robin.thoni
/
docker-phpvirtualbox
Следить 1
В избранное 0
Форкнуть 0
Код Задачи 0 Pull Request'ы 0 Релизы 2 Вики Активность
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
2 коммитов
2 Ветки
Дерево: 4fb84d36b6
Ветки Теги
${ item.name }
Создать ветку ${ searchTerm }
из '4fb84d36b6'
${ noResults }
docker-phpvirtualbox/phpvirtualbox/phpvirtualbox-5.2-1/endpoints/lib/auth/MySQL.php

MySQL.php 7.1KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260 
  1. <?php

  2. /**

  3.  *

  4.  * MySQL authentication module. Uses MySQL capability to store or

  5.  * retrieve user credentials. Called from API when authentication

  6.  * functions are requested.

  7.  *

  8.  * This program is free software; you can redistribute it and/or

  9.  * modify it under the terms of the GNU General Public License

  10.  * version 3 as published by the Free Software Foundation.

  11.  *

  12.  * This program is distributed in the hope that it will be useful,

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  15.  * GNU General Public License for more details.

  16.  *

  17.  * @author Filippo Callegari (callegari.filippo@gmail.com)

  18.  * @version $Id:1.0 MySQL.php 2015-03-10 23:49:11 Tio Igor

  19.  * @package phpVirtualBox

  20.  *

  21.  */

  22.  

  23.  

  24. /**

  25.  *	struct of db:

  26.  *		CREATE TABLE users(

  27.  *			username VARCHAR(20) PRIMARY KEY,

  28.  *			password VARCHAR(40),

  29.  *			admin ENUM('0','1') DEFAULT '0'

  30.  *			)ENGINE=InnoDB;

  31.  *

  32.  *	user:admin, pass:admin

  33.  *	INSERT INTO users(username,password,admin)

  34.  *		VALUES("admin","$1$65CMtT1M$GSDBTEZ6o5Web.4cDL6rz1",'1')

  35.  *

  36.  */

  37. class phpvbAuthMySQL implements phpvbAuth

  38. {

  39. 	

  40. 	var $capabilities = array(

  41. 			'canChangePassword' => true,

  42. 			'canModifyUsers' => true,

  43. 			'canLogout' => true

  44. 		);

  45. 	

  46. 	/**

  47. 	 *

  48. 	 * Connect to MySQL DB.

  49. 	 * return PDOconnection.

  50. 	 */

  51. 	function newPDO()

  52. 	{

  53. 		$host="127.0.0.1";

  54. 		$port=3306;

  55. 		$user="MySQLuser";

  56. 		$pass="MySQLpassword";

  57. 		$db="vboxDB";

  58. 		

  59. 		try{

  60. 			return new PDO("mysql:host=$host;port=$port;dbname=$db;charset=utf8",$user,$pass);

  61. 		}catch (PDOException $e){throw new Exception("Can't connect to MySQL db!",vboxconnector::PHPVB_ERRNO_CONNECT);}

  62. 	}

  63. 	

  64. 	/**

  65. 	 *

  66. 	 * Select row from username

  67. 	 * @param $username the user we search

  68. 	 * return row

  69. 	 */

  70. 	function PDO_selectUser($username)

  71. 	{

  72. 		try{

  73. 			$statement=$this->newPDO()->prepare("SELECT username, password, admin FROM users WHERE username=:username");

  74. 			$statement->bindValue(":username",$username, PDO::PARAM_STR);

  75. 			$statement->execute();

  76. 		}catch(PDOException $e){throw new Exception("Can't execute requested query!",vboxconnector::PHPVB_ERRNO_FATAL);}

  77. 		return $statement->fetch(PDO::FETCH_ASSOC);

  78. 		

  79. 	}

  80. 

  81. 	/**

  82. 	 *

  83. 	 * Generate a random salt.

  84. 	 * @param $lenght the lenght of the salt, default is 8.

  85. 	 *

  86. 	 * On Linux (in particular Ubuntu), the password is generate with this command:

  87. 	 * "echo "${username}:${password}" | chpasswd -S -c $crypt_method | cut -d: -f2".

  88. 	 * in this particoular implementation I use MD5.

  89. 	 *

  90. 	 * Max length is 20 char!

  91. 	 */

  92. 	function generateRandomSalt($length = 8)

  93. 	{

  94. 		return substr(sha1(rand().time()), rand(0,20-$length), $length);

  95. 	}

  96. 

  97. 	/**

  98. 	 *

  99. 	 * Revalidate login info and set authCheckHeartbeat session variable.

  100. 	 * @param vboxconnector $vbox vboxconnector object instance, THIS VARIABLE WILL NOT USED.

  101. 	 */

  102. 	function heartbeat($vbox)

  103. 	{

  104. 		global $_SESSION;		

  105. 		

  106. 		$q=$this->PDO_selectUser(@$_SESSION['user']);

  107. 		$p=isset($q['password'])?$q['password']:0;

  108. 		

  109. 		if($p && $p!=@$_SESSION[uHash])

  110. 		{

  111. 			$_SESSION['valid']=false;

  112. 			session_destroy();

  113. 		}

  114. 		else

  115. 		{

  116. 			$_SESSION['admin']=intval(q['admin']);

  117. 			$_SESSION['authCheckHeartbeat']=time();

  118. 		}

  119. 	

  120. 		if(!isset($_SESSION['valid']) || !$_SESSION['valid'])

  121. 			throw new Exception(trans('Not logged in.','UIUsers'), vboxconnector::PHPVB_ERRNO_FATAL);

  122. 	}

  123. 	

  124. 	/**

  125. 	 *

  126. 	 * Log in function. Populates $_SESSION

  127. 	 * @param string $username user name

  128. 	 * @param string $password password

  129. 	 */

  130. 	function login($username, $password)

  131. 	{

  132. 		global $_SESSION;

  133. 		

  134. 		$q=$this->PDO_selectUser($username);

  135. 		$p=isset($q['password'])?$q['password']:0;

  136. 		

  137. 		if($p && password_verify($password,$p))

  138. 		{

  139. 			$_SESSION['valid'] = true;

  140. 			$_SESSION['user'] = $username;

  141. 			$_SESSION['admin'] = intval($q['admin']);

  142. 			$_SESSION['authCheckHeartbeat'] = time();

  143. 			$_SESSION['uHash'] = $p;

  144. 		}

  145. 		

  146. 	}

  147. 	

  148. 	/**

  149. 	 *

  150. 	 * Log out user present in $_SESSION

  151. 	 * @param array $response response passed byref by API and populated within function

  152. 	 */

  153. 	function logout(&$response)

  154. 	{

  155. 		global $_SESSION;

  156. 		if(function_exists('session_destroy')) session_destroy();

  157. 		else unset($_SESSION['valid']);

  158. 		$response['data']['result'] = 1;

  159. 	}

  160. 	

  161. 	/**

  162. 	 *

  163. 	 * Change password function.

  164. 	 * @param string $old old password

  165. 	 * @param string $new new password

  166. 	 * @return boolean true on success

  167. 	 */

  168. 	function changePassword($old, $new)

  169. 	{

  170. 		global $_SESSION;

  171. 		

  172. 		$p=$this->PDO_selectUser($_SESSION['user']);

  173. 		$p=isset($p['password'])?$p['password']:0;		//along the time is changed?

  174. 		

  175. 		if($p && password_verify($old, $p))

  176. 		{

  177. 			$np=crypt($new, '$1$'.$this->generateRandomSalt().'$');		//look the MD5 format!!

  178. 																		//look here for more info: http://php.net/manual/en/faq.passwords.php

  179. 			try{

  180. 				$sth=$this->newPDO()->prepare("UPDATE users SET password=:password WHERE username=:username");

  181. 				$sth->bindValue(":password",$np,PDO::PARAM_STR);

  182. 				$sth->bindValue(":username",$_SESSION['user'],PDO::PARAM_STR);

  183. 				$sth->execute();

  184. 			}catch(PDOException $e){throw new Exception("Can't execute requested query!",vboxconnector::PHPVB_ERRNO_FATAL);}

  185. 			

  186. 			return true;

  187. 		}

  188. 		

  189. 		return false;

  190. 	}

  191. 	

  192. 	/**

  193. 	 *

  194. 	 * Return a list of users

  195. 	 * @return array list of users

  196. 	 */

  197. 	function listUsers()

  198. 	{

  199. 		$response = array();

  200. 		

  201. 		try{

  202. 			$sth=$this->newPDO()->prepare("SELECT * FROM users");

  203. 			$sth->execute();

  204. 		}catch(PDOException $e){throw new Exception("Can't display users list!",vboxconnector::PHPVB_ERRNO_FATAL);}

  205. 		

  206. 		while(($row=$sth->fetch(PDO::FETCH_ASSOC))!==FALSE)

  207. 		{

  208. 			$response[$row['username']]=array('username'=> $row['username'], 'admin'=> intval($row['admin']));

  209. 		}

  210. 		

  211. 		return $response;

  212. 	}

  213. 	

  214. 	/**

  215. 	 *

  216. 	 * Update user information such as password and admin status

  217. 	 * @param array $vboxRequest request passed from API representing the ajax request. Contains user, password and administration level.

  218. 	 * @param boolean $skipExistCheck Do not check that the user exists first. Essentially, if this is set and the user does not exist, it is added.

  219. 	 */

  220. 	function updateUser($vboxRequest, $skipExistCheck)

  221. 	{

  222. 		global $_SESSION;

  223. 		

  224. 		

  225. 		if(!$_SESSION['admin'])	return;

  226. 		

  227. 		$q=$this->PDO_selectUser($vboxRequest['u']);

  228. 		if(!$skipExistCheck && $q)	return;

  229. 

  230. 		$np=($vboxRequest['p'])?crypt($vboxRequest['p'], '$1$'.$this->generateRandomSalt().'$'):0;

  231. 		

  232. 		$query="INSERT INTO `users`(`username`, `password`,`admin`) 

  233. 					VALUES (:username, :password, :admin)

  234. 					ON DUPLICATE KEY UPDATE `password`=:password, `admin`=:admin";

  235. 

  236. 		$sth=$this->newPDO()->prepare($query);

  237. 		try{

  238. 			$sth->bindValue(":username",$vboxRequest['u'],PDO::PARAM_STR);

  239. 			$sth->bindValue(":password",($vboxRequest['p']?$np:$q['password']),PDO::PARAM_STR);

  240. 			$sth->bindValue(":admin",($vboxRequest['a']?"1":"0"),PDO::PARAM_STR);

  241. 			

  242. 			$sth->execute();

  243. 		}catch(PDOException $e){throw new Exception("Can't execute requested query!",vboxconnector::PHPVB_ERRNO_FATAL);}

  244. 	}

  245. 	

  246. 	/**

  247. 	 *

  248. 	 * Remove the user $user

  249. 	 * @param string $user Username to remove

  250. 	 */

  251. 	function deleteUser($user)

  252. 	{

  253. 		$sth=$this->newPDO()->prepare("DELETE FROM users  WHERE username=:username");

  254. 		try{

  255. 			$sth->bindValue(":username",$user,PDO::PARAM_STR);

  256. 			$sth->execute();

  257. 		}catch(PDOException $e){throw new Exception("Can't execute requested query!",vboxconnector::PHPVB_ERRNO_FATAL);}

  258. 

  259. 	}

  260. }