/
reu.class.php
247 lines (202 loc) · 5.87 KB
/
reu.class.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
<?php
/**
* REU.RU authentication backend
*
* @license GPL 2
* @author Artem <silentulo cxe gmail.com>
*/
define('DOKU_AUTH', dirname(__FILE__));
//require_once(DOKU_AUTH.'/basic.class.php');
class auth_reu extends auth_basic {
var $dbcon = 0;
var $dbver = 0; // database version
var $dbrev = 0; // database revision
var $dbsub = 0; // database subrevision
var $cnf = null;
var $defaultgroup = "";
/**************************************
* INITIALIZATION
**************************************/
/**
* Constructor
*
* checks if the mysql interface is available, otherwise it will
* set the variable $success of the basis class to false
*
* @author Matthias Grimm <matthiasgrimm@users.sourceforge.net>
*/
function auth_mysql() {
global $conf;
$this->cnf = $conf['auth']['reu'];
if (method_exists($this, 'auth_basic'))
parent::auth_basic();
if(!function_exists('mysql_connect')) {
$this->msg_debug ("MySQL err: PHP MySQL extension not found.",-1,__LINE__,__FILE__);
$this->success = false;
return;
}
// default to UTF-8, you rarely want something else
if(!isset($this->cnf['charset'])) $this->cnf['charset'] = 'utf8';
$this->defaultgroup = $conf['defaultgroup'];
// set capabilities based upon config strings set
if ( empty($this->cnf['server']) || empty($this->cnf['user']) ||
empty($this->cnf['password']) || empty($this->cnf['database'])){
$this->msg_debug("MySQL err: insufficient configuration.",-1,__LINE__,__FILE__);
$this->success = false;
return;
}
// $this->cando['addUser'] = 1;
// $this->cando['delUser'] = 1;
// $this->cando['modLogin'] = 1;
// $this->cando['modPass'] = 1;
// $this->cando['modName'] = 1;
// $this->cando['modMail'] = 1;
// $this->cando['modGroups'] = 1;
// $this->cando['getGroups'] = 1;
// $this->cando['getUsers'] = 1;
// $this->cando['getUserCount'] = 1;
}
/**************************************
* INTERFACE
**************************************/
/**
* Checks if the given user exists and the given plaintext password
* is correct. Furtheron it might be checked wether the user is
* member of the right group
*
* @param $user user who would like access
* @param $pass user's clear text password to check
* @return bool
*/
function checkPass($user,$pass){
if(!$this->_openDB())
return false;
$res = $this->_queryCheckPass($user, $pass);
$this->_closeDB();
return $res;
}
/**************************************
* INTERFACE
**************************************/
/**
* Prints msg() if config param debug is set
**/
function msg($msg, $smth, $line, $file) {
if ($this->cnf['debug'])
msg($message, $smth, $line, $file);
}
/**************************************
* DB CONNECTION
**************************************/
/**
* Opens a connection to a database and saves the handle for further
* usage in the object. The successful call to this functions is
* essential for most functions in this object.
*
* @return bool
*/
function _openDB() {
// Return if connection already open
if ($this->dbcon)
return true;
// Open connection
$con = @mysql_connect ($this->cnf['server'], $this->cnf['user'], $this->cnf['password']);
if (!$con) {
$this->msg("MySQL err: Connection to {$this->cnf['user']}@{$this->cnf['server']} not possible.",
-1,__LINE__,__FILE__);
return false;
}
// Open database
if (!mysql_select_db($this->cnf['database'], $con)) {
mysql_close ($con);
$this->msg ("MySQL err: No access to database {$this->cnf['database']}.",-1,__LINE__,__FILE__);
return false;
}
// Get version
if ((preg_match("/^(\d+)\.(\d+)\.(\d+).*/", mysql_get_server_info ($con), $result)) == 1) {
$this->dbver = $result[1];
$this->dbrev = $result[2];
$this->dbsub = $result[3];
}
$this->dbcon = $con;
mysql_query('SET CHARACTER SET "utf8"', $con);
return true; // connection and database successfully opened
}
/**
* Closes a database connection.
*/
function _closeDB() {
if (!$this->dbcon)
return;
mysql_close ($this->dbcon);
$this->dbcon = 0;
}
/**
* Sends a SQL query to the database and transforms the result into
* an associative array.
*
* This function is only able to handle queries that returns a
* table such as SELECT.
*
* @param $query SQL string that contains the query
* @return array with the result table
*/
function _queryDB($query) {
$resultarray = array();
if (!$this->dbcon)
return false;
// Run query
$result = @mysql_query($query,$this->dbcon);
if (!$result) {
$this->msg ('MySQL err: '.mysql_error($this->dbcon),-1,__LINE__,__FILE__);
return false;
}
// Fetch results
while (($t = mysql_fetch_assoc($result)) !== false)
$resultarray[]=$t;
mysql_free_result ($result);
return $resultarray;
}
/**
* Escape a string for insertion into the database
*
* @param string $string The string to escape
* @param boolean $like Escape wildcard chars as well?
*
* @author Andreas Gohr <andi@splitbrain.org>
*/
function _escape($string,$like=false){
if($this->dbcon){
$string = mysql_real_escape_string($string, $this->dbcon);
}else{
$string = addslashes($string);
}
if($like){
$string = addcslashes($string,'%_');
}
return $string;
}
/**************************************
* DB QUERIES
**************************************/
/**
* Verifies user-password pair
*
* @param $user username
* @param $pass clear password
*/
function _queryCheckPass ($user, $pass) {
// Get hash
$phash = $this->_cryptPassword($pass);
// Construct SQL
$sql = 'SELECT kodo FROM `membr` as m'
. ' WHERE svorto = "'.$this->_escape($user).'" '
. ' and pvorto = "'.$this->_escape($phash).'"';
// Query
$result = $this->_queryDB($sql);
if($result !== false && count($result) == 1) {
return true;
}
return false;
}
}