[sql-web.git] / lib / security.lib.php

<?php
/*
	(c) 2005 Joe Presbrey
*/

require_once('mitsql.lib.php');

class Login {
	private $id, $u, $p;
    private $info;
    function Login($u, $p=null) {
		if (empty($u)) return;
   		$this->u = $u;
		$this->p = $p;
		if (is_null($p)) {
			$this->id = $u;
			$opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
		} else {
			$opt = sprintf(" Username = '%s'", mysql_escape_string($u));
			$opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
		}
        $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
                        FROM User
                        WHERE %s", $opt);
        $r = fetchRows(DBSelect($sql),'UserId');
		$this->info = count($r)?array_shift($r):$r;
	}
    function exists() {
        return count($this->info);
    }
	function isValid() {
		return $this->getUL()>0;
	}
    function isEnabled() {
        return $this->exists() && $this->info['bEnabled']==1;
    }
    function canLogin() {
        return $this->isEnabled() && $this->isValid();
    }
    function canSignup() {
        return !$this->isEnabled() && $this->isValid();
    }
    function getUserId() {
        return $this->exists()?$this->info['UserId']:'';
    }
    function getUsername() {
        return $this->exists()?$this->info['Username']:'';
    }
    function getName() {
        return $this->exists()?$this->info['Name']:'';
    }
    function getEmail() {
        return $this->exists()?$this->info['Email']:'';
    }
    function getUL() {
        return $this->exists()?$this->info['UL']:'';
    }
    function expire() {
        $this->info = null;
    }
    function update($name=null,$email=null) {
        if (!$this->exists()) return;
        $arr = array();
		if ($name == $this->getName()) $name = null;
		if ($email == $this->getEmail()) $email = null;
        is_null($name) || $arr['Name'] = $name;
        is_null($email) || $arr['Email'] = $email;
		$upd = buildSQLSet($arr);
        $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'",
                        $upd, mysql_escape_string($this->getUserId()));
		if (!empty($upd) && $upd != 'SET')
			DBUpdate($sql);
		if (isset($arr['Name']))
			$this->info['Name'] = $arr['Name'];
		if (isset($arr['Email']))
			$this->info['Email'] = $arr['Email'];
	}
}

class User {
	private $userId;
	private $info;
	private $dblist;
    function User($userId) {
		$this->userId = $userId;
        $sql = sprintf("SELECT User.UserId, Username, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard, IF(nBytes>nBytesHard,1,0) AS bOverQuota
                        FROM User
						INNER JOIN UserQuota ON User.UserId = UserQuota.UserId
						INNER JOIN UserStat ON User.UserId = UserStat.UserId
                        WHERE User.UserId = '%s'",
                        mysql_escape_string($userId));
        $r = fetchRows(DBSelect($sql),'UserId');
        $this->info = count($r)?array_shift($r):$r;
		$this->dblist = $this->getDBList();
    }
	function refresh() {
		unset($this->dblist);
		$this->User($this->userId);
		/*
        $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
                        FROM User
                        WHERE UserId = '%s'",
                        mysql_escape_string($this->userId));
        $r = fetchRows(DBSelect($sql),'UserId');
        $this->info = count($r)?array_shift($r):$r;
		unset($this->dblist);
		$this->getDBList();
		*/
	}
    function exists() {
        return count($this->info);
    }
    function getUserId() {
        return $this->exists()?$this->info['UserId']:'';
    }
    function getUsername() {
        return $this->exists()?$this->info['Username']:'';
    }
    function isOverQuota() {
        return $this->exists()?($this->info['bOverQuota']>0?true:false):'';
    }
    function getDBQuotaHard() {
        return $this->exists()?$this->info['nDatabasesHard']:0;
    }
    function getBytes() {
        if($this->exists()) {
			$arr['nBytes'] = $this->info['nBytes'];
			$arr['nBytesSoft'] = $this->info['nBytesSoft'];
			$arr['nBytesHard'] = $this->info['nBytesHard'];
			return $arr;
		}
    }
	function setPassword($pwd) {
		$arr['Password'] = base64_encode($pwd);
        $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'",
                        buildSQLSet($arr), mysql_escape_string($this->getUserId()));
        DBUpdate($sql);
		$sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')',
						mysql_escape_string($this->getUsername()),
						mysql_escape_string($pwd));
		DBSet($sql);
	}
	function signup($pwd) {
		$this->pass = $pwd;
		$arr['Password'] = base64_encode($pwd);
		$arr['bEnabled'] = 1;
		$arr['dSignup'] = 'NOW()';
        $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'",
                        buildSQLSet($arr), mysql_escape_string($this->getUserId()));
        DBUpdate($sql);

		$this->setUsage();
		$this->setAccess();
	}
	function setUsage($yes=true) {
		$verb = $yes?'GRANT':'REVOKE';
		$prep = $yes?'TO':'FROM';
		$suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):'';
		$sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
						mysql_escape_string($verb),
						mysql_escape_string($prep),
						mysql_escape_string($this->getUsername()),
						'%',
						$suffix);
		DBGrant($sql);
	}
	function setAccess($db=null,$yes=true) {
		$verb = $yes?'GRANT':'REVOKE';
		$prep = $yes?'TO':'FROM';
		if (is_null($db)) {
			$dbs = $this->getDBList();
		} else {
			$dbs[] = array('Name'=>$db);
		}
		foreach($dbs as $db) {
			$name = $db['Name'];
			$sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'",
							mysql_escape_string($verb),
							mysql_escape_string($name),
							mysql_escape_string($prep),
							mysql_escape_string($this->getUsername()),
							'%');
			DBGrant($sql);
		}
	}
	function getDBList() {
		if (isset($this->dblist)) {
			return $this->dblist;
		} else {
			//			LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
			$sql = sprintf("SELECT *
						FROM DBOwner
						INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
						INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
						WHERE DBOwner.UserId = '%s' AND DB.bEnabled=1",
						mysql_escape_string($this->getUserId()));
//			$r = fetchRows(DBSelect($sql),'DatabaseId');
			$r = fetchRows(DBSelect($sql),'Name');
			ksort($r);
			return $r;
		}
	}
	function addDB($name) {
		if (in_array($name, array_keys($this->getDBList()))) return false;
		if (!addDB($name, $this->getUserId())) return false;
		$this->setAccess($name);
		return true;
	}
	function delDB($name) {
		if (!in_array($name, array_keys($this->getDBList()))) return false;
		if (!delDB($name)) return false;//, $this->getUserId())) return false;
		$this->setAccess($name,false);
		return true;
	}
}


function isLoggedIn($aLogin=null) {
    if (is_null($aLogin)) {
        global $Login;
        $aLogin = $Login;
    }
    return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->canLogin();
}

function isAdmin($aLogin=null) {
    if (is_null($aLogin)) {
        global $Login;
        $aLogin = $Login;
    }
    return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->getUL()>=100;
}

function isImpersonating() {
	return isSess('_UserId') && isSess('UserId');
}

function isOffline() {
	return (defined('OFFLINE') && OFFLINE);
}

function isOnline() {
	return !isOffline();
}

function impersonate($userId=null) {
	$wasImpersonating = isImpersonating();
	if ($wasImpersonating) {
		if (is_null($userId) || empty($userId)) {
			sess('UserId',sess('_UserId'));
			sess('_UserId','');
		} elseif ($userId>0) {
			sess('UserId',$userId);
		} else {
			return false;
		}
	} elseif (isLoggedIn()) {
		sess('_UserId',sess('UserId'));
		sess('UserId',$userId);
		return true;
	} else {
		return false;
	}
}

function isSSL() {
	return isset($_SERVER['SERVER_PORT'])?($_SERVER['SERVER_PORT'] == 443):false;
}

function getSSLCert() {
    if (DEVEL && file_exists('.forceauth')) {
        $fu = explode('|',file_get_contents('.forceauth'));
        $name = trim($fu[0]);
        $email = trim($fu[1]);
    } else {
        $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null;
        $email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null;
    }
    if (!is_null($email)) {
        $user = explode('@',$email);
		$user = $user[0];
        return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email);
	} else {
		return null;
	}
}

function getUsernameID($username) {
	$sql = sprintf("SELECT UserId FROM User USE INDEX (UsernameID) WHERE Username = '%s'", mysql_escape_string($username));
	$r = fetchRows(DBSelect($sql), 'UserId');
	$r = array_shift($r);
	return count($r)?$r['UserId']:null;
}

## 302 REDIRECTS

function redirect($target=null,$secure=null) {
    $base = (is_null($target)||substr($target,0,1)=='?')?URI:((strlen(dirname(URI))>1?dirname(URI).'/':'/'));
    redirectFull(is_null($target)?$base:($base.$target),$secure);
}
function redirectStart() {
	redirectFull(BASE_URL,null);
}
function redirectFull($target,$secure) {
	redirect2((((isSSL()&&is_null($secure))||$secure==true)?BASE_HTTPS:BASE_HTTP).$target);
}
function redirect2($target) {
	header('Location: '.$target);
	exit;
}
function flipSSL() {
	return (isSSL()?BASE_HTTP:BASE_HTTPS).URI;
}

## USER SCRIPTS

function addUser($sslCredentials) {
    global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT;

    $arr = array_merge($sslCredentials, $_NEW_USER);
    $sql = sprintf("INSERT INTO User %s",
                    buildSQLInsert($arr));
    $UserId = DBInsert($sql);

	$arr = $_NEW_USERQUOTA;
	$arr['UserId'] = $UserId;
    $sql = sprintf("INSERT INTO UserQuota %s",
                    buildSQLInsert($arr));
	DBInsert($sql);

	$arr = $_NEW_USERSTAT;
	$arr['UserId'] = $UserId;
    $sql = sprintf("INSERT INTO UserStat %s",
                    buildSQLInsert($arr));
	DBInsert($sql);

	return $UserId;
}

function addDB($dbname,$userid) {
	global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;

	DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname)));
	if (mysql_error()) return false;

	$newdb['Name'] = $dbname;
	$arr = array_merge($newdb, $_NEW_DB);
	$arr['bEnabled'] = 1;
	$sql = sprintf("INSERT IGNORE INTO DB %s",
                    buildSQLInsert($arr));
	$DBId = DBInsert($sql);
	if (empty($DBId)) {
		$sql = sprintf("SELECT DatabaseId FROM DB WHERE Name = '%s'",
						mysql_escape_string($dbname));
		$r = fetchRows(DBSelect($sql), 'DatabaseId');
		if (count($r)) {
			$r = array_shift($r);
			$DBId = $r['DatabaseId'];
		} else {
			return false;
		}
		$sql = sprintf("UPDATE DB SET %s WHERE DB.DatabaseId = '%s'",
						buildSQLSet($arr),
						$DBId);
		DBUpdate($sql);
	}

	DBDelete(sprintf("DELETE FROM DBOwner WHERE DatabaseId = '%s'", mysql_escape_string($DBId)));
	DBDelete(sprintf("DELETE FROM DBQuota WHERE DatabaseId = '%s'", mysql_escape_string($DBId)));
	
	$arr = $_NEW_DBQUOTA;
	$arr['DatabaseId'] = $DBId;
	$sql = sprintf("INSERT IGNORE INTO DBQuota %s",
					buildSQLInsert($arr));
	DBInsert($sql);

	$arr = $_NEW_DBOWNER;
	$arr['DatabaseId'] = $DBId;
	$arr['UserId'] = $userid;
	$sql = sprintf("INSERT IGNORE INTO DBOwner %s",
					buildSQLInsert($arr));
	DBInsert($sql);

	return $DBId;
}

function delDB($dbname) {
	global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;

	DBCreate(sprintf('DROP DATABASE `%s`', mysql_escape_string($dbname)));

	$arr['bEnabled'] = 0;
	$sql = sprintf("UPDATE DB SET %s WHERE DB.Name = '%s'",
					buildSQLSet($arr),
					$dbname);
	DBUpdate($sql);

	return true;
}

?>
Commit	Line	Data
997305cf	1	<?php
79ffa771 JP	2	/*
	3	(c) 2005 Joe Presbrey
	4	*/
997305cf JP	5
	6	require_once('mitsql.lib.php');
	7
	8	class Login {
e346f2b3 JP	9	private $id, $u, $p;
e346f2b3 JP	10	private $info;
997305cf	11	function Login($u, $p=null) {
377015e0	12	if (empty($u)) return;
e47be57b	13	$this->u = $u;
dc478ec8	14	$this->p = $p;
89905822	15	if (is_null($p)) {
e47be57b	16	$this->id = $u;
89905822	17	$opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
e47be57b JP	18	} else {
	19	$opt = sprintf(" Username = '%s'", mysql_escape_string($u));
	20	$opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
	21	}
997305cf JP	22	$sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
997305cf JP	23	FROM User
377015e0	24	WHERE %s", $opt);
997305cf	25	$r = fetchRows(DBSelect($sql),'UserId');
e47be57b JP	26	$this->info = count($r)?array_shift($r):$r;
e47be57b JP	27	}
997305cf	28	function exists() {
dc478ec8	29	return count($this->info);
997305cf	30	}
dc478ec8 JP	31	function isValid() {
	32	return $this->getUL()>0;
	33	}
997305cf JP	34	function isEnabled() {
	35	return $this->exists() && $this->info['bEnabled']==1;
	36	}
dc478ec8 JP	37	function canLogin() {
	38	return $this->isEnabled() && $this->isValid();
	39	}
	40	function canSignup() {
	41	return !$this->isEnabled() && $this->isValid();
	42	}
997305cf	43	function getUserId() {
dc478ec8	44	return $this->exists()?$this->info['UserId']:'';
997305cf JP	45	}
997305cf JP	46	function getUsername() {
dc478ec8	47	return $this->exists()?$this->info['Username']:'';
997305cf JP	48	}
997305cf JP	49	function getName() {
dc478ec8	50	return $this->exists()?$this->info['Name']:'';
997305cf JP	51	}
997305cf JP	52	function getEmail() {
dc478ec8	53	return $this->exists()?$this->info['Email']:'';
997305cf JP	54	}
997305cf JP	55	function getUL() {
dc478ec8	56	return $this->exists()?$this->info['UL']:'';
997305cf JP	57	}
	58	function expire() {
	59	$this->info = null;
	60	}
997305cf JP	61	function update($name=null,$email=null) {
	62	if (!$this->exists()) return;
	63	$arr = array();
dc478ec8 JP	64	if ($name == $this->getName()) $name = null;
dc478ec8 JP	65	if ($email == $this->getEmail()) $email = null;
997305cf JP	66	is_null($name) \|\| $arr['Name'] = $name;
997305cf JP	67	is_null($email) \|\| $arr['Email'] = $email;
e47be57b	68	$upd = buildSQLSet($arr);
8988dbad	69	$sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'",
3ebfe9a3	70	$upd, mysql_escape_string($this->getUserId()));
e47be57b JP	71	if (!empty($upd) && $upd != 'SET')
e47be57b JP	72	DBUpdate($sql);
dc478ec8	73	if (isset($arr['Name']))
377015e0	74	$this->info['Name'] = $arr['Name'];
dc478ec8	75	if (isset($arr['Email']))
377015e0	76	$this->info['Email'] = $arr['Email'];
dc478ec8 JP	77	}
	78	}
	79
	80	class User {
e346f2b3 JP	81	private $userId;
	82	private $info;
	83	private $dblist;
dc478ec8 JP	84	function User($userId) {
dc478ec8 JP	85	$this->userId = $userId;
6ba4f54c	86	$sql = sprintf("SELECT User.UserId, Username, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard, IF(nBytes>nBytesHard,1,0) AS bOverQuota
dc478ec8	87	FROM User
e47be57b JP	88	INNER JOIN UserQuota ON User.UserId = UserQuota.UserId
e47be57b JP	89	INNER JOIN UserStat ON User.UserId = UserStat.UserId
88b7d384	90	WHERE User.UserId = '%s'",
dc478ec8 JP	91	mysql_escape_string($userId));
	92	$r = fetchRows(DBSelect($sql),'UserId');
	93	$this->info = count($r)?array_shift($r):$r;
377015e0	94	$this->dblist = $this->getDBList();
997305cf	95	}
88b7d384 JP	96	function refresh() {
	97	unset($this->dblist);
	98	$this->User($this->userId);
	99	/*
6ba4f54c	100	$sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
88b7d384 JP	101	FROM User
	102	WHERE UserId = '%s'",
	103	mysql_escape_string($this->userId));
	104	$r = fetchRows(DBSelect($sql),'UserId');
	105	$this->info = count($r)?array_shift($r):$r;
	106	unset($this->dblist);
	107	$this->getDBList();
	108	*/
	109	}
dc478ec8 JP	110	function exists() {
	111	return count($this->info);
	112	}
	113	function getUserId() {
	114	return $this->exists()?$this->info['UserId']:'';
	115	}
	116	function getUsername() {
	117	return $this->exists()?$this->info['Username']:'';
88b7d384	118	}
9c70b481 JP	119	function isOverQuota() {
	120	return $this->exists()?($this->info['bOverQuota']>0?true:false):'';
	121	}
3845bdf8 JP	122	function getDBQuotaHard() {
	123	return $this->exists()?$this->info['nDatabasesHard']:0;
	124	}
88b7d384 JP	125	function getBytes() {
	126	if($this->exists()) {
	127	$arr['nBytes'] = $this->info['nBytes'];
	128	$arr['nBytesSoft'] = $this->info['nBytesSoft'];
	129	$arr['nBytesHard'] = $this->info['nBytesHard'];
	130	return $arr;
	131	}
dc478ec8 JP	132	}
	133	function setPassword($pwd) {
	134	$arr['Password'] = base64_encode($pwd);
8988dbad	135	$sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'",
dc478ec8 JP	136	buildSQLSet($arr), mysql_escape_string($this->getUserId()));
dc478ec8 JP	137	DBUpdate($sql);
377015e0 JP	138	$sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')',
	139	mysql_escape_string($this->getUsername()),
	140	mysql_escape_string($pwd));
	141	DBSet($sql);
dc478ec8 JP	142	}
	143	function signup($pwd) {
	144	$this->pass = $pwd;
	145	$arr['Password'] = base64_encode($pwd);
	146	$arr['bEnabled'] = 1;
	147	$arr['dSignup'] = 'NOW()';
8988dbad	148	$sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'",
dc478ec8 JP	149	buildSQLSet($arr), mysql_escape_string($this->getUserId()));
	150	DBUpdate($sql);
	151
	152	$this->setUsage();
	153	$this->setAccess();
	154	}
	155	function setUsage($yes=true) {
	156	$verb = $yes?'GRANT':'REVOKE';
	157	$prep = $yes?'TO':'FROM';
3ebfe9a3	158	$suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):'';
dc478ec8 JP	159	$sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
	160	mysql_escape_string($verb),
	161	mysql_escape_string($prep),
	162	mysql_escape_string($this->getUsername()),
	163	'%',
3ebfe9a3	164	$suffix);
dc478ec8 JP	165	DBGrant($sql);
	166	}
	167	function setAccess($db=null,$yes=true) {
	168	$verb = $yes?'GRANT':'REVOKE';
	169	$prep = $yes?'TO':'FROM';
	170	if (is_null($db)) {
88b7d384	171	$dbs = $this->getDBList();
dc478ec8 JP	172	} else {
	173	$dbs[] = array('Name'=>$db);
	174	}
	175	foreach($dbs as $db) {
	176	$name = $db['Name'];
	177	$sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'",
	178	mysql_escape_string($verb),
	179	mysql_escape_string($name),
	180	mysql_escape_string($prep),
377015e0	181	mysql_escape_string($this->getUsername()),
dc478ec8 JP	182	'%');
	183	DBGrant($sql);
	184	}
	185	}
	186	function getDBList() {
88b7d384 JP	187	if (isset($this->dblist)) {
	188	return $this->dblist;
	189	} else {
	190	// LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
	191	$sql = sprintf("SELECT *
dc478ec8	192	FROM DBOwner
e47be57b JP	193	INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
e47be57b JP	194	INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
88b7d384	195	WHERE DBOwner.UserId = '%s' AND DB.bEnabled=1",
dc478ec8	196	mysql_escape_string($this->getUserId()));
88b7d384 JP	197	// $r = fetchRows(DBSelect($sql),'DatabaseId');
88b7d384 JP	198	$r = fetchRows(DBSelect($sql),'Name');
9c70b481	199	ksort($r);
88b7d384 JP	200	return $r;
88b7d384 JP	201	}
dc478ec8	202	}
377015e0	203	function addDB($name) {
4a77eeb5	204	if (in_array($name, array_keys($this->getDBList()))) return false;
377015e0 JP	205	if (!addDB($name, $this->getUserId())) return false;
	206	$this->setAccess($name);
	207	return true;
	208	}
e47be57b JP	209	function delDB($name) {
	210	if (!in_array($name, array_keys($this->getDBList()))) return false;
	211	if (!delDB($name)) return false;//, $this->getUserId())) return false;
	212	$this->setAccess($name,false);
	213	return true;
	214	}
997305cf JP	215	}
	216
	217
	218	function isLoggedIn($aLogin=null) {
	219	if (is_null($aLogin)) {
	220	global $Login;
	221	$aLogin = $Login;
	222	}
e346f2b3	223	return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->canLogin();
997305cf JP	224	}
997305cf JP	225
e47be57b JP	226	function isAdmin($aLogin=null) {
	227	if (is_null($aLogin)) {
	228	global $Login;
	229	$aLogin = $Login;
	230	}
e346f2b3	231	return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->getUL()>=100;
e47be57b JP	232	}
e47be57b JP	233
88b7d384 JP	234	function isImpersonating() {
	235	return isSess('_UserId') && isSess('UserId');
	236	}
	237
8ed5cf01 JP	238	function isOffline() {
	239	return (defined('OFFLINE') && OFFLINE);
	240	}
	241
	242	function isOnline() {
	243	return !isOffline();
	244	}
	245
88b7d384 JP	246	function impersonate($userId=null) {
	247	$wasImpersonating = isImpersonating();
	248	if ($wasImpersonating) {
224df904	249	if (is_null($userId) \|\| empty($userId)) {
88b7d384	250	sess('UserId',sess('_UserId'));
224df904	251	sess('_UserId','');
88b7d384 JP	252	} elseif ($userId>0) {
	253	sess('UserId',$userId);
	254	} else {
	255	return false;
	256	}
	257	} elseif (isLoggedIn()) {
	258	sess('_UserId',sess('UserId'));
	259	sess('UserId',$userId);
	260	return true;
	261	} else {
	262	return false;
	263	}
	264	}
	265
997305cf	266	function isSSL() {
aaaa7a8f	267	return isset($_SERVER['SERVER_PORT'])?($_SERVER['SERVER_PORT'] == 443):false;
997305cf JP	268	}
	269
	270	function getSSLCert() {
	271	if (DEVEL && file_exists('.forceauth')) {
	272	$fu = explode('\|',file_get_contents('.forceauth'));
dc478ec8 JP	273	$name = trim($fu[0]);
dc478ec8 JP	274	$email = trim($fu[1]);
997305cf JP	275	} else {
	276	$name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null;
	277	$email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null;
	278	}
	279	if (!is_null($email)) {
	280	$user = explode('@',$email);
	281	$user = $user[0];
	282	return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email);
	283	} else {
	284	return null;
	285	}
	286	}
	287
89905822 QS	288	function getUsernameID($username) {
	289	$sql = sprintf("SELECT UserId FROM User USE INDEX (UsernameID) WHERE Username = '%s'", mysql_escape_string($username));
	290	$r = fetchRows(DBSelect($sql), 'UserId');
	291	$r = array_shift($r);
	292	return count($r)?$r['UserId']:null;
	293	}
	294
997305cf JP	295	## 302 REDIRECTS
997305cf JP	296
1389493c	297	function redirect($target=null,$secure=null) {
5faf3a7e	298	$base = (is_null($target)\|\|substr($target,0,1)=='?')?URI:((strlen(dirname(URI))>1?dirname(URI).'/':'/'));
dc478ec8	299	redirectFull(is_null($target)?$base:($base.$target),$secure);
997305cf	300	}
224df904 JP	301	function redirectStart() {
	302	redirectFull(BASE_URL,null);
	303	}
dc478ec8	304	function redirectFull($target,$secure) {
7654fe78	305	redirect2((((isSSL()&&is_null($secure))\|\|$secure==true)?BASE_HTTPS:BASE_HTTP).$target);
997305cf JP	306	}
	307	function redirect2($target) {
	308	header('Location: '.$target);
	309	exit;
	310	}
dc478ec8	311	function flipSSL() {
7654fe78	312	return (isSSL()?BASE_HTTP:BASE_HTTPS).URI;
dc478ec8	313	}
997305cf JP	314
	315	## USER SCRIPTS
	316
	317	function addUser($sslCredentials) {
dc478ec8 JP	318	global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT;
dc478ec8 JP	319
997305cf JP	320	$arr = array_merge($sslCredentials, $_NEW_USER);
	321	$sql = sprintf("INSERT INTO User %s",
	322	buildSQLInsert($arr));
dc478ec8 JP	323	$UserId = DBInsert($sql);
	324
	325	$arr = $_NEW_USERQUOTA;
	326	$arr['UserId'] = $UserId;
	327	$sql = sprintf("INSERT INTO UserQuota %s",
	328	buildSQLInsert($arr));
	329	DBInsert($sql);
	330
	331	$arr = $_NEW_USERSTAT;
	332	$arr['UserId'] = $UserId;
1389493c	333	$sql = sprintf("INSERT INTO UserStat %s",
dc478ec8 JP	334	buildSQLInsert($arr));
	335	DBInsert($sql);
	336
	337	return $UserId;
997305cf JP	338	}
997305cf JP	339
377015e0	340	function addDB($dbname,$userid) {
e47be57b	341	global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
377015e0 JP	342
377015e0 JP	343	DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname)));
69e08b46	344	if (mysql_error()) return false;
377015e0 JP	345
377015e0 JP	346	$newdb['Name'] = $dbname;
e47be57b	347	$arr = array_merge($newdb, $_NEW_DB);
377015e0	348	$arr['bEnabled'] = 1;
e47be57b	349	$sql = sprintf("INSERT IGNORE INTO DB %s",
377015e0	350	buildSQLInsert($arr));
e47be57b JP	351	$DBId = DBInsert($sql);
	352	if (empty($DBId)) {
	353	$sql = sprintf("SELECT DatabaseId FROM DB WHERE Name = '%s'",
	354	mysql_escape_string($dbname));
	355	$r = fetchRows(DBSelect($sql), 'DatabaseId');
	356	if (count($r)) {
	357	$r = array_shift($r);
	358	$DBId = $r['DatabaseId'];
	359	} else {
	360	return false;
	361	}
8988dbad	362	$sql = sprintf("UPDATE DB SET %s WHERE DB.DatabaseId = '%s'",
e47be57b JP	363	buildSQLSet($arr),
	364	$DBId);
	365	DBUpdate($sql);
e47be57b	366	}
69e08b46 JP	367
	368	DBDelete(sprintf("DELETE FROM DBOwner WHERE DatabaseId = '%s'", mysql_escape_string($DBId)));
	369	DBDelete(sprintf("DELETE FROM DBQuota WHERE DatabaseId = '%s'", mysql_escape_string($DBId)));
	370
	371	$arr = $_NEW_DBQUOTA;
	372	$arr['DatabaseId'] = $DBId;
	373	$sql = sprintf("INSERT IGNORE INTO DBQuota %s",
	374	buildSQLInsert($arr));
	375	DBInsert($sql);
	376
	377	$arr = $_NEW_DBOWNER;
	378	$arr['DatabaseId'] = $DBId;
	379	$arr['UserId'] = $userid;
	380	$sql = sprintf("INSERT IGNORE INTO DBOwner %s",
	381	buildSQLInsert($arr));
	382	DBInsert($sql);
	383
	384	return $DBId;
e47be57b JP	385	}
	386
	387	function delDB($dbname) {
	388	global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
	389
	390	DBCreate(sprintf('DROP DATABASE `%s`', mysql_escape_string($dbname)));
	391
	392	$arr['bEnabled'] = 0;
8988dbad	393	$sql = sprintf("UPDATE DB SET %s WHERE DB.Name = '%s'",
e47be57b JP	394	buildSQLSet($arr),
	395	$dbname);
	396	DBUpdate($sql);
377015e0	397
e47be57b	398	return true;
377015e0 JP	399	}
377015e0 JP	400
88b7d384	401	?>