4 * Copyright (C) 2004 ReiniUrban
6 * This file is part of PhpWiki.
8 * PhpWiki is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * PhpWiki is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License along
19 * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 include_once 'lib/WikiUser/Db.php';
29 * Simple sprintf, no prepare.
31 * Warning: Since we use FETCH_MODE_ASSOC (string hash) and not the also faster
32 * FETCH_MODE_ROW (numeric), we have to use the correct aliases in auth_* sql statements!
34 * TODO: Change FETCH_MODE in adodb WikiDB sublasses.
39 var $_authmethod = 'AdoDb';
40 function _AdoDbPassUser($UserName='',$prefs=false) {
41 if (!$this->_prefs and isa($this,"_AdoDbPassUser")) {
42 if ($prefs) $this->_prefs = $prefs;
43 if (!isset($this->_prefs->_method))
44 _PassUser::_PassUser($UserName);
46 if (!$this->isValidName($UserName)) {
47 trigger_error(_("Invalid username."),E_USER_WARNING);
50 $this->_userid = $UserName;
52 $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
53 // Don't prepare the configured auth statements anymore
57 function getPreferences() {
58 // override the generic slow method here for efficiency
59 _AnonUser::getPreferences();
61 if (isset($this->_prefs->_select)) {
62 $dbh = & $this->_auth_dbi;
63 $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
67 $prefs_blob = @$rs->fields['prefs'];
69 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
70 $updated = $this->_prefs->updatePrefs($restored_from_db);
71 //$this->_prefs = new UserPreferences($restored_from_db);
76 if (!empty($this->_HomePagehandle)) {
77 if ($restored_from_page = $this->_prefs->retrieve
78 ($this->_HomePagehandle->get('pref'))) {
79 $updated = $this->_prefs->updatePrefs($restored_from_page);
80 //$this->_prefs = new UserPreferences($restored_from_page);
87 function setPreferences($prefs, $id_only=false) {
88 // if the prefs are changed
89 if (_AnonUser::setPreferences($prefs, 1)) {
91 $packed = $this->_prefs->store();
92 //$user = $request->_user;
93 //unset($user->_auth_dbi);
94 if (!$id_only and isset($this->_prefs->_update)) {
96 $dbh = &$this->_auth_dbi;
97 // check if the user already exists (not needed with mysql REPLACE)
98 $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
103 $prefs_blob = @$rs->fields['prefs'];
107 $db_result = $dbh->Execute(sprintf($this->_prefs->_update,
109 $dbh->qstr($this->_userid)));
111 // Otherwise, insert a record for them and set it to the defaults.
112 $dbi = $request->getDbh();
113 $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'),
114 array("pref_blob", "userid"));
115 $db_result = $dbh->Execute(sprintf($this->_prefs->_insert,
117 $dbh->qstr($this->_userid)));
121 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
122 $this->_HomePagehandle->set('pref', '');
124 //store prefs in homepage, not in cookie
125 if ($this->_HomePagehandle and !$id_only)
126 $this->_HomePagehandle->set('pref', $packed);
128 return count($this->_prefs->unpack($packed));
133 function userExists() {
135 $dbh = &$this->_auth_dbi;
136 if (!$dbh) { // needed?
137 return $this->_tryNextUser();
139 if (!$this->isValidName()) {
140 return $this->_tryNextUser();
142 $dbi =& $GLOBALS['request']->_dbi;
143 // Prepare the configured auth statements
144 if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
145 $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
146 array("password", "userid"));
148 //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
149 if ( !$dbi->getAuthParam('auth_user_exists')
150 and $this->_auth_crypt_method == 'crypt'
151 and $this->_authselect)
153 $rs = $dbh->Execute(sprintf($this->_authselect, $dbh->qstr($this->_userid)));
162 if (! $dbi->getAuthParam('auth_user_exists'))
163 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
165 $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'),
167 $rs = $dbh->Execute(sprintf($this->_authcheck, $dbh->qstr($this->_userid)));
175 // User does not exist yet.
176 // Maybe the user is allowed to create himself. Generally not wanted in
177 // external databases, but maybe wanted for the wiki database, for performance
179 if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
180 $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
181 array("password", "userid"));
183 if (!empty($this->_authcreate) and
184 isset($GLOBALS['HTTP_POST_VARS']['auth']) and
185 isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
187 $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
188 $dbh->Execute(sprintf($this->_authcreate,
190 $dbh->qstr($this->_userid)));
194 return $this->_tryNextUser();
197 function checkPass($submitted_password) {
198 //global $DBAuthParams;
200 if (!$this->_auth_dbi) { // needed?
201 return $this->_tryNextPass($submitted_password);
203 if (!$this->isValidName()) {
204 trigger_error(_("Invalid username."),E_USER_WARNING);
205 return $this->_tryNextPass($submitted_password);
207 if (!$this->_checkPassLength($submitted_password)) {
208 return WIKIAUTH_FORBIDDEN;
210 $dbh =& $this->_auth_dbi;
211 $dbi =& $GLOBALS['request']->_dbi;
212 if (empty($this->_authselect) and $dbi->getAuthParam('auth_check')) {
213 $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
214 array("password", "userid"));
216 if (!isset($this->_authselect))
218 if (!isset($this->_authselect))
219 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
220 'DBAUTH_AUTH_CHECK', 'ADODB'),
222 //NOTE: for auth_crypt_method='crypt' defined('ENCRYPTED_PASSWD',true) must be set
223 if ($this->_auth_crypt_method == 'crypt') {
224 $rs = $dbh->Execute(sprintf($this->_authselect,
225 $dbh->qstr($this->_userid)));
227 $stored_password = $rs->fields['password'];
229 $result = $this->_checkPass($submitted_password, $stored_password);
235 $rs = $dbh->Execute(sprintf($this->_authselect,
236 $dbh->qstr($submitted_password),
237 $dbh->qstr($this->_userid)));
238 if (isset($rs->fields['ok']))
239 $okay = $rs->fields['ok'];
240 elseif (isset($rs->fields[0]))
241 $okay = $rs->fields[0];
243 if (is_array($rs->fields))
244 $okay = reset($rs->fields);
249 $result = !empty($okay);
253 $this->_level = WIKIAUTH_USER;
254 return $this->_level;
255 } elseif (USER_AUTH_POLICY === 'strict') {
256 $this->_level = WIKIAUTH_FORBIDDEN;
257 return $this->_level;
259 return $this->_tryNextPass($submitted_password);
263 function mayChangePass() {
264 return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
267 function storePass($submitted_password) {
269 $dbh = &$this->_auth_dbi;
270 $dbi =& $GLOBALS['request']->_dbi;
271 if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
272 $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
273 array("password", "userid"));
275 if (!isset($this->_authupdate)) {
276 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
277 'DBAUTH_AUTH_UPDATE', 'ADODB'),
282 if ($this->_auth_crypt_method == 'crypt') {
283 if (function_exists('crypt'))
284 $submitted_password = crypt($submitted_password);
286 $rs = $dbh->Execute(sprintf($this->_authupdate,
287 $dbh->qstr($submitted_password),
288 $dbh->qstr($this->_userid)
299 // c-hanging-comment-ender-p: nil
300 // indent-tabs-mode: nil