[sql-web.git] / lib / security.lib.php

<?php

require_once('mitsql.lib.php');

class Login {
	var $id, $u, $p;
    var $info;
    function Login($u, $p=null) {
		if (empty($u)) return;
   		$this->u = $u;
		$this->p = $p;
		if (is_numeric($u)) {
			$this->id = $u;
			$opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
		} else {
			$opt = sprintf(" Username = '%s'", mysql_escape_string($u));
			$opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
		}
        $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
                        FROM User
                        WHERE %s", $opt);
        $r = fetchRows(DBSelect($sql),'UserId');
		$this->info = count($r)?array_shift($r):$r;
	}
    function exists() {
        return count($this->info);
    }
	function isValid() {
		return $this->getUL()>0;
	}
    function isEnabled() {
        return $this->exists() && $this->info['bEnabled']==1;
    }
    function canLogin() {
        return $this->isEnabled() && $this->isValid();
    }
    function canSignup() {
        return !$this->isEnabled() && $this->isValid();
    }
    function getUserId() {
        return $this->exists()?$this->info['UserId']:'';
    }
    function getUsername() {
        return $this->exists()?$this->info['Username']:'';
    }
    function getName() {
        return $this->exists()?$this->info['Name']:'';
    }
    function getEmail() {
        return $this->exists()?$this->info['Email']:'';
    }
    function getUL() {
        return $this->exists()?$this->info['UL']:'';
    }
    function expire() {
        $this->info = null;
    }
    function refresh() {
		if (!empty($this->id)) {
			$this->Login($this->id);
		} else {
			$this->Login($this->u,$this->p);
		}
    }
    function update($name=null,$email=null) {
        if (!$this->exists()) return;
        $arr = array();
		if ($name == $this->getName()) $name = null;
		if ($email == $this->getEmail()) $email = null;
        is_null($name) || $arr['Name'] = $name;
        is_null($email) || $arr['Email'] = $email;
		$upd = buildSQLSet($arr);
        $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
                        $upd, mysql_escape_string($this->getUserId()));
		if (!empty($upd) && $upd != 'SET')
			DBUpdate($sql);
		if (isset($arr['Name']))
			$this->info['Name'] = $arr['Name'];
		if (isset($arr['Email']))
			$this->info['Email'] = $arr['Email'];
	}
}

class User {
	var $userId;
	var $info;
	var $dblist;
    function User($userId) {
		$this->userId = $userId;
        $sql = sprintf("SELECT User.UserId, Username, Password, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard
                        FROM User
						INNER JOIN UserQuota ON User.UserId = UserQuota.UserId
						INNER JOIN UserStat ON User.UserId = UserStat.UserId
                        WHERE User.UserId = '%s'",
                        mysql_escape_string($userId));
        $r = fetchRows(DBSelect($sql),'UserId');
        $this->info = count($r)?array_shift($r):$r;
		$this->dblist = $this->getDBList();
//		$this->pass = base64_decode($this->info['Password']);
    }
	function refresh() {
		unset($this->dblist);
		$this->User($this->userId);
		/*
        $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
                        FROM User
                        WHERE UserId = '%s'",
                        mysql_escape_string($this->userId));
        $r = fetchRows(DBSelect($sql),'UserId');
        $this->info = count($r)?array_shift($r):$r;
		unset($this->dblist);
		$this->getDBList();
		*/
	}
    function exists() {
        return count($this->info);
    }
    function getUserId() {
        return $this->exists()?$this->info['UserId']:'';
    }
    function getUsername() {
        return $this->exists()?$this->info['Username']:'';
    }
    function getBytes() {
        if($this->exists()) {
			$arr['nBytes'] = $this->info['nBytes'];
			$arr['nBytesSoft'] = $this->info['nBytesSoft'];
			$arr['nBytesHard'] = $this->info['nBytesHard'];
			return $arr;
		}
    }
	function setPassword($pwd) {
		$arr['Password'] = base64_encode($pwd);
        $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
                        buildSQLSet($arr), mysql_escape_string($this->getUserId()));
        DBUpdate($sql);
		$sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')',
						mysql_escape_string($this->getUsername()),
						mysql_escape_string($pwd));
		DBSet($sql);
	}
	function signup($pwd) {
		$this->pass = $pwd;
		$arr['Password'] = base64_encode($pwd);
		$arr['bEnabled'] = 1;
		$arr['dSignup'] = 'NOW()';
        $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
                        buildSQLSet($arr), mysql_escape_string($this->getUserId()));
        DBUpdate($sql);

		$this->setUsage();
		$this->setAccess();
	}
	function setUsage($yes=true) {
		$verb = $yes?'GRANT':'REVOKE';
		$prep = $yes?'TO':'FROM';
		$suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):'';
		$sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
						mysql_escape_string($verb),
						mysql_escape_string($prep),
						mysql_escape_string($this->getUsername()),
						'%',
						$suffix);
		DBGrant($sql);
	}
	function setAccess($db=null,$yes=true) {
		$verb = $yes?'GRANT':'REVOKE';
		$prep = $yes?'TO':'FROM';
		if (is_null($db)) {
			$dbs = $this->getDBList();
		} else {
			$dbs[] = array('Name'=>$db);
		}
		foreach($dbs as $db) {
			$name = $db['Name'];
			$sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'",
							mysql_escape_string($verb),
							mysql_escape_string($name),
							mysql_escape_string($prep),
							mysql_escape_string($this->getUsername()),
							'%');
			DBGrant($sql);
		}
	}
	function getDBList() {
		if (isset($this->dblist)) {
			return $this->dblist;
		} else {
			//			LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
			$sql = sprintf("SELECT *
						FROM DBOwner
						INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
						INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
						WHERE DBOwner.UserId = '%s' AND DB.bEnabled=1",
						mysql_escape_string($this->getUserId()));
//			$r = fetchRows(DBSelect($sql),'DatabaseId');
			$r = fetchRows(DBSelect($sql),'Name');
			return $r;
		}
	}
	function addDB($name) {
		if (in_array($name, $this->getDBList())) return false;
		if (!addDB($name, $this->getUserId())) return false;
		$this->setAccess($name);
		return true;
	}
	function delDB($name) {
		if (!in_array($name, array_keys($this->getDBList()))) return false;
		if (!delDB($name)) return false;//, $this->getUserId())) return false;
		$this->setAccess($name,false);
		return true;
	}
}


function isLoggedIn($aLogin=null) {
    if (is_null($aLogin)) {
        global $Login;
        $aLogin = $Login;
    }
    return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
}

function isAdmin($aLogin=null) {
    if (is_null($aLogin)) {
        global $Login;
        $aLogin = $Login;
    }
    return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->getUL()>=100;
}

function isImpersonating() {
	return isSess('_UserId') && isSess('UserId');
}

function impersonate($userId=null) {
	$wasImpersonating = isImpersonating();
	if ($wasImpersonating) {
		if (is_null($userId)) {
			sess('UserId',sess('_UserId'));
		} elseif ($userId>0) {
			sess('UserId',$userId);
		} else {
			return false;
		}
	} elseif (isLoggedIn()) {
		sess('_UserId',sess('UserId'));
		sess('UserId',$userId);
		return true;
	} else {
		return false;
	}
}

function isSSL() {
	return $_SERVER['SERVER_PORT'] == 443;
}

function getSSLCert() {
    if (DEVEL && file_exists('.forceauth')) {
        $fu = explode('|',file_get_contents('.forceauth'));
        $name = trim($fu[0]);
        $email = trim($fu[1]);
    } else {
        $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null;
        $email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null;
    }
    if (!is_null($email)) {
        $user = explode('@',$email);
		$user = $user[0];
        return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email);
	} else {
		return null;
	}
}

## 302 REDIRECTS

function redirect($target=null,$secure=null) {
    $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
    redirectFull(is_null($target)?$base:($base.$target),$secure);
}
function redirectFull($target,$secure) {
	redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
}
function redirect2($target) {
	header('Location: '.$target);
	exit;
}
function flipSSL() {
	return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
}

## USER SCRIPTS

function addUser($sslCredentials) {
    global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT;

    $arr = array_merge($sslCredentials, $_NEW_USER);
    $sql = sprintf("INSERT INTO User %s",
                    buildSQLInsert($arr));
    $UserId = DBInsert($sql);

	$arr = $_NEW_USERQUOTA;
	$arr['UserId'] = $UserId;
    $sql = sprintf("INSERT INTO UserQuota %s",
                    buildSQLInsert($arr));
	DBInsert($sql);

	$arr = $_NEW_USERSTAT;
	$arr['UserId'] = $UserId;
    $sql = sprintf("INSERT INTO UserStat %s",
                    buildSQLInsert($arr));
	DBInsert($sql);

	return $UserId;
}

function addDB($dbname,$userid) {
	global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;

	DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname)));

	$newdb['Name'] = $dbname;
	$arr = array_merge($newdb, $_NEW_DB);
	$arr['bEnabled'] = 1;
	$sql = sprintf("INSERT IGNORE INTO DB %s",
                    buildSQLInsert($arr));
	$DBId = DBInsert($sql);
	if (empty($DBId)) {
		$sql = sprintf("SELECT DatabaseId FROM DB WHERE Name = '%s'",
						mysql_escape_string($dbname));
		$r = fetchRows(DBSelect($sql), 'DatabaseId');
		if (count($r)) {
			$r = array_shift($r);
			$DBId = $r['DatabaseId'];
		} else {
			return false;
		}
		$sql = sprintf("UPDATE DB %s WHERE DB.DatabaseId = '%s'",
						buildSQLSet($arr),
						$DBId);
		DBUpdate($sql);
		return $DBId;
	} else {
		$arr = $_NEW_DBQUOTA;
		$arr['DatabaseId'] = $DBId;
		$sql = sprintf("INSERT IGNORE INTO DBQuota %s",
						buildSQLInsert($arr));
		DBInsert($sql);

		$arr = $_NEW_DBOWNER;
		$arr['DatabaseId'] = $DBId;
		$arr['UserId'] = $userid;
		$sql = sprintf("INSERT IGNORE INTO DBOwner %s",
						buildSQLInsert($arr));
		DBInsert($sql);

		return $DBId;
	}
}

function delDB($dbname) {
	global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;

	DBCreate(sprintf('DROP DATABASE `%s`', mysql_escape_string($dbname)));

	$arr['bEnabled'] = 0;
	$sql = sprintf("UPDATE DB %s WHERE DB.Name = '%s'",
					buildSQLSet($arr),
					$dbname);
	DBUpdate($sql);

	return true;
}

?>
Commit	Line	Data
997305cf JP	1	<?php
	2
	3	require_once('mitsql.lib.php');
	4
	5	class Login {
e47be57b	6	var $id, $u, $p;
997305cf JP	7	var $info;
997305cf JP	8	function Login($u, $p=null) {
377015e0	9	if (empty($u)) return;
e47be57b	10	$this->u = $u;
dc478ec8	11	$this->p = $p;
e47be57b JP	12	if (is_numeric($u)) {
	13	$this->id = $u;
	14	$opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
	15	} else {
	16	$opt = sprintf(" Username = '%s'", mysql_escape_string($u));
	17	$opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
	18	}
997305cf JP	19	$sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
997305cf JP	20	FROM User
377015e0	21	WHERE %s", $opt);
997305cf	22	$r = fetchRows(DBSelect($sql),'UserId');
e47be57b JP	23	$this->info = count($r)?array_shift($r):$r;
e47be57b JP	24	}
997305cf	25	function exists() {
dc478ec8	26	return count($this->info);
997305cf	27	}
dc478ec8 JP	28	function isValid() {
	29	return $this->getUL()>0;
	30	}
997305cf JP	31	function isEnabled() {
	32	return $this->exists() && $this->info['bEnabled']==1;
	33	}
dc478ec8 JP	34	function canLogin() {
	35	return $this->isEnabled() && $this->isValid();
	36	}
	37	function canSignup() {
	38	return !$this->isEnabled() && $this->isValid();
	39	}
997305cf	40	function getUserId() {
dc478ec8	41	return $this->exists()?$this->info['UserId']:'';
997305cf JP	42	}
997305cf JP	43	function getUsername() {
dc478ec8	44	return $this->exists()?$this->info['Username']:'';
997305cf JP	45	}
997305cf JP	46	function getName() {
dc478ec8	47	return $this->exists()?$this->info['Name']:'';
997305cf JP	48	}
997305cf JP	49	function getEmail() {
dc478ec8	50	return $this->exists()?$this->info['Email']:'';
997305cf JP	51	}
997305cf JP	52	function getUL() {
dc478ec8	53	return $this->exists()?$this->info['UL']:'';
997305cf JP	54	}
	55	function expire() {
	56	$this->info = null;
	57	}
	58	function refresh() {
e47be57b JP	59	if (!empty($this->id)) {
	60	$this->Login($this->id);
	61	} else {
	62	$this->Login($this->u,$this->p);
	63	}
997305cf JP	64	}
	65	function update($name=null,$email=null) {
	66	if (!$this->exists()) return;
	67	$arr = array();
dc478ec8 JP	68	if ($name == $this->getName()) $name = null;
dc478ec8 JP	69	if ($email == $this->getEmail()) $email = null;
997305cf JP	70	is_null($name) \|\| $arr['Name'] = $name;
997305cf JP	71	is_null($email) \|\| $arr['Email'] = $email;
e47be57b	72	$upd = buildSQLSet($arr);
997305cf	73	$sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
3ebfe9a3	74	$upd, mysql_escape_string($this->getUserId()));
e47be57b JP	75	if (!empty($upd) && $upd != 'SET')
e47be57b JP	76	DBUpdate($sql);
dc478ec8	77	if (isset($arr['Name']))
377015e0	78	$this->info['Name'] = $arr['Name'];
dc478ec8	79	if (isset($arr['Email']))
377015e0	80	$this->info['Email'] = $arr['Email'];
dc478ec8 JP	81	}
	82	}
	83
	84	class User {
	85	var $userId;
	86	var $info;
dc478ec8 JP	87	var $dblist;
	88	function User($userId) {
	89	$this->userId = $userId;
88b7d384	90	$sql = sprintf("SELECT User.UserId, Username, Password, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard
dc478ec8	91	FROM User
e47be57b JP	92	INNER JOIN UserQuota ON User.UserId = UserQuota.UserId
e47be57b JP	93	INNER JOIN UserStat ON User.UserId = UserStat.UserId
88b7d384	94	WHERE User.UserId = '%s'",
dc478ec8 JP	95	mysql_escape_string($userId));
	96	$r = fetchRows(DBSelect($sql),'UserId');
	97	$this->info = count($r)?array_shift($r):$r;
377015e0 JP	98	$this->dblist = $this->getDBList();
377015e0 JP	99	// $this->pass = base64_decode($this->info['Password']);
997305cf	100	}
88b7d384 JP	101	function refresh() {
	102	unset($this->dblist);
	103	$this->User($this->userId);
	104	/*
	105	$sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
	106	FROM User
	107	WHERE UserId = '%s'",
	108	mysql_escape_string($this->userId));
	109	$r = fetchRows(DBSelect($sql),'UserId');
	110	$this->info = count($r)?array_shift($r):$r;
	111	unset($this->dblist);
	112	$this->getDBList();
	113	*/
	114	}
dc478ec8 JP	115	function exists() {
	116	return count($this->info);
	117	}
	118	function getUserId() {
	119	return $this->exists()?$this->info['UserId']:'';
	120	}
	121	function getUsername() {
	122	return $this->exists()?$this->info['Username']:'';
88b7d384 JP	123	}
	124	function getBytes() {
	125	if($this->exists()) {
	126	$arr['nBytes'] = $this->info['nBytes'];
	127	$arr['nBytesSoft'] = $this->info['nBytesSoft'];
	128	$arr['nBytesHard'] = $this->info['nBytesHard'];
	129	return $arr;
	130	}
dc478ec8 JP	131	}
	132	function setPassword($pwd) {
	133	$arr['Password'] = base64_encode($pwd);
	134	$sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
	135	buildSQLSet($arr), mysql_escape_string($this->getUserId()));
	136	DBUpdate($sql);
377015e0 JP	137	$sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')',
	138	mysql_escape_string($this->getUsername()),
	139	mysql_escape_string($pwd));
	140	DBSet($sql);
dc478ec8 JP	141	}
	142	function signup($pwd) {
	143	$this->pass = $pwd;
	144	$arr['Password'] = base64_encode($pwd);
	145	$arr['bEnabled'] = 1;
	146	$arr['dSignup'] = 'NOW()';
	147	$sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
	148	buildSQLSet($arr), mysql_escape_string($this->getUserId()));
	149	DBUpdate($sql);
	150
	151	$this->setUsage();
	152	$this->setAccess();
	153	}
	154	function setUsage($yes=true) {
	155	$verb = $yes?'GRANT':'REVOKE';
	156	$prep = $yes?'TO':'FROM';
3ebfe9a3	157	$suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):'';
dc478ec8 JP	158	$sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
	159	mysql_escape_string($verb),
	160	mysql_escape_string($prep),
	161	mysql_escape_string($this->getUsername()),
	162	'%',
3ebfe9a3	163	$suffix);
dc478ec8 JP	164	DBGrant($sql);
	165	}
	166	function setAccess($db=null,$yes=true) {
	167	$verb = $yes?'GRANT':'REVOKE';
	168	$prep = $yes?'TO':'FROM';
	169	if (is_null($db)) {
88b7d384	170	$dbs = $this->getDBList();
dc478ec8 JP	171	} else {
	172	$dbs[] = array('Name'=>$db);
	173	}
	174	foreach($dbs as $db) {
	175	$name = $db['Name'];
	176	$sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'",
	177	mysql_escape_string($verb),
	178	mysql_escape_string($name),
	179	mysql_escape_string($prep),
377015e0	180	mysql_escape_string($this->getUsername()),
dc478ec8 JP	181	'%');
	182	DBGrant($sql);
	183	}
	184	}
	185	function getDBList() {
88b7d384 JP	186	if (isset($this->dblist)) {
	187	return $this->dblist;
	188	} else {
	189	// LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
	190	$sql = sprintf("SELECT *
dc478ec8	191	FROM DBOwner
e47be57b JP	192	INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
e47be57b JP	193	INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
88b7d384	194	WHERE DBOwner.UserId = '%s' AND DB.bEnabled=1",
dc478ec8	195	mysql_escape_string($this->getUserId()));
88b7d384 JP	196	// $r = fetchRows(DBSelect($sql),'DatabaseId');
	197	$r = fetchRows(DBSelect($sql),'Name');
	198	return $r;
	199	}
dc478ec8	200	}
377015e0	201	function addDB($name) {
e47be57b	202	if (in_array($name, $this->getDBList())) return false;
377015e0 JP	203	if (!addDB($name, $this->getUserId())) return false;
	204	$this->setAccess($name);
	205	return true;
	206	}
e47be57b JP	207	function delDB($name) {
	208	if (!in_array($name, array_keys($this->getDBList()))) return false;
	209	if (!delDB($name)) return false;//, $this->getUserId())) return false;
	210	$this->setAccess($name,false);
	211	return true;
	212	}
997305cf JP	213	}
	214
	215
	216	function isLoggedIn($aLogin=null) {
	217	if (is_null($aLogin)) {
	218	global $Login;
	219	$aLogin = $Login;
	220	}
dc478ec8	221	return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
997305cf JP	222	}
997305cf JP	223
e47be57b JP	224	function isAdmin($aLogin=null) {
	225	if (is_null($aLogin)) {
	226	global $Login;
	227	$aLogin = $Login;
	228	}
	229	return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->getUL()>=100;
	230	}
	231
88b7d384 JP	232	function isImpersonating() {
	233	return isSess('_UserId') && isSess('UserId');
	234	}
	235
	236	function impersonate($userId=null) {
	237	$wasImpersonating = isImpersonating();
	238	if ($wasImpersonating) {
	239	if (is_null($userId)) {
	240	sess('UserId',sess('_UserId'));
	241	} elseif ($userId>0) {
	242	sess('UserId',$userId);
	243	} else {
	244	return false;
	245	}
	246	} elseif (isLoggedIn()) {
	247	sess('_UserId',sess('UserId'));
	248	sess('UserId',$userId);
	249	return true;
	250	} else {
	251	return false;
	252	}
	253	}
	254
997305cf JP	255	function isSSL() {
	256	return $_SERVER['SERVER_PORT'] == 443;
	257	}
	258
	259	function getSSLCert() {
	260	if (DEVEL && file_exists('.forceauth')) {
	261	$fu = explode('\|',file_get_contents('.forceauth'));
dc478ec8 JP	262	$name = trim($fu[0]);
dc478ec8 JP	263	$email = trim($fu[1]);
997305cf JP	264	} else {
	265	$name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null;
	266	$email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null;
	267	}
	268	if (!is_null($email)) {
	269	$user = explode('@',$email);
	270	$user = $user[0];
	271	return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email);
	272	} else {
	273	return null;
	274	}
	275	}
	276
	277	## 302 REDIRECTS
	278
1389493c	279	function redirect($target=null,$secure=null) {
997305cf	280	$base = (is_null($target)\|\|substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
dc478ec8	281	redirectFull(is_null($target)?$base:($base.$target),$secure);
997305cf	282	}
dc478ec8	283	function redirectFull($target,$secure) {
1389493c	284	redirect2((((isSSL()&&is_null($secure))\|\|$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
997305cf JP	285	}
	286	function redirect2($target) {
	287	header('Location: '.$target);
	288	exit;
	289	}
dc478ec8 JP	290	function flipSSL() {
	291	return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
	292	}
997305cf JP	293
	294	## USER SCRIPTS
	295
	296	function addUser($sslCredentials) {
dc478ec8 JP	297	global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT;
dc478ec8 JP	298
997305cf JP	299	$arr = array_merge($sslCredentials, $_NEW_USER);
	300	$sql = sprintf("INSERT INTO User %s",
	301	buildSQLInsert($arr));
dc478ec8 JP	302	$UserId = DBInsert($sql);
	303
	304	$arr = $_NEW_USERQUOTA;
	305	$arr['UserId'] = $UserId;
	306	$sql = sprintf("INSERT INTO UserQuota %s",
	307	buildSQLInsert($arr));
	308	DBInsert($sql);
	309
	310	$arr = $_NEW_USERSTAT;
	311	$arr['UserId'] = $UserId;
1389493c	312	$sql = sprintf("INSERT INTO UserStat %s",
dc478ec8 JP	313	buildSQLInsert($arr));
	314	DBInsert($sql);
	315
	316	return $UserId;
997305cf JP	317	}
997305cf JP	318
377015e0	319	function addDB($dbname,$userid) {
e47be57b	320	global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
377015e0 JP	321
377015e0 JP	322	DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname)));
377015e0 JP	323
377015e0 JP	324	$newdb['Name'] = $dbname;
e47be57b	325	$arr = array_merge($newdb, $_NEW_DB);
377015e0	326	$arr['bEnabled'] = 1;
e47be57b	327	$sql = sprintf("INSERT IGNORE INTO DB %s",
377015e0	328	buildSQLInsert($arr));
e47be57b JP	329	$DBId = DBInsert($sql);
	330	if (empty($DBId)) {
	331	$sql = sprintf("SELECT DatabaseId FROM DB WHERE Name = '%s'",
	332	mysql_escape_string($dbname));
	333	$r = fetchRows(DBSelect($sql), 'DatabaseId');
	334	if (count($r)) {
	335	$r = array_shift($r);
	336	$DBId = $r['DatabaseId'];
	337	} else {
	338	return false;
	339	}
	340	$sql = sprintf("UPDATE DB %s WHERE DB.DatabaseId = '%s'",
	341	buildSQLSet($arr),
	342	$DBId);
	343	DBUpdate($sql);
	344	return $DBId;
	345	} else {
	346	$arr = $_NEW_DBQUOTA;
	347	$arr['DatabaseId'] = $DBId;
	348	$sql = sprintf("INSERT IGNORE INTO DBQuota %s",
	349	buildSQLInsert($arr));
	350	DBInsert($sql);
377015e0	351
e47be57b JP	352	$arr = $_NEW_DBOWNER;
	353	$arr['DatabaseId'] = $DBId;
	354	$arr['UserId'] = $userid;
	355	$sql = sprintf("INSERT IGNORE INTO DBOwner %s",
	356	buildSQLInsert($arr));
	357	DBInsert($sql);
377015e0	358
e47be57b JP	359	return $DBId;
	360	}
	361	}
	362
	363	function delDB($dbname) {
	364	global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
	365
	366	DBCreate(sprintf('DROP DATABASE `%s`', mysql_escape_string($dbname)));
	367
	368	$arr['bEnabled'] = 0;
	369	$sql = sprintf("UPDATE DB %s WHERE DB.Name = '%s'",
	370	buildSQLSet($arr),
	371	$dbname);
	372	DBUpdate($sql);
377015e0	373
e47be57b	374	return true;
377015e0 JP	375	}
377015e0 JP	376
88b7d384	377	?>