extlib/Auth/OpenID/MDB2Store.php

   1 <?php
   2
   3 /**
   4  * SQL-backed OpenID stores for use with PEAR::MDB2.
   5  *
   6  * PHP versions 4 and 5
   7  *
   8  * LICENSE: See the COPYING file included in this distribution.
   9  *
  10  * @package OpenID
  11  * @author JanRain, Inc. <openid@janrain.com>
  12  * @copyright 2005 Janrain, Inc.
  13  * @license http://www.gnu.org/copyleft/lesser.html LGPL
  14  */
  15
  16 require_once 'MDB2.php';
  17
  18 /**
  19  * @access private
  20  */
  21 require_once 'Auth/OpenID/Interface.php';
  22
  23 /**
  24  * @access private
  25  */
  26 require_once 'Auth/OpenID.php';
  27
  28 /**
  29  * @access private
  30  */
  31 require_once 'Auth/OpenID/Nonce.php';
  32
  33 /**
  34  * This store uses a PEAR::MDB2 connection to store persistence
  35  * information.
  36  *
  37  * The table names used are determined by the class variables
  38  * associations_table_name and nonces_table_name.  To change the name
  39  * of the tables used, pass new table names into the constructor.
  40  *
  41  * To create the tables with the proper schema, see the createTables
  42  * method.
  43  *
  44  * @package OpenID
  45  */
  46 class Auth_OpenID_MDB2Store extends Auth_OpenID_OpenIDStore {
  47     /**
  48      * This creates a new MDB2Store instance.  It requires an
  49      * established database connection be given to it, and it allows
  50      * overriding the default table names.
  51      *
  52      * @param connection $connection This must be an established
  53      * connection to a database of the correct type for the SQLStore
  54      * subclass you're using.  This must be a PEAR::MDB2 connection
  55      * handle.
  56      *
  57      * @param associations_table: This is an optional parameter to
  58      * specify the name of the table used for storing associations.
  59      * The default value is 'oid_associations'.
  60      *
  61      * @param nonces_table: This is an optional parameter to specify
  62      * the name of the table used for storing nonces.  The default
  63      * value is 'oid_nonces'.
  64      */
  65     function Auth_OpenID_MDB2Store($connection,
  66                                   $associations_table = null,
  67                                   $nonces_table = null)
  68     {
  69         $this->associations_table_name = "oid_associations";
  70         $this->nonces_table_name = "oid_nonces";
  71
  72         // Check the connection object type to be sure it's a PEAR
  73         // database connection.
  74         if (!is_object($connection) ||
  75             !is_subclass_of($connection, 'mdb2_driver_common')) {
  76             trigger_error("Auth_OpenID_MDB2Store expected PEAR connection " .
  77                           "object (got ".get_class($connection).")",
  78                           E_USER_ERROR);
  79             return;
  80         }
  81
  82         $this->connection = $connection;
  83
  84         // Be sure to set the fetch mode so the results are keyed on
  85         // column name instead of column index.
  86         $this->connection->setFetchMode(MDB2_FETCHMODE_ASSOC);
  87
  88         if (@PEAR::isError($this->connection->loadModule('Extended'))) {
  89             trigger_error("Unable to load MDB2_Extended module", E_USER_ERROR);
  90             return;
  91         }
  92
  93         if ($associations_table) {
  94             $this->associations_table_name = $associations_table;
  95         }
  96
  97         if ($nonces_table) {
  98             $this->nonces_table_name = $nonces_table;
  99         }
 100
 101         $this->max_nonce_age = 6 * 60 * 60;
 102     }
 103
 104     function tableExists($table_name)
 105     {
 106         return !@PEAR::isError($this->connection->query(
 107                                   sprintf("SELECT * FROM %s LIMIT 0",
 108                                           $table_name)));
 109     }
 110
 111     function createTables()
 112     {
 113         $n = $this->create_nonce_table();
 114         $a = $this->create_assoc_table();
 115
 116         if (!$n || !$a) {
 117             return false;
 118         }
 119         return true;
 120     }
 121
 122     function create_nonce_table()
 123     {
 124         if (!$this->tableExists($this->nonces_table_name)) {
 125             switch ($this->connection->phptype) {
 126                 case "mysql":
 127                 case "mysqli":
 128                     // Custom SQL for MySQL to use InnoDB and variable-
 129                     // length keys
 130                     $r = $this->connection->exec(
 131                         sprintf("CREATE TABLE %s (\n".
 132                                 "  server_url VARCHAR(2047) NOT NULL DEFAULT '',\n".
 133                                 "  timestamp INTEGER NOT NULL,\n".
 134                                 "  salt CHAR(40) NOT NULL,\n".
 135                                 "  UNIQUE (server_url(255), timestamp, salt)\n".
 136                                 ") TYPE=InnoDB",
 137                                 $this->nonces_table_name));
 138                     if (@PEAR::isError($r)) {
 139                         return false;
 140                     }
 141                     break;
 142                 default:
 143                     if (@PEAR::isError(
 144                         $this->connection->loadModule('Manager'))) {
 145                         return false;
 146                     }
 147                     $fields = array(
 148                         "server_url" => array(
 149                             "type" => "text",
 150                             "length" => 2047,
 151                             "notnull" => true
 152                         ),
 153                         "timestamp" => array(
 154                             "type" => "integer",
 155                             "notnull" => true
 156                         ),
 157                         "salt" => array(
 158                             "type" => "text",
 159                             "length" => 40,
 160                             "fixed" => true,
 161                             "notnull" => true
 162                         )
 163                     );
 164                     $constraint = array(
 165                         "unique" => 1,
 166                         "fields" => array(
 167                             "server_url" => true,
 168                             "timestamp" => true,
 169                             "salt" => true
 170                         )
 171                     );
 172
 173                     $r = $this->connection->createTable($this->nonces_table_name,
 174                                                         $fields);
 175                     if (@PEAR::isError($r)) {
 176                         return false;
 177                     }
 178
 179                     $r = $this->connection->createConstraint(
 180                         $this->nonces_table_name,
 181                         $this->nonces_table_name . "_constraint",
 182                         $constraint);
 183                     if (@PEAR::isError($r)) {
 184                         return false;
 185                     }
 186                     break;
 187             }
 188         }
 189         return true;
 190     }
 191
 192     function create_assoc_table()
 193     {
 194         if (!$this->tableExists($this->associations_table_name)) {
 195             switch ($this->connection->phptype) {
 196                 case "mysql":
 197                 case "mysqli":
 198                     // Custom SQL for MySQL to use InnoDB and variable-
 199                     // length keys
 200                     $r = $this->connection->exec(
 201                         sprintf("CREATE TABLE %s(\n".
 202                                 "  server_url VARCHAR(2047) NOT NULL DEFAULT '',\n".
 203                                 "  handle VARCHAR(255) NOT NULL,\n".
 204                                 "  secret BLOB NOT NULL,\n".
 205                                 "  issued INTEGER NOT NULL,\n".
 206                                 "  lifetime INTEGER NOT NULL,\n".
 207                                 "  assoc_type VARCHAR(64) NOT NULL,\n".
 208                                 "  PRIMARY KEY (server_url(255), handle)\n".
 209                                 ") TYPE=InnoDB",
 210                             $this->associations_table_name));
 211                     if (@PEAR::isError($r)) {
 212                         return false;
 213                     }
 214                     break;
 215                 default:
 216                     if (@PEAR::isError(
 217                         $this->connection->loadModule('Manager'))) {
 218                         return false;
 219                     }
 220                     $fields = array(
 221                         "server_url" => array(
 222                             "type" => "text",
 223                             "length" => 2047,
 224                             "notnull" => true
 225                         ),
 226                         "handle" => array(
 227                             "type" => "text",
 228                             "length" => 255,
 229                             "notnull" => true
 230                         ),
 231                         "secret" => array(
 232                             "type" => "blob",
 233                             "length" => "255",
 234                             "notnull" => true
 235                         ),
 236                         "issued" => array(
 237                             "type" => "integer",
 238                             "notnull" => true
 239                         ),
 240                         "lifetime" => array(
 241                             "type" => "integer",
 242                             "notnull" => true
 243                         ),
 244                         "assoc_type" => array(
 245                             "type" => "text",
 246                             "length" => 64,
 247                             "notnull" => true
 248                         )
 249                     );
 250                     $options = array(
 251                         "primary" => array(
 252                             "server_url" => true,
 253                             "handle" => true
 254                         )
 255                     );
 256
 257                     $r = $this->connection->createTable(
 258                         $this->associations_table_name,
 259                         $fields,
 260                         $options);
 261                     if (@PEAR::isError($r)) {
 262                         return false;
 263                     }
 264                     break;
 265             }
 266         }
 267         return true;
 268     }
 269
 270     function storeAssociation($server_url, $association)
 271     {
 272         $fields = array(
 273             "server_url" => array(
 274                 "value" => $server_url,
 275                 "key" => true
 276             ),
 277             "handle" => array(
 278                 "value" => $association->handle,
 279                 "key" => true
 280             ),
 281             "secret" => array(
 282                 "value" => $association->secret,
 283                 "type" => "blob"
 284             ),
 285             "issued" => array(
 286                 "value" => $association->issued
 287             ),
 288             "lifetime" => array(
 289                 "value" => $association->lifetime
 290             ),
 291             "assoc_type" => array(
 292                 "value" => $association->assoc_type
 293             )
 294         );
 295
 296         return !@PEAR::isError($this->connection->replace(
 297                                   $this->associations_table_name,
 298                                   $fields));
 299     }
 300
 301     function cleanupNonces()
 302     {
 303         global $Auth_OpenID_SKEW;
 304         $v = time() - $Auth_OpenID_SKEW;
 305
 306         return $this->connection->exec(
 307             sprintf("DELETE FROM %s WHERE timestamp < %d",
 308                     $this->nonces_table_name, $v));
 309     }
 310
 311     function cleanupAssociations()
 312     {
 313         return $this->connection->exec(
 314             sprintf("DELETE FROM %s WHERE issued + lifetime < %d",
 315                     $this->associations_table_name, time()));
 316     }
 317
 318     function getAssociation($server_url, $handle = null)
 319     {
 320         $sql = "";
 321         $params = null;
 322         $types = array(
 323                        "text",
 324                        "blob",
 325                        "integer",
 326                        "integer",
 327                        "text"
 328                        );
 329         if ($handle !== null) {
 330             $sql = sprintf("SELECT handle, secret, issued, lifetime, assoc_type " .
 331                            "FROM %s WHERE server_url = ? AND handle = ?",
 332                            $this->associations_table_name);
 333             $params = array($server_url, $handle);
 334         } else {
 335             $sql = sprintf("SELECT handle, secret, issued, lifetime, assoc_type " .
 336                            "FROM %s WHERE server_url = ? ORDER BY issued DESC",
 337                            $this->associations_table_name);
 338             $params = array($server_url);
 339         }
 340
 341         $assoc = $this->connection->getRow($sql, $types, $params);
 342
 343         if (!$assoc || @PEAR::isError($assoc)) {
 344             return null;
 345         } else {
 346             $association = new Auth_OpenID_Association($assoc['handle'],
 347                                                        stream_get_contents(
 348                                                            $assoc['secret']),
 349                                                        $assoc['issued'],
 350                                                        $assoc['lifetime'],
 351                                                        $assoc['assoc_type']);
 352             fclose($assoc['secret']);
 353             return $association;
 354         }
 355     }
 356
 357     function removeAssociation($server_url, $handle)
 358     {
 359         $r = $this->connection->execParam(
 360             sprintf("DELETE FROM %s WHERE server_url = ? AND handle = ?",
 361                     $this->associations_table_name),
 362             array($server_url, $handle));
 363
 364         if (@PEAR::isError($r) || $r == 0) {
 365             return false;
 366         }
 367         return true;
 368     }
 369
 370     function useNonce($server_url, $timestamp, $salt)
 371     {
 372         global $Auth_OpenID_SKEW;
 373
 374         if (abs($timestamp - time()) > $Auth_OpenID_SKEW ) {
 375             return false;
 376         }
 377
 378         $fields = array(
 379                         "timestamp" => $timestamp,
 380                         "salt" => $salt
 381                         );
 382
 383         if (!empty($server_url)) {
 384             $fields["server_url"] = $server_url;
 385         }
 386
 387         $r = $this->connection->autoExecute(
 388             $this->nonces_table_name,
 389             $fields,
 390             MDB2_AUTOQUERY_INSERT);
 391
 392         if (@PEAR::isError($r)) {
 393             return false;
 394         }
 395         return true;
 396     }
 397
 398     /**
 399      * Resets the store by removing all records from the store's
 400      * tables.
 401      */
 402     function reset()
 403     {
 404         $this->connection->query(sprintf("DELETE FROM %s",
 405                                          $this->associations_table_name));
 406
 407         $this->connection->query(sprintf("DELETE FROM %s",
 408                                          $this->nonces_table_name));
 409     }
 410
 411 }
 412
 413 ?>