u = $u; $this->p = $p; if (is_null($p)) { $this->id = $u; $opt = sprintf(" UserId = '%s'", mysql_escape_string($u)); } else { $opt = sprintf(" Username = '%s'", mysql_escape_string($u)); $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p)))); } $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled FROM User WHERE %s", $opt); $r = fetchRows(DBSelect($sql),'UserId'); $this->info = count($r)?array_shift($r):$r; } function exists() { return count($this->info); } function isValid() { return $this->getUL()>0; } function isEnabled() { return $this->exists() && $this->info['bEnabled']==1; } function canLogin() { return $this->isEnabled() && $this->isValid(); } function canSignup() { return !$this->isEnabled() && $this->isValid(); } function getUserId() { return $this->exists()?$this->info['UserId']:''; } function getUsername() { return $this->exists()?$this->info['Username']:''; } function getName() { return $this->exists()?$this->info['Name']:''; } function getEmail() { return $this->exists()?$this->info['Email']:''; } function getUL() { return $this->exists()?$this->info['UL']:''; } function expire() { $this->info = null; } function update($name=null,$email=null) { if (!$this->exists()) return; $arr = array(); if ($name == $this->getName()) $name = null; if ($email == $this->getEmail()) $email = null; is_null($name) || $arr['Name'] = $name; is_null($email) || $arr['Email'] = $email; $upd = buildSQLSet($arr); $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'", $upd, mysql_escape_string($this->getUserId())); if (!empty($upd) && $upd != 'SET') DBUpdate($sql); if (isset($arr['Name'])) $this->info['Name'] = $arr['Name']; if (isset($arr['Email'])) $this->info['Email'] = $arr['Email']; } } class User { private $userId; private $info; private $dblist; function User($userId) { $this->userId = $userId; $sql = sprintf("SELECT User.UserId, Username, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard, IF(nBytes>nBytesHard,1,0) AS bOverQuota FROM User INNER JOIN UserQuota ON User.UserId = UserQuota.UserId INNER JOIN UserStat ON User.UserId = UserStat.UserId WHERE User.UserId = '%s'", mysql_escape_string($userId)); $r = fetchRows(DBSelect($sql),'UserId'); $this->info = count($r)?array_shift($r):$r; $this->dblist = $this->getDBList(); } function refresh() { unset($this->dblist); $this->User($this->userId); /* $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled FROM User WHERE UserId = '%s'", mysql_escape_string($this->userId)); $r = fetchRows(DBSelect($sql),'UserId'); $this->info = count($r)?array_shift($r):$r; unset($this->dblist); $this->getDBList(); */ } function exists() { return count($this->info); } function getUserId() { return $this->exists()?$this->info['UserId']:''; } function getUsername() { return $this->exists()?$this->info['Username']:''; } function isOverQuota() { return $this->exists()?($this->info['bOverQuota']>0?true:false):''; } function getDBQuotaHard() { return $this->exists()?$this->info['nDatabasesHard']:0; } function getBytes() { if($this->exists()) { $arr['nBytes'] = $this->info['nBytes']; $arr['nBytesSoft'] = $this->info['nBytesSoft']; $arr['nBytesHard'] = $this->info['nBytesHard']; return $arr; } } function setPassword($pwd) { $arr['Password'] = base64_encode($pwd); $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'", buildSQLSet($arr), mysql_escape_string($this->getUserId())); DBUpdate($sql); $sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')', mysql_escape_string($this->getUsername()), mysql_escape_string($pwd)); DBSet($sql); } function signup($pwd) { $this->pass = $pwd; $arr['Password'] = base64_encode($pwd); $arr['bEnabled'] = 1; $arr['dSignup'] = 'NOW()'; $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'", buildSQLSet($arr), mysql_escape_string($this->getUserId())); DBUpdate($sql); $this->setUsage(); $this->setAccess(); } function setUsage($yes=true) { $verb = $yes?'GRANT':'REVOKE'; $prep = $yes?'TO':'FROM'; $suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):''; $sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s", mysql_escape_string($verb), mysql_escape_string($prep), mysql_escape_string($this->getUsername()), '%', $suffix); DBGrant($sql); } function setAccess($db=null,$yes=true) { $verb = $yes?'GRANT':'REVOKE'; $prep = $yes?'TO':'FROM'; if (is_null($db)) { $dbs = $this->getDBList(); } else { $dbs[] = array('Name'=>$db); } foreach($dbs as $db) { $name = $db['Name']; $sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'", mysql_escape_string($verb), mysql_escape_string($name), mysql_escape_string($prep), mysql_escape_string($this->getUsername()), '%'); DBGrant($sql); } } function getDBList() { if (isset($this->dblist)) { return $this->dblist; } else { // LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId $sql = sprintf("SELECT * FROM DBOwner INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId WHERE DBOwner.UserId = '%s' AND DB.bEnabled=1", mysql_escape_string($this->getUserId())); // $r = fetchRows(DBSelect($sql),'DatabaseId'); $r = fetchRows(DBSelect($sql),'Name'); ksort($r); return $r; } } function addDB($name) { if (in_array($name, array_keys($this->getDBList()))) return false; if (!addDB($name, $this->getUserId())) return false; $this->setAccess($name); return true; } function delDB($name) { if (!in_array($name, array_keys($this->getDBList()))) return false; if (!delDB($name)) return false;//, $this->getUserId())) return false; $this->setAccess($name,false); return true; } } function isLoggedIn($aLogin=null) { if (is_null($aLogin)) { global $Login; $aLogin = $Login; } return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->canLogin(); } function isAdmin($aLogin=null) { if (is_null($aLogin)) { global $Login; $aLogin = $Login; } return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->getUL()>=100; } function isImpersonating() { return isSess('_UserId') && isSess('UserId'); } function isOffline() { return (defined('OFFLINE') && OFFLINE); } function isOnline() { return !isOffline(); } function impersonate($userId=null) { $wasImpersonating = isImpersonating(); if ($wasImpersonating) { if (is_null($userId) || empty($userId)) { sess('UserId',sess('_UserId')); sess('_UserId',''); } elseif ($userId>0) { sess('UserId',$userId); } else { return false; } } elseif (isLoggedIn()) { sess('_UserId',sess('UserId')); sess('UserId',$userId); return true; } else { return false; } } function isSSL() { return isset($_SERVER['SERVER_PORT'])?($_SERVER['SERVER_PORT'] == 443):false; } function getSSLCert() { if (DEVEL && file_exists('.forceauth')) { $fu = explode('|',file_get_contents('.forceauth')); $name = trim($fu[0]); $email = trim($fu[1]); } else { $name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null; $email = isset($_SERVER['REMOTE_USER'])?$_SERVER['REMOTE_USER']:null; } if (!is_null($email)) { $user = explode('@',$email); $user = $user[0]; return array('Username'=>$user, 'Name'=>$name, 'Email'=>$email); } else { return null; } } function getUsernameID($username) { $sql = sprintf("SELECT UserId FROM User USE INDEX (UsernameID) WHERE Username = '%s'", mysql_escape_string($username)); $r = fetchRows(DBSelect($sql), 'UserId'); $r = array_shift($r); return count($r)?$r['UserId']:null; } ## 302 REDIRECTS function redirect($target=null,$secure=null) { $base = (is_null($target)||substr($target,0,1)=='?')?URI:((strlen(dirname(URI))>1?dirname(URI).'/':'/')); redirectFull(is_null($target)?$base:($base.$target),$secure); } function redirectStart() { redirectFull(BASE_URL,null); } function redirectFull($target,$secure) { redirect2((((isSSL()&&is_null($secure))||$secure==true)?BASE_HTTPS:BASE_HTTP).$target); } function redirect2($target) { header('Location: '.$target); exit; } function flipSSL() { return (isSSL()?BASE_HTTP:BASE_HTTPS).URI; } ## USER SCRIPTS function addUser($sslCredentials) { global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT; $arr = array_merge($sslCredentials, $_NEW_USER); $sql = sprintf("INSERT INTO User %s", buildSQLInsert($arr)); $UserId = DBInsert($sql); $arr = $_NEW_USERQUOTA; $arr['UserId'] = $UserId; $sql = sprintf("INSERT INTO UserQuota %s", buildSQLInsert($arr)); DBInsert($sql); $arr = $_NEW_USERSTAT; $arr['UserId'] = $UserId; $sql = sprintf("INSERT INTO UserStat %s", buildSQLInsert($arr)); DBInsert($sql); return $UserId; } function addDB($dbname,$userid) { global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER; DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname))); if (mysql_error()) return false; $newdb['Name'] = $dbname; $arr = array_merge($newdb, $_NEW_DB); $arr['bEnabled'] = 1; $sql = sprintf("INSERT IGNORE INTO DB %s", buildSQLInsert($arr)); $DBId = DBInsert($sql); if (empty($DBId)) { $sql = sprintf("SELECT DatabaseId FROM DB WHERE Name = '%s'", mysql_escape_string($dbname)); $r = fetchRows(DBSelect($sql), 'DatabaseId'); if (count($r)) { $r = array_shift($r); $DBId = $r['DatabaseId']; } else { return false; } $sql = sprintf("UPDATE DB SET %s WHERE DB.DatabaseId = '%s'", buildSQLSet($arr), $DBId); DBUpdate($sql); } DBDelete(sprintf("DELETE FROM DBOwner WHERE DatabaseId = '%s'", mysql_escape_string($DBId))); DBDelete(sprintf("DELETE FROM DBQuota WHERE DatabaseId = '%s'", mysql_escape_string($DBId))); $arr = $_NEW_DBQUOTA; $arr['DatabaseId'] = $DBId; $sql = sprintf("INSERT IGNORE INTO DBQuota %s", buildSQLInsert($arr)); DBInsert($sql); $arr = $_NEW_DBOWNER; $arr['DatabaseId'] = $DBId; $arr['UserId'] = $userid; $sql = sprintf("INSERT IGNORE INTO DBOwner %s", buildSQLInsert($arr)); DBInsert($sql); return $DBId; } function delDB($dbname) { global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER; DBCreate(sprintf('DROP DATABASE `%s`', mysql_escape_string($dbname))); $arr['bEnabled'] = 0; $sql = sprintf("UPDATE DB SET %s WHERE DB.Name = '%s'", buildSQLSet($arr), mysql_escape_string($dbname)); DBUpdate($sql); return true; } ?>