Started working on allowing md5 passwords to be sent from login.php

This commit is contained in:
jengo 2001-10-02 05:38:35 +00:00
parent 724d90feb7
commit 1dc787e40d
5 changed files with 44 additions and 34 deletions

View File

@ -151,7 +151,7 @@
{
$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','code=5'));
}
$GLOBALS['sessionid'] = $GLOBALS['phpgw']->session->create($GLOBALS['login'],$GLOBALS['HTTP_POST_VARS']['passwd']);
$GLOBALS['sessionid'] = $GLOBALS['phpgw']->session->create($GLOBALS['HTTP_POST_VARS']['login'],$GLOBALS['HTTP_POST_VARS']['passwd'],$GLOBALS['HTTP_POST_VARS']['passwd_type']);
if (! isset($GLOBALS['sessionid']) || ! $GLOBALS['sessionid'])
{

View File

@ -18,6 +18,9 @@
for new accounts.
- Added global config option to deny users to access grants, usefull for ISPs
- Merged patch for NIS auth - Thanks Dylan Adams <l0n@users.sourceforge.net>
- login.php will now accept md5 passwords, if you not using email and have javascript
enabled on your browser. Clear text passwords won't be sent over the wire. The javascript
portion isn't complete yet, but will be before 0.9.14 is released. (REMOVE ME ONCE COMPLETE)
[0.9.12]
- Note: These changelogs will only contain changes in the API (preferences, admin, etc)

View File

@ -28,12 +28,22 @@
{
var $previous_login = -1;
function authenticate($username, $passwd)
function authenticate($username, $passwd, $passwd_type)
{
$db = $GLOBALS['phpgw']->db;
if ($passwd_type == 'text')
{
$_passwd = md5($passwd);
}
if ($passwd_type == 'md5')
{
$_passwd = $passwd;
}
$db->query("SELECT * FROM phpgw_accounts WHERE account_lid = '$username' AND "
. "account_pwd='" . md5($passwd) . "' AND account_status ='A'",__LINE__,__FILE__);
. "account_pwd='" . $_passwd . "' AND account_status ='A'",__LINE__,__FILE__);
$db->next_record();
if ($db->f('account_lid'))

View File

@ -191,10 +191,12 @@
. "'",__LINE__,__FILE__);
}
function create($login,$passwd)
function create($login,$passwd,$passwd_type)
{
$this->login = $login;
$this->passwd = $passwd;
$this->passwd_type = $passwd_type;
$this->clean_sessions();
$login_array = explode('@', $login);
$this->account_lid = $login_array[0];
@ -214,7 +216,7 @@
return False;
}
if (! $GLOBALS['phpgw']->auth->authenticate($this->account_lid, $passwd))
if (! $GLOBALS['phpgw']->auth->authenticate($this->account_lid, $this->passwd, $this->passwd_type))
{
return False;
exit;

View File

@ -30,11 +30,10 @@
<TD valign="BASELINES">
<FORM method="post" action="{login_url}">
<input type="hidden" name="passwd_type" value="text">
<TABLE border="0" align="CENTER" bgcolor="#486591" width="100%" cellpadding="0" cellspacing="0">
<TR bgcolor="#e6e6e6">
<TD colspan="2" align="CENTER">
{cd}
</TD>
<TD colspan="2" align="CENTER">{cd}</TD>
</TR>
<TR bgcolor="#e6e6e6">
<TD align="RIGHT"><font color="#000000">{lang_username}:&nbsp;</font></TD>
@ -45,14 +44,10 @@
<TD><input name="passwd" type="password"></TD>
</TR>
<TR bgcolor="#e6e6e6">
<TD colspan="2" align="CENTER">
<input type="submit" value="{lang_login}" name="submit">
</TD>
<TD colspan="2" align="CENTER"><input type="submit" value="{lang_login}" name="submit"></TD>
</TR>
<TR bgcolor="#e6e6e6">
<TD colspan="2" align="RIGHT">
<font color="#000000" size="-1">{version}</font>
</TD>
<TD colspan="2" align="RIGHT"><font color="#000000" size="-1">{version}</font></TD>
</TR>
</TABLE>
</FORM>