source: branches/feature-module-update/html/test/kakinaka/pear/Auth/Container/DBLite.php @ 15080

Revision 15080, 9.3 KB checked in by nanasess, 17 years ago (diff)

svn properties 設定

  • svn:mime-type - application/x-httpd-php; charset=UTF-8
  • svn:keywords - Id
  • Property svn:keywords set to Id
  • Property svn:mime-type set to application/x-httpd-php; charset=UTF-8
Line 
1<?php
2/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
3
4/**
5 * Reduced storage driver for use against PEAR DB
6 *
7 * PHP versions 4 and 5
8 *
9 * LICENSE: This source file is subject to version 3.01 of the PHP license
10 * that is available through the world-wide-web at the following URI:
11 * http://www.php.net/license/3_01.txt.  If you did not receive a copy of
12 * the PHP License and are unable to obtain it through the web, please
13 * send a note to license@php.net so we can mail you a copy immediately.
14 *
15 * @category   Authentication
16 * @package    Auth
17 * @author     Martin Jansen <mj@php.net>
18 * @author     Adam Ashley <aashley@php.net>
19 * @copyright  2001-2006 The PHP Group
20 * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
21 * @version    CVS: $Id$
22 * @link       http://pear.php.net/package/Auth
23 * @since      File available since Release 1.3.0
24 */
25
26/**
27 * Include Auth_Container base class
28 */
29require_once 'Auth/Container.php';
30/**
31 * Include PEAR DB package
32 */
33require_once 'DB.php';
34
35/**
36 * A lighter storage driver for fetching login data from a database
37 *
38 * This driver is derived from the DB storage container but
39 * with the user manipulation function removed for smaller file size
40 * by the PEAR DB abstraction layer to fetch login data.
41 *
42 * @category   Authentication
43 * @package    Auth
44 * @author     Martin Jansen <mj@php.net>
45 * @author     Adam Ashley <aashley@php.net>
46 * @copyright  2001-2006 The PHP Group
47 * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
48 * @version    Release: 1.4.2  File: $Revision: 8713 $
49 * @link       http://pear.php.net/package/Auth
50 * @since      Class available since Release 1.3.0
51 */
52class Auth_Container_DBLite extends Auth_Container
53{
54
55    // {{{ properties
56
57    /**
58     * Additional options for the storage container
59     * @var array
60     */
61    var $options = array();
62
63    /**
64     * DB object
65     * @var object
66     */
67    var $db = null;
68    var $dsn = '';
69
70    /**
71     * User that is currently selected from the DB.
72     * @var string
73     */
74    var $activeUser = '';
75
76    // }}}
77    // {{{ Auth_Container_DBLite() [constructor]
78
79    /**
80     * Constructor of the container class
81     *
82     * Initate connection to the database via PEAR::DB
83     *
84     * @param  string Connection data or DB object
85     * @return object Returns an error object if something went wrong
86     */
87    function Auth_Container_DBLite($dsn)
88    {
89        $this->options['table']       = 'auth';
90        $this->options['usernamecol'] = 'username';
91        $this->options['passwordcol'] = 'password';
92        $this->options['dsn']         = '';
93        $this->options['db_fields']   = '';
94        $this->options['cryptType']   = 'md5';
95        $this->options['db_options']  = array();
96        $this->options['auto_quote']  = true;
97
98        if (is_array($dsn)) {
99            $this->_parseOptions($dsn);
100            if (empty($this->options['dsn'])) {
101                PEAR::raiseError('No connection parameters specified!');
102            }
103        } else {
104            $this->options['dsn'] = $dsn;
105        }
106    }
107
108    // }}}
109    // {{{ _connect()
110
111    /**
112     * Connect to database by using the given DSN string
113     *
114     * @access private
115     * @param  string DSN string
116     * @return mixed  Object on error, otherwise bool
117     */
118    function _connect(&$dsn)
119    {
120        if (is_string($dsn) || is_array($dsn)) {
121            $this->db =& DB::connect($dsn, $this->options['db_options']);
122        } elseif (is_subclass_of($dsn, "db_common")) {
123            $this->db =& $dsn;
124        } else {
125            return PEAR::raiseError("Invalid dsn or db object given");
126        }
127
128        if (DB::isError($this->db) || PEAR::isError($this->db)) {
129            return PEAR::raiseError($this->db->getMessage(), $this->db->getCode());
130        } else {
131            return true;
132        }
133    }
134
135    // }}}
136    // {{{ _prepare()
137
138    /**
139     * Prepare database connection
140     *
141     * This function checks if we have already opened a connection to
142     * the database. If that's not the case, a new connection is opened.
143     *
144     * @access private
145     * @return mixed True or a DB error object.
146     */
147    function _prepare()
148    {
149        if (!DB::isConnection($this->db)) {
150            $res = $this->_connect($this->options['dsn']);
151            if (DB::isError($res) || PEAR::isError($res)) {
152                return $res;
153            }
154        }
155        if ($this->options['auto_quote'] && $this->db->dsn['phptype'] != 'sqlite') {
156            $this->options['final_table'] = $this->db->quoteIdentifier($this->options['table']);
157            $this->options['final_usernamecol'] = $this->db->quoteIdentifier($this->options['usernamecol']);
158            $this->options['final_passwordcol'] = $this->db->quoteIdentifier($this->options['passwordcol']);
159        } else {
160            $this->options['final_table'] = $this->options['table'];
161            $this->options['final_usernamecol'] = $this->options['usernamecol'];
162            $this->options['final_passwordcol'] = $this->options['passwordcol'];
163        }
164        return true;
165    }
166
167    // }}}
168    // {{{ _parseOptions()
169
170    /**
171     * Parse options passed to the container class
172     *
173     * @access private
174     * @param  array
175     */
176    function _parseOptions($array)
177    {
178        foreach ($array as $key => $value) {
179            if (isset($this->options[$key])) {
180                $this->options[$key] = $value;
181            }
182        }
183    }
184
185    // }}}
186    // {{{ _quoteDBFields()
187
188    /**
189     * Quote the db_fields option to avoid the possibility of SQL injection.
190     *
191     * @access private
192     * @return string A properly quoted string that can be concatenated into a
193     * SELECT clause.
194     */
195    function _quoteDBFields()
196    {
197        if (isset($this->options['db_fields'])) {
198            if (is_array($this->options['db_fields'])) {
199                if ($this->options['auto_quote']) {
200                    $fields = array();
201                    foreach ($this->options['db_fields'] as $field) {
202                        $fields[] = $this->db->quoteIdentifier($field);
203                    }
204                    return implode(', ', $fields);
205                } else {
206                    return implode(', ', $this->options['db_fields']);
207                }
208            } else {
209                if (strlen($this->options['db_fields']) > 0) {
210                    if ($this->options['auto_quote']) {
211                        return $this->db->quoteIdentifier($this->options['db_fields']);
212                    } else {
213                        $this->options['db_fields'];
214                    }
215                }
216            }
217        }
218
219        return '';
220    }
221   
222    // }}}
223    // {{{ fetchData()
224
225    /**
226     * Get user information from database
227     *
228     * This function uses the given username to fetch
229     * the corresponding login data from the database
230     * table. If an account that matches the passed username
231     * and password is found, the function returns true.
232     * Otherwise it returns false.
233     *
234     * @param   string Username
235     * @param   string Password
236     * @return  mixed  Error object or boolean
237     */
238    function fetchData($username, $password)
239    {
240        // Prepare for a database query
241        $err = $this->_prepare();
242        if ($err !== true) {
243            return PEAR::raiseError($err->getMessage(), $err->getCode());
244        }
245
246        // Find if db_fields contains a *, if so assume all col are selected
247        if (is_string($this->options['db_fields'])
248            && strstr($this->options['db_fields'], '*')) {
249            $sql_from = "*";
250        } else {
251            $sql_from = $this->options['final_usernamecol'].
252                ", ".$this->options['final_passwordcol'];
253
254            if (strlen($fields = $this->_quoteDBFields()) > 0) {
255                $sql_from .= ', '.$fields;
256            }
257        }
258       
259        $query = "SELECT ".$sql_from.
260                " FROM ".$this->options['final_table'].
261                " WHERE ".$this->options['final_usernamecol']." = ".$this->db->quoteSmart($username);
262        $res = $this->db->getRow($query, null, DB_FETCHMODE_ASSOC);
263
264        if (DB::isError($res)) {
265            return PEAR::raiseError($res->getMessage(), $res->getCode());
266        }
267        if (!is_array($res)) {
268            $this->activeUser = '';
269            return false;
270        }
271        if ($this->verifyPassword(trim($password, "\r\n"),
272                                  trim($res[$this->options['passwordcol']], "\r\n"),
273                                  $this->options['cryptType'])) {
274            // Store additional field values in the session
275            foreach ($res as $key => $value) {
276                if ($key == $this->options['passwordcol'] ||
277                    $key == $this->options['usernamecol']) {
278                    continue;
279                }
280                // Use reference to the auth object if exists
281                // This is because the auth session variable can change so a static call to setAuthData does not make sence
282                if (is_object($this->_auth_obj)) {
283                    $this->_auth_obj->setAuthData($key, $value);
284                } else {
285                    Auth::setAuthData($key, $value);
286                }
287            }
288            $this->activeUser = $res[$this->options['usernamecol']];
289            return true;
290        }
291        $this->activeUser = $res[$this->options['usernamecol']];
292        return false;
293    }
294
295    // }}}
296
297}
298?>
Note: See TracBrowser for help on using the repository browser.