]> andersk Git - sql-web.git/blob - lib/security.lib.php
andersk / sql-web.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
mitsql: contact page, signup fixes, main info on index
[sql-web.git] / lib / security.lib.php
1 <?php
2
3 require_once('mitsql.lib.php');
4
5 class Login {
6         var $u, $p;
7     var $info;
8     function Login($u, $p=null) {
9                 $this->u = $u;
10                 $this->p = $p;
11         $opt = is_null($p)?'':sprintf(" AND Password='%s' ", mysql_escape_string(base64_encode($p)));
12         $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
13                         FROM User
14                         WHERE Username = '%s'
15                         $opt",
16                         mysql_escape_string($u));
17         $r = fetchRows(DBSelect($sql),'UserId');
18         $this->info = count($r)?array_shift($r):$r;
19     }
20     function exists() {
21         return count($this->info);
22     }
23         function isValid() {
24                 return $this->getUL()>0;
25         }
26     function isEnabled() {
27         return $this->exists() && $this->info['bEnabled']==1;
28     }
29     function canLogin() {
30         return $this->isEnabled() && $this->isValid();
31     }
32     function canSignup() {
33         return !$this->isEnabled() && $this->isValid();
34     }
35     function getUserId() {
36         return $this->exists()?$this->info['UserId']:'';
37     }
38     function getUsername() {
39         return $this->exists()?$this->info['Username']:'';
40     }
41     function getName() {
42         return $this->exists()?$this->info['Name']:'';
43     }
44     function getEmail() {
45         return $this->exists()?$this->info['Email']:'';
46     }
47     function getUL() {
48         return $this->exists()?$this->info['UL']:'';
49     }
50     function expire() {
51         $this->info = null;
52     }
53     function refresh() {
54         $this->Login($this->u,$this->p);
55     }
56     function update($name=null,$email=null) {
57         if (!$this->exists()) return;
58         $arr = array();
59                 if ($name == $this->getName()) $name = null;
60                 if ($email == $this->getEmail()) $email = null;
61         is_null($name) || $arr['Name'] = $name;
62         is_null($email) || $arr['Email'] = $email;
63         $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
64                         buildSQLSet($arr), mysql_escape_string($this->getUserId()));
65         DBUpdate($sql);
66                 if (isset($arr['Name']))
67                         $this->name = $arr['Name'];
68                 if (isset($arr['Email']))
69                         $this->email = $arr['Email'];
70         }
71 }
72
73 class User {
74         var $userId;
75         var $info;
76         var $pass;
77         var $dblist;
78     function User($userId) {
79                 $this->userId = $userId;
80         $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
81                         FROM User
82                         WHERE UserId = '%s'",
83                         mysql_escape_string($userId));
84         $r = fetchRows(DBSelect($sql),'UserId');
85         $this->info = count($r)?array_shift($r):$r;
86                 $this->pass = base64_decode($this->info['Password']);
87     }
88     function exists() {
89         return count($this->info);
90     }
91     function getUserId() {
92         return $this->exists()?$this->info['UserId']:'';
93     }
94     function getUsername() {
95         return $this->exists()?$this->info['Username']:'';
96     }
97         function setPassword($pwd) {
98                 $arr['Password'] = base64_encode($pwd);
99         $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
100                         buildSQLSet($arr), mysql_escape_string($this->getUserId()));
101         DBUpdate($sql);
102         }
103         function signup($pwd) {
104                 $this->pass = $pwd;
105                 $arr['Password'] = base64_encode($pwd);
106                 $arr['bEnabled'] = 1;
107                 $arr['dSignup'] = 'NOW()';
108         $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
109                         buildSQLSet($arr), mysql_escape_string($this->getUserId()));
110         DBUpdate($sql);
111
112                 $this->setUsage();
113                 $this->setAccess();
114         }
115         function setUsage($yes=true) {
116                 $verb = $yes?'GRANT':'REVOKE';
117                 $prep = $yes?'TO':'FROM';
118                 $suffix = $yes?sprintf("IDENTIFIED BY `%s`",mysql_escape_string($this->pass)):'';
119                 $sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
120                                                 mysql_escape_string($verb),
121                                                 mysql_escape_string($prep),
122                                                 mysql_escape_string($this->getUsername()),
123                                                 '%',
124                                                 mysql_escape_string($suffix));
125                 DBGrant($sql);
126         }
127         function setAccess($db=null,$yes=true) {
128                 $verb = $yes?'GRANT':'REVOKE';
129                 $prep = $yes?'TO':'FROM';
130                 if (is_null($db)) {
131                         $this->dblist = $this->getDBList();
132                         $dbs = $this->dblist;
133                 } else {
134                         $dbs[] = array('Name'=>$db);
135                 }
136                 foreach($dbs as $db) {
137                         $name = $db['Name'];
138                         $sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'",
139                                                         mysql_escape_string($verb),
140                                                         mysql_escape_string($name),
141                                                         mysql_escape_string($prep),
142                                                         $this->getUsername,
143                                                         '%');
144                         DBGrant($sql);
145                 }
146         }
147         function getDBList() {
148                 $sql = sprintf("SELECT *
149                                                 FROM DBOwner
150                                                 INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
151                                                 INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
152                                                 WHERE UserId = '%s'",
153                                                 mysql_escape_string($this->getUserId()));
154                 $r = fetchRows(DBSelect($sql),'DatabaseId');
155                 return $r;
156         }
157 }
158
159
160 function isLoggedIn($aLogin=null) {
161     if (is_null($aLogin)) {
162         global $Login;
163         $aLogin = $Login;
164     }
165     return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
166 }
167
168 function isSSL() {
169         return $_SERVER['SERVER_PORT'] == 443;
170 }
171
172 function getSSLCert() {
173     if (DEVEL && file_exists('.forceauth')) {
174         $fu = explode('|',file_get_contents('.forceauth'));
175         $name = trim($fu[0]);
176         $email = trim($fu[1]);
177     } else {
178         $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null;
179         $email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null;
180     }
181     if (!is_null($email)) {
182         $user = explode('@',$email);
183                 $user = $user[0];
184         return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email);
185         } else {
186                 return null;
187         }
188 }
189
190 ## 302 REDIRECTS
191
192 function redirect($target=null,$secure=null) {
193     $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
194     redirectFull(is_null($target)?$base:($base.$target),$secure);
195 }
196 function redirectFull($target,$secure) {
197         redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
198 }
199 function redirect2($target) {
200         header('Location: '.$target);
201         exit;
202 }
203 function flipSSL() {
204         return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
205 }
206
207 ## USER SCRIPTS
208
209 function addUser($sslCredentials) {
210     global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT;
211
212     $arr = array_merge($sslCredentials, $_NEW_USER);
213     $sql = sprintf("INSERT INTO User %s",
214                     buildSQLInsert($arr));
215     $UserId = DBInsert($sql);
216
217         $arr = $_NEW_USERQUOTA;
218         $arr['UserId'] = $UserId;
219     $sql = sprintf("INSERT INTO UserQuota %s",
220                     buildSQLInsert($arr));
221         DBInsert($sql);
222
223         $arr = $_NEW_USERSTAT;
224         $arr['UserId'] = $UserId;
225     $sql = sprintf("INSERT INTO UserStat %s",
226                     buildSQLInsert($arr));
227         DBInsert($sql);
228
229         return $UserId;
230 }
231
232 ?>
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.118078 seconds and 5 git commands to generate.