spacefreak/user_sql
1
0
Fork 0
Code Pull Requests Activity

- code formatting (PSR-2)

Browse Source 
- removed all ownCloud references
- removed update.php as its supported version was never published on the app store
- updated info.xml
This commit is contained in:
Marcin Łojewski
2018-02-28 19:52:32 +01:00
parent ebcdaa813b
commit 936a831e5a
17 changed files with 1650 additions and 1738 deletions
Download Patch File Download Diff File Expand all files Collapse all files

395
lib/PasswordHash.php
View File

@@ -24,230 +24,245 @@
# Obviously, since this code is in the public domain, the above are not
# requirements (there can be none), but merely suggestions.
#
class PasswordHash {
var $itoa64;
var $iteration_count_log2;
var $portable_hashes;
var $random_state;
class PasswordHash
{
var $itoa64;
var $iteration_count_log2;
var $portable_hashes;
var $random_state;
function __construct($iteration_count_log2, $portable_hashes)
{
$this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
function __construct($iteration_count_log2, $portable_hashes)
{
$this->itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)
$iteration_count_log2 = 8;
$this->iteration_count_log2 = $iteration_count_log2;
if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31) {
$iteration_count_log2 = 8;
}
$this->iteration_count_log2 = $iteration_count_log2;
$this->portable_hashes = $portable_hashes;
$this->portable_hashes = $portable_hashes;
$this->random_state = microtime();
if (function_exists('getmypid'))
$this->random_state .= getmypid();
}
$this->random_state = microtime();
if (function_exists('getmypid')) {
$this->random_state .= getmypid();
}
}
function get_random_bytes($count)
{
$output = '';
if (is_readable('/dev/urandom') &&
($fh = @fopen('/dev/urandom', 'rb'))) {
$output = fread($fh, $count);
fclose($fh);
}
function get_random_bytes($count)
{
$output = '';
if (is_readable('/dev/urandom') &&
($fh = @fopen('/dev/urandom', 'rb'))) {
$output = fread($fh, $count);
fclose($fh);
}
if (strlen($output) < $count) {
$output = '';
for ($i = 0; $i < $count; $i += 16) {
$this->random_state =
md5(microtime() . $this->random_state);
$output .=
pack('H*', md5($this->random_state));
}
$output = substr($output, 0, $count);
}
if (strlen($output) < $count) {
$output = '';
for ($i = 0; $i < $count; $i += 16) {
$this->random_state =
md5(microtime() . $this->random_state);
$output .=
pack('H*', md5($this->random_state));
}
$output = substr($output, 0, $count);
}
return $output;
}
return $output;
}
function encode64($input, $count)
{
$output = '';
$i = 0;
do {
$value = ord($input[$i++]);
$output .= $this->itoa64[$value & 0x3f];
if ($i < $count)
$value |= ord($input[$i]) << 8;
$output .= $this->itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count)
break;
if ($i < $count)
$value |= ord($input[$i]) << 16;
$output .= $this->itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count)
break;
$output .= $this->itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
function encode64($input, $count)
{
$output = '';
$i = 0;
do {
$value = ord($input[$i++]);
$output .= $this->itoa64[$value & 0x3f];
if ($i < $count) {
$value |= ord($input[$i]) << 8;
}
$output .= $this->itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count) {
break;
}
if ($i < $count) {
$value |= ord($input[$i]) << 16;
}
$output .= $this->itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count) {
break;
}
$output .= $this->itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
return $output;
}
return $output;
}
function gensalt_private($input)
{
$output = '$P$';
$output .= $this->itoa64[min($this->iteration_count_log2 +
((PHP_VERSION >= '5') ? 5 : 3), 30)];
$output .= $this->encode64($input, 6);
function gensalt_private($input)
{
$output = '$P$';
$output .= $this->itoa64[min($this->iteration_count_log2 +
((PHP_VERSION >= '5') ? 5 : 3), 30)];
$output .= $this->encode64($input, 6);
return $output;
}
return $output;
}
function crypt_private($password, $setting)
{
$output = '*0';
if (substr($setting, 0, 2) === $output)
$output = '*1';
function crypt_private($password, $setting)
{
$output = '*0';
if (substr($setting, 0, 2) === $output) {
$output = '*1';
}
$id = substr($setting, 0, 3);
# We use "$P$", phpBB3 uses "$H$" for the same thing
if ($id !== '$P$' && $id !== '$H$')
return $output;
$id = substr($setting, 0, 3);
# We use "$P$", phpBB3 uses "$H$" for the same thing
if ($id !== '$P$' && $id !== '$H$') {
return $output;
}
$count_log2 = strpos($this->itoa64, $setting[3]);
if ($count_log2 < 7 || $count_log2 > 30)
return $output;
$count_log2 = strpos($this->itoa64, $setting[3]);
if ($count_log2 < 7 || $count_log2 > 30) {
return $output;
}
$count = 1 << $count_log2;
$count = 1 << $count_log2;
$salt = substr($setting, 4, 8);
if (strlen($salt) !== 8)
return $output;
$salt = substr($setting, 4, 8);
if (strlen($salt) !== 8) {
return $output;
}
# We're kind of forced to use MD5 here since it's the only
# cryptographic primitive available in all versions of PHP
# currently in use. To implement our own low-level crypto
# in PHP would result in much worse performance and
# consequently in lower iteration counts and hashes that are
# quicker to crack (by non-PHP code).
if (PHP_VERSION >= '5') {
$hash = md5($salt . $password, TRUE);
do {
$hash = md5($hash . $password, TRUE);
} while (--$count);
} else {
$hash = pack('H*', md5($salt . $password));
do {
$hash = pack('H*', md5($hash . $password));
} while (--$count);
}
# We're kind of forced to use MD5 here since it's the only
# cryptographic primitive available in all versions of PHP
# currently in use. To implement our own low-level crypto
# in PHP would result in much worse performance and
# consequently in lower iteration counts and hashes that are
# quicker to crack (by non-PHP code).
if (PHP_VERSION >= '5') {
$hash = md5($salt . $password, true);
do {
$hash = md5($hash . $password, true);
} while (--$count);
} else {
$hash = pack('H*', md5($salt . $password));
do {
$hash = pack('H*', md5($hash . $password));
} while (--$count);
}
$output = substr($setting, 0, 12);
$output .= $this->encode64($hash, 16);
$output = substr($setting, 0, 12);
$output .= $this->encode64($hash, 16);
return $output;
}
return $output;
}
function gensalt_extended($input)
{
$count_log2 = min($this->iteration_count_log2 + 8, 24);
# This should be odd to not reveal weak DES keys, and the
# maximum valid value is (2**24 - 1) which is odd anyway.
$count = (1 << $count_log2) - 1;
function gensalt_extended($input)
{
$count_log2 = min($this->iteration_count_log2 + 8, 24);
# This should be odd to not reveal weak DES keys, and the
# maximum valid value is (2**24 - 1) which is odd anyway.
$count = (1 << $count_log2) - 1;
$output = '_';
$output .= $this->itoa64[$count & 0x3f];
$output .= $this->itoa64[($count >> 6) & 0x3f];
$output .= $this->itoa64[($count >> 12) & 0x3f];
$output .= $this->itoa64[($count >> 18) & 0x3f];
$output = '_';
$output .= $this->itoa64[$count & 0x3f];
$output .= $this->itoa64[($count >> 6) & 0x3f];
$output .= $this->itoa64[($count >> 12) & 0x3f];
$output .= $this->itoa64[($count >> 18) & 0x3f];
$output .= $this->encode64($input, 3);
$output .= $this->encode64($input, 3);
return $output;
}
return $output;
}
function gensalt_blowfish($input)
{
# This one needs to use a different order of characters and a
# different encoding scheme from the one in encode64() above.
# We care because the last character in our encoded string will
# only represent 2 bits. While two known implementations of
# bcrypt will happily accept and correct a salt string which
# has the 4 unused bits set to non-zero, we do not want to take
# chances and we also do not want to waste an additional byte
# of entropy.
$itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
function gensalt_blowfish($input)
{
# This one needs to use a different order of characters and a
# different encoding scheme from the one in encode64() above.
# We care because the last character in our encoded string will
# only represent 2 bits. While two known implementations of
# bcrypt will happily accept and correct a salt string which
# has the 4 unused bits set to non-zero, we do not want to take
# chances and we also do not want to waste an additional byte
# of entropy.
$itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$output = '$2a$';
$output .= chr(ord('0') + $this->iteration_count_log2 / 10);
$output .= chr(ord('0') + $this->iteration_count_log2 % 10);
$output .= '$';
$output = '$2a$';
$output .= chr(ord('0') + $this->iteration_count_log2 / 10);
$output .= chr(ord('0') + $this->iteration_count_log2 % 10);
$output .= '$';
$i = 0;
do {
$c1 = ord($input[$i++]);
$output .= $itoa64[$c1 >> 2];
$c1 = ($c1 & 0x03) << 4;
if ($i >= 16) {
$output .= $itoa64[$c1];
break;
}
$i = 0;
do {
$c1 = ord($input[$i++]);
$output .= $itoa64[$c1 >> 2];
$c1 = ($c1 & 0x03) << 4;
if ($i >= 16) {
$output .= $itoa64[$c1];
break;
}
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 4;
$output .= $itoa64[$c1];
$c1 = ($c2 & 0x0f) << 2;
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 4;
$output .= $itoa64[$c1];
$c1 = ($c2 & 0x0f) << 2;
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 6;
$output .= $itoa64[$c1];
$output .= $itoa64[$c2 & 0x3f];
} while (1);
$c2 = ord($input[$i++]);
$c1 |= $c2 >> 6;
$output .= $itoa64[$c1];
$output .= $itoa64[$c2 & 0x3f];
} while (1);
return $output;
}
return $output;
}
function HashPassword($password)
{
$random = '';
function HashPassword($password)
{
$random = '';
if (CRYPT_BLOWFISH === 1 && !$this->portable_hashes) {
$random = $this->get_random_bytes(16);
$hash =
crypt($password, $this->gensalt_blowfish($random));
if (strlen($hash) === 60)
return $hash;
}
if (CRYPT_BLOWFISH === 1 && !$this->portable_hashes) {
$random = $this->get_random_bytes(16);
$hash =
crypt($password, $this->gensalt_blowfish($random));
if (strlen($hash) === 60) {
return $hash;
}
}
if (CRYPT_EXT_DES === 1 && !$this->portable_hashes) {
if (strlen($random) < 3)
$random = $this->get_random_bytes(3);
$hash =
crypt($password, $this->gensalt_extended($random));
if (strlen($hash) === 20)
return $hash;
}
if (CRYPT_EXT_DES === 1 && !$this->portable_hashes) {
if (strlen($random) < 3) {
$random = $this->get_random_bytes(3);
}
$hash =
crypt($password, $this->gensalt_extended($random));
if (strlen($hash) === 20) {
return $hash;
}
}
if (strlen($random) < 6)
$random = $this->get_random_bytes(6);
$hash =
$this->crypt_private($password,
$this->gensalt_private($random));
if (strlen($hash) === 34)
return $hash;
if (strlen($random) < 6) {
$random = $this->get_random_bytes(6);
}
$hash =
$this->crypt_private($password,
$this->gensalt_private($random));
if (strlen($hash) === 34) {
return $hash;
}
# Returning '*' on error is safe here, but would _not_ be safe
# in a crypt(3)-like function used _both_ for generating new
# hashes and for validating passwords against existing hashes.
return '*';
}
# Returning '*' on error is safe here, but would _not_ be safe
# in a crypt(3)-like function used _both_ for generating new
# hashes and for validating passwords against existing hashes.
return '*';
}
function CheckPassword($password, $stored_hash)
{
$hash = $this->crypt_private($password, $stored_hash);
if ($hash[0] === '*')
$hash = crypt($password, $stored_hash);
function CheckPassword($password, $stored_hash)
{
$hash = $this->crypt_private($password, $stored_hash);
if ($hash[0] === '*') {
$hash = crypt($password, $stored_hash);
}
return $hash === $stored_hash;
}
return $hash === $stored_hash;
}
}
?>

123
lib/Settings/Admin.php
View File

@@ -28,73 +28,76 @@ use OCP\Defaults;
use OCP\IConfig;
use OCP\IL10N;
use OCP\Settings\ISettings;
use OCA\user_sql\lib\Helper;
class Admin implements ISettings {
/** @var IL10N */
private $l10n;
/** @var Defaults */
private $defaults;
/** @var IConfig */
private $config;
class Admin implements ISettings
{
/** @var IL10N */
private $l10n;
/** @var Defaults */
private $defaults;
/** @var IConfig */
private $config;
/**
* @param IL10N $l10n
* @param Defaults $defaults
* @param IConfig $config
*/
public function __construct(IL10N $l10n,
Defaults $defaults,
IConfig $config) {
$this->l10n = $l10n;
$this->defaults = $defaults;
$this->config = $config;
$this->helper = new \OCA\user_sql\lib\Helper();
$this->params = $this->helper->getParameterArray();
$this->settings = $this->helper -> loadSettingsForDomain('default');
}
/**
* @param IL10N $l10n
* @param Defaults $defaults
* @param IConfig $config
*/
public function __construct(
IL10N $l10n,
Defaults $defaults,
IConfig $config
) {
$this->l10n = $l10n;
$this->defaults = $defaults;
$this->config = $config;
$this->helper = new \OCA\user_sql\lib\Helper();
$this->params = $this->helper->getParameterArray();
$this->settings = $this->helper->loadSettingsForDomain('default');
}
/**
* @return TemplateResponse
*/
public function getForm() {
/**
* @return TemplateResponse
*/
public function getForm()
{
$type = $this->config->getAppValue('user_sql', 'type');
$trusted_domains = \OC::$server->getConfig()->getSystemValue('trusted_domains');
$inserted = array('default');
array_splice($trusted_domains, 0, 0, $inserted);
$type = $this->config->getAppValue('user_sql', 'type');
$trusted_domains = \OC::$server->getConfig()->getSystemValue('trusted_domains');
$inserted = array('default');
array_splice($trusted_domains, 0, 0, $inserted);
$params = [
'type' => $type,
];
$params['allowed_domains']= array_unique($trusted_domains);
$params = [
'type' => $type,
];
$params['allowed_domains'] = array_unique($trusted_domains);
foreach($this->params as $key)
{
$value = $this->settings[$key];
$params[$key]=$value;
}
foreach ($this->params as $key) {
$value = $this->settings[$key];
$params[$key] = $value;
}
$params["config"]=$this->config;
return new TemplateResponse('user_sql', 'admin', $params);
}
$params["config"] = $this->config;
return new TemplateResponse('user_sql', 'admin', $params);
}
/**
* @return string the section ID, e.g. 'sharing'
*/
public function getSection() {
return 'usersql';
}
/**
* @return int whether the form should be rather on the top or bottom of
* the admin section. The forms are arranged in ascending order of the
* priority values. It is required to return a value between 0 and 100.
*
* keep the server setting at the top, right after "server settings"
*/
public function getPriority() {
return 0;
}
/**
* @return string the section ID, e.g. 'sharing'
*/
public function getSection()
{
return 'user_sql';
}
/**
* @return int whether the form should be rather on the top or bottom of
* the admin section. The forms are arranged in ascending order of the
* priority values. It is required to return a value between 0 and 100.
*
* keep the server setting at the top, right after "server settings"
*/
public function getPriority()
{
return 0;
}
}

75
lib/Settings/Section.php
View File

@@ -27,42 +27,49 @@ use OCP\IL10N;
use OCP\Settings\IIconSection;
use OCP\IURLGenerator;
class Section implements IIconSection {
/** @var IL10N */
private $l;
class Section implements IIconSection
{
/** @var IL10N */
private $l;
/**
* @param IL10N $l
*/
public function __construct(IURLGenerator $url,IL10N $l) {
$this->l = $l;
$this->url = $url;
}
/**
* @param IL10N $l
*/
public function __construct(IURLGenerator $url, IL10N $l)
{
$this->l = $l;
$this->url = $url;
}
/**
* {@inheritdoc}
*/
public function getID() {
return 'usersql';
}
/**
* {@inheritdoc}
*/
public function getID()
{
return 'user_sql';
}
/**
* {@inheritdoc}
*/
public function getName() {
return $this->l->t('User SQL');
}
/**
* {@inheritdoc}
*/
public function getName()
{
return $this->l->t('User SQL');
}
/**
* {@inheritdoc}
*/
public function getPriority() {
return 75;
}
/**
* {@inheritdoc}
*/
public function getIcon() {
return $this->url->imagePath('user_sql', 'app-dark.svg');
}
/**
* {@inheritdoc}
*/
public function getPriority()
{
return 75;
}
/**
* {@inheritdoc}
*/
public function getIcon()
{
return $this->url->imagePath('user_sql', 'app-dark.svg');
}
}

651
lib/drupal.php
View File

@@ -1,321 +1,330 @@
<?php
/**
* @file
* Secure password hashing functions for user authentication.
* Adopted from Drupal 7.x WD 2018-01-04
*
* Based on the Portable PHP password hashing framework.
* @see http://www.openwall.com/phpass/
*
* An alternative or custom version of this password hashing API may be
* used by setting the variable password_inc to the name of the PHP file
* containing replacement user_hash_password(), user_check_password(), and
* user_needs_new_hash() functions.
*/
/**
* The standard log2 number of iterations for password stretching. This should
* increase by 1 every Drupal version in order to counteract increases in the
* speed and power of computers available to crack the hashes.
*/
define('HASH_COUNT', 15);
/**
* The minimum allowed log2 number of iterations for password stretching.
*/
define('MIN_HASH_COUNT', 7);
/**
* The maximum allowed log2 number of iterations for password stretching.
*/
define('MAX_HASH_COUNT', 30);
/**
* The expected (and maximum) number of characters in a hashed password.
*/
define('HASH_LENGTH', 55);
/**
* Returns a string for mapping an int to the corresponding base 64 character.
*/
function _password_itoa64() {
return './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
}
/**
* Encodes bytes into printable base 64 using the *nix standard from crypt().
*
* @param $input
* The string containing bytes to encode.
* @param $count
* The number of characters (bytes) to encode.
*
* @return
* Encoded string
*/
function _password_base64_encode($input, $count) {
$output = '';
$i = 0;
$itoa64 = _password_itoa64();
do {
$value = ord($input[$i++]);
$output .= $itoa64[$value & 0x3f];
if ($i < $count) {
$value |= ord($input[$i]) << 8;
}
$output .= $itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count) {
break;
}
if ($i < $count) {
$value |= ord($input[$i]) << 16;
}
$output .= $itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count) {
break;
}
$output .= $itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
return $output;
}
/**
* Returns a string of highly randomized bytes (over the full 8-bit range).
*
* This function is better than simply calling mt_rand() or any other built-in
* PHP function because it can return a long string of bytes (compared to < 4
* bytes normally from mt_rand()) and uses the best available pseudo-random
* source.
*
* @param $count
* The number of characters (bytes) to return in the string.
*/
function _random_bytes($count) {
// $random_state does not use static as it stores random bytes.
static $random_state, $bytes, $has_openssl;
$missing_bytes = $count - strlen($bytes);
if ($missing_bytes > 0) {
// PHP versions prior 5.3.4 experienced openssl_random_pseudo_bytes()
// locking on Windows and rendered it unusable.
if (!isset($has_openssl)) {
$has_openssl = version_compare(PHP_VERSION, '5.3.4', '>=') && function_exists('openssl_random_pseudo_bytes');
}
// openssl_random_pseudo_bytes() will find entropy in a system-dependent
// way.
if ($has_openssl) {
$bytes .= openssl_random_pseudo_bytes($missing_bytes);
}
// Else, read directly from /dev/urandom, which is available on many *nix
// systems and is considered cryptographically secure.
elseif ($fh = @fopen('/dev/urandom', 'rb')) {
// PHP only performs buffered reads, so in reality it will always read
// at least 4096 bytes. Thus, it costs nothing extra to read and store
// that much so as to speed any additional invocations.
$bytes .= fread($fh, max(4096, $missing_bytes));
fclose($fh);
}
// If we couldn't get enough entropy, this simple hash-based PRNG will
// generate a good set of pseudo-random bytes on any system.
// Note that it may be important that our $random_state is passed
// through hash() prior to being rolled into $output, that the two hash()
// invocations are different, and that the extra input into the first one -
// the microtime() - is prepended rather than appended. This is to avoid
// directly leaking $random_state via the $output stream, which could
// allow for trivial prediction of further "random" numbers.
if (strlen($bytes) < $count) {
// Initialize on the first call. The contents of $_SERVER includes a mix of
// user-specific and system information that varies a little with each page.
if (!isset($random_state)) {
$random_state = print_r($_SERVER, TRUE);
if (function_exists('getmypid')) {
// Further initialize with the somewhat random PHP process ID.
$random_state .= getmypid();
}
$bytes = '';
}
do {
$random_state = hash('sha256', microtime() . mt_rand() . $random_state);
$bytes .= hash('sha256', mt_rand() . $random_state, TRUE);
}
while (strlen($bytes) < $count);
}
}
$output = substr($bytes, 0, $count);
$bytes = substr($bytes, $count);
return $output;
}
/**
* Generates a random base 64-encoded salt prefixed with settings for the hash.
*
* Proper use of salts may defeat a number of attacks, including:
* - The ability to try candidate passwords against multiple hashes at once.
* - The ability to use pre-hashed lists of candidate passwords.
* - The ability to determine whether two users have the same (or different)
* password without actually having to guess one of the passwords.
*
* @param $count_log2
* Integer that determines the number of iterations used in the hashing
* process. A larger value is more secure, but takes more time to complete.
*
* @return
* A 12 character string containing the iteration count and a random salt.
*/
function _password_generate_salt($count_log2) {
$output = '$S$';
// Ensure that $count_log2 is within set bounds.
$count_log2 = _password_enforce_log2_boundaries($count_log2);
// We encode the final log2 iteration count in base 64.
$itoa64 = _password_itoa64();
$output .= $itoa64[$count_log2];
// 6 bytes is the standard salt for a portable phpass hash.
$output .= _password_base64_encode(_random_bytes(6), 6);
return $output;
}
/**
* Ensures that $count_log2 is within set bounds.
*
* @param $count_log2
* Integer that determines the number of iterations used in the hashing
* process. A larger value is more secure, but takes more time to complete.
*
* @return
* Integer within set bounds that is closest to $count_log2.
*/
function _password_enforce_log2_boundaries($count_log2) {
if ($count_log2 < MIN_HASH_COUNT) {
return MIN_HASH_COUNT;
}
elseif ($count_log2 > MAX_HASH_COUNT) {
return MAX_HASH_COUNT;
}
return (int) $count_log2;
}
/**
* Hash a password using a secure stretched hash.
*
* By using a salt and repeated hashing the password is "stretched". Its
* security is increased because it becomes much more computationally costly
* for an attacker to try to break the hash by brute-force computation of the
* hashes of a large number of plain-text words or strings to find a match.
*
* @param $algo
* The string name of a hashing algorithm usable by hash(), like 'sha256'.
* @param $password
* Plain-text password up to 512 bytes (128 to 512 UTF-8 characters) to hash.
* @param $setting
* An existing hash or the output of _password_generate_salt(). Must be
* at least 12 characters (the settings and salt).
*
* @return
* A string containing the hashed password (and salt) or FALSE on failure.
* The return string will be truncated at DRUPAL_HASH_LENGTH characters max.
*/
function _password_crypt($algo, $password, $setting) {
// Prevent DoS attacks by refusing to hash large passwords.
if (strlen($password) > 512) {
return FALSE;
}
// The first 12 characters of an existing hash are its setting string.
$setting = substr($setting, 0, 12);
if ($setting[0] != '$' || $setting[2] != '$') {
return FALSE;
}
$count_log2 = _password_get_count_log2($setting);
// Hashes may be imported from elsewhere, so we allow != DRUPAL_HASH_COUNT
if ($count_log2 < MIN_HASH_COUNT || $count_log2 > MAX_HASH_COUNT) {
return FALSE;
}
$salt = substr($setting, 4, 8);
// Hashes must have an 8 character salt.
if (strlen($salt) != 8) {
return FALSE;
}
// Convert the base 2 logarithm into an integer.
$count = 1 << $count_log2;
// We rely on the hash() function being available in PHP 5.2+.
$hash = hash($algo, $salt . $password, TRUE);
do {
$hash = hash($algo, $hash . $password, TRUE);
} while (--$count);
$len = strlen($hash);
$output = $setting . _password_base64_encode($hash, $len);
// _password_base64_encode() of a 16 byte MD5 will always be 22 characters.
// _password_base64_encode() of a 64 byte sha512 will always be 86 characters.
$expected = 12 + ceil((8 * $len) / 6);
return (strlen($output) == $expected) ? substr($output, 0, HASH_LENGTH) : FALSE;
}
/**
* Parse the log2 iteration count from a stored hash or setting string.
*/
function _password_get_count_log2($setting) {
$itoa64 = _password_itoa64();
return strpos($itoa64, $setting[3]);
}
/**
* Hash a password using a secure hash.
*
* @param $password
* A plain-text password.
* @param $count_log2
* Optional integer to specify the iteration count. Generally used only during
* mass operations where a value less than the default is needed for speed.
*
* @return
* A string containing the hashed password (and a salt), or FALSE on failure.
*/
function user_hash_password($password, $count_log2 = 0) {
if (empty($count_log2)) {
// Use the standard iteration count.
$count_log2 = variable_get('password_count_log2', DRUPAL_HASH_COUNT);
}
return _password_crypt('sha512', $password, _password_generate_salt($count_log2));
}
/**
* Check whether a plain text password matches a stored hashed password.
*
* @param $password
* A plain-text password
* @param $hashpass
*
* @return
* TRUE or FALSE.
*/
function user_check_password($password, $hashpass) {
$stored_hash = $hashpass;
$type = substr($stored_hash, 0, 3);
switch ($type) {
case '$S$':
// A normal Drupal 7 password using sha512.
$hash = _password_crypt('sha512', $password, $stored_hash);
break;
case '$H$':
// phpBB3 uses "$H$" for the same thing as "$P$".
case '$P$':
// A phpass password generated using md5. This is an
// imported password or from an earlier Drupal version.
$hash = _password_crypt('md5', $password, $stored_hash);
break;
default:
return FALSE;
}
return ($hash && $stored_hash == $hash);
}
<?php
/**
* @file
* Secure password hashing functions for user authentication.
* Adopted from Drupal 7.x WD 2018-01-04
*
* Based on the Portable PHP password hashing framework.
* @see http://www.openwall.com/phpass/
*
* An alternative or custom version of this password hashing API may be
* used by setting the variable password_inc to the name of the PHP file
* containing replacement user_hash_password(), user_check_password(), and
* user_needs_new_hash() functions.
*/
/**
* The standard log2 number of iterations for password stretching. This should
* increase by 1 every Drupal version in order to counteract increases in the
* speed and power of computers available to crack the hashes.
*/
define('HASH_COUNT', 15);
/**
* The minimum allowed log2 number of iterations for password stretching.
*/
define('MIN_HASH_COUNT', 7);
/**
* The maximum allowed log2 number of iterations for password stretching.
*/
define('MAX_HASH_COUNT', 30);
/**
* The expected (and maximum) number of characters in a hashed password.
*/
define('HASH_LENGTH', 55);
/**
* Returns a string for mapping an int to the corresponding base 64 character.
*/
function _password_itoa64()
{
return './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
}
/**
* Encodes bytes into printable base 64 using the *nix standard from crypt().
*
* @param $input
* The string containing bytes to encode.
* @param $count
* The number of characters (bytes) to encode.
*
* @return
* Encoded string
*/
function _password_base64_encode($input, $count)
{
$output = '';
$i = 0;
$itoa64 = _password_itoa64();
do {
$value = ord($input[$i++]);
$output .= $itoa64[$value & 0x3f];
if ($i < $count) {
$value |= ord($input[$i]) << 8;
}
$output .= $itoa64[($value >> 6) & 0x3f];
if ($i++ >= $count) {
break;
}
if ($i < $count) {
$value |= ord($input[$i]) << 16;
}
$output .= $itoa64[($value >> 12) & 0x3f];
if ($i++ >= $count) {
break;
}
$output .= $itoa64[($value >> 18) & 0x3f];
} while ($i < $count);
return $output;
}
/**
* Returns a string of highly randomized bytes (over the full 8-bit range).
*
* This function is better than simply calling mt_rand() or any other built-in
* PHP function because it can return a long string of bytes (compared to < 4
* bytes normally from mt_rand()) and uses the best available pseudo-random
* source.
*
* @param $count
* The number of characters (bytes) to return in the string.
*/
function _random_bytes($count)
{
// $random_state does not use static as it stores random bytes.
static $random_state, $bytes, $has_openssl;
$missing_bytes = $count - strlen($bytes);
if ($missing_bytes > 0) {
// PHP versions prior 5.3.4 experienced openssl_random_pseudo_bytes()
// locking on Windows and rendered it unusable.
if (!isset($has_openssl)) {
$has_openssl = version_compare(PHP_VERSION, '5.3.4',
'>=') && function_exists('openssl_random_pseudo_bytes');
}
// openssl_random_pseudo_bytes() will find entropy in a system-dependent
// way.
if ($has_openssl) {
$bytes .= openssl_random_pseudo_bytes($missing_bytes);
}
// Else, read directly from /dev/urandom, which is available on many *nix
// systems and is considered cryptographically secure.
elseif ($fh = @fopen('/dev/urandom', 'rb')) {
// PHP only performs buffered reads, so in reality it will always read
// at least 4096 bytes. Thus, it costs nothing extra to read and store
// that much so as to speed any additional invocations.
$bytes .= fread($fh, max(4096, $missing_bytes));
fclose($fh);
}
// If we couldn't get enough entropy, this simple hash-based PRNG will
// generate a good set of pseudo-random bytes on any system.
// Note that it may be important that our $random_state is passed
// through hash() prior to being rolled into $output, that the two hash()
// invocations are different, and that the extra input into the first one -
// the microtime() - is prepended rather than appended. This is to avoid
// directly leaking $random_state via the $output stream, which could
// allow for trivial prediction of further "random" numbers.
if (strlen($bytes) < $count) {
// Initialize on the first call. The contents of $_SERVER includes a mix of
// user-specific and system information that varies a little with each page.
if (!isset($random_state)) {
$random_state = print_r($_SERVER, true);
if (function_exists('getmypid')) {
// Further initialize with the somewhat random PHP process ID.
$random_state .= getmypid();
}
$bytes = '';
}
do {
$random_state = hash('sha256', microtime() . mt_rand() . $random_state);
$bytes .= hash('sha256', mt_rand() . $random_state, true);
} while (strlen($bytes) < $count);
}
}
$output = substr($bytes, 0, $count);
$bytes = substr($bytes, $count);
return $output;
}
/**
* Generates a random base 64-encoded salt prefixed with settings for the hash.
*
* Proper use of salts may defeat a number of attacks, including:
* - The ability to try candidate passwords against multiple hashes at once.
* - The ability to use pre-hashed lists of candidate passwords.
* - The ability to determine whether two users have the same (or different)
* password without actually having to guess one of the passwords.
*
* @param $count_log2
* Integer that determines the number of iterations used in the hashing
* process. A larger value is more secure, but takes more time to complete.
*
* @return
* A 12 character string containing the iteration count and a random salt.
*/
function _password_generate_salt($count_log2)
{
$output = '$S$';
// Ensure that $count_log2 is within set bounds.
$count_log2 = _password_enforce_log2_boundaries($count_log2);
// We encode the final log2 iteration count in base 64.
$itoa64 = _password_itoa64();
$output .= $itoa64[$count_log2];
// 6 bytes is the standard salt for a portable phpass hash.
$output .= _password_base64_encode(_random_bytes(6), 6);
return $output;
}
/**
* Ensures that $count_log2 is within set bounds.
*
* @param $count_log2
* Integer that determines the number of iterations used in the hashing
* process. A larger value is more secure, but takes more time to complete.
*
* @return
* Integer within set bounds that is closest to $count_log2.
*/
function _password_enforce_log2_boundaries($count_log2)
{
if ($count_log2 < MIN_HASH_COUNT) {
return MIN_HASH_COUNT;
} elseif ($count_log2 > MAX_HASH_COUNT) {
return MAX_HASH_COUNT;
}
return (int)$count_log2;
}
/**
* Hash a password using a secure stretched hash.
*
* By using a salt and repeated hashing the password is "stretched". Its
* security is increased because it becomes much more computationally costly
* for an attacker to try to break the hash by brute-force computation of the
* hashes of a large number of plain-text words or strings to find a match.
*
* @param $algo
* The string name of a hashing algorithm usable by hash(), like 'sha256'.
* @param $password
* Plain-text password up to 512 bytes (128 to 512 UTF-8 characters) to hash.
* @param $setting
* An existing hash or the output of _password_generate_salt(). Must be
* at least 12 characters (the settings and salt).
*
* @return
* A string containing the hashed password (and salt) or FALSE on failure.
* The return string will be truncated at DRUPAL_HASH_LENGTH characters max.
*/
function _password_crypt($algo, $password, $setting)
{
// Prevent DoS attacks by refusing to hash large passwords.
if (strlen($password) > 512) {
return false;
}
// The first 12 characters of an existing hash are its setting string.
$setting = substr($setting, 0, 12);
if ($setting[0] != '$' || $setting[2] != '$') {
return false;
}
$count_log2 = _password_get_count_log2($setting);
// Hashes may be imported from elsewhere, so we allow != DRUPAL_HASH_COUNT
if ($count_log2 < MIN_HASH_COUNT || $count_log2 > MAX_HASH_COUNT) {
return false;
}
$salt = substr($setting, 4, 8);
// Hashes must have an 8 character salt.
if (strlen($salt) != 8) {
return false;
}
// Convert the base 2 logarithm into an integer.
$count = 1 << $count_log2;
// We rely on the hash() function being available in PHP 5.2+.
$hash = hash($algo, $salt . $password, true);
do {
$hash = hash($algo, $hash . $password, true);
} while (--$count);
$len = strlen($hash);
$output = $setting . _password_base64_encode($hash, $len);
// _password_base64_encode() of a 16 byte MD5 will always be 22 characters.
// _password_base64_encode() of a 64 byte sha512 will always be 86 characters.
$expected = 12 + ceil((8 * $len) / 6);
return (strlen($output) == $expected) ? substr($output, 0, HASH_LENGTH) : false;
}
/**
* Parse the log2 iteration count from a stored hash or setting string.
*/
function _password_get_count_log2($setting)
{
$itoa64 = _password_itoa64();
return strpos($itoa64, $setting[3]);
}
/**
* Hash a password using a secure hash.
*
* @param $password
* A plain-text password.
* @param $count_log2
* Optional integer to specify the iteration count. Generally used only during
* mass operations where a value less than the default is needed for speed.
*
* @return
* A string containing the hashed password (and a salt), or FALSE on failure.
*/
function user_hash_password($password, $count_log2 = 0)
{
if (empty($count_log2)) {
// Use the standard iteration count.
$count_log2 = variable_get('password_count_log2', DRUPAL_HASH_COUNT);
}
return _password_crypt('sha512', $password, _password_generate_salt($count_log2));
}
/**
* Check whether a plain text password matches a stored hashed password.
*
* @param $password
* A plain-text password
* @param $hashpass
*
* @return
* TRUE or FALSE.
*/
function user_check_password($password, $hashpass)
{
$stored_hash = $hashpass;
$type = substr($stored_hash, 0, 3);
switch ($type) {
case '$S$':
// A normal Drupal 7 password using sha512.
$hash = _password_crypt('sha512', $password, $stored_hash);
break;
case '$H$':
// phpBB3 uses "$H$" for the same thing as "$P$".
case '$P$':
// A phpass password generated using md5. This is an
// imported password or from an earlier Drupal version.
$hash = _password_crypt('md5', $password, $stored_hash);
break;
default:
return false;
}
return ($hash && $stored_hash == $hash);
}

80
lib/group_sql.php
View File

@@ -2,7 +2,6 @@
namespace OCA\user_sql;
use \OCA\user_sql\lib\Helper;
use OCP\Util;
class OC_GROUP_SQL extends \OC_Group_Backend implements \OCP\GroupInterface
@@ -12,85 +11,78 @@ class OC_GROUP_SQL extends \OC_Group_Backend implements \OCP\GroupInterface
public function __construct()
{
$this -> helper = new \OCA\user_sql\lib\Helper();
$this->helper = new \OCA\user_sql\lib\Helper();
$domain = \OC::$server->getRequest()->getServerHost();
$this -> settings = $this -> helper -> loadSettingsForDomain($domain);
$this -> helper -> connectToDb($this -> settings);
$this->settings = $this->helper->loadSettingsForDomain($domain);
$this->helper->connectToDb($this->settings);
return false;
}
public function getUserGroups($uid) {
if(empty($this -> settings['sql_group_table']))
{
public function getUserGroups($uid)
{
if (empty($this->settings['sql_group_table'])) {
Util::writeLog('OC_USER_SQL', "Group table not configured", Util::DEBUG);
return [];
}
$rows = $this -> helper -> runQuery('getUserGroups', array('uid' => $uid), false, true);
if($rows === false)
{
$rows = $this->helper->runQuery('getUserGroups', array('uid' => $uid), false, true);
if ($rows === false) {
Util::writeLog('OC_USER_SQL', "Found no group", Util::DEBUG);
return [];
}
$groups = array();
foreach($rows as $row)
{
$groups[] = $row[$this -> settings['col_group_name']];
}
foreach ($rows as $row) {
$groups[] = $row[$this->settings['col_group_name']];
}
return $groups;
}
public function getGroups($search = '', $limit = null, $offset = null) {
if(empty($this -> settings['sql_group_table']))
{
public function getGroups($search = '', $limit = null, $offset = null)
{
if (empty($this->settings['sql_group_table'])) {
return [];
}
$search = "%".$search."%";
$rows = $this -> helper -> runQuery('getGroups', array('search' => $search), false, true, array('limit' => $limit, 'offset' => $offset));
if($rows === false)
{
$search = "%" . $search . "%";
$rows = $this->helper->runQuery('getGroups', array('search' => $search), false, true,
array('limit' => $limit, 'offset' => $offset));
if ($rows === false) {
return [];
}
}
$groups = array();
foreach($rows as $row)
{
$groups[] = $row[$this -> settings['col_group_name']];
}
foreach ($rows as $row) {
$groups[] = $row[$this->settings['col_group_name']];
}
return $groups;
}
public function usersInGroup($gid, $search = '', $limit = null, $offset = null) {
if(empty($this -> settings['sql_group_table']))
{
public function usersInGroup($gid, $search = '', $limit = null, $offset = null)
{
if (empty($this->settings['sql_group_table'])) {
Util::writeLog('OC_USER_SQL', "Group table not configured", Util::DEBUG);
return [];
}
$rows = $this -> helper -> runQuery('getGroupUsers', array('gid' => $gid), false, true);
if($rows === false)
{
$rows = $this->helper->runQuery('getGroupUsers', array('gid' => $gid), false, true);
if ($rows === false) {
Util::writeLog('OC_USER_SQL', "Found no users for group", Util::DEBUG);
return [];
}
$users = array();
foreach($rows as $row)
{
$users[] = $row[$this -> settings['col_group_username']];
}
foreach ($rows as $row) {
$users[] = $row[$this->settings['col_group_username']];
}
return $users;
}
public function countUsersInGroup($gid, $search = '') {
if(empty($this -> settings['sql_group_table']))
{
public function countUsersInGroup($gid, $search = '')
{
if (empty($this->settings['sql_group_table'])) {
return 0;
}
$search = "%".$search."%";
$count = $this -> helper -> runQuery('countUsersInGroup', array('gid' => $gid, 'search' => $search));
if($count === false)
{
$search = "%" . $search . "%";
$count = $this->helper->runQuery('countUsersInGroup', array('gid' => $gid, 'search' => $search));
if ($count === false) {
return 0;
} else {
return intval(reset($count));
}
}
}
?>

226
lib/helper.php
View File

@@ -1,7 +1,7 @@
<?php
/**
* nextCloud - user_sql
* Nextcloud - user_sql
*
* @author Andreas Böhler and contributors
* @copyright 2012-2015 Andreas Böhler <dev (at) aboehler (dot) at>
@@ -22,10 +22,12 @@
*/
namespace OCA\user_sql\lib;
use OCP\IConfig;
use OCP\Util;
class Helper {
class Helper
{
protected $db;
protected $db_conn;
@@ -85,15 +87,13 @@ class Helper {
{
Util::writeLog('OC_USER_SQL', "Trying to load settings for domain: " . $domain, Util::DEBUG);
$settings = array();
$sql_host = \OC::$server->getConfig()->getAppValue('user_sql', 'sql_hostname_'.$domain, '');
if($sql_host === '')
{
$sql_host = \OC::$server->getConfig()->getAppValue('user_sql', 'sql_hostname_' . $domain, '');
if ($sql_host === '') {
$domain = 'default';
}
$params = $this -> getParameterArray();
foreach($params as $param)
{
$settings[$param] = \OC::$server->getConfig()->getAppValue('user_sql', $param.'_'.$domain, '');
$params = $this->getParameterArray();
foreach ($params as $param) {
$settings[$param] = \OC::$server->getConfig()->getAppValue('user_sql', $param . '_' . $domain, '');
}
Util::writeLog('OC_USER_SQL', "Loaded settings for domain: " . $domain, Util::DEBUG);
return $settings;
@@ -111,159 +111,157 @@ class Helper {
public function runQuery($type, $params, $execOnly = false, $fetchArray = false, $limits = array())
{
Util::writeLog('OC_USER_SQL', "Entering runQuery for type: " . $type, Util::DEBUG);
if(!$this -> db_conn)
if (!$this->db_conn) {
return false;
}
switch($type)
{
switch ($type) {
case 'getHome':
$query = "SELECT ".$this->settings['col_gethome']." FROM ".$this->settings['sql_table']." WHERE ".$this->settings['col_username']." = :uid";
break;
$query = "SELECT " . $this->settings['col_gethome'] . " FROM " . $this->settings['sql_table'] . " WHERE " . $this->settings['col_username'] . " = :uid";
break;
case 'getMail':
$query = "SELECT ".$this->settings['col_email']." FROM ".$this->settings['sql_table']." WHERE ".$this->settings['col_username']." = :uid";
break;
$query = "SELECT " . $this->settings['col_email'] . " FROM " . $this->settings['sql_table'] . " WHERE " . $this->settings['col_username'] . " = :uid";
break;
case 'setMail':
$query = "UPDATE ".$this->settings['sql_table']." SET ".$this->settings['col_email']." = :currMail WHERE ".$this->settings['col_username']." = :uid";
break;
$query = "UPDATE " . $this->settings['sql_table'] . " SET " . $this->settings['col_email'] . " = :currMail WHERE " . $this->settings['col_username'] . " = :uid";
break;
case 'getPass':
$query = "SELECT ".$this->settings['col_password']." FROM ".$this->settings['sql_table']." WHERE ".$this->settings['col_username']." = :uid";
if($this -> settings['col_active'] !== '')
$query .= " AND " .($this -> settings['set_active_invert'] === 'true' ? "NOT " : "" ) . $this -> settings['col_active'];
break;
$query = "SELECT " . $this->settings['col_password'] . " FROM " . $this->settings['sql_table'] . " WHERE " . $this->settings['col_username'] . " = :uid";
if ($this->settings['col_active'] !== '') {
$query .= " AND " . ($this->settings['set_active_invert'] === 'true' ? "NOT " : "") . $this->settings['col_active'];
}
break;
case 'setPass':
$query = "UPDATE ".$this->settings['sql_table']." SET ".$this->settings['col_password']." = :enc_password WHERE ".$this->settings['col_username'] ." = :uid";
break;
$query = "UPDATE " . $this->settings['sql_table'] . " SET " . $this->settings['col_password'] . " = :enc_password WHERE " . $this->settings['col_username'] . " = :uid";
break;
case 'getRedmineSalt':
$query = "SELECT salt FROM ".$this->settings['sql_table']." WHERE ".$this->settings['col_username'] ." = :uid;";
break;
$query = "SELECT salt FROM " . $this->settings['sql_table'] . " WHERE " . $this->settings['col_username'] . " = :uid;";
break;
case 'countUsers':
$query = "SELECT COUNT(*) FROM ".$this->settings['sql_table']." WHERE ".$this->settings['col_username'] ." LIKE :search";
if($this -> settings['col_active'] !== '')
$query .= " AND " .($this -> settings['set_active_invert'] === 'true' ? "NOT " : "" ) . $this -> settings['col_active'];
break;
$query = "SELECT COUNT(*) FROM " . $this->settings['sql_table'] . " WHERE " . $this->settings['col_username'] . " LIKE :search";
if ($this->settings['col_active'] !== '') {
$query .= " AND " . ($this->settings['set_active_invert'] === 'true' ? "NOT " : "") . $this->settings['col_active'];
}
break;
case 'getUsers':
$query = "SELECT ".$this->settings['col_username']." FROM ".$this->settings['sql_table'];
$query .= " WHERE ".$this->settings['col_username']." LIKE :search";
if($this -> settings['col_active'] !== '')
$query .= " AND " .($this -> settings['set_active_invert'] === 'true' ? "NOT " : "" ) . $this -> settings['col_active'];
$query .= " ORDER BY ".$this->settings['col_username'];
break;
$query = "SELECT " . $this->settings['col_username'] . " FROM " . $this->settings['sql_table'];
$query .= " WHERE " . $this->settings['col_username'] . " LIKE :search";
if ($this->settings['col_active'] !== '') {
$query .= " AND " . ($this->settings['set_active_invert'] === 'true' ? "NOT " : "") . $this->settings['col_active'];
}
$query .= " ORDER BY " . $this->settings['col_username'];
break;
case 'userExists':
$query = "SELECT ".$this->settings['col_username']." FROM ".$this->settings['sql_table']." WHERE ".$this->settings['col_username']." = :uid";
if($this -> settings['col_active'] !== '')
$query .= " AND " .($this -> settings['set_active_invert'] === 'true' ? "NOT " : "" ) . $this -> settings['col_active'];
break;
$query = "SELECT " . $this->settings['col_username'] . " FROM " . $this->settings['sql_table'] . " WHERE " . $this->settings['col_username'] . " = :uid";
if ($this->settings['col_active'] !== '') {
$query .= " AND " . ($this->settings['set_active_invert'] === 'true' ? "NOT " : "") . $this->settings['col_active'];
}
break;
case 'getDisplayName':
$query = "SELECT ".$this->settings['col_displayname']." FROM ".$this->settings['sql_table']." WHERE ".$this->settings['col_username']." = :uid";
if($this -> settings['col_active'] !== '')
$query .= " AND " .($this -> settings['set_active_invert'] === 'true' ? "NOT " : "" ) . $this -> settings['col_active'];
break;
$query = "SELECT " . $this->settings['col_displayname'] . " FROM " . $this->settings['sql_table'] . " WHERE " . $this->settings['col_username'] . " = :uid";
if ($this->settings['col_active'] !== '') {
$query .= " AND " . ($this->settings['set_active_invert'] === 'true' ? "NOT " : "") . $this->settings['col_active'];
}
break;
case 'mysqlEncryptSalt':
$query = "SELECT ENCRYPT(:pw, :salt);";
break;
break;
case 'mysqlEncrypt':
$query = "SELECT ENCRYPT(:pw);";
break;
break;
case 'mysqlPassword':
$query = "SELECT PASSWORD(:pw);";
break;
break;
case 'getUserGroups':
$query = "SELECT ".$this->settings['col_group_name']." FROM ".$this->settings['sql_group_table']." WHERE ".$this->settings['col_group_username']." = :uid";
break;
$query = "SELECT " . $this->settings['col_group_name'] . " FROM " . $this->settings['sql_group_table'] . " WHERE " . $this->settings['col_group_username'] . " = :uid";
break;
case 'getGroups':
$query = "SELECT distinct ".$this->settings['col_group_name']." FROM ".$this->settings['sql_group_table']." WHERE ".$this->settings['col_group_name']." LIKE :search";
break;
$query = "SELECT distinct " . $this->settings['col_group_name'] . " FROM " . $this->settings['sql_group_table'] . " WHERE " . $this->settings['col_group_name'] . " LIKE :search";
break;
case 'getGroupUsers':
$query = "SELECT distinct ".$this->settings['col_group_username']." FROM ".$this->settings['sql_group_table']." WHERE ".$this->settings['col_group_name']." = :gid";
break;
$query = "SELECT distinct " . $this->settings['col_group_username'] . " FROM " . $this->settings['sql_group_table'] . " WHERE " . $this->settings['col_group_name'] . " = :gid";
break;
case 'countUsersInGroup':
$query = "SELECT count(".$this->settings['col_group_username'].") FROM ".$this->settings['sql_group_table']." WHERE ".$this->settings['col_group_name']." = :gid AND ".$this->settings['col_group_username']." LIKE :search";
break;
$query = "SELECT count(" . $this->settings['col_group_username'] . ") FROM " . $this->settings['sql_group_table'] . " WHERE " . $this->settings['col_group_name'] . " = :gid AND " . $this->settings['col_group_username'] . " LIKE :search";
break;
}
if(isset($limits['limit']) && $limits['limit'] !== null)
{
if (isset($limits['limit']) && $limits['limit'] !== null) {
$limit = intval($limits['limit']);
$query .= " LIMIT ".$limit;
$query .= " LIMIT " . $limit;
}
if(isset($limits['offset']) && $limits['offset'] !== null)
{
if (isset($limits['offset']) && $limits['offset'] !== null) {
$offset = intval($limits['offset']);
$query .= " OFFSET ".$offset;
$query .= " OFFSET " . $offset;
}
Util::writeLog('OC_USER_SQL', "Preparing query: $query", Util::DEBUG);
$result = $this -> db -> prepare($query);
foreach($params as $param => $value)
{
$result -> bindValue(":".$param, $value);
$result = $this->db->prepare($query);
foreach ($params as $param => $value) {
$result->bindValue(":" . $param, $value);
}
Util::writeLog('OC_USER_SQL', "Executing query...", Util::DEBUG);
if(!$result -> execute())
{
$err = $result -> errorInfo();
if (!$result->execute()) {
$err = $result->errorInfo();
Util::writeLog('OC_USER_SQL', "Query failed: " . $err[2], Util::DEBUG);
return false;
}
if($execOnly === true)
{
if ($execOnly === true) {
return true;
}
Util::writeLog('OC_USER_SQL', "Fetching result...", Util::DEBUG);
if($fetchArray === true)
$row = $result -> fetchAll();
else
$row = $result -> fetch();
if ($fetchArray === true) {
$row = $result->fetchAll();
} else {
$row = $result->fetch();
}
if(!$row)
{
if (!$row) {
return false;
}
return $row;
}
/**
* Connect to the database using ownCloud's DBAL
* Connect to the database using Nextcloud's DBAL
* @param array $settings The settings for the connection
* @return bool
*/
public function connectToDb($settings)
{
$this -> settings = $settings;
$this->settings = $settings;
$cm = new \OC\DB\ConnectionFactory(\OC::$server->getSystemConfig());
$parameters = array('host' => $this -> settings['sql_hostname'],
'password' => $this -> settings['sql_password'],
'user' => $this -> settings['sql_username'],
'dbname' => $this -> settings['sql_database'],
'tablePrefix' => ''
);
try
{
$this -> db = $cm -> getConnection($this -> settings['sql_driver'], $parameters);
$this -> db -> query("SET NAMES 'UTF8'");
$this -> db_conn = true;
$parameters = array(
'host' => $this->settings['sql_hostname'],
'password' => $this->settings['sql_password'],
'user' => $this->settings['sql_username'],
'dbname' => $this->settings['sql_database'],
'tablePrefix' => ''
);
try {
$this->db = $cm->getConnection($this->settings['sql_driver'], $parameters);
$this->db->query("SET NAMES 'UTF8'");
$this->db_conn = true;
return true;
}
catch (\Exception $e)
{
Util::writeLog('OC_USER_SQL', 'Failed to connect to the database: ' . $e -> getMessage(), Util::ERROR);
$this -> db_conn = false;
} catch (\Exception $e) {
Util::writeLog('OC_USER_SQL', 'Failed to connect to the database: ' . $e->getMessage(), Util::ERROR);
$this->db_conn = false;
return false;
}
}
@@ -275,24 +273,24 @@ class Helper {
* @param string $table The table name to check
* @param array $cols The columns to check
* @param array True if found, otherwise false
* @return bool|string
*/
public function verifyColumns($parameters, $sql_driver, $table, $cols)
{
$columns = $this->getColumns($parameters, $sql_driver, $table);
$res = true;
$err = '';
foreach($cols as $col)
{
if(!in_array($col, $columns, true))
{
foreach ($cols as $col) {
if (!in_array($col, $columns, true)) {
$res = false;
$err .= $col.' ';
$err .= $col . ' ';
}
}
if($res)
if ($res) {
return true;
else
} else {
return $err;
}
}
/**
@@ -301,6 +299,7 @@ class Helper {
* @param string $sql_driver The SQL driver to use
* @param string $table The table name to check
* @param array True if found, otherwise false
* @return bool
*/
public function verifyTable($parameters, $sql_driver, $table)
{
@@ -320,8 +319,8 @@ class Helper {
{
$cm = new \OC\DB\ConnectionFactory(\OC::$server->getSystemConfig());
try {
$conn = $cm -> getConnection($sql_driver, $parameters);
$platform = $conn -> getDatabasePlatform();
$conn = $cm->getConnection($sql_driver, $parameters);
$platform = $conn->getDatabasePlatform();
$queryTables = $platform->getListTablesSQL();
$queryViews = $platform->getListViewsSQL($parameters['dbname']);
@@ -339,9 +338,7 @@ class Helper {
$ret[] = $name;
}
return $ret;
}
catch(\Exception $e)
{
} catch (\Exception $e) {
return array();
}
}
@@ -404,13 +401,12 @@ class Helper {
{
$cm = new \OC\DB\ConnectionFactory(\OC::$server->getSystemConfig());
try {
$conn = $cm -> getConnection($sql_driver, $parameters);
$platform = $conn -> getDatabasePlatform();
$query = $platform -> getListTableColumnsSQL($table);
$result = $conn -> executeQuery($query);
$conn = $cm->getConnection($sql_driver, $parameters);
$platform = $conn->getDatabasePlatform();
$query = $platform->getListTableColumnsSQL($table);
$result = $conn->executeQuery($query);
$ret = array();
while($row = $result -> fetch())
{
while ($row = $result->fetch()) {
switch ($sql_driver) {
case 'mysql':
$name = $row['Field'];
@@ -424,12 +420,8 @@ class Helper {
$ret[] = $name;
}
return $ret;
}
catch(\Exception $e)
{
} catch (\Exception $e) {
return array();
}
}
}

838
lib/user_sql.php
View File

File diff suppressed because it is too large Load Diff