lib/WikiUser/PearDb.php

   1 <?php //-*-php-*-
   2 rcs_id('$Id$');
   3 /* Copyright (C) 2004 ReiniUrban
   4  * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2)
   5  */
   6 include_once("lib/WikiUser/Db.php");
   7
   8 class _PearDbPassUser
   9 extends _DbPassUser
  10 /**
  11  * Pear DB methods
  12  * Now optimized not to use prepare, ...query(sprintf($sql,quote())) instead.
  13  * We use FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
  14  *
  15  * @tables: pref
  16  */
  17 {
  18     var $_authmethod = 'PearDb';
  19     function _PearDbPassUser($UserName='',$prefs=false) {
  20         //global $DBAuthParams;
  21         if (!$this->_prefs and isa($this,"_PearDbPassUser")) {
  22             if ($prefs) $this->_prefs = $prefs;
  23         }
  24         if (!isset($this->_prefs->_method))
  25             _PassUser::_PassUser($UserName);
  26         elseif (!$this->isValidName($UserName)) {
  27             trigger_error(_("Invalid username."), E_USER_WARNING);
  28             return false;
  29         }
  30         $this->_userid = $UserName;
  31         // make use of session data. generally we only initialize this every time,
  32         // but do auth checks only once
  33         $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
  34         return $this;
  35     }
  36
  37     function getPreferences() {
  38         // override the generic slow method here for efficiency and not to
  39         // clutter the homepage metadata with prefs.
  40         _AnonUser::getPreferences();
  41         $this->getAuthDbh();
  42         if (isset($this->_prefs->_select)) {
  43             $dbh = &$this->_auth_dbi;
  44             $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
  45             // patched by frederik@pandora.be
  46             $prefs = $db_result->fetchRow();
  47             $prefs_blob = @$prefs["prefs"];
  48             if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
  49                 $updated = $this->_prefs->updatePrefs($restored_from_db);
  50                 //$this->_prefs = new UserPreferences($restored_from_db);
  51                 return $this->_prefs;
  52             }
  53         }
  54         if ($this->_HomePagehandle) {
  55             if ($restored_from_page = $this->_prefs->retrieve
  56                 ($this->_HomePagehandle->get('pref'))) {
  57                 $updated = $this->_prefs->updatePrefs($restored_from_page);
  58                 //$this->_prefs = new UserPreferences($restored_from_page);
  59                 return $this->_prefs;
  60             }
  61         }
  62         return $this->_prefs;
  63     }
  64
  65     function setPreferences($prefs, $id_only=false) {
  66         // if the prefs are changed
  67         if ($count = _AnonUser::setPreferences($prefs, 1)) {
  68             //global $request;
  69             //$user = $request->_user;
  70             //unset($user->_auth_dbi);
  71             // this must be done in $request->_setUser, not here!
  72             //$request->setSessionVar('wiki_user', $user);
  73             $this->getAuthDbh();
  74             $packed = $this->_prefs->store();
  75             if (!$id_only and isset($this->_prefs->_update)) {
  76                 $dbh = &$this->_auth_dbi;
  77                 // check if the user already exists (not needed with mysql REPLACE)
  78                 $db_result = $dbh->query(sprintf($this->_prefs->_select,
  79                                                  $dbh->quote($this->_userid)));
  80                 $prefs = $db_result->fetchRow();
  81                 $prefs_blob = @$prefs["prefs"];
  82                 // If there are prefs for the user, update them.
  83                 if($prefs_blob != "" ){
  84                     $dbh->simpleQuery(sprintf($this->_prefs->_update,
  85                                               $dbh->quote($packed),
  86                                               $dbh->quote($this->_userid)));
  87                 } else {
  88                     // Otherwise, insert a record for them and set it to the defaults.
  89                     // johst@deakin.edu.au
  90                     $dbi = $GLOBALS['request']->getDbh();
  91                     $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'),
  92                                                             array("pref_blob", "userid"));
  93                     $dbh->simpleQuery(sprintf($this->_prefs->_insert,
  94                                               $dbh->quote($packed), $dbh->quote($this->_userid)));
  95                 }
  96                 //delete pageprefs:
  97                 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
  98                     $this->_HomePagehandle->set('pref', '');
  99             } else {
 100                 //store prefs in homepage, not in cookie
 101                 if ($this->_HomePagehandle and !$id_only)
 102                     $this->_HomePagehandle->set('pref', $packed);
 103             }
 104             return $count; //count($this->_prefs->unpack($packed));
 105         }
 106         return 0;
 107     }
 108
 109     function userExists() {
 110         //global $DBAuthParams;
 111         $this->getAuthDbh();
 112         $dbh = &$this->_auth_dbi;
 113         if (!$dbh) { // needed?
 114             return $this->_tryNextUser();
 115         }
 116         if (!$this->isValidName()) {
 117             trigger_error(_("Invalid username."),E_USER_WARNING);
 118             return $this->_tryNextUser();
 119         }
 120         $dbi =& $GLOBALS['request']->_dbi;
 121         // Prepare the configured auth statements
 122         if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
 123             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
 124                                                 array("password", "userid"));
 125         }
 126         //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
 127         if (!$dbi->getAuthParam('auth_user_exists')
 128             and $this->_auth_crypt_method == 'crypt'
 129             and $this->_authselect)
 130         {
 131             $rs = $dbh->query(sprintf($this->_authselect, $dbh->quote($this->_userid)));
 132             if ($rs->numRows())
 133                 return true;
 134         }
 135         else {
 136             if (! $dbi->getAuthParam('auth_user_exists'))
 137                 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
 138                               E_USER_WARNING);
 139             $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'), "userid");
 140             $rs = $dbh->query(sprintf($this->_authcheck, $dbh->quote($this->_userid)));
 141             if ($rs->numRows())
 142                 return true;
 143         }
 144         // User does not exist yet.
 145         // Maybe the user is allowed to create himself. Generally not wanted in
 146         // external databases, but maybe wanted for the wiki database, for performance
 147         // reasons
 148         if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
 149             $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
 150                                                 array("password", "userid"));
 151         }
 152         if (!empty($this->_authcreate) and
 153             isset($GLOBALS['HTTP_POST_VARS']['auth']) and
 154             isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
 155         {
 156             $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
 157             $dbh->simpleQuery(sprintf($this->_authcreate,
 158                                       $dbh->quote($passwd),
 159                                       $dbh->quote($this->_userid)));
 160             return true;
 161         }
 162         return $this->_tryNextUser();
 163     }
 164
 165     function checkPass($submitted_password) {
 166         //global $DBAuthParams;
 167         $this->getAuthDbh();
 168         if (!$this->_auth_dbi) {  // needed?
 169             return $this->_tryNextPass($submitted_password);
 170         }
 171         if (!$this->isValidName()) {
 172             return $this->_tryNextPass($submitted_password);
 173         }
 174         if (!$this->_checkPassLength($submitted_password)) {
 175             return WIKIAUTH_FORBIDDEN;
 176         }
 177         if (!isset($this->_authselect))
 178             $this->userExists();
 179         if (!isset($this->_authselect))
 180             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 181                               'DBAUTH_AUTH_CHECK', 'SQL'),
 182                           E_USER_WARNING);
 183
 184         //NOTE: for auth_crypt_method='crypt'  defined('ENCRYPTED_PASSWD',true) must be set
 185         $dbh = &$this->_auth_dbi;
 186         if ($this->_auth_crypt_method == 'crypt') {
 187             $stored_password = $dbh->getOne(sprintf($this->_authselect, $dbh->quote($this->_userid)));
 188             $result = $this->_checkPass($submitted_password, $stored_password);
 189         } else {
 190             // be position independent
 191             $okay = $dbh->getOne(sprintf($this->_authselect,
 192                                          $dbh->quote($submitted_password),
 193                                          $dbh->quote($this->_userid)));
 194             $result = !empty($okay);
 195         }
 196
 197         if ($result) {
 198             $this->_level = WIKIAUTH_USER;
 199             return $this->_level;
 200         } elseif (USER_AUTH_POLICY === 'strict') {
 201             $this->_level = WIKIAUTH_FORBIDDEN;
 202             return $this->_level;
 203         } else {
 204             return $this->_tryNextPass($submitted_password);
 205         }
 206     }
 207
 208     function mayChangePass() {
 209         return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
 210     }
 211
 212     function storePass($submitted_password) {
 213         if (!$this->isValidName()) {
 214             return false;
 215         }
 216         $this->getAuthDbh();
 217         $dbh = &$this->_auth_dbi;
 218         $dbi =& $GLOBALS['request']->_dbi;
 219         if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
 220             $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
 221                                                 array("password", "userid"));
 222         }
 223         if (empty($this->_authupdate)) {
 224             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 225                               'DBAUTH_AUTH_UPDATE','SQL'),
 226                           E_USER_WARNING);
 227             return false;
 228         }
 229
 230         if ($this->_auth_crypt_method == 'crypt') {
 231             if (function_exists('crypt'))
 232                 $submitted_password = crypt($submitted_password);
 233         }
 234         $dbh->simpleQuery(sprintf($this->_authupdate,
 235                                   $dbh->quote($submitted_password), $dbh->quote($this->_userid)));
 236         return true;
 237     }
 238 }
 239
 240 // $Log: not supported by cvs2svn $
 241 // Revision 1.11  2007/05/30 21:53:52  rurban
 242 // add userid to authcreate
 243 //
 244 // Revision 1.10  2006/03/19 16:26:40  rurban
 245 // fix DBAUTH arguments to be position independent, fixes bug #1358973
 246 //
 247 // Revision 1.9  2005/10/10 19:43:49  rurban
 248 // add DBAUTH_PREF_INSERT: self-creating users. by John Stevens
 249 //
 250 // Revision 1.8  2005/08/06 13:21:09  rurban
 251 // switch to natural order password, userid
 252 //
 253 // Revision 1.7  2005/02/14 12:28:27  rurban
 254 // fix policy strict. Thanks to Mikhail Vladimirov
 255 //
 256 // Revision 1.6  2005/01/06 15:44:22  rurban
 257 // move password length checker to correct method. thanks to Charles Corrigan
 258 //
 259 // Revision 1.5  2004/12/26 17:11:17  rurban
 260 // just copyright
 261 //
 262 // Revision 1.4  2004/12/20 16:05:01  rurban
 263 // gettext msg unification
 264 //
 265 // Revision 1.3  2004/12/19 00:58:02  rurban
 266 // Enforce PASSWORD_LENGTH_MINIMUM in almost all PassUser checks,
 267 // Provide an errormessage if so. Just PersonalPage and BogoLogin not.
 268 // Simplify httpauth logout handling and set sessions for all methods.
 269 // fix main.php unknown index "x" getLevelDescription() warning.
 270 //
 271 // Revision 1.2  2004/11/10 15:29:21  rurban
 272 // * requires newer Pear_DB (as the internal one): quote() uses now escapeSimple for strings
 273 // * ACCESS_LOG_SQL: fix cause request not yet initialized
 274 // * WikiDB: moved SQL specific methods upwards
 275 // * new Pear_DB quoting: same as ADODB and as newer Pear_DB.
 276 //   fixes all around: WikiGroup, WikiUserNew SQL methods, SQL logging
 277 //
 278 // Revision 1.1  2004/11/01 10:43:58  rurban
 279 // seperate PassUser methods into seperate dir (memory usage)
 280 // fix WikiUser (old) overlarge data session
 281 // remove wikidb arg from various page class methods, use global ->_dbi instead
 282 // ...
 283 //
 284
 285 // Local Variables:
 286 // mode: php
 287 // tab-width: 8
 288 // c-basic-offset: 4
 289 // c-hanging-comment-ender-p: nil
 290 // indent-tabs-mode: nil
 291 // End:
 292 ?>