lib/WikiUser/PearDb.php

   1 <?php
   2
   3 /*
   4  * Copyright (C) 2004 ReiniUrban
   5  *
   6  * This file is part of PhpWiki.
   7  *
   8  * PhpWiki is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * PhpWiki is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License along
  19  * with PhpWiki; if not, write to the Free Software Foundation, Inc.,
  20  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  21  */
  22 include_once 'lib/WikiUser/Db.php';
  23
  24 class _PearDbPassUser
  25     extends _DbPassUser
  26     /**
  27      * Pear DB methods
  28      * Now optimized not to use prepare, ...query(sprintf($sql,quote())) instead.
  29      * We use FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
  30      *
  31      * @tables: pref
  32      */
  33 {
  34     var $_authmethod = 'PearDb';
  35
  36     function _PearDbPassUser($UserName = '', $prefs = false)
  37     {
  38         //global $DBAuthParams;
  39         if (!$this->_prefs and isa($this, "_PearDbPassUser")) {
  40             if ($prefs) $this->_prefs = $prefs;
  41         }
  42         if (!isset($this->_prefs->_method))
  43             _PassUser::_PassUser($UserName);
  44         elseif (!$this->isValidName($UserName)) {
  45             trigger_error(_("Invalid username."), E_USER_WARNING);
  46             return false;
  47         }
  48         $this->_userid = $UserName;
  49         // make use of session data. generally we only initialize this every time,
  50         // but do auth checks only once
  51         $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
  52         return $this;
  53     }
  54
  55     function getPreferences()
  56     {
  57         // override the generic slow method here for efficiency and not to
  58         // clutter the homepage metadata with prefs.
  59         _AnonUser::getPreferences();
  60         $this->getAuthDbh();
  61         if (isset($this->_prefs->_select)) {
  62             $dbh = &$this->_auth_dbi;
  63             $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
  64             // patched by frederik@pandora.be
  65             $prefs = $db_result->fetchRow();
  66             $prefs_blob = @$prefs["prefs"];
  67             if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
  68                 $updated = $this->_prefs->updatePrefs($restored_from_db);
  69                 //$this->_prefs = new UserPreferences($restored_from_db);
  70                 return $this->_prefs;
  71             }
  72         }
  73         if (isset($this->_HomePagehandle) && $this->_HomePagehandle) {
  74             if ($restored_from_page = $this->_prefs->retrieve
  75             ($this->_HomePagehandle->get('pref'))
  76             ) {
  77                 $updated = $this->_prefs->updatePrefs($restored_from_page);
  78                 //$this->_prefs = new UserPreferences($restored_from_page);
  79                 return $this->_prefs;
  80             }
  81         }
  82         return $this->_prefs;
  83     }
  84
  85     function setPreferences($prefs, $id_only = false)
  86     {
  87         // if the prefs are changed
  88         if ($count = _AnonUser::setPreferences($prefs, 1)) {
  89             //global $request;
  90             //$user = $request->_user;
  91             //unset($user->_auth_dbi);
  92             // this must be done in $request->_setUser, not here!
  93             //$request->setSessionVar('wiki_user', $user);
  94             $this->getAuthDbh();
  95             $packed = $this->_prefs->store();
  96             if (!$id_only and isset($this->_prefs->_update)) {
  97                 $dbh = &$this->_auth_dbi;
  98                 // check if the user already exists (not needed with mysql REPLACE)
  99                 $db_result = $dbh->query(sprintf($this->_prefs->_select,
 100                     $dbh->quote($this->_userid)));
 101                 $prefs = $db_result->fetchRow();
 102                 $prefs_blob = @$prefs["prefs"];
 103                 // If there are prefs for the user, update them.
 104                 if ($prefs_blob != "") {
 105                     $dbh->simpleQuery(sprintf($this->_prefs->_update,
 106                         $dbh->quote($packed),
 107                         $dbh->quote($this->_userid)));
 108                 } else {
 109                     // Otherwise, insert a record for them and set it to the defaults.
 110                     // johst@deakin.edu.au
 111                     $dbi = $GLOBALS['request']->getDbh();
 112                     $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'),
 113                         array("pref_blob", "userid"));
 114                     $dbh->simpleQuery(sprintf($this->_prefs->_insert,
 115                         $dbh->quote($packed), $dbh->quote($this->_userid)));
 116                 }
 117                 //delete pageprefs:
 118                 if (isset($this->_HomePagehandle) && $this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
 119                     $this->_HomePagehandle->set('pref', '');
 120             } else {
 121                 //store prefs in homepage, not in cookie
 122                 if (isset($this->_HomePagehandle) && $this->_HomePagehandle and !$id_only)
 123                     $this->_HomePagehandle->set('pref', $packed);
 124             }
 125             return $count; //count($this->_prefs->unpack($packed));
 126         }
 127         return 0;
 128     }
 129
 130     function userExists()
 131     {
 132         //global $DBAuthParams;
 133         $this->getAuthDbh();
 134         $dbh = &$this->_auth_dbi;
 135         if (!$dbh) { // needed?
 136             return $this->_tryNextUser();
 137         }
 138         if (!$this->isValidName()) {
 139             trigger_error(_("Invalid username."), E_USER_WARNING);
 140             return $this->_tryNextUser();
 141         }
 142         $dbi =& $GLOBALS['request']->_dbi;
 143         // Prepare the configured auth statements
 144         if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
 145             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
 146                 array("password", "userid"));
 147         }
 148         //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
 149         if (!$dbi->getAuthParam('auth_user_exists')
 150             and $this->_auth_crypt_method == 'crypt'
 151                 and $this->_authselect
 152         ) {
 153             $rs = $dbh->query(sprintf($this->_authselect, $dbh->quote($this->_userid)));
 154             if ($rs->numRows())
 155                 return true;
 156         } else {
 157             if (!$dbi->getAuthParam('auth_user_exists'))
 158                 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
 159                     E_USER_WARNING);
 160             $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'), "userid");
 161             $rs = $dbh->query(sprintf($this->_authcheck, $dbh->quote($this->_userid)));
 162             if ($rs->numRows())
 163                 return true;
 164         }
 165         // User does not exist yet.
 166         // Maybe the user is allowed to create himself. Generally not wanted in
 167         // external databases, but maybe wanted for the wiki database, for performance
 168         // reasons
 169         if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
 170             $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
 171                 array("password", "userid"));
 172         }
 173         if (!empty($this->_authcreate) and
 174             isset($GLOBALS['HTTP_POST_VARS']['auth']) and
 175                 isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd'])
 176         ) {
 177             $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
 178             $dbh->simpleQuery(sprintf($this->_authcreate,
 179                 $dbh->quote($passwd),
 180                 $dbh->quote($this->_userid)));
 181             return true;
 182         }
 183         return $this->_tryNextUser();
 184     }
 185
 186     function checkPass($submitted_password)
 187     {
 188         //global $DBAuthParams;
 189         $this->getAuthDbh();
 190         if (!$this->_auth_dbi) { // needed?
 191             return $this->_tryNextPass($submitted_password);
 192         }
 193         if (!$this->isValidName()) {
 194             return $this->_tryNextPass($submitted_password);
 195         }
 196         if (!$this->_checkPassLength($submitted_password)) {
 197             return WIKIAUTH_FORBIDDEN;
 198         }
 199         if (!isset($this->_authselect))
 200             $this->userExists();
 201         if (!isset($this->_authselect))
 202             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 203                     'DBAUTH_AUTH_CHECK', 'SQL'),
 204                 E_USER_WARNING);
 205
 206         //NOTE: for auth_crypt_method='crypt'  defined('ENCRYPTED_PASSWD',true) must be set
 207         $dbh = &$this->_auth_dbi;
 208         if ($this->_auth_crypt_method == 'crypt') {
 209             $stored_password = $dbh->getOne(sprintf($this->_authselect, $dbh->quote($this->_userid)));
 210             $result = $this->_checkPass($submitted_password, $stored_password);
 211         } else {
 212             // be position independent
 213             $okay = $dbh->getOne(sprintf($this->_authselect,
 214                 $dbh->quote($submitted_password),
 215                 $dbh->quote($this->_userid)));
 216             $result = !empty($okay);
 217         }
 218
 219         if ($result) {
 220             $this->_level = WIKIAUTH_USER;
 221             return $this->_level;
 222         } elseif (USER_AUTH_POLICY === 'strict') {
 223             $this->_level = WIKIAUTH_FORBIDDEN;
 224             return $this->_level;
 225         } else {
 226             return $this->_tryNextPass($submitted_password);
 227         }
 228     }
 229
 230     function mayChangePass()
 231     {
 232         return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
 233     }
 234
 235     function storePass($submitted_password)
 236     {
 237         if (!$this->isValidName()) {
 238             return false;
 239         }
 240         $this->getAuthDbh();
 241         $dbh = &$this->_auth_dbi;
 242         $dbi =& $GLOBALS['request']->_dbi;
 243         if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
 244             $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
 245                 array("password", "userid"));
 246         }
 247         if (empty($this->_authupdate)) {
 248             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 249                     'DBAUTH_AUTH_UPDATE', 'SQL'),
 250                 E_USER_WARNING);
 251             return false;
 252         }
 253
 254         if ($this->_auth_crypt_method == 'crypt') {
 255             if (function_exists('crypt'))
 256                 $submitted_password = crypt($submitted_password);
 257         }
 258         $dbh->simpleQuery(sprintf($this->_authupdate,
 259             $dbh->quote($submitted_password), $dbh->quote($this->_userid)));
 260         return true;
 261     }
 262 }
 263
 264 // Local Variables:
 265 // mode: php
 266 // tab-width: 8
 267 // c-basic-offset: 4
 268 // c-hanging-comment-ender-p: nil
 269 // indent-tabs-mode: nil
 270 // End: