[Sommaire] [Imprimer]

   1  <?php
   2  # Mantis - a php based bugtracking system
   3  
   4  # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
   5  # Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
   6  
   7  # Mantis is free software: you can redistribute it and/or modify
   8  # it under the terms of the GNU General Public License as published by
   9  # the Free Software Foundation, either version 2 of the License, or
  10  # (at your option) any later version.
  11  #
  12  # Mantis is distributed in the hope that it will be useful,
  13  # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  # GNU General Public License for more details.
  16  #
  17  # You should have received a copy of the GNU General Public License
  18  # along with Mantis.  If not, see <http://www.gnu.org/licenses/>.
  19  
  20      # --------------------------------------------------------
  21      # $Id: tokens_api.php,v 1.8.2.2 2007-10-20 05:38:02 vboctor Exp $
  22      # --------------------------------------------------------
  23  
  24      # This implements temporary storage of strings.
  25      # DB schema: id, type, owner, timestamp, value
  26  
  27      /**
  28       * Check if a token exists.
  29       * @param integer Token ID
  30       * @return boolean True if token exists
  31       */
  32  	function token_exists( $p_token_id ) {
  33          $c_token_id       = db_prepare_int( $p_token_id );
  34          $t_tokens_table    = config_get( 'mantis_tokens_table' );
  35  
  36          $query     = "SELECT id
  37                        FROM $t_tokens_table
  38                        WHERE id='$c_token_id'";
  39          $result    = db_query( $query, 1 );
  40  
  41          return( 1 == db_num_rows( $result ) );
  42      }
  43  
  44      /**
  45       * Make sure a token exists.
  46       * @param integer Token ID
  47       * @return boolean True if token exists
  48       */
  49  	function token_ensure_exists( $p_token_id ) {
  50          if ( !token_exists( $p_token_id ) ) {
  51              trigger_error( ERROR_TOKEN_NOT_FOUND, ERROR );
  52          }
  53  
  54          return true;
  55      }
  56  
  57      # High-level CRUD Usage
  58  
  59      /**
  60       * Get a token's information
  61       * @param integer Token type
  62       * @param integer User ID
  63       * @return array Token row
  64       */
  65  	function token_get( $p_type, $p_user_id = null ) {
  66          token_purge_expired_once();
  67  
  68          $c_type = db_prepare_int( $p_type );
  69          $c_user_id = db_prepare_int( $p_user_id == null ? auth_get_current_user_id() : $p_user_id );
  70  
  71          $t_tokens_table = config_get( 'mantis_tokens_table' );
  72  
  73          $query = "SELECT * FROM $t_tokens_table 
  74                      WHERE type='$c_type' AND owner='$c_user_id'";
  75          $result = db_query( $query );
  76  
  77          if ( db_num_rows( $result ) > 0 ) {
  78              return db_fetch_array( $result );
  79          } else {
  80              return null;
  81          }
  82      }
  83  
  84      /**
  85       * Get a token's value or null if not found
  86       * @param integer Token type
  87       * @param integer User ID (null for current user)
  88       * @return array Token row
  89       */
  90  	function token_get_value( $p_type, $p_user_id = null ) {
  91          $t_token = token_get( $p_type, $p_user_id );
  92  
  93          if ( null != $t_token ) {
  94              return $t_token['value'];
  95          }
  96  
  97          return null;
  98      }
  99  
 100      /**
 101       * Create or update a token's value and expiration
 102       * @param integer Token type
 103       * @param string Token value
 104       * @param integer Token expiration in seconds
 105       * @param integer User ID
 106       * @return integer Token ID
 107       */
 108  	function token_set( $p_type, $p_value, $p_expiry = TOKEN_EXPIRY, $p_user_id = null ) {
 109          $t_token = token_get( $p_type, $p_user_id );
 110          if ( $t_token == null ) {
 111              return token_create( $p_type, $p_value, $p_expiry, $p_user_id );
 112          }
 113   
 114          token_update( $t_token['id'], $p_value, $p_expiry );
 115          return $t_token['id'];
 116      }
 117  
 118      /**
 119       * Touch a token to update its expiration time.
 120       * @param integer Token ID
 121       * @param integer Token expiration in seconds
 122       */
 123  	function token_touch( $p_token_id, $p_expiry = TOKEN_EXPIRY ) {
 124          token_ensure_exists( $p_token_id );
 125  
 126          $c_token_id = db_prepare_int( $p_token_id );
 127          $c_token_expiry = db_timestamp( db_date( time() + $p_expiry ) );
 128          $t_tokens_table = config_get( 'mantis_tokens_table' );
 129  
 130          $query = "UPDATE $t_tokens_table
 131                      SET expiry=$c_token_expiry
 132                      WHERE id='$c_token_id'";
 133          db_query( $query );
 134  
 135          return true;
 136      }
 137  
 138      /**
 139       * Delete a token.
 140       * @param integer Token type
 141       * @param integer User ID
 142       */
 143  	function token_delete( $p_type, $p_user_id = null ) {
 144          $c_type = db_prepare_int( $p_type );
 145          $c_user_id = db_prepare_int( $p_user_id == null ? auth_get_current_user_id() : $p_user_id );
 146  
 147          $t_tokens_table = config_get( 'mantis_tokens_table' );
 148  
 149          $query = "DELETE FROM $t_tokens_table 
 150                      WHERE type='$c_type' AND owner='$c_user_id'";
 151          db_query( $query );
 152  
 153          return true;
 154      }
 155  
 156      /**
 157       * Delete all tokens owned by a specified user.
 158       * @param integer User ID
 159       */
 160  	function token_delete_by_owner( $p_user_id = null ) {
 161          if( $p_user_id == null ) {
 162              $c_user_id = auth_get_current_user_id();
 163          } else {
 164              $c_user_id = db_prepare_int( $p_user_id );
 165          }
 166  
 167          $t_tokens_table    = config_get( 'mantis_tokens_table' );
 168  
 169          # Remove
 170          $query = "DELETE FROM $t_tokens_table
 171                        WHERE owner='$c_user_id'";
 172          db_query( $query );
 173  
 174          return true;
 175      }
 176  
 177      # Low-level CRUD, not for general use
 178  
 179      /**
 180       * Create a token.
 181       * @param integer Token type
 182       * @param string Token value
 183       * @param integer Token expiration in seconds
 184       * @param integer User ID
 185       * @return integer Token ID
 186       */
 187  	function token_create( $p_type, $p_value, $p_expiry = TOKEN_EXPIRY, $p_user_id = null ) {
 188          $c_type = db_prepare_int( $p_type );
 189          $c_value = db_prepare_string( $p_value );
 190          $c_timestamp = db_now();
 191          $c_expiry = db_timestamp( db_date(time() + $p_expiry) );
 192          $c_user_id = db_prepare_int( $p_user_id == null ? auth_get_current_user_id() : $p_user_id );
 193  
 194          $t_tokens_table = config_get( 'mantis_tokens_table' );
 195  
 196          $query = "INSERT INTO $t_tokens_table
 197                      ( type, value, timestamp, expiry, owner )
 198                      VALUES ( '$c_type', '$c_value', $c_timestamp, $c_expiry, '$c_user_id' )";
 199          db_query( $query );
 200          return db_insert_id( $t_tokens_table );
 201      }
 202  
 203      /**
 204       * Update a token
 205       * @param integer Token ID
 206       * @param string Token value
 207       * @param integer Token expiration in seconds
 208       */
 209  	function token_update( $p_token_id, $p_value, $p_expiry = TOKEN_EXPIRY ) {
 210          token_ensure_exists( $p_token_id );
 211          $c_token_id = db_prepare_int( $p_token_id );
 212          $c_value = db_prepare_string( $p_value );
 213          $c_expiry = db_timestamp( db_date(time() + $p_expiry) );
 214  
 215          $t_tokens_table = config_get( 'mantis_tokens_table' );
 216  
 217          $query = "UPDATE $t_tokens_table 
 218                      SET value='$c_value', expiry=$c_expiry
 219                      WHERE id=$c_token_id";
 220          db_query( $query );
 221  
 222          return true;
 223      }
 224  
 225      /**
 226       * Delete all tokens of a specified type.
 227       * @param integer Token Type
 228       */
 229  	function token_delete_by_type( $p_token_type ) {
 230          $c_token_type = db_prepare_int( $p_token_type );
 231  
 232          $t_tokens_table    = config_get( 'mantis_tokens_table' );
 233  
 234          # Remove
 235          $query = "DELETE FROM $t_tokens_table
 236                        WHERE type='$c_token_type'";
 237          db_query( $query );
 238  
 239          return true;
 240      }
 241  
 242      /**
 243       * Purge all expired tokens.
 244       * @param integer Token type
 245       */
 246  	function token_purge_expired( $p_token_type = null ) {
 247          global $g_tokens_purged;
 248  
 249          $t_tokens_table    = config_get( 'mantis_tokens_table' );
 250  
 251          $query = "DELETE FROM $t_tokens_table WHERE ";
 252          if ( !is_null( $p_token_type ) ) {
 253              $c_token_type = db_prepare_int( $p_token_type );
 254              $query .= " type='$c_token_type' AND ";
 255          }
 256  
 257          $query .= db_now() . ' > expiry';
 258          db_query( $query );
 259  
 260          $g_tokens_purged = true;
 261  
 262          return true;
 263      }
 264  
 265      /**
 266       * Purge all expired tokens only once per session.
 267       * @param integer Token type
 268       */
 269  	function token_purge_expired_once( $p_token_type = null ) {
 270          global $g_tokens_purged;
 271          if ( !$g_tokens_purged ) {
 272              token_purge_expired();
 273          }
 274      }
 275  
 276      # Set up global for token_purge_expired_once()
 277      $g_tokens_purged = false;