1<?php
2/**
3* DBAuth class
4* @author Samuel Tran
5* @version 04-26-2005
6* @package DBAuth
7*
8* Following functions taken from PhpScheduleIt,
9*	Nick Korbel <lqqkout13@users.sourceforge.net>:
10* db_connect(), cleanRow(), get_err()
11*
12* Copyright (C) 2005 - 2007 MailZu
13* License: GPL, see LICENSE
14*/
15/**
16* Base directory of application
17*/
18@define('BASE_DIR', dirname(__FILE__) . '/..');
19/**
20* CmnFns class
21*/
22include_once('CmnFns.class.php');
23/**
24* Pear::DB
25*/
26if ($GLOBALS['conf']['app']['safeMode']) {
27	ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
28	include_once('pear/DB.php');
29}
30else {
31	include_once('DB.php');
32}
33
34/**
35* Provide all database access/manipulation functionality for SQL Auth
36*/
37class DBAuth {
38
39	// Reference to the database object
40	var $db;
41
42	// The database hostname with port (hostname[:port])
43        var $dbHost;
44
45	// Database type
46	var $dbType;
47	// Database name
48	var $dbName;
49
50	// Database user
51	var $dbUser;
52	// Password for database user
53	var $dbPass;
54
55	// Name for auth table that contains usernames and passwords
56	var $dbTable;
57	// Name of the Username field of the MySQL table
58	var $dbTableUsername;
59	// Name of the password field of the MySQL table
60	var $dbTablePassword;
61	// Name of the 'first name' or 'full name' field of the MySQL table
62	var $dbTableName;
63	// Name of the email address field of the MySQL table
64	var $dbTableMail;
65
66	// Hash configuration
67	// 1            = passwords will be stored md5 encrypted on database
68	// other number = passwords will be stored as is on database
69	var $isMd5;
70
71        // The user's logon name
72        var $logonName;
73        // The user's first name
74        var $firstName;
75        // The user's mail address
76        var $emailAddress;
77
78	var $err_msg = '';
79
80	/**
81	* DBEngine constructor to initialize object
82	* @param none
83	*/
84	function DBAuth() {
85		global $conf;
86
87		$this->dbType = $conf['auth']['dbType'];
88		$this->dbHost = $conf['auth']['dbHostSpec'];
89		$this->dbName = $conf['auth']['dbName'];
90		$this->dbUser = $conf['auth']['dbUser'];
91		$this->dbPass = $conf['auth']['dbPass'];
92		$this->isMd5 = $conf['auth']['dbIsMd5'];
93		$this->dbTable = $conf['auth']['dbTable'];
94		$this->dbTableUsername = $conf['auth']['dbTableUsername'];
95		$this->dbTablePassword = $conf['auth']['dbTablePassword'];
96		$this->dbTableName = $conf['auth']['dbTableName'];
97		$this->dbTableMail = $conf['auth']['dbTableMail'];
98
99		$this->db_connect();
100	}
101
102	// Connection handling methods -------------------------------------------
103
104	/**
105	* Create a persistent connection to the database
106	* @param none
107	*/
108	function db_connect() {
109
110		/***********************************************************
111		/ This uses PEAR::DB
112		/ See http://www.pear.php.net/manual/en/package.database.php#package.database.db
113		/ for more information and syntax on PEAR::DB
114		/**********************************************************/
115
116		// Data Source Name: This is the universal connection string
117		// See http://www.pear.php.net/manual/en/package.database.php#package.database.db
118		// for more information on DSN
119
120		$dsn = $this->dbType . '://' . $this->dbUser . ':' . $this->dbPass
121				. '@' . $this->dbHost . '/' . $this->dbName;
122
123		// Make persistant connection to database
124		$db = DB::connect($dsn, true);
125
126		// If there is an error, print to browser, print to logfile and kill app
127		if (DB::isError($db)) {
128			die ('Error connecting to database: ' . $db->getMessage() );
129		}
130
131		// Set fetch mode to return associatve array
132		$db->setFetchMode(DB_FETCHMODE_ASSOC);
133
134		$this->db = $db;
135	}
136
137
138	// User methods -------------------------------------------
139
140	/**
141	* Authenticates user
142	* @param string $username
143	* @param string $password
144	* @return boolean
145	*/
146	function authUser($username, $password) {
147
148		if ( $this->isMd5 )
149			$password = md5( $password );
150
151		$query = "SELECT $this->dbTableUsername, $this->dbTableMail"
152				. (! empty($this->dbTableName) ? ", $this->dbTableName" : '')
153                                . " FROM $this->dbTable"
154                                . " WHERE $this->dbTableUsername=?"
155                                . " AND $this->dbTablePassword=?";
156
157		$values = array($username, $password);
158
159		// Prepare query
160		$q = $this->db->prepare($query);
161                // Execute query
162		$result = $this->db->execute($q, $values);
163                // Check if error
164                $this->check_for_error($result);
165
166        	if ($result->numRows() <= 0) {
167			$this->err_msg = translate('There are no records in the table.');
168			return false;
169		} else {
170
171			// Fetch the first row of data
172			$rs = $this->cleanRow($result->fetchRow());
173
174			$this->logonName = $rs[$this->dbTableUsername];
175			$this->firstName = ( !empty($rs[$this->dbTableName]) ?
176						$rs[$this->dbTableName] : $rs[$this->dbTableUsername] );
177			$this->emailAddress = array( $rs[$this->dbTableMail] );
178
179			$result->free();
180
181			return true;
182		}
183	}
184
185	/**
186	* Checks to see if there was a database error and die if there was
187	* @param object $result result object of query
188	*/
189	function check_for_error($result) {
190		if (DB::isError($result))
191			CmnFns::do_error_box(translate('There was an error executing your query') . '<br />'
192				. $result->getMessage()
193				. '<br />' . '<a href="javascript: history.back();">' . translate('Back') . '</a>');
194		return false;
195	}
196
197
198	/**
199	* Strips out slashes for all data in the return row
200	* - THIS MUST ONLY BE ONE ROW OF DATA -
201	* @param array $data array of data to clean up
202	* @return array with same key => value pairs (except slashes)
203	*/
204	function cleanRow($data) {
205		$return = array();
206
207		foreach ($data as $key => $val)
208			$return[$key] = stripslashes($val);
209		return $return;
210	}
211
212	/**
213	* Returns the last database error message
214	* @param none
215	* @return last error message generated
216	*/
217	function get_err() {
218		return $this->err_msg;
219	}
220
221	// Helper methods -------------------------------------------
222
223    	/**
224        * Returns user information
225        * @return array containing user information
226        */
227	function getUserData() {
228        	$return = array(
229            			'logonName' => $this->logonName,
230            			'firstName' => $this->firstName,
231            			'emailAddress' => $this->emailAddress
232        	);
233        	return $return;
234    	}
235
236}
237?>
238