lib/WikiUser/AdoDb.php

   1 <?php //-*-php-*-
   2
   3 /*
   4  * Copyright (C) 2004 ReiniUrban
   5  *
   6  * This file is part of PhpWiki.
   7  *
   8  * PhpWiki is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * PhpWiki is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License along
  19  * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
  20  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  21  */
  22
  23 include_once 'lib/WikiUser/Db.php';
  24
  25 class _AdoDbPassUser
  26 extends _DbPassUser
  27 /**
  28  * ADODB methods
  29  * Simple sprintf, no prepare.
  30  *
  31  * Warning: Since we use FETCH_MODE_ASSOC (string hash) and not the also faster
  32  * FETCH_MODE_ROW (numeric), we have to use the correct aliases in auth_* sql statements!
  33  *
  34  * TODO: Change FETCH_MODE in adodb WikiDB sublasses.
  35  *
  36  * @tables: user
  37  */
  38 {
  39     var $_authmethod = 'AdoDb';
  40     function _AdoDbPassUser($UserName='',$prefs=false) {
  41         if (!$this->_prefs and isa($this,"_AdoDbPassUser")) {
  42             if ($prefs) $this->_prefs = $prefs;
  43             if (!isset($this->_prefs->_method))
  44               _PassUser::_PassUser($UserName);
  45         }
  46         if (!$this->isValidName($UserName)) {
  47             trigger_error(_("Invalid username."),E_USER_WARNING);
  48             return false;
  49         }
  50         $this->_userid = $UserName;
  51         $this->getAuthDbh();
  52         $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
  53         // Don't prepare the configured auth statements anymore
  54         return $this;
  55     }
  56
  57     function getPreferences() {
  58         // override the generic slow method here for efficiency
  59         _AnonUser::getPreferences();
  60         $this->getAuthDbh();
  61         if (isset($this->_prefs->_select)) {
  62             $dbh = & $this->_auth_dbi;
  63             $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
  64             if ($rs->EOF) {
  65                 $rs->Close();
  66             } else {
  67                 $prefs_blob = @$rs->fields['prefs'];
  68                 $rs->Close();
  69                 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
  70                     $updated = $this->_prefs->updatePrefs($restored_from_db);
  71                     //$this->_prefs = new UserPreferences($restored_from_db);
  72                     return $this->_prefs;
  73                 }
  74             }
  75         }
  76         if (!empty($this->_HomePagehandle)) {
  77             if ($restored_from_page = $this->_prefs->retrieve
  78                 ($this->_HomePagehandle->get('pref'))) {
  79                 $updated = $this->_prefs->updatePrefs($restored_from_page);
  80                 //$this->_prefs = new UserPreferences($restored_from_page);
  81                 return $this->_prefs;
  82             }
  83         }
  84         return $this->_prefs;
  85     }
  86
  87     function setPreferences($prefs, $id_only=false) {
  88         // if the prefs are changed
  89         if (_AnonUser::setPreferences($prefs, 1)) {
  90             global $request;
  91             $packed = $this->_prefs->store();
  92             //$user = $request->_user;
  93             //unset($user->_auth_dbi);
  94             if (!$id_only and isset($this->_prefs->_update)) {
  95                 $this->getAuthDbh();
  96                 $dbh = &$this->_auth_dbi;
  97                 // check if the user already exists (not needed with mysql REPLACE)
  98                 $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
  99                 if ($rs->EOF) {
 100                     $rs->Close();
 101                     $prefs_blob = false;
 102                 } else {
 103                     $prefs_blob = @$rs->fields['prefs'];
 104                     $rs->Close();
 105                 }
 106                 if ($prefs_blob) {
 107                     $db_result = $dbh->Execute(sprintf($this->_prefs->_update,
 108                                                        $dbh->qstr($packed),
 109                                                        $dbh->qstr($this->_userid)));
 110                 } else {
 111                     // Otherwise, insert a record for them and set it to the defaults.
 112                     $dbi = $request->getDbh();
 113                     $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'),
 114                                                             array("pref_blob", "userid"));
 115                     $db_result = $dbh->Execute(sprintf($this->_prefs->_insert,
 116                                                        $dbh->qstr($packed),
 117                                                        $dbh->qstr($this->_userid)));
 118                 }
 119                 $db_result->Close();
 120                 // delete pageprefs:
 121                 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
 122                     $this->_HomePagehandle->set('pref', '');
 123             } else {
 124                 //store prefs in homepage, not in cookie
 125                 if ($this->_HomePagehandle and !$id_only)
 126                     $this->_HomePagehandle->set('pref', $packed);
 127             }
 128             return count($this->_prefs->unpack($packed));
 129         }
 130         return 0;
 131     }
 132
 133     function userExists() {
 134         $this->getAuthDbh();
 135         $dbh = &$this->_auth_dbi;
 136         if (!$dbh) { // needed?
 137             return $this->_tryNextUser();
 138         }
 139         if (!$this->isValidName()) {
 140             return $this->_tryNextUser();
 141         }
 142         $dbi =& $GLOBALS['request']->_dbi;
 143         // Prepare the configured auth statements
 144         if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
 145             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
 146                                                 array("password", "userid"));
 147         }
 148         //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
 149         if ( !$dbi->getAuthParam('auth_user_exists')
 150              and $this->_auth_crypt_method == 'crypt'
 151              and $this->_authselect)
 152         {
 153             $rs = $dbh->Execute(sprintf($this->_authselect, $dbh->qstr($this->_userid)));
 154             if (!$rs->EOF) {
 155                 $rs->Close();
 156                 return true;
 157             } else {
 158                 $rs->Close();
 159             }
 160         }
 161         else {
 162             if (! $dbi->getAuthParam('auth_user_exists'))
 163                 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
 164                               E_USER_WARNING);
 165             $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'),
 166                                                'userid');
 167             $rs = $dbh->Execute(sprintf($this->_authcheck, $dbh->qstr($this->_userid)));
 168             if (!$rs->EOF) {
 169                 $rs->Close();
 170                 return true;
 171             } else {
 172                 $rs->Close();
 173             }
 174         }
 175         // User does not exist yet.
 176         // Maybe the user is allowed to create himself. Generally not wanted in
 177         // external databases, but maybe wanted for the wiki database, for performance
 178         // reasons
 179         if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
 180             $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
 181                                                 array("password", "userid"));
 182         }
 183         if (!empty($this->_authcreate) and
 184             isset($GLOBALS['HTTP_POST_VARS']['auth']) and
 185             isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
 186         {
 187             $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
 188             $dbh->Execute(sprintf($this->_authcreate,
 189                                   $dbh->qstr($passwd),
 190                                   $dbh->qstr($this->_userid)));
 191             return true;
 192         }
 193
 194         return $this->_tryNextUser();
 195     }
 196
 197     function checkPass($submitted_password) {
 198         //global $DBAuthParams;
 199         $this->getAuthDbh();
 200         if (!$this->_auth_dbi) {  // needed?
 201             return $this->_tryNextPass($submitted_password);
 202         }
 203         if (!$this->isValidName()) {
 204             trigger_error(_("Invalid username."),E_USER_WARNING);
 205             return $this->_tryNextPass($submitted_password);
 206         }
 207         if (!$this->_checkPassLength($submitted_password)) {
 208             return WIKIAUTH_FORBIDDEN;
 209         }
 210         $dbh =& $this->_auth_dbi;
 211         $dbi =& $GLOBALS['request']->_dbi;
 212         if (empty($this->_authselect) and $dbi->getAuthParam('auth_check')) {
 213             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
 214                                                 array("password", "userid"));
 215         }
 216         if (!isset($this->_authselect))
 217             $this->userExists();
 218         if (!isset($this->_authselect))
 219             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 220                               'DBAUTH_AUTH_CHECK', 'ADODB'),
 221                           E_USER_WARNING);
 222         //NOTE: for auth_crypt_method='crypt'  defined('ENCRYPTED_PASSWD',true) must be set
 223         if ($this->_auth_crypt_method == 'crypt') {
 224             $rs = $dbh->Execute(sprintf($this->_authselect,
 225                                             $dbh->qstr($this->_userid)));
 226             if (!$rs->EOF) {
 227                 $stored_password = $rs->fields['password'];
 228                 $rs->Close();
 229                 $result = $this->_checkPass($submitted_password, $stored_password);
 230             } else {
 231                 $rs->Close();
 232                 $result = false;
 233             }
 234         } else {
 235             $rs = $dbh->Execute(sprintf($this->_authselect,
 236                                         $dbh->qstr($submitted_password),
 237                                         $dbh->qstr($this->_userid)));
 238             if (isset($rs->fields['ok']))
 239                 $okay = $rs->fields['ok'];
 240             elseif (isset($rs->fields[0]))
 241                 $okay = $rs->fields[0];
 242             else {
 243                 if (is_array($rs->fields))
 244                     $okay = reset($rs->fields);
 245                 else
 246                     $okay = false;
 247             }
 248             $rs->Close();
 249             $result = !empty($okay);
 250         }
 251
 252         if ($result) {
 253             $this->_level = WIKIAUTH_USER;
 254             return $this->_level;
 255         } elseif (USER_AUTH_POLICY === 'strict') {
 256             $this->_level = WIKIAUTH_FORBIDDEN;
 257             return $this->_level;
 258         } else {
 259             return $this->_tryNextPass($submitted_password);
 260         }
 261     }
 262
 263     function mayChangePass() {
 264         return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
 265     }
 266
 267     function storePass($submitted_password) {
 268         $this->getAuthDbh();
 269         $dbh = &$this->_auth_dbi;
 270         $dbi =& $GLOBALS['request']->_dbi;
 271         if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
 272             $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
 273                                                 array("password", "userid"));
 274         }
 275         if (!isset($this->_authupdate)) {
 276             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 277                               'DBAUTH_AUTH_UPDATE', 'ADODB'),
 278                           E_USER_WARNING);
 279             return false;
 280         }
 281
 282         if ($this->_auth_crypt_method == 'crypt') {
 283             if (function_exists('crypt'))
 284                 $submitted_password = crypt($submitted_password);
 285         }
 286         $rs = $dbh->Execute(sprintf($this->_authupdate,
 287                                     $dbh->qstr($submitted_password),
 288                                     $dbh->qstr($this->_userid)
 289                                     ));
 290         $rs->Close();
 291         return $rs;
 292     }
 293 }
 294
 295 // Local Variables:
 296 // mode: php
 297 // tab-width: 8
 298 // c-basic-offset: 4
 299 // c-hanging-comment-ender-p: nil
 300 // indent-tabs-mode: nil
 301 // End: