lib/WikiUser/PearDb.php

   1 <?php //-*-php-*-
   2 rcs_id('$Id: PearDb.php,v 1.11 2007-05-30 21:53:52 rurban Exp $');
   3 /* Copyright (C) 2004 ReiniUrban
   4  * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2)
   5  */
   6
   7 class _PearDbPassUser
   8 extends _DbPassUser
   9 /**
  10  * Pear DB methods
  11  * Now optimized not to use prepare, ...query(sprintf($sql,quote())) instead.
  12  * We use FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
  13  *
  14  * @tables: pref
  15  */
  16 {
  17     var $_authmethod = 'PearDb';
  18     function _PearDbPassUser($UserName='',$prefs=false) {
  19         //global $DBAuthParams;
  20         if (!$this->_prefs and isa($this,"_PearDbPassUser")) {
  21             if ($prefs) $this->_prefs = $prefs;
  22         }
  23         if (!isset($this->_prefs->_method))
  24             _PassUser::_PassUser($UserName);
  25         elseif (!$this->isValidName($UserName)) {
  26             trigger_error(_("Invalid username."), E_USER_WARNING);
  27             return false;
  28         }
  29         $this->_userid = $UserName;
  30         // make use of session data. generally we only initialize this every time,
  31         // but do auth checks only once
  32         $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
  33         return $this;
  34     }
  35
  36     function getPreferences() {
  37         // override the generic slow method here for efficiency and not to
  38         // clutter the homepage metadata with prefs.
  39         _AnonUser::getPreferences();
  40         $this->getAuthDbh();
  41         if (isset($this->_prefs->_select)) {
  42             $dbh = &$this->_auth_dbi;
  43             $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
  44             // patched by frederik@pandora.be
  45             $prefs = $db_result->fetchRow();
  46             $prefs_blob = @$prefs["prefs"];
  47             if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
  48                 $updated = $this->_prefs->updatePrefs($restored_from_db);
  49                 //$this->_prefs = new UserPreferences($restored_from_db);
  50                 return $this->_prefs;
  51             }
  52         }
  53         if ($this->_HomePagehandle) {
  54             if ($restored_from_page = $this->_prefs->retrieve
  55                 ($this->_HomePagehandle->get('pref'))) {
  56                 $updated = $this->_prefs->updatePrefs($restored_from_page);
  57                 //$this->_prefs = new UserPreferences($restored_from_page);
  58                 return $this->_prefs;
  59             }
  60         }
  61         return $this->_prefs;
  62     }
  63
  64     function setPreferences($prefs, $id_only=false) {
  65         // if the prefs are changed
  66         if ($count = _AnonUser::setPreferences($prefs, 1)) {
  67             //global $request;
  68             //$user = $request->_user;
  69             //unset($user->_auth_dbi);
  70             // this must be done in $request->_setUser, not here!
  71             //$request->setSessionVar('wiki_user', $user);
  72             $this->getAuthDbh();
  73             $packed = $this->_prefs->store();
  74             if (!$id_only and isset($this->_prefs->_update)) {
  75                 $dbh = &$this->_auth_dbi;
  76                 // check if the user already exists (not needed with mysql REPLACE)
  77                 $db_result = $dbh->query(sprintf($this->_prefs->_select,
  78                                                  $dbh->quote($this->_userid)));
  79                 $prefs = $db_result->fetchRow();
  80                 $prefs_blob = @$prefs["prefs"];
  81                 // If there are prefs for the user, update them.
  82                 if($prefs_blob != "" ){
  83                     $dbh->simpleQuery(sprintf($this->_prefs->_update,
  84                                               $dbh->quote($packed),
  85                                               $dbh->quote($this->_userid)));
  86                 } else {
  87                     // Otherwise, insert a record for them and set it to the defaults.
  88                     // johst@deakin.edu.au
  89                     $dbi = $GLOBALS['request']->getDbh();
  90                     $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'),
  91                                                             array("pref_blob", "userid"));
  92                     $dbh->simpleQuery(sprintf($this->_prefs->_insert,
  93                                               $dbh->quote($packed), $dbh->quote($this->_userid)));
  94                 }
  95                 //delete pageprefs:
  96                 if ($this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
  97                     $this->_HomePagehandle->set('pref', '');
  98             } else {
  99                 //store prefs in homepage, not in cookie
 100                 if ($this->_HomePagehandle and !$id_only)
 101                     $this->_HomePagehandle->set('pref', $packed);
 102             }
 103             return $count; //count($this->_prefs->unpack($packed));
 104         }
 105         return 0;
 106     }
 107
 108     function userExists() {
 109         //global $DBAuthParams;
 110         $this->getAuthDbh();
 111         $dbh = &$this->_auth_dbi;
 112         if (!$dbh) { // needed?
 113             return $this->_tryNextUser();
 114         }
 115         if (!$this->isValidName()) {
 116             trigger_error(_("Invalid username."),E_USER_WARNING);
 117             return $this->_tryNextUser();
 118         }
 119         $dbi =& $GLOBALS['request']->_dbi;
 120         // Prepare the configured auth statements
 121         if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
 122             $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
 123                                                 array("password", "userid"));
 124         }
 125         //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
 126         if (!$dbi->getAuthParam('auth_user_exists')
 127             and $this->_auth_crypt_method == 'crypt'
 128             and $this->_authselect)
 129         {
 130             $rs = $dbh->query(sprintf($this->_authselect, $dbh->quote($this->_userid)));
 131             if ($rs->numRows())
 132                 return true;
 133         }
 134         else {
 135             if (! $dbi->getAuthParam('auth_user_exists'))
 136                 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
 137                               E_USER_WARNING);
 138             $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'), "userid");
 139             $rs = $dbh->query(sprintf($this->_authcheck, $dbh->quote($this->_userid)));
 140             if ($rs->numRows())
 141                 return true;
 142         }
 143         // User does not exist yet.
 144         // Maybe the user is allowed to create himself. Generally not wanted in
 145         // external databases, but maybe wanted for the wiki database, for performance
 146         // reasons
 147         if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
 148             $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
 149                                                 array("password", "userid"));
 150         }
 151         if (!empty($this->_authcreate) and
 152             isset($GLOBALS['HTTP_POST_VARS']['auth']) and
 153             isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
 154         {
 155             $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
 156             $dbh->simpleQuery(sprintf($this->_authcreate,
 157                                       $dbh->quote($passwd),
 158                                       $dbh->quote($this->_userid)));
 159             return true;
 160         }
 161         return $this->_tryNextUser();
 162     }
 163
 164     function checkPass($submitted_password) {
 165         //global $DBAuthParams;
 166         $this->getAuthDbh();
 167         if (!$this->_auth_dbi) {  // needed?
 168             return $this->_tryNextPass($submitted_password);
 169         }
 170         if (!$this->isValidName()) {
 171             return $this->_tryNextPass($submitted_password);
 172         }
 173         if (!$this->_checkPassLength($submitted_password)) {
 174             return WIKIAUTH_FORBIDDEN;
 175         }
 176         if (!isset($this->_authselect))
 177             $this->userExists();
 178         if (!isset($this->_authselect))
 179             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 180                               'DBAUTH_AUTH_CHECK', 'SQL'),
 181                           E_USER_WARNING);
 182
 183         //NOTE: for auth_crypt_method='crypt'  defined('ENCRYPTED_PASSWD',true) must be set
 184         $dbh = &$this->_auth_dbi;
 185         if ($this->_auth_crypt_method == 'crypt') {
 186             $stored_password = $dbh->getOne(sprintf($this->_authselect, $dbh->quote($this->_userid)));
 187             $result = $this->_checkPass($submitted_password, $stored_password);
 188         } else {
 189             // be position independent
 190             $okay = $dbh->getOne(sprintf($this->_authselect,
 191                                          $dbh->quote($submitted_password),
 192                                          $dbh->quote($this->_userid)));
 193             $result = !empty($okay);
 194         }
 195
 196         if ($result) {
 197             $this->_level = WIKIAUTH_USER;
 198             return $this->_level;
 199         } elseif (USER_AUTH_POLICY === 'strict') {
 200             $this->_level = WIKIAUTH_FORBIDDEN;
 201             return $this->_level;
 202         } else {
 203             return $this->_tryNextPass($submitted_password);
 204         }
 205     }
 206
 207     function mayChangePass() {
 208         return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
 209     }
 210
 211     function storePass($submitted_password) {
 212         if (!$this->isValidName()) {
 213             return false;
 214         }
 215         $this->getAuthDbh();
 216         $dbh = &$this->_auth_dbi;
 217         $dbi =& $GLOBALS['request']->_dbi;
 218         if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
 219             $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
 220                                                 array("password", "userid"));
 221         }
 222         if (empty($this->_authupdate)) {
 223             trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
 224                               'DBAUTH_AUTH_UPDATE','SQL'),
 225                           E_USER_WARNING);
 226             return false;
 227         }
 228
 229         if ($this->_auth_crypt_method == 'crypt') {
 230             if (function_exists('crypt'))
 231                 $submitted_password = crypt($submitted_password);
 232         }
 233         $dbh->simpleQuery(sprintf($this->_authupdate,
 234                                   $dbh->quote($submitted_password), $dbh->quote($this->_userid)));
 235         return true;
 236     }
 237 }
 238
 239 // $Log: not supported by cvs2svn $
 240 // Revision 1.10  2006/03/19 16:26:40  rurban
 241 // fix DBAUTH arguments to be position independent, fixes bug #1358973
 242 //
 243 // Revision 1.9  2005/10/10 19:43:49  rurban
 244 // add DBAUTH_PREF_INSERT: self-creating users. by John Stevens
 245 //
 246 // Revision 1.8  2005/08/06 13:21:09  rurban
 247 // switch to natural order password, userid
 248 //
 249 // Revision 1.7  2005/02/14 12:28:27  rurban
 250 // fix policy strict. Thanks to Mikhail Vladimirov
 251 //
 252 // Revision 1.6  2005/01/06 15:44:22  rurban
 253 // move password length checker to correct method. thanks to Charles Corrigan
 254 //
 255 // Revision 1.5  2004/12/26 17:11:17  rurban
 256 // just copyright
 257 //
 258 // Revision 1.4  2004/12/20 16:05:01  rurban
 259 // gettext msg unification
 260 //
 261 // Revision 1.3  2004/12/19 00:58:02  rurban
 262 // Enforce PASSWORD_LENGTH_MINIMUM in almost all PassUser checks,
 263 // Provide an errormessage if so. Just PersonalPage and BogoLogin not.
 264 // Simplify httpauth logout handling and set sessions for all methods.
 265 // fix main.php unknown index "x" getLevelDescription() warning.
 266 //
 267 // Revision 1.2  2004/11/10 15:29:21  rurban
 268 // * requires newer Pear_DB (as the internal one): quote() uses now escapeSimple for strings
 269 // * ACCESS_LOG_SQL: fix cause request not yet initialized
 270 // * WikiDB: moved SQL specific methods upwards
 271 // * new Pear_DB quoting: same as ADODB and as newer Pear_DB.
 272 //   fixes all around: WikiGroup, WikiUserNew SQL methods, SQL logging
 273 //
 274 // Revision 1.1  2004/11/01 10:43:58  rurban
 275 // seperate PassUser methods into seperate dir (memory usage)
 276 // fix WikiUser (old) overlarge data session
 277 // remove wikidb arg from various page class methods, use global ->_dbi instead
 278 // ...
 279 //
 280
 281 // Local Variables:
 282 // mode: php
 283 // tab-width: 8
 284 // c-basic-offset: 4
 285 // c-hanging-comment-ender-p: nil
 286 // indent-tabs-mode: nil
 287 // End:
 288 ?>