public static function getInstitutionalUserQuota($userID)
{
// TODO: config
$dev = Z_ENV_TESTING_SITE ? "_test" : "";
$databaseName = "zotero_www{$dev}";
// Get maximum institutional quota by e-mail domain
$sql = "SELECT IFNULL(MAX(storageQuota), 0) FROM {$databaseName}.users_email\n\t\t\t\tJOIN {$databaseName}.storage_institutions ON (SUBSTRING_INDEX(email, '@', -1)=domain)\n\t\t\t\tWHERE userID=?";
try {
$institutionalDomainQuota = Zotero_WWW_DB_2::valueQuery($sql, $userID);
} catch (Exception $e) {
Z_Core::logError("WARNING: {$e} -- retrying on primary");
$institutionalDomainQuota = Zotero_WWW_DB_1::valueQuery($sql, $userID);
}
// Get maximum institutional quota by e-mail address
$sql = "SELECT IFNULL(MAX(storageQuota), 0) FROM {$databaseName}.users_email\n\t\t\t\tJOIN {$databaseName}.storage_institution_email USING (email)\n\t\t\t\tJOIN {$databaseName}.storage_institutions USING (institutionID)\n\t\t\t\tWHERE userID=?";
try {
$institutionalEmailQuota = Zotero_WWW_DB_2::valueQuery($sql, $userID);
} catch (Exception $e) {
Z_Core::logError("WARNING: {$e} -- retrying on primary");
$institutionalEmailQuota = Zotero_WWW_DB_1::valueQuery($sql, $userID);
}
$quota = max($institutionalDomainQuota, $institutionalEmailQuota);
return $quota ? $quota : false;
}
private static function getUsernameFromWWW($userID)
{
$sql = "SELECT username FROM users WHERE userID=?";
try {
$username = Zotero_WWW_DB_2::valueQuery($sql, $userID);
} catch (Exception $e) {
Z_Core::logError("WARNING: {$e} -- retrying on primary");
$username = Zotero_WWW_DB_1::valueQuery($sql, $userID);
}
if (!$username) {
throw new Exception("User {$userID} not found", Z_ERROR_USER_NOT_FOUND);
}
return $username;
}
private function getUserPrivacy($userID)
{
if (isset($this->userPrivacy[$userID])) {
return $this->userPrivacy[$userID];
}
if (Z_ENV_DEV_SITE) {
// Hard-coded test values
$privacy = array();
switch ($userID) {
case 1:
$privacy['library'] = true;
$privacy['notes'] = true;
break;
case 2:
$privacy['library'] = false;
$privacy['notes'] = false;
break;
default:
throw new Exception("External requests disabled on dev site");
}
$this->userPrivacy[$userID] = $privacy;
return $privacy;
}
$sql = "SELECT metaKey, metaValue FROM users_meta WHERE userID=? AND metaKey LIKE 'privacy_publish%'";
try {
$rows = Zotero_WWW_DB_2::query($sql, $userID);
} catch (Exception $e) {
Z_Core::logError("WARNING: {$e} -- retrying on primary");
$rows = Zotero_WWW_DB_1::query($sql, $userID);
}
$privacy = array('library' => false, 'notes' => false);
foreach ($rows as $row) {
$privacy[strtolower(substr($row['metaKey'], 15))] = (bool) (int) $row['metaValue'];
}
$this->userPrivacy[$userID] = $privacy;
return $privacy;
}
public static function authenticate($data)
{
$salt = Z_CONFIG::$AUTH_SALT;
// TODO: config
$dev = Z_ENV_TESTING_SITE ? "_test" : "";
$databaseName = "zotero_www{$dev}";
$username = $data['username'];
$password = $data['password'];
$isEmailAddress = strpos($username, '@') !== false;
$cacheKey = 'userAuthHash_' . hash('sha256', $username . $password);
$userID = Z_Core::$MC->get($cacheKey);
if ($userID) {
return $userID;
}
// Username
if (!$isEmailAddress) {
$sql = "SELECT userID, username, password AS hash FROM {$databaseName}.users WHERE username=?";
$params = [$username];
} else {
$sql = "SELECT userID, username, password AS hash FROM {$databaseName}.users\n\t\t\t WHERE username = ?\n\t\t\t UNION\n\t\t\t SELECT userID, username, password AS hash FROM {$databaseName}.users\n\t\t\t WHERE email = ?\n\t\t\t ORDER BY username = ? DESC";
$params = [$username, $username, $username];
}
try {
$retry = true;
$rows = Zotero_WWW_DB_2::query($sql, $params);
if (!$rows) {
$retry = false;
$rows = Zotero_WWW_DB_1::query($sql, $params);
}
} catch (Exception $e) {
if ($retry) {
Z_Core::logError("WARNING: {$e} -- retrying on primary");
$rows = Zotero_WWW_DB_1::query($sql, $params);
}
}
if (!$rows) {
return false;
}
$found = false;
foreach ($rows as $row) {
// Try bcrypt
$found = password_verify($password, $row['hash']);
// Try salted SHA1
if (!$found) {
$found = sha1($salt . $password) == $row['hash'];
}
// Try MD5
if (!$found) {
$found = md5($password) == $row['hash'];
}
if ($found) {
$foundRow = $row;
break;
}
}
if (!$found) {
return false;
}
self::updateUser($foundRow['userID'], $foundRow['username']);
Z_Core::$MC->set($cacheKey, $foundRow['userID'], 60);
return $foundRow['userID'];
}
public static function authenticate($data)
{
$salt = Z_CONFIG::$AUTH_SALT;
// TODO: config
$dev = Z_ENV_TESTING_SITE ? "_test" : "";
$databaseName = "zotero_www{$dev}";
$username = $data['username'];
$password = $data['password'];
$isEmailAddress = strpos($username, '@') !== false;
$cacheKey = 'userAuthHash_' . sha1($username . $salt . $password);
$userID = Z_Core::$MC->get($cacheKey);
if ($userID) {
return $userID;
}
// Query the database looking for a salted SHA1 password
$passwordSha1 = sha1($salt . $password);
if (!$isEmailAddress) {
// Try username
$sql = "SELECT userID, username FROM {$databaseName}.users\n\t\t\t\t\t WHERE username = ? AND password = ?\n\t\t\t\t\t LIMIT 1";
$params = array($username, $passwordSha1);
try {
$retry = true;
$row = Zotero_WWW_DB_2::rowQuery($sql, $params);
if (!$row) {
$retry = false;
$row = Zotero_WWW_DB_1::rowQuery($sql, $params);
}
} catch (Exception $e) {
if ($retry) {
Z_Core::logError("WARNING: {$e} -- retrying on primary");
$row = Zotero_WWW_DB_1::rowQuery($sql, $params);
}
}
} else {
// Try both username and e-mail address
$sql = "SELECT userID, username FROM {$databaseName}.users\n\t\t\t\t\t WHERE username = ? AND password = ?\n\t\t\t\t\t UNION\n\t\t\t\t\t SELECT userID, username FROM {$databaseName}.users\n\t\t\t\t\t WHERE email = ? AND password = ?\n\t\t\t\t\t ORDER BY username = ? DESC\n\t\t\t\t\t LIMIT 1";
$params = array($username, $passwordSha1, $username, $passwordSha1, $username);
try {
$retry = true;
$row = Zotero_WWW_DB_2::rowQuery($sql, $params);
if (!$row) {
$retry = false;
$row = Zotero_WWW_DB_1::rowQuery($sql, $params);
}
} catch (Exception $e) {
if ($retry) {
Z_Core::logError("WARNING: {$e} -- retrying on primary");
$row = Zotero_WWW_DB_1::rowQuery($sql, $params);
}
}
}
// If not found, check for an MD5 password
if (!$row) {
$passwordMd5 = md5($password);
if (!$isEmailAddress) {
// Try username
$sql = "SELECT userID, username FROM {$databaseName}.users\n\t\t\t\t\t\t WHERE username = ? AND password = ? LIMIT 1";
$params = array($username, $passwordMd5);
try {
$row = Zotero_WWW_DB_2::rowQuery($sql, $params);
} catch (Exception $e) {
Z_Core::logError("WARNING: {$e} -- retrying on primary");
$row = Zotero_WWW_DB_1::rowQuery($sql, $params);
}
} else {
// Try both username and e-mail address
$sql = "SELECT userID, username FROM {$databaseName}.users\n\t\t\t\t\t\t WHERE username = ? AND password = ?\n\t\t\t\t\t\t UNION\n\t\t\t\t\t\t SELECT userID, username FROM {$databaseName}.users\n\t\t\t\t\t\t WHERE email = ? AND password = ?\n\t\t\t\t\t\t ORDER BY username = ? DESC\n\t\t\t\t\t\t LIMIT 1";
$params = array($username, $passwordMd5, $username, $passwordMd5, $username);
try {
$row = Zotero_WWW_DB_2::rowQuery($sql, $params);
} catch (Exception $e) {
Z_Core::logError("WARNING: {$e} -- retrying on primary");
$row = Zotero_WWW_DB_1::rowQuery($sql, $params);
}
}
}
if (!$row) {
return false;
}
self::updateUser($row['userID'], $row['username']);
Z_Core::$MC->set($cacheKey, $row['userID'], 60);
return $row['userID'];
}
