]> CyberLeo.Net >> Repos - SourceForge/phpwiki.git/blob - lib/WikiUser/PdoDb.php
projects / SourceForge / phpwiki.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
finish missing db calls
[SourceForge/phpwiki.git] / lib / WikiUser / PdoDb.php
1 <?php //-*-php-*-
2 rcs_id('$Id: PdoDb.php,v 1.2 2005-06-10 06:12:36 rurban Exp $');
3 /* Copyright (C) 2004, 2005 ReiniUrban
4  * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2)
5  */
6
7 class _PdoDbPassUser
8 extends _DbPassUser
9 /**
10  * PDO DB methods (PHP5)
11  *   prepare, bind, execute.
12  * We use numrical FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
13  *
14  * @tables: user
15  * @tables: pref
16  */
17 {
18     var $_authmethod = 'PDODb';
19
20     function _PdoDbPassUser($UserName='', $prefs=false) {
21
22         if (!$this->_prefs and isa($this,"_PdoDbPassUser")) {
23             if ($prefs) $this->_prefs = $prefs;
24         }
25         if (!isset($this->_prefs->_method))
26             _PassUser::_PassUser($UserName);
27         elseif (!$this->isValidName($UserName)) {
28             trigger_error(_("Invalid username."), E_USER_WARNING);
29             return false;
30         }
31         $this->_userid = $UserName;
32         // make use of session data. generally we only initialize this every time, 
33         // but do auth checks only once
34         $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
35         return $this;
36     }
37
38     function getPreferences() {
39         // override the generic slow method here for efficiency and not to 
40         // clutter the homepage metadata with prefs.
41         _AnonUser::getPreferences();
42         $this->getAuthDbh();
43         if (isset($this->_prefs->_select)) {
44             $dbh =& $this->_auth_dbi;
45             $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
46             // patched by frederik@pandora.be
47             $prefs = $db_result->fetch(PDO_FETCH_BOTH);
48             $prefs_blob = @$prefs["prefs"]; 
49             if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
50                 $updated = $this->_prefs->updatePrefs($restored_from_db);
51                 //$this->_prefs = new UserPreferences($restored_from_db);
52                 return $this->_prefs;
53             }
54         }
55         if ($this->_HomePagehandle) {
56             if ($restored_from_page = $this->_prefs->retrieve
57                 ($this->_HomePagehandle->get('pref'))) {
58                 $updated = $this->_prefs->updatePrefs($restored_from_page);
59                 //$this->_prefs = new UserPreferences($restored_from_page);
60                 return $this->_prefs;
61             }
62         }
63         return $this->_prefs;
64     }
65
66     function setPreferences($prefs, $id_only=false) {
67         // if the prefs are changed
68         if ($count = _AnonUser::setPreferences($prefs, 1)) {
69             $this->getAuthDbh();
70             $packed = $this->_prefs->store();
71             if (!$id_only and isset($this->_prefs->_update)) {
72                 $dbh =& $this->_auth_dbi;
73                 try {
74                     $sth = $dbh->prepare($this->_prefs->_update);
75                     $sth->bindParam("prefs", $packed);
76                     $sth->bindParam("user",  $this->_userid);
77                     $sth->execute();
78                 }
79                 catch (PDOException $e) {
80                     trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
81                     return false;
82                 }
83                 //delete pageprefs:
84                 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
85                     $this->_HomePagehandle->set('pref', '');
86             } else {
87                 //store prefs in homepage, not in cookie
88                 if ($this->_HomePagehandle and !$id_only)
89                     $this->_HomePagehandle->set('pref', $packed);
90             }
91             return $count;
92         }
93         return 0;
94     }
95
96     function userExists() {
97         $this->getAuthDbh();
98         $dbh = &$this->_auth_dbi;
99         if (!$dbh) { // needed?
100             return $this->_tryNextUser();
101         }
102         if (!$this->isValidName()) {
103             trigger_error(_("Invalid username."),E_USER_WARNING);
104             return $this->_tryNextUser();
105         }
106         $dbi =& $GLOBALS['request']->_dbi;
107         if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
108             try {
109                 $this->_authselect = $dbh->prepare($dbi->getAuthParam('auth_check'));
110             }
111             catch (PDOException $e) {
112                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
113                 return false;
114             }
115         }
116         //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
117         if ( !$dbi->getAuthParam('auth_user_exists') 
118              and $this->_auth_crypt_method == 'crypt'
119              and $this->_authselect)
120         {
121             try {
122                 $this->_authselect->bindParam("userid",  $this->_userid, PDO_PARAM_STR, 48);
123                 $this->_authselect->execute();
124             }
125             catch (PDOException $e) {
126                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
127                 return false;
128             }
129             if ($this->_authselect->fetchSingle())
130                 return true;
131         }
132         else {
133             if (! $dbi->getAuthParam('auth_user_exists'))
134                 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
135                               E_USER_WARNING);
136             $this->_authcheck = $dbh->prepare($dbi->getAuthParam('auth_check'));
137             $this->_authcheck->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
138             $this->_authcheck->execute();
139             if ($this->_authcheck->fetchSingle())
140                 return true;
141         }
142         // User does not exist yet.
143         // Maybe the user is allowed to create himself. Generally not wanted in 
144         // external databases, but maybe wanted for the wiki database, for performance 
145         // reasons
146         if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
147             try {
148                 $this->_authcreate = $dbh->prepare($dbi->getAuthParam('auth_create'));
149             }
150             catch (PDOException $e) {
151                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
152                 return false;
153             }
154         }
155         if (!empty($this->_authcreate) and 
156             isset($GLOBALS['HTTP_POST_VARS']['auth']) and
157             isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])) 
158         {
159             $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
160             try {
161                 $this->_authcreate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
162                 $this->_authcreate->bindParam("password", $passwd, PDO_PARAM_STR, 48);
163                 $rs = $this->_authselect->execute();
164             }
165             catch (PDOException $e) {
166                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
167                 return false;
168             }
169             if ($rs)
170                 return true;
171         }
172         return $this->_tryNextUser();
173     }
174  
175     function checkPass($submitted_password) {
176         //global $DBAuthParams;
177         $this->getAuthDbh();
178         if (!$this->_auth_dbi) {  // needed?
179             return $this->_tryNextPass($submitted_password);
180         }
181         if (!$this->isValidName()) {
182             return $this->_tryNextPass($submitted_password);
183         }
184         if (!$this->_checkPassLength($submitted_password)) {
185             return WIKIAUTH_FORBIDDEN;
186         }
187         if (!isset($this->_authselect))
188             $this->userExists();
189         if (!isset($this->_authselect))
190             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
191                               'DBAUTH_AUTH_CHECK', 'SQL'),
192                           E_USER_WARNING);
193
194         //NOTE: for auth_crypt_method='crypt'  defined('ENCRYPTED_PASSWD',true) must be set
195         $dbh = &$this->_auth_dbi;
196         if ($this->_auth_crypt_method == 'crypt') {
197             try {
198                 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
199                 $this->_authselect->execute();
200                 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
201             }
202             catch (PDOException $e) {
203                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
204                 return false;
205             }
206             $stored_password = @$rs[0];
207             $result = $this->_checkPass($submitted_password, $stored_password);
208         } else {
209             try {
210                 $this->_authselect->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
211                 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
212                 $this->_authselect->execute();
213                 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
214             }
215             catch (PDOException $e) {
216                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
217                 return false;
218             }
219             $okay = @$rs[0];
220             $result = !empty($okay);
221         }
222
223         if ($result) {
224             $this->_level = WIKIAUTH_USER;
225             return $this->_level;
226         } elseif (USER_AUTH_POLICY === 'strict') {
227             $this->_level = WIKIAUTH_FORBIDDEN;
228             return $this->_level;
229         } else {
230             return $this->_tryNextPass($submitted_password);
231         }
232     }
233
234     function mayChangePass() {
235         return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
236     }
237
238     function storePass($submitted_password) {
239         if (!$this->isValidName()) {
240             return false;
241         }
242         $this->getAuthDbh();
243         $dbh = &$this->_auth_dbi;
244         $dbi =& $GLOBALS['request']->_dbi;
245         if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
246             try {
247                 $this->_authupdate = $dbh->prepare($dbi->getAuthParam('auth_update'));
248             }
249             catch (PDOException $e) {
250                 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
251                 return false;
252             }
253         }
254         if (empty($this->_authupdate)) {
255             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
256                               'DBAUTH_AUTH_UPDATE','SQL'),
257                           E_USER_WARNING);
258             return false;
259         }
260
261         if ($this->_auth_crypt_method == 'crypt') {
262             if (function_exists('crypt'))
263                 $submitted_password = crypt($submitted_password);
264         }
265         try {
266             $this->_authupdate->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
267             $this->_authupdate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
268             $this->_authupdate->execute();
269         }
270         catch (PDOException $e) {
271             trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
272             return false;
273         }
274         return true;
275     }
276 }
277
278 // $Log: not supported by cvs2svn $
279 // Revision 1.1  2005/05/06 16:56:48  rurban
280 // add PdoDbPassUser
281 //
282
283 // Local Variables:
284 // mode: php
285 // tab-width: 8
286 // c-basic-offset: 4
287 // c-hanging-comment-ender-p: nil
288 // indent-tabs-mode: nil
289 // End:
290 ?>
Unnamed repository; edit this file 'description' to name the repository.