lib/WikiUser/AdoDb.php

   1 <?php
   2
   3 /*
   4  * Copyright (C) 2004 ReiniUrban
   5  *
   6  * This file is part of PhpWiki.
   7  *
   8  * PhpWiki is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * PhpWiki is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License along
  19  * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
  20  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  21  */
  22
  23 include_once 'lib/WikiUser/Db.php';
  24
  25 class _AdoDbPassUser
  26     extends _DbPassUser
  27     /**
  28      * ADODB methods
  29      * Simple sprintf, no prepare.
  30      *
  31      * Warning: Since we use FETCH_MODE_ASSOC (string hash) and not the also faster
  32      * FETCH_MODE_ROW (numeric), we have to use the correct aliases in auth_* sql statements!
  33      *
  34      * TODO: Change FETCH_MODE in adodb WikiDB sublasses.
  35      *
  36      * @tables: user
  37      */
  38 {
  39     var $_authmethod = 'AdoDb';
  40
  41     function _AdoDbPassUser($UserName = '', $prefs = false)
  42     {
  43         if (!$this->_prefs and isa($this, "_AdoDbPassUser")) {
  44             if ($prefs) $this->_prefs = $prefs;
  45             if (!isset($this->_prefs->_method))
  46                 _PassUser::_PassUser($UserName);
  47         }
  48         if (!$this->isValidName($UserName)) {
  49             trigger_error(_("Invalid username."), E_USER_WARNING);
  50             return false;
  51         }
  52         $this->_userid = $UserName;
  53         $this->getAuthDbh();
  54         $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
  55         // Don't prepare the configured auth statements anymore
  56         return $this;
  57     }
  58
  59     function getPreferences()
  60     {
  61         // override the generic slow method here for efficiency
  62         _AnonUser::getPreferences();
  63         $this->getAuthDbh();
  64         if (isset($this->_prefs->_select)) {
  65             $dbh = & $this->_auth_dbi;
  66             $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
  67             if ($rs->EOF) {
  68                 $rs->Close();
  69             } else {
  70                 $prefs_blob = @$rs->fields['prefs'];
  71                 $rs->Close();
  72                 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
  73                     $updated = $this->_prefs->updatePrefs($restored_from_db);
  74                     //$this->_prefs = new UserPreferences($restored_from_db);
  75                     return $this->_prefs;
  76                 }
  77             }
  78         }
  79         if (!empty($this->_HomePagehandle)) {
  80             if ($restored_from_page = $this->_prefs->retrieve
  81             ($this->_HomePagehandle->get('pref'))
  82             ) {
  83                 $updated = $this->_prefs->updatePrefs($restored_from_page);
  84                 //$this->_prefs = new UserPreferences($restored_from_page);
  85                 return $this->_prefs;
  86             }
  87         }
  88         return $this->_prefs;
  89     }
  90
  91     function setPreferences($prefs, $id_only = false)
  92     {
  93         // if the prefs are changed
  94         if (_AnonUser::setPreferences($prefs, 1)) {
  95             global $request;
  96             $packed = $this->_prefs->store();
  97             //$user = $request->_user;
  98             //unset($user->_auth_dbi);
  99             if (!$id_only and isset($this->_prefs->_update)) {
 100                 $this->getAuthDbh();
 101                 $dbh = &$this->_auth_dbi;
 102                 // check if the user already exists (not needed with mysql REPLACE)
 103                 $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
 104                 if ($rs->EOF) {
 105                     $rs->Close();
 106                     $prefs_blob = false;
 107                 } else {
 108                     $prefs_blob = @$rs->fields['prefs'];
 109                     $rs->Close();
 110                 }
 111                 if ($prefs_blob) {
 112                     $db_result = $dbh->Execute(sprintf($this->_prefs->_update,
 113                         $dbh->qstr($packed),
 114                         $dbh->qstr($this->_userid)));
 115                 } else {
 116                     // Otherwise, insert a record for them and set it to the defaults.
 117                     $dbi = $request->getDbh();
 118                     $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'),
 119                         array("pref_blob", "userid"));
 120                     $db_result = $dbh->Execute(sprintf($this->_prefs->_insert,
 121                         $dbh->qstr($packed),
 122                         $dbh->qstr($this->_userid)));
 123                 }
 124                 $db_result->Close();
 125                 // delete pageprefs:
 126                 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
 127                     $this->_HomePagehandle->set('pref', '');
 128             } else {
 129                 //store prefs in homepage, not in cookie
 130                 if ($this->_HomePagehandle and !$id_only)
 131                     $this->_HomePagehandle->set('pref', $packed);
 132             }
 133             return count($this->_prefs->unpack($packed));
 134         }
 135         return 0;
 136     }
 137
 138     function userExists()
 139     {
 140         $this->getAuthDbh();
 141         $dbh = &$this->_auth_dbi;
 142         if (!$dbh) { // needed?
 143             return $this->_tryNextUser();
 144         }
 145         if (!$this->isValidName()) {
 146             return $this->_tryNextUser();
 147         }
 148         $dbi =& $GLOBALS['request']->_dbi;
 149         // Prepare the configured auth statements
 150         if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
 151             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
 152                 array("password", "userid"));
 153         }
 154         //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
 155         if (!$dbi->getAuthParam('auth_user_exists')
 156             and $this->_auth_crypt_method == 'crypt'
 157                 and $this->_authselect
 158         ) {
 159             $rs = $dbh->Execute(sprintf($this->_authselect, $dbh->qstr($this->_userid)));
 160             if (!$rs->EOF) {
 161                 $rs->Close();
 162                 return true;
 163             } else {
 164                 $rs->Close();
 165             }
 166         } else {
 167             if (!$dbi->getAuthParam('auth_user_exists'))
 168                 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
 169                     E_USER_WARNING);
 170             $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'),
 171                 'userid');
 172             $rs = $dbh->Execute(sprintf($this->_authcheck, $dbh->qstr($this->_userid)));
 173             if (!$rs->EOF) {
 174                 $rs->Close();
 175                 return true;
 176             } else {
 177                 $rs->Close();
 178             }
 179         }
 180         // User does not exist yet.
 181         // Maybe the user is allowed to create himself. Generally not wanted in
 182         // external databases, but maybe wanted for the wiki database, for performance
 183         // reasons
 184         if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
 185             $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
 186                 array("password", "userid"));
 187         }
 188         if (!empty($this->_authcreate) and
 189             isset($GLOBALS['HTTP_POST_VARS']['auth']) and
 190                 isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])
 191         ) {
 192             $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
 193             $dbh->Execute(sprintf($this->_authcreate,
 194                 $dbh->qstr($passwd),
 195                 $dbh->qstr($this->_userid)));
 196             return true;
 197         }
 198
 199         return $this->_tryNextUser();
 200     }
 201
 202     function checkPass($submitted_password)
 203     {
 204         //global $DBAuthParams;
 205         $this->getAuthDbh();
 206         if (!$this->_auth_dbi) { // needed?
 207             return $this->_tryNextPass($submitted_password);
 208         }
 209         if (!$this->isValidName()) {
 210             trigger_error(_("Invalid username."), E_USER_WARNING);
 211             return $this->_tryNextPass($submitted_password);
 212         }
 213         if (!$this->_checkPassLength($submitted_password)) {
 214             return WIKIAUTH_FORBIDDEN;
 215         }
 216         $dbh =& $this->_auth_dbi;
 217         $dbi =& $GLOBALS['request']->_dbi;
 218         if (empty($this->_authselect) and $dbi->getAuthParam('auth_check')) {
 219             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
 220                 array("password", "userid"));
 221         }
 222         if (!isset($this->_authselect))
 223             $this->userExists();
 224         if (!isset($this->_authselect))
 225             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 226                     'DBAUTH_AUTH_CHECK', 'ADODB'),
 227                 E_USER_WARNING);
 228         //NOTE: for auth_crypt_method='crypt'  defined('ENCRYPTED_PASSWD',true) must be set
 229         if ($this->_auth_crypt_method == 'crypt') {
 230             $rs = $dbh->Execute(sprintf($this->_authselect,
 231                 $dbh->qstr($this->_userid)));
 232             if (!$rs->EOF) {
 233                 $stored_password = $rs->fields['password'];
 234                 $rs->Close();
 235                 $result = $this->_checkPass($submitted_password, $stored_password);
 236             } else {
 237                 $rs->Close();
 238                 $result = false;
 239             }
 240         } else {
 241             $rs = $dbh->Execute(sprintf($this->_authselect,
 242                 $dbh->qstr($submitted_password),
 243                 $dbh->qstr($this->_userid)));
 244             if (isset($rs->fields['ok']))
 245                 $okay = $rs->fields['ok'];
 246             elseif (isset($rs->fields[0]))
 247                 $okay = $rs->fields[0]; else {
 248                 if (is_array($rs->fields))
 249                     $okay = reset($rs->fields);
 250                 else
 251                     $okay = false;
 252             }
 253             $rs->Close();
 254             $result = !empty($okay);
 255         }
 256
 257         if ($result) {
 258             $this->_level = WIKIAUTH_USER;
 259             return $this->_level;
 260         } elseif (USER_AUTH_POLICY === 'strict') {
 261             $this->_level = WIKIAUTH_FORBIDDEN;
 262             return $this->_level;
 263         } else {
 264             return $this->_tryNextPass($submitted_password);
 265         }
 266     }
 267
 268     function mayChangePass()
 269     {
 270         return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
 271     }
 272
 273     function storePass($submitted_password)
 274     {
 275         $this->getAuthDbh();
 276         $dbh = &$this->_auth_dbi;
 277         $dbi =& $GLOBALS['request']->_dbi;
 278         if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
 279             $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
 280                 array("password", "userid"));
 281         }
 282         if (!isset($this->_authupdate)) {
 283             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 284                     'DBAUTH_AUTH_UPDATE', 'ADODB'),
 285                 E_USER_WARNING);
 286             return false;
 287         }
 288
 289         if ($this->_auth_crypt_method == 'crypt') {
 290             if (function_exists('crypt'))
 291                 $submitted_password = crypt($submitted_password);
 292         }
 293         $rs = $dbh->Execute(sprintf($this->_authupdate,
 294             $dbh->qstr($submitted_password),
 295             $dbh->qstr($this->_userid)
 296         ));
 297         $rs->Close();
 298         return $rs;
 299     }
 300 }
 301
 302 // Local Variables:
 303 // mode: php
 304 // tab-width: 8
 305 // c-basic-offset: 4
 306 // c-hanging-comment-ender-p: nil
 307 // indent-tabs-mode: nil
 308 // End: