Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

280 lines (231 sloc) 7.819 kB
<?php
# MantisBT - a php based bugtracking system
# MantisBT is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# MantisBT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
/**
* This implements temporary storage of strings.
* DB schema: id, type, owner, timestamp, value
*
* @package CoreAPI
* @subpackage TokensAPI
* @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
* @copyright Copyright (C) 2002 - 2012 MantisBT Team - mantisbt-dev@lists.sourceforge.net
* @link http://www.mantisbt.org
*/
# Set up global for token_purge_expired_once()
$g_tokens_purged = false;
/**
* Check if a token exists.
* @param integer Token ID
* @return boolean True if token exists
*/
function token_exists( $p_token_id ) {
$c_token_id = db_prepare_int( $p_token_id );
$t_tokens_table = db_get_table( 'mantis_tokens_table' );
$t_query = "SELECT id
FROM $t_tokens_table
WHERE id=" . db_param();
$t_result = db_query_bound( $t_query, Array( $c_token_id ), 1 );
return( 1 == db_num_rows( $t_result ) );
}
/**
* Make sure a token exists.
* @param integer Token ID
* @return boolean True if token exists
*/
function token_ensure_exists( $p_token_id ) {
if( !token_exists( $p_token_id ) ) {
trigger_error( ERROR_TOKEN_NOT_FOUND, ERROR );
}
return true;
}
# High-level CRUD Usage
/**
* Get a token's information
* @param integer Token type
* @param integer User ID
* @return array Token row
*/
function token_get( $p_type, $p_user_id = null ) {
token_purge_expired_once();
$c_type = db_prepare_int( $p_type );
$c_user_id = db_prepare_int( $p_user_id == null ? auth_get_current_user_id() : $p_user_id );
$t_tokens_table = db_get_table( 'mantis_tokens_table' );
$t_query = "SELECT * FROM $t_tokens_table
WHERE type=" . db_param() . " AND owner=" . db_param();
$t_result = db_query_bound( $t_query, Array( $c_type, $c_user_id ) );
if( db_num_rows( $t_result ) > 0 ) {
return db_fetch_array( $t_result );
}
return null;
}
/**
* Get a token's value or null if not found
* @param integer Token type
* @param integer User ID (null for current user)
* @return array Token row
*/
function token_get_value( $p_type, $p_user_id = null ) {
$t_token = token_get( $p_type, $p_user_id );
if( null !== $t_token ) {
return $t_token['value'];
}
return null;
}
/**
* Create or update a token's value and expiration
* @param integer Token type
* @param string Token value
* @param integer Token expiration in seconds
* @param integer User ID
* @return integer Token ID
*/
function token_set( $p_type, $p_value, $p_expiry = TOKEN_EXPIRY, $p_user_id = null ) {
$t_token = token_get( $p_type, $p_user_id );
if( $t_token === null ) {
return token_create( $p_type, $p_value, $p_expiry, $p_user_id );
}
token_update( $t_token['id'], $p_value, $p_expiry );
return $t_token['id'];
}
/**
* Touch a token to update its expiration time.
* @param integer Token ID
* @param integer Token expiration in seconds
* @return always true
*/
function token_touch( $p_token_id, $p_expiry = TOKEN_EXPIRY ) {
token_ensure_exists( $p_token_id );
$c_token_id = db_prepare_int( $p_token_id );
$c_token_expiry = time() + $p_expiry;
$t_tokens_table = db_get_table( 'mantis_tokens_table' );
$t_query = "UPDATE $t_tokens_table
SET expiry=" . db_param() . "
WHERE id=" . db_param();
db_query_bound( $t_query, Array( $c_token_expiry, $c_token_id ) );
return true;
}
/**
* Delete a token.
* @param integer Token type
* @param integer User ID or null for current logged in user.
* @return always true
*/
function token_delete( $p_type, $p_user_id = null ) {
$c_type = db_prepare_int( $p_type );
$c_user_id = db_prepare_int( $p_user_id == null ? auth_get_current_user_id() : $p_user_id );
$t_tokens_table = db_get_table( 'mantis_tokens_table' );
$t_query = "DELETE FROM $t_tokens_table
WHERE type=" . db_param() . " AND owner=" . db_param();
db_query_bound( $t_query, Array( $c_type, $c_user_id ) );
return true;
}
/**
* Delete all tokens owned by a specified user.
* @param integer User ID or null for current logged in user.
* @return always true
*/
function token_delete_by_owner( $p_user_id = null ) {
if( $p_user_id == null ) {
$c_user_id = auth_get_current_user_id();
} else {
$c_user_id = db_prepare_int( $p_user_id );
}
$t_tokens_table = db_get_table( 'mantis_tokens_table' );
# Remove
$t_query = "DELETE FROM $t_tokens_table
WHERE owner=" . db_param();
db_query_bound( $t_query, Array( $c_user_id ) );
return true;
}
# Low-level CRUD, not for general use
/**
* Create a token.
* @param integer Token type
* @param string Token value
* @param integer Token expiration in seconds
* @param integer User ID
* @return integer Token ID
*/
function token_create( $p_type, $p_value, $p_expiry = TOKEN_EXPIRY, $p_user_id = null ) {
$c_type = db_prepare_int( $p_type );
$c_timestamp = db_now();
$c_expiry = time() + $p_expiry;
$c_user_id = db_prepare_int( $p_user_id == null ? auth_get_current_user_id() : $p_user_id );
$t_tokens_table = db_get_table( 'mantis_tokens_table' );
$t_query = "INSERT INTO $t_tokens_table
( type, value, timestamp, expiry, owner )
VALUES ( " . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ', ' . db_param() . ' )';
db_query_bound( $t_query, Array( $c_type, (string)$p_value, $c_timestamp, $c_expiry, $c_user_id ) );
return db_insert_id( $t_tokens_table );
}
/**
* Update a token
* @param integer Token ID
* @param string Token value
* @param integer Token expiration in seconds
* @return always true.
*/
function token_update( $p_token_id, $p_value, $p_expiry = TOKEN_EXPIRY ) {
token_ensure_exists( $p_token_id );
$c_token_id = db_prepare_int( $p_token_id );
$c_expiry = time() + $p_expiry;
$t_tokens_table = db_get_table( 'mantis_tokens_table' );
$t_query = "UPDATE $t_tokens_table
SET value=" . db_param() . ", expiry=" . db_param() . "
WHERE id=" . db_param();
db_query_bound( $t_query, Array( (string)$p_value, $c_expiry, $c_token_id ) );
return true;
}
/**
* Delete all tokens of a specified type.
* @param integer Token Type
* @return always true.
*/
function token_delete_by_type( $p_token_type ) {
$c_token_type = db_prepare_int( $p_token_type );
$t_tokens_table = db_get_table( 'mantis_tokens_table' );
# Remove
$t_query = "DELETE FROM $t_tokens_table
WHERE type=" . db_param();
db_query_bound( $t_query, Array( $c_token_type ) );
return true;
}
/**
* Purge all expired tokens.
* @param integer Token type
* @return always true.
*/
function token_purge_expired( $p_token_type = null ) {
global $g_tokens_purged;
$t_tokens_table = db_get_table( 'mantis_tokens_table' );
$t_query = "DELETE FROM $t_tokens_table WHERE " . db_param() . " > expiry";
if( !is_null( $p_token_type ) ) {
$c_token_type = db_prepare_int( $p_token_type );
$t_query .= " AND type=" . db_param();
db_query_bound( $t_query, Array( db_now(), $c_token_type ) );
} else {
db_query_bound( $t_query, Array( db_now() ) );
}
$g_tokens_purged = true;
return true;
}
/**
* Purge all expired tokens only once per session.
*/
function token_purge_expired_once() {
global $g_tokens_purged;
if( !$g_tokens_purged ) {
token_purge_expired();
}
}
Jump to Line
Something went wrong with that request. Please try again.