]> andersk Git - sql-web.git/blobdiff - lib/security.lib.php
andersk / sql-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
bug fix: signup/db-create for class lockers
[sql-web.git] / lib / security.lib.php
diff --git a/lib/security.lib.php b/lib/security.lib.php
index fca7a0f2279bfd399bc976dc9d2607ff96a0c968..2084e5399660c76ca85f9d904f8f2006ad6beb90 100644 (file)
--- a/lib/security.lib.php
+++ b/lib/security.lib.php
@@ -3,15 +3,15 @@
 require_once('mitsql.lib.php');
 
 class Login {
-       var $id, $u, $p;
-    var $info;
+       private $id, $u, $p;
+    private $info;
     function Login($u, $p=null) {
                if (empty($u)) return;
                $this->u = $u;
                $this->p = $p;
                if (is_numeric($u)) {
                        $this->id = $u;
-                       $opt = sprintf(" UserId = '%s'", mysql_escape_string($u));
+                       $opt = sprintf(" Username = '%s' OR UserId = '%s'", mysql_escape_string($u), mysql_escape_string($u));
                } else {
                        $opt = sprintf(" Username = '%s'", mysql_escape_string($u));
                        $opt .= (is_null($p)?'':sprintf(" AND Password='%s'", mysql_escape_string(base64_encode($p))));
@@ -82,12 +82,12 @@ class Login {
 }
 
 class User {
-       var $userId;
-       var $info;
-       var $dblist;
+       private $userId;
+       private $info;
+       private $dblist;
     function User($userId) {
                $this->userId = $userId;
-        $sql = sprintf("SELECT User.UserId, Username, Password, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard, IF(nBytes>nBytesHard,1,0) AS bOverQuota
+        $sql = sprintf("SELECT User.UserId, Username, Name, Email, UL, bEnabled, nBytesSoft, nBytesHard, nBytes, nDatabases, nDatabasesHard, IF(nBytes>nBytesHard,1,0) AS bOverQuota
                         FROM User
                                                INNER JOIN UserQuota ON User.UserId = UserQuota.UserId
                                                INNER JOIN UserStat ON User.UserId = UserStat.UserId
@@ -96,13 +96,12 @@ class User {
         $r = fetchRows(DBSelect($sql),'UserId');
         $this->info = count($r)?array_shift($r):$r;
                $this->dblist = $this->getDBList();
-//             $this->pass = base64_decode($this->info['Password']);
     }
        function refresh() {
                unset($this->dblist);
                $this->User($this->userId);
                /*
-        $sql = sprintf("SELECT UserId, Username, Password, Name, Email, UL, bEnabled
+        $sql = sprintf("SELECT UserId, Username, Name, Email, UL, bEnabled
                         FROM User
                         WHERE UserId = '%s'",
                         mysql_escape_string($this->userId));
@@ -203,7 +202,7 @@ class User {
                }
        }
        function addDB($name) {
-               if (in_array($name, $this->getDBList())) return false;
+               if (in_array($name, array_keys($this->getDBList()))) return false;
                if (!addDB($name, $this->getUserId())) return false;
                $this->setAccess($name);
                return true;
@@ -222,7 +221,7 @@ function isLoggedIn($aLogin=null) {
         global $Login;
         $aLogin = $Login;
     }
-    return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->canLogin();
+    return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->canLogin();
 }
 
 function isAdmin($aLogin=null) {
@@ -230,13 +229,21 @@ function isAdmin($aLogin=null) {
         global $Login;
         $aLogin = $Login;
     }
-    return !empty($aLogin) && is_a($aLogin, 'Login') && $aLogin->getUL()>=100;
+    return !empty($aLogin) && ($aLogin instanceof Login) && $aLogin->getUL()>=100;
 }
 
 function isImpersonating() {
        return isSess('_UserId') && isSess('UserId');
 }
 
+function isOffline() {
+       return (defined('OFFLINE') && OFFLINE);
+}
+
+function isOnline() {
+       return !isOffline();
+}
+
 function impersonate($userId=null) {
        $wasImpersonating = isImpersonating();
        if ($wasImpersonating) {
@@ -258,7 +265,7 @@ function impersonate($userId=null) {
 }
 
 function isSSL() {
-       return $_SERVER['SERVER_PORT'] == 443;
+       return isset($_SERVER['SERVER_PORT'])?($_SERVER['SERVER_PORT'] == 443):false;
 }
 
 function getSSLCert() {
@@ -289,14 +296,16 @@ function redirectStart() {
        redirectFull(BASE_URL,null);
 }
 function redirectFull($target,$secure) {
-       redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
+       //redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://':'http://').$_SERVER['SERVER_NAME'].$target);
+       redirect2((((isSSL()&&is_null($secure))||$secure==true)?'https://scripts-cert.mit.edu':'http://scripts.mit.edu').$target);
 }
 function redirect2($target) {
        header('Location: '.$target);
        exit;
 }
 function flipSSL() {
-       return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
+       //return (isSSL()?'http://':'https://').$_SERVER['SERVER_NAME'].$_SERVER['REDIRECT_URL'];
+       return (isSSL()?'http://scripts.mit.edu':'https://scripts-cert.mit.edu').$_SERVER['REDIRECT_URL'];
 }
 
 ## USER SCRIPTS
@@ -328,6 +337,7 @@ function addDB($dbname,$userid) {
        global $_NEW_DB, $_NEW_DBQUOTA, $_NEW_DBOWNER;
 
        DBCreate(sprintf('CREATE DATABASE `%s`', mysql_escape_string($dbname)));
+       if (mysql_error()) return false;
 
        $newdb['Name'] = $dbname;
        $arr = array_merge($newdb, $_NEW_DB);
@@ -349,23 +359,25 @@ function addDB($dbname,$userid) {
                                                buildSQLSet($arr),
                                                $DBId);
                DBUpdate($sql);
-               return $DBId;
-       } else {
-               $arr = $_NEW_DBQUOTA;
-               $arr['DatabaseId'] = $DBId;
-               $sql = sprintf("INSERT IGNORE INTO DBQuota %s",
-                                               buildSQLInsert($arr));
-               DBInsert($sql);
-
-               $arr = $_NEW_DBOWNER;
-               $arr['DatabaseId'] = $DBId;
-               $arr['UserId'] = $userid;
-               $sql = sprintf("INSERT IGNORE INTO DBOwner %s",
-                                               buildSQLInsert($arr));
-               DBInsert($sql);
-
-               return $DBId;
        }
+
+       DBDelete(sprintf("DELETE FROM DBOwner WHERE DatabaseId = '%s'", mysql_escape_string($DBId)));
+       DBDelete(sprintf("DELETE FROM DBQuota WHERE DatabaseId = '%s'", mysql_escape_string($DBId)));
+       
+       $arr = $_NEW_DBQUOTA;
+       $arr['DatabaseId'] = $DBId;
+       $sql = sprintf("INSERT IGNORE INTO DBQuota %s",
+                                       buildSQLInsert($arr));
+       DBInsert($sql);
+
+       $arr = $_NEW_DBOWNER;
+       $arr['DatabaseId'] = $DBId;
+       $arr['UserId'] = $userid;
+       $sql = sprintf("INSERT IGNORE INTO DBOwner %s",
+                                       buildSQLInsert($arr));
+       DBInsert($sql);
+
+       return $DBId;
 }
 
 function delDB($dbname) {
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.035252 seconds and 4 git commands to generate.