3 require_once('mitsql.lib.php');
8 function Login($u, $p=null) {
12 $opt = sprintf(" Username = '%s'", mysql_escape_string($u));
13 $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
14 is_numeric($u) && $opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
15 $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
18 $r = fetchRows(DBSelect($sql),'UserId');
19 $this->info = count($r)?array_shift($r):$r;
22 return count($this->info);
25 return $this->getUL()>0;
27 function isEnabled() {
28 return $this->exists() && $this->info['bEnabled']==1;
31 return $this->isEnabled() && $this->isValid();
33 function canSignup() {
34 return !$this->isEnabled() && $this->isValid();
36 function getUserId() {
37 return $this->exists()?$this->info['UserId']:'';
39 function getUsername() {
40 return $this->exists()?$this->info['Username']:'';
43 return $this->exists()?$this->info['Name']:'';
46 return $this->exists()?$this->info['Email']:'';
49 return $this->exists()?$this->info['UL']:'';
55 $this->Login($this->u,$this->p);
57 function update($name=null,$email=null) {
58 if (!$this->exists()) return;
60 if ($name == $this->getName()) $name = null;
61 if ($email == $this->getEmail()) $email = null;
62 is_null($name) || $arr['Name'] = $name;
63 is_null($email) || $arr['Email'] = $email;
64 $upd = buildSQLSet($arr);
65 $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
66 $upd, mysql_escape_string($this->getUserId()));
67 if (!empty($upd) && $upd != 'SET')
69 if (isset($arr['Name']))
70 $this->info['Name'] = $arr['Name'];
71 if (isset($arr['Email']))
72 $this->info['Email'] = $arr['Email'];
80 function User($userId) {
81 $this->userId = $userId;
82 $sql = sprintf("SELECT User.UserId, Username, Password, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard
84 NATURAL JOIN UserQuota
86 WHERE User.UserId = '%s'",
87 mysql_escape_string($userId));
88 $r = fetchRows(DBSelect($sql),'UserId');
89 $this->info = count($r)?array_shift($r):$r;
90 $this->dblist = $this->getDBList();
91 // $this->pass = base64_decode($this->info['Password']);
95 $this->User($this->userId);
97 $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
100 mysql_escape_string($this->userId));
101 $r = fetchRows(DBSelect($sql),'UserId');
102 $this->info = count($r)?array_shift($r):$r;
103 unset($this->dblist);
108 return count($this->info);
110 function getUserId() {
111 return $this->exists()?$this->info['UserId']:'';
113 function getUsername() {
114 return $this->exists()?$this->info['Username']:'';
116 function getBytes() {
117 if($this->exists()) {
118 $arr['nBytes'] = $this->info['nBytes'];
119 $arr['nBytesSoft'] = $this->info['nBytesSoft'];
120 $arr['nBytesHard'] = $this->info['nBytesHard'];
124 function setPassword($pwd) {
125 $arr['Password'] = base64_encode($pwd);
126 $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
127 buildSQLSet($arr), mysql_escape_string($this->getUserId()));
129 $sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')',
130 mysql_escape_string($this->getUsername()),
131 mysql_escape_string($pwd));
134 function signup($pwd) {
136 $arr['Password'] = base64_encode($pwd);
137 $arr['bEnabled'] = 1;
138 $arr['dSignup'] = 'NOW()';
139 $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
140 buildSQLSet($arr), mysql_escape_string($this->getUserId()));
146 function setUsage($yes=true) {
147 $verb = $yes?'GRANT':'REVOKE';
148 $prep = $yes?'TO':'FROM';
149 $suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):'';
150 $sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
151 mysql_escape_string($verb),
152 mysql_escape_string($prep),
153 mysql_escape_string($this->getUsername()),
158 function setAccess($db=null,$yes=true) {
159 $verb = $yes?'GRANT':'REVOKE';
160 $prep = $yes?'TO':'FROM';
162 $dbs = $this->getDBList();
164 $dbs[] = array('Name'=>$db);
166 foreach($dbs as $db) {
168 $sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'",
169 mysql_escape_string($verb),
170 mysql_escape_string($name),
171 mysql_escape_string($prep),
172 mysql_escape_string($this->getUsername()),
177 function getDBList() {
178 if (isset($this->dblist)) {
179 return $this->dblist;
181 // LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
182 $sql = sprintf("SELECT *
186 WHERE DBOwner.UserId = '%s' AND DB.bEnabled=1",
187 mysql_escape_string($this->getUserId()));
188 // $r = fetchRows(DBSelect($sql),'DatabaseId');
189 $r = fetchRows(DBSelect($sql),'Name');
193 function addDB($name) {
194 if (!addDB($name, $this->getUserId())) return false;
195 $this->setAccess($name);
201 function isLoggedIn($aLogin=null) {
202 if (is_null($aLogin)) {
206 return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
209 function isImpersonating() {
210 return isSess('_UserId') && isSess('UserId');
213 function impersonate($userId=null) {
214 $wasImpersonating = isImpersonating();
215 if ($wasImpersonating) {
216 if (is_null($userId)) {
217 sess('UserId',sess('_UserId'));
218 } elseif ($userId>0) {
219 sess('UserId',$userId);
223 } elseif (isLoggedIn()) {
224 sess('_UserId',sess('UserId'));
225 sess('UserId',$userId);
233 return $_SERVER['SERVER_PORT'] == 443;
236 function getSSLCert() {
237 if (DEVEL && file_exists('.forceauth')) {
238 $fu = explode('|',file_get_contents('.forceauth'));
239 $name = trim($fu[0]);
240 $email = trim($fu[1]);
242 $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null;
243 $email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null;
245 if (!is_null($email)) {
246 $user = explode('@',$email);
248 return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email);
256 function redirect($target=null,$secure=null) {
257 $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
258 redirectFull(is_null($target)?$base:($base.$target),$secure);
260 function redirectFull($target,$secure) {
261 redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
263 function redirect2($target) {
264 header('Location: '.$target);
268 return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
273 function addUser($sslCredentials) {
274 global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT;
276 $arr = array_merge($sslCredentials, $_NEW_USER);
277 $sql = sprintf("INSERT INTO User %s",
278 buildSQLInsert($arr));
279 $UserId = DBInsert($sql);
281 $arr = $_NEW_USERQUOTA;
282 $arr['UserId'] = $UserId;
283 $sql = sprintf("INSERT INTO UserQuota %s",
284 buildSQLInsert($arr));
287 $arr = $_NEW_USERSTAT;
288 $arr['UserId'] = $UserId;
289 $sql = sprintf("INSERT INTO UserStat %s",
290 buildSQLInsert($arr));
296 function addDB($dbname,$userid) {
297 global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
299 DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname)));
300 if (mysql_error()) return false;
302 $newdb['Name'] = $dbname;
303 $arr = array_merge($newdb, $_NEW_DB);
304 $arr['bEnabled'] = 1;
305 $sql = sprintf("INSERT INTO DB %s",
306 buildSQLInsert($arr));
307 $DBId = DBInsert($sql);
309 $arr = $_NEW_DBQUOTA;
310 $arr['DatabaseId'] = $DBId;
311 $sql = sprintf("INSERT INTO DBQuota %s",
312 buildSQLInsert($arr));
315 $arr = $_NEW_DBOWNER;
316 $arr['DatabaseId'] = $DBId;
317 $arr['UserId'] = $userid;
318 $sql = sprintf("INSERT INTO DBOwner %s",
319 buildSQLInsert($arr));