tweet_live: comparison web/lib/Zend/Auth/Adapter/DbTable.php

equal deleted inserted replaced

-:5b37998e522e
+:162c1de6545a
+<?php
+/**
+* Zend Framework
+*
+* LICENSE
+*
+* This source file is subject to the new BSD license that is bundled
+* with this package in the file LICENSE.txt.
+* It is also available through the world-wide-web at this URL:
+* http://framework.zend.com/license/new-bsd
+* If you did not receive a copy of the license and are unable to
+* obtain it through the world-wide-web, please send an email
+* to license@zend.com so we can send you a copy immediately.
+*
+* @category   Zend
+* @package    Zend_Auth
+* @subpackage Adapter
+* @copyright  Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
+* @license    http://framework.zend.com/license/new-bsd     New BSD License
+* @version    $Id: DbTable.php 22613 2010-07-17 13:43:22Z dragonbe $
+*/
+/**
+* @see Zend_Auth_Adapter_Interface
+*/
+require_once 'Zend/Auth/Adapter/Interface.php';
+/**
+* @see Zend_Db_Adapter_Abstract
+*/
+require_once 'Zend/Db/Adapter/Abstract.php';
+/**
+* @see Zend_Auth_Result
+*/
+require_once 'Zend/Auth/Result.php';
+/**
+* @category   Zend
+* @package    Zend_Auth
+* @subpackage Adapter
+* @copyright  Copyright (c) 2005-2010 Zend Technologies USA Inc. (http://www.zend.com)
+* @license    http://framework.zend.com/license/new-bsd     New BSD License
+*/
+class Zend_Auth_Adapter_DbTable implements Zend_Auth_Adapter_Interface
+{
+/**
+* Database Connection
+*
+* @var Zend_Db_Adapter_Abstract
+*/
+protected $_zendDb = null;
+/**
+* @var Zend_Db_Select
+*/
+protected $_dbSelect = null;
+/**
+* $_tableName - the table name to check
+*
+* @var string
+*/
+protected $_tableName = null;
+/**
+* $_identityColumn - the column to use as the identity
+*
+* @var string
+*/
+protected $_identityColumn = null;
+/**
+* $_credentialColumns - columns to be used as the credentials
+*
+* @var string
+*/
+protected $_credentialColumn = null;
+/**
+* $_identity - Identity value
+*
+* @var string
+*/
+protected $_identity = null;
+/**
+* $_credential - Credential values
+*
+* @var string
+*/
+protected $_credential = null;
+/**
+* $_credentialTreatment - Treatment applied to the credential, such as MD5() or PASSWORD()
+*
+* @var string
+*/
+protected $_credentialTreatment = null;
+/**
+* $_authenticateResultInfo
+*
+* @var array
+*/
+protected $_authenticateResultInfo = null;
+/**
+* $_resultRow - Results of database authentication query
+*
+* @var array
+*/
+protected $_resultRow = null;
+/**
+* $_ambiguityIdentity - Flag to indicate same Identity can be used with
+* different credentials. Default is FALSE and need to be set to true to
+* allow ambiguity usage.
+*
+* @var boolean
+*/
+protected $_ambiguityIdentity = false;
+/**
+* __construct() - Sets configuration options
+*
+* @param  Zend_Db_Adapter_Abstract $zendDb If null, default database adapter assumed
+* @param  string                   $tableName
+* @param  string                   $identityColumn
+* @param  string                   $credentialColumn
+* @param  string                   $credentialTreatment
+* @return void
+*/
+public function __construct(Zend_Db_Adapter_Abstract $zendDb = null, $tableName = null, $identityColumn = null,
+$credentialColumn = null, $credentialTreatment = null)
+{
+$this->_setDbAdapter($zendDb);
+if (null !== $tableName) {
+$this->setTableName($tableName);
+}
+if (null !== $identityColumn) {
+$this->setIdentityColumn($identityColumn);
+}
+if (null !== $credentialColumn) {
+$this->setCredentialColumn($credentialColumn);
+}
+if (null !== $credentialTreatment) {
+$this->setCredentialTreatment($credentialTreatment);
+}
+}
+/**
+* _setDbAdapter() - set the database adapter to be used for quering
+*
+* @param Zend_Db_Adapter_Abstract
+* @throws Zend_Auth_Adapter_Exception
+* @return Zend_Auth_Adapter_DbTable
+*/
+protected function _setDbAdapter(Zend_Db_Adapter_Abstract $zendDb = null)
+{
+$this->_zendDb = $zendDb;
+/**
+* If no adapter is specified, fetch default database adapter.
+*/
+if(null === $this->_zendDb) {
+require_once 'Zend/Db/Table/Abstract.php';
+$this->_zendDb = Zend_Db_Table_Abstract::getDefaultAdapter();
+if (null === $this->_zendDb) {
+require_once 'Zend/Auth/Adapter/Exception.php';
+throw new Zend_Auth_Adapter_Exception('No database adapter present');
+}
+}
+return $this;
+}
+/**
+* setTableName() - set the table name to be used in the select query
+*
+* @param  string $tableName
+* @return Zend_Auth_Adapter_DbTable Provides a fluent interface
+*/
+public function setTableName($tableName)
+{
+$this->_tableName = $tableName;
+return $this;
+}
+/**
+* setIdentityColumn() - set the column name to be used as the identity column
+*
+* @param  string $identityColumn
+* @return Zend_Auth_Adapter_DbTable Provides a fluent interface
+*/
+public function setIdentityColumn($identityColumn)
+{
+$this->_identityColumn = $identityColumn;
+return $this;
+}
+/**
+* setCredentialColumn() - set the column name to be used as the credential column
+*
+* @param  string $credentialColumn
+* @return Zend_Auth_Adapter_DbTable Provides a fluent interface
+*/
+public function setCredentialColumn($credentialColumn)
+{
+$this->_credentialColumn = $credentialColumn;
+return $this;
+}
+/**
+* setCredentialTreatment() - allows the developer to pass a parameterized string that is
+* used to transform or treat the input credential data.
+*
+* In many cases, passwords and other sensitive data are encrypted, hashed, encoded,
+* obscured, or otherwise treated through some function or algorithm. By specifying a
+* parameterized treatment string with this method, a developer may apply arbitrary SQL
+* upon input credential data.
+*
+* Examples:
+*
+*  'PASSWORD(?)'
+*  'MD5(?)'
+*
+* @param  string $treatment
+* @return Zend_Auth_Adapter_DbTable Provides a fluent interface
+*/
+public function setCredentialTreatment($treatment)
+{
+$this->_credentialTreatment = $treatment;
+return $this;
+}
+/**
+* setIdentity() - set the value to be used as the identity
+*
+* @param  string $value
+* @return Zend_Auth_Adapter_DbTable Provides a fluent interface
+*/
+public function setIdentity($value)
+{
+$this->_identity = $value;
+return $this;
+}
+/**
+* setCredential() - set the credential value to be used, optionally can specify a treatment
+* to be used, should be supplied in parameterized form, such as 'MD5(?)' or 'PASSWORD(?)'
+*
+* @param  string $credential
+* @return Zend_Auth_Adapter_DbTable Provides a fluent interface
+*/
+public function setCredential($credential)
+{
+$this->_credential = $credential;
+return $this;
+}
+/**
+* setAmbiguityIdentity() - sets a flag for usage of identical identities
+* with unique credentials. It accepts integers (0, 1) or boolean (true,
+* false) parameters. Default is false.
+*
+* @param  int|bool $flag
+* @return Zend_Auth_Adapter_DbTable
+*/
+public function setAmbiguityIdentity($flag)
+{
+if (is_integer($flag)) {
+$this->_ambiguityIdentity = (1 === $flag ? true : false);
+} elseif (is_bool($flag)) {
+$this->_ambiguityIdentity = $flag;
+}
+return $this;
+}
+/**
+* getAmbiguityIdentity() - returns TRUE for usage of multiple identical
+* identies with different credentials, FALSE if not used.
+*
+* @return bool
+*/
+public function getAmbiguityIdentity()
+{
+return $this->_ambiguityIdentity;
+}
+/**
+* getDbSelect() - Return the preauthentication Db Select object for userland select query modification
+*
+* @return Zend_Db_Select
+*/
+public function getDbSelect()
+{
+if ($this->_dbSelect == null) {
+$this->_dbSelect = $this->_zendDb->select();
+}
+return $this->_dbSelect;
+}
+/**
+* getResultRowObject() - Returns the result row as a stdClass object
+*
+* @param  string|array $returnColumns
+* @param  string|array $omitColumns
+* @return stdClass|boolean
+*/
+public function getResultRowObject($returnColumns = null, $omitColumns = null)
+{
+if (!$this->_resultRow) {
+return false;
+}
+$returnObject = new stdClass();
+if (null !== $returnColumns) {
+$availableColumns = array_keys($this->_resultRow);
+foreach ( (array) $returnColumns as $returnColumn) {
+if (in_array($returnColumn, $availableColumns)) {
+$returnObject->{$returnColumn} = $this->_resultRow[$returnColumn];
+}
+}
+return $returnObject;
+} elseif (null !== $omitColumns) {
+$omitColumns = (array) $omitColumns;
+foreach ($this->_resultRow as $resultColumn => $resultValue) {
+if (!in_array($resultColumn, $omitColumns)) {
+$returnObject->{$resultColumn} = $resultValue;
+}
+}
+return $returnObject;
+} else {
+foreach ($this->_resultRow as $resultColumn => $resultValue) {
+$returnObject->{$resultColumn} = $resultValue;
+}
+return $returnObject;
+}
+}
+/**
+* authenticate() - defined by Zend_Auth_Adapter_Interface.  This method is called to
+* attempt an authentication.  Previous to this call, this adapter would have already
+* been configured with all necessary information to successfully connect to a database
+* table and attempt to find a record matching the provided identity.
+*
+* @throws Zend_Auth_Adapter_Exception if answering the authentication query is impossible
+* @return Zend_Auth_Result
+*/
+public function authenticate()
+{
+$this->_authenticateSetup();
+$dbSelect = $this->_authenticateCreateSelect();
+$resultIdentities = $this->_authenticateQuerySelect($dbSelect);
+if ( ($authResult = $this->_authenticateValidateResultSet($resultIdentities)) instanceof Zend_Auth_Result) {
+return $authResult;
+}
+if (true === $this->getAmbiguityIdentity()) {
+$validIdentities = array ();
+$zendAuthCredentialMatchColumn = $this->_zendDb->foldCase('zend_auth_credential_match');
+foreach ($resultIdentities as $identity) {
+if (1 === (int) $identity[$zendAuthCredentialMatchColumn]) {
+$validIdentities[] = $identity;
+}
+}
+$resultIdentities = $validIdentities;
+}
+$authResult = $this->_authenticateValidateResult(array_shift($resultIdentities));
+return $authResult;
+}
+/**
+* _authenticateSetup() - This method abstracts the steps involved with
+* making sure that this adapter was indeed setup properly with all
+* required pieces of information.
+*
+* @throws Zend_Auth_Adapter_Exception - in the event that setup was not done properly
+* @return true
+*/
+protected function _authenticateSetup()
+{
+$exception = null;
+if ($this->_tableName == '') {
+$exception = 'A table must be supplied for the Zend_Auth_Adapter_DbTable authentication adapter.';
+} elseif ($this->_identityColumn == '') {
+$exception = 'An identity column must be supplied for the Zend_Auth_Adapter_DbTable authentication adapter.';
+} elseif ($this->_credentialColumn == '') {
+$exception = 'A credential column must be supplied for the Zend_Auth_Adapter_DbTable authentication adapter.';
+} elseif ($this->_identity == '') {
+$exception = 'A value for the identity was not provided prior to authentication with Zend_Auth_Adapter_DbTable.';
+} elseif ($this->_credential === null) {
+$exception = 'A credential value was not provided prior to authentication with Zend_Auth_Adapter_DbTable.';
+}
+if (null !== $exception) {
+/**
+* @see Zend_Auth_Adapter_Exception
+*/
+require_once 'Zend/Auth/Adapter/Exception.php';
+throw new Zend_Auth_Adapter_Exception($exception);
+}
+$this->_authenticateResultInfo = array(
+'code'     => Zend_Auth_Result::FAILURE,
+'identity' => $this->_identity,
+'messages' => array()
+);
+return true;
+}
+/**
+* _authenticateCreateSelect() - This method creates a Zend_Db_Select object that
+* is completely configured to be queried against the database.
+*
+* @return Zend_Db_Select
+*/
+protected function _authenticateCreateSelect()
+{
+// build credential expression
+if (empty($this->_credentialTreatment) || (strpos($this->_credentialTreatment, '?') === false)) {
+$this->_credentialTreatment = '?';
+}
+$credentialExpression = new Zend_Db_Expr(
+'(CASE WHEN ' .
+$this->_zendDb->quoteInto(
+$this->_zendDb->quoteIdentifier($this->_credentialColumn, true)
+. ' = ' . $this->_credentialTreatment, $this->_credential
+)
+. ' THEN 1 ELSE 0 END) AS '
+. $this->_zendDb->quoteIdentifier(
+$this->_zendDb->foldCase('zend_auth_credential_match')
+)
+);
+// get select
+$dbSelect = clone $this->getDbSelect();
+$dbSelect->from($this->_tableName, array('*', $credentialExpression))
+->where($this->_zendDb->quoteIdentifier($this->_identityColumn, true) . ' = ?', $this->_identity);
+return $dbSelect;
+}
+/**
+* _authenticateQuerySelect() - This method accepts a Zend_Db_Select object and
+* performs a query against the database with that object.
+*
+* @param Zend_Db_Select $dbSelect
+* @throws Zend_Auth_Adapter_Exception - when an invalid select
+*                                       object is encountered
+* @return array
+*/
+protected function _authenticateQuerySelect(Zend_Db_Select $dbSelect)
+{
+try {
+if ($this->_zendDb->getFetchMode() != Zend_DB::FETCH_ASSOC) {
+$origDbFetchMode = $this->_zendDb->getFetchMode();
+$this->_zendDb->setFetchMode(Zend_DB::FETCH_ASSOC);
+}
+$resultIdentities = $this->_zendDb->fetchAll($dbSelect->__toString());
+if (isset($origDbFetchMode)) {
+$this->_zendDb->setFetchMode($origDbFetchMode);
+unset($origDbFetchMode);
+}
+} catch (Exception $e) {
+/**
+* @see Zend_Auth_Adapter_Exception
+*/
+require_once 'Zend/Auth/Adapter/Exception.php';
+throw new Zend_Auth_Adapter_Exception('The supplied parameters to Zend_Auth_Adapter_DbTable failed to '
+. 'produce a valid sql statement, please check table and column names '
+. 'for validity.', 0, $e);
+}
+return $resultIdentities;
+}
+/**
+* _authenticateValidateResultSet() - This method attempts to make
+* certain that only one record was returned in the resultset
+*
+* @param array $resultIdentities
+* @return true|Zend_Auth_Result
+*/
+protected function _authenticateValidateResultSet(array $resultIdentities)
+{
+if (count($resultIdentities) < 1) {
+$this->_authenticateResultInfo['code'] = Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND;
+$this->_authenticateResultInfo['messages'][] = 'A record with the supplied identity could not be found.';
+return $this->_authenticateCreateAuthResult();
+} elseif (count($resultIdentities) > 1 && false === $this->getAmbiguityIdentity()) {
+$this->_authenticateResultInfo['code'] = Zend_Auth_Result::FAILURE_IDENTITY_AMBIGUOUS;
+$this->_authenticateResultInfo['messages'][] = 'More than one record matches the supplied identity.';
+return $this->_authenticateCreateAuthResult();
+}
+return true;
+}
+/**
+* _authenticateValidateResult() - This method attempts to validate that
+* the record in the resultset is indeed a record that matched the
+* identity provided to this adapter.
+*
+* @param array $resultIdentity
+* @return Zend_Auth_Result
+*/
+protected function _authenticateValidateResult($resultIdentity)
+{
+$zendAuthCredentialMatchColumn = $this->_zendDb->foldCase('zend_auth_credential_match');
+if ($resultIdentity[$zendAuthCredentialMatchColumn] != '1') {
+$this->_authenticateResultInfo['code'] = Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID;
+$this->_authenticateResultInfo['messages'][] = 'Supplied credential is invalid.';
+return $this->_authenticateCreateAuthResult();
+}
+unset($resultIdentity[$zendAuthCredentialMatchColumn]);
+$this->_resultRow = $resultIdentity;
+$this->_authenticateResultInfo['code'] = Zend_Auth_Result::SUCCESS;
+$this->_authenticateResultInfo['messages'][] = 'Authentication successful.';
+return $this->_authenticateCreateAuthResult();
+}
+/**
+* _authenticateCreateAuthResult() - Creates a Zend_Auth_Result object from
+* the information that has been collected during the authenticate() attempt.
+*
+* @return Zend_Auth_Result
+*/
+protected function _authenticateCreateAuthResult()
+{
+return new Zend_Auth_Result(
+$this->_authenticateResultInfo['code'],
+$this->_authenticateResultInfo['identity'],
+$this->_authenticateResultInfo['messages']
+);
+}
+}

changeset 64	162c1de6545a
parent 19	1c2f13fd785c
child 68	ecaf28ffe26e