Menu
▾
▴
[Andro-hacker] SF.net SVN: andro:[664] trunk/andro/application/androBuild.php
|
From: <ken...@us...> - 2008-09-13 20:47:04
|
Revision: 664
http://andro.svn.sourceforge.net/andro/?rev=664&view=rev
Author: kendowns
Date: 2008-09-13 20:47:15 +0000 (Sat, 13 Sep 2008)
Log Message:
-----------
Corrected a flaw in user creation. When you insert into the users table, a new user is created if it does not already exist. The check was going to the pg_shadow table, but it should have been going to the pg_roles table. It now checks the pg_roles table, and does LOWER(TRIM()) on both sides to disallow case-different spellings of the same user id.
Modified Paths:
--------------
trunk/andro/application/androBuild.php
Modified: trunk/andro/application/androBuild.php
===================================================================
--- trunk/andro/application/androBuild.php 2008-09-12 23:49:15 UTC (rev 663)
+++ trunk/andro/application/androBuild.php 2008-09-13 20:47:15 UTC (rev 664)
@@ -2866,7 +2866,9 @@
$sql = "
-- 1000 Add user to system, goes in as nologin, no password
new.member_password=####;
- SELECT INTO AnyInt COUNT(*) FROM pg_shadow WHERE usename = CAST(new.user_id as name);
+ SELECT INTO AnyInt COUNT(*)
+ FROM pg_roles
+ WHERE LOWER(TRIM(rolname)) = LOWER(TRIM(CAST(new.user_id as name)));
IF AnyInt = 0 THEN
EXECUTE ##CREATE USER ## || new.user_id || ## NOLOGIN ##;
ELSE
@@ -2883,7 +2885,9 @@
new.member_password=##temp##;
END IF;
- SELECT INTO AnyInt COUNT(*) FROM pg_shadow WHERE usename = CAST(new.user_id as name);
+ SELECT INTO AnyInt COUNT(*)
+ FROM pg_roles
+ WHERE LOWER(TRIM(rolname)) = LOWER(TRIM(CAST(new.user_id as name)));
IF AnyInt = 0 THEN
EXECUTE ##CREATE USER ## || new.user_id || ## PASSWORD ## || quote_literal(new.member_password);
ELSE
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
