From 32cd82fc017195480a0d73acc19c7c64962153da Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Sun, 15 Sep 2013 23:17:46 +0200 Subject: Add default get_email to Duser_Driver This fixes a possible endless loop when the function is not implemented in the driver, but the array says it is. It also allows us to simply call it without checking if it's implemented. Signed-off-by: Florian Pritz --- application/libraries/Duser/Duser.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'application/libraries') diff --git a/application/libraries/Duser/Duser.php b/application/libraries/Duser/Duser.php index 96d61e3cc..ecb0cd9c7 100644 --- a/application/libraries/Duser/Duser.php +++ b/application/libraries/Duser/Duser.php @@ -31,6 +31,10 @@ abstract class Duser_Driver extends CI_Driver { public function username_exists($username) { return false; } + + public function get_email($userid) { + return null; + } } class Duser extends CI_Driver_Library { @@ -98,8 +102,6 @@ class Duser extends CI_Driver_Library { public function get_email($userid) { - $this->require_implemented(__FUNCTION__); - return $this->{$this->_adapter}->get_email($userid); } } -- cgit v1.2.3-24-g4f1b From a301dbf1cbe6d001e3488c458fd0868ff0608888 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Mon, 16 Sep 2013 16:26:35 +0200 Subject: Duser_Driver/username_exists: return null if not implemented false means we know it doesn't exist, null means we don't know. Signed-off-by: Florian Pritz --- application/libraries/Duser/Duser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'application/libraries') diff --git a/application/libraries/Duser/Duser.php b/application/libraries/Duser/Duser.php index ecb0cd9c7..42d6b1d62 100644 --- a/application/libraries/Duser/Duser.php +++ b/application/libraries/Duser/Duser.php @@ -29,7 +29,7 @@ abstract class Duser_Driver extends CI_Driver { abstract public function login($username, $password); public function username_exists($username) { - return false; + return null; } public function get_email($userid) { -- cgit v1.2.3-24-g4f1b From 2172c2049fc8b8eca5dbed7b659a089e20d1fadd Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Mon, 16 Sep 2013 16:43:13 +0200 Subject: Duser: Add some comments Signed-off-by: Florian Pritz --- application/libraries/Duser/Duser.php | 10 ++++++++++ application/libraries/Duser/drivers/Duser_db.php | 4 ++++ 2 files changed, 14 insertions(+) (limited to 'application/libraries') diff --git a/application/libraries/Duser/Duser.php b/application/libraries/Duser/Duser.php index 42d6b1d62..b615528f7 100644 --- a/application/libraries/Duser/Duser.php +++ b/application/libraries/Duser/Duser.php @@ -24,14 +24,24 @@ abstract class Duser_Driver extends CI_Driver { * - username string * - userid INT > 0 * + * @param username + * @param password * @return mixed array on success, false on failure */ abstract public function login($username, $password); + /* + * @param username + * @return boolean true is username exists, false otherwise + */ public function username_exists($username) { return null; } + /* + * @param userid + * @return string email address of the user + */ public function get_email($userid) { return null; } diff --git a/application/libraries/Duser/drivers/Duser_db.php b/application/libraries/Duser/drivers/Duser_db.php index 1258ec585..5252ec48e 100644 --- a/application/libraries/Duser/drivers/Duser_db.php +++ b/application/libraries/Duser/drivers/Duser_db.php @@ -9,6 +9,10 @@ class Duser_db extends Duser_Driver { + /* FIXME: If you use this driver as a template, remove can_reset_password + * and can_register_new_users. These features require the DB driver and + * will NOT work with other drivers. + */ public $optional_functions = array( 'username_exists', 'can_reset_password', -- cgit v1.2.3-24-g4f1b From bb9f9274e8c2d661a1adffd87c87c3d81ec47b4d Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Mon, 16 Sep 2013 16:49:58 +0200 Subject: Duser: Rework optional functions Not implemented functions return null and code using these no longer has to check if they are implemented, but it has to handle null properly. Signed-off-by: Florian Pritz --- application/libraries/Duser/Duser.php | 13 ++++--------- application/libraries/Duser/drivers/Duser_db.php | 2 -- 2 files changed, 4 insertions(+), 11 deletions(-) (limited to 'application/libraries') diff --git a/application/libraries/Duser/Duser.php b/application/libraries/Duser/Duser.php index b615528f7..38ee967c9 100644 --- a/application/libraries/Duser/Duser.php +++ b/application/libraries/Duser/Duser.php @@ -9,14 +9,11 @@ abstract class Duser_Driver extends CI_Driver { - // List of optional functions or function groups that are implemented + // List of optional functions that are implemented // - // Possible values are names of functions already implemented in this - // abstract class or the function groups listed below. - // - // Possible function groups are: - // - can_register_new_users - // - can_reset_password + // Possible values are: + // - can_register_new_users (only supported with the DB driver!) + // - can_reset_password (only supported with the DB driver!) public $optional_functions = array(); /* @@ -101,8 +98,6 @@ class Duser extends CI_Driver_Library { public function username_exists($username) { - $this->require_implemented(__FUNCTION__); - if ($username === false) { return false; } diff --git a/application/libraries/Duser/drivers/Duser_db.php b/application/libraries/Duser/drivers/Duser_db.php index 5252ec48e..0f4298258 100644 --- a/application/libraries/Duser/drivers/Duser_db.php +++ b/application/libraries/Duser/drivers/Duser_db.php @@ -14,10 +14,8 @@ class Duser_db extends Duser_Driver { * will NOT work with other drivers. */ public $optional_functions = array( - 'username_exists', 'can_reset_password', 'can_register_new_users', - 'get_email', ); public function login($username, $password) -- cgit v1.2.3-24-g4f1b From d1d83c9e97fc4542a0b8c19ddf27fef3a0beb46e Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Mon, 16 Sep 2013 21:22:52 +0200 Subject: Remove executable bits Signed-off-by: Florian Pritz --- application/libraries/index.html | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 application/libraries/index.html (limited to 'application/libraries') diff --git a/application/libraries/index.html b/application/libraries/index.html old mode 100755 new mode 100644 -- cgit v1.2.3-24-g4f1b From 2f374d188317a30ed51df9647ec1bdc0f36313de Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Sun, 22 Sep 2013 09:21:00 +0200 Subject: Add FluxBB authentication driver To enable set: $config['authentication_driver'] = 'fluxbb'; $config['auth_fluxbb'] = array('database' => 'fluxbb'); Signed-off-by: Pierre Schmitz Add example array to config.php Remove $optional_functions from Duser_fluxbb to follow bb9f9274e8c2d661a1adffd87c87c3d81ec47b4d. Signed-off-by: Florian Pritz --- application/libraries/Duser/Duser.php | 2 +- .../libraries/Duser/drivers/Duser_fluxbb.php | 53 ++++++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 application/libraries/Duser/drivers/Duser_fluxbb.php (limited to 'application/libraries') diff --git a/application/libraries/Duser/Duser.php b/application/libraries/Duser/Duser.php index 38ee967c9..07a16190c 100644 --- a/application/libraries/Duser/Duser.php +++ b/application/libraries/Duser/Duser.php @@ -49,7 +49,7 @@ class Duser extends CI_Driver_Library { protected $_adapter = null; protected $valid_drivers = array( - 'duser_db', 'duser_ldap' + 'duser_db', 'duser_ldap', 'duser_fluxbb' ); function __construct() diff --git a/application/libraries/Duser/drivers/Duser_fluxbb.php b/application/libraries/Duser/drivers/Duser_fluxbb.php new file mode 100644 index 000000000..b32e2ac8e --- /dev/null +++ b/application/libraries/Duser/drivers/Duser_fluxbb.php @@ -0,0 +1,53 @@ + + * + * Licensed under AGPLv3 + * (see COPYING for full license text) + * + */ + +class Duser_fluxbb extends Duser_Driver { + + private $CI = null; + private $config = array(); + + function __construct() + { + $this->CI =& get_instance(); + $this->config = $this->CI->config->item('auth_fluxbb'); + } + + public function login($username, $password) + { + $query = $this->CI->db->query(' + SELECT username, id + FROM '.$this->config['database'].'.users + WHERE username LIKE ? AND password = ? + ', array($username, sha1($password)))->row_array(); + + if (!empty($query)) { + return array( + 'username' => $query['username'], + 'userid' => $query['id'] + ); + } else { + return false; + } + } + + public function username_exists($username) + { + $query = $this->CI->db->query(' + SELECT id + FROM '.$this->config['database'].'.users + WHERE username LIKE ? + ', array($username)); + + if ($query->num_rows() > 0) { + return true; + } else { + return false; + } + } +} -- cgit v1.2.3-24-g4f1b From 6ec220c0c59868c86a40cc8373fdea32879f7cb5 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Sun, 22 Sep 2013 12:13:24 +0200 Subject: duser_fluxbb: Replace like with equals We don't use wildcards so we don't need like. Signed-off-by: Florian Pritz --- application/libraries/Duser/drivers/Duser_fluxbb.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'application/libraries') diff --git a/application/libraries/Duser/drivers/Duser_fluxbb.php b/application/libraries/Duser/drivers/Duser_fluxbb.php index b32e2ac8e..1790e830b 100644 --- a/application/libraries/Duser/drivers/Duser_fluxbb.php +++ b/application/libraries/Duser/drivers/Duser_fluxbb.php @@ -23,7 +23,7 @@ class Duser_fluxbb extends Duser_Driver { $query = $this->CI->db->query(' SELECT username, id FROM '.$this->config['database'].'.users - WHERE username LIKE ? AND password = ? + WHERE username = ? AND password = ? ', array($username, sha1($password)))->row_array(); if (!empty($query)) { @@ -41,7 +41,7 @@ class Duser_fluxbb extends Duser_Driver { $query = $this->CI->db->query(' SELECT id FROM '.$this->config['database'].'.users - WHERE username LIKE ? + WHERE username = ? ', array($username)); if ($query->num_rows() > 0) { -- cgit v1.2.3-24-g4f1b From 260da3941fafbe40877aa2ecb52169b460e0e644 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Sun, 22 Sep 2013 12:17:06 +0200 Subject: duser_db: Remove case sensitive username check Signed-off-by: Florian Pritz --- application/libraries/Duser/drivers/Duser_db.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'application/libraries') diff --git a/application/libraries/Duser/drivers/Duser_db.php b/application/libraries/Duser/drivers/Duser_db.php index 0f4298258..a58b5a298 100644 --- a/application/libraries/Duser/drivers/Duser_db.php +++ b/application/libraries/Duser/drivers/Duser_db.php @@ -28,11 +28,7 @@ class Duser_db extends Duser_Driver { WHERE `username` = ? ', array($username))->row_array(); - if (!isset($query["username"]) || $query["username"] !== $username) { - return false; - } - - if (!isset($query["password"])) { + if (empty($query)) { return false; } -- cgit v1.2.3-24-g4f1b From 635b0717931df907ee8015a42ad0ed1fcdf967c4 Mon Sep 17 00:00:00 2001 From: Pierre Schmitz Date: Mon, 23 Sep 2013 07:47:40 +0200 Subject: Implement rangeDownload() as driver and provide sendfile implementations for Nginx and Lighttpd * The rangeDownload() function has been moved to libraries/Ddownload/drivers/Ddownload_php.php * The nginx and lighttpd drivers can be set via $config['download_driver'] Signed-off-by: Pierre Schmitz --- application/libraries/Ddownload/Ddownload.php | 34 +++++++ .../Ddownload/drivers/Ddownload_lighttpd.php | 27 +++++ .../Ddownload/drivers/Ddownload_nginx.php | 30 ++++++ .../libraries/Ddownload/drivers/Ddownload_php.php | 111 +++++++++++++++++++++ 4 files changed, 202 insertions(+) create mode 100644 application/libraries/Ddownload/Ddownload.php create mode 100644 application/libraries/Ddownload/drivers/Ddownload_lighttpd.php create mode 100644 application/libraries/Ddownload/drivers/Ddownload_nginx.php create mode 100644 application/libraries/Ddownload/drivers/Ddownload_php.php (limited to 'application/libraries') diff --git a/application/libraries/Ddownload/Ddownload.php b/application/libraries/Ddownload/Ddownload.php new file mode 100644 index 000000000..808dfe776 --- /dev/null +++ b/application/libraries/Ddownload/Ddownload.php @@ -0,0 +1,34 @@ + + * + * Licensed under AGPLv3 + * (see COPYING for full license text) + * + */ + +abstract class Ddownload_Driver extends CI_Driver { + + abstract public function serveFile($file, $filename, $type); +} + +class Ddownload extends CI_Driver_Library { + + protected $_adapter = null; + + protected $valid_drivers = array( + 'ddownload_php', 'ddownload_nginx', 'ddownload_lighttpd' + ); + + function __construct() + { + $CI =& get_instance(); + + $this->_adapter = $CI->config->item('download_driver'); + } + + public function serveFile($file, $filename, $type) + { + $this->{$this->_adapter}->serveFile($file, $filename, $type); + } +} diff --git a/application/libraries/Ddownload/drivers/Ddownload_lighttpd.php b/application/libraries/Ddownload/drivers/Ddownload_lighttpd.php new file mode 100644 index 000000000..31db4d340 --- /dev/null +++ b/application/libraries/Ddownload/drivers/Ddownload_lighttpd.php @@ -0,0 +1,27 @@ + + * + * Licensed under AGPLv3 + * (see COPYING for full license text) + * + */ + +class Ddownload_lighttpd extends Ddownload_Driver { + + public function serveFile($file, $filename, $type) + { + $CI =& get_instance(); + $upload_path = $CI->config->item('upload_path'); + + if (strpos($file, $upload_path) !== 0) { + show_error('Invalid file path'); + return; + } + + header('Content-disposition: inline; filename="'.$filename."\"\n"); + header('Content-Type: '.$type."\n"); + header('X-Sendfile: '.$file."\n"); + } + +} diff --git a/application/libraries/Ddownload/drivers/Ddownload_nginx.php b/application/libraries/Ddownload/drivers/Ddownload_nginx.php new file mode 100644 index 000000000..5fb6ffa87 --- /dev/null +++ b/application/libraries/Ddownload/drivers/Ddownload_nginx.php @@ -0,0 +1,30 @@ + + * + * Licensed under AGPLv3 + * (see COPYING for full license text) + * + */ + +class Ddownload_nginx extends Ddownload_Driver { + + public function serveFile($file, $filename, $type) + { + $CI =& get_instance(); + $upload_path = $CI->config->item('upload_path'); + $download_location = $CI->config->item('download_nginx_location'); + + if (strpos($file, $upload_path) === 0) { + $file_path = substr($file, strlen($upload_path)); + } else { + show_error('Invalid file path'); + return; + } + + header('Content-disposition: inline; filename="'.$filename."\"\n"); + header('Content-Type: '.$type."\n"); + header('X-Accel-Redirect: '.$download_location.$file_path."\n"); + } + +} diff --git a/application/libraries/Ddownload/drivers/Ddownload_php.php b/application/libraries/Ddownload/drivers/Ddownload_php.php new file mode 100644 index 000000000..344db53f0 --- /dev/null +++ b/application/libraries/Ddownload/drivers/Ddownload_php.php @@ -0,0 +1,111 @@ + + * + * Licensed under AGPLv3 + * (see COPYING for full license text) + * + */ + +class Ddownload_php extends Ddownload_Driver { + + // Original source: http://www.phpfreaks.com/forums/index.php?topic=198274.msg895468#msg895468 + public function serveFile($file, $filename, $type) + { + $fp = @fopen($file, 'r'); + + $size = filesize($file); // File size + $length = $size; // Content length + $start = 0; // Start byte + $end = $size - 1; // End byte + // Now that we've gotten so far without errors we send the accept range header + /* At the moment we only support single ranges. + * Multiple ranges requires some more work to ensure it works correctly + * and comply with the spesifications: http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.2 + * + * Multirange support annouces itself with: + * header('Accept-Ranges: bytes'); + * + * Multirange content must be sent with multipart/byteranges mediatype, + * (mediatype = mimetype) + * as well as a boundry header to indicate the various chunks of data. + */ + header("Accept-Ranges: 0-$length"); + // header('Accept-Ranges: bytes'); + // multipart/byteranges + // http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.2 + if (isset($_SERVER['HTTP_RANGE'])) + { + $c_start = $start; + $c_end = $end; + // Extract the range string + list(, $range) = explode('=', $_SERVER['HTTP_RANGE'], 2); + // Make sure the client hasn't sent us a multibyte range + if (strpos($range, ',') !== false) + { + // (?) Shoud this be issued here, or should the first + // range be used? Or should the header be ignored and + // we output the whole content? + header('HTTP/1.1 416 Requested Range Not Satisfiable'); + header("Content-Range: bytes $start-$end/$size"); + // (?) Echo some info to the client? + exit; + } + // If the range starts with an '-' we start from the beginning + // If not, we forward the file pointer + // And make sure to get the end byte if spesified + if ($range{0} == '-') + { + // The n-number of the last bytes is requested + $c_start = $size - substr($range, 1); + } + else + { + $range = explode('-', $range); + $c_start = $range[0]; + $c_end = (isset($range[1]) && is_numeric($range[1])) ? $range[1] : $size; + } + /* Check the range and make sure it's treated according to the specs. + * http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html + */ + // End bytes can not be larger than $end. + $c_end = ($c_end > $end) ? $end : $c_end; + // Validate the requested range and return an error if it's not correct. + if ($c_start > $c_end || $c_start > $size - 1 || $c_end >= $size) + { + header('HTTP/1.1 416 Requested Range Not Satisfiable'); + header("Content-Range: bytes $start-$end/$size"); + // (?) Echo some info to the client? + exit; + } + $start = $c_start; + $end = $c_end; + $length = $end - $start + 1; // Calculate new content length + fseek($fp, $start); + header('HTTP/1.1 206 Partial Content'); + // Notify the client the byte range we'll be outputting + header("Content-Range: bytes $start-$end/$size"); + } + header("Content-Length: $length"); + header("Content-disposition: inline; filename=\"".$filename."\"\n"); + header("Content-Type: ".$type."\n"); + + // Start buffered download + $buffer = 1024 * 8; + while(!feof($fp) && ($p = ftell($fp)) <= $end) + { + if ($p + $buffer > $end) + { + // In case we're only outputtin a chunk, make sure we don't + // read past the length + $buffer = $end - $p + 1; + } + set_time_limit(0); // Reset time limit for big files + echo fread($fp, $buffer); + flush(); // Free up memory. Otherwise large files will trigger PHP's memory limit. + } + + fclose($fp); + } + +} -- cgit v1.2.3-24-g4f1b From d5cfd22f8dda4bacd6e0fe384344cf1fb9f2d66e Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Mon, 23 Sep 2013 18:20:34 +0200 Subject: Remove unneeded return statements after show_error show_error() already exits after displaying the message. Signed-off-by: Florian Pritz --- application/libraries/Ddownload/drivers/Ddownload_lighttpd.php | 1 - application/libraries/Ddownload/drivers/Ddownload_nginx.php | 1 - 2 files changed, 2 deletions(-) (limited to 'application/libraries') diff --git a/application/libraries/Ddownload/drivers/Ddownload_lighttpd.php b/application/libraries/Ddownload/drivers/Ddownload_lighttpd.php index 31db4d340..780f60838 100644 --- a/application/libraries/Ddownload/drivers/Ddownload_lighttpd.php +++ b/application/libraries/Ddownload/drivers/Ddownload_lighttpd.php @@ -16,7 +16,6 @@ class Ddownload_lighttpd extends Ddownload_Driver { if (strpos($file, $upload_path) !== 0) { show_error('Invalid file path'); - return; } header('Content-disposition: inline; filename="'.$filename."\"\n"); diff --git a/application/libraries/Ddownload/drivers/Ddownload_nginx.php b/application/libraries/Ddownload/drivers/Ddownload_nginx.php index 5fb6ffa87..2410df4d4 100644 --- a/application/libraries/Ddownload/drivers/Ddownload_nginx.php +++ b/application/libraries/Ddownload/drivers/Ddownload_nginx.php @@ -19,7 +19,6 @@ class Ddownload_nginx extends Ddownload_Driver { $file_path = substr($file, strlen($upload_path)); } else { show_error('Invalid file path'); - return; } header('Content-disposition: inline; filename="'.$filename."\"\n"); -- cgit v1.2.3-24-g4f1b