/** * Authenticate against a different PostgreSQL database which contains a usr table in * the AWL format. * * @package awl */ function auth_other_awl($username, $password) { global $c; $authconn = pg_Connect($c->authenticate_hook['config']['connection']); if (!$authconn) { echo <<<EOERRMSG <html><head><title>Database Connection Failure</title></head><body> <h1>Database Error</h1> <h3>Could not connect to PostgreSQL database</h3> </body> </html> EOERRMSG; exit(1); } if (isset($c->authenticate_hook['config']['columns'])) { $cols = $c->authenticate_hook['config']['columns']; } else { $cols = "*"; } if (isset($c->authenticate_hook['config']['where'])) { $andwhere = " AND " . $c->authenticate_hook['config']['where']; } else { $andwhere = ""; } $qry = new AwlQuery("SELECT {$cols} FROM usr WHERE lower(username) = ? {$andwhere}", strtolower($username)); $qry->SetConnection($authconn); if ($qry->Exec('Login', __LINE, __FILE__) && $qry->rows() == 1) { $usr = $qry->Fetch(); if (session_validate_password($password, $usr->password)) { $qry = new AwlQuery("SELECT * FROM usr WHERE user_no = {$usr->user_no};"); if ($qry->Exec('Login', __LINE, __FILE__) && $qry->rows() == 1) { $type = "UPDATE"; } else { $type = "INSERT"; } $qry = new AwlQuery(sql_from_object($usr, $type, 'usr', "WHERE user_no={$usr->user_no}")); $qry->Exec('Login', __LINE, __FILE__); /** * We disallow login by inactive users _after_ we have updated the local copy */ if (isset($usr->active) && $usr->active == 'f') { return false; } return $usr; } } return false; }
/** * Update the local cache of the remote user details * @param object $usr The user details we read from the remote. */ function UpdateUserFromExternal(&$usr) { global $c; /** * When we're doing the create we will usually need to generate a user number */ if (!isset($usr->user_no) || intval($usr->user_no) == 0) { $qry = new AwlQuery("SELECT nextval('usr_user_no_seq');"); $qry->Exec('Login', __LINE__, __FILE__); $sequence_value = $qry->Fetch(true); // Fetch as an array $usr->user_no = $sequence_value[0]; } $qry = new AwlQuery('SELECT * FROM usr WHERE user_no = :user_no', array(':user_no' => $usr->user_no)); if ($qry->Exec('Login', __LINE__, __FILE__) && $qry->rows() == 1) { $type = "UPDATE"; if ($old = $qry->Fetch()) { $changes = false; foreach ($usr as $k => $v) { if ($old->{$k} != $v) { $changes = true; dbg_error_log("Login", "User '%s' field '%s' changed from '%s' to '%s'", $usr->username, $k, $old->{$k}, $v); break; } } if (!$changes) { dbg_error_log("Login", "No changes to user record for '%s' - leaving as-is.", $usr->username); if (isset($usr->active) && $usr->active == 'f') { return false; } return; // Normal case, if there are no changes } else { dbg_error_log("Login", "Changes to user record for '%s' - updating.", $usr->username); } } } else { $type = "INSERT"; } $params = array(); if ($type != 'INSERT') { $params[':user_no'] = $usr->user_no; } $qry = new AwlQuery(sql_from_object($usr, $type, 'usr', 'WHERE user_no= :user_no'), $params); $qry->Exec('Login', __LINE__, __FILE__); /** * We disallow login by inactive users _after_ we have updated the local copy */ if (isset($usr->active) && ($usr->active === 'f' || $usr->active === false)) { return false; } if ($type == 'INSERT') { $qry = new AwlQuery('INSERT INTO principal( type_id, user_no, displayname, default_privileges) SELECT 1, user_no, fullname, :privs::INT::BIT(24) FROM usr WHERE username=:username', array(':privs' => privilege_to_bits($c->default_privileges), ':username' => $usr->username)); $qry->Exec('Login', __LINE__, __FILE__); CreateHomeCalendar($usr->username); } else { if ($usr->fullname != $old->{'fullname'}) { // Also update the displayname if the fullname has been updated. $qry->QDo('UPDATE principal SET displayname=:new_display WHERE user_no=:user_no', array(':new_display' => $usr->fullname, ':user_no' => $usr->user_no)); } } }
/** * To write the record to the database * @return boolean Success. */ function Write() { dbg_error_log("DBRecord", ":Write: %s record as %s.", $this->Table, $this->WriteType); $sql = sql_from_object($this->Values, $this->WriteType, $this->Table, $this->_BuildWhereClause(), $this->prefix); $qry = new AwlQuery($sql); return $qry->Exec("DBRecord", __LINE__, __FILE__); }