lib/WikiUser/AdoDb.php

   1 <?php //-*-php-*-
   2 // rcs_id('$Id$');
   3 /* Copyright (C) 2004 ReiniUrban
   4  * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2)
   5  */
   6
   7 include_once("lib/WikiUser/Db.php");
   8
   9 class _AdoDbPassUser
  10 extends _DbPassUser
  11 /**
  12  * ADODB methods
  13  * Simple sprintf, no prepare.
  14  *
  15  * Warning: Since we use FETCH_MODE_ASSOC (string hash) and not the also faster
  16  * FETCH_MODE_ROW (numeric), we have to use the correct aliases in auth_* sql statements!
  17  *
  18  * TODO: Change FETCH_MODE in adodb WikiDB sublasses.
  19  *
  20  * @tables: user
  21  */
  22 {
  23     var $_authmethod = 'AdoDb';
  24     function _AdoDbPassUser($UserName='',$prefs=false) {
  25         if (!$this->_prefs and isa($this,"_AdoDbPassUser")) {
  26             if ($prefs) $this->_prefs = $prefs;
  27             if (!isset($this->_prefs->_method))
  28               _PassUser::_PassUser($UserName);
  29         }
  30         if (!$this->isValidName($UserName)) {
  31             trigger_error(_("Invalid username."),E_USER_WARNING);
  32             return false;
  33         }
  34         $this->_userid = $UserName;
  35         $this->getAuthDbh();
  36         $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
  37         // Don't prepare the configured auth statements anymore
  38         return $this;
  39     }
  40
  41     function getPreferences() {
  42         // override the generic slow method here for efficiency
  43         _AnonUser::getPreferences();
  44         $this->getAuthDbh();
  45         if (isset($this->_prefs->_select)) {
  46             $dbh = & $this->_auth_dbi;
  47             $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
  48             if ($rs->EOF) {
  49                 $rs->Close();
  50             } else {
  51                 $prefs_blob = @$rs->fields['prefs'];
  52                 $rs->Close();
  53                 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
  54                     $updated = $this->_prefs->updatePrefs($restored_from_db);
  55                     //$this->_prefs = new UserPreferences($restored_from_db);
  56                     return $this->_prefs;
  57                 }
  58             }
  59         }
  60         if (!empty($this->_HomePagehandle)) {
  61             if ($restored_from_page = $this->_prefs->retrieve
  62                 ($this->_HomePagehandle->get('pref'))) {
  63                 $updated = $this->_prefs->updatePrefs($restored_from_page);
  64                 //$this->_prefs = new UserPreferences($restored_from_page);
  65                 return $this->_prefs;
  66             }
  67         }
  68         return $this->_prefs;
  69     }
  70
  71     function setPreferences($prefs, $id_only=false) {
  72         // if the prefs are changed
  73         if (_AnonUser::setPreferences($prefs, 1)) {
  74             global $request;
  75             $packed = $this->_prefs->store();
  76             //$user = $request->_user;
  77             //unset($user->_auth_dbi);
  78             if (!$id_only and isset($this->_prefs->_update)) {
  79                 $this->getAuthDbh();
  80                 $dbh = &$this->_auth_dbi;
  81                 // check if the user already exists (not needed with mysql REPLACE)
  82                 $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
  83                 if ($rs->EOF) {
  84                     $rs->Close();
  85                     $prefs_blob = false;
  86                 } else {
  87                     $prefs_blob = @$rs->fields['prefs'];
  88                     $rs->Close();
  89                 }
  90                 if ($prefs_blob) {
  91                     $db_result = $dbh->Execute(sprintf($this->_prefs->_update,
  92                                                        $dbh->qstr($packed),
  93                                                        $dbh->qstr($this->_userid)));
  94                 } else {
  95                     // Otherwise, insert a record for them and set it to the defaults.
  96                     $dbi = $request->getDbh();
  97                     $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'),
  98                                                             array("pref_blob", "userid"));
  99                     $db_result = $dbh->Execute(sprintf($this->_prefs->_insert,
 100                                                        $dbh->qstr($packed),
 101                                                        $dbh->qstr($this->_userid)));
 102                 }
 103                 $db_result->Close();
 104                 // delete pageprefs:
 105                 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
 106                     $this->_HomePagehandle->set('pref', '');
 107             } else {
 108                 //store prefs in homepage, not in cookie
 109                 if ($this->_HomePagehandle and !$id_only)
 110                     $this->_HomePagehandle->set('pref', $packed);
 111             }
 112             return count($this->_prefs->unpack($packed));
 113         }
 114         return 0;
 115     }
 116
 117     function userExists() {
 118         $this->getAuthDbh();
 119         $dbh = &$this->_auth_dbi;
 120         if (!$dbh) { // needed?
 121             return $this->_tryNextUser();
 122         }
 123         if (!$this->isValidName()) {
 124             return $this->_tryNextUser();
 125         }
 126         $dbi =& $GLOBALS['request']->_dbi;
 127         // Prepare the configured auth statements
 128         if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
 129             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
 130                                                 array("password", "userid"));
 131         }
 132         //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
 133         if ( !$dbi->getAuthParam('auth_user_exists')
 134              and $this->_auth_crypt_method == 'crypt'
 135              and $this->_authselect)
 136         {
 137             $rs = $dbh->Execute(sprintf($this->_authselect, $dbh->qstr($this->_userid)));
 138             if (!$rs->EOF) {
 139                 $rs->Close();
 140                 return true;
 141             } else {
 142                 $rs->Close();
 143             }
 144         }
 145         else {
 146             if (! $dbi->getAuthParam('auth_user_exists'))
 147                 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
 148                               E_USER_WARNING);
 149             $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'),
 150                                                'userid');
 151             $rs = $dbh->Execute(sprintf($this->_authcheck, $dbh->qstr($this->_userid)));
 152             if (!$rs->EOF) {
 153                 $rs->Close();
 154                 return true;
 155             } else {
 156                 $rs->Close();
 157             }
 158         }
 159         // User does not exist yet.
 160         // Maybe the user is allowed to create himself. Generally not wanted in
 161         // external databases, but maybe wanted for the wiki database, for performance
 162         // reasons
 163         if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
 164             $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
 165                                                 array("password", "userid"));
 166         }
 167         if (!empty($this->_authcreate) and
 168             isset($GLOBALS['HTTP_POST_VARS']['auth']) and
 169             isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
 170         {
 171             $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
 172             $dbh->Execute(sprintf($this->_authcreate,
 173                                   $dbh->qstr($passwd),
 174                                   $dbh->qstr($this->_userid)));
 175             return true;
 176         }
 177
 178         return $this->_tryNextUser();
 179     }
 180
 181     function checkPass($submitted_password) {
 182         //global $DBAuthParams;
 183         $this->getAuthDbh();
 184         if (!$this->_auth_dbi) {  // needed?
 185             return $this->_tryNextPass($submitted_password);
 186         }
 187         if (!$this->isValidName()) {
 188             trigger_error(_("Invalid username."),E_USER_WARNING);
 189             return $this->_tryNextPass($submitted_password);
 190         }
 191         if (!$this->_checkPassLength($submitted_password)) {
 192             return WIKIAUTH_FORBIDDEN;
 193         }
 194         $dbh =& $this->_auth_dbi;
 195         $dbi =& $GLOBALS['request']->_dbi;
 196         if (empty($this->_authselect) and $dbi->getAuthParam('auth_check')) {
 197             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
 198                                                 array("password", "userid"));
 199         }
 200         if (!isset($this->_authselect))
 201             $this->userExists();
 202         if (!isset($this->_authselect))
 203             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 204                               'DBAUTH_AUTH_CHECK', 'ADODB'),
 205                           E_USER_WARNING);
 206         //NOTE: for auth_crypt_method='crypt'  defined('ENCRYPTED_PASSWD',true) must be set
 207         if ($this->_auth_crypt_method == 'crypt') {
 208             $rs = $dbh->Execute(sprintf($this->_authselect,
 209                                             $dbh->qstr($this->_userid)));
 210             if (!$rs->EOF) {
 211                 $stored_password = $rs->fields['password'];
 212                 $rs->Close();
 213                 $result = $this->_checkPass($submitted_password, $stored_password);
 214             } else {
 215                 $rs->Close();
 216                 $result = false;
 217             }
 218         } else {
 219             $rs = $dbh->Execute(sprintf($this->_authselect,
 220                                         $dbh->qstr($submitted_password),
 221                                         $dbh->qstr($this->_userid)));
 222             if (isset($rs->fields['ok']))
 223                 $okay = $rs->fields['ok'];
 224             elseif (isset($rs->fields[0]))
 225                 $okay = $rs->fields[0];
 226             else {
 227                 if (is_array($rs->fields))
 228                     $okay = reset($rs->fields);
 229                 else
 230                     $okay = false;
 231             }
 232             $rs->Close();
 233             $result = !empty($okay);
 234         }
 235
 236         if ($result) {
 237             $this->_level = WIKIAUTH_USER;
 238             return $this->_level;
 239         } elseif (USER_AUTH_POLICY === 'strict') {
 240             $this->_level = WIKIAUTH_FORBIDDEN;
 241             return $this->_level;
 242         } else {
 243             return $this->_tryNextPass($submitted_password);
 244         }
 245     }
 246
 247     function mayChangePass() {
 248         return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
 249     }
 250
 251     function storePass($submitted_password) {
 252         $this->getAuthDbh();
 253         $dbh = &$this->_auth_dbi;
 254         $dbi =& $GLOBALS['request']->_dbi;
 255         if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
 256             $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
 257                                                 array("password", "userid"));
 258         }
 259         if (!isset($this->_authupdate)) {
 260             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 261                               'DBAUTH_AUTH_UPDATE', 'ADODB'),
 262                           E_USER_WARNING);
 263             return false;
 264         }
 265
 266         if ($this->_auth_crypt_method == 'crypt') {
 267             if (function_exists('crypt'))
 268                 $submitted_password = crypt($submitted_password);
 269         }
 270         $rs = $dbh->Execute(sprintf($this->_authupdate,
 271                                     $dbh->qstr($submitted_password),
 272                                     $dbh->qstr($this->_userid)
 273                                     ));
 274         $rs->Close();
 275         return $rs;
 276     }
 277 }
 278
 279 // Local Variables:
 280 // mode: php
 281 // tab-width: 8
 282 // c-basic-offset: 4
 283 // c-hanging-comment-ender-p: nil
 284 // indent-tabs-mode: nil
 285 // End:
 286 ?>