| File | Lines added | Lines deleted |
|---|---|---|
| TODO | 20 | 9 |
| admin/init.php | 2 | 1 |
| duilder.conf | 1 | 1 |
| inc/admin/users/add.php | 26 | 14 |
| inc/admin/users/edit.php | 32 | 14 |
| inc/admin/users/user.form.php | 23 | 4 |
| inc/bye/bye.php | 1 | 1 |
| inc/db/struct.inc.php | 2 | 0 |
| inc/dispatch/dispatch.php | 10 | 0 |
| inc/home/home.php | 1 | 1 |
| inc/keys.inc.php | 1 | 2 |
| inc/keys/keys.php | 1 | 1 |
| inc/login/login.form.php | 8 | 2 |
| inc/login/login.php | 1 | 1 |
| inc/personal/personal.php | 12 | 4 |
| inc/repo/repo.form.php | 1 | 1 |
| inc/repo/repo.php | 1 | 1 |
| inc/repo/repo_page.php | 7 | 8 |
| inc/user.inc.php | 139 | 35 |
| inc/user/confirm.php | 19 | 0 |
| inc/user/create.php | 75 | 0 |
| inc/user/forgot.php | 6 | 4 |
| inc/user/forgot_send.php | 1 | 1 |
| inc/util.inc.php | 1 | 1 |
| root/index.php | 1 | 2 |
| samples/config.php | 5 | 0 |
| samples/rg.conf | 1 | 1 |
| scripts/cron.php | 18 | 5 |
| scripts/q.php | 1 | 1 |
| tests/Makefile | 4 | 0 |
| tests/user.php | 3 | 3 |
| File TODO changed (mode: 100644) (index 935536b..56ab1fb) | |||
| 3 | 3 | [ ] Validate e-mails. | [ ] Validate e-mails. |
| 4 | 4 | [ ] You cannot admin rights of a repository if is not yours. | [ ] You cannot admin rights of a repository if is not yours. |
| 5 | 5 | [ ] Check XSRF attacks and other types. | [ ] Check XSRF attacks and other types. |
| 6 | [ ] Edit repo (rights) does not work. | ||
| 7 | [ ] Postgresql pg_hba.conf fixes. | ||
| 8 | 6 | [ ] $rg_pass_key should be done in init.php | [ ] $rg_pass_key should be done in init.php |
| 9 | [ ] Decide what fields to show when editting a user info (user.form.php). | ||
| 7 | [ ] Changing repo name probably is not working right. | ||
| 10 | 8 | [ ] | [ ] |
| 11 | 9 | ||
| 12 | 10 | == Low priority == | == Low priority == |
| 13 | [ ] rg_forgot_email | ||
| 14 | 11 | [ ] We should make a repo dirty ony if user pushed something with success. | [ ] We should make a repo dirty ony if user pushed something with success. |
| 15 | 12 | [ ] <link rel="icon" type="image/png" id="favicon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8%2F9hAAAACGFjVEwAAAASAAAAAJNtBPIAAAAaZmNUTAAAAAAAAAAQAAAAEAAAAAAAAAAALuAD6AABhIDeugAAALhJREFUOI2Nk8sNxCAMRDlGohauXFOMpfTiAlxICqAELltHLqlgctg1InzMRhpFAc%2BLGWTnmoeZYamt78zXdZmaQtQMADlnU0OIAlbmJUBEcO4bRKQY2rUXIPmAGnDuG%2FBx3%2FfvOPVaDUg%2BoAPUf1PArIMCSD5glMEsUGaG%2BkyAFWIBaCsKuA%2BHGCNijLgP133XgOEtaPFMy2vUolEGJoCIzBmoRUR9%2B7rxj16DZaW%2FmgtmxnJ8V3oAnApQwNS5zpcAAAAaZmNUTAAAAAEAAAAQAAAAEAAAAAAAAAAAAB4D6AIB52fclgAAACpmZEFUAAAAAjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9WF%2Bu8QAAABpmY1RMAAAAAwAAABAAAAAQAAAAAAAAAAAAHgPoAgEK8Q9%2FAAAAFmZkQVQAAAAEOI1jYBgFo2AUjAIIAAAEEAAB0xIn4wAAABpmY1RMAAAABQAAABAAAAAQAAAAAAAAAAAAHgPoAgHnO30FAAAAQGZkQVQAAAAGOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVfozYcAAAABpmY1RMAAAABwAAABAAAAAQAAAAAAAAAAAAHgPoAgEKra7sAAAAFmZkQVQAAAAIOI1jYBgFo2AUjAIIAAAEEAABM9s3hAAAABpmY1RMAAAACQAAABAAAAAQAAAAAAAAAAAAHgPoAgHn3p%2BwAAAAKmZkQVQAAAAKOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F1BhPl6AAAAGmZjVEwAAAALAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQpITFkAAAAWZmRBVAAAAAw4jWNrgAWjYBSMArgAAAQQAAHaszpmAAAAGmZjVEwAAAANAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeeCPiMAAABAZmRBVAAAAA44jWNrgJ5gpxrDf2LEcIL%2FpzAVYxPDavP%2FUwz%2FpW79%2F%2F%2F%2FFMP%2FnWoQjC5GOxcgu4QYsVEwCmAAAOE0KxUmBL0KAAAAGmZjVEwAAAAPAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQoU7coAAAAWZmRBVAAAABA4jWNrgAWjYBSMArgAAAQQAAEpOBELAAAAGmZjVEwAAAARAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeYVWtoAAAAqZmRBVAAAABI4jWNrgAVYQXNz839ixHBq3qnG8B9ZAzYx2rlgFIwCcgAA8psX%2FWvpAecAAAAaZmNUTAAAABMAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC4OJMwAAABZmZEFUAAAAFDiNY2AYBaNgFIwCCAAABBAAAcBQHOkAAAAaZmNUTAAAABUAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5kn7SQAAAEBmZEFUAAAAFjiNY2AYnmCnGsN%2FYsRwgv%2BnMBVjE8Nq8%2F9TDP%2Blbv3%2F%2F%2F8Uw%2F%2BdahCMLkY7FyC7hBixUTAKYAAA4TQrFc%2BcEoQAAAAaZmNUTAAAABcAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC98ooAAAABZmZEFUAAAAGDiNY2AYBaNgFIwCCAAABBAAASCZDI4AAAAaZmNUTAAAABkAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5qwZ%2FAAAACpmZEFUAAAAGjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9cjJWbAAAABpmY1RMAAAAGwAAABAAAAAQAAAAAAAAAAAAHgPoAgELOsoVAAAAFmZkQVQAAAAcOI1jYBgFo2AUjAIIAAAEEAAByfEBbAAAABpmY1RMAAAAHQAAABAAAAAQAAAAAAAAAAAAHgPoAgHm8LhvAAAAQGZkQVQAAAAeOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVlxR3%2FgAAABpmY1RMAAAAHwAAABAAAAAQAAAAAAAAAAAAHgPoAgELZmuGAAAAFmZkQVQAAAAgOI1jYBgFo2AUjAIIAAAEEAABHP5cFQAAABpmY1RMAAAAIQAAABAAAAAQAAAAAAAAAAAAHgPoAgHlgtAOAAAAKmZkQVQAAAAiOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F0%2FMvDdAAAAAElFTkSuQmCC"/> | [ ] <link rel="icon" type="image/png" id="favicon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8%2F9hAAAACGFjVEwAAAASAAAAAJNtBPIAAAAaZmNUTAAAAAAAAAAQAAAAEAAAAAAAAAAALuAD6AABhIDeugAAALhJREFUOI2Nk8sNxCAMRDlGohauXFOMpfTiAlxICqAELltHLqlgctg1InzMRhpFAc%2BLGWTnmoeZYamt78zXdZmaQtQMADlnU0OIAlbmJUBEcO4bRKQY2rUXIPmAGnDuG%2FBx3%2FfvOPVaDUg%2BoAPUf1PArIMCSD5glMEsUGaG%2BkyAFWIBaCsKuA%2BHGCNijLgP133XgOEtaPFMy2vUolEGJoCIzBmoRUR9%2B7rxj16DZaW%2FmgtmxnJ8V3oAnApQwNS5zpcAAAAaZmNUTAAAAAEAAAAQAAAAEAAAAAAAAAAAAB4D6AIB52fclgAAACpmZEFUAAAAAjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9WF%2Bu8QAAABpmY1RMAAAAAwAAABAAAAAQAAAAAAAAAAAAHgPoAgEK8Q9%2FAAAAFmZkQVQAAAAEOI1jYBgFo2AUjAIIAAAEEAAB0xIn4wAAABpmY1RMAAAABQAAABAAAAAQAAAAAAAAAAAAHgPoAgHnO30FAAAAQGZkQVQAAAAGOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVfozYcAAAABpmY1RMAAAABwAAABAAAAAQAAAAAAAAAAAAHgPoAgEKra7sAAAAFmZkQVQAAAAIOI1jYBgFo2AUjAIIAAAEEAABM9s3hAAAABpmY1RMAAAACQAAABAAAAAQAAAAAAAAAAAAHgPoAgHn3p%2BwAAAAKmZkQVQAAAAKOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F1BhPl6AAAAGmZjVEwAAAALAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQpITFkAAAAWZmRBVAAAAAw4jWNrgAWjYBSMArgAAAQQAAHaszpmAAAAGmZjVEwAAAANAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeeCPiMAAABAZmRBVAAAAA44jWNrgJ5gpxrDf2LEcIL%2FpzAVYxPDavP%2FUwz%2FpW79%2F%2F%2F%2FFMP%2FnWoQjC5GOxcgu4QYsVEwCmAAAOE0KxUmBL0KAAAAGmZjVEwAAAAPAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQoU7coAAAAWZmRBVAAAABA4jWNrgAWjYBSMArgAAAQQAAEpOBELAAAAGmZjVEwAAAARAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeYVWtoAAAAqZmRBVAAAABI4jWNrgAVYQXNz839ixHBq3qnG8B9ZAzYx2rlgFIwCcgAA8psX%2FWvpAecAAAAaZmNUTAAAABMAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC4OJMwAAABZmZEFUAAAAFDiNY2AYBaNgFIwCCAAABBAAAcBQHOkAAAAaZmNUTAAAABUAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5kn7SQAAAEBmZEFUAAAAFjiNY2AYnmCnGsN%2FYsRwgv%2BnMBVjE8Nq8%2F9TDP%2Blbv3%2F%2F%2F8Uw%2F%2BdahCMLkY7FyC7hBixUTAKYAAA4TQrFc%2BcEoQAAAAaZmNUTAAAABcAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC98ooAAAABZmZEFUAAAAGDiNY2AYBaNgFIwCCAAABBAAASCZDI4AAAAaZmNUTAAAABkAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5qwZ%2FAAAACpmZEFUAAAAGjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9cjJWbAAAABpmY1RMAAAAGwAAABAAAAAQAAAAAAAAAAAAHgPoAgELOsoVAAAAFmZkQVQAAAAcOI1jYBgFo2AUjAIIAAAEEAAByfEBbAAAABpmY1RMAAAAHQAAABAAAAAQAAAAAAAAAAAAHgPoAgHm8LhvAAAAQGZkQVQAAAAeOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVlxR3%2FgAAABpmY1RMAAAAHwAAABAAAAAQAAAAAAAAAAAAHgPoAgELZmuGAAAAFmZkQVQAAAAgOI1jYBgFo2AUjAIIAAAEEAABHP5cFQAAABpmY1RMAAAAIQAAABAAAAAQAAAAAAAAAAAAHgPoAgHlgtAOAAAAKmZkQVQAAAAiOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F0%2FMvDdAAAAAElFTkSuQmCC"/> |
| 16 | 13 | [ ] Add key form may be joined with list keys command! | [ ] Add key form may be joined with list keys command! |
| 21 | 18 | [ ] Allow to configure the limit of the patch size to prevent abuses. | [ ] Allow to configure the limit of the patch size to prevent abuses. |
| 22 | 19 | [ ] Allow to configure to refuse binary files. | [ ] Allow to configure to refuse binary files. |
| 23 | 20 | [ ] Allow to configure to refuse commits with broken spaces/tab mixes. | [ ] Allow to configure to refuse commits with broken spaces/tab mixes. |
| 24 | [ ] Add a repo_prop_set/get function that will set/get a file in .git folder. This way we can | ||
| 25 | speed up some lookups (no need for database). Hm. | ||
| 21 | [ ] Add a repo_prop_set/get function that will set/get a file in .git folder. | ||
| 22 | This way we can speed up some lookups (no need for database). Hm. | ||
| 26 | 23 | [ ] When we delete an repository, we will do repo_prop_set(repo, disabled) and we will | [ ] When we delete an repository, we will do repo_prop_set(repo, disabled) and we will |
| 27 | 24 | return OK, in the background we will do the removing. Do not forget to also remove clones. Hm. | return OK, in the background we will do the removing. Do not forget to also remove clones. Hm. |
| 28 | 25 | [ ] E-mail aliases section. | [ ] E-mail aliases section. |
| 29 | [ ] User details section (full name, e-mail, blog, avatar, mail notifications). | ||
| 26 | [ ] User details section (full name, blog, avatar, mail notifications). | ||
| 30 | 27 | [ ] Check if user is over-quota on push. | [ ] Check if user is over-quota on push. |
| 31 | 28 | [ ] The cron will have to: | [ ] The cron will have to: |
| 32 | 29 | [ ] Compute disk usage, ignoring hard links. Hm. Probably we will add | [ ] Compute disk usage, ignoring hard links. Hm. Probably we will add |
| 50 | 47 | [ ] Check http://plathrop.tertiusfamily.net/blog/2010/05/11/git-hooks-branch-acls-and-more/ to block updates that have not pull - a la SVN | [ ] Check http://plathrop.tertiusfamily.net/blog/2010/05/11/git-hooks-branch-acls-and-more/ to block updates that have not pull - a la SVN |
| 51 | 48 | [ ] Maybe we should mark the repository as dirty, only in the post-receive hook? Or update is the best place? | [ ] Maybe we should mark the repository as dirty, only in the post-receive hook? Or update is the best place? |
| 52 | 49 | [ ] Limit number of commits per push. | [ ] Limit number of commits per push. |
| 53 | [ ] logrotate | ||
| 54 | 50 | [ ] In %post section we may want to run a script that will do the update of the | [ ] In %post section we may want to run a script that will do the update of the |
| 55 | 51 | database, for example. | database, for example. |
| 56 | 52 | [ ] Compute disk_used_mb per user. | [ ] Compute disk_used_mb per user. |
| 57 | 53 | [ ] Enforce disk quota. | [ ] Enforce disk quota. |
| 58 | [ ] | ||
| 54 | [ ] RSS | ||
| 55 | [ ] Config file must be able to be set from a env var, to be able to run | ||
| 56 | multiple instances of rocketgit on the same server. | ||
| 57 | [ ] Smart HTTP transport | ||
| 58 | [ ] Move forget pass token into users table. | ||
| 59 | [ ] Audit all error messages to not propage usefull info to an attacker. | ||
| 60 | [ ] | ||
| 61 | |||
| 62 | == Versus == | ||
| 63 | * http://www.wikivs.com/wiki/GitHub_vs_Gitorious | ||
| 64 | * | ||
| 65 | |||
| 66 | |||
| 67 | == To recheck == | ||
| 68 | * http://techbase.kde.org/Projects/MovetoGit#Post_Update_hooks | ||
| 69 | * | ||
| File admin/init.php changed (mode: 100644) (index 7b21afd..615101d) | |||
| ... | ... | $rights = rg_rights_all("user"); | |
| 33 | 33 | $user = "admin"; | $user = "admin"; |
| 34 | 34 | $email = ""; | $email = ""; |
| 35 | 35 | $session_time = 3600; | $session_time = 3600; |
| 36 | $confirm_token = ""; | ||
| 36 | 37 | while (1) { | while (1) { |
| 37 | 38 | $user0 = readline("User [$user]: "); | $user0 = readline("User [$user]: "); |
| 38 | 39 | if (!empty($user0)) | if (!empty($user0)) |
| ... | ... | while (1) { | |
| 61 | 62 | } | } |
| 62 | 63 | ||
| 63 | 64 | $r = rg_user_edit($db, $uid, $user, $email, $pass, $is_admin, | $r = rg_user_edit($db, $uid, $user, $email, $pass, $is_admin, |
| 64 | $disk_quota_mb, $rights, $session_time); | ||
| 65 | $disk_quota_mb, $rights, $session_time, $confirm_token); | ||
| 65 | 66 | if ($r !== TRUE) { | if ($r !== TRUE) { |
| 66 | 67 | echo "Cannot create user (" . rg_user_error() . ")!\n"; | echo "Cannot create user (" . rg_user_error() . ")!\n"; |
| 67 | 68 | continue; | continue; |
| File duilder.conf changed (mode: 100644) (index 20aa25e..36bc1ff) | |||
| 1 | 1 | PRJ="rocketgit" | PRJ="rocketgit" |
| 2 | VER="0.7" | ||
| 2 | VER="0.8" | ||
| 3 | 3 | REV="1" | REV="1" |
| 4 | 4 | EXCLUDE=".exclude" | EXCLUDE=".exclude" |
| 5 | 5 | EXPORT_PATH="/data/www/umbrella/kernel/us/rocketgit" | EXPORT_PATH="/data/www/umbrella/kernel/us/rocketgit" |
| File inc/admin/users/add.php changed (mode: 100644) (index 34a9bd7..5424d49) | |||
| 1 | 1 | <?php | <?php |
| 2 | 2 | rg_log("/inc/admin/users/add"); | rg_log("/inc/admin/users/add"); |
| 3 | 3 | ||
| 4 | $uid = 0; | ||
| 4 | 5 | $_user_add = ""; | $_user_add = ""; |
| 6 | $errmsg = array(); | ||
| 5 | 7 | ||
| 6 | 8 | if ($doit == 1) { | if ($doit == 1) { |
| 7 | 9 | if (!rg_token_valid($db, $sid, $token)) { | if (!rg_token_valid($db, $sid, $token)) { |
| ... | ... | if ($doit == 1) { | |
| 17 | 19 | $rights = @rg_rights_a2s($_REQUEST['rights']); | $rights = @rg_rights_a2s($_REQUEST['rights']); |
| 18 | 20 | $session_time = rg_var_uint("session_time"); | $session_time = rg_var_uint("session_time"); |
| 19 | 21 | ||
| 20 | $_ui = rg_user_info($db, 0, $xuser, ""); | ||
| 21 | if ($_ui['ok'] == 0) { | ||
| 22 | $_user_add .= "Error: Internal error!"; | ||
| 23 | } else if ($_ui['exists'] == 0) { | ||
| 24 | if (rg_user_edit($db, 0, $xuser, $email, $xpass, $is_admin, | ||
| 25 | $disk_quota_mb, $rights, $session_time)) { | ||
| 26 | $_user_add .= "OK!<br />"; | ||
| 22 | while (1) { | ||
| 23 | $_ui = rg_user_info($db, 0, $xuser, ""); | ||
| 24 | if ($_ui['ok'] != 1) { | ||
| 25 | $errmsg[] = "Internal error!"; | ||
| 26 | break; | ||
| 27 | } | ||
| 28 | |||
| 29 | if ($_ui['exists'] == 1) { | ||
| 30 | $errmsg[] = "User already exists"; | ||
| 31 | break; | ||
| 32 | } | ||
| 33 | |||
| 34 | if (!rg_user_edit($db, 0, $xuser, $email, $xpass, $is_admin, | ||
| 35 | $disk_quota_mb, $rights, $session_time, "")) { | ||
| 36 | $errmsg[] = "Cannot add user (" . rg_user_error() . ")."; | ||
| 37 | break; | ||
| 27 | 38 | } | } |
| 28 | } else { | ||
| 29 | rg_log("User already in use!"); | ||
| 30 | $_user_add .= "Error: User already taken!"; | ||
| 39 | |||
| 40 | // TODO: Send a confirmation e-mail with the password | ||
| 41 | |||
| 42 | $_user_add .= "OK!<br />"; | ||
| 43 | break; | ||
| 31 | 44 | } | } |
| 32 | 45 | } else { | } else { |
| 33 | 46 | $xuser = ""; | $xuser = ""; |
| ... | ... | if ($doit == 1) { | |
| 39 | 52 | $session_time = $rg_session_time; | $session_time = $rg_session_time; |
| 40 | 53 | } | } |
| 41 | 54 | ||
| 42 | $uid = 0; | ||
| 43 | |||
| 44 | $user_form_add = 1; | ||
| 55 | $admin_mode = 1; | ||
| 56 | $pass_mode = 1; | ||
| 45 | 57 | include($INC . "/admin/users/user.form.php"); | include($INC . "/admin/users/user.form.php"); |
| 46 | 58 | $_user_add .= $_form; | $_user_add .= $_form; |
| 47 | 59 | ||
| 48 | ?> | ||
| 60 | ?> | ||
| File inc/admin/users/edit.php changed (mode: 100644) (index da77793..5bb01e3) | |||
| ... | ... | $uid = rg_var_str("uid"); | |
| 5 | 5 | ||
| 6 | 6 | $_user_edit = ""; | $_user_edit = ""; |
| 7 | 7 | ||
| 8 | $show_form = 1; | ||
| 9 | $errmsg = array(); | ||
| 10 | |||
| 8 | 11 | if ($doit == 1) { | if ($doit == 1) { |
| 9 | 12 | // TODO: Check if user has the right to edit this info! | // TODO: Check if user has the right to edit this info! |
| 10 | 13 | if (!rg_token_valid($db, $sid, $token)) { | if (!rg_token_valid($db, $sid, $token)) { |
| ... | ... | if ($doit == 1) { | |
| 20 | 23 | $rights = @rg_rights_a2s($_REQUEST['rights']); | $rights = @rg_rights_a2s($_REQUEST['rights']); |
| 21 | 24 | $session_time = rg_var_uint("session_time"); | $session_time = rg_var_uint("session_time"); |
| 22 | 25 | ||
| 23 | $_ui = rg_user_info($db, 0, $xuser, ""); | ||
| 24 | if ($_ui['ok'] == 0) { | ||
| 25 | $_user_edit .= "Error: Internal error!"; | ||
| 26 | } else if ($_ui['exists'] == 0) { | ||
| 27 | rg_log("User does not exists!"); | ||
| 28 | $_user_edit .= "Error: User does not exists!"; | ||
| 29 | } else { | ||
| 30 | if (rg_user_edit($db, $uid, $xuser, $email, $xpass, | ||
| 31 | $is_admin, $disk_quota_mb, $rights, $session_time)) { | ||
| 32 | $_user_edit .= "OK!<br />"; | ||
| 26 | while (1) { | ||
| 27 | $_ui = rg_user_info($db, 0, $xuser, ""); | ||
| 28 | if ($_ui['ok'] == 0) { | ||
| 29 | $errmsg[] = "Internal error!"; | ||
| 30 | break; | ||
| 31 | } | ||
| 32 | |||
| 33 | if ($_ui['exists'] == 0) { | ||
| 34 | $errmsg[] = "User does not exists!"; | ||
| 35 | break; | ||
| 36 | } | ||
| 37 | |||
| 38 | if (!rg_user_edit($db, $uid, $xuser, $email, $xpass, | ||
| 39 | $is_admin, $disk_quota_mb, $rights, $session_time, "")) { | ||
| 40 | $errmsg[] = "Cannot change info (" . rg_user_error() . ")."; | ||
| 41 | break; | ||
| 33 | 42 | } | } |
| 43 | |||
| 44 | $_user_edit .= "OK!<br />"; | ||
| 45 | $show_form = 0; | ||
| 46 | break; | ||
| 34 | 47 | } | } |
| 35 | 48 | } else { | } else { |
| 36 | 49 | // TODO: Check if user has the right to edit this info! | // TODO: Check if user has the right to edit this info! |
| 37 | 50 | ||
| 38 | 51 | $_ui = rg_user_info($db, $uid, "", ""); | $_ui = rg_user_info($db, $uid, "", ""); |
| 39 | 52 | if ($_ui['ok'] == 0) { | if ($_ui['ok'] == 0) { |
| 40 | $_user_edit .= "Error: Internal error!"; | ||
| 53 | $_user_edit .= "Internal error!"; | ||
| 54 | $show_form = 0; | ||
| 41 | 55 | } else if ($_ui['exists'] == 0) { | } else if ($_ui['exists'] == 0) { |
| 42 | 56 | $_user_edit .= "User does not exist!<br />"; | $_user_edit .= "User does not exist!<br />"; |
| 57 | $show_form = 0; | ||
| 43 | 58 | } else { | } else { |
| 44 | 59 | $xuser = $_ui['username']; | $xuser = $_ui['username']; |
| 45 | 60 | $email = $_ui['email']; | $email = $_ui['email']; |
| ... | ... | if ($doit == 1) { | |
| 51 | 66 | } | } |
| 52 | 67 | } | } |
| 53 | 68 | ||
| 54 | $user_form_add = 1; | ||
| 55 | include($INC . "/admin/users/user.form.php"); | ||
| 56 | $_user_edit .= $_form; | ||
| 69 | if ($show_form == 1) { | ||
| 70 | $admin_mode = 1; | ||
| 71 | $pass_mode = 1; | ||
| 72 | include($INC . "/admin/users/user.form.php"); | ||
| 73 | $_user_edit .= $_form; | ||
| 74 | } | ||
| 57 | 75 | ||
| 58 | 76 | ?> | ?> |
| File inc/admin/users/user.form.php changed (mode: 100644) (index 6a0d1b2..4ee35c6) | |||
| 1 | 1 | <?php | <?php |
| 2 | $_form = ""; | ||
| 2 | 3 | ||
| 3 | $sel_is_admin = array(0 => "", 1 => ""); | ||
| 4 | $sel_is_admin[$is_admin] = " selected=\"selected\""; | ||
| 4 | if ($admin_mode == 1) { | ||
| 5 | $sel_is_admin = array(0 => "", 1 => ""); | ||
| 6 | $sel_is_admin[$is_admin] = " selected=\"selected\""; | ||
| 7 | } | ||
| 8 | |||
| 9 | if (count($errmsg) > 0) | ||
| 10 | $_form .= "<font color=red>" . implode("<br />\n", $errmsg) . "</font><br />\n"; | ||
| 5 | 11 | ||
| 6 | $_form = ' | ||
| 12 | $_form .= ' | ||
| 7 | 13 | <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> | <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> |
| 8 | 14 | <input type="hidden" name="op" value="' . $op . '"> | <input type="hidden" name="op" value="' . $op . '"> |
| 9 | 15 | <input type="hidden" name="subop" value="' . $subop . '"> | <input type="hidden" name="subop" value="' . $subop . '"> |
| ... | ... | $_form = ' | |
| 24 | 30 | </tr> | </tr> |
| 25 | 31 | '; | '; |
| 26 | 32 | ||
| 27 | if ($user_form_add == 1) { | ||
| 33 | if ($pass_mode > 0) { | ||
| 28 | 34 | $_form .= ' | $_form .= ' |
| 29 | 35 | <tr> | <tr> |
| 30 | 36 | <td>Password:</td> | <td>Password:</td> |
| 31 | 37 | <td><input type="password" name="xpass" value="' . $xpass . '"/></td> | <td><input type="password" name="xpass" value="' . $xpass . '"/></td> |
| 32 | 38 | </tr> | </tr> |
| 39 | '; | ||
| 40 | } | ||
| 41 | |||
| 42 | if ($pass_mode > 1) { | ||
| 43 | $_form .= ' | ||
| 44 | <tr> | ||
| 45 | <td>Password (confirmation):</td> | ||
| 46 | <td><input type="password" name="xpass2" value="' . $xpass2 . '"/></td> | ||
| 47 | </tr> | ||
| 48 | '; | ||
| 49 | } | ||
| 33 | 50 | ||
| 51 | if ($admin_mode == 1) { | ||
| 52 | $_form .= ' | ||
| 34 | 53 | <tr> | <tr> |
| 35 | 54 | <td>Admin?</td> | <td>Admin?</td> |
| 36 | 55 | <td> | <td> |
| File inc/bye/bye.php changed (mode: 100644) (index a028bc8..dde1bb4) | |||
| 1 | 1 | <?php | <?php |
| 2 | rg_log("/inc/bye/bye.php"); | ||
| 2 | rg_log("/inc/bye/bye"); | ||
| 3 | 3 | ||
| 4 | 4 | $_bye = ""; | $_bye = ""; |
| 5 | 5 | ||
| File inc/db/struct.inc.php changed (mode: 100644) (index e47ced6..1bc1782) | |||
| ... | ... | $rg_db_struct[0] = array( | |
| 45 | 45 | . ", disk_quota_mb INTEGER NOT NULL DEFAULT 0" | . ", disk_quota_mb INTEGER NOT NULL DEFAULT 0" |
| 46 | 46 | . ", disk_used_mb INTEGER NOT NULL DEFAULT 0" | . ", disk_used_mb INTEGER NOT NULL DEFAULT 0" |
| 47 | 47 | . ", rights TEXT NOT NULL" | . ", rights TEXT NOT NULL" |
| 48 | . ", confirmed INTEGER NOT NULL DEFAULT 0" | ||
| 49 | . ", confirm_token TEXT NOT NULL DEFAULT ''" | ||
| 48 | 50 | . ")", | . ")", |
| 49 | 51 | "sess" => "CREATE TABLE sess" | "sess" => "CREATE TABLE sess" |
| 50 | 52 | . " (sid TEXT PRIMARY KEY" | . " (sid TEXT PRIMARY KEY" |
| File inc/dispatch/dispatch.php changed (mode: 100644) (index 3e3586f..c1e9569) | |||
| ... | ... | case 'personal': | |
| 62 | 62 | $body .= $_personal; | $body .= $_personal; |
| 63 | 63 | break; | break; |
| 64 | 64 | ||
| 65 | case 'create_account': | ||
| 66 | include($INC . "/user/create.php"); | ||
| 67 | $body .= $_create; | ||
| 68 | break; | ||
| 69 | |||
| 70 | case 'confirm': | ||
| 71 | include($INC . "/user/confirm.php"); | ||
| 72 | $body .= $_confirm; | ||
| 73 | break; | ||
| 74 | |||
| 65 | 75 | default: | default: |
| 66 | 76 | rg_log("Invalid operation!"); | rg_log("Invalid operation!"); |
| 67 | 77 | } | } |
| File inc/home/home.php changed (mode: 100644) (index c05b12a..5e9924e) | |||
| ... | ... | rg_log("/home/home.php"); | |
| 3 | 3 | ||
| 4 | 4 | $_home = ""; | $_home = ""; |
| 5 | 5 | ||
| 6 | $_home .= "Bau!"; | ||
| 6 | $_home .= "Bau! This is the homepage."; | ||
| 7 | 7 | ||
| 8 | 8 | ?> | ?> |
| 9 | 9 | ||
| File inc/keys.inc.php changed (mode: 100644) (index cc67061..d3f2811) | |||
| ... | ... | function rg_keys_regen($db) | |
| 124 | 124 | ||
| 125 | 125 | $dirty = rg_state_get($db, "authorized_keys"); | $dirty = rg_state_get($db, "authorized_keys"); |
| 126 | 126 | if ($dirty == 0) { | if ($dirty == 0) { |
| 127 | rg_log("Skip generation because is not dirty!"); | ||
| 127 | // Skip generation because is not dirty | ||
| 128 | 128 | return TRUE; | return TRUE; |
| 129 | 129 | } | } |
| 130 | 130 | ||
| 131 | 131 | // create .ssh folder if does not exists | // create .ssh folder if does not exists |
| 132 | 132 | $dir = dirname($rg_keys_file); | $dir = dirname($rg_keys_file); |
| 133 | 133 | if (!file_exists($dir)) { | if (!file_exists($dir)) { |
| 134 | rg_log("dir [$dir] does not exists. Creating it..."); | ||
| 135 | 134 | if (!@mkdir($dir, 0700, TRUE)) { | if (!@mkdir($dir, 0700, TRUE)) { |
| 136 | 135 | rg_keys_set_error("cannot create dir $dir ($php_errormsg)"); | rg_keys_set_error("cannot create dir $dir ($php_errormsg)"); |
| 137 | 136 | return FALSE; | return FALSE; |
| File inc/keys/keys.php changed (mode: 100644) (index a0368e5..f492102) | |||
| 1 | 1 | <?php | <?php |
| 2 | rg_log("/inc/keys/keys.php"); | ||
| 2 | rg_log("/inc/keys/keys"); | ||
| 3 | 3 | ||
| 4 | 4 | $_keys = ""; | $_keys = ""; |
| 5 | 5 | ||
| File inc/login/login.form.php changed (mode: 100644) (index 7723ef5..268d54e) | |||
| 2 | 2 | $_form = ''; | $_form = ''; |
| 3 | 3 | ||
| 4 | 4 | if (count($errmsg) > 0) | if (count($errmsg) > 0) |
| 5 | $_form .= "<font color=red>" . implode("<br />\n", $errmsg) . "</font>\n"; | ||
| 5 | $_form .= "<font color=red>" . implode("<br />\n", $errmsg) . "</font><br />\n"; | ||
| 6 | 6 | ||
| 7 | 7 | $_form .= ' | $_form .= ' |
| 8 | 8 | <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> | <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> |
| 9 | 9 | <input type="hidden" name="op" value="' . $op . '"> | <input type="hidden" name="op" value="' . $op . '"> |
| 10 | 10 | <input type="hidden" name="subop" value="1"> | <input type="hidden" name="subop" value="1"> |
| 11 | 11 | <input type="hidden" name="doit" value="1"> | <input type="hidden" name="doit" value="1"> |
| 12 | <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '"> | ||
| 13 | 12 | ||
| 14 | 13 | User: <input type="text" name="user" value="' . $user . '"><br /> | User: <input type="text" name="user" value="' . $user . '"><br /> |
| 15 | 14 | Password: <input type="password" name="pass" value="' . $pass . '"><br /> | Password: <input type="password" name="pass" value="' . $pass . '"><br /> |
| ... | ... | Password: <input type="password" name="pass" value="' . $pass . '"><br /> | |
| 19 | 18 | <a href="' . rg_re_url("forgot_send") . '">Forgot your password?</a> | <a href="' . rg_re_url("forgot_send") . '">Forgot your password?</a> |
| 20 | 19 | '; | '; |
| 21 | 20 | ||
| 21 | if ($rg_account_allow_creation == 1) { | ||
| 22 | $_form .= ' | ||
| 23 | <br /> | ||
| 24 | <a href="' . rg_re_url("create_account") . '">Create a new account</a> | ||
| 25 | '; | ||
| 26 | } | ||
| 27 | |||
| 22 | 28 | ?> | ?> |
| File inc/login/login.php changed (mode: 100644) (index b5edbcd..865e49d) | |||
| 1 | 1 | <?php | <?php |
| 2 | rg_log("/inc/login/login.php"); | ||
| 2 | rg_log("/inc/login/login"); | ||
| 3 | 3 | ||
| 4 | 4 | $user = rg_var_str("user"); | $user = rg_var_str("user"); |
| 5 | 5 | $pass = rg_var_str("pass"); | $pass = rg_var_str("pass"); |
| File inc/personal/personal.php changed (mode: 100644) (index cd6b44c..510a6c1) | |||
| ... | ... | switch ($subop) { | |
| 22 | 22 | case 1: // edit info | case 1: // edit info |
| 23 | 23 | $uid = $rg_ui['uid']; | $uid = $rg_ui['uid']; |
| 24 | 24 | ||
| 25 | $errmsg = array(); | ||
| 25 | 26 | if ($doit == 1) { | if ($doit == 1) { |
| 26 | 27 | // TODO: Check if user has the right to edit this info! | // TODO: Check if user has the right to edit this info! |
| 27 | 28 | if (!rg_token_valid($db, $sid, $token)) { | if (!rg_token_valid($db, $sid, $token)) { |
| ... | ... | case 1: // edit info | |
| 36 | 37 | $rights = $rg_ui['rights']; | $rights = $rg_ui['rights']; |
| 37 | 38 | $session_time = rg_var_uint("session_time"); | $session_time = rg_var_uint("session_time"); |
| 38 | 39 | ||
| 39 | $xpass = ""; | ||
| 40 | if (rg_user_edit($db, $rg_ui['uid'], $xuser, $email, $xpass, | ||
| 41 | $is_admin, $disk_quota_mb, $rights, $session_time)) { | ||
| 40 | while (1) { | ||
| 41 | $xpass = ""; | ||
| 42 | if (!rg_user_edit($db, $rg_ui['uid'], $xuser, $email, $xpass, | ||
| 43 | $is_admin, $disk_quota_mb, $rights, $session_time, "")) { | ||
| 44 | $errmsg[] = "Cannot change info (" . rg_user_error() . ")."; | ||
| 45 | break; | ||
| 46 | } | ||
| 47 | |||
| 42 | 48 | $_body .= "OK!<br />"; | $_body .= "OK!<br />"; |
| 49 | break; | ||
| 43 | 50 | } | } |
| 44 | 51 | } else { | } else { |
| 45 | 52 | $xuser = $rg_ui['username']; | $xuser = $rg_ui['username']; |
| ... | ... | case 1: // edit info | |
| 50 | 57 | $session_time = $rg_ui['session_time']; | $session_time = $rg_ui['session_time']; |
| 51 | 58 | } | } |
| 52 | 59 | ||
| 53 | $user_form_add = 0; | ||
| 60 | $admin_mode = 0; | ||
| 61 | $pass_mode = 0; | ||
| 54 | 62 | include($INC . "/admin/users/user.form.php"); | include($INC . "/admin/users/user.form.php"); |
| 55 | 63 | $_body .= $_form; | $_body .= $_form; |
| 56 | 64 | break; | break; |
| File inc/repo/repo.form.php changed (mode: 100644) (index 666c841..f8a751c) | |||
| ... | ... | $_form .= ' | |
| 50 | 50 | </tr> | </tr> |
| 51 | 51 | ||
| 52 | 52 | <tr> | <tr> |
| 53 | <td>Default rights:</td> | ||
| 53 | <td>Default rights (for anonymous access, un-select all for private repositories):</td> | ||
| 54 | 54 | <td> | <td> |
| 55 | 55 | ' . rg_rights_checkboxes("repo", $rights) . ' | ' . rg_rights_checkboxes("repo", $rights) . ' |
| 56 | 56 | </td> | </td> |
| File inc/repo/repo.php changed (mode: 100644) (index 473a0c3..75225c5) | |||
| 1 | 1 | <?php | <?php |
| 2 | rg_log("/inc/repo/repo.php"); | ||
| 2 | rg_log("/inc/repo/repo"); | ||
| 3 | 3 | ||
| 4 | 4 | $_repo = ""; | $_repo = ""; |
| 5 | 5 | ||
| File inc/repo/repo_page.php changed (mode: 100644) (index 74b2678..16a1f1b) | |||
| 1 | 1 | <?php | <?php |
| 2 | rg_log("/inc/repo/repo_page.php"); | ||
| 2 | rg_log("/inc/repo/repo_page"); | ||
| 3 | 3 | ||
| 4 | $repo = rg_var_str("repo"); | ||
| 5 | 4 | $repo_id = rg_var_uint("repo_id"); | $repo_id = rg_var_uint("repo_id"); |
| 6 | 5 | $name = rg_var_str("name"); | $name = rg_var_str("name"); |
| 7 | 6 | $max_commit_size = rg_var_uint("max_commit_size"); | $max_commit_size = rg_var_uint("max_commit_size"); |
| ... | ... | $user = rg_var_str("user"); | |
| 12 | 11 | $master_repo_id = 0; | $master_repo_id = 0; |
| 13 | 12 | ||
| 14 | 13 | // menu | // menu |
| 15 | $_url = rg_re_repopage($repo_id, $repo); | ||
| 14 | $_url = rg_re_repopage($repo_id, $name); | ||
| 16 | 15 | $_menu = ""; | $_menu = ""; |
| 17 | 16 | $_menu .= "[<a href=\"$_url&subop=1\">Edit</a>]"; | $_menu .= "[<a href=\"$_url&subop=1\">Edit</a>]"; |
| 18 | 17 | $_menu .= " [<a href=\"$_url&subop=2\">Rights</a>]"; | $_menu .= " [<a href=\"$_url&subop=2\">Rights</a>]"; |
| ... | ... | $_menu .= "<br />\n"; | |
| 22 | 21 | ||
| 23 | 22 | $_body = ""; | $_body = ""; |
| 24 | 23 | ||
| 25 | $repo_ok = rg_repo_ok($repo); | ||
| 24 | $repo_ok = rg_repo_ok($name); | ||
| 26 | 25 | if ($repo_ok === TRUE) { | if ($repo_ok === TRUE) { |
| 27 | $ri = rg_repo_info($db, $repo_id, $repo); | ||
| 26 | $ri = rg_repo_info($db, $repo_id, $name); | ||
| 28 | 27 | if (($ri['ok'] != 1) || ($ri['exists'] != 1) || ($ri['deleted'] == 1)) | if (($ri['ok'] != 1) || ($ri['exists'] != 1) || ($ri['deleted'] == 1)) |
| 29 | 28 | $repo_ok = FALSE; | $repo_ok = FALSE; |
| 30 | 29 | } | } |
| 31 | 30 | ||
| 32 | 31 | if ($repo_ok !== TRUE) { | if ($repo_ok !== TRUE) { |
| 33 | $_body .= "Invalid repository!"; | ||
| 34 | // force subop 0 | ||
| 35 | $subop = 0; | ||
| 32 | $_repo = "Invalid repository!"; | ||
| 33 | return; | ||
| 36 | 34 | } | } |
| 35 | |||
| 37 | 36 | // we need it in forms | // we need it in forms |
| 38 | 37 | $repo_id = $ri['repo_id']; | $repo_id = $ri['repo_id']; |
| 39 | 38 | ||
| File inc/user.inc.php changed (mode: 100644) (index cf88590..1697b42) | |||
| ... | ... | function rg_user_pass($salt, $pass) | |
| 41 | 41 | */ | */ |
| 42 | 42 | function rg_user_pass_ok($pass) | function rg_user_pass_ok($pass) |
| 43 | 43 | { | { |
| 44 | if (strlen($pass) <= 4) { | ||
| 45 | rg_user_set_error("Password is too short."); | ||
| 44 | if (strlen($pass) < 5) { | ||
| 45 | rg_user_set_error("password is too short (less than 5 chars)"); | ||
| 46 | 46 | return FALSE; | return FALSE; |
| 47 | 47 | } | } |
| 48 | 48 | ||
| ... | ... | function rg_user_ok($user) | |
| 64 | 64 | } | } |
| 65 | 65 | ||
| 66 | 66 | if (strlen($user) < $rg_user_min_len) { | if (strlen($user) < $rg_user_min_len) { |
| 67 | rg_user_set_error("User name too short (shorter than $rg_user_min_len)"); | ||
| 67 | rg_user_set_error("user name too short (shorter than $rg_user_min_len)"); | ||
| 68 | 68 | return FALSE; | return FALSE; |
| 69 | 69 | } | } |
| 70 | 70 | ||
| ... | ... | function rg_user_ok($user) | |
| 81 | 81 | * If uid > 0 - edit, else, add | * If uid > 0 - edit, else, add |
| 82 | 82 | */ | */ |
| 83 | 83 | function rg_user_edit($db, $uid, $user, $email, $pass, $is_admin, | function rg_user_edit($db, $uid, $user, $email, $pass, $is_admin, |
| 84 | $disk_quota_mb, $rights, $session_time) | ||
| 84 | $disk_quota_mb, $rights, $session_time, $confirm_token) | ||
| 85 | 85 | { | { |
| 86 | 86 | rg_log("user_edit: uid=$uid, user=$user email=$email" | rg_log("user_edit: uid=$uid, user=$user email=$email" |
| 87 | 87 | . " pass=$pass is_admin=$is_admin" | . " pass=$pass is_admin=$is_admin" |
| 88 | 88 | . " disk_quota_mb=$disk_quota_mb rights=$rights" | . " disk_quota_mb=$disk_quota_mb rights=$rights" |
| 89 | . " session_time=$session_time..."); | ||
| 89 | . " session_time=$session_time, confirm_token=$confirm_token..."); | ||
| 90 | 90 | ||
| 91 | 91 | if (rg_user_ok($user) !== TRUE) | if (rg_user_ok($user) !== TRUE) |
| 92 | 92 | return FALSE; | return FALSE; |
| 93 | 93 | ||
| 94 | $now = time(); | ||
| 94 | 95 | $e_user = rg_sql_escape($db, $user); | $e_user = rg_sql_escape($db, $user); |
| 95 | 96 | $e_salt = rg_id(40); | $e_salt = rg_id(40); |
| 96 | 97 | $e_pass = rg_user_pass($e_salt, $pass); | $e_pass = rg_user_pass($e_salt, $pass); |
| 97 | 98 | $e_email = rg_sql_escape($db, $email); | $e_email = rg_sql_escape($db, $email); |
| 98 | 99 | $e_rights = rg_sql_escape($db, $rights); | $e_rights = rg_sql_escape($db, $rights); |
| 99 | 100 | ||
| 101 | if (empty($confirm_token)) { | ||
| 102 | // no need to confirm account | ||
| 103 | $confirmed = $now; | ||
| 104 | } else { | ||
| 105 | $confirmed = 0; | ||
| 106 | } | ||
| 107 | |||
| 100 | 108 | if ($uid == 0) { // add | if ($uid == 0) { // add |
| 101 | 109 | if (rg_user_pass_ok($pass) !== TRUE) | if (rg_user_pass_ok($pass) !== TRUE) |
| 102 | 110 | return FALSE; | return FALSE; |
| 103 | 111 | ||
| 104 | $now = time(); | ||
| 105 | 112 | $sql = "INSERT INTO users (username, salt, pass, email, itime" | $sql = "INSERT INTO users (username, salt, pass, email, itime" |
| 106 | . ", is_admin, disk_quota_mb, rights, session_time)" | ||
| 113 | . ", is_admin, disk_quota_mb, rights, session_time" | ||
| 114 | . ", confirmed, confirm_token)" | ||
| 107 | 115 | . " VALUES ('$e_user', '$e_salt', '$e_pass'" | . " VALUES ('$e_user', '$e_salt', '$e_pass'" |
| 108 | 116 | . ", '$e_email', $now, $is_admin, $disk_quota_mb" | . ", '$e_email', $now, $is_admin, $disk_quota_mb" |
| 109 | . ", '$e_rights', $session_time)"; | ||
| 117 | . ", '$e_rights', $session_time" | ||
| 118 | . ", $confirmed, '$confirm_token')"; | ||
| 110 | 119 | } else { // edit | } else { // edit |
| 111 | 120 | $salt_pass_add = ""; | $salt_pass_add = ""; |
| 112 | 121 | if (!empty($pass)) | if (!empty($pass)) |
| ... | ... | function rg_user_edit($db, $uid, $user, $email, $pass, $is_admin, | |
| 124 | 133 | ||
| 125 | 134 | $res = rg_sql_query($db, $sql); | $res = rg_sql_query($db, $sql); |
| 126 | 135 | if ($res === FALSE) { | if ($res === FALSE) { |
| 127 | rg_user_set_error("Cannot insert/update user (" . rg_sql_error() . ")!"); | ||
| 136 | rg_user_set_error("cannot insert/update user (" . rg_sql_error() . ")"); | ||
| 128 | 137 | return FALSE; | return FALSE; |
| 129 | 138 | } | } |
| 130 | 139 | rg_sql_free_result($res); | rg_sql_free_result($res); |
| ... | ... | function rg_user_remove($db, $uid) | |
| 142 | 151 | $sql = "DELETE FROM users WHERE uid = $uid"; | $sql = "DELETE FROM users WHERE uid = $uid"; |
| 143 | 152 | $res = rg_sql_query($db, $sql); | $res = rg_sql_query($db, $sql); |
| 144 | 153 | if ($res === FALSE) { | if ($res === FALSE) { |
| 145 | rg_user_set_error("Cannot remove user $uid (" . rg_sql_error() . ")!"); | ||
| 154 | rg_user_set_error("cannot remove user $uid (" . rg_sql_error() . ")"); | ||
| 146 | 155 | return FALSE; | return FALSE; |
| 147 | 156 | } | } |
| 148 | 157 | rg_sql_free_result($res); | rg_sql_free_result($res); |
| ... | ... | function rg_user_info($db, $uid, $user, $email) | |
| 181 | 190 | $sql = "SELECT * FROM users WHERE 1 = 1" . $add; | $sql = "SELECT * FROM users WHERE 1 = 1" . $add; |
| 182 | 191 | $res = rg_sql_query($db, $sql); | $res = rg_sql_query($db, $sql); |
| 183 | 192 | if ($res === FALSE) { | if ($res === FALSE) { |
| 184 | rg_user_set_error("Cannot get info (" . rg_sql_error() . ")!"); | ||
| 193 | rg_user_set_error("cannot get info (" . rg_sql_error() . ")"); | ||
| 185 | 194 | return $ret; | return $ret; |
| 186 | 195 | } | } |
| 187 | 196 | ||
| ... | ... | function rg_user_login_by_sid($db, $sid, &$rg_ui) | |
| 221 | 230 | return FALSE; | return FALSE; |
| 222 | 231 | ||
| 223 | 232 | $rg_ui = rg_user_info($db, $uid, "", ""); | $rg_ui = rg_user_info($db, $uid, "", ""); |
| 224 | if ($rg_ui['exists'] != 1) | ||
| 225 | rg_user_set_error("Invalid uid!"); | ||
| 233 | if ($rg_ui['exists'] != 1) { | ||
| 234 | rg_user_set_error("invalid uid"); | ||
| 226 | 235 | return FALSE; | return FALSE; |
| 236 | } | ||
| 237 | |||
| 227 | 238 | rg_sess_update($db, $sid); | rg_sess_update($db, $sid); |
| 228 | 239 | ||
| 229 | 240 | rg_user_set_last_seen($db, $rg_ui['uid']); | rg_user_set_last_seen($db, $rg_ui['uid']); |
| ... | ... | function rg_user_pass_valid($db, $uid, $pass) | |
| 239 | 250 | rg_log("user_pass_valid: uid=$uid, pass=$pass..."); | rg_log("user_pass_valid: uid=$uid, pass=$pass..."); |
| 240 | 251 | ||
| 241 | 252 | if (empty($pass)) { | if (empty($pass)) { |
| 242 | rg_log("\tPassword is empty."); | ||
| 253 | rg_user_set_error("password is empty"); | ||
| 243 | 254 | return FALSE; | return FALSE; |
| 244 | 255 | } | } |
| 245 | 256 | ||
| 246 | 257 | $ui = rg_user_info($db, $uid, "", ""); | $ui = rg_user_info($db, $uid, "", ""); |
| 247 | 258 | if ($ui['exists'] != 1) { | if ($ui['exists'] != 1) { |
| 248 | rg_log("\tUser does not exists."); | ||
| 259 | rg_user_set_error("user does not exists"); | ||
| 249 | 260 | return FALSE; | return FALSE; |
| 250 | 261 | } | } |
| 251 | 262 | ||
| 252 | 263 | $sha1pass = rg_user_pass($ui['salt'], $pass); | $sha1pass = rg_user_pass($ui['salt'], $pass); |
| 253 | 264 | if (strcmp($sha1pass, $ui['pass']) != 0) { | if (strcmp($sha1pass, $ui['pass']) != 0) { |
| 254 | rg_log("\tPassword is not ok [$sha1pass] != [" . $ui['pass'] . "]."); | ||
| 265 | rg_user_set_error("password is not ok"); | ||
| 255 | 266 | return FALSE; | return FALSE; |
| 256 | 267 | } | } |
| 257 | 268 | ||
| ... | ... | function rg_user_pass_valid($db, $uid, $pass) | |
| 259 | 270 | return TRUE; | return TRUE; |
| 260 | 271 | } | } |
| 261 | 272 | ||
| 273 | /* | ||
| 274 | * Auto login the user | ||
| 275 | */ | ||
| 276 | function rg_user_auto_login($db, $uid, &$rg_ui) | ||
| 277 | { | ||
| 278 | $rg_ui = rg_user_info($db, $uid, "", ""); | ||
| 279 | if ($rg_ui['ok'] != 1) | ||
| 280 | return FALSE; | ||
| 281 | |||
| 282 | if ($rg_ui['exists'] != 1) | ||
| 283 | return FALSE; | ||
| 284 | |||
| 285 | $sid = rg_id(40); | ||
| 286 | rg_sess_add($db, $uid, $sid, $rg_ui['session_time']); | ||
| 287 | setcookie("sid", $sid, 0, "/", $_SERVER['SERVER_NAME'], | ||
| 288 | @strcmp($_SERVER['HTTPS'], "on") == 0 /* secure */, | ||
| 289 | TRUE /* httponly */); | ||
| 290 | |||
| 291 | return TRUE; | ||
| 292 | } | ||
| 293 | |||
| 262 | 294 | /* | /* |
| 263 | 295 | * Test if login is OK | * Test if login is OK |
| 264 | 296 | */ | */ |
| ... | ... | function rg_user_login_by_user_pass($db, $user, $pass, &$rg_ui) | |
| 271 | 303 | $rg_ui['is_admin'] = 0; | $rg_ui['is_admin'] = 0; |
| 272 | 304 | ||
| 273 | 305 | if (empty($user) || empty($pass)) { | if (empty($user) || empty($pass)) { |
| 274 | rg_user_set_error("Invalid user or pass!"); | ||
| 306 | rg_user_set_error("invalid user or pass"); | ||
| 275 | 307 | return FALSE; | return FALSE; |
| 276 | 308 | } | } |
| 277 | 309 | ||
| 278 | 310 | $rg_ui = rg_user_info($db, 0, $user, ""); | $rg_ui = rg_user_info($db, 0, $user, ""); |
| 279 | 311 | if ($rg_ui['exists'] != 1) { | if ($rg_ui['exists'] != 1) { |
| 280 | rg_user_set_error("Invalid user or pass!"); | ||
| 312 | rg_user_set_error("invalid user or pass"); | ||
| 281 | 313 | return FALSE; | return FALSE; |
| 282 | 314 | } | } |
| 283 | rg_log("\trg_ui: " . print_r($rg_ui, TRUE)); | ||
| 284 | 315 | ||
| 285 | 316 | if ($rg_ui['suspended'] > 0) { | if ($rg_ui['suspended'] > 0) { |
| 286 | rg_user_set_error("Invalid user or pass!"); | ||
| 317 | rg_user_set_error("invalid user or pass"); | ||
| 318 | return FALSE; | ||
| 319 | } | ||
| 320 | |||
| 321 | if ($rg_ui['confirmed'] == 0) { | ||
| 322 | rg_user_set_error("invalid user or pass"); | ||
| 287 | 323 | return FALSE; | return FALSE; |
| 288 | 324 | } | } |
| 289 | 325 | ||
| 290 | 326 | $sha1pass = rg_user_pass($rg_ui['salt'], $pass); | $sha1pass = rg_user_pass($rg_ui['salt'], $pass); |
| 291 | 327 | if (strcmp($sha1pass, $rg_ui['pass']) != 0) { | if (strcmp($sha1pass, $rg_ui['pass']) != 0) { |
| 292 | rg_user_set_error("Invalid user or pass!"); | ||
| 328 | rg_user_set_error("invalid user or pass"); | ||
| 293 | 329 | return FALSE; | return FALSE; |
| 294 | 330 | } | } |
| 295 | 331 | ||
| 296 | $sid = rg_id(40); | ||
| 297 | rg_sess_add($db, $rg_ui['uid'], $sid, $rg_ui['session_time']); | ||
| 298 | setcookie("sid", $sid, 0, "/", $_SERVER['HTTP_HOST'], | ||
| 299 | @strcmp($_SERVER['HTTPS'], "on") == 0 /* secure */, | ||
| 300 | TRUE /* httponly */); | ||
| 332 | rg_user_sess($db, $rg_ui['uid'], $rg_ui['session_time']); | ||
| 301 | 333 | ||
| 302 | 334 | rg_user_set_last_seen($db, $rg_ui['uid']); | rg_user_set_last_seen($db, $rg_ui['uid']); |
| 303 | 335 | ||
| ... | ... | function rg_user_suspend($db, $uid, $op) | |
| 321 | 353 | ||
| 322 | 354 | $sql = "UPDATE users SET suspended = $v WHERE uid = $uid"; | $sql = "UPDATE users SET suspended = $v WHERE uid = $uid"; |
| 323 | 355 | $res = rg_sql_query($db, $sql); | $res = rg_sql_query($db, $sql); |
| 324 | if ($res === FALSE) | ||
| 356 | if ($res === FALSE) { | ||
| 357 | rg_user_set_error("cannot suspend (" . rg_sql_error() . ")"); | ||
| 325 | 358 | return FALSE; | return FALSE; |
| 359 | } | ||
| 326 | 360 | rg_sql_free_result($res); | rg_sql_free_result($res); |
| 327 | 361 | ||
| 328 | 362 | return TRUE; | return TRUE; |
| ... | ... | function rg_user_make_admin($db, $uid, $op) | |
| 338 | 372 | ||
| 339 | 373 | $sql = "UPDATE users SET is_admin = $op WHERE uid = $uid"; | $sql = "UPDATE users SET is_admin = $op WHERE uid = $uid"; |
| 340 | 374 | $res = rg_sql_query($db, $sql); | $res = rg_sql_query($db, $sql); |
| 341 | if ($res === FALSE) | ||
| 375 | if ($res === FALSE) { | ||
| 376 | rg_user_set_error("cannot make admin (" . rg_sql_error() . ")"); | ||
| 342 | 377 | return FALSE; | return FALSE; |
| 378 | } | ||
| 343 | 379 | rg_sql_free_result($res); | rg_sql_free_result($res); |
| 344 | 380 | ||
| 345 | 381 | return TRUE; | return TRUE; |
| ... | ... | function rg_user_set_last_seen($db, $uid) | |
| 356 | 392 | ||
| 357 | 393 | $sql = "UPDATE users SET last_seen = $now WHERE uid = $uid"; | $sql = "UPDATE users SET last_seen = $now WHERE uid = $uid"; |
| 358 | 394 | $res = rg_sql_query($db, $sql); | $res = rg_sql_query($db, $sql); |
| 359 | if ($res === FALSE) | ||
| 395 | if ($res === FALSE) { | ||
| 396 | rg_user_set_error("cannot update last seen (" . rg_sql_error() . ")"); | ||
| 360 | 397 | return FALSE; | return FALSE; |
| 398 | } | ||
| 361 | 399 | rg_sql_free_result($res); | rg_sql_free_result($res); |
| 362 | 400 | ||
| 363 | 401 | return TRUE; | return TRUE; |
| ... | ... | function rg_user_list($db, $url) | |
| 419 | 457 | $ret .= " <th>Creation date (UTC)</th>\n"; | $ret .= " <th>Creation date (UTC)</th>\n"; |
| 420 | 458 | $ret .= " <th>Quota</th>\n"; | $ret .= " <th>Quota</th>\n"; |
| 421 | 459 | $ret .= " <th>Suspended?</th>\n"; | $ret .= " <th>Suspended?</th>\n"; |
| 460 | $ret .= " <th>Confirmed?</th>\n"; | ||
| 422 | 461 | $ret .= " <th>Session time</th>\n"; | $ret .= " <th>Session time</th>\n"; |
| 423 | 462 | $ret .= " <th>Last seen (UTC)</th>\n"; | $ret .= " <th>Last seen (UTC)</th>\n"; |
| 424 | 463 | $ret .= " <th>Rights</th>\n"; | $ret .= " <th>Rights</th>\n"; |
| ... | ... | function rg_user_list($db, $url) | |
| 436 | 475 | $_v = "unlimited"; | $_v = "unlimited"; |
| 437 | 476 | $ret .= " <td>" . $_v . "</td>\n"; | $ret .= " <td>" . $_v . "</td>\n"; |
| 438 | 477 | $ret .= " <td>" . ($row['suspended'] == 0 ? "No" : "Yes") . "</th>\n"; | $ret .= " <td>" . ($row['suspended'] == 0 ? "No" : "Yes") . "</th>\n"; |
| 478 | $ret .= " <td>" . ($row['confirmed'] == 0 ? "No" : gmdate("Y-m-d H:i:s", $row['confirmed'])) . "</th>\n"; | ||
| 439 | 479 | $ret .= " <td>" . $row['session_time'] . "s</td>\n"; | $ret .= " <td>" . $row['session_time'] . "s</td>\n"; |
| 440 | 480 | $v = $row['last_seen'] == 0 ? "-" : gmdate("Y-m-d", $row['last_seen']); | $v = $row['last_seen'] == 0 ? "-" : gmdate("Y-m-d", $row['last_seen']); |
| 441 | 481 | $ret .= " <td>" . $v . "</td>\n"; | $ret .= " <td>" . $v . "</td>\n"; |
| ... | ... | function rg_user_forgot_pass_uid($db, $token) | |
| 496 | 536 | . " WHERE token = '$e_token'" | . " WHERE token = '$e_token'" |
| 497 | 537 | . " AND expire > $now"; | . " AND expire > $now"; |
| 498 | 538 | $res = rg_sql_query($db, $sql); | $res = rg_sql_query($db, $sql); |
| 499 | if ($res === FALSE) | ||
| 539 | if ($res === FALSE) { | ||
| 540 | rg_user_set_error("cannot lookup token (" . rg_sql_error() . ")"); | ||
| 500 | 541 | return $ret; | return $ret; |
| 542 | } | ||
| 501 | 543 | ||
| 502 | 544 | $ret['ok'] = 1; | $ret['ok'] = 1; |
| 503 | 545 | ||
| ... | ... | function rg_user_forgot_pass_mail_prepare($db, $email) | |
| 535 | 577 | . " VALUES ('$token', $uid, $expire)"; | . " VALUES ('$token', $uid, $expire)"; |
| 536 | 578 | $res = rg_sql_query($db, $sql); | $res = rg_sql_query($db, $sql); |
| 537 | 579 | if ($res === FALSE) { | if ($res === FALSE) { |
| 538 | rg_user_set_error("Cannot query!"); | ||
| 580 | rg_user_set_error("cannot query (" . rg_sql_error() . ")"); | ||
| 539 | 581 | return FALSE; | return FALSE; |
| 540 | 582 | } | } |
| 541 | 583 | rg_sql_free_result($res); | rg_sql_free_result($res); |
| ... | ... | function rg_user_forgot_pass_mail($db, $email) | |
| 560 | 602 | ||
| 561 | 603 | if (!mail($email, | if (!mail($email, |
| 562 | 604 | "Forgot password", | "Forgot password", |
| 563 | "Hello!\n" | ||
| 605 | "Hello!\n\n" | ||
| 564 | 606 | . "If you want to reset the password, follow:\n" | . "If you want to reset the password, follow:\n" |
| 565 | . "http://" . @$_SERVER['SERVER_NAME'] | ||
| 566 | . rg_re_url("forgot_link") . "&forgot_token=$forgot_token", | ||
| 607 | . (@strcmp($_SERVER['HTTPS'], "on") == 0 ? "https://" : "http://") | ||
| 608 | . @$_SERVER['HTTP_HOST'] | ||
| 609 | . rg_re_url("forgot_link") . "&forgot_token=$forgot_token", | ||
| 567 | 610 | $headers, | $headers, |
| 568 | 611 | "-f $rg_admin_email")) { | "-f $rg_admin_email")) { |
| 569 | 612 | rg_user_set_error("Cannot send mail ($php_errormsg)!"); | rg_user_set_error("Cannot send mail ($php_errormsg)!"); |
| ... | ... | function rg_user_forgot_pass_destroy($db, $uid) | |
| 583 | 626 | $sql = "DELETE FROM forgot_pass WHERE uid = $uid"; | $sql = "DELETE FROM forgot_pass WHERE uid = $uid"; |
| 584 | 627 | $res = rg_sql_query($db, $sql); | $res = rg_sql_query($db, $sql); |
| 585 | 628 | if ($res === FALSE) { | if ($res === FALSE) { |
| 586 | rg_user_set_error("Cannot query!"); | ||
| 629 | rg_user_set_error("cannot query (" . rg_sql_error() . ")"); | ||
| 587 | 630 | return FALSE; | return FALSE; |
| 588 | 631 | } | } |
| 589 | 632 | rg_sql_free_result($res); | rg_sql_free_result($res); |
| ... | ... | function rg_user_set_pass($db, $uid, $pass) | |
| 612 | 655 | return TRUE; | return TRUE; |
| 613 | 656 | } | } |
| 614 | 657 | ||
| 658 | /* | ||
| 659 | * Confirm account creation (send mail) | ||
| 660 | */ | ||
| 661 | function rg_user_confirm_send($email, $token) | ||
| 662 | { | ||
| 663 | global $rg_admin_name, $rg_admin_email; | ||
| 664 | |||
| 665 | rg_log("user_confirm_send: email=$email, token=$token"); | ||
| 666 | |||
| 667 | $headers = "From: $rg_admin_name <$rg_admin_email>"; | ||
| 668 | |||
| 669 | if (!mail($email, | ||
| 670 | "Account creation confirmation", | ||
| 671 | "Hello!\n\n" | ||
| 672 | . "Please confirm your account creation following:\n" | ||
| 673 | . (@strcmp($_SERVER['HTTPS'], "on") == 0 ? "https://" : "http://") | ||
| 674 | . @$_SERVER['HTTP_HOST'] | ||
| 675 | . rg_re_url("confirm") . "&token=$token", | ||
| 676 | $headers, | ||
| 677 | "-f $rg_admin_email")) { | ||
| 678 | rg_user_set_error("Cannot send mail ($php_errormsg)!"); | ||
| 679 | return FALSE; | ||
| 680 | } | ||
| 681 | |||
| 682 | return TRUE; | ||
| 683 | } | ||
| 684 | |||
| 685 | /* | ||
| 686 | * Confirm account creation | ||
| 687 | */ | ||
| 688 | function rg_user_confirm($db, $token) | ||
| 689 | { | ||
| 690 | $now = time(); | ||
| 691 | |||
| 692 | $sql = "SELECT uid FROM users WHERE confirm_token = '$token'"; | ||
| 693 | $res = rg_sql_query($db, $sql); | ||
| 694 | if ($res === FALSE) { | ||
| 695 | rg_user_set_error("cannot search for token (" . rg_sql_error() . ")"); | ||
| 696 | return FALSE; | ||
| 697 | } | ||
| 698 | $rows = rg_sql_num_rows($res); | ||
| 699 | if ($rows > 0) | ||
| 700 | $row = rg_sql_fetch_array($res); | ||
| 701 | rg_sql_free_result($res); | ||
| 702 | if ($rows == 0) { | ||
| 703 | rg_user_set_error("cannot find token (" . rg_sql_error() . ")"); | ||
| 704 | return FALSE; | ||
| 705 | } | ||
| 706 | $uid = $row['uid']; | ||
| 707 | |||
| 708 | $sql = "UPDATE users SET confirmed = $now" | ||
| 709 | . " WHERE uid = $uid"; | ||
| 710 | $res = rg_sql_query($db, $sql); | ||
| 711 | if ($res === FALSE) { | ||
| 712 | rg_user_set_error("cannot update confirmed (" . rg_sql_error() . ")"); | ||
| 713 | return FALSE; | ||
| 714 | } | ||
| 715 | |||
| 716 | return $uid; | ||
| 717 | } | ||
| 718 | |||
| 615 | 719 | ?> | ?> |
| File inc/user/confirm.php added (mode: 100644) (index 0000000..6b03dae) | |||
| 1 | <?php | ||
| 2 | rg_log("/inc/user/confirm"); | ||
| 3 | |||
| 4 | $token = rg_var_re("token", "/[^A-Za-z0-9]/"); | ||
| 5 | |||
| 6 | $_confirm = "<br />\n"; | ||
| 7 | |||
| 8 | $uid = rg_user_confirm($db, $token); | ||
| 9 | if ($uid === FALSE) { | ||
| 10 | $_confirm .= "Internal error!"; | ||
| 11 | } else { | ||
| 12 | // auto-login | ||
| 13 | if (rg_user_auto_login($db, $uid, $rg_ui)) | ||
| 14 | $new_op = "home"; | ||
| 15 | else | ||
| 16 | $new_op = "login"; | ||
| 17 | } | ||
| 18 | |||
| 19 | ?> | ||
| File inc/user/create.php added (mode: 100644) (index 0000000..55c5de9) | |||
| 1 | <?php | ||
| 2 | rg_log("/create/create.php"); | ||
| 3 | |||
| 4 | $_create = "<br />\n"; | ||
| 5 | |||
| 6 | if ($rg_account_allow_creation != 1) { | ||
| 7 | $_create .= "Site does not allow account creation."; | ||
| 8 | return; | ||
| 9 | } | ||
| 10 | |||
| 11 | $uid = 0; | ||
| 12 | $errmsg = array(); | ||
| 13 | $show_form = 1; | ||
| 14 | |||
| 15 | if ($doit == 1) { | ||
| 16 | $xuser = rg_var_str("xuser"); | ||
| 17 | $email = rg_var_str("email"); | ||
| 18 | $xpass = rg_var_str("xpass"); | ||
| 19 | $xpass2 = rg_var_str("xpass2"); | ||
| 20 | $session_time = rg_var_uint("session_time"); | ||
| 21 | |||
| 22 | while (1) { | ||
| 23 | if (strcmp($xpass, $xpass2) != 0) { | ||
| 24 | $errmsg[] = "Password are not the same!"; | ||
| 25 | break; | ||
| 26 | } | ||
| 27 | |||
| 28 | $_ui = rg_user_info($db, 0, $xuser, ""); | ||
| 29 | if ($_ui['ok'] == 0) { | ||
| 30 | $errmsg[] = "Internal error (" . rg_user_error() . ")!"; | ||
| 31 | break; | ||
| 32 | } | ||
| 33 | |||
| 34 | if ($_ui['exists'] == 1) { | ||
| 35 | $errmsg[] = "User already exists."; | ||
| 36 | break; | ||
| 37 | } | ||
| 38 | |||
| 39 | $is_admin = 0; | ||
| 40 | $disk_quota_mb = 100; | ||
| 41 | $rights = "C"; | ||
| 42 | $confirm_token = rg_id(40); | ||
| 43 | if (!rg_user_edit($db, $uid, $xuser, $email, $xpass, $is_admin, | ||
| 44 | $disk_quota_mb, $rights, $session_time, $confirm_token)) { | ||
| 45 | $errmsg[] = "Cannot add user (" . rg_user_error() . ")."; | ||
| 46 | break; | ||
| 47 | } | ||
| 48 | |||
| 49 | $r = rg_user_confirm_send($email, $confirm_token); | ||
| 50 | if ($r === FALSE) { | ||
| 51 | $errmsg[] = "Cannot send e-mail (" . rg_user_error() . ")!"; | ||
| 52 | break; | ||
| 53 | } | ||
| 54 | |||
| 55 | $show_form = 0; | ||
| 56 | $_create .= "Check your e-mail and follow the link inside."; | ||
| 57 | break; | ||
| 58 | } | ||
| 59 | } else { | ||
| 60 | $xuser = ""; | ||
| 61 | $email = ""; | ||
| 62 | $xpass = ""; | ||
| 63 | $xpass2 = ""; | ||
| 64 | $session_time = 3600; | ||
| 65 | } | ||
| 66 | |||
| 67 | if ($show_form == 1) { | ||
| 68 | $admin_mode = 0; | ||
| 69 | $pass_mode = 2; | ||
| 70 | include($INC . "/admin/users/user.form.php"); | ||
| 71 | $_create .= $_form; | ||
| 72 | } | ||
| 73 | |||
| 74 | ?> | ||
| 75 | |||
| File inc/user/forgot.php changed (mode: 100644) (index f2a2a65..df85597) | |||
| 1 | 1 | <?php | <?php |
| 2 | rg_log("/inc/user/forgot.php"); | ||
| 2 | rg_log("/inc/user/forgot"); | ||
| 3 | 3 | ||
| 4 | $forgot_token = rg_var_str("forgot_token"); | ||
| 4 | $forgot_token = rg_var_re("forgot_token", "/[^A-Za-z0-9]/"); | ||
| 5 | 5 | $pass1 = rg_var_str("pass1"); | $pass1 = rg_var_str("pass1"); |
| 6 | 6 | $pass2 = rg_var_str("pass2"); | $pass2 = rg_var_str("pass2"); |
| 7 | 7 | ||
| ... | ... | if ($doit == 1) { | |
| 23 | 23 | if (rg_user_set_pass($db, $r['uid'], $pass1)) { | if (rg_user_set_pass($db, $r['uid'], $pass1)) { |
| 24 | 24 | rg_user_forgot_pass_destroy($db, $r['uid']); | rg_user_forgot_pass_destroy($db, $r['uid']); |
| 25 | 25 | // auto-login | // auto-login |
| 26 | $rg_ui = rg_user_info($db, $r['uid'], "", ""); | ||
| 27 | $_forgot .= "OK!"; | ||
| 28 | 26 | $_hide_form = 1; | $_hide_form = 1; |
| 27 | if (rg_user_auto_login($db, $r['uid'], $rg_ui)) | ||
| 28 | $new_op = "home"; | ||
| 29 | else | ||
| 30 | $new_op = "login"; | ||
| 29 | 31 | } else { | } else { |
| 30 | 32 | $errmsg[] = "Internal error - try later!"; | $errmsg[] = "Internal error - try later!"; |
| 31 | 33 | } | } |
| File inc/user/forgot_send.php changed (mode: 100644) (index ad344f2..8d556a3) | |||
| 1 | 1 | <?php | <?php |
| 2 | rg_log("/inc/user/forgot_send.php"); | ||
| 2 | rg_log("/inc/user/forgot_send"); | ||
| 3 | 3 | ||
| 4 | 4 | $email = rg_var_str("email"); | $email = rg_var_str("email"); |
| 5 | 5 | ||
| File inc/util.inc.php changed (mode: 100644) (index 6b875ed..655bc7b) | |||
| ... | ... | function rg_re_repopage($repo_id, $repo_name) | |
| 87 | 87 | if (isset($_REQUEST['rewrite_engine'])) | if (isset($_REQUEST['rewrite_engine'])) |
| 88 | 88 | return "/" . $repo_name; | return "/" . $repo_name; |
| 89 | 89 | ||
| 90 | return $_SERVER['PHP_SELF'] . "?op=repo_page&repo_name=" . $repo_name; | ||
| 90 | return $_SERVER['PHP_SELF'] . "?op=repopage&name=" . $repo_name; | ||
| 91 | 91 | } | } |
| 92 | 92 | ||
| 93 | 93 | function rg_var_str($name) | function rg_var_str($name) |
| File root/index.php changed (mode: 100644) (index 3d2a92b..69e85d1) | |||
| 1 | 1 | <?php | <?php |
| 2 | 2 | error_reporting(E_ALL); | error_reporting(E_ALL); |
| 3 | 3 | ini_set("track_errors", "On"); | ini_set("track_errors", "On"); |
| 4 | //phpinfo(); | ||
| 5 | 4 | ||
| 6 | 5 | $_s = microtime(TRUE); | $_s = microtime(TRUE); |
| 7 | 6 | ||
| ... | ... | $tail .= "</html>\n"; | |
| 71 | 70 | $amenu = array( | $amenu = array( |
| 72 | 71 | "login" => array("text" => "Login"), | "login" => array("text" => "Login"), |
| 73 | 72 | "personal" => array("text" => "Personal"), | "personal" => array("text" => "Personal"), |
| 74 | "repo" => array("text" => "My repositories"), | ||
| 73 | "repo" => array("text" => "Repositories"), | ||
| 75 | 74 | "keys" => array("text" => "SSH keys"), | "keys" => array("text" => "SSH keys"), |
| 76 | 75 | "admin" => array("text" => "Admin", "needs_admin" => 1), | "admin" => array("text" => "Admin", "needs_admin" => 1), |
| 77 | 76 | "logout" => array("text" => "Logout") | "logout" => array("text" => "Logout") |
| File samples/config.php changed (mode: 100644) (index dca94e1..9c5a599) | |||
| 1 | 1 | <?php | <?php |
| 2 | // RocketGit configuration file | ||
| 3 | |||
| 2 | 4 | // Base | // Base |
| 3 | 5 | $rg_base = "/home/rocketgit"; | $rg_base = "/home/rocketgit"; |
| 4 | 6 | ||
| ... | ... | $rg_pass_key = "reigjmn9483jfisendfhwefhefhesfuhfskhjukhtw4khfwkur"; | |
| 41 | 43 | $rg_admin_name = "RocketGit Admin"; | $rg_admin_name = "RocketGit Admin"; |
| 42 | 44 | $rg_admin_email = "admin@site.tld"; | $rg_admin_email = "admin@site.tld"; |
| 43 | 45 | ||
| 46 | // Set to 1 to allow any visitor to create an account | ||
| 47 | $rg_account_allow_creation = 1; | ||
| 48 | |||
| 44 | 49 | ?> | ?> |
| File samples/rg.conf changed (mode: 100644) (index c90f9b5..8966b0e) | |||
| 28 | 28 | RewriteRule ^/\+(.*) /index.php?rewrite_engine=1&op=$1 [L,QSA] | RewriteRule ^/\+(.*) /index.php?rewrite_engine=1&op=$1 [L,QSA] |
| 29 | 29 | ||
| 30 | 30 | RewriteCond %{REQUEST_URI} ^/.+ | RewriteCond %{REQUEST_URI} ^/.+ |
| 31 | RewriteRule ^/(.+) /index.php?rewrite_engine=1&op=repopage&repo=$1 [L,QSA] | ||
| 31 | RewriteRule ^/(.+) /index.php?rewrite_engine=1&op=repopage&name=$1 [L,QSA] | ||
| 32 | 32 | ||
| 33 | 33 | # Compress | # Compress |
| 34 | 34 | AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript | AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript |
| File scripts/cron.php changed (mode: 100644) (index fd64f31..4e150a8) | |||
| ... | ... | if (date("H") == 0) { | |
| 54 | 54 | } | } |
| 55 | 55 | rg_sql_free_result($res); | rg_sql_free_result($res); |
| 56 | 56 | } | } |
| 57 | } | ||
| 58 | 57 | ||
| 59 | // TODO | ||
| 60 | //rg_log("Update user quota..."); | ||
| 58 | rg_log("Compute repository sizes per user..."); | ||
| 59 | $sql = "SELECT SUM(disk_used_mb) AS disk_used_mb, uid FROM repos" | ||
| 60 | . " GROUP BY uid"; | ||
| 61 | $res = rg_sql_query($db, $sql); | ||
| 62 | if ($res === FALSE) { | ||
| 63 | rg_log("Cannot run query (" . rg_sql_error() . ")!"); | ||
| 64 | } else { | ||
| 65 | while (($row = rg_sql_fetch_array($res))) { | ||
| 66 | $sql = "UPDATE users" | ||
| 67 | . " SET disk_space_used = " . $row['disk_space_used'] | ||
| 68 | . " WHERE uid = " . $row['uid']; | ||
| 69 | $res2 = rg_sql_query($db, $sql); | ||
| 70 | rg_sql_free_result($res2); | ||
| 71 | } | ||
| 72 | rg_sql_free_result($res); | ||
| 73 | } | ||
| 74 | } | ||
| 61 | 75 | ||
| 62 | 76 | // TODO | // TODO |
| 63 | 77 | //rg_log("Sending notifications..."); | //rg_log("Sending notifications..."); |
| ... | ... | if (date("H") == 1) { | |
| 83 | 97 | rg_sql_free_result($res); | rg_sql_free_result($res); |
| 84 | 98 | } | } |
| 85 | 99 | ||
| 86 | rg_log("Regenerate keys..."); | ||
| 87 | 100 | rg_keys_regen($db); | rg_keys_regen($db); |
| 88 | 101 | ||
| 89 | 102 | // Arhive deleted repositories | // Arhive deleted repositories |
| ... | ... | if (date("H") == 23) { | |
| 92 | 105 | } | } |
| 93 | 106 | ||
| 94 | 107 | // This has to be the last thing that touches the database | // This has to be the last thing that touches the database |
| 95 | if (date("H") == 0) { | ||
| 108 | if (date("H") == 3) { | ||
| 96 | 109 | rg_log("Run VACUUM on database..."); | rg_log("Run VACUUM on database..."); |
| 97 | 110 | $sql = "VACUUM"; | $sql = "VACUUM"; |
| 98 | 111 | $res = rg_sql_query($db, $sql); | $res = rg_sql_query($db, $sql); |
| File scripts/q.php changed (mode: 100644) (index 5ccf0c7..a39d201) | |||
| ... | ... | while ($runs-- > 0) { | |
| 53 | 53 | . " ORDER BY master"; | . " ORDER BY master"; |
| 54 | 54 | $res = rg_sql_query($db, $sql); | $res = rg_sql_query($db, $sql); |
| 55 | 55 | if ($res === FALSE) { | if ($res === FALSE) { |
| 56 | rg_log("\tCannot query!"); | ||
| 56 | rg_log("\tCannot query (" . rg_sql_error() . ")!"); | ||
| 57 | 57 | exit(1); | exit(1); |
| 58 | 58 | } | } |
| 59 | 59 | while (($row = rg_sql_fetch_array($res))) { | while (($row = rg_sql_fetch_array($res))) { |
| File tests/Makefile changed (mode: 100644) (index 6981152..d61d7fd) | |||
| ... | ... | user: | |
| 26 | 26 | ||
| 27 | 27 | git: | git: |
| 28 | 28 | php git.php | php git.php |
| 29 | |||
| 30 | .PHONY: clean | ||
| 31 | clean: | ||
| 32 | @rm -f *.log | ||
| File tests/user.php changed (mode: 100644) (index d6387be..b3cefaf) | |||
| ... | ... | if ($r === FALSE) { | |
| 27 | 27 | } | } |
| 28 | 28 | ||
| 29 | 29 | // add user | // add user |
| 30 | $r = rg_user_edit($db, 0, "userA", "rg@localhost", "pass1", 1, 100, "C", 3600); | ||
| 30 | $r = rg_user_edit($db, 0, "userA", "rg@localhost", "pass1", 1, 100, "C", 3600, ""); | ||
| 31 | 31 | if ($r !== TRUE) { | if ($r !== TRUE) { |
| 32 | 32 | echo "Cannot add user (" . rg_user_error() . ")!\n"; | echo "Cannot add user (" . rg_user_error() . ")!\n"; |
| 33 | 33 | exit(1); | exit(1); |
| ... | ... | $salt = $_ui['salt']; | |
| 49 | 49 | $pass = $_ui['pass']; | $pass = $_ui['pass']; |
| 50 | 50 | ||
| 51 | 51 | // edit user - empty pass | // edit user - empty pass |
| 52 | $r = rg_user_edit($db, $uid, "userA", "rg@localhost", "", 1, 100, "C", 3600); | ||
| 52 | $r = rg_user_edit($db, $uid, "userA", "rg@localhost", "", 1, 100, "C", 3600, ""); | ||
| 53 | 53 | if ($r !== TRUE) { | if ($r !== TRUE) { |
| 54 | 54 | echo "Cannot edit user with empty pass (" . rg_user_error() . ")!\n"; | echo "Cannot edit user with empty pass (" . rg_user_error() . ")!\n"; |
| 55 | 55 | exit(1); | exit(1); |
| ... | ... | if (strcmp($pass, $_ui['pass']) != 0) { | |
| 70 | 70 | } | } |
| 71 | 71 | ||
| 72 | 72 | // edit user - no empty pass | // edit user - no empty pass |
| 73 | $r = rg_user_edit($db, $uid, "userA", "rg@localhost", "pass2", 1, 100, "C", 3600); | ||
| 73 | $r = rg_user_edit($db, $uid, "userA", "rg@localhost", "pass2", 1, 100, "C", 3600, ""); | ||
| 74 | 74 | if ($r !== TRUE) { | if ($r !== TRUE) { |
| 75 | 75 | echo "Cannot edit user with not empty pass (" . rg_user_error() . ")!\n"; | echo "Cannot edit user with not empty pass (" . rg_user_error() . ")!\n"; |
| 76 | 76 | exit(1); | exit(1); |