xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
Commit 6077961d5c443b8a830dc08b3b0ebf37eaf594b3

Another round of bulk updates.

Author: Catalin(ux) M. BOIE
Author date (UTC): 2011-07-04 22:12
Committer: Catalin(ux) M. BOIE
Commit date (UTC): 2011-07-04 22:12
Tree: 4fe489d527dd49264ff678764a564b31759b8f6e
Parents: e44064dab5c6f2fa625bb121483a51ec1960cad9
File Lines added Lines deleted
TODO 20 9
admin/init.php 2 1
duilder.conf 1 1
inc/admin/users/add.php 26 14
inc/admin/users/edit.php 32 14
inc/admin/users/user.form.php 23 4
inc/bye/bye.php 1 1
inc/db/struct.inc.php 2 0
inc/dispatch/dispatch.php 10 0
inc/home/home.php 1 1
inc/keys.inc.php 1 2
inc/keys/keys.php 1 1
inc/login/login.form.php 8 2
inc/login/login.php 1 1
inc/personal/personal.php 12 4
inc/repo/repo.form.php 1 1
inc/repo/repo.php 1 1
inc/repo/repo_page.php 7 8
inc/user.inc.php 139 35
inc/user/confirm.php 19 0
inc/user/create.php 75 0
inc/user/forgot.php 6 4
inc/user/forgot_send.php 1 1
inc/util.inc.php 1 1
root/index.php 1 2
samples/config.php 5 0
samples/rg.conf 1 1
scripts/cron.php 18 5
scripts/q.php 1 1
tests/Makefile 4 0
tests/user.php 3 3

File TODO changed (mode: 100644) (index 935536b..56ab1fb)
3 3 [ ] Validate e-mails. [ ] Validate e-mails.
4 4 [ ] You cannot admin rights of a repository if is not yours. [ ] You cannot admin rights of a repository if is not yours.
5 5 [ ] Check XSRF attacks and other types. [ ] Check XSRF attacks and other types.
6 [ ] Edit repo (rights) does not work.
7 [ ] Postgresql pg_hba.conf fixes.
8 6 [ ] $rg_pass_key should be done in init.php [ ] $rg_pass_key should be done in init.php
9 [ ] Decide what fields to show when editting a user info (user.form.php).
7 [ ] Changing repo name probably is not working right.
10 8 [ ] [ ]
11 9
12 10 == Low priority == == Low priority ==
13 [ ] rg_forgot_email
14 11 [ ] We should make a repo dirty ony if user pushed something with success. [ ] We should make a repo dirty ony if user pushed something with success.
15 12 [ ] <link rel="icon" type="image/png" id="favicon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8%2F9hAAAACGFjVEwAAAASAAAAAJNtBPIAAAAaZmNUTAAAAAAAAAAQAAAAEAAAAAAAAAAALuAD6AABhIDeugAAALhJREFUOI2Nk8sNxCAMRDlGohauXFOMpfTiAlxICqAELltHLqlgctg1InzMRhpFAc%2BLGWTnmoeZYamt78zXdZmaQtQMADlnU0OIAlbmJUBEcO4bRKQY2rUXIPmAGnDuG%2FBx3%2FfvOPVaDUg%2BoAPUf1PArIMCSD5glMEsUGaG%2BkyAFWIBaCsKuA%2BHGCNijLgP133XgOEtaPFMy2vUolEGJoCIzBmoRUR9%2B7rxj16DZaW%2FmgtmxnJ8V3oAnApQwNS5zpcAAAAaZmNUTAAAAAEAAAAQAAAAEAAAAAAAAAAAAB4D6AIB52fclgAAACpmZEFUAAAAAjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9WF%2Bu8QAAABpmY1RMAAAAAwAAABAAAAAQAAAAAAAAAAAAHgPoAgEK8Q9%2FAAAAFmZkQVQAAAAEOI1jYBgFo2AUjAIIAAAEEAAB0xIn4wAAABpmY1RMAAAABQAAABAAAAAQAAAAAAAAAAAAHgPoAgHnO30FAAAAQGZkQVQAAAAGOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVfozYcAAAABpmY1RMAAAABwAAABAAAAAQAAAAAAAAAAAAHgPoAgEKra7sAAAAFmZkQVQAAAAIOI1jYBgFo2AUjAIIAAAEEAABM9s3hAAAABpmY1RMAAAACQAAABAAAAAQAAAAAAAAAAAAHgPoAgHn3p%2BwAAAAKmZkQVQAAAAKOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F1BhPl6AAAAGmZjVEwAAAALAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQpITFkAAAAWZmRBVAAAAAw4jWNrgAWjYBSMArgAAAQQAAHaszpmAAAAGmZjVEwAAAANAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeeCPiMAAABAZmRBVAAAAA44jWNrgJ5gpxrDf2LEcIL%2FpzAVYxPDavP%2FUwz%2FpW79%2F%2F%2F%2FFMP%2FnWoQjC5GOxcgu4QYsVEwCmAAAOE0KxUmBL0KAAAAGmZjVEwAAAAPAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQoU7coAAAAWZmRBVAAAABA4jWNrgAWjYBSMArgAAAQQAAEpOBELAAAAGmZjVEwAAAARAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeYVWtoAAAAqZmRBVAAAABI4jWNrgAVYQXNz839ixHBq3qnG8B9ZAzYx2rlgFIwCcgAA8psX%2FWvpAecAAAAaZmNUTAAAABMAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC4OJMwAAABZmZEFUAAAAFDiNY2AYBaNgFIwCCAAABBAAAcBQHOkAAAAaZmNUTAAAABUAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5kn7SQAAAEBmZEFUAAAAFjiNY2AYnmCnGsN%2FYsRwgv%2BnMBVjE8Nq8%2F9TDP%2Blbv3%2F%2F%2F8Uw%2F%2BdahCMLkY7FyC7hBixUTAKYAAA4TQrFc%2BcEoQAAAAaZmNUTAAAABcAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC98ooAAAABZmZEFUAAAAGDiNY2AYBaNgFIwCCAAABBAAASCZDI4AAAAaZmNUTAAAABkAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5qwZ%2FAAAACpmZEFUAAAAGjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9cjJWbAAAABpmY1RMAAAAGwAAABAAAAAQAAAAAAAAAAAAHgPoAgELOsoVAAAAFmZkQVQAAAAcOI1jYBgFo2AUjAIIAAAEEAAByfEBbAAAABpmY1RMAAAAHQAAABAAAAAQAAAAAAAAAAAAHgPoAgHm8LhvAAAAQGZkQVQAAAAeOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVlxR3%2FgAAABpmY1RMAAAAHwAAABAAAAAQAAAAAAAAAAAAHgPoAgELZmuGAAAAFmZkQVQAAAAgOI1jYBgFo2AUjAIIAAAEEAABHP5cFQAAABpmY1RMAAAAIQAAABAAAAAQAAAAAAAAAAAAHgPoAgHlgtAOAAAAKmZkQVQAAAAiOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F0%2FMvDdAAAAAElFTkSuQmCC"/> [ ] <link rel="icon" type="image/png" id="favicon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8%2F9hAAAACGFjVEwAAAASAAAAAJNtBPIAAAAaZmNUTAAAAAAAAAAQAAAAEAAAAAAAAAAALuAD6AABhIDeugAAALhJREFUOI2Nk8sNxCAMRDlGohauXFOMpfTiAlxICqAELltHLqlgctg1InzMRhpFAc%2BLGWTnmoeZYamt78zXdZmaQtQMADlnU0OIAlbmJUBEcO4bRKQY2rUXIPmAGnDuG%2FBx3%2FfvOPVaDUg%2BoAPUf1PArIMCSD5glMEsUGaG%2BkyAFWIBaCsKuA%2BHGCNijLgP133XgOEtaPFMy2vUolEGJoCIzBmoRUR9%2B7rxj16DZaW%2FmgtmxnJ8V3oAnApQwNS5zpcAAAAaZmNUTAAAAAEAAAAQAAAAEAAAAAAAAAAAAB4D6AIB52fclgAAACpmZEFUAAAAAjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9WF%2Bu8QAAABpmY1RMAAAAAwAAABAAAAAQAAAAAAAAAAAAHgPoAgEK8Q9%2FAAAAFmZkQVQAAAAEOI1jYBgFo2AUjAIIAAAEEAAB0xIn4wAAABpmY1RMAAAABQAAABAAAAAQAAAAAAAAAAAAHgPoAgHnO30FAAAAQGZkQVQAAAAGOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVfozYcAAAABpmY1RMAAAABwAAABAAAAAQAAAAAAAAAAAAHgPoAgEKra7sAAAAFmZkQVQAAAAIOI1jYBgFo2AUjAIIAAAEEAABM9s3hAAAABpmY1RMAAAACQAAABAAAAAQAAAAAAAAAAAAHgPoAgHn3p%2BwAAAAKmZkQVQAAAAKOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F1BhPl6AAAAGmZjVEwAAAALAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQpITFkAAAAWZmRBVAAAAAw4jWNrgAWjYBSMArgAAAQQAAHaszpmAAAAGmZjVEwAAAANAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeeCPiMAAABAZmRBVAAAAA44jWNrgJ5gpxrDf2LEcIL%2FpzAVYxPDavP%2FUwz%2FpW79%2F%2F%2F%2FFMP%2FnWoQjC5GOxcgu4QYsVEwCmAAAOE0KxUmBL0KAAAAGmZjVEwAAAAPAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQoU7coAAAAWZmRBVAAAABA4jWNrgAWjYBSMArgAAAQQAAEpOBELAAAAGmZjVEwAAAARAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeYVWtoAAAAqZmRBVAAAABI4jWNrgAVYQXNz839ixHBq3qnG8B9ZAzYx2rlgFIwCcgAA8psX%2FWvpAecAAAAaZmNUTAAAABMAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC4OJMwAAABZmZEFUAAAAFDiNY2AYBaNgFIwCCAAABBAAAcBQHOkAAAAaZmNUTAAAABUAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5kn7SQAAAEBmZEFUAAAAFjiNY2AYnmCnGsN%2FYsRwgv%2BnMBVjE8Nq8%2F9TDP%2Blbv3%2F%2F%2F8Uw%2F%2BdahCMLkY7FyC7hBixUTAKYAAA4TQrFc%2BcEoQAAAAaZmNUTAAAABcAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC98ooAAAABZmZEFUAAAAGDiNY2AYBaNgFIwCCAAABBAAASCZDI4AAAAaZmNUTAAAABkAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5qwZ%2FAAAACpmZEFUAAAAGjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9cjJWbAAAABpmY1RMAAAAGwAAABAAAAAQAAAAAAAAAAAAHgPoAgELOsoVAAAAFmZkQVQAAAAcOI1jYBgFo2AUjAIIAAAEEAAByfEBbAAAABpmY1RMAAAAHQAAABAAAAAQAAAAAAAAAAAAHgPoAgHm8LhvAAAAQGZkQVQAAAAeOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVlxR3%2FgAAABpmY1RMAAAAHwAAABAAAAAQAAAAAAAAAAAAHgPoAgELZmuGAAAAFmZkQVQAAAAgOI1jYBgFo2AUjAIIAAAEEAABHP5cFQAAABpmY1RMAAAAIQAAABAAAAAQAAAAAAAAAAAAHgPoAgHlgtAOAAAAKmZkQVQAAAAiOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F0%2FMvDdAAAAAElFTkSuQmCC"/>
16 13 [ ] Add key form may be joined with list keys command! [ ] Add key form may be joined with list keys command!
 
21 18 [ ] Allow to configure the limit of the patch size to prevent abuses. [ ] Allow to configure the limit of the patch size to prevent abuses.
22 19 [ ] Allow to configure to refuse binary files. [ ] Allow to configure to refuse binary files.
23 20 [ ] Allow to configure to refuse commits with broken spaces/tab mixes. [ ] Allow to configure to refuse commits with broken spaces/tab mixes.
24 [ ] Add a repo_prop_set/get function that will set/get a file in .git folder. This way we can
25 speed up some lookups (no need for database). Hm.
21 [ ] Add a repo_prop_set/get function that will set/get a file in .git folder.
22 This way we can speed up some lookups (no need for database). Hm.
26 23 [ ] When we delete an repository, we will do repo_prop_set(repo, disabled) and we will [ ] When we delete an repository, we will do repo_prop_set(repo, disabled) and we will
27 24 return OK, in the background we will do the removing. Do not forget to also remove clones. Hm. return OK, in the background we will do the removing. Do not forget to also remove clones. Hm.
28 25 [ ] E-mail aliases section. [ ] E-mail aliases section.
29 [ ] User details section (full name, e-mail, blog, avatar, mail notifications).
26 [ ] User details section (full name, blog, avatar, mail notifications).
30 27 [ ] Check if user is over-quota on push. [ ] Check if user is over-quota on push.
31 28 [ ] The cron will have to: [ ] The cron will have to:
32 29 [ ] Compute disk usage, ignoring hard links. Hm. Probably we will add [ ] Compute disk usage, ignoring hard links. Hm. Probably we will add
 
50 47 [ ] Check http://plathrop.tertiusfamily.net/blog/2010/05/11/git-hooks-branch-acls-and-more/ to block updates that have not pull - a la SVN [ ] Check http://plathrop.tertiusfamily.net/blog/2010/05/11/git-hooks-branch-acls-and-more/ to block updates that have not pull - a la SVN
51 48 [ ] Maybe we should mark the repository as dirty, only in the post-receive hook? Or update is the best place? [ ] Maybe we should mark the repository as dirty, only in the post-receive hook? Or update is the best place?
52 49 [ ] Limit number of commits per push. [ ] Limit number of commits per push.
53 [ ] logrotate
54 50 [ ] In %post section we may want to run a script that will do the update of the [ ] In %post section we may want to run a script that will do the update of the
55 51 database, for example. database, for example.
56 52 [ ] Compute disk_used_mb per user. [ ] Compute disk_used_mb per user.
57 53 [ ] Enforce disk quota. [ ] Enforce disk quota.
58 [ ]
54 [ ] RSS
55 [ ] Config file must be able to be set from a env var, to be able to run
56 multiple instances of rocketgit on the same server.
57 [ ] Smart HTTP transport
58 [ ] Move forget pass token into users table.
59 [ ] Audit all error messages to not propage usefull info to an attacker.
60 [ ]
61
62 == Versus ==
63 * http://www.wikivs.com/wiki/GitHub_vs_Gitorious
64 *
65
66
67 == To recheck ==
68 * http://techbase.kde.org/Projects/MovetoGit#Post_Update_hooks
69 *

File admin/init.php changed (mode: 100644) (index 7b21afd..615101d)
... ... $rights = rg_rights_all("user");
33 33 $user = "admin"; $user = "admin";
34 34 $email = ""; $email = "";
35 35 $session_time = 3600; $session_time = 3600;
36 $confirm_token = "";
36 37 while (1) { while (1) {
37 38 $user0 = readline("User [$user]: "); $user0 = readline("User [$user]: ");
38 39 if (!empty($user0)) if (!empty($user0))
 
... ... while (1) {
61 62 } }
62 63
63 64 $r = rg_user_edit($db, $uid, $user, $email, $pass, $is_admin, $r = rg_user_edit($db, $uid, $user, $email, $pass, $is_admin,
64 $disk_quota_mb, $rights, $session_time);
65 $disk_quota_mb, $rights, $session_time, $confirm_token);
65 66 if ($r !== TRUE) { if ($r !== TRUE) {
66 67 echo "Cannot create user (" . rg_user_error() . ")!\n"; echo "Cannot create user (" . rg_user_error() . ")!\n";
67 68 continue; continue;

File duilder.conf changed (mode: 100644) (index 20aa25e..36bc1ff)
1 1 PRJ="rocketgit" PRJ="rocketgit"
2 VER="0.7"
2 VER="0.8"
3 3 REV="1" REV="1"
4 4 EXCLUDE=".exclude" EXCLUDE=".exclude"
5 5 EXPORT_PATH="/data/www/umbrella/kernel/us/rocketgit" EXPORT_PATH="/data/www/umbrella/kernel/us/rocketgit"

File inc/admin/users/add.php changed (mode: 100644) (index 34a9bd7..5424d49)
1 1 <?php <?php
2 2 rg_log("/inc/admin/users/add"); rg_log("/inc/admin/users/add");
3 3
4 $uid = 0;
4 5 $_user_add = ""; $_user_add = "";
6 $errmsg = array();
5 7
6 8 if ($doit == 1) { if ($doit == 1) {
7 9 if (!rg_token_valid($db, $sid, $token)) { if (!rg_token_valid($db, $sid, $token)) {
 
... ... if ($doit == 1) {
17 19 $rights = @rg_rights_a2s($_REQUEST['rights']); $rights = @rg_rights_a2s($_REQUEST['rights']);
18 20 $session_time = rg_var_uint("session_time"); $session_time = rg_var_uint("session_time");
19 21
20 $_ui = rg_user_info($db, 0, $xuser, "");
21 if ($_ui['ok'] == 0) {
22 $_user_add .= "Error: Internal error!";
23 } else if ($_ui['exists'] == 0) {
24 if (rg_user_edit($db, 0, $xuser, $email, $xpass, $is_admin,
25 $disk_quota_mb, $rights, $session_time)) {
26 $_user_add .= "OK!<br />";
22 while (1) {
23 $_ui = rg_user_info($db, 0, $xuser, "");
24 if ($_ui['ok'] != 1) {
25 $errmsg[] = "Internal error!";
26 break;
27 }
28
29 if ($_ui['exists'] == 1) {
30 $errmsg[] = "User already exists";
31 break;
32 }
33
34 if (!rg_user_edit($db, 0, $xuser, $email, $xpass, $is_admin,
35 $disk_quota_mb, $rights, $session_time, "")) {
36 $errmsg[] = "Cannot add user (" . rg_user_error() . ").";
37 break;
27 38 } }
28 } else {
29 rg_log("User already in use!");
30 $_user_add .= "Error: User already taken!";
39
40 // TODO: Send a confirmation e-mail with the password
41
42 $_user_add .= "OK!<br />";
43 break;
31 44 } }
32 45 } else { } else {
33 46 $xuser = ""; $xuser = "";
 
... ... if ($doit == 1) {
39 52 $session_time = $rg_session_time; $session_time = $rg_session_time;
40 53 } }
41 54
42 $uid = 0;
43
44 $user_form_add = 1;
55 $admin_mode = 1;
56 $pass_mode = 1;
45 57 include($INC . "/admin/users/user.form.php"); include($INC . "/admin/users/user.form.php");
46 58 $_user_add .= $_form; $_user_add .= $_form;
47 59
48 ?>
60 ?>

File inc/admin/users/edit.php changed (mode: 100644) (index da77793..5bb01e3)
... ... $uid = rg_var_str("uid");
5 5
6 6 $_user_edit = ""; $_user_edit = "";
7 7
8 $show_form = 1;
9 $errmsg = array();
10
8 11 if ($doit == 1) { if ($doit == 1) {
9 12 // TODO: Check if user has the right to edit this info! // TODO: Check if user has the right to edit this info!
10 13 if (!rg_token_valid($db, $sid, $token)) { if (!rg_token_valid($db, $sid, $token)) {
 
... ... if ($doit == 1) {
20 23 $rights = @rg_rights_a2s($_REQUEST['rights']); $rights = @rg_rights_a2s($_REQUEST['rights']);
21 24 $session_time = rg_var_uint("session_time"); $session_time = rg_var_uint("session_time");
22 25
23 $_ui = rg_user_info($db, 0, $xuser, "");
24 if ($_ui['ok'] == 0) {
25 $_user_edit .= "Error: Internal error!";
26 } else if ($_ui['exists'] == 0) {
27 rg_log("User does not exists!");
28 $_user_edit .= "Error: User does not exists!";
29 } else {
30 if (rg_user_edit($db, $uid, $xuser, $email, $xpass,
31 $is_admin, $disk_quota_mb, $rights, $session_time)) {
32 $_user_edit .= "OK!<br />";
26 while (1) {
27 $_ui = rg_user_info($db, 0, $xuser, "");
28 if ($_ui['ok'] == 0) {
29 $errmsg[] = "Internal error!";
30 break;
31 }
32
33 if ($_ui['exists'] == 0) {
34 $errmsg[] = "User does not exists!";
35 break;
36 }
37
38 if (!rg_user_edit($db, $uid, $xuser, $email, $xpass,
39 $is_admin, $disk_quota_mb, $rights, $session_time, "")) {
40 $errmsg[] = "Cannot change info (" . rg_user_error() . ").";
41 break;
33 42 } }
43
44 $_user_edit .= "OK!<br />";
45 $show_form = 0;
46 break;
34 47 } }
35 48 } else { } else {
36 49 // TODO: Check if user has the right to edit this info! // TODO: Check if user has the right to edit this info!
37 50
38 51 $_ui = rg_user_info($db, $uid, "", ""); $_ui = rg_user_info($db, $uid, "", "");
39 52 if ($_ui['ok'] == 0) { if ($_ui['ok'] == 0) {
40 $_user_edit .= "Error: Internal error!";
53 $_user_edit .= "Internal error!";
54 $show_form = 0;
41 55 } else if ($_ui['exists'] == 0) { } else if ($_ui['exists'] == 0) {
42 56 $_user_edit .= "User does not exist!<br />"; $_user_edit .= "User does not exist!<br />";
57 $show_form = 0;
43 58 } else { } else {
44 59 $xuser = $_ui['username']; $xuser = $_ui['username'];
45 60 $email = $_ui['email']; $email = $_ui['email'];
 
... ... if ($doit == 1) {
51 66 } }
52 67 } }
53 68
54 $user_form_add = 1;
55 include($INC . "/admin/users/user.form.php");
56 $_user_edit .= $_form;
69 if ($show_form == 1) {
70 $admin_mode = 1;
71 $pass_mode = 1;
72 include($INC . "/admin/users/user.form.php");
73 $_user_edit .= $_form;
74 }
57 75
58 76 ?> ?>

File inc/admin/users/user.form.php changed (mode: 100644) (index 6a0d1b2..4ee35c6)
1 1 <?php <?php
2 $_form = "";
2 3
3 $sel_is_admin = array(0 => "", 1 => "");
4 $sel_is_admin[$is_admin] = " selected=\"selected\"";
4 if ($admin_mode == 1) {
5 $sel_is_admin = array(0 => "", 1 => "");
6 $sel_is_admin[$is_admin] = " selected=\"selected\"";
7 }
8
9 if (count($errmsg) > 0)
10 $_form .= "<font color=red>" . implode("<br />\n", $errmsg) . "</font><br />\n";
5 11
6 $_form = '
12 $_form .= '
7 13 <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
8 14 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
9 15 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
 
... ... $_form = '
24 30 </tr> </tr>
25 31 '; ';
26 32
27 if ($user_form_add == 1) {
33 if ($pass_mode > 0) {
28 34 $_form .= ' $_form .= '
29 35 <tr> <tr>
30 36 <td>Password:</td> <td>Password:</td>
31 37 <td><input type="password" name="xpass" value="' . $xpass . '"/></td> <td><input type="password" name="xpass" value="' . $xpass . '"/></td>
32 38 </tr> </tr>
39 ';
40 }
41
42 if ($pass_mode > 1) {
43 $_form .= '
44 <tr>
45 <td>Password (confirmation):</td>
46 <td><input type="password" name="xpass2" value="' . $xpass2 . '"/></td>
47 </tr>
48 ';
49 }
33 50
51 if ($admin_mode == 1) {
52 $_form .= '
34 53 <tr> <tr>
35 54 <td>Admin?</td> <td>Admin?</td>
36 55 <td> <td>

File inc/bye/bye.php changed (mode: 100644) (index a028bc8..dde1bb4)
1 1 <?php <?php
2 rg_log("/inc/bye/bye.php");
2 rg_log("/inc/bye/bye");
3 3
4 4 $_bye = ""; $_bye = "";
5 5

File inc/db/struct.inc.php changed (mode: 100644) (index e47ced6..1bc1782)
... ... $rg_db_struct[0] = array(
45 45 . ", disk_quota_mb INTEGER NOT NULL DEFAULT 0" . ", disk_quota_mb INTEGER NOT NULL DEFAULT 0"
46 46 . ", disk_used_mb INTEGER NOT NULL DEFAULT 0" . ", disk_used_mb INTEGER NOT NULL DEFAULT 0"
47 47 . ", rights TEXT NOT NULL" . ", rights TEXT NOT NULL"
48 . ", confirmed INTEGER NOT NULL DEFAULT 0"
49 . ", confirm_token TEXT NOT NULL DEFAULT ''"
48 50 . ")", . ")",
49 51 "sess" => "CREATE TABLE sess" "sess" => "CREATE TABLE sess"
50 52 . " (sid TEXT PRIMARY KEY" . " (sid TEXT PRIMARY KEY"

File inc/dispatch/dispatch.php changed (mode: 100644) (index 3e3586f..c1e9569)
... ... case 'personal':
62 62 $body .= $_personal; $body .= $_personal;
63 63 break; break;
64 64
65 case 'create_account':
66 include($INC . "/user/create.php");
67 $body .= $_create;
68 break;
69
70 case 'confirm':
71 include($INC . "/user/confirm.php");
72 $body .= $_confirm;
73 break;
74
65 75 default: default:
66 76 rg_log("Invalid operation!"); rg_log("Invalid operation!");
67 77 } }

File inc/home/home.php changed (mode: 100644) (index c05b12a..5e9924e)
... ... rg_log("/home/home.php");
3 3
4 4 $_home = ""; $_home = "";
5 5
6 $_home .= "Bau!";
6 $_home .= "Bau! This is the homepage.";
7 7
8 8 ?> ?>
9 9

File inc/keys.inc.php changed (mode: 100644) (index cc67061..d3f2811)
... ... function rg_keys_regen($db)
124 124
125 125 $dirty = rg_state_get($db, "authorized_keys"); $dirty = rg_state_get($db, "authorized_keys");
126 126 if ($dirty == 0) { if ($dirty == 0) {
127 rg_log("Skip generation because is not dirty!");
127 // Skip generation because is not dirty
128 128 return TRUE; return TRUE;
129 129 } }
130 130
131 131 // create .ssh folder if does not exists // create .ssh folder if does not exists
132 132 $dir = dirname($rg_keys_file); $dir = dirname($rg_keys_file);
133 133 if (!file_exists($dir)) { if (!file_exists($dir)) {
134 rg_log("dir [$dir] does not exists. Creating it...");
135 134 if (!@mkdir($dir, 0700, TRUE)) { if (!@mkdir($dir, 0700, TRUE)) {
136 135 rg_keys_set_error("cannot create dir $dir ($php_errormsg)"); rg_keys_set_error("cannot create dir $dir ($php_errormsg)");
137 136 return FALSE; return FALSE;

File inc/keys/keys.php changed (mode: 100644) (index a0368e5..f492102)
1 1 <?php <?php
2 rg_log("/inc/keys/keys.php");
2 rg_log("/inc/keys/keys");
3 3
4 4 $_keys = ""; $_keys = "";
5 5

File inc/login/login.form.php changed (mode: 100644) (index 7723ef5..268d54e)
2 2 $_form = ''; $_form = '';
3 3
4 4 if (count($errmsg) > 0) if (count($errmsg) > 0)
5 $_form .= "<font color=red>" . implode("<br />\n", $errmsg) . "</font>\n";
5 $_form .= "<font color=red>" . implode("<br />\n", $errmsg) . "</font><br />\n";
6 6
7 7 $_form .= ' $_form .= '
8 8 <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
9 9 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
10 10 <input type="hidden" name="subop" value="1"> <input type="hidden" name="subop" value="1">
11 11 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
12 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
13 12
14 13 User: <input type="text" name="user" value="' . $user . '"><br /> User: <input type="text" name="user" value="' . $user . '"><br />
15 14 Password: <input type="password" name="pass" value="' . $pass . '"><br /> Password: <input type="password" name="pass" value="' . $pass . '"><br />
 
... ... Password:
19 18 <a href="' . rg_re_url("forgot_send") . '">Forgot your password?</a> <a href="' . rg_re_url("forgot_send") . '">Forgot your password?</a>
20 19 '; ';
21 20
21 if ($rg_account_allow_creation == 1) {
22 $_form .= '
23 <br />
24 <a href="' . rg_re_url("create_account") . '">Create a new account</a>
25 ';
26 }
27
22 28 ?> ?>

File inc/login/login.php changed (mode: 100644) (index b5edbcd..865e49d)
1 1 <?php <?php
2 rg_log("/inc/login/login.php");
2 rg_log("/inc/login/login");
3 3
4 4 $user = rg_var_str("user"); $user = rg_var_str("user");
5 5 $pass = rg_var_str("pass"); $pass = rg_var_str("pass");

File inc/personal/personal.php changed (mode: 100644) (index cd6b44c..510a6c1)
... ... switch ($subop) {
22 22 case 1: // edit info case 1: // edit info
23 23 $uid = $rg_ui['uid']; $uid = $rg_ui['uid'];
24 24
25 $errmsg = array();
25 26 if ($doit == 1) { if ($doit == 1) {
26 27 // TODO: Check if user has the right to edit this info! // TODO: Check if user has the right to edit this info!
27 28 if (!rg_token_valid($db, $sid, $token)) { if (!rg_token_valid($db, $sid, $token)) {
 
... ... case 1: // edit info
36 37 $rights = $rg_ui['rights']; $rights = $rg_ui['rights'];
37 38 $session_time = rg_var_uint("session_time"); $session_time = rg_var_uint("session_time");
38 39
39 $xpass = "";
40 if (rg_user_edit($db, $rg_ui['uid'], $xuser, $email, $xpass,
41 $is_admin, $disk_quota_mb, $rights, $session_time)) {
40 while (1) {
41 $xpass = "";
42 if (!rg_user_edit($db, $rg_ui['uid'], $xuser, $email, $xpass,
43 $is_admin, $disk_quota_mb, $rights, $session_time, "")) {
44 $errmsg[] = "Cannot change info (" . rg_user_error() . ").";
45 break;
46 }
47
42 48 $_body .= "OK!<br />"; $_body .= "OK!<br />";
49 break;
43 50 } }
44 51 } else { } else {
45 52 $xuser = $rg_ui['username']; $xuser = $rg_ui['username'];
 
... ... case 1: // edit info
50 57 $session_time = $rg_ui['session_time']; $session_time = $rg_ui['session_time'];
51 58 } }
52 59
53 $user_form_add = 0;
60 $admin_mode = 0;
61 $pass_mode = 0;
54 62 include($INC . "/admin/users/user.form.php"); include($INC . "/admin/users/user.form.php");
55 63 $_body .= $_form; $_body .= $_form;
56 64 break; break;

File inc/repo/repo.form.php changed (mode: 100644) (index 666c841..f8a751c)
... ... $_form .= '
50 50 </tr> </tr>
51 51
52 52 <tr> <tr>
53 <td>Default rights:</td>
53 <td>Default rights (for anonymous access, un-select all for private repositories):</td>
54 54 <td> <td>
55 55 ' . rg_rights_checkboxes("repo", $rights) . ' ' . rg_rights_checkboxes("repo", $rights) . '
56 56 </td> </td>

File inc/repo/repo.php changed (mode: 100644) (index 473a0c3..75225c5)
1 1 <?php <?php
2 rg_log("/inc/repo/repo.php");
2 rg_log("/inc/repo/repo");
3 3
4 4 $_repo = ""; $_repo = "";
5 5

File inc/repo/repo_page.php changed (mode: 100644) (index 74b2678..16a1f1b)
1 1 <?php <?php
2 rg_log("/inc/repo/repo_page.php");
2 rg_log("/inc/repo/repo_page");
3 3
4 $repo = rg_var_str("repo");
5 4 $repo_id = rg_var_uint("repo_id"); $repo_id = rg_var_uint("repo_id");
6 5 $name = rg_var_str("name"); $name = rg_var_str("name");
7 6 $max_commit_size = rg_var_uint("max_commit_size"); $max_commit_size = rg_var_uint("max_commit_size");
 
... ... $user = rg_var_str("user");
12 11 $master_repo_id = 0; $master_repo_id = 0;
13 12
14 13 // menu // menu
15 $_url = rg_re_repopage($repo_id, $repo);
14 $_url = rg_re_repopage($repo_id, $name);
16 15 $_menu = ""; $_menu = "";
17 16 $_menu .= "[<a href=\"$_url&amp;subop=1\">Edit</a>]"; $_menu .= "[<a href=\"$_url&amp;subop=1\">Edit</a>]";
18 17 $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">Rights</a>]"; $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">Rights</a>]";
 
... ... $_menu .= "
\n";
22 21
23 22 $_body = ""; $_body = "";
24 23
25 $repo_ok = rg_repo_ok($repo);
24 $repo_ok = rg_repo_ok($name);
26 25 if ($repo_ok === TRUE) { if ($repo_ok === TRUE) {
27 $ri = rg_repo_info($db, $repo_id, $repo);
26 $ri = rg_repo_info($db, $repo_id, $name);
28 27 if (($ri['ok'] != 1) || ($ri['exists'] != 1) || ($ri['deleted'] == 1)) if (($ri['ok'] != 1) || ($ri['exists'] != 1) || ($ri['deleted'] == 1))
29 28 $repo_ok = FALSE; $repo_ok = FALSE;
30 29 } }
31 30
32 31 if ($repo_ok !== TRUE) { if ($repo_ok !== TRUE) {
33 $_body .= "Invalid repository!";
34 // force subop 0
35 $subop = 0;
32 $_repo = "Invalid repository!";
33 return;
36 34 } }
35
37 36 // we need it in forms // we need it in forms
38 37 $repo_id = $ri['repo_id']; $repo_id = $ri['repo_id'];
39 38

File inc/user.inc.php changed (mode: 100644) (index cf88590..1697b42)
... ... function rg_user_pass($salt, $pass)
41 41 */ */
42 42 function rg_user_pass_ok($pass) function rg_user_pass_ok($pass)
43 43 { {
44 if (strlen($pass) <= 4) {
45 rg_user_set_error("Password is too short.");
44 if (strlen($pass) < 5) {
45 rg_user_set_error("password is too short (less than 5 chars)");
46 46 return FALSE; return FALSE;
47 47 } }
48 48
 
... ... function rg_user_ok($user)
64 64 } }
65 65
66 66 if (strlen($user) < $rg_user_min_len) { if (strlen($user) < $rg_user_min_len) {
67 rg_user_set_error("User name too short (shorter than $rg_user_min_len)");
67 rg_user_set_error("user name too short (shorter than $rg_user_min_len)");
68 68 return FALSE; return FALSE;
69 69 } }
70 70
 
... ... function rg_user_ok($user)
81 81 * If uid > 0 - edit, else, add * If uid > 0 - edit, else, add
82 82 */ */
83 83 function rg_user_edit($db, $uid, $user, $email, $pass, $is_admin, function rg_user_edit($db, $uid, $user, $email, $pass, $is_admin,
84 $disk_quota_mb, $rights, $session_time)
84 $disk_quota_mb, $rights, $session_time, $confirm_token)
85 85 { {
86 86 rg_log("user_edit: uid=$uid, user=$user email=$email" rg_log("user_edit: uid=$uid, user=$user email=$email"
87 87 . " pass=$pass is_admin=$is_admin" . " pass=$pass is_admin=$is_admin"
88 88 . " disk_quota_mb=$disk_quota_mb rights=$rights" . " disk_quota_mb=$disk_quota_mb rights=$rights"
89 . " session_time=$session_time...");
89 . " session_time=$session_time, confirm_token=$confirm_token...");
90 90
91 91 if (rg_user_ok($user) !== TRUE) if (rg_user_ok($user) !== TRUE)
92 92 return FALSE; return FALSE;
93 93
94 $now = time();
94 95 $e_user = rg_sql_escape($db, $user); $e_user = rg_sql_escape($db, $user);
95 96 $e_salt = rg_id(40); $e_salt = rg_id(40);
96 97 $e_pass = rg_user_pass($e_salt, $pass); $e_pass = rg_user_pass($e_salt, $pass);
97 98 $e_email = rg_sql_escape($db, $email); $e_email = rg_sql_escape($db, $email);
98 99 $e_rights = rg_sql_escape($db, $rights); $e_rights = rg_sql_escape($db, $rights);
99 100
101 if (empty($confirm_token)) {
102 // no need to confirm account
103 $confirmed = $now;
104 } else {
105 $confirmed = 0;
106 }
107
100 108 if ($uid == 0) { // add if ($uid == 0) { // add
101 109 if (rg_user_pass_ok($pass) !== TRUE) if (rg_user_pass_ok($pass) !== TRUE)
102 110 return FALSE; return FALSE;
103 111
104 $now = time();
105 112 $sql = "INSERT INTO users (username, salt, pass, email, itime" $sql = "INSERT INTO users (username, salt, pass, email, itime"
106 . ", is_admin, disk_quota_mb, rights, session_time)"
113 . ", is_admin, disk_quota_mb, rights, session_time"
114 . ", confirmed, confirm_token)"
107 115 . " VALUES ('$e_user', '$e_salt', '$e_pass'" . " VALUES ('$e_user', '$e_salt', '$e_pass'"
108 116 . ", '$e_email', $now, $is_admin, $disk_quota_mb" . ", '$e_email', $now, $is_admin, $disk_quota_mb"
109 . ", '$e_rights', $session_time)";
117 . ", '$e_rights', $session_time"
118 . ", $confirmed, '$confirm_token')";
110 119 } else { // edit } else { // edit
111 120 $salt_pass_add = ""; $salt_pass_add = "";
112 121 if (!empty($pass)) if (!empty($pass))
 
... ... function rg_user_edit($db, $uid, $user, $email, $pass, $is_admin,
124 133
125 134 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
126 135 if ($res === FALSE) { if ($res === FALSE) {
127 rg_user_set_error("Cannot insert/update user (" . rg_sql_error() . ")!");
136 rg_user_set_error("cannot insert/update user (" . rg_sql_error() . ")");
128 137 return FALSE; return FALSE;
129 138 } }
130 139 rg_sql_free_result($res); rg_sql_free_result($res);
 
... ... function rg_user_remove($db, $uid)
142 151 $sql = "DELETE FROM users WHERE uid = $uid"; $sql = "DELETE FROM users WHERE uid = $uid";
143 152 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
144 153 if ($res === FALSE) { if ($res === FALSE) {
145 rg_user_set_error("Cannot remove user $uid (" . rg_sql_error() . ")!");
154 rg_user_set_error("cannot remove user $uid (" . rg_sql_error() . ")");
146 155 return FALSE; return FALSE;
147 156 } }
148 157 rg_sql_free_result($res); rg_sql_free_result($res);
 
... ... function rg_user_info($db, $uid, $user, $email)
181 190 $sql = "SELECT * FROM users WHERE 1 = 1" . $add; $sql = "SELECT * FROM users WHERE 1 = 1" . $add;
182 191 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
183 192 if ($res === FALSE) { if ($res === FALSE) {
184 rg_user_set_error("Cannot get info (" . rg_sql_error() . ")!");
193 rg_user_set_error("cannot get info (" . rg_sql_error() . ")");
185 194 return $ret; return $ret;
186 195 } }
187 196
 
... ... function rg_user_login_by_sid($db, $sid, &$rg_ui)
221 230 return FALSE; return FALSE;
222 231
223 232 $rg_ui = rg_user_info($db, $uid, "", ""); $rg_ui = rg_user_info($db, $uid, "", "");
224 if ($rg_ui['exists'] != 1)
225 rg_user_set_error("Invalid uid!");
233 if ($rg_ui['exists'] != 1) {
234 rg_user_set_error("invalid uid");
226 235 return FALSE; return FALSE;
236 }
237
227 238 rg_sess_update($db, $sid); rg_sess_update($db, $sid);
228 239
229 240 rg_user_set_last_seen($db, $rg_ui['uid']); rg_user_set_last_seen($db, $rg_ui['uid']);
 
... ... function rg_user_pass_valid($db, $uid, $pass)
239 250 rg_log("user_pass_valid: uid=$uid, pass=$pass..."); rg_log("user_pass_valid: uid=$uid, pass=$pass...");
240 251
241 252 if (empty($pass)) { if (empty($pass)) {
242 rg_log("\tPassword is empty.");
253 rg_user_set_error("password is empty");
243 254 return FALSE; return FALSE;
244 255 } }
245 256
246 257 $ui = rg_user_info($db, $uid, "", ""); $ui = rg_user_info($db, $uid, "", "");
247 258 if ($ui['exists'] != 1) { if ($ui['exists'] != 1) {
248 rg_log("\tUser does not exists.");
259 rg_user_set_error("user does not exists");
249 260 return FALSE; return FALSE;
250 261 } }
251 262
252 263 $sha1pass = rg_user_pass($ui['salt'], $pass); $sha1pass = rg_user_pass($ui['salt'], $pass);
253 264 if (strcmp($sha1pass, $ui['pass']) != 0) { if (strcmp($sha1pass, $ui['pass']) != 0) {
254 rg_log("\tPassword is not ok [$sha1pass] != [" . $ui['pass'] . "].");
265 rg_user_set_error("password is not ok");
255 266 return FALSE; return FALSE;
256 267 } }
257 268
 
... ... function rg_user_pass_valid($db, $uid, $pass)
260 271 } }
261 272
262 273 /* /*
274 * Auto login the user
275 */
276 function rg_user_auto_login($db, $uid, &$rg_ui)
277 {
278 $rg_ui = rg_user_info($db, $uid, "", "");
279 if ($rg_ui['ok'] != 1)
280 return FALSE;
281
282 if ($rg_ui['exists'] != 1)
283 return FALSE;
284
285 $sid = rg_id(40);
286 rg_sess_add($db, $uid, $sid, $rg_ui['session_time']);
287 setcookie("sid", $sid, 0, "/", $_SERVER['SERVER_NAME'],
288 @strcmp($_SERVER['HTTPS'], "on") == 0 /* secure */,
289 TRUE /* httponly */);
290
291 return TRUE;
292 }
293
294 /*
263 295 * Test if login is OK * Test if login is OK
264 296 */ */
265 297 function rg_user_login_by_user_pass($db, $user, $pass, &$rg_ui) function rg_user_login_by_user_pass($db, $user, $pass, &$rg_ui)
 
... ... function rg_user_login_by_user_pass($db, $user, $pass, &$rg_ui)
271 303 $rg_ui['is_admin'] = 0; $rg_ui['is_admin'] = 0;
272 304
273 305 if (empty($user) || empty($pass)) { if (empty($user) || empty($pass)) {
274 rg_user_set_error("Invalid user or pass!");
306 rg_user_set_error("invalid user or pass");
275 307 return FALSE; return FALSE;
276 308 } }
277 309
278 310 $rg_ui = rg_user_info($db, 0, $user, ""); $rg_ui = rg_user_info($db, 0, $user, "");
279 311 if ($rg_ui['exists'] != 1) { if ($rg_ui['exists'] != 1) {
280 rg_user_set_error("Invalid user or pass!");
312 rg_user_set_error("invalid user or pass");
281 313 return FALSE; return FALSE;
282 314 } }
283 rg_log("\trg_ui: " . print_r($rg_ui, TRUE));
284 315
285 316 if ($rg_ui['suspended'] > 0) { if ($rg_ui['suspended'] > 0) {
286 rg_user_set_error("Invalid user or pass!");
317 rg_user_set_error("invalid user or pass");
318 return FALSE;
319 }
320
321 if ($rg_ui['confirmed'] == 0) {
322 rg_user_set_error("invalid user or pass");
287 323 return FALSE; return FALSE;
288 324 } }
289 325
290 326 $sha1pass = rg_user_pass($rg_ui['salt'], $pass); $sha1pass = rg_user_pass($rg_ui['salt'], $pass);
291 327 if (strcmp($sha1pass, $rg_ui['pass']) != 0) { if (strcmp($sha1pass, $rg_ui['pass']) != 0) {
292 rg_user_set_error("Invalid user or pass!");
328 rg_user_set_error("invalid user or pass");
293 329 return FALSE; return FALSE;
294 330 } }
295 331
296 $sid = rg_id(40);
297 rg_sess_add($db, $rg_ui['uid'], $sid, $rg_ui['session_time']);
298 setcookie("sid", $sid, 0, "/", $_SERVER['HTTP_HOST'],
299 @strcmp($_SERVER['HTTPS'], "on") == 0 /* secure */,
300 TRUE /* httponly */);
332 rg_user_sess($db, $rg_ui['uid'], $rg_ui['session_time']);
301 333
302 334 rg_user_set_last_seen($db, $rg_ui['uid']); rg_user_set_last_seen($db, $rg_ui['uid']);
303 335
 
... ... function rg_user_suspend($db, $uid, $op)
321 353
322 354 $sql = "UPDATE users SET suspended = $v WHERE uid = $uid"; $sql = "UPDATE users SET suspended = $v WHERE uid = $uid";
323 355 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
324 if ($res === FALSE)
356 if ($res === FALSE) {
357 rg_user_set_error("cannot suspend (" . rg_sql_error() . ")");
325 358 return FALSE; return FALSE;
359 }
326 360 rg_sql_free_result($res); rg_sql_free_result($res);
327 361
328 362 return TRUE; return TRUE;
 
... ... function rg_user_make_admin($db, $uid, $op)
338 372
339 373 $sql = "UPDATE users SET is_admin = $op WHERE uid = $uid"; $sql = "UPDATE users SET is_admin = $op WHERE uid = $uid";
340 374 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
341 if ($res === FALSE)
375 if ($res === FALSE) {
376 rg_user_set_error("cannot make admin (" . rg_sql_error() . ")");
342 377 return FALSE; return FALSE;
378 }
343 379 rg_sql_free_result($res); rg_sql_free_result($res);
344 380
345 381 return TRUE; return TRUE;
 
... ... function rg_user_set_last_seen($db, $uid)
356 392
357 393 $sql = "UPDATE users SET last_seen = $now WHERE uid = $uid"; $sql = "UPDATE users SET last_seen = $now WHERE uid = $uid";
358 394 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
359 if ($res === FALSE)
395 if ($res === FALSE) {
396 rg_user_set_error("cannot update last seen (" . rg_sql_error() . ")");
360 397 return FALSE; return FALSE;
398 }
361 399 rg_sql_free_result($res); rg_sql_free_result($res);
362 400
363 401 return TRUE; return TRUE;
 
... ... function rg_user_list($db, $url)
419 457 $ret .= " <th>Creation date (UTC)</th>\n"; $ret .= " <th>Creation date (UTC)</th>\n";
420 458 $ret .= " <th>Quota</th>\n"; $ret .= " <th>Quota</th>\n";
421 459 $ret .= " <th>Suspended?</th>\n"; $ret .= " <th>Suspended?</th>\n";
460 $ret .= " <th>Confirmed?</th>\n";
422 461 $ret .= " <th>Session time</th>\n"; $ret .= " <th>Session time</th>\n";
423 462 $ret .= " <th>Last seen (UTC)</th>\n"; $ret .= " <th>Last seen (UTC)</th>\n";
424 463 $ret .= " <th>Rights</th>\n"; $ret .= " <th>Rights</th>\n";
 
... ... function rg_user_list($db, $url)
436 475 $_v = "unlimited"; $_v = "unlimited";
437 476 $ret .= " <td>" . $_v . "</td>\n"; $ret .= " <td>" . $_v . "</td>\n";
438 477 $ret .= " <td>" . ($row['suspended'] == 0 ? "No" : "Yes") . "</th>\n"; $ret .= " <td>" . ($row['suspended'] == 0 ? "No" : "Yes") . "</th>\n";
478 $ret .= " <td>" . ($row['confirmed'] == 0 ? "No" : gmdate("Y-m-d H:i:s", $row['confirmed'])) . "</th>\n";
439 479 $ret .= " <td>" . $row['session_time'] . "s</td>\n"; $ret .= " <td>" . $row['session_time'] . "s</td>\n";
440 480 $v = $row['last_seen'] == 0 ? "-" : gmdate("Y-m-d", $row['last_seen']); $v = $row['last_seen'] == 0 ? "-" : gmdate("Y-m-d", $row['last_seen']);
441 481 $ret .= " <td>" . $v . "</td>\n"; $ret .= " <td>" . $v . "</td>\n";
 
... ... function rg_user_forgot_pass_uid($db, $token)
496 536 . " WHERE token = '$e_token'" . " WHERE token = '$e_token'"
497 537 . " AND expire > $now"; . " AND expire > $now";
498 538 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
499 if ($res === FALSE)
539 if ($res === FALSE) {
540 rg_user_set_error("cannot lookup token (" . rg_sql_error() . ")");
500 541 return $ret; return $ret;
542 }
501 543
502 544 $ret['ok'] = 1; $ret['ok'] = 1;
503 545
 
... ... function rg_user_forgot_pass_mail_prepare($db, $email)
535 577 . " VALUES ('$token', $uid, $expire)"; . " VALUES ('$token', $uid, $expire)";
536 578 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
537 579 if ($res === FALSE) { if ($res === FALSE) {
538 rg_user_set_error("Cannot query!");
580 rg_user_set_error("cannot query (" . rg_sql_error() . ")");
539 581 return FALSE; return FALSE;
540 582 } }
541 583 rg_sql_free_result($res); rg_sql_free_result($res);
 
... ... function rg_user_forgot_pass_mail($db, $email)
560 602
561 603 if (!mail($email, if (!mail($email,
562 604 "Forgot password", "Forgot password",
563 "Hello!\n"
605 "Hello!\n\n"
564 606 . "If you want to reset the password, follow:\n" . "If you want to reset the password, follow:\n"
565 . "http://" . @$_SERVER['SERVER_NAME']
566 . rg_re_url("forgot_link") . "&forgot_token=$forgot_token",
607 . (@strcmp($_SERVER['HTTPS'], "on") == 0 ? "https://" : "http://")
608 . @$_SERVER['HTTP_HOST']
609 . rg_re_url("forgot_link") . "&forgot_token=$forgot_token",
567 610 $headers, $headers,
568 611 "-f $rg_admin_email")) { "-f $rg_admin_email")) {
569 612 rg_user_set_error("Cannot send mail ($php_errormsg)!"); rg_user_set_error("Cannot send mail ($php_errormsg)!");
 
... ... function rg_user_forgot_pass_destroy($db, $uid)
583 626 $sql = "DELETE FROM forgot_pass WHERE uid = $uid"; $sql = "DELETE FROM forgot_pass WHERE uid = $uid";
584 627 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
585 628 if ($res === FALSE) { if ($res === FALSE) {
586 rg_user_set_error("Cannot query!");
629 rg_user_set_error("cannot query (" . rg_sql_error() . ")");
587 630 return FALSE; return FALSE;
588 631 } }
589 632 rg_sql_free_result($res); rg_sql_free_result($res);
 
... ... function rg_user_set_pass($db, $uid, $pass)
612 655 return TRUE; return TRUE;
613 656 } }
614 657
658 /*
659 * Confirm account creation (send mail)
660 */
661 function rg_user_confirm_send($email, $token)
662 {
663 global $rg_admin_name, $rg_admin_email;
664
665 rg_log("user_confirm_send: email=$email, token=$token");
666
667 $headers = "From: $rg_admin_name <$rg_admin_email>";
668
669 if (!mail($email,
670 "Account creation confirmation",
671 "Hello!\n\n"
672 . "Please confirm your account creation following:\n"
673 . (@strcmp($_SERVER['HTTPS'], "on") == 0 ? "https://" : "http://")
674 . @$_SERVER['HTTP_HOST']
675 . rg_re_url("confirm") . "&token=$token",
676 $headers,
677 "-f $rg_admin_email")) {
678 rg_user_set_error("Cannot send mail ($php_errormsg)!");
679 return FALSE;
680 }
681
682 return TRUE;
683 }
684
685 /*
686 * Confirm account creation
687 */
688 function rg_user_confirm($db, $token)
689 {
690 $now = time();
691
692 $sql = "SELECT uid FROM users WHERE confirm_token = '$token'";
693 $res = rg_sql_query($db, $sql);
694 if ($res === FALSE) {
695 rg_user_set_error("cannot search for token (" . rg_sql_error() . ")");
696 return FALSE;
697 }
698 $rows = rg_sql_num_rows($res);
699 if ($rows > 0)
700 $row = rg_sql_fetch_array($res);
701 rg_sql_free_result($res);
702 if ($rows == 0) {
703 rg_user_set_error("cannot find token (" . rg_sql_error() . ")");
704 return FALSE;
705 }
706 $uid = $row['uid'];
707
708 $sql = "UPDATE users SET confirmed = $now"
709 . " WHERE uid = $uid";
710 $res = rg_sql_query($db, $sql);
711 if ($res === FALSE) {
712 rg_user_set_error("cannot update confirmed (" . rg_sql_error() . ")");
713 return FALSE;
714 }
715
716 return $uid;
717 }
718
615 719 ?> ?>

File inc/user/confirm.php added (mode: 100644) (index 0000000..6b03dae)
1 <?php
2 rg_log("/inc/user/confirm");
3
4 $token = rg_var_re("token", "/[^A-Za-z0-9]/");
5
6 $_confirm = "<br />\n";
7
8 $uid = rg_user_confirm($db, $token);
9 if ($uid === FALSE) {
10 $_confirm .= "Internal error!";
11 } else {
12 // auto-login
13 if (rg_user_auto_login($db, $uid, $rg_ui))
14 $new_op = "home";
15 else
16 $new_op = "login";
17 }
18
19 ?>

File inc/user/create.php added (mode: 100644) (index 0000000..55c5de9)
1 <?php
2 rg_log("/create/create.php");
3
4 $_create = "<br />\n";
5
6 if ($rg_account_allow_creation != 1) {
7 $_create .= "Site does not allow account creation.";
8 return;
9 }
10
11 $uid = 0;
12 $errmsg = array();
13 $show_form = 1;
14
15 if ($doit == 1) {
16 $xuser = rg_var_str("xuser");
17 $email = rg_var_str("email");
18 $xpass = rg_var_str("xpass");
19 $xpass2 = rg_var_str("xpass2");
20 $session_time = rg_var_uint("session_time");
21
22 while (1) {
23 if (strcmp($xpass, $xpass2) != 0) {
24 $errmsg[] = "Password are not the same!";
25 break;
26 }
27
28 $_ui = rg_user_info($db, 0, $xuser, "");
29 if ($_ui['ok'] == 0) {
30 $errmsg[] = "Internal error (" . rg_user_error() . ")!";
31 break;
32 }
33
34 if ($_ui['exists'] == 1) {
35 $errmsg[] = "User already exists.";
36 break;
37 }
38
39 $is_admin = 0;
40 $disk_quota_mb = 100;
41 $rights = "C";
42 $confirm_token = rg_id(40);
43 if (!rg_user_edit($db, $uid, $xuser, $email, $xpass, $is_admin,
44 $disk_quota_mb, $rights, $session_time, $confirm_token)) {
45 $errmsg[] = "Cannot add user (" . rg_user_error() . ").";
46 break;
47 }
48
49 $r = rg_user_confirm_send($email, $confirm_token);
50 if ($r === FALSE) {
51 $errmsg[] = "Cannot send e-mail (" . rg_user_error() . ")!";
52 break;
53 }
54
55 $show_form = 0;
56 $_create .= "Check your e-mail and follow the link inside.";
57 break;
58 }
59 } else {
60 $xuser = "";
61 $email = "";
62 $xpass = "";
63 $xpass2 = "";
64 $session_time = 3600;
65 }
66
67 if ($show_form == 1) {
68 $admin_mode = 0;
69 $pass_mode = 2;
70 include($INC . "/admin/users/user.form.php");
71 $_create .= $_form;
72 }
73
74 ?>
75

File inc/user/forgot.php changed (mode: 100644) (index f2a2a65..df85597)
1 1 <?php <?php
2 rg_log("/inc/user/forgot.php");
2 rg_log("/inc/user/forgot");
3 3
4 $forgot_token = rg_var_str("forgot_token");
4 $forgot_token = rg_var_re("forgot_token", "/[^A-Za-z0-9]/");
5 5 $pass1 = rg_var_str("pass1"); $pass1 = rg_var_str("pass1");
6 6 $pass2 = rg_var_str("pass2"); $pass2 = rg_var_str("pass2");
7 7
 
... ... if ($doit == 1) {
23 23 if (rg_user_set_pass($db, $r['uid'], $pass1)) { if (rg_user_set_pass($db, $r['uid'], $pass1)) {
24 24 rg_user_forgot_pass_destroy($db, $r['uid']); rg_user_forgot_pass_destroy($db, $r['uid']);
25 25 // auto-login // auto-login
26 $rg_ui = rg_user_info($db, $r['uid'], "", "");
27 $_forgot .= "OK!";
28 26 $_hide_form = 1; $_hide_form = 1;
27 if (rg_user_auto_login($db, $r['uid'], $rg_ui))
28 $new_op = "home";
29 else
30 $new_op = "login";
29 31 } else { } else {
30 32 $errmsg[] = "Internal error - try later!"; $errmsg[] = "Internal error - try later!";
31 33 } }

File inc/user/forgot_send.php changed (mode: 100644) (index ad344f2..8d556a3)
1 1 <?php <?php
2 rg_log("/inc/user/forgot_send.php");
2 rg_log("/inc/user/forgot_send");
3 3
4 4 $email = rg_var_str("email"); $email = rg_var_str("email");
5 5

File inc/util.inc.php changed (mode: 100644) (index 6b875ed..655bc7b)
... ... function rg_re_repopage($repo_id, $repo_name)
87 87 if (isset($_REQUEST['rewrite_engine'])) if (isset($_REQUEST['rewrite_engine']))
88 88 return "/" . $repo_name; return "/" . $repo_name;
89 89
90 return $_SERVER['PHP_SELF'] . "?op=repo_page&amp;repo_name=" . $repo_name;
90 return $_SERVER['PHP_SELF'] . "?op=repopage&amp;name=" . $repo_name;
91 91 } }
92 92
93 93 function rg_var_str($name) function rg_var_str($name)

File root/index.php changed (mode: 100644) (index 3d2a92b..69e85d1)
1 1 <?php <?php
2 2 error_reporting(E_ALL); error_reporting(E_ALL);
3 3 ini_set("track_errors", "On"); ini_set("track_errors", "On");
4 //phpinfo();
5 4
6 5 $_s = microtime(TRUE); $_s = microtime(TRUE);
7 6
 
... ... $tail .= "\n";
71 70 $amenu = array( $amenu = array(
72 71 "login" => array("text" => "Login"), "login" => array("text" => "Login"),
73 72 "personal" => array("text" => "Personal"), "personal" => array("text" => "Personal"),
74 "repo" => array("text" => "My repositories"),
73 "repo" => array("text" => "Repositories"),
75 74 "keys" => array("text" => "SSH keys"), "keys" => array("text" => "SSH keys"),
76 75 "admin" => array("text" => "Admin", "needs_admin" => 1), "admin" => array("text" => "Admin", "needs_admin" => 1),
77 76 "logout" => array("text" => "Logout") "logout" => array("text" => "Logout")

File samples/config.php changed (mode: 100644) (index dca94e1..9c5a599)
1 1 <?php <?php
2 // RocketGit configuration file
3
2 4 // Base // Base
3 5 $rg_base = "/home/rocketgit"; $rg_base = "/home/rocketgit";
4 6
 
... ... $rg_pass_key = "reigjmn9483jfisendfhwefhefhesfuhfskhjukhtw4khfwkur";
41 43 $rg_admin_name = "RocketGit Admin"; $rg_admin_name = "RocketGit Admin";
42 44 $rg_admin_email = "admin@site.tld"; $rg_admin_email = "admin@site.tld";
43 45
46 // Set to 1 to allow any visitor to create an account
47 $rg_account_allow_creation = 1;
48
44 49 ?> ?>

File samples/rg.conf changed (mode: 100644) (index c90f9b5..8966b0e)
28 28 RewriteRule ^/\+(.*) /index.php?rewrite_engine=1&op=$1 [L,QSA] RewriteRule ^/\+(.*) /index.php?rewrite_engine=1&op=$1 [L,QSA]
29 29
30 30 RewriteCond %{REQUEST_URI} ^/.+ RewriteCond %{REQUEST_URI} ^/.+
31 RewriteRule ^/(.+) /index.php?rewrite_engine=1&op=repopage&repo=$1 [L,QSA]
31 RewriteRule ^/(.+) /index.php?rewrite_engine=1&op=repopage&name=$1 [L,QSA]
32 32
33 33 # Compress # Compress
34 34 AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript

File scripts/cron.php changed (mode: 100644) (index fd64f31..4e150a8)
... ... if (date("H") == 0) {
54 54 } }
55 55 rg_sql_free_result($res); rg_sql_free_result($res);
56 56 } }
57 }
58 57
59 // TODO
60 //rg_log("Update user quota...");
58 rg_log("Compute repository sizes per user...");
59 $sql = "SELECT SUM(disk_used_mb) AS disk_used_mb, uid FROM repos"
60 . " GROUP BY uid";
61 $res = rg_sql_query($db, $sql);
62 if ($res === FALSE) {
63 rg_log("Cannot run query (" . rg_sql_error() . ")!");
64 } else {
65 while (($row = rg_sql_fetch_array($res))) {
66 $sql = "UPDATE users"
67 . " SET disk_space_used = " . $row['disk_space_used']
68 . " WHERE uid = " . $row['uid'];
69 $res2 = rg_sql_query($db, $sql);
70 rg_sql_free_result($res2);
71 }
72 rg_sql_free_result($res);
73 }
74 }
61 75
62 76 // TODO // TODO
63 77 //rg_log("Sending notifications..."); //rg_log("Sending notifications...");
 
... ... if (date("H") == 1) {
83 97 rg_sql_free_result($res); rg_sql_free_result($res);
84 98 } }
85 99
86 rg_log("Regenerate keys...");
87 100 rg_keys_regen($db); rg_keys_regen($db);
88 101
89 102 // Arhive deleted repositories // Arhive deleted repositories
 
... ... if (date("H") == 23) {
92 105 } }
93 106
94 107 // This has to be the last thing that touches the database // This has to be the last thing that touches the database
95 if (date("H") == 0) {
108 if (date("H") == 3) {
96 109 rg_log("Run VACUUM on database..."); rg_log("Run VACUUM on database...");
97 110 $sql = "VACUUM"; $sql = "VACUUM";
98 111 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);

File scripts/q.php changed (mode: 100644) (index 5ccf0c7..a39d201)
... ... while ($runs-- > 0) {
53 53 . " ORDER BY master"; . " ORDER BY master";
54 54 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
55 55 if ($res === FALSE) { if ($res === FALSE) {
56 rg_log("\tCannot query!");
56 rg_log("\tCannot query (" . rg_sql_error() . ")!");
57 57 exit(1); exit(1);
58 58 } }
59 59 while (($row = rg_sql_fetch_array($res))) { while (($row = rg_sql_fetch_array($res))) {

File tests/Makefile changed (mode: 100644) (index 6981152..d61d7fd)
... ... user:
26 26
27 27 git: git:
28 28 php git.php php git.php
29
30 .PHONY: clean
31 clean:
32 @rm -f *.log

File tests/user.php changed (mode: 100644) (index d6387be..b3cefaf)
... ... if ($r === FALSE) {
27 27 } }
28 28
29 29 // add user // add user
30 $r = rg_user_edit($db, 0, "userA", "rg@localhost", "pass1", 1, 100, "C", 3600);
30 $r = rg_user_edit($db, 0, "userA", "rg@localhost", "pass1", 1, 100, "C", 3600, "");
31 31 if ($r !== TRUE) { if ($r !== TRUE) {
32 32 echo "Cannot add user (" . rg_user_error() . ")!\n"; echo "Cannot add user (" . rg_user_error() . ")!\n";
33 33 exit(1); exit(1);
 
... ... $salt = $_ui['salt'];
49 49 $pass = $_ui['pass']; $pass = $_ui['pass'];
50 50
51 51 // edit user - empty pass // edit user - empty pass
52 $r = rg_user_edit($db, $uid, "userA", "rg@localhost", "", 1, 100, "C", 3600);
52 $r = rg_user_edit($db, $uid, "userA", "rg@localhost", "", 1, 100, "C", 3600, "");
53 53 if ($r !== TRUE) { if ($r !== TRUE) {
54 54 echo "Cannot edit user with empty pass (" . rg_user_error() . ")!\n"; echo "Cannot edit user with empty pass (" . rg_user_error() . ")!\n";
55 55 exit(1); exit(1);
 
... ... if (strcmp($pass, $_ui['pass']) != 0) {
70 70 } }
71 71
72 72 // edit user - no empty pass // edit user - no empty pass
73 $r = rg_user_edit($db, $uid, "userA", "rg@localhost", "pass2", 1, 100, "C", 3600);
73 $r = rg_user_edit($db, $uid, "userA", "rg@localhost", "pass2", 1, 100, "C", 3600, "");
74 74 if ($r !== TRUE) { if ($r !== TRUE) {
75 75 echo "Cannot edit user with not empty pass (" . rg_user_error() . ")!\n"; echo "Cannot edit user with not empty pass (" . rg_user_error() . ")!\n";
76 76 exit(1); exit(1);
Hints

Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master