holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use correct quoting when querying/setting account_id; minor formatting

Browse Source
This commit is contained in:
Miles Lott 2005-08-27 12:19:35 +00:00
parent 47d27be6d3
commit 137e472433
9 changed files with 136 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
phpgwapi/inc/class.auth.inc.php
View File

@ -26,7 +26,7 @@
{ {
$GLOBALS['egw_info']['server']['auth_type'] = 'sql'; $GLOBALS['egw_info']['server']['auth_type'] = 'sql';
} }
include(PHPGW_API_INC.'/class.auth_'.$GLOBALS['egw_info']['server']['auth_type'].'.inc.php'); include(EGW_API_INC.'/class.auth_'.$GLOBALS['egw_info']['server']['auth_type'].'.inc.php');
class auth extends auth_ class auth extends auth_
{ {
@ -50,7 +50,7 @@
if(!$this->seeded && phpversion() < '4.2.0') if(!$this->seeded && phpversion() < '4.2.0')
{ {
list($usec, $sec) = explode(' ', microtime()); list($usec, $sec) = explode(' ', microtime());
mt_srand((float)$sec + ((float)$usec * 100000)); mt_srand((float)$sec + ((float)$usec * 100000));
$this->seeded = True; $this->seeded = True;
} }
@ -354,8 +354,6 @@
return True; return True;
} }
return False; return False;
} }
} }
?> ?>

2
phpgwapi/inc/class.auth_ads.inc.php
View File

@ -6,7 +6,7 @@
* Authentication based on LDAP Server * * Authentication based on LDAP Server *
* Copyright (C) 2000, 2001 Joseph Engo * * Copyright (C) 2000, 2001 Joseph Engo *
* Copyright (C) 2002, 2003 Lars Kneschke * * Copyright (C) 2002, 2003 Lars Kneschke *
* -------------------------------------------------------------------------* * ------------------------------------------------------------------------ *
* This library is part of the eGroupWare API * * This library is part of the eGroupWare API *
* http://www.egroupware.org/api * * http://www.egroupware.org/api *
* ------------------------------------------------------------------------ * * ------------------------------------------------------------------------ *

12
phpgwapi/inc/class.auth_http.inc.php
View File

@ -5,7 +5,7 @@
* and Joseph Engo <jengo@phpgroupware.org> * * and Joseph Engo <jengo@phpgroupware.org> *
* Authentication based on HTTP auth * * Authentication based on HTTP auth *
* Copyright (C) 2000, 2001 Dan Kuykendall * * Copyright (C) 2000, 2001 Dan Kuykendall *
* -------------------------------------------------------------------------* * ------------------------------------------------------------------------ *
* This library is part of the eGroupWare API * * This library is part of the eGroupWare API *
* http://www.egroupware.org/api * * http://www.egroupware.org/api *
* ------------------------------------------------------------------------ * * ------------------------------------------------------------------------ *
@ -48,13 +48,13 @@
// Since there account data will still be stored in SQL, this should be safe to do. (jengo) // Since there account data will still be stored in SQL, this should be safe to do. (jengo)
function update_lastlogin($account_id, $ip) function update_lastlogin($account_id, $ip)
{ {
$GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$account_id'",__LINE__,__FILE__); $GLOBALS['egw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
$GLOBALS['phpgw']->db->next_record(); $GLOBALS['egw']->db->next_record();
$this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin'); $this->previous_login = $GLOBALS['egw']->db->f('account_lastlogin');
$GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='" $GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='"
. "$ip', account_lastlogin='" . time() . "$ip', account_lastlogin='" . time()
. "' where account_id='$account_id'",__LINE__,__FILE__); . "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
} }
} }
?> ?>

58
phpgwapi/inc/class.auth_ldap.inc.php
View File

@ -6,7 +6,7 @@
* Authentication based on LDAP Server * * Authentication based on LDAP Server *
* Copyright (C) 2000, 2001 Joseph Engo * * Copyright (C) 2000, 2001 Joseph Engo *
* Copyright (C) 2002, 2003 Lars Kneschke * * Copyright (C) 2002, 2003 Lars Kneschke *
* -------------------------------------------------------------------------* * ------------------------------------------------------------------------ *
* This library is part of the eGroupWare API * * This library is part of the eGroupWare API *
* http://www.egroupware.org/api * * http://www.egroupware.org/api *
* ------------------------------------------------------------------------ * * ------------------------------------------------------------------------ *
@ -36,40 +36,40 @@
return False; return False;
} }
if(!$ldap = @ldap_connect($GLOBALS['phpgw_info']['server']['ldap_host'])) if(!$ldap = @ldap_connect($GLOBALS['egw_info']['server']['ldap_host']))
{ {
$GLOBALS['phpgw']->log->message('F-Abort, Failed connecting to LDAP server for authenication, execution stopped'); $GLOBALS['egw']->log->message('F-Abort, Failed connecting to LDAP server for authenication, execution stopped');
$GLOBALS['phpgw']->log->commit(); $GLOBALS['egw']->log->commit();
return False; return False;
} }
if($GLOBALS['phpgw_info']['server']['ldap_version3']) if($GLOBALS['egw_info']['server']['ldap_version3'])
{ {
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
} }
/* Login with the LDAP Admin. User to find the User DN. */ /* Login with the LDAP Admin. User to find the User DN. */
if(!@ldap_bind($ldap, $GLOBALS['phpgw_info']['server']['ldap_root_dn'], $GLOBALS['phpgw_info']['server']['ldap_root_pw'])) if(!@ldap_bind($ldap, $GLOBALS['egw_info']['server']['ldap_root_dn'], $GLOBALS['egw_info']['server']['ldap_root_pw']))
{ {
return False; return False;
} }
/* find the dn for this uid, the uid is not always in the dn */ /* find the dn for this uid, the uid is not always in the dn */
$attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber'); $attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber');
$filter = $GLOBALS['phpgw_info']['server']['ldap_search_filter'] ? $GLOBALS['phpgw_info']['server']['ldap_search_filter'] : '(uid=%user)'; $filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)';
$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['phpgw_info']['user']['domain']),$filter); $filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter);
if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap') if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap')
{ {
$filter = "(&$filter(phpgwaccountstatus=A))"; $filter = "(&$filter(phpgwaccountstatus=A))";
} }
$sri = ldap_search($ldap, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter, $attributes); $sri = ldap_search($ldap, $GLOBALS['egw_info']['server']['ldap_context'], $filter, $attributes);
$allValues = ldap_get_entries($ldap, $sri); $allValues = ldap_get_entries($ldap, $sri);
if ($allValues['count'] > 0) if ($allValues['count'] > 0)
{ {
if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true) if($GLOBALS['egw_info']['server']['case_sensitive_username'] == true)
{ {
if($allValues[0]['uid'][0] != $username) if($allValues[0]['uid'][0] != $username)
{ {
@ -89,10 +89,10 @@
/* try to bind as the user with user suplied password */ /* try to bind as the user with user suplied password */
if (@ldap_bind($ldap, $userDN, $passwd)) if (@ldap_bind($ldap, $userDN, $passwd))
{ {
if ($GLOBALS['phpgw_info']['server']['account_repository'] != 'ldap') if ($GLOBALS['egw_info']['server']['account_repository'] != 'ldap')
{ {
$account = CreateObject('phpgwapi.accounts',$username,'u'); $account = CreateObject('phpgwapi.accounts',$username,'u');
if (!$account->account_id && $GLOBALS['phpgw_info']['server']['auto_create_acct']) if (!$account->account_id && $GLOBALS['egw_info']['server']['auto_create_acct'])
{ {
// create a global array with all availible info about that account // create a global array with all availible info about that account
$GLOBALS['auto_create_acct'] = array(); $GLOBALS['auto_create_acct'] = array();
@ -105,7 +105,7 @@
) as $ldap_name => $acct_name) ) as $ldap_name => $acct_name)
{ {
$GLOBALS['auto_create_acct'][$acct_name] = $GLOBALS['auto_create_acct'][$acct_name] =
$GLOBALS['phpgw']->translation->convert($allValues[0][$ldap_name][0],'utf-8'); $GLOBALS['egw']->translation->convert($allValues[0][$ldap_name][0],'utf-8');
} }
return True; return True;
} }
@ -123,17 +123,17 @@
{ {
if ('' == $_account_id) if ('' == $_account_id)
{ {
$username = $GLOBALS['phpgw_info']['user']['account_lid']; $username = $GLOBALS['egw_info']['user']['account_lid'];
} }
else else
{ {
$username = $GLOBALS['phpgw']->accounts->id2name($_account_id); $username = $GLOBALS['egw']->accounts->id2name($_account_id);
} }
$filter = $GLOBALS['phpgw_info']['server']['ldap_search_filter'] ? $GLOBALS['phpgw_info']['server']['ldap_search_filter'] : '(uid=%user)'; $filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)';
$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['phpgw_info']['user']['domain']),$filter); $filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter);
$ds = $GLOBALS['phpgw']->common->ldapConnect(); $ds = $GLOBALS['egw']->common->ldapConnect();
$sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter); $sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], $filter);
$allValues = ldap_get_entries($ds, $sri); $allValues = ldap_get_entries($ds, $sri);
$entry['userpassword'] = $this->encrypt_password($new_passwd); $entry['userpassword'] = $this->encrypt_password($new_passwd);
@ -143,20 +143,20 @@
{ {
return false; return false;
} }
$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd); $GLOBALS['egw']->session->appsession('password','phpgwapi',$new_passwd);
return $entry['userpassword']; return $entry['userpassword'];
} }
function update_lastlogin($_account_id, $ip) function update_lastlogin($_account_id, $ip)
{ {
if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap') if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap')
{ {
$entry['phpgwaccountlastlogin'] = time(); $entry['phpgwaccountlastlogin'] = time();
$entry['phpgwaccountlastloginfrom'] = $ip; $entry['phpgwaccountlastloginfrom'] = $ip;
$ds = $GLOBALS['phpgw']->common->ldapConnect(); $ds = $GLOBALS['egw']->common->ldapConnect();
$sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], 'uidnumber=' . (int)$_account_id); $sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], 'uidnumber=' . (int)$_account_id);
$allValues = ldap_get_entries($ds, $sri); $allValues = ldap_get_entries($ds, $sri);
$dn = $allValues[0]['dn']; $dn = $allValues[0]['dn'];
@ -166,13 +166,13 @@
} }
else else
{ {
$GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$_account_id'",__LINE__,__FILE__); $GLOBALS['egw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id=" . (int)$_account_id,__LINE__,__FILE__);
$GLOBALS['phpgw']->db->next_record(); $GLOBALS['egw']->db->next_record();
$this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin'); $this->previous_login = $GLOBALS['egw']->db->f('account_lastlogin');
$GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='" $GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='"
. "$ip', account_lastlogin='" . time() . "$ip', account_lastlogin='" . time()
. "' where account_id='$_account_id'",__LINE__,__FILE__); . "' WHERE account_id=" . (int)$_account_id,__LINE__,__FILE__);
} }
} }
} }

72
phpgwapi/inc/class.auth_mail.inc.php
View File

@ -4,7 +4,7 @@
* This file written by Dan Kuykendall <seek3r@phpgroupware.org> * * This file written by Dan Kuykendall <seek3r@phpgroupware.org> *
* Authentication based on mail server * * Authentication based on mail server *
* Copyright (C) 2000, 2001 Dan Kuykendall * * Copyright (C) 2000, 2001 Dan Kuykendall *
* -------------------------------------------------------------------------* * ------------------------------------------------------------------------ *
* This library is part of the eGroupWare API * * This library is part of the eGroupWare API *
* http://www.egroupware.org/api * * http://www.egroupware.org/api *
* ------------------------------------------------------------------------ * * ------------------------------------------------------------------------ *
@ -31,49 +31,49 @@
{ {
error_reporting(error_reporting() - 2); error_reporting(error_reporting() - 2);
if ($GLOBALS['phpgw_info']['server']['mail_login_type'] == 'vmailmgr') if ($GLOBALS['egw_info']['server']['mail_login_type'] == 'vmailmgr')
{ {
$username = $username . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix']; $username = $username . '@' . $GLOBALS['egw_info']['server']['mail_suffix'];
} }
if ($GLOBALS['phpgw_info']['server']['mail_server_type']=='imap') if ($GLOBALS['egw_info']['server']['mail_server_type']=='imap')
{ {
$GLOBALS['phpgw_info']['server']['mail_port'] = '143'; $GLOBALS['egw_info']['server']['mail_port'] = '143';
} }
elseif ($GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3') elseif ($GLOBALS['egw_info']['server']['mail_server_type']=='pop3')
{ {
$GLOBALS['phpgw_info']['server']['mail_port'] = '110'; $GLOBALS['egw_info']['server']['mail_port'] = '110';
}
elseif ($GLOBALS['egw_info']['server']['mail_server_type']=='imaps')
{
$GLOBALS['egw_info']['server']['mail_port'] = '993';
}
elseif ($GLOBALS['egw_info']['server']['mail_server_type']=='pop3s')
{
$GLOBALS['egw_info']['server']['mail_port'] = '995';
} }
elseif ($GLOBALS['phpgw_info']['server']['mail_server_type']=='imaps')
{
$GLOBALS['phpgw_info']['server']['mail_port'] = '993';
}
elseif ($GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3s')
{
$GLOBALS['phpgw_info']['server']['mail_port'] = '995';
}
if( $GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3') if( $GLOBALS['egw_info']['server']['mail_server_type']=='pop3')
{ {
$mailauth = imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server'].'/pop3' $mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server'].'/pop3'
.':'.$GLOBALS['phpgw_info']['server']['mail_port'].'}INBOX', $username , $passwd); .':'.$GLOBALS['egw_info']['server']['mail_port'].'}INBOX', $username , $passwd);
} }
elseif ( $GLOBALS['phpgw_info']['server']['mail_server_type']=='imaps' ) elseif ( $GLOBALS['egw_info']['server']['mail_server_type']=='imaps' )
{ {
// IMAPS support: // IMAPS support:
$mailauth = imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server']."/ssl/novalidate-cert" $mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server']."/ssl/novalidate-cert"
.':993}INBOX', $username , $passwd); .':993}INBOX', $username , $passwd);
} }
elseif ( $GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3s' ) elseif ( $GLOBALS['egw_info']['server']['mail_server_type']=='pop3s' )
{ {
// POP3S support: // POP3S support:
$mailauth = imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server']."/ssl/novalidate-cert" $mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server']."/ssl/novalidate-cert"
.':995}INBOX', $username , $passwd); .':995}INBOX', $username , $passwd);
} }
else else
{ {
/* assume imap */ /* assume imap */
$mailauth = imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server'] $mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server']
.':'.$GLOBALS['phpgw_info']['server']['mail_port'].'}INBOX', $username , $passwd); .':'.$GLOBALS['egw_info']['server']['mail_port'].'}INBOX', $username , $passwd);
} }
error_reporting(error_reporting() + 2); error_reporting(error_reporting() + 2);
@ -96,13 +96,13 @@
// Since there account data will still be stored in SQL, this should be safe to do. (jengo) // Since there account data will still be stored in SQL, this should be safe to do. (jengo)
function update_lastlogin($account_id, $ip) function update_lastlogin($account_id, $ip)
{ {
$GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$account_id'",__LINE__,__FILE__); $GLOBALS['egw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
$GLOBALS['phpgw']->db->next_record(); $GLOBALS['egw']->db->next_record();
$this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin'); $this->previous_login = $GLOBALS['egw']->db->f('account_lastlogin');
$GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='" $GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='"
. "$ip', account_lastlogin='" . time() . "$ip', account_lastlogin='" . time()
. "' where account_id='$account_id'",__LINE__,__FILE__); . "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
} }
} }
?> ?>

30
phpgwapi/inc/class.auth_nis.inc.php
View File

@ -1,10 +1,10 @@
<?php <?php
/**************************************************************************\ /**************************************************************************\
* eGroupWare API - Auth from NIS * * eGroupWare API - Auth from NIS *
* Authentication based on NIS maps * * Authentication based on NIS maps *
* by Dylan Adams <dadams@jhu.edu> * * by Dylan Adams <dadams@jhu.edu> *
* Copyright (C) 2001 Dylan Adams * * Copyright (C) 2001 Dylan Adams *
* -------------------------------------------------------------------------* * ------------------------------------------------------------------------ *
* This library is part of the eGroupWare API * * This library is part of the eGroupWare API *
* http://www.egroupware.org/api * * http://www.egroupware.org/api *
* ------------------------------------------------------------------------ * * ------------------------------------------------------------------------ *
@ -28,31 +28,31 @@
function authenticate($username, $passwd) function authenticate($username, $passwd)
{ {
$domain = yp_get_default_domain(); $domain = yp_get_default_domain();
if( !empty($GLOBALS['phpgw_info']['server']['nis_domain']) ) if(!empty($GLOBALS['egw_info']['server']['nis_domain']))
{ {
$domain = $GLOBALS['phpgw_info']['server']['nis_domain']; $domain = $GLOBALS['egw_info']['server']['nis_domain'];
} }
$map = "passwd.byname"; $map = "passwd.byname";
if( !empty($GLOBALS['phpgw_info']['server']['nis_map']) ) if(!empty($GLOBALS['egw_info']['server']['nis_map']))
{ {
$map = $GLOBALS['phpgw_info']['server']['nis_map']; $map = $GLOBALS['egw_info']['server']['nis_map'];
} }
$entry = yp_match( $domain, $map, $username ); $entry = yp_match( $domain, $map, $username );
/* /*
* we assume that the map is structured in the usual * we assume that the map is structured in the usual
* unix passwd flavor * unix passwd flavor
*/ */
$entry_array = explode( ':', $entry ); $entry_array = explode(':', $entry);
$stored_passwd = $entry_array[1]; $stored_passwd = $entry_array[1];
$encrypted_passwd = crypt( $passwd, $stored_passwd ); $encrypted_passwd = crypt($passwd, $stored_passwd);
return( $encrypted_passwd == $stored_passwd ); return($encrypted_passwd == $stored_passwd);
} }
function change_password($old_passwd, $new_passwd, $account_id = '') function change_password($old_passwd, $new_passwd, $account_id='')
{ {
// can't change passwords unless server runs as root (bad idea) // can't change passwords unless server runs as root (bad idea)
return( False ); return( False );
@ -62,7 +62,7 @@
{ {
$account_id = get_account_id($account_id); $account_id = get_account_id($account_id);
$GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='" $GLOBALS['egw']->db->query("update phpgw_accounts set account_lastloginfrom='"
. "$ip', account_lastlogin='" . time() . "$ip', account_lastlogin='" . time()
. "' where account_id='$account_id'",__LINE__,__FILE__); . "' where account_id='$account_id'",__LINE__,__FILE__);
} }

8
phpgwapi/inc/class.auth_pam.inc.php
View File

@ -1,7 +1,7 @@
<?php <?php
/**************************************************************************\ /**************************************************************************\
* eGroupWare API - Auth from PAM * * eGroupWare API - Auth from PAM *
* -------------------------------------------------------------------------* * ------------------------------------------------------------------------ *
* This library is part of the eGroupWare API * * This library is part of the eGroupWare API *
* http://www.egroupware.org/api * * http://www.egroupware.org/api *
* ------------------------------------------------------------------------ * * ------------------------------------------------------------------------ *
@ -44,9 +44,9 @@
{ {
$account_id = get_account_id($account_id); $account_id = get_account_id($account_id);
$GLOBALS['phpgw']->db->query('update phpgw_accounts set account_lastloginfrom=' $GLOBALS['egw']->db->query('UPDATE phpgw_accounts SET account_lastloginfrom='
. $GLOBALS['phpgw']->db->quote($ip).', account_lastlogin=' . time() . $GLOBALS['egw']->db->quote($ip).', account_lastlogin=' . time()
. ' where account_id='.(int)$account_id,__LINE__,__FILE__); . ' WHERE account_id='.(int)$account_id,__LINE__,__FILE__);
} }
} }
?> ?>

13
phpgwapi/inc/class.auth_sql.inc.php
View File

@ -135,8 +135,8 @@
$account_id = $GLOBALS['egw_info']['user']['account_id']; $account_id = $GLOBALS['egw_info']['user']['account_id'];
} }
$this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id $this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = " . (int)$account_id
. "' AND " // . " account_type='u' AND " . " AND " // . " account_type='u' AND "
. " account_status ='A'",__LINE__,__FILE__); . " account_status ='A'",__LINE__,__FILE__);
$this->db->next_record(); $this->db->next_record();
if(!$this->db->f('account_pwd')) return false; if(!$this->db->f('account_pwd')) return false;
@ -144,7 +144,10 @@
/* Check the old_passwd to make sure this is legal */ /* Check the old_passwd to make sure this is legal */
if(!$admin) if(!$admin)
{ {
if(!$this->compare_password($old_passwd,$this->db->f('account_pwd'),$this->type,strtolower($username))) return false; if(!$this->compare_password($old_passwd,$this->db->f('account_pwd'),$this->type,strtolower($username)))
{
return false;
}
} }
/* old password ok, or admin called the function from the admin application (no old passwd available).*/ /* old password ok, or admin called the function from the admin application (no old passwd available).*/
@ -155,7 +158,7 @@
function _update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin=False,$file='') function _update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin=False,$file='')
{ {
/* This should only be called from this file */ /* This should only be called from this file */
if($file != PHPGW_API_INC . SEP . 'class.auth_sql.inc.php') if($file != EGW_API_INC . SEP . 'class.auth_sql.inc.php')
{ {
return False; return False;
} }
@ -181,7 +184,7 @@
{ {
$GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='" $GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='"
. "$ip', account_lastlogin='" . time() . "$ip', account_lastlogin='" . time()
. "' WHERE account_id='$account_id'",__LINE__,__FILE__); . "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
} }
} }
?> ?>

24
phpgwapi/inc/class.auth_sqlssl.inc.php
View File

@ -4,7 +4,7 @@
* This file written by Andreas 'Count' Kotes <count@flatline.de> * * This file written by Andreas 'Count' Kotes <count@flatline.de> *
* Authentication based on SQL table and X.509 certificates * * Authentication based on SQL table and X.509 certificates *
* Copyright (C) 2000, 2001 Dan Kuykendall * * Copyright (C) 2000, 2001 Dan Kuykendall *
* -------------------------------------------------------------------------* * ------------------------------------------------------------------------ *
* This library is part of the eGroupWare API * * This library is part of the eGroupWare API *
* http://www.egroupware.org/api * * http://www.egroupware.org/api *
* ------------------------------------------------------------------------ * * ------------------------------------------------------------------------ *
@ -30,7 +30,7 @@
function auth_() function auth_()
{ {
copyobj($GLOBALS['phpgw']->db,$this->db); $this->db = clone($GLOBALS['egw']->db);
} }
function authenticate($username, $passwd) function authenticate($username, $passwd)
@ -59,7 +59,7 @@
$this->db->next_record(); $this->db->next_record();
} }
if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true) if($GLOBALS['egw_info']['server']['case_sensitive_username'] == true)
{ {
if($db->f('account_lid') != $username) if($db->f('account_lid') != $username)
{ {
@ -80,28 +80,28 @@
{ {
if(!$account_id) if(!$account_id)
{ {
$account_id = $GLOBALS['phpgw_info']['user']['account_id']; $account_id = $GLOBALS['egw_info']['user']['account_id'];
} }
$encrypted_passwd = md5($new_passwd); $encrypted_passwd = md5($new_passwd);
$GLOBALS['phpgw']->db->query("UPDATE phpgw_accounts SET account_pwd='" . md5($new_passwd) . "'," $GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_pwd='" . md5($new_passwd) . "',"
. "account_lastpwd_change='" . time() . "' WHERE account_id='" . $account_id . "'",__LINE__,__FILE__); . "account_lastpwd_change='" . time() . "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd); $GLOBALS['egw']->session->appsession('password','phpgwapi',$new_passwd);
return $encrypted_passwd; return $encrypted_passwd;
} }
function update_lastlogin($account_id, $ip) function update_lastlogin($account_id, $ip)
{ {
$GLOBALS['phpgw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id='$account_id'",__LINE__,__FILE__); $GLOBALS['egw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
$GLOBALS['phpgw']->db->next_record(); $GLOBALS['egw']->db->next_record();
$this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin'); $this->previous_login = $GLOBALS['egw']->db->f('account_lastlogin');
$GLOBALS['phpgw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='" $GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='"
. "$ip', account_lastlogin='" . time() . "$ip', account_lastlogin='" . time()
. "' WHERE account_id='$account_id'",__LINE__,__FILE__); . "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
} }
} }
?> ?>