[sql-web.git] / lib / security.lib.php

<?php

require_once('mitsql.lib.php');

class Login {
	var $u, $p;
    var $info;
    function Login($u, $p=null) {
		$this->u = $u;
		$this->p = $p;
        $opt = is_null($p)?'':sprintf(" AND Password='%s' ", mysql_escape_string(base64_encode($p)));
        $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
                        FROM User
                        WHERE Username = '%s'
                        $opt",
                        mysql_escape_string($u));
        $r = fetchRows(DBSelect($sql),'UserId');
        $this->info = count($r)?array_shift($r):$r;
    }
    function exists() {
        return count($this->info);
    }
	function isValid() {
		return $this->getUL()>0;
	}
    function isEnabled() {
        return $this->exists() && $this->info['bEnabled']==1;
    }
    function canLogin() {
        return $this->isEnabled() && $this->isValid();
    }
    function canSignup() {
        return !$this->isEnabled() && $this->isValid();
    }
    function getUserId() {
        return $this->exists()?$this->info['UserId']:'';
    }
    function getUsername() {
        return $this->exists()?$this->info['Username']:'';
    }
    function getName() {
        return $this->exists()?$this->info['Name']:'';
    }
    function getEmail() {
        return $this->exists()?$this->info['Email']:'';
    }
    function getUL() {
        return $this->exists()?$this->info['UL']:'';
    }
    function expire() {
        $this->info = null;
    }
    function refresh() {
        $this->Login($this->u,$this->p);
    }
    function update($name=null,$email=null) {
        if (!$this->exists()) return;
        $arr = array();
		if ($name == $this->getName()) $name = null;
		if ($email == $this->getEmail()) $email = null;
        is_null($name) || $arr['Name'] = $name;
        is_null($email) || $arr['Email'] = $email;
        $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
                        buildSQLSet($arr), mysql_escape_string($this->getUserId()));
        DBUpdate($sql);
		if (isset($arr['Name']))
			$this->name = $arr['Name'];
		if (isset($arr['Email']))
			$this->email = $arr['Email'];
	}
}

class User {
	var $userId;
	var $info;
	var $pass;
	var $dblist;
    function User($userId) {
		$this->userId = $userId;
        $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
                        FROM User
                        WHERE UserId = '%s'",
                        mysql_escape_string($userId));
        $r = fetchRows(DBSelect($sql),'UserId');
        $this->info = count($r)?array_shift($r):$r;
		$this->pass = base64_decode($this->info['Password']);
    }
    function exists() {
        return count($this->info);
    }
    function getUserId() {
        return $this->exists()?$this->info['UserId']:'';
    }
    function getUsername() {
        return $this->exists()?$this->info['Username']:'';
    }
	function setPassword($pwd) {
		$arr['Password'] = base64_encode($pwd);
        $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
                        buildSQLSet($arr), mysql_escape_string($this->getUserId()));
        DBUpdate($sql);
	}
	function signup($pwd) {
		$this->pass = $pwd;
		$arr['Password'] = base64_encode($pwd);
		$arr['bEnabled'] = 1;
		$arr['dSignup'] = 'NOW()';
        $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
                        buildSQLSet($arr), mysql_escape_string($this->getUserId()));
        DBUpdate($sql);

		$this->setUsage();
		$this->setAccess();
	}
	function setUsage($yes=true) {
		$verb = $yes?'GRANT':'REVOKE';
		$prep = $yes?'TO':'FROM';
		$suffix = $yes?sprintf("IDENTIFIED BY `%s`",mysql_escape_string($this->pass)):'';
		$sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
						mysql_escape_string($verb),
						mysql_escape_string($prep),
						mysql_escape_string($this->getUsername()),
						'%',
						mysql_escape_string($suffix));
		DBGrant($sql);
	}
	function setAccess($db=null,$yes=true) {
		$verb = $yes?'GRANT':'REVOKE';
		$prep = $yes?'TO':'FROM';
		if (is_null($db)) {
			$this->dblist = $this->getDBList();
			$dbs = $this->dblist;
		} else {
			$dbs[] = array('Name'=>$db);
		}
		foreach($dbs as $db) {
			$name = $db['Name'];
			$sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'",
							mysql_escape_string($verb),
							mysql_escape_string($name),
							mysql_escape_string($prep),
							$this->getUsername,
							'%');
			DBGrant($sql);
		}
	}
	function getDBList() {
		$sql = sprintf("SELECT *
						FROM DBOwner
						INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
						INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
						WHERE UserId = '%s'",
						mysql_escape_string($this->getUserId()));
		$r = fetchRows(DBSelect($sql),'DatabaseId');
		return $r;
	}
}


function isLoggedIn($aLogin=null) {
    if (is_null($aLogin)) {
        global $Login;
        $aLogin = $Login;
    }
    return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
}

function isSSL() {
	return $_SERVER['SERVER_PORT'] == 443;
}

function getSSLCert() {
    if (DEVEL && file_exists('.forceauth')) {
        $fu = explode('|',file_get_contents('.forceauth'));
        $name = trim($fu[0]);
        $email = trim($fu[1]);
    } else {
        $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null;
        $email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null;
    }
    if (!is_null($email)) {
        $user = explode('@',$email);
		$user = $user[0];
        return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email);
	} else {
		return null;
	}
}

## 302 REDIRECTS

function redirect($target=null,$secure=true) {
    $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
    redirectFull(is_null($target)?$base:($base.$target),$secure);
}
function redirectFull($target,$secure) {
	redirect2((isSSL()&&$secure?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
}
function redirect2($target) {
	header('Location: '.$target);
	exit;
}
function flipSSL() {
	return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
}

## USER SCRIPTS

function addUser($sslCredentials) {
    global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT;

    $arr = array_merge($sslCredentials, $_NEW_USER);
    $sql = sprintf("INSERT INTO User %s",
                    buildSQLInsert($arr));
    $UserId = DBInsert($sql);

	$arr = $_NEW_USERQUOTA;
	$arr['UserId'] = $UserId;
    $sql = sprintf("INSERT INTO UserQuota %s",
                    buildSQLInsert($arr));
	DBInsert($sql);

	$arr = $_NEW_USERSTAT;
	$arr['UserId'] = $UserId;
    $sql = sprintf("INSERT INTO UserQuota %s",
                    buildSQLInsert($arr));
	DBInsert($sql);

	return $UserId;
}

?>
Commit	Line	Data
997305cf JP	1	<?php
	2
	3	require_once('mitsql.lib.php');
	4
	5	class Login {
dc478ec8	6	var $u, $p;
997305cf JP	7	var $info;
997305cf JP	8	function Login($u, $p=null) {
dc478ec8 JP	9	$this->u = $u;
dc478ec8 JP	10	$this->p = $p;
997305cf JP	11	$opt = is_null($p)?'':sprintf(" AND Password='%s' ", mysql_escape_string(base64_encode($p)));
	12	$sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
	13	FROM User
	14	WHERE Username = '%s'
	15	$opt",
	16	mysql_escape_string($u));
	17	$r = fetchRows(DBSelect($sql),'UserId');
dc478ec8	18	$this->info = count($r)?array_shift($r):$r;
997305cf JP	19	}
997305cf JP	20	function exists() {
dc478ec8	21	return count($this->info);
997305cf	22	}
dc478ec8 JP	23	function isValid() {
	24	return $this->getUL()>0;
	25	}
997305cf JP	26	function isEnabled() {
	27	return $this->exists() && $this->info['bEnabled']==1;
	28	}
dc478ec8 JP	29	function canLogin() {
	30	return $this->isEnabled() && $this->isValid();
	31	}
	32	function canSignup() {
	33	return !$this->isEnabled() && $this->isValid();
	34	}
997305cf	35	function getUserId() {
dc478ec8	36	return $this->exists()?$this->info['UserId']:'';
997305cf JP	37	}
997305cf JP	38	function getUsername() {
dc478ec8	39	return $this->exists()?$this->info['Username']:'';
997305cf JP	40	}
997305cf JP	41	function getName() {
dc478ec8	42	return $this->exists()?$this->info['Name']:'';
997305cf JP	43	}
997305cf JP	44	function getEmail() {
dc478ec8	45	return $this->exists()?$this->info['Email']:'';
997305cf JP	46	}
997305cf JP	47	function getUL() {
dc478ec8	48	return $this->exists()?$this->info['UL']:'';
997305cf JP	49	}
	50	function expire() {
	51	$this->info = null;
	52	}
	53	function refresh() {
dc478ec8	54	$this->Login($this->u,$this->p);
997305cf JP	55	}
	56	function update($name=null,$email=null) {
	57	if (!$this->exists()) return;
	58	$arr = array();
dc478ec8 JP	59	if ($name == $this->getName()) $name = null;
dc478ec8 JP	60	if ($email == $this->getEmail()) $email = null;
997305cf JP	61	is_null($name) \|\| $arr['Name'] = $name;
	62	is_null($email) \|\| $arr['Email'] = $email;
	63	$sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
	64	buildSQLSet($arr), mysql_escape_string($this->getUserId()));
	65	DBUpdate($sql);
dc478ec8 JP	66	if (isset($arr['Name']))
	67	$this->name = $arr['Name'];
	68	if (isset($arr['Email']))
	69	$this->email = $arr['Email'];
	70	}
	71	}
	72
	73	class User {
	74	var $userId;
	75	var $info;
	76	var $pass;
	77	var $dblist;
	78	function User($userId) {
	79	$this->userId = $userId;
	80	$sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
	81	FROM User
	82	WHERE UserId = '%s'",
	83	mysql_escape_string($userId));
	84	$r = fetchRows(DBSelect($sql),'UserId');
	85	$this->info = count($r)?array_shift($r):$r;
	86	$this->pass = base64_decode($this->info['Password']);
997305cf	87	}
dc478ec8 JP	88	function exists() {
	89	return count($this->info);
	90	}
	91	function getUserId() {
	92	return $this->exists()?$this->info['UserId']:'';
	93	}
	94	function getUsername() {
	95	return $this->exists()?$this->info['Username']:'';
	96	}
	97	function setPassword($pwd) {
	98	$arr['Password'] = base64_encode($pwd);
	99	$sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
	100	buildSQLSet($arr), mysql_escape_string($this->getUserId()));
	101	DBUpdate($sql);
	102	}
	103	function signup($pwd) {
	104	$this->pass = $pwd;
	105	$arr['Password'] = base64_encode($pwd);
	106	$arr['bEnabled'] = 1;
	107	$arr['dSignup'] = 'NOW()';
	108	$sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
	109	buildSQLSet($arr), mysql_escape_string($this->getUserId()));
	110	DBUpdate($sql);
	111
	112	$this->setUsage();
	113	$this->setAccess();
	114	}
	115	function setUsage($yes=true) {
	116	$verb = $yes?'GRANT':'REVOKE';
	117	$prep = $yes?'TO':'FROM';
	118	$suffix = $yes?sprintf("IDENTIFIED BY `%s`",mysql_escape_string($this->pass)):'';
	119	$sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
	120	mysql_escape_string($verb),
	121	mysql_escape_string($prep),
	122	mysql_escape_string($this->getUsername()),
	123	'%',
	124	mysql_escape_string($suffix));
	125	DBGrant($sql);
	126	}
	127	function setAccess($db=null,$yes=true) {
	128	$verb = $yes?'GRANT':'REVOKE';
	129	$prep = $yes?'TO':'FROM';
	130	if (is_null($db)) {
	131	$this->dblist = $this->getDBList();
	132	$dbs = $this->dblist;
	133	} else {
	134	$dbs[] = array('Name'=>$db);
	135	}
	136	foreach($dbs as $db) {
	137	$name = $db['Name'];
	138	$sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'",
	139	mysql_escape_string($verb),
	140	mysql_escape_string($name),
	141	mysql_escape_string($prep),
	142	$this->getUsername,
	143	'%');
	144	DBGrant($sql);
	145	}
	146	}
	147	function getDBList() {
	148	$sql = sprintf("SELECT *
	149	FROM DBOwner
	150	INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
	151	INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
152	WHERE UserId = '%s'",
153	mysql_escape_string($this->getUserId()));
154	$r = fetchRows(DBSelect($sql),'DatabaseId');
155	return $r;
156	}
997305cf JP	157	}
	158
	159
	160	function isLoggedIn($aLogin=null) {
	161	if (is_null($aLogin)) {
	162	global $Login;
	163	$aLogin = $Login;
	164	}
dc478ec8	165	return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
997305cf JP	166	}
	167
	168	function isSSL() {
	169	return $_SERVER['SERVER_PORT'] == 443;
	170	}
	171
	172	function getSSLCert() {
	173	if (DEVEL && file_exists('.forceauth')) {
	174	$fu = explode('\|',file_get_contents('.forceauth'));
dc478ec8 JP	175	$name = trim($fu[0]);
dc478ec8 JP	176	$email = trim($fu[1]);
997305cf JP	177	} else {
	178	$name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null;
	179	$email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null;
	180	}
	181	if (!is_null($email)) {
	182	$user = explode('@',$email);
	183	$user = $user[0];
	184	return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email);
	185	} else {
	186	return null;
	187	}
	188	}
	189
	190	## 302 REDIRECTS
	191
dc478ec8	192	function redirect($target=null,$secure=true) {
997305cf	193	$base = (is_null($target)\|\|substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
dc478ec8	194	redirectFull(is_null($target)?$base:($base.$target),$secure);
997305cf	195	}
dc478ec8 JP	196	function redirectFull($target,$secure) {
dc478ec8 JP	197	redirect2((isSSL()&&$secure?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
997305cf JP	198	}
	199	function redirect2($target) {
	200	header('Location: '.$target);
	201	exit;
	202	}
dc478ec8 JP	203	function flipSSL() {
	204	return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
	205	}
997305cf JP	206
	207	## USER SCRIPTS
	208
	209	function addUser($sslCredentials) {
dc478ec8 JP	210	global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT;
dc478ec8 JP	211
997305cf JP	212	$arr = array_merge($sslCredentials, $_NEW_USER);
	213	$sql = sprintf("INSERT INTO User %s",
	214	buildSQLInsert($arr));
dc478ec8 JP	215	$UserId = DBInsert($sql);
	216
	217	$arr = $_NEW_USERQUOTA;
	218	$arr['UserId'] = $UserId;
	219	$sql = sprintf("INSERT INTO UserQuota %s",
	220	buildSQLInsert($arr));
	221	DBInsert($sql);
	222
	223	$arr = $_NEW_USERSTAT;
	224	$arr['UserId'] = $UserId;
	225	$sql = sprintf("INSERT INTO UserQuota %s",
	226	buildSQLInsert($arr));
	227	DBInsert($sql);
	228
	229	return $UserId;
997305cf JP	230	}
	231
	232	?>