]> CyberLeo.Net >> Repos - SourceForge/phpwiki.git/blob - lib/WikiUser/AdoDb.php
projects / SourceForge / phpwiki.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
special validname method
[SourceForge/phpwiki.git] / lib / WikiUser / AdoDb.php
1 <?php //-*-php-*-
2 rcs_id('$Id: AdoDb.php,v 1.5 2005-02-14 12:28:26 rurban Exp $');
3 /* Copyright (C) 2004 ReiniUrban
4  * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2)
5  */
6
7 class _AdoDbPassUser
8 extends _DbPassUser
9 /**
10  * ADODB methods
11  * Simple sprintf, no prepare.
12  *
13  * Warning: Since we use FETCH_MODE_ASSOC (string hash) and not the also faster 
14  * FETCH_MODE_ROW (numeric), we have to use the correct aliases in auth_* sql statements!
15  *
16  * TODO: Change FETCH_MODE in adodb WikiDB sublasses.
17  *
18  * @tables: user
19  */
20 {
21     var $_authmethod = 'AdoDb';
22     function _AdoDbPassUser($UserName='',$prefs=false) {
23         if (!$this->_prefs and isa($this,"_AdoDbPassUser")) {
24             if ($prefs) $this->_prefs = $prefs;
25             if (!isset($this->_prefs->_method))
26               _PassUser::_PassUser($UserName);
27         }
28         if (!$this->isValidName($UserName)) {
29             trigger_error(_("Invalid username."),E_USER_WARNING);
30             return false;
31         }
32         $this->_userid = $UserName;
33         $this->getAuthDbh();
34         $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
35         // Don't prepare the configured auth statements anymore
36         return $this;
37     }
38
39     function getPreferences() {
40         // override the generic slow method here for efficiency
41         _AnonUser::getPreferences();
42         $this->getAuthDbh();
43         if (isset($this->_prefs->_select)) {
44             $dbh = & $this->_auth_dbi;
45             $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
46             if ($rs->EOF) {
47                 $rs->Close();
48             } else {
49                 $prefs_blob = @$rs->fields['prefs'];
50                 $rs->Close();
51                 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
52                     $updated = $this->_prefs->updatePrefs($restored_from_db);
53                     //$this->_prefs = new UserPreferences($restored_from_db);
54                     return $this->_prefs;
55                 }
56             }
57         }
58         if ($this->_HomePagehandle) {
59             if ($restored_from_page = $this->_prefs->retrieve
60                 ($this->_HomePagehandle->get('pref'))) {
61                 $updated = $this->_prefs->updatePrefs($restored_from_page);
62                 //$this->_prefs = new UserPreferences($restored_from_page);
63                 return $this->_prefs;
64             }
65         }
66         return $this->_prefs;
67     }
68
69     function setPreferences($prefs, $id_only=false) {
70         // if the prefs are changed
71         if (_AnonUser::setPreferences($prefs, 1)) {
72             global $request;
73             $packed = $this->_prefs->store();
74             //$user = $request->_user;
75             //unset($user->_auth_dbi);
76             if (!$id_only and isset($this->_prefs->_update)) {
77                 $this->getAuthDbh();
78                 $dbh = &$this->_auth_dbi;
79                 $db_result = $dbh->Execute(sprintf($this->_prefs->_update,
80                                                    $dbh->qstr($packed),
81                                                    $dbh->qstr($this->_userid)));
82                 $db_result->Close();
83                 //delete pageprefs:
84                 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
85                     $this->_HomePagehandle->set('pref', '');
86             } else {
87                 //store prefs in homepage, not in cookie
88                 if ($this->_HomePagehandle and !$id_only)
89                     $this->_HomePagehandle->set('pref', $packed);
90             }
91             return count($this->_prefs->unpack($packed));
92         }
93         return 0;
94     }
95  
96     function userExists() {
97         $this->getAuthDbh();
98         $dbh = &$this->_auth_dbi;
99         if (!$dbh) { // needed?
100             return $this->_tryNextUser();
101         }
102         if (!$this->isValidName()) {
103             return $this->_tryNextUser();
104         }
105         $dbi =& $GLOBALS['request']->_dbi;
106         if (empty($this->_authselect) and $dbi->getAuthParam('auth_check')) {
107             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
108                                                 array("userid","password"));
109         }
110         if (empty($this->_authselect))
111             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
112                               'DBAUTH_AUTH_CHECK', 'ADODB'),
113                           E_USER_WARNING);
114         //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
115         if ($this->_auth_crypt_method == 'crypt') {
116             $rs = $dbh->Execute(sprintf($this->_authselect, $dbh->qstr($this->_userid)));
117             if (!$rs->EOF) {
118                 $rs->Close();
119                 return true;
120             } else {
121                 $rs->Close();
122             }
123         }
124         else {
125             if (! $dbi->getAuthParam('auth_user_exists'))
126                 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
127                               E_USER_WARNING);
128             $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'), 
129                                                'userid');
130             $rs = $dbh->Execute(sprintf($this->_authcheck, $dbh->qstr($this->_userid)));
131             if (!$rs->EOF) {
132                 $rs->Close();
133                 return true;
134             } else {
135                 $rs->Close();
136             }
137         }
138         // maybe the user is allowed to create himself. Generally not wanted in 
139         // external databases, but maybe wanted for the wiki database, for performance 
140         // reasons
141         if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
142             $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
143                                                 array("userid", "password"));
144         }
145         if (!empty($this->_authcreate) and 
146             isset($GLOBALS['HTTP_POST_VARS']['auth']) and
147             isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])) 
148         {
149             $dbh->Execute(sprintf($this->_authcreate,
150                                   $dbh->qstr($GLOBALS['HTTP_POST_VARS']['auth']['passwd']),
151                                   $dbh->qstr($this->_userid)));
152             return true;
153         }
154         
155         return $this->_tryNextUser();
156     }
157
158     function checkPass($submitted_password) {
159         //global $DBAuthParams;
160         $this->getAuthDbh();
161         if (!$this->_auth_dbi) {  // needed?
162             return $this->_tryNextPass($submitted_password);
163         }
164         if (!$this->isValidName()) {
165             trigger_error(_("Invalid username."),E_USER_WARNING);
166             return $this->_tryNextPass($submitted_password);
167         }
168         if (!$this->_checkPassLength($submitted_password)) {
169             return WIKIAUTH_FORBIDDEN;
170         }
171         $dbh =& $this->_auth_dbi;
172         $dbi =& $GLOBALS['request']->_dbi;
173         if (empty($this->_authselect) and $dbi->getAuthParam('auth_check')) {
174             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
175                                                 array("userid", "password"));
176         }
177         if (!isset($this->_authselect))
178             $this->userExists();
179         if (!isset($this->_authselect))
180             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
181                               'DBAUTH_AUTH_CHECK', 'ADODB'),
182                           E_USER_WARNING);
183         //NOTE: for auth_crypt_method='crypt'  defined('ENCRYPTED_PASSWD',true) must be set
184         if ($this->_auth_crypt_method == 'crypt') {
185             $rs = $dbh->Execute(sprintf($this->_authselect, $dbh->qstr($this->_userid)));
186             if (!$rs->EOF) {
187                 $stored_password = $rs->fields['password'];
188                 $rs->Close();
189                 $result = $this->_checkPass($submitted_password, $stored_password);
190             } else {
191                 $rs->Close();
192                 $result = false;
193             }
194         } else {
195             $rs = $dbh->Execute(sprintf($this->_authselect,
196                                         $dbh->qstr($submitted_password),
197                                         $dbh->qstr($this->_userid)));
198             if (isset($rs->fields['ok']))
199                 $okay = $rs->fields['ok'];
200             elseif (isset($rs->fields[1]))
201                 $okay = $rs->fields[1];
202             else {
203                 $okay = reset($rs->fields);
204             }
205             $rs->Close();
206             $result = !empty($okay);
207         }
208
209         if ($result) { 
210             $this->_level = WIKIAUTH_USER;
211             return $this->_level;
212         } elseif (USER_AUTH_POLICY === 'strict') {
213             $this->_level = WIKIAUTH_FORBIDDEN;
214             return $this->_level;
215         } else {
216             return $this->_tryNextPass($submitted_password);
217         }
218     }
219
220     function mayChangePass() {
221         return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
222     }
223
224     function storePass($submitted_password) {
225         $this->getAuthDbh();
226         $dbh = &$this->_auth_dbi;
227         $dbi =& $GLOBALS['request']->_dbi;
228         if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
229             $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
230                                                 array("userid", "password"));
231         }
232         if (!isset($this->_authupdate)) {
233             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
234                               'DBAUTH_AUTH_UPDATE', 'ADODB'),
235                           E_USER_WARNING);
236             return false;
237         }
238
239         if ($this->_auth_crypt_method == 'crypt') {
240             if (function_exists('crypt'))
241                 $submitted_password = crypt($submitted_password);
242         }
243         $rs = $dbh->Execute(sprintf($this->_authupdate,
244                                     $dbh->qstr($submitted_password),
245                                     $dbh->qstr($this->_userid)
246                                     ));
247         $rs->Close();
248         return $rs;
249     }
250 }
251
252 // $Log: not supported by cvs2svn $
253 // Revision 1.4  2004/12/26 17:11:15  rurban
254 // just copyright
255 //
256 // Revision 1.3  2004/12/20 16:05:01  rurban
257 // gettext msg unification
258 //
259 // Revision 1.2  2004/12/19 00:58:02  rurban
260 // Enforce PASSWORD_LENGTH_MINIMUM in almost all PassUser checks,
261 // Provide an errormessage if so. Just PersonalPage and BogoLogin not.
262 // Simplify httpauth logout handling and set sessions for all methods.
263 // fix main.php unknown index "x" getLevelDescription() warning.
264 //
265 // Revision 1.1  2004/11/01 10:43:58  rurban
266 // seperate PassUser methods into seperate dir (memory usage)
267 // fix WikiUser (old) overlarge data session
268 // remove wikidb arg from various page class methods, use global ->_dbi instead
269 // ...
270 //
271
272 // Local Variables:
273 // mode: php
274 // tab-width: 8
275 // c-basic-offset: 4
276 // c-hanging-comment-ender-p: nil
277 // indent-tabs-mode: nil
278 // End:
279 ?>
Unnamed repository; edit this file 'description' to name the repository.