]>
Commit | Line | Data |
---|---|---|
1 | <?php | |
2 | /* | |
3 | (c) 2005 Joe Presbrey | |
4 | */ | |
5 | ||
6 | require_once('mitsql.lib.php'); | |
7 | ||
8 | class Login { | |
9 | private $id, $u, $p; | |
10 | private $info; | |
11 | function Login($u, $p=null) { | |
12 | if (empty($u)) return; | |
13 | $this->u = $u; | |
14 | $this->p = $p; | |
15 | if ((string)intval($u)===(string)$u) { | |
16 | $this->id = $u; | |
17 | $opt = sprintf(" Username = '%s' OR UserId = '%s'", mysql_escape_string($u), mysql_escape_string($u)); | |
18 | } else { | |
19 | $opt = sprintf(" Username = '%s'", mysql_escape_string($u)); | |
20 | $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p)))); | |
21 | } | |
22 | $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled | |
23 | FROM User | |
24 | WHERE %s", $opt); | |
25 | $r = fetchRows(DBSelect($sql),'UserId'); | |
26 | $this->info = count($r)?array_shift($r):$r; | |
27 | } | |
28 | function exists() { | |
29 | return count($this->info); | |
30 | } | |
31 | function isValid() { | |
32 | return $this->getUL()>0; | |
33 | } | |
34 | function isEnabled() { | |
35 | return $this->exists() && $this->info['bEnabled']==1; | |
36 | } | |
37 | function canLogin() { | |
38 | return $this->isEnabled() && $this->isValid(); | |
39 | } | |
40 | function canSignup() { | |
41 | return !$this->isEnabled() && $this->isValid(); | |
42 | } | |
43 | function getUserId() { | |
44 | return $this->exists()?$this->info['UserId']:''; | |
45 | } | |
46 | function getUsername() { | |
47 | return $this->exists()?$this->info['Username']:''; | |
48 | } | |
49 | function getName() { | |
50 | return $this->exists()?$this->info['Name']:''; | |
51 | } | |
52 | function getEmail() { | |
53 | return $this->exists()?$this->info['Email']:''; | |
54 | } | |
55 | function getUL() { | |
56 | return $this->exists()?$this->info['UL']:''; | |
57 | } | |
58 | function expire() { | |
59 | $this->info = null; | |
60 | } | |
61 | function refresh() { | |
62 | if (!empty($this->id)) { | |
63 | $this->Login($this->id); | |
64 | } else { | |
65 | $this->Login($this->u,$this->p); | |
66 | } | |
67 | } | |
68 | function update($name=null,$email=null) { | |
69 | if (!$this->exists()) return; | |
70 | $arr = array(); | |
71 | if ($name == $this->getName()) $name = null; | |
72 | if ($email == $this->getEmail()) $email = null; | |
73 | is_null($name) || $arr['Name'] = $name; | |
74 | is_null($email) || $arr['Email'] = $email; | |
75 | $upd = buildSQLSet($arr); | |
76 | $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'", | |
77 | $upd, mysql_escape_string($this->getUserId())); | |
78 | if (!empty($upd) && $upd != 'SET') | |
79 | DBUpdate($sql); | |
80 | if (isset($arr['Name'])) | |
81 | $this->info['Name'] = $arr['Name']; | |
82 | if (isset($arr['Email'])) | |
83 | $this->info['Email'] = $arr['Email']; | |
84 | } | |
85 | } | |
86 | ||
87 | class User { | |
88 | private $userId; | |
89 | private $info; | |
90 | private $dblist; | |
91 | function User($userId) { | |
92 | $this->userId = $userId; | |
93 | $sql = sprintf("SELECT User.UserId, Username, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard, IF(nBytes>nBytesHard,1,0) AS bOverQuota | |
94 | FROM User | |
95 | INNER JOIN UserQuota ON User.UserId = UserQuota.UserId | |
96 | INNER JOIN UserStat ON User.UserId = UserStat.UserId | |
97 | WHERE User.UserId = '%s'", | |
98 | mysql_escape_string($userId)); | |
99 | $r = fetchRows(DBSelect($sql),'UserId'); | |
100 | $this->info = count($r)?array_shift($r):$r; | |
101 | $this->dblist = $this->getDBList(); | |
102 | } | |
103 | function refresh() { | |
104 | unset($this->dblist); | |
105 | $this->User($this->userId); | |
106 | /* | |
107 | $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled | |
108 | FROM User | |
109 | WHERE UserId = '%s'", | |
110 | mysql_escape_string($this->userId)); | |
111 | $r = fetchRows(DBSelect($sql),'UserId'); | |
112 | $this->info = count($r)?array_shift($r):$r; | |
113 | unset($this->dblist); | |
114 | $this->getDBList(); | |
115 | */ | |
116 | } | |
117 | function exists() { | |
118 | return count($this->info); | |
119 | } | |
120 | function getUserId() { | |
121 | return $this->exists()?$this->info['UserId']:''; | |
122 | } | |
123 | function getUsername() { | |
124 | return $this->exists()?$this->info['Username']:''; | |
125 | } | |
126 | function isOverQuota() { | |
127 | return $this->exists()?($this->info['bOverQuota']>0?true:false):''; | |
128 | } | |
129 | function getBytes() { | |
130 | if($this->exists()) { | |
131 | $arr['nBytes'] = $this->info['nBytes']; | |
132 | $arr['nBytesSoft'] = $this->info['nBytesSoft']; | |
133 | $arr['nBytesHard'] = $this->info['nBytesHard']; | |
134 | return $arr; | |
135 | } | |
136 | } | |
137 | function setPassword($pwd) { | |
138 | $arr['Password'] = base64_encode($pwd); | |
139 | $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'", | |
140 | buildSQLSet($arr), mysql_escape_string($this->getUserId())); | |
141 | DBUpdate($sql); | |
142 | $sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')', | |
143 | mysql_escape_string($this->getUsername()), | |
144 | mysql_escape_string($pwd)); | |
145 | DBSet($sql); | |
146 | } | |
147 | function signup($pwd) { | |
148 | $this->pass = $pwd; | |
149 | $arr['Password'] = base64_encode($pwd); | |
150 | $arr['bEnabled'] = 1; | |
151 | $arr['dSignup'] = 'NOW()'; | |
152 | $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'", | |
153 | buildSQLSet($arr), mysql_escape_string($this->getUserId())); | |
154 | DBUpdate($sql); | |
155 | ||
156 | $this->setUsage(); | |
157 | $this->setAccess(); | |
158 | } | |
159 | function setUsage($yes=true) { | |
160 | $verb = $yes?'GRANT':'REVOKE'; | |
161 | $prep = $yes?'TO':'FROM'; | |
162 | $suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):''; | |
163 | $sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s", | |
164 | mysql_escape_string($verb), | |
165 | mysql_escape_string($prep), | |
166 | mysql_escape_string($this->getUsername()), | |
167 | '%', | |
168 | $suffix); | |
169 | DBGrant($sql); | |
170 | } | |
171 | function setAccess($db=null,$yes=true) { | |
172 | $verb = $yes?'GRANT':'REVOKE'; | |
173 | $prep = $yes?'TO':'FROM'; | |
174 | if (is_null($db)) { | |
175 | $dbs = $this->getDBList(); | |
176 | } else { | |
177 | $dbs[] = array('Name'=>$db); | |
178 | } | |
179 | foreach($dbs as $db) { | |
180 | $name = $db['Name']; | |
181 | $sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'", | |
182 | mysql_escape_string($verb), | |
183 | mysql_escape_string($name), | |
184 | mysql_escape_string($prep), | |
185 | mysql_escape_string($this->getUsername()), | |
186 | '%'); | |
187 | DBGrant($sql); | |
188 | } | |
189 | } | |
190 | function getDBList() { | |
191 | if (isset($this->dblist)) { | |
192 | return $this->dblist; | |
193 | } else { | |
194 | // LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId | |
195 | $sql = sprintf("SELECT * | |
196 | FROM DBOwner | |
197 | INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId | |
198 | INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId | |
199 | WHERE DBOwner.UserId = '%s' AND DB.bEnabled=1", | |
200 | mysql_escape_string($this->getUserId())); | |
201 | // $r = fetchRows(DBSelect($sql),'DatabaseId'); | |
202 | $r = fetchRows(DBSelect($sql),'Name'); | |
203 | ksort($r); | |
204 | return $r; | |
205 | } | |
206 | } | |
207 | function addDB($name) { | |
208 | if (in_array($name, array_keys($this->getDBList()))) return false; | |
209 | if (!addDB($name, $this->getUserId())) return false; | |
210 | $this->setAccess($name); | |
211 | return true; | |
212 | } | |
213 | function delDB($name) { | |
214 | if (!in_array($name, array_keys($this->getDBList()))) return false; | |
215 | if (!delDB($name)) return false;//, $this->getUserId())) return false; | |
216 | $this->setAccess($name,false); | |
217 | return true; | |
218 | } | |
219 | } | |
220 | ||
221 | ||
222 | function isLoggedIn($aLogin=null) { | |
223 | if (is_null($aLogin)) { | |
224 | global $Login; | |
225 | $aLogin = $Login; | |
226 | } | |
227 | return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->canLogin(); | |
228 | } | |
229 | ||
230 | function isAdmin($aLogin=null) { | |
231 | if (is_null($aLogin)) { | |
232 | global $Login; | |
233 | $aLogin = $Login; | |
234 | } | |
235 | return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->getUL()>=100; | |
236 | } | |
237 | ||
238 | function isImpersonating() { | |
239 | return isSess('_UserId') && isSess('UserId'); | |
240 | } | |
241 | ||
242 | function isOffline() { | |
243 | return (defined('OFFLINE') && OFFLINE); | |
244 | } | |
245 | ||
246 | function isOnline() { | |
247 | return !isOffline(); | |
248 | } | |
249 | ||
250 | function impersonate($userId=null) { | |
251 | $wasImpersonating = isImpersonating(); | |
252 | if ($wasImpersonating) { | |
253 | if (is_null($userId) || empty($userId)) { | |
254 | sess('UserId',sess('_UserId')); | |
255 | sess('_UserId',''); | |
256 | } elseif ($userId>0) { | |
257 | sess('UserId',$userId); | |
258 | } else { | |
259 | return false; | |
260 | } | |
261 | } elseif (isLoggedIn()) { | |
262 | sess('_UserId',sess('UserId')); | |
263 | sess('UserId',$userId); | |
264 | return true; | |
265 | } else { | |
266 | return false; | |
267 | } | |
268 | } | |
269 | ||
270 | function isSSL() { | |
271 | return isset($_SERVER['SERVER_PORT'])?($_SERVER['SERVER_PORT'] == 443):false; | |
272 | } | |
273 | ||
274 | function getSSLCert() { | |
275 | if (DEVEL && file_exists('.forceauth')) { | |
276 | $fu = explode('|',file_get_contents('.forceauth')); | |
277 | $name = trim($fu[0]); | |
278 | $email = trim($fu[1]); | |
279 | } else { | |
280 | $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null; | |
281 | $email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null; | |
282 | } | |
283 | if (!is_null($email)) { | |
284 | $user = explode('@',$email); | |
285 | $user = $user[0]; | |
286 | return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email); | |
287 | } else { | |
288 | return null; | |
289 | } | |
290 | } | |
291 | ||
292 | ## 302 REDIRECTS | |
293 | ||
294 | function redirect($target=null,$secure=null) { | |
295 | $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/'); | |
296 | redirectFull(is_null($target)?$base:($base.$target),$secure); | |
297 | } | |
298 | function redirectStart() { | |
299 | redirectFull(BASE_URL,null); | |
300 | } | |
301 | function redirectFull($target,$secure) { | |
302 | //redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target); | |
303 | redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://scripts-cert.mit.edu':'http://scripts.mit.edu').$target); | |
304 | } | |
305 | function redirect2($target) { | |
306 | header('Location: '.$target); | |
307 | exit; | |
308 | } | |
309 | function flipSSL() { | |
310 | //return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL']; | |
311 | return (isSSL()?'http://scripts.mit.edu':'https://scripts-cert.mit.edu').$_SERVER['REDIRECT_URL']; | |
312 | } | |
313 | ||
314 | ## USER SCRIPTS | |
315 | ||
316 | function addUser($sslCredentials) { | |
317 | global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT; | |
318 | ||
319 | $arr = array_merge($sslCredentials, $_NEW_USER); | |
320 | $sql = sprintf("INSERT INTO User %s", | |
321 | buildSQLInsert($arr)); | |
322 | $UserId = DBInsert($sql); | |
323 | ||
324 | $arr = $_NEW_USERQUOTA; | |
325 | $arr['UserId'] = $UserId; | |
326 | $sql = sprintf("INSERT INTO UserQuota %s", | |
327 | buildSQLInsert($arr)); | |
328 | DBInsert($sql); | |
329 | ||
330 | $arr = $_NEW_USERSTAT; | |
331 | $arr['UserId'] = $UserId; | |
332 | $sql = sprintf("INSERT INTO UserStat %s", | |
333 | buildSQLInsert($arr)); | |
334 | DBInsert($sql); | |
335 | ||
336 | return $UserId; | |
337 | } | |
338 | ||
339 | function addDB($dbname,$userid) { | |
340 | global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER; | |
341 | ||
342 | DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname))); | |
343 | if (mysql_error()) return false; | |
344 | ||
345 | $newdb['Name'] = $dbname; | |
346 | $arr = array_merge($newdb, $_NEW_DB); | |
347 | $arr['bEnabled'] = 1; | |
348 | $sql = sprintf("INSERT IGNORE INTO DB %s", | |
349 | buildSQLInsert($arr)); | |
350 | $DBId = DBInsert($sql); | |
351 | if (empty($DBId)) { | |
352 | $sql = sprintf("SELECT DatabaseId FROM DB WHERE Name = '%s'", | |
353 | mysql_escape_string($dbname)); | |
354 | $r = fetchRows(DBSelect($sql), 'DatabaseId'); | |
355 | if (count($r)) { | |
356 | $r = array_shift($r); | |
357 | $DBId = $r['DatabaseId']; | |
358 | } else { | |
359 | return false; | |
360 | } | |
361 | $sql = sprintf("UPDATE DB SET %s WHERE DB.DatabaseId = '%s'", | |
362 | buildSQLSet($arr), | |
363 | $DBId); | |
364 | DBUpdate($sql); | |
365 | } | |
366 | ||
367 | DBDelete(sprintf("DELETE FROM DBOwner WHERE DatabaseId = '%s'", mysql_escape_string($DBId))); | |
368 | DBDelete(sprintf("DELETE FROM DBQuota WHERE DatabaseId = '%s'", mysql_escape_string($DBId))); | |
369 | ||
370 | $arr = $_NEW_DBQUOTA; | |
371 | $arr['DatabaseId'] = $DBId; | |
372 | $sql = sprintf("INSERT IGNORE INTO DBQuota %s", | |
373 | buildSQLInsert($arr)); | |
374 | DBInsert($sql); | |
375 | ||
376 | $arr = $_NEW_DBOWNER; | |
377 | $arr['DatabaseId'] = $DBId; | |
378 | $arr['UserId'] = $userid; | |
379 | $sql = sprintf("INSERT IGNORE INTO DBOwner %s", | |
380 | buildSQLInsert($arr)); | |
381 | DBInsert($sql); | |
382 | ||
383 | return $DBId; | |
384 | } | |
385 | ||
386 | function delDB($dbname) { | |
387 | global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER; | |
388 | ||
389 | DBCreate(sprintf('DROP DATABASE `%s`', mysql_escape_string($dbname))); | |
390 | ||
391 | $arr['bEnabled'] = 0; | |
392 | $sql = sprintf("UPDATE DB SET %s WHERE DB.Name = '%s'", | |
393 | buildSQLSet($arr), | |
394 | $dbname); | |
395 | DBUpdate($sql); | |
396 | ||
397 | return true; | |
398 | } | |
399 | ||
400 | ?> |