[Openfirst-cvscommit] members auth.php,1.9,1.10

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/openfirst/members
In directory sc8-pr-cvs1:/tmp/cvs-serv25195

Modified Files:
	auth.php 
Log Message:
Fix some authentication errors.

Index: auth.php
===================================================================
RCS file: /cvsroot/openfirst/members/auth.php,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** auth.php	1 Jun 2003 16:17:37 -0000	1.9
--- auth.php	1 Jun 2003 16:44:08 -0000	1.10
***************
*** 26,29 ****
--- 26,30 ----
   *
   */
+   if(isset($encryption) == false) { $encryption = "crypt"; }
    mysql_select_db($sqldatabase,$sqlconnection);
  
***************
*** 75,91 ****
      $authcode = $_SESSION['authcode'];
      $query = mysql_query("SELECT * FROM ofirst_members WHERE authcode='$authcode';");
!     if(mysql_errno != 0) {
       $user = mysql_fetch_object($query);
!     } 
     } elseif(isset($_POST["login"]) == true && isset($_POST["password"]) == true) {
      
      $query = mysql_query("SELECT * FROM ofirst_members WHERE user='" . $_POST["login"] . "';");
! 
       $user = mysql_fetch_object($query);
- 
      if(mysql_num_rows($query) == 1) {
       if(cryptpassword($_POST["password"], $encryption, $user->password) == $user->password) {
         session_register("authcode");
!        $_SESSION["authcode"] = sha1(rand(1,50000000));
         $aquery = mysql_query("UPDATE ofirst_members SET authcode='" . $_SESSION["authcode"] . "' WHERE user='" . $_POST["login"] . "';");
         session_write_close();
--- 76,108 ----
      $authcode = $_SESSION['authcode'];
      $query = mysql_query("SELECT * FROM ofirst_members WHERE authcode='$authcode';");
!     if(mysql_errno() == 0 && mysql_num_rows($query) == 1) {
       $user = mysql_fetch_object($query);
!     } else {
!      unset($_SESSION['authcode']);
! 
!     $query = mysql_query("SELECT * FROM ofirst_members WHERE user='" . $_POST["login"] . "';");
!     if(mysql_errno() == 0) {
!      $user = mysql_fetch_object($query);
!     if(mysql_num_rows($query) == 1) {
!      if(cryptpassword($_POST["password"], $encryption, $user->password) == $user->password) {
!        session_register("authcode");
!        $_SESSION["authcode"] = rand(1,50000000);
!        $aquery = mysql_query("UPDATE ofirst_members SET authcode='" . $_SESSION["authcode"] . "' WHERE user='" . $_POST["login"] . "';");
!        session_write_close();
!      } else {
!        unset($user);
!      }
!     }}
! 
!     }
     } elseif(isset($_POST["login"]) == true && isset($_POST["password"]) == true) {
      
      $query = mysql_query("SELECT * FROM ofirst_members WHERE user='" . $_POST["login"] . "';");
!     if(mysql_errno() == 0) {
       $user = mysql_fetch_object($query);
      if(mysql_num_rows($query) == 1) {
       if(cryptpassword($_POST["password"], $encryption, $user->password) == $user->password) {
         session_register("authcode");
!        $_SESSION["authcode"] = rand(1,50000000);
         $aquery = mysql_query("UPDATE ofirst_members SET authcode='" . $_SESSION["authcode"] . "' WHERE user='" . $_POST["login"] . "';");
         session_write_close();
***************
*** 93,103 ****
         unset($user);
       }
      }
     }
  
  
!   if(mysql_errno() == 0) {
! 
!   } else {
     // There was an error, check if it's because they didn't create the 
     // members table.
--- 110,119 ----
         unset($user);
       }
+      }
      }
     }
  
  
!   if(mysql_errno() != 0) {
     // There was an error, check if it's because they didn't create the 
     // members table.