[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] api/auth/class.auth_sql.php, 1.1.1.1.2.13
From: |
nomail |
Subject: |
[Phpgroupware-cvs] api/auth/class.auth_sql.php, 1.1.1.1.2.13 |
Date: |
Fri, 9 Jul 2004 16:49:26 +0200 |
Update of /api/auth
Modified Files:
Branch: proposal-branch
class.auth_sql.php
date: 2004/07/09 14:49:26; author: dcech; state: Exp; lines: +30 -23
Log Message:
Improved login checking routines - this still needs better error reporting
Added support for applications returning errors to browser and SOAP interfaces
Added start and error functions to qa class
=====================================================================
Index: api/auth/class.auth_sql.php
diff -u api/auth/class.auth_sql.php:1.1.1.1.2.12
api/auth/class.auth_sql.php:1.1.1.1.2.13
--- api/auth/class.auth_sql.php:1.1.1.1.2.12 Tue Jul 6 07:20:11 2004
+++ api/auth/class.auth_sql.php Fri Jul 9 14:49:26 2004
@@ -34,33 +34,40 @@
function authenticate($username, $passwd)
{
- $dbresult = $GLOBALS['phpgw']->db->Execute("
- SELECT
- account_id,
- account_pwd
- FROM
- phpgw_accounts
- WHERE
- account_lid='" . $username . "'
- AND
- account_status='A'
- AND
- account_expires > now()
- ");
-
-
ereg('\{(.*)\}(.*)',$dbresult->fields['account_pwd'],$v);
- $type = $v[1];
- $h_passwd = ($v[2] ? $v[2] :
$dbresult->fields['account_pwd']);
+ $sql = 'SELECT account_id,account_pwd'
+ . ' FROM phpgw_accounts'
+ . ' WHERE account_lid=' .
$GLOBALS['phpgw']->db->qstr($username)
+ . ' AND account_status=\'A\''
+ . ' AND account_expires > now()';
+ if (!is_object($rs =
$GLOBALS['phpgw']->db->Execute($sql)))
+ {
+ return false;
+ }
+
+ if ($rs->EOF)
+ {
+ trigger_error('User not found');
+ return FALSE;
+ }
- if ($this->_verify_password($passwd,$h_passwd,$type))
+ if
(preg_match('/\{(.+)\}(.+)/',$rs->fields['account_pwd'],$v))
{
- $this->previous_login =
$dbresult->fields['account_lastlogin'];
- return true;
+ $type = $v[1];
+ $h_passwd = $v[2];
}
else
{
+ $type = NULL;
+ $h_passwd = $rs->fields['account_pwd'];
+ }
+
+ if (!$this->_verify_password($passwd,$h_passwd,$type))
+ {
return false;
}
+
+ $this->previous_login =
$rs->fields['account_lastlogin'];
+ return true;
}
// FIXME: This should check the current password before
allowing a password change for current user
@@ -69,11 +76,11 @@
{
$args = new safe_args();
$args->set('new_passwd',REQUIRED,'string');
- $args->set('current_passwd',NOVAR,'string');
+ $args->set('current_passwd',NOTSET,'string');
$args->set('account_id',$GLOBALS['phpgw_data']['user']['id'],'integer');
$args = $args->get(func_get_args());
- if ((! strlen($args['current_password']) ||
$args['account_id'] != $GLOBALS['phpgw_data']['user']['id']) && !
$GLOBALS['phpgw']->acl->check('api.account_mgr.edit'))
+ if ((!strlen($args['current_password']) ||
$args['account_id'] != $GLOBALS['phpgw_data']['user']['id']) && !
$GLOBALS['phpgw']->acl->check('api.account_mgr.edit'))
{
return false;
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] api/auth/class.auth_sql.php, 1.1.1.1.2.13,
nomail <=