]>
Commit | Line | Data |
---|---|---|
997305cf | 1 | <?php |
79ffa771 JP |
2 | /* |
3 | (c) 2005 Joe Presbrey | |
4 | */ | |
997305cf JP |
5 | |
6 | require_once('mitsql.lib.php'); | |
7 | ||
8 | class Login { | |
e346f2b3 JP |
9 | private $id, $u, $p; |
10 | private $info; | |
997305cf | 11 | function Login($u, $p=null) { |
377015e0 | 12 | if (empty($u)) return; |
e47be57b | 13 | $this->u = $u; |
dc478ec8 | 14 | $this->p = $p; |
89905822 | 15 | if (is_null($p)) { |
e47be57b | 16 | $this->id = $u; |
89905822 | 17 | $opt = sprintf(" UserId = '%s'", mysql_escape_string($u)); |
e47be57b JP |
18 | } else { |
19 | $opt = sprintf(" Username = '%s'", mysql_escape_string($u)); | |
20 | $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p)))); | |
21 | } | |
997305cf JP |
22 | $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled |
23 | FROM User | |
377015e0 | 24 | WHERE %s", $opt); |
997305cf | 25 | $r = fetchRows(DBSelect($sql),'UserId'); |
e47be57b JP |
26 | $this->info = count($r)?array_shift($r):$r; |
27 | } | |
997305cf | 28 | function exists() { |
dc478ec8 | 29 | return count($this->info); |
997305cf | 30 | } |
dc478ec8 JP |
31 | function isValid() { |
32 | return $this->getUL()>0; | |
33 | } | |
997305cf JP |
34 | function isEnabled() { |
35 | return $this->exists() && $this->info['bEnabled']==1; | |
36 | } | |
dc478ec8 JP |
37 | function canLogin() { |
38 | return $this->isEnabled() && $this->isValid(); | |
39 | } | |
40 | function canSignup() { | |
41 | return !$this->isEnabled() && $this->isValid(); | |
42 | } | |
997305cf | 43 | function getUserId() { |
dc478ec8 | 44 | return $this->exists()?$this->info['UserId']:''; |
997305cf JP |
45 | } |
46 | function getUsername() { | |
dc478ec8 | 47 | return $this->exists()?$this->info['Username']:''; |
997305cf JP |
48 | } |
49 | function getName() { | |
dc478ec8 | 50 | return $this->exists()?$this->info['Name']:''; |
997305cf JP |
51 | } |
52 | function getEmail() { | |
dc478ec8 | 53 | return $this->exists()?$this->info['Email']:''; |
997305cf JP |
54 | } |
55 | function getUL() { | |
dc478ec8 | 56 | return $this->exists()?$this->info['UL']:''; |
997305cf JP |
57 | } |
58 | function expire() { | |
59 | $this->info = null; | |
60 | } | |
997305cf JP |
61 | function update($name=null,$email=null) { |
62 | if (!$this->exists()) return; | |
63 | $arr = array(); | |
dc478ec8 JP |
64 | if ($name == $this->getName()) $name = null; |
65 | if ($email == $this->getEmail()) $email = null; | |
997305cf JP |
66 | is_null($name) || $arr['Name'] = $name; |
67 | is_null($email) || $arr['Email'] = $email; | |
e47be57b | 68 | $upd = buildSQLSet($arr); |
8988dbad | 69 | $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'", |
3ebfe9a3 | 70 | $upd, mysql_escape_string($this->getUserId())); |
e47be57b JP |
71 | if (!empty($upd) && $upd != 'SET') |
72 | DBUpdate($sql); | |
dc478ec8 | 73 | if (isset($arr['Name'])) |
377015e0 | 74 | $this->info['Name'] = $arr['Name']; |
dc478ec8 | 75 | if (isset($arr['Email'])) |
377015e0 | 76 | $this->info['Email'] = $arr['Email']; |
dc478ec8 JP |
77 | } |
78 | } | |
79 | ||
80 | class User { | |
e346f2b3 JP |
81 | private $userId; |
82 | private $info; | |
83 | private $dblist; | |
dc478ec8 JP |
84 | function User($userId) { |
85 | $this->userId = $userId; | |
6ba4f54c | 86 | $sql = sprintf("SELECT User.UserId, Username, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard, IF(nBytes>nBytesHard,1,0) AS bOverQuota |
dc478ec8 | 87 | FROM User |
e47be57b JP |
88 | INNER JOIN UserQuota ON User.UserId = UserQuota.UserId |
89 | INNER JOIN UserStat ON User.UserId = UserStat.UserId | |
88b7d384 | 90 | WHERE User.UserId = '%s'", |
dc478ec8 JP |
91 | mysql_escape_string($userId)); |
92 | $r = fetchRows(DBSelect($sql),'UserId'); | |
93 | $this->info = count($r)?array_shift($r):$r; | |
377015e0 | 94 | $this->dblist = $this->getDBList(); |
997305cf | 95 | } |
88b7d384 JP |
96 | function refresh() { |
97 | unset($this->dblist); | |
98 | $this->User($this->userId); | |
99 | /* | |
6ba4f54c | 100 | $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled |
88b7d384 JP |
101 | FROM User |
102 | WHERE UserId = '%s'", | |
103 | mysql_escape_string($this->userId)); | |
104 | $r = fetchRows(DBSelect($sql),'UserId'); | |
105 | $this->info = count($r)?array_shift($r):$r; | |
106 | unset($this->dblist); | |
107 | $this->getDBList(); | |
108 | */ | |
109 | } | |
dc478ec8 JP |
110 | function exists() { |
111 | return count($this->info); | |
112 | } | |
113 | function getUserId() { | |
114 | return $this->exists()?$this->info['UserId']:''; | |
115 | } | |
116 | function getUsername() { | |
117 | return $this->exists()?$this->info['Username']:''; | |
88b7d384 | 118 | } |
9c70b481 JP |
119 | function isOverQuota() { |
120 | return $this->exists()?($this->info['bOverQuota']>0?true:false):''; | |
121 | } | |
3845bdf8 JP |
122 | function getDBQuotaHard() { |
123 | return $this->exists()?$this->info['nDatabasesHard']:0; | |
124 | } | |
88b7d384 JP |
125 | function getBytes() { |
126 | if($this->exists()) { | |
127 | $arr['nBytes'] = $this->info['nBytes']; | |
128 | $arr['nBytesSoft'] = $this->info['nBytesSoft']; | |
129 | $arr['nBytesHard'] = $this->info['nBytesHard']; | |
130 | return $arr; | |
131 | } | |
dc478ec8 JP |
132 | } |
133 | function setPassword($pwd) { | |
134 | $arr['Password'] = base64_encode($pwd); | |
8988dbad | 135 | $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'", |
dc478ec8 JP |
136 | buildSQLSet($arr), mysql_escape_string($this->getUserId())); |
137 | DBUpdate($sql); | |
377015e0 JP |
138 | $sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')', |
139 | mysql_escape_string($this->getUsername()), | |
140 | mysql_escape_string($pwd)); | |
141 | DBSet($sql); | |
dc478ec8 JP |
142 | } |
143 | function signup($pwd) { | |
144 | $this->pass = $pwd; | |
145 | $arr['Password'] = base64_encode($pwd); | |
146 | $arr['bEnabled'] = 1; | |
147 | $arr['dSignup'] = 'NOW()'; | |
8988dbad | 148 | $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'", |
dc478ec8 JP |
149 | buildSQLSet($arr), mysql_escape_string($this->getUserId())); |
150 | DBUpdate($sql); | |
151 | ||
152 | $this->setUsage(); | |
153 | $this->setAccess(); | |
154 | } | |
155 | function setUsage($yes=true) { | |
156 | $verb = $yes?'GRANT':'REVOKE'; | |
157 | $prep = $yes?'TO':'FROM'; | |
3ebfe9a3 | 158 | $suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):''; |
dc478ec8 JP |
159 | $sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s", |
160 | mysql_escape_string($verb), | |
161 | mysql_escape_string($prep), | |
162 | mysql_escape_string($this->getUsername()), | |
163 | '%', | |
3ebfe9a3 | 164 | $suffix); |
dc478ec8 JP |
165 | DBGrant($sql); |
166 | } | |
167 | function setAccess($db=null,$yes=true) { | |
168 | $verb = $yes?'GRANT':'REVOKE'; | |
169 | $prep = $yes?'TO':'FROM'; | |
170 | if (is_null($db)) { | |
88b7d384 | 171 | $dbs = $this->getDBList(); |
dc478ec8 JP |
172 | } else { |
173 | $dbs[] = array('Name'=>$db); | |
174 | } | |
175 | foreach($dbs as $db) { | |
176 | $name = $db['Name']; | |
177 | $sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'", | |
178 | mysql_escape_string($verb), | |
179 | mysql_escape_string($name), | |
180 | mysql_escape_string($prep), | |
377015e0 | 181 | mysql_escape_string($this->getUsername()), |
dc478ec8 JP |
182 | '%'); |
183 | DBGrant($sql); | |
184 | } | |
185 | } | |
186 | function getDBList() { | |
88b7d384 JP |
187 | if (isset($this->dblist)) { |
188 | return $this->dblist; | |
189 | } else { | |
190 | // LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId | |
191 | $sql = sprintf("SELECT * | |
dc478ec8 | 192 | FROM DBOwner |
e47be57b JP |
193 | INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId |
194 | INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId | |
88b7d384 | 195 | WHERE DBOwner.UserId = '%s' AND DB.bEnabled=1", |
dc478ec8 | 196 | mysql_escape_string($this->getUserId())); |
88b7d384 JP |
197 | // $r = fetchRows(DBSelect($sql),'DatabaseId'); |
198 | $r = fetchRows(DBSelect($sql),'Name'); | |
9c70b481 | 199 | ksort($r); |
88b7d384 JP |
200 | return $r; |
201 | } | |
dc478ec8 | 202 | } |
377015e0 | 203 | function addDB($name) { |
4a77eeb5 | 204 | if (in_array($name, array_keys($this->getDBList()))) return false; |
377015e0 JP |
205 | if (!addDB($name, $this->getUserId())) return false; |
206 | $this->setAccess($name); | |
207 | return true; | |
208 | } | |
e47be57b JP |
209 | function delDB($name) { |
210 | if (!in_array($name, array_keys($this->getDBList()))) return false; | |
211 | if (!delDB($name)) return false;//, $this->getUserId())) return false; | |
212 | $this->setAccess($name,false); | |
213 | return true; | |
214 | } | |
997305cf JP |
215 | } |
216 | ||
217 | ||
218 | function isLoggedIn($aLogin=null) { | |
219 | if (is_null($aLogin)) { | |
220 | global $Login; | |
221 | $aLogin = $Login; | |
222 | } | |
e346f2b3 | 223 | return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->canLogin(); |
997305cf JP |
224 | } |
225 | ||
e47be57b JP |
226 | function isAdmin($aLogin=null) { |
227 | if (is_null($aLogin)) { | |
228 | global $Login; | |
229 | $aLogin = $Login; | |
230 | } | |
e346f2b3 | 231 | return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->getUL()>=100; |
e47be57b JP |
232 | } |
233 | ||
88b7d384 JP |
234 | function isImpersonating() { |
235 | return isSess('_UserId') && isSess('UserId'); | |
236 | } | |
237 | ||
8ed5cf01 JP |
238 | function isOffline() { |
239 | return (defined('OFFLINE') && OFFLINE); | |
240 | } | |
241 | ||
242 | function isOnline() { | |
243 | return !isOffline(); | |
244 | } | |
245 | ||
88b7d384 JP |
246 | function impersonate($userId=null) { |
247 | $wasImpersonating = isImpersonating(); | |
248 | if ($wasImpersonating) { | |
224df904 | 249 | if (is_null($userId) || empty($userId)) { |
88b7d384 | 250 | sess('UserId',sess('_UserId')); |
224df904 | 251 | sess('_UserId',''); |
88b7d384 JP |
252 | } elseif ($userId>0) { |
253 | sess('UserId',$userId); | |
254 | } else { | |
255 | return false; | |
256 | } | |
257 | } elseif (isLoggedIn()) { | |
258 | sess('_UserId',sess('UserId')); | |
259 | sess('UserId',$userId); | |
260 | return true; | |
261 | } else { | |
262 | return false; | |
263 | } | |
264 | } | |
265 | ||
997305cf | 266 | function isSSL() { |
aaaa7a8f | 267 | return isset($_SERVER['SERVER_PORT'])?($_SERVER['SERVER_PORT'] == 443):false; |
997305cf JP |
268 | } |
269 | ||
270 | function getSSLCert() { | |
271 | if (DEVEL && file_exists('.forceauth')) { | |
272 | $fu = explode('|',file_get_contents('.forceauth')); | |
dc478ec8 JP |
273 | $name = trim($fu[0]); |
274 | $email = trim($fu[1]); | |
997305cf JP |
275 | } else { |
276 | $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null; | |
43d32d34 | 277 | $email = isset($_SERVER['REMOTE_USER'])?$_SERVER['REMOTE_USER']:null; |
997305cf JP |
278 | } |
279 | if (!is_null($email)) { | |
280 | $user = explode('@',$email); | |
281 | $user = $user[0]; | |
282 | return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email); | |
283 | } else { | |
284 | return null; | |
285 | } | |
286 | } | |
287 | ||
89905822 QS |
288 | function getUsernameID($username) { |
289 | $sql = sprintf("SELECT UserId FROM User USE INDEX (UsernameID) WHERE Username = '%s'", mysql_escape_string($username)); | |
290 | $r = fetchRows(DBSelect($sql), 'UserId'); | |
291 | $r = array_shift($r); | |
292 | return count($r)?$r['UserId']:null; | |
293 | } | |
294 | ||
997305cf JP |
295 | ## 302 REDIRECTS |
296 | ||
1389493c | 297 | function redirect($target=null,$secure=null) { |
5faf3a7e | 298 | $base = (is_null($target)||substr($target,0,1)=='?')?URI:((strlen(dirname(URI))>1?dirname(URI).'/':'/')); |
dc478ec8 | 299 | redirectFull(is_null($target)?$base:($base.$target),$secure); |
997305cf | 300 | } |
224df904 JP |
301 | function redirectStart() { |
302 | redirectFull(BASE_URL,null); | |
303 | } | |
dc478ec8 | 304 | function redirectFull($target,$secure) { |
7654fe78 | 305 | redirect2((((isSSL()&&is_null($secure))||$secure==true)?BASE_HTTPS:BASE_HTTP).$target); |
997305cf JP |
306 | } |
307 | function redirect2($target) { | |
308 | header('Location: '.$target); | |
309 | exit; | |
310 | } | |
dc478ec8 | 311 | function flipSSL() { |
7654fe78 | 312 | return (isSSL()?BASE_HTTP:BASE_HTTPS).URI; |
dc478ec8 | 313 | } |
997305cf JP |
314 | |
315 | ## USER SCRIPTS | |
316 | ||
317 | function addUser($sslCredentials) { | |
dc478ec8 JP |
318 | global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT; |
319 | ||
997305cf JP |
320 | $arr = array_merge($sslCredentials, $_NEW_USER); |
321 | $sql = sprintf("INSERT INTO User %s", | |
322 | buildSQLInsert($arr)); | |
dc478ec8 JP |
323 | $UserId = DBInsert($sql); |
324 | ||
325 | $arr = $_NEW_USERQUOTA; | |
326 | $arr['UserId'] = $UserId; | |
327 | $sql = sprintf("INSERT INTO UserQuota %s", | |
328 | buildSQLInsert($arr)); | |
329 | DBInsert($sql); | |
330 | ||
331 | $arr = $_NEW_USERSTAT; | |
332 | $arr['UserId'] = $UserId; | |
1389493c | 333 | $sql = sprintf("INSERT INTO UserStat %s", |
dc478ec8 JP |
334 | buildSQLInsert($arr)); |
335 | DBInsert($sql); | |
336 | ||
337 | return $UserId; | |
997305cf JP |
338 | } |
339 | ||
377015e0 | 340 | function addDB($dbname,$userid) { |
e47be57b | 341 | global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER; |
377015e0 JP |
342 | |
343 | DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname))); | |
69e08b46 | 344 | if (mysql_error()) return false; |
377015e0 JP |
345 | |
346 | $newdb['Name'] = $dbname; | |
e47be57b | 347 | $arr = array_merge($newdb, $_NEW_DB); |
377015e0 | 348 | $arr['bEnabled'] = 1; |
e47be57b | 349 | $sql = sprintf("INSERT IGNORE INTO DB %s", |
377015e0 | 350 | buildSQLInsert($arr)); |
e47be57b JP |
351 | $DBId = DBInsert($sql); |
352 | if (empty($DBId)) { | |
353 | $sql = sprintf("SELECT DatabaseId FROM DB WHERE Name = '%s'", | |
354 | mysql_escape_string($dbname)); | |
355 | $r = fetchRows(DBSelect($sql), 'DatabaseId'); | |
356 | if (count($r)) { | |
357 | $r = array_shift($r); | |
358 | $DBId = $r['DatabaseId']; | |
359 | } else { | |
360 | return false; | |
361 | } | |
8988dbad | 362 | $sql = sprintf("UPDATE DB SET %s WHERE DB.DatabaseId = '%s'", |
e47be57b JP |
363 | buildSQLSet($arr), |
364 | $DBId); | |
365 | DBUpdate($sql); | |
e47be57b | 366 | } |
69e08b46 JP |
367 | |
368 | DBDelete(sprintf("DELETE FROM DBOwner WHERE DatabaseId = '%s'", mysql_escape_string($DBId))); | |
369 | DBDelete(sprintf("DELETE FROM DBQuota WHERE DatabaseId = '%s'", mysql_escape_string($DBId))); | |
370 | ||
371 | $arr = $_NEW_DBQUOTA; | |
372 | $arr['DatabaseId'] = $DBId; | |
373 | $sql = sprintf("INSERT IGNORE INTO DBQuota %s", | |
374 | buildSQLInsert($arr)); | |
375 | DBInsert($sql); | |
376 | ||
377 | $arr = $_NEW_DBOWNER; | |
378 | $arr['DatabaseId'] = $DBId; | |
379 | $arr['UserId'] = $userid; | |
380 | $sql = sprintf("INSERT IGNORE INTO DBOwner %s", | |
381 | buildSQLInsert($arr)); | |
382 | DBInsert($sql); | |
383 | ||
384 | return $DBId; | |
e47be57b JP |
385 | } |
386 | ||
387 | function delDB($dbname) { | |
388 | global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER; | |
389 | ||
390 | DBCreate(sprintf('DROP DATABASE `%s`', mysql_escape_string($dbname))); | |
391 | ||
392 | $arr['bEnabled'] = 0; | |
8988dbad | 393 | $sql = sprintf("UPDATE DB SET %s WHERE DB.Name = '%s'", |
e47be57b | 394 | buildSQLSet($arr), |
510cc212 | 395 | mysql_escape_string($dbname)); |
e47be57b | 396 | DBUpdate($sql); |
377015e0 | 397 | |
e47be57b | 398 | return true; |
377015e0 JP |
399 | } |
400 | ||
88b7d384 | 401 | ?> |