xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)
Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.
Clone URLs: https://code.reversed.top/user/xaizek/rocketgit ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit
v0.0 v0.1 v0.10 v0.11 v0.12 v0.13 v0.14 v0.15 v0.17 v0.18 v0.19 v0.2 v0.20 v0.21 v0.22 v0.23 v0.24 v0.25 v0.27 v0.28 v0.29 v0.31 v0.32 v0.33 v0.34 v0.35 v0.36 v0.38 v0.39 v0.40 v0.41 v0.42 v0.43 v0.44 v0.45 v0.46 v0.47 v0.48 v0.49 v0.50 v0.51 v0.52 v0.53 v0.54 v0.55 v0.56 v0.57 v0.58 v0.60 v0.61 v0.62 v0.63 v0.64 v0.65 v0.66 v0.67 v0.68 v0.69 v0.70 local master
Commit c1778920e66c4561f63632030fff66bff71d4395

Lots of stuff.
Author: Catalin(ux) M. BOIE
Author date (UTC): 2011-06-27 17:33
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2011-06-27 19:13
Parent(s): 3c6df6f5a6053d322f93814b3a8ccc8555951d9f
Signing key:
Tree: 8fdf8497026db807ea576bf58b7b079c755a2e4c
File Lines added Lines deleted
.gitignore 6 1
Makefile.in 28 0
TODO 12 1
configure 3 0
duilder 544 0
duilder.conf 12 0
hooks/pre-commit 46 0
hooks/update 96 0
inc/admin/admin.php 1 1
inc/admin/repos/repos.php 2 1
inc/admin/users/add.php 16 3
inc/admin/users/edit.php 56 0
inc/admin/users/user.form.php 19 3
inc/admin/users/users.php 9 3
inc/db/struct.inc.php 9 2
inc/dispatch/dispatch.php 6 1
inc/git.inc.php 55 0
inc/keys/add.form.php 1 0
inc/login/login.form.php 2 0
inc/personal/pass.form.php 12 5
inc/personal/personal.php 92 0
inc/repo.inc.php 110 198
inc/repo/repo.form.php 9 1
inc/repo/repo.php 3 2
inc/repo/repo_page.php 10 4
inc/repo/rights.form.php 2 1
inc/rights.inc.php 274 0
inc/sess.inc.php 4 0
inc/token.inc.php 124 0
inc/user.inc.php 176 42
inc/user/forgot.form.php 2 1
inc/user/forgot.php 2 2
inc/util.inc.php 8 2
rocketgit.spec.in 36 0
root/index.php 4 1
samples/config.php 8 5
samples/cron 2 2
samples/rg 1 1
samples/rg.conf 2 2
scripts/cron.php 8 1
scripts/q.php 5 2
scripts/ssh.php 3 7
tests/Makefile 7 1
tests/repo.php 101 47
tests/rights.php 34 0
tests/user.php 87 4
File .gitignore changed (mode: 100644) (index cfce1ad..a303424)
1 1 *.log *.log
2
2 Changelog
3 Makefile
4 cata/
5 *.tar.gz
6 *.rpm
7 *.spec
File Makefile.in added (mode: 100644) (index 0000000..4067186)
1 export CC := gcc
2 export INCS +=
3 export LIBS +=
4
5 .PHONY: all
6 all: junk
7
8 .PHONY:
9 junk:
10 @-/bin/true
11 @echo "Done!"
12
13 .PHONY: clean
14 clean:
15 @-rm -f $(PRJ)-*.rpm $(PRJ)-*-*-*.tgz $(PRJ)-*.tar.gz
16
17 install: all
18 @mkdir -p $(I_USR_SHARE)/$(PRJ)
19 cp -vdr inc hooks root scripts $(I_USR_SHARE)/$(PRJ)
20 @mkdir -p $(I_ETC)
21 cp -vd samples/rg $(I_ETC)/xinetd.d/rocketgit
22 @mkdir -p $(I_ETC)/cron.d
23 cp -vd samples/cron $(I_ETC)/cron.d/rocketgit
24 @mkdir -p $(I_ETC)/httpd/conf.d
25 cp -vd samples/rg.conf $(I_ETC)/httpd/conf.d/rocketgit.conf
26 @mkdir -p $(I_ETC)/rocketgit
27 cp -vd samples/config.php $(I_ETC)/rocketgit/
28 cp -vd samples/config.php $(I_ETC)/rocketgit/config.php.sample
File TODO changed (mode: 100644) (index 9cb8273..15b3ab0)
2 2 [ ] Validate e-mails. [ ] Validate e-mails.
3 3 [ ] You cannot admin rights of a repository if is not yours. [ ] You cannot admin rights of a repository if is not yours.
4 4 [ ] Check XSRF attacks and other types. [ ] Check XSRF attacks and other types.
5 [ ] Edit repo (rights) does not work.
6 [ ] Shard by project name not by id!
5 7 [ ] [ ]
6 8
7 9 == Low priority == == Low priority ==
10 [ ] Make rights generic (both for repo, users etc.).
8 11 [ ] We should make a repo dirty ony if user pushed something with success. [ ] We should make a repo dirty ony if user pushed something with success.
9 12 [ ] <link rel="icon" type="image/png" id="favicon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8%2F9hAAAACGFjVEwAAAASAAAAAJNtBPIAAAAaZmNUTAAAAAAAAAAQAAAAEAAAAAAAAAAALuAD6AABhIDeugAAALhJREFUOI2Nk8sNxCAMRDlGohauXFOMpfTiAlxICqAELltHLqlgctg1InzMRhpFAc%2BLGWTnmoeZYamt78zXdZmaQtQMADlnU0OIAlbmJUBEcO4bRKQY2rUXIPmAGnDuG%2FBx3%2FfvOPVaDUg%2BoAPUf1PArIMCSD5glMEsUGaG%2BkyAFWIBaCsKuA%2BHGCNijLgP133XgOEtaPFMy2vUolEGJoCIzBmoRUR9%2B7rxj16DZaW%2FmgtmxnJ8V3oAnApQwNS5zpcAAAAaZmNUTAAAAAEAAAAQAAAAEAAAAAAAAAAAAB4D6AIB52fclgAAACpmZEFUAAAAAjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9WF%2Bu8QAAABpmY1RMAAAAAwAAABAAAAAQAAAAAAAAAAAAHgPoAgEK8Q9%2FAAAAFmZkQVQAAAAEOI1jYBgFo2AUjAIIAAAEEAAB0xIn4wAAABpmY1RMAAAABQAAABAAAAAQAAAAAAAAAAAAHgPoAgHnO30FAAAAQGZkQVQAAAAGOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVfozYcAAAABpmY1RMAAAABwAAABAAAAAQAAAAAAAAAAAAHgPoAgEKra7sAAAAFmZkQVQAAAAIOI1jYBgFo2AUjAIIAAAEEAABM9s3hAAAABpmY1RMAAAACQAAABAAAAAQAAAAAAAAAAAAHgPoAgHn3p%2BwAAAAKmZkQVQAAAAKOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F1BhPl6AAAAGmZjVEwAAAALAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQpITFkAAAAWZmRBVAAAAAw4jWNrgAWjYBSMArgAAAQQAAHaszpmAAAAGmZjVEwAAAANAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeeCPiMAAABAZmRBVAAAAA44jWNrgJ5gpxrDf2LEcIL%2FpzAVYxPDavP%2FUwz%2FpW79%2F%2F%2F%2FFMP%2FnWoQjC5GOxcgu4QYsVEwCmAAAOE0KxUmBL0KAAAAGmZjVEwAAAAPAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQoU7coAAAAWZmRBVAAAABA4jWNrgAWjYBSMArgAAAQQAAEpOBELAAAAGmZjVEwAAAARAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeYVWtoAAAAqZmRBVAAAABI4jWNrgAVYQXNz839ixHBq3qnG8B9ZAzYx2rlgFIwCcgAA8psX%2FWvpAecAAAAaZmNUTAAAABMAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC4OJMwAAABZmZEFUAAAAFDiNY2AYBaNgFIwCCAAABBAAAcBQHOkAAAAaZmNUTAAAABUAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5kn7SQAAAEBmZEFUAAAAFjiNY2AYnmCnGsN%2FYsRwgv%2BnMBVjE8Nq8%2F9TDP%2Blbv3%2F%2F%2F8Uw%2F%2BdahCMLkY7FyC7hBixUTAKYAAA4TQrFc%2BcEoQAAAAaZmNUTAAAABcAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC98ooAAAABZmZEFUAAAAGDiNY2AYBaNgFIwCCAAABBAAASCZDI4AAAAaZmNUTAAAABkAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5qwZ%2FAAAACpmZEFUAAAAGjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9cjJWbAAAABpmY1RMAAAAGwAAABAAAAAQAAAAAAAAAAAAHgPoAgELOsoVAAAAFmZkQVQAAAAcOI1jYBgFo2AUjAIIAAAEEAAByfEBbAAAABpmY1RMAAAAHQAAABAAAAAQAAAAAAAAAAAAHgPoAgHm8LhvAAAAQGZkQVQAAAAeOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVlxR3%2FgAAABpmY1RMAAAAHwAAABAAAAAQAAAAAAAAAAAAHgPoAgELZmuGAAAAFmZkQVQAAAAgOI1jYBgFo2AUjAIIAAAEEAABHP5cFQAAABpmY1RMAAAAIQAAABAAAAAQAAAAAAAAAAAAHgPoAgHlgtAOAAAAKmZkQVQAAAAiOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F0%2FMvDdAAAAAElFTkSuQmCC"/> [ ] <link rel="icon" type="image/png" id="favicon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8%2F9hAAAACGFjVEwAAAASAAAAAJNtBPIAAAAaZmNUTAAAAAAAAAAQAAAAEAAAAAAAAAAALuAD6AABhIDeugAAALhJREFUOI2Nk8sNxCAMRDlGohauXFOMpfTiAlxICqAELltHLqlgctg1InzMRhpFAc%2BLGWTnmoeZYamt78zXdZmaQtQMADlnU0OIAlbmJUBEcO4bRKQY2rUXIPmAGnDuG%2FBx3%2FfvOPVaDUg%2BoAPUf1PArIMCSD5glMEsUGaG%2BkyAFWIBaCsKuA%2BHGCNijLgP133XgOEtaPFMy2vUolEGJoCIzBmoRUR9%2B7rxj16DZaW%2FmgtmxnJ8V3oAnApQwNS5zpcAAAAaZmNUTAAAAAEAAAAQAAAAEAAAAAAAAAAAAB4D6AIB52fclgAAACpmZEFUAAAAAjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9WF%2Bu8QAAABpmY1RMAAAAAwAAABAAAAAQAAAAAAAAAAAAHgPoAgEK8Q9%2FAAAAFmZkQVQAAAAEOI1jYBgFo2AUjAIIAAAEEAAB0xIn4wAAABpmY1RMAAAABQAAABAAAAAQAAAAAAAAAAAAHgPoAgHnO30FAAAAQGZkQVQAAAAGOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVfozYcAAAABpmY1RMAAAABwAAABAAAAAQAAAAAAAAAAAAHgPoAgEKra7sAAAAFmZkQVQAAAAIOI1jYBgFo2AUjAIIAAAEEAABM9s3hAAAABpmY1RMAAAACQAAABAAAAAQAAAAAAAAAAAAHgPoAgHn3p%2BwAAAAKmZkQVQAAAAKOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F1BhPl6AAAAGmZjVEwAAAALAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQpITFkAAAAWZmRBVAAAAAw4jWNrgAWjYBSMArgAAAQQAAHaszpmAAAAGmZjVEwAAAANAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeeCPiMAAABAZmRBVAAAAA44jWNrgJ5gpxrDf2LEcIL%2FpzAVYxPDavP%2FUwz%2FpW79%2F%2F%2F%2FFMP%2FnWoQjC5GOxcgu4QYsVEwCmAAAOE0KxUmBL0KAAAAGmZjVEwAAAAPAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAQoU7coAAAAWZmRBVAAAABA4jWNrgAWjYBSMArgAAAQQAAEpOBELAAAAGmZjVEwAAAARAAAAEAAAABAAAAAAAAAAAAAeA%2BgCAeYVWtoAAAAqZmRBVAAAABI4jWNrgAVYQXNz839ixHBq3qnG8B9ZAzYx2rlgFIwCcgAA8psX%2FWvpAecAAAAaZmNUTAAAABMAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC4OJMwAAABZmZEFUAAAAFDiNY2AYBaNgFIwCCAAABBAAAcBQHOkAAAAaZmNUTAAAABUAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5kn7SQAAAEBmZEFUAAAAFjiNY2AYnmCnGsN%2FYsRwgv%2BnMBVjE8Nq8%2F9TDP%2Blbv3%2F%2F%2F8Uw%2F%2BdahCMLkY7FyC7hBixUTAKYAAA4TQrFc%2BcEoQAAAAaZmNUTAAAABcAAAAQAAAAEAAAAAAAAAAAAB4D6AIBC98ooAAAABZmZEFUAAAAGDiNY2AYBaNgFIwCCAAABBAAASCZDI4AAAAaZmNUTAAAABkAAAAQAAAAEAAAAAAAAAAAAB4D6AIB5qwZ%2FAAAACpmZEFUAAAAGjiNY2AYBVhBc3Pzf2LEcGreqcbwH1kDNjHauWAUjAJyAADymxf9cjJWbAAAABpmY1RMAAAAGwAAABAAAAAQAAAAAAAAAAAAHgPoAgELOsoVAAAAFmZkQVQAAAAcOI1jYBgFo2AUjAIIAAAEEAAByfEBbAAAABpmY1RMAAAAHQAAABAAAAAQAAAAAAAAAAAAHgPoAgHm8LhvAAAAQGZkQVQAAAAeOI1jYBieYKcaw39ixHCC%2F6cwFWMTw2rz%2F1MM%2F6Vu%2Ff%2F%2F%2FxTD%2F51qEIwuRjsXILuEGLFRMApgAADhNCsVlxR3%2FgAAABpmY1RMAAAAHwAAABAAAAAQAAAAAAAAAAAAHgPoAgELZmuGAAAAFmZkQVQAAAAgOI1jYBgFo2AUjAIIAAAEEAABHP5cFQAAABpmY1RMAAAAIQAAABAAAAAQAAAAAAAAAAAAHgPoAgHlgtAOAAAAKmZkQVQAAAAiOI1jYBgFWEFzc%2FN%2FYsRwat6pxvAfWQM2Mdq5YBSMAnIAAPKbF%2F0%2FMvDdAAAAAElFTkSuQmCC"/>
10 13 [ ] Add key form may be joined with list keys command! [ ] Add key form may be joined with list keys command!
 
41 44 [ ] On rocketgit website, add "Feedback" area. [ ] On rocketgit website, add "Feedback" area.
42 45 [ ] Do not forget to pack /etc/httpd/conf.d/rg.conf. [ ] Do not forget to pack /etc/httpd/conf.d/rg.conf.
43 46 [ ] Allow multiple virtual hosts, with different configurations. [ ] Allow multiple virtual hosts, with different configurations.
44 [ ]
47 [ ] session_time should be set at login time? And/or default s_t should be set from database?
48 [ ] Do not let user upload an already uploaded key.
49 [ ] Do not permit more than X auth attempts per second.
50 [ ] See HTTP Only to prevent scripts to access the session cookie.
51 [ ] Set correct group in spec file.
52 [ ] See prepare-commit-msg.sample - we can auto add a line to every commit.
53 [ ] Check http://plathrop.tertiusfamily.net/blog/2010/05/11/git-hooks-branch-acls-and-more/ to block updates that have not pull - a la SVN
54 [ ] Maybe we should mark the repository as dirty, only in the post-receive hook? Or update is the best place?
55 [ ]
File configure added (mode: 100755) (index 0000000..d33bb6c)
1 #!/bin/bash
2
3 ./duilder
File duilder added (mode: 100755) (index 0000000..62411b6)
1 #!/bin/bash
2
3 set -e
4
5 function duilder_final()
6 {
7 PRJ="${1}"
8 VER="${2}"
9 RELEASE_SCRIPT="${3}"
10
11 # Run release script
12 if [ ! -z "${RELEASE_SCRIPT}" -a -x "${RELEASE_SCRIPT}" ]; then
13 echo "Running ${RELEASE_SCRIPT}..."
14 ${RELEASE_SCRIPT}
15 fi
16 }
17
18 function duilder_docs()
19 {
20 PRJ="${1}"
21 VER="${2}"
22 EXPORT_PATH="${3}"
23
24 if [ ! -d "${EXPORT_PATH}" ]; then
25 echo "WARN: ${EXPORT_PATH} does not exists. Skipping..."
26 return
27 fi
28
29 echo "Copying docs to [${EXPORT_PATH}]..."
30 for f in README License LICENSE Changelog Changelog-last TODO FAQ INSTALL; do
31 if [ -r "${f}" ]; then
32 cp -vp "${f}" "${EXPORT_PATH}/"
33 fi
34 done
35
36 if [ -d "screenshot" ]; then
37 echo "Copying screenshots..."
38 mkdir -p "${EXPORT_PATH}"
39 cp -vp screenshot/* "${EXPORT_PATH}/"
40 fi
41 }
42
43 function duilder_git()
44 {
45 PRJ="${1}"
46 GIT_DEST="${2}"
47 EXPORT_GIT="${3}"
48 GIT_CHANGELOG="${4}"
49 GIT_PUSH="${5}"
50
51 if [ ! -x /usr/bin/git ]; then
52 echo "Warning: Git not found!"
53 exit 0
54 fi
55
56 if [ ! -d .git ]; then
57 echo "Warning: I cannot find .git directory!"
58 exit 0
59 fi
60
61 if [ "${EXPORT_GIT}" = "1" ]; then
62 echo "Generate GIT tree for HTTP transport..."
63 if [ ! -d "${GIT_DEST}/${PRJ}.git" ]; then
64 git clone --bare . "${GIT_DEST}/${PRJ}.git"
65
66 # Activate post-update hook
67 cp "${GIT_DEST}/${PRJ}.git/hooks/post-update.sample" \
68 "${GIT_DEST}/${PRJ}.git/hooks/post-update"
69 chmod a+x "${GIT_DEST}/${PRJ}.git/hooks/post-update"
70
71 # add project name and description
72 echo "${PRJ}" > "${GIT_DEST}/${PRJ}.git/description"
73
74 # allow export by git daemon?
75 #touch "${GIT_DEST}/${PRJ}.git/git-daemon-export-ok
76 else
77 # --force?
78 echo "Running git push -v --all \"${GIT_DEST}/${PRJ}.git\"..."
79 git push -v --all "${GIT_DEST}/${PRJ}.git"
80 echo "Running git push -v --tags \"${GIT_DEST}/${PRJ}.git\"..."
81 git push -v --tags "${GIT_DEST}/${PRJ}.git"
82 fi
83 (cd "${GIT_DEST}/${PRJ}.git" && git update-server-info)
84 fi
85
86 if [ "${GIT_PUSH}" = "1" ]; then
87 echo "[*] Git push..."
88 git push -v --all
89 fi
90
91 if [ "${GIT_CHANGELOG}" = "1" ]; then
92 echo "[*] Generating Changelog from git..."
93 echo -n > Changelog
94
95 # get the list of tags
96 i=0
97 number_of_tags=0
98 for tag in `git tag -l`; do
99 if [ "${tag:0:1}" != "v" ]; then
100 # skip other kind of tags beside versions
101 continue
102 fi
103
104 tags[${i}]=${tag}
105 tags_commit[${i}]=`git show-ref ${tag} | cut -d' ' -f1`
106 number_of_tags=$[${number_of_tags}+1]
107
108 i=$[${i}+1]
109 done
110
111 # get the list of commits, test if is a tag and do the diff
112 prev=""
113 add=""
114 first=1
115 git log --pretty=oneline | cut -f1 | \
116 while read commit junk; do
117 # test if it is a tag
118 tag=""
119 i=0
120 while [ "${i}" -lt "${number_of_tags}" ]; do
121 if [ "${commit}" = "${tags_commit[${i}]}" ]; then
122 tag="${tags[${i}]}"
123 break
124 fi
125
126 i=$[${i}+1]
127 done
128
129 if [ -z "${tag}" ]; then
130 continue
131 fi
132
133 if [ ! -z "${prev}" ]; then
134 echo "[*] Generating Changelog from ${tag} -> ${prev}..."
135 echo -en "${add}" >> Changelog
136 add="\n"
137 echo "[${tag} -> ${prev}]" >> Changelog
138 git shortlog ${tag}..${prev} | \
139 (IFS=""
140 while read line; do
141 echo " ${line}"
142 done) \
143 >> Changelog
144
145 if [ "${first}" = "1" ]; then
146 echo "[*] Generating Changelog-last..."
147 cp Changelog Changelog-last
148 first=0
149 fi
150 fi
151 prev=${tag}
152 done
153 fi
154 }
155
156 function duilder_srpm()
157 {
158 PRJ="${1}"
159 VER="${2}"
160 EXPORT_PATH="${3}"
161 BUILD_SRPM="${4}"
162 SRPM_DEST="${5}"
163 SRPM_POST_RUN="${6}"
164
165 P="${PRJ}-${VER}"
166
167 if [ ! -d "${EXPORT_PATH}" ]; then
168 echo "WARN: ${EXPORT_PATH} does not exists. Skipping..."
169 return
170 fi
171
172 if [ "${BUILD_SRPM}" != "1" ]; then
173 exit 0
174 fi
175
176 echo "Building SRPM..."
177 rpmbuild -ts "${P}.tar.gz"
178
179 PKG="${RPMBUILD}/SRPMS/${P}-1.src.rpm"
180
181 # Run a rpmlint on it
182 if [ -x /usr/bin/rpmlint ]; then
183 echo "[*] RPMlinting..."
184 rpmlint -iv "${PKG}" > rpmlint.out
185 fi
186
187 if [ ! -z "${SRPM_DEST}" ]; then
188 echo "Copying [${PKG}] to [${SRPM_DEST}]..."
189 cp -vp "${PKG}" "${SRPM_DEST}/"
190 fi
191
192 echo "Copying to export dir [${EXPORT_PATH}]..."
193 mkdir -p "${EXPORT_PATH}"
194 cp -vp "${PKG}" "${EXPORT_PATH}/"
195
196 if [ -x "${SRPM_POST_RUN}" ]; then
197 echo "Running post SRPM build script [${SRPM_POST_RUN}]..."
198 ${SRPM_POST_RUN} "${PKG}"
199 fi
200 }
201
202 function duilder_tar()
203 {
204 PRJ="${1}"
205 VER="${2}"
206 EXPORT_PATH="${3}"
207 EXCLUDE="${4}"
208
209 P="${PRJ}-${VER}"
210
211 if [ ! -d "${EXPORT_PATH}" ]; then
212 echo "WARN: ${EXPORT_PATH} does not exists. Skipping..."
213 return
214 fi
215
216 echo "Generating tarball [${P}.tar.gz]..."
217 ADD_EXCLUDE=""
218 if [ ! -z "${EXCLUDE}" ]; then
219 ADD_EXCLUDE="--exclude-from ${P}/${EXCLUDE}"
220 fi
221
222 (cd .. \
223 && rm -rf "${P}" \
224 && cp -a --link "${PRJ}" "${P}" \
225 && tar czf "${PRJ}/${P}.tar.gz" \
226 --exclude-vcs \
227 --exclude ${P}/Makefile \
228 ${ADD_EXCLUDE} \
229 "${P}" \
230 && rm -rf "${P}"
231 )
232
233 echo "Copying source to ${EXPORT_PATH}/..."
234 mkdir -p "${EXPORT_PATH}"
235 cp -vp "${P}.tar.gz" "${EXPORT_PATH}/"
236 }
237
238 ####################################################################
239
240 # Variables
241 if [ -d "${HOME}/rpmbuild" ]; then
242 RPMBUILD="${HOME}/rpmbuild"
243 else
244 RPMBUILD="/usr/src/redhat"
245 fi
246
247
248 if [ ! -r duilder.conf ]; then
249 echo "You must build a duilder.conf file!"
250 exit 1
251 fi
252
253 source ${PWD}/duilder.conf
254
255 # fixes
256 if [ -z "${GIT_DEST}" ]; then
257 GIT_DEST="${EXPORT_PATH}"
258 fi
259
260 if [ -z "${PRJ}" ]; then
261 echo "ERROR: PRJ= parameter is missing."
262 exit 1
263 fi
264
265 if [ -z "${VER}" ]; then
266 echo "ERROR: PRJ= parameter is missing."
267 exit 1
268 fi
269
270 if [ -z "${REV}" ]; then
271 echo "ERROR: REV= parameter is missing."
272 exit 1
273 fi
274
275 # export variables - just in case a script cares
276 export PRJ VER REV EXPORT_PATH EXPORT_GIT GIT_PUSH GIT_DEST SRPM_DEST LICENSE
277
278
279 # Multiplexer
280 if [ "${1}" = "docs" ]; then
281 shift
282 duilder_docs "$@"
283 exit $?
284 fi
285
286 if [ "${1}" = "tar" ]; then
287 shift
288 duilder_tar "$@"
289 exit $?
290 fi
291
292 if [ "${1}" = "git" ]; then
293 shift
294 duilder_git "$@"
295 exit $?
296 fi
297
298 if [ "${1}" = "srpm" ]; then
299 shift
300 duilder_srpm "$@"
301 exit $?
302 fi
303
304 if [ "${1}" = "final" ]; then
305 shift
306 duilder_final "$@"
307 exit $?
308 fi
309
310
311 ###### Main stuff
312 echo
313 echo "Duilder builder script"
314 echo "Copyright Catalin(ux) M. BOIE"
315 echo
316 echo "PRJ=${PRJ}, VER=${VER}, REV=${REV}"
317 echo "System: `uname -a`"
318
319 ETC="/etc"
320 BIN="/bin"
321 USR_BIN="/usr/bin"
322 USR_SBIN="/usr/sbin"
323 USR_INCLUDE="/usr/include"
324 USR_LIB="/usr/lib"
325 USR_SHARE="/usr/share"
326 USR_SHARE_DOC="/usr/share/doc/${PRJ}-${VER}"
327 SBIN="/usr/sbin"
328 VAR="/var"
329 VAR_LOG="/var/log/${PRJ}"
330
331 while [ "${1}" != "" ]; do
332 VAR="`echo ${1} | cut -d'=' -f1`"
333 VAL="`echo ${1} | cut -d'=' -f2`"
334 case ${VAR} in
335 --sysconfdir)
336 ETC="${VAL}"
337 ;;
338 --bindir)
339 USR_BIN="${VAL}"
340 ;;
341 --sbindir)
342 USR_SBIN="${VAL}"
343 ;;
344 --includedir)
345 USR_INCLUDE="${VAL}"
346 ;;
347 --libdir)
348 USR_LIB="${VAL}"
349 ;;
350 --localstatedir)
351 VAR="${VAL}"
352 ;;
353 --datadir)
354 USR_SHARE="${VAL}"
355 ;;
356 esac
357 shift
358 done
359
360 # Truncate future sed file
361 > tmp.sed
362
363 DB_SUPPORT=0
364
365 echo -n "Searching for PostgreSQL..."
366 set +e
367 PG_VERSION="`pg_config --version 2>/dev/null`"
368 set -e
369 if [ -z "${PG_VERSION}" ]; then
370 echo " not found."
371 PG_FOUND=0
372 else
373 echo " found version ${PG_VERSION}."
374 PG_FOUND=1
375 PG_INC="-I`pg_config --includedir`"
376 PG_LIB="-L`pg_config --libdir` -lpq"
377
378 echo "s#@PG_VERSION@#${PG_VERSION}#g" >> tmp.sed
379 echo "s#@PG_INC@#${PG_INC}#g" >> tmp.sed
380 echo "s#@PG_LIB@#${PG_LIB}#g" >> tmp.sed
381
382 DB_SUPPORT=1
383 echo "s#@DB_SUPPORT@#${DB_SUPPORT}#g" >> tmp.sed
384 fi
385 echo "s#@PG_FOUND@#${PG_FOUND}#g" >> tmp.sed
386
387
388 echo -n "Searching for MySQL..."
389 set +e
390 MYSQL_VERSION="`mysql_config --version 2>/dev/null`"
391 set -e
392 if [ -z "${MYSQL_VERSION}" ]; then
393 echo " not found."
394 MYSQL_FOUND=0
395 else
396 echo " found version ${MYSQL_VERSION}."
397 MYSQL_FOUND=1
398 MYSQL_INC="`mysql_config --include`"
399 MYSQL_LIB="`mysql_config --libs`"
400
401 echo "s#@MYSQL_VERSION@#${MYSQL_VERSION}#g" >> tmp.sed
402 echo "s#@MYSQL_INC@#${MYSQL_INC}#g" >> tmp.sed
403 echo "s#@MYSQL_LIB@#${MYSQL_LIB}#g" >> tmp.sed
404
405 DB_SUPPORT=1
406 echo "s#@DB_SUPPORT@#${DB_SUPPORT}#g" >> tmp.sed
407 fi
408 echo "s#@MYSQL_FOUND@#${MYSQL_FOUND}#g" >> tmp.sed
409
410 echo -n "Searching for poll..."
411 set +e
412 echo -e "#include <poll.h> \n int main(void) { return poll(0, 0, 0); }" | gcc -x c -pipe - -o /dev/null 2>/dev/null
413 E="${?}"
414 set -e
415 if [ "${E}" != "0" ]; then
416 echo " not found."
417 echo "s#@POLL_FOUND@#0#g" >> tmp.sed
418 else
419 echo " found."
420 echo "s#@POLL_FOUND@#1#g" >> tmp.sed
421 fi
422
423 echo -n "Searching for epoll..."
424 set +e
425 echo -e "#include <sys/epoll.h> \n int main(void) { return epoll_create(64); }" | gcc -x c -pipe - -o /dev/null 2>/dev/null
426 E="${?}"
427 set -e
428 if [ "${E}" != "0" ]; then
429 echo " not found."
430 echo "s#@EPOLL_FOUND@#0#g" >> tmp.sed
431 else
432 echo " found."
433 echo "s#@EPOLL_FOUND@#1#g" >> tmp.sed
434 fi
435
436 echo -n "Searching for ncurses..."
437 set +e
438 echo -e "#include <ncurses.h> \n int main(void) { initscr(); return 0; }" | gcc -x c -pipe - -o /dev/null -lncurses 2>/dev/null
439 E="${?}"
440 set -e
441 if [ "${E}" != "0" ]; then
442 echo " not found."
443 echo "s#@NCURSES_FOUND@#0#g" >> tmp.sed
444 else
445 echo " found."
446 echo "s#@NCURSES_FOUND@#1#g" >> tmp.sed
447 fi
448
449 # generic stuff
450 echo "s#@PRJ@#${PRJ}#g" >> tmp.sed
451 echo "s#@VER@#${VER}#g" >> tmp.sed
452 echo "s#@REV@#${REV}#g" >> tmp.sed
453 echo "s#@ETC@#${ETC}#g" >> tmp.sed
454 echo "s#@BIN@#${BIN}#g" >> tmp.sed
455 echo "s#@USR_BIN@#${USR_BIN}#g" >> tmp.sed
456 echo "s#@SBIN@#${SBIN}#g" >> tmp.sed
457 echo "s#@USR_SBIN@#${USR_SBIN}#g" >> tmp.sed
458 echo "s#@VAR@#${VAR}#g" >> tmp.sed
459 echo "s#@VAR_LOG@#${VAR_LOG}#g" >> tmp.sed
460 echo "s#@USR_INCLUDE@#${USR_INCLUDE}#g" >> tmp.sed
461 echo "s#@USR_INC@#${USR_INCLUDE}#g" >> tmp.sed
462 echo "s#@USR_LIB@#${USR_LIB}#g" >> tmp.sed
463 echo "s#@USR_SHARE@#${USR_SHARE}#g" >> tmp.sed
464 echo "s#@USR_SHARE_DOC@#${USR_SHARE_DOC}#g" >> tmp.sed
465 # Export stuff
466 echo "s#@EXPORT_PATH@#${EXPORT_PATH}#g" >> tmp.sed
467
468
469
470 if [ -r Makefile.in ]; then
471 echo "Building Makefile..."
472 echo -n > Makefile
473 echo "# duilder header starts #" >> Makefile
474 echo "export PRJ := ${PRJ}" >> Makefile
475 echo "export VER := ${VER}" >> Makefile
476 echo "export REV := ${REV}" >> Makefile
477 echo "export DESTDIR" >> Makefile
478 echo >> Makefile
479 echo "export I_ETC := \$(DESTDIR)${ETC}" >> Makefile
480 echo "export I_BIN := \$(DESTDIR)${BIN}" >> Makefile
481 echo "export I_SBIN := \$(DESTDIR)${SBIN}" >> Makefile
482 echo "export I_USR_BIN := \$(DESTDIR)${USR_BIN}" >> Makefile
483 echo "export I_USR_SBIN := \$(DESTDIR)${USR_SBIN}" >> Makefile
484 echo "export I_USR_INCLUDE := \$(DESTDIR)${USR_INCLUDE}" >> Makefile
485 echo "export I_USR_INC := \$(DESTDIR)${USR_INCLUDE}" >> Makefile
486 echo "export I_USR_SHARE := \$(DESTDIR)${USR_SHARE}" >> Makefile
487 echo "export I_USR_SHARE_DOC := \$(DESTDIR)${USR_SHARE_DOC}" >> Makefile
488 echo "export I_USR_LIB := \$(DESTDIR)${USR_LIB}" >> Makefile
489 echo "export I_LIB := \$(DESTDIR)${USR_LIB}" >> Makefile
490 echo "export I_VAR := \$(DESTDIR)${VAR}" >> Makefile
491 echo "export I_VAR_LOG := \$(DESTDIR)${VAR_LOG}" >> Makefile
492 echo >> Makefile
493 echo "# DB stuff" >> Makefile
494 echo "export DB_SUPPORT := ${DB_SUPPORT}" >> Makefile
495 echo "# PG" >> Makefile
496 echo "export PG_FOUND := ${PG_FOUND}" >> Makefile
497 echo "export PG_INC := ${PG_INC}" >> Makefile
498 echo "export PG_LIB := ${PG_LIB}" >> Makefile
499 echo "# MySQL" >> Makefile
500 echo "export MYSQL_FOUND := ${MYSQL_FOUND}" >> Makefile
501 echo "export MYSQL_INC := ${MYSQL_INC}" >> Makefile
502 echo "export MYSQL_LIB := ${MYSQL_LIB}" >> Makefile
503 echo >> Makefile
504 echo "# duilder header ends #" >> Makefile
505 echo >> Makefile
506
507 sed -f tmp.sed Makefile.in >> Makefile
508
509 echo >> Makefile
510 echo "# duilder tail starts #" >> Makefile
511 echo >> Makefile
512 echo "# This is to allow exporting only the git tree" >> Makefile
513 echo "dist_git:" >> Makefile
514 echo " @./duilder git \"\$(PRJ)\" \"${GIT_DEST}\" \"${EXPORT_GIT}\" \"${EXPORT_PATH}\" \"${GIT_CHANGELOG}\"" >> Makefile
515 echo >> Makefile
516 echo ".PHONY: dist" >> Makefile
517 echo "dist: clean" >> Makefile
518 echo " @./duilder git \"\$(PRJ)\" \"${GIT_DEST}\" \"${EXPORT_GIT}\" \"${GIT_CHANGELOG}\"" \"${GIT_PUSH}\" >> Makefile
519 echo " @./duilder tar \"\$(PRJ)\" \"\$(VER)\" \"${EXPORT_PATH}\" \"${EXCLUDE}\"" >> Makefile
520 echo " @./duilder srpm \"\$(PRJ)\" \"\$(VER)\" \"${EXPORT_PATH}\" \"${BUILD_SRPM}\" \"${SRPM_DEST}\" \"${SRPM_POST_RUN}\"" >> Makefile
521 echo " @./duilder docs \"\$(PRJ)\" \"\$(VER)\" \"${EXPORT_PATH}\"" >> Makefile
522 echo " @./duilder final \"\$(PRJ)\" \"\$(VER)\" \"${RELEASE_SCRIPT}\"" >> Makefile
523 echo " @rm -f \"\$(PRJ)-\$(VER).tar.gz\"" >> Makefile
524 echo >> Makefile
525 fi
526
527 if [ -r "${PRJ}.spec.in" ]; then
528 echo "Generate .spec file..."
529 sed -f tmp.sed ${PRJ}.spec.in > ${PRJ}.spec
530 fi
531
532 if [ ! -z "${CONFIG_H}" ]; then
533 echo "Generating ${CONFIG_H} file..."
534 sed -f tmp.sed ${CONFIG_H}.in > ${CONFIG_H}
535 fi
536
537 rm -f tmp.sed
538
539 if [ "`basename ${0}`" = "duilderx" ]; then
540 echo "Clone myself to destination as 'duilder'..."
541 cp -vpf "${0}" ${PWD}/duilder
542 fi
543
544 echo "Done. Run make."
File duilder.conf added (mode: 100644) (index 0000000..aefe13c)
1 PRJ="rocketgit"
2 VER="0.1"
3 REV="1"
4 EXCLUDE=""
5 EXPORT_PATH="/data/www/umbrella/kernel/us/rocketgit"
6 EXPORT_GIT="0"
7 GIT_CHANGELOG="1"
8 BUILD_SRPM="1"
9 SRPM_DEST="../dinorepo/fedora/SRPMS"
10 BUILD_TGZ="1"
11 BUILD_DEB="1"
12 RELEASE_SCRIPT="/usr/local/bin/duilder_release"
File hooks/pre-commit added (mode: 100755) (index 0000000..b599393)
1 #!/usr/bin/php
2 <?php
3 // This is called by 'pre-commit' hook
4 // Inspired by pre-commit.sample in git package
5 error_reporting(E_ALL);
6 ini_set("track_errors", "On");
7
8 $_start = microtime(TRUE);
9
10 require_once("/etc/rg/config.php");
11
12 $INC = dirname(__FILE__) . "/../inc";
13 require_once($INC . "/util.inc.php");
14 require_once($INC . "/log.inc.php");
15 require_once($INC . "/db.inc.php");
16 require_once($INC . "/repo.inc.php");
17
18 rg_log_set_file("/tmp/rg_hook_pre-commit.log");
19
20 rg_log("Start: euid=" . posix_geteuid() . "...");
21 rg_log("_SERVER: " . print_r($_SERVER, TRUE));
22
23 umask(0022);
24
25 $against =
26 if (rg_git_ref_ok("HEAD"))
27 $against = "HEAD";
28 else
29 $against = $rg_repo_empty;
30
31 // TODO: Here we can deny non ascii file names
32 // git diff --cached --name-only --diff-filter=A -z $against | LC_ALL=C tr -d '[ -~]\0')
33
34 $diff = sprintf("%u", (microtime(TRUE) - $_start) * 1000);
35 rg_log("Took " . $diff . "ms.");
36
37 @file_put_contents($repo_path . "/rg/hook-pre-commit",
38 "repo: " . $repo . " ($repo_path)"
39 . "\nat: " . sprintf("%u", $_start)
40 . "\nuid: " . $uid
41 . "\ncmd: against=$against"
42 . "\nTook: " . $diff . "ms");
43
44 // Mark repository dirty for disk statistics and other stuff
45 @file_put_contents($rg_path . "/dirty", "");
46 ?>
File hooks/update added (mode: 100755) (index 0000000..95e40c6)
1 #!/usr/bin/php
2 <?php
3 // This is called by 'update' hook
4 // Inspired by upate.sample in git package
5 error_reporting(E_ALL);
6 ini_set("track_errors", "On");
7
8 $_start = microtime(TRUE);
9
10 require_once("/etc/rg/config.php");
11
12 $INC = dirname(__FILE__) . "/../inc";
13 require_once($INC . "/util.inc.php");
14 require_once($INC . "/log.inc.php");
15 require_once($INC . "/db.inc.php");
16 require_once($INC . "/repo.inc.php");
17
18 rg_log_set_file("/tmp/rg_hook_update.log");
19
20 rg_log("Start: euid=" . posix_geteuid() . "...");
21 rg_log("_SERVER: " . print_r($_SERVER, TRUE));
22
23 umask(0022);
24
25 $refname = rg_git_ref(@$_SERVER['argv'][1]);
26 $old_rev = rg_git_ref(@$_SERVER['argv'][2]);
27 $new_rev = rg_git_ref(@$_SERVER['argv'][3]);
28 rg_log("refname=$refname old_rev=$old_rev new_rev=$new_rev.");
29
30 if ((empty($refname) || empty($old_rev) || empty($new_rev)) {
31 echo "rg: Invalid parameters!\n";
32 exit(1);
33 }
34
35 if (strcmp($rg_repo_zero, $new_rev) == 0)
36 $new_rev_type = "delete";
37 else
38 $new_rev_type = rg_git_type($new_rev);
39 rg_log("new_reg_type=$new_reg_type.");
40
41 if (strcmp($new_rev_type, "commit") == 0) {
42 if (strncmp($refname, "refs/tags/", 10) == 0) {
43 // This is an not annoted tag - we can reject it
44 rg_log("Un-annotated tag...");
45 }
46
47 if (strncmp($refname, "refs/heads/", 11) == 0) {
48 if (strcmp($old_rev, $rg_repo_zero) == 0) {
49 rg_log("Creating a branch...");
50 }
51
52 if (rg_git_ref_ok($new_ref . "^2")) {
53 rg_log("Merge commit...");
54 }
55
56 if (rg_git_bad_whitespace($old_ref, $new_ref)) {
57 rg_log("Bad whitespace...");
58 }
59 }
60
61 // refs/remotes/*
62 } else if (strcmp($new_rev_type, "delete") == 0) {
63 if (strncmp($refname, "refs/tags/", 10) == 0) {
64 rg_log("Deleting a tag...");
65 }
66
67 if (strncmp($refname, "refs/heads/", 11) == 0) {
68 rg_log("Deleting a branch...");
69 }
70
71 if (strncmp($refname, "refs/remotes/", 13) == 0) {
72 rg_log("Deleting a tracking branch...");
73 }
74 } else if (strcmp($new_rev_type, "tag") == 0) {
75 if (strncmp($refname, "refs/tags/", 10) == 0) {
76 rg_log("Modify tag...");
77 }
78 } else {
79 echo "rg: Invalid new rev type!\n";
80 exit(1);
81 }
82
83
84 $diff = sprintf("%u", (microtime(TRUE) - $_start) * 1000);
85 rg_log("Took " . $diff . "ms.");
86
87 @file_put_contents($repo_path . "/rg/hook-update",
88 "repo: " . $repo . " ($repo_path)"
89 . "\nat: " . sprintf("%u", $_start)
90 . "\nuid: " . $uid
91 . "\ncmd: $refname $old_ref $new_ref"
92 . "\nTook: " . $diff . "ms");
93
94 // Mark repository dirty for disk statistics and other stuff
95 @file_put_contents($rg_path . "/dirty", "");
96 ?>
File inc/admin/admin.php changed (mode: 100644) (index d4b0c70..5c628e7)
1 1 <?php <?php
2 rg_log("/inc/admin");
2 rg_log("/inc/admin/admin");
3 3
4 4 $_admin = ""; $_admin = "";
5 5
File inc/admin/repos/repos.php changed (mode: 100644) (index 980e841..b28755a)
... ... $_admin_repos_body = "";
16 16 switch ($subsubop) { switch ($subsubop) {
17 17 case 1: // list case 1: // list
18 18 $_uid = 0; $_uid = 0;
19 $_admin_repos_body .= rg_repo_list($db, $_admin_repos_url . "&amp;subsubop=$subsubop", $_uid);
19 $_admin_repos_body .= rg_repo_list($db,
20 $_admin_repos_url . "&amp;subsubop=$subsubop", $_uid);
20 21 break; break;
21 22 } }
22 23
File inc/admin/users/add.php changed (mode: 100644) (index 1bad4b9..2619c7b)
1 1 <?php <?php
2 rg_log("/admin/users/add");
2 rg_log("/inc/admin/users/add");
3 3
4 4 $_user_add = ""; $_user_add = "";
5 5
6 6 if ($doit == 1) { if ($doit == 1) {
7 if (!rg_token_valid($db, $sid, $token)) {
8 $_user_add .= "Invalid token. Try again.";
9 return;
10 }
11
7 12 $xuser = rg_var_str("xuser"); $xuser = rg_var_str("xuser");
8 13 $email = rg_var_str("email"); $email = rg_var_str("email");
9 14 $xpass = rg_var_str("xpass"); $xpass = rg_var_str("xpass");
10 15 $is_admin = rg_var_uint("is_admin"); $is_admin = rg_var_uint("is_admin");
16 $disk_quota_mb = rg_var_uint("disk_quota_mb");
17 $rights = @rg_rights_a2s($_REQUEST['rights']);
11 18
12 19 $_ui = rg_user_info($db, 0, $xuser, ""); $_ui = rg_user_info($db, 0, $xuser, "");
13 20 if ($_ui['ok'] == 0) { if ($_ui['ok'] == 0) {
14 21 $_user_add .= "Error: Internal error!"; $_user_add .= "Error: Internal error!";
15 22 } else if ($_ui['exists'] == 0) { } else if ($_ui['exists'] == 0) {
16 if (rg_user_add($db, $xuser, $xpass, $email, $is_admin)) {
23 if (rg_user_edit($db, 0, $xuser, $email, $xpass, $is_admin,
24 $disk_quota_mb, $rights)) {
17 25 $_user_add .= "OK!<br />"; $_user_add .= "OK!<br />";
18 26 } }
19 27 } else { } else {
 
... ... if ($doit == 1) {
24 32 $xuser = ""; $xuser = "";
25 33 $email = ""; $email = "";
26 34 $xpass = ""; $xpass = "";
35 $is_admin = 0;
36 $disk_quota_mb = 0;
37 $rights = "";
27 38 } }
28 39
29 include($INC . "/admin/users/add.form.php");
40 $uid = 0;
41
42 include($INC . "/admin/users/user.form.php");
30 43 $_user_add .= $_form; $_user_add .= $_form;
31 44
32 45 ?> ?>
File inc/admin/users/edit.php added (mode: 100644) (index 0000000..40ab930)
1 <?php
2 rg_log("/inc/admin/users/edit");
3
4 $uid = rg_var_str("uid");
5
6 $_user_edit = "";
7
8 if ($doit == 1) {
9 // TODO: Check if user has the right to edit this info!
10 if (!rg_token_valid($db, $sid, $token)) {
11 $_user_edit .= "Invalid token. Try again.";
12 return;
13 }
14
15 $xuser = rg_var_str("xuser");
16 $email = rg_var_str("email");
17 $xpass = rg_var_str("xpass");
18 $is_admin = rg_var_uint("is_admin");
19 $disk_quota_mb = rg_var_uint("disk_quota_mb");
20 $rights = @rg_rights_a2s($_REQUEST['rights']);
21
22 $_ui = rg_user_info($db, 0, $xuser, "");
23 if ($_ui['ok'] == 0) {
24 $_user_edit .= "Error: Internal error!";
25 } else if ($_ui['exists'] == 0) {
26 rg_log("User does not exists!");
27 $_user_edit .= "Error: User does not exists!";
28 } else {
29 if (rg_user_edit($db, $uid, $xuser, $email, $xpass,
30 $is_admin, $disk_quota_mb, $rights)) {
31 $_user_edit .= "OK!<br />";
32 }
33 }
34 } else {
35 // TODO: Check if user has the right to edit this info!
36
37 $_ui = rg_user_info($db, $uid, "", "");
38 if ($_ui['ok'] == 0) {
39 $_user_edit .= "Error: Internal error!";
40 } else if ($_ui['exists'] == 0) {
41 $_user_edit .= "User does not exists!<br />";
42 } else {
43 $xuser = $_ui['user'];
44 $email = $_ui['email'];
45 $xpass = "";
46 $is_admin = $_ui['is_admin'];
47 $disk_quota_mb = $_ui['disk_quota_mb'];
48 $rights = $_ui['rights'];
49 $session_time = $_ui['session_time'];
50 }
51 }
52
53 include($INC . "/admin/users/user.form.php");
54 $_user_edit .= $_form;
55
56 ?>
File inc/admin/users/user.form.php renamed from inc/admin/users/add.form.php (similarity 67%) (mode: 100644) (index d74db8f..b973195)
... ... $_form = '
6 6 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
7 7 <input type="hidden" name="subsubop" value="' . $subsubop . '"> <input type="hidden" name="subsubop" value="' . $subsubop . '">
8 8 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
9 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
10 <input type="hidden" name="uid" value="' . $uid . '">
9 11
10 12 <table> <table>
11 13 <tr> <tr>
 
... ... $_form = '
22 24 <td>Password:</td> <td>Password:</td>
23 25 <td><input type="password" name="xpass" value="' . $xpass . '"/></td> <td><input type="password" name="xpass" value="' . $xpass . '"/></td>
24 26 </tr> </tr>
27 ';
25 28
29 if ($rg_ui['is_admin'] == 1) {
30 $_form .= '
26 31 <tr> <tr>
27 32 <td>Admin?</td> <td>Admin?</td>
28 33 <td> <td>
 
... ... $_form = '
33 38 </td> </td>
34 39 </tr> </tr>
35 40
41 <tr>
42 <td>Disk quota (MiB):</td>
43 <td><input type="text" name="disk_quota_mb" value="' . $disk_quota_mb . '"/></td>
44 </tr>
45
46 <tr>
47 <td>Rights:</td>
48 <td>' . rg_rights_checkboxes("user", $rights) . '</td>
49 </tr>
50 ';
51 }
52
53 $_form .= '
36 54 <tr> <tr>
37 55 <td colspan="2"><input type="submit" value="Go!"/></td> <td colspan="2"><input type="submit" value="Go!"/></td>
38 56 </tr> </tr>
39 57 </table> </table>
40 58 </form> </form>
41 59 '; ';
42
43
44 ?>
60 ?>
File inc/admin/users/users.php changed (mode: 100644) (index 23e12c3..15b8f60)
1 1 <?php <?php
2 rg_log("/inc/admin/users");
2 rg_log("/inc/admin/users/users");
3 3
4 4
5 5 // menu // menu
 
... ... $_admin_users_body = "";
15 15
16 16 switch ($subsubop) { switch ($subsubop) {
17 17 case 1: // list case 1: // list
18 $_admin_users_body .= rg_user_list($db, $_admin_users_url . "&amp;subsubop=$subsubop");
18 $_admin_users_body .= rg_user_list($db, $_admin_users_url);
19 19 break; break;
20 20
21 case 2: //add
21 case 2: // add
22 22 include($INC . "/admin/users/add.php"); include($INC . "/admin/users/add.php");
23 23 $_admin_users_body .= $_user_add; $_admin_users_body .= $_user_add;
24 break;
25
26 case 3: // edit
27 include($INC . "/admin/users/edit.php");
28 $_admin_users_body .= $_user_edit;
29 break;
24 30 } }
25 31
26 32 $_admin_users = $_admin_users_menu . $_admin_users_body; $_admin_users = $_admin_users_menu . $_admin_users_body;
File inc/db/struct.inc.php changed (mode: 100644) (index 8fbc9fd..dc1d75a)
... ... $rg_db_struct[0] = array(
16 16 . ", git_dir_done INTEGER" . ", git_dir_done INTEGER"
17 17 . ", default_rights TEXT" . ", default_rights TEXT"
18 18 . ", deleted INTEGER" . ", deleted INTEGER"
19 . ", max_users INTEGER"
19 20 . ")", . ")",
20 "repo_rights" => "CREATE TABLE repo_rights"
21 . " (repo_id INTEGER"
21 "rights" => "CREATE TABLE rights"
22 . " (type TEXT"
23 . ", obj_id INTEGER"
22 24 . ", uid INTEGER" . ", uid INTEGER"
23 25 . ", rights TEXT" . ", rights TEXT"
24 26 . ", itime INTEGER)", . ", itime INTEGER)",
 
... ... $rg_db_struct[0] = array(
43 45 . ", is_admin INTEGER" . ", is_admin INTEGER"
44 46 . ", disk_quota_mb INTEGER" . ", disk_quota_mb INTEGER"
45 47 . ", disk_mb INTEGER" . ", disk_mb INTEGER"
48 . ", rights TEXT"
46 49 . ")", . ")",
47 50 "sess" => "CREATE TABLE sess" "sess" => "CREATE TABLE sess"
48 51 . " (sid TEXT PRIMARY KEY" . " (sid TEXT PRIMARY KEY"
 
... ... $rg_db_struct[0] = array(
53 56 "forgot_pass" => "CREATE TABLE forgot_pass" "forgot_pass" => "CREATE TABLE forgot_pass"
54 57 . " (token TEXT PRIMARY KEY" . " (token TEXT PRIMARY KEY"
55 58 . ", uid INTEGER" . ", uid INTEGER"
59 . ", expire INTEGER)",
60 "tokens" => "CREATE TABLE tokens"
61 . " (token TEXT PRIMARY KEY"
62 . ", sid TEXT"
56 63 . ", expire INTEGER)" . ", expire INTEGER)"
57 64 ); );
58 65
File inc/dispatch/dispatch.php changed (mode: 100644) (index f21d460..b369a1f)
1 1 <?php <?php
2 rg_log("/dispatch/dispatch.php");
2 rg_log("/inc/dispatch/dispatch");
3 3
4 4 $new_op = ""; $new_op = "";
5 5
 
... ... case 'bye':
56 56 include($INC . "/bye/bye.php"); include($INC . "/bye/bye.php");
57 57 $body .= $_bye; $body .= $_bye;
58 58 break; break;
59
60 case 'personal':
61 include($INC . "/personal/personal.php");
62 $body .= $_personal;
63 break;
59 64 } }
60 65
61 66 $op = $new_op; $op = $new_op;
File inc/git.inc.php changed (mode: 100644) (index aa6e299..e711d13)
... ... function rg_git_clone($src, $dst)
99 99 return TRUE; return TRUE;
100 100 } }
101 101
102 /*
103 * Returns type for an object
104 */
105 function rg_git_type($obj)
106 {
107 $cmd = "git cat-file -t '" . escapeshellcmd($obj) . "'";
108 rg_log("\texec $cmd...");
109 $a = exec($cmd, $output, $err);
110 if ($err != 0) {
111 rg_log("\tError $err (" . implode("|", $output) . " ($a)!");
112 return FALSE;
113 }
114
115 return $a;
116 }
117
118 /*
119 * Corrects a ref
120 */
121 function rg_git_ref($s)
122 {
123 return preg_replace("/[^a-zA-Z0-9^~]/", "", $s);
124 }
125
126 // Check a ref if is OK
127 // TODO: Unit testing
128 function rg_git_ref_ok($ref)
129 {
130 $cmd = "git rev-parse --verify --quiet " . escapeshellcmd($ref);
131 rg_log("\texec $cmd...");
132 $a = exec($cmd, $output, $err);
133 if ($err != 0) {
134 rg_log("\tError $err (" . implode("|", $output) . " ($a)!");
135 return FALSE;
136 }
137
138 return TRUE;
139 }
140
141 // returns TRUE if bad whitespace detected
142 // TODO: Unit testing
143 function rg_git_bad_whitespace($old, $new)
144 {
145 $cmd = "git diff --check --quiet " . escapeshellcmd($old) . " "
146 . escapeshellcmd($new);
147 rg_log("\texec $cmd...");
148 $a = exec($cmd, $output, $err);
149 if ($err != 0) {
150 rg_log("\tError $err (" . implode("|", $output) . " ($a)!");
151 return FALSE;
152 }
153
154 return TRUE;
155 }
156
102 157 ?> ?>
File inc/keys/add.form.php changed (mode: 100644) (index 641cf91..a5cd233)
... ... $_form = '
5 5 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
6 6 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
7 7 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
8 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
8 9
9 10 <table> <table>
10 11 <td>Key (starts with ssh-...):</td> <td>Key (starts with ssh-...):</td>
File inc/login/login.form.php changed (mode: 100644) (index 29827c0..fb7b17c)
... ... $_form .= '
8 8 <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
9 9 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
10 10 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
11 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
11 12
12 13 User: <input type="text" name="user" value="' . $user . '"><br /> User: <input type="text" name="user" value="' . $user . '"><br />
13 14 Password: <input type="password" name="pass" value="' . $pass . '"><br /> Password: <input type="password" name="pass" value="' . $pass . '"><br />
 
... ... Forgot your password?<br />
19 20 <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
20 21 <input type="hidden" name="op" value="forgotmail"> <input type="hidden" name="op" value="forgotmail">
21 22 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
23 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
22 24
23 25 E-mail: <input type="text" name="email" value=""><br /> E-mail: <input type="text" name="email" value=""><br />
24 26 <input type="submit" value="Recover password"> <input type="submit" value="Recover password">
File inc/personal/pass.form.php copied from file inc/user/forgot.form.php (similarity 59%) (mode: 100644) (index e70b08a..697b24c)
1 1 <?php <?php
2 2
3 $_forgot_form = "";
3 $_chpass_form = "";
4 4
5 if (!empty($error))
6 $_forgot_form .= "<font color=red>$error</font><br />\n";
5 if (count($error) > 0)
6 $_chpass_form .= "<font color=red>" . implode("<br />\n", $error) . "</font><br />\n";
7 7
8 $_forgot_form .= '
8 $_chpass_form .= '
9 9 <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
10 10 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
11 <input type="hidden" name="token" value="' . rg_var_str("token") . '">
12 11 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
12 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
13 13
14 14 <table> <table>
15 <tr>
16 <td>Old password:</td>
17 <td>
18 <input type="password" name="old_pass" value=""><br />
19 </td>
20 </tr>
21
15 22 <tr> <tr>
16 23 <td>New password:</td> <td>New password:</td>
17 24 <td> <td>
File inc/personal/personal.php added (mode: 100644) (index 0000000..5a80ef1)
1 <?php
2 rg_log("/inc/personal/personal");
3
4 $_personal = "";
5
6 if ($rg_ui['uid'] == 0) {
7 $_personal .= "You do not have access here!";
8 return;
9 }
10
11 // menu
12 $_url = rg_re_url($op);
13 $_menu = "";
14 $_menu .= "[<a href=\"$_url&amp;subop=1\">Edit info</a>]";
15 $_menu .= "&nbsp;[<a href=\"$_url&amp;subop=2\">Change pass</a>]";
16 $_menu .= "<br />\n";
17 $_menu .= "<br />\n";
18
19 $_body = "";
20
21 switch ($subop) {
22 case 1: // edit info
23 $uid = $rg_ui['uid'];
24
25 if ($doit == 1) {
26 // TODO: Check if user has the right to edit this info!
27 if (!rg_token_valid($db, $sid, $token)) {
28 $_body .= "Invalid token. Try again.";
29 return;
30 }
31
32 $xuser = rg_var_str("xuser");
33 $email = rg_var_str("email");
34 $xpass = rg_var_str("xpass");
35 $is_admin = $rg_ui['is_admin']; // TODO: doesn't seems too elegant
36 $disk_quota_mb = $rg_ui['disk_quota_mb'];
37 $rights = $rg_ui['rights'];
38
39 if (rg_user_edit($db, $rg_ui['uid'], $xuser, $email, $xpass,
40 $is_admin, $disk_quota_mb, $rights)) {
41 $_body .= "OK!<br />";
42 }
43 } else {
44 // TODO: Check if user has the right to edit this info!
45
46 $xuser = $rg_ui['user'];
47 $email = $rg_ui['email'];
48 $xpass = "";
49 $session_time = $rg_ui['session_time'];
50 }
51
52 include($INC . "/admin/users/user.form.php");
53 $_body .= $_form;
54 break;
55
56 case 2: // change password
57 $error = array();
58 if ($doit == 1) {
59 $old_pass = rg_var_str("old_pass");
60 $pass1 = rg_var_str("pass1");
61 $pass2 = rg_var_str("pass2");
62
63 while (1) {
64 if (!rg_token_valid($db, $sid, $token)) {
65 $error[] = "Invalid token. Try again.";
66 break;
67 }
68
69 if (!rg_user_pass_valid($db, $rg_ui['uid'], $old_pass)) {
70 $error[] = "Old password is invalid!";
71 break;
72 }
73
74 if (strcmp($pass1, $pass2) != 0) {
75 $error[] = "Passwords does not match!";
76 break;
77 }
78
79 if (!rg_user_set_pass($db, $rg_ui['uid'], $pass1)) {
80 $error[] = rg_user_error();
81 break;
82 }
83 }
84 }
85
86 include($INC . "/personal/pass.form.php");
87 $_body .= $_chpass_form;
88 break;
89 }
90
91 $_personal .= $_menu . $_body;
92 ?>
File inc/repo.inc.php changed (mode: 100644) (index 92959fc..e07ec4c)
... ... require_once($INC . "/log.inc.php");
4 4 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
5 5 require_once($INC . "/user.inc.php"); require_once($INC . "/user.inc.php");
6 6 require_once($INC . "/git.inc.php"); require_once($INC . "/git.inc.php");
7 require_once($INC . "/rights.inc.php");
8
9 $rg_repo_zero = "0000000000000000000000000000000000000000";
10 $rg_repo_empty = "4b825dc642cb6eb9a060e54bf8d69288fbee4904";
7 11
8 12 $rg_repo_error = ""; $rg_repo_error = "";
9 13
10 $rg_repo_rights = array("A" => "Admin",
11 "F" => "Fetch",
12 "P" => "Push",
13 "D" => "Delete branch");
14 $rg_repo_rights = array(
15 "A" => "Admin",
16 "F" => "Fetch",
17 "P" => "Push",
18 "D" => "Delete branch",
19 "t" => "Delete tag",
20 "T" => "Modify tag",
21 "C" => "Create branch"
22 );
23
24 rg_rights_register("repo", $rg_repo_rights);
25
14 26
15 27 function rg_repo_set_error($str) function rg_repo_set_error($str)
16 28 { {
 
... ... function rg_repo_ok($repo)
34 46 global $rg_repo_allow; global $rg_repo_allow;
35 47 global $rg_repo_max_len; global $rg_repo_max_len;
36 48
49 if (empty($repo)) {
50 rg_repo_set_error("Invalid repository name (empty)");
51 return FALSE;
52 }
53
37 54 if (rg_chars_allow($repo, $rg_repo_allow) === FALSE) { if (rg_chars_allow($repo, $rg_repo_allow) === FALSE) {
38 rg_repo_set_error("Invalid repository name");
55 rg_repo_set_error("Invalid repository name (invalid chars)");
39 56 return FALSE; return FALSE;
40 57 } }
41 58
42 if (preg_match('/\.\./', $repo)) {
43 rg_repo_set_error("Invalid repository name");
59 if (preg_match('/\.\./', $repo) > 0) {
60 rg_repo_set_error("Invalid repository name (..)");
44 61 return FALSE; return FALSE;
45 62 } }
46 63
 
... ... function rg_repo_ok($repo)
53 70 } }
54 71
55 72 /* /*
56 * Returns the path to a repository based on repo_id
73 * Returns the path to a repository based on name
57 74 */ */
58 function rg_repo_id2base($repo_id)
75 function rg_repo_name2base($repo)
59 76 { {
60 77 global $rg_base_repo; global $rg_base_repo;
61 78
62 $r3 = sprintf("%03u", $repo_id % 1000);
79 $len = strlen($repo);
80 $v = $repo;
81 if ($len == 1)
82 $v .= "_";
63 83
64 84 return $rg_base_repo . "/" return $rg_base_repo . "/"
65 . $r3[0] . "/" . $r3[1] . "/" . $r3[2] . "/";
85 . $v[0] . "/" . $v[1] . "/";
66 86 } }
67 87
68 88 /* /*
 
... ... function rg_repo_id2base($repo_id)
70 90 */ */
71 91 function rg_repo_info($db, $repo_id, $repo) function rg_repo_info($db, $repo_id, $repo)
72 92 { {
73 rg_log("repo_info: repo_id=$repo_id, repo=$repo...");
93 rg_log("repo_info: repo_id/repo=[$repo_id/$repo]...");
74 94
75 95 $ret['ok'] = 0; $ret['ok'] = 0;
76 96 $ret['exists'] = 0; $ret['exists'] = 0;
 
... ... function rg_repo_info($db, $repo_id, $repo)
110 130 */ */
111 131 function rg_repo_allow($db, $ri, $rg_ui, $needed_rights) function rg_repo_allow($db, $ri, $rg_ui, $needed_rights)
112 132 { {
113 rg_log("repo_allow: rg_uid=" . $rg_ui['uid']
133 rg_log("repo_allow: repo_id=" . $ri['repo_id']
134 . " rg_uid=" . $rg_ui['uid']
114 135 . ", needed_rights=$needed_rights..."); . ", needed_rights=$needed_rights...");
115 136
116 137 if ($rg_ui['is_admin'] == 1) { if ($rg_ui['is_admin'] == 1) {
 
... ... function rg_repo_allow($db, $ri, $rg_ui, $needed_rights)
123 144 return FALSE; return FALSE;
124 145 } }
125 146
126 $rr = rg_repo_rights_get($db, $ri, $rg_ui['uid']);
127 if ($rr['ok'] != 1) {
128 rg_repo_set_error("No access!");
129 return FALSE;
147 // anonymous acess (git://...)
148 if ($rg_ui['uid'] == 0) {
149 $db_rights = $ri['default_rights'];
150 } else {
151 $rr = rg_repo_rights_get($db, $ri, $rg_ui['uid'], 0);
152 if ($rr['ok'] != 1) {
153 rg_repo_set_error("No access!");
154 return FALSE;
155 }
156 $db_rights = $rr['rights'];
130 157 } }
131 rg_log("\tdb rights: " . $rr['rights']);
158 rg_log("\tdb rights: " . $db_rights);
132 159
133 160 $len = strlen($needed_rights); $len = strlen($needed_rights);
134 161 for ($i = 0; $i < $len; $i++) { for ($i = 0; $i < $len; $i++) {
135 if (!strstr($rr['rights'], $needed_rights[$i])) {
162 if (!strstr($db_rights, $needed_rights[$i])) {
136 163 rg_repo_set_error("No rights (" . $needed_rights[$i] . ")"); rg_repo_set_error("No rights (" . $needed_rights[$i] . ")");
137 164 return FALSE; return FALSE;
138 165 } }
 
... ... function rg_repo_allow($db, $ri, $rg_ui, $needed_rights)
149 176 * TODO: put all fields into an array! * TODO: put all fields into an array!
150 177 */ */
151 178 function rg_repo_create($db, $master, $rg_ui, $name, $max_commit_size, $desc, function rg_repo_create($db, $master, $rg_ui, $name, $max_commit_size, $desc,
152 $rights)
179 $rights, $max_users)
153 180 { {
154 181 // TODO: reorder parameters - are not logical // TODO: reorder parameters - are not logical
155 182 rg_log("repo_create: rg_uid=" . $rg_ui['uid'] rg_log("repo_create: rg_uid=" . $rg_ui['uid']
156 183 . ", name=[$name], master=$master" . ", name=[$name], master=$master"
157 184 . ", max_commit_size=$max_commit_size, desc=[$desc]" . ", max_commit_size=$max_commit_size, desc=[$desc]"
158 . ", rights=$rights...");
185 . ", rights=$rights, max_users=$max_users...");
186
187 // TODO: test if user is allowed to add a repository
159 188
160 189 if (rg_repo_ok($name) === FALSE) if (rg_repo_ok($name) === FALSE)
161 190 return FALSE; return FALSE;
 
... ... function rg_repo_create($db, $master, $rg_ui, $name, $max_commit_size, $desc,
175 204 $itime = time(); $itime = time();
176 205
177 206 $sql = "INSERT INTO repos (uid, master, name, itime" $sql = "INSERT INTO repos (uid, master, name, itime"
178 . ", max_commit_size, desc, git_dir_done, default_rights)"
207 . ", max_commit_size, desc, git_dir_done, default_rights"
208 . ", max_users)"
179 209 . " VALUES (" . $rg_ui['uid'] . ", $master, '$e_name', $itime" . " VALUES (" . $rg_ui['uid'] . ", $master, '$e_name', $itime"
180 . ", $max_commit_size, '$e_desc', 0, '$rights')";
210 . ", $max_commit_size, '$e_desc', 0, '$rights', $max_users)";
181 211 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
182 212 if ($res === FALSE) { if ($res === FALSE) {
183 213 rg_repo_set_error("Cannot insert (" . rg_sql_error() . ")"); rg_repo_set_error("Cannot insert (" . rg_sql_error() . ")");
 
... ... function rg_repo_update($db, &$new)
222 252 . ", name=[" . $new['name'] . "]" . ", name=[" . $new['name'] . "]"
223 253 . ", max_commit_size=" . $new['max_commit_size'] . ", max_commit_size=" . $new['max_commit_size']
224 254 . ", desc=[" . $new['desc'] . "]" . ", desc=[" . $new['desc'] . "]"
225 . ", default_rights=" . $new['default_rights']);
255 . ", default_rights=" . $new['default_rights']
256 . ", max_users=" . $new['max_users']);
226 257
227 if (rg_repo_ok($new['name']) === FALSE)
258 if (rg_repo_ok($new['name']) !== TRUE)
228 259 return FALSE; return FALSE;
229 260
230 261 // First, test if it already exists // First, test if it already exists
 
... ... function rg_repo_update($db, &$new)
252 283 . ", max_commit_size = " . $new['max_commit_size'] . ", max_commit_size = " . $new['max_commit_size']
253 284 . ", desc = '$e_desc'" . ", desc = '$e_desc'"
254 285 . ", default_rights = '" . $new['default_rights'] . "'" . ", default_rights = '" . $new['default_rights'] . "'"
286 . ", max_users = " . $new['max_users']
255 287 . " WHERE repo_id = " . $new['repo_id']; . " WHERE repo_id = " . $new['repo_id'];
256 288 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
257 289 if ($res === FALSE) { if ($res === FALSE) {
 
... ... function rg_repo_update($db, &$new)
268 300 */ */
269 301 function rg_repo_list_query($db, $url, $sql) function rg_repo_list_query($db, $url, $sql)
270 302 { {
303 global $rg_ui;
304
271 305 rg_log("repo_list_query: url=$url, sql=$sql..."); rg_log("repo_list_query: url=$url, sql=$sql...");
272 306
273 307 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
274 308 if ($res === FALSE) if ($res === FALSE)
275 309 return FALSE; return FALSE;
276 310
311 $admin_mode = 0;
312 if ($rg_ui['is_admin'] == 1)
313 $admin_mode = 1;
314
277 315 $ret = "<table>\n"; $ret = "<table>\n";
278 316 $ret .= "<tr>\n"; $ret .= "<tr>\n";
279 317 $ret .= " <th>Name</th>\n"; $ret .= " <th>Name</th>\n";
318 if ($admin_mode == 1)
319 $ret .= " <th>Owner</th>\n";
280 320 $ret .= " <th>Description</th>\n"; $ret .= " <th>Description</th>\n";
281 321 $ret .= " <th>Clone of</th>\n"; $ret .= " <th>Clone of</th>\n";
282 322 $ret .= " <th>Creation date (UTC)</th>\n"; $ret .= " <th>Creation date (UTC)</th>\n";
283 323 $ret .= " <th>Default rights</th>\n"; $ret .= " <th>Default rights</th>\n";
284 324 $ret .= " <th>Disk current/max</th>\n"; $ret .= " <th>Disk current/max</th>\n";
285 325 $ret .= " <th>Max commit size</th>\n"; $ret .= " <th>Max commit size</th>\n";
326 $ret .= " <th>Max users</th>\n";
286 327 $ret .= "</tr>\n"; $ret .= "</tr>\n";
328
287 329 while (($row = rg_sql_fetch_array($res))) { while (($row = rg_sql_fetch_array($res))) {
288 330 $ret .= "<tr>\n"; $ret .= "<tr>\n";
289 331 $_link = rg_re_repopage($row['repo_id'], $row['name']); $_link = rg_re_repopage($row['repo_id'], $row['name']);
290 332 $ret .= " <td><a href=\"$_link\">" . $row['name'] . "</a></td>\n"; $ret .= " <td><a href=\"$_link\">" . $row['name'] . "</a></td>\n";
333 if ($admin_mode == 1) {
334 $_ui = rg_user_info($db, $row['uid'], "", "");
335 if ($_ui['exists'] != 1)
336 $v = "?" . $row['uid'] . "?";
337 else
338 $v = $_ui['user'];
339 $ret .= " <td>$v</td>\n";
340 }
291 341 $ret .= " <td><small>" . nl2br($row['desc']) . "</small></td>\n"; $ret .= " <td><small>" . nl2br($row['desc']) . "</small></td>\n";
292 342 if ($row['master'] > 0) { if ($row['master'] > 0) {
293 343 $master_repo = "?"; $master_repo = "?";
 
... ... function rg_repo_list_query($db, $url, $sql)
299 349 $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n"; $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n";
300 350
301 351 // rights // rights
302 $_r = implode(", ", rg_repo_rights_text($row['default_rights']));
352 $_r = implode(", ", rg_rights_text("repo", $row['default_rights']));
303 353 $ret .= " <td>" . $_r . "</td>\n"; $ret .= " <td>" . $_r . "</td>\n";
304 354
305 355 $_max = "ulimited"; $_max = "ulimited";
 
... ... function rg_repo_list_query($db, $url, $sql)
312 362 $_v = rg_1024($row['max_commit_size']); $_v = rg_1024($row['max_commit_size']);
313 363 $ret .= " <td>" . $_v . "</td>\n"; $ret .= " <td>" . $_v . "</td>\n";
314 364
365 $_v = "ulimited";
366 if ($row['max_users'] > 0)
367 $_v = $row['max_users'];
368 $ret .= " <td>" . $_v . "</td>\n";
369
315 370 $ret .= "</tr>\n"; $ret .= "</tr>\n";
316 371 } }
317 372 $ret .= "</table>\n"; $ret .= "</table>\n";
 
... ... function rg_repo_search($db, $q, $masters)
354 409
355 410 $sql = "SELECT * FROM repos" $sql = "SELECT * FROM repos"
356 411 . " WHERE deleted = 0" . " WHERE deleted = 0"
357 . " AND name LIKE '%$e_q%'"
412 . " AND name ILIKE '%$e_q%'"
358 413 . $add . $add
359 414 . " ORDER BY name" . " ORDER BY name"
360 415 . " LIMIT 10"; . " LIMIT 10";
 
... ... function rg_repo_git_done($db, $repo_id)
393 448 return TRUE; return TRUE;
394 449 } }
395 450
396
397 // Functions for repo rights management
398
399 /*
400 * Combine two repo rights strings
401 */
402 function rg_repo_rights_combine($a, $b)
403 {
404 $len = strlen($b);
405 for ($i = 0; $i < $len; $i++)
406 if (!strstr($a, $b[$i]))
407 $a .= $b[$i];
408
409 return $a;
410 }
411
412 451 /* /*
413 452 * Get rights for a user * Get rights for a user
414 453 */ */
415 function rg_repo_rights_get($db, $ri, $uid)
454 function rg_repo_rights_get($db, $ri, $uid, $flags)
416 455 { {
417 global $rg_repo_rights;
418
419 rg_log("rg_repo_rights_get: repo_id=" . $ri['repo_id'] . ", uid=$uid...");
456 rg_log("rg_repo_rights_get: repo_id=" . $ri['repo_id'] . ", uid=$uid"
457 . " flags=$flags...");
420 458
421 459 $ret = array(); $ret = array();
422 460 $ret['ok'] = 0; $ret['ok'] = 0;
423 $ret['exists'] = 0;
424 461 $ret['rights'] = ""; $ret['rights'] = "";
425 462
426 463 $repo_id = $ri['repo_id']; $repo_id = $ri['repo_id'];
427 464
428 465 // Give all rights to owner // Give all rights to owner
429 $dr = $ri['default_rights'];
430 466 if ($ri['uid'] == $uid) { if ($ri['uid'] == $uid) {
431 foreach ($rg_repo_rights as $letter => $junk)
432 $dr = rg_repo_rights_combine($dr, $letter);
433 }
434
435 $sql = "SELECT rights FROM repo_rights"
436 . " WHERE repo_id = $repo_id"
437 . " AND uid = $uid"
438 . " LIMIT 1";
439 $res = rg_sql_query($db, $sql);
440 if ($res === FALSE) {
441 rg_repo_set_error("Cannot get info (" . rg_sql_error() . ")!");
442 return $ret;
467 rg_log("\tuid $uid is the owner.");
468 $dr = rg_rights_all("repo");
469 if (($flags & RG_RIGHTS_FILL_EXISTS) == 0) {
470 rg_log("\tNo need to fill 'exists' field. Return.");
471 $ret['rights'] = $dr;
472 $ret['ok'] = 1;
473 return $ret;
474 }
475 } else {
476 $dr = $ri['default_rights'];
443 477 } }
444 478
445 $ret['ok'] = 1;
446 $row = rg_sql_fetch_array($res);
447 rg_sql_free_result($res);
448 if (isset($row['rights'])) {
449 $ret['rights'] = $row['rights'];
450 $ret['exists'] = 1;
479 $r = rg_rights_get($db, "repo", $repo_id, $uid);
480 if ($r['ok'] !== 1) {
481 rg_repo_set_error("Cannot get rights (" . rg_rights_error() . ")!");
482 return FALSE;
451 483 } }
452 484
453 $ret['rights'] = rg_repo_rights_combine($dr, $ret['rights']);
454 rg_log("\tDEBUG rights=" . $ret['rights']);
485 $ret['rights'] = rg_rights_combine($dr, $r['rights']);
486 rg_log("\tFinal rights($dr + " . $r['rights'] . ")=" . $ret['rights']);
455 487
456 488 return $ret; return $ret;
457 489 } }
 
... ... function rg_repo_rights_set($db, $ri, $uid, $rights)
464 496 rg_log("rg_repo_rights_set: repo_id=" . $ri['repo_id'] rg_log("rg_repo_rights_set: repo_id=" . $ri['repo_id']
465 497 . ", uid=$uid, rights=$rights..."); . ", uid=$uid, rights=$rights...");
466 498
467 $repo_id = $ri['repo_id'];
468
469 if (empty($rights)) {
470 $sql = "DELETE FROM repo_rights"
471 . " WHERE repo_id = $repo_id"
472 . " AND uid = $uid";
473 } else {
474 $e_rights = rg_sql_escape($db, $rights);
475
476 $rr = rg_repo_rights_get($db, $ri, $uid);
477 if ($rr === FALSE)
478 return $rr;
479 rg_log("rr: " . print_r($rr, TRUE));
480
481 if ($rr['exists'] == 1) {
482 $sql = "UPDATE repo_rights"
483 . " SET rights = '$e_rights'"
484 . " WHERE repo_id = $repo_id"
485 . " AND uid = $uid";
486 } else {
487 $itime = time();
488
489 $sql = "INSERT INTO repo_rights (repo_id, uid, rights"
490 . ", itime)"
491 . " VALUES ($repo_id, $uid, '$e_rights'"
492 . ", $itime)";
493 }
494 }
495
496 $res = rg_sql_query($db, $sql);
497 if ($res === FALSE) {
498 rg_repo_set_error("Cannot alter rights (" . rg_sql_error() . ")!");
499 $r = rg_rights_set($db, "repo", $ri['repo_id'], $uid, $rights);
500 if ($r !== TRUE) {
501 rg_repo_set_error("Cannot alter rights (" . rg_rights_error() . ")!");
499 502 return FALSE; return FALSE;
500 503 } }
501 rg_sql_free_result($res);
502 504
503 505 return TRUE; return TRUE;
504 506 } }
 
... ... function rg_repo_rights_set($db, $ri, $uid, $rights)
506 508 /* /*
507 509 * List rights for a repo * List rights for a repo
508 510 */ */
509 function rg_repo_rights_list($db, $repo_id, $url)
511 function rg_repo_rights_list($db, $ri, $url)
510 512 { {
511 rg_log("rg_repo_rights_list: repo_id=$repo_id url=$url");
512
513 $ret = "";
513 rg_log("rg_repo_rights_list: repo_id=" . $ri['repo_id'] . " url=$url");
514 514
515 $sql = "SELECT * FROM repo_rights WHERE repo_id = $repo_id";
516 $res = rg_sql_query($db, $sql);
517 if ($res === FALSE) {
518 rg_repo_set_error("Cannot get info (" . rg_sql_error() . ")!");
515 $r = rg_rights_list($db, "repo", $ri['repo_id'], $url);
516 if ($r === FALSE) {
517 rg_repo_set_error("Cannot list rights (" . rg_rights_error() . ")");
519 518 return FALSE; return FALSE;
520 519 } }
521 520
522 $ret .= "<table>\n";
523 $ret .= "<tr>\n";
524 $ret .= " <th>User</th>\n";
525 $ret .= " <th>Rights</th>\n";
526 $ret .= " <th>Operations</th>\n";
527 $ret .= "</tr>\n";
528 while (($row = rg_sql_fetch_array($res))) {
529 $ret .= "<tr>\n";
530
531 $_u = $row['uid'];
532 $_ui = rg_user_info($db, $row['uid'], "", "");
533 if ($_ui['exists'] == 1)
534 $_u = $_ui['user'];
535
536 $ret .= " <td>" . $_u . "</td>\n";
537
538 $_r = rg_repo_rights_text($row['rights']);
539 $_r = implode("<br />\n", $_r);
540 $ret .= " <td>" . $_r . "</td>\n";
541
542 // operations
543 // remove
544 $ret .= " <td>";
545 $_url = $url . "&amp;subop=2";
546 $v = $row['uid'];
547 $ret .= "[<a href=\"$_url&amp;remove_uid=$v\">Remove</a>]";
548 $ret .= " </td>";
549 $ret .= "</tr>\n";
550 }
551 $ret .= "</table>\n";
552 rg_sql_free_result($res);
553
554 return $ret;
555 }
556
557 /*
558 * Rights -> form
559 */
560 function rg_repo_rights_checkboxes($def_rights)
561 {
562 global $rg_repo_rights;
563
564 $ret = "";
565 foreach ($rg_repo_rights as $right => $info) {
566 $add = "";
567 if (strstr($def_rights, $right))
568 $add = " checked";
569 $ret .= "<input type=\"checkbox\" name=\"rights[$right]\""
570 . $add . " />$info<br />\n";
571 }
572
573 return $ret;
521 return $r;
574 522 } }
575 523
576 /*
577 * List rights as text
578 */
579 function rg_repo_rights_text($rights)
580 {
581 global $rg_repo_rights;
582
583 $ret = array();
584
585 $len = strlen($rights);
586 if ($len == 0)
587 return array("None");
588
589 for ($i = 0; $i < $len; $i++) {
590 if (isset($rg_repo_rights[$rights[$i]]))
591 $ret[] = $rg_repo_rights[$rights[$i]];
592 else
593 $ret[] = "?" . $rights[$i] . "?";
594 }
595
596 return $ret;
597 }
598
599 /*
600 * Transforms rights array into a string
601 */
602 function rg_repo_rights_a2s($a)
603 {
604 $rights = "";
605
606 if (is_array($a))
607 foreach ($a as $right => $junk)
608 $rights .= $right;
609
610 return preg_replace("/[^A-Za-z0-9]/", "", $rights);
611 }
612 524 ?> ?>
File inc/repo/repo.form.php changed (mode: 100644) (index 7ebcd93..a6d7aa0)
... ... $_form = '
7 7 <input type="hidden" name="repo_id" value="' . $repo_id . '"> <input type="hidden" name="repo_id" value="' . $repo_id . '">
8 8 <input type="hidden" name="master_repo_id" value="' . $master_repo_id . '"> <input type="hidden" name="master_repo_id" value="' . $master_repo_id . '">
9 9 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
10 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
10 11
11 12 <table> <table>
12 13 '; ';
 
... ... $_form .= '
34 35 </td> </td>
35 36 </tr> </tr>
36 37
38 <tr>
39 <td>Max number of users:</td>
40 <td>
41 <input type="text" name="max_users" value="' . $max_users . '" /><br />
42 </td>
43 </tr>
44
37 45 <tr> <tr>
38 46 <td>Description:</td> <td>Description:</td>
39 47 <td> <td>
 
... ... $_form .= '
44 52 <tr> <tr>
45 53 <td>Default rights:</td> <td>Default rights:</td>
46 54 <td> <td>
47 ' . rg_repo_rights_checkboxes($rights) . '
55 ' . rg_rights_checkboxes("repo", $rights) . '
48 56 </td> </td>
49 57 </tr> </tr>
50 58
File inc/repo/repo.php changed (mode: 100644) (index 8b5d91a..3d05e09)
... ... if ($rg_ui['uid'] == 0) {
10 10
11 11 $name = rg_var_str("name"); $name = rg_var_str("name");
12 12 $max_commit_size = rg_var_uint("max_commit_size"); $max_commit_size = rg_var_uint("max_commit_size");
13 $max_users = rg_var_uint("max_users");
13 14 $desc = rg_var_str("desc"); $desc = rg_var_str("desc");
14 15 $master_repo_id = rg_var_uint("master_repo_id"); $master_repo_id = rg_var_uint("master_repo_id");
15 16 $rights = rg_var_str("rights"); $rights = rg_var_str("rights");
16 $rights = rg_repo_rights_a2s($rights);
17 $rights = rg_rights_a2s($rights);
17 18 $repo_id = rg_var_uint("repo_id"); $repo_id = rg_var_uint("repo_id");
18 19 $q = rg_var_str("q"); $q = rg_var_str("q");
19 20 $masters = rg_var_uint("masters"); $masters = rg_var_uint("masters");
 
... ... switch ($subop) {
34 35 case 1: // create case 1: // create
35 36 if ($doit == 1) { if ($doit == 1) {
36 37 $_r = rg_repo_create($db, $master_repo_id, $rg_ui, $name, $_r = rg_repo_create($db, $master_repo_id, $rg_ui, $name,
37 $max_commit_size, $desc, $rights);
38 $max_commit_size, $desc, $rights, $max_users);
38 39 if ($_r === FALSE) if ($_r === FALSE)
39 40 $_body .= rg_repo_error(); $_body .= rg_repo_error();
40 41 else else
File inc/repo/repo_page.php changed (mode: 100644) (index 10df380..d0ea909)
... ... $repo_id = rg_var_uint("repo_id");
6 6 $name = rg_var_str("name"); $name = rg_var_str("name");
7 7 $max_commit_size = rg_var_uint("max_commit_size"); $max_commit_size = rg_var_uint("max_commit_size");
8 8 $desc = rg_var_str("desc"); $desc = rg_var_str("desc");
9 $rights = @rg_repo_rights_a2s($_REQUEST['rights']);
9 $rights = @rg_rights_a2s($_REQUEST['rights']);
10 $max_users = rg_var_uint("max_users");
10 11 $user = rg_var_str("user"); $user = rg_var_str("user");
11 12 $master_repo_id = 0; $master_repo_id = 0;
12 13
 
... ... case 1: // edit
44 45 $ri['max_commit_size'] = $max_commit_size; $ri['max_commit_size'] = $max_commit_size;
45 46 $ri['desc'] = $desc; // TODO: filter $ri['desc'] = $desc; // TODO: filter
46 47 $ri['default_rights'] = $rights; // TODO: filter $ri['default_rights'] = $rights; // TODO: filter
48 $ri['max_users'] = $max_users;
47 49 $_r = rg_repo_update($db, $ri); $_r = rg_repo_update($db, $ri);
48 50 if ($_r === FALSE) { if ($_r === FALSE) {
49 51 $_body .= rg_repo_error(); $_body .= rg_repo_error();
 
... ... case 1: // edit
58 60 $name = $ri['name']; $name = $ri['name'];
59 61 $rights = $ri['default_rights']; $rights = $ri['default_rights'];
60 62 $max_commit_size = $ri['max_commit_size']; $max_commit_size = $ri['max_commit_size'];
63 $max_users = $ri['max_users'];
61 64 $desc = $ri['desc']; $desc = $ri['desc'];
62 65
63 66 $_action = "Update"; $_action = "Update";
 
... ... case 2: // rights
83 86
84 87 while ($remove_uid > 0) { while ($remove_uid > 0) {
85 88 $e = rg_repo_rights_set($db, $ri, $remove_uid, ""); $e = rg_repo_rights_set($db, $ri, $remove_uid, "");
86 if ($e === FALSE) {
89 if ($e !== TRUE) {
87 90 $errmsg[] = rg_repo_error(); $errmsg[] = rg_repo_error();
88 91 break; break;
89 92 } }
 
... ... case 2: // rights
110 113
111 114 // list rights // list rights
112 115 $_url = rg_re_repopage($ri['repo_id'], $ri['name']); $_url = rg_re_repopage($ri['repo_id'], $ri['name']);
113 $_body .= rg_repo_rights_list($db, $repo_id, $_url);
116 $_body .= rg_repo_rights_list($db, $ri, $_url);
114 117
115 118 $_body .= "<br />\n"; $_body .= "<br />\n";
116 119
 
... ... if ($show_repo_info == 1) {
153 156 if (!empty($ri['desc'])) if (!empty($ri['desc']))
154 157 $_rt .= "<small>" . $ri['desc'] . "</small><br />\n"; $_rt .= "<small>" . $ri['desc'] . "</small><br />\n";
155 158 $_rt .= "<br />\n"; $_rt .= "<br />\n";
156 $_dr = rg_repo_rights_text($ri['default_rights']);
159 $_dr = rg_rights_text("repo", $ri['default_rights']);
157 160 $_rt .= "Default rights: " . implode(", ", $_dr) . "<br />\n"; $_rt .= "Default rights: " . implode(", ", $_dr) . "<br />\n";
158 161 $_rt .= "Maxim commit size: " . rg_1024($ri['max_commit_size']) . "<br />\n"; $_rt .= "Maxim commit size: " . rg_1024($ri['max_commit_size']) . "<br />\n";
162 $_rt .= "Maxim number of users: " . $ri['max_users'] . "<br />\n";
159 163 $_url = "git://" . $_SERVER['HTTP_HOST'] . "/" . $ri['name'] . ".git"; $_url = "git://" . $_SERVER['HTTP_HOST'] . "/" . $ri['name'] . ".git";
160 164 $_rt .= "Git URL: <a href=\"$_url\">$_url</a><br />\n"; $_rt .= "Git URL: <a href=\"$_url\">$_url</a><br />\n";
165 $_url = "ssh://rg@" . $_SERVER['HTTP_HOST'] . "/" . $ri['name'] . ".git";
166 $_rt .= "Git over SSH URL: <a href=\"$_url\">$_url</a><br />\n";
161 167 $_rt .= "<br />\n"; $_rt .= "<br />\n";
162 168 } }
163 169
File inc/repo/rights.form.php changed (mode: 100644) (index 3b7e7ef..160ce44)
... ... $_form = '
7 7 <input type="hidden" name="subop" value="' . $subop . '"> <input type="hidden" name="subop" value="' . $subop . '">
8 8 <input type="hidden" name="repo_id" value="' . $repo_id . '"> <input type="hidden" name="repo_id" value="' . $repo_id . '">
9 9 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
10 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
10 11
11 12 <table> <table>
12 13 <tr> <tr>
 
... ... $_form = '
19 20 <tr> <tr>
20 21 <td>Rights:</td> <td>Rights:</td>
21 22 <td> <td>
22 ' . rg_repo_rights_checkboxes($rights) . '
23 ' . rg_rights_checkboxes("repo", $rights) . '
23 24 </td> </td>
24 25 </tr> </tr>
25 26
File inc/rights.inc.php added (mode: 100644) (index 0000000..78f39b7)
1 <?php
2 require_once($INC . "/util.inc.php");
3 require_once($INC . "/log.inc.php");
4 require_once($INC . "/db.inc.php");
5 require_once($INC . "/user.inc.php");
6 require_once($INC . "/git.inc.php");
7
8 define("RG_RIGHTS_FILL_EXISTS", 1);
9
10 $rg_rights = array();
11
12 $rg_rights_error = "";
13
14 function rg_rights_set_error($str)
15 {
16 global $rg_rights_error;
17
18 rg_log("\tError: $str");
19 $rg_rights_error = $str;
20 }
21
22 function rg_rights_error()
23 {
24 global $rg_rights_error;
25 return $rg_rights_error;
26 }
27
28 /*
29 * Register a set of rights
30 */
31 function rg_rights_register($type, $rights)
32 {
33 global $rg_rights;
34
35 $rg_rights[$type] = $rights;
36 }
37
38 /*
39 * Enforce correct chars
40 */
41 function rg_rights_fix($rights)
42 {
43 return preg_replace("/[^A-Za-z0-9]/", "", $rights);
44 }
45
46 /*
47 * Combine two repo rights strings
48 */
49 function rg_rights_combine($a, $b)
50 {
51 $len = strlen($b);
52 for ($i = 0; $i < $len; $i++)
53 if (!strstr($a, $b[$i]))
54 $a .= $b[$i];
55
56 return $a;
57 }
58
59 /*
60 * Returns all possible rights
61 */
62 function rg_rights_all($type)
63 {
64 global $rg_rights;
65
66 if (!isset($rg_rights[$type])) {
67 rg_log("WARN: type [$type] is not registered!");
68 return "";
69 }
70
71 $ret = "";
72 foreach ($rg_rights[$type] as $letter => $junk)
73 $ret = rg_rights_combine($ret, $letter);
74
75 return $ret;
76 }
77
78 /*
79 * Rights -> form
80 */
81 function rg_rights_checkboxes($type, $passed_rights)
82 {
83 global $rg_rights;
84
85 if (!isset($rg_rights[$type])) {
86 rg_log("[$type] is not registered! " . print_r(debug_backtrace(), TRUE));
87 return "";
88 }
89
90 $ret = "";
91 foreach ($rg_rights[$type] as $right => $info) {
92 $add = "";
93 if (strstr($passed_rights, $right))
94 $add = " checked";
95 $ret .= "<input type=\"checkbox\" name=\"rights[$right]\""
96 . $add . " />$info<br />\n";
97 }
98
99 return $ret;
100 }
101
102 /*
103 * List rights as text
104 */
105 function rg_rights_text($type, $rights)
106 {
107 global $rg_rights;
108
109 $ret = array();
110
111 $len = strlen($rights);
112 if ($len == 0)
113 return array("None");
114
115 for ($i = 0; $i < $len; $i++) {
116 if (isset($rg_rights[$type][$rights[$i]]))
117 $ret[] = $rg_rights[$type][$rights[$i]];
118 else
119 $ret[] = "?" . $rights[$i] . "?";
120 }
121
122 return $ret;
123 }
124
125 /*
126 * Transforms rights array into a string
127 */
128 function rg_rights_a2s($a)
129 {
130 $rights = "";
131
132 if (is_array($a))
133 foreach ($a as $right => $junk)
134 $rights .= $right;
135
136 return rg_rights_fix($rights);
137 }
138
139
140 /*
141 * Get rights for an object
142 */
143 function rg_rights_get($db, $type, $obj_id, $uid)
144 {
145 global $rg_rights;
146
147 rg_log("rg_rights_get: type=$type obj_id=$obj_id uid=$uid...");
148
149 $ret = array();
150 $ret['ok'] = 0;
151 $ret['rights'] = "";
152
153 $sql = "SELECT rights FROM rights"
154 . " WHERE type = '$type'"
155 . " AND uid = $uid"
156 . " AND obj_id = $obj_id"
157 . " LIMIT 1";
158 $res = rg_sql_query($db, $sql);
159 if ($res === FALSE) {
160 rg_rights_set_error("Cannot get info (" . rg_sql_error() . ")!");
161 return $ret;
162 }
163
164 $ret['ok'] = 1;
165 $ret['exists'] = 0;
166 $row = rg_sql_fetch_array($res);
167 rg_sql_free_result($res);
168 if (isset($row['rights'])) {
169 $ret['rights'] = $row['rights'];
170 $ret['exists'] = 1;
171 }
172
173 rg_log("\tRights: " . $ret['rights']);
174
175 return $ret;
176 }
177
178 /*
179 * Set rights for an object
180 */
181 function rg_rights_set($db, $type, $obj_id, $uid, $rights)
182 {
183 rg_log("rg_rights_set: type=$type obj_id=$obj_id"
184 . ", uid=$uid, rights=$rights...");
185
186 $cond = " type = '$type' AND uid = $uid AND obj_id = $obj_id";
187
188 if (empty($rights)) {
189 $sql = "DELETE FROM rights"
190 . " WHERE $cond";
191 } else {
192 $r = rg_rights_get($db, $type, $obj_id, $uid);
193 if ($r['ok'] != 1)
194 return $r;
195 rg_log("r: " . print_r($r, TRUE));
196
197 if ($r['exists'] == 1) {
198 $sql = "UPDATE rights"
199 . " SET rights = '$rights'"
200 . " WHERE $cond";
201 } else {
202 $itime = time();
203
204 $sql = "INSERT INTO rights (type, uid, obj_id, rights"
205 . ", itime)"
206 . " VALUES ('$type', $uid, $obj_id, '$rights'"
207 . ", $itime)";
208 }
209 }
210
211 $res = rg_sql_query($db, $sql);
212 if ($res === FALSE) {
213 rg_rights_set_error("Cannot alter rights (" . rg_sql_error() . ")!");
214 return FALSE;
215 }
216 rg_sql_free_result($res);
217
218 return TRUE;
219 }
220
221 /*
222 * List rights for a repo
223 */
224 function rg_rights_list($db, $type, $obj_id, $url)
225 {
226 global $rg_rights;
227
228 rg_log("rg_rights_list: type=$type obj_id=$obj_id url=$url");
229
230 $ret = "";
231
232 $sql = "SELECT * FROM rights WHERE type = '$type' AND obj_id = $obj_id";
233 $res = rg_sql_query($db, $sql);
234 if ($res === FALSE) {
235 rg_rights_set_error("Cannot get info (" . rg_sql_error() . ")!");
236 return FALSE;
237 }
238
239 $ret .= "<table>\n";
240 $ret .= "<tr>\n";
241 $ret .= " <th>User</th>\n";
242 $ret .= " <th>Rights</th>\n";
243 $ret .= " <th>Operations</th>\n";
244 $ret .= "</tr>\n";
245 while (($row = rg_sql_fetch_array($res))) {
246 $ret .= "<tr>\n";
247
248 $_u = $row['uid'];
249 $_ui = rg_user_info($db, $row['uid'], "", "");
250 if ($_ui['exists'] == 1)
251 $_u = $_ui['user'];
252
253 $ret .= " <td>" . $_u . "</td>\n";
254
255 $_r = rg_rights_text($type, $row['rights']);
256 $_r = implode("<br />\n", $_r);
257 $ret .= " <td>" . $_r . "</td>\n";
258
259 // operations
260 // remove
261 $ret .= " <td>";
262 $_url = $url . "&amp;subop=2";
263 $v = $row['uid'];
264 $ret .= "[<a href=\"$_url&amp;remove_uid=$v\">Remove</a>]";
265 $ret .= " </td>";
266 $ret .= "</tr>\n";
267 }
268 $ret .= "</table>\n";
269 rg_sql_free_result($res);
270
271 return $ret;
272 }
273
274 ?>
File inc/sess.inc.php changed (mode: 100644) (index 81ed5af..7001e34)
1 1 <?php <?php
2 2 require_once($INC . "/log.inc.php"); require_once($INC . "/log.inc.php");
3 3 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
4 require_once($INC . "/token.inc.php");
4 5
5 6 /* /*
6 7 * Add a session * Add a session
 
... ... function rg_sess_destroy($db, $sid, &$rg_ui)
97 98 } }
98 99 rg_sql_free_result($res); rg_sql_free_result($res);
99 100
101 // Delete all tokens associated with this session
102 rg_token_delete($db, $sid, "");
103
100 104 $rg_ui = array(); $rg_ui = array();
101 105 $rg_ui['uid'] = 0; $rg_ui['uid'] = 0;
102 106 $rg_ui['is_admin'] = 0; $rg_ui['is_admin'] = 0;
File inc/token.inc.php added (mode: 100644) (index 0000000..2f2e042)
1 <?php
2 require_once($INC . "/util.inc.php");
3 require_once($INC . "/log.inc.php");
4 require_once($INC . "/db.inc.php");
5
6 $rg_token_error = "";
7
8 function rg_token_set_error($str)
9 {
10 global $rg_token_error;
11
12 rg_log("\tError: $str");
13 $rg_token_error = $str;
14 }
15
16 function rg_token_error()
17 {
18 global $rg_token_error;
19 return $rg_token_error;
20 }
21
22 /*
23 * Delete a token
24 */
25 function rg_token_delete($db, $sid, $token)
26 {
27 rg_log("rg_token_delete: sid=$sid token=$token");
28
29 $ret = array();
30 $ret['ok'] = 0;
31
32 $add_token = "";
33 if (!empty($token))
34 $add_token = " AND token = '$token'";
35
36 $sql = "DELETE FROM tokens"
37 . " WHERE sid = '$sid'"
38 . $add_token;
39 $res = rg_sql_query($db, $sql);
40 if ($res === FALSE) {
41 rg_token_set_error("Cannot delete token (" . rg_sql_error() . ")!");
42 return $ret;
43 }
44 rg_sql_free_result($res);
45
46 $ret['ok'] = 1;
47
48 return $ret;
49 }
50
51 /*
52 * Returns if the token is valid
53 */
54 function rg_token_valid($db, $sid, $token)
55 {
56 rg_log("rg_token_get: sid=$sid token=$token");
57
58 $sql = "SELECT 1 AS junk FROM tokens"
59 . " WHERE token = '$token'"
60 . " AND sid = '$sid'";
61 $res = rg_sql_query($db, $sql);
62 if ($res === FALSE) {
63 rg_token_set_error("Cannot get token (" . rg_sql_error() . ")!");
64 return FALSE;
65 }
66
67 $ret['ok'] = 1;
68 $ret['exists'] = 0;
69 $row = rg_sql_fetch_array($res);
70 rg_sql_free_result($res);
71 if (!isset($row['junk'])) {
72 rg_token_set_error("Token not found!");
73 return TRUE;
74 }
75
76 return TRUE;
77 }
78
79 /*
80 * Insert a token
81 */
82 function rg_token_insert($db, $sid, $token)
83 {
84 rg_log("rg_token_insert: sid=$sid token=$token");
85
86 $ret = array();
87 $ret['ok'] = 0;
88
89 $now = time();
90
91 $sql = "INSERT INTO tokens (sid, token, expire)"
92 . " VALUES ('$sid', '$token', $now + 24 * 3600)";
93 $res = rg_sql_query($db, $sql);
94 if ($res === FALSE) {
95 rg_token_set_error("Cannot insert token (" . rg_sql_error() . ")!");
96 return $ret;
97 }
98
99 $ret['ok'] = 1;
100 return $ret;
101 }
102
103 /*
104 * Returns a token to be used on a form/url
105 * We generate only one per session.
106 */
107 $rg_token = FALSE;
108 function rg_token_get($db, $sid)
109 {
110 global $rg_token;
111
112 if (empty($sid))
113 return "";
114
115 if ($rg_token === FALSE) {
116 $rg_token = rg_id(16);
117
118 rg_token_insert($db, $sid, $rg_token);
119 }
120
121 return $rg_token;
122 }
123
124 ?>
File inc/user.inc.php changed (mode: 100644) (index c6d7b94..ae4a415)
... ... require_once($INC . "/util.inc.php");
3 3 require_once($INC . "/log.inc.php"); require_once($INC . "/log.inc.php");
4 4 require_once($INC . "/db.inc.php"); require_once($INC . "/db.inc.php");
5 5 require_once($INC . "/sess.inc.php"); require_once($INC . "/sess.inc.php");
6 require_once($INC . "/rights.inc.php");
7
8 $rg_user_rights = array(
9 "C" => "Create repository",
10 "U" => "Add users"
11 );
12
13 rg_rights_register("user", $rg_user_rights);
6 14
7 15 function rg_user_set_error($str) function rg_user_set_error($str)
8 16 { {
 
... ... function rg_user_error()
18 26 return $_rg_user_error; return $_rg_user_error;
19 27 } }
20 28
29 /*
30 * Computes password hash
31 */
32 function rg_user_pass($salt, $pass)
33 {
34 global $rg_pass_key;
35
36 return sha1($salt . "===" . $rg_pass_key . "===" . $pass);
37 }
38
39 /*
40 * Validates a password
41 */
42 function rg_user_pass_ok($pass)
43 {
44 if (strlen($pass) <= 4) {
45 rg_user_set_error("Password is too short.");
46 return FALSE;
47 }
48
49 return TRUE;
50 }
51
21 52 /* /*
22 53 * Returns true if the user is ok * Returns true if the user is ok
23 54 */ */
 
... ... function rg_user_ok($user)
26 57 global $rg_user_allow; global $rg_user_allow;
27 58 global $rg_user_max_len; global $rg_user_max_len;
28 59
29 if (rg_chars_allow($user, $rg_user_allow) === FALSE) {
30 rg_user_set_error("Invalid user name");
60 if (rg_chars_allow($user, $rg_user_allow) !== TRUE) {
61 rg_user_set_error("Invalid user name (invalid chars [$user] [$rg_user_allow])");
31 62 return FALSE; return FALSE;
32 63 } }
33 64
 
... ... function rg_user_ok($user)
41 72
42 73 /* /*
43 74 * Add a user * Add a user
75 * If uid > 0 - edit, else, add
44 76 */ */
45 function rg_user_add($db, $user, $pass, $email, $is_admin)
77 function rg_user_edit($db, $uid, $user, $email, $pass, $is_admin,
78 $disk_quota_mb, $rights)
46 79 { {
47 80 global $rg_session_time; global $rg_session_time;
48 81
49 rg_log("user_add: user=$user, pass=$pass, email=$email, is_admin=$is_admin...");
82 rg_log("user_edit: uid=$uid, user=$user email=$email"
83 . " pass=$pass is_admin=$is_admin"
84 . " disk_quota_mb=$disk_quota_mb rights=$rights...");
50 85
51 if (rg_user_ok($user) === FALSE)
86 if (rg_user_ok($user) !== TRUE)
52 87 return FALSE; return FALSE;
53 88
54 $itime = time();
55 $e_salt = rg_id(40);
56 $e_sha1pass = sha1($e_salt . "===" . $pass);
57 $session_time = $rg_session_time;
58
59 89 $e_user = rg_sql_escape($db, $user); $e_user = rg_sql_escape($db, $user);
90 $e_salt = rg_id(40);
91 $e_pass = rg_user_pass($e_salt, $pass);
60 92 $e_email = rg_sql_escape($db, $email); $e_email = rg_sql_escape($db, $email);
93 $e_rights = rg_sql_escape($db, $rights);
94 $e_session_time = $rg_session_time;
95
96 if ($uid == 0) { // add
97 if (rg_user_pass_ok($pass) !== TRUE)
98 return FALSE;
99
100 $now = time();
101 $sql = "INSERT INTO users (user, salt, pass, email, itime"
102 . ", is_admin, disk_quota_mb, rights, session_time)"
103 . " VALUES ('$e_user', '$e_salt', '$e_pass'"
104 . ", '$e_email', $now, $is_admin, $disk_quota_mb"
105 . ", '$e_rights', $e_session_time)";
106 } else { // edit
107 $salt_pass_add = "";
108 if (!empty($pass))
109 $salt_pass_add = ", pass = '$e_pass', salt = '$e_salt'";
110
111 $sql = "UPDATE users SET user = '$e_user'"
112 . $salt_pass_add
113 . ", email = '$e_email'"
114 . ", is_admin = $is_admin"
115 . ", disk_quota_mb = $disk_quota_mb"
116 . ", rights = '$e_rights'"
117 . ", session_time = $e_session_time"
118 . " WHERE uid = $uid";
119 }
61 120
62 $sql = "INSERT INTO users (user, salt, pass, email, itime, is_admin, session_time)"
63 . " VALUES ('$e_user', '$e_salt', '$e_sha1pass', '$e_email'"
64 . ", $itime, $is_admin, $session_time)";
65 121 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
66 122 if ($res === FALSE) { if ($res === FALSE) {
67 rg_user_set_error("Cannot insert user (" . rg_sql_error() . ")!");
123 rg_user_set_error("Cannot insert/update user (" . rg_sql_error() . ")!");
68 124 return FALSE; return FALSE;
69 125 } }
70 126 rg_sql_free_result($res); rg_sql_free_result($res);
 
... ... function rg_user_remove($db, $uid)
95 151 */ */
96 152 function rg_user_info($db, $uid, $user, $email) function rg_user_info($db, $uid, $user, $email)
97 153 { {
98 rg_log("user_info: uid=[$uid], user=[$user], email=[$email]...");
154 rg_log("user_info: uid/user/email=$uid/$user/$email...");
99 155
100 156 $ret = array(); $ret = array();
101 157 $ret['ok'] = 0; $ret['ok'] = 0;
 
... ... function rg_user_info($db, $uid, $user, $email)
103 159 $ret['uid'] = 0; $ret['uid'] = 0;
104 160 $ret['is_admin'] = 0; $ret['is_admin'] = 0;
105 161
106 if (rg_user_ok($user) === FALSE)
107 return FALSE;
108
109 162 if ($uid > 0) { if ($uid > 0) {
110 163 $add = " AND uid = " . sprintf("%u", $uid); $add = " AND uid = " . sprintf("%u", $uid);
111 164 } else if (!empty($user)) { } else if (!empty($user)) {
165 if (rg_user_ok($user) !== TRUE)
166 return FALSE;
167
112 168 $e_user = rg_sql_escape($db, $user); $e_user = rg_sql_escape($db, $user);
113 169 $add = " AND user = '$e_user'"; $add = " AND user = '$e_user'";
114 170 } else if (!empty($email)) { } else if (!empty($email)) {
 
... ... function rg_user_login_by_sid($db, $sid, &$rg_ui)
163 219 rg_user_set_error("Invalid uid!"); rg_user_set_error("Invalid uid!");
164 220 return FALSE; return FALSE;
165 221 rg_sess_update($db, $sid); rg_sess_update($db, $sid);
222
223 rg_user_set_last_seen($db, $rg_ui['uid']);
224
225 return TRUE;
226 }
227
228 /*
229 * Test if a password is valid
230 */
231 function rg_user_pass_valid($db, $uid, $pass)
232 {
233 rg_log("user_pass_valid: uid=$uid, pass=$pass...");
234
235 if (empty($pass))
236 return FALSE;
237
238 $ui = rg_user_info($db, $uid, "", "");
239 if ($ui['exists'] != 1)
240 return FALSE;
241
242 $sha1pass = rg_user_pass($ui['salt'], $pass);
243 if (strcmp($sha1pass, $ui['pass']) != 0)
244 return FALSE;
245
166 246 return TRUE; return TRUE;
167 247 } }
168 248
 
... ... function rg_user_login_by_user_pass($db, $user, $pass, &$rg_ui)
189 269 } }
190 270 rg_log("\trg_ui: " . print_r($rg_ui, TRUE)); rg_log("\trg_ui: " . print_r($rg_ui, TRUE));
191 271
192 $sha1pass = sha1($rg_ui['salt'] . "===" . $pass);
272 if ($rg_ui['suspended'] > 0) {
273 rg_user_set_error("Invalid user or pass!");
274 return FALSE;
275 }
276
277 $sha1pass = rg_user_pass($rg_ui['salt'], $pass);
193 278 if (strcmp($sha1pass, $rg_ui['pass']) != 0) { if (strcmp($sha1pass, $rg_ui['pass']) != 0) {
194 279 rg_user_set_error("Invalid user or pass!"); rg_user_set_error("Invalid user or pass!");
195 280 return FALSE; return FALSE;
 
... ... function rg_user_login_by_user_pass($db, $user, $pass, &$rg_ui)
197 282
198 283 $sid = rg_id(40); $sid = rg_id(40);
199 284 rg_sess_add($db, $rg_ui['uid'], $sid, $rg_ui['session_time']); rg_sess_add($db, $rg_ui['uid'], $sid, $rg_ui['session_time']);
200 setcookie("sid", $sid, 0);
285 setcookie("sid", $sid, 0, "/", $_SERVER['HTTP_HOST'],
286 strcmp($_SERVER['HTTPS'], "on") == 0 /* secure */,
287 TRUE /* httponly */);
288
289 rg_user_set_last_seen($db, $rg_ui['uid']);
201 290
202 291 return TRUE; return TRUE;
203 292 } }
 
... ... function rg_user_suspend($db, $uid, $op)
230 319 * Make/remove admin * Make/remove admin
231 320 * 1=make, 0=remove * 1=make, 0=remove
232 321 */ */
233 function rg_user_admin($db, $uid, $op)
322 function rg_user_make_admin($db, $uid, $op)
323 {
324 rg_log("user_make_admin: uid=$uid, op=$op");
325
326 $sql = "UPDATE users SET is_admin = $op WHERE uid = $uid";
327 $res = rg_sql_query($db, $sql);
328 if ($res === FALSE)
329 return FALSE;
330 rg_sql_free_result($res);
331
332 return TRUE;
333 }
334
335 /*
336 * Update last_seen field
337 */
338 function rg_user_set_last_seen($db, $uid)
234 339 { {
235 rg_log("user_admin: uid=$uid, op=$op");
340 rg_log("user_set_last_seen: uid=$uid");
236 341
237 342 $now = time(); $now = time();
238 343
239 $sql = "UPDATE users SET is_admin = $op WHERE uid = $uid";
344 $sql = "UPDATE users SET last_seen = $now WHERE uid = $uid";
240 345 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
241 346 if ($res === FALSE) if ($res === FALSE)
242 347 return FALSE; return FALSE;
 
... ... function rg_user_list($db, $url)
254 359
255 360 $ret = ""; $ret = "";
256 361
257 $xuid = rg_var_uint("xuid");
362 $uid = rg_var_uint("uid");
258 363
259 364 $suspend = rg_var_uint("suspend"); $suspend = rg_var_uint("suspend");
260 365 if ($suspend == 1) { if ($suspend == 1) {
261 if (!rg_user_suspend($db, $xuid, 1))
366 if (!rg_user_suspend($db, $uid, 1))
262 367 $ret .= "<font color=red>Cannot suspend!</font><br />"; $ret .= "<font color=red>Cannot suspend!</font><br />";
263 368 } }
264 369
265 370 $unsuspend = rg_var_uint("unsuspend"); $unsuspend = rg_var_uint("unsuspend");
266 371 if ($unsuspend == 1) { if ($unsuspend == 1) {
267 if (!rg_user_suspend($db, $xuid, 0))
372 if (!rg_user_suspend($db, $uid, 0))
268 373 $ret .= "<font color=red>Cannot unsuspend!</font><br />"; $ret .= "<font color=red>Cannot unsuspend!</font><br />";
269 374 } }
270 375
271 376 $make_admin = rg_var_uint("make_admin"); $make_admin = rg_var_uint("make_admin");
272 377 if ($make_admin == 1) { if ($make_admin == 1) {
273 if (!rg_user_admin($db, $xuid, 1))
378 if (!rg_user_make_admin($db, $uid, 1))
274 379 $ret .= "<font color=red>Cannot make admin!</font><br />"; $ret .= "<font color=red>Cannot make admin!</font><br />";
275 380 } }
276 381
277 382 $remove_admin = rg_var_uint("remove_admin"); $remove_admin = rg_var_uint("remove_admin");
278 383 if ($remove_admin == 1) { if ($remove_admin == 1) {
279 if (!rg_user_admin($db, $xuid, 0))
384 if (!rg_user_make_admin($db, $uid, 0))
280 385 $ret .= "<font color=red>Cannot remove admin!</font><br />"; $ret .= "<font color=red>Cannot remove admin!</font><br />";
281 386 } }
282 387
283 388 $remove = rg_var_uint("remove"); $remove = rg_var_uint("remove");
284 389 if ($remove > 0) { if ($remove > 0) {
285 if (!rg_user_remove($db, $xuid))
390 if (!rg_user_remove($db, $uid))
286 391 $ret .= "<font color=red>Cannot remove!</font><br />"; $ret .= "<font color=red>Cannot remove!</font><br />";
287 392 } }
288 393
 
... ... function rg_user_list($db, $url)
303 408 $ret .= " <th>Suspended?</th>\n"; $ret .= " <th>Suspended?</th>\n";
304 409 $ret .= " <th>Session time</th>\n"; $ret .= " <th>Session time</th>\n";
305 410 $ret .= " <th>Last seen (UTC)</th>\n"; $ret .= " <th>Last seen (UTC)</th>\n";
411 $ret .= " <th>Rights</th>\n";
306 412 $ret .= " <th>Operations</th>\n"; $ret .= " <th>Operations</th>\n";
307 413 $ret .= "</tr>\n"; $ret .= "</tr>\n";
308 414 while (($row = rg_sql_fetch_array($res))) { while (($row = rg_sql_fetch_array($res))) {
 
... ... function rg_user_list($db, $url)
311 417 $ret .= " <td>" . $row['email'] . "</td>\n"; $ret .= " <td>" . $row['email'] . "</td>\n";
312 418 $ret .= " <td>" . ($row['is_admin'] == 1 ? "Yes" : "No") . "</td>\n"; $ret .= " <td>" . ($row['is_admin'] == 1 ? "Yes" : "No") . "</td>\n";
313 419 $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n"; $ret .= " <td>" . gmdate("Y-m-d H:i:s", $row['itime']) . "</td>\n";
314 $_v = "unlimited";
315 420 if ($row['disk_quota_mb'] > 0) if ($row['disk_quota_mb'] > 0)
316 421 $_v = rg_1024($row['disk_quota_mb']); $_v = rg_1024($row['disk_quota_mb']);
422 else
423 $_v = "unlimited";
317 424 $ret .= " <td>" . $_v . "</td>\n"; $ret .= " <td>" . $_v . "</td>\n";
318 425 $ret .= " <td>" . ($row['suspended'] == 0 ? "No" : "Yes") . "</th>\n"; $ret .= " <td>" . ($row['suspended'] == 0 ? "No" : "Yes") . "</th>\n";
319 426 $ret .= " <td>" . $row['session_time'] . "s</td>\n"; $ret .= " <td>" . $row['session_time'] . "s</td>\n";
320 $ret .= " <td>" . gmdate("Y-m-d", $row['last_seen']) . "</td>\n";
427 $v = $row['last_seen'] == 0 ? "-" : gmdate("Y-m-d", $row['last_seen']);
428 $ret .= " <td>" . $v . "</td>\n";
429 $v = implode(", ", rg_rights_text("user", $row['rights']));
430 $ret .= " <td>" . $v . "</td>\n";
431
321 432 // operations // operations
322 // suspend
433 $_url = $url . "&amp;uid=" . $row['uid'];
323 434 $ret .= " <td>"; $ret .= " <td>";
324 $_url = $url . "&amp;xuid=" . $row['uid'];
435
436 // edit
437 $ret .= "[<a href=\"$_url&amp;subsubop=3\">Edit</a>]";
438
439 // suspend
325 440 $v = "suspend=1"; $t = "Suspend"; $v = "suspend=1"; $t = "Suspend";
326 441 if ($row['suspended'] > 0) { if ($row['suspended'] > 0) {
327 442 $t = "Unsuspend"; $t = "Unsuspend";
328 443 $v = "unsuspend=1"; $v = "unsuspend=1";
329 444 } }
330 $ret .= "[<a href=\"$_url&amp;$v\">$t</a>]";
445 $ret .= "[<a href=\"$_url&amp;subsubop=1&amp;$v\">$t</a>]";
446
331 447 // admin // admin
332 448 $v = "make_admin=1"; $t = "Make admin"; $v = "make_admin=1"; $t = "Make admin";
333 449 if ($row['is_admin'] == 1) { if ($row['is_admin'] == 1) {
334 450 $t = "Remove admin"; $t = "Remove admin";
335 451 $v = "remove_admin=1"; $v = "remove_admin=1";
336 452 } }
337 $ret .= "[<a href=\"$_url&amp;$v\">$t</a>]";
453 $ret .= "[<a href=\"$_url&amp;subsubop=1&amp;$v\">$t</a>]";
454
338 455 // remove // remove
339 456 if ($row['suspended'] > 0) if ($row['suspended'] > 0)
340 $ret .= "[<a href=\"$_url&amp;remove=1\">Remove!</a>]";
457 $ret .= "[<a href=\"$_url&amp;subsubop=1&amp;remove=1\">Remove!</a>]";
458
341 459 $ret .= " </td>"; $ret .= " </td>";
342 460 $ret .= "</tr>\n"; $ret .= "</tr>\n";
343 461 } }
 
... ... function rg_user_forgot_pass_uid($db, $token)
381 499 } }
382 500
383 501 /* /*
384 * Reset password function (send mail)
502 * Reset password function (send mail) - helper
385 503 */ */
386 function rg_user_forgot_pass_mail($db, $email)
504 function rg_user_forgot_pass_mail_prepare($db, $email)
387 505 { {
388 rg_log("user_forgot_pass_mail: email=$email");
506 rg_log("user_forgot_pass_mail_prepare: email=$email");
389 507
390 508 $expire = time() + 24 * 3600; $expire = time() + 24 * 3600;
391 509 $token = rg_id(40); $token = rg_id(40);
 
... ... function rg_user_forgot_pass_mail($db, $email)
407 525 } }
408 526 rg_sql_free_result($res); rg_sql_free_result($res);
409 527
528 return $token;
529 }
530
531 /*
532 * Reset password function (send mail)
533 */
534 function rg_user_forgot_pass_mail($db, $email)
535 {
536 rg_log("user_forgot_pass_mail: email=$email");
537
538 $token = rg_user_forgot_pass_mail_prepare($db, $email);
539 if ($token === FALSE)
540 return FALSE;
541
410 542 if (!mail($email, "Forgot password", if (!mail($email, "Forgot password",
411 543 "Hello!\nIf you want to reset the password, follow:\n" "Hello!\nIf you want to reset the password, follow:\n"
412 . "http://" . $_SERVER['SERVER_NAME'] . "/" . $_SERVER['PHP_SELF'] . "?op=6&token=$token")) {
544 . "http://" . @$_SERVER['SERVER_NAME']
545 . "/" . @$_SERVER['PHP_SELF']
546 . "?op=6&token=$token")) {
413 547 rg_user_set_error("Cannot send mail!"); rg_user_set_error("Cannot send mail!");
414 548 return FALSE; return FALSE;
415 549 } }
 
... ... function rg_user_forgot_pass_destroy($db, $uid)
437 571
438 572 function rg_user_set_pass($db, $uid, $pass) function rg_user_set_pass($db, $uid, $pass)
439 573 { {
440 rg_log("user_set_pass...");
574 rg_log("user_set_pass: uid=$uid pass=$pass");
441 575
442 576 $e_salt = rg_id(40); $e_salt = rg_id(40);
443 $e_sha1pass = sha1($e_salt . "===" . $pass);
577 $e_sha1pass = rg_user_pass($e_salt, $pass);
444 578
445 579 $sql = "UPDATE users SET" $sql = "UPDATE users SET"
446 580 ." salt = '$e_salt'" ." salt = '$e_salt'"
File inc/user/forgot.form.php changed (mode: 100644) (index e70b08a..6285035)
... ... if (!empty($error))
8 8 $_forgot_form .= ' $_forgot_form .= '
9 9 <form method="post" action="' . $_SERVER['PHP_SELF'] . '"> <form method="post" action="' . $_SERVER['PHP_SELF'] . '">
10 10 <input type="hidden" name="op" value="' . $op . '"> <input type="hidden" name="op" value="' . $op . '">
11 <input type="hidden" name="token" value="' . rg_var_str("token") . '">
11 <input type="hidden" name="ftoken" value="' . $ftoken . '">
12 12 <input type="hidden" name="doit" value="1"> <input type="hidden" name="doit" value="1">
13 <input type="hidden" name="token" value="' . rg_token_get($db, $sid) . '">
13 14
14 15 <table> <table>
15 16 <tr> <tr>
File inc/user/forgot.php changed (mode: 100644) (index d9aa318..9b7d719)
1 1 <?php <?php
2 2 rg_log("/inc/user/forgot.php"); rg_log("/inc/user/forgot.php");
3 3
4 $token = rg_var_str("token");
4 $ftoken = rg_var_str("ftoken");
5 5 $pass1 = rg_var_str("pass1"); $pass1 = rg_var_str("pass1");
6 6 $pass2 = rg_var_str("pass2"); $pass2 = rg_var_str("pass2");
7 7
 
... ... if ($doit == 1) {
14 14 if (strcmp($pass1, $pass2) != 0) { if (strcmp($pass1, $pass2) != 0) {
15 15 $error .= "Passwords mismatch."; $error .= "Passwords mismatch.";
16 16 } else { } else {
17 $r = user_forgot_pass_uid($db, $token);
17 $r = user_forgot_pass_uid($db, $ftoken);
18 18 if ($r['ok'] != 1) { if ($r['ok'] != 1) {
19 19 $error .= "Internal error, try again later."; $error .= "Internal error, try again later.";
20 20 } else if ($r['uid'] == 0) { } else if ($r['uid'] == 0) {
File inc/util.inc.php changed (mode: 100644) (index 1aeece6..86962e8)
... ... function rg_var_uint($name)
116 116 return sprintf("%u", rg_var_str($name)); return sprintf("%u", rg_var_str($name));
117 117 } }
118 118
119 function rg_var_re($name, $re)
120 {
121 $a = rg_var_str($name);
122 return preg_replace($re, "", $a);
123 }
124
119 125 /* /*
120 126 * Enforce chars in a name. It is used for user and repo. * Enforce chars in a name. It is used for user and repo.
121 127 */ */
122 function rg_chars_allow($name, $allowed_chars)
128 function rg_chars_allow($name, $allowed_regexp)
123 129 { {
124 if (preg_match($allowed_chars, $name) === FALSE)
130 if (preg_match($allowed_regexp, $name) === 0)
125 131 return FALSE; return FALSE;
126 132
127 133 return TRUE; return TRUE;
File rocketgit.spec.in added (mode: 100644) (index 0000000..23674f5)
1 Summary: Light and fast Git hosting solution
2 Name: @PRJ@
3 Version: @VER@
4 Release: @REV@
5 License: GPLv3
6 Group: Applications/Network
7 Source: http://kernel.embedromix.ro/us/rocketgit/%{name}-%{version}.tar.gz
8 URL: http://kernel.embedromix.ro/us/
9 Packager: Catalin(ux) M. BOIE <catab@embedromix.ro>
10 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
11 BuildArch: noarch
12 Requires: httpd, php-process, php-cli, xinetd
13
14
15 %description
16 Light and fast Git hosting solution, similar with Gitorious/GitHub/etc.
17
18 %prep
19 %setup
20
21 %build
22 %configure
23 make
24
25 %install
26 rm -rf ${RPM_BUILD_ROOT}
27 mkdir -p ${RPM_BUILD_ROOT}
28 make install DESTDIR=${RPM_BUILD_ROOT}
29
30 %clean
31 rm -rf ${RPM_BUILD_ROOT}
32
33 %files
34 %attr (-,root,root)
35 %dir @USR_SHARE@/*
36 %doc README LICENSE Changelog TODO
File root/index.php changed (mode: 100644) (index 33792ef..391b97e)
... ... include_once($INC . "/db.inc.php");
15 15 include_once($INC . "/user.inc.php"); include_once($INC . "/user.inc.php");
16 16 include_once($INC . "/repo.inc.php"); include_once($INC . "/repo.inc.php");
17 17 include_once($INC . "/keys.inc.php"); include_once($INC . "/keys.inc.php");
18 include_once($INC . "/token.inc.php");
18 19
19 20 rg_log_set_file("/tmp/rg_web.log"); rg_log_set_file("/tmp/rg_web.log");
20 21
 
... ... $op = rg_var_str("op");
25 26 $subop = rg_var_uint("subop"); $subop = rg_var_uint("subop");
26 27 $subsubop = rg_var_uint("subsubop"); $subsubop = rg_var_uint("subsubop");
27 28 $doit = rg_var_uint("doit"); $doit = rg_var_uint("doit");
28 $sid = rg_var_str("sid");
29 $sid = rg_var_re("sid", "/[^A-Za-z0-9]/");
30 $token = rg_var_re("token", "/[^A-Za-z0-9]/");
29 31
30 32 rg_log("IP: " . @$_SERVER['REMOTE_ADDR']); rg_log("IP: " . @$_SERVER['REMOTE_ADDR']);
31 33 rg_log("_REQUEST: " . trim(print_r($_REQUEST, TRUE))); rg_log("_REQUEST: " . trim(print_r($_REQUEST, TRUE)));
 
... ... $tail .= "</html>\n";
67 69 // menu // menu
68 70 $amenu = array( $amenu = array(
69 71 "login" => array("text" => "Login"), "login" => array("text" => "Login"),
72 "personal" => array("text" => "Personal"),
70 73 "repo" => array("text" => "My repositories"), "repo" => array("text" => "My repositories"),
71 74 "keys" => array("text" => "SSH keys"), "keys" => array("text" => "SSH keys"),
72 75 "admin" => array("text" => "Admin", "needs_admin" => 1), "admin" => array("text" => "Admin", "needs_admin" => 1),
File samples/config.php changed (mode: 100644) (index 722b2d2..e8f1b55)
... ... $rg_session_time = 3600;
16 16 $rg_keys_file = $rg_base . "/.ssh/authorized_keys"; $rg_keys_file = $rg_base . "/.ssh/authorized_keys";
17 17
18 18 // Scripts // Scripts
19 $rg_scripts = "/BIG1T/sync1/Dev/rg/scripts";
19 $rg_scripts = "/usr/share/rocketgit/scripts";
20 20
21 21 // Allowed repo names (regular expression) // Allowed repo names (regular expression)
22 $rg_repo_allow = '/^[^A-Za-z0-9_.-]$/';
22 $rg_repo_allow = '/^[A-Za-z0-9_.-]*$/';
23 23
24 24 // Allowed repo name length // Allowed repo name length
25 $rg_repo_max_len = 16;
25 $rg_repo_max_len = 64;
26 26
27 27 // Allowed user names (regular expression) // Allowed user names (regular expression)
28 $rg_user_allow = '/^[^A-Za-z0-9_.-]$/';
28 $rg_user_allow = '/^[A-Za-z0-9_.-]*$/';
29 29
30 30 // Allowed user name length // Allowed user name length
31 $rg_user_max_len = 16;
31 $rg_user_max_len = 32;
32 32
33 33 // SSH parameters for authorized_keys // SSH parameters for authorized_keys
34 34 $rg_ssh_paras = "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty"; $rg_ssh_paras = "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty";
35 35
36 // Random key that will be used for encription of the password for better security
37 $rg_pass_key = "reigjmn9483jfisendfhwefhefhesfuhfskhjukhtw4khfwkur";
38
36 39 ?> ?>
File samples/cron changed (mode: 100644) (index a57ca50..8c8b49e)
1 * * * * * rg php /BIG1T/sync1/Dev/rg/scripts/cron.php
2 * * * * * rg php /BIG1T/sync1/Dev/rg/scripts/q.php
1 * * * * * rg php /usr/share/rocketgit/scripts/cron.php
2 * * * * * rg php /usr/share/rocketgit/scripts/q.php
File samples/rg changed (mode: 100644) (index bff94f3..c71ce35)
... ... service git
10 10 wait = no wait = no
11 11 user = rg user = rg
12 12 server = /usr/bin/php server = /usr/bin/php
13 server_args = /BIG1T/sync1/Dev/rg/scripts/ssh.php
13 server_args = /usr/share/rocketgit/scripts/ssh.php
14 14 log_on_failure += USERID log_on_failure += USERID
15 15 } }
File samples/rg.conf changed (mode: 100644) (index 0e3b045..48733a5)
3 3 <VirtualHost *:80> <VirtualHost *:80>
4 4 ServerName rg.embedromix.ro ServerName rg.embedromix.ro
5 5 ServerAlias rg ServerAlias rg
6 DocumentRoot /BIG1T/sync1/Dev/rg/root/
6 DocumentRoot /usr/share/rocketgit/root/
7 7
8 <Directory "/BIG1T/sync1/Dev/rg/root">
8 <Directory "/usr/share/rocketgit/root">
9 9 AllowOverride All AllowOverride All
10 10 Order allow,deny Order allow,deny
11 11 Allow from all Allow from all
File scripts/cron.php changed (mode: 100644) (index 87dc90d..4931eae)
... ... if (date("H") == 0) {
40 40 } else { } else {
41 41 while (($row = rg_sql_fetch_array($res))) { while (($row = rg_sql_fetch_array($res))) {
42 42 rg_log("Processing repository [" . $row['name'] . "]..."); rg_log("Processing repository [" . $row['name'] . "]...");
43 $repo_path = rg_repo_id2base($row['repo_id']) . $row['name'] . ".git";
43 $repo_path = rg_repo_name2base($row['name']) . $row['name'] . ".git";
44 44 $disk_mb = rg_repo_disk_mb($repo_path); $disk_mb = rg_repo_disk_mb($repo_path);
45 45 $sql = "UPDATE repos SET disk_mb = $disk_mb" $sql = "UPDATE repos SET disk_mb = $disk_mb"
46 46 . " WHERE repo_id = " . $row['repo_id']; . " WHERE repo_id = " . $row['repo_id'];
 
... ... if (date("H") == 0) {
69 69 rg_sql_free_result($res); rg_sql_free_result($res);
70 70 } }
71 71
72 if (date("H") == 1) {
73 rg_log("Clean old tokens...");
74 $sql = "DELETE FROM tokens WHERE expire < $now";
75 $res = rg_sql_query($db, $sql);
76 rg_sql_free_result($res);
77 }
78
72 79 if (date("H") == 1) { if (date("H") == 1) {
73 80 rg_log("Clean old sess entries..."); rg_log("Clean old sess entries...");
74 81 $sql = "DELETE FROM sess WHERE expire < $now"; $sql = "DELETE FROM sess WHERE expire < $now";
File scripts/q.php changed (mode: 100644) (index 23e6bc8..d636337)
... ... while ($runs-- > 0) {
59 59 while (($row = rg_sql_fetch_array($res))) { while (($row = rg_sql_fetch_array($res))) {
60 60 rg_log("\tProcess repo " . $row['name'] . "..."); rg_log("\tProcess repo " . $row['name'] . "...");
61 61
62 $dst = rg_repo_id2base($row['repo_id']) . $row['name'] . ".git";
62 $dst = rg_repo_name2base($row['name']) . $row['name'] . ".git";
63 63 if ($row['master'] == 0) { if ($row['master'] == 0) {
64 64 $r = rg_git_init($dst); $r = rg_git_init($dst);
65 65 if ($r === FALSE) { if ($r === FALSE) {
 
... ... while ($runs-- > 0) {
72 72 if ($mi['exists'] != 1) { if ($mi['exists'] != 1) {
73 73 rg_log("\tCannot find master!"); rg_log("\tCannot find master!");
74 74 } else { } else {
75 $src = rg_repo_id2base($mi['repo_id']) . $mi['name'] . ".git";
75 $src = rg_repo_name2base($mi['name']) . $mi['name'] . ".git";
76 76 $r = rg_git_clone($src, $dst); $r = rg_git_clone($src, $dst);
77 77 if ($r === FALSE) { if ($r === FALSE) {
78 78 rg_log("\tCould not create repo!"); rg_log("\tCould not create repo!");
 
... ... while ($runs-- > 0) {
81 81 } }
82 82 } }
83 83 } }
84
85 rg_log("Make hooks links...");
86 symlink("/BIG1T/sync1/Dev/rg/scripts/hooks_update", $dst . "/hooks/upate");
84 87 } }
85 88 rg_sql_free_result($res); rg_sql_free_result($res);
86 89
File scripts/ssh.php changed (mode: 100644) (index 74a4810..56c4f09)
... ... $repo = preg_replace('/\.git$/' , '', $repo);
104 104 rg_log("host=[$host] cmd=[$cmd] repo=[$repo] perms=[$perms]."); rg_log("host=[$host] cmd=[$cmd] repo=[$repo] perms=[$perms].");
105 105
106 106 // validity/security checks // validity/security checks
107 if (empty($repo))
108 fatal("Repo is invalid!");
109 if (preg_match('/\.\./', $repo))
110 fatal("Repo must not contain [..]!");
111 if (preg_match('/\//', $repo))
112 fatal("Repo must not contain [/]!");
107 if (rg_repo_ok($repo) !== TRUE)
108 fatal("Repo [$repo] is invalid (" . rg_repo_error() . ")");
113 109
114 110 $db = rg_sql_open($rg_db); $db = rg_sql_open($rg_db);
115 111 if ($db === FALSE) if ($db === FALSE)
 
... ... if (!rg_repo_allow($db, $ri, $rg_ui, $perms))
132 128
133 129 // TODO: limit time and/or cpu // TODO: limit time and/or cpu
134 130
135 $repo_base = rg_repo_id2base($ri['repo_id']);
131 $repo_base = rg_repo_name2base($repo);
136 132 $repo_path = $repo_base . $repo . ".git"; $repo_path = $repo_base . $repo . ".git";
137 133 rg_log("repo_path=$repo_path."); rg_log("repo_path=$repo_path.");
138 134
File tests/Makefile changed (mode: 100644) (index a30ccb6..4f735a9)
1 tests := util db keys repo state
1 tests := util db keys repo rights state user
2 2 .PHONY: $(tests) .PHONY: $(tests)
3 3
4 4 all: $(tests) all: $(tests)
 
... ... keys:
15 15 repo: repo:
16 16 php repo.php php repo.php
17 17
18 rights:
19 php rights.php
20
18 21 state: state:
19 22 php state.php php state.php
23
24 user:
25 php user.php
File tests/repo.php changed (mode: 100644) (index 43b75be..3bc9499)
... ... $INC = "../inc";
5 5 require_once($INC . "/repo.inc.php"); require_once($INC . "/repo.inc.php");
6 6 require_once($INC . "/db/struct.inc.php"); require_once($INC . "/db/struct.inc.php");
7 7
8 rg_log_set_file(__FILE__ . ".log");
8 rg_log_set_file("repo.log");
9
10 $rg_sql_debug = 1;
11
12 // defaults
13 $rg_repo_max_len = 100;
14 $rg_base_repo = "/u";
15
16
17 rg_log("name2base1");
18 $e = "/u/a/a/";
19 $c = rg_repo_name2base("aa");
20 if (strcmp($c, $e) != 0) {
21 echo "name2base1 is not working correctly: c=$c e=$e.\n";
22 exit(1);
23 }
24
25 rg_log("name2base2");
26 $e = "/u/a/_/";
27 $c = rg_repo_name2base("a");
28 if (strcmp($c, $e) != 0) {
29 echo "name2base2 is not working correctly: c=$c e=$e.\n";
30 exit(1);
31 }
32
33 rg_log("test if repo_allow works correctly (0)");
34 $rg_repo_allow = '/^[A-Za-z0-9]*$/';
35 $v = "xx";
36 $c = rg_repo_ok($v);
37 if ($c !== TRUE) {
38 echo "repo_allow problem for valid repo [$v] (c=$c).\n";
39 exit(1);
40 }
41
42 rg_log("test if repo_allow works correctly (1)");
43 $rg_repo_allow = '/^[A-Za-z0-9]*$/';
44 $v = "eyhtmcmet_";
45 $c = rg_repo_ok($v);
46 if ($c !== FALSE) {
47 echo "repo_allow problem for '_' in [$v] (c=$c).\n";
48 exit(1);
49 }
50
51 rg_log("test if repo_allow works correctly (2)");
52 $rg_repo_allow = '/^[A-Za-z0-9_.-]*$/';
53 $v = ".e&y.h-tmcmet&_.-";
54 $c = rg_repo_ok($v);
55 if ($c !== FALSE) {
56 echo "repo_allow problem for '&'.\n";
57 exit(1);
58 }
59
60 rg_log("check if we allow '..'");
61 $rg_repo_allow = '/^[A-Za-z0-9_.-]*$/';
62 $v = "a..b";
63 $c = rg_repo_ok($v);
64 if ($c !== FALSE) {
65 echo "repo_allow problem for '..'.\n";
66 exit(1);
67 }
68
69 rg_log("check len test");
70 $v = "0123456789A";
71 $rg_repo_allow = '/^[A-Za-z0-9]*$/';
72 $rg_repo_max_len = 10;
73 $c = rg_repo_ok($v);
74 if ($c !== FALSE) {
75 echo "repo_ok: max length is not enforced!\n";
76 exit(1);
77 }
78
9 79
10 80 @unlink("repo.sqlite"); @unlink("repo.sqlite");
11 81
 
... ... if ($r === FALSE) {
24 94 $sql = "INSERT INTO repos (repo_id, name, uid, itime" $sql = "INSERT INTO repos (repo_id, name, uid, itime"
25 95 . ", disk_quota_mb, max_commit_size" . ", disk_quota_mb, max_commit_size"
26 96 . ", master, desc, git_dir_done, default_rights)" . ", master, desc, git_dir_done, default_rights)"
27 . " VALUES (1, 'repo1', 1, 0, 0, 0, 0, 'bla bla desc', 1, '')";
97 . " VALUES (1, 'repo1', 1, 0, 0, 0, 0, 'bla bla desc', 1, 'F')";
28 98 $res = rg_sql_query($db, $sql); $res = rg_sql_query($db, $sql);
29 99 if ($res === FALSE) { if ($res === FALSE) {
30 100 echo "Cannot insert a user!\n"; echo "Cannot insert a user!\n";
31 101 exit(1); exit(1);
32 102 } }
33 103
104 echo "test giving rights\n";
34 105 $repo_id = 1; $repo_id = 1;
35 106 $ri = rg_repo_info($db, $repo_id, ""); $ri = rg_repo_info($db, $repo_id, "");
36 107 $uid = 10; $uid = 10;
37 $v = rg_repo_rights_set($db, $ri, $uid, "F");
108 $v = rg_repo_rights_set($db, $ri, $uid, "P");
38 109 if ($v === FALSE) { if ($v === FALSE) {
39 110 echo "Cannot give rights (1)!\n"; echo "Cannot give rights (1)!\n";
40 111 exit(1); exit(1);
41 112 } }
42 113
43 @unlink("repo.sqlite");
44
45 $a = "AF"; $b = "AD"; $e = "AFD";
46 $r = rg_repo_rights_combine($a, $b);
47 if (strcmp($r, $e) != 0) {
48 echo "Combine rights error1 ([$r] vs [$e])\n";
114 echo "owner gets all rights.\n";
115 $uid = 1;
116 $e = rg_rights_all("repo");
117 $r = rg_repo_rights_get($db, $ri, $uid, 0);
118 $c = $r['rights'];
119 if (strcmp($c, $e) != 0) {
120 echo "Owner did not get all rights: c=$c e=$e.\n";
49 121 exit(1); exit(1);
50 122 } }
51 123
52 $a = ""; $b = ""; $e = "";
53 $r = rg_repo_rights_combine($a, $b);
54 if (strcmp($r, $e) != 0) {
55 echo "Combine rights error1 ([$r] vs [$e])\n";
124 echo "non-owner gets correct rights: F gets from default rights.\n";
125 $uid = 12;
126 $r = rg_repo_rights_set($db, $ri, $uid, "P");
127 if ($r !== TRUE) {
128 echo "Cannot set rights (" . rg_repo_error() . ")!\n";
56 129 exit(1); exit(1);
57 130 } }
58
59 $a = "AXUJUNFUUFU"; $b = ""; $e = $a;
60 $r = rg_repo_rights_combine($a, $b);
61 if (strcmp($r, $e) != 0) {
62 echo "Combine rights error1 ([$r] vs [$e])\n";
63 exit(1);
64 }
65
66 // test if repo_allow works correctly
67 $rg_repo_allow = '/^[^A-Za-z0-9]*$/';
68 $v = "eyhtmcmet_";
69 $c = rg_repo_ok($v);
70 if ($c !== FALSE) {
71 echo "repo_allow problem for '_' ($c).\n";
131 $e = "FP";
132 $r = rg_repo_rights_get($db, $ri, $uid, 0);
133 $c = $r['rights'];
134 if (strcmp($c, $e) != 0) {
135 echo "Non-owner did not get correct rights: c=$c e=$e.\n";
72 136 exit(1); exit(1);
73 137 } }
74 138
75 $rg_repo_allow = '/^[^A-Za-z0-9_.-]*$/';
76 $v = ".e&y.h-tmcmet&_.-";
77 $c = rg_repo_ok($v);
78 if ($c !== FALSE) {
79 echo "repo_allow problem for '&'.\n";
139 echo "owner can set separate rights for him\n";
140 $uid = 1;
141 $v = rg_repo_rights_set($db, $ri, $uid, "A");
142 if ($v === FALSE) {
143 echo "Owner cannot set separate rights for him!\n";
80 144 exit(1); exit(1);
81 145 } }
82 146
83 // check if we allow '..'
84 $rg_repo_allow = '/^[^A-Za-z0-9_.-]*$/';
85 $v = "a..b";
86 $c = rg_repo_ok($v);
87 if ($c !== FALSE) {
88 echo "repo_allow problem for '..'.\n";
147 rg_log("list1");
148 $r = rg_repo_rights_list($db, $ri, "/prj1");
149 if ($r === FALSE) {
150 echo "Cannot list rights (" . rg_repo_error() . ")\n";
89 151 exit(1); exit(1);
90 152 } }
91 153
92 // check len
93 $v = "0123456789A";
94 $rg_repo_allow = '/^[^A-Za-z0-9]*$/';
95 $rg_repo_max_len = 10;
96 $c = rg_repo_ok($v);
97 if ($c !== FALSE) {
98 echo "repo_ok: max length is not enforced!\n";
99 exit(1);
100 }
154 @unlink("repo.sqlite");
101 155
102 156 echo "OK\n"; echo "OK\n";
103 157 ?> ?>
File tests/rights.php added (mode: 100644) (index 0000000..ce5638e)
1 <?php
2 error_reporting(E_ALL | E_STRICT);
3
4 $INC = "../inc";
5 require_once($INC . "/rights.inc.php");
6
7 rg_log_set_file("rights.log");
8
9 rg_log("test if combine works correctly (1)");
10 $a = "AF"; $b = "AD"; $e = "AFD";
11 $r = rg_rights_combine($a, $b);
12 if (strcmp($r, $e) != 0) {
13 echo "Combine rights error1 ([$r] vs [$e])\n";
14 exit(1);
15 }
16
17 rg_log("test if combine works correctly (2)");
18 $a = ""; $b = ""; $e = "";
19 $r = rg_rights_combine($a, $b);
20 if (strcmp($r, $e) != 0) {
21 echo "Combine rights error1 ([$r] vs [$e])\n";
22 exit(1);
23 }
24
25 rg_log("test if combine works correctly (3)");
26 $a = "AXUJUNFUUFU"; $b = ""; $e = $a;
27 $r = rg_rights_combine($a, $b);
28 if (strcmp($r, $e) != 0) {
29 echo "Combine rights error1 ([$r] vs [$e])\n";
30 exit(1);
31 }
32
33 echo "OK\n";
34 ?>
File tests/user.php changed (mode: 100644) (index da193d8..d7673c4)
... ... $INC = "../inc";
5 5 require_once($INC . "/user.inc.php"); require_once($INC . "/user.inc.php");
6 6 require_once($INC . "/db/struct.inc.php"); require_once($INC . "/db/struct.inc.php");
7 7
8 rg_log_set_file("user.log");
9
10 $rg_user_max_len = 20;
11 $rg_pass_key = "aaa";
12 $rg_session_time = 3600;
13 $rg_user_allow = '/^[A-Za-z0-9_.-]*$/';
14
8 15 @unlink("user.sqlite"); @unlink("user.sqlite");
9 16
10 17 $db = rg_sql_open("sqlite:user.sqlite"); $db = rg_sql_open("sqlite:user.sqlite");
 
... ... if ($r === FALSE) {
19 26 exit(1); exit(1);
20 27 } }
21 28
22 $sql = "INSERT INTO users VALUES ('rg@localhost', '', 0)";
23 $res = rg_sql_query($db, $sql);
24 if ($res === FALSE) {
25 echo "Cannot insert a user!";
29 // add user
30 $r = rg_user_edit($db, 0, "userA", "rg@localhost", "pass1", 1, 100, "C");
31 if ($r !== TRUE) {
32 echo "Cannot add user (" . rg_user_error() . ")!\n";
26 33 exit(1); exit(1);
27 34 } }
35 $uid = rg_sql_last_id($db);
28 36
29 37 $v = rg_user_forgot_pass_mail($db, "rg@localhost"); $v = rg_user_forgot_pass_mail($db, "rg@localhost");
30 38 if ($v === FALSE) { if ($v === FALSE) {
 
... ... if ($v === FALSE) {
32 40 exit(1); exit(1);
33 41 } }
34 42
43 $_ui = rg_user_info($db, $uid, "", "");
44 if ($_ui['exists'] != 1) {
45 echo "Seems that user with $uid does not exists!\n";
46 exit(1);
47 }
48 $salt = $_ui['salt'];
49 $pass = $_ui['pass'];
50
51 // edit user - empty pass
52 $r = rg_user_edit($db, $uid, "userA", "rg@localhost", "", 1, 100, "C");
53 if ($r !== TRUE) {
54 echo "Cannot edit user with empty pass (" . rg_user_error() . ")!\n";
55 exit(1);
56 }
57 // the pass should not be changed here
58 $_ui = rg_user_info($db, $uid, "", "");
59 if ($_ui['exists'] != 1) {
60 echo "Seems that user with $uid does not exists!\n";
61 exit(1);
62 }
63 if (strcmp($salt, $_ui['salt']) != 0) {
64 echo "Salt was changed!\n";
65 exit(1);
66 }
67 if (strcmp($pass, $_ui['pass']) != 0) {
68 echo "Password was changed!\n";
69 exit(1);
70 }
71
72 // edit user - no empty pass
73 $r = rg_user_edit($db, $uid, "userA", "rg@localhost", "pass2", 1, 100, "C");
74 if ($r !== TRUE) {
75 echo "Cannot edit user with not empty pass (" . rg_user_error() . ")!\n";
76 exit(1);
77 }
78 // the pass should be changed here
79 $_ui = rg_user_info($db, $uid, "", "");
80 if ($_ui['exists'] != 1) {
81 echo "Seems that user with $uid does not exists!\n";
82 exit(1);
83 }
84 if (strcmp($salt, $_ui['salt']) == 0) {
85 echo "Salt was not changed!\n";
86 exit(1);
87 }
88 if (strcmp($pass, $_ui['pass']) == 0) {
89 echo "Password was not changed!\n";
90 exit(1);
91 }
92
93 // change password
94 $r = rg_user_set_pass($db, $uid, "pass3");
95 if ($r !== TRUE) {
96 echo "Cannot change pass!\n";
97 exit(1);
98 }
99
100 // get token for e-mail forgot pass feature
101 $token = rg_user_forgot_pass_mail_prepare($db, "rg@localhost");
102 if ($token === FALSE) {
103 echo "Could not get token (" . rg_user_error() . ")!\n";
104 exit(1);
105 }
106
107 $r = rg_user_forgot_pass_uid($db, $token);
108 if ($r['ok'] != 1) {
109 echo "Cannot find uid based on token (" . rg_user_error() . ")!\n";
110 exit(1);
111 }
112
113 if ($r['uid'] != $uid) {
114 echo "Token returned does not belong to the proper user!\n";
115 exit(1);
116 }
117
35 118 @unlink("user.sqlite"); @unlink("user.sqlite");
36 119
37 120 echo "OK\n"; echo "OK\n";
Hints
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:
... clone the repository ...
... make some changes and some commits ...
git push origin master