projects / squirrelmail.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
adding database field size checks (#1233721)
[squirrelmail.git] / functions / db_prefs.php
1 <?php
2
3 /**
4 * db_prefs.php
5 *
6 * Copyright (c) 1999-2005 The SquirrelMail Project Team
7 * Licensed under the GNU GPL. For full terms see the file COPYING.
8 *
9 * This contains functions for manipulating user preferences
10 * stored in a database, accessed though the Pear DB layer.
11 *
12 * Database:
13 * ---------
14 *
15 * The preferences table should have three columns:
16 * user char \ primary
17 * prefkey char / key
18 * prefval blob
19 *
20 * CREATE TABLE userprefs (user CHAR(128) NOT NULL DEFAULT '',
21 * prefkey CHAR(64) NOT NULL DEFAULT '',
22 * prefval BLOB NOT NULL DEFAULT '',
23 * primary key (user,prefkey));
24 *
25 * Configuration of databasename, username and password is done
26 * by using conf.pl or the administrator plugin
27 *
28 * @version $Id$
29 * @package squirrelmail
30 * @subpackage prefs
31 * @since 1.1.3
32 */
33
34 /** @ignore */
35 if (!defined('SM_PATH')) define('SM_PATH','../');
36
37 /** Unknown database */
38 define('SMDB_UNKNOWN', 0);
39 /** MySQL */
40 define('SMDB_MYSQL', 1);
41 /** PostgreSQL */
42 define('SMDB_PGSQL', 2);
43
44 require_once(SM_PATH . 'config/config.php');
45 if (!include_once('DB.php')) {
46 // same error also in abook_database.php
47 require_once(SM_PATH . 'functions/display_messages.php');
48 $error = _("Could not include PEAR database functions required for the database backend.") . "<br />\n";
49 $error .= sprintf(_("Is PEAR installed, and is the include path set correctly to find %s?"),
50 '<tt>DB.php</tt>') . "<br />\n";
51 $error .= _("Please contact your system administrator and report this error.");
52 error_box($error, $color);
53 exit;
54 }
55
56 global $prefs_are_cached, $prefs_cache;
57
58 /**
59 * @ignore
60 */
61 function cachePrefValues($username) {
62 global $prefs_are_cached, $prefs_cache;
63
64 sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION );
65 if ($prefs_are_cached) {
66 sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION );
67 return;
68 }
69
70 sqsession_unregister('prefs_cache');
71 sqsession_unregister('prefs_are_cached');
72
73 $db = new dbPrefs;
74 if(isset($db->error)) {
75 printf( _("Preference database error (%s). Exiting abnormally"),
76 $db->error);
77 exit;
78 }
79
80 $db->fillPrefsCache($username);
81 if (isset($db->error)) {
82 printf( _("Preference database error (%s). Exiting abnormally"),
83 $db->error);
84 exit;
85 }
86
87 $prefs_are_cached = true;
88
89 sqsession_register($prefs_cache, 'prefs_cache');
90 sqsession_register($prefs_are_cached, 'prefs_are_cached');
91 }
92
93 /**
94 * Class used to handle connections to prefs database and operations with preferences
95 * @package squirrelmail
96 * @subpackage prefs
97 * @since 1.1.3
98 */
99 class dbPrefs {
100 /**
101 * Table used to store preferences
102 * @var string
103 */
104 var $table = 'userprefs';
105 /**
106 * Field used to store owner of preference
107 * @var string
108 */
109 var $user_field = 'user';
110 /**
111 * Field used to store preference name
112 * @var string
113 */
114 var $key_field = 'prefkey';
115 /**
116 * Field used to store preference value
117 * @var string
118 */
119 var $val_field = 'prefval';
120
121 /**
122 * Database connection object
123 * @var object
124 */
125 var $dbh = NULL;
126 /**
127 * Error messages
128 * @var string
129 */
130 var $error = NULL;
131 /**
132 * Database type (SMDB_* constants)
133 * Is used in setKey().
134 * @var integer
135 */
136 var $db_type = SMDB_UNKNOWN;
137
138 /**
139 * Default preferences
140 * @var array
141 */
142 var $default = Array('theme_default' => 0,
143 'show_html_default' => '0');
144
145 /**
146 * Preference owner field size
147 * @var integer
148 * @since 1.5.1
149 */
150 var $user_size = 128;
151 /**
152 * Preference key field size
153 * @var integer
154 * @since 1.5.1
155 */
156 var $key_size = 64;
157 /**
158 * Preference value field size
159 * @var integer
160 * @since 1.5.1
161 */
162 var $val_size = 65536;
163
164 /**
165 * initialize DB connection object
166 * @return boolean true, if object is initialized
167 */
168 function open() {
169 global $prefs_dsn, $prefs_table;
170 global $prefs_user_field, $prefs_key_field, $prefs_val_field;
171 global $prefs_user_size, $prefs_key_size, $prefs_val_size;
172
173 if(isset($this->dbh)) {
174 return true;
175 }
176
177 if (preg_match('/^mysql/', $prefs_dsn)) {
178 $this->db_type = SMDB_MYSQL;
179 } elseif (preg_match('/^pgsql/', $prefs_dsn)) {
180 $this->db_type = SMDB_PGSQL;
181 }
182
183 if (!empty($prefs_table)) {
184 $this->table = $prefs_table;
185 }
186 if (!empty($prefs_user_field)) {
187 $this->user_field = $prefs_user_field;
188 }
189 if (!empty($prefs_key_field)) {
190 $this->key_field = $prefs_key_field;
191 }
192 if (!empty($prefs_val_field)) {
193 $this->val_field = $prefs_val_field;
194 }
195 if (!empty($prefs_user_size)) {
196 $this->user_size = (int) $prefs_user_size;
197 }
198 if (!empty($prefs_key_size)) {
199 $this->key_size = (int) $prefs_key_size;
200 }
201 if (!empty($prefs_val_size)) {
202 $this->val_size = (int) $prefs_val_size;
203 }
204 $dbh = DB::connect($prefs_dsn, true);
205
206 if(DB::isError($dbh)) {
207 $this->error = DB::errorMessage($dbh);
208 return false;
209 }
210
211 $this->dbh = $dbh;
212 return true;
213 }
214
215 /**
216 * Function used to handle database connection errors
217 * @param object PEAR Error object
218 */
219 function failQuery($res = NULL) {
220 if($res == NULL) {
221 printf(_("Preference database error (%s). Exiting abnormally"),
222 $this->error);
223 } else {
224 printf(_("Preference database error (%s). Exiting abnormally"),
225 DB::errorMessage($res));
226 }
227 exit;
228 }
229
230 /**
231 * Get user's prefs setting
232 * @param string $user user name
233 * @param string $key preference name
234 * @param mixed $default (since 1.2.5) default value
235 * @return mixed preference value
236 */
237 function getKey($user, $key, $default = '') {
238 global $prefs_cache;
239
240 cachePrefValues($user);
241
242 if (isset($prefs_cache[$key])) {
243 return $prefs_cache[$key];
244 } else {
245 if (isset($this->default[$key])) {
246 return $this->default[$key];
247 } else {
248 return $default;
249 }
250 }
251 }
252
253 /**
254 * Delete user's prefs setting
255 * @param string $user user name
256 * @param string $key preference name
257 * @return boolean
258 */
259 function deleteKey($user, $key) {
260 global $prefs_cache;
261
262 if (!$this->open()) {
263 return false;
264 }
265 $query = sprintf("DELETE FROM %s WHERE %s='%s' AND %s='%s'",
266 $this->table,
267 $this->user_field,
268 $this->dbh->quoteString($user),
269 $this->key_field,
270 $this->dbh->quoteString($key));
271
272 $res = $this->dbh->simpleQuery($query);
273 if(DB::isError($res)) {
274 $this->failQuery($res);
275 }
276
277 unset($prefs_cache[$key]);
278
279 return true;
280 }
281
282 /**
283 * Set user's preference
284 * @param string $user user name
285 * @param string $key preference name
286 * @param mixed $value preference value
287 * @return boolean
288 */
289 function setKey($user, $key, $value) {
290 if (!$this->open()) {
291 return false;
292 }
293
294 /**
295 * Check if username fits into db field
296 */
297 if (strlen($user) > $this->user_size) {
298 $this->error = "Oversized username value."
299 ." User's preferences can't be saved. See doc/db-backend.txt troubleshooting documentation.";
300
301 /**
302 * Debugging function. Can be used to log all issues that trigger
303 * oversized field errors. Function should be enabled in all three
304 * strlen checks. See http://www.php.net/error-log
305 */
306 // error_log($user.'|'.$key.'|'.$value."\n",3,'/tmp/oversized_log');
307
308 // error is fatal
309 $this->failQuery(null);
310 }
311 /**
312 * Check if preference key fits into db field
313 */
314 if (strlen($key) > $this->key_size) {
315 $err_msg = "Oversized user's preference key."
316 ." Some user preferences are not saved. See doc/db-backend.txt troubleshooting documentation.";
317 // error is not fatal. Only some preference is not saved.
318 trigger_error($err_msg,E_USER_WARNING);
319 return false;
320 }
321 /**
322 * Check if preference value fits into db field
323 */
324 if (strlen($value) > $this->val_size) {
325 $err_msg = "Oversized user's preference value."
326 ." Some user preferences are not saved. See doc/db-backend.txt troubleshooting documentation.";
327 // error is not fatal. Only some preference is not saved.
328 trigger_error($err_msg,E_USER_WARNING);
329 return false;
330 }
331
332
333 if ($this->db_type == SMDB_MYSQL) {
334 $query = sprintf("REPLACE INTO %s (%s, %s, %s) ".
335 "VALUES('%s','%s','%s')",
336 $this->table,
337 $this->user_field,
338 $this->key_field,
339 $this->val_field,
340 $this->dbh->quoteString($user),
341 $this->dbh->quoteString($key),
342 $this->dbh->quoteString($value));
343
344 $res = $this->dbh->simpleQuery($query);
345 if(DB::isError($res)) {
346 $this->failQuery($res);
347 }
348 } elseif ($this->db_type == SMDB_PGSQL) {
349 $this->dbh->simpleQuery("BEGIN TRANSACTION");
350 $query = sprintf("DELETE FROM %s WHERE %s='%s' AND %s='%s'",
351 $this->table,
352 $this->user_field,
353 $this->dbh->quoteString($user),
354 $this->key_field,
355 $this->dbh->quoteString($key));
356 $res = $this->dbh->simpleQuery($query);
357 if (DB::isError($res)) {
358 $this->dbh->simpleQuery("ROLLBACK TRANSACTION");
359 $this->failQuery($res);
360 }
361 $query = sprintf("INSERT INTO %s (%s, %s, %s) VALUES ('%s', '%s', '%s')",
362 $this->table,
363 $this->user_field,
364 $this->key_field,
365 $this->val_field,
366 $this->dbh->quoteString($user),
367 $this->dbh->quoteString($key),
368 $this->dbh->quoteString($value));
369 $res = $this->dbh->simpleQuery($query);
370 if (DB::isError($res)) {
371 $this->dbh->simpleQuery("ROLLBACK TRANSACTION");
372 $this->failQuery($res);
373 }
374 $this->dbh->simpleQuery("COMMIT TRANSACTION");
375 } else {
376 $query = sprintf("DELETE FROM %s WHERE %s='%s' AND %s='%s'",
377 $this->table,
378 $this->user_field,
379 $this->dbh->quoteString($user),
380 $this->key_field,
381 $this->dbh->quoteString($key));
382 $res = $this->dbh->simpleQuery($query);
383 if (DB::isError($res)) {
384 $this->failQuery($res);
385 }
386 $query = sprintf("INSERT INTO %s (%s, %s, %s) VALUES ('%s', '%s', '%s')",
387 $this->table,
388 $this->user_field,
389 $this->key_field,
390 $this->val_field,
391 $this->dbh->quoteString($user),
392 $this->dbh->quoteString($key),
393 $this->dbh->quoteString($value));
394 $res = $this->dbh->simpleQuery($query);
395 if (DB::isError($res)) {
396 $this->failQuery($res);
397 }
398 }
399
400 return true;
401 }
402
403 /**
404 * Fill preference cache array
405 * @param string $user user name
406 * @since 1.2.3
407 */
408 function fillPrefsCache($user) {
409 global $prefs_cache;
410
411 if (!$this->open()) {
412 return;
413 }
414
415 $prefs_cache = array();
416 $query = sprintf("SELECT %s as prefkey, %s as prefval FROM %s ".
417 "WHERE %s = '%s'",
418 $this->key_field,
419 $this->val_field,
420 $this->table,
421 $this->user_field,
422 $this->dbh->quoteString($user));
423 $res = $this->dbh->query($query);
424 if (DB::isError($res)) {
425 $this->failQuery($res);
426 }
427
428 while ($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) {
429 $prefs_cache[$row['prefkey']] = $row['prefval'];
430 }
431 }
432
433 } /* end class dbPrefs */
434
435
436 /**
437 * returns the value for the pref $string
438 * @ignore
439 */
440 function getPref($data_dir, $username, $string, $default = '') {
441 $db = new dbPrefs;
442 if(isset($db->error)) {
443 printf( _("Preference database error (%s). Exiting abnormally"),
444 $db->error);
445 exit;
446 }
447
448 return $db->getKey($username, $string, $default);
449 }
450
451 /**
452 * Remove the pref $string
453 * @ignore
454 */
455 function removePref($data_dir, $username, $string) {
456 global $prefs_cache;
457 $db = new dbPrefs;
458 if(isset($db->error)) {
459 $db->failQuery();
460 }
461
462 $db->deleteKey($username, $string);
463
464 if (isset($prefs_cache[$string])) {
465 unset($prefs_cache[$string]);
466 }
467
468 sqsession_register($prefs_cache , 'prefs_cache');
469 return;
470 }
471
472 /**
473 * sets the pref, $string, to $set_to
474 * @ignore
475 */
476 function setPref($data_dir, $username, $string, $set_to) {
477 global $prefs_cache;
478
479 if (isset($prefs_cache[$string]) && ($prefs_cache[$string] == $set_to)) {
480 return;
481 }
482
483 if ($set_to === '') {
484 removePref($data_dir, $username, $string);
485 return;
486 }
487
488 $db = new dbPrefs;
489 if(isset($db->error)) {
490 $db->failQuery();
491 }
492
493 $db->setKey($username, $string, $set_to);
494 $prefs_cache[$string] = $set_to;
495 assert_options(ASSERT_ACTIVE, 1);
496 assert_options(ASSERT_BAIL, 1);
497 assert ('$set_to == $prefs_cache[$string]');
498 sqsession_register($prefs_cache , 'prefs_cache');
499 return;
500 }
501
502 /**
503 * This checks if the prefs are available
504 * @ignore
505 */
506 function checkForPrefs($data_dir, $username) {
507 $db = new dbPrefs;
508 if(isset($db->error)) {
509 $db->failQuery();
510 }
511 }
512
513 /**
514 * Writes the Signature
515 * @ignore
516 */
517 function setSig($data_dir, $username, $number, $string) {
518 if ($number == "g") {
519 $key = '___signature___';
520 } else {
521 $key = sprintf('___sig%s___', $number);
522 }
523 setPref($data_dir, $username, $key, $string);
524 return;
525 }
526
527 /**
528 * Gets the signature
529 * @ignore
530 */
531 function getSig($data_dir, $username, $number) {
532 if ($number == "g") {
533 $key = '___signature___';
534 } else {
535 $key = sprintf('___sig%d___', $number);
536 }
537 return getPref($data_dir, $username, $key);
538 }
539
540 // vim: et ts=4
541 ?>
Unnamed repository; edit this file 'description' to name the repository.