[geeklog-cvs] Geeklog-1.x/system lib-security.php,1.60,1.61
Dirk Haun
dhaun at qs1489.pair.com
Sun Feb 17 13:31:59 EST 2008
Update of /cvsroot/geeklog/Geeklog-1.x/system
In directory qs1489.pair.com:/tmp/cvs-serv64895/system
Modified Files:
lib-security.php
Log Message:
SEC_authenticate should always return - caller will have to handle errors etc.
Index: lib-security.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/system/lib-security.php,v
retrieving revision 1.60
retrieving revision 1.61
diff -C2 -d -r1.60 -r1.61
*** lib-security.php 9 Dec 2007 18:05:39 -0000 1.60
--- lib-security.php 17 Feb 2008 18:31:56 -0000 1.61
***************
*** 9,13 ****
// | Geeklog security library. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2007 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
--- 9,13 ----
// | Geeklog security library. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2008 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
***************
*** 689,723 ****
function SEC_authenticate($username, $password, &$uid)
{
! global $_TABLES, $LANG01, $_CONF;
! $result = DB_query( "SELECT status, passwd, email, uid FROM {$_TABLES['users']} WHERE username='$username' AND ((remoteservice is null) or (remoteservice = ''))" );
$tmp = DB_error();
! $nrows = DB_numRows( $result );
! if(( $tmp == 0 ) && ( $nrows == 1 ))
! {
! $U = DB_fetchArray( $result );
$uid = $U['uid'];
! if ($U['status'] == USER_ACCOUNT_DISABLED)
! {
! return USER_ACCOUNT_DISABLED; // banned, jump to here to save an md5 calc.
! } elseif ($U['passwd'] != SEC_encryptPassword( $password )) {
return -1; // failed login
} elseif ($U['status'] == USER_ACCOUNT_AWAITING_APPROVAL) {
! //awaiting approval, jump to msg.
! echo COM_refresh($_CONF['site_url'] . '/users.php?msg=70');
! exit;
} elseif ($U['status'] == USER_ACCOUNT_AWAITING_ACTIVATION) {
// Awaiting user activation, activate:
! DB_change($_TABLES['users'],'status',USER_ACCOUNT_ACTIVE,'username',$username);
return USER_ACCOUNT_ACTIVE;
} else {
return $U['status']; // just return their status
}
! }
! else
! {
$tmp = $LANG01[32] . ": '" . $username . "'";
! COM_errorLog( $tmp, 1 );
return -1;
}
--- 689,719 ----
function SEC_authenticate($username, $password, &$uid)
{
! global $_CONF, $_TABLES, $LANG01;
! $result = DB_query("SELECT status, passwd, email, uid FROM {$_TABLES['users']} WHERE username='$username' AND ((remoteservice is null) or (remoteservice = ''))");
$tmp = DB_error();
! $nrows = DB_numRows($result);
! if (($tmp == 0) && ($nrows == 1)) {
! $U = DB_fetchArray($result);
$uid = $U['uid'];
! if ($U['status'] == USER_ACCOUNT_DISABLED) {
! // banned, jump to here to save an md5 calc.
! return USER_ACCOUNT_DISABLED;
! } elseif ($U['passwd'] != SEC_encryptPassword($password)) {
return -1; // failed login
} elseif ($U['status'] == USER_ACCOUNT_AWAITING_APPROVAL) {
! return USER_ACCOUNT_AWAITING_APPROVAL;
} elseif ($U['status'] == USER_ACCOUNT_AWAITING_ACTIVATION) {
// Awaiting user activation, activate:
! DB_change($_TABLES['users'], 'status', USER_ACCOUNT_ACTIVE,
! 'username', $username);
return USER_ACCOUNT_ACTIVE;
} else {
return $U['status']; // just return their status
}
! } else {
$tmp = $LANG01[32] . ": '" . $username . "'";
! COM_errorLog($tmp, 1);
return -1;
}
More information about the geeklog-cvs
mailing list