nextcloud/lib/User/database.php

<?php

/**
 * ownCloud
 *
 * @author Frank Karlitschek
 * @copyright 2010 Frank Karlitschek karlitschek@kde.org
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
 * License as published by the Free Software Foundation; either
 * version 3 of the License, or any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
 *
 * You should have received a copy of the GNU Affero General Public
 * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
 *
 */
/*
 *
 * The following SQL statement is just a help for developers and will not be
 * executed!
 *
 * CREATE TABLE `users` (
 *   `uid` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
 *   `password` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
 *   PRIMARY KEY (`uid`)
 * ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 *
 */

oc_require_once('User/backend.php');

/**
 * Class for user management in a SQL Database (e.g. MySQL, SQLite)
 *
 */
class OC_USER_DATABASE extends OC_USER_BACKEND {
	static private $userGroupCache=array();

	/**
	 * Try to create a new user
	 *
	 * @param  string  $username  The username of the user to create
	 * @param  string  $password  The password of the new user
	 */
	public static function createUser( $uid, $password ){
		$query = OC_DB::prepare( "SELECT * FROM `*PREFIX*users` WHERE `uid` = ?" );
		$result = $query->execute( array( $uid ));

		// Check if the user already exists
		if ( $result->numRows() > 0 ){
			return false;
		}
		else{
			$query = OC_DB::prepare( "INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )" );
			$result = $query->execute( array( $uid, sha1( $password )));

			return $result ? true : false;
		}
	}

	/**
	 * Try to login a user
	 *
	 * @param  string  $username  The username of the user to log in
	 * @param  string  $password  The password of the user
	 */
	public static function login( $username, $password ){
		$query = OC_DB::prepare( "SELECT `uid`, `name` FROM `*PREFIX*users` WHERE `uid` = ? AND `password` = ?" );
		$result = $query->execute( array( $username, sha1( $password )));

		if( $result->numRows() > 0 ){
			$row = $result->fetchRow();
			$_SESSION['user_id'] = $row["uid"];
			return true;
		}
		else{
			return false;
		}
	}

	/**
	 * Kick the user
	 *
	 */
	public static function logout() {
		OC_LOG::add( "core", $_SESSION['user_id'], "logout" );
		$_SESSION['user_id'] = false;
	}

	/**
	 * Check if the user is logged in
	 *
	 */
	public static function isLoggedIn() {
		if( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ){
			return true;
		}
		else{
			return false;
		}
	}

	/**
	 * Generate a random password
	 */
	public static function generatePassword(){
		return uniqId();
	}

	/**
	 * Set the password of a user
	 *
	 * @param  string  $username  User who password will be changed
	 * @param  string  $password  The new password for the user
	 */
	public static function setPassword( $username, $password ){
		$query = OC_DB::prepare( "UPDATE `*PREFIX*users` SET `password` = ? WHERE `uid` = ?" );
		$result = $query->execute( array( sha1( $password ), $username ));

		if( $result->numRows() > 0 ){
			return true;
		}
		else{
			return false;
		}
	}

	/**
	 * Check if the password of the user is correct
	 *
	 * @param  string  $username  Name of the user
	 * @param  string  $password  Password of the user
	 */
	public static function checkPassword( $username, $password ){
		$query = OC_DB::prepare( "SELECT `uid` FROM `*PREFIX*users` WHERE `uid` = ? AND `password` = ?" );
		$result = $query->execute( array( $username, sha1( $password )));

		if( $result->numRows() > 0 ){
			return true;
		}
		else{
			return false;
		}
	}

	/**
	 * get a list of all users
	 *
	 */
	public static function getUsers(){
		$query = OC_DB::prepare( "SELECT `uid` FROM `*PREFIX*users`" );
		$result = $query->execute();

		$users=array();
		while( $row = $result->fetchRow()){
			$users[] = $row["uid"];
		}
		return $users;
	}
}
Support for mod_auth added 2010-07-15 16:09:22 +04:00			`<?php`

			`/**`
First version of the new user management 2011-04-15 19:14:02 +04:00			`* ownCloud`
			`*`
			`* @author Frank Karlitschek`
			`* @copyright 2010 Frank Karlitschek karlitschek@kde.org`
			`*`
			`* This library is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE`
			`* License as published by the Free Software Foundation; either`
			`* version 3 of the License, or any later version.`
			`*`
			`* This library is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU AFFERO GENERAL PUBLIC LICENSE for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public`
			`* License along with this library. If not, see <http://www.gnu.org/licenses/>.`
			`*`
			`*/`
			`/*`
			`*`
			`* The following SQL statement is just a help for developers and will not be`
			`* executed!`
			`*`
			* CREATE TABLE `users` (
			* `uid` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
			* `password` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
			* PRIMARY KEY (`uid`)
			`* ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;`
			`*`
			`*/`
Support for mod_auth added 2010-07-15 16:09:22 +04:00
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00			`oc_require_once('User/backend.php');`
OC_USER now is an abstract class (OC_USER_ABSTRACT) At start the choosen user manager is created (e.g. OC_USER_DATABASE, OC_USER_LDAP) and put into the global variable `$userManager`. This is the variable to use instead of `OC_USER` class. TODO: A better name than $userManager? 2010-07-19 23:33:29 +04:00
Support for mod_auth added 2010-07-15 16:09:22 +04:00			`/**`
Created class `OC_USER_BACKEND` for general user managment It's possible to use `OC_USER` as normal but the real stuff is done by the `OC_USER::$_backend` class, setted using `OC_USER::setBackend()` (this is done in inc/lib_user.php) 2010-07-21 19:53:51 +04:00			`* Class for user management in a SQL Database (e.g. MySQL, SQLite)`
Minor style changes * camelCase * spaces here and there 2010-07-15 22:57:14 +04:00			`*`
Support for mod_auth added 2010-07-15 16:09:22 +04:00			`*/`
Created class `OC_USER_BACKEND` for general user managment It's possible to use `OC_USER` as normal but the real stuff is done by the `OC_USER::$_backend` class, setted using `OC_USER::setBackend()` (this is done in inc/lib_user.php) 2010-07-21 19:53:51 +04:00			`class OC_USER_DATABASE extends OC_USER_BACKEND {`
use caching for user-group relations 2010-09-12 19:04:52 +04:00			`static private $userGroupCache=array();`
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00
Support for mod_auth added 2010-07-15 16:09:22 +04:00			`/**`
Cleaned up and added some documentation 2010-07-23 01:42:18 +04:00			`* Try to create a new user`
			`*`
			`* @param string $username The username of the user to create`
			`* @param string $password The password of the new user`
			`*/`
First version of the new user management 2011-04-15 19:14:02 +04:00			`public static function createUser( $uid, $password ){`
			$query = OC_DB::prepare( "SELECT * FROM `PREFIXusers` WHERE `uid` = ?" );
php is not perl 2011-04-15 21:24:23 +04:00			`$result = $query->execute( array( $uid ));`
First version of the new user management 2011-04-15 19:14:02 +04:00
Cleaned up and added some documentation 2010-07-23 01:42:18 +04:00			`// Check if the user already exists`
First version of the new user management 2011-04-15 19:14:02 +04:00			`if ( $result->numRows() > 0 ){`
Support for mod_auth added 2010-07-15 16:09:22 +04:00			`return false;`
First version of the new user management 2011-04-15 19:14:02 +04:00			`}`
			`else{`
			$query = OC_DB::prepare( "INSERT INTO `PREFIXusers` ( `uid`, `password` ) VALUES( ?, ? )" );
php is not perl 2011-04-15 21:24:23 +04:00			`$result = $query->execute( array( $uid, sha1( $password )));`
First version of the new user management 2011-04-15 19:14:02 +04:00
Cleaned up and added some documentation 2010-07-23 01:42:18 +04:00			`return $result ? true : false;`
Fixed a cache-check in `OC_USER_Database::getGroupName()` and minor style changes * Added spaces here and there * Using camelCase for same variable 2010-07-15 21:56:13 +04:00			`}`
Created class `OC_USER_BACKEND` for general user managment It's possible to use `OC_USER` as normal but the real stuff is done by the `OC_USER::$_backend` class, setted using `OC_USER::setBackend()` (this is done in inc/lib_user.php) 2010-07-21 19:53:51 +04:00			`}`
Cleaned up and added some documentation 2010-07-23 01:42:18 +04:00
Support for mod_auth added 2010-07-15 16:09:22 +04:00			`/**`
Cleaned up and added some documentation 2010-07-23 01:42:18 +04:00			`* Try to login a user`
			`*`
			`* @param string $username The username of the user to log in`
			`* @param string $password The password of the user`
			`*/`
First version of the new user management 2011-04-15 19:14:02 +04:00			`public static function login( $username, $password ){`
			$query = OC_DB::prepare( "SELECT `uid`, `name` FROM `PREFIXusers` WHERE `uid` = ? AND `password` = ?" );
php is not perl 2011-04-15 21:24:23 +04:00			`$result = $query->execute( array( $username, sha1( $password )));`
Support for mod_auth added 2010-07-15 16:09:22 +04:00
First version of the new user management 2011-04-15 19:14:02 +04:00			`if( $result->numRows() > 0 ){`
			`$row = $result->fetchRow();`
			`$_SESSION['user_id'] = $row["uid"];`
Support for mod_auth added 2010-07-15 16:09:22 +04:00			`return true;`
			`}`
First version of the new user management 2011-04-15 19:14:02 +04:00			`else{`
			`return false;`
Support for mod_auth added 2010-07-15 16:09:22 +04:00			`}`
			`}`
Cleaned up and added some documentation 2010-07-23 01:42:18 +04:00
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00			`/**`
			`* Kick the user`
			`*`
			`*/`
			`public static function logout() {`
First version of the new user management 2011-04-15 19:14:02 +04:00			`OC_LOG::add( "core", $_SESSION['user_id'], "logout" );`
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00			`$_SESSION['user_id'] = false;`
			`}`

Support for mod_auth added 2010-07-15 16:09:22 +04:00			`/**`
Cleaned up and added some documentation 2010-07-23 01:42:18 +04:00			`* Check if the user is logged in`
			`*`
			`*/`
			`public static function isLoggedIn() {`
First version of the new user management 2011-04-15 19:14:02 +04:00			`if( isset($_SESSION['user_id']) AND $_SESSION['user_id'] ){`
Cleaned up and added some documentation 2010-07-23 01:42:18 +04:00			`return true;`
			`}`
First version of the new user management 2011-04-15 19:14:02 +04:00			`else{`
Support for mod_auth added 2010-07-15 16:09:22 +04:00			`return false;`
			`}`
			`}`
Cleaned up and added some documentation 2010-07-23 01:42:18 +04:00
			`/**`
			`* Generate a random password`
			`*/`
Created class `OC_USER_BACKEND` for general user managment It's possible to use `OC_USER` as normal but the real stuff is done by the `OC_USER::$_backend` class, setted using `OC_USER::setBackend()` (this is done in inc/lib_user.php) 2010-07-21 19:53:51 +04:00			`public static function generatePassword(){`
Cleaned up and added some documentation 2010-07-23 01:42:18 +04:00			`return uniqId();`
Support for mod_auth added 2010-07-15 16:09:22 +04:00			`}`
Reverted to self::$classType syntax and fixed the use of self in non-object 2010-07-19 20:52:49 +04:00
Support for mod_auth added 2010-07-15 16:09:22 +04:00			`/**`
Cleaned up and added some documentation 2010-07-23 01:42:18 +04:00			`* Set the password of a user`
			`*`
			`* @param string $username User who password will be changed`
			`* @param string $password The new password for the user`
			`*/`
First version of the new user management 2011-04-15 19:14:02 +04:00			`public static function setPassword( $username, $password ){`
			$query = OC_DB::prepare( "UPDATE `PREFIXusers` SET `password` = ? WHERE `uid` = ?" );
php is not perl 2011-04-15 21:24:23 +04:00			`$result = $query->execute( array( sha1( $password ), $username ));`
Support for mod_auth added 2010-07-15 16:09:22 +04:00
First version of the new user management 2011-04-15 19:14:02 +04:00			`if( $result->numRows() > 0 ){`
Created class `OC_USER_BACKEND` for general user managment It's possible to use `OC_USER` as normal but the real stuff is done by the `OC_USER::$_backend` class, setted using `OC_USER::setBackend()` (this is done in inc/lib_user.php) 2010-07-21 19:53:51 +04:00			`return true;`
First version of the new user management 2011-04-15 19:14:02 +04:00			`}`
			`else{`
Created class `OC_USER_BACKEND` for general user managment It's possible to use `OC_USER` as normal but the real stuff is done by the `OC_USER::$_backend` class, setted using `OC_USER::setBackend()` (this is done in inc/lib_user.php) 2010-07-21 19:53:51 +04:00			`return false;`
			`}`
Support for mod_auth added 2010-07-15 16:09:22 +04:00			`}`
Reverted to self::$classType syntax and fixed the use of self in non-object 2010-07-19 20:52:49 +04:00
Support for mod_auth added 2010-07-15 16:09:22 +04:00			`/**`
Cleaned up and added some documentation 2010-07-23 01:42:18 +04:00			`* Check if the password of the user is correct`
			`*`
			`* @param string $username Name of the user`
			`* @param string $password Password of the user`
			`*/`
First version of the new user management 2011-04-15 19:14:02 +04:00			`public static function checkPassword( $username, $password ){`
			$query = OC_DB::prepare( "SELECT `uid` FROM `PREFIXusers` WHERE `uid` = ? AND `password` = ?" );
php is not perl 2011-04-15 21:24:23 +04:00			`$result = $query->execute( array( $username, sha1( $password )));`
Support for mod_auth added 2010-07-15 16:09:22 +04:00
First version of the new user management 2011-04-15 19:14:02 +04:00			`if( $result->numRows() > 0 ){`
Support for mod_auth added 2010-07-15 16:09:22 +04:00			`return true;`
First version of the new user management 2011-04-15 19:14:02 +04:00			`}`
			`else{`
Support for mod_auth added 2010-07-15 16:09:22 +04:00			`return false;`
			`}`
			`}`

use caching for user-group relations 2010-09-12 19:04:52 +04:00			`/**`
			`* get a list of all users`
			`*`
			`*/`
First version of the new user management 2011-04-15 19:14:02 +04:00			`public static function getUsers(){`
			$query = OC_DB::prepare( "SELECT `uid` FROM `PREFIXusers`" );
			`$result = $query->execute();`
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry. 2011-03-02 01:20:16 +03:00
use caching for user-group relations 2010-09-12 19:04:52 +04:00			`$users=array();`
First version of the new user management 2011-04-15 19:14:02 +04:00			`while( $row = $result->fetchRow()){`
			`$users[] = $row["uid"];`
use caching for user-group relations 2010-09-12 19:04:52 +04:00			`}`
			`return $users;`
			`}`
Fixed a cache-check in `OC_USER_Database::getGroupName()` and minor style changes * Added spaces here and there * Using camelCase for same variable 2010-07-15 21:56:13 +04:00			`}`