3 /* Copyright (C) 2004 ReiniUrban
4 * This file is part of PhpWiki. Terms and Conditions see LICENSE. (GPL2)
6 include_once("lib/WikiUser/Db.php");
12 * Now optimized not to use prepare, ...query(sprintf($sql,quote())) instead.
13 * We use FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
18 var $_authmethod = 'PearDb';
19 function _PearDbPassUser($UserName='',$prefs=false) {
20 //global $DBAuthParams;
21 if (!$this->_prefs and isa($this,"_PearDbPassUser")) {
22 if ($prefs) $this->_prefs = $prefs;
24 if (!isset($this->_prefs->_method))
25 _PassUser::_PassUser($UserName);
26 elseif (!$this->isValidName($UserName)) {
27 trigger_error(_("Invalid username."), E_USER_WARNING);
30 $this->_userid = $UserName;
31 // make use of session data. generally we only initialize this every time,
32 // but do auth checks only once
33 $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
37 function getPreferences() {
38 // override the generic slow method here for efficiency and not to
39 // clutter the homepage metadata with prefs.
40 _AnonUser::getPreferences();
42 if (isset($this->_prefs->_select)) {
43 $dbh = &$this->_auth_dbi;
44 $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
45 // patched by frederik@pandora.be
46 $prefs = $db_result->fetchRow();
47 $prefs_blob = @$prefs["prefs"];
48 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
49 $updated = $this->_prefs->updatePrefs($restored_from_db);
50 //$this->_prefs = new UserPreferences($restored_from_db);
54 if (isset($this->_HomePagehandle) && $this->_HomePagehandle) {
55 if ($restored_from_page = $this->_prefs->retrieve
56 ($this->_HomePagehandle->get('pref'))) {
57 $updated = $this->_prefs->updatePrefs($restored_from_page);
58 //$this->_prefs = new UserPreferences($restored_from_page);
65 function setPreferences($prefs, $id_only=false) {
66 // if the prefs are changed
67 if ($count = _AnonUser::setPreferences($prefs, 1)) {
69 //$user = $request->_user;
70 //unset($user->_auth_dbi);
71 // this must be done in $request->_setUser, not here!
72 //$request->setSessionVar('wiki_user', $user);
74 $packed = $this->_prefs->store();
75 if (!$id_only and isset($this->_prefs->_update)) {
76 $dbh = &$this->_auth_dbi;
77 // check if the user already exists (not needed with mysql REPLACE)
78 $db_result = $dbh->query(sprintf($this->_prefs->_select,
79 $dbh->quote($this->_userid)));
80 $prefs = $db_result->fetchRow();
81 $prefs_blob = @$prefs["prefs"];
82 // If there are prefs for the user, update them.
83 if($prefs_blob != "" ){
84 $dbh->simpleQuery(sprintf($this->_prefs->_update,
86 $dbh->quote($this->_userid)));
88 // Otherwise, insert a record for them and set it to the defaults.
89 // johst@deakin.edu.au
90 $dbi = $GLOBALS['request']->getDbh();
91 $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'),
92 array("pref_blob", "userid"));
93 $dbh->simpleQuery(sprintf($this->_prefs->_insert,
94 $dbh->quote($packed), $dbh->quote($this->_userid)));
97 if (isset($this->_HomePagehandle) && $this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
98 $this->_HomePagehandle->set('pref', '');
100 //store prefs in homepage, not in cookie
101 if (isset($this->_HomePagehandle) && $this->_HomePagehandle and !$id_only)
102 $this->_HomePagehandle->set('pref', $packed);
104 return $count; //count($this->_prefs->unpack($packed));
109 function userExists() {
110 //global $DBAuthParams;
112 $dbh = &$this->_auth_dbi;
113 if (!$dbh) { // needed?
114 return $this->_tryNextUser();
116 if (!$this->isValidName()) {
117 trigger_error(_("Invalid username."),E_USER_WARNING);
118 return $this->_tryNextUser();
120 $dbi =& $GLOBALS['request']->_dbi;
121 // Prepare the configured auth statements
122 if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
123 $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
124 array("password", "userid"));
126 //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
127 if (!$dbi->getAuthParam('auth_user_exists')
128 and $this->_auth_crypt_method == 'crypt'
129 and $this->_authselect)
131 $rs = $dbh->query(sprintf($this->_authselect, $dbh->quote($this->_userid)));
136 if (! $dbi->getAuthParam('auth_user_exists'))
137 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
139 $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'), "userid");
140 $rs = $dbh->query(sprintf($this->_authcheck, $dbh->quote($this->_userid)));
144 // User does not exist yet.
145 // Maybe the user is allowed to create himself. Generally not wanted in
146 // external databases, but maybe wanted for the wiki database, for performance
148 if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
149 $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
150 array("password", "userid"));
152 if (!empty($this->_authcreate) and
153 isset($GLOBALS['HTTP_POST_VARS']['auth']) and
154 isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
156 $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
157 $dbh->simpleQuery(sprintf($this->_authcreate,
158 $dbh->quote($passwd),
159 $dbh->quote($this->_userid)));
162 return $this->_tryNextUser();
165 function checkPass($submitted_password) {
166 //global $DBAuthParams;
168 if (!$this->_auth_dbi) { // needed?
169 return $this->_tryNextPass($submitted_password);
171 if (!$this->isValidName()) {
172 return $this->_tryNextPass($submitted_password);
174 if (!$this->_checkPassLength($submitted_password)) {
175 return WIKIAUTH_FORBIDDEN;
177 if (!isset($this->_authselect))
179 if (!isset($this->_authselect))
180 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
181 'DBAUTH_AUTH_CHECK', 'SQL'),
184 //NOTE: for auth_crypt_method='crypt' defined('ENCRYPTED_PASSWD',true) must be set
185 $dbh = &$this->_auth_dbi;
186 if ($this->_auth_crypt_method == 'crypt') {
187 $stored_password = $dbh->getOne(sprintf($this->_authselect, $dbh->quote($this->_userid)));
188 $result = $this->_checkPass($submitted_password, $stored_password);
190 // be position independent
191 $okay = $dbh->getOne(sprintf($this->_authselect,
192 $dbh->quote($submitted_password),
193 $dbh->quote($this->_userid)));
194 $result = !empty($okay);
198 $this->_level = WIKIAUTH_USER;
199 return $this->_level;
200 } elseif (USER_AUTH_POLICY === 'strict') {
201 $this->_level = WIKIAUTH_FORBIDDEN;
202 return $this->_level;
204 return $this->_tryNextPass($submitted_password);
208 function mayChangePass() {
209 return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
212 function storePass($submitted_password) {
213 if (!$this->isValidName()) {
217 $dbh = &$this->_auth_dbi;
218 $dbi =& $GLOBALS['request']->_dbi;
219 if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
220 $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
221 array("password", "userid"));
223 if (empty($this->_authupdate)) {
224 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
225 'DBAUTH_AUTH_UPDATE','SQL'),
230 if ($this->_auth_crypt_method == 'crypt') {
231 if (function_exists('crypt'))
232 $submitted_password = crypt($submitted_password);
234 $dbh->simpleQuery(sprintf($this->_authupdate,
235 $dbh->quote($submitted_password), $dbh->quote($this->_userid)));
244 // c-hanging-comment-ender-p: nil
245 // indent-tabs-mode: nil