<?php
+/*
+ (c) 2005 Joe Presbrey
+*/
require_once('mitsql.lib.php');
class Login {
- var $u, $p;
- var $info;
+ private $id, $u, $p;
+ private $info;
function Login($u, $p=null) {
- $this->u = $u;
+ if (empty($u)) return;
+ $this->u = $u;
$this->p = $p;
- $opt = is_null($p)?'':sprintf(" AND Password='%s' ", mysql_escape_string(base64_encode($p)));
+ if (is_numeric($u)) {
+ $this->id = $u;
+ $opt = sprintf(" Username = '%s' OR UserId = '%s'", mysql_escape_string($u), mysql_escape_string($u));
+ } else {
+ $opt = sprintf(" Username = '%s'", mysql_escape_string($u));
+ $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
+ }
$sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
FROM User
- WHERE Username = '%s'
- $opt",
- mysql_escape_string($u));
+ WHERE %s", $opt);
$r = fetchRows(DBSelect($sql),'UserId');
- $this->info = count($r)?array_shift($r):$r;
- }
+ $this->info = count($r)?array_shift($r):$r;
+ }
function exists() {
return count($this->info);
}
$this->info = null;
}
function refresh() {
- $this->Login($this->u,$this->p);
+ if (!empty($this->id)) {
+ $this->Login($this->id);
+ } else {
+ $this->Login($this->u,$this->p);
+ }
}
function update($name=null,$email=null) {
if (!$this->exists()) return;
if ($email == $this->getEmail()) $email = null;
is_null($name) || $arr['Name'] = $name;
is_null($email) || $arr['Email'] = $email;
- $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
- buildSQLSet($arr), mysql_escape_string($this->getUserId()));
- DBUpdate($sql);
+ $upd = buildSQLSet($arr);
+ $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'",
+ $upd, mysql_escape_string($this->getUserId()));
+ if (!empty($upd) && $upd != 'SET')
+ DBUpdate($sql);
if (isset($arr['Name']))
- $this->name = $arr['Name'];
+ $this->info['Name'] = $arr['Name'];
if (isset($arr['Email']))
- $this->email = $arr['Email'];
+ $this->info['Email'] = $arr['Email'];
}
}
class User {
- var $userId;
- var $info;
- var $pass;
- var $dblist;
+ private $userId;
+ private $info;
+ private $dblist;
function User($userId) {
$this->userId = $userId;
- $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
+ $sql = sprintf("SELECT User.UserId, Username, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard, IF(nBytes>nBytesHard,1,0) AS bOverQuota
FROM User
- WHERE UserId = '%s'",
+ INNER JOIN UserQuota ON User.UserId = UserQuota.UserId
+ INNER JOIN UserStat ON User.UserId = UserStat.UserId
+ WHERE User.UserId = '%s'",
mysql_escape_string($userId));
$r = fetchRows(DBSelect($sql),'UserId');
$this->info = count($r)?array_shift($r):$r;
- $this->pass = base64_decode($this->info['Password']);
+ $this->dblist = $this->getDBList();
}
+ function refresh() {
+ unset($this->dblist);
+ $this->User($this->userId);
+ /*
+ $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
+ FROM User
+ WHERE UserId = '%s'",
+ mysql_escape_string($this->userId));
+ $r = fetchRows(DBSelect($sql),'UserId');
+ $this->info = count($r)?array_shift($r):$r;
+ unset($this->dblist);
+ $this->getDBList();
+ */
+ }
function exists() {
return count($this->info);
}
}
function getUsername() {
return $this->exists()?$this->info['Username']:'';
+ }
+ function isOverQuota() {
+ return $this->exists()?($this->info['bOverQuota']>0?true:false):'';
+ }
+ function getBytes() {
+ if($this->exists()) {
+ $arr['nBytes'] = $this->info['nBytes'];
+ $arr['nBytesSoft'] = $this->info['nBytesSoft'];
+ $arr['nBytesHard'] = $this->info['nBytesHard'];
+ return $arr;
+ }
}
function setPassword($pwd) {
$arr['Password'] = base64_encode($pwd);
- $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
+ $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'",
buildSQLSet($arr), mysql_escape_string($this->getUserId()));
DBUpdate($sql);
+ $sql = sprintf('SET PASSWORD FOR \'%s\'@\'%%\'=PASSWORD(\'%s\')',
+ mysql_escape_string($this->getUsername()),
+ mysql_escape_string($pwd));
+ DBSet($sql);
}
function signup($pwd) {
$this->pass = $pwd;
$arr['Password'] = base64_encode($pwd);
$arr['bEnabled'] = 1;
$arr['dSignup'] = 'NOW()';
- $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
+ $sql = sprintf("UPDATE User SET %s WHERE UserId = '%s'",
buildSQLSet($arr), mysql_escape_string($this->getUserId()));
DBUpdate($sql);
function setUsage($yes=true) {
$verb = $yes?'GRANT':'REVOKE';
$prep = $yes?'TO':'FROM';
- $suffix = $yes?sprintf("IDENTIFIED BY `%s`",mysql_escape_string($this->pass)):'';
+ $suffix = $yes?sprintf("IDENTIFIED BY '%s'",mysql_escape_string($this->pass)):'';
$sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
mysql_escape_string($verb),
mysql_escape_string($prep),
mysql_escape_string($this->getUsername()),
'%',
- mysql_escape_string($suffix));
+ $suffix);
DBGrant($sql);
}
function setAccess($db=null,$yes=true) {
$verb = $yes?'GRANT':'REVOKE';
$prep = $yes?'TO':'FROM';
if (is_null($db)) {
- $this->dblist = $this->getDBList();
- $dbs = $this->dblist;
+ $dbs = $this->getDBList();
} else {
$dbs[] = array('Name'=>$db);
}
mysql_escape_string($verb),
mysql_escape_string($name),
mysql_escape_string($prep),
- $this->getUsername,
+ mysql_escape_string($this->getUsername()),
'%');
DBGrant($sql);
}
}
function getDBList() {
- $sql = sprintf("SELECT *
+ if (isset($this->dblist)) {
+ return $this->dblist;
+ } else {
+ // LEFT JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
+ $sql = sprintf("SELECT *
FROM DBOwner
INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
- WHERE UserId = '%s'",
+ WHERE DBOwner.UserId = '%s' AND DB.bEnabled=1",
mysql_escape_string($this->getUserId()));
- $r = fetchRows(DBSelect($sql),'DatabaseId');
- return $r;
+// $r = fetchRows(DBSelect($sql),'DatabaseId');
+ $r = fetchRows(DBSelect($sql),'Name');
+ ksort($r);
+ return $r;
+ }
+ }
+ function addDB($name) {
+ if (in_array($name, array_keys($this->getDBList()))) return false;
+ if (!addDB($name, $this->getUserId())) return false;
+ $this->setAccess($name);
+ return true;
+ }
+ function delDB($name) {
+ if (!in_array($name, array_keys($this->getDBList()))) return false;
+ if (!delDB($name)) return false;//, $this->getUserId())) return false;
+ $this->setAccess($name,false);
+ return true;
}
}
global $Login;
$aLogin = $Login;
}
- return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
+ return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->canLogin();
+}
+
+function isAdmin($aLogin=null) {
+ if (is_null($aLogin)) {
+ global $Login;
+ $aLogin = $Login;
+ }
+ return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->getUL()>=100;
+}
+
+function isImpersonating() {
+ return isSess('_UserId') && isSess('UserId');
+}
+
+function isOffline() {
+ return (defined('OFFLINE') && OFFLINE);
+}
+
+function isOnline() {
+ return !isOffline();
+}
+
+function impersonate($userId=null) {
+ $wasImpersonating = isImpersonating();
+ if ($wasImpersonating) {
+ if (is_null($userId) || empty($userId)) {
+ sess('UserId',sess('_UserId'));
+ sess('_UserId','');
+ } elseif ($userId>0) {
+ sess('UserId',$userId);
+ } else {
+ return false;
+ }
+ } elseif (isLoggedIn()) {
+ sess('_UserId',sess('UserId'));
+ sess('UserId',$userId);
+ return true;
+ } else {
+ return false;
+ }
}
function isSSL() {
- return $_SERVER['SERVER_PORT'] == 443;
+ return isset($_SERVER['SERVER_PORT'])?($_SERVER['SERVER_PORT'] == 443):false;
}
function getSSLCert() {
$base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
redirectFull(is_null($target)?$base:($base.$target),$secure);
}
+function redirectStart() {
+ redirectFull(BASE_URL,null);
+}
function redirectFull($target,$secure) {
- redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
+ //redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
+ redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://scripts-cert.mit.edu':'http://scripts.mit.edu').$target);
}
function redirect2($target) {
header('Location: '.$target);
exit;
}
function flipSSL() {
- return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
+ //return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
+ return (isSSL()?'http://scripts.mit.edu':'https://scripts-cert.mit.edu').$_SERVER['REDIRECT_URL'];
}
## USER SCRIPTS
return $UserId;
}
+function addDB($dbname,$userid) {
+ global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
+
+ DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname)));
+ if (mysql_error()) return false;
+
+ $newdb['Name'] = $dbname;
+ $arr = array_merge($newdb, $_NEW_DB);
+ $arr['bEnabled'] = 1;
+ $sql = sprintf("INSERT IGNORE INTO DB %s",
+ buildSQLInsert($arr));
+ $DBId = DBInsert($sql);
+ if (empty($DBId)) {
+ $sql = sprintf("SELECT DatabaseId FROM DB WHERE Name = '%s'",
+ mysql_escape_string($dbname));
+ $r = fetchRows(DBSelect($sql), 'DatabaseId');
+ if (count($r)) {
+ $r = array_shift($r);
+ $DBId = $r['DatabaseId'];
+ } else {
+ return false;
+ }
+ $sql = sprintf("UPDATE DB SET %s WHERE DB.DatabaseId = '%s'",
+ buildSQLSet($arr),
+ $DBId);
+ DBUpdate($sql);
+ }
+
+ DBDelete(sprintf("DELETE FROM DBOwner WHERE DatabaseId = '%s'", mysql_escape_string($DBId)));
+ DBDelete(sprintf("DELETE FROM DBQuota WHERE DatabaseId = '%s'", mysql_escape_string($DBId)));
+
+ $arr = $_NEW_DBQUOTA;
+ $arr['DatabaseId'] = $DBId;
+ $sql = sprintf("INSERT IGNORE INTO DBQuota %s",
+ buildSQLInsert($arr));
+ DBInsert($sql);
+
+ $arr = $_NEW_DBOWNER;
+ $arr['DatabaseId'] = $DBId;
+ $arr['UserId'] = $userid;
+ $sql = sprintf("INSERT IGNORE INTO DBOwner %s",
+ buildSQLInsert($arr));
+ DBInsert($sql);
+
+ return $DBId;
+}
+
+function delDB($dbname) {
+ global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
+
+ DBCreate(sprintf('DROP DATABASE `%s`', mysql_escape_string($dbname)));
+
+ $arr['bEnabled'] = 0;
+ $sql = sprintf("UPDATE DB SET %s WHERE DB.Name = '%s'",
+ buildSQLSet($arr),
+ $dbname);
+ DBUpdate($sql);
+
+ return true;
+}
+
?>