]> andersk Git - sql-web.git/blame_incremental - lib/security.lib.php
andersk / sql-web.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
git-svn-id: svn://presbrey.mit.edu/sql/mitsql@73 a142d4bd-2cfb-0310-9673-cb33a7e74f58
[sql-web.git] / lib / security.lib.php
... / ...
CommitLineData
1<?php
2
3require_once('mitsql.lib.php');
4
5class Login {
6 var $id, $u, $p;
7 var $info;
8 function Login($u, $p=null) {
9 if (empty($u)) return;
10 $this->u = $u;
11 $this->p = $p;
12 if (is_numeric($u)) {
13 $this->id = $u;
14 $opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
15 } else {
16 $opt = sprintf(" Username = '%s'", mysql_escape_string($u));
17 $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
18 }
19 $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
20 FROM User
21 WHERE %s", $opt);
22 $r = fetchRows(DBSelect($sql),'UserId');
23 $this->info = count($r)?array_shift($r):$r;
24 }
25 function exists() {
26 return count($this->info);
27 }
28 function isValid() {
29 return $this->getUL()>0;
30 }
31 function isEnabled() {
32 return $this->exists() && $this->info['bEnabled']==1;
33 }
34 function canLogin() {
35 return $this->isEnabled() && $this->isValid();
36 }
37 function canSignup() {
38 return !$this->isEnabled() && $this->isValid();
39 }
40 function getUserId() {
41 return $this->exists()?$this->info['UserId']:'';
42 }
43 function getUsername() {
44 return $this->exists()?$this->info['Username']:'';
45 }
46 function getName() {
47 return $this->exists()?$this->info['Name']:'';
48 }
49 function getEmail() {
50 return $this->exists()?$this->info['Email']:'';
51 }
52 function getUL() {
53 return $this->exists()?$this->info['UL']:'';
54 }
55 function expire() {
56 $this->info = null;
57 }
58 function refresh() {
59 if (!empty($this->id)) {
60 $this->Login($this->id);
61 } else {
62 $this->Login($this->u,$this->p);
63 }
64 }
65 function update($name=null,$email=null) {
66 if (!$this->exists()) return;
67 $arr = array();
68 if ($name == $this->getName()) $name = null;
69 if ($email == $this->getEmail()) $email = null;
70 is_null($name) || $arr['Name'] = $name;
71 is_null($email) || $arr['Email'] = $email;
72 $upd = buildSQLSet($arr);
73 $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
74 $upd, mysql_escape_string($this->getUserId()));
75 if (!empty($upd) && $upd != 'SET')
76 DBUpdate($sql);
77 if (isset($arr['Name']))
78 $this->info['Name'] = $arr['Name'];
79 if (isset($arr['Email']))
80 $this->info['Email'] = $arr['Email'];
81 }
82}
83
84class User {
85 var $userId;
86 var $info;
87 var $dblist;
88 function User($userId) {
89 $this->userId = $userId;
90 $sql = sprintf("SELECT User.UserId, Username, Password, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard, IF(nBytes>nBytesHard,1,0) AS bOverQuota
91 FROM User
92 INNER JOIN UserQuota ON User.UserId = UserQuota.UserId
93 INNER JOIN UserStat ON User.UserId = UserStat.UserId
94 WHERE User.UserId = '%s'",
95 mysql_escape_string($userId));
96 $r = fetchRows(DBSelect($sql),'UserId');
97 $this->info = count($r)?array_shift($r):$r;
98 $this->dblist = $this->getDBList();
99// $this->pass = base64_decode($this->info['Password']);
100 }
101 function refresh() {
102 unset($this->dblist);
103 $this->User($this->userId);
104 /*
105 $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
106 FROM User
107 WHERE UserId = '%s'",
108 mysql_escape_string($this->userId));
109 $r = fetchRows(DBSelect($sql),'UserId');
110 $this->info = count($r)?array_shift($r):$r;
111 unset($this->dblist);
112 $this->getDBList();
113 */
114 }
115 function exists() {
116 return count($this->info);
117 }
118 function getUserId() {
119 return $this->exists()?$this->info['UserId']:'';
120 }
121 function getUsername() {
122 return $this->exists()?$this->info['Username']:'';
123 }
124 function isOverQuota() {
125 return $this->exists()?($this->info['bOverQuota']>0?true:false):'';
126 }
127 function getBytes() {
128 if($this->exists()) {
129 $arr['nBytes'] = $this->info['nBytes'];
130 $arr['nBytesSoft'] = $this->info['nBytesSoft'];
131 $arr['nBytesHard'] = $this->info['nBytesHard'];
132 return $arr;
133 }
134 }
135 function setPassword($pwd) {
136 $arr['Password'] = base64_encode($pwd);
137 $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
138 buildSQLSet($arr), mysql_escape_string($this->getUserId()));
139 DBUpdate($sql);
140 $sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')',
141 mysql_escape_string($this->getUsername()),
142 mysql_escape_string($pwd));
143 DBSet($sql);
144 }
145 function signup($pwd) {
146 $this->pass = $pwd;
147 $arr['Password'] = base64_encode($pwd);
148 $arr['bEnabled'] = 1;
149 $arr['dSignup'] = 'NOW()';
150 $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
151 buildSQLSet($arr), mysql_escape_string($this->getUserId()));
152 DBUpdate($sql);
153
154 $this->setUsage();
155 $this->setAccess();
156 }
157 function setUsage($yes=true) {
158 $verb = $yes?'GRANT':'REVOKE';
159 $prep = $yes?'TO':'FROM';
160 $suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):'';
161 $sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
162 mysql_escape_string($verb),
163 mysql_escape_string($prep),
164 mysql_escape_string($this->getUsername()),
165 '%',
166 $suffix);
167 DBGrant($sql);
168 }
169 function setAccess($db=null,$yes=true) {
170 $verb = $yes?'GRANT':'REVOKE';
171 $prep = $yes?'TO':'FROM';
172 if (is_null($db)) {
173 $dbs = $this->getDBList();
174 } else {
175 $dbs[] = array('Name'=>$db);
176 }
177 foreach($dbs as $db) {
178 $name = $db['Name'];
179 $sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'",
180 mysql_escape_string($verb),
181 mysql_escape_string($name),
182 mysql_escape_string($prep),
183 mysql_escape_string($this->getUsername()),
184 '%');
185 DBGrant($sql);
186 }
187 }
188 function getDBList() {
189 if (isset($this->dblist)) {
190 return $this->dblist;
191 } else {
192 // LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
193 $sql = sprintf("SELECT *
194 FROM DBOwner
195 INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
196 INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
197 WHERE DBOwner.UserId = '%s' AND DB.bEnabled=1",
198 mysql_escape_string($this->getUserId()));
199// $r = fetchRows(DBSelect($sql),'DatabaseId');
200 $r = fetchRows(DBSelect($sql),'Name');
201 ksort($r);
202 return $r;
203 }
204 }
205 function addDB($name) {
206 if (in_array($name, array_keys($this->getDBList()))) return false;
207 if (!addDB($name, $this->getUserId())) return false;
208 $this->setAccess($name);
209 return true;
210 }
211 function delDB($name) {
212 if (!in_array($name, array_keys($this->getDBList()))) return false;
213 if (!delDB($name)) return false;//, $this->getUserId())) return false;
214 $this->setAccess($name,false);
215 return true;
216 }
217}
218
219
220function isLoggedIn($aLogin=null) {
221 if (is_null($aLogin)) {
222 global $Login;
223 $aLogin = $Login;
224 }
225 return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
226}
227
228function isAdmin($aLogin=null) {
229 if (is_null($aLogin)) {
230 global $Login;
231 $aLogin = $Login;
232 }
233 return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->getUL()>=100;
234}
235
236function isImpersonating() {
237 return isSess('_UserId') && isSess('UserId');
238}
239
240function impersonate($userId=null) {
241 $wasImpersonating = isImpersonating();
242 if ($wasImpersonating) {
243 if (is_null($userId) || empty($userId)) {
244 sess('UserId',sess('_UserId'));
245 sess('_UserId','');
246 } elseif ($userId>0) {
247 sess('UserId',$userId);
248 } else {
249 return false;
250 }
251 } elseif (isLoggedIn()) {
252 sess('_UserId',sess('UserId'));
253 sess('UserId',$userId);
254 return true;
255 } else {
256 return false;
257 }
258}
259
260function isSSL() {
261 return isset($_SERVER['SERVER_PORT'])?($_SERVER['SERVER_PORT'] == 443):false;
262}
263
264function getSSLCert() {
265 if (DEVEL && file_exists('.forceauth')) {
266 $fu = explode('|',file_get_contents('.forceauth'));
267 $name = trim($fu[0]);
268 $email = trim($fu[1]);
269 } else {
270 $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null;
271 $email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null;
272 }
273 if (!is_null($email)) {
274 $user = explode('@',$email);
275 $user = $user[0];
276 return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email);
277 } else {
278 return null;
279 }
280}
281
282## 302 REDIRECTS
283
284function redirect($target=null,$secure=null) {
285 $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
286 redirectFull(is_null($target)?$base:($base.$target),$secure);
287}
288function redirectStart() {
289 redirectFull(BASE_URL,null);
290}
291function redirectFull($target,$secure) {
292 redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
293}
294function redirect2($target) {
295 header('Location: '.$target);
296 exit;
297}
298function flipSSL() {
299 return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
300}
301
302## USER SCRIPTS
303
304function addUser($sslCredentials) {
305 global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT;
306
307 $arr = array_merge($sslCredentials, $_NEW_USER);
308 $sql = sprintf("INSERT INTO User %s",
309 buildSQLInsert($arr));
310 $UserId = DBInsert($sql);
311
312 $arr = $_NEW_USERQUOTA;
313 $arr['UserId'] = $UserId;
314 $sql = sprintf("INSERT INTO UserQuota %s",
315 buildSQLInsert($arr));
316 DBInsert($sql);
317
318 $arr = $_NEW_USERSTAT;
319 $arr['UserId'] = $UserId;
320 $sql = sprintf("INSERT INTO UserStat %s",
321 buildSQLInsert($arr));
322 DBInsert($sql);
323
324 return $UserId;
325}
326
327function addDB($dbname,$userid) {
328 global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
329
330 DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname)));
331
332 $newdb['Name'] = $dbname;
333 $arr = array_merge($newdb, $_NEW_DB);
334 $arr['bEnabled'] = 1;
335 $sql = sprintf("INSERT IGNORE INTO DB %s",
336 buildSQLInsert($arr));
337 $DBId = DBInsert($sql);
338 if (empty($DBId)) {
339 $sql = sprintf("SELECT DatabaseId FROM DB WHERE Name = '%s'",
340 mysql_escape_string($dbname));
341 $r = fetchRows(DBSelect($sql), 'DatabaseId');
342 if (count($r)) {
343 $r = array_shift($r);
344 $DBId = $r['DatabaseId'];
345 } else {
346 return false;
347 }
348 $sql = sprintf("UPDATE DB %s WHERE DB.DatabaseId = '%s'",
349 buildSQLSet($arr),
350 $DBId);
351 DBUpdate($sql);
352 return $DBId;
353 } else {
354 $arr = $_NEW_DBQUOTA;
355 $arr['DatabaseId'] = $DBId;
356 $sql = sprintf("INSERT IGNORE INTO DBQuota %s",
357 buildSQLInsert($arr));
358 DBInsert($sql);
359
360 $arr = $_NEW_DBOWNER;
361 $arr['DatabaseId'] = $DBId;
362 $arr['UserId'] = $userid;
363 $sql = sprintf("INSERT IGNORE INTO DBOwner %s",
364 buildSQLInsert($arr));
365 DBInsert($sql);
366
367 return $DBId;
368 }
369}
370
371function delDB($dbname) {
372 global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
373
374 DBCreate(sprintf('DROP DATABASE `%s`', mysql_escape_string($dbname)));
375
376 $arr['bEnabled'] = 0;
377 $sql = sprintf("UPDATE DB %s WHERE DB.Name = '%s'",
378 buildSQLSet($arr),
379 $dbname);
380 DBUpdate($sql);
381
382 return true;
383}
384
385?>
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.674543 seconds and 5 git commands to generate.