lib/WikiUser/PearDb.php

   1 <?php
   2
   3 /*
   4  * Copyright (C) 2004 ReiniUrban
   5  *
   6  * This file is part of PhpWiki.
   7  *
   8  * PhpWiki is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * PhpWiki is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License along
  19  * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
  20  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  21  */
  22 include_once 'lib/WikiUser/Db.php';
  23
  24 class _PearDbPassUser
  25     extends _DbPassUser
  26     /**
  27      * Pear DB methods
  28      * Now optimized not to use prepare, ...query(sprintf($sql,quote())) instead.
  29      * We use FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
  30      *
  31      * @tables: pref
  32      */
  33 {
  34     public $_authmethod = 'PearDb';
  35
  36     function _PearDbPassUser($UserName = '', $prefs = false)
  37     {
  38         //global $DBAuthParams;
  39         if (!$this->_prefs and isa($this, "_PearDbPassUser")) {
  40             if ($prefs) $this->_prefs = $prefs;
  41         }
  42         if (!isset($this->_prefs->_method))
  43             _PassUser::_PassUser($UserName);
  44         elseif (!$this->isValidName($UserName)) {
  45             trigger_error(_("Invalid username."), E_USER_WARNING);
  46             return false;
  47         }
  48         $this->_userid = $UserName;
  49         // make use of session data. generally we only initialize this every time,
  50         // but do auth checks only once
  51         $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
  52         return $this;
  53     }
  54
  55     function getPreferences()
  56     {
  57         // override the generic slow method here for efficiency and not to
  58         // clutter the homepage metadata with prefs.
  59         _AnonUser::getPreferences();
  60         $this->getAuthDbh();
  61         if (isset($this->_prefs->_select)) {
  62             $dbh = &$this->_auth_dbi;
  63             $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
  64             // patched by frederik@pandora.be
  65             $prefs = $db_result->fetchRow();
  66             $prefs_blob = @$prefs["prefs"];
  67             if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
  68                 $this->_prefs->updatePrefs($restored_from_db);
  69                 return $this->_prefs;
  70             }
  71         }
  72         if (isset($this->_HomePagehandle) && $this->_HomePagehandle) {
  73             if ($restored_from_page = $this->_prefs->retrieve
  74             ($this->_HomePagehandle->get('pref'))
  75             ) {
  76                 $this->_prefs->updatePrefs($restored_from_page);
  77                 return $this->_prefs;
  78             }
  79         }
  80         return $this->_prefs;
  81     }
  82
  83     function setPreferences($prefs, $id_only = false)
  84     {
  85         // if the prefs are changed
  86         if ($count = _AnonUser::setPreferences($prefs, 1)) {
  87             //global $request;
  88             //$user = $request->_user;
  89             //unset($user->_auth_dbi);
  90             // this must be done in $request->_setUser, not here!
  91             //$request->setSessionVar('wiki_user', $user);
  92             $this->getAuthDbh();
  93             $packed = $this->_prefs->store();
  94             if (!$id_only and isset($this->_prefs->_update)) {
  95                 $dbh = &$this->_auth_dbi;
  96                 // check if the user already exists (not needed with mysql REPLACE)
  97                 $db_result = $dbh->query(sprintf($this->_prefs->_select,
  98                     $dbh->quote($this->_userid)));
  99                 $prefs = $db_result->fetchRow();
 100                 $prefs_blob = @$prefs["prefs"];
 101                 // If there are prefs for the user, update them.
 102                 if ($prefs_blob != "") {
 103                     $dbh->simpleQuery(sprintf($this->_prefs->_update,
 104                         $dbh->quote($packed),
 105                         $dbh->quote($this->_userid)));
 106                 } else {
 107                     // Otherwise, insert a record for them and set it to the defaults.
 108                     // johst@deakin.edu.au
 109                     $dbi = $GLOBALS['request']->getDbh();
 110                     $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'),
 111                         array("pref_blob", "userid"));
 112                     $dbh->simpleQuery(sprintf($this->_prefs->_insert,
 113                         $dbh->quote($packed), $dbh->quote($this->_userid)));
 114                 }
 115                 //delete pageprefs:
 116                 if (isset($this->_HomePagehandle) && $this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
 117                     $this->_HomePagehandle->set('pref', '');
 118             } else {
 119                 //store prefs in homepage, not in cookie
 120                 if (isset($this->_HomePagehandle) && $this->_HomePagehandle and !$id_only)
 121                     $this->_HomePagehandle->set('pref', $packed);
 122             }
 123             return $count; //count($this->_prefs->unpack($packed));
 124         }
 125         return 0;
 126     }
 127
 128     function userExists()
 129     {
 130         //global $DBAuthParams;
 131         $this->getAuthDbh();
 132         $dbh = &$this->_auth_dbi;
 133         if (!$dbh) { // needed?
 134             return $this->_tryNextUser();
 135         }
 136         if (!$this->isValidName()) {
 137             trigger_error(_("Invalid username."), E_USER_WARNING);
 138             return $this->_tryNextUser();
 139         }
 140         $dbi =& $GLOBALS['request']->_dbi;
 141         // Prepare the configured auth statements
 142         if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
 143             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
 144                 array("password", "userid"));
 145         }
 146         //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
 147         if (!$dbi->getAuthParam('auth_user_exists')
 148             and $this->_auth_crypt_method == 'crypt'
 149                 and $this->_authselect
 150         ) {
 151             $rs = $dbh->query(sprintf($this->_authselect, $dbh->quote($this->_userid)));
 152             if ($rs->numRows())
 153                 return true;
 154         } else {
 155             if (!$dbi->getAuthParam('auth_user_exists'))
 156                 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
 157                     E_USER_WARNING);
 158             $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'), "userid");
 159             $rs = $dbh->query(sprintf($this->_authcheck, $dbh->quote($this->_userid)));
 160             if ($rs->numRows())
 161                 return true;
 162         }
 163         // User does not exist yet.
 164         // Maybe the user is allowed to create himself. Generally not wanted in
 165         // external databases, but maybe wanted for the wiki database, for performance
 166         // reasons
 167         if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
 168             $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
 169                 array("password", "userid"));
 170         }
 171         if (!empty($this->_authcreate) and
 172             isset($GLOBALS['HTTP_POST_VARS']['auth']) and
 173                 isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])
 174         ) {
 175             $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
 176             $dbh->simpleQuery(sprintf($this->_authcreate,
 177                 $dbh->quote($passwd),
 178                 $dbh->quote($this->_userid)));
 179             return true;
 180         }
 181         return $this->_tryNextUser();
 182     }
 183
 184     function checkPass($submitted_password)
 185     {
 186         //global $DBAuthParams;
 187         $this->getAuthDbh();
 188         if (!$this->_auth_dbi) { // needed?
 189             return $this->_tryNextPass($submitted_password);
 190         }
 191         if (!$this->isValidName()) {
 192             return $this->_tryNextPass($submitted_password);
 193         }
 194         if (!$this->_checkPassLength($submitted_password)) {
 195             return WIKIAUTH_FORBIDDEN;
 196         }
 197         if (!isset($this->_authselect))
 198             $this->userExists();
 199         if (!isset($this->_authselect))
 200             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != “%s”",
 201                     'DBAUTH_AUTH_CHECK', 'SQL'),
 202                 E_USER_WARNING);
 203
 204         //NOTE: for auth_crypt_method='crypt'  defined('ENCRYPTED_PASSWD',true) must be set
 205         $dbh = &$this->_auth_dbi;
 206         if ($this->_auth_crypt_method == 'crypt') {
 207             $stored_password = $dbh->getOne(sprintf($this->_authselect, $dbh->quote($this->_userid)));
 208             $result = $this->_checkPass($submitted_password, $stored_password);
 209         } else {
 210             // be position independent
 211             $okay = $dbh->getOne(sprintf($this->_authselect,
 212                 $dbh->quote($submitted_password),
 213                 $dbh->quote($this->_userid)));
 214             $result = !empty($okay);
 215         }
 216
 217         if ($result) {
 218             $this->_level = WIKIAUTH_USER;
 219             return $this->_level;
 220         } elseif (USER_AUTH_POLICY === 'strict') {
 221             $this->_level = WIKIAUTH_FORBIDDEN;
 222             return $this->_level;
 223         } else {
 224             return $this->_tryNextPass($submitted_password);
 225         }
 226     }
 227
 228     function mayChangePass()
 229     {
 230         return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
 231     }
 232
 233     function storePass($submitted_password)
 234     {
 235         if (!$this->isValidName()) {
 236             return false;
 237         }
 238         $this->getAuthDbh();
 239         $dbh = &$this->_auth_dbi;
 240         $dbi =& $GLOBALS['request']->_dbi;
 241         if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
 242             $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
 243                 array("password", "userid"));
 244         }
 245         if (empty($this->_authupdate)) {
 246             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != “%s”",
 247                     'DBAUTH_AUTH_UPDATE', 'SQL'),
 248                 E_USER_WARNING);
 249             return false;
 250         }
 251
 252         if ($this->_auth_crypt_method == 'crypt') {
 253             if (function_exists('crypt'))
 254                 $submitted_password = crypt($submitted_password);
 255         }
 256         $dbh->simpleQuery(sprintf($this->_authupdate,
 257             $dbh->quote($submitted_password), $dbh->quote($this->_userid)));
 258         return true;
 259     }
 260 }
 261
 262 // Local Variables:
 263 // mode: php
 264 // tab-width: 8
 265 // c-basic-offset: 4
 266 // c-hanging-comment-ender-p: nil
 267 // indent-tabs-mode: nil
 268 // End: