extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-26 18:03:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

use of global db object and new headers, made all methods of the auth class static

Browse Source
This commit is contained in:
Ralf Becker 2008-03-15 17:27:36 +00:00
parent 78624aa9e9
commit 4f94d5837d
3 changed files with 732 additions and 746 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
phpgwapi/inc/class.auth.inc.php
View File

@ -1,26 +1,15 @@
<?php <?php
/**************************************************************************\ /**
* eGroupWare API - Password auth and crypt functions * * eGroupWare API - Authentication baseclass
* This file written by Miles Lott <milos@groupwhere.org> * *
* Copyright (C) 2004 Miles Lott * * @link http://www.egroupware.org
* Many functions based on code from Frank Thomas <frank@thomas-alfeld.de> * * @author Miles Lott <milos@groupwhere.org>
* which can be seen at http://www.thomas-alfeld.de/frank/ * * @copyright 2004 by Miles Lott <milos@groupwhere.org>
* Other functions from class.common.inc.php originally from phpGroupWare * * @license http://opensource.org/licenses/lgpl-license.php LGPL - GNU Lesser General Public License
* ------------------------------------------------------------------------ * * @package api
* This library is free software; you can redistribute it and/or modify it * * @subpackage authentication
* under the terms of the GNU Lesser General Public License as published by * * @version $Id$
* the Free Software Foundation; either version 2.1 of the License, * */
* or any later version. *
* This library is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
* See the GNU Lesser General Public License for more details. *
* You should have received a copy of the GNU Lesser General Public License *
* along with this library; if not, write to the Free Software Foundation, *
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
\**************************************************************************/
/* $Id$ */
if(empty($GLOBALS['egw_info']['server']['auth_type'])) if(empty($GLOBALS['egw_info']['server']['auth_type']))
{ {
@ -28,17 +17,24 @@
} }
include(EGW_API_INC.'/class.auth_'.$GLOBALS['egw_info']['server']['auth_type'].'.inc.php'); include(EGW_API_INC.'/class.auth_'.$GLOBALS['egw_info']['server']['auth_type'].'.inc.php');
/**
* eGroupWare API - Authentication baseclass, password auth and crypt functions
*
* Many functions based on code from Frank Thomas <frank@thomas-alfeld.de>
* which can be seen at http://www.thomas-alfeld.de/frank/
*
* Other functions from class.common.inc.php originally from phpGroupWare
*/
class auth extends auth_ class auth extends auth_
{ {
var $seeded = False; static $error;
var $error = '';
/** /**
* return a random string of size $size * return a random string of size $size
* *
* @param $size int-size of random string to return * @param $size int-size of random string to return
*/ */
function randomstring($size) static function randomstring($size)
{ {
$s = ''; $s = '';
$random_char = array( $random_char = array(
@ -66,9 +62,9 @@
{ {
if($sql) if($sql)
{ {
return $this->encrypt_sql($password); return self::encrypt_sql($password);
} }
return $this->encrypt_ldap($password); return self::encrypt_ldap($password);
} }
/** /**
@ -81,7 +77,7 @@
* @param $type type of encryption * @param $type type of encryption
* @param $username used as optional key of encryption for md5_hmac * @param $username used as optional key of encryption for md5_hmac
*/ */
function compare_password($cleartext,$encrypted,$type,$username='') static function compare_password($cleartext,$encrypted,$type,$username='')
{ {
// allow to specify the hash type to prefix the hash, to easy migrate passwords from ldap // allow to specify the hash type to prefix the hash, to easy migrate passwords from ldap
$saved_enc = $encrypted; $saved_enc = $encrypted;
@ -113,18 +109,18 @@
} }
return False; return False;
case 'smd5': case 'smd5':
return $this->smd5_compare($cleartext,$encrypted); return self::smd5_compare($cleartext,$encrypted);
case 'sha': case 'sha':
return $this->sha_compare($cleartext,$encrypted); return self::sha_compare($cleartext,$encrypted);
case 'ssha': case 'ssha':
return $this->ssha_compare($cleartext,$encrypted); return self::ssha_compare($cleartext,$encrypted);
case 'crypt': case 'crypt':
case 'md5_crypt': case 'md5_crypt':
case 'blowfish_crypt': case 'blowfish_crypt':
case 'ext_crypt': case 'ext_crypt':
return $this->crypt_compare($cleartext,$encrypted,$type); return self::crypt_compare($cleartext,$encrypted,$type);
case 'md5_hmac': case 'md5_hmac':
return $this->md5_hmac_compare($cleartext,$encrypted,$username); return self::md5_hmac_compare($cleartext,$encrypted,$username);
case 'md5': case 'md5':
default: default:
return strcmp(md5($cleartext),$encrypted) == 0 ? true : false; return strcmp(md5($cleartext),$encrypted) == 0 ? true : false;
@ -138,7 +134,7 @@
* *
* @param $password password to encrypt * @param $password password to encrypt
*/ */
function encrypt_ldap($password) static function encrypt_ldap($password)
{ {
$type = strtolower($GLOBALS['egw_info']['server']['ldap_encryption_type']); $type = strtolower($GLOBALS['egw_info']['server']['ldap_encryption_type']);
$salt = ''; $salt = '';
@ -146,7 +142,7 @@
{ {
default: // eg. setup >> config never saved default: // eg. setup >> config never saved
case 'des': case 'des':
$salt = $this->randomstring(2); $salt = self::randomstring(2);
$_password = crypt($password, $salt); $_password = crypt($password, $salt);
$e_password = '{crypt}'.$_password; $e_password = '{crypt}'.$_password;
break; break;
@ -161,7 +157,7 @@
{ {
return False; return False;
} }
$salt = $this->randomstring(8); $salt = self::randomstring(8);
$hash = mhash(MHASH_MD5, $password . $salt); $hash = mhash(MHASH_MD5, $password . $salt);
$e_password = '{SMD5}' . base64_encode($hash . $salt); $e_password = '{SMD5}' . base64_encode($hash . $salt);
break; break;
@ -177,7 +173,7 @@
{ {
return False; return False;
} }
$salt = $this->randomstring(8); $salt = self::randomstring(8);
$hash = mhash(MHASH_SHA1, $password . $salt); $hash = mhash(MHASH_SHA1, $password . $salt);
$e_password = '{SSHA}' . base64_encode($hash . $salt); $e_password = '{SSHA}' . base64_encode($hash . $salt);
break; break;
@ -194,7 +190,7 @@
* *
* @param string $hash * @param string $hash
*/ */
function hash_sql2ldap($hash) static function hash_sql2ldap($hash)
{ {
switch(strtolower($GLOBALS['egw_info']['server']['sql_encryption_type'])) switch(strtolower($GLOBALS['egw_info']['server']['sql_encryption_type']))
{ {
@ -224,12 +220,13 @@
* @param string $password * @param string $password
* @return string hash * @return string hash
*/ */
function encrypt_sql($password) static function encrypt_sql($password)
{ {
/* Grab configured type, or default to md5() (old method) */ /* Grab configured type, or default to md5() (old method) */
$type = @$GLOBALS['egw_info']['server']['sql_encryption_type'] $type = @$GLOBALS['egw_info']['server']['sql_encryption_type']
? strtolower($GLOBALS['egw_info']['server']['sql_encryption_type']) ? strtolower($GLOBALS['egw_info']['server']['sql_encryption_type'])
: 'md5'; : 'md5';
switch($type) switch($type)
{ {
case 'plain': case 'plain':
@ -238,57 +235,57 @@
case 'crypt': case 'crypt':
if(@defined('CRYPT_STD_DES') && CRYPT_STD_DES == 1) if(@defined('CRYPT_STD_DES') && CRYPT_STD_DES == 1)
{ {
$salt = $this->randomstring(2); $salt = self::randomstring(2);
return crypt($password,$salt); return crypt($password,$salt);
} }
$this->error = 'no std crypt'; self::$error = 'no std crypt';
break; break;
case 'blowfish_crypt': case 'blowfish_crypt':
if(@defined('CRYPT_BLOWFISH') && CRYPT_BLOWFISH == 1) if(@defined('CRYPT_BLOWFISH') && CRYPT_BLOWFISH == 1)
{ {
$salt = '$2$' . $this->randomstring(13); $salt = '$2$' . self::randomstring(13);
return crypt($password,$salt); return crypt($password,$salt);
} }
$this->error = 'no blowfish crypt'; self::$error = 'no blowfish crypt';
break; break;
case 'md5_crypt': case 'md5_crypt':
if(@defined('CRYPT_MD5') && CRYPT_MD5 == 1) if(@defined('CRYPT_MD5') && CRYPT_MD5 == 1)
{ {
$salt = '$1$' . $this->randomstring(9); $salt = '$1$' . self::randomstring(9);
return crypt($password,$salt); return crypt($password,$salt);
} }
$this->error = 'no md5 crypt'; self::$error = 'no md5 crypt';
break; break;
case 'ext_crypt': case 'ext_crypt':
if(@defined('CRYPT_EXT_DES') && CRYPT_EXT_DES == 1) if(@defined('CRYPT_EXT_DES') && CRYPT_EXT_DES == 1)
{ {
$salt = $this->randomstring(9); $salt = self::randomstring(9);
return crypt($password,$salt); return crypt($password,$salt);
} }
$this->error = 'no ext crypt'; self::$error = 'no ext crypt';
break; break;
case 'smd5': case 'smd5':
if(!function_exists('mhash')) if(!function_exists('mhash'))
{ {
return False; return False;
} }
$salt = $this->randomstring(8); $salt = self::randomstring(8);
$hash = mhash(MHASH_MD5, $password . $salt); $hash = mhash(MHASH_MD5, $password . $salt);
return '{SMD5}' . base64_encode($hash . $salt); return '{SMD5}' . base64_encode($hash . $salt);
case 'sha': case 'sha':
if(!function_exists('mhash')) if(!function_exists('mhash'))
{ {
$this->error = 'no sha'; self::$error = 'no sha';
return False; return False;
} }
return '{SHA}' . base64_encode(mhash(MHASH_SHA1,$password)); return '{SHA}' . base64_encode(mhash(MHASH_SHA1,$password));
case 'ssha': case 'ssha':
if(!function_exists('mhash')) if(!function_exists('mhash'))
{ {
$this->error = 'no ssha'; self::$error = 'no ssha';
return False; return False;
} }
$salt = $this->randomstring(8); $salt = self::randomstring(8);
$hash = mhash(MHASH_SHA1, $password . $salt); $hash = mhash(MHASH_SHA1, $password . $salt);
return '{SSHA}' . base64_encode($hash . $salt); return '{SSHA}' . base64_encode($hash . $salt);
case 'md5': case 'md5':
@ -296,7 +293,10 @@
/* This is the old standard for password storage in SQL */ /* This is the old standard for password storage in SQL */
return md5($password); return md5($password);
} }
$this->error = $this->error ? $this->error : 'no valid encryption available'; if (!self::$error)
{
self::$error = 'no valid encryption available';
}
return False; return False;
} }
@ -312,7 +312,7 @@
* @author cornelius weiss <egw at von-und-zu-weiss.de> * @author cornelius weiss <egw at von-und-zu-weiss.de>
* @return mixed false if password is considered "safe" or a string $message if "unsafe" * @return mixed false if password is considered "safe" or a string $message if "unsafe"
*/ */
function crackcheck($passwd) static function crackcheck($passwd)
{ {
if (!preg_match('/.{'. ($noc=7). ',}/',$passwd)) if (!preg_match('/.{'. ($noc=7). ',}/',$passwd))
{ {
@ -344,7 +344,7 @@
* @param string $db_val stored value (from database) * @param string $db_val stored value (from database)
* @return boolean True on successful comparison * @return boolean True on successful comparison
*/ */
function smd5_compare($form_val,$db_val) static function smd5_compare($form_val,$db_val)
{ {
/* Start with the first char after {SMD5} */ /* Start with the first char after {SMD5} */
$hash = base64_decode(substr($db_val,6)); $hash = base64_decode(substr($db_val,6));
@ -370,7 +370,7 @@
* @param string $db_val stored value (from database) * @param string $db_val stored value (from database)
* @return boolean True on successful comparison * @return boolean True on successful comparison
*/ */
function sha_compare($form_val,$db_val) static function sha_compare($form_val,$db_val)
{ {
/* Start with the first char after {SHA} */ /* Start with the first char after {SHA} */
$hash = base64_decode(substr($db_val,5)); $hash = base64_decode(substr($db_val,5));
@ -391,7 +391,7 @@
* @param string $db_val stored value (from database) * @param string $db_val stored value (from database)
* @return boolean True on successful comparison * @return boolean True on successful comparison
*/ */
function ssha_compare($form_val,$db_val) static function ssha_compare($form_val,$db_val)
{ {
/* Start with the first char after {SSHA} */ /* Start with the first char after {SSHA} */
$hash = base64_decode(substr($db_val, 6)); $hash = base64_decode(substr($db_val, 6));
@ -416,7 +416,7 @@
* @param string $type crypt() type * @param string $type crypt() type
* @return boolean True on successful comparison * @return boolean True on successful comparison
*/ */
function crypt_compare($form_val,$db_val,$type) static function crypt_compare($form_val,$db_val,$type)
{ {
$saltlen = array( $saltlen = array(
'blowfish_crypt' => 16, 'blowfish_crypt' => 16,
@ -445,7 +445,7 @@
* @param string $key key for md5_hmac-encryption (username for imported smf users) * @param string $key key for md5_hmac-encryption (username for imported smf users)
* @return boolean True on successful comparison * @return boolean True on successful comparison
*/ */
function md5_hmac_compare($form_val,$db_val,$key) static function md5_hmac_compare($form_val,$db_val,$key)
{ {
$key = str_pad(strlen($key) <= 64 ? $key : pack('H*', md5($key)), 64, chr(0x00)); $key = str_pad(strlen($key) <= 64 ? $key : pack('H*', md5($key)), 64, chr(0x00));
$md5_hmac = md5(($key ^ str_repeat(chr(0x5c), 64)) . pack('H*', md5(($key ^ str_repeat(chr(0x36), 64)). $form_val))); $md5_hmac = md5(($key ^ str_repeat(chr(0x5c), 64)) . pack('H*', md5(($key ^ str_repeat(chr(0x36), 64)). $form_val)));
@ -456,4 +456,3 @@
return False; return False;
} }
} }
?>

45
phpgwapi/inc/class.auth_ldap.inc.php
View File

@ -1,30 +1,21 @@
<?php <?php
/**************************************************************************\ /**
* eGroupWare API - Auth from LDAP * * eGroupWare API - LDAP Authentication
* This file written by Lars Kneschke <lkneschke@linux-at-work.de> * *
* and Joseph Engo <jengo@phpgroupware.org> * * @link http://www.egroupware.org
* Authentication based on LDAP Server * * @author Lars Kneschke <lkneschke@linux-at-work.de>
* Copyright (C) 2000, 2001 Joseph Engo * * @author Joseph Engo <jengo@phpgroupware.org>
* Copyright (C) 2002, 2003 Lars Kneschke * * Copyright (C) 2000, 2001 Joseph Engo
* ------------------------------------------------------------------------ * * Copyright (C) 2002, 2003 Lars Kneschke
* This library is part of the eGroupWare API * * @license http://opensource.org/licenses/lgpl-license.php LGPL - GNU Lesser General Public License
* http://www.egroupware.org/api * * @package api
* ------------------------------------------------------------------------ * * @subpackage authentication
* This library is free software; you can redistribute it and/or modify it * * @version $Id$
* under the terms of the GNU Lesser General Public License as published by * */
* the Free Software Foundation; either version 2.1 of the License, *
* or any later version. *
* This library is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
* See the GNU Lesser General Public License for more details. *
* You should have received a copy of the GNU Lesser General Public License *
* along with this library; if not, write to the Free Software Foundation, *
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
\**************************************************************************/
/* $Id$ */
/**
* Authentication agains a LDAP Server
*/
class auth_ class auth_
{ {
var $previous_login = -1; var $previous_login = -1;
@ -87,7 +78,7 @@
{ {
if ($GLOBALS['egw_info']['server']['account_repository'] != 'ldap') if ($GLOBALS['egw_info']['server']['account_repository'] != 'ldap')
{ {
if (!$account->account_id && $GLOBALS['egw_info']['server']['auto_create_acct']) if ($GLOBALS['egw_info']['server']['auto_create_acct'])
{ {
// create a global array with all availible info about that account // create a global array with all availible info about that account
$GLOBALS['auto_create_acct'] = array(); $GLOBALS['auto_create_acct'] = array();
@ -144,7 +135,7 @@
$sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], $filter); $sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], $filter);
$allValues = ldap_get_entries($ds, $sri); $allValues = ldap_get_entries($ds, $sri);
$entry['userpassword'] = $this->encrypt_password($new_passwd); $entry['userpassword'] = auth::encrypt_password($new_passwd);
$dn = $allValues[0]['dn']; $dn = $allValues[0]['dn'];
if($old_passwd) // if old password given (not called by admin) --> bind as that user to change the pw if($old_passwd) // if old password given (not called by admin) --> bind as that user to change the pw

102
phpgwapi/inc/class.auth_sql.inc.php
View File

@ -1,42 +1,39 @@
<?php <?php
/**************************************************************************\ /**
* eGroupWare API - Auth from SQL * * eGroupWare API - Authentication from SQL
* This file written by Dan Kuykendall <seek3r@phpgroupware.org> * *
* and Joseph Engo <jengo@phpgroupware.org> * * @link http://www.egroupware.org
* Encryption types other than md5() added by * * @author Dan Kuykendall <seek3r@phpgroupware.org>
* Miles Lott <milos@groupwhere.org> based on code from * * @author Joseph Engo <jengo@phpgroupware.org>
* http://www.thomas-alfeld.de/frank/ * * Copyright (C) 2000, 2001 Dan Kuykendall
* massive code cleanup and * * @license http://opensource.org/licenses/lgpl-license.php LGPL - GNU Lesser General Public License
* added password migration by * * @package api
* Cornelius Weiss <egw@von-und-zu-weiss.de * * @subpackage authentication
* Authentication based on SQL table * * @version $Id$
* Copyright (C) 2000, 2001 Dan Kuykendall * */
* ------------------------------------------------------------------------ *
* This library is free software; you can redistribute it and/or modify it *
* under the terms of the GNU Lesser General Public License as published by *
* the Free Software Foundation; either version 2.1 of the License, *
* or any later version. *
* This library is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
* See the GNU Lesser General Public License for more details. *
* You should have received a copy of the GNU Lesser General Public License *
* along with this library; if not, write to the Free Software Foundation, *
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
\**************************************************************************/
/* $Id$ */
/**
* eGroupWare API - Authentication based on SQL table of accounts
*
* Encryption types other than md5() added by Miles Lott <milos@groupwhere.org>
* based on code from http://www.thomas-alfeld.de/frank/
*
* Massive code cleanup and added password migration by Cornelius Weiss <egw@von-und-zu-weiss.de
*/
class auth_ class auth_
{ {
var $db = ''; /**
* Reference to the global db object
*
* @var egw_db
*/
var $db;
var $table = 'egw_accounts';
var $previous_login = -1; var $previous_login = -1;
function auth_() function auth_()
{ {
$this->db = clone($GLOBALS['egw']->db); $this->db = $GLOBALS['egw']->db;
$this->db->set_app('phpgwapi');
$this->table = 'egw_accounts';
$this->type = @$GLOBALS['egw_info']['server']['sql_encryption_type'] ? $this->type = @$GLOBALS['egw_info']['server']['sql_encryption_type'] ?
strtolower($GLOBALS['egw_info']['server']['sql_encryption_type']) : 'md5'; strtolower($GLOBALS['egw_info']['server']['sql_encryption_type']) : 'md5';
@ -55,18 +52,16 @@
/* normal web form login */ /* normal web form login */
if($passwd_type == 'text') if($passwd_type == 'text')
{ {
$this->db->select($this->table,'account_lid,account_pwd,account_lastlogin',array( if (!($row = $this->db->select($this->table,'account_lid,account_pwd,account_lastlogin',array(
'account_lid' => $username, 'account_lid' => $username,
'account_type' => 'u', 'account_type' => 'u',
'account_status' => 'A' 'account_status' => 'A'
),__LINE__,__FILE__); ),__LINE__,__FILE__)->fetch()) || empty($row['account_pwd']) ||
$GLOBALS['egw_info']['server']['case_sensitive_username'] && $row['account_lid'] != $username)
if(!$this->db->next_record() || !$this->db->f('account_pwd') ||
$GLOBALS['egw_info']['server']['case_sensitive_username'] && $this->db->f('account_lid') != $username)
{ {
return false; return false;
} }
if(!$this->compare_password($passwd,$this->db->f('account_pwd'),$this->type,strtolower($username))) if(!auth::compare_password($passwd,$row['account_pwd'],$this->type,strtolower($username)))
{ {
$match = false; $match = false;
// do we have to migrate an old password ? // do we have to migrate an old password ?
@ -74,7 +69,7 @@
{ {
foreach(explode(',', $GLOBALS['egw_info']['server']['pwd_migration_types']) as $type) foreach(explode(',', $GLOBALS['egw_info']['server']['pwd_migration_types']) as $type)
{ {
if($this->compare_password($passwd,$this->db->f('account_pwd'),$type,strtolower($username))) if(auth::compare_password($passwd,$row['account_pwd'],$type,strtolower($username)))
{ {
$account_id = $GLOBALS['egw_info']['user']['account_id']; $account_id = $GLOBALS['egw_info']['user']['account_id'];
$encrypted_passwd = $this->encrypt_sql($passwd); $encrypted_passwd = $this->encrypt_sql($passwd);
@ -84,27 +79,28 @@
} }
} }
} }
if (!$match) return false; if (!$match)
{
return false;
}
} }
} }
/* Auth via crypted password. NOTE: mail needs cleartext password to authenticate against mailserver! */ /* Auth via crypted password. NOTE: mail needs cleartext password to authenticate against mailserver! */
else else
{ {
$this->db->select($this->table,'account_lid,account_lastlogin',array( if (!($row = $this->db->select($this->table,'account_lid,account_lastlogin',array(
'account_lid' => $username, 'account_lid' => $username,
'account_type' => 'u', 'account_type' => 'u',
'account_status' => 'A', 'account_status' => 'A',
'account_pwd' => $passwd, 'account_pwd' => $passwd,
),__LINE__,__FILE__); ),__LINE__,__FILE__)->fetch()) ||
$GLOBALS['egw_info']['server']['case_sensitive_username'] && $row['account_lid'] != $username)
if(!$this->db->next_record() ||
$GLOBALS['egw_info']['server']['case_sensitive_username'] && $this->db->f('account_lid') != $username)
{ {
return false; return false;
} }
} }
// if this point is reached, auth was successfull // if this point is reached, auth was successfull
$this->previous_login = $this->db->f('account_lastlogin'); $this->previous_login = $row['account_lastlogin'];
return true; return true;
} }
@ -127,21 +123,21 @@
$account_id = $GLOBALS['egw_info']['user']['account_id']; $account_id = $GLOBALS['egw_info']['user']['account_id'];
} }
$this->db->select($this->table,'account_pwd',array( if (($pw = $this->db->select($this->table,'account_pwd',array(
'account_id' => $account_id, 'account_id' => $account_id,
'account_type' => 'u', 'account_type' => 'u',
'account_status' => 'A', 'account_status' => 'A',
),__LINE__,__FILE__); ),__LINE__,__FILE__)->fetchSingle()) === false)
{
if(!$this->db->next_record()) return false; // account not found return false; // account not found
}
/* Check the old_passwd to make sure this is legal */ // Check the old_passwd to make sure this is legal
if(!$admin && !$this->compare_password($old_passwd,$this->db->f('account_pwd'),$this->type,strtolower($username))) if(!$admin && !auth::compare_password($old_passwd,$pw,$this->type,strtolower($username)))
{ {
return false; return false;
} }
/* old password ok, or admin called the function from the admin application (no old passwd available).*/ // old password ok, or admin called the function from the admin application (no old passwd available).
return $this->_update_passwd($this->encrypt_sql($new_passwd),$new_passwd,$account_id,$admin); return $this->_update_passwd($this->encrypt_sql($new_passwd),$new_passwd,$account_id,$admin);
} }