lib/WikiUser/AdoDb.php

   1 <?php //-*-php-*-
   2 rcs_id('$Id: AdoDb.php,v 1.9 2006-12-22 17:25:23 rurban Exp $');
   3 /* Copyright (C) 2004 ReiniUrban
   4  * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2)
   5  */
   6
   7 class _AdoDbPassUser
   8 extends _DbPassUser
   9 /**
  10  * ADODB methods
  11  * Simple sprintf, no prepare.
  12  *
  13  * Warning: Since we use FETCH_MODE_ASSOC (string hash) and not the also faster
  14  * FETCH_MODE_ROW (numeric), we have to use the correct aliases in auth_* sql statements!
  15  *
  16  * TODO: Change FETCH_MODE in adodb WikiDB sublasses.
  17  *
  18  * @tables: user
  19  */
  20 {
  21     var $_authmethod = 'AdoDb';
  22     function _AdoDbPassUser($UserName='',$prefs=false) {
  23         if (!$this->_prefs and isa($this,"_AdoDbPassUser")) {
  24             if ($prefs) $this->_prefs = $prefs;
  25             if (!isset($this->_prefs->_method))
  26               _PassUser::_PassUser($UserName);
  27         }
  28         if (!$this->isValidName($UserName)) {
  29             trigger_error(_("Invalid username."),E_USER_WARNING);
  30             return false;
  31         }
  32         $this->_userid = $UserName;
  33         $this->getAuthDbh();
  34         $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
  35         // Don't prepare the configured auth statements anymore
  36         return $this;
  37     }
  38
  39     function getPreferences() {
  40         // override the generic slow method here for efficiency
  41         _AnonUser::getPreferences();
  42         $this->getAuthDbh();
  43         if (isset($this->_prefs->_select)) {
  44             $dbh = & $this->_auth_dbi;
  45             $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
  46             if ($rs->EOF) {
  47                 $rs->Close();
  48             } else {
  49                 $prefs_blob = @$rs->fields['prefs'];
  50                 $rs->Close();
  51                 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
  52                     $updated = $this->_prefs->updatePrefs($restored_from_db);
  53                     //$this->_prefs = new UserPreferences($restored_from_db);
  54                     return $this->_prefs;
  55                 }
  56             }
  57         }
  58         if ($this->_HomePagehandle) {
  59             if ($restored_from_page = $this->_prefs->retrieve
  60                 ($this->_HomePagehandle->get('pref'))) {
  61                 $updated = $this->_prefs->updatePrefs($restored_from_page);
  62                 //$this->_prefs = new UserPreferences($restored_from_page);
  63                 return $this->_prefs;
  64             }
  65         }
  66         return $this->_prefs;
  67     }
  68
  69     function setPreferences($prefs, $id_only=false) {
  70         // if the prefs are changed
  71         if (_AnonUser::setPreferences($prefs, 1)) {
  72             global $request;
  73             $packed = $this->_prefs->store();
  74             //$user = $request->_user;
  75             //unset($user->_auth_dbi);
  76             if (!$id_only and isset($this->_prefs->_update)) {
  77                 $this->getAuthDbh();
  78                 $dbh = &$this->_auth_dbi;
  79                 // check if the user already exists (not needed with mysql REPLACE)
  80                 $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
  81                 if ($rs->EOF) {
  82                     $rs->Close();
  83                     $prefs_blob = false;
  84                 } else {
  85                     $prefs_blob = @$rs->fields['prefs'];
  86                     $rs->Close();
  87                 }
  88                 if ($prefs_blob) {
  89                     $db_result = $dbh->Execute(sprintf($this->_prefs->_update,
  90                                                        $dbh->qstr($packed),
  91                                                        $dbh->qstr($this->_userid)));
  92                 } else {
  93                     // Otherwise, insert a record for them and set it to the defaults.
  94                     $dbi = $request->getDbh();
  95                     $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'),
  96                                                             array("pref_blob", "userid"));
  97                     $db_result = $dbh->Execute(sprintf($this->_prefs->_insert,
  98                                                        $dbh->qstr($packed),
  99                                                        $dbh->qstr($this->_userid)));
 100                 }
 101                 $db_result->Close();
 102                 // delete pageprefs:
 103                 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
 104                     $this->_HomePagehandle->set('pref', '');
 105             } else {
 106                 //store prefs in homepage, not in cookie
 107                 if ($this->_HomePagehandle and !$id_only)
 108                     $this->_HomePagehandle->set('pref', $packed);
 109             }
 110             return count($this->_prefs->unpack($packed));
 111         }
 112         return 0;
 113     }
 114
 115     function userExists() {
 116         $this->getAuthDbh();
 117         $dbh = &$this->_auth_dbi;
 118         if (!$dbh) { // needed?
 119             return $this->_tryNextUser();
 120         }
 121         if (!$this->isValidName()) {
 122             return $this->_tryNextUser();
 123         }
 124         $dbi =& $GLOBALS['request']->_dbi;
 125         // Prepare the configured auth statements
 126         if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
 127             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
 128                                                 array("password", "userid"));
 129         }
 130         //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
 131         if ( !$dbi->getAuthParam('auth_user_exists')
 132              and $this->_auth_crypt_method == 'crypt'
 133              and $this->_authselect)
 134         {
 135             $rs = $dbh->Execute(sprintf($this->_authselect, $dbh->qstr($this->_userid)));
 136             if (!$rs->EOF) {
 137                 $rs->Close();
 138                 return true;
 139             } else {
 140                 $rs->Close();
 141             }
 142         }
 143         else {
 144             if (! $dbi->getAuthParam('auth_user_exists'))
 145                 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
 146                               E_USER_WARNING);
 147             $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'),
 148                                                'userid');
 149             $rs = $dbh->Execute(sprintf($this->_authcheck, $dbh->qstr($this->_userid)));
 150             if (!$rs->EOF) {
 151                 $rs->Close();
 152                 return true;
 153             } else {
 154                 $rs->Close();
 155             }
 156         }
 157         // User does not exist yet.
 158         // Maybe the user is allowed to create himself. Generally not wanted in
 159         // external databases, but maybe wanted for the wiki database, for performance
 160         // reasons
 161         if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
 162             $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
 163                                                 array("userid", "password"));
 164         }
 165         if (!empty($this->_authcreate) and
 166             isset($GLOBALS['HTTP_POST_VARS']['auth']) and
 167             isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
 168         {
 169             $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
 170             $dbh->Execute(sprintf($this->_authcreate,
 171                                   $dbh->qstr($passwd),
 172                                   $dbh->qstr($this->_userid)));
 173             return true;
 174         }
 175
 176         return $this->_tryNextUser();
 177     }
 178
 179     function checkPass($submitted_password) {
 180         //global $DBAuthParams;
 181         $this->getAuthDbh();
 182         if (!$this->_auth_dbi) {  // needed?
 183             return $this->_tryNextPass($submitted_password);
 184         }
 185         if (!$this->isValidName()) {
 186             trigger_error(_("Invalid username."),E_USER_WARNING);
 187             return $this->_tryNextPass($submitted_password);
 188         }
 189         if (!$this->_checkPassLength($submitted_password)) {
 190             return WIKIAUTH_FORBIDDEN;
 191         }
 192         $dbh =& $this->_auth_dbi;
 193         $dbi =& $GLOBALS['request']->_dbi;
 194         if (empty($this->_authselect) and $dbi->getAuthParam('auth_check')) {
 195             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
 196                                                 array("password", "userid"));
 197         }
 198         if (!isset($this->_authselect))
 199             $this->userExists();
 200         if (!isset($this->_authselect))
 201             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 202                               'DBAUTH_AUTH_CHECK', 'ADODB'),
 203                           E_USER_WARNING);
 204         //NOTE: for auth_crypt_method='crypt'  defined('ENCRYPTED_PASSWD',true) must be set
 205         if ($this->_auth_crypt_method == 'crypt') {
 206             $rs = $dbh->Execute(sprintf($this->_authselect,
 207                                         $dbh->qstr($this->_userid)));
 208             if (!$rs->EOF) {
 209                 $stored_password = $rs->fields['password'];
 210                 $rs->Close();
 211                 $result = $this->_checkPass($submitted_password, $stored_password);
 212             } else {
 213                 $rs->Close();
 214                 $result = false;
 215             }
 216         } else {
 217             $rs = $dbh->Execute(sprintf($this->_authselect,
 218                                         $dbh->qstr($submitted_password),
 219                                         $dbh->qstr($this->_userid)));
 220             if (isset($rs->fields['ok']))
 221                 $okay = $rs->fields['ok'];
 222             elseif (isset($rs->fields[0]))
 223                 $okay = $rs->fields[0];
 224             else {
 225                 if (is_array($rs->fields))
 226                     $okay = reset($rs->fields);
 227                 else
 228                     $okay = false;
 229             }
 230             $rs->Close();
 231             $result = !empty($okay);
 232         }
 233
 234         if ($result) {
 235             $this->_level = WIKIAUTH_USER;
 236             return $this->_level;
 237         } elseif (USER_AUTH_POLICY === 'strict') {
 238             $this->_level = WIKIAUTH_FORBIDDEN;
 239             return $this->_level;
 240         } else {
 241             return $this->_tryNextPass($submitted_password);
 242         }
 243     }
 244
 245     function mayChangePass() {
 246         return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
 247     }
 248
 249     function storePass($submitted_password) {
 250         $this->getAuthDbh();
 251         $dbh = &$this->_auth_dbi;
 252         $dbi =& $GLOBALS['request']->_dbi;
 253         if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
 254             $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
 255                                                 array("password", "userid"));
 256         }
 257         if (!isset($this->_authupdate)) {
 258             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 259                               'DBAUTH_AUTH_UPDATE', 'ADODB'),
 260                           E_USER_WARNING);
 261             return false;
 262         }
 263
 264         if ($this->_auth_crypt_method == 'crypt') {
 265             if (function_exists('crypt'))
 266                 $submitted_password = crypt($submitted_password);
 267         }
 268         $rs = $dbh->Execute(sprintf($this->_authupdate,
 269                                     $dbh->qstr($submitted_password),
 270                                     $dbh->qstr($this->_userid)
 271                                     ));
 272         $rs->Close();
 273         return $rs;
 274     }
 275 }
 276
 277 // $Log: not supported by cvs2svn $
 278 // Revision 1.8  2006/03/19 16:26:40  rurban
 279 // fix DBAUTH arguments to be position independent, fixes bug #1358973
 280 //
 281 // Revision 1.7  2005/10/10 19:43:49  rurban
 282 // add DBAUTH_PREF_INSERT: self-creating users. by John Stevens
 283 //
 284 // Revision 1.6  2005/08/06 13:21:09  rurban
 285 // switch to natural order password, userid
 286 //
 287 // Revision 1.5  2005/02/14 12:28:26  rurban
 288 // fix policy strict. Thanks to Mikhail Vladimirov
 289 //
 290 // Revision 1.4  2004/12/26 17:11:15  rurban
 291 // just copyright
 292 //
 293 // Revision 1.3  2004/12/20 16:05:01  rurban
 294 // gettext msg unification
 295 //
 296 // Revision 1.2  2004/12/19 00:58:02  rurban
 297 // Enforce PASSWORD_LENGTH_MINIMUM in almost all PassUser checks,
 298 // Provide an errormessage if so. Just PersonalPage and BogoLogin not.
 299 // Simplify httpauth logout handling and set sessions for all methods.
 300 // fix main.php unknown index "x" getLevelDescription() warning.
 301 //
 302 // Revision 1.1  2004/11/01 10:43:58  rurban
 303 // seperate PassUser methods into seperate dir (memory usage)
 304 // fix WikiUser (old) overlarge data session
 305 // remove wikidb arg from various page class methods, use global ->_dbi instead
 306 // ...
 307 //
 308
 309 // Local Variables:
 310 // mode: php
 311 // tab-width: 8
 312 // c-basic-offset: 4
 313 // c-hanging-comment-ender-p: nil
 314 // indent-tabs-mode: nil
 315 // End:
 316 ?>