Use PDO for database access if available (adds PHP 7 compatibility)
[squirrelmail.git] / functions / abook_database.php
CommitLineData
9b9474d6 1<?php
4b4abf93 2
35586184 3/**
4 * abook_database.php
5 *
46956d06 6 * Supported database schema
7 * <pre>
8 * owner varchar(128) NOT NULL
9 * nickname varchar(16) NOT NULL
10 * firstname varchar(128)
11 * lastname varchar(128)
12 * email varchar(128) NOT NULL
13 * label varchar(255)
14 * PRIMARY KEY (owner,nickname)
15 * </pre>
16 *
f197ec88 17 * @copyright 1999-2016 The SquirrelMail Project Team
4b4abf93 18 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
a9d318b0 19 * @version $Id$
d6c32258 20 * @package squirrelmail
a9d318b0 21 * @subpackage addressbook
35586184 22 */
d6c32258 23
6d429ce6 24/**
058b79d2 25 * Needs either PDO or the DB functions
6d429ce6 26 * Don't display errors here. Error will be set in class constructor function.
27 */
058b79d2 28global $use_pdo, $disable_pdo;
29if (empty($disable_pdo) && class_exists('PDO'))
30 $use_pdo = TRUE;
31else
32 $use_pdo = FALSE;
33
34if (!$use_pdo)
35 @include_once('DB.php');
d6c32258 36
37/**
0541c5ae 38 * Address book in a database backend
39 *
40 * Backend for personal/shared address book stored in a database,
058b79d2 41 * accessed using the DB-classes in PEAR or PDO, the latter taking
42 * precedence if available..
0541c5ae 43 *
058b79d2 44 * IMPORTANT: If PDO is not available (it should be installed by
45 * default since PHP 5.1), then the PEAR modules must
46 * be in the include path for this class to work.
0541c5ae 47 *
48 * An array with the following elements must be passed to
49 * the class constructor (elements marked ? are optional):
50 * <pre>
058b79d2 51 * dsn => database DNS (see PEAR for syntax, but more or
52 * less it is: mysql://user:pass@hostname/dbname)
0541c5ae 53 * table => table to store addresses in (must exist)
54 * owner => current user (owner of address data)
55 * ? name => name of address book
56 * ? writeable => set writeable flag (true/false)
57 * ? listing => enable/disable listing
58 * </pre>
59 * The table used should have the following columns:
60 * owner, nickname, firstname, lastname, email, label
61 * The pair (owner,nickname) should be unique (primary key).
62 *
63 * NOTE. This class should not be used directly. Use the
64 * "AddressBook" class instead.
058b79d2 65 *
66 * Three settings that control PDO behavior can be specified in
67 * config/config_local.php if needed:
68 * boolean $disable_pdo SquirrelMail uses PDO by default to access the
69 * user preferences and address book databases, but
70 * setting this to TRUE will cause SquirrelMail to
71 * fall back to using Pear DB instead.
72 * boolean $pdo_show_sql_errors When database errors are encountered,
73 * setting this to TRUE causes the actual
74 * database error to be displayed, otherwise
75 * generic errors are displayed, preventing
76 * internal database information from being
77 * exposed. This should be enabled only for
78 * debugging purposes.
79 * string $pdo_identifier_quote_char By default, SquirrelMail will quote
80 * table and field names in database
81 * queries with what it thinks is the
82 * appropriate quote character for the
83 * database type being used (backtick
84 * for MySQL (and thus MariaDB), double
85 * quotes for all others), but you can
86 * override the character used by
87 * putting it here, or tell SquirrelMail
88 * NOT to quote identifiers by setting
89 * this to "none"
90 *
d6c32258 91 * @package squirrelmail
0541c5ae 92 * @subpackage addressbook
d6c32258 93 */
9b9474d6 94class abook_database extends addressbook_backend {
0541c5ae 95 /**
96 * Backend type
97 * @var string
98 */
9b9474d6 99 var $btype = 'local';
0541c5ae 100 /**
101 * Backend name
102 * @var string
103 */
9b9474d6 104 var $bname = 'database';
62f7daa5 105
0541c5ae 106 /**
107 * Data Source Name (connection description)
108 * @var string
109 */
9b9474d6 110 var $dsn = '';
058b79d2 111
112 /**
113 * Character used to quote database table
114 * and field names
115 * @var string
116 */
117 var $identifier_quote_char = '';
118
0541c5ae 119 /**
120 * Table that stores addresses
121 * @var string
122 */
9b9474d6 123 var $table = '';
0541c5ae 124 /**
125 * Owner name
126 *
127 * Limits list of database entries visible to end user
128 * @var string
129 */
9b9474d6 130 var $owner = '';
0541c5ae 131 /**
132 * Database Handle
133 * @var resource
134 */
9b9474d6 135 var $dbh = false;
0541c5ae 136 /**
137 * Enable/disable writing into address book
138 * @var bool
139 */
9b9474d6 140 var $writeable = true;
0541c5ae 141 /**
142 * Enable/disable address book listing
143 * @var bool
144 */
145 var $listing = true;
62f7daa5 146
9b9474d6 147 /* ========================== Private ======================= */
62f7daa5 148
0541c5ae 149 /**
150 * Constructor
151 * @param array $param address book backend options
152 */
9b9474d6 153 function abook_database($param) {
232fb714 154 $this->sname = _("Personal Address Book");
62f7daa5 155
058b79d2 156 /* test if PDO or Pear DB classes are available and freak out if necessary */
157 global $use_pdo;
158 if (!$use_pdo && !class_exists('DB')) {
6d429ce6 159 // same error also in db_prefs.php
058b79d2 160 $error = _("Could not find or include PHP PDO or PEAR database functions required for the database backend.") . "\n";
161 $error .= sprintf(_("PDO should come preinstalled with PHP version 5.1 or higher. Otherwise, is PEAR installed, and is the include path set correctly to find %s?"), 'DB.php') . "\n";
6d429ce6 162 $error .= _("Please contact your system administrator and report this error.");
163 return $this->set_error($error);
164 }
165
9b9474d6 166 if (is_array($param)) {
62f7daa5 167 if (empty($param['dsn']) ||
168 empty($param['table']) ||
9b9474d6 169 empty($param['owner'])) {
170 return $this->set_error('Invalid parameters');
171 }
62f7daa5 172
91be2362 173 $this->dsn = $param['dsn'];
174 $this->table = $param['table'];
175 $this->owner = $param['owner'];
62f7daa5 176
9b9474d6 177 if (!empty($param['name'])) {
91be2362 178 $this->sname = $param['name'];
9b9474d6 179 }
7902aca2 180
9b9474d6 181 if (isset($param['writeable'])) {
91be2362 182 $this->writeable = $param['writeable'];
9b9474d6 183 }
7902aca2 184
30e9932c 185 if (isset($param['listing'])) {
186 $this->listing = $param['listing'];
187 }
188
058b79d2 189 // figure out identifier quoting (only used for PDO, though we could change that)
190 global $pdo_identifier_quote_char;
191 if (empty($pdo_identifier_quote_char)) {
192 if (strpos($this->dsn, 'mysql') === 0)
193 $this->identifier_quote_char = '`';
194 else
195 $this->identifier_quote_char = '"';
196 } else if ($pdo_identifier_quote_char === 'none')
197 $this->identifier_quote_char = '';
198 else
199 $this->identifier_quote_char = $pdo_identifier_quote_char;
200
201
7902aca2 202 $this->open(true);
9b9474d6 203 }
204 else {
91be2362 205 return $this->set_error('Invalid argument to constructor');
9b9474d6 206 }
207 }
62f7daa5 208
209
0541c5ae 210 /**
e50f5ac2 211 * Open the database.
0541c5ae 212 * @param bool $new new connection if it is true
213 * @return bool
214 */
9b9474d6 215 function open($new = false) {
058b79d2 216 global $use_pdo;
9b9474d6 217 $this->error = '';
62f7daa5 218
9b9474d6 219 /* Return true is file is open and $new is unset */
220 if ($this->dbh && !$new) {
7902aca2 221 return true;
9b9474d6 222 }
62f7daa5 223
9b9474d6 224 /* Close old file, if any */
225 if ($this->dbh) {
226 $this->close();
227 }
62f7daa5 228
058b79d2 229 if ($use_pdo) {
230 // parse and convert DSN to PDO style
231 // $matches will contain:
232 // 1: database type
233 // 2: username
234 // 3: password
235 // 4: hostname
236 // 5: database name
237//TODO: add support for unix_socket and charset
238 if (!preg_match('|^(.+)://(.+):(.+)@(.+)/(.+)$|i', $this->dsn, $matches)) {
239 return $this->set_error(_("Could not parse prefs DSN"));
240 }
241 if (preg_match('|^(.+):(\d+)$|', $matches[4], $host_port_matches)) {
242 $matches[4] = $host_port_matches[1];
243 $matches[6] = $host_port_matches[2];
244 } else
245 $matches[6] = NULL;
246 $pdo_prefs_dsn = $matches[1] . ':host=' . $matches[4] . (!empty($matches[6]) ? ';port=' . $matches[6] : '') . ';dbname=' . $matches[5];
247 try {
248 $dbh = new PDO($pdo_prefs_dsn, $matches[2], $matches[3]);
249 } catch (Exception $e) {
250 return $this->set_error(sprintf(_("Database error: %s"), $e->getMessage()));
251 }
62f7daa5 252
058b79d2 253 $dbh->setAttribute(PDO::ATTR_CASE, PDO::CASE_LOWER);
62f7daa5 254
058b79d2 255 } else {
256 $dbh = DB::connect($this->dsn, true);
257
258 if (DB::isError($dbh)) {
259 return $this->set_error(sprintf(_("Database error: %s"),
260 DB::errorMessage($dbh)));
261 }
46956d06 262
058b79d2 263 /**
264 * field names are lowercased.
265 * We use unquoted identifiers and they use upper case in Oracle
266 */
267 $dbh->setOption('portability', DB_PORTABILITY_LOWERCASE);
268 }
46956d06 269
058b79d2 270 $this->dbh = $dbh;
9b9474d6 271 return true;
272 }
7902aca2 273
0541c5ae 274 /**
275 * Close the file and forget the filehandle
276 */
9b9474d6 277 function close() {
058b79d2 278 global $use_pdo;
279 if ($use_pdo) {
280 $this->dbh = NULL;
281 } else {
282 $this->dbh->disconnect();
283 $this->dbh = false;
284 }
9b9474d6 285 }
7902aca2 286
503c7650 287 /**
288 * Determine internal database field name given one of
289 * the SquirrelMail SM_ABOOK_FIELD_* constants
290 *
291 * @param integer $field The SM_ABOOK_FIELD_* contant to look up
292 *
293 * @return string The desired field name, or the string "ERROR"
294 * if the $field is not understood (the caller
295 * is responsible for handing errors)
296 *
297 */
298 function get_field_name($field) {
299 switch ($field) {
300 case SM_ABOOK_FIELD_NICKNAME:
301 return 'nickname';
302 case SM_ABOOK_FIELD_FIRSTNAME:
303 return 'firstname';
304 case SM_ABOOK_FIELD_LASTNAME:
305 return 'lastname';
306 case SM_ABOOK_FIELD_EMAIL:
307 return 'email';
308 case SM_ABOOK_FIELD_LABEL:
309 return 'label';
310 default:
311 return 'ERROR';
312 }
313 }
314
9b9474d6 315 /* ========================== Public ======================== */
62f7daa5 316
0541c5ae 317 /**
318 * Search the database
46956d06 319 *
320 * Backend supports only * and ? wildcards. Complex eregs are not supported.
321 * Search is case insensitive.
0541c5ae 322 * @param string $expr search expression
46956d06 323 * @return array search results. boolean false on error
0541c5ae 324 */
aa8c4265 325 function search($expr) {
9b9474d6 326 $ret = array();
327 if(!$this->open()) {
7902aca2 328 return false;
9b9474d6 329 }
30e9932c 330
9b9474d6 331 /* To be replaced by advanded search expression parsing */
332 if (is_array($expr)) {
333 return;
334 }
335
327e2d96 336 // don't allow wide search when listing is disabled.
337 if ($expr=='*' && ! $this->listing)
338 return array();
339
46956d06 340 /* lowercase expression in order to make it case insensitive */
341 $expr = strtolower($expr);
342
343 /* escape SQL wildcards */
344 $expr = str_replace('_', '\\_', $expr);
345 $expr = str_replace('%', '\\%', $expr);
346
347 /* Convert wildcards to SQL syntax */
9b9474d6 348 $expr = str_replace('?', '_', $expr);
349 $expr = str_replace('*', '%', $expr);
058b79d2 350
9b9474d6 351 $expr = "%$expr%";
352
058b79d2 353 global $use_pdo, $pdo_show_sql_errors;
354 if ($use_pdo) {
355 if (!($sth = $this->dbh->prepare('SELECT * FROM ' . $this->identifier_quote_char . $this->table . $this->identifier_quote_char . ' WHERE ' . $this->identifier_quote_char . 'owner' . $this->identifier_quote_char . ' = ? AND (LOWER(' . $this->identifier_quote_char . 'firstname' . $this->identifier_quote_char . ') LIKE ? ESCAPE ? OR LOWER(' . $this->identifier_quote_char . 'lastname' . $this->identifier_quote_char . ') LIKE ? ESCAPE ? OR LOWER(' . $this->identifier_quote_char . 'email' . $this->identifier_quote_char . ') LIKE ? ESCAPE ? OR LOWER(' . $this->identifier_quote_char . 'nickname' . $this->identifier_quote_char . ') LIKE ? ESCAPE ?)'))) {
356 if ($pdo_show_sql_errors)
357 return $this->set_error(sprintf(_("Database error: %s"), implode(' - ', $this->dbh->errorInfo())));
358 else
359 return $this->set_error(sprintf(_("Database error: %s"), _("Could not prepare query")));
360 }
361 if (!($res = $sth->execute(array($this->owner, $expr, '\\', $expr, '\\', $expr, '\\', $expr, '\\')))) {
362 if ($pdo_show_sql_errors)
363 return $this->set_error(sprintf(_("Database error: %s"), implode(' - ', $sth->errorInfo())));
364 else
365 return $this->set_error(sprintf(_("Database error: %s"), _("Could not execute query")));
366 }
367
368 while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
369 array_push($ret, array('nickname' => $row['nickname'],
370 'name' => $this->fullname($row['firstname'], $row['lastname']),
371 'firstname' => $row['firstname'],
372 'lastname' => $row['lastname'],
373 'email' => $row['email'],
374 'label' => $row['label'],
375 'backend' => $this->bnum,
376 'source' => &$this->sname));
377 }
378
379 } else {
380 $expr = $this->dbh->quoteString($expr);
7902aca2 381
058b79d2 382 /* create escape expression */
383 $escape = 'ESCAPE \'' . $this->dbh->quoteString('\\') . '\'';
384
385 $query = sprintf("SELECT * FROM %s WHERE owner='%s' AND " .
386 "(LOWER(firstname) LIKE '%s' %s " .
387 "OR LOWER(lastname) LIKE '%s' %s " .
388 "OR LOWER(email) LIKE '%s' %s " .
389 "OR LOWER(nickname) LIKE '%s' %s)",
390 $this->table, $this->owner, $expr, $escape, $expr, $escape,
391 $expr, $escape, $expr, $escape);
392 $res = $this->dbh->query($query);
393
394 if (DB::isError($res)) {
395 return $this->set_error(sprintf(_("Database error: %s"),
396 DB::errorMessage($res)));
397 }
398
399 while ($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) {
400 array_push($ret, array('nickname' => $row['nickname'],
401 'name' => $this->fullname($row['firstname'], $row['lastname']),
402 'firstname' => $row['firstname'],
403 'lastname' => $row['lastname'],
404 'email' => $row['email'],
405 'label' => $row['label'],
406 'backend' => $this->bnum,
407 'source' => &$this->sname));
408 }
9b9474d6 409 }
410 return $ret;
411 }
62f7daa5 412
0541c5ae 413 /**
503c7650 414 * Lookup an address by the indicated field.
415 *
416 * @param string $value The value to look up
417 * @param integer $field The field to look in, should be one
418 * of the SM_ABOOK_FIELD_* constants
419 * defined in include/constants.php
420 * (OPTIONAL; defaults to nickname field)
bf55ebab 421 * NOTE: uniqueness is only guaranteed
422 * when the nickname field is used here;
423 * otherwise, the first matching address
424 * is returned.
503c7650 425 *
426 * @return array Array with lookup results when the value
427 * was found, an empty array if the value was
428 * not found.
429 *
0541c5ae 430 */
503c7650 431 function lookup($value, $field=SM_ABOOK_FIELD_NICKNAME) {
432 if (empty($value)) {
7902aca2 433 return array();
9b9474d6 434 }
62f7daa5 435
503c7650 436 $value = strtolower($value);
7902aca2 437
9b9474d6 438 if (!$this->open()) {
7902aca2 439 return false;
9b9474d6 440 }
62f7daa5 441
26bd3897 442 $db_field = $this->get_field_name($field);
443 if ($db_field == 'ERROR') {
444 return $this->set_error(sprintf(_("Unknown field name: %s"), $field));
445 }
446
058b79d2 447 global $use_pdo, $pdo_show_sql_errors;
448 if ($use_pdo) {
449 if (!($sth = $this->dbh->prepare('SELECT * FROM ' . $this->identifier_quote_char . $this->table . $this->identifier_quote_char . ' WHERE ' . $this->identifier_quote_char . 'owner' . $this->identifier_quote_char . ' = ? AND LOWER(' . $this->identifier_quote_char . $db_field . $this->identifier_quote_char . ') = ?'))) {
450 if ($pdo_show_sql_errors)
451 return $this->set_error(sprintf(_("Database error: %s"), implode(' - ', $this->dbh->errorInfo())));
452 else
453 return $this->set_error(sprintf(_("Database error: %s"), _("Could not prepare query")));
454 }
455 if (!($res = $sth->execute(array($this->owner, $value)))) {
456 if ($pdo_show_sql_errors)
457 return $this->set_error(sprintf(_("Database error: %s"), implode(' - ', $sth->errorInfo())));
458 else
459 return $this->set_error(sprintf(_("Database error: %s"), _("Could not execute query")));
460 }
7902aca2 461
058b79d2 462 if ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
463 return array('nickname' => $row['nickname'],
464 'name' => $this->fullname($row['firstname'], $row['lastname']),
465 'firstname' => $row['firstname'],
466 'lastname' => $row['lastname'],
467 'email' => $row['email'],
468 'label' => $row['label'],
469 'backend' => $this->bnum,
470 'source' => &$this->sname);
471 }
7902aca2 472
058b79d2 473 } else {
474 $query = sprintf("SELECT * FROM %s WHERE owner = '%s' AND LOWER(%s) = '%s'",
475 $this->table, $this->owner, $db_field,
476 $this->dbh->quoteString($value));
477
478 $res = $this->dbh->query($query);
7902aca2 479
058b79d2 480 if (DB::isError($res)) {
481 return $this->set_error(sprintf(_("Database error: %s"),
482 DB::errorMessage($res)));
483 }
484
485 if ($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) {
486 return array('nickname' => $row['nickname'],
487 'name' => $this->fullname($row['firstname'], $row['lastname']),
488 'firstname' => $row['firstname'],
489 'lastname' => $row['lastname'],
490 'email' => $row['email'],
491 'label' => $row['label'],
492 'backend' => $this->bnum,
493 'source' => &$this->sname);
494 }
9b9474d6 495 }
058b79d2 496
9b9474d6 497 return array();
498 }
499
0541c5ae 500 /**
e50f5ac2 501 * List all addresses
0541c5ae 502 * @return array search results
503 */
aa8c4265 504 function list_addr() {
9b9474d6 505 $ret = array();
506 if (!$this->open()) {
7902aca2 507 return false;
9b9474d6 508 }
62f7daa5 509
91e0dccc 510 if(isset($this->listing) && !$this->listing) {
511 return array();
512 }
30e9932c 513
7902aca2 514
058b79d2 515 global $use_pdo, $pdo_show_sql_errors;
516 if ($use_pdo) {
517 if (!($sth = $this->dbh->prepare('SELECT * FROM ' . $this->identifier_quote_char . $this->table . $this->identifier_quote_char . ' WHERE ' . $this->identifier_quote_char . 'owner' . $this->identifier_quote_char . ' = ?'))) {
518 if ($pdo_show_sql_errors)
519 return $this->set_error(sprintf(_("Database error: %s"), implode(' - ', $this->dbh->errorInfo())));
520 else
521 return $this->set_error(sprintf(_("Database error: %s"), _("Could not prepare query")));
522 }
523 if (!($res = $sth->execute(array($this->owner)))) {
524 if ($pdo_show_sql_errors)
525 return $this->set_error(sprintf(_("Database error: %s"), implode(' - ', $sth->errorInfo())));
526 else
527 return $this->set_error(sprintf(_("Database error: %s"), _("Could not execute query")));
528 }
7902aca2 529
058b79d2 530 while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
531 array_push($ret, array('nickname' => $row['nickname'],
532 'name' => $this->fullname($row['firstname'], $row['lastname']),
533 'firstname' => $row['firstname'],
534 'lastname' => $row['lastname'],
535 'email' => $row['email'],
536 'label' => $row['label'],
537 'backend' => $this->bnum,
538 'source' => &$this->sname));
539 }
540 } else {
541 $query = sprintf("SELECT * FROM %s WHERE owner='%s'",
542 $this->table, $this->owner);
62f7daa5 543
058b79d2 544 $res = $this->dbh->query($query);
545
546 if (DB::isError($res)) {
547 return $this->set_error(sprintf(_("Database error: %s"),
548 DB::errorMessage($res)));
549 }
7902aca2 550
058b79d2 551 while ($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) {
552 array_push($ret, array('nickname' => $row['nickname'],
553 'name' => $this->fullname($row['firstname'], $row['lastname']),
554 'firstname' => $row['firstname'],
555 'lastname' => $row['lastname'],
556 'email' => $row['email'],
557 'label' => $row['label'],
558 'backend' => $this->bnum,
559 'source' => &$this->sname));
560 }
9b9474d6 561 }
058b79d2 562
9b9474d6 563 return $ret;
564 }
7902aca2 565
0541c5ae 566 /**
567 * Add address
568 * @param array $userdata added data
569 * @return bool
570 */
9b9474d6 571 function add($userdata) {
572 if (!$this->writeable) {
35235328 573 return $this->set_error(_("Address book is read-only"));
9b9474d6 574 }
7902aca2 575
9b9474d6 576 if (!$this->open()) {
7902aca2 577 return false;
9b9474d6 578 }
62f7daa5 579
058b79d2 580 // NB: if you want to check for some unwanted characters
581 // or other problems, do so here like this:
582 // TODO: Should pull all validation code out into a separate function
583 //if (strpos($userdata['nickname'], ' ')) {
584 // return $this->set_error(_("Nickname contains illegal characters"));
585 //}
586
9b9474d6 587 /* See if user exist already */
588 $ret = $this->lookup($userdata['nickname']);
589 if (!empty($ret)) {
058b79d2 590 return $this->set_error(sprintf(_("User \"%s\" already exists"), $ret['nickname']));
591 }
592
593 global $use_pdo, $pdo_show_sql_errors;
594 if ($use_pdo) {
595 if (!($sth = $this->dbh->prepare('INSERT INTO ' . $this->identifier_quote_char . $this->table . $this->identifier_quote_char . ' (' . $this->identifier_quote_char . 'owner' . $this->identifier_quote_char . ', ' . $this->identifier_quote_char . 'nickname' . $this->identifier_quote_char . ', ' . $this->identifier_quote_char . 'firstname' . $this->identifier_quote_char . ', ' . $this->identifier_quote_char . 'lastname' . $this->identifier_quote_char . ', ' . $this->identifier_quote_char . 'email' . $this->identifier_quote_char . ', ' . $this->identifier_quote_char . 'label' . $this->identifier_quote_char . ') VALUES (?, ?, ?, ?, ?, ?)'))) {
596 if ($pdo_show_sql_errors)
597 return $this->set_error(sprintf(_("Database error: %s"), implode(' - ', $this->dbh->errorInfo())));
598 else
599 return $this->set_error(sprintf(_("Database error: %s"), _("Could not prepare query")));
600 }
601 if (!($res = $sth->execute(array($this->owner, $userdata['nickname'], $userdata['firstname'], (!empty($userdata['lastname']) ? $userdata['lastname'] : ''), $userdata['email'], (!empty($userdata['label']) ? $userdata['label'] : ''))))) {
602 if ($pdo_show_sql_errors)
603 return $this->set_error(sprintf(_("Database error: %s"), implode(' - ', $sth->errorInfo())));
604 else
605 return $this->set_error(sprintf(_("Database error: %s"), _("Could not execute query")));
606 }
607 } else {
608 /* Create query */
609 $query = sprintf("INSERT INTO %s (owner, nickname, firstname, " .
610 "lastname, email, label) VALUES('%s','%s','%s'," .
611 "'%s','%s','%s')",
612 $this->table, $this->owner,
613 $this->dbh->quoteString($userdata['nickname']),
614 $this->dbh->quoteString($userdata['firstname']),
615 $this->dbh->quoteString((!empty($userdata['lastname'])?$userdata['lastname']:'')),
616 $this->dbh->quoteString($userdata['email']),
617 $this->dbh->quoteString((!empty($userdata['label'])?$userdata['label']:'')) );
618
619 /* Do the insert */
620 $r = $this->dbh->simpleQuery($query);
621
622 /* Check for errors */
623 if (DB::isError($r)) {
624 return $this->set_error(sprintf(_("Database error: %s"),
625 DB::errorMessage($r)));
626 }
9b9474d6 627 }
628
46956d06 629 return true;
9b9474d6 630 }
7902aca2 631
0541c5ae 632 /**
eee5aa69 633 * Deletes address book entries
634 * @param array $alias aliases that have to be deleted. numerical
635 * array with nickname values
0541c5ae 636 * @return bool
637 */
9b9474d6 638 function remove($alias) {
639 if (!$this->writeable) {
35235328 640 return $this->set_error(_("Address book is read-only"));
9b9474d6 641 }
7902aca2 642
9b9474d6 643 if (!$this->open()) {
7902aca2 644 return false;
9b9474d6 645 }
62f7daa5 646
058b79d2 647 global $use_pdo, $pdo_show_sql_errors;
648 if ($use_pdo) {
649 $sepstr = '';
650 $where_clause = '';
651 $where_clause_args = array();
652 while (list($undef, $nickname) = each($alias)) {
653 $where_clause .= $sepstr . $this->identifier_quote_char . 'nickname' . $this->identifier_quote_char . ' = ?';
654 $where_clause_args[] = $nickname;
655 $sepstr = ' OR ';
656 }
657 if (!($sth = $this->dbh->prepare('DELETE FROM ' . $this->identifier_quote_char . $this->table . $this->identifier_quote_char . ' WHERE ' . $this->identifier_quote_char . 'owner' . $this->identifier_quote_char . ' = ? AND (' . $where_clause . ')'))) {
658 if ($pdo_show_sql_errors)
659 return $this->set_error(sprintf(_("Database error: %s"), implode(' - ', $this->dbh->errorInfo())));
660 else
661 return $this->set_error(sprintf(_("Database error: %s"), _("Could not prepare query")));
662 }
663 array_unshift($where_clause_args[], $this->owner);
664 if (!($res = $sth->execute(array_array($where_clause_args)))) {
665 if ($pdo_show_sql_errors)
666 return $this->set_error(sprintf(_("Database error: %s"), implode(' - ', $sth->errorInfo())));
667 else
668 return $this->set_error(sprintf(_("Database error: %s"), _("Could not execute query")));
669 }
670 } else {
671 /* Create query */
672 $query = sprintf("DELETE FROM %s WHERE owner='%s' AND (",
673 $this->table, $this->owner);
674
675 $sepstr = '';
676 while (list($undef, $nickname) = each($alias)) {
677 $query .= sprintf("%s nickname='%s' ", $sepstr,
678 $this->dbh->quoteString($nickname));
679 $sepstr = 'OR';
680 }
681 $query .= ')';
7902aca2 682
058b79d2 683 /* Delete entry */
684 $r = $this->dbh->simpleQuery($query);
7902aca2 685
058b79d2 686 /* Check for errors */
687 if (DB::isError($r)) {
688 return $this->set_error(sprintf(_("Database error: %s"),
689 DB::errorMessage($r)));
690 }
46956d06 691 }
058b79d2 692
46956d06 693 return true;
9b9474d6 694 }
7902aca2 695
0541c5ae 696 /**
697 * Modify address
698 * @param string $alias modified alias
699 * @param array $userdata new data
700 * @return bool
701 */
9b9474d6 702 function modify($alias, $userdata) {
703 if (!$this->writeable) {
35235328 704 return $this->set_error(_("Address book is read-only"));
9b9474d6 705 }
7902aca2 706
9b9474d6 707 if (!$this->open()) {
7902aca2 708 return false;
9b9474d6 709 }
62f7daa5 710
058b79d2 711 // NB: if you want to check for some unwanted characters
712 // or other problems, do so here like this:
713 // TODO: Should pull all validation code out into a separate function
714 //if (strpos($userdata['nickname'], ' ')) {
715 // return $this->set_error(_("Nickname contains illegal characters"));
716 //}
717
9b9474d6 718 /* See if user exist */
719 $ret = $this->lookup($alias);
720 if (empty($ret)) {
2706a0b1 721 return $this->set_error(sprintf(_("User \"%s\" does not exist"),$alias));
9b9474d6 722 }
723
46956d06 724 /* make sure that new nickname is not used */
725 if (strtolower($alias) != strtolower($userdata['nickname'])) {
726 /* same check as in add() */
727 $ret = $this->lookup($userdata['nickname']);
728 if (!empty($ret)) {
729 $error = sprintf(_("User '%s' already exist."), $ret['nickname']);
730 return $this->set_error($error);
731 }
732 }
733
058b79d2 734 global $use_pdo, $pdo_show_sql_errors;
735 if ($use_pdo) {
736 if (!($sth = $this->dbh->prepare('UPDATE ' . $this->identifier_quote_char . $this->table . $this->identifier_quote_char . ' SET ' . $this->identifier_quote_char . 'nickname' . $this->identifier_quote_char . ' = ?, ' . $this->identifier_quote_char . 'firstname' . $this->identifier_quote_char . ' = ?, ' . $this->identifier_quote_char . 'lastname' . $this->identifier_quote_char . ' = ?, ' . $this->identifier_quote_char . 'email' . $this->identifier_quote_char . ' = ?, ' . $this->identifier_quote_char . 'label' . $this->identifier_quote_char . ' = ? WHERE ' . $this->identifier_quote_char . 'owner' . $this->identifier_quote_char . ' = ? AND ' . $this->identifier_quote_char . 'nickname' . $this->identifier_quote_char . ' = ?'))) {
737 if ($pdo_show_sql_errors)
738 return $this->set_error(sprintf(_("Database error: %s"), implode(' - ', $this->dbh->errorInfo())));
739 else
740 return $this->set_error(sprintf(_("Database error: %s"), _("Could not prepare query")));
741 }
742 if (!($res = $sth->execute(array($userdata['nickname'], $userdata['firstname'], (!empty($userdata['lastname']) ? $userdata['lastname'] : ''), $userdata['email'], (!empty($userdata['label']) ? $userdata['label'] : ''), $this->owner, $alias)))) {
743 if ($pdo_show_sql_errors)
744 return $this->set_error(sprintf(_("Database error: %s"), implode(' - ', $sth->errorInfo())));
745 else
746 return $this->set_error(sprintf(_("Database error: %s"), _("Could not execute query")));
747 }
748 } else {
749 /* Create query */
750 $query = sprintf("UPDATE %s SET nickname='%s', firstname='%s', ".
751 "lastname='%s', email='%s', label='%s' ".
752 "WHERE owner='%s' AND nickname='%s'",
753 $this->table,
754 $this->dbh->quoteString($userdata['nickname']),
755 $this->dbh->quoteString($userdata['firstname']),
756 $this->dbh->quoteString((!empty($userdata['lastname'])?$userdata['lastname']:'')),
757 $this->dbh->quoteString($userdata['email']),
758 $this->dbh->quoteString((!empty($userdata['label'])?$userdata['label']:'')),
759 $this->owner,
760 $this->dbh->quoteString($alias) );
761
762 /* Do the insert */
763 $r = $this->dbh->simpleQuery($query);
764
765 /* Check for errors */
766 if (DB::isError($r)) {
767 return $this->set_error(sprintf(_("Database error: %s"),
768 DB::errorMessage($r)));
769 }
46956d06 770 }
058b79d2 771
46956d06 772 return true;
9b9474d6 773 }
774} /* End of class abook_database */
7902aca2 775
c9fcea56 776// vim: et ts=4