function checkCredentials()
{
$app =& Dataface_Application::getInstance();
if (!$this->authEnabled) {
return true;
}
if (isset($this->delegate) and method_exists($this->delegate, 'checkCredentials')) {
return $this->delegate->checkCredentials();
} else {
// The user is attempting to log in.
$creds = $this->getCredentials();
if (!isset($creds['UserName']) || !isset($creds['Password'])) {
// The user did not submit a username of password for login.. trigger error.
//trigger_error("Username or Password Not specified", E_USER_ERROR);
return false;
}
import('Dataface/Serializer.php');
$serializer = new Dataface_Serializer($this->usersTable);
//$res = mysql_query(
$sql = "SELECT `" . $this->usernameColumn . "` FROM `" . $this->usersTable . "`\n\t\t\t\t WHERE `" . $this->usernameColumn . "`='" . addslashes($serializer->serialize($this->usernameColumn, $creds['UserName'])) . "'\n\t\t\t\t AND `" . $this->passwordColumn . "`=" . $serializer->encrypt($this->passwordColumn, "'" . addslashes($serializer->serialize($this->passwordColumn, $creds['Password'])) . "'");
$res = mysql_query($sql, $app->db());
if (!$res) {
trigger_error(mysql_error($app->db()), E_USER_ERROR);
}
if (mysql_num_rows($res) === 0) {
return false;
}
$found = false;
while ($row = mysql_fetch_row($res)) {
if (strcmp($row[0], $creds['UserName']) === 0) {
$found = true;
break;
}
}
@mysql_free_result($res);
return $found;
}
}
/**
* Wraps the value inside a mysql function to encrypt the input (if the 'crypt')
* attribute is selected.
*/
function encrypt($fieldname, $value = null)
{
if (!isset($value)) {
echo Dataface_Error::printStackTrace();
}
if (strpos($fieldname, '.') !== false) {
// This is a related field.
$table =& $this->_table->getTableTableForField($fieldname);
list($relname, $fieldname) = explode('.', $fieldname);
$serializer = new Dataface_Serializer($table->tablename);
$out = $serializer->encrypt($fieldname, $value);
return $out;
}
$field = $this->_table->getField($fieldname);
if (PEAR::isError($field)) {
echo $field->getMessage();
echo Dataface_Error::printStackTrace();
exit;
}
if (isset($field['encryption'])) {
switch (strtolower($field['encryption'])) {
case 'md5':
return 'MD5(' . $value . ')';
case 'password':
return 'PASSWORD(' . $value . ')';
case 'sha1':
return 'SHA1(' . $value . ')';
case 'encrypt':
return 'ENCRYPT(' . $value . ')';
case 'aes_encrypt':
return 'AES_ENCRYPT(' . $value . ',\'' . addslashes($field['aes_key']) . '\')';
}
}
return $value;
}
/**
* Wraps the value inside a mysql function to encrypt the input (if the 'crypt')
* attribute is selected.
*/
function encrypt($fieldname, $value = null)
{
if (!isset($value)) {
$value = '';
}
if (strpos($fieldname, '.') !== false) {
// This is a related field.
$table =& $this->_table->getTableTableForField($fieldname);
list($relname, $fieldname) = explode('.', $fieldname);
$serializer = new Dataface_Serializer($table->tablename);
$out = $serializer->encrypt($fieldname, $value);
return $out;
}
$field = $this->_table->getField($fieldname);
if (PEAR::isError($field)) {
error_log($field->getMessage() . "\n" . implode("\n", $field->getBacktrace()));
throw new Exception("Failed to encrypt field {$fieldname}. See error log for details.", E_USER_ERROR);
}
if (isset($field['encryption'])) {
switch (strtolower($field['encryption'])) {
case 'md5':
return 'MD5(' . $value . ')';
case 'password':
return 'PASSWORD(' . $value . ')';
case 'sha1':
return 'SHA1(' . $value . ')';
case 'encrypt':
return 'ENCRYPT(' . $value . ')';
case 'aes_encrypt':
return 'AES_ENCRYPT(' . $value . ',\'' . addslashes($field['aes_key']) . '\')';
}
}
return $value;
}