]> andersk Git - sql-web.git/blob - lib/security.lib.php
andersk / sql-web.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
old admin stuff deleted
[sql-web.git] / lib / security.lib.php
1 <?php
2
3 require_once('mitsql.lib.php');
4
5 class Login {
6         var $u, $p;
7     var $info;
8     function Login($u, $p=null) {
9                 if (empty($u)) return;
10                 $this->u = $u;
11                 $this->p = $p;
12                 $opt = sprintf(" Username = '%s'", mysql_escape_string($u));
13         $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
14                 is_numeric($u) && $opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
15         $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
16                         FROM User
17                         WHERE %s", $opt);
18         $r = fetchRows(DBSelect($sql),'UserId');
19         $this->info = count($r)?array_shift($r):$r;
20     }
21     function exists() {
22         return count($this->info);
23     }
24         function isValid() {
25                 return $this->getUL()>0;
26         }
27     function isEnabled() {
28         return $this->exists() && $this->info['bEnabled']==1;
29     }
30     function canLogin() {
31         return $this->isEnabled() && $this->isValid();
32     }
33     function canSignup() {
34         return !$this->isEnabled() && $this->isValid();
35     }
36     function getUserId() {
37         return $this->exists()?$this->info['UserId']:'';
38     }
39     function getUsername() {
40         return $this->exists()?$this->info['Username']:'';
41     }
42     function getName() {
43         return $this->exists()?$this->info['Name']:'';
44     }
45     function getEmail() {
46         return $this->exists()?$this->info['Email']:'';
47     }
48     function getUL() {
49         return $this->exists()?$this->info['UL']:'';
50     }
51     function expire() {
52         $this->info = null;
53     }
54     function refresh() {
55         $this->Login($this->u,$this->p);
56     }
57     function update($name=null,$email=null) {
58         if (!$this->exists()) return;
59         $arr = array();
60                 if ($name == $this->getName()) $name = null;
61                 if ($email == $this->getEmail()) $email = null;
62         is_null($name) || $arr['Name'] = $name;
63         is_null($email) || $arr['Email'] = $email;
64         $upd = buildSQLSet($arr);
65         $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
66                         $upd, mysql_escape_string($this->getUserId()));
67         if (!empty($upd) && $upd != 'SET')
68                 DBUpdate($sql);
69                 if (isset($arr['Name']))
70                         $this->info['Name'] = $arr['Name'];
71                 if (isset($arr['Email']))
72                         $this->info['Email'] = $arr['Email'];
73         }
74 }
75
76 class User {
77         var $userId;
78         var $info;
79         var $dblist;
80     function User($userId) {
81                 $this->userId = $userId;
82         $sql = sprintf("SELECT User.UserId, Username, Password, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard
83                         FROM User
84                                                 NATURAL JOIN UserQuota
85                                                 NATURAL JOIN UserStat
86                         WHERE User.UserId = '%s'",
87                         mysql_escape_string($userId));
88         $r = fetchRows(DBSelect($sql),'UserId');
89         $this->info = count($r)?array_shift($r):$r;
90                 $this->dblist = $this->getDBList();
91 //              $this->pass = base64_decode($this->info['Password']);
92     }
93         function refresh() {
94                 unset($this->dblist);
95                 $this->User($this->userId);
96                 /*
97         $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
98                         FROM User
99                         WHERE UserId = '%s'",
100                         mysql_escape_string($this->userId));
101         $r = fetchRows(DBSelect($sql),'UserId');
102         $this->info = count($r)?array_shift($r):$r;
103                 unset($this->dblist);
104                 $this->getDBList();
105                 */
106         }
107     function exists() {
108         return count($this->info);
109     }
110     function getUserId() {
111         return $this->exists()?$this->info['UserId']:'';
112     }
113     function getUsername() {
114         return $this->exists()?$this->info['Username']:'';
115     }
116     function getBytes() {
117         if($this->exists()) {
118                         $arr['nBytes'] = $this->info['nBytes'];
119                         $arr['nBytesSoft'] = $this->info['nBytesSoft'];
120                         $arr['nBytesHard'] = $this->info['nBytesHard'];
121                         return $arr;
122                 }
123     }
124         function setPassword($pwd) {
125                 $arr['Password'] = base64_encode($pwd);
126         $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
127                         buildSQLSet($arr), mysql_escape_string($this->getUserId()));
128         DBUpdate($sql);
129                 $sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')',
130                                                 mysql_escape_string($this->getUsername()),
131                                                 mysql_escape_string($pwd));
132                 DBSet($sql);
133         }
134         function signup($pwd) {
135                 $this->pass = $pwd;
136                 $arr['Password'] = base64_encode($pwd);
137                 $arr['bEnabled'] = 1;
138                 $arr['dSignup'] = 'NOW()';
139         $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
140                         buildSQLSet($arr), mysql_escape_string($this->getUserId()));
141         DBUpdate($sql);
142
143                 $this->setUsage();
144                 $this->setAccess();
145         }
146         function setUsage($yes=true) {
147                 $verb = $yes?'GRANT':'REVOKE';
148                 $prep = $yes?'TO':'FROM';
149                 $suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):'';
150                 $sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
151                                                 mysql_escape_string($verb),
152                                                 mysql_escape_string($prep),
153                                                 mysql_escape_string($this->getUsername()),
154                                                 '%',
155                                                 $suffix);
156                 DBGrant($sql);
157         }
158         function setAccess($db=null,$yes=true) {
159                 $verb = $yes?'GRANT':'REVOKE';
160                 $prep = $yes?'TO':'FROM';
161                 if (is_null($db)) {
162                         $dbs = $this->getDBList();
163                 } else {
164                         $dbs[] = array('Name'=>$db);
165                 }
166                 foreach($dbs as $db) {
167                         $name = $db['Name'];
168                         $sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'",
169                                                         mysql_escape_string($verb),
170                                                         mysql_escape_string($name),
171                                                         mysql_escape_string($prep),
172                                                         mysql_escape_string($this->getUsername()),
173                                                         '%');
174                         DBGrant($sql);
175                 }
176         }
177         function getDBList() {
178                 if (isset($this->dblist)) {
179                         return $this->dblist;
180                 } else {
181                         //                      LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
182                         $sql = sprintf("SELECT *
183                                                 FROM DBOwner
184                                                 NATURAL JOIN DB
185                                                 NATURAL JOIN DBQuota
186                                                 WHERE DBOwner.UserId = '%s' AND DB.bEnabled=1",
187                                                 mysql_escape_string($this->getUserId()));
188 //                      $r = fetchRows(DBSelect($sql),'DatabaseId');
189                         $r = fetchRows(DBSelect($sql),'Name');
190                         return $r;
191                 }
192         }
193         function addDB($name) {
194                 if (!addDB($name, $this->getUserId())) return false;
195                 $this->setAccess($name);
196                 return true;
197         }
198 }
199
200
201 function isLoggedIn($aLogin=null) {
202     if (is_null($aLogin)) {
203         global $Login;
204         $aLogin = $Login;
205     }
206     return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
207 }
208
209 function isImpersonating() {
210         return isSess('_UserId') && isSess('UserId');
211 }
212
213 function impersonate($userId=null) {
214         $wasImpersonating = isImpersonating();
215         if ($wasImpersonating) {
216                 if (is_null($userId)) {
217                         sess('UserId',sess('_UserId'));
218                 } elseif ($userId>0) {
219                         sess('UserId',$userId);
220                 } else {
221                         return false;
222                 }
223         } elseif (isLoggedIn()) {
224                 sess('_UserId',sess('UserId'));
225                 sess('UserId',$userId);
226                 return true;
227         } else {
228                 return false;
229         }
230 }
231
232 function isSSL() {
233         return $_SERVER['SERVER_PORT'] == 443;
234 }
235
236 function getSSLCert() {
237     if (DEVEL && file_exists('.forceauth')) {
238         $fu = explode('|',file_get_contents('.forceauth'));
239         $name = trim($fu[0]);
240         $email = trim($fu[1]);
241     } else {
242         $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null;
243         $email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null;
244     }
245     if (!is_null($email)) {
246         $user = explode('@',$email);
247                 $user = $user[0];
248         return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email);
249         } else {
250                 return null;
251         }
252 }
253
254 ## 302 REDIRECTS
255
256 function redirect($target=null,$secure=null) {
257     $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
258     redirectFull(is_null($target)?$base:($base.$target),$secure);
259 }
260 function redirectFull($target,$secure) {
261         redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
262 }
263 function redirect2($target) {
264         header('Location: '.$target);
265         exit;
266 }
267 function flipSSL() {
268         return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
269 }
270
271 ## USER SCRIPTS
272
273 function addUser($sslCredentials) {
274     global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT;
275
276     $arr = array_merge($sslCredentials, $_NEW_USER);
277     $sql = sprintf("INSERT INTO User %s",
278                     buildSQLInsert($arr));
279     $UserId = DBInsert($sql);
280
281         $arr = $_NEW_USERQUOTA;
282         $arr['UserId'] = $UserId;
283     $sql = sprintf("INSERT INTO UserQuota %s",
284                     buildSQLInsert($arr));
285         DBInsert($sql);
286
287         $arr = $_NEW_USERSTAT;
288         $arr['UserId'] = $UserId;
289     $sql = sprintf("INSERT INTO UserStat %s",
290                     buildSQLInsert($arr));
291         DBInsert($sql);
292
293         return $UserId;
294 }
295
296 function addDB($dbname,$userid) {
297     global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
298
299         DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname)));
300         if (mysql_error()) return false;
301
302         $newdb['Name'] = $dbname;
303     $arr = array_merge($newdb, $_NEW_DB);
304         $arr['bEnabled'] = 1;
305     $sql = sprintf("INSERT INTO DB %s",
306                     buildSQLInsert($arr));
307     $DBId = DBInsert($sql);
308
309         $arr = $_NEW_DBQUOTA;
310         $arr['DatabaseId'] = $DBId;
311     $sql = sprintf("INSERT INTO DBQuota %s",
312                     buildSQLInsert($arr));
313         DBInsert($sql);
314
315         $arr = $_NEW_DBOWNER;
316         $arr['DatabaseId'] = $DBId;
317         $arr['UserId'] = $userid;
318     $sql = sprintf("INSERT INTO DBOwner %s",
319                     buildSQLInsert($arr));
320         DBInsert($sql);
321
322         return $DBId;
323 }
324
325 ?>
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.2794 seconds and 5 git commands to generate.