require_once('mitsql.lib.php');
class Login {
+ var $u, $p;
var $info;
function Login($u, $p=null) {
+ $this->u = $u;
+ $this->p = $p;
$opt = is_null($p)?'':sprintf(" AND Password='%s' ", mysql_escape_string(base64_encode($p)));
$sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
FROM User
$opt",
mysql_escape_string($u));
$r = fetchRows(DBSelect($sql),'UserId');
- $this->info = count($r)?array_shift($r):null;
+ $this->info = count($r)?array_shift($r):$r;
}
function exists() {
- return !is_null($this->info);
- }
- function isValid() {
- return $this->isEnabled() && $this->getUL()>0;
+ return count($this->info);
}
+ function isValid() {
+ return $this->getUL()>0;
+ }
function isEnabled() {
return $this->exists() && $this->info['bEnabled']==1;
}
+ function canLogin() {
+ return $this->isEnabled() && $this->isValid();
+ }
+ function canSignup() {
+ return !$this->isEnabled() && $this->isValid();
+ }
function getUserId() {
- return $this->exists() && $this->info['UserId'];
+ return $this->exists()?$this->info['UserId']:'';
}
function getUsername() {
- return $this->exists() && $this->info['Username'];
+ return $this->exists()?$this->info['Username']:'';
}
function getName() {
- return $this->exists() && $this->info['Name'];
+ return $this->exists()?$this->info['Name']:'';
}
function getEmail() {
- return $this->exists() && $this->info['Email'];
+ return $this->exists()?$this->info['Email']:'';
}
function getUL() {
- return $this->exists() && $this->info['UL'];
+ return $this->exists()?$this->info['UL']:'';
}
function expire() {
$this->info = null;
}
function refresh() {
- $this->Login($this->getUsername());
+ $this->Login($this->u,$this->p);
}
function update($name=null,$email=null) {
if (!$this->exists()) return;
$arr = array();
+ if ($name == $this->getName()) $name = null;
+ if ($email == $this->getEmail()) $email = null;
is_null($name) || $arr['Name'] = $name;
is_null($email) || $arr['Email'] = $email;
$sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
buildSQLSet($arr), mysql_escape_string($this->getUserId()));
DBUpdate($sql);
+ if (isset($arr['Name']))
+ $this->name = $arr['Name'];
+ if (isset($arr['Email']))
+ $this->email = $arr['Email'];
+ }
+}
+
+class User {
+ var $userId;
+ var $info;
+ var $pass;
+ var $dblist;
+ function User($userId) {
+ $this->userId = $userId;
+ $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
+ FROM User
+ WHERE UserId = '%s'",
+ mysql_escape_string($userId));
+ $r = fetchRows(DBSelect($sql),'UserId');
+ $this->info = count($r)?array_shift($r):$r;
+ $this->pass = base64_decode($this->info['Password']);
}
+ function exists() {
+ return count($this->info);
+ }
+ function getUserId() {
+ return $this->exists()?$this->info['UserId']:'';
+ }
+ function getUsername() {
+ return $this->exists()?$this->info['Username']:'';
+ }
+ function setPassword($pwd) {
+ $arr['Password'] = base64_encode($pwd);
+ $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
+ buildSQLSet($arr), mysql_escape_string($this->getUserId()));
+ DBUpdate($sql);
+ }
+ function signup($pwd) {
+ $this->pass = $pwd;
+ $arr['Password'] = base64_encode($pwd);
+ $arr['bEnabled'] = 1;
+ $arr['dSignup'] = 'NOW()';
+ $sql = sprintf("UPDATE User %s WHERE UserId = '%s'",
+ buildSQLSet($arr), mysql_escape_string($this->getUserId()));
+ DBUpdate($sql);
+
+ $this->setUsage();
+ $this->setAccess();
+ }
+ function setUsage($yes=true) {
+ $verb = $yes?'GRANT':'REVOKE';
+ $prep = $yes?'TO':'FROM';
+ $suffix = $yes?sprintf("IDENTIFIED BY `%s`",mysql_escape_string($this->pass)):'';
+ $sql = sprintf("%s USAGE ON * . * %s '%s'@'%s' %s",
+ mysql_escape_string($verb),
+ mysql_escape_string($prep),
+ mysql_escape_string($this->getUsername()),
+ '%',
+ mysql_escape_string($suffix));
+ DBGrant($sql);
+ }
+ function setAccess($db=null,$yes=true) {
+ $verb = $yes?'GRANT':'REVOKE';
+ $prep = $yes?'TO':'FROM';
+ if (is_null($db)) {
+ $this->dblist = $this->getDBList();
+ $dbs = $this->dblist;
+ } else {
+ $dbs[] = array('Name'=>$db);
+ }
+ foreach($dbs as $db) {
+ $name = $db['Name'];
+ $sql = sprintf("%s ALL PRIVILEGES ON `%s` . * %s '%s'@'%s'",
+ mysql_escape_string($verb),
+ mysql_escape_string($name),
+ mysql_escape_string($prep),
+ $this->getUsername,
+ '%');
+ DBGrant($sql);
+ }
+ }
+ function getDBList() {
+ $sql = sprintf("SELECT *
+ FROM DBOwner
+ INNER JOIN DB ON DB.DatabaseId = DBOwner.DatabaseId
+ INNER JOIN DBQuota ON DBQuota.DatabaseId = DBOwner.DatabaseId
+ WHERE UserId = '%s'",
+ mysql_escape_string($this->getUserId()));
+ $r = fetchRows(DBSelect($sql),'DatabaseId');
+ return $r;
+ }
}
global $Login;
$aLogin = $Login;
}
- return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->isValid();
+ return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
}
function isSSL() {
function getSSLCert() {
if (DEVEL && file_exists('.forceauth')) {
$fu = explode('|',file_get_contents('.forceauth'));
- $name = $fu[0];
- $email = $fu[1];
+ $name = trim($fu[0]);
+ $email = trim($fu[1]);
} else {
$name = isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:null;
$email = isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:null;
## 302 REDIRECTS
-function redirect($target=NULL) {
+function redirect($target=null,$secure=true) {
$base = (is_null($target)||substr($target,0,1)=='?')?$_SERVER['REDIRECT_URL']:(dirname($_SERVER['REDIRECT_URL']).'/');
- redirectFull(is_null($target)?$base:($base.$target));
+ redirectFull(is_null($target)?$base:($base.$target),$secure);
}
-function redirectFull($target) {
- redirect2((isSSL()?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
+function redirectFull($target,$secure) {
+ redirect2((isSSL()&&$secure?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
}
function redirect2($target) {
header('Location: '.$target);
exit;
}
+function flipSSL() {
+ return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
+}
## USER SCRIPTS
function addUser($sslCredentials) {
- global $_NEW_USER;
+ global $_NEW_USER, $_NEW_USERQUOTA, $_NEW_USERSTAT;
+
$arr = array_merge($sslCredentials, $_NEW_USER);
$sql = sprintf("INSERT INTO User %s",
buildSQLInsert($arr));
- return DBInsert($sql);
+ $UserId = DBInsert($sql);
+
+ $arr = $_NEW_USERQUOTA;
+ $arr['UserId'] = $UserId;
+ $sql = sprintf("INSERT INTO UserQuota %s",
+ buildSQLInsert($arr));
+ DBInsert($sql);
+
+ $arr = $_NEW_USERSTAT;
+ $arr['UserId'] = $UserId;
+ $sql = sprintf("INSERT INTO UserQuota %s",
+ buildSQLInsert($arr));
+ DBInsert($sql);
+
+ return $UserId;
}
?>