3 /* Copyright (C) 2004, 2005 ReiniUrban
4 * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2)
7 include_once("lib/WikiUser/Db.php");
12 * PDO DB methods (PHP5)
13 * prepare, bind, execute.
14 * We use numrical FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
20 var $_authmethod = 'PDODb';
22 function _PdoDbPassUser($UserName='', $prefs=false) {
24 if (!$this->_prefs and isa($this,"_PdoDbPassUser")) {
25 if ($prefs) $this->_prefs = $prefs;
27 if (!isset($this->_prefs->_method))
28 _PassUser::_PassUser($UserName);
29 elseif (!$this->isValidName($UserName)) {
30 trigger_error(_("Invalid username."), E_USER_WARNING);
33 $this->_userid = $UserName;
34 // make use of session data. generally we only initialize this every time,
35 // but do auth checks only once
36 $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
40 function getPreferences() {
41 // override the generic slow method here for efficiency and not to
42 // clutter the homepage metadata with prefs.
43 _AnonUser::getPreferences();
45 if (isset($this->_prefs->_select)) {
46 $dbh =& $this->_auth_dbi;
47 $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
48 // patched by frederik@pandora.be
49 $prefs = $db_result->fetch(PDO_FETCH_BOTH);
50 $prefs_blob = @$prefs["prefs"];
51 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
52 $updated = $this->_prefs->updatePrefs($restored_from_db);
53 //$this->_prefs = new UserPreferences($restored_from_db);
57 if ($this->_HomePagehandle) {
58 if ($restored_from_page = $this->_prefs->retrieve
59 ($this->_HomePagehandle->get('pref'))) {
60 $updated = $this->_prefs->updatePrefs($restored_from_page);
61 //$this->_prefs = new UserPreferences($restored_from_page);
68 function setPreferences($prefs, $id_only=false) {
69 // if the prefs are changed
70 if ($count = _AnonUser::setPreferences($prefs, 1)) {
72 $packed = $this->_prefs->store();
73 if (!$id_only and isset($this->_prefs->_update)) {
74 $dbh =& $this->_auth_dbi;
76 $sth = $dbh->prepare($this->_prefs->_update);
77 $sth->bindParam("prefs", $packed);
78 $sth->bindParam("user", $this->_userid);
81 catch (PDOException $e) {
82 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
86 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
87 $this->_HomePagehandle->set('pref', '');
89 //store prefs in homepage, not in cookie
90 if ($this->_HomePagehandle and !$id_only)
91 $this->_HomePagehandle->set('pref', $packed);
98 function userExists() {
100 $dbh = &$this->_auth_dbi;
101 if (!$dbh) { // needed?
102 return $this->_tryNextUser();
104 if (!$this->isValidName()) {
105 trigger_error(_("Invalid username."),E_USER_WARNING);
106 return $this->_tryNextUser();
108 $dbi =& $GLOBALS['request']->_dbi;
109 if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
111 $this->_authselect = $dbh->prepare($dbi->getAuthParam('auth_check'));
113 catch (PDOException $e) {
114 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
118 //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
119 if ( !$dbi->getAuthParam('auth_user_exists')
120 and $this->_auth_crypt_method == 'crypt'
121 and $this->_authselect)
124 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
125 $this->_authselect->execute();
127 catch (PDOException $e) {
128 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
131 if ($this->_authselect->fetchSingle())
135 if (! $dbi->getAuthParam('auth_user_exists'))
136 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
138 $this->_authcheck = $dbh->prepare($dbi->getAuthParam('auth_check'));
139 $this->_authcheck->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
140 $this->_authcheck->execute();
141 if ($this->_authcheck->fetchSingle())
144 // User does not exist yet.
145 // Maybe the user is allowed to create himself. Generally not wanted in
146 // external databases, but maybe wanted for the wiki database, for performance
148 if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
150 $this->_authcreate = $dbh->prepare($dbi->getAuthParam('auth_create'));
152 catch (PDOException $e) {
153 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
157 if (!empty($this->_authcreate) and
158 isset($GLOBALS['HTTP_POST_VARS']['auth']) and
159 isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
161 $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
163 $this->_authcreate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
164 $this->_authcreate->bindParam("password", $passwd, PDO_PARAM_STR, 48);
165 $rs = $this->_authselect->execute();
167 catch (PDOException $e) {
168 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
174 return $this->_tryNextUser();
177 function checkPass($submitted_password) {
178 //global $DBAuthParams;
180 if (!$this->_auth_dbi) { // needed?
181 return $this->_tryNextPass($submitted_password);
183 if (!$this->isValidName()) {
184 return $this->_tryNextPass($submitted_password);
186 if (!$this->_checkPassLength($submitted_password)) {
187 return WIKIAUTH_FORBIDDEN;
189 if (!isset($this->_authselect))
191 if (!isset($this->_authselect))
192 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
193 'DBAUTH_AUTH_CHECK', 'SQL'),
196 //NOTE: for auth_crypt_method='crypt' defined('ENCRYPTED_PASSWD',true) must be set
197 $dbh = &$this->_auth_dbi;
198 if ($this->_auth_crypt_method == 'crypt') {
200 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
201 $this->_authselect->execute();
202 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
204 catch (PDOException $e) {
205 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
208 $stored_password = @$rs[0];
209 $result = $this->_checkPass($submitted_password, $stored_password);
212 $this->_authselect->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
213 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
214 $this->_authselect->execute();
215 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
217 catch (PDOException $e) {
218 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
222 $result = !empty($okay);
226 $this->_level = WIKIAUTH_USER;
227 return $this->_level;
228 } elseif (USER_AUTH_POLICY === 'strict') {
229 $this->_level = WIKIAUTH_FORBIDDEN;
230 return $this->_level;
232 return $this->_tryNextPass($submitted_password);
236 function mayChangePass() {
237 return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
240 function storePass($submitted_password) {
241 if (!$this->isValidName()) {
245 $dbh = &$this->_auth_dbi;
246 $dbi =& $GLOBALS['request']->_dbi;
247 if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
249 $this->_authupdate = $dbh->prepare($dbi->getAuthParam('auth_update'));
251 catch (PDOException $e) {
252 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
256 if (empty($this->_authupdate)) {
257 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
258 'DBAUTH_AUTH_UPDATE','SQL'),
263 if ($this->_auth_crypt_method == 'crypt') {
264 if (function_exists('crypt'))
265 $submitted_password = crypt($submitted_password);
268 $this->_authupdate->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
269 $this->_authupdate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
270 $this->_authupdate->execute();
272 catch (PDOException $e) {
273 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
284 // c-hanging-comment-ender-p: nil
285 // indent-tabs-mode: nil