]>
Commit | Line | Data |
---|---|---|
997305cf JP |
1 | <?php |
2 | ||
3 | require_once('mitsql.lib.php'); | |
4 | ||
5 | class Login { | |
dc478ec8 | 6 | var $u, $p; |
997305cf JP |
7 | var $info; |
8 | function Login($u, $p=null) { | |
dc478ec8 JP |
9 | $this->u = $u; |
10 | $this->p = $p; | |
997305cf JP |
11 | $opt = is_null($p)?'':sprintf(" AND Password='%s' ", mysql_escape_string(base64_encode($p))); |
12 | $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled | |
13 | FROM User | |
14 | WHERE Username = '%s' | |
15 | $opt", | |
16 | mysql_escape_string($u)); | |
17 | $r = fetchRows(DBSelect($sql),'UserId'); | |
dc478ec8 | 18 | $this->info = count($r)?array_shift($r):$r; |
997305cf JP |
19 | } |
20 | function exists() { | |
dc478ec8 | 21 | return count($this->info); |
997305cf | 22 | } |
dc478ec8 JP |
23 | function isValid() { |
24 | return $this->getUL()>0; | |
25 | } | |
997305cf JP |
26 | function isEnabled() { |
27 | return $this->exists() && $this->info['bEnabled']==1; | |
28 | } | |
dc478ec8 JP |
29 | function canLogin() { |
30 | return $this->isEnabled() && $this->isValid(); | |
31 | } | |
32 | function canSignup() { | |
33 | return !$this->isEnabled() && $this->isValid(); | |
34 | } | |
997305cf | 35 | function getUserId() { |
dc478ec8 | 36 | return $this->exists()?$this->info['UserId']:''; |
997305cf JP |
37 | } |
38 | function getUsername() { | |
dc478ec8 | 39 | return $this->exists()?$this->info['Username']:''; |
997305cf JP |
40 | } |
41 | function getName() { | |
dc478ec8 | 42 | return $this->exists()?$this->info['Name']:''; |
997305cf JP |
43 | } |
44 | function getEmail() { | |
dc478ec8 | 45 | return $this->exists()?$this->info['Email']:''; |
997305cf JP |
46 | } |
47 | function getUL() { | |
dc478ec8 | 48 | return $this->exists()?$this->info['UL']:''; |
997305cf JP |
49 | } |
50 | function expire() { | |
51 | $this->info = null; | |
52 | } | |
53 | function refresh() { | |
dc478ec8 | 54 | $this->Login($this->u,$this->p); |
997305cf JP |
55 | } |
56 | function update($name=null,$email=null) { | |
57 | if (!$this->exists()) return; | |
58 | $arr = array(); | |
dc478ec8 JP |
59 | if ($name == $this->getName()) $name = null; |
60 | if ($email == $this->getEmail()) $email = null; | |
997305cf JP |
61 | is_null($name) || $arr['Name'] = $name; |
62 | is_null($email) || $arr['Email'] = $email; | |
63 | $sql = sprintf("UPDATE User %s WHERE UserId = '%s'", | |
64 | buildSQLSet($arr), mysql_escape_string($this->getUserId())); | |
65 | DBUpdate($sql); | |
dc478ec8 JP |
66 | if (isset($arr['Name'])) |
67 | $this->name = $arr['Name']; | |
68 | if (isset($arr['Email'])) | |
69 | $this->email = $arr['Email']; | |
70 | } | |
71 | } | |
72 | ||
73 | class User { | |
74 | var $userId; | |
75 | var $info; | |
76 | var $pass; | |
77 | var $dblist; | |
78 | function User($userId) { | |
79 | $this->userId = $userId; | |
80 | $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled | |
81 | FROM User | |
82 | WHERE UserId = '%s'", | |
83 | mysql_escape_string($userId)); | |
84 | $r = fetchRows(DBSelect($sql),'UserId'); | |
85 | $this->info = count($r)?array_shift($r):$r; | |
86 | $this->pass = base64_decode($this->info['Password']); | |
997305cf | 87 | } |
dc478ec8 JP |
88 | function exists() { |
89 | return count($this->info); | |
90 | } | |
91 | function getUserId() { | |
92 | return $this->exists()?$this->info['UserId']:''; | |
93 | } | |
94 | function getUsername() { | |
95 | return $this->exists()?$this->info['Username']:''; | |
96 | } | |
97 | function setPassword($pwd) { | |
98 | $arr['Password'] = base64_encode($pwd); | |
99 | $sql = sprintf("UPDATE User %s WHERE UserId = '%s'", | |
100 | buildSQLSet($arr), mysql_escape_string($this->getUserId())); | |
101 | DBUpdate($sql); | |
102 | } | |
103 | function signup($pwd) { | |
104 | $this->pass = $pwd; | |
105 | $arr['Password'] = base64_encode($pwd); | |
106 | $arr['bEnabled'] = 1; | |
107 | $arr['dSignup'] = 'NOW()'; | |
108 | $sql = sprintf("UPDATE User %s WHERE UserId = '%s'", | |
109 | buildSQLSet($arr), mysql_escape_string($this->getUserId())); | |
110 | DBUpdate($sql); | |
111 | ||
112 | $this->setUsage(); | |
113 | $this->setAccess(); | |
114 | } | |
115 | function setUsage($yes=true) { | |
116 | $verb = $yes?'GRANT':'REVOKE'; | |
117 | $prep = $yes?'TO':'FROM'; | |
118 | $suffix = $yes?sprintf("IDENTIFIED BY `%s`",mysql_escape_string($this->pass)):''; | |
119 | $sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s", | |
120 | mysql_escape_string($verb), | |
121 | mysql_escape_string($prep), | |
122 | mysql_escape_string($this->getUsername()), | |
123 | '%', | |
124 | mysql_escape_string($suffix)); | |
125 | DBGrant($sql); | |
126 | } | |
127 | function setAccess($db=null,$yes=true) { | |
128 | $verb = $yes?'GRANT':'REVOKE'; | |
129 | $prep = $yes?'TO':'FROM'; | |
130 | if (is_null($db)) { | |
131 | $this->dblist = $this->getDBList(); | |
132 | $dbs = $this->dblist; | |
133 | } else { | |
134 | $dbs[] = array('Name'=>$db); | |
135 | } | |
136 | foreach($dbs as $db) { | |
137 | $name = $db['Name']; | |
138 | $sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'", | |
139 | mysql_escape_string($verb), | |
140 | mysql_escape_string($name), | |
141 | mysql_escape_string($prep), | |
142 | $this->getUsername, | |
143 | '%'); | |
144 | DBGrant($sql); | |
145 | } | |
146 | } | |
147 | function getDBList() { | |
148 | $sql = sprintf("SELECT * | |
149 | FROM DBOwner | |
150 | INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId | |
151 | INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId | |
152 | WHERE UserId = '%s'", | |
153 | mysql_escape_string($this->getUserId())); | |
154 | $r = fetchRows(DBSelect($sql),'DatabaseId'); | |
155 | return $r; | |
156 | } | |
997305cf JP |
157 | } |
158 | ||
159 | ||
160 | function isLoggedIn($aLogin=null) { | |
161 | if (is_null($aLogin)) { | |
162 | global $Login; | |
163 | $aLogin = $Login; | |
164 | } | |
dc478ec8 | 165 | return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin(); |
997305cf JP |
166 | } |
167 | ||
168 | function isSSL() { | |
169 | return $_SERVER['SERVER_PORT'] == 443; | |
170 | } | |
171 | ||
172 | function getSSLCert() { | |
173 | if (DEVEL && file_exists('.forceauth')) { | |
174 | $fu = explode('|',file_get_contents('.forceauth')); | |
dc478ec8 JP |
175 | $name = trim($fu[0]); |
176 | $email = trim($fu[1]); | |
997305cf JP |
177 | } else { |
178 | $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null; | |
179 | $email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null; | |
180 | } | |
181 | if (!is_null($email)) { | |
182 | $user = explode('@',$email); | |
183 | $user = $user[0]; | |
184 | return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email); | |
185 | } else { | |
186 | return null; | |
187 | } | |
188 | } | |
189 | ||
190 | ## 302 REDIRECTS | |
191 | ||
dc478ec8 | 192 | function redirect($target=null,$secure=true) { |
997305cf | 193 | $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/'); |
dc478ec8 | 194 | redirectFull(is_null($target)?$base:($base.$target),$secure); |
997305cf | 195 | } |
dc478ec8 JP |
196 | function redirectFull($target,$secure) { |
197 | redirect2((isSSL()&&$secure?'https://':'http://').$_SERVER['SERVER_NAME'].$target); | |
997305cf JP |
198 | } |
199 | function redirect2($target) { | |
200 | header('Location: '.$target); | |
201 | exit; | |
202 | } | |
dc478ec8 JP |
203 | function flipSSL() { |
204 | return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL']; | |
205 | } | |
997305cf JP |
206 | |
207 | ## USER SCRIPTS | |
208 | ||
209 | function addUser($sslCredentials) { | |
dc478ec8 JP |
210 | global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT; |
211 | ||
997305cf JP |
212 | $arr = array_merge($sslCredentials, $_NEW_USER); |
213 | $sql = sprintf("INSERT INTO User %s", | |
214 | buildSQLInsert($arr)); | |
dc478ec8 JP |
215 | $UserId = DBInsert($sql); |
216 | ||
217 | $arr = $_NEW_USERQUOTA; | |
218 | $arr['UserId'] = $UserId; | |
219 | $sql = sprintf("INSERT INTO UserQuota %s", | |
220 | buildSQLInsert($arr)); | |
221 | DBInsert($sql); | |
222 | ||
223 | $arr = $_NEW_USERSTAT; | |
224 | $arr['UserId'] = $UserId; | |
225 | $sql = sprintf("INSERT INTO UserQuota %s", | |
226 | buildSQLInsert($arr)); | |
227 | DBInsert($sql); | |
228 | ||
229 | return $UserId; | |
997305cf JP |
230 | } |
231 | ||
232 | ?> |