lib/WikiUser/PdoDb.php

   1 <?php //-*-php-*-
   2 // $Id$
   3 /*
   4  * Copyright (C) 2004, 2005 ReiniUrban
   5  *
   6  * This file is part of PhpWiki.
   7  *
   8  * PhpWiki is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * PhpWiki is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License along
  19  * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
  20  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  21  */
  22
  23 include_once("lib/WikiUser/Db.php");
  24
  25 class _PdoDbPassUser
  26 extends _DbPassUser
  27 /**
  28  * PDO DB methods (PHP5)
  29  *   prepare, bind, execute.
  30  * We use numrical FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
  31  *
  32  * @tables: user
  33  * @tables: pref
  34  */
  35 {
  36     var $_authmethod = 'PDODb';
  37
  38     function _PdoDbPassUser($UserName='', $prefs=false) {
  39
  40         if (!$this->_prefs and isa($this,"_PdoDbPassUser")) {
  41             if ($prefs) $this->_prefs = $prefs;
  42         }
  43         if (!isset($this->_prefs->_method))
  44             _PassUser::_PassUser($UserName);
  45         elseif (!$this->isValidName($UserName)) {
  46             trigger_error(_("Invalid username."), E_USER_WARNING);
  47             return false;
  48         }
  49         $this->_userid = $UserName;
  50         // make use of session data. generally we only initialize this every time,
  51         // but do auth checks only once
  52         $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
  53         return $this;
  54     }
  55
  56     function getPreferences() {
  57         // override the generic slow method here for efficiency and not to
  58         // clutter the homepage metadata with prefs.
  59         _AnonUser::getPreferences();
  60         $this->getAuthDbh();
  61         if (isset($this->_prefs->_select)) {
  62             $dbh =& $this->_auth_dbi;
  63             $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
  64             // patched by frederik@pandora.be
  65             $prefs = $db_result->fetch(PDO_FETCH_BOTH);
  66             $prefs_blob = @$prefs["prefs"];
  67             if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
  68                 $updated = $this->_prefs->updatePrefs($restored_from_db);
  69                 //$this->_prefs = new UserPreferences($restored_from_db);
  70                 return $this->_prefs;
  71             }
  72         }
  73         if ($this->_HomePagehandle) {
  74             if ($restored_from_page = $this->_prefs->retrieve
  75                 ($this->_HomePagehandle->get('pref'))) {
  76                 $updated = $this->_prefs->updatePrefs($restored_from_page);
  77                 //$this->_prefs = new UserPreferences($restored_from_page);
  78                 return $this->_prefs;
  79             }
  80         }
  81         return $this->_prefs;
  82     }
  83
  84     function setPreferences($prefs, $id_only=false) {
  85         // if the prefs are changed
  86         if ($count = _AnonUser::setPreferences($prefs, 1)) {
  87             $this->getAuthDbh();
  88             $packed = $this->_prefs->store();
  89             if (!$id_only and isset($this->_prefs->_update)) {
  90                 $dbh =& $this->_auth_dbi;
  91                 try {
  92                     $sth = $dbh->prepare($this->_prefs->_update);
  93                     $sth->bindParam("prefs", $packed);
  94                     $sth->bindParam("user",  $this->_userid);
  95                     $sth->execute();
  96                 }
  97                 catch (PDOException $e) {
  98                     trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
  99                     return false;
 100                 }
 101                 //delete pageprefs:
 102                 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
 103                     $this->_HomePagehandle->set('pref', '');
 104             } else {
 105                 //store prefs in homepage, not in cookie
 106                 if ($this->_HomePagehandle and !$id_only)
 107                     $this->_HomePagehandle->set('pref', $packed);
 108             }
 109             return $count;
 110         }
 111         return 0;
 112     }
 113
 114     function userExists() {
 115         $this->getAuthDbh();
 116         $dbh = &$this->_auth_dbi;
 117         if (!$dbh) { // needed?
 118             return $this->_tryNextUser();
 119         }
 120         if (!$this->isValidName()) {
 121             trigger_error(_("Invalid username."),E_USER_WARNING);
 122             return $this->_tryNextUser();
 123         }
 124         $dbi =& $GLOBALS['request']->_dbi;
 125         if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
 126             try {
 127                 $this->_authselect = $dbh->prepare($dbi->getAuthParam('auth_check'));
 128             }
 129             catch (PDOException $e) {
 130                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
 131                 return false;
 132             }
 133         }
 134         //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
 135         if ( !$dbi->getAuthParam('auth_user_exists')
 136              and $this->_auth_crypt_method == 'crypt'
 137              and $this->_authselect)
 138         {
 139             try {
 140                 $this->_authselect->bindParam("userid",  $this->_userid, PDO_PARAM_STR, 48);
 141                 $this->_authselect->execute();
 142             }
 143             catch (PDOException $e) {
 144                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
 145                 return false;
 146             }
 147             if ($this->_authselect->fetchSingle())
 148                 return true;
 149         }
 150         else {
 151             if (! $dbi->getAuthParam('auth_user_exists'))
 152                 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
 153                               E_USER_WARNING);
 154             $this->_authcheck = $dbh->prepare($dbi->getAuthParam('auth_check'));
 155             $this->_authcheck->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
 156             $this->_authcheck->execute();
 157             if ($this->_authcheck->fetchSingle())
 158                 return true;
 159         }
 160         // User does not exist yet.
 161         // Maybe the user is allowed to create himself. Generally not wanted in
 162         // external databases, but maybe wanted for the wiki database, for performance
 163         // reasons
 164         if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
 165             try {
 166                 $this->_authcreate = $dbh->prepare($dbi->getAuthParam('auth_create'));
 167             }
 168             catch (PDOException $e) {
 169                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
 170                 return false;
 171             }
 172         }
 173         if (!empty($this->_authcreate) and
 174             isset($GLOBALS['HTTP_POST_VARS']['auth']) and
 175             isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
 176         {
 177             $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
 178             try {
 179                 $this->_authcreate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
 180                 $this->_authcreate->bindParam("password", $passwd, PDO_PARAM_STR, 48);
 181                 $rs = $this->_authselect->execute();
 182             }
 183             catch (PDOException $e) {
 184                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
 185                 return false;
 186             }
 187             if ($rs)
 188                 return true;
 189         }
 190         return $this->_tryNextUser();
 191     }
 192
 193     function checkPass($submitted_password) {
 194         //global $DBAuthParams;
 195         $this->getAuthDbh();
 196         if (!$this->_auth_dbi) {  // needed?
 197             return $this->_tryNextPass($submitted_password);
 198         }
 199         if (!$this->isValidName()) {
 200             return $this->_tryNextPass($submitted_password);
 201         }
 202         if (!$this->_checkPassLength($submitted_password)) {
 203             return WIKIAUTH_FORBIDDEN;
 204         }
 205         if (!isset($this->_authselect))
 206             $this->userExists();
 207         if (!isset($this->_authselect))
 208             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 209                               'DBAUTH_AUTH_CHECK', 'SQL'),
 210                           E_USER_WARNING);
 211
 212         //NOTE: for auth_crypt_method='crypt'  defined('ENCRYPTED_PASSWD',true) must be set
 213         $dbh = &$this->_auth_dbi;
 214         if ($this->_auth_crypt_method == 'crypt') {
 215             try {
 216                 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
 217                 $this->_authselect->execute();
 218                 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
 219             }
 220             catch (PDOException $e) {
 221                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
 222                 return false;
 223             }
 224             $stored_password = @$rs[0];
 225             $result = $this->_checkPass($submitted_password, $stored_password);
 226         } else {
 227             try {
 228                 $this->_authselect->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
 229                 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
 230                 $this->_authselect->execute();
 231                 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
 232             }
 233             catch (PDOException $e) {
 234                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
 235                 return false;
 236             }
 237             $okay = @$rs[0];
 238             $result = !empty($okay);
 239         }
 240
 241         if ($result) {
 242             $this->_level = WIKIAUTH_USER;
 243             return $this->_level;
 244         } elseif (USER_AUTH_POLICY === 'strict') {
 245             $this->_level = WIKIAUTH_FORBIDDEN;
 246             return $this->_level;
 247         } else {
 248             return $this->_tryNextPass($submitted_password);
 249         }
 250     }
 251
 252     function mayChangePass() {
 253         return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
 254     }
 255
 256     function storePass($submitted_password) {
 257         if (!$this->isValidName()) {
 258             return false;
 259         }
 260         $this->getAuthDbh();
 261         $dbh = &$this->_auth_dbi;
 262         $dbi =& $GLOBALS['request']->_dbi;
 263         if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
 264             try {
 265                 $this->_authupdate = $dbh->prepare($dbi->getAuthParam('auth_update'));
 266             }
 267             catch (PDOException $e) {
 268                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
 269                 return false;
 270             }
 271         }
 272         if (empty($this->_authupdate)) {
 273             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 274                               'DBAUTH_AUTH_UPDATE','SQL'),
 275                           E_USER_WARNING);
 276             return false;
 277         }
 278
 279         if ($this->_auth_crypt_method == 'crypt') {
 280             if (function_exists('crypt'))
 281                 $submitted_password = crypt($submitted_password);
 282         }
 283         try {
 284             $this->_authupdate->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
 285             $this->_authupdate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
 286             $this->_authupdate->execute();
 287         }
 288         catch (PDOException $e) {
 289             trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
 290             return false;
 291         }
 292         return true;
 293     }
 294 }
 295
 296 // Local Variables:
 297 // mode: php
 298 // tab-width: 8
 299 // c-basic-offset: 4
 300 // c-hanging-comment-ender-p: nil
 301 // indent-tabs-mode: nil
 302 // End:
 303 ?>