Total Complexity | 48 |
Total Lines | 239 |
Duplicated Lines | 0 % |
Changes | 0 |
Complex classes like Sql often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use Sql, and based on these observations, apply Extract Interface, too.
1 | <?php |
||
28 | class Sql implements Backend |
||
29 | { |
||
30 | /** |
||
31 | * Reference to the global db object |
||
32 | * |
||
33 | * @var Api\Db |
||
34 | */ |
||
35 | var $db; |
||
36 | var $table = 'egw_accounts'; |
||
37 | var $previous_login = -1; |
||
38 | |||
39 | function __construct() |
||
40 | { |
||
41 | $this->db = $GLOBALS['egw']->db; |
||
42 | |||
43 | $this->type = @$GLOBALS['egw_info']['server']['sql_encryption_type'] ? |
||
|
|||
44 | strtolower($GLOBALS['egw_info']['server']['sql_encryption_type']) : 'md5'; |
||
45 | } |
||
46 | |||
47 | /** |
||
48 | * password authentication against password stored in sql datababse |
||
49 | * |
||
50 | * @param string $username username of account to authenticate |
||
51 | * @param string $passwd corresponding password |
||
52 | * @param string $passwd_type ='text' 'text' for cleartext passwords (default) |
||
53 | * @return boolean true if successful authenticated, false otherwise |
||
54 | */ |
||
55 | function authenticate($username, $passwd, $passwd_type='text') |
||
56 | { |
||
57 | /* normal web form login */ |
||
58 | $where = array( |
||
59 | 'account_lid' => $username, |
||
60 | 'account_type' => 'u', |
||
61 | 'account_status' => 'A' |
||
62 | ); |
||
63 | if (!$GLOBALS['egw_info']['server']['case_sensitive_username']) // = is case sensitiv eg. on postgres, but not on mysql! |
||
64 | { |
||
65 | $where[] = 'account_lid '.$this->db->capabilities[Api\Db::CAPABILITY_CASE_INSENSITIV_LIKE].' '.$this->db->quote($username); |
||
66 | unset($where['account_lid']); |
||
67 | } |
||
68 | if($passwd_type == 'text') |
||
69 | { |
||
70 | if (!($row = $this->db->select($this->table,'account_lid,account_pwd,account_lastlogin,account_id',$where,__LINE__,__FILE__)->fetch()) || |
||
71 | empty($row['account_pwd']) || |
||
72 | $GLOBALS['egw_info']['server']['case_sensitive_username'] && $row['account_lid'] != $username) |
||
73 | { |
||
74 | return false; |
||
75 | } |
||
76 | $type = null; |
||
77 | if(!($match = Api\Auth::compare_password($passwd, $row['account_pwd'], $this->type, strtolower($username), $type)) || |
||
78 | $type != $this->type && in_array($type, explode(',',strtolower($GLOBALS['egw_info']['server']['pwd_migration_types'])))) |
||
79 | { |
||
80 | // do we have to migrate an old password ? |
||
81 | if($GLOBALS['egw_info']['server']['pwd_migration_allowed'] && !empty($GLOBALS['egw_info']['server']['pwd_migration_types'])) |
||
82 | { |
||
83 | if (!$match) |
||
84 | { |
||
85 | foreach(explode(',', $GLOBALS['egw_info']['server']['pwd_migration_types']) as $type) |
||
86 | { |
||
87 | if(($match = Api\Auth::compare_password($passwd,$row['account_pwd'],$type,strtolower($username)))) |
||
88 | { |
||
89 | break; |
||
90 | } |
||
91 | } |
||
92 | } |
||
93 | if ($match && ($encrypted_passwd = Api\Auth::encrypt_sql($passwd))) |
||
94 | { |
||
95 | $this->_update_passwd($encrypted_passwd, $row['account_id'], false, true); |
||
96 | } |
||
97 | } |
||
98 | if (!$match) return false; |
||
99 | } |
||
100 | } |
||
101 | /* Auth via crypted password. NOTE: mail needs cleartext password to authenticate against mailserver! */ |
||
102 | else |
||
103 | { |
||
104 | $where['account_pwd'] = $passwd; |
||
105 | if (!($row = $this->db->select($this->table,'account_lid,account_lastlogin',$where,__LINE__,__FILE__)->fetch()) || |
||
106 | $GLOBALS['egw_info']['server']['case_sensitive_username'] && $row['account_lid'] != $username) |
||
107 | { |
||
108 | return false; |
||
109 | } |
||
110 | } |
||
111 | // if this point is reached, auth was successfull |
||
112 | $this->previous_login = $row['account_lastlogin']; |
||
113 | |||
114 | return true; |
||
115 | } |
||
116 | |||
117 | /** |
||
118 | * fetch the last pwd change for the user |
||
119 | * |
||
120 | * @param string $username username of account to authenticate |
||
121 | * @return mixed false or account_lastpwd_change |
||
122 | */ |
||
123 | function getLastPwdChange($username) |
||
145 | } |
||
146 | |||
147 | /** |
||
148 | * changes account_lastpwd_change in sql datababse |
||
149 | * |
||
150 | * @param int $account_id account id of user whose passwd should be changed |
||
151 | * @param string $passwd must be cleartext, usually not used, but may be used to authenticate as user to do the change -> ldap |
||
152 | * @param int $_lastpwdchange =null must be a unixtimestamp |
||
153 | * @return boolean true if account_lastpwd_change successful changed, false otherwise |
||
154 | */ |
||
155 | function setLastPwdChange($account_id=0, $passwd=NULL, $_lastpwdchange=NULL) |
||
156 | { |
||
157 | $admin = True; |
||
158 | // Don't allow password changes for other accounts when using XML-RPC |
||
159 | if(!$account_id || $GLOBALS['egw_info']['flags']['currentapp'] == 'login') |
||
160 | { |
||
161 | $admin = False; |
||
162 | $account_id = $GLOBALS['egw_info']['user']['account_id']; |
||
163 | $username = $GLOBALS['egw_info']['user']['account_lid']; |
||
164 | } |
||
165 | else |
||
166 | { |
||
167 | $username = $GLOBALS['egw']->accounts->id2name($account_id); |
||
168 | } |
||
169 | |||
170 | if (($pw = $this->db->select($this->table,'account_pwd',array( |
||
171 | 'account_id' => $account_id, |
||
172 | 'account_type' => 'u', |
||
173 | 'account_status' => 'A', |
||
174 | ),__LINE__,__FILE__)->fetchColumn()) === false) |
||
175 | { |
||
176 | return false; // account not found |
||
177 | } |
||
178 | // Check the passwd to make sure this is legal |
||
179 | if(!$admin && !Api\Auth::compare_password($passwd,$pw,$this->type,strtolower($username))) |
||
180 | { |
||
181 | return false; |
||
182 | } |
||
183 | $lastpwdchange = (is_null($_lastpwdchange) || $_lastpwdchange < 0 ? time() : $_lastpwdchange); |
||
184 | $this->db->update($this->table,array( |
||
185 | 'account_lastpwd_change' => $lastpwdchange, |
||
186 | ),array( |
||
187 | 'account_id' => $account_id, |
||
188 | ),__LINE__,__FILE__); |
||
189 | |||
190 | if(!$this->db->affected_rows()) return false; |
||
191 | if (!$admin) Api\Cache::setSession('phpgwapi', 'auth_alpwchange_val', $lastpwdchange); |
||
192 | return true; |
||
193 | } |
||
194 | |||
195 | /** |
||
196 | * changes password in sql datababse |
||
197 | * |
||
198 | * @param string $old_passwd must be cleartext |
||
199 | * @param string $new_passwd must be cleartext |
||
200 | * @param int $account_id account id of user whose passwd should be changed |
||
201 | * @return boolean true if password successful changed, false otherwise |
||
202 | */ |
||
203 | function change_password($old_passwd, $new_passwd, $account_id=0) |
||
238 | } |
||
239 | |||
240 | /** |
||
241 | * changes password in sql datababse |
||
242 | * |
||
243 | * @param string $encrypted_passwd |
||
244 | * @param string $new_passwd cleartext |
||
245 | * @param int $account_id account id of user whose passwd should be changed |
||
246 | * @param boolean $admin =false called by admin, if not update password in the session |
||
247 | * @param boolean $update_lastpw_change =true |
||
248 | * @return boolean true if password successful changed, false otherwise |
||
249 | */ |
||
250 | private function _update_passwd($encrypted_passwd, $account_id, $admin=false, $update_lastpw_change=true) |
||
267 | } |
||
268 | } |
||
269 |