4 * Copyright (C) 2004, 2005 ReiniUrban
6 * This file is part of PhpWiki.
8 * PhpWiki is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * PhpWiki is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License along
19 * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 include_once("lib/WikiUser/Db.php");
28 * PDO DB methods (PHP5)
29 * prepare, bind, execute.
30 * We use numrical FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
36 var $_authmethod = 'PDODb';
38 function _PdoDbPassUser($UserName='', $prefs=false) {
40 if (!$this->_prefs and isa($this,"_PdoDbPassUser")) {
41 if ($prefs) $this->_prefs = $prefs;
43 if (!isset($this->_prefs->_method))
44 _PassUser::_PassUser($UserName);
45 elseif (!$this->isValidName($UserName)) {
46 trigger_error(_("Invalid username."), E_USER_WARNING);
49 $this->_userid = $UserName;
50 // make use of session data. generally we only initialize this every time,
51 // but do auth checks only once
52 $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
56 function getPreferences() {
57 // override the generic slow method here for efficiency and not to
58 // clutter the homepage metadata with prefs.
59 _AnonUser::getPreferences();
61 if (isset($this->_prefs->_select)) {
62 $dbh =& $this->_auth_dbi;
63 $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
64 // patched by frederik@pandora.be
65 $prefs = $db_result->fetch(PDO_FETCH_BOTH);
66 $prefs_blob = @$prefs["prefs"];
67 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
68 $updated = $this->_prefs->updatePrefs($restored_from_db);
69 //$this->_prefs = new UserPreferences($restored_from_db);
73 if ($this->_HomePagehandle) {
74 if ($restored_from_page = $this->_prefs->retrieve
75 ($this->_HomePagehandle->get('pref'))) {
76 $updated = $this->_prefs->updatePrefs($restored_from_page);
77 //$this->_prefs = new UserPreferences($restored_from_page);
84 function setPreferences($prefs, $id_only=false) {
85 // if the prefs are changed
86 if ($count = _AnonUser::setPreferences($prefs, 1)) {
88 $packed = $this->_prefs->store();
89 if (!$id_only and isset($this->_prefs->_update)) {
90 $dbh =& $this->_auth_dbi;
92 $sth = $dbh->prepare($this->_prefs->_update);
93 $sth->bindParam("prefs", $packed);
94 $sth->bindParam("user", $this->_userid);
97 catch (PDOException $e) {
98 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
102 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
103 $this->_HomePagehandle->set('pref', '');
105 //store prefs in homepage, not in cookie
106 if ($this->_HomePagehandle and !$id_only)
107 $this->_HomePagehandle->set('pref', $packed);
114 function userExists() {
116 $dbh = &$this->_auth_dbi;
117 if (!$dbh) { // needed?
118 return $this->_tryNextUser();
120 if (!$this->isValidName()) {
121 trigger_error(_("Invalid username."),E_USER_WARNING);
122 return $this->_tryNextUser();
124 $dbi =& $GLOBALS['request']->_dbi;
125 if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
127 $this->_authselect = $dbh->prepare($dbi->getAuthParam('auth_check'));
129 catch (PDOException $e) {
130 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
134 //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
135 if ( !$dbi->getAuthParam('auth_user_exists')
136 and $this->_auth_crypt_method == 'crypt'
137 and $this->_authselect)
140 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
141 $this->_authselect->execute();
143 catch (PDOException $e) {
144 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
147 if ($this->_authselect->fetchSingle())
151 if (! $dbi->getAuthParam('auth_user_exists'))
152 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
154 $this->_authcheck = $dbh->prepare($dbi->getAuthParam('auth_check'));
155 $this->_authcheck->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
156 $this->_authcheck->execute();
157 if ($this->_authcheck->fetchSingle())
160 // User does not exist yet.
161 // Maybe the user is allowed to create himself. Generally not wanted in
162 // external databases, but maybe wanted for the wiki database, for performance
164 if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
166 $this->_authcreate = $dbh->prepare($dbi->getAuthParam('auth_create'));
168 catch (PDOException $e) {
169 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
173 if (!empty($this->_authcreate) and
174 isset($GLOBALS['HTTP_POST_VARS']['auth']) and
175 isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
177 $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
179 $this->_authcreate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
180 $this->_authcreate->bindParam("password", $passwd, PDO_PARAM_STR, 48);
181 $rs = $this->_authselect->execute();
183 catch (PDOException $e) {
184 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
190 return $this->_tryNextUser();
193 function checkPass($submitted_password) {
194 //global $DBAuthParams;
196 if (!$this->_auth_dbi) { // needed?
197 return $this->_tryNextPass($submitted_password);
199 if (!$this->isValidName()) {
200 return $this->_tryNextPass($submitted_password);
202 if (!$this->_checkPassLength($submitted_password)) {
203 return WIKIAUTH_FORBIDDEN;
205 if (!isset($this->_authselect))
207 if (!isset($this->_authselect))
208 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
209 'DBAUTH_AUTH_CHECK', 'SQL'),
212 //NOTE: for auth_crypt_method='crypt' defined('ENCRYPTED_PASSWD',true) must be set
213 $dbh = &$this->_auth_dbi;
214 if ($this->_auth_crypt_method == 'crypt') {
216 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
217 $this->_authselect->execute();
218 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
220 catch (PDOException $e) {
221 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
224 $stored_password = @$rs[0];
225 $result = $this->_checkPass($submitted_password, $stored_password);
228 $this->_authselect->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
229 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
230 $this->_authselect->execute();
231 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
233 catch (PDOException $e) {
234 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
238 $result = !empty($okay);
242 $this->_level = WIKIAUTH_USER;
243 return $this->_level;
244 } elseif (USER_AUTH_POLICY === 'strict') {
245 $this->_level = WIKIAUTH_FORBIDDEN;
246 return $this->_level;
248 return $this->_tryNextPass($submitted_password);
252 function mayChangePass() {
253 return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
256 function storePass($submitted_password) {
257 if (!$this->isValidName()) {
261 $dbh = &$this->_auth_dbi;
262 $dbi =& $GLOBALS['request']->_dbi;
263 if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
265 $this->_authupdate = $dbh->prepare($dbi->getAuthParam('auth_update'));
267 catch (PDOException $e) {
268 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
272 if (empty($this->_authupdate)) {
273 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
274 'DBAUTH_AUTH_UPDATE','SQL'),
279 if ($this->_auth_crypt_method == 'crypt') {
280 if (function_exists('crypt'))
281 $submitted_password = crypt($submitted_password);
284 $this->_authupdate->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
285 $this->_authupdate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
286 $this->_authupdate->execute();
288 catch (PDOException $e) {
289 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
300 // c-hanging-comment-ender-p: nil
301 // indent-tabs-mode: nil