4 * Copyright (C) 2004, 2005 ReiniUrban
6 * This file is part of PhpWiki.
8 * PhpWiki is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * PhpWiki is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License along
19 * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 include_once 'lib/WikiUser/Db.php';
28 * PDO DB methods (PHP5)
29 * prepare, bind, execute.
30 * We use numrical FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
36 var $_authmethod = 'PDODb';
38 function _PdoDbPassUser($UserName = '', $prefs = false)
41 if (!$this->_prefs and isa($this, "_PdoDbPassUser")) {
42 if ($prefs) $this->_prefs = $prefs;
44 if (!isset($this->_prefs->_method))
45 _PassUser::_PassUser($UserName);
46 elseif (!$this->isValidName($UserName)) {
47 trigger_error(_("Invalid username."), E_USER_WARNING);
50 $this->_userid = $UserName;
51 // make use of session data. generally we only initialize this every time,
52 // but do auth checks only once
53 $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
57 function getPreferences()
59 // override the generic slow method here for efficiency and not to
60 // clutter the homepage metadata with prefs.
61 _AnonUser::getPreferences();
63 if (isset($this->_prefs->_select)) {
64 $dbh =& $this->_auth_dbi;
65 $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
66 // patched by frederik@pandora.be
67 $prefs = $db_result->fetch(PDO_FETCH_BOTH);
68 $prefs_blob = @$prefs["prefs"];
69 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
70 $updated = $this->_prefs->updatePrefs($restored_from_db);
71 //$this->_prefs = new UserPreferences($restored_from_db);
75 if ($this->_HomePagehandle) {
76 if ($restored_from_page = $this->_prefs->retrieve
77 ($this->_HomePagehandle->get('pref'))
79 $updated = $this->_prefs->updatePrefs($restored_from_page);
80 //$this->_prefs = new UserPreferences($restored_from_page);
87 function setPreferences($prefs, $id_only = false)
89 // if the prefs are changed
90 if ($count = _AnonUser::setPreferences($prefs, 1)) {
92 $packed = $this->_prefs->store();
93 if (!$id_only and isset($this->_prefs->_update)) {
94 $dbh =& $this->_auth_dbi;
96 $sth = $dbh->prepare($this->_prefs->_update);
97 $sth->bindParam("prefs", $packed);
98 $sth->bindParam("user", $this->_userid);
100 } catch (PDOException $e) {
101 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
105 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
106 $this->_HomePagehandle->set('pref', '');
108 //store prefs in homepage, not in cookie
109 if ($this->_HomePagehandle and !$id_only)
110 $this->_HomePagehandle->set('pref', $packed);
117 function userExists()
120 $dbh = &$this->_auth_dbi;
121 if (!$dbh) { // needed?
122 return $this->_tryNextUser();
124 if (!$this->isValidName()) {
125 trigger_error(_("Invalid username."), E_USER_WARNING);
126 return $this->_tryNextUser();
128 $dbi =& $GLOBALS['request']->_dbi;
129 if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
131 $this->_authselect = $dbh->prepare($dbi->getAuthParam('auth_check'));
132 } catch (PDOException $e) {
133 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
137 //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
138 if (!$dbi->getAuthParam('auth_user_exists')
139 and $this->_auth_crypt_method == 'crypt'
140 and $this->_authselect
143 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
144 $this->_authselect->execute();
145 } catch (PDOException $e) {
146 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
149 if ($this->_authselect->fetchSingle())
152 if (!$dbi->getAuthParam('auth_user_exists'))
153 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
155 $this->_authcheck = $dbh->prepare($dbi->getAuthParam('auth_check'));
156 $this->_authcheck->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
157 $this->_authcheck->execute();
158 if ($this->_authcheck->fetchSingle())
161 // User does not exist yet.
162 // Maybe the user is allowed to create himself. Generally not wanted in
163 // external databases, but maybe wanted for the wiki database, for performance
165 if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
167 $this->_authcreate = $dbh->prepare($dbi->getAuthParam('auth_create'));
168 } catch (PDOException $e) {
169 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
173 if (!empty($this->_authcreate) and
174 isset($GLOBALS['HTTP_POST_VARS']['auth']) and
175 isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])
177 $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
179 $this->_authcreate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
180 $this->_authcreate->bindParam("password", $passwd, PDO_PARAM_STR, 48);
181 $rs = $this->_authselect->execute();
182 } catch (PDOException $e) {
183 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
189 return $this->_tryNextUser();
192 function checkPass($submitted_password)
194 //global $DBAuthParams;
196 if (!$this->_auth_dbi) { // needed?
197 return $this->_tryNextPass($submitted_password);
199 if (!$this->isValidName()) {
200 return $this->_tryNextPass($submitted_password);
202 if (!$this->_checkPassLength($submitted_password)) {
203 return WIKIAUTH_FORBIDDEN;
205 if (!isset($this->_authselect))
207 if (!isset($this->_authselect))
208 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
209 'DBAUTH_AUTH_CHECK', 'SQL'),
212 //NOTE: for auth_crypt_method='crypt' defined('ENCRYPTED_PASSWD',true) must be set
213 $dbh = &$this->_auth_dbi;
214 if ($this->_auth_crypt_method == 'crypt') {
216 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
217 $this->_authselect->execute();
218 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
219 } catch (PDOException $e) {
220 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
223 $stored_password = @$rs[0];
224 $result = $this->_checkPass($submitted_password, $stored_password);
227 $this->_authselect->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
228 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
229 $this->_authselect->execute();
230 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
231 } catch (PDOException $e) {
232 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
236 $result = !empty($okay);
240 $this->_level = WIKIAUTH_USER;
241 return $this->_level;
242 } elseif (USER_AUTH_POLICY === 'strict') {
243 $this->_level = WIKIAUTH_FORBIDDEN;
244 return $this->_level;
246 return $this->_tryNextPass($submitted_password);
250 function mayChangePass()
252 return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
255 function storePass($submitted_password)
257 if (!$this->isValidName()) {
261 $dbh = &$this->_auth_dbi;
262 $dbi =& $GLOBALS['request']->_dbi;
263 if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
265 $this->_authupdate = $dbh->prepare($dbi->getAuthParam('auth_update'));
266 } catch (PDOException $e) {
267 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
271 if (empty($this->_authupdate)) {
272 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
273 'DBAUTH_AUTH_UPDATE', 'SQL'),
278 if ($this->_auth_crypt_method == 'crypt') {
279 if (function_exists('crypt'))
280 $submitted_password = crypt($submitted_password);
283 $this->_authupdate->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
284 $this->_authupdate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
285 $this->_authupdate->execute();
286 } catch (PDOException $e) {
287 trigger_error("SQL Error: " . $e->getMessage(), E_USER_WARNING);
298 // c-hanging-comment-ender-p: nil
299 // indent-tabs-mode: nil