slp
/
po
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
po/src/include/auth.php

138 lines
4.1 KiB
PHP
Raw Blame History

<?php
// Copyright (C) 2005-2013 Solomon Peachy (pizza@shaftnet.org)
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
class po_auth_default_db {
private $handle;
function __construct() {
global $database;
$this->handle = $database;
}
function __destruct() {
// Do nothing in this specific case.
}
/* Arguments:
$username = "some_plaintext_username";
$password = "some_plaintext_password";
Returns:
FALSE if unsuccessful
username if successful
*/
function auth_user($username, $password) {
$database = $this->handle;
$password = pg_escape_string($database, $this->passwd_transform($password, $username));
$username = pg_escape_string($database, $username);
$res = pg_query($database, "SELECT username FROM users WHERE username='$username' and password = '$password' and type > ".PO_USER_TYPE_DISABLED);
if (pg_num_rows($res)) {
$row = pg_fetch_row($res);
return $row[0];
} else {
return FALSE;
}
}
/* Arguments:
$username = "some_plaintext_username";
Returns: array()
THESE ARE REQUIRED FIELDS:
'first_name' => 'firstname'
'last_name' => 'lastname'
'email' => 'email_addr'
'type' => PO_USER_TYPE
OPTIONAL FIELDS
address1, address2, city, zipcode, state, country, phone, url
*/
function user_info($username) {
$database = $this->handle;
$username = pg_escape_string($database, $username);
$res = pg_fetch_assoc(pg_query($database, "SELECT first_name, last_name, email, type
FROM view_contact_info
WHERE username='$username'"));
return $res;
}
/* Arguments:
$username = "some_plaintext_username";
$old_password = "old password, plaintext";
$new_password = "new password, plaintext";
Returns:
FALSE if failed, something else if ok.
*/
function change_pass($username, $old_password, $new_password) {
$database = $this->handle;
$username = pg_escape_string($database, $username);
$new_password = pg_escape_string($database, $this->passwd_transform($new_password, $username));
$old_password = pg_escape_string($database, $this->passwd_transform($old_password, $username));
$res = pg_query($database, "update users set password = '$new_password' where username = '$username' and password = '$old_password'");
return (pg_affected_rows($res) > 0);
}
function force_change_pass($username, $new_password) {
$database = $this->handle;
$username = pg_escape_string($database, $username);
$new_password = pg_escape_string($database, $this->passwd_transform($new_password, $username));
$res = pg_query($database, "update users set password = '$new_password' where username = '$username'");
return (pg_affected_rows($res) > 0);
}
/* Returns TRUE if the user is allowed to register. */
function can_register($username) {
$database = $this->handle;
$username = pg_escape_string($database, $username);
/* Make sure there's no existing username */
$res = pg_query($database, "select identifier from users where username = '$username'");
return (pg_num_rows($res) === 0);
}
/* Mangles the password for storage in local database */
function passwd_transform($password, $salt) {
return md5($password . $salt);
}
public $can_change_pass = TRUE;
public $username_is_email = FALSE;
public $local_register = TRUE;
public $local_userinfo = TRUE;
}
?>
View Git Blame Copy Permalink