"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "mrbs-1.9.4/web/lib/MRBS/Auth/AuthDbExt.php" between
mrbs-1.9.4.tar.gz and mrbs-1.10.0.tar.gz

About: MRBS is a web application for booking meeting rooms or other resources (using PHP and MySQL/pgsql).

AuthDbExt.php  (mrbs-1.9.4)	:	AuthDbExt.php  (mrbs-1.10.0)
skipping to change at line 66		skipping to change at line 66
$this->$var = (isset($auth['db_ext'][$var])) ? $auth['db_ext'][$var] : nul l;		$this->$var = (isset($auth['db_ext'][$var])) ? $auth['db_ext'][$var] : nul l;
}		}
// Backwards compatibility setting		// Backwards compatibility setting
if (!isset($this->password_format) && !empty($auth['db_ext']['use_md5_passwo rds']))		if (!isset($this->password_format) && !empty($auth['db_ext']['use_md5_passwo rds']))
{		{
$this->password_format = 'md5';		$this->password_format = 'md5';
}		}
}		}
/* authValidateUser($user, $pass)		/* validateUser($user, $pass)
*		*
* Checks if the specified username/password pair are valid		* Checks if the specified username/password pair are valid
*		*
* $user - The user name		* $user - The user name
* $pass - The password		* $pass - The password
*		*
* Returns:		* Returns:
* false - The pair are invalid or do not exist		* false - The pair are invalid or do not exist
* string - The validated username		* string - The validated username
*/		*/
public function validateUser($user, $pass)		public function validateUser(?string $user, ?string $pass)
{		{
$retval = false;		$retval = false;
// syntax_casesensitive_equals() modifies our SQL params array for us. We need an exact match -		// syntax_casesensitive_equals() modifies our SQL params array for us. We need an exact match -
// MySQL allows trailing spaces when using an '=' comparison, eg 'john' = 'j ohn '		// MySQL allows trailing spaces when using an '=' comparison, eg 'john' = 'j ohn '
$sql_params = array();		$sql_params = array();
$query = "SELECT " . $this->db_ext_conn->quote($this->column_name_password) .		$query = "SELECT " . $this->db_ext_conn->quote($this->column_name_password) .
"FROM " . $this->db_ext_conn->quote($this->db_table) .		"FROM " . $this->db_ext_conn->quote($this->db_table) .
skipping to change at line 151		skipping to change at line 151
{		{
$retval = $user;		$retval = $user;
}		}
break;		break;
}		}
}		}
return $retval;		return $retval;
}		}
public function getUser($username)		public function getUser(string $username) : ?User
{		{
global $auth;		global $auth;
$sql_params = array();		static $users = array(); // Cache results for performance
$sql = "SELECT *
FROM " . $this->db_ext_conn->quote($this->db_table) . "
WHERE " . $this->db_ext_conn->syntax_casesensitive_equals($this->col
umn_name_username,
$username,
$sql_param
s) . "
LIMIT 1";
$stmt = $this->db_ext_conn->query($sql, $sql_params);		if (!array_key_exists($username, $users))
// The username doesn't exist - return NULL
if ($stmt->count() === 0)
{		{
return null;		$sql_params = array();
}
// The username does exist - return a User object		// Only retrieve the columns we need (a) to minimise the query and (b) to
$data = $stmt->next_row_keyed();		avoid
		// sending unnecessary information unencrypted over the internet (Remote S
		QL is
		// usually unencrypted).
		$columns = array(
		$this->column_name_display_name,
		$this->column_name_email,
		$this->column_name_level
		);
		$sql = "SELECT " . implode(', ', array_map(array($this->db_ext_conn, 'quot
		e'), $columns)) . "
		FROM " . $this->db_ext_conn->quote($this->db_table) . "
		WHERE " . $this->db_ext_conn->syntax_casesensitive_equals($this->
		column_name_username,
		$userna
		me,
		$sql_pa
		rams) . "
		LIMIT 1";
$user = new User($username);		$stmt = $this->db_ext_conn->query($sql, $sql_params);
// Set the email address
if (isset($this->column_name_email) && isset($data[$this->column_name_email]
))
{
$user->email = $data[$this->column_name_email];
}
// Set the display name		// The username doesn't exist - return NULL
if (isset($this->column_name_display_name) && isset($data[$this->column_name		if ($stmt->count() === 0)
_display_name]))
{
$user->display_name = $data[$this->column_name_display_name];
}
// Set the level
// First check whether the user is an admin from the config file
foreach ($auth['admin'] as $admin)
{
if(strcasecmp($username, $admin) === 0)
{		{
$user->level = 2;		$users[$username] = null;
break;
}		}
}
// If not, check the data from the external db
if ($user->level != 2)
{
// If there's can entry in the db, then use that
if (isset($this->column_name_level) &&
($this->column_name_level !== '') &&
isset($data[$this->column_name_level]))
{
$user->level = $data[$this->column_name_level];
}
// Otherwise they're level 1
else		else
{		{
$user->level = 1;		// The username does exist - return a User object
}		$data = $stmt->next_row_keyed();
}
// Then set the remaining properties. (We don't set all the properties from		$user = new User($username);
// $data initially because we want to preserve the default values if we don'
t		// Set the email address
// have data for the four important properties.)		if (isset($this->column_name_email) && isset($data[$this->column_name_em
foreach ($data as $key => $value)		ail]))
{		{
if (!property_exists($user, $key))		$user->email = $data[$this->column_name_email];
{		}
$user->$key = $value;
		// Set the display name
		if (isset($this->column_name_display_name) && isset($data[$this->column_
		name_display_name]))
		{
		$user->display_name = $data[$this->column_name_display_name];
		}
		// Set the level
		// First get the default level. Any admins defined in the config
		// file override settings in the external database.
		$user->level = $this->getDefaultLevel($username);
		// Then if they are not an admin get their level from the external db
		if ($user->level < 2)
		{
		// If there's can entry in the db, then use that
		if (isset($this->column_name_level) &&
		($this->column_name_level !== '') &&
		isset($data[$this->column_name_level]))
		{
		$user->level = $data[$this->column_name_level];
		}
		}
		// Then set the remaining properties. (We don't set all the properties f
		rom
		// $data initially because we want to preserve the default values if we
		don't
		// have data for the four important properties.)
		// (Note that normally there won't be any extra properties because we ha
		ve
		// specified above the columns that we want, but this code is here so th
		at extra
		// columns can be added if required.)
		foreach ($data as $key => $value)
		{
		if (!property_exists($user, $key))
		{
		$user->$key = $value;
		}
		}
		$users[$username] = $user;
}		}
}		}
return $user;		return $users[$username];
}		}
// Return an array of users, indexed by 'username' and 'display_name'		// Return an array of users, indexed by 'username' and 'display_name'
public function getUsernames()		public function getUsernames() : array
{		{
if (isset($this->column_name_display_name) && ($this->column_name_display_na me !== ''))		if (isset($this->column_name_display_name) && ($this->column_name_display_na me !== ''))
{		{
$display_name_column = $this->column_name_display_name;		$display_name_column = $this->column_name_display_name;
}		}
else		else
{		{
$display_name_column = $this->column_name_username;		$display_name_column = $this->column_name_username;
}		}
$sql = "SELECT " . $this->db_ext_conn->quote($this->column_name_username) . " AS username, ".		$sql = "SELECT " . $this->db_ext_conn->quote($this->column_name_username) . " AS username, ".
$this->db_ext_conn->quote($display_name_column) . " AS di splay_name		$this->db_ext_conn->quote($display_name_column) . " AS di splay_name
FROM " . $this->db_ext_conn->quote($this->db_table) . " ORDER BY dis play_name";		FROM " . $this->db_ext_conn->quote($this->db_table) . " ORDER BY dis play_name";
$stmt = $this->db_ext_conn->query($sql);		$res = $this->db_ext_conn->query($sql);
		$users = $res->all_rows_keyed();
		self::sortUsers($users);
return $stmt->all_rows_keyed();		return $users;
}		}
}		}
End of changes. 17 change blocks.
72 lines changed or deleted		92 lines changed or added

---