]> CyberLeo.Net >> Repos - SourceForge/phpwiki.git/blob - lib/WikiUser/PdoDb.php
projects / SourceForge / phpwiki.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
rcs_id no longer makes sense with Subversion global version number
[SourceForge/phpwiki.git] / lib / WikiUser / PdoDb.php
1 <?php //-*-php-*-
2 // rcs_id('$Id$');
3 /* Copyright (C) 2004, 2005 ReiniUrban
4  * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2)
5  */
6
7 include_once("lib/WikiUser/Db.php");
8
9 class _PdoDbPassUser
10 extends _DbPassUser
11 /**
12  * PDO DB methods (PHP5)
13  *   prepare, bind, execute.
14  * We use numrical FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
15  *
16  * @tables: user
17  * @tables: pref
18  */
19 {
20     var $_authmethod = 'PDODb';
21
22     function _PdoDbPassUser($UserName='', $prefs=false) {
23
24         if (!$this->_prefs and isa($this,"_PdoDbPassUser")) {
25             if ($prefs) $this->_prefs = $prefs;
26         }
27         if (!isset($this->_prefs->_method))
28             _PassUser::_PassUser($UserName);
29         elseif (!$this->isValidName($UserName)) {
30             trigger_error(_("Invalid username."), E_USER_WARNING);
31             return false;
32         }
33         $this->_userid = $UserName;
34         // make use of session data. generally we only initialize this every time,
35         // but do auth checks only once
36         $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
37         return $this;
38     }
39
40     function getPreferences() {
41         // override the generic slow method here for efficiency and not to
42         // clutter the homepage metadata with prefs.
43         _AnonUser::getPreferences();
44         $this->getAuthDbh();
45         if (isset($this->_prefs->_select)) {
46             $dbh =& $this->_auth_dbi;
47             $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
48             // patched by frederik@pandora.be
49             $prefs = $db_result->fetch(PDO_FETCH_BOTH);
50             $prefs_blob = @$prefs["prefs"];
51             if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
52                 $updated = $this->_prefs->updatePrefs($restored_from_db);
53                 //$this->_prefs = new UserPreferences($restored_from_db);
54                 return $this->_prefs;
55             }
56         }
57         if ($this->_HomePagehandle) {
58             if ($restored_from_page = $this->_prefs->retrieve
59                 ($this->_HomePagehandle->get('pref'))) {
60                 $updated = $this->_prefs->updatePrefs($restored_from_page);
61                 //$this->_prefs = new UserPreferences($restored_from_page);
62                 return $this->_prefs;
63             }
64         }
65         return $this->_prefs;
66     }
67
68     function setPreferences($prefs, $id_only=false) {
69         // if the prefs are changed
70         if ($count = _AnonUser::setPreferences($prefs, 1)) {
71             $this->getAuthDbh();
72             $packed = $this->_prefs->store();
73             if (!$id_only and isset($this->_prefs->_update)) {
74                 $dbh =& $this->_auth_dbi;
75                 try {
76                     $sth = $dbh->prepare($this->_prefs->_update);
77                     $sth->bindParam("prefs", $packed);
78                     $sth->bindParam("user",  $this->_userid);
79                     $sth->execute();
80                 }
81                 catch (PDOException $e) {
82                     trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
83                     return false;
84                 }
85                 //delete pageprefs:
86                 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
87                     $this->_HomePagehandle->set('pref', '');
88             } else {
89                 //store prefs in homepage, not in cookie
90                 if ($this->_HomePagehandle and !$id_only)
91                     $this->_HomePagehandle->set('pref', $packed);
92             }
93             return $count;
94         }
95         return 0;
96     }
97
98     function userExists() {
99         $this->getAuthDbh();
100         $dbh = &$this->_auth_dbi;
101         if (!$dbh) { // needed?
102             return $this->_tryNextUser();
103         }
104         if (!$this->isValidName()) {
105             trigger_error(_("Invalid username."),E_USER_WARNING);
106             return $this->_tryNextUser();
107         }
108         $dbi =& $GLOBALS['request']->_dbi;
109         if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
110             try {
111                 $this->_authselect = $dbh->prepare($dbi->getAuthParam('auth_check'));
112             }
113             catch (PDOException $e) {
114                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
115                 return false;
116             }
117         }
118         //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
119         if ( !$dbi->getAuthParam('auth_user_exists')
120              and $this->_auth_crypt_method == 'crypt'
121              and $this->_authselect)
122         {
123             try {
124                 $this->_authselect->bindParam("userid",  $this->_userid, PDO_PARAM_STR, 48);
125                 $this->_authselect->execute();
126             }
127             catch (PDOException $e) {
128                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
129                 return false;
130             }
131             if ($this->_authselect->fetchSingle())
132                 return true;
133         }
134         else {
135             if (! $dbi->getAuthParam('auth_user_exists'))
136                 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
137                               E_USER_WARNING);
138             $this->_authcheck = $dbh->prepare($dbi->getAuthParam('auth_check'));
139             $this->_authcheck->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
140             $this->_authcheck->execute();
141             if ($this->_authcheck->fetchSingle())
142                 return true;
143         }
144         // User does not exist yet.
145         // Maybe the user is allowed to create himself. Generally not wanted in
146         // external databases, but maybe wanted for the wiki database, for performance
147         // reasons
148         if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
149             try {
150                 $this->_authcreate = $dbh->prepare($dbi->getAuthParam('auth_create'));
151             }
152             catch (PDOException $e) {
153                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
154                 return false;
155             }
156         }
157         if (!empty($this->_authcreate) and
158             isset($GLOBALS['HTTP_POST_VARS']['auth']) and
159             isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
160         {
161             $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
162             try {
163                 $this->_authcreate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
164                 $this->_authcreate->bindParam("password", $passwd, PDO_PARAM_STR, 48);
165                 $rs = $this->_authselect->execute();
166             }
167             catch (PDOException $e) {
168                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
169                 return false;
170             }
171             if ($rs)
172                 return true;
173         }
174         return $this->_tryNextUser();
175     }
176
177     function checkPass($submitted_password) {
178         //global $DBAuthParams;
179         $this->getAuthDbh();
180         if (!$this->_auth_dbi) {  // needed?
181             return $this->_tryNextPass($submitted_password);
182         }
183         if (!$this->isValidName()) {
184             return $this->_tryNextPass($submitted_password);
185         }
186         if (!$this->_checkPassLength($submitted_password)) {
187             return WIKIAUTH_FORBIDDEN;
188         }
189         if (!isset($this->_authselect))
190             $this->userExists();
191         if (!isset($this->_authselect))
192             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
193                               'DBAUTH_AUTH_CHECK', 'SQL'),
194                           E_USER_WARNING);
195
196         //NOTE: for auth_crypt_method='crypt'  defined('ENCRYPTED_PASSWD',true) must be set
197         $dbh = &$this->_auth_dbi;
198         if ($this->_auth_crypt_method == 'crypt') {
199             try {
200                 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
201                 $this->_authselect->execute();
202                 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
203             }
204             catch (PDOException $e) {
205                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
206                 return false;
207             }
208             $stored_password = @$rs[0];
209             $result = $this->_checkPass($submitted_password, $stored_password);
210         } else {
211             try {
212                 $this->_authselect->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
213                 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
214                 $this->_authselect->execute();
215                 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
216             }
217             catch (PDOException $e) {
218                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
219                 return false;
220             }
221             $okay = @$rs[0];
222             $result = !empty($okay);
223         }
224
225         if ($result) {
226             $this->_level = WIKIAUTH_USER;
227             return $this->_level;
228         } elseif (USER_AUTH_POLICY === 'strict') {
229             $this->_level = WIKIAUTH_FORBIDDEN;
230             return $this->_level;
231         } else {
232             return $this->_tryNextPass($submitted_password);
233         }
234     }
235
236     function mayChangePass() {
237         return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
238     }
239
240     function storePass($submitted_password) {
241         if (!$this->isValidName()) {
242             return false;
243         }
244         $this->getAuthDbh();
245         $dbh = &$this->_auth_dbi;
246         $dbi =& $GLOBALS['request']->_dbi;
247         if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
248             try {
249                 $this->_authupdate = $dbh->prepare($dbi->getAuthParam('auth_update'));
250             }
251             catch (PDOException $e) {
252                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
253                 return false;
254             }
255         }
256         if (empty($this->_authupdate)) {
257             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
258                               'DBAUTH_AUTH_UPDATE','SQL'),
259                           E_USER_WARNING);
260             return false;
261         }
262
263         if ($this->_auth_crypt_method == 'crypt') {
264             if (function_exists('crypt'))
265                 $submitted_password = crypt($submitted_password);
266         }
267         try {
268             $this->_authupdate->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
269             $this->_authupdate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
270             $this->_authupdate->execute();
271         }
272         catch (PDOException $e) {
273             trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
274             return false;
275         }
276         return true;
277     }
278 }
279
280 // Local Variables:
281 // mode: php
282 // tab-width: 8
283 // c-basic-offset: 4
284 // c-hanging-comment-ender-p: nil
285 // indent-tabs-mode: nil
286 // End:
287 ?>
Unnamed repository; edit this file 'description' to name the repository.