9 files changed, 550 insertions, 0 deletions

diff --git a/application/libraries/Ddownload/Ddownload.php b/application/libraries/Ddownload/Ddownload.php
new file mode 100644
index 000000000..808dfe776
--- /dev/null
+++ b/application/libraries/Ddownload/Ddownload.php
@@ -0,0 +1,34 @@
+<?php
+/*
+ * Copyright 2013 Pierre Schmitz <pierre@archlinux.de>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+abstract class Ddownload_Driver extends CI_Driver {
+
+	abstract public function serveFile($file, $filename, $type);
+}
+
+class Ddownload extends CI_Driver_Library {
+
+	protected $_adapter = null;
+
+	protected $valid_drivers = array(
+		'ddownload_php', 'ddownload_nginx', 'ddownload_lighttpd'
+	);
+
+	function __construct()
+	{
+		$CI =& get_instance();
+
+		$this->_adapter = $CI->config->item('download_driver');
+	}
+
+	public function serveFile($file, $filename, $type)
+	{
+		$this->{$this->_adapter}->serveFile($file, $filename, $type);
+	}
+}
diff --git a/application/libraries/Ddownload/drivers/Ddownload_lighttpd.php b/application/libraries/Ddownload/drivers/Ddownload_lighttpd.php
new file mode 100644
index 000000000..780f60838
--- /dev/null
+++ b/application/libraries/Ddownload/drivers/Ddownload_lighttpd.php
@@ -0,0 +1,26 @@
+<?php
+/*
+ * Copyright 2013 Pierre Schmitz <pierre@archlinux.de>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+class Ddownload_lighttpd extends Ddownload_Driver {
+
+	public function serveFile($file, $filename, $type)
+	{
+		$CI =& get_instance();
+		$upload_path = $CI->config->item('upload_path');
+
+		if (strpos($file, $upload_path) !== 0) {
+			show_error('Invalid file path');
+		}
+
+		header('Content-disposition: inline; filename="'.$filename."\"\n");
+		header('Content-Type: '.$type."\n");
+		header('X-Sendfile: '.$file."\n");
+	}
+
+}
diff --git a/application/libraries/Ddownload/drivers/Ddownload_nginx.php b/application/libraries/Ddownload/drivers/Ddownload_nginx.php
new file mode 100644
index 000000000..2410df4d4
--- /dev/null
+++ b/application/libraries/Ddownload/drivers/Ddownload_nginx.php
@@ -0,0 +1,29 @@
+<?php
+/*
+ * Copyright 2013 Pierre Schmitz <pierre@archlinux.de>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+class Ddownload_nginx extends Ddownload_Driver {
+
+	public function serveFile($file, $filename, $type)
+	{
+		$CI =& get_instance();
+		$upload_path = $CI->config->item('upload_path');
+		$download_location = $CI->config->item('download_nginx_location');
+
+		if (strpos($file, $upload_path) === 0) {
+			$file_path = substr($file, strlen($upload_path));
+		} else {
+			show_error('Invalid file path');
+		}
+
+		header('Content-disposition: inline; filename="'.$filename."\"\n");
+		header('Content-Type: '.$type."\n");
+		header('X-Accel-Redirect: '.$download_location.$file_path."\n");
+	}
+
+}
diff --git a/application/libraries/Ddownload/drivers/Ddownload_php.php b/application/libraries/Ddownload/drivers/Ddownload_php.php
new file mode 100644
index 000000000..344db53f0
--- /dev/null
+++ b/application/libraries/Ddownload/drivers/Ddownload_php.php
@@ -0,0 +1,111 @@
+<?php
+/*
+ * Copyright 2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+class Ddownload_php extends Ddownload_Driver {
+
+	// Original source: http://www.phpfreaks.com/forums/index.php?topic=198274.msg895468#msg895468
+	public function serveFile($file, $filename, $type)
+	{
+		$fp = @fopen($file, 'r');
+
+		$size	= filesize($file); // File size
+		$length = $size;	   // Content length
+		$start	= 0;		   // Start byte
+		$end	= $size - 1;	   // End byte
+		// Now that we've gotten so far without errors we send the accept range header
+		/* At the moment we only support single ranges.
+		* Multiple ranges requires some more work to ensure it works correctly
+		* and comply with the spesifications: http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.2
+		*
+		* Multirange support annouces itself with:
+		* header('Accept-Ranges: bytes');
+		*
+		* Multirange content must be sent with multipart/byteranges mediatype,
+		* (mediatype = mimetype)
+		* as well as a boundry header to indicate the various chunks of data.
+		*/
+		header("Accept-Ranges: 0-$length");
+		// header('Accept-Ranges: bytes');
+		// multipart/byteranges
+		// http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.2
+		if (isset($_SERVER['HTTP_RANGE']))
+		{
+			$c_start = $start;
+			$c_end	 = $end;
+			// Extract the range string
+			list(, $range) = explode('=', $_SERVER['HTTP_RANGE'], 2);
+			// Make sure the client hasn't sent us a multibyte range
+			if (strpos($range, ',') !== false)
+			{
+				// (?) Shoud this be issued here, or should the first
+				// range be used? Or should the header be ignored and
+				// we output the whole content?
+				header('HTTP/1.1 416 Requested Range Not Satisfiable');
+				header("Content-Range: bytes $start-$end/$size");
+				// (?) Echo some info to the client?
+				exit;
+			}
+			// If the range starts with an '-' we start from the beginning
+			// If not, we forward the file pointer
+			// And make sure to get the end byte if spesified
+			if ($range{0} == '-')
+			{
+				// The n-number of the last bytes is requested
+				$c_start = $size - substr($range, 1);
+			}
+			else
+			{
+				$range	= explode('-', $range);
+				$c_start = $range[0];
+				$c_end	 = (isset($range[1]) && is_numeric($range[1])) ? $range[1] : $size;
+			}
+			/* Check the range and make sure it's treated according to the specs.
+			* http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
+			*/
+			// End bytes can not be larger than $end.
+			$c_end = ($c_end > $end) ? $end : $c_end;
+			// Validate the requested range and return an error if it's not correct.
+			if ($c_start > $c_end || $c_start > $size - 1 || $c_end >= $size)
+			{
+				header('HTTP/1.1 416 Requested Range Not Satisfiable');
+				header("Content-Range: bytes $start-$end/$size");
+				// (?) Echo some info to the client?
+				exit;
+			}
+			$start	= $c_start;
+			$end	= $c_end;
+			$length = $end - $start + 1; // Calculate new content length
+			fseek($fp, $start);
+			header('HTTP/1.1 206 Partial Content');
+			// Notify the client the byte range we'll be outputting
+			header("Content-Range: bytes $start-$end/$size");
+		}
+		header("Content-Length: $length");
+		header("Content-disposition: inline; filename=\"".$filename."\"\n");
+		header("Content-Type: ".$type."\n");
+
+		// Start buffered download
+		$buffer = 1024 * 8;
+		while(!feof($fp) && ($p = ftell($fp)) <= $end)
+		{
+			if ($p + $buffer > $end)
+			{
+				// In case we're only outputtin a chunk, make sure we don't
+				// read past the length
+				$buffer = $end - $p + 1;
+			}
+			set_time_limit(0); // Reset time limit for big files
+			echo fread($fp, $buffer);
+			flush(); // Free up memory. Otherwise large files will trigger PHP's memory limit.
+		}
+
+		fclose($fp);
+	}
+
+}
diff --git a/application/libraries/Duser/Duser.php b/application/libraries/Duser/Duser.php
new file mode 100644
index 000000000..07a16190c
--- /dev/null
+++ b/application/libraries/Duser/Duser.php
@@ -0,0 +1,112 @@
+<?php
+/*
+ * Copyright 2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+abstract class Duser_Driver extends CI_Driver {
+
+	// List of optional functions that are implemented
+	//
+	// Possible values are:
+	//  - can_register_new_users (only supported with the DB driver!)
+	//  - can_reset_password (only supported with the DB driver!)
+	public $optional_functions = array();
+
+	/*
+	 * The returned array should contain the following keys:
+	 *  - username string
+	 *  - userid INT > 0
+	 *
+	 * @param username
+	 * @param password
+	 * @return mixed array on success, false on failure
+	 */
+	abstract public function login($username, $password);
+
+	/*
+	 * @param username
+	 * @return boolean true is username exists, false otherwise
+	 */
+	public function username_exists($username) {
+		return null;
+	}
+
+	/*
+	 * @param userid
+	 * @return string email address of the user
+	 */
+	public function get_email($userid) {
+		return null;
+	}
+}
+
+class Duser extends CI_Driver_Library {
+
+	protected $_adapter = null;
+
+	protected $valid_drivers = array(
+		'duser_db', 'duser_ldap', 'duser_fluxbb'
+	);
+
+	function __construct()
+	{
+		$CI =& get_instance();
+
+		$this->_adapter = $CI->config->item("authentication_driver");
+	}
+
+	// require an optional function to be implemented
+	public function require_implemented($function) {
+		if (!$this->is_implemented($function)) {
+			show_error(""
+				."Optional function '".$function."' not implemented in user adapter '".$this->_adapter."'. "
+				."Requested functionally unavailable.");
+		}
+	}
+
+	// check if an optional function is implemented
+	public function is_implemented($function) {
+		if (in_array($function, $this->{$this->_adapter}->optional_functions)) {
+			return true;
+		}
+
+		return false;
+	}
+
+	public function login($username, $password)
+	{
+		$login_info = $this->{$this->_adapter}->login($username, $password);
+		if ($login_info === false) {
+			return false;
+		}
+
+		$CI =& get_instance();
+
+		$CI->session->set_userdata(array(
+			'logged_in' => true,
+			'username' => $login_info["username"],
+			'userid' => $login_info["userid"],
+			'access_level' => 'full',
+		));
+
+		return true;
+	}
+
+	public function username_exists($username)
+	{
+		if ($username === false) {
+			return false;
+		}
+
+		return $this->{$this->_adapter}->username_exists($username);
+	}
+
+	public function get_email($userid)
+	{
+		return $this->{$this->_adapter}->get_email($userid);
+	}
+}
diff --git a/application/libraries/Duser/drivers/Duser_db.php b/application/libraries/Duser/drivers/Duser_db.php
new file mode 100644
index 000000000..a58b5a298
--- /dev/null
+++ b/application/libraries/Duser/drivers/Duser_db.php
@@ -0,0 +1,79 @@
+<?php
+/*
+ * Copyright 2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+class Duser_db extends Duser_Driver {
+
+	/* FIXME: If you use this driver as a template, remove can_reset_password
+	 * and can_register_new_users. These features require the DB driver and
+	 * will NOT work with other drivers.
+	 */
+	public $optional_functions = array(
+		'can_reset_password',
+		'can_register_new_users',
+	);
+
+	public function login($username, $password)
+	{
+		$CI =& get_instance();
+
+		$query = $CI->db->query('
+			SELECT username, id, password
+			FROM `users`
+			WHERE `username` = ?
+			', array($username))->row_array();
+
+		if (empty($query)) {
+			return false;
+		}
+
+		if (crypt($password, $query["password"]) === $query["password"]) {
+			return array(
+				"username" => $username,
+				"userid" => $query["id"]
+			);
+		} else {
+			return false;
+		}
+	}
+
+	public function username_exists($username)
+	{
+		$CI =& get_instance();
+
+		$query = $CI->db->query("
+			SELECT id
+			FROM users
+			WHERE username = ?
+			", array($username));
+
+		if ($query->num_rows() > 0) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+
+	public function get_email($userid)
+	{
+		$CI =& get_instance();
+
+		$query = $CI->db->query("
+			SELECT email
+			FROM users
+			WHERE id = ?
+			", array($userid))->row_array();
+
+		if (empty($query)) {
+			show_error("Failed to get email address from db");
+		}
+
+		return $query["email"];
+	}
+
+}
diff --git a/application/libraries/Duser/drivers/Duser_fluxbb.php b/application/libraries/Duser/drivers/Duser_fluxbb.php
new file mode 100644
index 000000000..1790e830b
--- /dev/null
+++ b/application/libraries/Duser/drivers/Duser_fluxbb.php
@@ -0,0 +1,53 @@
+<?php
+/*
+ * Copyright 2013 Pierre Schmitz <pierre@archlinux.de>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+class Duser_fluxbb extends Duser_Driver {
+
+	private $CI = null;
+	private $config = array();
+
+	function __construct()
+	{
+		$this->CI =& get_instance();
+		$this->config = $this->CI->config->item('auth_fluxbb');
+	}
+
+	public function login($username, $password)
+	{
+		$query = $this->CI->db->query('
+			SELECT username, id
+			FROM '.$this->config['database'].'.users
+			WHERE username = ? AND password = ?
+			', array($username, sha1($password)))->row_array();
+
+		if (!empty($query)) {
+			return array(
+				'username' => $query['username'],
+				'userid' => $query['id']
+			);
+		} else {
+			return false;
+		}
+	}
+
+	public function username_exists($username)
+	{
+		$query = $this->CI->db->query('
+			SELECT id
+			FROM '.$this->config['database'].'.users
+			WHERE username = ?
+			', array($username));
+
+		if ($query->num_rows() > 0) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+}
diff --git a/application/libraries/Duser/drivers/Duser_ldap.php b/application/libraries/Duser/drivers/Duser_ldap.php
new file mode 100644
index 000000000..1f1581620
--- /dev/null
+++ b/application/libraries/Duser/drivers/Duser_ldap.php
@@ -0,0 +1,68 @@
+<?php
+/*
+ * Copyright 2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ * Contributions by Hannes Rist
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+class Duser_ldap extends Duser_Driver {
+	// none supported
+	public $optional_functions = array();
+
+	// Original source: http://code.activestate.com/recipes/101525-ldap-authentication/
+	public function login($username, $password) {
+		$CI =& get_instance();
+
+		$config = $CI->config->item("auth_ldap");
+
+		if ($username == "" || $password == "") {
+			return false;
+		}
+
+		$ds = ldap_connect($config['host'],$config['port']);
+		if ($ds === false) {
+			return false;
+		}
+
+		switch ($config["scope"]) {
+			case "base":
+				$r = ldap_read($ds, $config['basedn'], $config["username_field"].'='.$username);
+				break;
+			case "one":
+				$r = ldap_list($ds, $config['basedn'], $config["username_field"].'='.$username);
+				break;
+			case "subtree":
+				$r = ldap_search($ds, $config['basedn'], $config["username_field"].'='.$username);
+				break;
+			default:
+				show_error("Invalid LDAP scope");
+		}
+		if ($r === false) {
+			return false;
+		}
+
+		foreach ($config["options"] as $key => $value) {
+			if (ldap_set_option($ds, $key, $value) === false) {
+				return false;
+			}
+		}
+
+		$result = ldap_get_entries($ds, $r);
+		if ($result === false || !isset($result[0])) {
+			return false;
+		}
+
+		// ignore errors from ldap_bind as it will throw an error if the password is incorrect
+		if (@ldap_bind($ds, $result[0]['dn'], $password)) {
+			ldap_unbind($ds);
+			return array(
+				"username" => $result[0][$config["username_field"]][0],
+				"userid" => $result[0][$config["userid_field"]][0]
+			);
+		}
+
+		return false;
+	}
+}
diff --git a/application/libraries/MY_Session.php b/application/libraries/MY_Session.php
new file mode 100644
index 000000000..0443bca31
--- /dev/null
+++ b/application/libraries/MY_Session.php
@@ -0,0 +1,38 @@
+<?php
+/*
+ * Copyright 2013 Florian "Bluewind" Pritz <bluewind@server-speed.net>
+ *
+ * Licensed under AGPLv3
+ * (see COPYING for full license text)
+ *
+ */
+
+class MY_Session extends CI_Session {
+	private $memory_only = false;
+
+	public function __construct() {
+		$CI =& get_instance();
+		$CI->load->helper("filebin");
+
+		/* Clients using API keys do not need a persistent session since API keys
+		 * should be sent with each request. This reduces database queries and
+		 * prevents us from sending useless cookies.
+		 */
+		if (!stateful_client()) {
+			$this->memory_only = true;
+			$CI->config->set_item("sess_use_database", false);
+		}
+
+		parent::__construct();
+	}
+
+	public function _set_cookie($cookie_data = NULL)
+	{
+		if ($this->memory_only) {
+			return;
+		}
+
+		parent::_set_cookie($cookie_data);
+
+	}
+}