index.php 4.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124
  1. <?php
  2. /**
  3. * ownCloud
  4. *
  5. * @author Frank Karlitschek
  6. * @copyright 2010 Frank Karlitschek karlitschek@kde.org
  7. *
  8. * This library is free software; you can redistribute it and/or
  9. * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
  10. * License as published by the Free Software Foundation; either
  11. * version 3 of the License, or any later version.
  12. *
  13. * This library is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
  17. *
  18. * You should have received a copy of the GNU Affero General Public
  19. * License along with this library. If not, see <http://www.gnu.org/licenses/>.
  20. *
  21. */
  22. $RUNTIME_NOAPPS = TRUE; //no apps, yet
  23. require_once('lib/base.php');
  24. // Setup required :
  25. $not_installed = !OC_Config::getValue('installed', false);
  26. if($not_installed) {
  27. // Check for autosetup:
  28. $autosetup_file = OC::$SERVERROOT."/config/autoconfig.php";
  29. if( file_exists( $autosetup_file )){
  30. OC_Log::write('core','Autoconfig file found, setting up owncloud...',OC_Log::INFO);
  31. include( $autosetup_file );
  32. $_POST['install'] = 'true';
  33. $_POST = array_merge ($_POST, $AUTOCONFIG);
  34. unlink($autosetup_file);
  35. }
  36. OC_Util::addScript('setup');
  37. require_once('setup.php');
  38. exit();
  39. }
  40. // Handle WebDAV
  41. if($_SERVER['REQUEST_METHOD']=='PROPFIND'){
  42. header('location: '.OC_Helper::linkToRemote('webdav'));
  43. exit();
  44. }
  45. elseif(!OC_User::isLoggedIn() && substr(OC::$REQUESTEDFILE,-3) == 'css'){
  46. OC_App::loadApps();
  47. OC::loadfile();
  48. }
  49. // Someone is logged in :
  50. elseif(OC_User::isLoggedIn()) {
  51. OC_App::loadApps();
  52. if(isset($_GET["logout"]) and ($_GET["logout"])) {
  53. OC_User::logout();
  54. header("Location: ".OC::$WEBROOT.'/');
  55. exit();
  56. }else{
  57. if(is_null(OC::$REQUESTEDFILE)){
  58. OC::loadapp();
  59. }else{
  60. OC::loadfile();
  61. }
  62. }
  63. // For all others cases, we display the guest page :
  64. } else {
  65. OC_App::loadApps();
  66. $error = false;
  67. // remember was checked after last login
  68. if(isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) {
  69. if(defined("DEBUG") && DEBUG) {
  70. OC_Log::write('core','Trying to login from cookie',OC_Log::DEBUG);
  71. }
  72. // confirm credentials in cookie
  73. if(isset($_COOKIE['oc_token']) && OC_User::userExists($_COOKIE['oc_username']) &&
  74. OC_Preferences::getValue($_COOKIE['oc_username'], "login", "token") == $_COOKIE['oc_token']) {
  75. OC_User::setUserId($_COOKIE['oc_username']);
  76. OC_Util::redirectToDefaultPage();
  77. }
  78. else {
  79. OC_User::unsetMagicInCookie();
  80. }
  81. // Someone wants to log in :
  82. } elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) {
  83. if(OC_User::login($_POST["user"], $_POST["password"])) {
  84. if(!empty($_POST["remember_login"])){
  85. if(defined("DEBUG") && DEBUG) {
  86. OC_Log::write('core','Setting remember login to cookie',OC_Log::DEBUG);
  87. }
  88. $token = md5($_POST["user"].time().$_POST['password']);
  89. OC_Preferences::setValue($_POST['user'], 'login', 'token', $token);
  90. OC_User::setMagicInCookie($_POST["user"], $token);
  91. }
  92. else {
  93. OC_User::unsetMagicInCookie();
  94. }
  95. OC_Util::redirectToDefaultPage();
  96. } else {
  97. $error = true;
  98. }
  99. // The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
  100. } elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){
  101. if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) {
  102. //OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);
  103. OC_User::unsetMagicInCookie();
  104. OC_Util::redirectToDefaultPage();
  105. }else{
  106. $error = true;
  107. }
  108. }
  109. if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
  110. $sectoken=rand(1000000,9999999);
  111. $_SESSION['sectoken']=$sectoken;
  112. $redirect_url = (isset($_REQUEST['redirect_url'])) ? $_REQUEST['redirect_url'] : $_SERVER['REQUEST_URI'];
  113. OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
  114. }
  115. }