builtinauthenticationprovider.inc.php
3.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
<?php
require_once(KT_LIB_DIR . '/authentication/authenticationprovider.inc.php');
require_once(KT_LIB_DIR . '/authentication/Authenticator.inc');
require_once('DBAuthenticator.inc');
class KTBuiltinAuthenticationProvider extends KTAuthenticationProvider {
var $sName = "Built-in authentication provider";
var $sNamespace = "ktcore.authentication.builtin";
function &getAuthenticator($oSource) {
// $oSource is null, since the built-in authentication provider
// only has a single, non-registered, instance.
return new BuiltinAuthenticator;
}
function showUserSource($oUser, $oSource) {
$sQuery = sprintf('action=setPassword&user_id=%d', $oUser->getId());
$sUrl = KTUtil::addQueryString($_SERVER['PHP_SELF'], $sQuery);
return '<p class="descriptiveText"><a href="' . $sUrl . '">' . sprintf(_("Change %s's password"), $oUser->getName()) . '</a></p>';
}
}
class BuiltinAuthenticator extends Authenticator {
/**
* Checks the user's password against the database
*
* @param string the name of the user to check
* @param string the password to check
* @return boolean true if the password is correct, else false
*/
function checkPassword($oUser, $password) {
global $default;
$sql = $default->db;
$userName = $oUser->getUserName();
$sQuery = "SELECT * FROM $default->users_table WHERE username = ? AND password = ?";/*ok*/
$aParams = array($userName, md5($password));
if ($sql->query(array($sQuery, $aParams))) {
if ($sql->num_rows($sql) == "1") {
return true;
} else {
return false;
}
} else {
return false;
}
}
/**
* Searches the directory for a specific user
*
* @param string the username to search for
* @param array the attributes to return from the search
* @return array containing the users found
*/
function getUser($sUserName, $aAttributes) {
global $default;
$sql = $default->db;
$sQuery = "SELECT ";/*ok*/
// build select
for ($i=0; $i<count($aAttributes); $i++) {
$sQuery .= $aAttributes[$i] . (( ($i+1) == count($aAttributes) ) ? "" : ", ");
}
$sQuery .= " FROM $default->users_table WHERE username = ?";
$aParams = array($sUserName);
if ($sql->query(array($sQuery, $aParams))) {
$aUserResults = array();
while ($sql->next_record()) {
for ($i=0; $i<count($aAttributes); $i++) {
$aUserResults["$sUserName"]["$aAttributes[$i]"] = $sql->f($aAttributes[$i]);
}
}
return $aUserResults;
} else {
return false;
}
}
/**
* Searches the user store for users matching the supplied search string.
*
* @param string the username to search for
* @param array the attributes to return from the search
* @return array containing the users found
*/
function searchUsers($sUserNameSearch, $aAttributes) {
global $default;
$sql = $default->db;
$sQuery = "SELECT ";/*ok*/
// build select
for ($i=0; $i<count($aAttributes); $i++) {
$sQuery .= $aAttributes[$i] . (( ($i+1) == count($aAttributes) ) ? "" : ", ");
}
$sQuery .= " FROM $default->users_table where username like '%" . DBUtil::escapeSimple($sUserNameSearch) . "%'";
if ($sql->query($sQuery)) {
$aUserResults = array();
while ($sql->next_record()) {
$sUserName = $sql->f("username");
for ($i=0; $i<count($aAttributes); $i++) {
$aUserResults["$sUserName"]["$aAttributes[$i]"] = $sql->f($aAttributes[$i]);
}
}
return $aUserResults;
} else {
return false;
}
}
}