nextcloud/lib/private/user/database.php

340 lines
8.3 KiB
PHP
Raw Normal View History

2010-07-15 16:09:22 +04:00
<?php
/**
* ownCloud
*
* @author Frank Karlitschek
2012-05-26 21:14:24 +04:00
* @copyright 2012 Frank Karlitschek frank@owncloud.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
/*
*
* The following SQL statement is just a help for developers and will not be
* executed!
*
* CREATE TABLE `users` (
* `uid` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
* `password` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
* PRIMARY KEY (`uid`)
* ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
*
*/
2010-07-15 16:09:22 +04:00
require_once 'phpass/PasswordHash.php';
2010-07-15 16:09:22 +04:00
/**
* Class for user management in a SQL Database (e.g. MySQL, SQLite)
2010-07-15 16:09:22 +04:00
*/
2011-07-29 23:36:03 +04:00
class OC_User_Database extends OC_User_Backend {
/**
* @var PasswordHash
*/
2014-03-06 20:57:09 +04:00
private static $hasher = null;
private $cache = array();
private $cache_complete = false;
2014-03-07 01:34:43 +04:00
2012-09-07 17:22:01 +04:00
private function getHasher() {
2013-12-11 19:22:26 +04:00
if (!self::$hasher) {
2013-05-01 13:29:15 +04:00
//we don't want to use DES based crypt(), since it doesn't return a hash with a recognisable prefix
2013-12-11 19:22:26 +04:00
$forcePortable = (CRYPT_BLOWFISH != 1);
self::$hasher = new PasswordHash(8, $forcePortable);
}
return self::$hasher;
}
2012-08-29 10:38:33 +04:00
2010-07-15 16:09:22 +04:00
/**
2011-04-18 12:41:01 +04:00
* @brief Create a new user
* @param $uid The username of the user to create
2011-04-18 12:41:01 +04:00
* @param $password The password of the new user
* @returns true/false
*
2011-07-29 23:36:03 +04:00
* Creates a new user. Basic checking of username is done in OC_User
* itself, not in its subclasses.
*/
2013-12-11 19:22:26 +04:00
public function createUser($uid, $password) {
2014-03-07 01:34:43 +04:00
if (!$this->userExists($uid)) {
2013-12-11 19:22:26 +04:00
$hasher = $this->getHasher();
$hash = $hasher->HashPassword($password . OC_Config::getValue('passwordsalt', ''));
$query = OC_DB::prepare('INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )');
$result = $query->execute(array($uid, $hash));
2014-03-07 01:34:43 +04:00
if ($result) {
$this->cache[$uid]['uid'] = $uid;
2014-03-07 01:34:43 +04:00
return true;
}
}
2014-03-07 01:34:43 +04:00
return false;
}
2011-04-17 03:04:23 +04:00
/**
2011-04-18 12:41:01 +04:00
* @brief delete a user
* @param $uid The username of the user to delete
* @returns true/false
2011-04-17 03:04:23 +04:00
*
2011-04-18 12:41:01 +04:00
* Deletes a user
2011-04-17 03:04:23 +04:00
*/
2013-12-11 19:22:26 +04:00
public function deleteUser($uid) {
2011-04-18 12:41:01 +04:00
// Delete user-group-relation
2013-12-11 19:22:26 +04:00
$query = OC_DB::prepare('DELETE FROM `*PREFIX*users` WHERE `uid` = ?');
$result = $query->execute(array($uid));
2014-03-10 20:27:51 +04:00
if ($result) {
if (isset($this->cache[$uid])) {
unset($this->cache[$uid]);
2014-03-10 20:27:51 +04:00
}
return true;
}
return false;
2011-04-17 03:04:23 +04:00
}
2010-07-15 16:09:22 +04:00
/**
2011-04-18 12:41:01 +04:00
* @brief Set password
* @param $uid The username
* @param $password The new password
* @returns true/false
*
2011-04-18 12:41:01 +04:00
* Change the password of a user
*/
2013-12-11 19:22:26 +04:00
public function setPassword($uid, $password) {
if ($this->userExists($uid)) {
$hasher = $this->getHasher();
$hash = $hasher->HashPassword($password . OC_Config::getValue('passwordsalt', ''));
$query = OC_DB::prepare('UPDATE `*PREFIX*users` SET `password` = ? WHERE `uid` = ?');
$result = $query->execute(array($hash, $uid));
2011-04-18 12:41:01 +04:00
return $result ? true : false;
}
2014-03-07 11:46:34 +04:00
return false;
2010-07-15 16:09:22 +04:00
}
2013-02-22 20:21:57 +04:00
/**
* @brief Set display name
* @param $uid The username
* @param $displayName The new display name
* @returns true/false
*
* Change the display name of a user
*/
2013-12-11 19:22:26 +04:00
public function setDisplayName($uid, $displayName) {
if ($this->userExists($uid)) {
$query = OC_DB::prepare('UPDATE `*PREFIX*users` SET `displayname` = ? WHERE LOWER(`uid`) = ?');
$query->execute(array($displayName, $uid));
$this->cache[$uid]['displayname'] = $displayName;
return true;
}
2014-03-07 01:34:43 +04:00
return false;
}
/**
* @brief get display name of the user
* @param $uid user ID of the user
2013-12-11 19:22:26 +04:00
* @return string display name
*/
public function getDisplayName($uid) {
2014-03-06 20:57:09 +04:00
$this->loadUser($uid);
return empty($this->cache[$uid]['displayname']) ? $uid : $this->cache[$uid]['displayname'];
}
2013-02-22 20:21:57 +04:00
/**
* @brief Get a list of all display names
* @returns array with all displayNames (value) and the correspondig uids (key)
*
* Get a list of all display names and user ids.
*/
public function getDisplayNames($search = '', $limit = null, $offset = 0) {
$this->loadUsers();
$search = strtolower($search);
$i = 0;
$displayNames = array();
foreach ($this->cache as $uid => $value) {
if ((preg_match('/^.*'.$search.'.*/', strtolower($uid)) || preg_match('/^.*'.$search.'.*/', strtolower($value['displayname']))) && $offset <= $i) {
$displayNames[$uid] = $value['displayname'];
if (!is_null($limit)) {
$limit--;
if ($limit <= 0) {
break;
}
}
}
$i++;
}
2013-02-22 20:21:57 +04:00
return $displayNames;
}
2013-02-22 20:21:57 +04:00
2010-07-15 16:09:22 +04:00
/**
2011-04-18 12:41:01 +04:00
* @brief Check if the password is correct
* @param $uid The username
* @param $password The password
* @returns string
*
2011-04-18 12:41:01 +04:00
* Check if the password is correct without logging in the user
* returns the user id or false
*/
2013-12-11 19:22:26 +04:00
public function checkPassword($uid, $password) {
$query = OC_DB::prepare('SELECT `uid`, `password` FROM `*PREFIX*users` WHERE LOWER(`uid`) = LOWER(?)');
$result = $query->execute(array($uid));
2010-07-15 16:09:22 +04:00
2013-12-11 19:22:26 +04:00
$row = $result->fetchRow();
if ($row) {
$storedHash = $row['password'];
if ($storedHash[0] == '$') { //the new phpass based hashing
$hasher = $this->getHasher();
2014-03-07 11:46:34 +04:00
if ($hasher->CheckPassword($password . OC_Config::getValue('passwordsalt', ''), $storedHash)) {
return $row['uid'];
2014-03-07 11:46:34 +04:00
}
2014-03-06 20:57:09 +04:00
//old sha1 based hashing
} elseif (sha1($password) == $storedHash) {
//upgrade to new hashing
$this->setPassword($row['uid'], $password);
return $row['uid'];
}
}
return false;
}
/**
* @brief Load an user in the cache
2014-03-07 01:23:17 +04:00
* @param string $uid the username
2014-03-06 20:57:09 +04:00
* @returns boolean
*/
private function loadUser($uid) {
if (empty($this->cache[$uid])) {
2014-03-06 20:57:09 +04:00
$query = OC_DB::prepare('SELECT `uid`, `displayname` FROM `*PREFIX*users` WHERE LOWER(`uid`) = LOWER(?)');
$result = $query->execute(array($uid));
if (OC_DB::isError($result)) {
OC_Log::write('core', OC_DB::getErrorMessage($result), OC_Log::ERROR);
return false;
}
while ($row = $result->fetchRow()) {
$this->cache[$uid]['uid'] = $row['uid'];
$this->cache[$uid]['displayname'] = $row['displayname'];
}
2010-07-15 16:09:22 +04:00
}
2014-03-06 20:57:09 +04:00
return true;
2010-07-15 16:09:22 +04:00
}
2014-03-07 01:23:17 +04:00
/**
* @brief Load an user in the cache
* @param string $uid the username
* @returns boolean
*/
private function loadUsers() {
if (!$this->cache_complete) {
2014-03-07 01:23:17 +04:00
$query = OC_DB::prepare('SELECT `uid`, `displayname` FROM `*PREFIX*users` ORDER BY `uid`');
2014-03-07 11:46:34 +04:00
$result = $query->execute();
2014-03-07 01:23:17 +04:00
if (OC_DB::isError($result)) {
OC_Log::write('core', OC_DB::getErrorMessage($result), OC_Log::ERROR);
return false;
}
while ($row = $result->fetchRow()) {
2014-03-09 15:47:19 +04:00
$uid = $row['uid'];
$this->cache[$uid]['uid'] = $uid;
$this->cache[$uid]['displayname'] = $row['displayname'];
2014-03-07 01:23:17 +04:00
}
$this->cache_complete = true;
2014-03-07 01:23:17 +04:00
}
return true;
}
2010-09-12 19:04:52 +04:00
/**
2011-04-18 12:41:01 +04:00
* @brief Get a list of all users
* @returns array with all uids
2010-09-12 19:04:52 +04:00
*
2011-04-18 12:41:01 +04:00
* Get a list of all users.
2010-09-12 19:04:52 +04:00
*/
public function getUsers($search = '', $limit = null, $offset = 0) {
2014-03-07 01:23:17 +04:00
$this->loadUsers();
$search = strtolower($search);
$i = 0;
$users = array();
foreach ($this->cache as $uid => $value) {
if (preg_match('/^'.$search.'.*/', strtolower($uid)) && $offset <= $i) {
$users[] = $uid;
if (!is_null($limit)) {
$limit--;
if ($limit <= 0) {
break;
}
}
}
$i++;
2014-03-07 11:46:34 +04:00
}
2014-03-07 01:23:17 +04:00
2010-09-12 19:04:52 +04:00
return $users;
}
/**
* @brief check if a user exists
* @param string $uid the username
* @return boolean
*/
2012-09-07 17:22:01 +04:00
public function userExists($uid) {
2014-03-06 20:57:09 +04:00
$this->loadUser($uid);
return !empty($this->cache[$uid]);
}
2012-08-26 18:24:25 +04:00
/**
2013-12-11 19:22:26 +04:00
* @brief get the user's home directory
* @param string $uid the username
2014-03-07 11:46:34 +04:00
* @return string|false
2013-12-11 19:22:26 +04:00
*/
2012-09-07 17:22:01 +04:00
public function getHome($uid) {
2014-03-07 11:46:34 +04:00
if ($this->userExists($uid)) {
2013-12-11 19:22:26 +04:00
return OC_Config::getValue("datadirectory", OC::$SERVERROOT . "/data") . '/' . $uid;
2014-03-07 11:46:34 +04:00
}
2014-03-06 20:57:09 +04:00
return false;
2012-08-26 18:24:25 +04:00
}
/**
* @return bool
*/
public function hasUserListings() {
return true;
}
/**
* counts the users in the database
*
2014-03-06 20:57:09 +04:00
* @return int | bool
*/
public function countUsers() {
2014-03-07 01:23:17 +04:00
$this->loadUsers();
return count($this->cache);
}
}