From 5733e9307015b7cf2961f1b407a2f545d682ff5d Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Fri, 6 Nov 2009 19:15:56 +0000 Subject: [PATCH] better checking if config files are writable --- lam/lib/config.inc | 30 ++++++++++++++++++----------- lam/templates/config/mainlogin.php | 11 +++++++++-- lam/templates/config/mainmanage.php | 7 +++++++ 3 files changed, 35 insertions(+), 13 deletions(-) diff --git a/lam/lib/config.inc b/lam/lib/config.inc index 61228aa0..f8a0646e 100644 --- a/lam/lib/config.inc +++ b/lam/lib/config.inc @@ -404,7 +404,7 @@ class LAMConfig { array_push($file_array, "types: " . $t_settings[$i] . ": " . $this->typeSettings[$t_settings[$i]] . "\n"); } } - $file = fopen($conffile, "w"); + $file = @fopen($conffile, "w"); if ($file) { for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]); fclose($file); @@ -413,7 +413,6 @@ class LAMConfig { } else { StatusMessage("ERROR", _("Cannot open config file!") . " (" . $conffile . ")"); - exit; } } } @@ -1019,6 +1018,8 @@ class LAMCfgMain { /** minimum character classes (upper, lower, numeric, symbols) */ public $passwordMinClasses = 0; + + private $conffile; /** list of data fields to save in config file */ private $settings = array("password", "default", "sessionTimeout", @@ -1030,6 +1031,7 @@ class LAMCfgMain { * Loads preferences from config file */ function __construct() { + $this->conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/config.cfg"; // set default values $this->sessionTimeout = 30; $this->logLevel = LOG_NOTICE; @@ -1044,9 +1046,8 @@ class LAMCfgMain { * @return boolean true if file was readable */ private function reload() { - $conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/config.cfg"; - if (is_file($conffile) == True) { - $file = @fopen($conffile, "r"); + if (is_file($this->conffile) == True) { + $file = @fopen($this->conffile, "r"); if (!$file) return false; // abort if file is not readable while (!feof($file)) { $line = fgets($file, 1024); @@ -1071,9 +1072,8 @@ class LAMCfgMain { * Saves preferences to config file config.cfg */ public function save() { - $conffile = substr(__FILE__, 0, strlen(__FILE__) - 15) . "/config/config.cfg"; - if (is_file($conffile) == True) { - $file = fopen($conffile, "r"); + if (is_file($this->conffile) == True) { + $file = fopen($this->conffile, "r"); $file_array = array(); // read config file while (!feof($file)) { @@ -1110,14 +1110,13 @@ class LAMCfgMain { if (!in_array("passwordMinNumeric", $saved)) array_push($file_array, "\n\n# Password: minimum numeric characters\n" . "passwordMinNumeric: " . $this->passwordMinNumeric); if (!in_array("passwordMinSymbol", $saved)) array_push($file_array, "\n\n# Password: minimum symbolic characters\n" . "passwordMinSymbol: " . $this->passwordMinSymbol); if (!in_array("passwordMinClasses", $saved)) array_push($file_array, "\n\n# Password: minimum character classes (0-4)\n" . "passwordMinClasses: " . $this->passwordMinClasses); - $file = @fopen($conffile, "w"); + $file = @fopen($this->conffile, "w"); if ($file) { for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]); fclose($file); } else { - StatusMessage("ERROR", "", _("Cannot open config file!") . " (" . $conffile . ")"); - exit; + StatusMessage("ERROR", "", _("Cannot open config file!") . " (" . $this->conffile . ")"); } } @@ -1165,6 +1164,15 @@ class LAMCfgMain { return "{SSHA}" . base64_encode(hex2bin(sha1($password . $salt))) . " " . base64_encode($salt); } + /** + * Returns if the configuration file is writable. + * + * @return boolean writable + */ + public function isWritable() { + return is_writeable($this->conffile); + } + } ?> diff --git a/lam/templates/config/mainlogin.php b/lam/templates/config/mainlogin.php index 287505cc..d625bd5f 100644 --- a/lam/templates/config/mainlogin.php +++ b/lam/templates/config/mainlogin.php @@ -46,9 +46,9 @@ setlanguage(); // remove settings from session if (isset($_SESSION["mainconf_password"])) unset($_SESSION["mainconf_password"]); +$cfgMain = new LAMCfgMain(); // check if user entered a password if (isset($_POST['passwd'])) { - $cfgMain = new LAMCfgMain(); if (isset($_POST['passwd']) && ($cfgMain->checkPassword($_POST['passwd']))) { $_SESSION["mainconf_password"] = $_POST['passwd']; metaRefresh("mainmanage.php"); @@ -88,7 +88,14 @@ echo $_SESSION['header'];

LDAP Account Manager

-


+

+ isWritable()) { + StatusMessage('WARN', 'The config file is not writable.', 'Your changes cannot be saved until you make the file writable for the webserver user.'); + } + ?> +
diff --git a/lam/templates/config/mainmanage.php b/lam/templates/config/mainmanage.php index 5211282a..a9ae23c8 100644 --- a/lam/templates/config/mainmanage.php +++ b/lam/templates/config/mainmanage.php @@ -145,6 +145,11 @@ if (isset($_POST['submit'])) { exit(); } } + +// check if config file is writable +if (!$cfg->isWritable()) { + StatusMessage('WARN', 'The config file is not writable.', 'Your changes cannot be saved until you make the file writable for the webserver user.'); +} ?>
@@ -357,7 +362,9 @@ if (isset($_POST['submit'])) {

+ isWritable()) { ?> "> +