From d0904ebde2c878f769e91a05f100e9117eba7470 Mon Sep 17 00:00:00 2001 From: Miles Lott Date: Tue, 6 Jan 2004 13:38:45 +0000 Subject: [PATCH] Reinstate setting of cookies similar to standard api logins by cookie; Reorganized login/logout logic; Switched to class var for $ConfigDomain --- phpgwapi/inc/class.setup.inc.php | 279 ++++++++++++++++++------------- setup/index.php | 69 ++++---- 2 files changed, 195 insertions(+), 153 deletions(-) diff --git a/phpgwapi/inc/class.setup.inc.php b/phpgwapi/inc/class.setup.inc.php index 4def126edd..f72d8e80c9 100644 --- a/phpgwapi/inc/class.setup.inc.php +++ b/phpgwapi/inc/class.setup.inc.php @@ -53,16 +53,68 @@ */ function loaddb() { - $GLOBALS['ConfigDomain'] = get_var('ConfigDomain',array('COOKIE','POST'),$_POST['FormDomain']); + if(!isset($this->ConfigDomain) || empty($this->ConfigDomain)) + { + $this->ConfigDomain = get_var('ConfigDomain',array('COOKIE','POST'),$_POST['FormDomain']); + } - $GLOBALS['phpgw_info']['server']['db_type'] = $GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_type']; + $GLOBALS['phpgw_info']['server']['db_type'] = $GLOBALS['phpgw_domain'][$this->ConfigDomain]['db_type']; $this->db = CreateObject('phpgwapi.db'); - $this->db->Host = $GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_host']; - $this->db->Type = $GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_type']; - $this->db->Database = $GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_name']; - $this->db->User = $GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_user']; - $this->db->Password = $GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_pass']; + $this->db->Host = $GLOBALS['phpgw_domain'][$this->ConfigDomain]['db_host']; + $this->db->Type = $GLOBALS['phpgw_domain'][$this->ConfigDomain]['db_type']; + $this->db->Database = $GLOBALS['phpgw_domain'][$this->ConfigDomain]['db_name']; + $this->db->User = $GLOBALS['phpgw_domain'][$this->ConfigDomain]['db_user']; + $this->db->Password = $GLOBALS['phpgw_domain'][$this->ConfigDomain]['db_pass']; + } + + /** + * Set the domain used for cookies + * + * @return string domain + */ + function set_cookiedomain() + { + $dom = $_SERVER['HTTP_HOST']; + if (preg_match("/^(.*):(.*)$/",$dom,$arr)) + { + $dom = $arr[1]; + } + $parts = explode('.',$dom); + if (count($parts) > 2) + { + if (!ereg('[0-9]+',$parts[1])) + { + for($i=1;$icookie_domain .= '.'.$parts[$i]; + } + } + else + { + $this->cookie_domain = ''; + } + } + else + { + $this->cookie_domain = ''; + } + } + + /** + * Set a cookie + * + * @param string $cookiename name of cookie to be set + * @param string $cookievalue value to be used, if unset cookie is cleared (optional) + * @param int $cookietime when cookie should expire, 0 for session only (optional) + */ + function set_cookie($cookiename,$cookievalue='',$cookietime=0) + { + if(!$this->cookie_domain) + { + $this->set_cookiedomain(); + } + setcookie($cookiename,$cookievalue,$cookietime,'/',$this->cookie_domain); } /*! @@ -76,132 +128,125 @@ $remoteip = $_SERVER['REMOTE_ADDR']; $FormLogout = get_var('FormLogout', array('GET','POST')); - $ConfigLogin = get_var('ConfigLogin', array('POST')); - $HeaderLogin = get_var('HeaderLogin', array('POST')); - $FormDomain = get_var('FormDomain', array('POST')); - $FormPW = get_var('FormPW', array('POST')); - - $ConfigDomain = get_var('ConfigDomain',array('POST','COOKIE')); - $ConfigPW = get_var('ConfigPW', array('POST','COOKIE')); - $HeaderPW = get_var('HeaderPW', array('POST','COOKIE')); - $ConfigLang = get_var('ConfigLang', array('POST','COOKIE')); - - /* - if(!empty($remoteip) && !$this->checkip($remoteip)) + if(!$FormLogout) { - return False; + $ConfigLogin = get_var('ConfigLogin', array('POST')); + $HeaderLogin = get_var('HeaderLogin', array('POST')); + $FormDomain = get_var('FormDomain', array('POST')); + $FormPW = get_var('FormPW', array('POST')); + + $this->ConfigDomain = get_var('ConfigDomain',array('POST','COOKIE')); + $ConfigPW = get_var('ConfigPW', array('POST','COOKIE')); + $HeaderPW = get_var('HeaderPW', array('POST','COOKIE')); + $ConfigLang = get_var('ConfigLang', array('POST','COOKIE')); } - */ - /* 6 cases: - 1. Logging into header admin - 2. Logging into config admin - 3. Logging out of config admin - 4. Logging out of header admin - 5. Return visit to config OR header - 6. None of the above - */ + /* if(!empty($remoteip) && !$this->checkip($remoteip)) { return False; } */ - $expire = (int)(time() + (1200*9)); /* Expire login if idle for 20 minutes. */ - - if(!empty($HeaderLogin) && $auth_type == 'Header') + /* If FormLogout is set, simply invalidate the cookies (LOGOUT) */ + switch(strtolower($FormLogout)) { - /* header admin login */ - if($FormPW == stripslashes($GLOBALS['phpgw_info']['server']['header_admin_password'])) - { - setcookie('HeaderPW',"$FormPW",$expire,'/'); - setcookie('ConfigLang',"$ConfigLang",$expire,'/'); - return True; - } - else - { - $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = lang('Invalid password'); - $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = ''; - return False; - } - } - elseif(!empty($ConfigLogin) && $auth_type == 'Config') - { - /* config login */ - if(isset($GLOBALS['phpgw_domain'][$FormDomain]) && $FormPW == stripslashes(@$GLOBALS['phpgw_domain'][$FormDomain]['config_passwd'])) - { - setcookie('ConfigPW',"$FormPW",$expire,'/'); - setcookie('ConfigDomain',"$FormDomain",$expire,'/'); - setcookie('ConfigLang',"$ConfigLang",$expire,'/'); - return True; - } - else - { - $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = lang('Invalid password'); - $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = ''; - return False; - } - } - elseif(!empty($FormLogout)) - { - /* logout */ - if($FormLogout == 'config') - { + case 'config': /* config logout */ - setcookie('ConfigPW',''); + $expire = time() - 86400; + $this->set_cookie('ConfigPW','',$expire,'/'); + $this->set_cookie('ConfigDomain','',$expire,'/'); + $this->set_cookie('ConfigLang','',$expire,'/'); $GLOBALS['phpgw_info']['setup']['LastDomain'] = $_COOKIE['ConfigDomain']; - setcookie('ConfigDomain',''); $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = lang('You have successfully logged out'); - setcookie('ConfigLang',''); $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = ''; - return False; - } - elseif($FormLogout == 'header') - { + case 'header': /* header admin logout */ - setcookie('HeaderPW',''); + $expire = time() - 86400; + $this->set_cookie('HeaderPW','',$expire,'/'); + $this->set_cookie('ConfigLang','',$expire,'/'); $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = lang('You have successfully logged out'); - setcookie('ConfigLang',''); $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = ''; + return False; + } - return False; - } - } - elseif(!empty($ConfigPW) && $auth_type == 'Config') + /* We get here if FormLogout is not set (LOGIN or subsequent pages) */ + /* Expire login if idle for 20 minutes. The cookies are updated on every page load. */ + $expire = (int)(time() + (1200*9)); + + switch(strtolower($auth_type)) { - /* Returning after login to config */ - if($ConfigPW == stripslashes($GLOBALS['phpgw_domain'][$ConfigDomain]['config_passwd'])) - { - setcookie('ConfigPW',"$ConfigPW",$expire,'/'); - setcookie('ConfigDomain',"$ConfigDomain",$expire,'/'); - setcookie('ConfigLang',"$ConfigLang",$expire,'/'); - return True; - } - else - { - $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = lang('Invalid password'); - $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = ''; - return False; - } - } - elseif(!empty($HeaderPW) && $auth_type == 'Header') - { - /* Returning after login to header admin */ - if($HeaderPW == stripslashes($GLOBALS['phpgw_info']['server']['header_admin_password'])) - { - setcookie('HeaderPW',"$HeaderPW",$expire,'/'); - setcookie('ConfigLang',"$ConfigLang",$expire,'/'); - return True; - } - else - { - $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = lang('Invalid password'); - $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = ''; - return False; - } - } - else - { - $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = ''; - $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = ''; - return False; + case 'header': + if(!empty($HeaderLogin)) + { + /* header admin login */ + if($FormPW == stripslashes($GLOBALS['phpgw_info']['server']['header_admin_password'])) + { + $this->set_cookie('HeaderPW',"$FormPW",$expire,'/'); + $this->set_cookie('ConfigLang',"$ConfigLang",$expire,'/'); + return True; + } + else + { + $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = lang('Invalid password'); + $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = ''; + return False; + } + } + elseif(!empty($HeaderPW) && $auth_type == 'Header') + { + // Returning after login to header admin + if($HeaderPW == stripslashes($GLOBALS['phpgw_info']['server']['header_admin_password'])) + { + $this->set_cookie('HeaderPW',"$HeaderPW",$expire,'/'); + $this->set_cookie('ConfigLang',"$ConfigLang",$expire,'/'); + return True; + } + else + { + $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = lang('Invalid password'); + $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = ''; + return False; + } + } + break; + case 'config': + if(!empty($ConfigLogin)) + { + /* config login */ + if(isset($GLOBALS['phpgw_domain'][$FormDomain]) && $FormPW == stripslashes(@$GLOBALS['phpgw_domain'][$FormDomain]['config_passwd'])) + { + $this->set_cookie('ConfigPW',"$FormPW",$expire,'/'); + $this->set_cookie('ConfigDomain',"$FormDomain",$expire,'/'); + /* Set this now since the cookie will not be available until the next page load */ + $this->ConfigDomain = "$FormDomain"; + $this->set_cookie('ConfigLang',"$ConfigLang",$expire,'/'); + return True; + } + else + { + $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = lang('Invalid password'); + $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = ''; + return False; + } + } + elseif(!empty($ConfigPW)) + { + // Returning after login to config + if($ConfigPW == stripslashes($GLOBALS['phpgw_domain'][$this->ConfigDomain]['config_passwd'])) + { + $this->set_cookie('ConfigPW',"$ConfigPW",$expire,'/'); + $this->set_cookie('ConfigDomain',$this->ConfigDomain,$expire,'/'); + $this->set_cookie('ConfigLang',"$ConfigLang",$expire,'/'); + return True; + } + else + { + $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = lang('Invalid password'); + $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = ''; + return False; + } + } + break; } + + return False; } function checkip($remoteip='') diff --git a/setup/index.php b/setup/index.php index 90f4247c36..a7b4b038d1 100644 --- a/setup/index.php +++ b/setup/index.php @@ -10,21 +10,15 @@ \**************************************************************************/ /* $Id$ */ - /* - Idea: This is so I don't forget. When they are performing a new install, after config, - forward them right to index.php. Create a session for them and have a nice little intro - page explaining what to do from there (e.g., create their own account). - */ $GLOBALS['DEBUG'] = False; - - $GLOBALS['phpgw_info'] = array(); + $phpgw_info = array(); $GLOBALS['phpgw_info']['flags'] = array ( - 'noheader' => True, - 'nonavbar' => True, - 'currentapp' => 'home', - 'noapi' => True, - 'nocachecontrol' => True + 'noheader' => True, + 'nonavbar' => True, + 'currentapp' => 'home', + 'noapi' => True, + 'nocachecontrol' => True ); include('./inc/functions.inc.php'); @@ -34,13 +28,13 @@ $setup_tpl = CreateObject('setup.Template',$tpl_root); $setup_tpl->set_file(array ( - 'T_head' => 'head.tpl', - 'T_footer' => 'footer.tpl', - 'T_alert_msg' => 'msg_alert_msg.tpl', - 'T_login_main' => 'login_main.tpl', - 'T_login_stage_header' => 'login_stage_header.tpl', - 'T_setup_main' => 'setup_main.tpl', - 'T_setup_db_blocks' => 'setup_db_blocks.tpl' + 'T_head' => 'head.tpl', + 'T_footer' => 'footer.tpl', + 'T_alert_msg' => 'msg_alert_msg.tpl', + 'T_login_main' => 'login_main.tpl', + 'T_login_stage_header' => 'login_stage_header.tpl', + 'T_setup_main' => 'setup_main.tpl', + 'T_setup_db_blocks' => 'setup_db_blocks.tpl' )); $setup_tpl->set_block('T_login_stage_header','B_multi_domain','V_multi_domain'); @@ -64,7 +58,7 @@ Header('Location: check_install.php'); exit; } - elseif (!$GLOBALS['phpgw_setup']->auth('Config')) + elseif(!$GLOBALS['phpgw_setup']->auth('Config')) { $GLOBALS['phpgw_setup']->html->show_header(lang('Please login'),True); $GLOBALS['phpgw_setup']->html->login_form(); @@ -79,12 +73,12 @@ // Database actions $setup_info = $GLOBALS['phpgw_setup']->detection->get_versions(); - $GLOBALS['phpgw_info']['setup']['stage']['db'] = $GLOBALS['phpgw_setup']->detection->check_db(); + $GLOBALS['phpgw_info']['setup']['stage']['db'] = $GLOBALS['phpgw_setup']->detection->check_db($setup_info); if ($GLOBALS['phpgw_info']['setup']['stage']['db'] != 1) { $setup_info = $GLOBALS['phpgw_setup']->detection->get_versions(); $setup_info = $GLOBALS['phpgw_setup']->detection->get_db_versions($setup_info); - $GLOBALS['phpgw_info']['setup']['stage']['db'] = $GLOBALS['phpgw_setup']->detection->check_db(); + $GLOBALS['phpgw_info']['setup']['stage']['db'] = $GLOBALS['phpgw_setup']->detection->check_db($setup_info); if($GLOBALS['DEBUG']) { _debug_array($setup_info); @@ -170,26 +164,29 @@ $setup_tpl->set_var('oncesetup',lang('Once the database is setup correctly')); $setup_tpl->set_var('createdb',lang('Or we can attempt to create the database for you:')); $setup_tpl->set_var('create_database',lang('Create database')); - $info = $GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]; + $info = $GLOBALS['phpgw_domain'][$GLOBALS['phpgw_setup']->ConfigDomain]; switch ($info['db_type']) { case 'mysql': $setup_tpl->set_var('instr', - lang("Instructions for creating the database in %1:",'MySql'). - '
'.lang('Login to mysql -'). - '
[user@server user]# mysql -u root -p
'. - lang('Create the empty database and grant user permissions -'). - "
mysql> create database $info[db_name];". - "
mysql> grant all on $info[db_name].* to $info[db_user]@localhost identified by '$info[db_pass]';"); + lang("Instructions for creating the database in %1:",'MySql') + . '
'.lang('Login to mysql -') + . '
[user@server user]# mysql -u root -p
' + . lang('Create the empty database and grant user permissions -') + . "
mysql> create database $info[db_name];" + . "
mysql> grant all on " . $info['db_name'] + . ".* to " . $info['db_user'] . "@localhost identified by '" . $info['db_pass'] . "';"); break; case 'pgsql': $setup_tpl->set_var('instr', - lang('Instructions for creating the database in %1:','PostgreSQL'). - '
'.lang('Start the postmaster'). - "
[user@server user]# postmaster -i -D /home/[username]/[dataDir]
". - lang('Create the empty database -'). - "
[user@server user]# createdb $info[db_name]"); + lang('Instructions for creating the database in %1:','PostgreSQL') + . '
'.lang('Start the postmaster') + . "
[user@server user]# postmaster -i -D /home/[username]/[dataDir]
" + . lang('Create the empty database -') + . "
[user@server user]# createdb " . $info['db_name'] . ""); break; + default: + $setup_tpl->set_var('instr',''); } $setup_tpl->parse('V_db_stage_1','B_db_stage_1'); $db_filled_block = $setup_tpl->get_var('V_db_stage_1'); @@ -243,7 +240,7 @@ $setup_tpl->set_var('tblchange',lang('Table Change Messages')); $setup_tpl->parse('V_db_stage_6_pre','B_db_stage_6_pre'); $db_filled_block = $setup_tpl->get_var('V_db_stage_6_pre'); - + // FIXME : CAPTURE THIS OUTPUT $GLOBALS['phpgw_setup']->db->Halt_On_Error = 'report'; @@ -458,7 +455,7 @@ $GLOBALS['phpgw_info']['setup']['header_msg'], False, 'config', - $GLOBALS['ConfigDomain'] . '(' . $GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_type'] . ')' + $GLOBALS['phpgw_setup']->ConfigDomain . '(' . $GLOBALS['phpgw_domain'][$GLOBALS['phpgw_setup']->ConfigDomain]['db_type'] . ')' ); $setup_tpl->pparse('out','T_setup_main'); $GLOBALS['phpgw_setup']->html->show_footer();