phpgroupware-cvs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-cvs] api/auth/class.auth_sql.php, 1.1.1.1.2.13


From: nomail
Subject: [Phpgroupware-cvs] api/auth/class.auth_sql.php, 1.1.1.1.2.13
Date: Fri, 9 Jul 2004 16:49:26 +0200

Update of /api/auth
Modified Files:
        Branch: proposal-branch
          class.auth_sql.php

date: 2004/07/09 14:49:26;  author: dcech;  state: Exp;  lines: +30 -23

Log Message:
Improved login checking routines - this still needs better error reporting
Added support for applications returning errors to browser and SOAP interfaces
Added start and error functions to qa class
=====================================================================
Index: api/auth/class.auth_sql.php
diff -u api/auth/class.auth_sql.php:1.1.1.1.2.12 
api/auth/class.auth_sql.php:1.1.1.1.2.13
--- api/auth/class.auth_sql.php:1.1.1.1.2.12    Tue Jul  6 07:20:11 2004
+++ api/auth/class.auth_sql.php Fri Jul  9 14:49:26 2004
@@ -34,33 +34,40 @@
 
                function authenticate($username, $passwd)
                {
-                       $dbresult = $GLOBALS['phpgw']->db->Execute("
-                                       SELECT
-                                               account_id,
-                                               account_pwd
-                                       FROM
-                                               phpgw_accounts
-                                       WHERE
-                                               account_lid='" . $username . "'
-                                       AND
-                                               account_status='A'
-                                       AND
-                                               account_expires > now()
-                       ");
-
-                       
ereg('\{(.*)\}(.*)',$dbresult->fields['account_pwd'],$v);
-                       $type     = $v[1];
-                       $h_passwd = ($v[2] ? $v[2] : 
$dbresult->fields['account_pwd']);
+                       $sql = 'SELECT account_id,account_pwd'
+                                . ' FROM phpgw_accounts'
+                                . ' WHERE account_lid=' . 
$GLOBALS['phpgw']->db->qstr($username)
+                                . ' AND account_status=\'A\''
+                                . ' AND account_expires > now()';
+                       if (!is_object($rs = 
$GLOBALS['phpgw']->db->Execute($sql)))
+                       {
+                               return false;
+                       }
+                       
+                       if ($rs->EOF)
+                       {
+                               trigger_error('User not found');
+                               return FALSE;
+                       }
 
-                       if ($this->_verify_password($passwd,$h_passwd,$type))
+                       if 
(preg_match('/\{(.+)\}(.+)/',$rs->fields['account_pwd'],$v))
                        {
-                               $this->previous_login = 
$dbresult->fields['account_lastlogin'];
-                               return true;
+                               $type           = $v[1];
+                               $h_passwd       = $v[2];
                        }
                        else
                        {
+                               $type           = NULL;
+                               $h_passwd       = $rs->fields['account_pwd'];
+                       }
+
+                       if (!$this->_verify_password($passwd,$h_passwd,$type))
+                       {
                                return false;
                        }
+                       
+                       $this->previous_login = 
$rs->fields['account_lastlogin'];
+                       return true;
                }
 
                // FIXME: This should check the current password before 
allowing a password change for current user
@@ -69,11 +76,11 @@
                {
                        $args = new safe_args();
                        $args->set('new_passwd',REQUIRED,'string');
-                       $args->set('current_passwd',NOVAR,'string');
+                       $args->set('current_passwd',NOTSET,'string');
                        
$args->set('account_id',$GLOBALS['phpgw_data']['user']['id'],'integer');
                        $args = $args->get(func_get_args());
 
-                       if ((! strlen($args['current_password']) || 
$args['account_id'] != $GLOBALS['phpgw_data']['user']['id']) && ! 
$GLOBALS['phpgw']->acl->check('api.account_mgr.edit'))
+                       if ((!strlen($args['current_password']) || 
$args['account_id'] != $GLOBALS['phpgw_data']['user']['id']) && ! 
$GLOBALS['phpgw']->acl->check('api.account_mgr.edit'))
                        {
                                return false;
                        }




reply via email to

[Prev in Thread] Current Thread [Next in Thread]