123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441 |
- <?php
- /**
- * Licensed to Jasig under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for
- * additional information regarding copyright ownership.
- *
- * Jasig licenses this file to you under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except in
- * compliance with the License. You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * PHP Version 5
- *
- * @file CAS/PGTStorage/Db.php
- * @category Authentication
- * @package PhpCAS
- * @author Daniel Frett <daniel.frett@gmail.com>
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
- * @link https://wiki.jasig.org/display/CASC/phpCAS
- */
- define('CAS_PGT_STORAGE_DB_DEFAULT_TABLE', 'cas_pgts');
- /**
- * Basic class for PGT database storage
- * The CAS_PGTStorage_Db class is a class for PGT database storage.
- *
- * @class CAS_PGTStorage_Db
- * @category Authentication
- * @package PhpCAS
- * @author Daniel Frett <daniel.frett@gmail.com>
- * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
- * @link https://wiki.jasig.org/display/CASC/phpCAS
- *
- * @ingroup internalPGTStorageDb
- */
- class CAS_PGTStorage_Db extends CAS_PGTStorage_AbstractStorage
- {
- /**
- * @addtogroup internalCAS_PGTStorageDb
- * @{
- */
- /**
- * the PDO object to use for database interactions
- */
- private $_pdo;
- /**
- * This method returns the PDO object to use for database interactions.
- *
- * @return PDO object
- */
- private function _getPdo()
- {
- return $this->_pdo;
- }
- /**
- * database connection options to use when creating a new PDO object
- */
- private $_dsn;
- private $_username;
- private $_password;
- private $_driver_options;
- /**
- * @var string the table to use for storing/retrieving pgt's
- */
- private $_table;
- /**
- * This method returns the table to use when storing/retrieving PGT's
- *
- * @return string the name of the pgt storage table.
- */
- private function _getTable()
- {
- return $this->_table;
- }
- // ########################################################################
- // DEBUGGING
- // ########################################################################
- /**
- * This method returns an informational string giving the type of storage
- * used by the object (used for debugging purposes).
- *
- * @return string an informational string.
- */
- public function getStorageType()
- {
- return "db";
- }
- /**
- * This method returns an informational string giving informations on the
- * parameters of the storage.(used for debugging purposes).
- *
- * @return string an informational string.
- * @public
- */
- public function getStorageInfo()
- {
- return 'table=`'.$this->_getTable().'\'';
- }
- // ########################################################################
- // CONSTRUCTOR
- // ########################################################################
- /**
- * The class constructor.
- *
- * @param CAS_Client $cas_parent the CAS_Client instance that creates
- * the object.
- * @param string $dsn_or_pdo a dsn string to use for creating a PDO
- * object or a PDO object
- * @param string $username the username to use when connecting to
- * the database
- * @param string $password the password to use when connecting to
- * the database
- * @param string $table the table to use for storing and
- * retrieving PGT's
- * @param string $driver_options any driver options to use when
- * connecting to the database
- */
- public function __construct(
- $cas_parent, $dsn_or_pdo, $username='', $password='', $table='',
- $driver_options=null
- ) {
- phpCAS::traceBegin();
- // call the ancestor's constructor
- parent::__construct($cas_parent);
- // set default values
- if ( empty($table) ) {
- $table = CAS_PGT_STORAGE_DB_DEFAULT_TABLE;
- }
- if ( !is_array($driver_options) ) {
- $driver_options = array(PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
- }
- // store the specified parameters
- if ($dsn_or_pdo instanceof PDO) {
- $this->_pdo = $dsn_or_pdo;
- } else {
- $this->_dsn = $dsn_or_pdo;
- $this->_username = $username;
- $this->_password = $password;
- $this->_driver_options = $driver_options;
- }
- // store the table name
- $this->_table = $table;
- phpCAS::traceEnd();
- }
- // ########################################################################
- // INITIALIZATION
- // ########################################################################
- /**
- * This method is used to initialize the storage. Halts on error.
- *
- * @return void
- */
- public function init()
- {
- phpCAS::traceBegin();
- // if the storage has already been initialized, return immediatly
- if ($this->isInitialized()) {
- return;
- }
- // initialize the base object
- parent::init();
- // create the PDO object if it doesn't exist already
- if (!($this->_pdo instanceof PDO)) {
- try {
- $this->_pdo = new PDO(
- $this->_dsn, $this->_username, $this->_password,
- $this->_driver_options
- );
- }
- catch(PDOException $e) {
- phpCAS::error('Database connection error: ' . $e->getMessage());
- }
- }
- phpCAS::traceEnd();
- }
- // ########################################################################
- // PDO database interaction
- // ########################################################################
- /**
- * attribute that stores the previous error mode for the PDO handle while
- * processing a transaction
- */
- private $_errMode;
- /**
- * This method will enable the Exception error mode on the PDO object
- *
- * @return void
- */
- private function _setErrorMode()
- {
- // get PDO object and enable exception error mode
- $pdo = $this->_getPdo();
- $this->_errMode = $pdo->getAttribute(PDO::ATTR_ERRMODE);
- $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- }
- /**
- * this method will reset the error mode on the PDO object
- *
- * @return void
- */
- private function _resetErrorMode()
- {
- // get PDO object and reset the error mode to what it was originally
- $pdo = $this->_getPdo();
- $pdo->setAttribute(PDO::ATTR_ERRMODE, $this->_errMode);
- }
- // ########################################################################
- // database queries
- // ########################################################################
- // these queries are potentially unsafe because the person using this library
- // can set the table to use, but there is no reliable way to escape SQL
- // fieldnames in PDO yet
- /**
- * This method returns the query used to create a pgt storage table
- *
- * @return string the create table SQL, no bind params in query
- */
- protected function createTableSql()
- {
- return 'CREATE TABLE ' . $this->_getTable()
- . ' (pgt_iou VARCHAR(255) NOT NULL PRIMARY KEY, pgt VARCHAR(255) NOT NULL)';
- }
- /**
- * This method returns the query used to store a pgt
- *
- * @return string the store PGT SQL, :pgt and :pgt_iou are the bind params contained
- * in the query
- */
- protected function storePgtSql()
- {
- return 'INSERT INTO ' . $this->_getTable()
- . ' (pgt_iou, pgt) VALUES (:pgt_iou, :pgt)';
- }
- /**
- * This method returns the query used to retrieve a pgt. the first column
- * of the first row should contain the pgt
- *
- * @return string the retrieve PGT SQL, :pgt_iou is the only bind param contained
- * in the query
- */
- protected function retrievePgtSql()
- {
- return 'SELECT pgt FROM ' . $this->_getTable() . ' WHERE pgt_iou = :pgt_iou';
- }
- /**
- * This method returns the query used to delete a pgt.
- *
- * @return string the delete PGT SQL, :pgt_iou is the only bind param contained in
- * the query
- */
- protected function deletePgtSql()
- {
- return 'DELETE FROM ' . $this->_getTable() . ' WHERE pgt_iou = :pgt_iou';
- }
- // ########################################################################
- // PGT I/O
- // ########################################################################
- /**
- * This method creates the database table used to store pgt's and pgtiou's
- *
- * @return void
- */
- public function createTable()
- {
- phpCAS::traceBegin();
- // initialize this PGTStorage object if it hasn't been initialized yet
- if ( !$this->isInitialized() ) {
- $this->init();
- }
- // initialize the PDO object for this method
- $pdo = $this->_getPdo();
- $this->_setErrorMode();
- try {
- $pdo->beginTransaction();
- $query = $pdo->query($this->createTableSQL());
- $query->closeCursor();
- $pdo->commit();
- }
- catch(PDOException $e) {
- // attempt rolling back the transaction before throwing a phpCAS error
- try {
- $pdo->rollBack();
- }
- catch(PDOException $e) {
- }
- phpCAS::error('error creating PGT storage table: ' . $e->getMessage());
- }
- // reset the PDO object
- $this->_resetErrorMode();
- phpCAS::traceEnd();
- }
- /**
- * This method stores a PGT and its corresponding PGT Iou in the database.
- * Echoes a warning on error.
- *
- * @param string $pgt the PGT
- * @param string $pgt_iou the PGT iou
- *
- * @return void
- */
- public function write($pgt, $pgt_iou)
- {
- phpCAS::traceBegin();
- // initialize the PDO object for this method
- $pdo = $this->_getPdo();
- $this->_setErrorMode();
- try {
- $pdo->beginTransaction();
- $query = $pdo->prepare($this->storePgtSql());
- $query->bindValue(':pgt', $pgt, PDO::PARAM_STR);
- $query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR);
- $query->execute();
- $query->closeCursor();
- $pdo->commit();
- }
- catch(PDOException $e) {
- // attempt rolling back the transaction before throwing a phpCAS error
- try {
- $pdo->rollBack();
- }
- catch(PDOException $e) {
- }
- phpCAS::error('error writing PGT to database: ' . $e->getMessage());
- }
- // reset the PDO object
- $this->_resetErrorMode();
- phpCAS::traceEnd();
- }
- /**
- * This method reads a PGT corresponding to a PGT Iou and deletes the
- * corresponding db entry.
- *
- * @param string $pgt_iou the PGT iou
- *
- * @return string|false the corresponding PGT, or FALSE on error
- */
- public function read($pgt_iou)
- {
- phpCAS::traceBegin();
- $pgt = false;
- // initialize the PDO object for this method
- $pdo = $this->_getPdo();
- $this->_setErrorMode();
- try {
- $pdo->beginTransaction();
- // fetch the pgt for the specified pgt_iou
- $query = $pdo->prepare($this->retrievePgtSql());
- $query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR);
- $query->execute();
- $pgt = $query->fetchColumn(0);
- $query->closeCursor();
- // delete the specified pgt_iou from the database
- $query = $pdo->prepare($this->deletePgtSql());
- $query->bindValue(':pgt_iou', $pgt_iou, PDO::PARAM_STR);
- $query->execute();
- $query->closeCursor();
- $pdo->commit();
- }
- catch(PDOException $e) {
- // attempt rolling back the transaction before throwing a phpCAS error
- try {
- $pdo->rollBack();
- }
- catch(PDOException $e) {
- }
- phpCAS::trace('error reading PGT from database: ' . $e->getMessage());
- }
- // reset the PDO object
- $this->_resetErrorMode();
- phpCAS::traceEnd();
- return $pgt;
- }
- /** @} */
- }
- ?>
|