svn commit: r707 - trunk/mapbender/http/frames/login.php
uli at osgeo.org
uli at osgeo.org
Thu Jul 27 09:01:45 EDT 2006
Author: uli
Date: 2006-07-27 13:01:45+0000
New Revision: 707
Modified:
trunk/mapbender/http/frames/login.php
Log:
switch to encrypt passwords in md5
if there are unencrypted or mysql-password encrypted passwords
Modified: trunk/mapbender/http/frames/login.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/frames/login.php?view=diff&rev=707&p1=trunk/mapbender/http/frames/login.php&p2=trunk/mapbender/http/frames/login.php&r1=706&r2=707
==============================================================================
--- trunk/mapbender/http/frames/login.php (original)
+++ trunk/mapbender/http/frames/login.php 2006-07-27 13:01:45+0000
@@ -22,6 +22,7 @@
db_select_db(DB,$con);
function auth_user($name,$pw){
+ $setEncPw = false;
$sql = "SELECT * FROM mb_user WHERE mb_user_name = $1 AND mb_user_password = $2";
$v = array($name,md5($pw));
$t = array('s','s');
@@ -29,27 +30,30 @@
if($row = db_fetch_array($res)){
return $row;
}
- if(SYS_DBTYPE == 'pgsql'){
+ else if(SYS_DBTYPE == 'pgsql' && $setEncPw == true){
+ // unencrypted pw in postgres without md5-support?
+ $sql = "SELECT * FROM mb_user WHERE mb_user_name = $1 AND mb_user_password = $2";
$v = array($name,$pw);
- $res = db_prep_query($sql,$v,$t);
- if($row = db_fetch_array($res)){
+ $t = array('s','s');
+ $resn = db_prep_query($sql,$v,$t);
+ if($rown = db_fetch_array($resn)){
$sqlu = "UPDATE mb_user SET mb_user_password = $1 WHERE mb_user_id = $2";
- $vu = array(md5($pw),$row["mb_user_id"]);
+ $vu = array(md5($pw),$rown["mb_user_id"]);
$tu = array('s','i');
$rowu = db_prep_query($sqlu,$vu,$tu);
- return $row;
+ return $rown;
}
}
- else if(SYS_DBTYPE == 'mysql'){
+ else if(SYS_DBTYPE == 'mysql' && $setEncPw == true){
$sql = "SELECT * FROM mb_user WHERE mb_user_name = $1 AND mb_user_password = password($2)";
$v = array($name,$pw);
- $res = db_prep_query($sql,$v,$t);
- if($row = db_fetch_array($res)){
+ $resn = db_prep_query($sql,$v,$t);
+ if($rown = db_fetch_array($resn)){
$sqlu = "UPDATE mb_user SET mb_user_password = $1 WHERE mb_user_id = $2";
- $vu = array(md5($pw),$row["mb_user_id"]);
+ $vu = array(md5($pw),$rown["mb_user_id"]);
$tu = array('s','i');
$rowu = db_prep_query($sqlu,$vu,$tu);
- return $row;
+ return $rown;
}
}
}
More information about the Mapbender_commits
mailing list