Please test - commiting changes for use with register_globals off

This commit is contained in:
Miles Lott 2001-09-25 14:52:10 +00:00
parent 87cd2a48dd
commit 0200b57c48
3 changed files with 37 additions and 49 deletions

View File

@ -30,9 +30,7 @@
function authenticate($username, $passwd) function authenticate($username, $passwd)
{ {
global $phpgw_info, $phpgw, $PHP_AUTH_USER; if (isset($GLOBALS['PHP_AUTH_USER']))
if (isset($PHP_AUTH_USER))
{ {
return True; return True;
} }
@ -44,20 +42,17 @@
function change_password($old_passwd, $new_passwd) function change_password($old_passwd, $new_passwd)
{ {
global $phpgw_info, $phpgw;
return False; return False;
} }
// Since there account data will still be stored in SQL, this should be safe to do. (jengo) // Since there account data will still be stored in SQL, this should be safe to do. (jengo)
function update_lastlogin($account_id, $ip) function update_lastlogin($account_id, $ip)
{ {
global $phpgw; $GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$account_id'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->next_record();
$this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin');
$phpgw->db->query("select account_lastlogin from phpgw_accounts where account_id='$account_id'",__LINE__,__FILE__); $GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='"
$phpgw->db->next_record();
$this->previous_login = $phpgw->db->f('account_lastlogin');
$phpgw->db->query("update phpgw_accounts set account_lastloginfrom='"
. "$ip', account_lastlogin='" . time() . "$ip', account_lastlogin='" . time()
. "' where account_id='$account_id'",__LINE__,__FILE__); . "' where account_id='$account_id'",__LINE__,__FILE__);
} }

View File

@ -29,60 +29,60 @@
function authenticate($username, $passwd) function authenticate($username, $passwd)
{ {
global $phpgw_info, $phpgw;
error_reporting(error_reporting() - 2); error_reporting(error_reporting() - 2);
if ($phpgw_info['server']['mail_login_type'] == 'vmailmgr') if ($GLOBALS['phpgw_info']['server']['mail_login_type'] == 'vmailmgr')
{ {
$username = $username . '@' . $phpgw_info['server']['mail_suffix']; $username = $username . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix'];
} }
if ($phpgw_info['server']['mail_server_type']=='imap') if ($GLOBALS['phpgw_info']['server']['mail_server_type']=='imap')
{ {
$phpgw_info['server']['mail_port'] = '143'; $GLOBALS['phpgw_info']['server']['mail_port'] = '143';
} }
elseif ($phpgw_info['server']['mail_server_type']=='pop3') elseif ($GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3')
{ {
$phpgw_info['server']['mail_port'] = '110'; $GLOBALS['phpgw_info']['server']['mail_port'] = '110';
} }
if( $phpgw_info['server']['mail_server_type']=='pop3') if( $GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3')
{ {
$mailauth = imap_open('{'.$phpgw_info['server']['mail_server'].'/pop3' $mailauth = imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server'].'/pop3'
.':'.$phpgw_info['server']['mail_port'].'}INBOX', $username , $passwd); .':'.$GLOBALS['phpgw_info']['server']['mail_port'].'}INBOX', $username , $passwd);
} }
else else
{ //assume imap {
$mailauth = imap_open('{'.$phpgw_info['server']['mail_server'] /* assume imap */
.':'.$phpgw_info['server']['mail_port'].'}INBOX', $username , $passwd); $mailauth = imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server']
.':'.$GLOBALS['phpgw_info']['server']['mail_port'].'}INBOX', $username , $passwd);
} }
error_reporting(error_reporting() + 2); error_reporting(error_reporting() + 2);
if ($mailauth == False) { if ($mailauth == False)
{
return False; return False;
} else { }
else
{
imap_close($mailauth); imap_close($mailauth);
return True; return True;
} }
} }
function change_password($old_passwd, $new_passwd) { function change_password($old_passwd, $new_passwd)
global $phpgw_info, $phpgw; {
return False; return False;
} }
// Since there account data will still be stored in SQL, this should be safe to do. (jengo) // Since there account data will still be stored in SQL, this should be safe to do. (jengo)
function update_lastlogin($account_id, $ip) function update_lastlogin($account_id, $ip)
{ {
global $phpgw; $GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$account_id'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->next_record();
$this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin');
$phpgw->db->query("select account_lastlogin from phpgw_accounts where account_id='$account_id'",__LINE__,__FILE__); $GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='"
$phpgw->db->next_record();
$this->previous_login = $phpgw->db->f('account_lastlogin');
$phpgw->db->query("update phpgw_accounts set account_lastloginfrom='"
. "$ip', account_lastlogin='" . time() . "$ip', account_lastlogin='" . time()
. "' where account_id='$account_id'",__LINE__,__FILE__); . "' where account_id='$account_id'",__LINE__,__FILE__);
} }
} }
?> ?>

View File

@ -29,9 +29,7 @@
function authenticate($username, $passwd) function authenticate($username, $passwd)
{ {
global $phpgw_info, $phpgw, $HTTP_SERVER_VARS; $db = $GLOBALS['phpgw']->db;
$db = $phpgw->db;
$local_debug = False; $local_debug = False;
@ -43,7 +41,7 @@
# Apache + mod_ssl provide the data in the environment # Apache + mod_ssl provide the data in the environment
# Certificate (chain) verification occurs inside mod_ssl # Certificate (chain) verification occurs inside mod_ssl
# see http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6 # see http://www.modssl.org/docs/2.8/ssl_howto.html#ToC6
if (!isset($HTTP_SERVER_VARS['SSL_CLIENT_S_DN'])) if (!isset($GLOBALS['HTTP_SERVER_VARS']['SSL_CLIENT_S_DN']))
{ {
# if we're not doing SSL authentication, behave like auth_sql # if we're not doing SSL authentication, behave like auth_sql
$db->query("SELECT * FROM phpgw_accounts WHERE account_lid = '$username' AND " $db->query("SELECT * FROM phpgw_accounts WHERE account_lid = '$username' AND "
@ -69,35 +67,30 @@
function change_password($old_passwd, $new_passwd, $account_id = '') function change_password($old_passwd, $new_passwd, $account_id = '')
{ {
global $phpgw_info, $phpgw;
if (! $account_id) if (! $account_id)
{ {
$account_id = $phpgw_info['user']['account_id']; $account_id = $GLOBALS['phpgw_info']['user']['account_id'];
} }
$encrypted_passwd = md5($new_passwd); $encrypted_passwd = md5($new_passwd);
$phpgw->db->query("update phpgw_accounts set account_pwd='" . md5($new_passwd) . "'," $GLOBALS['phpgw']->db->query("update phpgw_accounts set account_pwd='" . md5($new_passwd) . "',"
. "account_lastpwd_change='" . time() . "' where account_id='" . $account_id . "'",__LINE__,__FILE__); . "account_lastpwd_change='" . time() . "' where account_id='" . $account_id . "'",__LINE__,__FILE__);
$phpgw->session->appsession('password','phpgwapi',$new_passwd); $GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd);
return $encrypted_passwd; return $encrypted_passwd;
} }
function update_lastlogin($account_id, $ip) function update_lastlogin($account_id, $ip)
{ {
global $phpgw; $GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$account_id'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->next_record();
$phpgw->db->query("select account_lastlogin from phpgw_accounts where account_id='$account_id'",__LINE__,__FILE__);
$phpgw->db->next_record();
$this->previous_login = $phpgw->db->f('account_lastlogin'); $this->previous_login = $phpgw->db->f('account_lastlogin');
$phpgw->db->query("update phpgw_accounts set account_lastloginfrom='" $GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='"
. "$ip', account_lastlogin='" . time() . "$ip', account_lastlogin='" . time()
. "' where account_id='$account_id'",__LINE__,__FILE__); . "' where account_id='$account_id'",__LINE__,__FILE__);
} }
} }
?> ?>