3 require_once('mitsql.lib.php');
8 function Login($u, $p=null) {
14 $opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
16 $opt = sprintf(" Username = '%s'", mysql_escape_string($u));
17 $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
19 $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
22 $r = fetchRows(DBSelect($sql),'UserId');
23 $this->info = count($r)?array_shift($r):$r;
26 return count($this->info);
29 return $this->getUL()>0;
31 function isEnabled() {
32 return $this->exists() && $this->info['bEnabled']==1;
35 return $this->isEnabled() && $this->isValid();
37 function canSignup() {
38 return !$this->isEnabled() && $this->isValid();
40 function getUserId() {
41 return $this->exists()?$this->info['UserId']:'';
43 function getUsername() {
44 return $this->exists()?$this->info['Username']:'';
47 return $this->exists()?$this->info['Name']:'';
50 return $this->exists()?$this->info['Email']:'';
53 return $this->exists()?$this->info['UL']:'';
59 if (!empty($this->id)) {
60 $this->Login($this->id);
62 $this->Login($this->u,$this->p);
65 function update($name=null,$email=null) {
66 if (!$this->exists()) return;
68 if ($name == $this->getName()) $name = null;
69 if ($email == $this->getEmail()) $email = null;
70 is_null($name) || $arr['Name'] = $name;
71 is_null($email) || $arr['Email'] = $email;
72 $upd = buildSQLSet($arr);
73 $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
74 $upd, mysql_escape_string($this->getUserId()));
75 if (!empty($upd) && $upd != 'SET')
77 if (isset($arr['Name']))
78 $this->info['Name'] = $arr['Name'];
79 if (isset($arr['Email']))
80 $this->info['Email'] = $arr['Email'];
88 function User($userId) {
89 $this->userId = $userId;
90 $sql = sprintf("SELECT User.UserId, Username, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard, IF(nBytes>nBytesHard,1,0) AS bOverQuota
92 INNER JOIN UserQuota ON User.UserId = UserQuota.UserId
93 INNER JOIN UserStat ON User.UserId = UserStat.UserId
94 WHERE User.UserId = '%s'",
95 mysql_escape_string($userId));
96 $r = fetchRows(DBSelect($sql),'UserId');
97 $this->info = count($r)?array_shift($r):$r;
98 $this->dblist = $this->getDBList();
101 unset($this->dblist);
102 $this->User($this->userId);
104 $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
106 WHERE UserId = '%s'",
107 mysql_escape_string($this->userId));
108 $r = fetchRows(DBSelect($sql),'UserId');
109 $this->info = count($r)?array_shift($r):$r;
110 unset($this->dblist);
115 return count($this->info);
117 function getUserId() {
118 return $this->exists()?$this->info['UserId']:'';
120 function getUsername() {
121 return $this->exists()?$this->info['Username']:'';
123 function isOverQuota() {
124 return $this->exists()?($this->info['bOverQuota']>0?true:false):'';
126 function getBytes() {
127 if($this->exists()) {
128 $arr['nBytes'] = $this->info['nBytes'];
129 $arr['nBytesSoft'] = $this->info['nBytesSoft'];
130 $arr['nBytesHard'] = $this->info['nBytesHard'];
134 function setPassword($pwd) {
135 $arr['Password'] = base64_encode($pwd);
136 $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
137 buildSQLSet($arr), mysql_escape_string($this->getUserId()));
139 $sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')',
140 mysql_escape_string($this->getUsername()),
141 mysql_escape_string($pwd));
144 function signup($pwd) {
146 $arr['Password'] = base64_encode($pwd);
147 $arr['bEnabled'] = 1;
148 $arr['dSignup'] = 'NOW()';
149 $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
150 buildSQLSet($arr), mysql_escape_string($this->getUserId()));
156 function setUsage($yes=true) {
157 $verb = $yes?'GRANT':'REVOKE';
158 $prep = $yes?'TO':'FROM';
159 $suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):'';
160 $sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
161 mysql_escape_string($verb),
162 mysql_escape_string($prep),
163 mysql_escape_string($this->getUsername()),
168 function setAccess($db=null,$yes=true) {
169 $verb = $yes?'GRANT':'REVOKE';
170 $prep = $yes?'TO':'FROM';
172 $dbs = $this->getDBList();
174 $dbs[] = array('Name'=>$db);
176 foreach($dbs as $db) {
178 $sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'",
179 mysql_escape_string($verb),
180 mysql_escape_string($name),
181 mysql_escape_string($prep),
182 mysql_escape_string($this->getUsername()),
187 function getDBList() {
188 if (isset($this->dblist)) {
189 return $this->dblist;
191 // LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
192 $sql = sprintf("SELECT *
194 INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
195 INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
196 WHERE DBOwner.UserId = '%s' AND DB.bEnabled=1",
197 mysql_escape_string($this->getUserId()));
198 // $r = fetchRows(DBSelect($sql),'DatabaseId');
199 $r = fetchRows(DBSelect($sql),'Name');
204 function addDB($name) {
205 if (in_array($name, array_keys($this->getDBList()))) return false;
206 if (!addDB($name, $this->getUserId())) return false;
207 $this->setAccess($name);
210 function delDB($name) {
211 if (!in_array($name, array_keys($this->getDBList()))) return false;
212 if (!delDB($name)) return false;//, $this->getUserId())) return false;
213 $this->setAccess($name,false);
219 function isLoggedIn($aLogin=null) {
220 if (is_null($aLogin)) {
224 return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->canLogin();
227 function isAdmin($aLogin=null) {
228 if (is_null($aLogin)) {
232 return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->getUL()>=100;
235 function isImpersonating() {
236 return isSess('_UserId') && isSess('UserId');
239 function isOffline() {
240 return (defined('OFFLINE') && OFFLINE);
243 function isOnline() {
247 function impersonate($userId=null) {
248 $wasImpersonating = isImpersonating();
249 if ($wasImpersonating) {
250 if (is_null($userId) || empty($userId)) {
251 sess('UserId',sess('_UserId'));
253 } elseif ($userId>0) {
254 sess('UserId',$userId);
258 } elseif (isLoggedIn()) {
259 sess('_UserId',sess('UserId'));
260 sess('UserId',$userId);
268 return isset($_SERVER['SERVER_PORT'])?($_SERVER['SERVER_PORT'] == 443):false;
271 function getSSLCert() {
272 if (DEVEL && file_exists('.forceauth')) {
273 $fu = explode('|',file_get_contents('.forceauth'));
274 $name = trim($fu[0]);
275 $email = trim($fu[1]);
277 $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null;
278 $email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null;
280 if (!is_null($email)) {
281 $user = explode('@',$email);
283 return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email);
291 function redirect($target=null,$secure=null) {
292 $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
293 redirectFull(is_null($target)?$base:($base.$target),$secure);
295 function redirectStart() {
296 redirectFull(BASE_URL,null);
298 function redirectFull($target,$secure) {
299 //redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
300 redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://scripts-cert.mit.edu':'http://scripts.mit.edu').$target);
302 function redirect2($target) {
303 header('Location: '.$target);
307 //return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
308 return (isSSL()?'http://scripts.mit.edu':'https://scripts-cert.mit.edu').$_SERVER['REDIRECT_URL'];
313 function addUser($sslCredentials) {
314 global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT;
316 $arr = array_merge($sslCredentials, $_NEW_USER);
317 $sql = sprintf("INSERT INTO User %s",
318 buildSQLInsert($arr));
319 $UserId = DBInsert($sql);
321 $arr = $_NEW_USERQUOTA;
322 $arr['UserId'] = $UserId;
323 $sql = sprintf("INSERT INTO UserQuota %s",
324 buildSQLInsert($arr));
327 $arr = $_NEW_USERSTAT;
328 $arr['UserId'] = $UserId;
329 $sql = sprintf("INSERT INTO UserStat %s",
330 buildSQLInsert($arr));
336 function addDB($dbname,$userid) {
337 global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
339 DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname)));
341 $newdb['Name'] = $dbname;
342 $arr = array_merge($newdb, $_NEW_DB);
343 $arr['bEnabled'] = 1;
344 $sql = sprintf("INSERT IGNORE INTO DB %s",
345 buildSQLInsert($arr));
346 $DBId = DBInsert($sql);
348 $sql = sprintf("SELECT DatabaseId FROM DB WHERE Name = '%s'",
349 mysql_escape_string($dbname));
350 $r = fetchRows(DBSelect($sql), 'DatabaseId');
352 $r = array_shift($r);
353 $DBId = $r['DatabaseId'];
357 $sql = sprintf("UPDATE DB %s WHERE DB.DatabaseId = '%s'",
363 $arr = $_NEW_DBQUOTA;
364 $arr['DatabaseId'] = $DBId;
365 $sql = sprintf("INSERT IGNORE INTO DBQuota %s",
366 buildSQLInsert($arr));
369 $arr = $_NEW_DBOWNER;
370 $arr['DatabaseId'] = $DBId;
371 $arr['UserId'] = $userid;
372 $sql = sprintf("INSERT IGNORE INTO DBOwner %s",
373 buildSQLInsert($arr));
380 function delDB($dbname) {
381 global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
383 DBCreate(sprintf('DROP DATABASE `%s`', mysql_escape_string($dbname)));
385 $arr['bEnabled'] = 0;
386 $sql = sprintf("UPDATE DB %s WHERE DB.Name = '%s'",