lib/WikiUser/PearDb.php

   1 <?php //-*-php-*-
   2 rcs_id('$Id: PearDb.php,v 1.4 2004-12-20 16:05:01 rurban Exp $');
   3 /* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
   4  */
   5
   6 class _PearDbPassUser
   7 extends _DbPassUser
   8 /**
   9  * Pear DB methods
  10  * Now optimized not to use prepare, ...query(sprintf($sql,quote())) instead.
  11  * We use FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
  12  *
  13  * @tables: user
  14  * @tables: pref
  15  */
  16 {
  17     var $_authmethod = 'PearDb';
  18     function _PearDbPassUser($UserName='',$prefs=false) {
  19         //global $DBAuthParams;
  20         if (!$this->_prefs and isa($this,"_PearDbPassUser")) {
  21             if ($prefs) $this->_prefs = $prefs;
  22         }
  23         if (!isset($this->_prefs->_method))
  24             _PassUser::_PassUser($UserName);
  25         elseif (!$this->isValidName($UserName)) {
  26             trigger_error(_("Invalid username."), E_USER_WARNING);
  27             return false;
  28         }
  29         $this->_userid = $UserName;
  30         // make use of session data. generally we only initialize this every time,
  31         // but do auth checks only once
  32         $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
  33         return $this;
  34     }
  35
  36     function getPreferences() {
  37         // override the generic slow method here for efficiency and not to
  38         // clutter the homepage metadata with prefs.
  39         _AnonUser::getPreferences();
  40         $this->getAuthDbh();
  41         if (isset($this->_prefs->_select)) {
  42             $dbh = &$this->_auth_dbi;
  43             $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
  44             // patched by frederik@pandora.be
  45             $prefs = $db_result->fetchRow();
  46             $prefs_blob = @$prefs["prefs"];
  47             if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
  48                 $updated = $this->_prefs->updatePrefs($restored_from_db);
  49                 //$this->_prefs = new UserPreferences($restored_from_db);
  50                 return $this->_prefs;
  51             }
  52         }
  53         if ($this->_HomePagehandle) {
  54             if ($restored_from_page = $this->_prefs->retrieve
  55                 ($this->_HomePagehandle->get('pref'))) {
  56                 $updated = $this->_prefs->updatePrefs($restored_from_page);
  57                 //$this->_prefs = new UserPreferences($restored_from_page);
  58                 return $this->_prefs;
  59             }
  60         }
  61         return $this->_prefs;
  62     }
  63
  64     function setPreferences($prefs, $id_only=false) {
  65         // if the prefs are changed
  66         if ($count = _AnonUser::setPreferences($prefs, 1)) {
  67             //global $request;
  68             //$user = $request->_user;
  69             //unset($user->_auth_dbi);
  70             // this must be done in $request->_setUser, not here!
  71             //$request->setSessionVar('wiki_user', $user);
  72             $this->getAuthDbh();
  73             $packed = $this->_prefs->store();
  74             if (!$id_only and isset($this->_prefs->_update)) {
  75                 $dbh = &$this->_auth_dbi;
  76                 $dbh->simpleQuery(sprintf($this->_prefs->_update,
  77                                           $dbh->quote($packed),
  78                                           $dbh->quote($this->_userid)));
  79                 //delete pageprefs:
  80                 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
  81                     $this->_HomePagehandle->set('pref', '');
  82             } else {
  83                 //store prefs in homepage, not in cookie
  84                 if ($this->_HomePagehandle and !$id_only)
  85                     $this->_HomePagehandle->set('pref', $packed);
  86             }
  87             return $count; //count($this->_prefs->unpack($packed));
  88         }
  89         return 0;
  90     }
  91
  92     function userExists() {
  93         //global $DBAuthParams;
  94         $this->getAuthDbh();
  95         $dbh = &$this->_auth_dbi;
  96         if (!$dbh) { // needed?
  97             return $this->_tryNextUser();
  98         }
  99         if (!$this->isValidName()) {
 100             trigger_error(_("Invalid username."),E_USER_WARNING);
 101             return $this->_tryNextUser();
 102         }
 103         if (!$this->_checkPassLength($submitted_password)) {
 104             return WIKIAUTH_FORBIDDEN;
 105         }
 106         $dbi =& $GLOBALS['request']->_dbi;
 107         // Prepare the configured auth statements
 108         if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
 109             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
 110                                                 array("userid", "password"));
 111         }
 112         if (empty($this->_authselect))
 113             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 114                               'DBAUTH_AUTH_CHECK', 'SQL'),
 115                           E_USER_WARNING);
 116         //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
 117         if ($this->_auth_crypt_method == 'crypt') {
 118             $rs = $dbh->query(sprintf($this->_authselect, $dbh->quote($this->_userid)));
 119             if ($rs->numRows())
 120                 return true;
 121         }
 122         else {
 123             if (! $dbi->getAuthParam('auth_user_exists'))
 124                 trigger_error(fmt("%s is missing",'DBAUTH_AUTH_USER_EXISTS'),
 125                               E_USER_WARNING);
 126             $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'),"userid");
 127             $rs = $dbh->query(sprintf($this->_authcheck, $dbh->quote($this->_userid)));
 128             if ($rs->numRows())
 129                 return true;
 130         }
 131         // maybe the user is allowed to create himself. Generally not wanted in
 132         // external databases, but maybe wanted for the wiki database, for performance
 133         // reasons
 134         if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
 135             $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
 136                                                 array("userid", "password"));
 137         }
 138         if (!empty($this->_authcreate) and isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])) {
 139             $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
 140             $dbh->simpleQuery(sprintf($this->_authcreate,
 141                                       $dbh->quote($passwd),
 142                                       $dbh->quote($this->_userid)
 143                                       ));
 144             return true;
 145         }
 146         return $this->_tryNextUser();
 147     }
 148
 149     function checkPass($submitted_password) {
 150         //global $DBAuthParams;
 151         $this->getAuthDbh();
 152         if (!$this->_auth_dbi) {  // needed?
 153             return $this->_tryNextPass($submitted_password);
 154         }
 155         if (!$this->isValidName()) {
 156             return $this->_tryNextPass($submitted_password);
 157         }
 158         if (!isset($this->_authselect))
 159             $this->userExists();
 160         if (!isset($this->_authselect))
 161             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 162                               'DBAUTH_AUTH_CHECK', 'SQL'),
 163                           E_USER_WARNING);
 164
 165         //NOTE: for auth_crypt_method='crypt'  defined('ENCRYPTED_PASSWD',true) must be set
 166         $dbh = &$this->_auth_dbi;
 167         if ($this->_auth_crypt_method == 'crypt') {
 168             $stored_password = $dbh->getOne(sprintf($this->_authselect,
 169                                                     $dbh->quote($this->_userid)));
 170             $result = $this->_checkPass($submitted_password, $stored_password);
 171         } else {
 172             $okay = $dbh->getOne(sprintf($this->_authselect,
 173                                          $dbh->quote($submitted_password),
 174                                          $dbh->quote($this->_userid)));
 175             $result = !empty($okay);
 176         }
 177
 178         if ($result) {
 179             $this->_level = WIKIAUTH_USER;
 180             return $this->_level;
 181         } else {
 182             return $this->_tryNextPass($submitted_password);
 183         }
 184     }
 185
 186     function mayChangePass() {
 187         return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
 188     }
 189
 190     function storePass($submitted_password) {
 191         if (!$this->isValidName()) {
 192             return false;
 193         }
 194         $this->getAuthDbh();
 195         $dbh = &$this->_auth_dbi;
 196         $dbi =& $GLOBALS['request']->_dbi;
 197         if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
 198             $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
 199                                                 array("userid", "password"));
 200         }
 201         if (empty($this->_authupdate)) {
 202             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 203                               'DBAUTH_AUTH_UPDATE','SQL'),
 204                           E_USER_WARNING);
 205             return false;
 206         }
 207
 208         if ($this->_auth_crypt_method == 'crypt') {
 209             if (function_exists('crypt'))
 210                 $submitted_password = crypt($submitted_password);
 211         }
 212         $dbh->simpleQuery(sprintf($this->_authupdate,
 213                                   $dbh->quote($submitted_password),
 214                                   $dbh->quote($this->_userid)
 215                                   ));
 216         return true;
 217     }
 218 }
 219
 220 // $Log: not supported by cvs2svn $
 221 // Revision 1.3  2004/12/19 00:58:02  rurban
 222 // Enforce PASSWORD_LENGTH_MINIMUM in almost all PassUser checks,
 223 // Provide an errormessage if so. Just PersonalPage and BogoLogin not.
 224 // Simplify httpauth logout handling and set sessions for all methods.
 225 // fix main.php unknown index "x" getLevelDescription() warning.
 226 //
 227 // Revision 1.2  2004/11/10 15:29:21  rurban
 228 // * requires newer Pear_DB (as the internal one): quote() uses now escapeSimple for strings
 229 // * ACCESS_LOG_SQL: fix cause request not yet initialized
 230 // * WikiDB: moved SQL specific methods upwards
 231 // * new Pear_DB quoting: same as ADODB and as newer Pear_DB.
 232 //   fixes all around: WikiGroup, WikiUserNew SQL methods, SQL logging
 233 //
 234 // Revision 1.1  2004/11/01 10:43:58  rurban
 235 // seperate PassUser methods into seperate dir (memory usage)
 236 // fix WikiUser (old) overlarge data session
 237 // remove wikidb arg from various page class methods, use global ->_dbi instead
 238 // ...
 239 //
 240
 241 // Local Variables:
 242 // mode: php
 243 // tab-width: 8
 244 // c-basic-offset: 4
 245 // c-hanging-comment-ender-p: nil
 246 // indent-tabs-mode: nil
 247 // End:
 248 ?>