lib/WikiUser/AdoDb.php

   1 <?php //-*-php-*-
   2 rcs_id('$Id: AdoDb.php,v 1.3 2004-12-20 16:05:01 rurban Exp $');
   3 /* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
   4  */
   5
   6 class _AdoDbPassUser
   7 extends _DbPassUser
   8 /**
   9  * ADODB methods
  10  * Simple sprintf, no prepare.
  11  *
  12  * Warning: Since we use FETCH_MODE_ASSOC (string hash) and not the also faster
  13  * FETCH_MODE_ROW (numeric), we have to use the correct aliases in auth_* sql statements!
  14  *
  15  * TODO: Change FETCH_MODE in adodb WikiDB sublasses.
  16  *
  17  * @tables: user
  18  */
  19 {
  20     var $_authmethod = 'AdoDb';
  21     function _AdoDbPassUser($UserName='',$prefs=false) {
  22         if (!$this->_prefs and isa($this,"_AdoDbPassUser")) {
  23             if ($prefs) $this->_prefs = $prefs;
  24             if (!isset($this->_prefs->_method))
  25               _PassUser::_PassUser($UserName);
  26         }
  27         if (!$this->isValidName($UserName)) {
  28             trigger_error(_("Invalid username."),E_USER_WARNING);
  29             return false;
  30         }
  31         $this->_userid = $UserName;
  32         $this->getAuthDbh();
  33         $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
  34         // Don't prepare the configured auth statements anymore
  35         return $this;
  36     }
  37
  38     function getPreferences() {
  39         // override the generic slow method here for efficiency
  40         _AnonUser::getPreferences();
  41         $this->getAuthDbh();
  42         if (isset($this->_prefs->_select)) {
  43             $dbh = & $this->_auth_dbi;
  44             $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
  45             if ($rs->EOF) {
  46                 $rs->Close();
  47             } else {
  48                 $prefs_blob = @$rs->fields['prefs'];
  49                 $rs->Close();
  50                 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
  51                     $updated = $this->_prefs->updatePrefs($restored_from_db);
  52                     //$this->_prefs = new UserPreferences($restored_from_db);
  53                     return $this->_prefs;
  54                 }
  55             }
  56         }
  57         if ($this->_HomePagehandle) {
  58             if ($restored_from_page = $this->_prefs->retrieve
  59                 ($this->_HomePagehandle->get('pref'))) {
  60                 $updated = $this->_prefs->updatePrefs($restored_from_page);
  61                 //$this->_prefs = new UserPreferences($restored_from_page);
  62                 return $this->_prefs;
  63             }
  64         }
  65         return $this->_prefs;
  66     }
  67
  68     function setPreferences($prefs, $id_only=false) {
  69         // if the prefs are changed
  70         if (_AnonUser::setPreferences($prefs, 1)) {
  71             global $request;
  72             $packed = $this->_prefs->store();
  73             //$user = $request->_user;
  74             //unset($user->_auth_dbi);
  75             if (!$id_only and isset($this->_prefs->_update)) {
  76                 $this->getAuthDbh();
  77                 $dbh = &$this->_auth_dbi;
  78                 $db_result = $dbh->Execute(sprintf($this->_prefs->_update,
  79                                                    $dbh->qstr($packed),
  80                                                    $dbh->qstr($this->_userid)));
  81                 $db_result->Close();
  82                 //delete pageprefs:
  83                 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
  84                     $this->_HomePagehandle->set('pref', '');
  85             } else {
  86                 //store prefs in homepage, not in cookie
  87                 if ($this->_HomePagehandle and !$id_only)
  88                     $this->_HomePagehandle->set('pref', $packed);
  89             }
  90             return count($this->_prefs->unpack($packed));
  91         }
  92         return 0;
  93     }
  94
  95     function userExists() {
  96         $this->getAuthDbh();
  97         $dbh = &$this->_auth_dbi;
  98         if (!$dbh) { // needed?
  99             return $this->_tryNextUser();
 100         }
 101         if (!$this->isValidName()) {
 102             return $this->_tryNextUser();
 103         }
 104         $dbi =& $GLOBALS['request']->_dbi;
 105         if (empty($this->_authselect) and $dbi->getAuthParam('auth_check')) {
 106             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
 107                                                 array("userid","password"));
 108         }
 109         if (empty($this->_authselect))
 110             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 111                               'DBAUTH_AUTH_CHECK', 'ADODB'),
 112                           E_USER_WARNING);
 113         //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
 114         if ($this->_auth_crypt_method == 'crypt') {
 115             $rs = $dbh->Execute(sprintf($this->_authselect, $dbh->qstr($this->_userid)));
 116             if (!$rs->EOF) {
 117                 $rs->Close();
 118                 return true;
 119             } else {
 120                 $rs->Close();
 121             }
 122         }
 123         else {
 124             if (! $dbi->getAuthParam('auth_user_exists'))
 125                 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
 126                               E_USER_WARNING);
 127             $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'),
 128                                                'userid');
 129             $rs = $dbh->Execute(sprintf($this->_authcheck, $dbh->qstr($this->_userid)));
 130             if (!$rs->EOF) {
 131                 $rs->Close();
 132                 return true;
 133             } else {
 134                 $rs->Close();
 135             }
 136         }
 137         // maybe the user is allowed to create himself. Generally not wanted in
 138         // external databases, but maybe wanted for the wiki database, for performance
 139         // reasons
 140         if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
 141             $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
 142                                                 array("userid", "password"));
 143         }
 144         if (!empty($this->_authcreate) and
 145             isset($GLOBALS['HTTP_POST_VARS']['auth']) and
 146             isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
 147         {
 148             $dbh->Execute(sprintf($this->_authcreate,
 149                                   $dbh->qstr($GLOBALS['HTTP_POST_VARS']['auth']['passwd']),
 150                                   $dbh->qstr($this->_userid)));
 151             return true;
 152         }
 153
 154         return $this->_tryNextUser();
 155     }
 156
 157     function checkPass($submitted_password) {
 158         //global $DBAuthParams;
 159         $this->getAuthDbh();
 160         if (!$this->_auth_dbi) {  // needed?
 161             return $this->_tryNextPass($submitted_password);
 162         }
 163         if (!$this->isValidName()) {
 164             trigger_error(_("Invalid username."),E_USER_WARNING);
 165             return $this->_tryNextPass($submitted_password);
 166         }
 167         if (!$this->_checkPassLength($submitted_password)) {
 168             return WIKIAUTH_FORBIDDEN;
 169         }
 170         $dbh =& $this->_auth_dbi;
 171         $dbi =& $GLOBALS['request']->_dbi;
 172         if (empty($this->_authselect) and $dbi->getAuthParam('auth_check')) {
 173             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
 174                                                 array("userid", "password"));
 175         }
 176         if (!isset($this->_authselect))
 177             $this->userExists();
 178         if (!isset($this->_authselect))
 179             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 180                               'DBAUTH_AUTH_CHECK', 'ADODB'),
 181                           E_USER_WARNING);
 182         //NOTE: for auth_crypt_method='crypt'  defined('ENCRYPTED_PASSWD',true) must be set
 183         if ($this->_auth_crypt_method == 'crypt') {
 184             $rs = $dbh->Execute(sprintf($this->_authselect, $dbh->qstr($this->_userid)));
 185             if (!$rs->EOF) {
 186                 $stored_password = $rs->fields['password'];
 187                 $rs->Close();
 188                 $result = $this->_checkPass($submitted_password, $stored_password);
 189             } else {
 190                 $rs->Close();
 191                 $result = false;
 192             }
 193         } else {
 194             $rs = $dbh->Execute(sprintf($this->_authselect,
 195                                         $dbh->qstr($submitted_password),
 196                                         $dbh->qstr($this->_userid)));
 197             if (isset($rs->fields['ok']))
 198                 $okay = $rs->fields['ok'];
 199             elseif (isset($rs->fields[1]))
 200                 $okay = $rs->fields[1];
 201             else {
 202                 $okay = reset($rs->fields);
 203             }
 204             $rs->Close();
 205             $result = !empty($okay);
 206         }
 207
 208         if ($result) {
 209             $this->_level = WIKIAUTH_USER;
 210             return $this->_level;
 211         } else {
 212             return $this->_tryNextPass($submitted_password);
 213         }
 214     }
 215
 216     function mayChangePass() {
 217         return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
 218     }
 219
 220     function storePass($submitted_password) {
 221         $this->getAuthDbh();
 222         $dbh = &$this->_auth_dbi;
 223         $dbi =& $GLOBALS['request']->_dbi;
 224         if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
 225             $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
 226                                                 array("userid", "password"));
 227         }
 228         if (!isset($this->_authupdate)) {
 229             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 230                               'DBAUTH_AUTH_UPDATE', 'ADODB'),
 231                           E_USER_WARNING);
 232             return false;
 233         }
 234
 235         if ($this->_auth_crypt_method == 'crypt') {
 236             if (function_exists('crypt'))
 237                 $submitted_password = crypt($submitted_password);
 238         }
 239         $rs = $dbh->Execute(sprintf($this->_authupdate,
 240                                     $dbh->qstr($submitted_password),
 241                                     $dbh->qstr($this->_userid)
 242                                     ));
 243         $rs->Close();
 244         return $rs;
 245     }
 246 }
 247
 248 // $Log: not supported by cvs2svn $
 249 // Revision 1.2  2004/12/19 00:58:02  rurban
 250 // Enforce PASSWORD_LENGTH_MINIMUM in almost all PassUser checks,
 251 // Provide an errormessage if so. Just PersonalPage and BogoLogin not.
 252 // Simplify httpauth logout handling and set sessions for all methods.
 253 // fix main.php unknown index "x" getLevelDescription() warning.
 254 //
 255 // Revision 1.1  2004/11/01 10:43:58  rurban
 256 // seperate PassUser methods into seperate dir (memory usage)
 257 // fix WikiUser (old) overlarge data session
 258 // remove wikidb arg from various page class methods, use global ->_dbi instead
 259 // ...
 260 //
 261
 262 // Local Variables:
 263 // mode: php
 264 // tab-width: 8
 265 // c-basic-offset: 4
 266 // c-hanging-comment-ender-p: nil
 267 // indent-tabs-mode: nil
 268 // End:
 269 ?>