Location: PHPKode > projects > Svn-access-manager > svn_access_manager/include/createAuthFiles.php
<?php

/*
    SVN Access Manager - a subversion access rights management tool
    Copyright (C) 2008 Thomas Krieger <hide@address.com>

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/
 
function createAuthUserFile( $dbh ) {
	
	global $CONF;
	
	$schema									= db_determine_schema();
    
	if( (isset($CONF['separateFilesPerRepo'])) and ($CONF['separateFilesPerRepo'] == "YES") ) {
		
		$ret								= createAuthUserFilePerRepo( $dbh );
		
	} else {
		
		$retcode 							= 0;
		$tMessage							= "";
		$dir								= dirname( $CONF['AuthUserFile'] );
		$entropy							= create_salt();
		$os									= determineOS();
		$slash								= ($os == "windows") ? "\\" : "/";
		$tempfile							= $dir.$slash."authtemp_".$entropy;
			
		if( $CONF['createUserFile'] == "YES" ) {
			
			if( db_set_semaphore( 'createauthuserfile', 'sem', $dbh ) ) {
				
				if( $fileHandle	= @fopen( $tempfile, 'w' ) ) {
					
					$query						= "SELECT * " .
												  "  FROM ".$schema."svnusers " .
												  " WHERE (deleted = '00000000000000') " .
												  "   AND (locked = '0') " .
												  "ORDER BY userid";
					$result						= db_query( $query, $dbh );
					
					while( $row = db_assoc( $result['result'] ) ) {
						
						if( ! @fwrite( $fileHandle, $row['userid'].":".$row['password']."\n" ) ) {
							
							$retcode 			= 1;
							$tMessage			= _( "Can't write to AuthUser file" );
							db_unset_semaphore( 'createauthuserfile', 'sem', $dbh );
						}
						
					}
					
					@fclose( $fileHandle );
					
					if( $retcode == 0 ) {
						
						if( ($os == "windows") and file_exists( $CONF['AuthUserFile'] ) ) {
							unlink( $CONF['AuthUserFile'] );
						}
						
						if( @rename( $tempfile, $CONF['AuthUserFile'] ) ) {
							
							#if( @unlink( $tempfile ) ) {
								
								if( db_unset_semaphore( 'createauthuserfile', 'sem', $dbh ) ) {
									
									$tMessage			= _("Auth user file successfully created!" );
									
								} else {
									
									$retcode			= 1;
									$tMessage			= _("Auth user file created but semaphore could not be released");
									db_unset_semaphore( 'createauthuserfile', 'sem', $dbh );
								}
								
							#} else {
								
							#	$retcode				= 4;
							#	$tMessage				= sprintf( _("Delete of %s failed!"), $tempfile );
							#	db_unset_semaphore( 'createauthuserfile', 'sem', $dbh );
							#}
							
						} else {
							
							$retcode					= 3;
							$tMessage					= sprintf( _("Copy from %s to %s failed!"), $tempfile, $CONF['AuthUserFile'] );
							db_unset_semaphore( 'createauthuserfile', 'sem', $dbh );
						}
						
					}
					
				} else {
					
					$retcode						= 2;
					$tMessage						= sprintf( _( "Cannot open file %s for writing!" ), $tempfile );
					db_unset_semaphore( 'createauthuserfile', 'sem', $dbh );
				}
				
			} else {
			
				$retcode							= 1;
				$tMessage							= _("Can't set semaphore, another process is writing Auth User File, try again later");
			}
			
		} else {
			
			$retcode								= 0;
			$tMessage								= _("Create of auth user file not configured!" );
		}
			
		
		$ret										= array();
		$ret['error']								= $retcode;
		$ret['errormsg']							= $tMessage;
	}
	
	return $ret;
}


function createAuthUserFilePerRepo( $dbh ) {
	
	global $CONF;
	
	$schema								= db_determine_schema();
    
	$retcode 							= 0;
	$tMessage							= "";
	$dir								= dirname( $CONF['AuthUserFile'] );
	$entropy							= create_salt();
	$os									= determineOS();
	$slash								= ($os == "windows") ? "\\" : "/";
	$tempfile							= $dir.$slash."authtemp_".$entropy;
	$curdate							= strftime( "%Y%m%d" );
		
	if( $CONF['createUserFile'] == "YES" ) {
		
		if( db_set_semaphore( 'createauthuserfile', 'sem', $dbh ) ) {
			
				
			$query						= "SELECT * " .
										  "  FROM ".$schema."svnrepos " .
										  " WHERE (deleted = '00000000000000')";
			$resultrepos				= db_query( $query, $dbh );
			while( $row = db_assoc( $resultrepos['result'] ) ) {
			
				$repoid						= $row['id'];
				$authuserfile				= $row['auth_user_file'];
				$reponame					= $row['reponame'];
				if( $authuserfile == "" ) {
					$authuserfile			= dirname( $CONF['AuthUserFile'] )."/svn-passwd.".$reponame;
				}
				
				if( $fileHandle	= @fopen( $tempfile, 'w' ) ) {
												  
					$query						= "SELECT DISTINCT svnusers.userid, svnusers.password " .
												  "  FROM ".$schema."svnusers, ".$schema."svn_access_rights, ".$schema."svnrepos, ".$schema."svnprojects " .
												  " WHERE (svnprojects.repo_id=$repoid) " .
												  "   AND (svn_access_rights.project_id = svnprojects.id) " .
												  "   AND (svnusers.id = svn_access_rights.user_id) " .
												  "   AND (svnusers.id = svn_access_rights.user_id) " .
												  "   AND (svnrepos.deleted = '00000000000000') " .
												  "   AND (svn_access_rights.deleted = '00000000000000') " .
												  "   AND (svn_access_rights.valid_from <= '$curdate') " .
												  "   AND (svn_access_rights.valid_until >= '$curdate') " .
												  "   AND (svnprojects.deleted = '00000000000000') " .
												  "   AND (svnusers.locked = '0') " .
												  "ORDER BY svnusers.userid";
												  
					$result						= db_query( $query, $dbh );
					
					while( $row = db_assoc( $result['result'] ) ) {
						
						if( ! @fwrite( $fileHandle, $row['userid'].":".$row['password']."\n" ) ) {
							
							$retcode 			= 1;
							$tMessage			= _( "Can't write to AuthUser file" );
							db_unset_semaphore( 'createauthuserfile', 'sem', $dbh );
						}
						
					}
					
					@fclose( $fileHandle );	
					
					if( $retcode == 0 ) {
						
						if( ($os == "windows") and file_exists( $authuserfile ) ) {
							unlink( $authuserfile );
						}
						
						if( @rename( $tempfile, $authuserfile ) ) {
							
						} else {
							
							$retcode					= 3;
							$tMessage					= sprintf( _("Copy from %s to %s failed!"), $tempfile, $CONF['AuthUserFile'] );
							db_unset_semaphore( 'createauthuserfile', 'sem', $dbh );
						}
						
					}
					
					#if( @unlink( $tempfile ) ) {
								
					#} else {
						
					#	$retcode				= 4;
					#	$tMessage				= sprintf( _("Delete of %s failed!"), $tempfile );
					#	db_unset_semaphore( 'createauthuserfile', 'sem', $dbh );
					#}
					
				} else {
					
					$retcode						= 2;
					$tMessage						= sprintf( _( "Cannot open file %s for writing!" ), $tempfile );
					db_unset_semaphore( 'createauthuserfile', 'sem', $dbh );
				
				}
			}
			
			if( $retcode == 0 ) {
				if( db_unset_semaphore( 'createauthuserfile', 'sem', $dbh ) ) {
										
					$tMessage			= _("Auth user file successfully created!" );
					
				} else {
					
					$retcode			= 1;
					$tMessage			= _("Auth user file created but semaphore could not be released");
					db_unset_semaphore( 'createauthuserfile', 'sem', $dbh );
				}
			}
			
		} else {
		
			$retcode							= 1;
			$tMessage							= _("Can't set semaphore, another process is writing Auth User File, try again later");
		}
		
	} else {
		
		$retcode								= 0;
		$tMessage								= _("Create of auth user file not configured!" );
	}
		
	
	$ret										= array();
	$ret['error']								= $retcode;
	$ret['errormsg']							= $tMessage;
	
	return $ret;
}


function createAccessFile( $dbh ) {
	
	global $CONF;
	
	$schema									= db_determine_schema();
	
	if( (isset($CONF['separateFilesPerRepo'])) and ($CONF['separateFilesPerRepo'] == "YES") ) {
		
		$ret								= createAccessFilePerRepo( $dbh );
		
	} else {
	
		$retcode 							= 0;
		$tMessage							= "";
		$curdate							= strftime( "%Y%m%d" );
		$oldpath							= "";
		
		if( $CONF['createAccessFile'] == "YES" ) {
			
			if( db_set_semaphore( 'createaccessfile', 'sem', $dbh ) ) {
				
				$dir							= dirname( $CONF['SVNAccessFile'] );
				$entropy						= create_salt();
				$os								= determineOS();
				$slash							= ($os == "windows") ? "\\" : "/";
				$tempfile						= $dir.$slash."accesstemp_".$entropy;
			
				if( $fileHandle = @fopen ( $tempfile, 'w' ) ) {
				
					$groupwritten						= 0;
					
					if( $retcode == 0 ) {
					
						# write groups to file
						$query							= "  SELECT svngroups.groupname, svnusers.userid " .
														  "    FROM ".$schema."svngroups, ".$schema."svnusers, ".$schema."svn_users_groups " .
														  "   WHERE (svngroups.deleted = '00000000000000') " .
														  "     AND (svn_users_groups.user_id = svnusers.id) " .
														  "     AND (svn_users_groups.group_id = svngroups.id) " .
														  "     AND (svnusers.deleted = '00000000000000') " .
														  "     AND (svn_users_groups.deleted = '00000000000000') " .
														  "ORDER BY svngroups.groupname ASC";
						$result							= db_query( $query, $dbh );
						$oldgroup						= "";
						$users							= "";
						
						while( ($row = db_assoc( $result['result'] )) and ($retcode == 0) ) {
							
							if( $oldgroup != $row['groupname'] ) {
								
								if( $users != "" ) {
									
									if( $groupwritten == 0 ) {
										
										$groupwritten 	= 1;
										if( ! @fwrite( $fileHandle, "[groups]\n" ) ) {
							
											$retcode	= 1;
											$tMessage	= sprintf( _("Cannot write to %s"), $tempfile );
											db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
										} 
										
									}
									
									if( ! @fwrite( $fileHandle, $oldgroup." = ".$users."\n" ) )  {
										
										$retcode		= 1;
										$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
										db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
									}
									
								} 
								
								$users					= $row['userid'];
								$oldgroup				= $row['groupname'];
								
							} else {
								
								if( $users == "" ) {
									
									$users				= $row['userid'];
									
								} else {
									
									$users				= $users.", ".$row['userid'];
									
								}
								
							}
							
						}
						
						if( $users != "" ) {
							
							if( $groupwritten == 0 ) {
										
								$groupwritten 			= 1;
								if( ! @fwrite( $fileHandle, "[groups]\n" ) ) {
					
									$retcode			= 1;
									$tMessage			= sprintf( _("Cannot write to %s"), $tempfile );
									db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
								} 
								
									}
							fwrite( $fileHandle, $oldgroup." = ".$users."\n" );
							
						}
					}
					
					
					if( $retcode == 0 ) {
	
						$first						= 1;
						$query						= "SELECT * " .
												  	  "  FROM ".$schema."svnusers " .
												  	  " WHERE (superadmin = 1) " .
												  	  "   AND (deleted = '00000000000000')";
						$resultusr 					= db_query( $query, $dbh );
						while( $rowusr = db_assoc( $resultusr['result'] ) ) {
	
							if( $first == 1 ) {
								
								$first					= 0;
								
								# write superuser privileges for access to all repositories by http(s)
								if( ! @fwrite( $fileHandle, "\n[/]\n" ) ) {
											
									$retcode			= 8;
									$tMessage			= sprintf( _("Cannot write to %s"), $tempfile );
									db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
								}
							}	
							
							if( ! @fwrite( $fileHandle, $rowusr['userid']." = r\n" ) ) {
										
								$retcode				= 5;
								$tMessage				= sprintf( _("Cannot write to %s"), $tempfile );
								db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
							}
									
						}
						
					}
					
					
					if( $retcode == 0 ) {
						
						# write access rights to file
						
						$query							= "  SELECT svnmodule, modulepath, reponame, path, user_id, group_id, access_right, repo_id " .
														  "    FROM ".$schema."svn_access_rights, ".$schema."svnprojects, ".$schema."svnrepos " .
														  "   WHERE (svn_access_rights.deleted = '00000000000000') " .
														  "     AND (svn_access_rights.valid_from <= '$curdate') " .
														  "     AND (svn_access_rights.valid_until >= '$curdate') " .
														  "     AND (svn_access_rights.project_id = svnprojects.id) " .
														  "     AND (svnprojects.repo_id = svnrepos.id) " .
														  "ORDER BY svnprojects.repo_id ASC, LENGTH(svn_access_rights.path) DESC";
						$result							= db_query( $query, $dbh );
						
						while( ($row = db_assoc( $result['result'] )) and ($retcode == 0) ) {
							
							if( $row['access_right'] == "none" ) {
								
								$right					= "";
								
							} elseif( $row['access_right'] == "read" ) {
								
								$right					= "r";
								
							} elseif( $row['access_right'] == "write" ) {
								
								$right					= "rw";
								
							} else {
								
								$right					= "";
								
							}
							
							$checkpath				= $row['repo_id'].$row['path'];
							if( $checkpath != $oldpath ) {
								
								$oldpath				= $row['repo_id'].$row['path'];
								if( ! @fwrite( $fileHandle, "\n[".$row['reponame'].":".$row['path']."]\n" ) ) {
									
									$retcode			= 4;
									$tMessage			= sprintf( _("Cannot write to %s"), $tempfile );
									db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
								}
								
							} 
							
							if( ($row['user_id'] != "0") and (!empty($row['user_id'])) ) {
								
								$query					= "SELECT * " .
														  "  FROM ".$schema."svnusers " .
														  " WHERE (id = ".$row['user_id'].")";
								$resultusr				= db_query( $query, $dbh );
								
								if( $resultusr['rows'] == 1 ) {
									
									$rowusr				= db_assoc( $resultusr['result'] );
									if( ! @fwrite( $fileHandle, $rowusr['userid']." = ".$right."\n" ) ) {
										
										$retcode		= 5;
										$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
										db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
									}
									
								}
							}
							
							if( ($row['group_id'] != "0") and (!empty($row['group_id']) ) ) {
							
								$query					= "  SELECT * " .
														  "    FROM ".$schema."svngroups " .
														  "   WHERE (id = ".$row['group_id'].")";
								$resultgrp				= db_query( $query, $dbh );
								
								if( $resultgrp['rows'] == 1 ) {
									
									$rowgrp				= db_assoc( $resultgrp['result'] );
									if( ! @fwrite( $fileHandle, "@".$rowgrp['groupname']." = ".$right."\n" ) ) {
										
										$retcode		= 6;
										$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
										db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
									}
									
								} 	
							}
						}
						
						if( ! @fwrite( $fileHandle, "\n" ) ) {
							
							$retcode					= 7;
							$tMessage					= sprintf( _("Cannot write to %s"), $tempfile );
							db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
										
						} 
					
						@fclose( $fileHandle );
						
						if( ($os == "windows") and file_exists( $CONF['SVNAccessFile'] ) ) {
							unlink( $CONF['SVNAccessFile'] );
						}
						
						if( @rename( $tempfile, $CONF['SVNAccessFile'] ) ) {
							
							#if( @unlink( $tempfile ) ) {
								
								if( db_unset_semaphore( 'createaccessfile', 'sem', $dbh ) ) {
								
									$tMessage				= _( "Access file successfully created!" );
									
								} else {
									
									$retcode				= 1;
									$tMessage				= _("Access file successfully created but semaphore could nor be released");
									db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
									
								}	
								
							#} else {
								
							#	$retcode				= 4;
							#	$tMessage				= sprintf( _("Delete of %s failed!"), $tempfile );
							#	db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
							#}
							
						} else {
							
							$retcode					= 3;
							$tMessage					= sprintf( _("Copy from %s to %s failed!"), $tempfile, $CONF['SVNAccessFile'] );
							db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
						}	
					}
				
				} else {
					
					$retcode						= 1;
					$tMessage						= sprintf( _("Cannot open %s for wrtiting"), $tempfile );
					db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
					
				}
				
			} else {
				
				$retcode							= 1;
				$tMessage							= _("Can't set semaphore, another process is writing access file, try again later");
	
			}
		
		} else {
			
			$retcode							= 0;
			$tMessage							= _("Create of access file not configured!" );
				
		}
		
		$ret									= array();
		$ret['error']							= $retcode;
		$ret['errormsg']						= $tMessage;
	}

	return $ret;
}


function createAccessFilePerRepo( $dbh ) {
	
	global $CONF;
	
	$schema								= db_determine_schema();
	
	$retcode 							= 0;
	$tMessage							= "";
	$curdate							= strftime( "%Y%m%d" );
	$oldpath							= "";
	
	if( $CONF['createAccessFile'] == "YES" ) {
		
		if( db_set_semaphore( 'createaccessfile', 'sem', $dbh ) ) {
			
			$dir							= dirname( $CONF['SVNAccessFile'] );
			$entropy						= create_salt();
			$os								= determineOS();
			$slash							= ($os == "windows") ? "\\" : "/";
			$tempfile						= $dir.$slash."accesstemp_".$entropy;
			
			$query							= "SELECT * " .
											  "  FROM ".$schema."svnrepos " .
											  " WHERE (deleted = '00000000000000')";
			$resultrepos					= db_query( $query, $dbh );
			while( $row = db_assoc( $resultrepos['result'] ) ) {
			
				$repoid						= $row['id'];
				$authuserfile				= $row['auth_user_file'];
				$svnaccessfile				= $row['svn_access_file'];
				$reponame					= $row['reponame'];
				if( $svnaccessfile == "" ) {
					$svnaccessfile			= dirname( $CONF['SVNAccessFile'] )."/svn-access.".$reponame;
				}
		
				if( $fileHandle = @fopen ( $tempfile, 'w' ) ) {
				
					$groupwritten			= 0;
					
					if( $retcode == 0 ) {
					
						# write groups to file		
						$query							= "  SELECT svngroups.groupname, svnusers.userid " .
														  "    FROM ".$schema."svngroups, ".$schema."svnusers, ".$schema."svn_users_groups, ".$schema."svnprojects, ".$schema."svn_access_rights, ".$schema."svnrepos " .
														  "   WHERE (svn_users_groups.user_id = svnusers.id) " .
														  "     AND (svn_users_groups.group_id = svngroups.id) " .
														  "     AND (svnprojects.repo_id = svnrepos.id) " .
														  "     AND (svnprojects.repo_id=$repoid) " .
														  "     AND (svnprojects.id = svn_access_rights.project_id) " .
														  "     AND (svn_access_rights.group_id=svngroups.id) " .
														  "     AND (svn_access_rights.group_id != 0) " .
														  "     AND (svn_users_groups.deleted='00000000000000') " .
														  "     AND (svn_access_rights.deleted='00000000000000') " .
														  "     AND (svn_access_rights.valid_from <= '$curdate') " .
														  "     AND (svn_access_rights.valid_until >= '$curdate') " .
														  "     AND (svnprojects.deleted='00000000000000') " .
														  "     AND (svngroups.deleted='00000000000000') " .
														  "     AND (svnrepos.deleted='00000000000000') " .
														  "     AND (svnusers.deleted='00000000000000') " .
														  "ORDER BY svngroups.groupname ASC";
						$result							= db_query( $query, $dbh );
						$oldgroup						= "";
						$users							= "";
						
						while( ($row = db_assoc( $result['result'] )) and ($retcode == 0) ) {
							
							if( $oldgroup != $row['groupname'] ) {
								
								if( $users != "" ) {
									
									if( $groupwritten == 0 ) {
										
										$groupwritten		= 1;
										
										if( ! @fwrite( $fileHandle, "[groups]\n" ) ) {
											
											$retcode		= 1;
											$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
											db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
										} 
									}
									
									if( ! @fwrite( $fileHandle, $oldgroup." = ".$users."\n" ) )  {
										
										$retcode		= 1;
										$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
										db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
									}
									
								} 
								
								$users					= $row['userid'];
								$oldgroup				= $row['groupname'];
								
							} else {
								
								if( $users == "" ) {
									
									$users				= $row['userid'];
									
								} else {
									
									$users				= $users.", ".$row['userid'];
									
								}
								
							}
							
						}
						
						if( $users != "" ) {
							
							if( $groupwritten == 0 ) {
										
								$groupwritten		= 1;
								
								if( ! @fwrite( $fileHandle, "[groups]\n" ) ) {
									
									$retcode		= 1;
									$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
									db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
								} 
							}
							
							fwrite( $fileHandle, $oldgroup." = ".$users."\n" );
							
						}

					}
					
					
					if( $retcode == 0 ) {
	
						$first						= 1;
						$query						= "SELECT * " .
												  	  "  FROM ".$schema."svnusers " .
												  	  " WHERE (superadmin = 1) " .
												  	  "   AND (deleted = '00000000000000')";
						$resultusr 					= db_query( $query, $dbh );
						while( $rowusr = db_assoc( $resultusr['result'] ) ) {
	
							if( $first == 1 ) {
								
								$first					= 0;
								
								# write superuser privileges for access to all repositories by http(s)
								if( ! @fwrite( $fileHandle, "\n[/]\n" ) ) {
											
									$retcode			= 8;
									$tMessage			= sprintf( _("Cannot write to %s"), $tempfile );
									db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
								}
							}	
							
							if( ! @fwrite( $fileHandle, $rowusr['userid']." = r\n" ) ) {
										
								$retcode				= 5;
								$tMessage				= sprintf( _("Cannot write to %s"), $tempfile );
								db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
							}
									
						}
						
					}
					
					
					if( $retcode == 0 ) {
						
						# write access rights to file
						$query							= "  SELECT svnmodule, modulepath, reponame, path, user_id, group_id, access_right, repo_id " .
														  "    FROM ".$schema."svn_access_rights, ".$schema."svnprojects, ".$schema."svnrepos " .
														  "   WHERE (svn_access_rights.deleted = '00000000000000') " .
														  "     AND (svn_access_rights.valid_from <= '$curdate') " .
														  "     AND (svn_access_rights.valid_until >= '$curdate') " .
														  "     AND (svn_access_rights.project_id = svnprojects.id) " .
														  "     AND (svnprojects.repo_id = svnrepos.id) " .
														  "     AND (svnprojects.repo_id=$repoid) " .
														  "     AND (svnprojects.deleted='00000000000000') " .
														  "     AND (svnrepos.deleted='00000000000000') " .
														  "ORDER BY svnprojects.repo_id ASC, LENGTH(svn_access_rights.path) DESC";
						$result							= db_query( $query, $dbh );
						
						while( ($row = db_assoc( $result['result'] )) and ($retcode == 0) ) {
							
							if( $row['access_right'] == "none" ) {
								
								$right					= "";
								
							} elseif( $row['access_right'] == "read" ) {
								
								$right					= "r";
								
							} elseif( $row['access_right'] == "write" ) {
								
								$right					= "rw";
								
							} else {
								
								$right					= "";
								
							}
							
							$checkpath				= $row['repo_id'].$row['path'];
							if( $checkpath != $oldpath ) {
								
								$oldpath				= $row['repo_id'].$row['path'];
								if( ! @fwrite( $fileHandle, "\n[".$row['reponame'].":".$row['path']."]\n" ) ) {
									
									$retcode			= 4;
									$tMessage			= sprintf( _("Cannot write to %s"), $tempfile );
									db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
								}
								
							} 
							
							if( ($row['user_id'] != "0") and (!empty($row['user_id'])) ) {
								
								$query					= "SELECT * " .
														  "  FROM ".$schema."svnusers " .
														  " WHERE (id = ".$row['user_id'].")";
								$resultusr				= db_query( $query, $dbh );
								
								if( $resultusr['rows'] == 1 ) {
									
									$rowusr				= db_assoc( $resultusr['result'] );
									if( ! @fwrite( $fileHandle, $rowusr['userid']." = ".$right."\n" ) ) {
										
										$retcode		= 5;
										$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
										db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
									}
									
								}
							}
							
							if( ($row['group_id'] != "0") and (!empty($row['group_id'])) ) {
							
								$query					= "  SELECT * " .
														  "    FROM ".$schema."svngroups " .
														  "   WHERE (id = ".$row['group_id'].")";
								$resultgrp				= db_query( $query, $dbh );
								
								if( $resultgrp['rows'] == 1 ) {
									
									$rowgrp				= db_assoc( $resultgrp['result'] );
									if( ! @fwrite( $fileHandle, "@".$rowgrp['groupname']." = ".$right."\n" ) ) {
										
										$retcode		= 6;
										$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
										db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
									}
									
								} 	
							}
						}
						
						if( ! @fwrite( $fileHandle, "\n" ) ) {
							
							$retcode					= 7;
							$tMessage					= sprintf( _("Cannot write to %s"), $tempfile );
							db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
										
						} 
					
						@fclose( $fileHandle );
						
						if( ($os == "windows") and file_exists( $svnaccessfile ) ) {
							unlink( $svnaccessfile );
						}
						
						if( @rename( $tempfile, $svnaccessfile ) ) {
							
						} else {
							
							$retcode					= 3;
							$tMessage					= sprintf( _("Copy from %s to %s failed!"), $tempfile, $CONF['SVNAccessFile'] );
							db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
						}	
					}
					
					#if( @unlink( $tempfile ) ) {
								
					#} else {
						
					#	$retcode				= 4;
					#	$tMessage				= sprintf( _("Delete of %s failed!"), $tempfile );
					#	db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
					#}
				
				} else {
					
					$retcode						= 1;
					$tMessage						= sprintf( _("Cannot open %s for wrtiting"), $tempfile );
					db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
					
				}
			
			} # end iteration over repos
			
			if( db_unset_semaphore( 'createaccessfile', 'sem', $dbh ) ) {
			
				$tMessage				= _( "Access file successfully created!" );
				
			} else {
				
				$retcode				= 1;
				$tMessage				= _("Access file successfully created but semaphore could nor be released");
				db_unset_semaphore( 'createaccessfile', 'sem', $dbh );
				
			}	

		} else {
			
			$retcode							= 1;
			$tMessage							= _("Can't set semaphore, another process is writing access file, try again later");

		}
	
	} else {
		
		$retcode							= 0;
		$tMessage							= _("Create of access file not configured!" );
			
	}
	
	$ret									= array();
	$ret['error']							= $retcode;
	$ret['errormsg']						= $tMessage;
	
	return $ret;
}


function getGroupMembers( $groupid, $dbh ) {
	
	global $CONF;
	
	$schema								= db_determine_schema();
    
	$members							= array();
	$query								= "  SELECT userid " .
										  "    FROM ".$schema."svnusers, ".$schema."svngroups, ".$schema."svn_users_groups " .
										  "   WHERE (svngroups.id = $groupid) " .
										  "     AND (svngroups.id = svn_users_groups.group_id) " .
										  "     AND (svnusers.id = svn_users_groups.user_id) " .
										  "ORDER BY userid ASC";
	$result								= db_query( $query, $dbh );
	while( $row = db_assoc( $result['result'] ) ) {
		$members[]						= $row['userid'];
	}
	
	return $members;
}



function deleteUser( $members, $userid ) {
	
	$new								= array();
	
	for( $i = 0; $i < count( $members); $i++ ) {
		
		if( $members[$i] != $userid ) {
			
			$new[]						= $members[$i];
			
		}
	}
		
	return $new;
}



function getUpperDirUsers( $checkpath, $repopathes ) {
	
	$parts								= explode( '/', $checkpath );
	$count								= count( $parts );
	$data								= array();
	
	if( $count >= 2 ) {
		
		array_pop( $parts );
		
		$path							= implode( '/', $parts );
		
		if( array_key_exists( $path, $repopathes ) ) {
			
			$data						= $repopathes[$path];
		
		} else {
			
			$data						= getUpperDirUsers( $path, $repopathes );
		
		}
	}
	
	return $data;
}



function createViewvcConfig( $dbh ) {

	global $CONF;
	
	$schema								= db_determine_schema();
	
	$retcode 							= 0;
	$tMessage							= "";
	$curdate							= strftime( "%Y%m%d" );
	$oldpath							= "";
	$oldgroup							= "";
	$modulepath							= "";
	$currentgroup						= "g".create_salt();
	$groups[$currentgroup]				= "";
	$repopathes							= array();
	
	if( $CONF['createViewvcConf'] == "YES" ) {
		
		if( db_set_semaphore( 'createviewvcconf', 'sem', $dbh ) ) {
			
			$dir							= dirname( $CONF['ViewvcConf'] );
			$entropy						= create_salt();
			$os								= determineOS();
			$slash							= ($os == "windows") ? "\\" : "/";
			$tempfile						= $dir.$slash."viewvc_conf_temp_".$entropy;
		
			if( $fileHandle = @fopen ( $tempfile, 'w' ) ) {
	
				$dir						= dirname( $CONF['ViewvcGroups'] );
				$entropy					= create_salt();
				$os							= determineOS();
				$slash						= ($os == "windows") ? "\\" : "/";
				$tempgroups					= $dir.$slash."viewvc_groups_temp_".$entropy;
				
				if( $groupHandle = @fopen( $tempgroups, 'w' ) ) {
			
					$query						= "  SELECT svnmodule, modulepath, reponame, path, user_id, group_id, access_right, repo_id " .
												  "    FROM ".$schema."svn_access_rights, ".$schema."svnprojects, ".$schema."svnrepos " .
												  "   WHERE (svn_access_rights.deleted = '00000000000000') " .
												  "     AND (svn_access_rights.valid_from <= '$curdate') " .
												  "     AND (svn_access_rights.valid_until >= '$curdate') " .
												  "     AND (svn_access_rights.project_id = svnprojects.id) " .
												  "     AND (svnprojects.repo_id = svnrepos.id) " .
												  "ORDER BY svnprojects.repo_id ASC, svn_access_rights.path ASC, svn_access_rights.access_right DESC";
					
					$result						= db_query( $query, $dbh );
					
					while( ($row = db_assoc( $result['result'] )) and ($retcode == 0) ) {
						
						$checkpath				= $row['repo_id'].$row['path'];
						
						if( $checkpath != $oldpath ) {
							
							$oldgroup				= $currentgroup;
							$currentgroup			= "g".create_salt();
							while( array_key_exists( $currentgroup, $groups ) ) {
								$currentgroup			= "g".create_salt();
							}
							
							if( ! array_key_exists( $checkpath, $repopathes ) ) {
								
								$data					= getUpperDirUsers( $checkpath, $repopathes );
								$repopathes[$checkpath]	= $data;
								
							} else {

								$data					= $repopathes[$checkpath];

							}
							
							$groups[$currentgroup]		= $data;			
							$oldpath					= $row['repo_id'].$row['path'];
							$modulepath					= $CONF['ViewvcLocation']."/".$row['reponame'].$row['path'];
							
							if( ! @fwrite( $fileHandle, "<Location $modulepath>\n" ) ) {
								$retcode			= 9;
								$tMessage			= sprintf( _("Cannot write to %s"), $tempfile );
								db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
							}
							
							if( $retcode == 0 ) {
								if( ! @fwrite( $fileHandle, "     AuthType Basic\n" ) ) {
									$retcode		= 9;
									$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
									db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
								}
							}
							
							if( $retcode == 0 ) {
								if( ! @fwrite( $fileHandle, "     AuthName \"Viewvc Access Control\"\n" ) ) {
									$retcode		= 9;
									$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
									db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
								}
							}
							
							if( $retcode == 0 ) {
								if( ! @fwrite( $fileHandle, "     AuthUserFile ".$CONF['AuthUserFile']."\n" ) ) {
									$retcode		= 9;
									$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
									db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
								}
							}
							
							if( $retcode == 0 ) {
								if( ! @fwrite( $fileHandle, "     AuthGroupFile ".$CONF['ViewvcGroups']."\n" ) ) {
									$retcode		= 9;
									$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
									db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
								}
							}
							
							if( $retcode == 0 ) {
								if( ! @fwrite( $fileHandle, "     Require group $currentgroup\n" ) ) {
									$retcode		= 9;
									$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
									db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
								}
							}
							
							if( $retcode == 0 ) {
								if( ! @fwrite( $fileHandle, "</Location>\n\n" ) ) {
									$retcode		= 9;
									$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
									db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
								}
							}

								
						}
						
						if( $row['access_right'] != "none" ) {

							if( ($row['user_id'] != "0") and (!empty($row['user_id'])) ) {
								
								$query					= "SELECT * " .
														  "  FROM ".$schema."svnusers " .
														  " WHERE (id = ".$row['user_id'].")";
								$resultusr				= db_query( $query, $dbh );
								
								if( $resultusr['rows'] == 1 ) {
									
									# add user to apache access group
									$rowusr					= db_assoc( $resultusr['result'] );
									
									if( ! in_array( $rowusr['userid'], $groups[$currentgroup] ) ) {
										
										$groups[$currentgroup][]	= $rowusr['userid'];
										$repopathes[$checkpath][]	= $rowusr['userid'];
										
									}
									
								}
							}
							
							if( ($row['group_id'] != "0") and (!empty($row['group_id'])) ) {
							
								$query					= "  SELECT * " .
														  "    FROM ".$schema."svngroups " .
														  "   WHERE (id = ".$row['group_id'].")";
								$resultgrp				= db_query( $query, $dbh );
								
								if( $resultgrp['rows'] == 1 ) {
									
									# get group members
									$rowgrp				= db_assoc( $resultgrp['result'] );
									$groupid			= $rowgrp['id'];
									$members			= getGroupMembers( $groupid, $dbh );
									
									foreach( $members as $member ) {
										
										if( ! in_array( $member, $groups[$currentgroup] ) ) {
											
											$groups[$currentgroup][] = $member;
											$repopathes[$checkpath][]= $member;
											
										}
									} 
								} 	
								
							} 
							
						} else {
						
							if( ($row['user_id'] != "0") and (!empty($row['user_id'])) ) {
								
								$query					= "SELECT * " .
														  "  FROM ".$schema."svnusers " .
														  " WHERE (id = ".$row['user_id'].")";
								$resultusr				= db_query( $query, $dbh );
								
								if( $resultusr['rows'] == 1 ) {
									
									# delete user from apache access group
									$rowusr					= db_assoc( $resultusr['result'] );
									
									if( in_array( $rowusr['userid'], $groups[$currentgroup] ) ) {
										
										$groups[$currentgroup]	= deleteUser($groups[$currentgroup], $rowusr['userid'] );
										$repopathes[$checkpath] = deleteUser($repopathes[$checkpath], $rowusr['userid']);
										
									}
									
								}
							}
							
							if( ($row['group_id'] != "0") and (!empty($row['group_id'])) ) {
							
								$query					= "  SELECT * " .
														  "    FROM ".$schema."svngroups " .
														  "   WHERE (id = ".$row['group_id'].")";
								$resultgrp				= db_query( $query, $dbh );
								
								if( $resultgrp['rows'] == 1 ) {
									
									# get group members
									$rowgrp				= db_assoc( $resultgrp['result'] );
									$groupid			= $rowgrp['id'];
									$members			= getGroupMembers( $groupid, $dbh );
									
									foreach( $members as $member ) {
										
										if( in_array( $member, $groups[$currentgroup] ) ) {
											
											$groups[$currentgroup] = deleteUser($groups[$currentgroup], $member );
											$repopathes[$checkpath]= deleteUser($repopathes[$checkpath], $member );
										}
									} 
								} 	
								
							} 
								
						}
						
					}
					
					foreach( $groups as $group => $members ) {
						
						if( count( $members ) != 0 ) {
							
							if( ! fwrite( $groupHandle, $group.":") ) {
								
								$retcode		= 10;
								$tMessage		= sprintf( _("Cannot write to %s"), $tempgroups );
								db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
								
							} else {
								
								if( is_array( $members) and ! empty( $members) ) {
									for( $i = 0; $i < count( $members ); $i++ ) {
										if( ! fwrite( $groupHandle, $members[$i]." ") ) {
											$retcode		= 10;
											$tMessage		= sprintf( _("Cannot write to %s"), $tempgroups );
											db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
										}
									}
								}
							}
							
							if( ! fwrite( $groupHandle, "\n") ) {
								
								$retcode		= 10;
								$tMessage		= sprintf( _("Cannot write to %s"), $tempgroups );
								db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
								
							}
						}
					}
						
					@fclose( $groupHandle );
					
				} else {
				 	
				}	
				
				if( ! @fwrite( $fileHandle, "<LocationMatch (^".$CONF['ViewvcLocation']."\$|^".$CONF['ViewvcLocation']."/\$)>\n" ) ) {
					$retcode		= 9;
					$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
					db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
				}
				
				if( ! @fwrite( $fileHandle, "      AuthType Basic\n" ) ) {
					$retcode		= 9;
					$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
					db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
				}
				
				if( ! @fwrite( $fileHandle, "      AuthName \"Viewvc Access Control\"\n" ) ) {
					$retcode		= 9;
					$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
					db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
				}
				
				if( ! @fwrite( $fileHandle, "      AuthUserFile /etc/svn/svn-passwd\n" ) ) {
					$retcode		= 9;
					$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
					db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
				}
				
				if( ! @fwrite( $fileHandle, "      Require valid-user\n" ) ) {
					$retcode		= 9;
					$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
					db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
				}
				
				if( ! @fwrite( $fileHandle, "</LocationMatch>\n" ) ) {
					$retcode		= 9;
					$tMessage		= sprintf( _("Cannot write to %s"), $tempfile );
					db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
				}
				
				@fclose( $fileHandle );
				
			} else {
				
			}
			
			if( $retcode == 0 ) {
				
				if( ($os == "windows") and file_exists( $CONF['ViewvcGroups'] ) ) {
					unlink( $CONF['ViewvcGroups'] );
				}
						
				if( @rename( $tempgroups, $CONF['ViewvcGroups'] ) ) {
						
					#if( @unlink( $tempgroups ) ) {
						
						if( ($os == "windows") and file_exists( $CONF['ViewvcConf'] ) ) {
							unlink( $CONF['ViewvcConf'] );
						}
				
						if( @rename( $tempfile, $CONF['ViewvcConf'] ) ) {
							
							#if( @unlink( $tempfile ) ) {
								
								if( db_unset_semaphore( 'createviewvcconf', 'sem', $dbh ) ) {
							
									$tMessage				= _( "Viewvc access configuration successfully created!" );
								
								} else {
								
									$retcode				= 1;
									$tMessage				= _("Viewvc access configuration successfully created but semaphore could nor be released");
									db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
								
								}
									
							#} else {
								
							#	$retcode				= 4;
							#	$tMessage				= sprintf( _("Delete of %s failed!"), $tempfile );
							#	db_unset_semaphore( 'ccreateviewvcconf', 'sem', $dbh );
							#}
							
						} else {
							
							$retcode					= 3;
							$tMessage					= sprintf( _("Copy from %s to %s failed!"), $tempgroups, $CONF['ViewvcGroups'] );
							db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
						}
						
					#} else {
						
					#	$retcode				= 4;
					#	$tMessage				= sprintf( _("Delete of %s failed!"), $tempgroups );
					#	db_unset_semaphore( 'ccreateviewvcconf', 'sem', $dbh );
					#}
					
				} else {
					
					$retcode					= 3;
					$tMessage					= sprintf( _("Copy from %s to %s failed!"), $tempfile, $CONF['ViewvcGroups'] );
					db_unset_semaphore( 'createviewvcconf', 'sem', $dbh );
				}	
			}
			
		} else {
			
			
			$retcode							= 1;
			$tMessage							= _("Can't set semaphore, another process is writing access file, try again later");
			
		}
		
	} else {
		
		$retcode							= 0;
		$tMessage							= _("Create of access file not configured!" );
	}
	
	$ret									= array();
	$ret['error']							= $retcode;
	$ret['errormsg']						= $tMessage;
	
	return $ret;
	
}
?>
Return current item: Svn-access-manager