From 137e472433e96e69c9c144bfb8d6a56660c195f2 Mon Sep 17 00:00:00 2001 From: Miles Lott Date: Sat, 27 Aug 2005 12:19:35 +0000 Subject: [PATCH] Use correct quoting when querying/setting account_id; minor formatting --- phpgwapi/inc/class.auth.inc.php | 6 +- phpgwapi/inc/class.auth_ads.inc.php | 14 ++--- phpgwapi/inc/class.auth_http.inc.php | 14 ++--- phpgwapi/inc/class.auth_ldap.inc.php | 84 +++++++++++++------------- phpgwapi/inc/class.auth_mail.inc.php | 74 +++++++++++------------ phpgwapi/inc/class.auth_nis.inc.php | 30 ++++----- phpgwapi/inc/class.auth_pam.inc.php | 10 +-- phpgwapi/inc/class.auth_sql.inc.php | 13 ++-- phpgwapi/inc/class.auth_sqlssl.inc.php | 26 ++++---- 9 files changed, 136 insertions(+), 135 deletions(-) diff --git a/phpgwapi/inc/class.auth.inc.php b/phpgwapi/inc/class.auth.inc.php index 19913d7c4c..f19d503d20 100644 --- a/phpgwapi/inc/class.auth.inc.php +++ b/phpgwapi/inc/class.auth.inc.php @@ -26,7 +26,7 @@ { $GLOBALS['egw_info']['server']['auth_type'] = 'sql'; } - include(PHPGW_API_INC.'/class.auth_'.$GLOBALS['egw_info']['server']['auth_type'].'.inc.php'); + include(EGW_API_INC.'/class.auth_'.$GLOBALS['egw_info']['server']['auth_type'].'.inc.php'); class auth extends auth_ { @@ -50,7 +50,7 @@ if(!$this->seeded && phpversion() < '4.2.0') { - list($usec, $sec) = explode(' ', microtime()); + list($usec, $sec) = explode(' ', microtime()); mt_srand((float)$sec + ((float)$usec * 100000)); $this->seeded = True; } @@ -354,8 +354,6 @@ return True; } return False; - } - } ?> diff --git a/phpgwapi/inc/class.auth_ads.inc.php b/phpgwapi/inc/class.auth_ads.inc.php index 5531a9d991..5b9a02277b 100644 --- a/phpgwapi/inc/class.auth_ads.inc.php +++ b/phpgwapi/inc/class.auth_ads.inc.php @@ -6,9 +6,9 @@ * Authentication based on LDAP Server * * Copyright (C) 2000, 2001 Joseph Engo * * Copyright (C) 2002, 2003 Lars Kneschke * - * -------------------------------------------------------------------------* + * ------------------------------------------------------------------------ * * This library is part of the eGroupWare API * - * http://www.egroupware.org/api * + * http://www.egroupware.org/api * * ------------------------------------------------------------------------ * * This library is free software; you can redistribute it and/or modify it * * under the terms of the GNU Lesser General Public License as published by * @@ -24,7 +24,7 @@ \**************************************************************************/ /* $Id$ */ - + class auth_ { var $previous_login = -1; @@ -49,7 +49,7 @@ ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0); /* Login with the LDAP Admin. User to find the User DN. */ - if(!@ldap_bind($ldap,$username.'@'.$GLOBALS['egw_info']['server']['ads_domain'],$passwd)) + if(!@ldap_bind($ldap,$username.'@'.$GLOBALS['egw_info']['server']['ads_domain'],$passwd)) { //echo "

Cant bind with '$username@".$GLOBALS['egw_info']['server']['ads_domain']."' with PW '$passwd' !!!

\n"; return False; @@ -65,7 +65,7 @@ $base_dn[] = 'DC='.$dc; } $base_dn = implode(',',$base_dn); - + //echo "

Trying ldap_search(,$base_dn,$filter,".print_r($attributes,true)."

\n"; $sri = ldap_search($ldap, $base_dn, $filter, $attributes); $allValues = ldap_get_entries($ldap, $sri); @@ -80,7 +80,7 @@ return false; } } - + $account = CreateObject('phpgwapi.accounts',$username,'u'); if ($account->account_id) { @@ -106,7 +106,7 @@ return False; } - function change_password($old_passwd, $new_passwd, $_account_id='') + function change_password($old_passwd, $new_passwd, $_account_id='') { return false; // Cant change passwd in ADS } diff --git a/phpgwapi/inc/class.auth_http.inc.php b/phpgwapi/inc/class.auth_http.inc.php index 0940f1aac7..560d163ad9 100644 --- a/phpgwapi/inc/class.auth_http.inc.php +++ b/phpgwapi/inc/class.auth_http.inc.php @@ -5,9 +5,9 @@ * and Joseph Engo * * Authentication based on HTTP auth * * Copyright (C) 2000, 2001 Dan Kuykendall * - * -------------------------------------------------------------------------* + * ------------------------------------------------------------------------ * * This library is part of the eGroupWare API * - * http://www.egroupware.org/api * + * http://www.egroupware.org/api * * ------------------------------------------------------------------------ * * This library is free software; you can redistribute it and/or modify it * * under the terms of the GNU Lesser General Public License as published by * @@ -48,13 +48,13 @@ // Since there account data will still be stored in SQL, this should be safe to do. (jengo) function update_lastlogin($account_id, $ip) { - $GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$account_id'",__LINE__,__FILE__); - $GLOBALS['phpgw']->db->next_record(); - $this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin'); + $GLOBALS['egw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id=" . (int)$account_id,__LINE__,__FILE__); + $GLOBALS['egw']->db->next_record(); + $this->previous_login = $GLOBALS['egw']->db->f('account_lastlogin'); - $GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='" + $GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='" . "$ip', account_lastlogin='" . time() - . "' where account_id='$account_id'",__LINE__,__FILE__); + . "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__); } } ?> diff --git a/phpgwapi/inc/class.auth_ldap.inc.php b/phpgwapi/inc/class.auth_ldap.inc.php index 7852bb0deb..d0e8a79b42 100644 --- a/phpgwapi/inc/class.auth_ldap.inc.php +++ b/phpgwapi/inc/class.auth_ldap.inc.php @@ -6,9 +6,9 @@ * Authentication based on LDAP Server * * Copyright (C) 2000, 2001 Joseph Engo * * Copyright (C) 2002, 2003 Lars Kneschke * - * -------------------------------------------------------------------------* + * ------------------------------------------------------------------------ * * This library is part of the eGroupWare API * - * http://www.egroupware.org/api * + * http://www.egroupware.org/api * * ------------------------------------------------------------------------ * * This library is free software; you can redistribute it and/or modify it * * under the terms of the GNU Lesser General Public License as published by * @@ -24,7 +24,7 @@ \**************************************************************************/ /* $Id$ */ - + class auth_ { var $previous_login = -1; @@ -36,40 +36,40 @@ return False; } - if(!$ldap = @ldap_connect($GLOBALS['phpgw_info']['server']['ldap_host'])) + if(!$ldap = @ldap_connect($GLOBALS['egw_info']['server']['ldap_host'])) { - $GLOBALS['phpgw']->log->message('F-Abort, Failed connecting to LDAP server for authenication, execution stopped'); - $GLOBALS['phpgw']->log->commit(); + $GLOBALS['egw']->log->message('F-Abort, Failed connecting to LDAP server for authenication, execution stopped'); + $GLOBALS['egw']->log->commit(); return False; } - if($GLOBALS['phpgw_info']['server']['ldap_version3']) + if($GLOBALS['egw_info']['server']['ldap_version3']) { ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); } /* Login with the LDAP Admin. User to find the User DN. */ - if(!@ldap_bind($ldap, $GLOBALS['phpgw_info']['server']['ldap_root_dn'], $GLOBALS['phpgw_info']['server']['ldap_root_pw'])) + if(!@ldap_bind($ldap, $GLOBALS['egw_info']['server']['ldap_root_dn'], $GLOBALS['egw_info']['server']['ldap_root_pw'])) { return False; } /* find the dn for this uid, the uid is not always in the dn */ $attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber'); - - $filter = $GLOBALS['phpgw_info']['server']['ldap_search_filter'] ? $GLOBALS['phpgw_info']['server']['ldap_search_filter'] : '(uid=%user)'; - $filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['phpgw_info']['user']['domain']),$filter); - if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap') + $filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)'; + $filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter); + + if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap') { $filter = "(&$filter(phpgwaccountstatus=A))"; } - $sri = ldap_search($ldap, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter, $attributes); + $sri = ldap_search($ldap, $GLOBALS['egw_info']['server']['ldap_context'], $filter, $attributes); $allValues = ldap_get_entries($ldap, $sri); if ($allValues['count'] > 0) { - if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true) + if($GLOBALS['egw_info']['server']['case_sensitive_username'] == true) { if($allValues[0]['uid'][0] != $username) { @@ -79,7 +79,7 @@ /* we only care about the first dn */ $userDN = $allValues[0]['dn']; /* - generate a bogus password to pass if the user doesn't give us one + generate a bogus password to pass if the user doesn't give us one this gets around systems that are anonymous search enabled */ if (empty($passwd)) @@ -89,10 +89,10 @@ /* try to bind as the user with user suplied password */ if (@ldap_bind($ldap, $userDN, $passwd)) { - if ($GLOBALS['phpgw_info']['server']['account_repository'] != 'ldap') + if ($GLOBALS['egw_info']['server']['account_repository'] != 'ldap') { $account = CreateObject('phpgwapi.accounts',$username,'u'); - if (!$account->account_id && $GLOBALS['phpgw_info']['server']['auto_create_acct']) + if (!$account->account_id && $GLOBALS['egw_info']['server']['auto_create_acct']) { // create a global array with all availible info about that account $GLOBALS['auto_create_acct'] = array(); @@ -105,7 +105,7 @@ ) as $ldap_name => $acct_name) { $GLOBALS['auto_create_acct'][$acct_name] = - $GLOBALS['phpgw']->translation->convert($allValues[0][$ldap_name][0],'utf-8'); + $GLOBALS['egw']->translation->convert($allValues[0][$ldap_name][0],'utf-8'); } return True; } @@ -119,60 +119,60 @@ return False; } - function change_password($old_passwd, $new_passwd, $_account_id='') + function change_password($old_passwd, $new_passwd, $_account_id='') { if ('' == $_account_id) { - $username = $GLOBALS['phpgw_info']['user']['account_lid']; + $username = $GLOBALS['egw_info']['user']['account_lid']; } else { - $username = $GLOBALS['phpgw']->accounts->id2name($_account_id); + $username = $GLOBALS['egw']->accounts->id2name($_account_id); } - $filter = $GLOBALS['phpgw_info']['server']['ldap_search_filter'] ? $GLOBALS['phpgw_info']['server']['ldap_search_filter'] : '(uid=%user)'; - $filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['phpgw_info']['user']['domain']),$filter); + $filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)'; + $filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter); - $ds = $GLOBALS['phpgw']->common->ldapConnect(); - $sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter); + $ds = $GLOBALS['egw']->common->ldapConnect(); + $sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], $filter); $allValues = ldap_get_entries($ds, $sri); - + $entry['userpassword'] = $this->encrypt_password($new_passwd); $dn = $allValues[0]['dn']; - - if (!@ldap_modify($ds, $dn, $entry)) + + if (!@ldap_modify($ds, $dn, $entry)) { return false; } - $GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd); - + $GLOBALS['egw']->session->appsession('password','phpgwapi',$new_passwd); + return $entry['userpassword']; } function update_lastlogin($_account_id, $ip) { - if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap') + if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap') { $entry['phpgwaccountlastlogin'] = time(); $entry['phpgwaccountlastloginfrom'] = $ip; - - $ds = $GLOBALS['phpgw']->common->ldapConnect(); - $sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], 'uidnumber=' . (int)$_account_id); + + $ds = $GLOBALS['egw']->common->ldapConnect(); + $sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], 'uidnumber=' . (int)$_account_id); $allValues = ldap_get_entries($ds, $sri); - + $dn = $allValues[0]['dn']; $this->previous_login = $allValues[0]['phpgwaccountlastlogin'][0]; - + @ldap_modify($ds, $dn, $entry); } else { - $GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$_account_id'",__LINE__,__FILE__); - $GLOBALS['phpgw']->db->next_record(); - $this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin'); - - $GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='" + $GLOBALS['egw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id=" . (int)$_account_id,__LINE__,__FILE__); + $GLOBALS['egw']->db->next_record(); + $this->previous_login = $GLOBALS['egw']->db->f('account_lastlogin'); + + $GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='" . "$ip', account_lastlogin='" . time() - . "' where account_id='$_account_id'",__LINE__,__FILE__); + . "' WHERE account_id=" . (int)$_account_id,__LINE__,__FILE__); } } } diff --git a/phpgwapi/inc/class.auth_mail.inc.php b/phpgwapi/inc/class.auth_mail.inc.php index 98f3c9b790..25f27c2f35 100644 --- a/phpgwapi/inc/class.auth_mail.inc.php +++ b/phpgwapi/inc/class.auth_mail.inc.php @@ -4,9 +4,9 @@ * This file written by Dan Kuykendall * * Authentication based on mail server * * Copyright (C) 2000, 2001 Dan Kuykendall * - * -------------------------------------------------------------------------* + * ------------------------------------------------------------------------ * * This library is part of the eGroupWare API * - * http://www.egroupware.org/api * + * http://www.egroupware.org/api * * ------------------------------------------------------------------------ * * This library is free software; you can redistribute it and/or modify it * * under the terms of the GNU Lesser General Public License as published by * @@ -31,49 +31,49 @@ { error_reporting(error_reporting() - 2); - if ($GLOBALS['phpgw_info']['server']['mail_login_type'] == 'vmailmgr') + if ($GLOBALS['egw_info']['server']['mail_login_type'] == 'vmailmgr') { - $username = $username . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix']; + $username = $username . '@' . $GLOBALS['egw_info']['server']['mail_suffix']; } - if ($GLOBALS['phpgw_info']['server']['mail_server_type']=='imap') + if ($GLOBALS['egw_info']['server']['mail_server_type']=='imap') { - $GLOBALS['phpgw_info']['server']['mail_port'] = '143'; + $GLOBALS['egw_info']['server']['mail_port'] = '143'; } - elseif ($GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3') + elseif ($GLOBALS['egw_info']['server']['mail_server_type']=='pop3') { - $GLOBALS['phpgw_info']['server']['mail_port'] = '110'; + $GLOBALS['egw_info']['server']['mail_port'] = '110'; + } + elseif ($GLOBALS['egw_info']['server']['mail_server_type']=='imaps') + { + $GLOBALS['egw_info']['server']['mail_port'] = '993'; + } + elseif ($GLOBALS['egw_info']['server']['mail_server_type']=='pop3s') + { + $GLOBALS['egw_info']['server']['mail_port'] = '995'; } - elseif ($GLOBALS['phpgw_info']['server']['mail_server_type']=='imaps') - { - $GLOBALS['phpgw_info']['server']['mail_port'] = '993'; - } - elseif ($GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3s') - { - $GLOBALS['phpgw_info']['server']['mail_port'] = '995'; - } - if( $GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3') + if( $GLOBALS['egw_info']['server']['mail_server_type']=='pop3') { - $mailauth = imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server'].'/pop3' - .':'.$GLOBALS['phpgw_info']['server']['mail_port'].'}INBOX', $username , $passwd); + $mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server'].'/pop3' + .':'.$GLOBALS['egw_info']['server']['mail_port'].'}INBOX', $username , $passwd); } - elseif ( $GLOBALS['phpgw_info']['server']['mail_server_type']=='imaps' ) - { - // IMAPS support: - $mailauth = imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server']."/ssl/novalidate-cert" - .':993}INBOX', $username , $passwd); - } - elseif ( $GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3s' ) - { - // POP3S support: - $mailauth = imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server']."/ssl/novalidate-cert" - .':995}INBOX', $username , $passwd); + elseif ( $GLOBALS['egw_info']['server']['mail_server_type']=='imaps' ) + { + // IMAPS support: + $mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server']."/ssl/novalidate-cert" + .':993}INBOX', $username , $passwd); + } + elseif ( $GLOBALS['egw_info']['server']['mail_server_type']=='pop3s' ) + { + // POP3S support: + $mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server']."/ssl/novalidate-cert" + .':995}INBOX', $username , $passwd); } else { /* assume imap */ - $mailauth = imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server'] - .':'.$GLOBALS['phpgw_info']['server']['mail_port'].'}INBOX', $username , $passwd); + $mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server'] + .':'.$GLOBALS['egw_info']['server']['mail_port'].'}INBOX', $username , $passwd); } error_reporting(error_reporting() + 2); @@ -96,13 +96,13 @@ // Since there account data will still be stored in SQL, this should be safe to do. (jengo) function update_lastlogin($account_id, $ip) { - $GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$account_id'",__LINE__,__FILE__); - $GLOBALS['phpgw']->db->next_record(); - $this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin'); + $GLOBALS['egw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id=" . (int)$account_id,__LINE__,__FILE__); + $GLOBALS['egw']->db->next_record(); + $this->previous_login = $GLOBALS['egw']->db->f('account_lastlogin'); - $GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='" + $GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='" . "$ip', account_lastlogin='" . time() - . "' where account_id='$account_id'",__LINE__,__FILE__); + . "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__); } } ?> diff --git a/phpgwapi/inc/class.auth_nis.inc.php b/phpgwapi/inc/class.auth_nis.inc.php index 7f4184efcc..76622b15ef 100644 --- a/phpgwapi/inc/class.auth_nis.inc.php +++ b/phpgwapi/inc/class.auth_nis.inc.php @@ -1,10 +1,10 @@ * * Copyright (C) 2001 Dylan Adams * - * -------------------------------------------------------------------------* + * ------------------------------------------------------------------------ * * This library is part of the eGroupWare API * * http://www.egroupware.org/api * * ------------------------------------------------------------------------ * @@ -28,31 +28,31 @@ function authenticate($username, $passwd) { $domain = yp_get_default_domain(); - if( !empty($GLOBALS['phpgw_info']['server']['nis_domain']) ) + if(!empty($GLOBALS['egw_info']['server']['nis_domain'])) { - $domain = $GLOBALS['phpgw_info']['server']['nis_domain']; + $domain = $GLOBALS['egw_info']['server']['nis_domain']; } $map = "passwd.byname"; - if( !empty($GLOBALS['phpgw_info']['server']['nis_map']) ) + if(!empty($GLOBALS['egw_info']['server']['nis_map'])) { - $map = $GLOBALS['phpgw_info']['server']['nis_map']; + $map = $GLOBALS['egw_info']['server']['nis_map']; } $entry = yp_match( $domain, $map, $username ); - /* - * we assume that the map is structured in the usual - * unix passwd flavor - */ - $entry_array = explode( ':', $entry ); + /* + * we assume that the map is structured in the usual + * unix passwd flavor + */ + $entry_array = explode(':', $entry); $stored_passwd = $entry_array[1]; - $encrypted_passwd = crypt( $passwd, $stored_passwd ); + $encrypted_passwd = crypt($passwd, $stored_passwd); - return( $encrypted_passwd == $stored_passwd ); + return($encrypted_passwd == $stored_passwd); } - function change_password($old_passwd, $new_passwd, $account_id = '') + function change_password($old_passwd, $new_passwd, $account_id='') { // can't change passwords unless server runs as root (bad idea) return( False ); @@ -62,7 +62,7 @@ { $account_id = get_account_id($account_id); - $GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='" + $GLOBALS['egw']->db->query("update phpgw_accounts set account_lastloginfrom='" . "$ip', account_lastlogin='" . time() . "' where account_id='$account_id'",__LINE__,__FILE__); } diff --git a/phpgwapi/inc/class.auth_pam.inc.php b/phpgwapi/inc/class.auth_pam.inc.php index 2cb8082a8e..471144cc7d 100644 --- a/phpgwapi/inc/class.auth_pam.inc.php +++ b/phpgwapi/inc/class.auth_pam.inc.php @@ -1,7 +1,7 @@ db->query('update phpgw_accounts set account_lastloginfrom=' - . $GLOBALS['phpgw']->db->quote($ip).', account_lastlogin=' . time() - . ' where account_id='.(int)$account_id,__LINE__,__FILE__); + + $GLOBALS['egw']->db->query('UPDATE phpgw_accounts SET account_lastloginfrom=' + . $GLOBALS['egw']->db->quote($ip).', account_lastlogin=' . time() + . ' WHERE account_id='.(int)$account_id,__LINE__,__FILE__); } } ?> diff --git a/phpgwapi/inc/class.auth_sql.inc.php b/phpgwapi/inc/class.auth_sql.inc.php index 1714a3cf56..0b7201d534 100644 --- a/phpgwapi/inc/class.auth_sql.inc.php +++ b/phpgwapi/inc/class.auth_sql.inc.php @@ -135,8 +135,8 @@ $account_id = $GLOBALS['egw_info']['user']['account_id']; } - $this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id - . "' AND " // . " account_type='u' AND " + $this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = " . (int)$account_id + . " AND " // . " account_type='u' AND " . " account_status ='A'",__LINE__,__FILE__); $this->db->next_record(); if(!$this->db->f('account_pwd')) return false; @@ -144,7 +144,10 @@ /* Check the old_passwd to make sure this is legal */ if(!$admin) { - if(!$this->compare_password($old_passwd,$this->db->f('account_pwd'),$this->type,strtolower($username))) return false; + if(!$this->compare_password($old_passwd,$this->db->f('account_pwd'),$this->type,strtolower($username))) + { + return false; + } } /* old password ok, or admin called the function from the admin application (no old passwd available).*/ @@ -155,7 +158,7 @@ function _update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin=False,$file='') { /* This should only be called from this file */ - if($file != PHPGW_API_INC . SEP . 'class.auth_sql.inc.php') + if($file != EGW_API_INC . SEP . 'class.auth_sql.inc.php') { return False; } @@ -181,7 +184,7 @@ { $GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='" . "$ip', account_lastlogin='" . time() - . "' WHERE account_id='$account_id'",__LINE__,__FILE__); + . "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__); } } ?> diff --git a/phpgwapi/inc/class.auth_sqlssl.inc.php b/phpgwapi/inc/class.auth_sqlssl.inc.php index d46564d9c9..a708af93cf 100644 --- a/phpgwapi/inc/class.auth_sqlssl.inc.php +++ b/phpgwapi/inc/class.auth_sqlssl.inc.php @@ -4,9 +4,9 @@ * This file written by Andreas 'Count' Kotes * * Authentication based on SQL table and X.509 certificates * * Copyright (C) 2000, 2001 Dan Kuykendall * - * -------------------------------------------------------------------------* + * ------------------------------------------------------------------------ * * This library is part of the eGroupWare API * - * http://www.egroupware.org/api * + * http://www.egroupware.org/api * * ------------------------------------------------------------------------ * * This library is free software; you can redistribute it and/or modify it * * under the terms of the GNU Lesser General Public License as published by * @@ -30,7 +30,7 @@ function auth_() { - copyobj($GLOBALS['phpgw']->db,$this->db); + $this->db = clone($GLOBALS['egw']->db); } function authenticate($username, $passwd) @@ -59,7 +59,7 @@ $this->db->next_record(); } - if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true) + if($GLOBALS['egw_info']['server']['case_sensitive_username'] == true) { if($db->f('account_lid') != $username) { @@ -80,28 +80,28 @@ { if(!$account_id) { - $account_id = $GLOBALS['phpgw_info']['user']['account_id']; + $account_id = $GLOBALS['egw_info']['user']['account_id']; } $encrypted_passwd = md5($new_passwd); - $GLOBALS['phpgw']->db->query("UPDATE phpgw_accounts SET account_pwd='" . md5($new_passwd) . "'," - . "account_lastpwd_change='" . time() . "' WHERE account_id='" . $account_id . "'",__LINE__,__FILE__); + $GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_pwd='" . md5($new_passwd) . "'," + . "account_lastpwd_change='" . time() . "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__); - $GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd); + $GLOBALS['egw']->session->appsession('password','phpgwapi',$new_passwd); return $encrypted_passwd; } function update_lastlogin($account_id, $ip) { - $GLOBALS['phpgw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id='$account_id'",__LINE__,__FILE__); - $GLOBALS['phpgw']->db->next_record(); - $this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin'); + $GLOBALS['egw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id=" . (int)$account_id,__LINE__,__FILE__); + $GLOBALS['egw']->db->next_record(); + $this->previous_login = $GLOBALS['egw']->db->f('account_lastlogin'); - $GLOBALS['phpgw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='" + $GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='" . "$ip', account_lastlogin='" . time() - . "' WHERE account_id='$account_id'",__LINE__,__FILE__); + . "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__); } } ?>