egroupware/webdav.php

<?php
/**
 * FileManger - WebDAV access
 *
 * For Apache FCGI you need the following rewrite rule:
 *
 * 	RewriteEngine on
 * 	RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
 *
 * Otherwise authentication request will be send over and over again, as password is NOT available to PHP!
 *
 * Using the PEAR HTTP/WebDAV/Server class (which need to be installed!)
 *
 * @link http://www.egroupware.org
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @package api
 * @subpackage vfs
 * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @copyright (c) 2006-10 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @version $Id$
 */

$starttime = microtime(true);

/**
 * check if the given user has access
 *
 * Create a session or if the user has no account return authenticate header and 401 Unauthorized
 *
 * @param array &$account
 * @return int session-id
 */
function check_access(&$account)
{
	if (isset($_GET['auth']))
	{
		list($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']) = explode(':',base64_decode($_GET['auth']),2);
	}
	return egw_digest_auth::autocreate_session_callback($account);
}

$GLOBALS['egw_info'] = array(
	'flags' => array(
		'disable_Template_class' => True,
		'noheader'  => True,
		'currentapp' => preg_match('|/webdav.php/apps/([A-Za-z0-9_-]+)/|', $_SERVER['REQUEST_URI'], $matches) ? $matches[1] : 'filemanager',
		'autocreate_session_callback' => 'check_access',
		'no_exception_handler' => 'basic_auth',	// we use a basic auth exception handler (sends exception message as basic auth realm)
		'auth_realm' => 'EGroupware WebDAV server',	// cant use vfs_webdav_server::REALM as autoloading and include path not yet setup!
	)
);
require_once('phpgwapi/inc/class.egw_digest_auth.inc.php');

// if you move this file somewhere else, you need to adapt the path to the header!
try
{
	include(dirname(__FILE__).'/header.inc.php');
}
catch (egw_exception_no_permission_app $e)
{
	if (isset($GLOBALS['egw_info']['user']['apps']['filemanager']))
	{
		$GLOBALS['egw_info']['currentapp'] = 'filemanager';
	}
	elseif (isset($GLOBALS['egw_info']['user']['apps']['sitemgr-link']))
	{
		$GLOBALS['egw_info']['currentapp'] = 'sitemgr-link';
	}
	else
	{
		throw $e;
	}
}
//$headertime = microtime(true);

// webdav is stateless: we dont need to keep the session open, it only blocks other calls to same basic-auth session
$GLOBALS['egw']->session->commit_session();

$webdav_server = new vfs_webdav_server();
$webdav_server->ServeRequest();
//error_log(sprintf('WebDAV %s request: status "%s", took %5.3f s'.($headertime?' (header include took %5.3f s)':''),$_SERVER['REQUEST_METHOD'].' '.$_SERVER['PATH_INFO'],$webdav_server->_http_status,microtime(true)-$starttime,$headertime-$starttime));
moved webdav handler in the root dir, as its now a general service and not only used by filemanager 2008-05-10 23:15:46 +02:00			`<?php`
			`/**`
			`* FileManger - WebDAV access`
			`*`
documented required rewrite rule for Apache FCGI 2013-03-18 09:14:47 +01:00			`* For Apache FCGI you need the following rewrite rule:`
			`*`
			`* RewriteEngine on`
			`* RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]`
			`*`
			`* Otherwise authentication request will be send over and over again, as password is NOT available to PHP!`
			`*`
moved webdav handler in the root dir, as its now a general service and not only used by filemanager 2008-05-10 23:15:46 +02:00			`* Using the PEAR HTTP/WebDAV/Server class (which need to be installed!)`
			`*`
			`* @link http://www.egroupware.org`
			`* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License`
			`* @package api`
			`* @subpackage vfs`
			`* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>`
supporting digest auth (see RFC 2617), which is more secure then basic auth on http (no cleartext password), it currently requires cleartext passwords in the database, to calculate the A1 hash! 2010-05-05 11:19:37 +02:00			`* @copyright (c) 2006-10 by Ralf Becker <RalfBecker-AT-outdoor-training.de>`
moved webdav handler in the root dir, as its now a general service and not only used by filemanager 2008-05-10 23:15:46 +02:00			`* @version $Id$`
			`*/`

Improved exception handling: - exceptions get now always logged to the error_log - in the webgui it's now configurable, if the message contains a stacktrace (incl. function arguments) - default no (security) - command line interfaces get detected and contain no html anymore - webdav and groupdav send the exceptions as basic auth realms to the client - webdav and groupdav login failures contain the reason as part of the basic auth realm 2008-10-26 13:13:01 +01:00			`$starttime = microtime(true);`

moved webdav handler in the root dir, as its now a general service and not only used by filemanager 2008-05-10 23:15:46 +02:00			`/**`
			`* check if the given user has access`
			`*`
			`* Create a session or if the user has no account return authenticate header and 401 Unauthorized`
			`*`
			`* @param array &$account`
			`* @return int session-id`
			`*/`
			`function check_access(&$account)`
			`{`
supporting digest auth (see RFC 2617), which is more secure then basic auth on http (no cleartext password), it currently requires cleartext passwords in the database, to calculate the A1 hash! 2010-05-05 11:19:37 +02:00			`if (isset($_GET['auth']))`
"allowing to use GET parameter \"auth\" instead of (basic) Authentication header, as talked on devel list" 2009-08-18 09:55:59 +02:00			`{`
supporting digest auth (see RFC 2617), which is more secure then basic auth on http (no cleartext password), it currently requires cleartext passwords in the database, to calculate the A1 hash! 2010-05-05 11:19:37 +02:00			`list($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']) = explode(':',base64_decode($_GET['auth']),2);`
"allowing to use GET parameter \"auth\" instead of (basic) Authentication header, as talked on devel list" 2009-08-18 09:55:59 +02:00			`}`
supporting digest auth (see RFC 2617), which is more secure then basic auth on http (no cleartext password), it currently requires cleartext passwords in the database, to calculate the A1 hash! 2010-05-05 11:19:37 +02:00			`return egw_digest_auth::autocreate_session_callback($account);`
moved webdav handler in the root dir, as its now a general service and not only used by filemanager 2008-05-10 23:15:46 +02:00			`}`

			`$GLOBALS['egw_info'] = array(`
			`'flags' => array(`
			`'disable_Template_class' => True,`
			`'noheader' => True,`
using PATH_INFO as backend (HTTP_WebDAV_Server also only uses that 2012-03-27 11:04:23 +02:00			`'currentapp' => preg_match('\|/webdav.php/apps/([A-Za-z0-9_-]+)/\|', $_SERVER['REQUEST_URI'], $matches) ? $matches[1] : 'filemanager',`
moved webdav handler in the root dir, as its now a general service and not only used by filemanager 2008-05-10 23:15:46 +02:00			`'autocreate_session_callback' => 'check_access',`
Improved exception handling: - exceptions get now always logged to the error_log - in the webgui it's now configurable, if the message contains a stacktrace (incl. function arguments) - default no (security) - command line interfaces get detected and contain no html anymore - webdav and groupdav send the exceptions as basic auth realms to the client - webdav and groupdav login failures contain the reason as part of the basic auth realm 2008-10-26 13:13:01 +01:00			`'no_exception_handler' => 'basic_auth', // we use a basic auth exception handler (sends exception message as basic auth realm)`
supporting digest auth (see RFC 2617), which is more secure then basic auth on http (no cleartext password), it currently requires cleartext passwords in the database, to calculate the A1 hash! 2010-05-05 11:19:37 +02:00			`'auth_realm' => 'EGroupware WebDAV server', // cant use vfs_webdav_server::REALM as autoloading and include path not yet setup!`
moved webdav handler in the root dir, as its now a general service and not only used by filemanager 2008-05-10 23:15:46 +02:00			`)`
			`);`
supporting digest auth (see RFC 2617), which is more secure then basic auth on http (no cleartext password), it currently requires cleartext passwords in the database, to calculate the A1 hash! 2010-05-05 11:19:37 +02:00			`require_once('phpgwapi/inc/class.egw_digest_auth.inc.php');`

moved webdav handler in the root dir, as its now a general service and not only used by filemanager 2008-05-10 23:15:46 +02:00			`// if you move this file somewhere else, you need to adapt the path to the header!`
new ajax_submit() function with submitts the whole form via ajax to a given callback 2009-04-29 16:15:19 +02:00			`try`
			`{`
			`include(dirname(__FILE__).'/header.inc.php');`
			`}`
			`catch (egw_exception_no_permission_app $e)`
			`{`
			`if (isset($GLOBALS['egw_info']['user']['apps']['filemanager']))`
			`{`
			`$GLOBALS['egw_info']['currentapp'] = 'filemanager';`
			`}`
"fixed not working fallback to \"sitemgr\" rights (was sitemgr-site, but has to be sitemgr-link)" 2009-10-25 18:21:31 +01:00			`elseif (isset($GLOBALS['egw_info']['user']['apps']['sitemgr-link']))`
new ajax_submit() function with submitts the whole form via ajax to a given callback 2009-04-29 16:15:19 +02:00			`{`
"fixed not working fallback to \"sitemgr\" rights (was sitemgr-site, but has to be sitemgr-link)" 2009-10-25 18:21:31 +01:00			`$GLOBALS['egw_info']['currentapp'] = 'sitemgr-link';`
new ajax_submit() function with submitts the whole form via ajax to a given callback 2009-04-29 16:15:19 +02:00			`}`
			`else`
			`{`
			`throw $e;`
			`}`
			`}`
"allowing to use GET parameter \"auth\" instead of (basic) Authentication header, as talked on devel list" 2009-08-18 09:55:59 +02:00			`//$headertime = microtime(true);`
Improved exception handling: - exceptions get now always logged to the error_log - in the webgui it's now configurable, if the message contains a stacktrace (incl. function arguments) - default no (security) - command line interfaces get detected and contain no html anymore - webdav and groupdav send the exceptions as basic auth realms to the client - webdav and groupdav login failures contain the reason as part of the basic auth realm 2008-10-26 13:13:01 +01:00
"webdav is stateless: we dont need to keep the session open, it only blocks other calls to same basic-auth session" 2009-11-29 11:53:25 +01:00			`// webdav is stateless: we dont need to keep the session open, it only blocks other calls to same basic-auth session`
			`$GLOBALS['egw']->session->commit_session();`

moved webdav handler in the root dir, as its now a general service and not only used by filemanager 2008-05-10 23:15:46 +02:00			`$webdav_server = new vfs_webdav_server();`
Improved exception handling: - exceptions get now always logged to the error_log - in the webgui it's now configurable, if the message contains a stacktrace (incl. function arguments) - default no (security) - command line interfaces get detected and contain no html anymore - webdav and groupdav send the exceptions as basic auth realms to the client - webdav and groupdav login failures contain the reason as part of the basic auth realm 2008-10-26 13:13:01 +01:00			`$webdav_server->ServeRequest();`
reverted accidently commited webdav.php 2011-09-29 12:54:48 +02:00			`//error_log(sprintf('WebDAV %s request: status "%s", took %5.3f s'.($headertime?' (header include took %5.3f s)':''),$_SERVER['REQUEST_METHOD'].' '.$_SERVER['PATH_INFO'],$webdav_server->_http_status,microtime(true)-$starttime,$headertime-$starttime));`