6 require_once('mitsql.lib.php');
11 function Login($u, $p=null) {
12 if (empty($u)) return;
15 if ((string)intval($u)===(string)$u) {
17 $opt = sprintf(" Username = '%s' OR UserId = '%s'", mysql_escape_string($u), mysql_escape_string($u));
19 $opt = sprintf(" Username = '%s'", mysql_escape_string($u));
20 $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
22 $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
25 $r = fetchRows(DBSelect($sql),'UserId');
26 $this->info = count($r)?array_shift($r):$r;
29 return count($this->info);
32 return $this->getUL()>0;
34 function isEnabled() {
35 return $this->exists() && $this->info['bEnabled']==1;
38 return $this->isEnabled() && $this->isValid();
40 function canSignup() {
41 return !$this->isEnabled() && $this->isValid();
43 function getUserId() {
44 return $this->exists()?$this->info['UserId']:'';
46 function getUsername() {
47 return $this->exists()?$this->info['Username']:'';
50 return $this->exists()?$this->info['Name']:'';
53 return $this->exists()?$this->info['Email']:'';
56 return $this->exists()?$this->info['UL']:'';
62 if (!empty($this->id)) {
63 $this->Login($this->id);
65 $this->Login($this->u,$this->p);
68 function update($name=null,$email=null) {
69 if (!$this->exists()) return;
71 if ($name == $this->getName()) $name = null;
72 if ($email == $this->getEmail()) $email = null;
73 is_null($name) || $arr['Name'] = $name;
74 is_null($email) || $arr['Email'] = $email;
75 $upd = buildSQLSet($arr);
76 $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'",
77 $upd, mysql_escape_string($this->getUserId()));
78 if (!empty($upd) && $upd != 'SET')
80 if (isset($arr['Name']))
81 $this->info['Name'] = $arr['Name'];
82 if (isset($arr['Email']))
83 $this->info['Email'] = $arr['Email'];
91 function User($userId) {
92 $this->userId = $userId;
93 $sql = sprintf("SELECT User.UserId, Username, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard, IF(nBytes>nBytesHard,1,0) AS bOverQuota
95 INNER JOIN UserQuota ON User.UserId = UserQuota.UserId
96 INNER JOIN UserStat ON User.UserId = UserStat.UserId
97 WHERE User.UserId = '%s'",
98 mysql_escape_string($userId));
99 $r = fetchRows(DBSelect($sql),'UserId');
100 $this->info = count($r)?array_shift($r):$r;
101 $this->dblist = $this->getDBList();
104 unset($this->dblist);
105 $this->User($this->userId);
107 $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
109 WHERE UserId = '%s'",
110 mysql_escape_string($this->userId));
111 $r = fetchRows(DBSelect($sql),'UserId');
112 $this->info = count($r)?array_shift($r):$r;
113 unset($this->dblist);
118 return count($this->info);
120 function getUserId() {
121 return $this->exists()?$this->info['UserId']:'';
123 function getUsername() {
124 return $this->exists()?$this->info['Username']:'';
126 function isOverQuota() {
127 return $this->exists()?($this->info['bOverQuota']>0?true:false):'';
129 function getBytes() {
130 if($this->exists()) {
131 $arr['nBytes'] = $this->info['nBytes'];
132 $arr['nBytesSoft'] = $this->info['nBytesSoft'];
133 $arr['nBytesHard'] = $this->info['nBytesHard'];
137 function setPassword($pwd) {
138 $arr['Password'] = base64_encode($pwd);
139 $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'",
140 buildSQLSet($arr), mysql_escape_string($this->getUserId()));
142 $sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')',
143 mysql_escape_string($this->getUsername()),
144 mysql_escape_string($pwd));
147 function signup($pwd) {
149 $arr['Password'] = base64_encode($pwd);
150 $arr['bEnabled'] = 1;
151 $arr['dSignup'] = 'NOW()';
152 $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'",
153 buildSQLSet($arr), mysql_escape_string($this->getUserId()));
159 function setUsage($yes=true) {
160 $verb = $yes?'GRANT':'REVOKE';
161 $prep = $yes?'TO':'FROM';
162 $suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):'';
163 $sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
164 mysql_escape_string($verb),
165 mysql_escape_string($prep),
166 mysql_escape_string($this->getUsername()),
171 function setAccess($db=null,$yes=true) {
172 $verb = $yes?'GRANT':'REVOKE';
173 $prep = $yes?'TO':'FROM';
175 $dbs = $this->getDBList();
177 $dbs[] = array('Name'=>$db);
179 foreach($dbs as $db) {
181 $sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'",
182 mysql_escape_string($verb),
183 mysql_escape_string($name),
184 mysql_escape_string($prep),
185 mysql_escape_string($this->getUsername()),
190 function getDBList() {
191 if (isset($this->dblist)) {
192 return $this->dblist;
194 // LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
195 $sql = sprintf("SELECT *
197 INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
198 INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
199 WHERE DBOwner.UserId = '%s' AND DB.bEnabled=1",
200 mysql_escape_string($this->getUserId()));
201 // $r = fetchRows(DBSelect($sql),'DatabaseId');
202 $r = fetchRows(DBSelect($sql),'Name');
207 function addDB($name) {
208 if (in_array($name, array_keys($this->getDBList()))) return false;
209 if (!addDB($name, $this->getUserId())) return false;
210 $this->setAccess($name);
213 function delDB($name) {
214 if (!in_array($name, array_keys($this->getDBList()))) return false;
215 if (!delDB($name)) return false;//, $this->getUserId())) return false;
216 $this->setAccess($name,false);
222 function isLoggedIn($aLogin=null) {
223 if (is_null($aLogin)) {
227 return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->canLogin();
230 function isAdmin($aLogin=null) {
231 if (is_null($aLogin)) {
235 return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->getUL()>=100;
238 function isImpersonating() {
239 return isSess('_UserId') && isSess('UserId');
242 function isOffline() {
243 return (defined('OFFLINE') && OFFLINE);
246 function isOnline() {
250 function impersonate($userId=null) {
251 $wasImpersonating = isImpersonating();
252 if ($wasImpersonating) {
253 if (is_null($userId) || empty($userId)) {
254 sess('UserId',sess('_UserId'));
256 } elseif ($userId>0) {
257 sess('UserId',$userId);
261 } elseif (isLoggedIn()) {
262 sess('_UserId',sess('UserId'));
263 sess('UserId',$userId);
271 return isset($_SERVER['SERVER_PORT'])?($_SERVER['SERVER_PORT'] == 443):false;
274 function getSSLCert() {
275 if (DEVEL && file_exists('.forceauth')) {
276 $fu = explode('|',file_get_contents('.forceauth'));
277 $name = trim($fu[0]);
278 $email = trim($fu[1]);
280 $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null;
281 $email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null;
283 if (!is_null($email)) {
284 $user = explode('@',$email);
286 return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email);
294 function redirect($target=null,$secure=null) {
295 $base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
296 redirectFull(is_null($target)?$base:($base.$target),$secure);
298 function redirectStart() {
299 redirectFull(BASE_URL,null);
301 function redirectFull($target,$secure) {
302 //redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
303 redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://scripts-cert.mit.edu':'http://scripts.mit.edu').$target);
305 function redirect2($target) {
306 header('Location: '.$target);
310 //return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
311 return (isSSL()?'http://scripts.mit.edu':'https://scripts-cert.mit.edu').$_SERVER['REDIRECT_URL'];
316 function addUser($sslCredentials) {
317 global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT;
319 $arr = array_merge($sslCredentials, $_NEW_USER);
320 $sql = sprintf("INSERT INTO User %s",
321 buildSQLInsert($arr));
322 $UserId = DBInsert($sql);
324 $arr = $_NEW_USERQUOTA;
325 $arr['UserId'] = $UserId;
326 $sql = sprintf("INSERT INTO UserQuota %s",
327 buildSQLInsert($arr));
330 $arr = $_NEW_USERSTAT;
331 $arr['UserId'] = $UserId;
332 $sql = sprintf("INSERT INTO UserStat %s",
333 buildSQLInsert($arr));
339 function addDB($dbname,$userid) {
340 global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
342 DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname)));
343 if (mysql_error()) return false;
345 $newdb['Name'] = $dbname;
346 $arr = array_merge($newdb, $_NEW_DB);
347 $arr['bEnabled'] = 1;
348 $sql = sprintf("INSERT IGNORE INTO DB %s",
349 buildSQLInsert($arr));
350 $DBId = DBInsert($sql);
352 $sql = sprintf("SELECT DatabaseId FROM DB WHERE Name = '%s'",
353 mysql_escape_string($dbname));
354 $r = fetchRows(DBSelect($sql), 'DatabaseId');
356 $r = array_shift($r);
357 $DBId = $r['DatabaseId'];
361 $sql = sprintf("UPDATE DB SET %s WHERE DB.DatabaseId = '%s'",
367 DBDelete(sprintf("DELETE FROM DBOwner WHERE DatabaseId = '%s'", mysql_escape_string($DBId)));
368 DBDelete(sprintf("DELETE FROM DBQuota WHERE DatabaseId = '%s'", mysql_escape_string($DBId)));
370 $arr = $_NEW_DBQUOTA;
371 $arr['DatabaseId'] = $DBId;
372 $sql = sprintf("INSERT IGNORE INTO DBQuota %s",
373 buildSQLInsert($arr));
376 $arr = $_NEW_DBOWNER;
377 $arr['DatabaseId'] = $DBId;
378 $arr['UserId'] = $userid;
379 $sql = sprintf("INSERT IGNORE INTO DBOwner %s",
380 buildSQLInsert($arr));
386 function delDB($dbname) {
387 global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
389 DBCreate(sprintf('DROP DATABASE `%s`', mysql_escape_string($dbname)));
391 $arr['bEnabled'] = 0;
392 $sql = sprintf("UPDATE DB SET %s WHERE DB.Name = '%s'",