4 * Copyright (C) 2004, 2005 ReiniUrban
6 * This file is part of PhpWiki.
8 * PhpWiki is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * PhpWiki is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License along
19 * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 include_once 'lib/WikiUser/Db.php';
28 * PDO DB methods (PHP5)
29 * prepare, bind, execute.
30 * We use numrical FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
36 var $_authmethod = 'PDODb';
38 function _PdoDbPassUser($UserName = '', $prefs = false)
41 if (!$this->_prefs and isa($this, "_PdoDbPassUser")) {
42 if ($prefs) $this->_prefs = $prefs;
44 if (!isset($this->_prefs->_method))
45 _PassUser::_PassUser($UserName);
46 elseif (!$this->isValidName($UserName)) {
47 trigger_error(_("Invalid username."), E_USER_WARNING);
50 $this->_userid = $UserName;
51 // make use of session data. generally we only initialize this every time,
52 // but do auth checks only once
53 $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
57 function getPreferences()
59 // override the generic slow method here for efficiency and not to
60 // clutter the homepage metadata with prefs.
61 _AnonUser::getPreferences();
63 if (isset($this->_prefs->_select)) {
64 $dbh =& $this->_auth_dbi;
65 $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
66 // patched by frederik@pandora.be
67 $prefs = $db_result->fetch(PDO_FETCH_BOTH);
68 $prefs_blob = @$prefs["prefs"];
69 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
70 $this->_prefs->updatePrefs($restored_from_db);
74 if ($this->_HomePagehandle) {
75 if ($restored_from_page = $this->_prefs->retrieve
76 ($this->_HomePagehandle->get('pref'))
78 $this->_prefs->updatePrefs($restored_from_page);
85 function setPreferences($prefs, $id_only = false)
87 // if the prefs are changed
88 if ($count = _AnonUser::setPreferences($prefs, 1)) {
90 $packed = $this->_prefs->store();
91 if (!$id_only and isset($this->_prefs->_update)) {
92 $dbh =& $this->_auth_dbi;
94 $sth = $dbh->prepare($this->_prefs->_update);
95 $sth->bindParam("prefs", $packed);
96 $sth->bindParam("user", $this->_userid);
98 } catch (PDOException $e) {
99 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
103 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
104 $this->_HomePagehandle->set('pref', '');
106 //store prefs in homepage, not in cookie
107 if ($this->_HomePagehandle and !$id_only)
108 $this->_HomePagehandle->set('pref', $packed);
115 function userExists()
118 $dbh = &$this->_auth_dbi;
119 if (!$dbh) { // needed?
120 return $this->_tryNextUser();
122 if (!$this->isValidName()) {
123 trigger_error(_("Invalid username."), E_USER_WARNING);
124 return $this->_tryNextUser();
126 $dbi =& $GLOBALS['request']->_dbi;
127 if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
129 $this->_authselect = $dbh->prepare($dbi->getAuthParam('auth_check'));
130 } catch (PDOException $e) {
131 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
135 //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
136 if (!$dbi->getAuthParam('auth_user_exists')
137 and $this->_auth_crypt_method == 'crypt'
138 and $this->_authselect
141 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
142 $this->_authselect->execute();
143 } catch (PDOException $e) {
144 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
147 if ($this->_authselect->fetchSingle())
150 if (!$dbi->getAuthParam('auth_user_exists'))
151 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
153 $this->_authcheck = $dbh->prepare($dbi->getAuthParam('auth_check'));
154 $this->_authcheck->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
155 $this->_authcheck->execute();
156 if ($this->_authcheck->fetchSingle())
159 // User does not exist yet.
160 // Maybe the user is allowed to create himself. Generally not wanted in
161 // external databases, but maybe wanted for the wiki database, for performance
163 if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
165 $this->_authcreate = $dbh->prepare($dbi->getAuthParam('auth_create'));
166 } catch (PDOException $e) {
167 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
171 if (!empty($this->_authcreate) and
172 isset($GLOBALS['HTTP_POST_VARS']['auth']) and
173 isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])
175 $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
177 $this->_authcreate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
178 $this->_authcreate->bindParam("password", $passwd, PDO_PARAM_STR, 48);
179 $rs = $this->_authselect->execute();
180 } catch (PDOException $e) {
181 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
187 return $this->_tryNextUser();
190 function checkPass($submitted_password)
192 //global $DBAuthParams;
194 if (!$this->_auth_dbi) { // needed?
195 return $this->_tryNextPass($submitted_password);
197 if (!$this->isValidName()) {
198 return $this->_tryNextPass($submitted_password);
200 if (!$this->_checkPassLength($submitted_password)) {
201 return WIKIAUTH_FORBIDDEN;
203 if (!isset($this->_authselect))
205 if (!isset($this->_authselect))
206 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != ā%sā",
207 'DBAUTH_AUTH_CHECK', 'SQL'),
210 //NOTE: for auth_crypt_method='crypt' defined('ENCRYPTED_PASSWD',true) must be set
211 if ($this->_auth_crypt_method == 'crypt') {
213 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
214 $this->_authselect->execute();
215 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
216 } catch (PDOException $e) {
217 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
220 $stored_password = @$rs[0];
221 $result = $this->_checkPass($submitted_password, $stored_password);
224 $this->_authselect->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
225 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
226 $this->_authselect->execute();
227 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
228 } catch (PDOException $e) {
229 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
233 $result = !empty($okay);
237 $this->_level = WIKIAUTH_USER;
238 return $this->_level;
239 } elseif (USER_AUTH_POLICY === 'strict') {
240 $this->_level = WIKIAUTH_FORBIDDEN;
241 return $this->_level;
243 return $this->_tryNextPass($submitted_password);
247 function mayChangePass()
249 return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
252 function storePass($submitted_password)
254 if (!$this->isValidName()) {
258 $dbh = &$this->_auth_dbi;
259 $dbi =& $GLOBALS['request']->_dbi;
260 if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
262 $this->_authupdate = $dbh->prepare($dbi->getAuthParam('auth_update'));
263 } catch (PDOException $e) {
264 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
268 if (empty($this->_authupdate)) {
269 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != ā%sā",
270 'DBAUTH_AUTH_UPDATE', 'SQL'),
275 if ($this->_auth_crypt_method == 'crypt') {
276 if (function_exists('crypt'))
277 $submitted_password = crypt($submitted_password);
280 $this->_authupdate->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
281 $this->_authupdate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
282 $this->_authupdate->execute();
283 } catch (PDOException $e) {
284 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
295 // c-hanging-comment-ender-p: nil
296 // indent-tabs-mode: nil