[geeklog-cvs] Geeklog-1.x/system lib-security.php,1.65,1.66
Dirk Haun
dhaun at qs1489.pair.com
Sun Mar 9 05:33:17 EDT 2008
Update of /cvsroot/geeklog/Geeklog-1.x/system
In directory qs1489.pair.com:/tmp/cvs-serv97011/system
Modified Files:
lib-security.php
Log Message:
Soure code cosmetics
Index: lib-security.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/system/lib-security.php,v
retrieving revision 1.65
retrieving revision 1.66
diff -C2 -d -r1.65 -r1.66
*** lib-security.php 29 Feb 2008 08:22:53 -0000 1.65
--- lib-security.php 9 Mar 2008 09:33:15 -0000 1.66
***************
*** 795,812 ****
function SEC_remoteAuthentication(&$loginname, $passwd, $service, &$uid)
{
! global $_TABLES, $_CONF;
/* First try a local cached login */
$remoteusername = addslashes($loginname);
! $result = DB_query("SELECT passwd, status, uid FROM {$_TABLES['users']} WHERE remoteusername='$remoteusername' AND remoteservice='$service'");
$tmp = DB_error();
$nrows = DB_numRows($result);
! if (($tmp == 0) && ($nrows == 1))
! {
$U = DB_fetchArray($result);
$uid = $U['uid'];
$mypass = $U['passwd']; // also used to see if the user existed later.
! if ($mypass == SEC_encryptPassword($passwd))
! {
/* Valid password for cached user, return status */
return $U['status'];
--- 795,811 ----
function SEC_remoteAuthentication(&$loginname, $passwd, $service, &$uid)
{
! global $_CONF, $_TABLES;
/* First try a local cached login */
$remoteusername = addslashes($loginname);
! $remoteservice = addslashes($service);
! $result = DB_query("SELECT passwd, status, uid FROM {$_TABLES['users']} WHERE remoteusername='$remoteusername' AND remoteservice='$remoteservice'");
$tmp = DB_error();
$nrows = DB_numRows($result);
! if (($tmp == 0) && ($nrows == 1)) {
$U = DB_fetchArray($result);
$uid = $U['uid'];
$mypass = $U['passwd']; // also used to see if the user existed later.
! if ($mypass == SEC_encryptPassword($passwd)) {
/* Valid password for cached user, return status */
return $U['status'];
***************
*** 814,855 ****
}
- if (file_exists($_CONF['path_system'].'classes/authentication/'.$service.'.auth.class.php'))
- {
- require_once($_CONF['path_system'].'classes/authentication/'.$service.'.auth.class.php');
$authmodule = new $service();
! if ($authmodule->authenticate($loginname, $passwd))
! {
/* check to see if they have logged in before: */
! if (empty($mypass))
! {
// no such user, create them
! //Check to see if their remoteusername is unique locally
! $checkName = DB_getItem($_TABLES['users'],'username',"username='$remoteusername'");
! if ($checkName != '')
! {
// no, call custom function.
! if (function_exists(custom_uniqueRemoteUsername))
! {
! $loginname = custom_uniqueRemoteUsername($loginname, $service);
}
}
! USER_createAccount($loginname, $authmodule->email, SEC_encryptPassword($passwd), $authmodule->fullname, $authmodule->homepage, $remoteusername, $service);
! $uid = DB_getItem ($_TABLES['users'], 'uid', "remoteusername = '$remoteusername' AND remoteservice='$service'");
// Store full remote account name:
! $service = addslashes($service);
! DB_Query("UPDATE {$_TABLES['users']} SET remoteusername='$remoteusername', remoteservice='$service', status=3 WHERE uid='$uid'");
// Add to remote users:
! $remote_grp = DB_getItem ($_TABLES['groups'], 'grp_id',
! "grp_name='Remote Users'");
! DB_query ("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ($remote_grp, $uid)");
return 3; // Remote auth precludes usersubmission,
// and integrates user activation, see?
} else {
// user existed, update local password:
! DB_Change($_TABLES['users'], 'passwd', SEC_encryptPassword($passwd), array('remoteusername','remoteservice'), array($remoteusername,$service));
// and return their status
! return DB_getItem($_TABLES['users'], 'status', "remoteusername='$remoteusername' AND remoteservice='$service'");
}
} else {
--- 813,852 ----
}
+ $servicefile = $_CONF['path_system'] . 'classes/authentication/' . $service
+ . '.auth.class.php';
+ if (file_exists($servicefile)) {
+ require_once $servicefile;
$authmodule = new $service();
! if ($authmodule->authenticate($loginname, $passwd)) {
/* check to see if they have logged in before: */
! if (empty($mypass)) {
// no such user, create them
! // Check to see if their remoteusername is unique locally
! $checkName = DB_getItem($_TABLES['users'], 'username',
! "username='$remoteusername'");
! if (!empty($checkName)) {
// no, call custom function.
! if (function_exists('CUSTOM_uniqueRemoteUsername')) {
! $loginname = CUSTOM_uniqueRemoteUsername($loginname,
! $service);
}
}
! USER_createAccount($loginname, $authmodule->email, SEC_encryptPassword($passwd), $authmodule->fullname, $authmodule->homepage, $remoteusername, $remoteservice);
! $uid = DB_getItem($_TABLES['users'], 'uid', "remoteusername = '$remoteusername' AND remoteservice='$remoteservice'");
// Store full remote account name:
! DB_query("UPDATE {$_TABLES['users']} SET remoteusername='$remoteusername', remoteservice='$remoteservice', status=3 WHERE uid='$uid'");
// Add to remote users:
! $remote_grp = DB_getItem($_TABLES['groups'], 'grp_id',
! "grp_name='Remote Users'");
! DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id,ug_uid) VALUES ($remote_grp, $uid)");
return 3; // Remote auth precludes usersubmission,
// and integrates user activation, see?
} else {
// user existed, update local password:
! DB_change($_TABLES['users'], 'passwd', SEC_encryptPassword($passwd), array('remoteusername','remoteservice'), array($remoteusername,$remoteservice));
// and return their status
! return DB_getItem($_TABLES['users'], 'status', "remoteusername='$remoteusername' AND remoteservice='$remoteservice'");
}
} else {
More information about the geeklog-cvs
mailing list