]>
Commit | Line | Data |
---|---|---|
997305cf JP |
1 | <?php |
2 | ||
3 | require_once('mitsql.lib.php'); | |
4 | ||
5 | class Login { | |
e47be57b | 6 | var $id, $u, $p; |
997305cf JP |
7 | var $info; |
8 | function Login($u, $p=null) { | |
377015e0 | 9 | if (empty($u)) return; |
e47be57b | 10 | $this->u = $u; |
dc478ec8 | 11 | $this->p = $p; |
e47be57b JP |
12 | if (is_numeric($u)) { |
13 | $this->id = $u; | |
14 | $opt = sprintf(" UserId = '%s'", mysql_escape_string($u)); | |
15 | } else { | |
16 | $opt = sprintf(" Username = '%s'", mysql_escape_string($u)); | |
17 | $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p)))); | |
18 | } | |
997305cf JP |
19 | $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled |
20 | FROM User | |
377015e0 | 21 | WHERE %s", $opt); |
997305cf | 22 | $r = fetchRows(DBSelect($sql),'UserId'); |
e47be57b JP |
23 | $this->info = count($r)?array_shift($r):$r; |
24 | } | |
997305cf | 25 | function exists() { |
dc478ec8 | 26 | return count($this->info); |
997305cf | 27 | } |
dc478ec8 JP |
28 | function isValid() { |
29 | return $this->getUL()>0; | |
30 | } | |
997305cf JP |
31 | function isEnabled() { |
32 | return $this->exists() && $this->info['bEnabled']==1; | |
33 | } | |
dc478ec8 JP |
34 | function canLogin() { |
35 | return $this->isEnabled() && $this->isValid(); | |
36 | } | |
37 | function canSignup() { | |
38 | return !$this->isEnabled() && $this->isValid(); | |
39 | } | |
997305cf | 40 | function getUserId() { |
dc478ec8 | 41 | return $this->exists()?$this->info['UserId']:''; |
997305cf JP |
42 | } |
43 | function getUsername() { | |
dc478ec8 | 44 | return $this->exists()?$this->info['Username']:''; |
997305cf JP |
45 | } |
46 | function getName() { | |
dc478ec8 | 47 | return $this->exists()?$this->info['Name']:''; |
997305cf JP |
48 | } |
49 | function getEmail() { | |
dc478ec8 | 50 | return $this->exists()?$this->info['Email']:''; |
997305cf JP |
51 | } |
52 | function getUL() { | |
dc478ec8 | 53 | return $this->exists()?$this->info['UL']:''; |
997305cf JP |
54 | } |
55 | function expire() { | |
56 | $this->info = null; | |
57 | } | |
58 | function refresh() { | |
e47be57b JP |
59 | if (!empty($this->id)) { |
60 | $this->Login($this->id); | |
61 | } else { | |
62 | $this->Login($this->u,$this->p); | |
63 | } | |
997305cf JP |
64 | } |
65 | function update($name=null,$email=null) { | |
66 | if (!$this->exists()) return; | |
67 | $arr = array(); | |
dc478ec8 JP |
68 | if ($name == $this->getName()) $name = null; |
69 | if ($email == $this->getEmail()) $email = null; | |
997305cf JP |
70 | is_null($name) || $arr['Name'] = $name; |
71 | is_null($email) || $arr['Email'] = $email; | |
e47be57b | 72 | $upd = buildSQLSet($arr); |
997305cf | 73 | $sql = sprintf("UPDATE User %s WHERE UserId = '%s'", |
3ebfe9a3 | 74 | $upd, mysql_escape_string($this->getUserId())); |
e47be57b JP |
75 | if (!empty($upd) && $upd != 'SET') |
76 | DBUpdate($sql); | |
dc478ec8 | 77 | if (isset($arr['Name'])) |
377015e0 | 78 | $this->info['Name'] = $arr['Name']; |
dc478ec8 | 79 | if (isset($arr['Email'])) |
377015e0 | 80 | $this->info['Email'] = $arr['Email']; |
dc478ec8 JP |
81 | } |
82 | } | |
83 | ||
84 | class User { | |
85 | var $userId; | |
86 | var $info; | |
dc478ec8 JP |
87 | var $dblist; |
88 | function User($userId) { | |
89 | $this->userId = $userId; | |
88b7d384 | 90 | $sql = sprintf("SELECT User.UserId, Username, Password, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard |
dc478ec8 | 91 | FROM User |
e47be57b JP |
92 | INNER JOIN UserQuota ON User.UserId = UserQuota.UserId |
93 | INNER JOIN UserStat ON User.UserId = UserStat.UserId | |
88b7d384 | 94 | WHERE User.UserId = '%s'", |
dc478ec8 JP |
95 | mysql_escape_string($userId)); |
96 | $r = fetchRows(DBSelect($sql),'UserId'); | |
97 | $this->info = count($r)?array_shift($r):$r; | |
377015e0 JP |
98 | $this->dblist = $this->getDBList(); |
99 | // $this->pass = base64_decode($this->info['Password']); | |
997305cf | 100 | } |
88b7d384 JP |
101 | function refresh() { |
102 | unset($this->dblist); | |
103 | $this->User($this->userId); | |
104 | /* | |
105 | $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled | |
106 | FROM User | |
107 | WHERE UserId = '%s'", | |
108 | mysql_escape_string($this->userId)); | |
109 | $r = fetchRows(DBSelect($sql),'UserId'); | |
110 | $this->info = count($r)?array_shift($r):$r; | |
111 | unset($this->dblist); | |
112 | $this->getDBList(); | |
113 | */ | |
114 | } | |
dc478ec8 JP |
115 | function exists() { |
116 | return count($this->info); | |
117 | } | |
118 | function getUserId() { | |
119 | return $this->exists()?$this->info['UserId']:''; | |
120 | } | |
121 | function getUsername() { | |
122 | return $this->exists()?$this->info['Username']:''; | |
88b7d384 JP |
123 | } |
124 | function getBytes() { | |
125 | if($this->exists()) { | |
126 | $arr['nBytes'] = $this->info['nBytes']; | |
127 | $arr['nBytesSoft'] = $this->info['nBytesSoft']; | |
128 | $arr['nBytesHard'] = $this->info['nBytesHard']; | |
129 | return $arr; | |
130 | } | |
dc478ec8 JP |
131 | } |
132 | function setPassword($pwd) { | |
133 | $arr['Password'] = base64_encode($pwd); | |
134 | $sql = sprintf("UPDATE User %s WHERE UserId = '%s'", | |
135 | buildSQLSet($arr), mysql_escape_string($this->getUserId())); | |
136 | DBUpdate($sql); | |
377015e0 JP |
137 | $sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')', |
138 | mysql_escape_string($this->getUsername()), | |
139 | mysql_escape_string($pwd)); | |
140 | DBSet($sql); | |
dc478ec8 JP |
141 | } |
142 | function signup($pwd) { | |
143 | $this->pass = $pwd; | |
144 | $arr['Password'] = base64_encode($pwd); | |
145 | $arr['bEnabled'] = 1; | |
146 | $arr['dSignup'] = 'NOW()'; | |
147 | $sql = sprintf("UPDATE User %s WHERE UserId = '%s'", | |
148 | buildSQLSet($arr), mysql_escape_string($this->getUserId())); | |
149 | DBUpdate($sql); | |
150 | ||
151 | $this->setUsage(); | |
152 | $this->setAccess(); | |
153 | } | |
154 | function setUsage($yes=true) { | |
155 | $verb = $yes?'GRANT':'REVOKE'; | |
156 | $prep = $yes?'TO':'FROM'; | |
3ebfe9a3 | 157 | $suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):''; |
dc478ec8 JP |
158 | $sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s", |
159 | mysql_escape_string($verb), | |
160 | mysql_escape_string($prep), | |
161 | mysql_escape_string($this->getUsername()), | |
162 | '%', | |
3ebfe9a3 | 163 | $suffix); |
dc478ec8 JP |
164 | DBGrant($sql); |
165 | } | |
166 | function setAccess($db=null,$yes=true) { | |
167 | $verb = $yes?'GRANT':'REVOKE'; | |
168 | $prep = $yes?'TO':'FROM'; | |
169 | if (is_null($db)) { | |
88b7d384 | 170 | $dbs = $this->getDBList(); |
dc478ec8 JP |
171 | } else { |
172 | $dbs[] = array('Name'=>$db); | |
173 | } | |
174 | foreach($dbs as $db) { | |
175 | $name = $db['Name']; | |
176 | $sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'", | |
177 | mysql_escape_string($verb), | |
178 | mysql_escape_string($name), | |
179 | mysql_escape_string($prep), | |
377015e0 | 180 | mysql_escape_string($this->getUsername()), |
dc478ec8 JP |
181 | '%'); |
182 | DBGrant($sql); | |
183 | } | |
184 | } | |
185 | function getDBList() { | |
88b7d384 JP |
186 | if (isset($this->dblist)) { |
187 | return $this->dblist; | |
188 | } else { | |
189 | // LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId | |
190 | $sql = sprintf("SELECT * | |
dc478ec8 | 191 | FROM DBOwner |
e47be57b JP |
192 | INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId |
193 | INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId | |
88b7d384 | 194 | WHERE DBOwner.UserId = '%s' AND DB.bEnabled=1", |
dc478ec8 | 195 | mysql_escape_string($this->getUserId())); |
88b7d384 JP |
196 | // $r = fetchRows(DBSelect($sql),'DatabaseId'); |
197 | $r = fetchRows(DBSelect($sql),'Name'); | |
198 | return $r; | |
199 | } | |
dc478ec8 | 200 | } |
377015e0 | 201 | function addDB($name) { |
e47be57b | 202 | if (in_array($name, $this->getDBList())) return false; |
377015e0 JP |
203 | if (!addDB($name, $this->getUserId())) return false; |
204 | $this->setAccess($name); | |
205 | return true; | |
206 | } | |
e47be57b JP |
207 | function delDB($name) { |
208 | if (!in_array($name, array_keys($this->getDBList()))) return false; | |
209 | if (!delDB($name)) return false;//, $this->getUserId())) return false; | |
210 | $this->setAccess($name,false); | |
211 | return true; | |
212 | } | |
997305cf JP |
213 | } |
214 | ||
215 | ||
216 | function isLoggedIn($aLogin=null) { | |
217 | if (is_null($aLogin)) { | |
218 | global $Login; | |
219 | $aLogin = $Login; | |
220 | } | |
dc478ec8 | 221 | return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin(); |
997305cf JP |
222 | } |
223 | ||
e47be57b JP |
224 | function isAdmin($aLogin=null) { |
225 | if (is_null($aLogin)) { | |
226 | global $Login; | |
227 | $aLogin = $Login; | |
228 | } | |
229 | return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->getUL()>=100; | |
230 | } | |
231 | ||
88b7d384 JP |
232 | function isImpersonating() { |
233 | return isSess('_UserId') && isSess('UserId'); | |
234 | } | |
235 | ||
236 | function impersonate($userId=null) { | |
237 | $wasImpersonating = isImpersonating(); | |
238 | if ($wasImpersonating) { | |
239 | if (is_null($userId)) { | |
240 | sess('UserId',sess('_UserId')); | |
241 | } elseif ($userId>0) { | |
242 | sess('UserId',$userId); | |
243 | } else { | |
244 | return false; | |
245 | } | |
246 | } elseif (isLoggedIn()) { | |
247 | sess('_UserId',sess('UserId')); | |
248 | sess('UserId',$userId); | |
249 | return true; | |
250 | } else { | |
251 | return false; | |
252 | } | |
253 | } | |
254 | ||
997305cf JP |
255 | function isSSL() { |
256 | return $_SERVER['SERVER_PORT'] == 443; | |
257 | } | |
258 | ||
259 | function getSSLCert() { | |
260 | if (DEVEL && file_exists('.forceauth')) { | |
261 | $fu = explode('|',file_get_contents('.forceauth')); | |
dc478ec8 JP |
262 | $name = trim($fu[0]); |
263 | $email = trim($fu[1]); | |
997305cf JP |
264 | } else { |
265 | $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null; | |
266 | $email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null; | |
267 | } | |
268 | if (!is_null($email)) { | |
269 | $user = explode('@',$email); | |
270 | $user = $user[0]; | |
271 | return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email); | |
272 | } else { | |
273 | return null; | |
274 | } | |
275 | } | |
276 | ||
277 | ## 302 REDIRECTS | |
278 | ||
1389493c | 279 | function redirect($target=null,$secure=null) { |
997305cf | 280 | $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/'); |
dc478ec8 | 281 | redirectFull(is_null($target)?$base:($base.$target),$secure); |
997305cf | 282 | } |
dc478ec8 | 283 | function redirectFull($target,$secure) { |
1389493c | 284 | redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target); |
997305cf JP |
285 | } |
286 | function redirect2($target) { | |
287 | header('Location: '.$target); | |
288 | exit; | |
289 | } | |
dc478ec8 JP |
290 | function flipSSL() { |
291 | return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL']; | |
292 | } | |
997305cf JP |
293 | |
294 | ## USER SCRIPTS | |
295 | ||
296 | function addUser($sslCredentials) { | |
dc478ec8 JP |
297 | global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT; |
298 | ||
997305cf JP |
299 | $arr = array_merge($sslCredentials, $_NEW_USER); |
300 | $sql = sprintf("INSERT INTO User %s", | |
301 | buildSQLInsert($arr)); | |
dc478ec8 JP |
302 | $UserId = DBInsert($sql); |
303 | ||
304 | $arr = $_NEW_USERQUOTA; | |
305 | $arr['UserId'] = $UserId; | |
306 | $sql = sprintf("INSERT INTO UserQuota %s", | |
307 | buildSQLInsert($arr)); | |
308 | DBInsert($sql); | |
309 | ||
310 | $arr = $_NEW_USERSTAT; | |
311 | $arr['UserId'] = $UserId; | |
1389493c | 312 | $sql = sprintf("INSERT INTO UserStat %s", |
dc478ec8 JP |
313 | buildSQLInsert($arr)); |
314 | DBInsert($sql); | |
315 | ||
316 | return $UserId; | |
997305cf JP |
317 | } |
318 | ||
377015e0 | 319 | function addDB($dbname,$userid) { |
e47be57b | 320 | global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER; |
377015e0 JP |
321 | |
322 | DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname))); | |
377015e0 JP |
323 | |
324 | $newdb['Name'] = $dbname; | |
e47be57b | 325 | $arr = array_merge($newdb, $_NEW_DB); |
377015e0 | 326 | $arr['bEnabled'] = 1; |
e47be57b | 327 | $sql = sprintf("INSERT IGNORE INTO DB %s", |
377015e0 | 328 | buildSQLInsert($arr)); |
e47be57b JP |
329 | $DBId = DBInsert($sql); |
330 | if (empty($DBId)) { | |
331 | $sql = sprintf("SELECT DatabaseId FROM DB WHERE Name = '%s'", | |
332 | mysql_escape_string($dbname)); | |
333 | $r = fetchRows(DBSelect($sql), 'DatabaseId'); | |
334 | if (count($r)) { | |
335 | $r = array_shift($r); | |
336 | $DBId = $r['DatabaseId']; | |
337 | } else { | |
338 | return false; | |
339 | } | |
340 | $sql = sprintf("UPDATE DB %s WHERE DB.DatabaseId = '%s'", | |
341 | buildSQLSet($arr), | |
342 | $DBId); | |
343 | DBUpdate($sql); | |
344 | return $DBId; | |
345 | } else { | |
346 | $arr = $_NEW_DBQUOTA; | |
347 | $arr['DatabaseId'] = $DBId; | |
348 | $sql = sprintf("INSERT IGNORE INTO DBQuota %s", | |
349 | buildSQLInsert($arr)); | |
350 | DBInsert($sql); | |
377015e0 | 351 | |
e47be57b JP |
352 | $arr = $_NEW_DBOWNER; |
353 | $arr['DatabaseId'] = $DBId; | |
354 | $arr['UserId'] = $userid; | |
355 | $sql = sprintf("INSERT IGNORE INTO DBOwner %s", | |
356 | buildSQLInsert($arr)); | |
357 | DBInsert($sql); | |
377015e0 | 358 | |
e47be57b JP |
359 | return $DBId; |
360 | } | |
361 | } | |
362 | ||
363 | function delDB($dbname) { | |
364 | global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER; | |
365 | ||
366 | DBCreate(sprintf('DROP DATABASE `%s`', mysql_escape_string($dbname))); | |
367 | ||
368 | $arr['bEnabled'] = 0; | |
369 | $sql = sprintf("UPDATE DB %s WHERE DB.Name = '%s'", | |
370 | buildSQLSet($arr), | |
371 | $dbname); | |
372 | DBUpdate($sql); | |
377015e0 | 373 | |
e47be57b | 374 | return true; |
377015e0 JP |
375 | } |
376 | ||
88b7d384 | 377 | ?> |