2 rcs_id('$Id: AdoDb.php,v 1.9 2006-12-22 17:25:23 rurban Exp $');
3 /* Copyright (C) 2004 ReiniUrban
4 * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2)
11 * Simple sprintf, no prepare.
13 * Warning: Since we use FETCH_MODE_ASSOC (string hash) and not the also faster
14 * FETCH_MODE_ROW (numeric), we have to use the correct aliases in auth_* sql statements!
16 * TODO: Change FETCH_MODE in adodb WikiDB sublasses.
21 var $_authmethod = 'AdoDb';
22 function _AdoDbPassUser($UserName='',$prefs=false) {
23 if (!$this->_prefs and isa($this,"_AdoDbPassUser")) {
24 if ($prefs) $this->_prefs = $prefs;
25 if (!isset($this->_prefs->_method))
26 _PassUser::_PassUser($UserName);
28 if (!$this->isValidName($UserName)) {
29 trigger_error(_("Invalid username."),E_USER_WARNING);
32 $this->_userid = $UserName;
34 $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
35 // Don't prepare the configured auth statements anymore
39 function getPreferences() {
40 // override the generic slow method here for efficiency
41 _AnonUser::getPreferences();
43 if (isset($this->_prefs->_select)) {
44 $dbh = & $this->_auth_dbi;
45 $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
49 $prefs_blob = @$rs->fields['prefs'];
51 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
52 $updated = $this->_prefs->updatePrefs($restored_from_db);
53 //$this->_prefs = new UserPreferences($restored_from_db);
58 if ($this->_HomePagehandle) {
59 if ($restored_from_page = $this->_prefs->retrieve
60 ($this->_HomePagehandle->get('pref'))) {
61 $updated = $this->_prefs->updatePrefs($restored_from_page);
62 //$this->_prefs = new UserPreferences($restored_from_page);
69 function setPreferences($prefs, $id_only=false) {
70 // if the prefs are changed
71 if (_AnonUser::setPreferences($prefs, 1)) {
73 $packed = $this->_prefs->store();
74 //$user = $request->_user;
75 //unset($user->_auth_dbi);
76 if (!$id_only and isset($this->_prefs->_update)) {
78 $dbh = &$this->_auth_dbi;
79 // check if the user already exists (not needed with mysql REPLACE)
80 $rs = $dbh->Execute(sprintf($this->_prefs->_select, $dbh->qstr($this->_userid)));
85 $prefs_blob = @$rs->fields['prefs'];
89 $db_result = $dbh->Execute(sprintf($this->_prefs->_update,
91 $dbh->qstr($this->_userid)));
93 // Otherwise, insert a record for them and set it to the defaults.
94 $dbi = $request->getDbh();
95 $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'),
96 array("pref_blob", "userid"));
97 $db_result = $dbh->Execute(sprintf($this->_prefs->_insert,
99 $dbh->qstr($this->_userid)));
103 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
104 $this->_HomePagehandle->set('pref', '');
106 //store prefs in homepage, not in cookie
107 if ($this->_HomePagehandle and !$id_only)
108 $this->_HomePagehandle->set('pref', $packed);
110 return count($this->_prefs->unpack($packed));
115 function userExists() {
117 $dbh = &$this->_auth_dbi;
118 if (!$dbh) { // needed?
119 return $this->_tryNextUser();
121 if (!$this->isValidName()) {
122 return $this->_tryNextUser();
124 $dbi =& $GLOBALS['request']->_dbi;
125 // Prepare the configured auth statements
126 if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
127 $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
128 array("password", "userid"));
130 //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
131 if ( !$dbi->getAuthParam('auth_user_exists')
132 and $this->_auth_crypt_method == 'crypt'
133 and $this->_authselect)
135 $rs = $dbh->Execute(sprintf($this->_authselect, $dbh->qstr($this->_userid)));
144 if (! $dbi->getAuthParam('auth_user_exists'))
145 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
147 $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'),
149 $rs = $dbh->Execute(sprintf($this->_authcheck, $dbh->qstr($this->_userid)));
157 // User does not exist yet.
158 // Maybe the user is allowed to create himself. Generally not wanted in
159 // external databases, but maybe wanted for the wiki database, for performance
161 if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
162 $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
163 array("userid", "password"));
165 if (!empty($this->_authcreate) and
166 isset($GLOBALS['HTTP_POST_VARS']['auth']) and
167 isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
169 $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
170 $dbh->Execute(sprintf($this->_authcreate,
172 $dbh->qstr($this->_userid)));
176 return $this->_tryNextUser();
179 function checkPass($submitted_password) {
180 //global $DBAuthParams;
182 if (!$this->_auth_dbi) { // needed?
183 return $this->_tryNextPass($submitted_password);
185 if (!$this->isValidName()) {
186 trigger_error(_("Invalid username."),E_USER_WARNING);
187 return $this->_tryNextPass($submitted_password);
189 if (!$this->_checkPassLength($submitted_password)) {
190 return WIKIAUTH_FORBIDDEN;
192 $dbh =& $this->_auth_dbi;
193 $dbi =& $GLOBALS['request']->_dbi;
194 if (empty($this->_authselect) and $dbi->getAuthParam('auth_check')) {
195 $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
196 array("password", "userid"));
198 if (!isset($this->_authselect))
200 if (!isset($this->_authselect))
201 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
202 'DBAUTH_AUTH_CHECK', 'ADODB'),
204 //NOTE: for auth_crypt_method='crypt' defined('ENCRYPTED_PASSWD',true) must be set
205 if ($this->_auth_crypt_method == 'crypt') {
206 $rs = $dbh->Execute(sprintf($this->_authselect,
207 $dbh->qstr($this->_userid)));
209 $stored_password = $rs->fields['password'];
211 $result = $this->_checkPass($submitted_password, $stored_password);
217 $rs = $dbh->Execute(sprintf($this->_authselect,
218 $dbh->qstr($submitted_password),
219 $dbh->qstr($this->_userid)));
220 if (isset($rs->fields['ok']))
221 $okay = $rs->fields['ok'];
222 elseif (isset($rs->fields[0]))
223 $okay = $rs->fields[0];
225 if (is_array($rs->fields))
226 $okay = reset($rs->fields);
231 $result = !empty($okay);
235 $this->_level = WIKIAUTH_USER;
236 return $this->_level;
237 } elseif (USER_AUTH_POLICY === 'strict') {
238 $this->_level = WIKIAUTH_FORBIDDEN;
239 return $this->_level;
241 return $this->_tryNextPass($submitted_password);
245 function mayChangePass() {
246 return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
249 function storePass($submitted_password) {
251 $dbh = &$this->_auth_dbi;
252 $dbi =& $GLOBALS['request']->_dbi;
253 if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
254 $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
255 array("password", "userid"));
257 if (!isset($this->_authupdate)) {
258 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
259 'DBAUTH_AUTH_UPDATE', 'ADODB'),
264 if ($this->_auth_crypt_method == 'crypt') {
265 if (function_exists('crypt'))
266 $submitted_password = crypt($submitted_password);
268 $rs = $dbh->Execute(sprintf($this->_authupdate,
269 $dbh->qstr($submitted_password),
270 $dbh->qstr($this->_userid)
277 // $Log: not supported by cvs2svn $
278 // Revision 1.8 2006/03/19 16:26:40 rurban
279 // fix DBAUTH arguments to be position independent, fixes bug #1358973
281 // Revision 1.7 2005/10/10 19:43:49 rurban
282 // add DBAUTH_PREF_INSERT: self-creating users. by John Stevens
284 // Revision 1.6 2005/08/06 13:21:09 rurban
285 // switch to natural order password, userid
287 // Revision 1.5 2005/02/14 12:28:26 rurban
288 // fix policy strict. Thanks to Mikhail Vladimirov
290 // Revision 1.4 2004/12/26 17:11:15 rurban
293 // Revision 1.3 2004/12/20 16:05:01 rurban
294 // gettext msg unification
296 // Revision 1.2 2004/12/19 00:58:02 rurban
297 // Enforce PASSWORD_LENGTH_MINIMUM in almost all PassUser checks,
298 // Provide an errormessage if so. Just PersonalPage and BogoLogin not.
299 // Simplify httpauth logout handling and set sessions for all methods.
300 // fix main.php unknown index "x" getLevelDescription() warning.
302 // Revision 1.1 2004/11/01 10:43:58 rurban
303 // seperate PassUser methods into seperate dir (memory usage)
304 // fix WikiUser (old) overlarge data session
305 // remove wikidb arg from various page class methods, use global ->_dbi instead
313 // c-hanging-comment-ender-p: nil
314 // indent-tabs-mode: nil