2 // $Id: PearDb.php 7956 2011-03-03 17:08:31Z vargenau $
4 * Copyright (C) 2004 ReiniUrban
6 * This file is part of PhpWiki.
8 * PhpWiki is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * PhpWiki is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License along
19 * with this program; if not, write to the Free Software Foundation, Inc.,
20 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 include_once("lib/WikiUser/Db.php");
29 * Now optimized not to use prepare, ...query(sprintf($sql,quote())) instead.
30 * We use FETCH_MODE_ROW, so we don't need aliases in the auth_* SQL statements.
35 var $_authmethod = 'PearDb';
36 function _PearDbPassUser($UserName='',$prefs=false) {
37 //global $DBAuthParams;
38 if (!$this->_prefs and isa($this,"_PearDbPassUser")) {
39 if ($prefs) $this->_prefs = $prefs;
41 if (!isset($this->_prefs->_method))
42 _PassUser::_PassUser($UserName);
43 elseif (!$this->isValidName($UserName)) {
44 trigger_error(_("Invalid username."), E_USER_WARNING);
47 $this->_userid = $UserName;
48 // make use of session data. generally we only initialize this every time,
49 // but do auth checks only once
50 $this->_auth_crypt_method = $GLOBALS['request']->_dbi->getAuthParam('auth_crypt_method');
54 function getPreferences() {
55 // override the generic slow method here for efficiency and not to
56 // clutter the homepage metadata with prefs.
57 _AnonUser::getPreferences();
59 if (isset($this->_prefs->_select)) {
60 $dbh = &$this->_auth_dbi;
61 $db_result = $dbh->query(sprintf($this->_prefs->_select, $dbh->quote($this->_userid)));
62 // patched by frederik@pandora.be
63 $prefs = $db_result->fetchRow();
64 $prefs_blob = @$prefs["prefs"];
65 if ($restored_from_db = $this->_prefs->retrieve($prefs_blob)) {
66 $updated = $this->_prefs->updatePrefs($restored_from_db);
67 //$this->_prefs = new UserPreferences($restored_from_db);
71 if (isset($this->_HomePagehandle) && $this->_HomePagehandle) {
72 if ($restored_from_page = $this->_prefs->retrieve
73 ($this->_HomePagehandle->get('pref'))) {
74 $updated = $this->_prefs->updatePrefs($restored_from_page);
75 //$this->_prefs = new UserPreferences($restored_from_page);
82 function setPreferences($prefs, $id_only=false) {
83 // if the prefs are changed
84 if ($count = _AnonUser::setPreferences($prefs, 1)) {
86 //$user = $request->_user;
87 //unset($user->_auth_dbi);
88 // this must be done in $request->_setUser, not here!
89 //$request->setSessionVar('wiki_user', $user);
91 $packed = $this->_prefs->store();
92 if (!$id_only and isset($this->_prefs->_update)) {
93 $dbh = &$this->_auth_dbi;
94 // check if the user already exists (not needed with mysql REPLACE)
95 $db_result = $dbh->query(sprintf($this->_prefs->_select,
96 $dbh->quote($this->_userid)));
97 $prefs = $db_result->fetchRow();
98 $prefs_blob = @$prefs["prefs"];
99 // If there are prefs for the user, update them.
100 if($prefs_blob != "" ){
101 $dbh->simpleQuery(sprintf($this->_prefs->_update,
102 $dbh->quote($packed),
103 $dbh->quote($this->_userid)));
105 // Otherwise, insert a record for them and set it to the defaults.
106 // johst@deakin.edu.au
107 $dbi = $GLOBALS['request']->getDbh();
108 $this->_prefs->_insert = $this->prepare($dbi->getAuthParam('pref_insert'),
109 array("pref_blob", "userid"));
110 $dbh->simpleQuery(sprintf($this->_prefs->_insert,
111 $dbh->quote($packed), $dbh->quote($this->_userid)));
114 if (isset($this->_HomePagehandle) && $this->_HomePagehandle and $this->_HomePagehandle->get('pref'))
115 $this->_HomePagehandle->set('pref', '');
117 //store prefs in homepage, not in cookie
118 if (isset($this->_HomePagehandle) && $this->_HomePagehandle and !$id_only)
119 $this->_HomePagehandle->set('pref', $packed);
121 return $count; //count($this->_prefs->unpack($packed));
126 function userExists() {
127 //global $DBAuthParams;
129 $dbh = &$this->_auth_dbi;
130 if (!$dbh) { // needed?
131 return $this->_tryNextUser();
133 if (!$this->isValidName()) {
134 trigger_error(_("Invalid username."),E_USER_WARNING);
135 return $this->_tryNextUser();
137 $dbi =& $GLOBALS['request']->_dbi;
138 // Prepare the configured auth statements
139 if ($dbi->getAuthParam('auth_check') and empty($this->_authselect)) {
140 $this->_authselect = $this->prepare($dbi->getAuthParam('auth_check'),
141 array("password", "userid"));
143 //NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
144 if (!$dbi->getAuthParam('auth_user_exists')
145 and $this->_auth_crypt_method == 'crypt'
146 and $this->_authselect)
148 $rs = $dbh->query(sprintf($this->_authselect, $dbh->quote($this->_userid)));
153 if (! $dbi->getAuthParam('auth_user_exists'))
154 trigger_error(fmt("%s is missing", 'DBAUTH_AUTH_USER_EXISTS'),
156 $this->_authcheck = $this->prepare($dbi->getAuthParam('auth_user_exists'), "userid");
157 $rs = $dbh->query(sprintf($this->_authcheck, $dbh->quote($this->_userid)));
161 // User does not exist yet.
162 // Maybe the user is allowed to create himself. Generally not wanted in
163 // external databases, but maybe wanted for the wiki database, for performance
165 if (empty($this->_authcreate) and $dbi->getAuthParam('auth_create')) {
166 $this->_authcreate = $this->prepare($dbi->getAuthParam('auth_create'),
167 array("password", "userid"));
169 if (!empty($this->_authcreate) and
170 isset($GLOBALS['HTTP_POST_VARS']['auth']) and
171 isset($GLOBALS['HTTP_POST_VARS']['auth']['passwd']))
173 $passwd = $GLOBALS['HTTP_POST_VARS']['auth']['passwd'];
174 $dbh->simpleQuery(sprintf($this->_authcreate,
175 $dbh->quote($passwd),
176 $dbh->quote($this->_userid)));
179 return $this->_tryNextUser();
182 function checkPass($submitted_password) {
183 //global $DBAuthParams;
185 if (!$this->_auth_dbi) { // needed?
186 return $this->_tryNextPass($submitted_password);
188 if (!$this->isValidName()) {
189 return $this->_tryNextPass($submitted_password);
191 if (!$this->_checkPassLength($submitted_password)) {
192 return WIKIAUTH_FORBIDDEN;
194 if (!isset($this->_authselect))
196 if (!isset($this->_authselect))
197 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
198 'DBAUTH_AUTH_CHECK', 'SQL'),
201 //NOTE: for auth_crypt_method='crypt' defined('ENCRYPTED_PASSWD',true) must be set
202 $dbh = &$this->_auth_dbi;
203 if ($this->_auth_crypt_method == 'crypt') {
204 $stored_password = $dbh->getOne(sprintf($this->_authselect, $dbh->quote($this->_userid)));
205 $result = $this->_checkPass($submitted_password, $stored_password);
207 // be position independent
208 $okay = $dbh->getOne(sprintf($this->_authselect,
209 $dbh->quote($submitted_password),
210 $dbh->quote($this->_userid)));
211 $result = !empty($okay);
215 $this->_level = WIKIAUTH_USER;
216 return $this->_level;
217 } elseif (USER_AUTH_POLICY === 'strict') {
218 $this->_level = WIKIAUTH_FORBIDDEN;
219 return $this->_level;
221 return $this->_tryNextPass($submitted_password);
225 function mayChangePass() {
226 return $GLOBALS['request']->_dbi->getAuthParam('auth_update');
229 function storePass($submitted_password) {
230 if (!$this->isValidName()) {
234 $dbh = &$this->_auth_dbi;
235 $dbi =& $GLOBALS['request']->_dbi;
236 if ($dbi->getAuthParam('auth_update') and empty($this->_authupdate)) {
237 $this->_authupdate = $this->prepare($dbi->getAuthParam('auth_update'),
238 array("password", "userid"));
240 if (empty($this->_authupdate)) {
241 trigger_error(fmt("Either %s is missing or DATABASE_TYPE != '%s'",
242 'DBAUTH_AUTH_UPDATE','SQL'),
247 if ($this->_auth_crypt_method == 'crypt') {
248 if (function_exists('crypt'))
249 $submitted_password = crypt($submitted_password);
251 $dbh->simpleQuery(sprintf($this->_authupdate,
252 $dbh->quote($submitted_password), $dbh->quote($this->_userid)));
261 // c-hanging-comment-ender-p: nil
262 // indent-tabs-mode: nil