2010-07-15 16:09:22 +04:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/**
|
2011-04-15 19:14:02 +04:00
|
|
|
* ownCloud
|
|
|
|
*
|
|
|
|
* @author Frank Karlitschek
|
|
|
|
* @copyright 2010 Frank Karlitschek karlitschek@kde.org
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 3 of the License, or any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public
|
|
|
|
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
/*
|
|
|
|
*
|
|
|
|
* The following SQL statement is just a help for developers and will not be
|
|
|
|
* executed!
|
|
|
|
*
|
|
|
|
* CREATE TABLE `users` (
|
|
|
|
* `uid` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
|
|
|
|
* `password` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
|
|
|
|
* PRIMARY KEY (`uid`)
|
|
|
|
* ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
|
|
|
|
*
|
|
|
|
*/
|
2010-07-15 16:09:22 +04:00
|
|
|
|
2012-02-26 16:49:51 +04:00
|
|
|
require_once 'phpass/PasswordHash.php';
|
|
|
|
|
2010-07-15 16:09:22 +04:00
|
|
|
/**
|
2010-07-21 19:53:51 +04:00
|
|
|
* Class for user management in a SQL Database (e.g. MySQL, SQLite)
|
2010-07-15 16:09:22 +04:00
|
|
|
*/
|
2011-07-29 23:36:03 +04:00
|
|
|
class OC_User_Database extends OC_User_Backend {
|
2010-09-12 19:04:52 +04:00
|
|
|
static private $userGroupCache=array();
|
2012-02-26 16:49:51 +04:00
|
|
|
/**
|
|
|
|
* @var PasswordHash
|
|
|
|
*/
|
|
|
|
static private $hasher=null;
|
|
|
|
|
|
|
|
private function getHasher(){
|
|
|
|
if(!self::$hasher){
|
|
|
|
//we don't want to use DES based crypt(), since it doesn't return a has with a recognisable prefix
|
|
|
|
$forcePortable=(CRYPT_BLOWFISH!=1);
|
|
|
|
self::$hasher=new PasswordHash(8,$forcePortable);
|
|
|
|
}
|
|
|
|
return self::$hasher;
|
2011-03-02 01:20:16 +03:00
|
|
|
|
2012-02-26 16:49:51 +04:00
|
|
|
}
|
|
|
|
|
2010-07-15 16:09:22 +04:00
|
|
|
/**
|
2011-04-18 12:41:01 +04:00
|
|
|
* @brief Create a new user
|
2011-04-18 13:39:29 +04:00
|
|
|
* @param $uid The username of the user to create
|
2011-04-18 12:41:01 +04:00
|
|
|
* @param $password The password of the new user
|
|
|
|
* @returns true/false
|
2010-07-23 01:42:18 +04:00
|
|
|
*
|
2011-07-29 23:36:03 +04:00
|
|
|
* Creates a new user. Basic checking of username is done in OC_User
|
2011-04-18 13:39:29 +04:00
|
|
|
* itself, not in its subclasses.
|
2010-07-23 01:42:18 +04:00
|
|
|
*/
|
2011-06-21 21:28:46 +04:00
|
|
|
public function createUser( $uid, $password ){
|
|
|
|
if( $this->userExists($uid) ){
|
2010-07-15 16:09:22 +04:00
|
|
|
return false;
|
2012-02-26 16:49:51 +04:00
|
|
|
}else{
|
|
|
|
$hasher=$this->getHasher();
|
2012-06-08 14:42:35 +04:00
|
|
|
$hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', ''));
|
2011-04-15 19:14:02 +04:00
|
|
|
$query = OC_DB::prepare( "INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )" );
|
2012-02-26 16:49:51 +04:00
|
|
|
$result = $query->execute( array( $uid, $hash));
|
2011-04-15 19:14:02 +04:00
|
|
|
|
2010-07-23 01:42:18 +04:00
|
|
|
return $result ? true : false;
|
2010-07-15 21:56:13 +04:00
|
|
|
}
|
2010-07-21 19:53:51 +04:00
|
|
|
}
|
2010-07-23 01:42:18 +04:00
|
|
|
|
2011-04-17 03:04:23 +04:00
|
|
|
/**
|
2011-04-18 12:41:01 +04:00
|
|
|
* @brief delete a user
|
|
|
|
* @param $uid The username of the user to delete
|
|
|
|
* @returns true/false
|
2011-04-17 03:04:23 +04:00
|
|
|
*
|
2011-04-18 12:41:01 +04:00
|
|
|
* Deletes a user
|
2011-04-17 03:04:23 +04:00
|
|
|
*/
|
2011-06-21 21:28:46 +04:00
|
|
|
public function deleteUser( $uid ){
|
2011-04-18 12:41:01 +04:00
|
|
|
// Delete user-group-relation
|
2011-04-18 14:02:03 +04:00
|
|
|
$query = OC_DB::prepare( "DELETE FROM `*PREFIX*users` WHERE uid = ?" );
|
2011-04-18 12:41:01 +04:00
|
|
|
$result = $query->execute( array( $uid ));
|
2011-04-17 03:04:23 +04:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2010-07-15 16:09:22 +04:00
|
|
|
/**
|
2011-04-18 12:41:01 +04:00
|
|
|
* @brief Set password
|
|
|
|
* @param $uid The username
|
|
|
|
* @param $password The new password
|
|
|
|
* @returns true/false
|
2010-07-23 01:42:18 +04:00
|
|
|
*
|
2011-04-18 12:41:01 +04:00
|
|
|
* Change the password of a user
|
2010-07-23 01:42:18 +04:00
|
|
|
*/
|
2011-06-21 21:28:46 +04:00
|
|
|
public function setPassword( $uid, $password ){
|
|
|
|
if( $this->userExists($uid) ){
|
2012-02-26 16:49:51 +04:00
|
|
|
$hasher=$this->getHasher();
|
2012-06-08 14:42:35 +04:00
|
|
|
$hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', ''));
|
2011-04-18 12:41:01 +04:00
|
|
|
$query = OC_DB::prepare( "UPDATE *PREFIX*users SET password = ? WHERE uid = ?" );
|
2012-02-26 16:49:51 +04:00
|
|
|
$result = $query->execute( array( $hash, $uid ));
|
2011-04-18 12:41:01 +04:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
2011-04-18 17:07:14 +04:00
|
|
|
else{
|
|
|
|
return false;
|
|
|
|
}
|
2010-07-15 16:09:22 +04:00
|
|
|
}
|
2010-07-19 20:52:49 +04:00
|
|
|
|
2010-07-15 16:09:22 +04:00
|
|
|
/**
|
2011-04-18 12:41:01 +04:00
|
|
|
* @brief Check if the password is correct
|
|
|
|
* @param $uid The username
|
|
|
|
* @param $password The password
|
2012-05-17 02:57:43 +04:00
|
|
|
* @returns string
|
2010-07-23 01:42:18 +04:00
|
|
|
*
|
2011-04-18 12:41:01 +04:00
|
|
|
* Check if the password is correct without logging in the user
|
2012-05-17 02:57:43 +04:00
|
|
|
* returns the user id or false
|
2010-07-23 01:42:18 +04:00
|
|
|
*/
|
2011-06-21 21:28:46 +04:00
|
|
|
public function checkPassword( $uid, $password ){
|
2012-04-15 12:30:22 +04:00
|
|
|
$query = OC_DB::prepare( "SELECT uid, password FROM *PREFIX*users WHERE uid = ?" );
|
2012-02-26 16:49:51 +04:00
|
|
|
$result = $query->execute( array( $uid));
|
2010-07-15 16:09:22 +04:00
|
|
|
|
2011-09-17 04:36:04 +04:00
|
|
|
$row=$result->fetchRow();
|
|
|
|
if($row){
|
2012-02-26 16:49:51 +04:00
|
|
|
$storedHash=$row['password'];
|
2012-06-08 23:23:25 +04:00
|
|
|
if ($storedHash[0]=='$'){//the new phpass based hashing
|
2012-02-26 16:49:51 +04:00
|
|
|
$hasher=$this->getHasher();
|
2012-06-08 14:42:35 +04:00
|
|
|
if($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $storedHash)){
|
2012-02-26 16:49:51 +04:00
|
|
|
return $row['uid'];
|
|
|
|
}else{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}else{//old sha1 based hashing
|
|
|
|
if(sha1($password)==$storedHash){
|
|
|
|
//upgrade to new hashing
|
|
|
|
$this->setPassword($row['uid'],$password);
|
|
|
|
return $row['uid'];
|
|
|
|
}else{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
2011-08-25 23:51:04 +04:00
|
|
|
}else{
|
2010-07-15 16:09:22 +04:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-09-12 19:04:52 +04:00
|
|
|
/**
|
2011-04-18 12:41:01 +04:00
|
|
|
* @brief Get a list of all users
|
|
|
|
* @returns array with all uids
|
2010-09-12 19:04:52 +04:00
|
|
|
*
|
2011-04-18 12:41:01 +04:00
|
|
|
* Get a list of all users.
|
2010-09-12 19:04:52 +04:00
|
|
|
*/
|
2011-06-21 21:28:46 +04:00
|
|
|
public function getUsers(){
|
2011-04-17 14:35:58 +04:00
|
|
|
$query = OC_DB::prepare( "SELECT uid FROM *PREFIX*users" );
|
2011-04-15 19:14:02 +04:00
|
|
|
$result = $query->execute();
|
2011-03-02 01:20:16 +03:00
|
|
|
|
2010-09-12 19:04:52 +04:00
|
|
|
$users=array();
|
2011-04-15 19:14:02 +04:00
|
|
|
while( $row = $result->fetchRow()){
|
|
|
|
$users[] = $row["uid"];
|
2010-09-12 19:04:52 +04:00
|
|
|
}
|
|
|
|
return $users;
|
|
|
|
}
|
2011-06-21 21:28:46 +04:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @brief check if a user exists
|
|
|
|
* @param string $uid the username
|
|
|
|
* @return boolean
|
|
|
|
*/
|
|
|
|
public function userExists($uid){
|
2012-04-15 12:30:22 +04:00
|
|
|
$query = OC_DB::prepare( "SELECT * FROM `*PREFIX*users` WHERE uid = ?" );
|
2011-06-21 21:28:46 +04:00
|
|
|
$result = $query->execute( array( $uid ));
|
|
|
|
|
|
|
|
return $result->numRows() > 0;
|
|
|
|
}
|
2010-07-15 21:56:13 +04:00
|
|
|
}
|