aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Weiske <cweiske@cweiske.de>2011-05-09 07:52:44 +0200
committerChristian Weiske <cweiske@cweiske.de>2011-05-09 07:52:44 +0200
commit6447ca718686ea240532c2c56c4a23091c25a006 (patch)
tree6b7727a44a976e2d62df70f35268d3ceca8c89c5
parentc7ec370b4712a3d2782c310d486e0d749eed2e0d (diff)
downloadsemanticscuttle-6447ca718686ea240532c2c56c4a23091c25a006.tar.gz
semanticscuttle-6447ca718686ea240532c2c56c4a23091c25a006.tar.bz2
move ssl client cert handling into separate service class
-rw-r--r--src/SemanticScuttle/Service/User.php136
-rw-r--r--src/SemanticScuttle/Service/User/SslClientCert.php161
2 files changed, 230 insertions, 67 deletions
diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php
index bf7c61d..4af8e14 100644
--- a/src/SemanticScuttle/Service/User.php
+++ b/src/SemanticScuttle/Service/User.php
@@ -167,15 +167,30 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
return $password;
}
- function _updateuser($uId, $fieldname, $value) {
+ /**
+ * Updates a single field in the user's database row
+ *
+ * @param integer $uId ID of the user
+ * @param string $fieldname Name of table column to change
+ * @param string $value New value
+ *
+ * @return boolean True if all was well, false if not
+ */
+ public function _updateuser($uId, $fieldname, $value)
+ {
$updates = array ($fieldname => $value);
- $sql = 'UPDATE '. $this->getTableName() .' SET '. $this->db->sql_build_array('UPDATE', $updates) .' WHERE '. $this->getFieldName('primary') .'='. intval($uId);
+ $sql = 'UPDATE '. $this->getTableName()
+ . ' SET '. $this->db->sql_build_array('UPDATE', $updates)
+ . ' WHERE '. $this->getFieldName('primary') . '=' . intval($uId);
// Execute the statement.
$this->db->sql_transaction('begin');
- if (!($dbresult = & $this->db->sql_query($sql))) {
+ if (!($dbresult = $this->db->sql_query($sql))) {
$this->db->sql_transaction('rollback');
- message_die(GENERAL_ERROR, 'Could not update user', '', __LINE__, __FILE__, $sql, $this->db);
+ message_die(
+ GENERAL_ERROR, 'Could not update user', '',
+ __LINE__, __FILE__, $sql, $this->db
+ );
return false;
}
$this->db->sql_transaction('commit');
@@ -390,10 +405,11 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
$this->db->sql_freeresult($dbresult);
return (int)$_SESSION[$this->getSessionKey()];
}
- } else if (isset($_SERVER['SSL_CLIENT_M_SERIAL'])
- && isset($_SERVER['SSL_CLIENT_V_END'])
- ) {
- $id = $this->getUserIdFromSslClientCert();
+ }
+
+ $ssls = SemanticScuttle_Service_Factory::get('User_SslClientCert');
+ if ($ssls->hasValidCert()) {
+ $id = $ssls->getUserIdFromCert();
if ($id !== false) {
$this->setCurrentUserId($id);
return (int)$_SESSION[$this->getSessionKey()];
@@ -429,56 +445,6 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
/**
- * Tries to detect the user ID from the SSL client certificate passed
- * to the web server.
- *
- * @return mixed Integer user ID if the certificate is valid and
- * assigned to a user, boolean false otherwise
- */
- protected function getUserIdFromSslClientCert()
- {
- if (!isset($_SERVER['SSL_CLIENT_M_SERIAL'])
- || !isset($_SERVER['SSL_CLIENT_V_END'])
- || !isset($_SERVER['SSL_CLIENT_VERIFY'])
- || $_SERVER['SSL_CLIENT_VERIFY'] !== 'SUCCESS'
- || !isset($_SERVER['SSL_CLIENT_I_DN'])
- ) {
- return false;
- }
-
- if ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) {
- return false;
- }
-
- $serial = $_SERVER['SSL_CLIENT_M_SERIAL'];
- $clientIssuerDn = $_SERVER['SSL_CLIENT_I_DN'];
-
- $query = 'SELECT uId'
- . ' FROM ' . $this->getTableName() . '_sslclientcerts'
- . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\''
- . ' AND sslClientIssuerDn = \''
- . $this->db->sql_escape($clientIssuerDn)
- . '\'';
- if (!($dbresult = $this->db->sql_query($query))) {
- message_die(
- GENERAL_ERROR, 'Could not load user for client certificate',
- '', __LINE__, __FILE__, $query, $this->db
- );
- return false;
- }
-
- $row = $this->db->sql_fetchrow($dbresult);
- $this->db->sql_freeresult($dbresult);
-
- if (!$row) {
- return false;
- }
- return (int)$row['uId'];
- }
-
-
-
- /**
* Try to authenticate and login a user with
* username and password.
*
@@ -670,23 +636,57 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
return $uId;
}
- function updateUser($uId, $password, $name, $email, $homepage, $uContent) {
- if (!is_numeric($uId))
- return false;
+ /**
+ * Updates the given user
+ *
+ * @param integer $uId ID of user to change
+ * @param string $password Password to use
+ * @param string $name Realname to use
+ * @param string $email Email to use
+ * @param string $homepage User's homepage
+ * @param string $uContent User note
+ *
+ * @return boolean True when all is well, false if not
+ */
+ public function updateUser(
+ $uId, $password, $name, $email, $homepage, $uContent
+ ) {
+ if (!is_numeric($uId)) {
+ return false;
+ }
// Set up the SQL UPDATE statement.
$moddatetime = gmdate('Y-m-d H:i:s', time());
- if ($password == '')
- $updates = array ('uModified' => $moddatetime, 'name' => $name, 'email' => $email, 'homepage' => $homepage, 'uContent' => $uContent);
- else
- $updates = array ('uModified' => $moddatetime, 'password' => $this->sanitisePassword($password), 'name' => $name, 'email' => $email, 'homepage' => $homepage, 'uContent' => $uContent);
- $sql = 'UPDATE '. $this->getTableName() .' SET '. $this->db->sql_build_array('UPDATE', $updates) .' WHERE '. $this->getFieldName('primary') .'='. intval($uId);
+ if ($password == '') {
+ $updates = array(
+ 'uModified' => $moddatetime,
+ 'name' => $name,
+ 'email' => $email,
+ 'homepage' => $homepage,
+ 'uContent' => $uContent
+ );
+ } else {
+ $updates = array(
+ 'uModified' => $moddatetime,
+ 'password' => $this->sanitisePassword($password),
+ 'name' => $name,
+ 'email' => $email,
+ 'homepage' => $homepage,
+ 'uContent' => $uContent
+ );
+ }
+ $sql = 'UPDATE '. $this->getTableName()
+ . ' SET '. $this->db->sql_build_array('UPDATE', $updates)
+ . ' WHERE '. $this->getFieldName('primary') . '=' . intval($uId);
// Execute the statement.
$this->db->sql_transaction('begin');
if (!($dbresult = & $this->db->sql_query($sql))) {
$this->db->sql_transaction('rollback');
- message_die(GENERAL_ERROR, 'Could not update user', '', __LINE__, __FILE__, $sql, $this->db);
+ message_die(
+ GENERAL_ERROR, 'Could not update user', '',
+ __LINE__, __FILE__, $sql, $this->db
+ );
return false;
}
$this->db->sql_transaction('commit');
@@ -695,6 +695,8 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
return true;
}
+
+
function getAllUsers ( ) {
$query = 'SELECT * FROM '. $this->getTableName();
diff --git a/src/SemanticScuttle/Service/User/SslClientCert.php b/src/SemanticScuttle/Service/User/SslClientCert.php
new file mode 100644
index 0000000..7b0c1eb
--- /dev/null
+++ b/src/SemanticScuttle/Service/User/SslClientCert.php
@@ -0,0 +1,161 @@
+<?php
+/**
+ * SemanticScuttle - your social bookmark manager.
+ *
+ * PHP version 5.
+ *
+ * @category Bookmarking
+ * @package SemanticScuttle
+ * @author Christian Weiske <cweiske@cweiske.de>
+ * @license AGPL http://www.gnu.org/licenses/agpl.html
+ * @link http://sourceforge.net/projects/semanticscuttle
+ */
+
+/**
+ * SemanticScuttle SSL client certificate management service
+ *
+ * @category Bookmarking
+ * @package SemanticScuttle
+ * @author Christian Weiske <cweiske@cweiske.de>
+ * @license AGPL http://www.gnu.org/licenses/agpl.html
+ * @link http://sourceforge.net/projects/semanticscuttle
+ */
+class SemanticScuttle_Service_User_SslClientCert extends SemanticScuttle_DbService
+{
+ /**
+ * Creates a new instance, sets database variable and table name.
+ *
+ * @param sql_db $db Database object
+ */
+ protected function __construct($db)
+ {
+ $this->db = $db;
+ $this->tablename = $GLOBALS['tableprefix'] .'users_sslclientcerts';
+ }
+
+ /**
+ * Returns the single service instance
+ *
+ * @param sql_db $db Database object
+ *
+ * @return SemanticScuttle_Service_User
+ */
+ public static function getInstance($db)
+ {
+ static $instance;
+ if (!isset($instance)) {
+ $instance = new self($db);
+ }
+ return $instance;
+ }
+
+ /**
+ * Determines if the browser provided a valid SSL client certificate
+ *
+ * @return boolean True if the client cert is there and is valid
+ */
+ public function hasValidCert()
+ {
+ if (!isset($_SERVER['SSL_CLIENT_M_SERIAL'])
+ || !isset($_SERVER['SSL_CLIENT_V_END'])
+ || !isset($_SERVER['SSL_CLIENT_VERIFY'])
+ || $_SERVER['SSL_CLIENT_VERIFY'] !== 'SUCCESS'
+ || !isset($_SERVER['SSL_CLIENT_I_DN'])
+ ) {
+ return false;
+ }
+
+ if ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) {
+ return false;
+ }
+
+ return true;
+ }
+
+
+
+ /**
+ * Registers the currently available SSL client certificate
+ * with the given user. As a result, the user will be able to login
+ * using the certifiate
+ *
+ * @param integer $uId User ID to attach the client cert to.
+ *
+ * @return boolean True if registration was well, false if not.
+ */
+ public function registerCurrentCertificate($uId)
+ {
+ //FIXME
+ }
+
+
+ /**
+ * Takes values from the currently available SSL client certificate
+ * and adds the available profile data to the user.
+ *
+ * @param integer $uId User ID to attach the client cert to.
+ *
+ * @return array Array of profile data that were registered.
+ * Database column name as key, new value as value
+ */
+ public function updateProfileFromCurentCert($uId)
+ {
+ $arData = array();
+
+ if (isset($_SERVER['SSL_CLIENT_S_DN_CN'])
+ && trim($_SERVER['SSL_CLIENT_S_DN_CN']) != ''
+ ) {
+ $arData['name'] = trim($_SERVER['SSL_CLIENT_S_DN_CN']);
+ }
+
+ if (count($arData)) {
+ foreach ($arData as $column => $value) {
+ $userservice->_updateuser($uId, $column, $value);
+ }
+ }
+ return $arData;
+ }
+
+
+
+ /**
+ * Tries to detect the user ID from the SSL client certificate passed
+ * to the web server.
+ *
+ * @return mixed Integer user ID if the certificate is valid and
+ * assigned to a user, boolean false otherwise
+ */
+ public function getUserIdFromCert()
+ {
+ if (!$this->hasValidCert()) {
+ return false;
+ }
+
+ $serial = $_SERVER['SSL_CLIENT_M_SERIAL'];
+ $clientIssuerDn = $_SERVER['SSL_CLIENT_I_DN'];
+
+ $query = 'SELECT uId'
+ . ' FROM ' . $this->getTableName()
+ . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\''
+ . ' AND sslClientIssuerDn = \''
+ . $this->db->sql_escape($clientIssuerDn)
+ . '\'';
+ if (!($dbresult = $this->db->sql_query($query))) {
+ message_die(
+ GENERAL_ERROR, 'Could not load user for client certificate',
+ '', __LINE__, __FILE__, $query, $this->db
+ );
+ return false;
+ }
+
+ $row = $this->db->sql_fetchrow($dbresult);
+ $this->db->sql_freeresult($dbresult);
+
+ if (!$row) {
+ return false;
+ }
+ return (int)$row['uId'];
+ }
+
+}
+?> \ No newline at end of file