forked from Wavyzz/dolibarr
88acbc5134
par "function" (avec f minuscule), qui est le mot correct (bien que cela ne gène pas le php, cela gène doxygen et autres outils d'analyse syntaxique).
395 lines
12 KiB
PHP
395 lines
12 KiB
PHP
<?php
|
|
//
|
|
// +----------------------------------------------------------------------+
|
|
// | PHP Version 4 |
|
|
// +----------------------------------------------------------------------+
|
|
// | |
|
|
// +----------------------------------------------------------------------+
|
|
// | This source file is subject to version 2.02 of the PHP license, |
|
|
// | that is bundled with this package in the file LICENSE, and is |
|
|
// | available at through the world-wide-web at |
|
|
// | http://www.php.net/license/2_02.txt. |
|
|
// | If you did not receive a copy of the PHP license and are unable to |
|
|
// | obtain it through the world-wide-web, please send a note to |
|
|
// | license@php.net so we can mail you a copy immediately. |
|
|
// +----------------------------------------------------------------------+
|
|
// | Authors: Martin Jansen <mj@php.net> |
|
|
// +----------------------------------------------------------------------+
|
|
//
|
|
// $Id$
|
|
//
|
|
|
|
//require_once 'Auth/Container.php';
|
|
require_once DOL_DOCUMENT_ROOT."/includes/pear/Auth/Container.php";
|
|
//require_once 'DB.php';
|
|
require_once DOL_DOCUMENT_ROOT."/includes/pear/DB.php";
|
|
|
|
/**
|
|
* Storage driver for fetching login data from a database
|
|
*
|
|
* This storage driver can use all databases which are supported
|
|
* by the PEAR DB abstraction layer to fetch login data.
|
|
*
|
|
* @author Martin Jansen <mj@php.net>
|
|
* @package Auth
|
|
* @version $Revision$
|
|
*/
|
|
class Auth_Container_DB extends Auth_Container
|
|
{
|
|
|
|
/**
|
|
* Additional options for the storage container
|
|
* @var array
|
|
*/
|
|
var $options = array();
|
|
|
|
/**
|
|
* DB object
|
|
* @var object
|
|
*/
|
|
var $db = null;
|
|
var $dsn = '';
|
|
|
|
/**
|
|
* User that is currently selected from the DB.
|
|
* @var string
|
|
*/
|
|
var $activeUser = '';
|
|
|
|
// {{{ Constructor
|
|
|
|
/**
|
|
* Constructor of the container class
|
|
*
|
|
* Initate connection to the database via PEAR::DB
|
|
*
|
|
* @param string Connection data or DB object
|
|
* @return object Returns an error object if something went wrong
|
|
*/
|
|
function Auth_Container_DB($dsn)
|
|
{
|
|
$this->_setDefaults();
|
|
|
|
if (is_array($dsn)) {
|
|
$this->_parseOptions($dsn);
|
|
|
|
if (empty($this->options['dsn'])) {
|
|
PEAR::raiseError('No connection parameters specified!');
|
|
}
|
|
} else {
|
|
$this->options['dsn'] = $dsn;
|
|
}
|
|
}
|
|
|
|
// }}}
|
|
// {{{ _connect()
|
|
|
|
/**
|
|
* Connect to database by using the given DSN string
|
|
*
|
|
* @access private
|
|
* @param string DSN string
|
|
* @return mixed Object on error, otherwise bool
|
|
*/
|
|
function _connect($dsn)
|
|
{
|
|
if (is_string($dsn) || is_array($dsn)) {
|
|
$this->db = DB::Connect($dsn);
|
|
} elseif (get_parent_class($dsn) == "db_common") {
|
|
$this->db = $dsn;
|
|
} elseif (DB::isError($dsn)) {
|
|
return PEAR::raiseError($dsn->getMessage(), $dsn->getCode());
|
|
} else {
|
|
return PEAR::raiseError('The given dsn was not valid in file ' . __FILE__ . ' at line ' . __LINE__,
|
|
41,
|
|
PEAR_ERROR_RETURN,
|
|
null,
|
|
null
|
|
);
|
|
}
|
|
|
|
if (DB::isError($this->db) || DOLIPEAR::isError($this->db)) {
|
|
return DOLIPEAR::raiseError($this->db->getMessage(), $this->db->getCode());
|
|
} else {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
// }}}
|
|
// {{{ _prepare()
|
|
|
|
/**
|
|
* Prepare database connection
|
|
*
|
|
* This function checks if we have already opened a connection to
|
|
* the database. If that's not the case, a new connection is opened.
|
|
*
|
|
* @access private
|
|
* @return mixed True or a DB error object.
|
|
*/
|
|
function _prepare()
|
|
{
|
|
if (!DB::isConnection($this->db)) {
|
|
$res = $this->_connect($this->options['dsn']);
|
|
if(DB::isError($res) || DOLIPEAR::isError($res)){
|
|
return $res;
|
|
}
|
|
}
|
|
return true;
|
|
}
|
|
|
|
// }}}
|
|
// {{{ query()
|
|
|
|
/**
|
|
* Prepare query to the database
|
|
*
|
|
* This function checks if we have already opened a connection to
|
|
* the database. If that's not the case, a new connection is opened.
|
|
* After that the query is passed to the database.
|
|
*
|
|
* @access public
|
|
* @param string Query string
|
|
* @return mixed a DB_result object or DB_OK on success, a DB
|
|
* or PEAR error on failure
|
|
*/
|
|
function query($query)
|
|
{
|
|
$err = $this->_prepare();
|
|
if ($err !== true) {
|
|
return $err;
|
|
}
|
|
return $this->db->query($query);
|
|
}
|
|
|
|
// }}}
|
|
// {{{ _setDefaults()
|
|
|
|
/**
|
|
* Set some default options
|
|
*
|
|
* @access private
|
|
* @return void
|
|
*/
|
|
function _setDefaults()
|
|
{
|
|
$this->options['table'] = 'auth';
|
|
$this->options['usernamecol'] = 'username';
|
|
$this->options['passwordcol'] = 'password';
|
|
$this->options['dsn'] = '';
|
|
$this->options['db_fields'] = '';
|
|
$this->options['cryptType'] = 'md5';
|
|
}
|
|
|
|
// }}}
|
|
// {{{ _parseOptions()
|
|
|
|
/**
|
|
* Parse options passed to the container class
|
|
*
|
|
* @access private
|
|
* @param array
|
|
*/
|
|
function _parseOptions($array)
|
|
{
|
|
foreach ($array as $key => $value) {
|
|
if (isset($this->options[$key])) {
|
|
$this->options[$key] = $value;
|
|
}
|
|
}
|
|
|
|
/* Include additional fields if they exist */
|
|
if(!empty($this->options['db_fields'])){
|
|
if(is_array($this->options['db_fields'])){
|
|
$this->options['db_fields'] = join($this->options['db_fields'], ', ');
|
|
}
|
|
$this->options['db_fields'] = ', '.$this->options['db_fields'];
|
|
}
|
|
}
|
|
|
|
// }}}
|
|
// {{{ fetchData()
|
|
|
|
/**
|
|
* Get user information from database
|
|
*
|
|
* This function uses the given username to fetch
|
|
* the corresponding login data from the database
|
|
* table. If an account that matches the passed username
|
|
* and password is found, the function returns true.
|
|
* Otherwise it returns false.
|
|
*
|
|
* @param string Username
|
|
* @param string Password
|
|
* @return mixed Error object or boolean
|
|
*/
|
|
function fetchData($username, $password)
|
|
{
|
|
// Prepare for a database query
|
|
$err = $this->_prepare();
|
|
if ($err !== true) {
|
|
return PEAR::raiseError($err->getMessage(), $err->getCode());
|
|
}
|
|
|
|
// Find if db_fileds contains a *, i so assume all col are selected
|
|
if(strstr($this->options['db_fields'], '*')){
|
|
$sql_from = "*";
|
|
}
|
|
else{
|
|
$sql_from = $this->options['usernamecol'] . ", ".$this->options['passwordcol'].$this->options['db_fields'];
|
|
}
|
|
|
|
$query = "SELECT ! FROM ! WHERE ! = ?";
|
|
$query_params = array(
|
|
$sql_from,
|
|
$this->options['table'],
|
|
$this->options['usernamecol'],
|
|
$username
|
|
);
|
|
$res = $this->db->getRow($query, $query_params, DB_FETCHMODE_ASSOC);
|
|
|
|
if (DB::isError($res)) {
|
|
return PEAR::raiseError($res->getMessage(), $res->getCode());
|
|
}
|
|
if (!is_array($res)) {
|
|
$this->activeUser = '';
|
|
return false;
|
|
}
|
|
if ($this->verifyPassword(trim($password),
|
|
trim($res[$this->options['passwordcol']]),
|
|
$this->options['cryptType'])) {
|
|
// Store additional field values in the session
|
|
foreach ($res as $key => $value) {
|
|
if ($key == $this->options['passwordcol'] ||
|
|
$key == $this->options['usernamecol']) {
|
|
continue;
|
|
}
|
|
Auth::setAuthData($key, $value);
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
$this->activeUser = $res[$this->options['usernamecol']];
|
|
return false;
|
|
}
|
|
|
|
// }}}
|
|
// {{{ listUsers()
|
|
|
|
function listUsers()
|
|
{
|
|
$err = $this->_prepare();
|
|
if ($err !== true) {
|
|
return PEAR::raiseError($err->getMessage(), $err->getCode());
|
|
}
|
|
|
|
$retVal = array();
|
|
|
|
// Find if db_fileds contains a *, i so assume all col are selected
|
|
if(strstr($this->options['db_fields'], '*') || empty($this->options['db_fields'])){
|
|
$sql_from = "*";
|
|
}
|
|
else{
|
|
$sql_from = $this->options['usernamecol'] . ", ".$this->options['passwordcol'].$this->options['db_fields'];
|
|
}
|
|
|
|
$query = sprintf("SELECT %s FROM %s",
|
|
$sql_from,
|
|
$this->options['table']
|
|
);
|
|
$res = $this->db->getAll($query, null, DB_FETCHMODE_ASSOC);
|
|
|
|
if (DB::isError($res)) {
|
|
return PEAR::raiseError($res->getMessage(), $res->getCode());
|
|
} else {
|
|
foreach ($res as $user) {
|
|
$user['username'] = $user[$this->options['usernamecol']];
|
|
$retVal[] = $user;
|
|
}
|
|
}
|
|
return $retVal;
|
|
}
|
|
|
|
// }}}
|
|
// {{{ addUser()
|
|
|
|
/**
|
|
* Add user to the storage container
|
|
*
|
|
* @access public
|
|
* @param string Username
|
|
* @param string Password
|
|
* @param mixed Additional information that are stored in the DB
|
|
*
|
|
* @return mixed True on success, otherwise error object
|
|
*/
|
|
function addUser($username, $password, $additional = "")
|
|
{
|
|
if (function_exists($this->options['cryptType'])) {
|
|
$cryptfunction = $this->options['cryptType'];
|
|
} else {
|
|
$cryptfunction = 'md5';
|
|
}
|
|
|
|
$additional_key = '';
|
|
$additional_value = '';
|
|
|
|
if (is_array($additional)) {
|
|
foreach ($additional as $key => $value) {
|
|
$additional_key .= ', ' . $key;
|
|
$additional_value .= ", '" . $value . "'";
|
|
}
|
|
}
|
|
|
|
$query = sprintf("INSERT INTO %s (%s, %s%s) VALUES ('%s', '%s'%s)",
|
|
$this->options['table'],
|
|
$this->options['usernamecol'],
|
|
$this->options['passwordcol'],
|
|
$additional_key,
|
|
$username,
|
|
$cryptfunction($password),
|
|
$additional_value
|
|
);
|
|
|
|
$res = $this->query($query);
|
|
|
|
if (DB::isError($res)) {
|
|
return PEAR::raiseError($res->getMessage(), $res->getCode());
|
|
} else {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
// }}}
|
|
// {{{ removeUser()
|
|
|
|
/**
|
|
* Remove user from the storage container
|
|
*
|
|
* @access public
|
|
* @param string Username
|
|
*
|
|
* @return mixed True on success, otherwise error object
|
|
*/
|
|
function removeUser($username)
|
|
{
|
|
$query = sprintf("DELETE FROM %s WHERE %s = '%s'",
|
|
$this->options['table'],
|
|
$this->options['usernamecol'],
|
|
$username
|
|
);
|
|
|
|
$res = $this->query($query);
|
|
|
|
if (DB::isError($res)) {
|
|
return PEAR::raiseError($res->getMessage(), $res->getCode());
|
|
} else {
|
|
return true;
|
|
}
|
|
}
|
|
|
|
// }}}
|
|
}
|
|
?>
|