<?php/*** Web based SQLite management* Class for manage user authentification* @package SQLiteManager* @author Fr茅d茅ric HENNINOT* @version $Id*/class SQliteAuth {		/**	* user identification	*	* @access private	* @var integer	*/	var $user;		/**	* user information	*	*/	var $userInformation;		/**	* Class constructor	*	* @access public	*/	function SQLiteAuth(){		if($GLOBALS['action'] == 'logout') {			$_SESSION['SQLiteManagerConnected'] = false;			unset($_SESSION['SQLiteManagerUserId']);			$_SESSION['oldUser'] = $_SERVER['PHP_AUTH_USER'];			session_write_close();			echo "<script type=\"text/javascript\">parent.location='index.php';</script>";			exit;		}		if(!isset($_SESSION['SQLiteManagerConnected']) || !$_SESSION['SQLiteManagerConnected']){			if((isset($_SESSION['oldUser']) && ($_SESSION['oldUser'] == $_SERVER['PHP_AUTH_USER'])) || !isset($_SERVER['PHP_AUTH_USER'])) {				unset($_SESSION['oldUser']);				$this->authenticate();			} else {				$this->checkExistTable();							$this->userInformation = $this->getAuthParam();				$this->user = $_SESSION['SQLiteManagerUserId'] = $this->userInformation['user_id'];				$_SESSION['SQLiteManagerConnected'] = true;			}		} else {			$this->userInformation = $this->getAuthParam();			$this->user = $_SESSION['SQLiteManagerUserId'] = $this->userInformation['user_id'];		}					}			/**	* get user connected information	*	* @access public	*/	function getAuthParam(){		if(isset($_SERVER['PHP_AUTH_USER'])) $login = $_SERVER['PHP_AUTH_USER'];		else $login = '';		if(isset($_SERVER['PHP_AUTH_PW'])) $passwd = $_SERVER['PHP_AUTH_PW'];		else $passwd = '';		$query = '	SELECT user_id, user_name, user_passwd, del, empty, export, data, execSQL, properties, groupe_name, groupe_id					FROM users , groupes					WHERE user_groupe_id = groupe_id						AND user_login='.quotes($login);		$infoUser = $GLOBALS["db"]->array_query($query);		if(empty($infoUser)) {			$_SESSION['SQLiteManagerConnected'] = false;			unset($_SESSION['SQLiteManagerUserId']);			$_SESSION['oldUser'] = $_SERVER['PHP_AUTH_USER'];			displayError($GLOBALS['traduct']->get(148));			exit;		} else {			$passwdOk = false;			if(count($infoUser)>1) {				foreach($infoUser as $infoNum=>$infoOneUser){					if($infoOneUser['user_passwd'] == md5($passwd)){						$numUser = $infoNum;						$passwdOk = true;					}				}			} elseif($infoUser[0]['user_passwd'] == md5($passwd)) $passwdOk = true;			if(!$passwdOk) {				$_SESSION['oldUser'] = $_SERVER['PHP_AUTH_USER'];				displayError($GLOBALS['traduct']->get(149));				exit;							}		}		if(!isset($numUser)) $numUser = 0;		return $infoUser[$numUser];	}		/**	* Send HTTP authentification FORM	*	* @access public	*/	function authenticate(){		header('WWW-Authenticate: Basic realm="SQLiteManager"');    	header('HTTP/1.0 401 Unauthorized');		displayError($GLOBALS['traduct']->get(147));		exit;		}		/**	* upgrade config database if not exist table 'users' and 'groupes'	*	* @access private	*/	function checkExistTable(){		$existTables = $GLOBALS['db']->array_query("SELECT name FROM sqlite_master WHERE type='table' AND (name='users' OR name='groupes');", SQLITE_ASSOC);		if(empty($existTables) || (count($existTables)!=2)) {			// create table for attachment management			$query[] = "CREATE TABLE users ( user_id INTEGER PRIMARY KEY, user_groupe_id INTEGER, user_name VARCHAR(50), user_login VARCHAR(50) , user_passwd VARCHAR(32) );";			$query[] = "INSERT INTO users VALUES ('1', '1', 'admin', 'admin', '21232f297a57a5a743894a0e4a801fc3');";			$query[] = "INSERT INTO users VALUES ('2', '2', 'data', 'data', '8d777f385d3dfec8815d20f7496026dc');";			$query[] = "INSERT INTO users VALUES ('3', '3', 'guest', 'guest', '084e0343a0486ff05530df6c705c8bb4');";			$query[] = "CREATE TABLE groupes ( groupe_id INTEGER PRIMARY KEY, groupe_name VARCHAR(50), properties TINYINT , execSQL TINYINT , data TINYINT , export TINYINT , empty TINYINT , del TINYINT );";			$query[] = "INSERT INTO groupes VALUES ('1', 'Admin', '1', '1', '1', '1', '1', '1');";			$query[] = "INSERT INTO groupes VALUES ('2', 'datamanager', '0', '0', '1', '1', '0', '0');";			$query[] = "INSERT INTO groupes VALUES ('3', 'user', '0', '0', '0', '0', '0', '0');";			foreach($query as $req) $GLOBALS["db"]->query($req);		}		return;	}		/**	* get groupe_id	*	* @access public	*/	function getGroupeId(){		if(is_array($this->userInformation) && !empty($this->userInformation))			return $this->userInformation['groupe_id'];	}		/**	* return true if 'Admin'	*	* @access public	*/	function isAdmin(){		if(is_array($this->userInformation) && !empty($this->userInformation)) {			if($this->userInformation['groupe_id']==1) return true;			else return false;		}	}		/**	* Return acces controle for module	*	* @access public	* @param string $module module name	*/	function getAccess($module){		if(is_array($this->userInformation) && !empty($this->userInformation))			if(isset($this->userInformation[$module])) return $this->userInformation[$module];			else return false;	}	/**	* Manage Groupe and user	*	* @access public	*/	function manageAuth(){		if(!isset($GLOBALS['auth_action'])) $GLOBALS['auth_action'] = '';		echo '<h2>'.$GLOBALS['traduct']->get(190).'</h2>';		switch($GLOBALS['auth_action']){			case '':			default:			case 'passwdUser':				$this->viewPrivileges();				break;			case 'modifyUser':			case 'addUser':				$this->viewPrivileges(true);				break;			case 'deleteUser':				if($_REQUEST['user']!=1) $GLOBALS['db']->query('DELETE FROM users WHERE user_id='.$_REQUEST['user']);				$this->viewPrivileges();				break;			case 'savePasswd':				break;			case 'modifyGroupe':			case 'addGroupe':				$this->viewPrivileges(false, true);				break;			case 'deleteGroupe':				if($_REQUEST['groupe']!=1) $GLOBALS['db']->query('DELETE FROM groupes WHERE groupe_id='.$_REQUEST['groupe']);				$this->viewPrivileges();				break;			case 'saveUser';				if(!empty($_POST['name']) && !empty($_POST['login']) && !empty($_POST['groupe_id'])){					if(isset($_REQUEST['user']) && !empty($_REQUEST['user'])){						$query = 'UPDATE users SET user_groupe_id='.$_POST['groupe_id'].', user_name='.quotes($_POST['name']).', user_login='.quotes($_POST['login']).' WHERE user_id='.$_POST['user'];					} else {						$query = 'INSERT INTO users (user_name, user_login, user_groupe_id, user_passwd) VALUES ('.quotes($_POST['name']).', '.quotes($_POST['login']).', '.$_POST["groupe_id"].', '.quotes(md5('')).');';					}					if(!empty($query)) $GLOBALS['db']->query($query);				}				$this->viewPrivileges();				break;			case 'saveGroupe':				if(!empty($_POST['groupe_name'])){					if(isset($_REQUEST['groupe']) && !empty($_REQUEST['groupe'])){						$query = '	UPDATE groupes ' .								'	SET 	groupe_name='.quotes($_POST['groupe_name']).',' .								' 			properties='.$_POST['properties'].', ' .								'			execSQL='.$_POST['execSQL'].', ' .								'			data='.$_POST['data'].', ' .								'			export='.$_POST['export'].', ' .								'			empty='.$_POST['empty'].', ' .