Use correct quoting when querying/setting account_id; minor formatting

This commit is contained in:
Miles Lott 2005-08-27 12:19:35 +00:00
parent 47d27be6d3
commit 137e472433
9 changed files with 136 additions and 135 deletions

View File

@ -26,7 +26,7 @@
{
$GLOBALS['egw_info']['server']['auth_type'] = 'sql';
}
include(PHPGW_API_INC.'/class.auth_'.$GLOBALS['egw_info']['server']['auth_type'].'.inc.php');
include(EGW_API_INC.'/class.auth_'.$GLOBALS['egw_info']['server']['auth_type'].'.inc.php');
class auth extends auth_
{
@ -50,7 +50,7 @@
if(!$this->seeded && phpversion() < '4.2.0')
{
list($usec, $sec) = explode(' ', microtime());
list($usec, $sec) = explode(' ', microtime());
mt_srand((float)$sec + ((float)$usec * 100000));
$this->seeded = True;
}
@ -354,8 +354,6 @@
return True;
}
return False;
}
}
?>

View File

@ -6,7 +6,7 @@
* Authentication based on LDAP Server *
* Copyright (C) 2000, 2001 Joseph Engo *
* Copyright (C) 2002, 2003 Lars Kneschke *
* -------------------------------------------------------------------------*
* ------------------------------------------------------------------------ *
* This library is part of the eGroupWare API *
* http://www.egroupware.org/api *
* ------------------------------------------------------------------------ *

View File

@ -5,7 +5,7 @@
* and Joseph Engo <jengo@phpgroupware.org> *
* Authentication based on HTTP auth *
* Copyright (C) 2000, 2001 Dan Kuykendall *
* -------------------------------------------------------------------------*
* ------------------------------------------------------------------------ *
* This library is part of the eGroupWare API *
* http://www.egroupware.org/api *
* ------------------------------------------------------------------------ *
@ -48,13 +48,13 @@
// Since there account data will still be stored in SQL, this should be safe to do. (jengo)
function update_lastlogin($account_id, $ip)
{
$GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$account_id'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->next_record();
$this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin');
$GLOBALS['egw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
$GLOBALS['egw']->db->next_record();
$this->previous_login = $GLOBALS['egw']->db->f('account_lastlogin');
$GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='"
$GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='"
. "$ip', account_lastlogin='" . time()
. "' where account_id='$account_id'",__LINE__,__FILE__);
. "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
}
}
?>

View File

@ -6,7 +6,7 @@
* Authentication based on LDAP Server *
* Copyright (C) 2000, 2001 Joseph Engo *
* Copyright (C) 2002, 2003 Lars Kneschke *
* -------------------------------------------------------------------------*
* ------------------------------------------------------------------------ *
* This library is part of the eGroupWare API *
* http://www.egroupware.org/api *
* ------------------------------------------------------------------------ *
@ -36,40 +36,40 @@
return False;
}
if(!$ldap = @ldap_connect($GLOBALS['phpgw_info']['server']['ldap_host']))
if(!$ldap = @ldap_connect($GLOBALS['egw_info']['server']['ldap_host']))
{
$GLOBALS['phpgw']->log->message('F-Abort, Failed connecting to LDAP server for authenication, execution stopped');
$GLOBALS['phpgw']->log->commit();
$GLOBALS['egw']->log->message('F-Abort, Failed connecting to LDAP server for authenication, execution stopped');
$GLOBALS['egw']->log->commit();
return False;
}
if($GLOBALS['phpgw_info']['server']['ldap_version3'])
if($GLOBALS['egw_info']['server']['ldap_version3'])
{
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
}
/* Login with the LDAP Admin. User to find the User DN. */
if(!@ldap_bind($ldap, $GLOBALS['phpgw_info']['server']['ldap_root_dn'], $GLOBALS['phpgw_info']['server']['ldap_root_pw']))
if(!@ldap_bind($ldap, $GLOBALS['egw_info']['server']['ldap_root_dn'], $GLOBALS['egw_info']['server']['ldap_root_pw']))
{
return False;
}
/* find the dn for this uid, the uid is not always in the dn */
$attributes = array('uid','dn','givenName','sn','mail','uidNumber','gidNumber');
$filter = $GLOBALS['phpgw_info']['server']['ldap_search_filter'] ? $GLOBALS['phpgw_info']['server']['ldap_search_filter'] : '(uid=%user)';
$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['phpgw_info']['user']['domain']),$filter);
$filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)';
$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter);
if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap')
if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap')
{
$filter = "(&$filter(phpgwaccountstatus=A))";
}
$sri = ldap_search($ldap, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter, $attributes);
$sri = ldap_search($ldap, $GLOBALS['egw_info']['server']['ldap_context'], $filter, $attributes);
$allValues = ldap_get_entries($ldap, $sri);
if ($allValues['count'] > 0)
{
if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
if($GLOBALS['egw_info']['server']['case_sensitive_username'] == true)
{
if($allValues[0]['uid'][0] != $username)
{
@ -89,10 +89,10 @@
/* try to bind as the user with user suplied password */
if (@ldap_bind($ldap, $userDN, $passwd))
{
if ($GLOBALS['phpgw_info']['server']['account_repository'] != 'ldap')
if ($GLOBALS['egw_info']['server']['account_repository'] != 'ldap')
{
$account = CreateObject('phpgwapi.accounts',$username,'u');
if (!$account->account_id && $GLOBALS['phpgw_info']['server']['auto_create_acct'])
if (!$account->account_id && $GLOBALS['egw_info']['server']['auto_create_acct'])
{
// create a global array with all availible info about that account
$GLOBALS['auto_create_acct'] = array();
@ -105,7 +105,7 @@
) as $ldap_name => $acct_name)
{
$GLOBALS['auto_create_acct'][$acct_name] =
$GLOBALS['phpgw']->translation->convert($allValues[0][$ldap_name][0],'utf-8');
$GLOBALS['egw']->translation->convert($allValues[0][$ldap_name][0],'utf-8');
}
return True;
}
@ -123,17 +123,17 @@
{
if ('' == $_account_id)
{
$username = $GLOBALS['phpgw_info']['user']['account_lid'];
$username = $GLOBALS['egw_info']['user']['account_lid'];
}
else
{
$username = $GLOBALS['phpgw']->accounts->id2name($_account_id);
$username = $GLOBALS['egw']->accounts->id2name($_account_id);
}
$filter = $GLOBALS['phpgw_info']['server']['ldap_search_filter'] ? $GLOBALS['phpgw_info']['server']['ldap_search_filter'] : '(uid=%user)';
$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['phpgw_info']['user']['domain']),$filter);
$filter = $GLOBALS['egw_info']['server']['ldap_search_filter'] ? $GLOBALS['egw_info']['server']['ldap_search_filter'] : '(uid=%user)';
$filter = str_replace(array('%user','%domain'),array($username,$GLOBALS['egw_info']['user']['domain']),$filter);
$ds = $GLOBALS['phpgw']->common->ldapConnect();
$sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter);
$ds = $GLOBALS['egw']->common->ldapConnect();
$sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], $filter);
$allValues = ldap_get_entries($ds, $sri);
$entry['userpassword'] = $this->encrypt_password($new_passwd);
@ -143,20 +143,20 @@
{
return false;
}
$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd);
$GLOBALS['egw']->session->appsession('password','phpgwapi',$new_passwd);
return $entry['userpassword'];
}
function update_lastlogin($_account_id, $ip)
{
if ($GLOBALS['phpgw_info']['server']['account_repository'] == 'ldap')
if ($GLOBALS['egw_info']['server']['account_repository'] == 'ldap')
{
$entry['phpgwaccountlastlogin'] = time();
$entry['phpgwaccountlastloginfrom'] = $ip;
$ds = $GLOBALS['phpgw']->common->ldapConnect();
$sri = ldap_search($ds, $GLOBALS['phpgw_info']['server']['ldap_context'], 'uidnumber=' . (int)$_account_id);
$ds = $GLOBALS['egw']->common->ldapConnect();
$sri = ldap_search($ds, $GLOBALS['egw_info']['server']['ldap_context'], 'uidnumber=' . (int)$_account_id);
$allValues = ldap_get_entries($ds, $sri);
$dn = $allValues[0]['dn'];
@ -166,13 +166,13 @@
}
else
{
$GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$_account_id'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->next_record();
$this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin');
$GLOBALS['egw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id=" . (int)$_account_id,__LINE__,__FILE__);
$GLOBALS['egw']->db->next_record();
$this->previous_login = $GLOBALS['egw']->db->f('account_lastlogin');
$GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='"
$GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='"
. "$ip', account_lastlogin='" . time()
. "' where account_id='$_account_id'",__LINE__,__FILE__);
. "' WHERE account_id=" . (int)$_account_id,__LINE__,__FILE__);
}
}
}

View File

@ -4,7 +4,7 @@
* This file written by Dan Kuykendall <seek3r@phpgroupware.org> *
* Authentication based on mail server *
* Copyright (C) 2000, 2001 Dan Kuykendall *
* -------------------------------------------------------------------------*
* ------------------------------------------------------------------------ *
* This library is part of the eGroupWare API *
* http://www.egroupware.org/api *
* ------------------------------------------------------------------------ *
@ -31,49 +31,49 @@
{
error_reporting(error_reporting() - 2);
if ($GLOBALS['phpgw_info']['server']['mail_login_type'] == 'vmailmgr')
if ($GLOBALS['egw_info']['server']['mail_login_type'] == 'vmailmgr')
{
$username = $username . '@' . $GLOBALS['phpgw_info']['server']['mail_suffix'];
$username = $username . '@' . $GLOBALS['egw_info']['server']['mail_suffix'];
}
if ($GLOBALS['phpgw_info']['server']['mail_server_type']=='imap')
if ($GLOBALS['egw_info']['server']['mail_server_type']=='imap')
{
$GLOBALS['phpgw_info']['server']['mail_port'] = '143';
$GLOBALS['egw_info']['server']['mail_port'] = '143';
}
elseif ($GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3')
elseif ($GLOBALS['egw_info']['server']['mail_server_type']=='pop3')
{
$GLOBALS['phpgw_info']['server']['mail_port'] = '110';
$GLOBALS['egw_info']['server']['mail_port'] = '110';
}
elseif ($GLOBALS['egw_info']['server']['mail_server_type']=='imaps')
{
$GLOBALS['egw_info']['server']['mail_port'] = '993';
}
elseif ($GLOBALS['egw_info']['server']['mail_server_type']=='pop3s')
{
$GLOBALS['egw_info']['server']['mail_port'] = '995';
}
elseif ($GLOBALS['phpgw_info']['server']['mail_server_type']=='imaps')
{
$GLOBALS['phpgw_info']['server']['mail_port'] = '993';
}
elseif ($GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3s')
{
$GLOBALS['phpgw_info']['server']['mail_port'] = '995';
}
if( $GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3')
if( $GLOBALS['egw_info']['server']['mail_server_type']=='pop3')
{
$mailauth = imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server'].'/pop3'
.':'.$GLOBALS['phpgw_info']['server']['mail_port'].'}INBOX', $username , $passwd);
$mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server'].'/pop3'
.':'.$GLOBALS['egw_info']['server']['mail_port'].'}INBOX', $username , $passwd);
}
elseif ( $GLOBALS['phpgw_info']['server']['mail_server_type']=='imaps' )
{
// IMAPS support:
$mailauth = imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server']."/ssl/novalidate-cert"
.':993}INBOX', $username , $passwd);
}
elseif ( $GLOBALS['phpgw_info']['server']['mail_server_type']=='pop3s' )
{
// POP3S support:
$mailauth = imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server']."/ssl/novalidate-cert"
.':995}INBOX', $username , $passwd);
elseif ( $GLOBALS['egw_info']['server']['mail_server_type']=='imaps' )
{
// IMAPS support:
$mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server']."/ssl/novalidate-cert"
.':993}INBOX', $username , $passwd);
}
elseif ( $GLOBALS['egw_info']['server']['mail_server_type']=='pop3s' )
{
// POP3S support:
$mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server']."/ssl/novalidate-cert"
.':995}INBOX', $username , $passwd);
}
else
{
/* assume imap */
$mailauth = imap_open('{'.$GLOBALS['phpgw_info']['server']['mail_server']
.':'.$GLOBALS['phpgw_info']['server']['mail_port'].'}INBOX', $username , $passwd);
$mailauth = imap_open('{'.$GLOBALS['egw_info']['server']['mail_server']
.':'.$GLOBALS['egw_info']['server']['mail_port'].'}INBOX', $username , $passwd);
}
error_reporting(error_reporting() + 2);
@ -96,13 +96,13 @@
// Since there account data will still be stored in SQL, this should be safe to do. (jengo)
function update_lastlogin($account_id, $ip)
{
$GLOBALS['phpgw']->db->query("select account_lastlogin from phpgw_accounts where account_id='$account_id'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->next_record();
$this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin');
$GLOBALS['egw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
$GLOBALS['egw']->db->next_record();
$this->previous_login = $GLOBALS['egw']->db->f('account_lastlogin');
$GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='"
$GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='"
. "$ip', account_lastlogin='" . time()
. "' where account_id='$account_id'",__LINE__,__FILE__);
. "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
}
}
?>

View File

@ -1,10 +1,10 @@
<?php
/**************************************************************************\
* eGroupWare API - Auth from NIS *
* eGroupWare API - Auth from NIS *
* Authentication based on NIS maps *
* by Dylan Adams <dadams@jhu.edu> *
* Copyright (C) 2001 Dylan Adams *
* -------------------------------------------------------------------------*
* ------------------------------------------------------------------------ *
* This library is part of the eGroupWare API *
* http://www.egroupware.org/api *
* ------------------------------------------------------------------------ *
@ -28,31 +28,31 @@
function authenticate($username, $passwd)
{
$domain = yp_get_default_domain();
if( !empty($GLOBALS['phpgw_info']['server']['nis_domain']) )
if(!empty($GLOBALS['egw_info']['server']['nis_domain']))
{
$domain = $GLOBALS['phpgw_info']['server']['nis_domain'];
$domain = $GLOBALS['egw_info']['server']['nis_domain'];
}
$map = "passwd.byname";
if( !empty($GLOBALS['phpgw_info']['server']['nis_map']) )
if(!empty($GLOBALS['egw_info']['server']['nis_map']))
{
$map = $GLOBALS['phpgw_info']['server']['nis_map'];
$map = $GLOBALS['egw_info']['server']['nis_map'];
}
$entry = yp_match( $domain, $map, $username );
/*
* we assume that the map is structured in the usual
* unix passwd flavor
*/
$entry_array = explode( ':', $entry );
/*
* we assume that the map is structured in the usual
* unix passwd flavor
*/
$entry_array = explode(':', $entry);
$stored_passwd = $entry_array[1];
$encrypted_passwd = crypt( $passwd, $stored_passwd );
$encrypted_passwd = crypt($passwd, $stored_passwd);
return( $encrypted_passwd == $stored_passwd );
return($encrypted_passwd == $stored_passwd);
}
function change_password($old_passwd, $new_passwd, $account_id = '')
function change_password($old_passwd, $new_passwd, $account_id='')
{
// can't change passwords unless server runs as root (bad idea)
return( False );
@ -62,7 +62,7 @@
{
$account_id = get_account_id($account_id);
$GLOBALS['phpgw']->db->query("update phpgw_accounts set account_lastloginfrom='"
$GLOBALS['egw']->db->query("update phpgw_accounts set account_lastloginfrom='"
. "$ip', account_lastlogin='" . time()
. "' where account_id='$account_id'",__LINE__,__FILE__);
}

View File

@ -1,7 +1,7 @@
<?php
/**************************************************************************\
* eGroupWare API - Auth from PAM *
* -------------------------------------------------------------------------*
* ------------------------------------------------------------------------ *
* This library is part of the eGroupWare API *
* http://www.egroupware.org/api *
* ------------------------------------------------------------------------ *
@ -44,9 +44,9 @@
{
$account_id = get_account_id($account_id);
$GLOBALS['phpgw']->db->query('update phpgw_accounts set account_lastloginfrom='
. $GLOBALS['phpgw']->db->quote($ip).', account_lastlogin=' . time()
. ' where account_id='.(int)$account_id,__LINE__,__FILE__);
$GLOBALS['egw']->db->query('UPDATE phpgw_accounts SET account_lastloginfrom='
. $GLOBALS['egw']->db->quote($ip).', account_lastlogin=' . time()
. ' WHERE account_id='.(int)$account_id,__LINE__,__FILE__);
}
}
?>

View File

@ -135,8 +135,8 @@
$account_id = $GLOBALS['egw_info']['user']['account_id'];
}
$this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id
. "' AND " // . " account_type='u' AND "
$this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = " . (int)$account_id
. " AND " // . " account_type='u' AND "
. " account_status ='A'",__LINE__,__FILE__);
$this->db->next_record();
if(!$this->db->f('account_pwd')) return false;
@ -144,7 +144,10 @@
/* Check the old_passwd to make sure this is legal */
if(!$admin)
{
if(!$this->compare_password($old_passwd,$this->db->f('account_pwd'),$this->type,strtolower($username))) return false;
if(!$this->compare_password($old_passwd,$this->db->f('account_pwd'),$this->type,strtolower($username)))
{
return false;
}
}
/* old password ok, or admin called the function from the admin application (no old passwd available).*/
@ -155,7 +158,7 @@
function _update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin=False,$file='')
{
/* This should only be called from this file */
if($file != PHPGW_API_INC . SEP . 'class.auth_sql.inc.php')
if($file != EGW_API_INC . SEP . 'class.auth_sql.inc.php')
{
return False;
}
@ -181,7 +184,7 @@
{
$GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='"
. "$ip', account_lastlogin='" . time()
. "' WHERE account_id='$account_id'",__LINE__,__FILE__);
. "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
}
}
?>

View File

@ -4,7 +4,7 @@
* This file written by Andreas 'Count' Kotes <count@flatline.de> *
* Authentication based on SQL table and X.509 certificates *
* Copyright (C) 2000, 2001 Dan Kuykendall *
* -------------------------------------------------------------------------*
* ------------------------------------------------------------------------ *
* This library is part of the eGroupWare API *
* http://www.egroupware.org/api *
* ------------------------------------------------------------------------ *
@ -30,7 +30,7 @@
function auth_()
{
copyobj($GLOBALS['phpgw']->db,$this->db);
$this->db = clone($GLOBALS['egw']->db);
}
function authenticate($username, $passwd)
@ -59,7 +59,7 @@
$this->db->next_record();
}
if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
if($GLOBALS['egw_info']['server']['case_sensitive_username'] == true)
{
if($db->f('account_lid') != $username)
{
@ -80,28 +80,28 @@
{
if(!$account_id)
{
$account_id = $GLOBALS['phpgw_info']['user']['account_id'];
$account_id = $GLOBALS['egw_info']['user']['account_id'];
}
$encrypted_passwd = md5($new_passwd);
$GLOBALS['phpgw']->db->query("UPDATE phpgw_accounts SET account_pwd='" . md5($new_passwd) . "',"
. "account_lastpwd_change='" . time() . "' WHERE account_id='" . $account_id . "'",__LINE__,__FILE__);
$GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_pwd='" . md5($new_passwd) . "',"
. "account_lastpwd_change='" . time() . "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd);
$GLOBALS['egw']->session->appsession('password','phpgwapi',$new_passwd);
return $encrypted_passwd;
}
function update_lastlogin($account_id, $ip)
{
$GLOBALS['phpgw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id='$account_id'",__LINE__,__FILE__);
$GLOBALS['phpgw']->db->next_record();
$this->previous_login = $GLOBALS['phpgw']->db->f('account_lastlogin');
$GLOBALS['egw']->db->query("SELECT account_lastlogin FROM phpgw_accounts WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
$GLOBALS['egw']->db->next_record();
$this->previous_login = $GLOBALS['egw']->db->f('account_lastlogin');
$GLOBALS['phpgw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='"
$GLOBALS['egw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='"
. "$ip', account_lastlogin='" . time()
. "' WHERE account_id='$account_id'",__LINE__,__FILE__);
. "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
}
}
?>