Exemple #1
0
 private static function setupOCIDatabase($dbhost, $dbuser, $dbpass, $dbname, $dbtableprefix, $dbtablespace, $username)
 {
     $e_host = addslashes($dbhost);
     $e_dbname = addslashes($dbname);
     //check if the database user has admin right
     if ($e_host == '') {
         $easy_connect_string = $e_dbname;
         // use dbname as easy connect name
     } else {
         $easy_connect_string = '//' . $e_host . '/' . $e_dbname;
     }
     $connection = @oci_connect($dbuser, $dbpass, $easy_connect_string);
     if (!$connection) {
         $e = oci_error();
         throw new Exception('Oracle username and/or password not valid');
     }
     //check for roles creation rights in oracle
     $query = "SELECT count(*) FROM user_role_privs, role_sys_privs WHERE user_role_privs.granted_role = role_sys_privs.role AND privilege = 'CREATE ROLE'";
     $stmt = oci_parse($connection, $query);
     if (!$stmt) {
         $entry = 'DB Error: "' . oci_last_error($connection) . '"<br />';
         $entry .= 'Offending command was: ' . $query . '<br />';
         echo $entry;
     }
     $result = oci_execute($stmt);
     if ($result) {
         $row = oci_fetch_row($stmt);
     }
     if ($result and $row[0] > 0) {
         //use the admin login data for the new database user
         //add prefix to the oracle user name to prevent collisions
         $dbusername = '******' . $username;
         //create a new password so we don't need to store the admin config in the config file
         $dbpassword = md5(time() . $dbpass);
         //oracle passwords are treated as identifiers:
         //  must start with aphanumeric char
         //  needs to be shortened to 30 bytes, as the two " needed to escape the identifier count towards the identifier length.
         $dbpassword = substr($dbpassword, 0, 30);
         self::oci_createDBUser($dbusername, $dbpassword, $dbtablespace, $connection);
         OC_Config::setValue('dbuser', $dbusername);
         OC_Config::setValue('dbname', $dbusername);
         OC_Config::setValue('dbpassword', $dbpassword);
         //create the database not neccessary, oracle implies user = schema
         //self::oci_createDatabase($dbname, $dbusername, $connection);
     } else {
         OC_Config::setValue('dbuser', $dbuser);
         OC_Config::setValue('dbname', $dbname);
         OC_Config::setValue('dbpassword', $dbpass);
         //create the database not neccessary, oracle implies user = schema
         //self::oci_createDatabase($dbname, $dbuser, $connection);
     }
     //FIXME check tablespace exists: select * from user_tablespaces
     // the connection to dbname=oracle is not needed anymore
     oci_close($connection);
     // connect to the oracle database (schema=$dbuser) an check if the schema needs to be filled
     $dbuser = OC_Config::getValue('dbuser');
     //$dbname = OC_Config::getValue('dbname');
     $dbpass = OC_Config::getValue('dbpassword');
     $e_host = addslashes($dbhost);
     $e_dbname = addslashes($dbname);
     if ($e_host == '') {
         $easy_connect_string = $e_dbname;
         // use dbname as easy connect name
     } else {
         $easy_connect_string = '//' . $e_host . '/' . $e_dbname;
     }
     $connection = @oci_connect($dbuser, $dbpass, $easy_connect_string);
     if (!$connection) {
         throw new Exception('Oracle username and/or password not valid');
     }
     $query = "SELECT count(*) FROM user_tables WHERE table_name = :un";
     $stmt = oci_parse($connection, $query);
     $un = $dbtableprefix . 'users';
     oci_bind_by_name($stmt, ':un', $un);
     if (!$stmt) {
         $entry = 'DB Error: "' . oci_last_error($connection) . '"<br />';
         $entry .= 'Offending command was: ' . $query . '<br />';
         echo $entry;
     }
     $result = oci_execute($stmt);
     if ($result) {
         $row = oci_fetch_row($stmt);
     }
     if (!$result or $row[0] == 0) {
         OC_DB::createDbFromStructure('db_structure.xml');
     }
 }
Exemple #2
0
 public static function install($options)
 {
     $error = array();
     $dbtype = $options['dbtype'];
     if (empty($options['adminlogin'])) {
         $error[] = 'Set an admin username.';
     }
     if (empty($options['adminpass'])) {
         $error[] = 'Set an admin password.';
     }
     if (empty($options['directory'])) {
         $error[] = 'Specify a data folder.';
     }
     if ($dbtype == 'mysql' or $dbtype == 'pgsql' or $dbtype == 'oci') {
         //mysql and postgresql needs more config options
         if ($dbtype == 'mysql') {
             $dbprettyname = 'MySQL';
         } else {
             if ($dbtype == 'pgsql') {
                 $dbprettyname = 'PostgreSQL';
             } else {
                 $dbprettyname = 'Oracle';
             }
         }
         if (empty($options['dbuser'])) {
             $error[] = "{$dbprettyname} enter the database username.";
         }
         if (empty($options['dbname'])) {
             $error[] = "{$dbprettyname} enter the database name.";
         }
         if ($dbtype != 'oci' && empty($options['dbhost'])) {
             $error[] = "{$dbprettyname} set the database host.";
         }
     }
     if (count($error) == 0) {
         //no errors, good
         $username = htmlspecialchars_decode($options['adminlogin']);
         $password = htmlspecialchars_decode($options['adminpass']);
         $datadir = htmlspecialchars_decode($options['directory']);
         //use sqlite3 when available, otherise sqlite2 will be used.
         if ($dbtype == 'sqlite' and class_exists('SQLite3')) {
             $dbtype = 'sqlite3';
         }
         //generate a random salt that is used to salt the local user passwords
         $salt = OC_Util::generate_random_bytes(30);
         OC_Config::setValue('passwordsalt', $salt);
         //write the config file
         OC_Config::setValue('datadirectory', $datadir);
         OC_Config::setValue('dbtype', $dbtype);
         OC_Config::setValue('version', implode('.', OC_Util::getVersion()));
         if ($dbtype == 'mysql') {
             $dbuser = $options['dbuser'];
             $dbpass = $options['dbpass'];
             $dbname = $options['dbname'];
             $dbhost = $options['dbhost'];
             $dbtableprefix = isset($options['dbtableprefix']) ? $options['dbtableprefix'] : 'oc_';
             OC_Config::setValue('dbname', $dbname);
             OC_Config::setValue('dbhost', $dbhost);
             OC_Config::setValue('dbtableprefix', $dbtableprefix);
             //check if the database user has admin right
             $connection = @mysql_connect($dbhost, $dbuser, $dbpass);
             if (!$connection) {
                 $error[] = array('error' => 'MySQL username and/or password not valid', 'hint' => 'You need to enter either an existing account or the administrator.');
                 return $error;
             } else {
                 $oldUser = OC_Config::getValue('dbuser', false);
                 $query = "SELECT user FROM mysql.user WHERE user='******'";
                 //this should be enough to check for admin rights in mysql
                 if (mysql_query($query, $connection)) {
                     //use the admin login data for the new database user
                     //add prefix to the mysql user name to prevent collisions
                     $dbusername = substr('oc_' . $username, 0, 16);
                     if ($dbusername != $oldUser) {
                         //hash the password so we don't need to store the admin config in the config file
                         $dbpassword = md5(time() . $password);
                         self::createDBUser($dbusername, $dbpassword, $connection);
                         OC_Config::setValue('dbuser', $dbusername);
                         OC_Config::setValue('dbpassword', $dbpassword);
                     }
                     //create the database
                     self::createDatabase($dbname, $dbusername, $connection);
                 } else {
                     if ($dbuser != $oldUser) {
                         OC_Config::setValue('dbuser', $dbuser);
                         OC_Config::setValue('dbpassword', $dbpass);
                     }
                     //create the database
                     self::createDatabase($dbname, $dbuser, $connection);
                 }
                 //fill the database if needed
                 $query = "select count(*) from information_schema.tables where table_schema='{$dbname}' AND table_name = '{$dbtableprefix}users';";
                 $result = mysql_query($query, $connection);
                 if ($result) {
                     $row = mysql_fetch_row($result);
                 }
                 if (!$result or $row[0] == 0) {
                     OC_DB::createDbFromStructure('db_structure.xml');
                 }
                 mysql_close($connection);
             }
         } elseif ($dbtype == 'pgsql') {
             $dbuser = $options['dbuser'];
             $dbpass = $options['dbpass'];
             $dbname = $options['dbname'];
             $dbhost = $options['dbhost'];
             $dbtableprefix = isset($options['dbtableprefix']) ? $options['dbtableprefix'] : 'oc_';
             OC_CONFIG::setValue('dbname', $dbname);
             OC_CONFIG::setValue('dbhost', $dbhost);
             OC_CONFIG::setValue('dbtableprefix', $dbtableprefix);
             $e_host = addslashes($dbhost);
             $e_user = addslashes($dbuser);
             $e_password = addslashes($dbpass);
             //check if the database user has admin right
             $connection_string = "host='{$e_host}' dbname=postgres user='******' password='******'";
             $connection = @pg_connect($connection_string);
             if (!$connection) {
                 $error[] = array('error' => 'PostgreSQL username and/or password not valid', 'hint' => 'You need to enter either an existing account or the administrator.');
                 return $error;
             } else {
                 $e_user = pg_escape_string($dbuser);
                 //check for roles creation rights in postgresql
                 $query = "SELECT 1 FROM pg_roles WHERE rolcreaterole=TRUE AND rolname='{$e_user}'";
                 $result = pg_query($connection, $query);
                 if ($result and pg_num_rows($result) > 0) {
                     //use the admin login data for the new database user
                     //add prefix to the postgresql user name to prevent collisions
                     $dbusername = '******' . $username;
                     //create a new password so we don't need to store the admin config in the config file
                     $dbpassword = md5(time());
                     self::pg_createDBUser($dbusername, $dbpassword, $connection);
                     OC_CONFIG::setValue('dbuser', $dbusername);
                     OC_CONFIG::setValue('dbpassword', $dbpassword);
                     //create the database
                     self::pg_createDatabase($dbname, $dbusername, $connection);
                 } else {
                     OC_CONFIG::setValue('dbuser', $dbuser);
                     OC_CONFIG::setValue('dbpassword', $dbpass);
                     //create the database
                     self::pg_createDatabase($dbname, $dbuser, $connection);
                 }
                 // the connection to dbname=postgres is not needed anymore
                 pg_close($connection);
                 // connect to the ownCloud database (dbname=$dbname) an check if it needs to be filled
                 $dbuser = OC_CONFIG::getValue('dbuser');
                 $dbpass = OC_CONFIG::getValue('dbpassword');
                 $e_host = addslashes($dbhost);
                 $e_dbname = addslashes($dbname);
                 $e_user = addslashes($dbuser);
                 $e_password = addslashes($dbpass);
                 $connection_string = "host='{$e_host}' dbname='{$e_dbname}' user='******' password='******'";
                 $connection = @pg_connect($connection_string);
                 if (!$connection) {
                     $error[] = array('error' => 'PostgreSQL username and/or password not valid', 'hint' => 'You need to enter either an existing account or the administrator.');
                 } else {
                     $query = "select count(*) FROM pg_class WHERE relname='{$dbtableprefix}users' limit 1";
                     $result = pg_query($connection, $query);
                     if ($result) {
                         $row = pg_fetch_row($result);
                     }
                     if (!$result or $row[0] == 0) {
                         OC_DB::createDbFromStructure('db_structure.xml');
                     }
                 }
             }
         } elseif ($dbtype == 'oci') {
             $dbuser = $options['dbuser'];
             $dbpass = $options['dbpass'];
             $dbname = $options['dbname'];
             $dbtablespace = $options['dbtablespace'];
             $dbhost = isset($options['dbhost']) ? $options['dbhost'] : '';
             $dbtableprefix = isset($options['dbtableprefix']) ? $options['dbtableprefix'] : 'oc_';
             OC_CONFIG::setValue('dbname', $dbname);
             OC_CONFIG::setValue('dbtablespace', $dbtablespace);
             OC_CONFIG::setValue('dbhost', $dbhost);
             OC_CONFIG::setValue('dbtableprefix', $dbtableprefix);
             $e_host = addslashes($dbhost);
             $e_dbname = addslashes($dbname);
             //check if the database user has admin right
             if ($e_host == '') {
                 $easy_connect_string = $e_dbname;
                 // use dbname as easy connect name
             } else {
                 $easy_connect_string = '//' . $e_host . '/' . $e_dbname;
             }
             $connection = @oci_connect($dbuser, $dbpass, $easy_connect_string);
             if (!$connection) {
                 $e = oci_error();
                 $error[] = array('error' => 'Oracle username and/or password not valid', 'hint' => 'You need to enter either an existing account or the administrator.');
                 return $error;
             } else {
                 //check for roles creation rights in oracle
                 $query = "SELECT count(*) FROM user_role_privs, role_sys_privs WHERE user_role_privs.granted_role = role_sys_privs.role AND privilege = 'CREATE ROLE'";
                 $stmt = oci_parse($connection, $query);
                 if (!$stmt) {
                     $entry = 'DB Error: "' . oci_last_error($connection) . '"<br />';
                     $entry .= 'Offending command was: ' . $query . '<br />';
                     echo $entry;
                 }
                 $result = oci_execute($stmt);
                 if ($result) {
                     $row = oci_fetch_row($stmt);
                 }
                 if ($result and $row[0] > 0) {
                     //use the admin login data for the new database user
                     //add prefix to the oracle user name to prevent collisions
                     $dbusername = '******' . $username;
                     //create a new password so we don't need to store the admin config in the config file
                     $dbpassword = md5(time() . $dbpass);
                     //oracle passwords are treated as identifiers:
                     //  must start with aphanumeric char
                     //  needs to be shortened to 30 bytes, as the two " needed to escape the identifier count towards the identifier length.
                     $dbpassword = substr($dbpassword, 0, 30);
                     self::oci_createDBUser($dbusername, $dbpassword, $dbtablespace, $connection);
                     OC_CONFIG::setValue('dbuser', $dbusername);
                     OC_CONFIG::setValue('dbname', $dbusername);
                     OC_CONFIG::setValue('dbpassword', $dbpassword);
                     //create the database not neccessary, oracle implies user = schema
                     //self::oci_createDatabase($dbname, $dbusername, $connection);
                 } else {
                     OC_CONFIG::setValue('dbuser', $dbuser);
                     OC_CONFIG::setValue('dbname', $dbname);
                     OC_CONFIG::setValue('dbpassword', $dbpass);
                     //create the database not neccessary, oracle implies user = schema
                     //self::oci_createDatabase($dbname, $dbuser, $connection);
                 }
                 //FIXME check tablespace exists: select * from user_tablespaces
                 // the connection to dbname=oracle is not needed anymore
                 oci_close($connection);
                 // connect to the oracle database (schema=$dbuser) an check if the schema needs to be filled
                 $dbuser = OC_CONFIG::getValue('dbuser');
                 //$dbname = OC_CONFIG::getValue('dbname');
                 $dbpass = OC_CONFIG::getValue('dbpassword');
                 $e_host = addslashes($dbhost);
                 $e_dbname = addslashes($dbname);
                 if ($e_host == '') {
                     $easy_connect_string = $e_dbname;
                     // use dbname as easy connect name
                 } else {
                     $easy_connect_string = '//' . $e_host . '/' . $e_dbname;
                 }
                 $connection = @oci_connect($dbuser, $dbpass, $easy_connect_string);
                 if (!$connection) {
                     $error[] = array('error' => 'Oracle username and/or password not valid', 'hint' => 'You need to enter either an existing account or the administrator.');
                     return $error;
                 } else {
                     $query = "SELECT count(*) FROM user_tables WHERE table_name = :un";
                     $stmt = oci_parse($connection, $query);
                     $un = $dbtableprefix . 'users';
                     oci_bind_by_name($stmt, ':un', $un);
                     if (!$stmt) {
                         $entry = 'DB Error: "' . oci_last_error($connection) . '"<br />';
                         $entry .= 'Offending command was: ' . $query . '<br />';
                         echo $entry;
                     }
                     $result = oci_execute($stmt);
                     if ($result) {
                         $row = oci_fetch_row($stmt);
                     }
                     if (!$result or $row[0] == 0) {
                         OC_DB::createDbFromStructure('db_structure.xml');
                     }
                 }
             }
         } else {
             //delete the old sqlite database first, might cause infinte loops otherwise
             if (file_exists("{$datadir}/owncloud.db")) {
                 unlink("{$datadir}/owncloud.db");
             }
             //in case of sqlite, we can always fill the database
             OC_DB::createDbFromStructure('db_structure.xml');
         }
         //create the user and group
         try {
             OC_User::createUser($username, $password);
         } catch (Exception $exception) {
             $error[] = $exception->getMessage();
         }
         if (count($error) == 0) {
             OC_Appconfig::setValue('core', 'installedat', microtime(true));
             OC_Appconfig::setValue('core', 'lastupdatedat', microtime(true));
             OC_Group::createGroup('admin');
             OC_Group::addToGroup($username, 'admin');
             OC_User::login($username, $password);
             //guess what this does
             OC_Installer::installShippedApps();
             //create htaccess files for apache hosts
             if (isset($_SERVER['SERVER_SOFTWARE']) && strstr($_SERVER['SERVER_SOFTWARE'], 'Apache')) {
                 self::createHtaccess();
             }
             //and we are done
             OC_Config::setValue('installed', true);
         }
     }
     return $error;
 }