3 /* Copyright (C) 2004 ReiniUrban
4 * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2)
7 include_once("lib/WikiUser/Db.php");
13 * Simple sprintf, no prepare.
15 * Warning: Since we use FETCH_MODE_ASSOC (string hash) and not the also faster
16 * FETCH_MODE_ROW (numeric), we have to use the correct aliases in auth_* sql statements!
18 * TODO: Change FETCH_MODE in adodb WikiDB sublasses.
23 var $_authmethod = 'AdoDb';
24 function _AdoDbPassUser($UserName='',$prefs=false) {
25 if (!$this->_prefs and isa($this,"_AdoDbPassUser")) {
26 if ($prefs) $this->_prefs = $prefs;
27 if (!isset($this->_prefs->_method))
28 _PassUser::_PassUser($UserName);
30 if (!$this->isValidName($UserName)) {
31 trigger_error(_("Invalid username."),E_USER_WARNING);
34 $this->_userid = $UserName;
36 $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
37 // Don't prepare the configured auth statements anymore
41 function getPreferences() {
42 // override the generic slow method here for efficiency
43 _AnonUser::getPreferences();
45 if (isset($this->_prefs->_select)) {
46 $dbh = & $this->_auth_dbi;
47 $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
51 $prefs_blob = @$rs->fields['prefs'];
53 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
54 $updated = $this->_prefs->updatePrefs($restored_from_db);
55 //$this->_prefs = new UserPreferences($restored_from_db);
60 if (!empty($this->_HomePagehandle)) {
61 if ($restored_from_page = $this->_prefs->retrieve
62 ($this->_HomePagehandle->get('pref'))) {
63 $updated = $this->_prefs->updatePrefs($restored_from_page);
64 //$this->_prefs = new UserPreferences($restored_from_page);
71 function setPreferences($prefs, $id_only=false) {
72 // if the prefs are changed
73 if (_AnonUser::setPreferences($prefs, 1)) {
75 $packed = $this->_prefs->store();
76 //$user = $request->_user;
77 //unset($user->_auth_dbi);
78 if (!$id_only and isset($this->_prefs->_update)) {
80 $dbh = &$this->_auth_dbi;
81 // check if the user already exists (not needed with mysql REPLACE)
82 $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
87 $prefs_blob = @$rs->fields['prefs'];
91 $db_result = $dbh->Execute(sprintf($this->_prefs->_update,
93 $dbh->qstr($this->_userid)));
95 // Otherwise, insert a record for them and set it to the defaults.
96 $dbi = $request->getDbh();
97 $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'),
98 array("pref_blob", "userid"));
99 $db_result = $dbh->Execute(sprintf($this->_prefs->_insert,
101 $dbh->qstr($this->_userid)));
105 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
106 $this->_HomePagehandle->set('pref', '');
108 //store prefs in homepage, not in cookie
109 if ($this->_HomePagehandle and !$id_only)
110 $this->_HomePagehandle->set('pref', $packed);
112 return count($this->_prefs->unpack($packed));
117 function userExists() {
119 $dbh = &$this->_auth_dbi;
120 if (!$dbh) { // needed?
121 return $this->_tryNextUser();
123 if (!$this->isValidName()) {
124 return $this->_tryNextUser();
126 $dbi =& $GLOBALS['request']->_dbi;
127 // Prepare the configured auth statements
128 if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
129 $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
130 array("password", "userid"));
132 //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
133 if ( !$dbi->getAuthParam('auth_user_exists')
134 and $this->_auth_crypt_method == 'crypt'
135 and $this->_authselect)
137 $rs = $dbh->Execute(sprintf($this->_authselect, $dbh->qstr($this->_userid)));
146 if (! $dbi->getAuthParam('auth_user_exists'))
147 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
149 $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'),
151 $rs = $dbh->Execute(sprintf($this->_authcheck, $dbh->qstr($this->_userid)));
159 // User does not exist yet.
160 // Maybe the user is allowed to create himself. Generally not wanted in
161 // external databases, but maybe wanted for the wiki database, for performance
163 if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
164 $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
165 array("password", "userid"));
167 if (!empty($this->_authcreate) and
168 isset($GLOBALS['HTTP_POST_VARS']['auth']) and
169 isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
171 $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
172 $dbh->Execute(sprintf($this->_authcreate,
174 $dbh->qstr($this->_userid)));
178 return $this->_tryNextUser();
181 function checkPass($submitted_password) {
182 //global $DBAuthParams;
184 if (!$this->_auth_dbi) { // needed?
185 return $this->_tryNextPass($submitted_password);
187 if (!$this->isValidName()) {
188 trigger_error(_("Invalid username."),E_USER_WARNING);
189 return $this->_tryNextPass($submitted_password);
191 if (!$this->_checkPassLength($submitted_password)) {
192 return WIKIAUTH_FORBIDDEN;
194 $dbh =& $this->_auth_dbi;
195 $dbi =& $GLOBALS['request']->_dbi;
196 if (empty($this->_authselect) and $dbi->getAuthParam('auth_check')) {
197 $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
198 array("password", "userid"));
200 if (!isset($this->_authselect))
202 if (!isset($this->_authselect))
203 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
204 'DBAUTH_AUTH_CHECK', 'ADODB'),
206 //NOTE: for auth_crypt_method='crypt' defined('ENCRYPTED_PASSWD',true) must be set
207 if ($this->_auth_crypt_method == 'crypt') {
208 $rs = $dbh->Execute(sprintf($this->_authselect,
209 $dbh->qstr($this->_userid)));
211 $stored_password = $rs->fields['password'];
213 $result = $this->_checkPass($submitted_password, $stored_password);
219 $rs = $dbh->Execute(sprintf($this->_authselect,
220 $dbh->qstr($submitted_password),
221 $dbh->qstr($this->_userid)));
222 if (isset($rs->fields['ok']))
223 $okay = $rs->fields['ok'];
224 elseif (isset($rs->fields[0]))
225 $okay = $rs->fields[0];
227 if (is_array($rs->fields))
228 $okay = reset($rs->fields);
233 $result = !empty($okay);
237 $this->_level = WIKIAUTH_USER;
238 return $this->_level;
239 } elseif (USER_AUTH_POLICY === 'strict') {
240 $this->_level = WIKIAUTH_FORBIDDEN;
241 return $this->_level;
243 return $this->_tryNextPass($submitted_password);
247 function mayChangePass() {
248 return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
251 function storePass($submitted_password) {
253 $dbh = &$this->_auth_dbi;
254 $dbi =& $GLOBALS['request']->_dbi;
255 if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
256 $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
257 array("password", "userid"));
259 if (!isset($this->_authupdate)) {
260 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
261 'DBAUTH_AUTH_UPDATE', 'ADODB'),
266 if ($this->_auth_crypt_method == 'crypt') {
267 if (function_exists('crypt'))
268 $submitted_password = crypt($submitted_password);
270 $rs = $dbh->Execute(sprintf($this->_authupdate,
271 $dbh->qstr($submitted_password),
272 $dbh->qstr($this->_userid)
283 // c-hanging-comment-ender-p: nil
284 // indent-tabs-mode: nil