xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
Commit c1778920e66c4561f63632030fff66bff71d4395

Lots of stuff.

Author: Catalin(ux) M. BOIE
Author date (UTC): 2011-06-27 17:33
Committer: Catalin(ux) M. BOIE
Commit date (UTC): 2011-06-27 19:13
Tree: 8fdf8497026db807ea576bf58b7b079c755a2e4c
Parents: 3c6df6f5a6053d322f93814b3a8ccc8555951d9f
File Lines added Lines deleted
.gitignore 6 1
Makefile.in 28 0
TODO 12 1
configure 3 0
duilder 544 0
duilder.conf 12 0
hooks/pre-commit 46 0
hooks/update 96 0
inc/admin/admin.php 1 1
inc/admin/repos/repos.php 2 1
inc/admin/users/add.php 16 3
inc/admin/users/edit.php 56 0
inc/admin/users/user.form.php 19 3
inc/admin/users/users.php 9 3
inc/db/struct.inc.php 9 2
inc/dispatch/dispatch.php 6 1
inc/git.inc.php 55 0
inc/keys/add.form.php 1 0
inc/login/login.form.php 2 0
inc/personal/pass.form.php 12 5
inc/personal/personal.php 92 0
inc/repo.inc.php 110 198
inc/repo/repo.form.php 9 1
inc/repo/repo.php 3 2
inc/repo/repo_page.php 10 4
inc/repo/rights.form.php 2 1
inc/rights.inc.php 274 0
inc/sess.inc.php 4 0
inc/token.inc.php 124 0
inc/user.inc.php 176 42
inc/user/forgot.form.php 2 1
inc/user/forgot.php 2 2
inc/util.inc.php 8 2
rocketgit.spec.in 36 0
root/index.php 4 1
samples/config.php 8 5
samples/cron 2 2
samples/rg 1 1
samples/rg.conf 2 2
scripts/cron.php 8 1
scripts/q.php 5 2
scripts/ssh.php 3 7
tests/Makefile 7 1
tests/repo.php 101 47
tests/rights.php 34 0
tests/user.php 87 4

File .gitignore changed (mode: 100644) (index cfce1ad..a303424)
1 1 *.log *.log
2
2 Changelog
3 Makefile
4 cata/
5 *.tar.gz
6 *.rpm
7 *.spec

File Makefile.in added (mode: 100644) (index 0000000..4067186)
1 export CC := gcc
2 export INCS +=
3 export LIBS +=
4
5 .PHONY: all
6 all: junk
7
8 .PHONY:
9 junk:
10 @-/bin/true
11 @echo "Done!"
12
13 .PHONY: clean
14 clean:
15 @-rm -f $(PRJ)-*.rpm $(PRJ)-*-*-*.tgz $(PRJ)-*.tar.gz
16
17 install: all
18 @mkdir -p $(I_USR_SHARE)/$(PRJ)
19 cp -vdr inc hooks root scripts $(I_USR_SHARE)/$(PRJ)
20 @mkdir -p $(I_ETC)
21 cp -vd samples/rg $(I_ETC)/xinetd.d/rocketgit
22 @mkdir -p $(I_ETC)/cron.d
23 cp -vd samples/cron $(I_ETC)/cron.d/rocketgit
24 @mkdir -p $(I_ETC)/httpd/conf.d
25 cp -vd samples/rg.conf $(I_ETC)/httpd/conf.d/rocketgit.conf
26 @mkdir -p $(I_ETC)/rocketgit
27 cp -vd samples/config.php $(I_ETC)/rocketgit/
28 cp -vd samples/config.php $(I_ETC)/rocketgit/config.php.sample

File TODO changed (mode: 100644) (index 9cb8273..15b3ab0)
2 2 [ ] Validate e-mails. [ ] Validate e-mails.
3 3 [ ] You cannot admin rights of a repository if is not yours. [ ] You cannot admin rights of a repository if is not yours.
4 4 [ ] Check XSRF attacks and other types. [ ] Check XSRF attacks and other types.
5 [ ] Edit repo (rights) does not work.
6 [ ] Shard by project name not by id!
5 7 [ ] [ ]
6 8
7 9 == Low priority == == Low priority ==
10 [ ] Make rights generic (both for repo, users etc.).
8 11 [ ] We should make a repo dirty ony if user pushed something with success. [ ] We should make a repo dirty ony if user pushed something with success.
9 12 [ ] <link rel="icon" type="image/png" id="favicon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8%2F9hAAAACGFjVEwAAAASAAAAAJNtBPIAAAAaZmNUTAAAAAAAAAAQAAAAEAAAAAAAAAAALuAD6AABhIDeugAAALhJREFUOI2Nk8sNxCAMRDlGohauXFOMpfTiAlxICqAELltHLqlgctg1InzMRhpFAc%2BLGWTnmoeZYamt78zXdZmaQtQMADlnU0OIAlbmJUBEcO4bRKQY2rUXIPmAGnDuG%2FBx3%2FfvOPVaDUg%2BoAPUf1PArIMCSD5glMEsUGaG%2BkyAFWIBaCsKuA%2BHGCNijLgP133XgOEtaPFMy2vUolEGJoCIzBmoRUR9%2B7rxj16DZaW%2FmgtmxnJ8V3oAnApQwNS5zpcAAAAaZmNUTAAAAAEAAAAQAAAAEAAAAAAAAAAAAB4D6AIB52fclgAAACpmZEFUAAAAAjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9WF%2Bu8QAAABpmY1RMAAAAAwAAABAAAAAQAAAAAAAAAAAAHgPoAgEK8Q9%2FAAAAFmZkQVQAAAAEOI1jYBgFo2AUjAIIAAAEEAAB0xIn4wAAABpmY1RMAAAABQAAABAAAAAQAAAAAAAAAAAAHgPoAgHnO30FAAAAQGZkQVQAAAAGOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVfozYcAAAABpmY1RMAAAABwAAABAAAAAQAAAAAAAAAAAAHgPoAgEKra7sAAAAFmZkQVQAAAAIOI1jYBgFo2AUjAIIAAAEEAABM9s3hAAAABpmY1RMAAAACQAAABAAAAAQAAAAAAAAAAAAHgPoAgHn3p%2BwAAAAKmZkQVQAAAAKOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F1BhPl6AAAAGmZjVEwAAAALAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQpITFkAAAAWZmRBVAAAAAw4jWNrgAWjYBSMArgAAAQQAAHaszpmAAAAGmZjVEwAAAANAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeeCPiMAAABAZmRBVAAAAA44jWNrgJ5gpxrDf2LEcIL%2FpzAVYxPDavP%2FUwz%2FpW79%2F%2F%2F%2FFMP%2FnWoQjC5GOxcgu4QYsVEwCmAAAOE0KxUmBL0KAAAAGmZjVEwAAAAPAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQoU7coAAAAWZmRBVAAAABA4jWNrgAWjYBSMArgAAAQQAAEpOBELAAAAGmZjVEwAAAARAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeYVWtoAAAAqZmRBVAAAABI4jWNrgAVYQXNz839ixHBq3qnG8B9ZAzYx2rlgFIwCcgAA8psX%2FWvpAecAAAAaZmNUTAAAABMAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC4OJMwAAABZmZEFUAAAAFDiNY2AYBaNgFIwCCAAABBAAAcBQHOkAAAAaZmNUTAAAABUAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5kn7SQAAAEBmZEFUAAAAFjiNY2AYnmCnGsN%2FYsRwgv%2BnMBVjE8Nq8%2F9TDP%2Blbv3%2F%2F%2F8Uw%2F%2BdahCMLkY7FyC7hBixUTAKYAAA4TQrFc%2BcEoQAAAAaZmNUTAAAABcAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC98ooAAAABZmZEFUAAAAGDiNY2AYBaNgFIwCCAAABBAAASCZDI4AAAAaZmNUTAAAABkAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5qwZ%2FAAAACpmZEFUAAAAGjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9cjJWbAAAABpmY1RMAAAAGwAAABAAAAAQAAAAAAAAAAAAHgPoAgELOsoVAAAAFmZkQVQAAAAcOI1jYBgFo2AUjAIIAAAEEAAByfEBbAAAABpmY1RMAAAAHQAAABAAAAAQAAAAAAAAAAAAHgPoAgHm8LhvAAAAQGZkQVQAAAAeOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVlxR3%2FgAAABpmY1RMAAAAHwAAABAAAAAQAAAAAAAAAAAAHgPoAgELZmuGAAAAFmZkQVQAAAAgOI1jYBgFo2AUjAIIAAAEEAABHP5cFQAAABpmY1RMAAAAIQAAABAAAAAQAAAAAAAAAAAAHgPoAgHlgtAOAAAAKmZkQVQAAAAiOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F0%2FMvDdAAAAAElFTkSuQmCC"/> [ ] <link rel="icon" type="image/png" id="favicon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8%2F9hAAAACGFjVEwAAAASAAAAAJNtBPIAAAAaZmNUTAAAAAAAAAAQAAAAEAAAAAAAAAAALuAD6AABhIDeugAAALhJREFUOI2Nk8sNxCAMRDlGohauXFOMpfTiAlxICqAELltHLqlgctg1InzMRhpFAc%2BLGWTnmoeZYamt78zXdZmaQtQMADlnU0OIAlbmJUBEcO4bRKQY2rUXIPmAGnDuG%2FBx3%2FfvOPVaDUg%2BoAPUf1PArIMCSD5glMEsUGaG%2BkyAFWIBaCsKuA%2BHGCNijLgP133XgOEtaPFMy2vUolEGJoCIzBmoRUR9%2B7rxj16DZaW%2FmgtmxnJ8V3oAnApQwNS5zpcAAAAaZmNUTAAAAAEAAAAQAAAAEAAAAAAAAAAAAB4D6AIB52fclgAAACpmZEFUAAAAAjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9WF%2Bu8QAAABpmY1RMAAAAAwAAABAAAAAQAAAAAAAAAAAAHgPoAgEK8Q9%2FAAAAFmZkQVQAAAAEOI1jYBgFo2AUjAIIAAAEEAAB0xIn4wAAABpmY1RMAAAABQAAABAAAAAQAAAAAAAAAAAAHgPoAgHnO30FAAAAQGZkQVQAAAAGOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVfozYcAAAABpmY1RMAAAABwAAABAAAAAQAAAAAAAAAAAAHgPoAgEKra7sAAAAFmZkQVQAAAAIOI1jYBgFo2AUjAIIAAAEEAABM9s3hAAAABpmY1RMAAAACQAAABAAAAAQAAAAAAAAAAAAHgPoAgHn3p%2BwAAAAKmZkQVQAAAAKOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F1BhPl6AAAAGmZjVEwAAAALAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQpITFkAAAAWZmRBVAAAAAw4jWNrgAWjYBSMArgAAAQQAAHaszpmAAAAGmZjVEwAAAANAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeeCPiMAAABAZmRBVAAAAA44jWNrgJ5gpxrDf2LEcIL%2FpzAVYxPDavP%2FUwz%2FpW79%2F%2F%2F%2FFMP%2FnWoQjC5GOxcgu4QYsVEwCmAAAOE0KxUmBL0KAAAAGmZjVEwAAAAPAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQoU7coAAAAWZmRBVAAAABA4jWNrgAWjYBSMArgAAAQQAAEpOBELAAAAGmZjVEwAAAARAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeYVWtoAAAAqZmRBVAAAABI4jWNrgAVYQXNz839ixHBq3qnG8B9ZAzYx2rlgFIwCcgAA8psX%2FWvpAecAAAAaZmNUTAAAABMAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC4OJMwAAABZmZEFUAAAAFDiNY2AYBaNgFIwCCAAABBAAAcBQHOkAAAAaZmNUTAAAABUAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5kn7SQAAAEBmZEFUAAAAFjiNY2AYnmCnGsN%2FYsRwgv%2BnMBVjE8Nq8%2F9TDP%2Blbv3%2F%2F%2F8Uw%2F%2BdahCMLkY7FyC7hBixUTAKYAAA4TQrFc%2BcEoQAAAAaZmNUTAAAABcAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC98ooAAAABZmZEFUAAAAGDiNY2AYBaNgFIwCCAAABBAAASCZDI4AAAAaZmNUTAAAABkAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5qwZ%2FAAAACpmZEFUAAAAGjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9cjJWbAAAABpmY1RMAAAAGwAAABAAAAAQAAAAAAAAAAAAHgPoAgELOsoVAAAAFmZkQVQAAAAcOI1jYBgFo2AUjAIIAAAEEAAByfEBbAAAABpmY1RMAAAAHQAAABAAAAAQAAAAAAAAAAAAHgPoAgHm8LhvAAAAQGZkQVQAAAAeOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVlxR3%2FgAAABpmY1RMAAAAHwAAABAAAAAQAAAAAAAAAAAAHgPoAgELZmuGAAAAFmZkQVQAAAAgOI1jYBgFo2AUjAIIAAAEEAABHP5cFQAAABpmY1RMAAAAIQAAABAAAAAQAAAAAAAAAAAAHgPoAgHlgtAOAAAAKmZkQVQAAAAiOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F0%2FMvDdAAAAAElFTkSuQmCC"/>
10 13 [ ] Add key form may be joined with list keys command! [ ] Add key form may be joined with list keys command!
 
41 44 [ ] On rocketgit website, add "Feedback" area. [ ] On rocketgit website, add "Feedback" area.
42 45 [ ] Do not forget to pack /etc/httpd/conf.d/rg.conf. [ ] Do not forget to pack /etc/httpd/conf.d/rg.conf.
43 46 [ ] Allow multiple virtual hosts, with different configurations. [ ] Allow multiple virtual hosts, with different configurations.
44 [ ]
47 [ ] session_time should be set at login time? And/or default s_t should be set from database?
48 [ ] Do not let user upload an already uploaded key.
49 [ ] Do not permit more than X auth attempts per second.
50 [ ] See HTTP Only to prevent scripts to access the session cookie.
51 [ ] Set correct group in spec file.
52 [ ] See prepare-commit-msg.sample - we can auto add a line to every commit.
53 [ ] Check http://plathrop.tertiusfamily.net/blog/2010/05/11/git-hooks-branch-acls-and-more/ to block updates that have not pull - a la SVN
54 [ ] Maybe we should mark the repository as dirty, only in the post-receive hook? Or update is the best place?
55 [ ]

File configure added (mode: 100755) (index 0000000..d33bb6c)
1 #!/bin/bash
2
3 ./duilder

File duilder added (mode: 100755) (index 0000000..62411b6)
1 #!/bin/bash
2
3 set -e
4
5 function duilder_final()
6 {
7 PRJ="${1}"
8 VER="${2}"
9 RELEASE_SCRIPT="${3}"
10
11 # Run release script
12 if [ ! -z "${RELEASE_SCRIPT}" -a -x "${RELEASE_SCRIPT}" ]; then
13 echo "Running ${RELEASE_SCRIPT}..."
14 ${RELEASE_SCRIPT}
15 fi
16 }
17
18 function duilder_docs()
19 {
20 PRJ="${1}"
21 VER="${2}"
22 EXPORT_PATH="${3}"
23
24 if [ ! -d "${EXPORT_PATH}" ]; then
25 echo "WARN: ${EXPORT_PATH} does not exists. Skipping..."
26 return
27 fi
28
29 echo "Copying docs to [${EXPORT_PATH}]..."
30 for f in README License LICENSE Changelog Changelog-last TODO FAQ INSTALL; do
31 if [ -r "${f}" ]; then
32 cp -vp "${f}" "${EXPORT_PATH}/"
33 fi
34 done
35
36 if [ -d "screenshot" ]; then
37 echo "Copying screenshots..."
38 mkdir -p "${EXPORT_PATH}"
39 cp -vp screenshot/* "${EXPORT_PATH}/"
40 fi
41 }
42
43 function duilder_git()
44 {
45 PRJ="${1}"
46 GIT_DEST="${2}"
47 EXPORT_GIT="${3}"
48 GIT_CHANGELOG="${4}"
49 GIT_PUSH="${5}"
50
51 if [ ! -x /usr/bin/git ]; then
52 echo "Warning: Git not found!"
53 exit 0
54 fi
55
56 if [ ! -d .git ]; then
57 echo "Warning: I cannot find .git directory!"
58 exit 0
59 fi
60
61 if [ "${EXPORT_GIT}" = "1" ]; then
62 echo "Generate GIT tree for HTTP transport..."
63 if [ ! -d "${GIT_DEST}/${PRJ}.git" ]; then
64 git clone --bare . "${GIT_DEST}/${PRJ}.git"
65
66 # Activate post-update hook
67 cp "${GIT_DEST}/${PRJ}.git/hooks/post-update.sample" \
68 "${GIT_DEST}/${PRJ}.git/hooks/post-update"
69 chmod a+x "${GIT_DEST}/${PRJ}.git/hooks/post-update"
70
71 # add project name and description
72 echo "${PRJ}" > "${GIT_DEST}/${PRJ}.git/description"
73
74 # allow export by git daemon?
75 #touch "${GIT_DEST}/${PRJ}.git/git-daemon-export-ok
76 else
77 # --force?
78 echo "Running git push -v --all \"${GIT_DEST}/${PRJ}.git\"..."
79 git push -v --all "${GIT_DEST}/${PRJ}.git"
80 echo "Running git push -v --tags \"${GIT_DEST}/${PRJ}.git\"..."
81 git push -v --tags "${GIT_DEST}/${PRJ}.git"
82 fi
83 (cd "${GIT_DEST}/${PRJ}.git" && git update-server-info)
84 fi
85
86 if [ "${GIT_PUSH}" = "1" ]; then
87 echo "[*] Git push..."
88 git push -v --all
89 fi
90
91 if [ "${GIT_CHANGELOG}" = "1" ]; then
92 echo "[*] Generating Changelog from git..."
93 echo -n > Changelog
94
95 # get the list of tags
96 i=0
97 number_of_tags=0
98 for tag in `git tag -l`; do
99 if [ "${tag:0:1}" != "v" ]; then
100 # skip other kind of tags beside versions
101 continue
102 fi
103
104 tags[${i}]=${tag}
105 tags_commit[${i}]=`git show-ref ${tag} | cut -d' ' -f1`
106 number_of_tags=$[${number_of_tags}+1]
107
108 i=$[${i}+1]
109 done
110
111 # get the list of commits, test if is a tag and do the diff
112 prev=""
113 add=""
114 first=1
115 git log --pretty=oneline | cut -f1 | \
116 while read commit junk; do
117 # test if it is a tag
118 tag=""
119 i=0
120 while [ "${i}" -lt "${number_of_tags}" ]; do
121 if [ "${commit}" = "${tags_commit[${i}]}" ]; then
122 tag="${tags[${i}]}"
123 break
124 fi
125
126 i=$[${i}+1]
127 done
128
129 if [ -z "${tag}" ]; then
130 continue
131 fi
132
133 if [ ! -z "${prev}" ]; then
134 echo "[*] Generating Changelog from ${tag} -> ${prev}..."
135 echo -en "${add}" >> Changelog
136 add="\n"
137 echo "[${tag} -> ${prev}]" >> Changelog
138 git shortlog ${tag}..${prev} | \
139 (IFS=""
140 while read line; do
141 echo " ${line}"
142 done) \
143 >> Changelog
144
145 if [ "${first}" = "1" ]; then
146 echo "[*] Generating Changelog-last..."
147 cp Changelog Changelog-last
148 first=0
149 fi
150 fi
151 prev=${tag}
152 done
153 fi
154 }
155
156 function duilder_srpm()
157 {
158 PRJ="${1}"
159 VER="${2}"
160 EXPORT_PATH="${3}"
161 BUILD_SRPM="${4}"
162 SRPM_DEST="${5}"
163 SRPM_POST_RUN="${6}"
164
165 P="${PRJ}-${VER}"
166
167 if [ ! -d "${EXPORT_PATH}" ]; then
168 echo "WARN: ${EXPORT_PATH} does not exists. Skipping..."
169 return
170 fi
171
172 if [ "${BUILD_SRPM}" != "1" ]; then
173 exit 0
174 fi
175
176 echo "Building SRPM..."
177 rpmbuild -ts "${P}.tar.gz"
178
179 PKG="${RPMBUILD}/SRPMS/${P}-1.src.rpm"
180
181 # Run a rpmlint on it
182 if [ -x /usr/bin/rpmlint ]; then
183 echo "[*] RPMlinting..."
184 rpmlint -iv "${PKG}" > rpmlint.out
185 fi
186
187 if [ ! -z "${SRPM_DEST}" ]; then
188 echo "Copying [${PKG}] to [${SRPM_DEST}]..."
189 cp -vp "${PKG}" "${SRPM_DEST}/"
190 fi
191
192 echo "Copying to export dir [${EXPORT_PATH}]..."
193 mkdir -p "${EXPORT_PATH}"
194 cp -vp "${PKG}" "${EXPORT_PATH}/"
195
196 if [ -x "${SRPM_POST_RUN}" ]; then
197 echo "Running post SRPM build script [${SRPM_POST_RUN}]..."
198 ${SRPM_POST_RUN} "${PKG}"
199 fi
200 }
201
202 function duilder_tar()
203 {
204 PRJ="${1}"
205 VER="${2}"
206 EXPORT_PATH="${3}"
207 EXCLUDE="${4}"
208
209 P="${PRJ}-${VER}"
210
211 if [ ! -d "${EXPORT_PATH}" ]; then
212 echo "WARN: ${EXPORT_PATH} does not exists. Skipping..."
213 return
214 fi
215
216 echo "Generating tarball [${P}.tar.gz]..."
217 ADD_EXCLUDE=""
218 if [ ! -z "${EXCLUDE}" ]; then
219 ADD_EXCLUDE="--exclude-from ${P}/${EXCLUDE}"
220 fi
221
222 (cd .. \
223 && rm -rf "${P}" \
224 && cp -a --link "${PRJ}" "${P}" \
225 && tar czf "${PRJ}/${P}.tar.gz" \
226 --exclude-vcs \
227 --exclude ${P}/Makefile \
228 ${ADD_EXCLUDE} \
229 "${P}" \
230 && rm -rf "${P}"
231 )
232
233 echo "Copying source to ${EXPORT_PATH}/..."
234 mkdir -p "${EXPORT_PATH}"
235 cp -vp "${P}.tar.gz" "${EXPORT_PATH}/"
236 }
237
238 ####################################################################
239
240 # Variables
241 if [ -d "${HOME}/rpmbuild" ]; then
242 RPMBUILD="${HOME}/rpmbuild"
243 else
244 RPMBUILD="/usr/src/redhat"
245 fi
246
247
248 if [ ! -r duilder.conf ]; then
249 echo "You must build a duilder.conf file!"
250 exit 1
251 fi
252
253 source ${PWD}/duilder.conf
254
255 # fixes
256 if [ -z "${GIT_DEST}" ]; then
257 GIT_DEST="${EXPORT_PATH}"
258 fi
259
260 if [ -z "${PRJ}" ]; then
261 echo "ERROR: PRJ= parameter is missing."
262 exit 1
263 fi
264
265 if [ -z "${VER}" ]; then
266 echo "ERROR: PRJ= parameter is missing."
267 exit 1
268 fi
269
270 if [ -z "${REV}" ]; then
271 echo "ERROR: REV= parameter is missing."
272 exit 1
273 fi
274
275 # export variables - just in case a script cares
276 export PRJ VER REV EXPORT_PATH EXPORT_GIT GIT_PUSH GIT_DEST SRPM_DEST LICENSE
277
278
279 # Multiplexer
280 if [ "${1}" = "docs" ]; then
281 shift
282 duilder_docs "$@"
283 exit $?
284 fi
285
286 if [ "${1}" = "tar" ]; then
287 shift
288 duilder_tar "$@"
289 exit $?
290 fi
291
292 if [ "${1}" = "git" ]; then
293 shift
294 duilder_git "$@"
295 exit $?
296 fi
297
298 if [ "${1}" = "srpm" ]; then
299 shift
300 duilder_srpm "$@"
301 exit $?
302 fi
303
304 if [ "${1}" = "final" ]; then
305 shift
306 duilder_final "$@"
307 exit $?
308 fi
309
310
311 ###### Main stuff
312 echo
313 echo "Duilder builder script"
314 echo "Copyright Catalin(ux) M. BOIE"
315 echo
316 echo "PRJ=${PRJ}, VER=${VER}, REV=${REV}"
317 echo "System: `uname -a`"
318
319 ETC="/etc"
320 BIN="/bin"
321 USR_BIN="/usr/bin"
322 USR_SBIN="/usr/sbin"
323 USR_INCLUDE="/usr/include"
324 USR_LIB="/usr/lib"
325 USR_SHARE="/usr/share"
326 USR_SHARE_DOC="/usr/share/doc/${PRJ}-${VER}"
327 SBIN="/usr/sbin"
328 VAR="/var"
329 VAR_LOG="/var/log/${PRJ}"
330
331 while [ "${1}" != "" ]; do
332 VAR="`echo ${1} | cut -d'=' -f1`"
333 VAL="`echo ${1} | cut -d'=' -f2`"
334 case ${VAR} in
335 --sysconfdir)
336 ETC="${VAL}"
337 ;;
338 --bindir)
339 USR_BIN="${VAL}"
340 ;;
341 --sbindir)
342 USR_SBIN="${VAL}"
343 ;;
344 --includedir)
345 USR_INCLUDE="${VAL}"
346 ;;
347 --libdir)
348 USR_LIB="${VAL}"
349 ;;
350 --localstatedir)
351 VAR="${VAL}"
352 ;;
353 --datadir)
354 USR_SHARE="${VAL}"
355 ;;
356 esac
357 shift
358 done
359
360 # Truncate future sed file
361 > tmp.sed
362
363 DB_SUPPORT=0
364
365 echo -n "Searching for PostgreSQL..."
366 set +e
367 PG_VERSION="`pg_config --version 2>/dev/null`"
368 set -e
369 if [ -z "${PG_VERSION}" ]; then
370 echo " not found."
371 PG_FOUND=0
372 else
373 echo " found version ${PG_VERSION}."
374 PG_FOUND=1
375 PG_INC="-I`pg_config --includedir`"
376 PG_LIB="-L`pg_config --libdir` -lpq"
377
378 echo "s#@PG_VERSION@#${PG_VERSION}#g" >> tmp.sed
379 echo "s#@PG_INC@#${PG_INC}#g" >> tmp.sed
380 echo "s#@PG_LIB@#${PG_LIB}#g" >> tmp.sed
381
382 DB_SUPPORT=1
383 echo "s#@DB_SUPPORT@#${DB_SUPPORT}#g" >> tmp.sed
384 fi
385 echo "s#@PG_FOUND@#${PG_FOUND}#g" >> tmp.sed
386
387
388 echo -n "Searching for MySQL..."
389 set +e
390 MYSQL_VERSION="`mysql_config --version 2>/dev/null`"
391 set -e
392 if [ -z "${MYSQL_VERSION}" ]; then
393 echo " not found."
394 MYSQL_FOUND=0
395 else
396 echo " found version ${MYSQL_VERSION}."
397 MYSQL_FOUND=1
398 MYSQL_INC="`mysql_config --include`"
399 MYSQL_LIB="`mysql_config --libs`"
400
401 echo "s#@MYSQL_VERSION@#${MYSQL_VERSION}#g" >> tmp.sed
402 echo "s#@MYSQL_INC@#${MYSQL_INC}#g" >> tmp.sed
403 echo "s#@MYSQL_LIB@#${MYSQL_LIB}#g" >> tmp.sed
404
405 DB_SUPPORT=1
406 echo "s#@DB_SUPPORT@#${DB_SUPPORT}#g" >> tmp.sed
407 fi
408 echo "s#@MYSQL_FOUND@#${MYSQL_FOUND}#g" >> tmp.sed
409
410 echo -n "Searching for poll..."
411 set +e
412 echo -e "#include <poll.h> \n int main(void) { return poll(0, 0, 0); }" | gcc -x c -pipe - -o /dev/null 2>/dev/null
413 E="${?}"
414 set -e
415 if [ "${E}" != "0" ]; then
416 echo " not found."
417 echo "s#@POLL_FOUND@#0#g" >> tmp.sed
418 else
419 echo " found."
420 echo "s#@POLL_FOUND@#1#g" >> tmp.sed
421 fi
422
423 echo -n "Searching for epoll..."
424 set +e
425 echo -e "#include <sys/epoll.h> \n int main(void) { return epoll_create(64); }" | gcc -x c -pipe - -o /dev/null 2>/dev/null
426 E="${?}"
427 set -e
428 if [ "${E}" != "0" ]; then
429 echo " not found."
430 echo "s#@EPOLL_FOUND@#0#g" >> tmp.sed
431 else
432 echo " found."
433 echo "s#@EPOLL_FOUND@#1#g" >> tmp.sed
434 fi
435
436 echo -n "Searching for ncurses..."
437 set +e
438 echo -e "#include <ncurses.h> \n int main(void) { initscr(); return 0; }" | gcc -x c -pipe - -o /dev/null -lncurses 2>/dev/null
439 E="${?}"
440 set -e
441 if [ "${E}" != "0" ]; then
442 echo " not found."
443 echo "s#@NCURSES_FOUND@#0#g" >> tmp.sed
444 else
445 echo " found."
446 echo "s#@NCURSES_FOUND@#1#g" >> tmp.sed
447 fi
448
449 # generic stuff
450 echo "s#@PRJ@#${PRJ}#g" >> tmp.sed
451 echo "s#@VER@#${VER}#g" >> tmp.sed
452 echo "s#@REV@#${REV}#g" >> tmp.sed
453 echo "s#@ETC@#${ETC}#g" >> tmp.sed
454 echo "s#@BIN@#${BIN}#g" >> tmp.sed
455 echo "s#@USR_BIN@#${USR_BIN}#g" >> tmp.sed
456 echo "s#@SBIN@#${SBIN}#g" >> tmp.sed
457 echo "s#@USR_SBIN@#${USR_SBIN}#g" >> tmp.sed
458 echo "s#@VAR@#${VAR}#g" >> tmp.sed
459 echo "s#@VAR_LOG@#${VAR_LOG}#g" >> tmp.sed
460 echo "s#@USR_INCLUDE@#${USR_INCLUDE}#g" >> tmp.sed
461 echo "s#@USR_INC@#${USR_INCLUDE}#g" >> tmp.sed
462 echo "s#@USR_LIB@#${USR_LIB}#g" >> tmp.sed
463 echo "s#@USR_SHARE@#${USR_SHARE}#g" >> tmp.sed
464 echo "s#@USR_SHARE_DOC@#${USR_SHARE_DOC}#g" >> tmp.sed
465 # Export stuff
466 echo "s#@EXPORT_PATH@#${EXPORT_PATH}#g" >> tmp.sed
467
468
469
470 if [ -r Makefile.in ]; then
471 echo "Building Makefile..."
472 echo -n > Makefile
473 echo "# duilder header starts #" >> Makefile
474 echo "export PRJ := ${PRJ}" >> Makefile
475 echo "export VER := ${VER}" >> Makefile
476 echo "export REV := ${REV}" >> Makefile
477 echo "export DESTDIR" >> Makefile
478 echo >> Makefile
479 echo "export I_ETC := \$(DESTDIR)${ETC}" >> Makefile
480 echo "export I_BIN := \$(DESTDIR)${BIN}" >> Makefile
481 echo "export I_SBIN := \$(DESTDIR)${SBIN}" >> Makefile
482 echo "export I_USR_BIN := \$(DESTDIR)${USR_BIN}" >> Makefile
483 echo "export I_USR_SBIN := \$(DESTDIR)${USR_SBIN}" >> Makefile
484 echo "export I_USR_INCLUDE := \$(DESTDIR)${USR_INCLUDE}" >> Makefile
485 echo "export I_USR_INC := \$(DESTDIR)${USR_INCLUDE}" >> Makefile
486 echo "export I_USR_SHARE := \$(DESTDIR)${USR_SHARE}" >> Makefile
487 echo "export I_USR_SHARE_DOC := \$(DESTDIR)${USR_SHARE_DOC}" >> Makefile
488 echo "export I_USR_LIB := \$(DESTDIR)${USR_LIB}" >> Makefile
489 echo "export I_LIB := \$(DESTDIR)${USR_LIB}" >> Makefile
490 echo "export I_VAR := \$(DESTDIR)${VAR}" >> Makefile
491 echo "export I_VAR_LOG := \$(DESTDIR)${VAR_LOG}" >> Makefile
492 echo >> Makefile
493 echo "# DB stuff" >> Makefile
494 echo "export DB_SUPPORT := ${DB_SUPPORT}" >> Makefile
495 echo "# PG" >> Makefile
496 echo "export PG_FOUND := ${PG_FOUND}" >> Makefile
497 echo "export PG_INC := ${PG_INC}" >> Makefile
498 echo "export PG_LIB := ${PG_LIB}" >> Makefile
499 echo "# MySQL" >> Makefile
500 echo "export MYSQL_FOUND := ${MYSQL_FOUND}" >> Makefile
501 echo "export MYSQL_INC := ${MYSQL_INC}" >> Makefile
502 echo "export MYSQL_LIB := ${MYSQL_LIB}" >> Makefile
503 echo >> Makefile
504 echo "# duilder header ends #" >> Makefile
505 echo >> Makefile
506
507 sed -f tmp.sed Makefile.in >> Makefile
508
509 echo >> Makefile
510 echo "# duilder tail starts #" >> Makefile
511 echo >> Makefile
512 echo "# This is to allow exporting only the git tree" >> Makefile
513 echo "dist_git:" >> Makefile
514 echo " @./duilder git \"\$(PRJ)\" \"${GIT_DEST}\" \"${EXPORT_GIT}\" \"${EXPORT_PATH}\" \"${GIT_CHANGELOG}\"" >> Makefile
515 echo >> Makefile
516 echo ".PHONY: dist" >> Makefile
517 echo "dist: clean" >> Makefile
518 echo " @./duilder git \"\$(PRJ)\" \"${GIT_DEST}\" \"${EXPORT_GIT}\" \"${GIT_CHANGELOG}\"" \"${GIT_PUSH}\" >> Makefile
519 echo " @./duilder tar \"\$(PRJ)\" \"\$(VER)\" \"${EXPORT_PATH}\" \"${EXCLUDE}\"" >> Makefile
520 echo " @./duilder srpm \"\$(PRJ)\" \"\$(VER)\" \"${EXPORT_PATH}\" \"${BUILD_SRPM}\" \"${SRPM_DEST}\" \"${SRPM_POST_RUN}\"" >> Makefile
521 echo " @./duilder docs \"\$(PRJ)\" \"\$(VER)\" \"${EXPORT_PATH}\"" >> Makefile
522 echo " @./duilder final \"\$(PRJ)\" \"\$(VER)\" \"${RELEASE_SCRIPT}\"" >> Makefile
523 echo " @rm -f \"\$(PRJ)-\$(VER).tar.gz\"" >> Makefile
524 echo >> Makefile
525 fi
526
527 if [ -r "${PRJ}.spec.in" ]; then
528 echo "Generate .spec file..."
529 sed -f tmp.sed ${PRJ}.spec.in > ${PRJ}.spec
530 fi
531
532 if [ ! -z "${CONFIG_H}" ]; then
533 echo "Generating ${CONFIG_H} file..."
534 sed -f tmp.sed ${CONFIG_H}.in > ${CONFIG_H}
535 fi
536
537 rm -f tmp.sed
538
539 if [ "`basename ${0}`" = "duilderx" ]; then
540 echo "Clone myself to destination as 'duilder'..."
541 cp -vpf "${0}" ${PWD}/duilder
542 fi
543
544 echo "Done. Run make."

File duilder.conf added (mode: 100644) (index 0000000..aefe13c)
1 PRJ="rocketgit"
2 VER="0.1"
3 REV="1"
4 EXCLUDE=""
5 EXPORT_PATH="/data/www/umbrella/kernel/us/rocketgit"
6 EXPORT_GIT="0"
7 GIT_CHANGELOG="1"
8 BUILD_SRPM="1"
9 SRPM_DEST="../dinorepo/fedora/SRPMS"
10 BUILD_TGZ="1"
11 BUILD_DEB="1"
12 RELEASE_SCRIPT="/usr/local/bin/duilder_release"

File hooks/pre-commit added (mode: 100755) (index 0000000..b599393)
1 #!/usr/bin/php
2 <?php
3 // This is called by 'pre-commit' hook
4 // Inspired by pre-commit.sample in git package
5 error_reporting(E_ALL);
6 ini_set("track_errors", "On");
7
8 $_start = microtime(TRUE);
9
10 require_once("/etc/rg/config.php");
11
12 $INC = dirname(__FILE__) . "/../inc";
13 require_once($INC . "/util.inc.php");
14 require_once($INC . "/log.inc.php");
15 require_once($INC . "/db.inc.php");
16 require_once($INC . "/repo.inc.php");
17
18 rg_log_set_file("/tmp/rg_hook_pre-commit.log");
19
20 rg_log("Start: euid=" . posix_geteuid() . "...");
21 rg_log("_SERVER: " . print_r($_SERVER, TRUE));
22
23 umask(0022);
24
25 $against =
26 if (rg_git_ref_ok("HEAD"))
27 $against = "HEAD";
28 else
29 $against = $rg_repo_empty;
30
31 // TODO: Here we can deny non ascii file names
32 // git diff --cached --name-only --diff-filter=A -z $against | LC_ALL=C tr -d '[ -~]\0')
33
34 $diff = sprintf("%u", (microtime(TRUE) - $_start) * 1000);
35 rg_log("Took " . $diff . "ms.");
36
37 @file_put_contents($repo_path . "/rg/hook-pre-commit",
38 "repo: " . $repo . " ($repo_path)"
39 . "\nat: " . sprintf("%u", $_start)
40 . "\nuid: " . $uid
41 . "\ncmd: against=$against"
42 . "\nTook: " . $diff . "ms");
43
44 // Mark repository dirty for disk statistics and other stuff
45 @file_put_contents($rg_path . "/dirty", "");
46 ?>

File hooks/update added (mode: 100755) (index 0000000..95e40c6)
1 #!/usr/bin/php
2 <?php
3 // This is called by 'update' hook
4 // Inspired by upate.sample in git package
5 error_reporting(E_ALL);
6 ini_set("track_errors", "On");
7
8 $_start = microtime(TRUE);
9
10 require_once("/etc/rg/config.php");
11
12 $INC = dirname(__FILE__) . "/../inc";
13 require_once($INC . "/util.inc.php");
14 require_once($INC . "/log.inc.php");
15 require_once($INC . "/db.inc.php");
16 require_once($INC . "/repo.inc.php");
17
18 rg_log_set_file("/tmp/rg_hook_update.log");
19
20 rg_log("Start: euid=" . posix_geteuid() . "...");
21 rg_log("_SERVER: " . print_r($_SERVER, TRUE));
22
23 umask(0022);
24
25 $refname = rg_git_ref(@$_SERVER['argv'][1]);
26 $old_rev = rg_git_ref(@$_SERVER['argv'][2]);
27 $new_rev = rg_git_ref(@$_SERVER['argv'][3]);
28 rg_log("refname=$refname old_rev=$old_rev new_rev=$new_rev.");
29
30 if ((empty($refname) || empty($old_rev) || empty($new_rev)) {
31 echo "rg: Invalid parameters!\n";
32 exit(1);
33 }
34
35 if (strcmp($rg_repo_zero, $new_rev) == 0)
36 $new_rev_type = "delete";
37 else
38 $new_rev_type = rg_git_type($new_rev);
39 rg_log("new_reg_type=$new_reg_type.");
40
41 if (strcmp($new_rev_type, "commit") == 0) {
42 if (strncmp($refname, "refs/tags/", 10) == 0) {
43 // This is an not annoted tag - we can reject it
44 rg_log("Un-annotated tag...");
45 }
46
47 if (strncmp($refname, "refs/heads/", 11) == 0) {
48 if (strcmp($old_rev, $rg_repo_zero) == 0) {
49 rg_log("Creating a branch...");
50 }
51
52 if (rg_git_ref_ok($new_ref . "^2")) {
53 rg_log("Merge commit...");
54 }
55
56 if (rg_git_bad_whitespace($old_ref, $new_ref)) {
57 rg_log("Bad whitespace...");
58 }
59 }
60
61 // refs/remotes/*
62 } else if (strcmp($new_rev_type, "delete") == 0) {
63 if (strncmp($refname, "refs/tags/", 10) == 0) {
64 rg_log("Deleting a tag...");
65 }
66
67 if (strncmp($refname, "refs/heads/", 11) == 0) {
68 rg_log("Deleting a branch...");
69 }
70
71 if (strncmp($refname, "refs/remotes/", 13) == 0) {
72 rg_log("Deleting a tracking branch...");
73 }
74 } else if (strcmp($new_rev_type, "tag") == 0) {
75 if (strncmp($refname, "refs/tags/", 10) == 0) {
76 rg_log("Modify tag...");
77 }
78 } else {
79 echo "rg: Invalid new rev type!\n";
80 exit(1);
81 }
82
83
84 $diff = sprintf("%u", (microtime(TRUE) - $_start) * 1000);
85 rg_log("Took " . $diff . "ms.");
86
87 @file_put_contents($repo_path . "/rg/hook-update",
88 "repo: " . $repo . " ($repo_path)"
89 . "\nat: " . sprintf("%u", $_start)
90 . "\nuid: " . $uid
91 . "\ncmd: $refname $old_ref $new_ref"
92 . "\nTook: " . $diff . "ms");
93
94 // Mark repository dirty for disk statistics and other stuff
95 @file_put_contents($rg_path . "/dirty", "");
96 ?>

File inc/admin/admin.php changed (mode: 100644) (index d4b0c70..5c628e7)
1 1 <?php <?php
2 rg_log("/inc/admin");
2 rg_log("/inc/admin/admin");
3 3
4 4 $_admin = ""; $_admin = "";
5 5

File inc/admin/repos/repos.php changed (mode: 100644) (index 980e841..b28755a)
... ... $_admin_repos_body = "";
16 16 switch ($subsubop) { switch ($subsubop) {
17 17 case 1: // list case 1: // list
18 18 $_uid = 0; $_uid = 0;
19 $_admin_repos_body .= rg_repo_list($db, $_admin_repos_url . "&amp;subsubop=$subsubop", $_uid);
19 $_admin_repos_body .= rg_repo_list($db,
20 $_admin_repos_url . "&amp;subsubop=$subsubop", $_uid);
20 21 break; break;
21 22 } }
22 23

File inc/admin/users/add.php changed (mode: 100644) (index 1bad4b9..2619c7b)
1 1 <?php <?php
2 rg_log("/admin/users/add");
2 rg_log("/inc/admin/users/add");
3 3
4 4 $_user_add = ""; $_user_add = "";
5 5
6 6 if ($doit == 1) { if ($doit == 1) {
7 if (!rg_token_valid($db, $sid, $token)) {
8 $_user_add .= "Invalid token. Try again.";
9 return;
10 }
11
7 12 $xuser = rg_var_str("xuser"); $xuser = rg_var_str("xuser");
8 13 $email = rg_var_str("email"); $email = rg_var_str("email");
9 14 $xpass = rg_var_str("xpass"); $xpass = rg_var_str("xpass");
10 15 $is_admin = rg_var_uint("is_admin"); $is_admin = rg_var_uint("is_admin");
16 $disk_quota_mb = rg_var_uint("disk_quota_mb");
17 $rights = @rg_rights_a2s($_REQUEST['rights']);
11 18
12 19 $_ui = rg_user_info($db, 0, $xuser, ""); $_ui = rg_user_info($db, 0, $xuser, "");
13 20 if ($_ui['ok'] == 0) { if ($_ui['ok'] == 0) {
14 21 $_user_add .= "Error: Internal error!"; $_user_add .= "Error: Internal error!";
15 22 } else if ($_ui['exists'] == 0) { } else if ($_ui['exists'] == 0) {
16 if (rg_user_add($db, $xuser, $xpass, $email, $is_admin)) {
23 if (rg_user_edit($db, 0, $xuser, $email, $xpass, $is_admin,
24 $disk_quota_mb, $rights)) {
17 25 $_user_add .= "OK!<br />"; $_user_add .= "OK!<br />";
18 26 } }
19 27 } else { } else {
 
... ... if ($doit == 1) {
24 32 $xuser = ""; $xuser = "";
25 33 $email = ""; $email = "";
26 34 $xpass = ""; $xpass = "";
35 $is_admin = 0;
36 $disk_quota_mb = 0;
37 $rights = "";
27 38 } }
28 39
29 include($INC . "/admin/users/add.form.php");
40 $uid = 0;
41
42 include($INC . "/admin/users/user.form.php");
30 43 $_user_add .= $_form; $_user_add .= $_form;
31 44
32 45 ?> ?>

File inc/admin/users/edit.php added (mode: 100644) (index 0000000..40ab930)
1 <?php
2 rg_log("/inc/admin/users/edit");
3
4 $uid = rg_var_str("uid");
5
6 $_user_edit = "";
7
8 if ($doit == 1) {
9 // TODO: Check if user has the right to edit this info!
10 if (!rg_token_valid($db, $sid, $token)) {
11 $_user_edit .= "Invalid token. Try again.";
12 return;
13 }
14
15 $xuser = rg_var_str("xuser");
16 $email = rg_var_str("email");
17 $xpass = rg_var_str("xpass");
18 $is_admin = rg_var_uint("is_admin");
19 $disk_quota_mb = rg_var_uint("disk_quota_mb");
20 $rights = @rg_rights_a2s($_REQUEST['rights']);
21
22 $_ui = rg_user_info($db, 0, $xuser, "");
23 if ($_ui['ok'] == 0) {
24 $_user_edit .= "Error: Internal error!";
25 } else if ($_ui['exists'] == 0) {
26 rg_log("User does not exists!");
27 $_user_edit .= "Error: User does not exists!";
28 } else {
29 if (rg_user_edit($db, $uid, $xuser, $email, $xpass,
30 $is_admin, $disk_quota_mb, $rights)) {
31 $_user_edit .= "OK!<br />";
32 }
33 }
34 } else {
35 // TODO: Check if user has the right to edit this info!
36
37 $_ui = rg_user_info($db, $uid, "", "");
38 if ($_ui['ok'] == 0) {
39 $_user_edit .= "Error: Internal error!";
40 } else if ($_ui['exists'] == 0) {
41 $_user_edit .= "User does not exists!<br />";
42 } else {
43 $xuser = $_ui['user'];
44 $email = $_ui['email'];
45 $xpass = "";
46 $is_admin = $_ui['is_admin'];
47 $disk_quota_mb = $_ui['disk_quota_mb'];
48 $rights = $_ui['rights'];
49 $session_time = $_ui['session_time'];
50 }
51 }
52
53 include($INC . "/admin/users/user.form.php");
54 $_user_edit .= $_form;
55
56 ?>

File inc/admin/users/user.form.php renamed from inc/admin/users/add.form.php (similarity 67%) (mode: 100644) (index d74db8f..b973195)
... ... $_form = '
6 6 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
7 7 <input type="hidden" name="subsubop" value="' . $subsubop . '"> <input type="hidden" name="subsubop" value="' . $subsubop . '">
8 8 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
9 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
10 <input type="hidden" name="uid" value="' . $uid . '">
9 11
10 12 <table> <table>
11 13 <tr> <tr>
 
... ... $_form = '
22 24 <td>Password:</td> <td>Password:</td>
23 25 <td><input type="password" name="xpass" value="' . $xpass . '"/></td> <td><input type="password" name="xpass" value="' . $xpass . '"/></td>
24 26 </tr> </tr>
27 ';
25 28
29 if ($rg_ui['is_admin'] == 1) {
30 $_form .= '
26 31 <tr> <tr>
27 32 <td>Admin?</td> <td>Admin?</td>
28 33 <td> <td>
 
... ... $_form = '
34 39 </tr> </tr>
35 40
36 41 <tr> <tr>
42 <td>Disk quota (MiB):</td>
43 <td><input type="text" name="disk_quota_mb" value="' . $disk_quota_mb . '"/></td>
44 </tr>
45
46 <tr>
47 <td>Rights:</td>
48 <td>' . rg_rights_checkboxes("user", $rights) . '</td>
49 </tr>
50 ';
51 }
52
53 $_form .= '
54 <tr>
37 55 <td colspan="2"><input type="submit" value="Go!"/></td> <td colspan="2"><input type="submit" value="Go!"/></td>
38 56 </tr> </tr>
39 57 </table> </table>
40 58 </form> </form>
41 59 '; ';
42
43
44 ?>
60 ?>

File inc/admin/users/users.php changed (mode: 100644) (index 23e12c3..15b8f60)
1 1 <?php <?php
2 rg_log("/inc/admin/users");
2 rg_log("/inc/admin/users/users");
3 3
4 4
5 5 // menu // menu
 
... ... $_admin_users_body = "";
15 15
16 16 switch ($subsubop) { switch ($subsubop) {
17 17 case 1: // list case 1: // list
18 $_admin_users_body .= rg_user_list($db, $_admin_users_url . "&amp;subsubop=$subsubop");
18 $_admin_users_body .= rg_user_list($db, $_admin_users_url);
19 19 break; break;
20 20
21 case 2: //add
21 case 2: // add
22 22 include($INC . "/admin/users/add.php"); include($INC . "/admin/users/add.php");
23 23 $_admin_users_body .= $_user_add; $_admin_users_body .= $_user_add;
24 break;
25
26 case 3: // edit
27 include($INC . "/admin/users/edit.php");
28 $_admin_users_body .= $_user_edit;
29 break;
24 30 } }
25 31
26 32 $_admin_users = $_admin_users_menu . $_admin_users_body; $_admin_users = $_admin_users_menu . $_admin_users_body;

File inc/db/struct.inc.php changed (mode: 100644) (index 8fbc9fd..dc1d75a)
... ... $rg_db_struct[0] = array(
16 16 . ", git_dir_done INTEGER" . ", git_dir_done INTEGER"
17 17 . ", default_rights TEXT" . ", default_rights TEXT"
18 18 . ", deleted INTEGER" . ", deleted INTEGER"
19 . ", max_users INTEGER"
19 20 . ")", . ")",
20 "repo_rights" => "CREATE TABLE repo_rights"
21 . " (repo_id INTEGER"
21 "rights" => "CREATE TABLE rights"
22 . " (type TEXT"
23 . ", obj_id INTEGER"
22 24 . ", uid INTEGER" . ", uid INTEGER"
23 25 . ", rights TEXT" . ", rights TEXT"
24 26 . ", itime INTEGER)", . ", itime INTEGER)",
 
... ... $rg_db_struct[0] = array(
43 45 . ", is_admin INTEGER" . ", is_admin INTEGER"
44 46 . ", disk_quota_mb INTEGER" . ", disk_quota_mb INTEGER"
45 47 . ", disk_mb INTEGER" . ", disk_mb INTEGER"
48 . ", rights TEXT"
46 49 . ")", . ")",
47 50 "sess" => "CREATE TABLE sess" "sess" => "CREATE TABLE sess"
48 51 . " (sid TEXT PRIMARY KEY" . " (sid TEXT PRIMARY KEY"
 
... ... $rg_db_struct[0] = array(
53 56 "forgot_pass" => "CREATE TABLE forgot_pass" "forgot_pass" => "CREATE TABLE forgot_pass"
54 57 . " (token TEXT PRIMARY KEY" . " (token TEXT PRIMARY KEY"
55 58 . ", uid INTEGER" . ", uid INTEGER"
59 . ", expire INTEGER)",
60 "tokens" => "CREATE TABLE tokens"
61 . " (token TEXT PRIMARY KEY"
62 . ", sid TEXT"
56 63 . ", expire INTEGER)" . ", expire INTEGER)"
57 64 ); );
58 65

File inc/dispatch/dispatch.php changed (mode: 100644) (index f21d460..b369a1f)
1 1 <?php <?php
2 rg_log("/dispatch/dispatch.php");
2 rg_log("/inc/dispatch/dispatch");
3 3
4 4 $new_op = ""; $new_op = "";
5 5
 
... ... case 'bye':
56 56 include($INC . "/bye/bye.php"); include($INC . "/bye/bye.php");
57 57 $body .= $_bye; $body .= $_bye;
58 58 break; break;
59
60 case 'personal':
61 include($INC . "/personal/personal.php");
62 $body .= $_personal;
63 break;
59 64 } }
60 65
61 66 $op = $new_op; $op = $new_op;

File inc/git.inc.php changed (mode: 100644) (index aa6e299..e711d13)
... ... function rg_git_clone($src, $dst)
99 99 return TRUE; return TRUE;
100 100 } }
101 101
102 /*
103 * Returns type for an object
104 */
105 function rg_git_type($obj)
106 {
107 $cmd = "git cat-file -t '" . escapeshellcmd($obj) . "'";
108 rg_log("\texec $cmd...");
109 $a = exec($cmd, $output, $err);
110 if ($err != 0) {
111 rg_log("\tError $err (" . implode("|", $output) . " ($a)!");
112 return FALSE;
113 }
114
115 return $a;
116 }
117
118 /*
119 * Corrects a ref
120 */
121 function rg_git_ref($s)
122 {
123 return preg_replace("/[^a-zA-Z0-9^~]/", "", $s);
124 }
125
126 // Check a ref if is OK
127 // TODO: Unit testing
128 function rg_git_ref_ok($ref)
129 {
130 $cmd = "git rev-parse --verify --quiet " . escapeshellcmd($ref);
131 rg_log("\texec $cmd...");
132 $a = exec($cmd, $output, $err);
133 if ($err != 0) {
134 rg_log("\tError $err (" . implode("|", $output) . " ($a)!");
135 return FALSE;
136 }
137
138 return TRUE;
139 }
140
141 // returns TRUE if bad whitespace detected
142 // TODO: Unit testing
143 function rg_git_bad_whitespace($old, $new)
144 {
145 $cmd = "git diff --check --quiet " . escapeshellcmd($old) . " "
146 . escapeshellcmd($new);
147 rg_log("\texec $cmd...");
148 $a = exec($cmd, $output, $err);
149 if ($err != 0) {
150 rg_log("\tError $err (" . implode("|", $output) . " ($a)!");
151 return FALSE;
152 }
153
154 return TRUE;
155 }
156
102 157 ?> ?>

File inc/keys/add.form.php changed (mode: 100644) (index 641cf91..a5cd233)
... ... $_form = '
5 5 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
6 6 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
7 7 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
8 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
8 9
9 10 <table> <table>
10 11 <td>Key (starts with ssh-...):</td> <td>Key (starts with ssh-...):</td>

File inc/login/login.form.php changed (mode: 100644) (index 29827c0..fb7b17c)
... ... $_form .= '
8 8 <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
9 9 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
10 10 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
11 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
11 12
12 13 User: <input type="text" name="user" value="' . $user . '"><br /> User: <input type="text" name="user" value="' . $user . '"><br />
13 14 Password: <input type="password" name="pass" value="' . $pass . '"><br /> Password: <input type="password" name="pass" value="' . $pass . '"><br />
 
... ... Forgot your password?
19 20 <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
20 21 <input type="hidden" name="op" value="forgotmail"> <input type="hidden" name="op" value="forgotmail">
21 22 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
23 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
22 24
23 25 E-mail: <input type="text" name="email" value=""><br /> E-mail: <input type="text" name="email" value=""><br />
24 26 <input type="submit" value="Recover password"> <input type="submit" value="Recover password">

File inc/personal/pass.form.php copied from file inc/user/forgot.form.php (similarity 59%) (mode: 100644) (index e70b08a..697b24c)
1 1 <?php <?php
2 2
3 $_forgot_form = "";
3 $_chpass_form = "";
4 4
5 if (!empty($error))
6 $_forgot_form .= "<font color=red>$error</font><br />\n";
5 if (count($error) > 0)
6 $_chpass_form .= "<font color=red>" . implode("<br />\n", $error) . "</font><br />\n";
7 7
8 $_forgot_form .= '
8 $_chpass_form .= '
9 9 <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
10 10 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
11 <input type="hidden" name="token" value="' . rg_var_str("token") . '">
12 11 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
12 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
13 13
14 14 <table> <table>
15 15 <tr> <tr>
16 <td>Old password:</td>
17 <td>
18 <input type="password" name="old_pass" value=""><br />
19 </td>
20 </tr>
21
22 <tr>
16 23 <td>New password:</td> <td>New password:</td>
17 24 <td> <td>
18 25 <input type="password" name="pass1" value=""><br /> <input type="password" name="pass1" value=""><br />

File inc/personal/personal.php added (mode: 100644) (index 0000000..5a80ef1)
1 <?php
2 rg_log("/inc/personal/personal");
3
4 $_personal = "";
5
6 if ($rg_ui['uid'] == 0) {
7 $_personal .= "You do not have access here!";
8 return;
9 }
10
11 // menu
12 $_url = rg_re_url($op);
13 $_menu = "";
14 $_menu .= "[<a href=\"$_url&amp;subop=1\">Edit info</a>]";
15 $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">Change pass</a>]";
16 $_menu .= "<br />\n";
17 $_menu .= "<br />\n";
18
19 $_body = "";
20
21 switch ($subop) {
22 case 1: // edit info
23 $uid = $rg_ui['uid'];
24
25 if ($doit == 1) {
26 // TODO: Check if user has the right to edit this info!
27 if (!rg_token_valid($db, $sid, $token)) {
28 $_body .= "Invalid token. Try again.";
29 return;
30 }
31
32 $xuser = rg_var_str("xuser");
33 $email = rg_var_str("email");
34 $xpass = rg_var_str("xpass");
35 $is_admin = $rg_ui['is_admin']; // TODO: doesn't seems too elegant
36 $disk_quota_mb = $rg_ui['disk_quota_mb'];
37 $rights = $rg_ui['rights'];
38
39 if (rg_user_edit($db, $rg_ui['uid'], $xuser, $email, $xpass,
40 $is_admin, $disk_quota_mb, $rights)) {
41 $_body .= "OK!<br />";
42 }
43 } else {
44 // TODO: Check if user has the right to edit this info!
45
46 $xuser = $rg_ui['user'];
47 $email = $rg_ui['email'];
48 $xpass = "";
49 $session_time = $rg_ui['session_time'];
50 }
51
52 include($INC . "/admin/users/user.form.php");
53 $_body .= $_form;
54 break;
55
56 case 2: // change password
57 $error = array();
58 if ($doit == 1) {
59 $old_pass = rg_var_str("old_pass");
60 $pass1 = rg_var_str("pass1");
61 $pass2 = rg_var_str("pass2");
62
63 while (1) {
64 if (!rg_token_valid($db, $sid, $token)) {
65 $error[] = "Invalid token. Try again.";
66 break;
67 }
68
69 if (!rg_user_pass_valid($db, $rg_ui['uid'], $old_pass)) {
70 $error[] = "Old password is invalid!";
71 break;
72 }
73
74 if (strcmp($pass1, $pass2) != 0) {
75 $error[] = "Passwords does not match!";
76 break;
77 }
78
79 if (!rg_user_set_pass($db, $rg_ui['uid'], $pass1)) {
80 $error[] = rg_user_error();
81 break;
82 }
83 }
84 }
85
86 include($INC . "/personal/pass.form.php");
87 $_body .= $_chpass_form;
88 break;
89 }
90
91 $_personal .= $_menu . $_body;
92 ?>

File inc/repo.inc.php changed (mode: 100644) (index 92959fc..e07ec4c)
... ... require_once($INC . "/log.inc.php");
4 4 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
5 5 require_once($INC . "/user.inc.php"); require_once($INC . "/user.inc.php");
6 6 require_once($INC . "/git.inc.php"); require_once($INC . "/git.inc.php");
7 require_once($INC . "/rights.inc.php");
8
9 $rg_repo_zero = "0000000000000000000000000000000000000000";
10 $rg_repo_empty = "4b825dc642cb6eb9a060e54bf8d69288fbee4904";
7 11
8 12 $rg_repo_error = ""; $rg_repo_error = "";
9 13
10 $rg_repo_rights = array("A" => "Admin",
11 "F" => "Fetch",
12 "P" => "Push",
13 "D" => "Delete branch");
14 $rg_repo_rights = array(
15 "A" => "Admin",
16 "F" => "Fetch",
17 "P" => "Push",
18 "D" => "Delete branch",
19 "t" => "Delete tag",
20 "T" => "Modify tag",
21 "C" => "Create branch"
22 );
23
24 rg_rights_register("repo", $rg_repo_rights);
25
14 26
15 27 function rg_repo_set_error($str) function rg_repo_set_error($str)
16 28 { {
 
... ... function rg_repo_ok($repo)
34 46 global $rg_repo_allow; global $rg_repo_allow;
35 47 global $rg_repo_max_len; global $rg_repo_max_len;
36 48
49 if (empty($repo)) {
50 rg_repo_set_error("Invalid repository name (empty)");
51 return FALSE;
52 }
53
37 54 if (rg_chars_allow($repo, $rg_repo_allow) === FALSE) { if (rg_chars_allow($repo, $rg_repo_allow) === FALSE) {
38 rg_repo_set_error("Invalid repository name");
55 rg_repo_set_error("Invalid repository name (invalid chars)");
39 56 return FALSE; return FALSE;
40 57 } }
41 58
42 if (preg_match('/\.\./', $repo)) {
43 rg_repo_set_error("Invalid repository name");
59 if (preg_match('/\.\./', $repo) > 0) {
60 rg_repo_set_error("Invalid repository name (..)");
44 61 return FALSE; return FALSE;
45 62 } }
46 63
 
... ... function rg_repo_ok($repo)
53 70 } }
54 71
55 72 /* /*
56 * Returns the path to a repository based on repo_id
73 * Returns the path to a repository based on name
57 74 */ */
58 function rg_repo_id2base($repo_id)
75 function rg_repo_name2base($repo)
59 76 { {
60 77 global $rg_base_repo; global $rg_base_repo;
61 78
62 $r3 = sprintf("%03u", $repo_id % 1000);
79 $len = strlen($repo);
80 $v = $repo;
81 if ($len == 1)
82 $v .= "_";
63 83
64 84 return $rg_base_repo . "/" return $rg_base_repo . "/"
65 . $r3[0] . "/" . $r3[1] . "/" . $r3[2] . "/";
85 . $v[0] . "/" . $v[1] . "/";
66 86 } }
67 87
68 88 /* /*
 
... ... function rg_repo_id2base($repo_id)
70 90 */ */
71 91 function rg_repo_info($db, $repo_id, $repo) function rg_repo_info($db, $repo_id, $repo)
72 92 { {
73 rg_log("repo_info: repo_id=$repo_id, repo=$repo...");
93 rg_log("repo_info: repo_id/repo=[$repo_id/$repo]...");
74 94
75 95 $ret['ok'] = 0; $ret['ok'] = 0;
76 96 $ret['exists'] = 0; $ret['exists'] = 0;
 
... ... function rg_repo_info($db, $repo_id, $repo)
110 130 */ */
111 131 function rg_repo_allow($db, $ri, $rg_ui, $needed_rights) function rg_repo_allow($db, $ri, $rg_ui, $needed_rights)
112 132 { {
113 rg_log("repo_allow: rg_uid=" . $rg_ui['uid']
133 rg_log("repo_allow: repo_id=" . $ri['repo_id']
134 . " rg_uid=" . $rg_ui['uid']
114 135 . ", needed_rights=$needed_rights..."); . ", needed_rights=$needed_rights...");
115 136
116 137 if ($rg_ui['is_admin'] == 1) { if ($rg_ui['is_admin'] == 1) {
 
... ... function rg_repo_allow($db, $ri, $rg_ui, $needed_rights)
123 144 return FALSE; return FALSE;
124 145 } }
125 146
126 $rr = rg_repo_rights_get($db, $ri, $rg_ui['uid']);
127 if ($rr['ok'] != 1) {
128 rg_repo_set_error("No access!");
129 return FALSE;
147 // anonymous acess (git://...)
148 if ($rg_ui['uid'] == 0) {
149 $db_rights = $ri['default_rights'];
150 } else {
151 $rr = rg_repo_rights_get($db, $ri, $rg_ui['uid'], 0);
152 if ($rr['ok'] != 1) {
153 rg_repo_set_error("No access!");
154 return FALSE;
155 }
156 $db_rights = $rr['rights'];
130 157 } }
131 rg_log("\tdb rights: " . $rr['rights']);
158 rg_log("\tdb rights: " . $db_rights);
132 159
133 160 $len = strlen($needed_rights); $len = strlen($needed_rights);
134 161 for ($i = 0; $i < $len; $i++) { for ($i = 0; $i < $len; $i++) {
135 if (!strstr($rr['rights'], $needed_rights[$i])) {
162 if (!strstr($db_rights, $needed_rights[$i])) {
136 163 rg_repo_set_error("No rights (" . $needed_rights[$i] . ")"); rg_repo_set_error("No rights (" . $needed_rights[$i] . ")");
137 164 return FALSE; return FALSE;
138 165 } }
 
... ... function rg_repo_allow($db, $ri, $rg_ui, $needed_rights)
149 176 * TODO: put all fields into an array! * TODO: put all fields into an array!
150 177 */ */
151 178 function rg_repo_create($db, $master, $rg_ui, $name, $max_commit_size, $desc, function rg_repo_create($db, $master, $rg_ui, $name, $max_commit_size, $desc,
152 $rights)
179 $rights, $max_users)
153 180 { {
154 181 // TODO: reorder parameters - are not logical // TODO: reorder parameters - are not logical
155 182 rg_log("repo_create: rg_uid=" . $rg_ui['uid'] rg_log("repo_create: rg_uid=" . $rg_ui['uid']
156 183 . ", name=[$name], master=$master" . ", name=[$name], master=$master"
157 184 . ", max_commit_size=$max_commit_size, desc=[$desc]" . ", max_commit_size=$max_commit_size, desc=[$desc]"
158 . ", rights=$rights...");
185 . ", rights=$rights, max_users=$max_users...");
186
187 // TODO: test if user is allowed to add a repository
159 188
160 189 if (rg_repo_ok($name) === FALSE) if (rg_repo_ok($name) === FALSE)
161 190 return FALSE; return FALSE;
 
... ... function rg_repo_create($db, $master, $rg_ui, $name, $max_commit_size, $desc,
175 204 $itime = time(); $itime = time();
176 205
177 206 $sql = "INSERT INTO repos (uid, master, name, itime" $sql = "INSERT INTO repos (uid, master, name, itime"
178 . ", max_commit_size, desc, git_dir_done, default_rights)"
207 . ", max_commit_size, desc, git_dir_done, default_rights"
208 . ", max_users)"
179 209 . " VALUES (" . $rg_ui['uid'] . ", $master, '$e_name', $itime" . " VALUES (" . $rg_ui['uid'] . ", $master, '$e_name', $itime"
180 . ", $max_commit_size, '$e_desc', 0, '$rights')";
210 . ", $max_commit_size, '$e_desc', 0, '$rights', $max_users)";
181 211 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
182 212 if ($res === FALSE) { if ($res === FALSE) {
183 213 rg_repo_set_error("Cannot insert (" . rg_sql_error() . ")"); rg_repo_set_error("Cannot insert (" . rg_sql_error() . ")");
 
... ... function rg_repo_update($db, &$new)
222 252 . ", name=[" . $new['name'] . "]" . ", name=[" . $new['name'] . "]"
223 253 . ", max_commit_size=" . $new['max_commit_size'] . ", max_commit_size=" . $new['max_commit_size']
224 254 . ", desc=[" . $new['desc'] . "]" . ", desc=[" . $new['desc'] . "]"
225 . ", default_rights=" . $new['default_rights']);
255 . ", default_rights=" . $new['default_rights']
256 . ", max_users=" . $new['max_users']);
226 257
227 if (rg_repo_ok($new['name']) === FALSE)
258 if (rg_repo_ok($new['name']) !== TRUE)
228 259 return FALSE; return FALSE;
229 260
230 261 // First, test if it already exists // First, test if it already exists
 
... ... function rg_repo_update($db, &$new)
252 283 . ", max_commit_size = " . $new['max_commit_size'] . ", max_commit_size = " . $new['max_commit_size']
253 284 . ", desc = '$e_desc'" . ", desc = '$e_desc'"
254 285 . ", default_rights = '" . $new['default_rights'] . "'" . ", default_rights = '" . $new['default_rights'] . "'"
286 . ", max_users = " . $new['max_users']
255 287 . " WHERE repo_id = " . $new['repo_id']; . " WHERE repo_id = " . $new['repo_id'];
256 288 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
257 289 if ($res === FALSE) { if ($res === FALSE) {
 
... ... function rg_repo_update($db, &$new)
268 300 */ */
269 301 function rg_repo_list_query($db, $url, $sql) function rg_repo_list_query($db, $url, $sql)
270 302 { {
303 global $rg_ui;
304
271 305 rg_log("repo_list_query: url=$url, sql=$sql..."); rg_log("repo_list_query: url=$url, sql=$sql...");
272 306
273 307 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
274 308 if ($res === FALSE) if ($res === FALSE)
275 309 return FALSE; return FALSE;
276 310
311 $admin_mode = 0;
312 if ($rg_ui['is_admin'] == 1)
313 $admin_mode = 1;
314
277 315 $ret = "<table>\n"; $ret = "<table>\n";
278 316 $ret .= "<tr>\n"; $ret .= "<tr>\n";
279 317 $ret .= " <th>Name</th>\n"; $ret .= " <th>Name</th>\n";
318 if ($admin_mode == 1)
319 $ret .= " <th>Owner</th>\n";
280 320 $ret .= " <th>Description</th>\n"; $ret .= " <th>Description</th>\n";
281 321 $ret .= " <th>Clone of</th>\n"; $ret .= " <th>Clone of</th>\n";
282 322 $ret .= " <th>Creation date (UTC)</th>\n"; $ret .= " <th>Creation date (UTC)</th>\n";
283 323 $ret .= " <th>Default rights</th>\n"; $ret .= " <th>Default rights</th>\n";
284 324 $ret .= " <th>Disk current/max</th>\n"; $ret .= " <th>Disk current/max</th>\n";
285 325 $ret .= " <th>Max commit size</th>\n"; $ret .= " <th>Max commit size</th>\n";
326 $ret .= " <th>Max users</th>\n";
286 327 $ret .= "</tr>\n"; $ret .= "</tr>\n";
328
287 329 while (($row = rg_sql_fetch_array($res))) { while (($row = rg_sql_fetch_array($res))) {
288 330 $ret .= "<tr>\n"; $ret .= "<tr>\n";
289 331 $_link = rg_re_repopage($row['repo_id'], $row['name']); $_link = rg_re_repopage($row['repo_id'], $row['name']);
290 332 $ret .= " <td><a href=\"$_link\">" . $row['name'] . "</a></td>\n"; $ret .= " <td><a href=\"$_link\">" . $row['name'] . "</a></td>\n";
333 if ($admin_mode == 1) {
334 $_ui = rg_user_info($db, $row['uid'], "", "");
335 if ($_ui['exists'] != 1)
336 $v = "?" . $row['uid'] . "?";
337 else
338 $v = $_ui['user'];
339 $ret .= " <td>$v</td>\n";
340 }
291 341 $ret .= " <td><small>" . nl2br($row['desc']) . "</small></td>\n"; $ret .= " <td><small>" . nl2br($row['desc']) . "</small></td>\n";
292 342 if ($row['master'] > 0) { if ($row['master'] > 0) {
293 343 $master_repo = "?"; $master_repo = "?";
 
... ... function rg_repo_list_query($db, $url, $sql)
299 349 $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n"; $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n";
300 350
301 351 // rights // rights
302 $_r = implode(", ", rg_repo_rights_text($row['default_rights']));
352 $_r = implode(", ", rg_rights_text("repo", $row['default_rights']));
303 353 $ret .= " <td>" . $_r . "</td>\n"; $ret .= " <td>" . $_r . "</td>\n";
304 354
305 355 $_max = "ulimited"; $_max = "ulimited";
 
... ... function rg_repo_list_query($db, $url, $sql)
312 362 $_v = rg_1024($row['max_commit_size']); $_v = rg_1024($row['max_commit_size']);
313 363 $ret .= " <td>" . $_v . "</td>\n"; $ret .= " <td>" . $_v . "</td>\n";
314 364
365 $_v = "ulimited";
366 if ($row['max_users'] > 0)
367 $_v = $row['max_users'];
368 $ret .= " <td>" . $_v . "</td>\n";
369
315 370 $ret .= "</tr>\n"; $ret .= "</tr>\n";
316 371 } }
317 372 $ret .= "</table>\n"; $ret .= "</table>\n";
 
... ... function rg_repo_search($db, $q, $masters)
354 409
355 410 $sql = "SELECT * FROM repos" $sql = "SELECT * FROM repos"
356 411 . " WHERE deleted = 0" . " WHERE deleted = 0"
357 . " AND name LIKE '%$e_q%'"
412 . " AND name ILIKE '%$e_q%'"
358 413 . $add . $add
359 414 . " ORDER BY name" . " ORDER BY name"
360 415 . " LIMIT 10"; . " LIMIT 10";
 
... ... function rg_repo_git_done($db, $repo_id)
393 448 return TRUE; return TRUE;
394 449 } }
395 450
396
397 // Functions for repo rights management
398
399 /*
400 * Combine two repo rights strings
401 */
402 function rg_repo_rights_combine($a, $b)
403 {
404 $len = strlen($b);
405 for ($i = 0; $i < $len; $i++)
406 if (!strstr($a, $b[$i]))
407 $a .= $b[$i];
408
409 return $a;
410 }
411
412 451 /* /*
413 452 * Get rights for a user * Get rights for a user
414 453 */ */
415 function rg_repo_rights_get($db, $ri, $uid)
454 function rg_repo_rights_get($db, $ri, $uid, $flags)
416 455 { {
417 global $rg_repo_rights;
418
419 rg_log("rg_repo_rights_get: repo_id=" . $ri['repo_id'] . ", uid=$uid...");
456 rg_log("rg_repo_rights_get: repo_id=" . $ri['repo_id'] . ", uid=$uid"
457 . " flags=$flags...");
420 458
421 459 $ret = array(); $ret = array();
422 460 $ret['ok'] = 0; $ret['ok'] = 0;
423 $ret['exists'] = 0;
424 461 $ret['rights'] = ""; $ret['rights'] = "";
425 462
426 463 $repo_id = $ri['repo_id']; $repo_id = $ri['repo_id'];
427 464
428 465 // Give all rights to owner // Give all rights to owner
429 $dr = $ri['default_rights'];
430 466 if ($ri['uid'] == $uid) { if ($ri['uid'] == $uid) {
431 foreach ($rg_repo_rights as $letter => $junk)
432 $dr = rg_repo_rights_combine($dr, $letter);
433 }
434
435 $sql = "SELECT rights FROM repo_rights"
436 . " WHERE repo_id = $repo_id"
437 . " AND uid = $uid"
438 . " LIMIT 1";
439 $res = rg_sql_query($db, $sql);
440 if ($res === FALSE) {
441 rg_repo_set_error("Cannot get info (" . rg_sql_error() . ")!");
442 return $ret;
467 rg_log("\tuid $uid is the owner.");
468 $dr = rg_rights_all("repo");
469 if (($flags & RG_RIGHTS_FILL_EXISTS) == 0) {
470 rg_log("\tNo need to fill 'exists' field. Return.");
471 $ret['rights'] = $dr;
472 $ret['ok'] = 1;
473 return $ret;
474 }
475 } else {
476 $dr = $ri['default_rights'];
443 477 } }
444 478
445 $ret['ok'] = 1;
446 $row = rg_sql_fetch_array($res);
447 rg_sql_free_result($res);
448 if (isset($row['rights'])) {
449 $ret['rights'] = $row['rights'];
450 $ret['exists'] = 1;
479 $r = rg_rights_get($db, "repo", $repo_id, $uid);
480 if ($r['ok'] !== 1) {
481 rg_repo_set_error("Cannot get rights (" . rg_rights_error() . ")!");
482 return FALSE;
451 483 } }
452 484
453 $ret['rights'] = rg_repo_rights_combine($dr, $ret['rights']);
454 rg_log("\tDEBUG rights=" . $ret['rights']);
485 $ret['rights'] = rg_rights_combine($dr, $r['rights']);
486 rg_log("\tFinal rights($dr + " . $r['rights'] . ")=" . $ret['rights']);
455 487
456 488 return $ret; return $ret;
457 489 } }
 
... ... function rg_repo_rights_set($db, $ri, $uid, $rights)
464 496 rg_log("rg_repo_rights_set: repo_id=" . $ri['repo_id'] rg_log("rg_repo_rights_set: repo_id=" . $ri['repo_id']
465 497 . ", uid=$uid, rights=$rights..."); . ", uid=$uid, rights=$rights...");
466 498
467 $repo_id = $ri['repo_id'];
468
469 if (empty($rights)) {
470 $sql = "DELETE FROM repo_rights"
471 . " WHERE repo_id = $repo_id"
472 . " AND uid = $uid";
473 } else {
474 $e_rights = rg_sql_escape($db, $rights);
475
476 $rr = rg_repo_rights_get($db, $ri, $uid);
477 if ($rr === FALSE)
478 return $rr;
479 rg_log("rr: " . print_r($rr, TRUE));
480
481 if ($rr['exists'] == 1) {
482 $sql = "UPDATE repo_rights"
483 . " SET rights = '$e_rights'"
484 . " WHERE repo_id = $repo_id"
485 . " AND uid = $uid";
486 } else {
487 $itime = time();
488
489 $sql = "INSERT INTO repo_rights (repo_id, uid, rights"
490 . ", itime)"
491 . " VALUES ($repo_id, $uid, '$e_rights'"
492 . ", $itime)";
493 }
494 }
495
496 $res = rg_sql_query($db, $sql);
497 if ($res === FALSE) {
498 rg_repo_set_error("Cannot alter rights (" . rg_sql_error() . ")!");
499 $r = rg_rights_set($db, "repo", $ri['repo_id'], $uid, $rights);
500 if ($r !== TRUE) {
501 rg_repo_set_error("Cannot alter rights (" . rg_rights_error() . ")!");
499 502 return FALSE; return FALSE;
500 503 } }
501 rg_sql_free_result($res);
502 504
503 505 return TRUE; return TRUE;
504 506 } }
 
... ... function rg_repo_rights_set($db, $ri, $uid, $rights)
506 508 /* /*
507 509 * List rights for a repo * List rights for a repo
508 510 */ */
509 function rg_repo_rights_list($db, $repo_id, $url)
511 function rg_repo_rights_list($db, $ri, $url)
510 512 { {
511 rg_log("rg_repo_rights_list: repo_id=$repo_id url=$url");
512
513 $ret = "";
513 rg_log("rg_repo_rights_list: repo_id=" . $ri['repo_id'] . " url=$url");
514 514
515 $sql = "SELECT * FROM repo_rights WHERE repo_id = $repo_id";
516 $res = rg_sql_query($db, $sql);
517 if ($res === FALSE) {
518 rg_repo_set_error("Cannot get info (" . rg_sql_error() . ")!");
515 $r = rg_rights_list($db, "repo", $ri['repo_id'], $url);
516 if ($r === FALSE) {
517 rg_repo_set_error("Cannot list rights (" . rg_rights_error() . ")");
519 518 return FALSE; return FALSE;
520 519 } }
521 520
522 $ret .= "<table>\n";
523 $ret .= "<tr>\n";
524 $ret .= " <th>User</th>\n";
525 $ret .= " <th>Rights</th>\n";
526 $ret .= " <th>Operations</th>\n";
527 $ret .= "</tr>\n";
528 while (($row = rg_sql_fetch_array($res))) {
529 $ret .= "<tr>\n";
530
531 $_u = $row['uid'];
532 $_ui = rg_user_info($db, $row['uid'], "", "");
533 if ($_ui['exists'] == 1)
534 $_u = $_ui['user'];
535
536 $ret .= " <td>" . $_u . "</td>\n";
537
538 $_r = rg_repo_rights_text($row['rights']);
539 $_r = implode("<br />\n", $_r);
540 $ret .= " <td>" . $_r . "</td>\n";
541
542 // operations
543 // remove
544 $ret .= " <td>";
545 $_url = $url . "&amp;subop=2";
546 $v = $row['uid'];
547 $ret .= "[<a href=\"$_url&amp;remove_uid=$v\">Remove</a>]";
548 $ret .= " </td>";
549 $ret .= "</tr>\n";
550 }
551 $ret .= "</table>\n";
552 rg_sql_free_result($res);
553
554 return $ret;
555 }
556
557 /*
558 * Rights -> form
559 */
560 function rg_repo_rights_checkboxes($def_rights)
561 {
562 global $rg_repo_rights;
563
564 $ret = "";
565 foreach ($rg_repo_rights as $right => $info) {
566 $add = "";
567 if (strstr($def_rights, $right))
568 $add = " checked";
569 $ret .= "<input type=\"checkbox\" name=\"rights[$right]\""
570 . $add . " />$info<br />\n";
571 }
572
573 return $ret;
521 return $r;
574 522 } }
575 523
576 /*
577 * List rights as text
578 */
579 function rg_repo_rights_text($rights)
580 {
581 global $rg_repo_rights;
582
583 $ret = array();
584
585 $len = strlen($rights);
586 if ($len == 0)
587 return array("None");
588
589 for ($i = 0; $i < $len; $i++) {
590 if (isset($rg_repo_rights[$rights[$i]]))
591 $ret[] = $rg_repo_rights[$rights[$i]];
592 else
593 $ret[] = "?" . $rights[$i] . "?";
594 }
595
596 return $ret;
597 }
598
599 /*
600 * Transforms rights array into a string
601 */
602 function rg_repo_rights_a2s($a)
603 {
604 $rights = "";
605
606 if (is_array($a))
607 foreach ($a as $right => $junk)
608 $rights .= $right;
609
610 return preg_replace("/[^A-Za-z0-9]/", "", $rights);
611 }
612 524 ?> ?>

File inc/repo/repo.form.php changed (mode: 100644) (index 7ebcd93..a6d7aa0)
... ... $_form = '
7 7 <input type="hidden" name="repo_id" value="' . $repo_id . '"> <input type="hidden" name="repo_id" value="' . $repo_id . '">
8 8 <input type="hidden" name="master_repo_id" value="' . $master_repo_id . '"> <input type="hidden" name="master_repo_id" value="' . $master_repo_id . '">
9 9 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
10 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
10 11
11 12 <table> <table>
12 13 '; ';
 
... ... $_form .= '
35 36 </tr> </tr>
36 37
37 38 <tr> <tr>
39 <td>Max number of users:</td>
40 <td>
41 <input type="text" name="max_users" value="' . $max_users . '" /><br />
42 </td>
43 </tr>
44
45 <tr>
38 46 <td>Description:</td> <td>Description:</td>
39 47 <td> <td>
40 48 <textarea name="desc" value="' . $desc . '" rows="4" cols="30">' . $desc . '</textarea><br /> <textarea name="desc" value="' . $desc . '" rows="4" cols="30">' . $desc . '</textarea><br />
 
... ... $_form .= '
44 52 <tr> <tr>
45 53 <td>Default rights:</td> <td>Default rights:</td>
46 54 <td> <td>
47 ' . rg_repo_rights_checkboxes($rights) . '
55 ' . rg_rights_checkboxes("repo", $rights) . '
48 56 </td> </td>
49 57 </tr> </tr>
50 58

File inc/repo/repo.php changed (mode: 100644) (index 8b5d91a..3d05e09)
... ... if ($rg_ui['uid'] == 0) {
10 10
11 11 $name = rg_var_str("name"); $name = rg_var_str("name");
12 12 $max_commit_size = rg_var_uint("max_commit_size"); $max_commit_size = rg_var_uint("max_commit_size");
13 $max_users = rg_var_uint("max_users");
13 14 $desc = rg_var_str("desc"); $desc = rg_var_str("desc");
14 15 $master_repo_id = rg_var_uint("master_repo_id"); $master_repo_id = rg_var_uint("master_repo_id");
15 16 $rights = rg_var_str("rights"); $rights = rg_var_str("rights");
16 $rights = rg_repo_rights_a2s($rights);
17 $rights = rg_rights_a2s($rights);
17 18 $repo_id = rg_var_uint("repo_id"); $repo_id = rg_var_uint("repo_id");
18 19 $q = rg_var_str("q"); $q = rg_var_str("q");
19 20 $masters = rg_var_uint("masters"); $masters = rg_var_uint("masters");
 
... ... switch ($subop) {
34 35 case 1: // create case 1: // create
35 36 if ($doit == 1) { if ($doit == 1) {
36 37 $_r = rg_repo_create($db, $master_repo_id, $rg_ui, $name, $_r = rg_repo_create($db, $master_repo_id, $rg_ui, $name,
37 $max_commit_size, $desc, $rights);
38 $max_commit_size, $desc, $rights, $max_users);
38 39 if ($_r === FALSE) if ($_r === FALSE)
39 40 $_body .= rg_repo_error(); $_body .= rg_repo_error();
40 41 else else

File inc/repo/repo_page.php changed (mode: 100644) (index 10df380..d0ea909)
... ... $repo_id = rg_var_uint("repo_id");
6 6 $name = rg_var_str("name"); $name = rg_var_str("name");
7 7 $max_commit_size = rg_var_uint("max_commit_size"); $max_commit_size = rg_var_uint("max_commit_size");
8 8 $desc = rg_var_str("desc"); $desc = rg_var_str("desc");
9 $rights = @rg_repo_rights_a2s($_REQUEST['rights']);
9 $rights = @rg_rights_a2s($_REQUEST['rights']);
10 $max_users = rg_var_uint("max_users");
10 11 $user = rg_var_str("user"); $user = rg_var_str("user");
11 12 $master_repo_id = 0; $master_repo_id = 0;
12 13
 
... ... case 1: // edit
44 45 $ri['max_commit_size'] = $max_commit_size; $ri['max_commit_size'] = $max_commit_size;
45 46 $ri['desc'] = $desc; // TODO: filter $ri['desc'] = $desc; // TODO: filter
46 47 $ri['default_rights'] = $rights; // TODO: filter $ri['default_rights'] = $rights; // TODO: filter
48 $ri['max_users'] = $max_users;
47 49 $_r = rg_repo_update($db, $ri); $_r = rg_repo_update($db, $ri);
48 50 if ($_r === FALSE) { if ($_r === FALSE) {
49 51 $_body .= rg_repo_error(); $_body .= rg_repo_error();
 
... ... case 1: // edit
58 60 $name = $ri['name']; $name = $ri['name'];
59 61 $rights = $ri['default_rights']; $rights = $ri['default_rights'];
60 62 $max_commit_size = $ri['max_commit_size']; $max_commit_size = $ri['max_commit_size'];
63 $max_users = $ri['max_users'];
61 64 $desc = $ri['desc']; $desc = $ri['desc'];
62 65
63 66 $_action = "Update"; $_action = "Update";
 
... ... case 2: // rights
83 86
84 87 while ($remove_uid > 0) { while ($remove_uid > 0) {
85 88 $e = rg_repo_rights_set($db, $ri, $remove_uid, ""); $e = rg_repo_rights_set($db, $ri, $remove_uid, "");
86 if ($e === FALSE) {
89 if ($e !== TRUE) {
87 90 $errmsg[] = rg_repo_error(); $errmsg[] = rg_repo_error();
88 91 break; break;
89 92 } }
 
... ... case 2: // rights
110 113
111 114 // list rights // list rights
112 115 $_url = rg_re_repopage($ri['repo_id'], $ri['name']); $_url = rg_re_repopage($ri['repo_id'], $ri['name']);
113 $_body .= rg_repo_rights_list($db, $repo_id, $_url);
116 $_body .= rg_repo_rights_list($db, $ri, $_url);
114 117
115 118 $_body .= "<br />\n"; $_body .= "<br />\n";
116 119
 
... ... if ($show_repo_info == 1) {
153 156 if (!empty($ri['desc'])) if (!empty($ri['desc']))
154 157 $_rt .= "<small>" . $ri['desc'] . "</small><br />\n"; $_rt .= "<small>" . $ri['desc'] . "</small><br />\n";
155 158 $_rt .= "<br />\n"; $_rt .= "<br />\n";
156 $_dr = rg_repo_rights_text($ri['default_rights']);
159 $_dr = rg_rights_text("repo", $ri['default_rights']);
157 160 $_rt .= "Default rights: " . implode(", ", $_dr) . "<br />\n"; $_rt .= "Default rights: " . implode(", ", $_dr) . "<br />\n";
158 161 $_rt .= "Maxim commit size: " . rg_1024($ri['max_commit_size']) . "<br />\n"; $_rt .= "Maxim commit size: " . rg_1024($ri['max_commit_size']) . "<br />\n";
162 $_rt .= "Maxim number of users: " . $ri['max_users'] . "<br />\n";
159 163 $_url = "git://" . $_SERVER['HTTP_HOST'] . "/" . $ri['name'] . ".git"; $_url = "git://" . $_SERVER['HTTP_HOST'] . "/" . $ri['name'] . ".git";
160 164 $_rt .= "Git URL: <a href=\"$_url\">$_url</a><br />\n"; $_rt .= "Git URL: <a href=\"$_url\">$_url</a><br />\n";
165 $_url = "ssh://rg@" . $_SERVER['HTTP_HOST'] . "/" . $ri['name'] . ".git";
166 $_rt .= "Git over SSH URL: <a href=\"$_url\">$_url</a><br />\n";
161 167 $_rt .= "<br />\n"; $_rt .= "<br />\n";
162 168 } }
163 169

File inc/repo/rights.form.php changed (mode: 100644) (index 3b7e7ef..160ce44)
... ... $_form = '
7 7 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
8 8 <input type="hidden" name="repo_id" value="' . $repo_id . '"> <input type="hidden" name="repo_id" value="' . $repo_id . '">
9 9 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
10 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
10 11
11 12 <table> <table>
12 13 <tr> <tr>
 
... ... $_form = '
19 20 <tr> <tr>
20 21 <td>Rights:</td> <td>Rights:</td>
21 22 <td> <td>
22 ' . rg_repo_rights_checkboxes($rights) . '
23 ' . rg_rights_checkboxes("repo", $rights) . '
23 24 </td> </td>
24 25 </tr> </tr>
25 26

File inc/rights.inc.php added (mode: 100644) (index 0000000..78f39b7)
1 <?php
2 require_once($INC . "/util.inc.php");
3 require_once($INC . "/log.inc.php");
4 require_once($INC . "/db.inc.php");
5 require_once($INC . "/user.inc.php");
6 require_once($INC . "/git.inc.php");
7
8 define("RG_RIGHTS_FILL_EXISTS", 1);
9
10 $rg_rights = array();
11
12 $rg_rights_error = "";
13
14 function rg_rights_set_error($str)
15 {
16 global $rg_rights_error;
17
18 rg_log("\tError: $str");
19 $rg_rights_error = $str;
20 }
21
22 function rg_rights_error()
23 {
24 global $rg_rights_error;
25 return $rg_rights_error;
26 }
27
28 /*
29 * Register a set of rights
30 */
31 function rg_rights_register($type, $rights)
32 {
33 global $rg_rights;
34
35 $rg_rights[$type] = $rights;
36 }
37
38 /*
39 * Enforce correct chars
40 */
41 function rg_rights_fix($rights)
42 {
43 return preg_replace("/[^A-Za-z0-9]/", "", $rights);
44 }
45
46 /*
47 * Combine two repo rights strings
48 */
49 function rg_rights_combine($a, $b)
50 {
51 $len = strlen($b);
52 for ($i = 0; $i < $len; $i++)
53 if (!strstr($a, $b[$i]))
54 $a .= $b[$i];
55
56 return $a;
57 }
58
59 /*
60 * Returns all possible rights
61 */
62 function rg_rights_all($type)
63 {
64 global $rg_rights;
65
66 if (!isset($rg_rights[$type])) {
67 rg_log("WARN: type [$type] is not registered!");
68 return "";
69 }
70
71 $ret = "";
72 foreach ($rg_rights[$type] as $letter => $junk)
73 $ret = rg_rights_combine($ret, $letter);
74
75 return $ret;
76 }
77
78 /*
79 * Rights -> form
80 */
81 function rg_rights_checkboxes($type, $passed_rights)
82 {
83 global $rg_rights;
84
85 if (!isset($rg_rights[$type])) {
86 rg_log("[$type] is not registered! " . print_r(debug_backtrace(), TRUE));
87 return "";
88 }
89
90 $ret = "";
91 foreach ($rg_rights[$type] as $right => $info) {
92 $add = "";
93 if (strstr($passed_rights, $right))
94 $add = " checked";
95 $ret .= "<input type=\"checkbox\" name=\"rights[$right]\""
96 . $add . " />$info<br />\n";
97 }
98
99 return $ret;
100 }
101
102 /*
103 * List rights as text
104 */
105 function rg_rights_text($type, $rights)
106 {
107 global $rg_rights;
108
109 $ret = array();
110
111 $len = strlen($rights);
112 if ($len == 0)
113 return array("None");
114
115 for ($i = 0; $i < $len; $i++) {
116 if (isset($rg_rights[$type][$rights[$i]]))
117 $ret[] = $rg_rights[$type][$rights[$i]];
118 else
119 $ret[] = "?" . $rights[$i] . "?";
120 }
121
122 return $ret;
123 }
124
125 /*
126 * Transforms rights array into a string
127 */
128 function rg_rights_a2s($a)
129 {
130 $rights = "";
131
132 if (is_array($a))
133 foreach ($a as $right => $junk)
134 $rights .= $right;
135
136 return rg_rights_fix($rights);
137 }
138
139
140 /*
141 * Get rights for an object
142 */
143 function rg_rights_get($db, $type, $obj_id, $uid)
144 {
145 global $rg_rights;
146
147 rg_log("rg_rights_get: type=$type obj_id=$obj_id uid=$uid...");
148
149 $ret = array();
150 $ret['ok'] = 0;
151 $ret['rights'] = "";
152
153 $sql = "SELECT rights FROM rights"
154 . " WHERE type = '$type'"
155 . " AND uid = $uid"
156 . " AND obj_id = $obj_id"
157 . " LIMIT 1";
158 $res = rg_sql_query($db, $sql);
159 if ($res === FALSE) {
160 rg_rights_set_error("Cannot get info (" . rg_sql_error() . ")!");
161 return $ret;
162 }
163
164 $ret['ok'] = 1;
165 $ret['exists'] = 0;
166 $row = rg_sql_fetch_array($res);
167 rg_sql_free_result($res);
168 if (isset($row['rights'])) {
169 $ret['rights'] = $row['rights'];
170 $ret['exists'] = 1;
171 }
172
173 rg_log("\tRights: " . $ret['rights']);
174
175 return $ret;
176 }
177
178 /*
179 * Set rights for an object
180 */
181 function rg_rights_set($db, $type, $obj_id, $uid, $rights)
182 {
183 rg_log("rg_rights_set: type=$type obj_id=$obj_id"
184 . ", uid=$uid, rights=$rights...");
185
186 $cond = " type = '$type' AND uid = $uid AND obj_id = $obj_id";
187
188 if (empty($rights)) {
189 $sql = "DELETE FROM rights"
190 . " WHERE $cond";
191 } else {
192 $r = rg_rights_get($db, $type, $obj_id, $uid);
193 if ($r['ok'] != 1)
194 return $r;
195 rg_log("r: " . print_r($r, TRUE));
196
197 if ($r['exists'] == 1) {
198 $sql = "UPDATE rights"
199 . " SET rights = '$rights'"
200 . " WHERE $cond";
201 } else {
202 $itime = time();
203
204 $sql = "INSERT INTO rights (type, uid, obj_id, rights"
205 . ", itime)"
206 . " VALUES ('$type', $uid, $obj_id, '$rights'"
207 . ", $itime)";
208 }
209 }
210
211 $res = rg_sql_query($db, $sql);
212 if ($res === FALSE) {
213 rg_rights_set_error("Cannot alter rights (" . rg_sql_error() . ")!");
214 return FALSE;
215 }
216 rg_sql_free_result($res);
217
218 return TRUE;
219 }
220
221 /*
222 * List rights for a repo
223 */
224 function rg_rights_list($db, $type, $obj_id, $url)
225 {
226 global $rg_rights;
227
228 rg_log("rg_rights_list: type=$type obj_id=$obj_id url=$url");
229
230 $ret = "";
231
232 $sql = "SELECT * FROM rights WHERE type = '$type' AND obj_id = $obj_id";
233 $res = rg_sql_query($db, $sql);
234 if ($res === FALSE) {
235 rg_rights_set_error("Cannot get info (" . rg_sql_error() . ")!");
236 return FALSE;
237 }
238
239 $ret .= "<table>\n";
240 $ret .= "<tr>\n";
241 $ret .= " <th>User</th>\n";
242 $ret .= " <th>Rights</th>\n";
243 $ret .= " <th>Operations</th>\n";
244 $ret .= "</tr>\n";
245 while (($row = rg_sql_fetch_array($res))) {
246 $ret .= "<tr>\n";
247
248 $_u = $row['uid'];
249 $_ui = rg_user_info($db, $row['uid'], "", "");
250 if ($_ui['exists'] == 1)
251 $_u = $_ui['user'];
252
253 $ret .= " <td>" . $_u . "</td>\n";
254
255 $_r = rg_rights_text($type, $row['rights']);
256 $_r = implode("<br />\n", $_r);
257 $ret .= " <td>" . $_r . "</td>\n";
258
259 // operations
260 // remove
261 $ret .= " <td>";
262 $_url = $url . "&amp;subop=2";
263 $v = $row['uid'];
264 $ret .= "[<a href=\"$_url&amp;remove_uid=$v\">Remove</a>]";
265 $ret .= " </td>";
266 $ret .= "</tr>\n";
267 }
268 $ret .= "</table>\n";
269 rg_sql_free_result($res);
270
271 return $ret;
272 }
273
274 ?>

File inc/sess.inc.php changed (mode: 100644) (index 81ed5af..7001e34)
1 1 <?php <?php
2 2 require_once($INC . "/log.inc.php"); require_once($INC . "/log.inc.php");
3 3 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
4 require_once($INC . "/token.inc.php");
4 5
5 6 /* /*
6 7 * Add a session * Add a session
 
... ... function rg_sess_destroy($db, $sid, &$rg_ui)
97 98 } }
98 99 rg_sql_free_result($res); rg_sql_free_result($res);
99 100
101 // Delete all tokens associated with this session
102 rg_token_delete($db, $sid, "");
103
100 104 $rg_ui = array(); $rg_ui = array();
101 105 $rg_ui['uid'] = 0; $rg_ui['uid'] = 0;
102 106 $rg_ui['is_admin'] = 0; $rg_ui['is_admin'] = 0;

File inc/token.inc.php added (mode: 100644) (index 0000000..2f2e042)
1 <?php
2 require_once($INC . "/util.inc.php");
3 require_once($INC . "/log.inc.php");
4 require_once($INC . "/db.inc.php");
5
6 $rg_token_error = "";
7
8 function rg_token_set_error($str)
9 {
10 global $rg_token_error;
11
12 rg_log("\tError: $str");
13 $rg_token_error = $str;
14 }
15
16 function rg_token_error()
17 {
18 global $rg_token_error;
19 return $rg_token_error;
20 }
21
22 /*
23 * Delete a token
24 */
25 function rg_token_delete($db, $sid, $token)
26 {
27 rg_log("rg_token_delete: sid=$sid token=$token");
28
29 $ret = array();
30 $ret['ok'] = 0;
31
32 $add_token = "";
33 if (!empty($token))
34 $add_token = " AND token = '$token'";
35
36 $sql = "DELETE FROM tokens"
37 . " WHERE sid = '$sid'"
38 . $add_token;
39 $res = rg_sql_query($db, $sql);
40 if ($res === FALSE) {
41 rg_token_set_error("Cannot delete token (" . rg_sql_error() . ")!");
42 return $ret;
43 }
44 rg_sql_free_result($res);
45
46 $ret['ok'] = 1;
47
48 return $ret;
49 }
50
51 /*
52 * Returns if the token is valid
53 */
54 function rg_token_valid($db, $sid, $token)
55 {
56 rg_log("rg_token_get: sid=$sid token=$token");
57
58 $sql = "SELECT 1 AS junk FROM tokens"
59 . " WHERE token = '$token'"
60 . " AND sid = '$sid'";
61 $res = rg_sql_query($db, $sql);
62 if ($res === FALSE) {
63 rg_token_set_error("Cannot get token (" . rg_sql_error() . ")!");
64 return FALSE;
65 }
66
67 $ret['ok'] = 1;
68 $ret['exists'] = 0;
69 $row = rg_sql_fetch_array($res);
70 rg_sql_free_result($res);
71 if (!isset($row['junk'])) {
72 rg_token_set_error("Token not found!");
73 return TRUE;
74 }
75
76 return TRUE;
77 }
78
79 /*
80 * Insert a token
81 */
82 function rg_token_insert($db, $sid, $token)
83 {
84 rg_log("rg_token_insert: sid=$sid token=$token");
85
86 $ret = array();
87 $ret['ok'] = 0;
88
89 $now = time();
90
91 $sql = "INSERT INTO tokens (sid, token, expire)"
92 . " VALUES ('$sid', '$token', $now + 24 * 3600)";
93 $res = rg_sql_query($db, $sql);
94 if ($res === FALSE) {
95 rg_token_set_error("Cannot insert token (" . rg_sql_error() . ")!");
96 return $ret;
97 }
98
99 $ret['ok'] = 1;
100 return $ret;
101 }
102
103 /*
104 * Returns a token to be used on a form/url
105 * We generate only one per session.
106 */
107 $rg_token = FALSE;
108 function rg_token_get($db, $sid)
109 {
110 global $rg_token;
111
112 if (empty($sid))
113 return "";
114
115 if ($rg_token === FALSE) {
116 $rg_token = rg_id(16);
117
118 rg_token_insert($db, $sid, $rg_token);
119 }
120
121 return $rg_token;
122 }
123
124 ?>

File inc/user.inc.php changed (mode: 100644) (index c6d7b94..ae4a415)
... ... require_once($INC . "/util.inc.php");
3 3 require_once($INC . "/log.inc.php"); require_once($INC . "/log.inc.php");
4 4 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
5 5 require_once($INC . "/sess.inc.php"); require_once($INC . "/sess.inc.php");
6 require_once($INC . "/rights.inc.php");
7
8 $rg_user_rights = array(
9 "C" => "Create repository",
10 "U" => "Add users"
11 );
12
13 rg_rights_register("user", $rg_user_rights);
6 14
7 15 function rg_user_set_error($str) function rg_user_set_error($str)
8 16 { {
 
... ... function rg_user_error()
19 27 } }
20 28
21 29 /* /*
30 * Computes password hash
31 */
32 function rg_user_pass($salt, $pass)
33 {
34 global $rg_pass_key;
35
36 return sha1($salt . "===" . $rg_pass_key . "===" . $pass);
37 }
38
39 /*
40 * Validates a password
41 */
42 function rg_user_pass_ok($pass)
43 {
44 if (strlen($pass) <= 4) {
45 rg_user_set_error("Password is too short.");
46 return FALSE;
47 }
48
49 return TRUE;
50 }
51
52 /*
22 53 * Returns true if the user is ok * Returns true if the user is ok
23 54 */ */
24 55 function rg_user_ok($user) function rg_user_ok($user)
 
... ... function rg_user_ok($user)
26 57 global $rg_user_allow; global $rg_user_allow;
27 58 global $rg_user_max_len; global $rg_user_max_len;
28 59
29 if (rg_chars_allow($user, $rg_user_allow) === FALSE) {
30 rg_user_set_error("Invalid user name");
60 if (rg_chars_allow($user, $rg_user_allow) !== TRUE) {
61 rg_user_set_error("Invalid user name (invalid chars [$user] [$rg_user_allow])");
31 62 return FALSE; return FALSE;
32 63 } }
33 64
 
... ... function rg_user_ok($user)
41 72
42 73 /* /*
43 74 * Add a user * Add a user
75 * If uid > 0 - edit, else, add
44 76 */ */
45 function rg_user_add($db, $user, $pass, $email, $is_admin)
77 function rg_user_edit($db, $uid, $user, $email, $pass, $is_admin,
78 $disk_quota_mb, $rights)
46 79 { {
47 80 global $rg_session_time; global $rg_session_time;
48 81
49 rg_log("user_add: user=$user, pass=$pass, email=$email, is_admin=$is_admin...");
82 rg_log("user_edit: uid=$uid, user=$user email=$email"
83 . " pass=$pass is_admin=$is_admin"
84 . " disk_quota_mb=$disk_quota_mb rights=$rights...");
50 85
51 if (rg_user_ok($user) === FALSE)
86 if (rg_user_ok($user) !== TRUE)
52 87 return FALSE; return FALSE;
53 88
54 $itime = time();
55 $e_salt = rg_id(40);
56 $e_sha1pass = sha1($e_salt . "===" . $pass);
57 $session_time = $rg_session_time;
58
59 89 $e_user = rg_sql_escape($db, $user); $e_user = rg_sql_escape($db, $user);
90 $e_salt = rg_id(40);
91 $e_pass = rg_user_pass($e_salt, $pass);
60 92 $e_email = rg_sql_escape($db, $email); $e_email = rg_sql_escape($db, $email);
93 $e_rights = rg_sql_escape($db, $rights);
94 $e_session_time = $rg_session_time;
95
96 if ($uid == 0) { // add
97 if (rg_user_pass_ok($pass) !== TRUE)
98 return FALSE;
99
100 $now = time();
101 $sql = "INSERT INTO users (user, salt, pass, email, itime"
102 . ", is_admin, disk_quota_mb, rights, session_time)"
103 . " VALUES ('$e_user', '$e_salt', '$e_pass'"
104 . ", '$e_email', $now, $is_admin, $disk_quota_mb"
105 . ", '$e_rights', $e_session_time)";
106 } else { // edit
107 $salt_pass_add = "";
108 if (!empty($pass))
109 $salt_pass_add = ", pass = '$e_pass', salt = '$e_salt'";
110
111 $sql = "UPDATE users SET user = '$e_user'"
112 . $salt_pass_add
113 . ", email = '$e_email'"
114 . ", is_admin = $is_admin"
115 . ", disk_quota_mb = $disk_quota_mb"
116 . ", rights = '$e_rights'"
117 . ", session_time = $e_session_time"
118 . " WHERE uid = $uid";
119 }
61 120
62 $sql = "INSERT INTO users (user, salt, pass, email, itime, is_admin, session_time)"
63 . " VALUES ('$e_user', '$e_salt', '$e_sha1pass', '$e_email'"
64 . ", $itime, $is_admin, $session_time)";
65 121 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
66 122 if ($res === FALSE) { if ($res === FALSE) {
67 rg_user_set_error("Cannot insert user (" . rg_sql_error() . ")!");
123 rg_user_set_error("Cannot insert/update user (" . rg_sql_error() . ")!");
68 124 return FALSE; return FALSE;
69 125 } }
70 126 rg_sql_free_result($res); rg_sql_free_result($res);
 
... ... function rg_user_remove($db, $uid)
95 151 */ */
96 152 function rg_user_info($db, $uid, $user, $email) function rg_user_info($db, $uid, $user, $email)
97 153 { {
98 rg_log("user_info: uid=[$uid], user=[$user], email=[$email]...");
154 rg_log("user_info: uid/user/email=$uid/$user/$email...");
99 155
100 156 $ret = array(); $ret = array();
101 157 $ret['ok'] = 0; $ret['ok'] = 0;
 
... ... function rg_user_info($db, $uid, $user, $email)
103 159 $ret['uid'] = 0; $ret['uid'] = 0;
104 160 $ret['is_admin'] = 0; $ret['is_admin'] = 0;
105 161
106 if (rg_user_ok($user) === FALSE)
107 return FALSE;
108
109 162 if ($uid > 0) { if ($uid > 0) {
110 163 $add = " AND uid = " . sprintf("%u", $uid); $add = " AND uid = " . sprintf("%u", $uid);
111 164 } else if (!empty($user)) { } else if (!empty($user)) {
165 if (rg_user_ok($user) !== TRUE)
166 return FALSE;
167
112 168 $e_user = rg_sql_escape($db, $user); $e_user = rg_sql_escape($db, $user);
113 169 $add = " AND user = '$e_user'"; $add = " AND user = '$e_user'";
114 170 } else if (!empty($email)) { } else if (!empty($email)) {
 
... ... function rg_user_login_by_sid($db, $sid, &$rg_ui)
163 219 rg_user_set_error("Invalid uid!"); rg_user_set_error("Invalid uid!");
164 220 return FALSE; return FALSE;
165 221 rg_sess_update($db, $sid); rg_sess_update($db, $sid);
222
223 rg_user_set_last_seen($db, $rg_ui['uid']);
224
225 return TRUE;
226 }
227
228 /*
229 * Test if a password is valid
230 */
231 function rg_user_pass_valid($db, $uid, $pass)
232 {
233 rg_log("user_pass_valid: uid=$uid, pass=$pass...");
234
235 if (empty($pass))
236 return FALSE;
237
238 $ui = rg_user_info($db, $uid, "", "");
239 if ($ui['exists'] != 1)
240 return FALSE;
241
242 $sha1pass = rg_user_pass($ui['salt'], $pass);
243 if (strcmp($sha1pass, $ui['pass']) != 0)
244 return FALSE;
245
166 246 return TRUE; return TRUE;
167 247 } }
168 248
 
... ... function rg_user_login_by_user_pass($db, $user, $pass, &$rg_ui)
189 269 } }
190 270 rg_log("\trg_ui: " . print_r($rg_ui, TRUE)); rg_log("\trg_ui: " . print_r($rg_ui, TRUE));
191 271
192 $sha1pass = sha1($rg_ui['salt'] . "===" . $pass);
272 if ($rg_ui['suspended'] > 0) {
273 rg_user_set_error("Invalid user or pass!");
274 return FALSE;
275 }
276
277 $sha1pass = rg_user_pass($rg_ui['salt'], $pass);
193 278 if (strcmp($sha1pass, $rg_ui['pass']) != 0) { if (strcmp($sha1pass, $rg_ui['pass']) != 0) {
194 279 rg_user_set_error("Invalid user or pass!"); rg_user_set_error("Invalid user or pass!");
195 280 return FALSE; return FALSE;
 
... ... function rg_user_login_by_user_pass($db, $user, $pass, &$rg_ui)
197 282
198 283 $sid = rg_id(40); $sid = rg_id(40);
199 284 rg_sess_add($db, $rg_ui['uid'], $sid, $rg_ui['session_time']); rg_sess_add($db, $rg_ui['uid'], $sid, $rg_ui['session_time']);
200 setcookie("sid", $sid, 0);
285 setcookie("sid", $sid, 0, "/", $_SERVER['HTTP_HOST'],
286 strcmp($_SERVER['HTTPS'], "on") == 0 /* secure */,
287 TRUE /* httponly */);
288
289 rg_user_set_last_seen($db, $rg_ui['uid']);
201 290
202 291 return TRUE; return TRUE;
203 292 } }
 
... ... function rg_user_suspend($db, $uid, $op)
230 319 * Make/remove admin * Make/remove admin
231 320 * 1=make, 0=remove * 1=make, 0=remove
232 321 */ */
233 function rg_user_admin($db, $uid, $op)
322 function rg_user_make_admin($db, $uid, $op)
323 {
324 rg_log("user_make_admin: uid=$uid, op=$op");
325
326 $sql = "UPDATE users SET is_admin = $op WHERE uid = $uid";
327 $res = rg_sql_query($db, $sql);
328 if ($res === FALSE)
329 return FALSE;
330 rg_sql_free_result($res);
331
332 return TRUE;
333 }
334
335 /*
336 * Update last_seen field
337 */
338 function rg_user_set_last_seen($db, $uid)
234 339 { {
235 rg_log("user_admin: uid=$uid, op=$op");
340 rg_log("user_set_last_seen: uid=$uid");
236 341
237 342 $now = time(); $now = time();
238 343
239 $sql = "UPDATE users SET is_admin = $op WHERE uid = $uid";
344 $sql = "UPDATE users SET last_seen = $now WHERE uid = $uid";
240 345 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
241 346 if ($res === FALSE) if ($res === FALSE)
242 347 return FALSE; return FALSE;
 
... ... function rg_user_list($db, $url)
254 359
255 360 $ret = ""; $ret = "";
256 361
257 $xuid = rg_var_uint("xuid");
362 $uid = rg_var_uint("uid");
258 363
259 364 $suspend = rg_var_uint("suspend"); $suspend = rg_var_uint("suspend");
260 365 if ($suspend == 1) { if ($suspend == 1) {
261 if (!rg_user_suspend($db, $xuid, 1))
366 if (!rg_user_suspend($db, $uid, 1))
262 367 $ret .= "<font color=red>Cannot suspend!</font><br />"; $ret .= "<font color=red>Cannot suspend!</font><br />";
263 368 } }
264 369
265 370 $unsuspend = rg_var_uint("unsuspend"); $unsuspend = rg_var_uint("unsuspend");
266 371 if ($unsuspend == 1) { if ($unsuspend == 1) {
267 if (!rg_user_suspend($db, $xuid, 0))
372 if (!rg_user_suspend($db, $uid, 0))
268 373 $ret .= "<font color=red>Cannot unsuspend!</font><br />"; $ret .= "<font color=red>Cannot unsuspend!</font><br />";
269 374 } }
270 375
271 376 $make_admin = rg_var_uint("make_admin"); $make_admin = rg_var_uint("make_admin");
272 377 if ($make_admin == 1) { if ($make_admin == 1) {
273 if (!rg_user_admin($db, $xuid, 1))
378 if (!rg_user_make_admin($db, $uid, 1))
274 379 $ret .= "<font color=red>Cannot make admin!</font><br />"; $ret .= "<font color=red>Cannot make admin!</font><br />";
275 380 } }
276 381
277 382 $remove_admin = rg_var_uint("remove_admin"); $remove_admin = rg_var_uint("remove_admin");
278 383 if ($remove_admin == 1) { if ($remove_admin == 1) {
279 if (!rg_user_admin($db, $xuid, 0))
384 if (!rg_user_make_admin($db, $uid, 0))
280 385 $ret .= "<font color=red>Cannot remove admin!</font><br />"; $ret .= "<font color=red>Cannot remove admin!</font><br />";
281 386 } }
282 387
283 388 $remove = rg_var_uint("remove"); $remove = rg_var_uint("remove");
284 389 if ($remove > 0) { if ($remove > 0) {
285 if (!rg_user_remove($db, $xuid))
390 if (!rg_user_remove($db, $uid))
286 391 $ret .= "<font color=red>Cannot remove!</font><br />"; $ret .= "<font color=red>Cannot remove!</font><br />";
287 392 } }
288 393
 
... ... function rg_user_list($db, $url)
303 408 $ret .= " <th>Suspended?</th>\n"; $ret .= " <th>Suspended?</th>\n";
304 409 $ret .= " <th>Session time</th>\n"; $ret .= " <th>Session time</th>\n";
305 410 $ret .= " <th>Last seen (UTC)</th>\n"; $ret .= " <th>Last seen (UTC)</th>\n";
411 $ret .= " <th>Rights</th>\n";
306 412 $ret .= " <th>Operations</th>\n"; $ret .= " <th>Operations</th>\n";
307 413 $ret .= "</tr>\n"; $ret .= "</tr>\n";
308 414 while (($row = rg_sql_fetch_array($res))) { while (($row = rg_sql_fetch_array($res))) {
 
... ... function rg_user_list($db, $url)
311 417 $ret .= " <td>" . $row['email'] . "</td>\n"; $ret .= " <td>" . $row['email'] . "</td>\n";
312 418 $ret .= " <td>" . ($row['is_admin'] == 1 ? "Yes" : "No") . "</td>\n"; $ret .= " <td>" . ($row['is_admin'] == 1 ? "Yes" : "No") . "</td>\n";
313 419 $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n"; $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n";
314 $_v = "unlimited";
315 420 if ($row['disk_quota_mb'] > 0) if ($row['disk_quota_mb'] > 0)
316 421 $_v = rg_1024($row['disk_quota_mb']); $_v = rg_1024($row['disk_quota_mb']);
422 else
423 $_v = "unlimited";
317 424 $ret .= " <td>" . $_v . "</td>\n"; $ret .= " <td>" . $_v . "</td>\n";
318 425 $ret .= " <td>" . ($row['suspended'] == 0 ? "No" : "Yes") . "</th>\n"; $ret .= " <td>" . ($row['suspended'] == 0 ? "No" : "Yes") . "</th>\n";
319 426 $ret .= " <td>" . $row['session_time'] . "s</td>\n"; $ret .= " <td>" . $row['session_time'] . "s</td>\n";
320 $ret .= " <td>" . gmdate("Y-m-d", $row['last_seen']) . "</td>\n";
427 $v = $row['last_seen'] == 0 ? "-" : gmdate("Y-m-d", $row['last_seen']);
428 $ret .= " <td>" . $v . "</td>\n";
429 $v = implode(", ", rg_rights_text("user", $row['rights']));
430 $ret .= " <td>" . $v . "</td>\n";
431
321 432 // operations // operations
322 // suspend
433 $_url = $url . "&amp;uid=" . $row['uid'];
323 434 $ret .= " <td>"; $ret .= " <td>";
324 $_url = $url . "&amp;xuid=" . $row['uid'];
435
436 // edit
437 $ret .= "[<a href=\"$_url&amp;subsubop=3\">Edit</a>]";
438
439 // suspend
325 440 $v = "suspend=1"; $t = "Suspend"; $v = "suspend=1"; $t = "Suspend";
326 441 if ($row['suspended'] > 0) { if ($row['suspended'] > 0) {
327 442 $t = "Unsuspend"; $t = "Unsuspend";
328 443 $v = "unsuspend=1"; $v = "unsuspend=1";
329 444 } }
330 $ret .= "[<a href=\"$_url&amp;$v\">$t</a>]";
445 $ret .= "[<a href=\"$_url&amp;subsubop=1&amp;$v\">$t</a>]";
446
331 447 // admin // admin
332 448 $v = "make_admin=1"; $t = "Make admin"; $v = "make_admin=1"; $t = "Make admin";
333 449 if ($row['is_admin'] == 1) { if ($row['is_admin'] == 1) {
334 450 $t = "Remove admin"; $t = "Remove admin";
335 451 $v = "remove_admin=1"; $v = "remove_admin=1";
336 452 } }
337 $ret .= "[<a href=\"$_url&amp;$v\">$t</a>]";
453 $ret .= "[<a href=\"$_url&amp;subsubop=1&amp;$v\">$t</a>]";
454
338 455 // remove // remove
339 456 if ($row['suspended'] > 0) if ($row['suspended'] > 0)
340 $ret .= "[<a href=\"$_url&amp;remove=1\">Remove!</a>]";
457 $ret .= "[<a href=\"$_url&amp;subsubop=1&amp;remove=1\">Remove!</a>]";
458
341 459 $ret .= " </td>"; $ret .= " </td>";
342 460 $ret .= "</tr>\n"; $ret .= "</tr>\n";
343 461 } }
 
... ... function rg_user_forgot_pass_uid($db, $token)
381 499 } }
382 500
383 501 /* /*
384 * Reset password function (send mail)
502 * Reset password function (send mail) - helper
385 503 */ */
386 function rg_user_forgot_pass_mail($db, $email)
504 function rg_user_forgot_pass_mail_prepare($db, $email)
387 505 { {
388 rg_log("user_forgot_pass_mail: email=$email");
506 rg_log("user_forgot_pass_mail_prepare: email=$email");
389 507
390 508 $expire = time() + 24 * 3600; $expire = time() + 24 * 3600;
391 509 $token = rg_id(40); $token = rg_id(40);
 
... ... function rg_user_forgot_pass_mail($db, $email)
407 525 } }
408 526 rg_sql_free_result($res); rg_sql_free_result($res);
409 527
528 return $token;
529 }
530
531 /*
532 * Reset password function (send mail)
533 */
534 function rg_user_forgot_pass_mail($db, $email)
535 {
536 rg_log("user_forgot_pass_mail: email=$email");
537
538 $token = rg_user_forgot_pass_mail_prepare($db, $email);
539 if ($token === FALSE)
540 return FALSE;
541
410 542 if (!mail($email, "Forgot password", if (!mail($email, "Forgot password",
411 543 "Hello!\nIf you want to reset the password, follow:\n" "Hello!\nIf you want to reset the password, follow:\n"
412 . "http://" . $_SERVER['SERVER_NAME'] . "/" . $_SERVER['PHP_SELF'] . "?op=6&token=$token")) {
544 . "http://" . @$_SERVER['SERVER_NAME']
545 . "/" . @$_SERVER['PHP_SELF']
546 . "?op=6&token=$token")) {
413 547 rg_user_set_error("Cannot send mail!"); rg_user_set_error("Cannot send mail!");
414 548 return FALSE; return FALSE;
415 549 } }
 
... ... function rg_user_forgot_pass_destroy($db, $uid)
437 571
438 572 function rg_user_set_pass($db, $uid, $pass) function rg_user_set_pass($db, $uid, $pass)
439 573 { {
440 rg_log("user_set_pass...");
574 rg_log("user_set_pass: uid=$uid pass=$pass");
441 575
442 576 $e_salt = rg_id(40); $e_salt = rg_id(40);
443 $e_sha1pass = sha1($e_salt . "===" . $pass);
577 $e_sha1pass = rg_user_pass($e_salt, $pass);
444 578
445 579 $sql = "UPDATE users SET" $sql = "UPDATE users SET"
446 580 ." salt = '$e_salt'" ." salt = '$e_salt'"

File inc/user/forgot.form.php changed (mode: 100644) (index e70b08a..6285035)
... ... if (!empty($error))
8 8 $_forgot_form .= ' $_forgot_form .= '
9 9 <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
10 10 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
11 <input type="hidden" name="token" value="' . rg_var_str("token") . '">
11 <input type="hidden" name="ftoken" value="' . $ftoken . '">
12 12 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
13 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
13 14
14 15 <table> <table>
15 16 <tr> <tr>

File inc/user/forgot.php changed (mode: 100644) (index d9aa318..9b7d719)
1 1 <?php <?php
2 2 rg_log("/inc/user/forgot.php"); rg_log("/inc/user/forgot.php");
3 3
4 $token = rg_var_str("token");
4 $ftoken = rg_var_str("ftoken");
5 5 $pass1 = rg_var_str("pass1"); $pass1 = rg_var_str("pass1");
6 6 $pass2 = rg_var_str("pass2"); $pass2 = rg_var_str("pass2");
7 7
 
... ... if ($doit == 1) {
14 14 if (strcmp($pass1, $pass2) != 0) { if (strcmp($pass1, $pass2) != 0) {
15 15 $error .= "Passwords mismatch."; $error .= "Passwords mismatch.";
16 16 } else { } else {
17 $r = user_forgot_pass_uid($db, $token);
17 $r = user_forgot_pass_uid($db, $ftoken);
18 18 if ($r['ok'] != 1) { if ($r['ok'] != 1) {
19 19 $error .= "Internal error, try again later."; $error .= "Internal error, try again later.";
20 20 } else if ($r['uid'] == 0) { } else if ($r['uid'] == 0) {

File inc/util.inc.php changed (mode: 100644) (index 1aeece6..86962e8)
... ... function rg_var_uint($name)
116 116 return sprintf("%u", rg_var_str($name)); return sprintf("%u", rg_var_str($name));
117 117 } }
118 118
119 function rg_var_re($name, $re)
120 {
121 $a = rg_var_str($name);
122 return preg_replace($re, "", $a);
123 }
124
119 125 /* /*
120 126 * Enforce chars in a name. It is used for user and repo. * Enforce chars in a name. It is used for user and repo.
121 127 */ */
122 function rg_chars_allow($name, $allowed_chars)
128 function rg_chars_allow($name, $allowed_regexp)
123 129 { {
124 if (preg_match($allowed_chars, $name) === FALSE)
130 if (preg_match($allowed_regexp, $name) === 0)
125 131 return FALSE; return FALSE;
126 132
127 133 return TRUE; return TRUE;

File rocketgit.spec.in added (mode: 100644) (index 0000000..23674f5)
1 Summary: Light and fast Git hosting solution
2 Name: @PRJ@
3 Version: @VER@
4 Release: @REV@
5 License: GPLv3
6 Group: Applications/Network
7 Source: http://kernel.embedromix.ro/us/rocketgit/%{name}-%{version}.tar.gz
8 URL: http://kernel.embedromix.ro/us/
9 Packager: Catalin(ux) M. BOIE <catab@embedromix.ro>
10 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
11 BuildArch: noarch
12 Requires: httpd, php-process, php-cli, xinetd
13
14
15 %description
16 Light and fast Git hosting solution, similar with Gitorious/GitHub/etc.
17
18 %prep
19 %setup
20
21 %build
22 %configure
23 make
24
25 %install
26 rm -rf ${RPM_BUILD_ROOT}
27 mkdir -p ${RPM_BUILD_ROOT}
28 make install DESTDIR=${RPM_BUILD_ROOT}
29
30 %clean
31 rm -rf ${RPM_BUILD_ROOT}
32
33 %files
34 %attr (-,root,root)
35 %dir @USR_SHARE@/*
36 %doc README LICENSE Changelog TODO

File root/index.php changed (mode: 100644) (index 33792ef..391b97e)
... ... include_once($INC . "/db.inc.php");
15 15 include_once($INC . "/user.inc.php"); include_once($INC . "/user.inc.php");
16 16 include_once($INC . "/repo.inc.php"); include_once($INC . "/repo.inc.php");
17 17 include_once($INC . "/keys.inc.php"); include_once($INC . "/keys.inc.php");
18 include_once($INC . "/token.inc.php");
18 19
19 20 rg_log_set_file("/tmp/rg_web.log"); rg_log_set_file("/tmp/rg_web.log");
20 21
 
... ... $op = rg_var_str("op");
25 26 $subop = rg_var_uint("subop"); $subop = rg_var_uint("subop");
26 27 $subsubop = rg_var_uint("subsubop"); $subsubop = rg_var_uint("subsubop");
27 28 $doit = rg_var_uint("doit"); $doit = rg_var_uint("doit");
28 $sid = rg_var_str("sid");
29 $sid = rg_var_re("sid", "/[^A-Za-z0-9]/");
30 $token = rg_var_re("token", "/[^A-Za-z0-9]/");
29 31
30 32 rg_log("IP: " . @$_SERVER['REMOTE_ADDR']); rg_log("IP: " . @$_SERVER['REMOTE_ADDR']);
31 33 rg_log("_REQUEST: " . trim(print_r($_REQUEST, TRUE))); rg_log("_REQUEST: " . trim(print_r($_REQUEST, TRUE)));
 
... ... $tail .= "\n";
67 69 // menu // menu
68 70 $amenu = array( $amenu = array(
69 71 "login" => array("text" => "Login"), "login" => array("text" => "Login"),
72 "personal" => array("text" => "Personal"),
70 73 "repo" => array("text" => "My repositories"), "repo" => array("text" => "My repositories"),
71 74 "keys" => array("text" => "SSH keys"), "keys" => array("text" => "SSH keys"),
72 75 "admin" => array("text" => "Admin", "needs_admin" => 1), "admin" => array("text" => "Admin", "needs_admin" => 1),

File samples/config.php changed (mode: 100644) (index 722b2d2..e8f1b55)
... ... $rg_session_time = 3600;
16 16 $rg_keys_file = $rg_base . "/.ssh/authorized_keys"; $rg_keys_file = $rg_base . "/.ssh/authorized_keys";
17 17
18 18 // Scripts // Scripts
19 $rg_scripts = "/BIG1T/sync1/Dev/rg/scripts";
19 $rg_scripts = "/usr/share/rocketgit/scripts";
20 20
21 21 // Allowed repo names (regular expression) // Allowed repo names (regular expression)
22 $rg_repo_allow = '/^[^A-Za-z0-9_.-]$/';
22 $rg_repo_allow = '/^[A-Za-z0-9_.-]*$/';
23 23
24 24 // Allowed repo name length // Allowed repo name length
25 $rg_repo_max_len = 16;
25 $rg_repo_max_len = 64;
26 26
27 27 // Allowed user names (regular expression) // Allowed user names (regular expression)
28 $rg_user_allow = '/^[^A-Za-z0-9_.-]$/';
28 $rg_user_allow = '/^[A-Za-z0-9_.-]*$/';
29 29
30 30 // Allowed user name length // Allowed user name length
31 $rg_user_max_len = 16;
31 $rg_user_max_len = 32;
32 32
33 33 // SSH parameters for authorized_keys // SSH parameters for authorized_keys
34 34 $rg_ssh_paras = "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty"; $rg_ssh_paras = "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty";
35 35
36 // Random key that will be used for encription of the password for better security
37 $rg_pass_key = "reigjmn9483jfisendfhwefhefhesfuhfskhjukhtw4khfwkur";
38
36 39 ?> ?>

File samples/cron changed (mode: 100644) (index a57ca50..8c8b49e)
1 * * * * * rg php /BIG1T/sync1/Dev/rg/scripts/cron.php
2 * * * * * rg php /BIG1T/sync1/Dev/rg/scripts/q.php
1 * * * * * rg php /usr/share/rocketgit/scripts/cron.php
2 * * * * * rg php /usr/share/rocketgit/scripts/q.php

File samples/rg changed (mode: 100644) (index bff94f3..c71ce35)
... ... service git
10 10 wait = no wait = no
11 11 user = rg user = rg
12 12 server = /usr/bin/php server = /usr/bin/php
13 server_args = /BIG1T/sync1/Dev/rg/scripts/ssh.php
13 server_args = /usr/share/rocketgit/scripts/ssh.php
14 14 log_on_failure += USERID log_on_failure += USERID
15 15 } }

File samples/rg.conf changed (mode: 100644) (index 0e3b045..48733a5)
3 3 <VirtualHost *:80> <VirtualHost *:80>
4 4 ServerName rg.embedromix.ro ServerName rg.embedromix.ro
5 5 ServerAlias rg ServerAlias rg
6 DocumentRoot /BIG1T/sync1/Dev/rg/root/
6 DocumentRoot /usr/share/rocketgit/root/
7 7
8 <Directory "/BIG1T/sync1/Dev/rg/root">
8 <Directory "/usr/share/rocketgit/root">
9 9 AllowOverride All AllowOverride All
10 10 Order allow,deny Order allow,deny
11 11 Allow from all Allow from all

File scripts/cron.php changed (mode: 100644) (index 87dc90d..4931eae)
... ... if (date("H") == 0) {
40 40 } else { } else {
41 41 while (($row = rg_sql_fetch_array($res))) { while (($row = rg_sql_fetch_array($res))) {
42 42 rg_log("Processing repository [" . $row['name'] . "]..."); rg_log("Processing repository [" . $row['name'] . "]...");
43 $repo_path = rg_repo_id2base($row['repo_id']) . $row['name'] . ".git";
43 $repo_path = rg_repo_name2base($row['name']) . $row['name'] . ".git";
44 44 $disk_mb = rg_repo_disk_mb($repo_path); $disk_mb = rg_repo_disk_mb($repo_path);
45 45 $sql = "UPDATE repos SET disk_mb = $disk_mb" $sql = "UPDATE repos SET disk_mb = $disk_mb"
46 46 . " WHERE repo_id = " . $row['repo_id']; . " WHERE repo_id = " . $row['repo_id'];
 
... ... if (date("H") == 0) {
70 70 } }
71 71
72 72 if (date("H") == 1) { if (date("H") == 1) {
73 rg_log("Clean old tokens...");
74 $sql = "DELETE FROM tokens WHERE expire < $now";
75 $res = rg_sql_query($db, $sql);
76 rg_sql_free_result($res);
77 }
78
79 if (date("H") == 1) {
73 80 rg_log("Clean old sess entries..."); rg_log("Clean old sess entries...");
74 81 $sql = "DELETE FROM sess WHERE expire < $now"; $sql = "DELETE FROM sess WHERE expire < $now";
75 82 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);

File scripts/q.php changed (mode: 100644) (index 23e6bc8..d636337)
... ... while ($runs-- > 0) {
59 59 while (($row = rg_sql_fetch_array($res))) { while (($row = rg_sql_fetch_array($res))) {
60 60 rg_log("\tProcess repo " . $row['name'] . "..."); rg_log("\tProcess repo " . $row['name'] . "...");
61 61
62 $dst = rg_repo_id2base($row['repo_id']) . $row['name'] . ".git";
62 $dst = rg_repo_name2base($row['name']) . $row['name'] . ".git";
63 63 if ($row['master'] == 0) { if ($row['master'] == 0) {
64 64 $r = rg_git_init($dst); $r = rg_git_init($dst);
65 65 if ($r === FALSE) { if ($r === FALSE) {
 
... ... while ($runs-- > 0) {
72 72 if ($mi['exists'] != 1) { if ($mi['exists'] != 1) {
73 73 rg_log("\tCannot find master!"); rg_log("\tCannot find master!");
74 74 } else { } else {
75 $src = rg_repo_id2base($mi['repo_id']) . $mi['name'] . ".git";
75 $src = rg_repo_name2base($mi['name']) . $mi['name'] . ".git";
76 76 $r = rg_git_clone($src, $dst); $r = rg_git_clone($src, $dst);
77 77 if ($r === FALSE) { if ($r === FALSE) {
78 78 rg_log("\tCould not create repo!"); rg_log("\tCould not create repo!");
 
... ... while ($runs-- > 0) {
81 81 } }
82 82 } }
83 83 } }
84
85 rg_log("Make hooks links...");
86 symlink("/BIG1T/sync1/Dev/rg/scripts/hooks_update", $dst . "/hooks/upate");
84 87 } }
85 88 rg_sql_free_result($res); rg_sql_free_result($res);
86 89

File scripts/ssh.php changed (mode: 100644) (index 74a4810..56c4f09)
... ... $repo = preg_replace('/\.git$/' , '', $repo);
104 104 rg_log("host=[$host] cmd=[$cmd] repo=[$repo] perms=[$perms]."); rg_log("host=[$host] cmd=[$cmd] repo=[$repo] perms=[$perms].");
105 105
106 106 // validity/security checks // validity/security checks
107 if (empty($repo))
108 fatal("Repo is invalid!");
109 if (preg_match('/\.\./', $repo))
110 fatal("Repo must not contain [..]!");
111 if (preg_match('/\//', $repo))
112 fatal("Repo must not contain [/]!");
107 if (rg_repo_ok($repo) !== TRUE)
108 fatal("Repo [$repo] is invalid (" . rg_repo_error() . ")");
113 109
114 110 $db = rg_sql_open($rg_db); $db = rg_sql_open($rg_db);
115 111 if ($db === FALSE) if ($db === FALSE)
 
... ... if (!rg_repo_allow($db, $ri, $rg_ui, $perms))
132 128
133 129 // TODO: limit time and/or cpu // TODO: limit time and/or cpu
134 130
135 $repo_base = rg_repo_id2base($ri['repo_id']);
131 $repo_base = rg_repo_name2base($repo);
136 132 $repo_path = $repo_base . $repo . ".git"; $repo_path = $repo_base . $repo . ".git";
137 133 rg_log("repo_path=$repo_path."); rg_log("repo_path=$repo_path.");
138 134

File tests/Makefile changed (mode: 100644) (index a30ccb6..4f735a9)
1 tests := util db keys repo state
1 tests := util db keys repo rights state user
2 2 .PHONY: $(tests) .PHONY: $(tests)
3 3
4 4 all: $(tests) all: $(tests)
 
... ... keys:
15 15 repo: repo:
16 16 php repo.php php repo.php
17 17
18 rights:
19 php rights.php
20
18 21 state: state:
19 22 php state.php php state.php
23
24 user:
25 php user.php

File tests/repo.php changed (mode: 100644) (index 43b75be..3bc9499)
... ... $INC = "../inc";
5 5 require_once($INC . "/repo.inc.php"); require_once($INC . "/repo.inc.php");
6 6 require_once($INC . "/db/struct.inc.php"); require_once($INC . "/db/struct.inc.php");
7 7
8 rg_log_set_file(__FILE__ . ".log");
8 rg_log_set_file("repo.log");
9
10 $rg_sql_debug = 1;
11
12 // defaults
13 $rg_repo_max_len = 100;
14 $rg_base_repo = "/u";
15
16
17 rg_log("name2base1");
18 $e = "/u/a/a/";
19 $c = rg_repo_name2base("aa");
20 if (strcmp($c, $e) != 0) {
21 echo "name2base1 is not working correctly: c=$c e=$e.\n";
22 exit(1);
23 }
24
25 rg_log("name2base2");
26 $e = "/u/a/_/";
27 $c = rg_repo_name2base("a");
28 if (strcmp($c, $e) != 0) {
29 echo "name2base2 is not working correctly: c=$c e=$e.\n";
30 exit(1);
31 }
32
33 rg_log("test if repo_allow works correctly (0)");
34 $rg_repo_allow = '/^[A-Za-z0-9]*$/';
35 $v = "xx";
36 $c = rg_repo_ok($v);
37 if ($c !== TRUE) {
38 echo "repo_allow problem for valid repo [$v] (c=$c).\n";
39 exit(1);
40 }
41
42 rg_log("test if repo_allow works correctly (1)");
43 $rg_repo_allow = '/^[A-Za-z0-9]*$/';
44 $v = "eyhtmcmet_";
45 $c = rg_repo_ok($v);
46 if ($c !== FALSE) {
47 echo "repo_allow problem for '_' in [$v] (c=$c).\n";
48 exit(1);
49 }
50
51 rg_log("test if repo_allow works correctly (2)");
52 $rg_repo_allow = '/^[A-Za-z0-9_.-]*$/';
53 $v = ".e&y.h-tmcmet&_.-";
54 $c = rg_repo_ok($v);
55 if ($c !== FALSE) {
56 echo "repo_allow problem for '&'.\n";
57 exit(1);
58 }
59
60 rg_log("check if we allow '..'");
61 $rg_repo_allow = '/^[A-Za-z0-9_.-]*$/';
62 $v = "a..b";
63 $c = rg_repo_ok($v);
64 if ($c !== FALSE) {
65 echo "repo_allow problem for '..'.\n";
66 exit(1);
67 }
68
69 rg_log("check len test");
70 $v = "0123456789A";
71 $rg_repo_allow = '/^[A-Za-z0-9]*$/';
72 $rg_repo_max_len = 10;
73 $c = rg_repo_ok($v);
74 if ($c !== FALSE) {
75 echo "repo_ok: max length is not enforced!\n";
76 exit(1);
77 }
78
9 79
10 80 @unlink("repo.sqlite"); @unlink("repo.sqlite");
11 81
 
... ... if ($r === FALSE) {
24 94 $sql = "INSERT INTO repos (repo_id, name, uid, itime" $sql = "INSERT INTO repos (repo_id, name, uid, itime"
25 95 . ", disk_quota_mb, max_commit_size" . ", disk_quota_mb, max_commit_size"
26 96 . ", master, desc, git_dir_done, default_rights)" . ", master, desc, git_dir_done, default_rights)"
27 . " VALUES (1, 'repo1', 1, 0, 0, 0, 0, 'bla bla desc', 1, '')";
97 . " VALUES (1, 'repo1', 1, 0, 0, 0, 0, 'bla bla desc', 1, 'F')";
28 98 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
29 99 if ($res === FALSE) { if ($res === FALSE) {
30 100 echo "Cannot insert a user!\n"; echo "Cannot insert a user!\n";
31 101 exit(1); exit(1);
32 102 } }
33 103
104 echo "test giving rights\n";
34 105 $repo_id = 1; $repo_id = 1;
35 106 $ri = rg_repo_info($db, $repo_id, ""); $ri = rg_repo_info($db, $repo_id, "");
36 107 $uid = 10; $uid = 10;
37 $v = rg_repo_rights_set($db, $ri, $uid, "F");
108 $v = rg_repo_rights_set($db, $ri, $uid, "P");
38 109 if ($v === FALSE) { if ($v === FALSE) {
39 110 echo "Cannot give rights (1)!\n"; echo "Cannot give rights (1)!\n";
40 111 exit(1); exit(1);
41 112 } }
42 113
43 @unlink("repo.sqlite");
44
45 $a = "AF"; $b = "AD"; $e = "AFD";
46 $r = rg_repo_rights_combine($a, $b);
47 if (strcmp($r, $e) != 0) {
48 echo "Combine rights error1 ([$r] vs [$e])\n";
114 echo "owner gets all rights.\n";
115 $uid = 1;
116 $e = rg_rights_all("repo");
117 $r = rg_repo_rights_get($db, $ri, $uid, 0);
118 $c = $r['rights'];
119 if (strcmp($c, $e) != 0) {
120 echo "Owner did not get all rights: c=$c e=$e.\n";
49 121 exit(1); exit(1);
50 122 } }
51 123
52 $a = ""; $b = ""; $e = "";
53 $r = rg_repo_rights_combine($a, $b);
54 if (strcmp($r, $e) != 0) {
55 echo "Combine rights error1 ([$r] vs [$e])\n";
124 echo "non-owner gets correct rights: F gets from default rights.\n";
125 $uid = 12;
126 $r = rg_repo_rights_set($db, $ri, $uid, "P");
127 if ($r !== TRUE) {
128 echo "Cannot set rights (" . rg_repo_error() . ")!\n";
56 129 exit(1); exit(1);
57 130 } }
58
59 $a = "AXUJUNFUUFU"; $b = ""; $e = $a;
60 $r = rg_repo_rights_combine($a, $b);
61 if (strcmp($r, $e) != 0) {
62 echo "Combine rights error1 ([$r] vs [$e])\n";
63 exit(1);
64 }
65
66 // test if repo_allow works correctly
67 $rg_repo_allow = '/^[^A-Za-z0-9]*$/';
68 $v = "eyhtmcmet_";
69 $c = rg_repo_ok($v);
70 if ($c !== FALSE) {
71 echo "repo_allow problem for '_' ($c).\n";
131 $e = "FP";
132 $r = rg_repo_rights_get($db, $ri, $uid, 0);
133 $c = $r['rights'];
134 if (strcmp($c, $e) != 0) {
135 echo "Non-owner did not get correct rights: c=$c e=$e.\n";
72 136 exit(1); exit(1);
73 137 } }
74 138
75 $rg_repo_allow = '/^[^A-Za-z0-9_.-]*$/';
76 $v = ".e&y.h-tmcmet&_.-";
77 $c = rg_repo_ok($v);
78 if ($c !== FALSE) {
79 echo "repo_allow problem for '&'.\n";
139 echo "owner can set separate rights for him\n";
140 $uid = 1;
141 $v = rg_repo_rights_set($db, $ri, $uid, "A");
142 if ($v === FALSE) {
143 echo "Owner cannot set separate rights for him!\n";
80 144 exit(1); exit(1);
81 145 } }
82 146
83 // check if we allow '..'
84 $rg_repo_allow = '/^[^A-Za-z0-9_.-]*$/';
85 $v = "a..b";
86 $c = rg_repo_ok($v);
87 if ($c !== FALSE) {
88 echo "repo_allow problem for '..'.\n";
147 rg_log("list1");
148 $r = rg_repo_rights_list($db, $ri, "/prj1");
149 if ($r === FALSE) {
150 echo "Cannot list rights (" . rg_repo_error() . ")\n";
89 151 exit(1); exit(1);
90 152 } }
91 153
92 // check len
93 $v = "0123456789A";
94 $rg_repo_allow = '/^[^A-Za-z0-9]*$/';
95 $rg_repo_max_len = 10;
96 $c = rg_repo_ok($v);
97 if ($c !== FALSE) {
98 echo "repo_ok: max length is not enforced!\n";
99 exit(1);
100 }
154 @unlink("repo.sqlite");
101 155
102 156 echo "OK\n"; echo "OK\n";
103 157 ?> ?>

File tests/rights.php added (mode: 100644) (index 0000000..ce5638e)
1 <?php
2 error_reporting(E_ALL | E_STRICT);
3
4 $INC = "../inc";
5 require_once($INC . "/rights.inc.php");
6
7 rg_log_set_file("rights.log");
8
9 rg_log("test if combine works correctly (1)");
10 $a = "AF"; $b = "AD"; $e = "AFD";
11 $r = rg_rights_combine($a, $b);
12 if (strcmp($r, $e) != 0) {
13 echo "Combine rights error1 ([$r] vs [$e])\n";
14 exit(1);
15 }
16
17 rg_log("test if combine works correctly (2)");
18 $a = ""; $b = ""; $e = "";
19 $r = rg_rights_combine($a, $b);
20 if (strcmp($r, $e) != 0) {
21 echo "Combine rights error1 ([$r] vs [$e])\n";
22 exit(1);
23 }
24
25 rg_log("test if combine works correctly (3)");
26 $a = "AXUJUNFUUFU"; $b = ""; $e = $a;
27 $r = rg_rights_combine($a, $b);
28 if (strcmp($r, $e) != 0) {
29 echo "Combine rights error1 ([$r] vs [$e])\n";
30 exit(1);
31 }
32
33 echo "OK\n";
34 ?>

File tests/user.php changed (mode: 100644) (index da193d8..d7673c4)
... ... $INC = "../inc";
5 5 require_once($INC . "/user.inc.php"); require_once($INC . "/user.inc.php");
6 6 require_once($INC . "/db/struct.inc.php"); require_once($INC . "/db/struct.inc.php");
7 7
8 rg_log_set_file("user.log");
9
10 $rg_user_max_len = 20;
11 $rg_pass_key = "aaa";
12 $rg_session_time = 3600;
13 $rg_user_allow = '/^[A-Za-z0-9_.-]*$/';
14
8 15 @unlink("user.sqlite"); @unlink("user.sqlite");
9 16
10 17 $db = rg_sql_open("sqlite:user.sqlite"); $db = rg_sql_open("sqlite:user.sqlite");
 
... ... if ($r === FALSE) {
19 26 exit(1); exit(1);
20 27 } }
21 28
22 $sql = "INSERT INTO users VALUES ('rg@localhost', '', 0)";
23 $res = rg_sql_query($db, $sql);
24 if ($res === FALSE) {
25 echo "Cannot insert a user!";
29 // add user
30 $r = rg_user_edit($db, 0, "userA", "rg@localhost", "pass1", 1, 100, "C");
31 if ($r !== TRUE) {
32 echo "Cannot add user (" . rg_user_error() . ")!\n";
26 33 exit(1); exit(1);
27 34 } }
35 $uid = rg_sql_last_id($db);
28 36
29 37 $v = rg_user_forgot_pass_mail($db, "rg@localhost"); $v = rg_user_forgot_pass_mail($db, "rg@localhost");
30 38 if ($v === FALSE) { if ($v === FALSE) {
 
... ... if ($v === FALSE) {
32 40 exit(1); exit(1);
33 41 } }
34 42
43 $_ui = rg_user_info($db, $uid, "", "");
44 if ($_ui['exists'] != 1) {
45 echo "Seems that user with $uid does not exists!\n";
46 exit(1);
47 }
48 $salt = $_ui['salt'];
49 $pass = $_ui['pass'];
50
51 // edit user - empty pass
52 $r = rg_user_edit($db, $uid, "userA", "rg@localhost", "", 1, 100, "C");
53 if ($r !== TRUE) {
54 echo "Cannot edit user with empty pass (" . rg_user_error() . ")!\n";
55 exit(1);
56 }
57 // the pass should not be changed here
58 $_ui = rg_user_info($db, $uid, "", "");
59 if ($_ui['exists'] != 1) {
60 echo "Seems that user with $uid does not exists!\n";
61 exit(1);
62 }
63 if (strcmp($salt, $_ui['salt']) != 0) {
64 echo "Salt was changed!\n";
65 exit(1);
66 }
67 if (strcmp($pass, $_ui['pass']) != 0) {
68 echo "Password was changed!\n";
69 exit(1);
70 }
71
72 // edit user - no empty pass
73 $r = rg_user_edit($db, $uid, "userA", "rg@localhost", "pass2", 1, 100, "C");
74 if ($r !== TRUE) {
75 echo "Cannot edit user with not empty pass (" . rg_user_error() . ")!\n";
76 exit(1);
77 }
78 // the pass should be changed here
79 $_ui = rg_user_info($db, $uid, "", "");
80 if ($_ui['exists'] != 1) {
81 echo "Seems that user with $uid does not exists!\n";
82 exit(1);
83 }
84 if (strcmp($salt, $_ui['salt']) == 0) {
85 echo "Salt was not changed!\n";
86 exit(1);
87 }
88 if (strcmp($pass, $_ui['pass']) == 0) {
89 echo "Password was not changed!\n";
90 exit(1);
91 }
92
93 // change password
94 $r = rg_user_set_pass($db, $uid, "pass3");
95 if ($r !== TRUE) {
96 echo "Cannot change pass!\n";
97 exit(1);
98 }
99
100 // get token for e-mail forgot pass feature
101 $token = rg_user_forgot_pass_mail_prepare($db, "rg@localhost");
102 if ($token === FALSE) {
103 echo "Could not get token (" . rg_user_error() . ")!\n";
104 exit(1);
105 }
106
107 $r = rg_user_forgot_pass_uid($db, $token);
108 if ($r['ok'] != 1) {
109 echo "Cannot find uid based on token (" . rg_user_error() . ")!\n";
110 exit(1);
111 }
112
113 if ($r['uid'] != $uid) {
114 echo "Token returned does not belong to the proper user!\n";
115 exit(1);
116 }
117
35 118 @unlink("user.sqlite"); @unlink("user.sqlite");
36 119
37 120 echo "OK\n"; echo "OK\n";
Hints

Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master