Subversion Repositories Applications.papyrus

Rev

Rev 1173 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 1173 Rev 1713
1
<?php
1
<?php
2
/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
2
/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
3
 
3
 
4
/**
4
/**
5
 * Storage driver for use against PEAR MDB2
5
 * Storage driver for use against PEAR MDB2
6
 *
6
 *
7
 * PHP versions 4 and 5
7
 * PHP versions 4 and 5
8
 *
8
 *
9
 * LICENSE: This source file is subject to version 3.01 of the PHP license
9
 * LICENSE: This source file is subject to version 3.01 of the PHP license
10
 * that is available through the world-wide-web at the following URI:
10
 * that is available through the world-wide-web at the following URI:
11
 * http://www.php.net/license/3_01.txt.  If you did not receive a copy of
11
 * http://www.php.net/license/3_01.txt.  If you did not receive a copy of
12
 * the PHP License and are unable to obtain it through the web, please
12
 * the PHP License and are unable to obtain it through the web, please
13
 * send a note to license@php.net so we can mail you a copy immediately.
13
 * send a note to license@php.net so we can mail you a copy immediately.
14
 *
14
 *
15
 * @category   Authentication
15
 * @category   Authentication
16
 * @package    Auth
16
 * @package    Auth
17
 * @author     Lorenzo Alberton <l.alberton@quipo.it> 
17
 * @author     Lorenzo Alberton <l.alberton@quipo.it>
18
 * @author     Adam Ashley <aashley@php.net>
18
 * @author     Adam Ashley <aashley@php.net>
19
 * @copyright  2001-2006 The PHP Group
19
 * @copyright  2001-2006 The PHP Group
20
 * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
20
 * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
21
 * @version    CVS: $Id: MDB2.php,v 1.1 2006-12-14 15:04:28 jp_milcent Exp $
21
 * @version    CVS: $Id: MDB2.php,v 1.2 2007-11-19 15:11:00 jp_milcent Exp $
22
 * @link       http://pear.php.net/package/Auth
22
 * @link       http://pear.php.net/package/Auth
23
 * @since      File available since Release 1.3.0
23
 * @since      File available since Release 1.3.0
24
 */
24
 */
25
 
25
 
26
/**
26
/**
27
 * Include Auth_Container base class
27
 * Include Auth_Container base class
28
 */
28
 */
29
require_once 'Auth/Container.php';
29
require_once 'Auth/Container.php';
30
/**
30
/**
31
 * Include PEAR MDB2 package
31
 * Include PEAR MDB2 package
32
 */
32
 */
33
require_once 'MDB2.php';
33
require_once 'MDB2.php';
34
 
34
 
35
/**
35
/**
36
 * Storage driver for fetching login data from a database
36
 * Storage driver for fetching login data from a database
37
 *
37
 *
38
 * This storage driver can use all databases which are supported
38
 * This storage driver can use all databases which are supported
39
 * by the PEAR MDB2 abstraction layer to fetch login data.
39
 * by the PEAR MDB2 abstraction layer to fetch login data.
40
 *
40
 *
41
 * @category   Authentication
41
 * @category   Authentication
42
 * @package    Auth
42
 * @package    Auth
43
 * @author     Lorenzo Alberton <l.alberton@quipo.it>
43
 * @author     Lorenzo Alberton <l.alberton@quipo.it>
44
 * @author     Adam Ashley <aashley@php.net>
44
 * @author     Adam Ashley <aashley@php.net>
45
 * @copyright  2001-2006 The PHP Group
45
 * @copyright  2001-2006 The PHP Group
46
 * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
46
 * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
47
 * @version    Release: 1.4.3  File: $Revision: 1.1 $
47
 * @version    Release: 1.5.4  File: $Revision: 1.2 $
48
 * @link       http://pear.php.net/package/Auth
48
 * @link       http://pear.php.net/package/Auth
49
 * @since      Class available since Release 1.3.0
49
 * @since      Class available since Release 1.3.0
50
 */
50
 */
51
class Auth_Container_MDB2 extends Auth_Container
51
class Auth_Container_MDB2 extends Auth_Container
52
{
52
{
53
 
53
 
54
    // {{{ properties
54
    // {{{ properties
55
 
55
 
56
    /**
56
    /**
57
     * Additional options for the storage container
57
     * Additional options for the storage container
58
     * @var array
58
     * @var array
59
     */
59
     */
60
    var $options = array();
60
    var $options = array();
61
 
61
 
62
    /**
62
    /**
63
     * MDB object
63
     * MDB object
64
     * @var object
64
     * @var object
65
     */
65
     */
66
    var $db = null;
66
    var $db = null;
67
    var $dsn = '';
67
    var $dsn = '';
68
 
68
 
69
    /**
69
    /**
70
     * User that is currently selected from the DB.
70
     * User that is currently selected from the DB.
71
     * @var string
71
     * @var string
72
     */
72
     */
73
    var $activeUser = '';
73
    var $activeUser = '';
74
 
74
 
75
    // }}}
75
    // }}}
76
    // {{{ Auth_Container_MDB2() [constructor]
76
    // {{{ Auth_Container_MDB2() [constructor]
77
 
77
 
78
    /**
78
    /**
79
     * Constructor of the container class
79
     * Constructor of the container class
80
     *
80
     *
81
     * Initate connection to the database via PEAR::MDB2
81
     * Initate connection to the database via PEAR::MDB2
82
     *
82
     *
83
     * @param  string Connection data or MDB2 object
83
     * @param  string Connection data or MDB2 object
84
     * @return object Returns an error object if something went wrong
84
     * @return object Returns an error object if something went wrong
85
     */
85
     */
86
    function Auth_Container_MDB2($dsn)
86
    function Auth_Container_MDB2($dsn)
87
    {
87
    {
88
        $this->_setDefaults();
88
        $this->_setDefaults();
89
 
89
 
90
        if (is_array($dsn)) {
90
        if (is_array($dsn)) {
91
            $this->_parseOptions($dsn);
91
            $this->_parseOptions($dsn);
92
            if (empty($this->options['dsn'])) {
92
            if (empty($this->options['dsn'])) {
93
                PEAR::raiseError('No connection parameters specified!');
93
                PEAR::raiseError('No connection parameters specified!');
94
            }
94
            }
95
        } else {
95
        } else {
96
            $this->options['dsn'] = $dsn;
96
            $this->options['dsn'] = $dsn;
97
        }
97
        }
98
    }
98
    }
99
 
99
 
100
    // }}}
100
    // }}}
101
    // {{{ _connect()
101
    // {{{ _connect()
102
 
102
 
103
    /**
103
    /**
104
     * Connect to database by using the given DSN string
104
     * Connect to database by using the given DSN string
105
     *
105
     *
106
     * @access private
106
     * @access private
107
     * @param  mixed DSN string | array | mdb object
107
     * @param  mixed DSN string | array | mdb object
108
     * @return mixed  Object on error, otherwise bool
108
     * @return mixed  Object on error, otherwise bool
109
     */
109
     */
110
    function _connect($dsn)
110
    function _connect($dsn)
111
    {
111
    {
-
 
112
        $this->log('Auth_Container_MDB2::_connect() called.', AUTH_LOG_DEBUG);
112
        if (is_string($dsn) || is_array($dsn)) {
113
        if (is_string($dsn) || is_array($dsn)) {
113
            $this->db =& MDB2::connect($dsn, $this->options['db_options']);
114
            $this->db =& MDB2::connect($dsn, $this->options['db_options']);
114
        } elseif (is_subclass_of($dsn, 'MDB2_Driver_Common')) {
115
        } elseif (is_subclass_of($dsn, 'MDB2_Driver_Common')) {
115
            $this->db = $dsn;
116
            $this->db = $dsn;
116
        } elseif (is_object($dsn) && MDB2::isError($dsn)) {
117
        } elseif (is_object($dsn) && MDB2::isError($dsn)) {
117
            return PEAR::raiseError($dsn->getMessage(), $dsn->code);
118
            return PEAR::raiseError($dsn->getMessage(), $dsn->code);
118
        } else {
119
        } else {
119
            return PEAR::raiseError('The given dsn was not valid in file ' . __FILE__ . ' at line ' . __LINE__,
120
            return PEAR::raiseError('The given dsn was not valid in file ' . __FILE__ . ' at line ' . __LINE__,
120
                                    41,
121
                                    41,
121
                                    PEAR_ERROR_RETURN,
122
                                    PEAR_ERROR_RETURN,
122
                                    null,
123
                                    null,
123
                                    null
124
                                    null
124
                                    );
125
                                    );
125
 
126
 
126
        }
127
        }
127
 
128
 
128
        if (MDB2::isError($this->db) || PEAR::isError($this->db)) {
129
        if (MDB2::isError($this->db) || PEAR::isError($this->db)) {
129
            return PEAR::raiseError($this->db->getMessage(), $this->db->code);
130
            return PEAR::raiseError($this->db->getMessage(), $this->db->code);
130
        }
131
        }
131
        
132
 
132
        if ($this->options['auto_quote']) {
133
        if ($this->options['auto_quote']) {
133
            $this->options['final_table'] = $this->db->quoteIdentifier($this->options['table'], true);
134
            $this->options['final_table'] = $this->db->quoteIdentifier($this->options['table'], true);
134
            $this->options['final_usernamecol'] = $this->db->quoteIdentifier($this->options['usernamecol'], true);
135
            $this->options['final_usernamecol'] = $this->db->quoteIdentifier($this->options['usernamecol'], true);
135
            $this->options['final_passwordcol'] = $this->db->quoteIdentifier($this->options['passwordcol'], true);
136
            $this->options['final_passwordcol'] = $this->db->quoteIdentifier($this->options['passwordcol'], true);
136
        } else {
137
        } else {
137
            $this->options['final_table'] = $this->options['table'];
138
            $this->options['final_table'] = $this->options['table'];
138
            $this->options['final_usernamecol'] = $this->options['usernamecol'];
139
            $this->options['final_usernamecol'] = $this->options['usernamecol'];
139
            $this->options['final_passwordcol'] = $this->options['passwordcol'];
140
            $this->options['final_passwordcol'] = $this->options['passwordcol'];
140
        }
141
        }
141
                
142
 
142
        return true;
143
        return true;
143
    }
144
    }
144
 
145
 
145
    // }}}
146
    // }}}
146
    // {{{ _prepare()
147
    // {{{ _prepare()
147
 
148
 
148
    /**
149
    /**
149
     * Prepare database connection
150
     * Prepare database connection
150
     *
151
     *
151
     * This function checks if we have already opened a connection to
152
     * This function checks if we have already opened a connection to
152
     * the database. If that's not the case, a new connection is opened.
153
     * the database. If that's not the case, a new connection is opened.
153
     *
154
     *
154
     * @access private
155
     * @access private
155
     * @return mixed True or a MDB error object.
156
     * @return mixed True or a MDB error object.
156
     */
157
     */
157
    function _prepare()
158
    function _prepare()
158
    {
159
    {
159
        if (is_subclass_of($this->db, 'MDB2_Driver_Common')) {
160
        if (is_subclass_of($this->db, 'MDB2_Driver_Common')) {
160
            return true;
161
            return true;
161
        }
162
        }
162
        return $this->_connect($this->options['dsn']);
163
        return $this->_connect($this->options['dsn']);
163
    }
164
    }
164
 
165
 
165
    // }}}
166
    // }}}
166
    // {{{ query()
167
    // {{{ query()
167
 
168
 
168
    /**
169
    /**
169
     * Prepare query to the database
170
     * Prepare query to the database
170
     *
171
     *
171
     * This function checks if we have already opened a connection to
172
     * This function checks if we have already opened a connection to
172
     * the database. If that's not the case, a new connection is opened.
173
     * the database. If that's not the case, a new connection is opened.
173
     * After that the query is passed to the database.
174
     * After that the query is passed to the database.
174
     *
175
     *
175
     * @access public
176
     * @access public
176
     * @param  string Query string
177
     * @param  string Query string
177
     * @return mixed  a MDB_result object or MDB_OK on success, a MDB
178
     * @return mixed  a MDB_result object or MDB_OK on success, a MDB
178
     *                or PEAR error on failure
179
     *                or PEAR error on failure
179
     */
180
     */
180
    function query($query)
181
    function query($query)
181
    {
182
    {
-
 
183
        $this->log('Auth_Container_MDB2::query() called.', AUTH_LOG_DEBUG);
182
        $err = $this->_prepare();
184
        $err = $this->_prepare();
183
        if ($err !== true) {
185
        if ($err !== true) {
184
            return $err;
186
            return $err;
185
        }
187
        }
186
        return $this->db->exec($query);
188
        return $this->db->exec($query);
187
    }
189
    }
188
 
190
 
189
    // }}}
191
    // }}}
190
    // {{{ _setDefaults()
192
    // {{{ _setDefaults()
191
 
193
 
192
    /**
194
    /**
193
     * Set some default options
195
     * Set some default options
194
     *
196
     *
195
     * @access private
197
     * @access private
196
     * @return void
198
     * @return void
197
     */
199
     */
198
    function _setDefaults()
200
    function _setDefaults()
199
    {
201
    {
200
        $this->options['table']       = 'auth';
202
        $this->options['table']       = 'auth';
201
        $this->options['usernamecol'] = 'username';
203
        $this->options['usernamecol'] = 'username';
202
        $this->options['passwordcol'] = 'password';
204
        $this->options['passwordcol'] = 'password';
203
        $this->options['dsn']         = '';
205
        $this->options['dsn']         = '';
204
        $this->options['db_fields']   = '';
206
        $this->options['db_fields']   = '';
205
        $this->options['cryptType']   = 'md5';
207
        $this->options['cryptType']   = 'md5';
206
        $this->options['db_options']  = array();
208
        $this->options['db_options']  = array();
-
 
209
        $this->options['db_where']    = '';
207
        $this->options['auto_quote']  = true;
210
        $this->options['auto_quote']  = true;
208
    }
211
    }
209
 
212
 
210
    // }}}
213
    // }}}
211
    // {{{ _parseOptions()
214
    // {{{ _parseOptions()
212
 
215
 
213
    /**
216
    /**
214
     * Parse options passed to the container class
217
     * Parse options passed to the container class
215
     *
218
     *
216
     * @access private
219
     * @access private
217
     * @param  array
220
     * @param  array
218
     */
221
     */
219
    function _parseOptions($array)
222
    function _parseOptions($array)
220
    {
223
    {
221
        foreach ($array as $key => $value) {
224
        foreach ($array as $key => $value) {
222
            if (isset($this->options[$key])) {
225
            if (isset($this->options[$key])) {
223
                $this->options[$key] = $value;
226
                $this->options[$key] = $value;
224
            }
227
            }
225
        }
228
        }
226
    }
229
    }
227
 
230
 
228
    // }}}
231
    // }}}
229
    // {{{ _quoteDBFields()
232
    // {{{ _quoteDBFields()
230
 
233
 
231
    /**
234
    /**
232
     * Quote the db_fields option to avoid the possibility of SQL injection.
235
     * Quote the db_fields option to avoid the possibility of SQL injection.
233
     *
236
     *
234
     * @access private
237
     * @access private
235
     * @return string A properly quoted string that can be concatenated into a
238
     * @return string A properly quoted string that can be concatenated into a
236
     * SELECT clause.
239
     * SELECT clause.
237
     */
240
     */
238
    function _quoteDBFields()
241
    function _quoteDBFields()
239
    {
242
    {
240
        if (isset($this->options['db_fields'])) {
243
        if (isset($this->options['db_fields'])) {
241
            if (is_array($this->options['db_fields'])) {
244
            if (is_array($this->options['db_fields'])) {
242
                if ($this->options['auto_quote']) {
245
                if ($this->options['auto_quote']) {
243
                    $fields = array();
246
                    $fields = array();
244
                    foreach ($this->options['db_fields'] as $field) {
247
                    foreach ($this->options['db_fields'] as $field) {
245
                        $fields[] = $this->db->quoteIdentifier($field, true);
248
                        $fields[] = $this->db->quoteIdentifier($field, true);
246
                    }
249
                    }
247
                    return implode(', ', $fields);
250
                    return implode(', ', $fields);
248
                } else {
251
                } else {
249
                    return implode(', ', $this->options['db_fields']);
252
                    return implode(', ', $this->options['db_fields']);
250
                }
253
                }
251
            } else {
254
            } else {
252
                if (strlen($this->options['db_fields']) > 0) {
255
                if (strlen($this->options['db_fields']) > 0) {
253
                    if ($this->options['auto_quote']) {
256
                    if ($this->options['auto_quote']) {
254
                        return $this->db->quoteIdentifier($this->options['db_fields'], true);
257
                        return $this->db->quoteIdentifier($this->options['db_fields'], true);
255
                    } else {
258
                    } else {
256
                        return $this->options['db_fields'];
259
                        return $this->options['db_fields'];
257
                    }
260
                    }
258
                }
261
                }
259
            }
262
            }
260
        }
263
        }
261
 
264
 
262
        return '';
265
        return '';
263
    }
266
    }
264
    
267
 
265
    // }}}
268
    // }}}
266
    // {{{ fetchData()
269
    // {{{ fetchData()
267
 
270
 
268
    /**
271
    /**
269
     * Get user information from database
272
     * Get user information from database
270
     *
273
     *
271
     * This function uses the given username to fetch
274
     * This function uses the given username to fetch
272
     * the corresponding login data from the database
275
     * the corresponding login data from the database
273
     * table. If an account that matches the passed username
276
     * table. If an account that matches the passed username
274
     * and password is found, the function returns true.
277
     * and password is found, the function returns true.
275
     * Otherwise it returns false.
278
     * Otherwise it returns false.
276
     *
279
     *
277
     * @param   string Username
280
     * @param   string Username
278
     * @param   string Password
281
     * @param   string Password
279
     * @param   boolean If true password is secured using a md5 hash
282
     * @param   boolean If true password is secured using a md5 hash
280
     *                  the frontend and auth are responsible for making sure the container supports
283
     *                  the frontend and auth are responsible for making sure the container supports
281
     *                  challenge response password authentication
284
     *                  challenge response password authentication
282
     * @return  mixed  Error object or boolean
285
     * @return  mixed  Error object or boolean
283
     */
286
     */
284
    function fetchData($username, $password, $isChallengeResponse=false)
287
    function fetchData($username, $password, $isChallengeResponse=false)
285
    {
288
    {
-
 
289
        $this->log('Auth_Container_MDB2::fetchData() called.', AUTH_LOG_DEBUG);
286
        // Prepare for a database query
290
        // Prepare for a database query
287
        $err = $this->_prepare();
291
        $err = $this->_prepare();
288
        if ($err !== true) {
292
        if ($err !== true) {
289
            return PEAR::raiseError($err->getMessage(), $err->getCode());
293
            return PEAR::raiseError($err->getMessage(), $err->getCode());
290
        }
294
        }
291
 
295
 
292
        //Check if db_fields contains a *, if so assume all columns are selected
296
        //Check if db_fields contains a *, if so assume all columns are selected
293
        if (is_string($this->options['db_fields'])
297
        if (is_string($this->options['db_fields'])
294
            && strstr($this->options['db_fields'], '*')) {
298
            && strstr($this->options['db_fields'], '*')) {
295
            $sql_from = '*';
299
            $sql_from = '*';
296
        } else {
300
        } else {
297
            $sql_from = $this->options['final_usernamecol'].
301
            $sql_from = $this->options['final_usernamecol'].
298
                ", ".$this->options['final_passwordcol'];
302
                ", ".$this->options['final_passwordcol'];
299
 
303
 
300
            if (strlen($fields = $this->_quoteDBFields()) > 0) {
304
            if (strlen($fields = $this->_quoteDBFields()) > 0) {
301
                $sql_from .= ', '.$fields;
305
                $sql_from .= ', '.$fields;
302
            }
306
            }
303
        }
307
        }
304
        $query = sprintf("SELECT %s FROM %s WHERE %s = %s",
308
        $query = sprintf("SELECT %s FROM %s WHERE %s = %s",
305
                         $sql_from,
309
                         $sql_from,
306
                         $this->options['final_table'],
310
                         $this->options['final_table'],
307
                         $this->options['final_usernamecol'],
311
                         $this->options['final_usernamecol'],
308
                         $this->db->quote($username, 'text')
312
                         $this->db->quote($username, 'text')
309
                         );
313
                         );
-
 
314
 
-
 
315
        // check if there is an optional parameter db_where
-
 
316
        if ($this->options['db_where'] != '') {
-
 
317
            // there is one, so add it to the query
-
 
318
            $query .= " AND ".$this->options['db_where'];
-
 
319
        }
-
 
320
 
-
 
321
        $this->log('Running SQL against MDB2: '.$query, AUTH_LOG_DEBUG);
310
 
322
 
311
        $res = $this->db->queryRow($query, null, MDB2_FETCHMODE_ASSOC);
323
        $res = $this->db->queryRow($query, null, MDB2_FETCHMODE_ASSOC);
312
        if (MDB2::isError($res) || PEAR::isError($res)) {
324
        if (MDB2::isError($res) || PEAR::isError($res)) {
313
            return PEAR::raiseError($res->getMessage(), $res->getCode());
325
            return PEAR::raiseError($res->getMessage(), $res->getCode());
314
        }
326
        }
315
        if (!is_array($res)) {
327
        if (!is_array($res)) {
316
            $this->activeUser = '';
328
            $this->activeUser = '';
317
            return false;
329
            return false;
318
        }
330
        }
319
 
331
 
320
        // Perform trimming here before the hashing
332
        // Perform trimming here before the hashing
321
        $password = trim($password, "\r\n");
333
        $password = trim($password, "\r\n");
322
        $res[$this->options['passwordcol']] = trim($res[$this->options['passwordcol']], "\r\n");
334
        $res[$this->options['passwordcol']] = trim($res[$this->options['passwordcol']], "\r\n");
323
        // If using Challenge Response md5 the pass with the secret
335
        // If using Challenge Response md5 the pass with the secret
324
        if ($isChallengeResponse) {
336
        if ($isChallengeResponse) {
325
            $res[$this->options['passwordcol']] =
337
            $res[$this->options['passwordcol']] =
326
                md5($res[$this->options['passwordcol']].$this->_auth_obj->session['loginchallenege']);
338
                md5($res[$this->options['passwordcol']].$this->_auth_obj->session['loginchallenege']);
327
            // UGLY cannot avoid without modifying verifyPassword
339
            // UGLY cannot avoid without modifying verifyPassword
328
            if ($this->options['cryptType'] == 'md5') {
340
            if ($this->options['cryptType'] == 'md5') {
329
                $res[$this->options['passwordcol']] = md5($res[$this->options['passwordcol']]);
341
                $res[$this->options['passwordcol']] = md5($res[$this->options['passwordcol']]);
330
            }
342
            }
331
        }
343
        }
332
        if ($this->verifyPassword($password,
344
        if ($this->verifyPassword($password,
333
                                  $res[$this->options['passwordcol']],
345
                                  $res[$this->options['passwordcol']],
334
                                  $this->options['cryptType'])) {
346
                                  $this->options['cryptType'])) {
335
            // Store additional field values in the session
347
            // Store additional field values in the session
336
            foreach ($res as $key => $value) {
348
            foreach ($res as $key => $value) {
337
                if ($key == $this->options['passwordcol'] ||
349
                if ($key == $this->options['passwordcol'] ||
338
                    $key == $this->options['usernamecol']) {
350
                    $key == $this->options['usernamecol']) {
339
                    continue;
351
                    continue;
340
                }
352
                }
-
 
353
 
-
 
354
                $this->log('Storing additional field: '.$key, AUTH_LOG_DEBUG);
-
 
355
 
341
                // Use reference to the auth object if exists
356
                // Use reference to the auth object if exists
342
                // This is because the auth session variable can change so a static call to setAuthData does not make sense
357
                // This is because the auth session variable can change so a static call to setAuthData does not make sense
343
                $this->_auth_obj->setAuthData($key, $value);
358
                $this->_auth_obj->setAuthData($key, $value);
344
            }
359
            }
345
            return true;
360
            return true;
346
        }
361
        }
347
 
362
 
348
        $this->activeUser = $res[$this->options['usernamecol']];
363
        $this->activeUser = $res[$this->options['usernamecol']];
349
        return false;
364
        return false;
350
    }
365
    }
351
 
366
 
352
    // }}}
367
    // }}}
353
    // {{{ listUsers()
368
    // {{{ listUsers()
354
 
369
 
355
    /**
370
    /**
356
     * Returns a list of users from the container
371
     * Returns a list of users from the container
357
     *
372
     *
358
     * @return mixed array|PEAR_Error
373
     * @return mixed array|PEAR_Error
359
     * @access public
374
     * @access public
360
     */
375
     */
361
    function listUsers()
376
    function listUsers()
362
    {
377
    {
-
 
378
        $this->log('Auth_Container_MDB2::listUsers() called.', AUTH_LOG_DEBUG);
363
        $err = $this->_prepare();
379
        $err = $this->_prepare();
364
        if ($err !== true) {
380
        if ($err !== true) {
365
            return PEAR::raiseError($err->getMessage(), $err->getCode());
381
            return PEAR::raiseError($err->getMessage(), $err->getCode());
366
        }
382
        }
367
 
383
 
368
        $retVal = array();
384
        $retVal = array();
369
 
385
 
370
        //Check if db_fields contains a *, if so assume all columns are selected
386
        //Check if db_fields contains a *, if so assume all columns are selected
371
        if (   is_string($this->options['db_fields'])
387
        if (   is_string($this->options['db_fields'])
372
            && strstr($this->options['db_fields'], '*')) {
388
            && strstr($this->options['db_fields'], '*')) {
373
            $sql_from = '*';
389
            $sql_from = '*';
374
        } else {
390
        } else {
375
            $sql_from = $this->options['final_usernamecol'].
391
            $sql_from = $this->options['final_usernamecol'].
376
                ", ".$this->options['final_passwordcol'];
392
                ", ".$this->options['final_passwordcol'];
377
 
393
 
378
            if (strlen($fields = $this->_quoteDBFields()) > 0) {
394
            if (strlen($fields = $this->_quoteDBFields()) > 0) {
379
                $sql_from .= ', '.$fields;
395
                $sql_from .= ', '.$fields;
380
            }
396
            }
381
        }
397
        }
382
 
398
 
383
        $query = sprintf('SELECT %s FROM %s',
399
        $query = sprintf('SELECT %s FROM %s',
384
                         $sql_from,
400
                         $sql_from,
385
                         $this->options['final_table']
401
                         $this->options['final_table']
386
                         );
402
                         );
-
 
403
 
-
 
404
        // check if there is an optional parameter db_where
-
 
405
        if ($this->options['db_where'] != '') {
-
 
406
            // there is one, so add it to the query
-
 
407
            $query .= " WHERE ".$this->options['db_where'];
-
 
408
        }
-
 
409
 
-
 
410
        $this->log('Running SQL against MDB2: '.$query, AUTH_LOG_DEBUG);
387
 
411
 
388
        $res = $this->db->queryAll($query, null, MDB2_FETCHMODE_ASSOC);
412
        $res = $this->db->queryAll($query, null, MDB2_FETCHMODE_ASSOC);
389
        if (MDB2::isError($res)) {
413
        if (MDB2::isError($res)) {
390
            return PEAR::raiseError($res->getMessage(), $res->getCode());
414
            return PEAR::raiseError($res->getMessage(), $res->getCode());
391
        } else {
415
        } else {
392
            foreach ($res as $user) {
416
            foreach ($res as $user) {
393
                $user['username'] = $user[$this->options['usernamecol']];
417
                $user['username'] = $user[$this->options['usernamecol']];
394
                $retVal[] = $user;
418
                $retVal[] = $user;
395
            }
419
            }
396
        }
420
        }
-
 
421
        $this->log('Found '.count($retVal).' users.', AUTH_LOG_DEBUG);
397
        return $retVal;
422
        return $retVal;
398
    }
423
    }
399
 
424
 
400
    // }}}
425
    // }}}
401
    // {{{ addUser()
426
    // {{{ addUser()
402
 
427
 
403
    /**
428
    /**
404
     * Add user to the storage container
429
     * Add user to the storage container
405
     *
430
     *
406
     * @access public
431
     * @access public
407
     * @param  string Username
432
     * @param  string Username
408
     * @param  string Password
433
     * @param  string Password
409
     * @param  mixed  Additional information that are stored in the DB
434
     * @param  mixed  Additional information that are stored in the DB
410
     *
435
     *
411
     * @return mixed True on success, otherwise error object
436
     * @return mixed True on success, otherwise error object
412
     */
437
     */
413
    function addUser($username, $password, $additional = "")
438
    function addUser($username, $password, $additional = "")
414
    {
439
    {
-
 
440
        $this->log('Auth_Container_MDB2::addUser() called.', AUTH_LOG_DEBUG);
415
 
441
 
416
        // Prepare for a database query
442
        // Prepare for a database query
417
        $err = $this->_prepare();
443
        $err = $this->_prepare();
418
        if ($err !== true) {
444
        if ($err !== true) {
419
            return PEAR::raiseError($err->getMessage(), $err->getCode());
445
            return PEAR::raiseError($err->getMessage(), $err->getCode());
420
        }
446
        }
421
 
447
 
422
        if (isset($this->options['cryptType']) && $this->options['cryptType'] == 'none') {
448
        if (isset($this->options['cryptType']) && $this->options['cryptType'] == 'none') {
423
            $cryptFunction = 'strval';
449
            $cryptFunction = 'strval';
424
        } elseif (isset($this->options['cryptType']) && function_exists($this->options['cryptType'])) {
450
        } elseif (isset($this->options['cryptType']) && function_exists($this->options['cryptType'])) {
425
            $cryptFunction = $this->options['cryptType'];
451
            $cryptFunction = $this->options['cryptType'];
426
        } else {
452
        } else {
427
            $cryptFunction = 'md5';
453
            $cryptFunction = 'md5';
428
        }
454
        }
429
 
455
 
430
        $password = $cryptFunction($password);
456
        $password = $cryptFunction($password);
431
 
457
 
432
        $additional_key   = '';
458
        $additional_key   = '';
433
        $additional_value = '';
459
        $additional_value = '';
434
 
460
 
435
        if (is_array($additional)) {
461
        if (is_array($additional)) {
436
            foreach ($additional as $key => $value) {
462
            foreach ($additional as $key => $value) {
437
                if ($this->options['auto_quote']) {
463
                if ($this->options['auto_quote']) {
438
                    $additional_key   .= ', ' . $this->db->quoteIdentifier($key, true);
464
                    $additional_key   .= ', ' . $this->db->quoteIdentifier($key, true);
439
                } else {
465
                } else {
440
                    $additional_key   .= ', ' . $key;
466
                    $additional_key   .= ', ' . $key;
441
                }
467
                }
442
                $additional_value .= ', ' . $this->db->quote($value, 'text');
468
                $additional_value .= ', ' . $this->db->quote($value, 'text');
443
            }
469
            }
444
        }
470
        }
445
 
471
 
446
        $query = sprintf("INSERT INTO %s (%s, %s%s) VALUES (%s, %s%s)",
472
        $query = sprintf("INSERT INTO %s (%s, %s%s) VALUES (%s, %s%s)",
447
                         $this->options['final_table'],
473
                         $this->options['final_table'],
448
                         $this->options['final_usernamecol'],
474
                         $this->options['final_usernamecol'],
449
                         $this->options['final_passwordcol'],
475
                         $this->options['final_passwordcol'],
450
                         $additional_key,
476
                         $additional_key,
451
                         $this->db->quote($username, 'text'),
477
                         $this->db->quote($username, 'text'),
452
                         $this->db->quote($password, 'text'),
478
                         $this->db->quote($password, 'text'),
453
                         $additional_value
479
                         $additional_value
454
                         );
480
                         );
-
 
481
 
-
 
482
        $this->log('Running SQL against MDB2: '.$query, AUTH_LOG_DEBUG);
455
 
483
 
456
        $res = $this->query($query);
484
        $res = $this->query($query);
457
 
485
 
458
        if (MDB2::isError($res)) {
486
        if (MDB2::isError($res)) {
459
            return PEAR::raiseError($res->getMessage(), $res->code);
487
            return PEAR::raiseError($res->getMessage(), $res->code);
460
        }
488
        }
461
        return true;
489
        return true;
462
    }
490
    }
463
 
491
 
464
    // }}}
492
    // }}}
465
    // {{{ removeUser()
493
    // {{{ removeUser()
466
 
494
 
467
    /**
495
    /**
468
     * Remove user from the storage container
496
     * Remove user from the storage container
469
     *
497
     *
470
     * @access public
498
     * @access public
471
     * @param  string Username
499
     * @param  string Username
472
     *
500
     *
473
     * @return mixed True on success, otherwise error object
501
     * @return mixed True on success, otherwise error object
474
     */
502
     */
475
    function removeUser($username)
503
    function removeUser($username)
476
    {
504
    {
-
 
505
        $this->log('Auth_Container_MDB2::removeUser() called.', AUTH_LOG_DEBUG);
477
        // Prepare for a database query
506
        // Prepare for a database query
478
        $err = $this->_prepare();
507
        $err = $this->_prepare();
479
        if ($err !== true) {
508
        if ($err !== true) {
480
            return PEAR::raiseError($err->getMessage(), $err->getCode());
509
            return PEAR::raiseError($err->getMessage(), $err->getCode());
481
        }
510
        }
482
 
511
 
483
        $query = sprintf("DELETE FROM %s WHERE %s = %s",
512
        $query = sprintf("DELETE FROM %s WHERE %s = %s",
484
                         $this->options['final_table'],
513
                         $this->options['final_table'],
485
                         $this->options['final_usernamecol'],
514
                         $this->options['final_usernamecol'],
486
                         $this->db->quote($username, 'text')
515
                         $this->db->quote($username, 'text')
487
                         );
516
                         );
-
 
517
 
-
 
518
        // check if there is an optional parameter db_where
-
 
519
        if ($this->options['db_where'] != '') {
-
 
520
            // there is one, so add it to the query
-
 
521
            $query .= " AND ".$this->options['db_where'];
-
 
522
        }
-
 
523
 
-
 
524
        $this->log('Running SQL against MDB2: '.$query, AUTH_LOG_DEBUG);
488
 
525
 
489
        $res = $this->query($query);
526
        $res = $this->query($query);
490
 
527
 
491
        if (MDB2::isError($res)) {
528
        if (MDB2::isError($res)) {
492
            return PEAR::raiseError($res->getMessage(), $res->code);
529
            return PEAR::raiseError($res->getMessage(), $res->code);
493
        }
530
        }
494
        return true;
531
        return true;
495
    }
532
    }
496
 
533
 
497
    // }}}
534
    // }}}
498
    // {{{ changePassword()
535
    // {{{ changePassword()
499
 
536
 
500
    /**
537
    /**
501
     * Change password for user in the storage container
538
     * Change password for user in the storage container
502
     *
539
     *
503
     * @param string Username
540
     * @param string Username
504
     * @param string The new password (plain text)
541
     * @param string The new password (plain text)
505
     */
542
     */
506
    function changePassword($username, $password)
543
    function changePassword($username, $password)
507
    {
544
    {
-
 
545
        $this->log('Auth_Container_MDB2::changePassword() called.', AUTH_LOG_DEBUG);
508
        // Prepare for a database query
546
        // Prepare for a database query
509
        $err = $this->_prepare();
547
        $err = $this->_prepare();
510
        if ($err !== true) {
548
        if ($err !== true) {
511
            return PEAR::raiseError($err->getMessage(), $err->getCode());
549
            return PEAR::raiseError($err->getMessage(), $err->getCode());
512
        }
550
        }
513
 
551
 
514
        if (isset($this->options['cryptType']) && $this->options['cryptType'] == 'none') {
552
        if (isset($this->options['cryptType']) && $this->options['cryptType'] == 'none') {
515
            $cryptFunction = 'strval';
553
            $cryptFunction = 'strval';
516
        } elseif (isset($this->options['cryptType']) && function_exists($this->options['cryptType'])) {
554
        } elseif (isset($this->options['cryptType']) && function_exists($this->options['cryptType'])) {
517
            $cryptFunction = $this->options['cryptType'];
555
            $cryptFunction = $this->options['cryptType'];
518
        } else {
556
        } else {
519
            $cryptFunction = 'md5';
557
            $cryptFunction = 'md5';
520
        }
558
        }
521
 
559
 
522
        $password = $cryptFunction($password);
560
        $password = $cryptFunction($password);
523
 
561
 
524
        $query = sprintf("UPDATE %s SET %s = %s WHERE %s = %s",
562
        $query = sprintf("UPDATE %s SET %s = %s WHERE %s = %s",
525
                         $this->options['final_table'],
563
                         $this->options['final_table'],
526
                         $this->options['final_passwordcol'],
564
                         $this->options['final_passwordcol'],
527
                         $this->db->quote($password, 'text'),
565
                         $this->db->quote($password, 'text'),
528
                         $this->options['final_usernamecol'],
566
                         $this->options['final_usernamecol'],
529
                         $this->db->quote($username, 'text')
567
                         $this->db->quote($username, 'text')
530
                         );
568
                         );
-
 
569
 
-
 
570
        // check if there is an optional parameter db_where
-
 
571
        if ($this->options['db_where'] != '') {
-
 
572
            // there is one, so add it to the query
-
 
573
            $query .= " AND ".$this->options['db_where'];
-
 
574
        }
-
 
575
 
-
 
576
        $this->log('Running SQL against MDB2: '.$query, AUTH_LOG_DEBUG);
531
 
577
 
532
        $res = $this->query($query);
578
        $res = $this->query($query);
533
 
579
 
534
        if (MDB2::isError($res)) {
580
        if (MDB2::isError($res)) {
535
            return PEAR::raiseError($res->getMessage(), $res->code);
581
            return PEAR::raiseError($res->getMessage(), $res->code);
536
        }
582
        }
537
        return true;
583
        return true;
538
    }
584
    }
539
 
585
 
540
    // }}}
586
    // }}}
541
    // {{{ supportsChallengeResponse()
587
    // {{{ supportsChallengeResponse()
542
 
588
 
543
    /**
589
    /**
544
     * Determine if this container supports
590
     * Determine if this container supports
545
     * password authentication with challenge response
591
     * password authentication with challenge response
546
     *
592
     *
547
     * @return bool
593
     * @return bool
548
     * @access public
594
     * @access public
549
     */
595
     */
550
    function supportsChallengeResponse()
596
    function supportsChallengeResponse()
551
    {
597
    {
552
        return in_array($this->options['cryptType'], array('md5', 'none', ''));
598
        return in_array($this->options['cryptType'], array('md5', 'none', ''));
553
    }
599
    }
554
 
600
 
555
    // }}}
601
    // }}}
556
    // {{{ getCryptType()
602
    // {{{ getCryptType()
557
 
603
 
558
    /**
604
    /**
559
     * Returns the selected crypt type for this container
605
     * Returns the selected crypt type for this container
560
     *
606
     *
561
     * @return string Function used to crypt the password
607
     * @return string Function used to crypt the password
562
     */
608
     */
563
    function getCryptType()
609
    function getCryptType()
564
    {
610
    {
565
        return $this->options['cryptType'];
611
        return $this->options['cryptType'];
566
    }
612
    }
567
 
613
 
568
    // }}}
614
    // }}}
569
 
615
 
570
}
616
}
571
?>
617
?>