Mirrors
/
nextcloud-server
mirror of https://github.com/nextcloud/server
3
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5717 Commits
773 Branches
1186 Tags
4.1 GiB
Tree: da07245f59
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'da07245f59'
${ noResults }
nextcloud-server/lib/user/database.php

179 lines
4.7 KiB
Raw Normal View History

Support for mod_auth added
16 years ago
First version of the new user management
15 years ago
update copyright
14 years ago
First version of the new user management
15 years ago
Support for mod_auth added
16 years ago
improved password hashing based one phpass old passwords are automatically upgraded on login
14 years ago
Support for mod_auth added
16 years ago
Created class `OC_USER_BACKEND` for general user managment It's possible to use `OC_USER` as normal but the real stuff is done by the `OC_USER::$_backend` class, setted using `OC_USER::setBackend()` (this is done in inc/lib_user.php)
16 years ago
Support for mod_auth added
16 years ago
Renaming classes :-)
15 years ago
improved password hashing based one phpass old passwords are automatically upgraded on login
14 years ago
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry.
15 years ago
improved password hashing based one phpass old passwords are automatically upgraded on login
14 years ago
Support for mod_auth added
16 years ago
Better documentation for OC_USER
15 years ago
Added tons of Hooks to OC_USER and OC_GROUP
15 years ago
Better documentation for OC_USER
15 years ago
Cleaned up and added some documentation
16 years ago
Renaming classes :-)
15 years ago
Added tons of Hooks to OC_USER and OC_GROUP
15 years ago
Cleaned up and added some documentation
16 years ago
Multiply changes to user system keeping tracked of the logged in user is no longer done by the active backend but by oc_user directly instead multiply backends can be active at the same time, allowing alternative authentication procedures like openid or tokens to be used next to the regular user system
15 years ago
Support for mod_auth added
16 years ago
improved password hashing based one phpass old passwords are automatically upgraded on login
14 years ago
generate a random salt during installation and store it in the config.php. use it to salt the password hashing.
14 years ago
First version of the new user management
15 years ago
improved password hashing based one phpass old passwords are automatically upgraded on login
14 years ago
First version of the new user management
15 years ago
Cleaned up and added some documentation
16 years ago
Fixed a cache-check in `OC_USER_Database::getGroupName()` and minor style changes * Added spaces here and there * Using camelCase for same variable
16 years ago
Created class `OC_USER_BACKEND` for general user managment It's possible to use `OC_USER` as normal but the real stuff is done by the `OC_USER::$_backend` class, setted using `OC_USER::setBackend()` (this is done in inc/lib_user.php)
16 years ago
Cleaned up and added some documentation
16 years ago
Some work on the fancy user management
15 years ago
Better documentation for OC_USER
15 years ago
Some work on the fancy user management
15 years ago
Better documentation for OC_USER
15 years ago
Some work on the fancy user management
15 years ago
Multiply changes to user system keeping tracked of the logged in user is no longer done by the active backend but by oc_user directly instead multiply backends can be active at the same time, allowing alternative authentication procedures like openid or tokens to be used next to the regular user system
15 years ago
Better documentation for OC_USER
15 years ago
Hotfix: deleting users is working again
15 years ago
remove unused variables
14 years ago
Some work on the fancy user management
15 years ago
Support for mod_auth added
16 years ago
Better documentation for OC_USER
15 years ago
Cleaned up and added some documentation
16 years ago
Better documentation for OC_USER
15 years ago
Cleaned up and added some documentation
16 years ago
Multiply changes to user system keeping tracked of the logged in user is no longer done by the active backend but by oc_user directly instead multiply backends can be active at the same time, allowing alternative authentication procedures like openid or tokens to be used next to the regular user system
15 years ago
improved password hashing based one phpass old passwords are automatically upgraded on login
14 years ago
generate a random salt during installation and store it in the config.php. use it to salt the password hashing.
14 years ago
Better documentation for OC_USER
15 years ago
remove unused variables
14 years ago
Better documentation for OC_USER
15 years ago
remove unused variables
14 years ago
Made the "change password" thingie in settings working
15 years ago
Support for mod_auth added
16 years ago
Reverted to self::$classType syntax and fixed the use of self in non-object
16 years ago
Support for mod_auth added
16 years ago
Better documentation for OC_USER
15 years ago
update documentation of oc_user::checkpassword
14 years ago
Cleaned up and added some documentation
16 years ago
Better documentation for OC_USER
15 years ago
update documentation of oc_user::checkpassword
14 years ago
Cleaned up and added some documentation
16 years ago
Multiply changes to user system keeping tracked of the logged in user is no longer done by the active backend but by oc_user directly instead multiply backends can be active at the same time, allowing alternative authentication procedures like openid or tokens to be used next to the regular user system
15 years ago
fix bug where users could use wildcards in username to login e.g. user Peter could probably login using username Pet% fixed same problem in the migration script
14 years ago
improved password hashing based one phpass old passwords are automatically upgraded on login
14 years ago
Support for mod_auth added
16 years ago
dont use numRows when it's not needed since it can be expensive
15 years ago
improved password hashing based one phpass old passwords are automatically upgraded on login
14 years ago
Don't use substr to get first char of string
14 years ago
improved password hashing based one phpass old passwords are automatically upgraded on login
14 years ago
generate a random salt during installation and store it in the config.php. use it to salt the password hashing.
14 years ago
improved password hashing based one phpass old passwords are automatically upgraded on login
14 years ago
fix issue with login being case insensitve
15 years ago
Support for mod_auth added
16 years ago
use caching for user-group relations
16 years ago
Better documentation for OC_USER
15 years ago
use caching for user-group relations
16 years ago
Better documentation for OC_USER
15 years ago
use caching for user-group relations
16 years ago
Multiply changes to user system keeping tracked of the logged in user is no longer done by the active backend but by oc_user directly instead multiply backends can be active at the same time, allowing alternative authentication procedures like openid or tokens to be used next to the regular user system
15 years ago
make sql queries work in sqlite
15 years ago
First version of the new user management
15 years ago
Start of the refactoring. Commit is quite big because I forgot to use git right from the beginning. Sorry.
15 years ago
use caching for user-group relations
16 years ago
First version of the new user management
15 years ago
use caching for user-group relations
16 years ago
Multiply changes to user system keeping tracked of the logged in user is no longer done by the active backend but by oc_user directly instead multiply backends can be active at the same time, allowing alternative authentication procedures like openid or tokens to be used next to the regular user system
15 years ago
fix bug where users could use wildcards in username to login e.g. user Peter could probably login using username Pet% fixed same problem in the migration script
14 years ago
Multiply changes to user system keeping tracked of the logged in user is no longer done by the active backend but by oc_user directly instead multiply backends can be active at the same time, allowing alternative authentication procedures like openid or tokens to be used next to the regular user system
15 years ago
Fixed a cache-check in `OC_USER_Database::getGroupName()` and minor style changes * Added spaces here and there * Using camelCase for same variable
16 years ago
  1. <?php
  3. /**
  4. * ownCloud
  5. *
  6. * @author Frank Karlitschek
  7. * @copyright 2012 Frank Karlitschek frank@owncloud.org
  8. *
  9. * This library is free software; you can redistribute it and/or
  10. * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
  11. * License as published by the Free Software Foundation; either
  12. * version 3 of the License, or any later version.
  13. *
  14. * This library is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public
  20. * License along with this library. If not, see <http://www.gnu.org/licenses/>.
  21. *
  22. */
  23. /*
  24. *
  25. * The following SQL statement is just a help for developers and will not be
  26. * executed!
  27. *
  28. * CREATE TABLE `users` (
  29. * `uid` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
  30. * `password` varchar(255) COLLATE utf8_unicode_ci NOT NULL,
  31. * PRIMARY KEY (`uid`)
  32. * ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
  33. *
  34. */
  36. require_once 'phpass/PasswordHash.php';
  38. /**
  39. * Class for user management in a SQL Database (e.g. MySQL, SQLite)
  40. */
  41. class OC_User_Database extends OC_User_Backend {
  42. /**
  43. * @var PasswordHash
  44. */
  45. static private $hasher=null;
  47. private function getHasher(){
  48. if(!self::$hasher){
  49. //we don't want to use DES based crypt(), since it doesn't return a has with a recognisable prefix
  50. $forcePortable=(CRYPT_BLOWFISH!=1);
  51. self::$hasher=new PasswordHash(8,$forcePortable);
  52. }
  53. return self::$hasher;
  55. }
  57. /**
  58. * @brief Create a new user
  59. * @param $uid The username of the user to create
  60. * @param $password The password of the new user
  61. * @returns true/false
  62. *
  63. * Creates a new user. Basic checking of username is done in OC_User
  64. * itself, not in its subclasses.
  65. */
  66. public function createUser( $uid, $password ){
  67. if( $this->userExists($uid) ){
  68. return false;
  69. }else{
  70. $hasher=$this->getHasher();
  71. $hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', ''));
  72. $query = OC_DB::prepare( "INSERT INTO `*PREFIX*users` ( `uid`, `password` ) VALUES( ?, ? )" );
  73. $result = $query->execute( array( $uid, $hash));
  75. return $result ? true : false;
  76. }
  77. }
  79. /**
  80. * @brief delete a user
  81. * @param $uid The username of the user to delete
  82. * @returns true/false
  83. *
  84. * Deletes a user
  85. */
  86. public function deleteUser( $uid ){
  87. // Delete user-group-relation
  88. $query = OC_DB::prepare( "DELETE FROM `*PREFIX*users` WHERE uid = ?" );
  89. $query->execute( array( $uid ));
  90. return true;
  91. }
  93. /**
  94. * @brief Set password
  95. * @param $uid The username
  96. * @param $password The new password
  97. * @returns true/false
  98. *
  99. * Change the password of a user
  100. */
  101. public function setPassword( $uid, $password ){
  102. if( $this->userExists($uid) ){
  103. $hasher=$this->getHasher();
  104. $hash = $hasher->HashPassword($password.OC_Config::getValue('passwordsalt', ''));
  105. $query = OC_DB::prepare( "UPDATE *PREFIX*users SET password = ? WHERE uid = ?" );
  106. $query->execute( array( $hash, $uid ));
  108. return true;
  109. }else{
  110. return false;
  111. }
  112. }
  114. /**
  115. * @brief Check if the password is correct
  116. * @param $uid The username
  117. * @param $password The password
  118. * @returns string
  119. *
  120. * Check if the password is correct without logging in the user
  121. * returns the user id or false
  122. */
  123. public function checkPassword( $uid, $password ){
  124. $query = OC_DB::prepare( "SELECT uid, password FROM *PREFIX*users WHERE uid = ?" );
  125. $result = $query->execute( array( $uid));
  127. $row=$result->fetchRow();
  128. if($row){
  129. $storedHash=$row['password'];
  130. if ($storedHash[0]=='$'){//the new phpass based hashing
  131. $hasher=$this->getHasher();
  132. if($hasher->CheckPassword($password.OC_Config::getValue('passwordsalt', ''), $storedHash)){
  133. return $row['uid'];
  134. }else{
  135. return false;
  136. }
  137. }else{//old sha1 based hashing
  138. if(sha1($password)==$storedHash){
  139. //upgrade to new hashing
  140. $this->setPassword($row['uid'],$password);
  141. return $row['uid'];
  142. }else{
  143. return false;
  144. }
  145. }
  146. }else{
  147. return false;
  148. }
  149. }
  151. /**
  152. * @brief Get a list of all users
  153. * @returns array with all uids
  154. *
  155. * Get a list of all users.
  156. */
  157. public function getUsers(){
  158. $query = OC_DB::prepare( "SELECT uid FROM *PREFIX*users" );
  159. $result = $query->execute();
  161. $users=array();
  162. while( $row = $result->fetchRow()){
  163. $users[] = $row["uid"];
  164. }
  165. return $users;
  166. }
  168. /**
  169. * @brief check if a user exists
  170. * @param string $uid the username
  171. * @return boolean
  172. */
  173. public function userExists($uid){
  174. $query = OC_DB::prepare( "SELECT * FROM `*PREFIX*users` WHERE uid = ?" );
  175. $result = $query->execute( array( $uid ));
  177. return $result->numRows() > 0;
  178. }
  179. }