X-Git-Url: http://p2p-next.cs.pub.ro/gitweb/?a=blobdiff_plain;f=application%2Flibraries%2FAuth%2FOpenID%2FSQLiteStore.php;fp=application%2Flibraries%2FAuth%2FOpenID%2FSQLiteStore.php;h=4558fa1c33b1931b6cfa9d6978537c5ac40a6091;hb=0bf49c6270a4166999d6e4c9bcff3f416e2f7eb6;hp=0000000000000000000000000000000000000000;hpb=69c30ca56fdc6a4eff236902040cc04ec6eaccf2;p=living-lab-site.git diff --git a/application/libraries/Auth/OpenID/SQLiteStore.php b/application/libraries/Auth/OpenID/SQLiteStore.php new file mode 100644 index 0000000..4558fa1 --- /dev/null +++ b/application/libraries/Auth/OpenID/SQLiteStore.php @@ -0,0 +1,70 @@ +sql['nonce_table'] = + "CREATE TABLE %s (server_url VARCHAR(2047), timestamp INTEGER, ". + "salt CHAR(40), UNIQUE (server_url, timestamp, salt))"; + + $this->sql['assoc_table'] = + "CREATE TABLE %s (server_url VARCHAR(2047), handle VARCHAR(255), ". + "secret BLOB(128), issued INTEGER, lifetime INTEGER, ". + "assoc_type VARCHAR(64), PRIMARY KEY (server_url, handle))"; + + $this->sql['set_assoc'] = + "INSERT OR REPLACE INTO %s VALUES (?, ?, ?, ?, ?, ?)"; + + $this->sql['get_assocs'] = + "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ". + "WHERE server_url = ?"; + + $this->sql['get_assoc'] = + "SELECT handle, secret, issued, lifetime, assoc_type FROM %s ". + "WHERE server_url = ? AND handle = ?"; + + $this->sql['remove_assoc'] = + "DELETE FROM %s WHERE server_url = ? AND handle = ?"; + + $this->sql['add_nonce'] = + "INSERT INTO %s (server_url, timestamp, salt) VALUES (?, ?, ?)"; + + $this->sql['clean_nonce'] = + "DELETE FROM %s WHERE timestamp < ?"; + + $this->sql['clean_assoc'] = + "DELETE FROM %s WHERE issued + lifetime < ?"; + } + + /** + * @access private + */ + function _add_nonce($server_url, $timestamp, $salt) + { + // PECL SQLite extensions 1.0.3 and older (1.0.3 is the + // current release at the time of this writing) have a broken + // sqlite_escape_string function that breaks when passed the + // empty string. Prefixing all strings with one character + // keeps them unique and avoids this bug. The nonce table is + // write-only, so we don't have to worry about updating other + // functions with this same bad hack. + return parent::_add_nonce('x' . $server_url, $timestamp, $salt); + } +} +