]>
Commit | Line | Data |
---|---|---|
997305cf JP |
1 | <?php |
2 | ||
3 | require_once('mitsql.lib.php'); | |
4 | ||
5 | class Login { | |
dc478ec8 | 6 | var $u, $p; |
997305cf JP |
7 | var $info; |
8 | function Login($u, $p=null) { | |
377015e0 | 9 | if (empty($u)) return; |
dc478ec8 JP |
10 | $this->u = $u; |
11 | $this->p = $p; | |
377015e0 JP |
12 | $opt = sprintf(" Username = '%s'", mysql_escape_string($u)); |
13 | $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p)))); | |
14 | is_numeric($u) && $opt = sprintf(" UserId = '%s'", mysql_escape_string($u)); | |
997305cf JP |
15 | $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled |
16 | FROM User | |
377015e0 | 17 | WHERE %s", $opt); |
997305cf | 18 | $r = fetchRows(DBSelect($sql),'UserId'); |
dc478ec8 | 19 | $this->info = count($r)?array_shift($r):$r; |
997305cf JP |
20 | } |
21 | function exists() { | |
dc478ec8 | 22 | return count($this->info); |
997305cf | 23 | } |
dc478ec8 JP |
24 | function isValid() { |
25 | return $this->getUL()>0; | |
26 | } | |
997305cf JP |
27 | function isEnabled() { |
28 | return $this->exists() && $this->info['bEnabled']==1; | |
29 | } | |
dc478ec8 JP |
30 | function canLogin() { |
31 | return $this->isEnabled() && $this->isValid(); | |
32 | } | |
33 | function canSignup() { | |
34 | return !$this->isEnabled() && $this->isValid(); | |
35 | } | |
997305cf | 36 | function getUserId() { |
dc478ec8 | 37 | return $this->exists()?$this->info['UserId']:''; |
997305cf JP |
38 | } |
39 | function getUsername() { | |
dc478ec8 | 40 | return $this->exists()?$this->info['Username']:''; |
997305cf JP |
41 | } |
42 | function getName() { | |
dc478ec8 | 43 | return $this->exists()?$this->info['Name']:''; |
997305cf JP |
44 | } |
45 | function getEmail() { | |
dc478ec8 | 46 | return $this->exists()?$this->info['Email']:''; |
997305cf JP |
47 | } |
48 | function getUL() { | |
dc478ec8 | 49 | return $this->exists()?$this->info['UL']:''; |
997305cf JP |
50 | } |
51 | function expire() { | |
52 | $this->info = null; | |
53 | } | |
54 | function refresh() { | |
dc478ec8 | 55 | $this->Login($this->u,$this->p); |
997305cf JP |
56 | } |
57 | function update($name=null,$email=null) { | |
58 | if (!$this->exists()) return; | |
59 | $arr = array(); | |
dc478ec8 JP |
60 | if ($name == $this->getName()) $name = null; |
61 | if ($email == $this->getEmail()) $email = null; | |
997305cf JP |
62 | is_null($name) || $arr['Name'] = $name; |
63 | is_null($email) || $arr['Email'] = $email; | |
3ebfe9a3 | 64 | $upd = buildSQLSet($arr); |
997305cf | 65 | $sql = sprintf("UPDATE User %s WHERE UserId = '%s'", |
3ebfe9a3 JP |
66 | $upd, mysql_escape_string($this->getUserId())); |
67 | if (!empty($upd) && $upd != 'SET') | |
68 | DBUpdate($sql); | |
dc478ec8 | 69 | if (isset($arr['Name'])) |
377015e0 | 70 | $this->info['Name'] = $arr['Name']; |
dc478ec8 | 71 | if (isset($arr['Email'])) |
377015e0 | 72 | $this->info['Email'] = $arr['Email']; |
dc478ec8 JP |
73 | } |
74 | } | |
75 | ||
76 | class User { | |
77 | var $userId; | |
78 | var $info; | |
dc478ec8 JP |
79 | var $dblist; |
80 | function User($userId) { | |
81 | $this->userId = $userId; | |
82 | $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled | |
83 | FROM User | |
84 | WHERE UserId = '%s'", | |
85 | mysql_escape_string($userId)); | |
86 | $r = fetchRows(DBSelect($sql),'UserId'); | |
87 | $this->info = count($r)?array_shift($r):$r; | |
377015e0 JP |
88 | $this->dblist = $this->getDBList(); |
89 | // $this->pass = base64_decode($this->info['Password']); | |
997305cf | 90 | } |
dc478ec8 JP |
91 | function exists() { |
92 | return count($this->info); | |
93 | } | |
94 | function getUserId() { | |
95 | return $this->exists()?$this->info['UserId']:''; | |
96 | } | |
97 | function getUsername() { | |
98 | return $this->exists()?$this->info['Username']:''; | |
99 | } | |
100 | function setPassword($pwd) { | |
101 | $arr['Password'] = base64_encode($pwd); | |
102 | $sql = sprintf("UPDATE User %s WHERE UserId = '%s'", | |
103 | buildSQLSet($arr), mysql_escape_string($this->getUserId())); | |
104 | DBUpdate($sql); | |
377015e0 JP |
105 | $sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')', |
106 | mysql_escape_string($this->getUsername()), | |
107 | mysql_escape_string($pwd)); | |
108 | DBSet($sql); | |
dc478ec8 JP |
109 | } |
110 | function signup($pwd) { | |
111 | $this->pass = $pwd; | |
112 | $arr['Password'] = base64_encode($pwd); | |
113 | $arr['bEnabled'] = 1; | |
114 | $arr['dSignup'] = 'NOW()'; | |
115 | $sql = sprintf("UPDATE User %s WHERE UserId = '%s'", | |
116 | buildSQLSet($arr), mysql_escape_string($this->getUserId())); | |
117 | DBUpdate($sql); | |
118 | ||
119 | $this->setUsage(); | |
120 | $this->setAccess(); | |
121 | } | |
122 | function setUsage($yes=true) { | |
123 | $verb = $yes?'GRANT':'REVOKE'; | |
124 | $prep = $yes?'TO':'FROM'; | |
3ebfe9a3 | 125 | $suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):''; |
dc478ec8 JP |
126 | $sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s", |
127 | mysql_escape_string($verb), | |
128 | mysql_escape_string($prep), | |
129 | mysql_escape_string($this->getUsername()), | |
130 | '%', | |
3ebfe9a3 | 131 | $suffix); |
dc478ec8 JP |
132 | DBGrant($sql); |
133 | } | |
134 | function setAccess($db=null,$yes=true) { | |
135 | $verb = $yes?'GRANT':'REVOKE'; | |
136 | $prep = $yes?'TO':'FROM'; | |
137 | if (is_null($db)) { | |
138 | $this->dblist = $this->getDBList(); | |
139 | $dbs = $this->dblist; | |
140 | } else { | |
141 | $dbs[] = array('Name'=>$db); | |
142 | } | |
143 | foreach($dbs as $db) { | |
144 | $name = $db['Name']; | |
145 | $sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'", | |
146 | mysql_escape_string($verb), | |
147 | mysql_escape_string($name), | |
148 | mysql_escape_string($prep), | |
377015e0 | 149 | mysql_escape_string($this->getUsername()), |
dc478ec8 JP |
150 | '%'); |
151 | DBGrant($sql); | |
152 | } | |
153 | } | |
154 | function getDBList() { | |
155 | $sql = sprintf("SELECT * | |
156 | FROM DBOwner | |
157 | INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId | |
377015e0 JP |
158 | LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId |
159 | WHERE UserId = '%s' AND DB.bEnabled=1", | |
dc478ec8 JP |
160 | mysql_escape_string($this->getUserId())); |
161 | $r = fetchRows(DBSelect($sql),'DatabaseId'); | |
162 | return $r; | |
163 | } | |
377015e0 JP |
164 | function addDB($name) { |
165 | if (!addDB($name, $this->getUserId())) return false; | |
166 | $this->setAccess($name); | |
167 | return true; | |
168 | } | |
997305cf JP |
169 | } |
170 | ||
171 | ||
172 | function isLoggedIn($aLogin=null) { | |
173 | if (is_null($aLogin)) { | |
174 | global $Login; | |
175 | $aLogin = $Login; | |
176 | } | |
dc478ec8 | 177 | return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin(); |
997305cf JP |
178 | } |
179 | ||
180 | function isSSL() { | |
181 | return $_SERVER['SERVER_PORT'] == 443; | |
182 | } | |
183 | ||
184 | function getSSLCert() { | |
185 | if (DEVEL && file_exists('.forceauth')) { | |
186 | $fu = explode('|',file_get_contents('.forceauth')); | |
dc478ec8 JP |
187 | $name = trim($fu[0]); |
188 | $email = trim($fu[1]); | |
997305cf JP |
189 | } else { |
190 | $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null; | |
191 | $email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null; | |
192 | } | |
193 | if (!is_null($email)) { | |
194 | $user = explode('@',$email); | |
195 | $user = $user[0]; | |
196 | return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email); | |
197 | } else { | |
198 | return null; | |
199 | } | |
200 | } | |
201 | ||
202 | ## 302 REDIRECTS | |
203 | ||
1389493c | 204 | function redirect($target=null,$secure=null) { |
997305cf | 205 | $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/'); |
dc478ec8 | 206 | redirectFull(is_null($target)?$base:($base.$target),$secure); |
997305cf | 207 | } |
dc478ec8 | 208 | function redirectFull($target,$secure) { |
1389493c | 209 | redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target); |
997305cf JP |
210 | } |
211 | function redirect2($target) { | |
212 | header('Location: '.$target); | |
213 | exit; | |
214 | } | |
dc478ec8 JP |
215 | function flipSSL() { |
216 | return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL']; | |
217 | } | |
997305cf JP |
218 | |
219 | ## USER SCRIPTS | |
220 | ||
221 | function addUser($sslCredentials) { | |
dc478ec8 JP |
222 | global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT; |
223 | ||
997305cf JP |
224 | $arr = array_merge($sslCredentials, $_NEW_USER); |
225 | $sql = sprintf("INSERT INTO User %s", | |
226 | buildSQLInsert($arr)); | |
dc478ec8 JP |
227 | $UserId = DBInsert($sql); |
228 | ||
229 | $arr = $_NEW_USERQUOTA; | |
230 | $arr['UserId'] = $UserId; | |
231 | $sql = sprintf("INSERT INTO UserQuota %s", | |
232 | buildSQLInsert($arr)); | |
233 | DBInsert($sql); | |
234 | ||
235 | $arr = $_NEW_USERSTAT; | |
236 | $arr['UserId'] = $UserId; | |
1389493c | 237 | $sql = sprintf("INSERT INTO UserStat %s", |
dc478ec8 JP |
238 | buildSQLInsert($arr)); |
239 | DBInsert($sql); | |
240 | ||
241 | return $UserId; | |
997305cf JP |
242 | } |
243 | ||
377015e0 JP |
244 | function addDB($dbname,$userid) { |
245 | global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER; | |
246 | ||
247 | DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname))); | |
248 | if (mysql_error()) return false; | |
249 | ||
250 | $newdb['Name'] = $dbname; | |
251 | $arr = array_merge($newdb, $_NEW_DB); | |
252 | $arr['bEnabled'] = 1; | |
253 | $sql = sprintf("INSERT INTO DB %s", | |
254 | buildSQLInsert($arr)); | |
255 | $DBId = DBInsert($sql); | |
256 | ||
257 | $arr = $_NEW_DBQUOTA; | |
258 | $arr['DatabaseId'] = $DBId; | |
259 | $sql = sprintf("INSERT INTO DBQuota %s", | |
260 | buildSQLInsert($arr)); | |
261 | DBInsert($sql); | |
262 | ||
263 | $arr = $_NEW_DBOWNER; | |
264 | $arr['DatabaseId'] = $DBId; | |
265 | $arr['UserId'] = $userid; | |
266 | $sql = sprintf("INSERT INTO DBOwner %s", | |
267 | buildSQLInsert($arr)); | |
268 | DBInsert($sql); | |
269 | ||
270 | return $DBId; | |
271 | } | |
272 | ||
273 | ?> |