2 rcs_id('$Id: PdoDb.php,v 1.2 2005-06-10 06:12:36 rurban Exp $');
3 /* Copyright (C) 2004, 2005 ReiniUrban
4 * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2)
10 * PDO DB methods (PHP5)
11 * prepare, bind, execute.
12 * We use numrical FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
18 var $_authmethod = 'PDODb';
20 function _PdoDbPassUser($UserName='', $prefs=false) {
22 if (!$this->_prefs and isa($this,"_PdoDbPassUser")) {
23 if ($prefs) $this->_prefs = $prefs;
25 if (!isset($this->_prefs->_method))
26 _PassUser::_PassUser($UserName);
27 elseif (!$this->isValidName($UserName)) {
28 trigger_error(_("Invalid username."), E_USER_WARNING);
31 $this->_userid = $UserName;
32 // make use of session data. generally we only initialize this every time,
33 // but do auth checks only once
34 $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
38 function getPreferences() {
39 // override the generic slow method here for efficiency and not to
40 // clutter the homepage metadata with prefs.
41 _AnonUser::getPreferences();
43 if (isset($this->_prefs->_select)) {
44 $dbh =& $this->_auth_dbi;
45 $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
46 // patched by frederik@pandora.be
47 $prefs = $db_result->fetch(PDO_FETCH_BOTH);
48 $prefs_blob = @$prefs["prefs"];
49 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
50 $updated = $this->_prefs->updatePrefs($restored_from_db);
51 //$this->_prefs = new UserPreferences($restored_from_db);
55 if ($this->_HomePagehandle) {
56 if ($restored_from_page = $this->_prefs->retrieve
57 ($this->_HomePagehandle->get('pref'))) {
58 $updated = $this->_prefs->updatePrefs($restored_from_page);
59 //$this->_prefs = new UserPreferences($restored_from_page);
66 function setPreferences($prefs, $id_only=false) {
67 // if the prefs are changed
68 if ($count = _AnonUser::setPreferences($prefs, 1)) {
70 $packed = $this->_prefs->store();
71 if (!$id_only and isset($this->_prefs->_update)) {
72 $dbh =& $this->_auth_dbi;
74 $sth = $dbh->prepare($this->_prefs->_update);
75 $sth->bindParam("prefs", $packed);
76 $sth->bindParam("user", $this->_userid);
79 catch (PDOException $e) {
80 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
84 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
85 $this->_HomePagehandle->set('pref', '');
87 //store prefs in homepage, not in cookie
88 if ($this->_HomePagehandle and !$id_only)
89 $this->_HomePagehandle->set('pref', $packed);
96 function userExists() {
98 $dbh = &$this->_auth_dbi;
99 if (!$dbh) { // needed?
100 return $this->_tryNextUser();
102 if (!$this->isValidName()) {
103 trigger_error(_("Invalid username."),E_USER_WARNING);
104 return $this->_tryNextUser();
106 $dbi =& $GLOBALS['request']->_dbi;
107 if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
109 $this->_authselect = $dbh->prepare($dbi->getAuthParam('auth_check'));
111 catch (PDOException $e) {
112 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
116 //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
117 if ( !$dbi->getAuthParam('auth_user_exists')
118 and $this->_auth_crypt_method == 'crypt'
119 and $this->_authselect)
122 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
123 $this->_authselect->execute();
125 catch (PDOException $e) {
126 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
129 if ($this->_authselect->fetchSingle())
133 if (! $dbi->getAuthParam('auth_user_exists'))
134 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
136 $this->_authcheck = $dbh->prepare($dbi->getAuthParam('auth_check'));
137 $this->_authcheck->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
138 $this->_authcheck->execute();
139 if ($this->_authcheck->fetchSingle())
142 // User does not exist yet.
143 // Maybe the user is allowed to create himself. Generally not wanted in
144 // external databases, but maybe wanted for the wiki database, for performance
146 if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
148 $this->_authcreate = $dbh->prepare($dbi->getAuthParam('auth_create'));
150 catch (PDOException $e) {
151 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
155 if (!empty($this->_authcreate) and
156 isset($GLOBALS['HTTP_POST_VARS']['auth']) and
157 isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
159 $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
161 $this->_authcreate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
162 $this->_authcreate->bindParam("password", $passwd, PDO_PARAM_STR, 48);
163 $rs = $this->_authselect->execute();
165 catch (PDOException $e) {
166 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
172 return $this->_tryNextUser();
175 function checkPass($submitted_password) {
176 //global $DBAuthParams;
178 if (!$this->_auth_dbi) { // needed?
179 return $this->_tryNextPass($submitted_password);
181 if (!$this->isValidName()) {
182 return $this->_tryNextPass($submitted_password);
184 if (!$this->_checkPassLength($submitted_password)) {
185 return WIKIAUTH_FORBIDDEN;
187 if (!isset($this->_authselect))
189 if (!isset($this->_authselect))
190 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
191 'DBAUTH_AUTH_CHECK', 'SQL'),
194 //NOTE: for auth_crypt_method='crypt' defined('ENCRYPTED_PASSWD',true) must be set
195 $dbh = &$this->_auth_dbi;
196 if ($this->_auth_crypt_method == 'crypt') {
198 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
199 $this->_authselect->execute();
200 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
202 catch (PDOException $e) {
203 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
206 $stored_password = @$rs[0];
207 $result = $this->_checkPass($submitted_password, $stored_password);
210 $this->_authselect->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
211 $this->_authselect->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
212 $this->_authselect->execute();
213 $rs = $this->_authselect->fetch(PDO_FETCH_BOTH);
215 catch (PDOException $e) {
216 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
220 $result = !empty($okay);
224 $this->_level = WIKIAUTH_USER;
225 return $this->_level;
226 } elseif (USER_AUTH_POLICY === 'strict') {
227 $this->_level = WIKIAUTH_FORBIDDEN;
228 return $this->_level;
230 return $this->_tryNextPass($submitted_password);
234 function mayChangePass() {
235 return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
238 function storePass($submitted_password) {
239 if (!$this->isValidName()) {
243 $dbh = &$this->_auth_dbi;
244 $dbi =& $GLOBALS['request']->_dbi;
245 if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
247 $this->_authupdate = $dbh->prepare($dbi->getAuthParam('auth_update'));
249 catch (PDOException $e) {
250 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
254 if (empty($this->_authupdate)) {
255 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
256 'DBAUTH_AUTH_UPDATE','SQL'),
261 if ($this->_auth_crypt_method == 'crypt') {
262 if (function_exists('crypt'))
263 $submitted_password = crypt($submitted_password);
266 $this->_authupdate->bindParam("password", $submitted_password, PDO_PARAM_STR, 48);
267 $this->_authupdate->bindParam("userid", $this->_userid, PDO_PARAM_STR, 48);
268 $this->_authupdate->execute();
270 catch (PDOException $e) {
271 trigger_error("SQL Error: ".$e->getMessage(), E_USER_WARNING);
278 // $Log: not supported by cvs2svn $
279 // Revision 1.1 2005/05/06 16:56:48 rurban
287 // c-hanging-comment-ender-p: nil
288 // indent-tabs-mode: nil