database.php 5.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195
  1. <?php
  2. /**
  3. * ownCloud
  4. *
  5. * @author Frank Karlitschek
  6. * @copyright 2012 Frank Karlitschek frank@owncloud.org
  7. *
  8. * This library is free software; you can redistribute it and/or
  9. * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
  10. * License as published by the Free Software Foundation; either
  11. * version 3 of the License, or any later version.
  12. *
  13. * This library is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
  17. *
  18. * You should have received a copy of the GNU Affero General Public
  19. * License along with this library. If not, see <http://www.gnu.org/licenses/>.
  20. *
  21. */
  22. /*
  23. *
  24. * The following SQL statement is just a help for developers and will not be
  25. * executed!
  26. *
  27. * CREATE TABLE `users` (
  28. * `uid` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
  29. * `password` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
  30. * PRIMARY KEY (`uid`)
  31. * ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
  32. *
  33. */
  34. require_once 'phpass/PasswordHash.php';
  35. /**
  36. * Class for user management in a SQL Database (e.g. MySQL, SQLite)
  37. */
  38. class OC_User_Database extends OC_User_Backend {
  39. /**
  40. * @var PasswordHash
  41. */
  42. static private $hasher=null;
  43. private function getHasher() {
  44. if(!self::$hasher) {
  45. //we don't want to use DES based crypt(), since it doesn't return a has with a recognisable prefix
  46. $forcePortable=(CRYPT_BLOWFISH!=1);
  47. self::$hasher=new PasswordHash(8, $forcePortable);
  48. }
  49. return self::$hasher;
  50. }
  51. /**
  52. * @brief Create a new user
  53. * @param $uid The username of the user to create
  54. * @param $password The password of the new user
  55. * @returns true/false
  56. *
  57. * Creates a new user. Basic checking of username is done in OC_User
  58. * itself, not in its subclasses.
  59. */
  60. public function createUser( $uid, $password ) {
  61. if( $this->userExists($uid) ) {
  62. return false;
  63. }else{
  64. $hasher=$this->getHasher();
  65. $hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', ''));
  66. $query = OC_DB::prepare( 'INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )' );
  67. $result = $query->execute( array( $uid, $hash));
  68. return $result ? true : false;
  69. }
  70. }
  71. /**
  72. * @brief delete a user
  73. * @param $uid The username of the user to delete
  74. * @returns true/false
  75. *
  76. * Deletes a user
  77. */
  78. public function deleteUser( $uid ) {
  79. // Delete user-group-relation
  80. $query = OC_DB::prepare( 'DELETE FROM `*PREFIX*users` WHERE uid = ?' );
  81. $query->execute( array( $uid ));
  82. return true;
  83. }
  84. /**
  85. * @brief Set password
  86. * @param $uid The username
  87. * @param $password The new password
  88. * @returns true/false
  89. *
  90. * Change the password of a user
  91. */
  92. public function setPassword( $uid, $password ) {
  93. if( $this->userExists($uid) ) {
  94. $hasher=$this->getHasher();
  95. $hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', ''));
  96. $query = OC_DB::prepare( 'UPDATE `*PREFIX*users` SET `password` = ? WHERE `uid` = ?' );
  97. $query->execute( array( $hash, $uid ));
  98. return true;
  99. }else{
  100. return false;
  101. }
  102. }
  103. /**
  104. * @brief Check if the password is correct
  105. * @param $uid The username
  106. * @param $password The password
  107. * @returns string
  108. *
  109. * Check if the password is correct without logging in the user
  110. * returns the user id or false
  111. */
  112. public function checkPassword( $uid, $password ) {
  113. $query = OC_DB::prepare( 'SELECT `uid`, `password` FROM `*PREFIX*users` WHERE LOWER(`uid`) = LOWER(?)' );
  114. $result = $query->execute( array( $uid));
  115. $row=$result->fetchRow();
  116. if($row) {
  117. $storedHash=$row['password'];
  118. if ($storedHash[0]=='$') {//the new phpass based hashing
  119. $hasher=$this->getHasher();
  120. if($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $storedHash)) {
  121. return $row['uid'];
  122. }else{
  123. return false;
  124. }
  125. }else{//old sha1 based hashing
  126. if(sha1($password)==$storedHash) {
  127. //upgrade to new hashing
  128. $this->setPassword($row['uid'], $password);
  129. return $row['uid'];
  130. }else{
  131. return false;
  132. }
  133. }
  134. }else{
  135. return false;
  136. }
  137. }
  138. /**
  139. * @brief Get a list of all users
  140. * @returns array with all uids
  141. *
  142. * Get a list of all users.
  143. */
  144. public function getUsers($search = '', $limit = null, $offset = null) {
  145. $query = OC_DB::prepare('SELECT `uid` FROM `*PREFIX*users` WHERE LOWER(`uid`) LIKE LOWER(?)', $limit, $offset);
  146. $result = $query->execute(array($search.'%'));
  147. $users = array();
  148. while ($row = $result->fetchRow()) {
  149. $users[] = $row['uid'];
  150. }
  151. return $users;
  152. }
  153. /**
  154. * @brief check if a user exists
  155. * @param string $uid the username
  156. * @return boolean
  157. */
  158. public function userExists($uid) {
  159. $query = OC_DB::prepare( 'SELECT * FROM `*PREFIX*users` WHERE LOWER(`uid`) = LOWER(?)' );
  160. $result = $query->execute( array( $uid ));
  161. if (OC_DB::isError($result)) {
  162. OC_Log::write('core', OC_DB::getErrorMessage($result), OC_Log::ERROR);
  163. return false;
  164. }
  165. return $result->numRows() > 0;
  166. }
  167. /**
  168. * @brief get the user's home directory
  169. * @param string $uid the username
  170. * @return boolean
  171. */
  172. public function getHome($uid) {
  173. if($this->userExists($uid)) {
  174. return OC_Config::getValue( "datadirectory", OC::$SERVERROOT."/data" ) . '/' . $uid;
  175. }else{
  176. return false;
  177. }
  178. }
  179. }