[Mapbender-commits] r9370 - trunk/mapbender/http_auth/http
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Mon Jan 18 02:28:14 PST 2016
Author: armin11
Date: 2016-01-18 02:28:14 -0800 (Mon, 18 Jan 2016)
New Revision: 9370
Modified:
trunk/mapbender/http_auth/http/index.php
Log:
Change to allow only usernames credentials for databases with unambigious usernames
Modified: trunk/mapbender/http_auth/http/index.php
===================================================================
--- trunk/mapbender/http_auth/http/index.php 2016-01-15 12:37:01 UTC (rev 9369)
+++ trunk/mapbender/http_auth/http/index.php 2016-01-18 10:28:14 UTC (rev 9370)
@@ -221,9 +221,15 @@
function getUserInfo($mbUsername, $mbEmail)
{
$result = array();
- $sql = "SELECT mb_user_id, mb_user_digest FROM mb_user where mb_user_name = $1 AND mb_user_email= $2";
- $v = array($mbUsername, $mbEmail);
- $t = array("s", "s");
+ if (preg_match('#[@]#', $mbEmail)) {
+ $sql = "SELECT mb_user_id, mb_user_digest FROM mb_user where mb_user_name = $1 AND mb_user_email = $2";
+ $v = array($mbUsername, $mbEmail);
+ $t = array("s", "s");
+ } else {
+ $sql = "SELECT mb_user_id, mb_user_aldigest As mb_user_digest FROM mb_user where mb_user_name = $1";
+ $v = array($mbUsername);
+ $t = array("s");
+ }
$res = db_prep_query($sql, $v, $t);
if (!($row = db_fetch_array($res))) {
$result[0] = "-1";
More information about the Mapbender_commits
mailing list