2 rcs_id('$Id: PearDb.php,v 1.4 2004-12-20 16:05:01 rurban Exp $');
3 /* Copyright (C) 2004 $ThePhpWikiProgrammingTeam
10 * Now optimized not to use prepare, ...query(sprintf($sql,quote())) instead.
11 * We use FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
17 var $_authmethod = 'PearDb';
18 function _PearDbPassUser($UserName='',$prefs=false) {
19 //global $DBAuthParams;
20 if (!$this->_prefs and isa($this,"_PearDbPassUser")) {
21 if ($prefs) $this->_prefs = $prefs;
23 if (!isset($this->_prefs->_method))
24 _PassUser::_PassUser($UserName);
25 elseif (!$this->isValidName($UserName)) {
26 trigger_error(_("Invalid username."), E_USER_WARNING);
29 $this->_userid = $UserName;
30 // make use of session data. generally we only initialize this every time,
31 // but do auth checks only once
32 $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
36 function getPreferences() {
37 // override the generic slow method here for efficiency and not to
38 // clutter the homepage metadata with prefs.
39 _AnonUser::getPreferences();
41 if (isset($this->_prefs->_select)) {
42 $dbh = &$this->_auth_dbi;
43 $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
44 // patched by frederik@pandora.be
45 $prefs = $db_result->fetchRow();
46 $prefs_blob = @$prefs["prefs"];
47 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
48 $updated = $this->_prefs->updatePrefs($restored_from_db);
49 //$this->_prefs = new UserPreferences($restored_from_db);
53 if ($this->_HomePagehandle) {
54 if ($restored_from_page = $this->_prefs->retrieve
55 ($this->_HomePagehandle->get('pref'))) {
56 $updated = $this->_prefs->updatePrefs($restored_from_page);
57 //$this->_prefs = new UserPreferences($restored_from_page);
64 function setPreferences($prefs, $id_only=false) {
65 // if the prefs are changed
66 if ($count = _AnonUser::setPreferences($prefs, 1)) {
68 //$user = $request->_user;
69 //unset($user->_auth_dbi);
70 // this must be done in $request->_setUser, not here!
71 //$request->setSessionVar('wiki_user', $user);
73 $packed = $this->_prefs->store();
74 if (!$id_only and isset($this->_prefs->_update)) {
75 $dbh = &$this->_auth_dbi;
76 $dbh->simpleQuery(sprintf($this->_prefs->_update,
78 $dbh->quote($this->_userid)));
80 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
81 $this->_HomePagehandle->set('pref', '');
83 //store prefs in homepage, not in cookie
84 if ($this->_HomePagehandle and !$id_only)
85 $this->_HomePagehandle->set('pref', $packed);
87 return $count; //count($this->_prefs->unpack($packed));
92 function userExists() {
93 //global $DBAuthParams;
95 $dbh = &$this->_auth_dbi;
96 if (!$dbh) { // needed?
97 return $this->_tryNextUser();
99 if (!$this->isValidName()) {
100 trigger_error(_("Invalid username."),E_USER_WARNING);
101 return $this->_tryNextUser();
103 if (!$this->_checkPassLength($submitted_password)) {
104 return WIKIAUTH_FORBIDDEN;
106 $dbi =& $GLOBALS['request']->_dbi;
107 // Prepare the configured auth statements
108 if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
109 $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
110 array("userid", "password"));
112 if (empty($this->_authselect))
113 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
114 'DBAUTH_AUTH_CHECK', 'SQL'),
116 //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
117 if ($this->_auth_crypt_method == 'crypt') {
118 $rs = $dbh->query(sprintf($this->_authselect, $dbh->quote($this->_userid)));
123 if (! $dbi->getAuthParam('auth_user_exists'))
124 trigger_error(fmt("%s is missing",'DBAUTH_AUTH_USER_EXISTS'),
126 $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'),"userid");
127 $rs = $dbh->query(sprintf($this->_authcheck, $dbh->quote($this->_userid)));
131 // maybe the user is allowed to create himself. Generally not wanted in
132 // external databases, but maybe wanted for the wiki database, for performance
134 if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
135 $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
136 array("userid", "password"));
138 if (!empty($this->_authcreate) and isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])) {
139 $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
140 $dbh->simpleQuery(sprintf($this->_authcreate,
141 $dbh->quote($passwd),
142 $dbh->quote($this->_userid)
146 return $this->_tryNextUser();
149 function checkPass($submitted_password) {
150 //global $DBAuthParams;
152 if (!$this->_auth_dbi) { // needed?
153 return $this->_tryNextPass($submitted_password);
155 if (!$this->isValidName()) {
156 return $this->_tryNextPass($submitted_password);
158 if (!isset($this->_authselect))
160 if (!isset($this->_authselect))
161 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
162 'DBAUTH_AUTH_CHECK', 'SQL'),
165 //NOTE: for auth_crypt_method='crypt' defined('ENCRYPTED_PASSWD',true) must be set
166 $dbh = &$this->_auth_dbi;
167 if ($this->_auth_crypt_method == 'crypt') {
168 $stored_password = $dbh->getOne(sprintf($this->_authselect,
169 $dbh->quote($this->_userid)));
170 $result = $this->_checkPass($submitted_password, $stored_password);
172 $okay = $dbh->getOne(sprintf($this->_authselect,
173 $dbh->quote($submitted_password),
174 $dbh->quote($this->_userid)));
175 $result = !empty($okay);
179 $this->_level = WIKIAUTH_USER;
180 return $this->_level;
182 return $this->_tryNextPass($submitted_password);
186 function mayChangePass() {
187 return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
190 function storePass($submitted_password) {
191 if (!$this->isValidName()) {
195 $dbh = &$this->_auth_dbi;
196 $dbi =& $GLOBALS['request']->_dbi;
197 if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
198 $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
199 array("userid", "password"));
201 if (empty($this->_authupdate)) {
202 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
203 'DBAUTH_AUTH_UPDATE','SQL'),
208 if ($this->_auth_crypt_method == 'crypt') {
209 if (function_exists('crypt'))
210 $submitted_password = crypt($submitted_password);
212 $dbh->simpleQuery(sprintf($this->_authupdate,
213 $dbh->quote($submitted_password),
214 $dbh->quote($this->_userid)
220 // $Log: not supported by cvs2svn $
221 // Revision 1.3 2004/12/19 00:58:02 rurban
222 // Enforce PASSWORD_LENGTH_MINIMUM in almost all PassUser checks,
223 // Provide an errormessage if so. Just PersonalPage and BogoLogin not.
224 // Simplify httpauth logout handling and set sessions for all methods.
225 // fix main.php unknown index "x" getLevelDescription() warning.
227 // Revision 1.2 2004/11/10 15:29:21 rurban
228 // * requires newer Pear_DB (as the internal one): quote() uses now escapeSimple for strings
229 // * ACCESS_LOG_SQL: fix cause request not yet initialized
230 // * WikiDB: moved SQL specific methods upwards
231 // * new Pear_DB quoting: same as ADODB and as newer Pear_DB.
232 // fixes all around: WikiGroup, WikiUserNew SQL methods, SQL logging
234 // Revision 1.1 2004/11/01 10:43:58 rurban
235 // seperate PassUser methods into seperate dir (memory usage)
236 // fix WikiUser (old) overlarge data session
237 // remove wikidb arg from various page class methods, use global ->_dbi instead
245 // c-hanging-comment-ender-p: nil
246 // indent-tabs-mode: nil