3
* Web based SQLite management
4
* Class for manage user authentification
5
* @package SQLiteManager
6
* @author Frédéric HENNINOT
31
function SQLiteAuth(){
32
if($GLOBALS['action'] == 'logout') {
33
$_SESSION['SQLiteManagerConnected'] = false;
34
unset($_SESSION['SQLiteManagerUserId']);
35
$_SESSION['oldUser'] = $_SERVER['PHP_AUTH_USER'];
36
session_write_close();
37
echo "<script type=\"text/javascript\">parent.location='index.php';</script>";
40
if(!isset($_SESSION['SQLiteManagerConnected']) || !$_SESSION['SQLiteManagerConnected']){
41
if((isset($_SESSION['oldUser']) && ($_SESSION['oldUser'] == $_SERVER['PHP_AUTH_USER'])) || !isset($_SERVER['PHP_AUTH_USER'])) {
42
unset($_SESSION['oldUser']);
43
$this->authenticate();
45
$this->checkExistTable();
46
$this->userInformation = $this->getAuthParam();
47
$this->user = $_SESSION['SQLiteManagerUserId'] = $this->userInformation['user_id'];
48
$_SESSION['SQLiteManagerConnected'] = true;
51
$this->userInformation = $this->getAuthParam();
52
$this->user = $_SESSION['SQLiteManagerUserId'] = $this->userInformation['user_id'];
58
* get user connected information
62
function getAuthParam(){
63
if(isset($_SERVER['PHP_AUTH_USER'])) $login = $_SERVER['PHP_AUTH_USER'];
65
if(isset($_SERVER['PHP_AUTH_PW'])) $passwd = $_SERVER['PHP_AUTH_PW'];
67
$query = ' SELECT user_id, user_name, user_passwd, del, empty, export, data, execSQL, properties, groupe_name, groupe_id
69
WHERE user_groupe_id = groupe_id
70
AND user_login='.quotes($login);
71
$infoUser = $GLOBALS["db"]->array_query($query);
72
if(empty($infoUser)) {
73
$_SESSION['SQLiteManagerConnected'] = false;
74
unset($_SESSION['SQLiteManagerUserId']);
75
$_SESSION['oldUser'] = $_SERVER['PHP_AUTH_USER'];
76
displayError($GLOBALS['traduct']->get(148));
80
if(count($infoUser)>1) {
81
foreach($infoUser as $infoNum=>$infoOneUser){
82
if($infoOneUser['user_passwd'] == md5($passwd)){
87
} elseif($infoUser[0]['user_passwd'] == md5($passwd)) $passwdOk = true;
89
$_SESSION['oldUser'] = $_SERVER['PHP_AUTH_USER'];
90
displayError($GLOBALS['traduct']->get(149));
94
if(!isset($numUser)) $numUser = 0;
95
return $infoUser[$numUser];
99
* Send HTTP authentification FORM
103
function authenticate(){
104
header('WWW-Authenticate: Basic realm="SQLiteManager"');
105
header('HTTP/1.0 401 Unauthorized');
106
displayError($GLOBALS['traduct']->get(147));
111
* upgrade config database if not exist table 'users' and 'groupes'
115
function checkExistTable(){
116
$existTables = $GLOBALS['db']->array_query("SELECT name FROM sqlite_master WHERE type='table' AND (name='users' OR name='groupes');", SQLITE_ASSOC);
117
if(empty($existTables) || (count($existTables)!=2)) {
118
// create table for attachment management
119
$query[] = "CREATE TABLE users ( user_id INTEGER PRIMARY KEY, user_groupe_id INTEGER, user_name VARCHAR(50), user_login VARCHAR(50) , user_passwd VARCHAR(32) );";
120
$query[] = "INSERT INTO users VALUES ('1', '1', 'admin', 'admin', '21232f297a57a5a743894a0e4a801fc3');";
121
$query[] = "INSERT INTO users VALUES ('2', '2', 'data', 'data', '8d777f385d3dfec8815d20f7496026dc');";
122
$query[] = "INSERT INTO users VALUES ('3', '3', 'guest', 'guest', '084e0343a0486ff05530df6c705c8bb4');";
123
$query[] = "CREATE TABLE groupes ( groupe_id INTEGER PRIMARY KEY, groupe_name VARCHAR(50), properties TINYINT , execSQL TINYINT , data TINYINT , export TINYINT , empty TINYINT , del TINYINT );";
124
$query[] = "INSERT INTO groupes VALUES ('1', 'Admin', '1', '1', '1', '1', '1', '1');";
125
$query[] = "INSERT INTO groupes VALUES ('2', 'datamanager', '0', '0', '1', '1', '0', '0');";
126
$query[] = "INSERT INTO groupes VALUES ('3', 'user', '0', '0', '0', '0', '0', '0');";
127
foreach($query as $req) $GLOBALS["db"]->query($req);
137
function getGroupeId(){
138
if(is_array($this->userInformation) && !empty($this->userInformation))
139
return $this->userInformation['groupe_id'];
143
* return true if 'Admin'
148
if(is_array($this->userInformation) && !empty($this->userInformation)) {
149
if($this->userInformation['groupe_id']==1) return true;
155
* Return acces controle for module
158
* @param string $module module name
160
function getAccess($module){
161
if(is_array($this->userInformation) && !empty($this->userInformation))
162
if(isset($this->userInformation[$module])) return $this->userInformation[$module];
167
* Manage Groupe and user
171
function manageAuth(){
172
if(!isset($GLOBALS['auth_action'])) $GLOBALS['auth_action'] = '';
173
echo '<h2>'.$GLOBALS['traduct']->get(190).'</h2>';
174
switch($GLOBALS['auth_action']){
178
$this->viewPrivileges();
182
$this->viewPrivileges(true);
185
if($_REQUEST['user']!=1) $GLOBALS['db']->query('DELETE FROM users WHERE user_id='.$_REQUEST['user']);
186
$this->viewPrivileges();
192
$this->viewPrivileges(false, true);
195
if($_REQUEST['groupe']!=1) $GLOBALS['db']->query('DELETE FROM groupes WHERE groupe_id='.$_REQUEST['groupe']);
196
$this->viewPrivileges();
199
if(!empty($_POST['name']) && !empty($_POST['login']) && !empty($_POST['groupe_id'])){
200
if(isset($_REQUEST['user']) && !empty($_REQUEST['user'])){
201
$query = 'UPDATE users SET user_groupe_id='.$_POST['groupe_id'].', user_name='.quotes($_POST['name']).', user_login='.quotes($_POST['login']).' WHERE user_id='.$_POST['user'];
203
$query = 'INSERT INTO users (user_name, user_login, user_groupe_id, user_passwd) VALUES ('.quotes($_POST['name']).', '.quotes($_POST['login']).', '.$_POST["groupe_id"].', '.quotes(md5('')).');';
205
if(!empty($query)) $GLOBALS['db']->query($query);
207
$this->viewPrivileges();
210
if(!empty($_POST['groupe_name'])){
211
if(isset($_REQUEST['groupe']) && !empty($_REQUEST['groupe'])){
212
$query = ' UPDATE groupes ' .
213
' SET groupe_name='.quotes($_POST['groupe_name']).',' .
214
' properties='.$_POST['properties'].', ' .
215
' execSQL='.$_POST['execSQL'].', ' .
216
' data='.$_POST['data'].', ' .
217
' export='.$_POST['export'].', ' .
218
' empty='.$_POST['empty'].', ' .
219
' del='.$_POST['del'].
220
' WHERE groupe_id='.$_REQUEST['groupe'];
222
$query = 'INSERT INTO groupes (groupe_name, properties, execSQL, data, export, empty, del) '.
223
'VALUES ('.quotes($_POST['groupe_name']).', '.quotes($_POST['properties']).', '.quotes($_POST['execSQL']).', '.quotes($_POST['data']).', '.quotes($_POST['export']).', '.quotes($_POST['empty']).', '.quotes($_POST['del']).')';
226
$GLOBALS['db']->query($query);
229
$this->viewPrivileges();
235
* View all privileges information
239
function viewPrivileges($withFormUser=false, $withFormGroupe=false){
240
$query = ' SELECT user_id, user_name AS '.quotes($GLOBALS['traduct']->get(163)).',
241
user_login AS '.quotes($GLOBALS['traduct']->get(164)).',
242
groupe_name AS '.quotes($GLOBALS['traduct']->get(165)).'
243
FROM users, groupes WHERE user_groupe_id=groupe_id;';
244
include_once INCLUDE_LIB.'SQLiteToGrid.class.php';
245
$tabUser =& new SQLiteToGrid($GLOBALS['db'], $query, 'PrivUser', true, 10, '95%');
246
$tabUser->enableSortStyle(false);
247
$tabUser->hideColumn(0);
248
$tabUser->setGetVars('?action=auth');
249
if($tabUser->getNbRecord()<=10) $tabUser->disableNavBarre();
250
$tabUser->addCalcColumn($GLOBALS['traduct']->get(33), ' <a href="?action=auth&auth_action=modifyUser&user=#%0%#" class="Browse">'.displayPics('edit.png', $GLOBALS['traduct']->get(14)).'</a>
251
<a href="?action=auth&auth_action=deleteUser&user=#%0%#" class="Browse">'.displayPics('edittrash.png', $GLOBALS['traduct']->get(15)).'</a>
252
<a href="?action=auth&auth_action=passwdUser&user=#%0%#" class="Browse">'.displayPics('encrypted.png', $GLOBALS['traduct']->get(157)).'</a> ', 'center', 999);
253
$tabUser->addCaption('bottom', '<a href="?action=auth&auth_action=addUser" class="Browse">'.$GLOBALS['traduct']->get(159).'</a>');
254
$tabUser->disableOnClick();
257
// ------------------------------------------------------------------------
258
$query = 'SELECT groupe_id, groupe_name AS '.quotes($GLOBALS['traduct']->get(163)).',
259
CASE properties WHEN 1 THEN '.quotes($GLOBALS['traduct']->get(191)).' ELSE '.quotes($GLOBALS['traduct']->get(192)).' END AS '.quotes($GLOBALS['traduct']->get(61)).',
260
CASE execSQL WHEN 1 THEN '.quotes($GLOBALS['traduct']->get(191)).' ELSE '.quotes($GLOBALS['traduct']->get(192)).' END AS '.quotes($GLOBALS['traduct']->get(166)).',
261
CASE data WHEN 1 THEN '.quotes($GLOBALS['traduct']->get(191)).' ELSE '.quotes($GLOBALS['traduct']->get(192)).' END AS '.quotes($GLOBALS['traduct']->get(167)).',
262
CASE export WHEN 1 THEN '.quotes($GLOBALS['traduct']->get(191)).' ELSE '.quotes($GLOBALS['traduct']->get(192)).' END AS '.quotes($GLOBALS['traduct']->get(168)).',
263
CASE empty WHEN 1 THEN '.quotes($GLOBALS['traduct']->get(191)).' ELSE '.quotes($GLOBALS['traduct']->get(192)).' END AS '.quotes($GLOBALS['traduct']->get(169)).',
264
CASE del WHEN 1 THEN '.quotes($GLOBALS['traduct']->get(191)).' ELSE '.quotes($GLOBALS['traduct']->get(192)).' END AS '.quotes($GLOBALS['traduct']->get(170)).'
266
include_once INCLUDE_LIB.'SQLiteToGrid.class.php';
267
$tabGroupe =& new SQLiteToGrid($GLOBALS['db'], $query, 'PrivGroupe', true, 10, '95%');
268
$tabGroupe->enableSortStyle(false);
269
$tabGroupe->hideColumn(0);
270
$tabGroupe->setGetVars('?action=auth');
271
if($tabGroupe->getNbRecord()<=10) $tabGroupe->disableNavBarre();
272
$tabGroupe->addCalcColumn($GLOBALS['traduct']->get(33), ' <a href="?action=auth&auth_action=modifyGroupe&groupe=#%0%#" class="Browse">'.displayPics('edit.png', $GLOBALS['traduct']->get(14)).'</a>
273
<a href="?action=auth&auth_action=deleteGroupe&groupe=#%0%#" class="Browse">'.displayPics('edittrash.png', $GLOBALS['traduct']->get(15)).'</a> ', 'center', 999);
274
$tabGroupe->addCaption('bottom', '<a href="?action=auth&auth_action=addGroupe" class="Browse">'.$GLOBALS['traduct']->get(160).'</a>');
275
$tabGroupe->disableOnClick();
278
echo '<table align="center" class="Browse"><tr><td align="center" valign="top">';
279
echo '<div class="Rights"><div style="text-align: center;">'.$GLOBALS['traduct']->get(161).'</div>';
282
echo '<hr style="border: 1px dashed black; width: 90%;">';
285
if(isset($_REQUEST['auth_action']) && ($_REQUEST['auth_action'] == 'passwdUser')) {
286
echo '<hr style="border: 1px dashed black; width: 90%;">';
287
$this->changePasswd();
290
echo '<td align="center" valign="top">';
291
echo '<div class="Rights"><div align="center">'.$GLOBALS['traduct']->get(162).'</div>';
294
echo '<hr style="border: 1px dashed black; width: 90%;">';
297
echo '</div></td></tr></table>';
302
* Get user's information
305
* @param int $user user ID
308
function getUserInfo($user){
309
if(isset($_POST) && isset($_POST["user"])){
310
$out[0]["user_name"] = $_POST["user_name"];
311
$out[0]["user_login"] = $_POST["user_login"];
312
$out[0]["user_groupe_id"] = $_POST["user_groupe_id"];
315
$query = "SELECT user_name, user_login, user_groupe_id FROM users WHERE user_id=".$user;
316
$out = $GLOBALS["db"]->array_query($query);
322
* Get groupe's information
325
* @param int $group groupe_id
328
function getGroupeInfo($group){
329
$query = "SELECT * FROM groupes WHERE groupe_id=".$group;
330
$out = $GLOBALS["db"]->array_query($query);
340
if(isset($_REQUEST["user"])) $dataUser = $this->getUserInfo($_REQUEST["user"]);
341
$groupeList = $GLOBALS["db"]->array_query("SELECT groupe_id, groupe_name FROM groupes");
342
foreach($groupeList as $groupe) $dataGroupe[$groupe["groupe_id"]] = $groupe["groupe_name"];
343
echo "<form name='user' method='POST' action='main.php' target='main'>
344
<table style='font-size: 10px'>
345
<tr><td>".$GLOBALS["traduct"]->get(163)."</td><td><input type='text' class='text' name='name' value='".((!empty($dataUser))? $dataUser["user_name"] : "" )."'></td></tr>
346
<tr><td>".$GLOBALS["traduct"]->get(164)."</td><td><input type='text' class='text' name='login' value='".((!empty($dataUser))? $dataUser["user_login"] : "" )."'></td></tr>
347
<tr><td>".$GLOBALS["traduct"]->get(165)."</td><td>".createSelect($dataGroupe, "groupe_id", ((!empty($dataUser))? $dataUser["user_groupe_id"] : "" ))."</td></tr>
348
<tr><td colspan=2 align='center'><input class='button' type='submit' value='".$GLOBALS["traduct"]->get(51)."'></td>
350
<input type='hidden' name='action' value='".$GLOBALS["action"]."'>
351
<input type='hidden' name='user' value='".((isset($GLOBALS["user"]))? $GLOBALS["user"] : "" )."'>
352
<input type='hidden' name='auth_action' value='saveUser'>
358
* Display Groupe formGroupe
362
function formGroupe(){
363
if(isset($_REQUEST["groupe"])) $dataGroupe = $this->getGroupeInfo($_REQUEST["groupe"]);
364
else $dataGroupe = array();
365
if(isset($dataGroupe["groupe_name"])) $groupeName = $dataGroupe["groupe_name"];
366
else $groupeName = "";
367
if(!isset($dataGroupe["properties"])){
368
$dataGroupe["properties"] = $dataGroupe["execSQL"] = $dataGroupe["data"] = $dataGroupe["export"] = $dataGroupe["empty"] = $dataGroupe["del"] = 0;
370
echo "<form name='groupe' method='POST' action='main.php' target='main'>
371
<table style='font-size: 10px'>
372
<tr><td>".$GLOBALS["traduct"]->get(163)."</td><td><input type='text' class='text' name='groupe_name' value='".$groupeName."'></td></tr>
373
<tr><td>".$GLOBALS["traduct"]->get(61)."</td><td><input type='radio' name='properties' value=1".(($dataGroupe["properties"])? " checked" : "" )."> Oui".str_repeat(" ", 5)."<input type='radio' name='properties' value=0".((!$dataGroupe["properties"])? " checked" : "" )."> Non</td></tr>
374
<tr><td>".$GLOBALS["traduct"]->get(166)."</td><td><input type='radio' name='execSQL' value=1".(($dataGroupe["execSQL"])? " checked" : "" )."> Oui".str_repeat(" ", 5)."<input type='radio' name='execSQL' value=0".((!$dataGroupe["execSQL"])? " checked" : "" )."> Non</td></tr>
375
<tr><td>".$GLOBALS["traduct"]->get(167)."</td><td><input type='radio' name='data' value=1".(($dataGroupe["data"])? " checked" : "" )."> Oui".str_repeat(" ", 5)."<input type='radio' name='data' value=0".((!$dataGroupe["data"])? " checked" : "" )."> Non</td></tr>
376
<tr><td>".$GLOBALS["traduct"]->get(168)."</td><td><input type='radio' name='export' value=1".(($dataGroupe["export"])? " checked" : "" )."> Oui".str_repeat(" ", 5)."<input type='radio' name='export' value=0".((!$dataGroupe["export"])? " checked" : "" )."> Non</td></tr>
377
<tr><td>".$GLOBALS["traduct"]->get(169)."</td><td><input type='radio' name='empty' value=1".(($dataGroupe["empty"])? " checked" : "" )."> Oui".str_repeat(" ", 5)."<input type='radio' name='empty' value=0".((!$dataGroupe["empty"])? " checked" : "" )."> Non</td></tr>
378
<tr><td>".$GLOBALS["traduct"]->get(170)."</td><td><input type='radio' name='del' value=1".(($dataGroupe["del"])? " checked" : "" )."> Oui".str_repeat(" ", 5)."<input type='radio' name='del' value=0".((!$dataGroupe["del"])? " checked" : "" )."> Non</td></tr>
379
<tr><td colspan=2 align='center'><input class='button' type='submit' value='".$GLOBALS["traduct"]->get(51)."'></td>
381
<input type='hidden' name='action' value='".$GLOBALS["action"]."'>
382
<input type='hidden' name='groupe_id' value='".((isset($GLOBALS["groupe"]))? $GLOBALS["groupe"] : "" )."'>
383
<input type='hidden' name='auth_action' value='saveGroupe'>
389
* change password form
391
function changePasswd(){
394
if(isset($GLOBALS["passwd_action"]) && ($GLOBALS["passwd_action"] == "save")){
395
$query = "SELECT user_passwd FROM users WHERE user_id=".$_REQUEST["user"].";";
396
$GLOBALS['db']->query($query);
397
$passCurrent = $GLOBALS['db']->fetch_single();
398
if($passCurrent != md5($_POST["old"])){
400
$err_message = $GLOBALS["traduct"]->get(171);
401
} else if($_POST["pass"] != $_POST["confirm"]){
403
$err_message = $GLOBALS["traduct"]->get(172);
406
$query = "UPDATE users SET user_passwd='".md5($_POST["pass"])."' WHERE user_id=".$_REQUEST["user"].";";
407
$GLOBALS['db']->query($query);
408
echo '<div class="Rights" style="margin: 5px; text-align: center">'.$GLOBALS["traduct"]->get(173);
409
if(!isset($_REQUEST["auth_action"])) echo "<br><a href=\"index.php?action=logout\" target='_parent' class='Browse'>".$GLOBALS["traduct"]->get(174)."</a>";
414
if($error || !isset($GLOBALS["passwd_action"]) || ($GLOBALS["passwd_action"]=="")){
415
echo "<form name='passwd' method=POST action='main.php' target='main'>";
416
echo "<table class='tabProp' style='border: 1px solid blue; margin: 2px'>";
417
echo "<tr><td colspan=2 align='center'>".$GLOBALS["traduct"]->get(157)."</td></tr>";
419
echo "<tr><td colspan=2 align='center'><div width=80% style='border: 1px solid red'>".$err_message."</div></td></tr>";
421
echo "<tr><td align='right' style='white-space: nowrap'>".$GLOBALS["traduct"]->get(175)."</td><td> <input type='password' class='text' name='old' size=10></td></tr>";
422
echo "<tr><td align='right' style='white-space: nowrap'>".$GLOBALS["traduct"]->get(176)."</td><td> <input type='password' class='text' name='pass' size=10></td></tr>";
423
echo "<tr><td align='right' style='white-space: nowrap'>".$GLOBALS["traduct"]->get(177)."</td><td> <input type='password' class='text' name='confirm' size=10></td></tr>";
424
echo "<tr><td colspan=2 align='center'><input class='button' type='submit' value='".$GLOBALS["traduct"]->get(51)."'></td></tr>";
426
echo "<input type='hidden' name='action' value='".$GLOBALS["action"]."'>";
427
echo "<input type='hidden' name='user' value='".((isset($_REQUEST["user"]))? $_REQUEST["user"] : $_SESSION["SQLiteManagerUserId"] )."'>";
428
echo "<input type='hidden' name='passwd_action' value='save'>";
429
if(isset($GLOBALS["auth_action"])) echo "<input type='hidden' name='auth_action' value='".$GLOBALS["auth_action"]."'>";