt"); @unlink("afile.txt");
49 48
50 sql_close($db);
49 rg_sql_close($db);
51 50
52 51 @unlink("keys.sqlite"); @unlink("keys.sqlite");
53 52
53 echo "OK\n";
54 54 ?> ?>
File tests/repo.php changed (mode: 100644) (index 882e6ec..43b75be)
... ... $INC = "../inc";
5 5 require_once($INC . "/repo.inc.php"); require_once($INC . "/repo.inc.php");
6 6 require_once($INC . "/db/struct.inc.php"); require_once($INC . "/db/struct.inc.php");
7 7
8 xlog_set_file(__FILE__ . ".log");
8 rg_log_set_file(__FILE__ . ".log");
9 9
10 10 @unlink("repo.sqlite"); @unlink("repo.sqlite");
11 11
12 $db = sql_open("sqlite:repo.sqlite");
12 $db = rg_sql_open("sqlite:repo.sqlite");
13 13 if ($db === FALSE) { if ($db === FALSE) {
14 echo "Cannot create a database (" . sql_error() . ")!\n";
14 echo "Cannot create a database (" . rg_sql_error() . ")!\n";
15 15 exit(1); exit(1);
16 16 } }
17 17
18 $r = gg_db_struct_run($db, FALSE);
18 $r = rg_db_struct_run($db, FALSE);
19 19 if ($r === FALSE) { if ($r === FALSE) {
20 20 echo "Cannot create struct!\n"; echo "Cannot create struct!\n";
21 21 exit(1); exit(1);
 
... ... $sql = "INSERT INTO repos (repo_id, name, uid, itime"
25 25 . ", disk_quota_mb, max_commit_size" . ", disk_quota_mb, max_commit_size"
26 26 . ", master, desc, git_dir_done, default_rights)" . ", master, desc, git_dir_done, default_rights)"
27 27 . " VALUES (1, 'repo1', 1, 0, 0, 0, 0, 'bla bla desc', 1, '')"; . " VALUES (1, 'repo1', 1, 0, 0, 0, 0, 'bla bla desc', 1, '')";
28 $res = sql_query($db, $sql);
28 $res = rg_sql_query($db, $sql);
29 29 if ($res === FALSE) { if ($res === FALSE) {
30 30 echo "Cannot insert a user!\n"; echo "Cannot insert a user!\n";
31 31 exit(1); exit(1);
32 32 } }
33 33
34 34 $repo_id = 1; $repo_id = 1;
35 $ri = repo_info($db, $repo_id, "");
35 $ri = rg_repo_info($db, $repo_id, "");
36 36 $uid = 10; $uid = 10;
37 $v = gg_repo_rights_set($db, $ri, $uid, "F");
37 $v = rg_repo_rights_set($db, $ri, $uid, "F");
38 38 if ($v === FALSE) { if ($v === FALSE) {
39 39 echo "Cannot give rights (1)!\n"; echo "Cannot give rights (1)!\n";
40 40 exit(1); exit(1);
41 41 } }
42 42
43 @unlink("repo.sqlite");
44
43 45 $a = "AF"; $b = "AD"; $e = "AFD"; $a = "AF"; $b = "AD"; $e = "AFD";
44 $r = gg_repo_rights_combine($a, $b);
46 $r = rg_repo_rights_combine($a, $b);
45 47 if (strcmp($r, $e) != 0) { if (strcmp($r, $e) != 0) {
46 48 echo "Combine rights error1 ([$r] vs [$e])\n"; echo "Combine rights error1 ([$r] vs [$e])\n";
47 49 exit(1); exit(1);
48 50 } }
49 51
50 52 $a = ""; $b = ""; $e = ""; $a = ""; $b = ""; $e = "";
51 $r = gg_repo_rights_combine($a, $b);
53 $r = rg_repo_rights_combine($a, $b);
52 54 if (strcmp($r, $e) != 0) { if (strcmp($r, $e) != 0) {
53 55 echo "Combine rights error1 ([$r] vs [$e])\n"; echo "Combine rights error1 ([$r] vs [$e])\n";
54 56 exit(1); exit(1);
55 57 } }
56 58
57 59 $a = "AXUJUNFUUFU"; $b = ""; $e = $a; $a = "AXUJUNFUUFU"; $b = ""; $e = $a;
58 $r = gg_repo_rights_combine($a, $b);
60 $r = rg_repo_rights_combine($a, $b);
59 61 if (strcmp($r, $e) != 0) { if (strcmp($r, $e) != 0) {
60 62 echo "Combine rights error1 ([$r] vs [$e])\n"; echo "Combine rights error1 ([$r] vs [$e])\n";
61 63 exit(1); exit(1);
62 64 } }
63 65
64 @unlink("repo.sqlite");
66 // test if repo_allow works correctly
67 $rg_repo_allow = '/^[^A-Za-z0-9]*$/';
68 $v = "eyhtmcmet_";
69 $c = rg_repo_ok($v);
70 if ($c !== FALSE) {
71 echo "repo_allow problem for '_' ($c).\n";
72 exit(1);
73 }
74
75 $rg_repo_allow = '/^[^A-Za-z0-9_.-]*$/';
76 $v = ".e&y.h-tmcmet&_.-";
77 $c = rg_repo_ok($v);
78 if ($c !== FALSE) {
79 echo "repo_allow problem for '&'.\n";
80 exit(1);
81 }
82
83 // check if we allow '..'
84 $rg_repo_allow = '/^[^A-Za-z0-9_.-]*$/';
85 $v = "a..b";
86 $c = rg_repo_ok($v);
87 if ($c !== FALSE) {
88 echo "repo_allow problem for '..'.\n";
89 exit(1);
90 }
91
92 // check len
93 $v = "0123456789A";
94 $rg_repo_allow = '/^[^A-Za-z0-9]*$/';
95 $rg_repo_max_len = 10;
96 $c = rg_repo_ok($v);
97 if ($c !== FALSE) {
98 echo "repo_ok: max length is not enforced!\n";
99 exit(1);
100 }
101
102 echo "OK\n";
65 103 ?> ?>
File tests/user.php changed (mode: 100644) (index ce01c95..da193d8)
... ... require_once($INC . "/db/struct.inc.php");
7 7
8 8 @unlink("user.sqlite"); @unlink("user.sqlite");
9 9
10 $db = sql_open("sqlite:user.sqlite");
10 $db = rg_sql_open("sqlite:user.sqlite");
11 11 if ($db === FALSE) { if ($db === FALSE) {
12 echo "Cannot create a database (" . sql_error() . ")!";
12 echo "Cannot create a database (" . rg_sql_error() . ")!";
13 13 exit(1); exit(1);
14 14 } }
15 15
16 $r = gg_db_struct_run($db, FALSE);
16 $r = rg_db_struct_run($db, FALSE);
17 17 if ($r === FALSE) { if ($r === FALSE) {
18 18 echo "Cannot create structure!"; echo "Cannot create structure!";
19 19 exit(1); exit(1);
20 20 } }
21 21
22 $sql = "INSERT INTO users VALUES ('gg@localhost', '', 0)";
23 $res = sql_query($db, $sql);
22 $sql = "INSERT INTO users VALUES ('rg@localhost', '', 0)";
23 $res = rg_sql_query($db, $sql);
24 24 if ($res === FALSE) { if ($res === FALSE) {
25 25 echo "Cannot insert a user!"; echo "Cannot insert a user!";
26 26 exit(1); exit(1);
27 27 } }
28 28
29 $v = user_forgot_pass_mail($db, "gg@localhost");
29 $v = rg_user_forgot_pass_mail($db, "rg@localhost");
30 30 if ($v === FALSE) { if ($v === FALSE) {
31 31 echo "Error: " . user_error() . "!\n"; echo "Error: " . user_error() . "!\n";
32 32 exit(1); exit(1);
33 33 } }
34 34
35 35 @unlink("user.sqlite"); @unlink("user.sqlite");
36
37 echo "OK\n";
36 38 ?> ?>
File tests/util.php changed (mode: 100644) (index bbbbba8..070f43a)
... ... error_reporting(E_ALL | E_STRICT);
4 4 $INC = "../inc"; $INC = "../inc";
5 5 require_once($INC . "/util.inc.php"); require_once($INC . "/util.inc.php");
6 6
7 $id = gg_id(16);
7 $id = rg_id(16);
8 8 if (strlen($id) != 16) { if (strlen($id) != 16) {
9 9 echo "Cannot generate an id!\n"; echo "Cannot generate an id!\n";
10 10 exit(1); exit(1);
11 11 } }
12
13 echo "OK\n";
12 14 ?> ?>
Hints
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master