Update of /cvsroot/openfirst/members
In directory sc8-pr-cvs1:/tmp/cvs-serv25195
Modified Files:
auth.php
Log Message:
Fix some authentication errors.
Index: auth.php
===================================================================
RCS file: /cvsroot/openfirst/members/auth.php,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** auth.php 1 Jun 2003 16:17:37 -0000 1.9
--- auth.php 1 Jun 2003 16:44:08 -0000 1.10
***************
*** 26,29 ****
--- 26,30 ----
*
*/
+ if(isset($encryption) == false) { $encryption = "crypt"; }
mysql_select_db($sqldatabase,$sqlconnection);
***************
*** 75,91 ****
$authcode = $_SESSION['authcode'];
$query = mysql_query("SELECT * FROM ofirst_members WHERE authcode='$authcode';");
! if(mysql_errno != 0) {
$user = mysql_fetch_object($query);
! }
} elseif(isset($_POST["login"]) == true && isset($_POST["password"]) == true) {
$query = mysql_query("SELECT * FROM ofirst_members WHERE user='" . $_POST["login"] . "';");
!
$user = mysql_fetch_object($query);
-
if(mysql_num_rows($query) == 1) {
if(cryptpassword($_POST["password"], $encryption, $user->password) == $user->password) {
session_register("authcode");
! $_SESSION["authcode"] = sha1(rand(1,50000000));
$aquery = mysql_query("UPDATE ofirst_members SET authcode='" . $_SESSION["authcode"] . "' WHERE user='" . $_POST["login"] . "';");
session_write_close();
--- 76,108 ----
$authcode = $_SESSION['authcode'];
$query = mysql_query("SELECT * FROM ofirst_members WHERE authcode='$authcode';");
! if(mysql_errno() == 0 && mysql_num_rows($query) == 1) {
$user = mysql_fetch_object($query);
! } else {
! unset($_SESSION['authcode']);
!
! $query = mysql_query("SELECT * FROM ofirst_members WHERE user='" . $_POST["login"] . "';");
! if(mysql_errno() == 0) {
! $user = mysql_fetch_object($query);
! if(mysql_num_rows($query) == 1) {
! if(cryptpassword($_POST["password"], $encryption, $user->password) == $user->password) {
! session_register("authcode");
! $_SESSION["authcode"] = rand(1,50000000);
! $aquery = mysql_query("UPDATE ofirst_members SET authcode='" . $_SESSION["authcode"] . "' WHERE user='" . $_POST["login"] . "';");
! session_write_close();
! } else {
! unset($user);
! }
! }}
!
! }
} elseif(isset($_POST["login"]) == true && isset($_POST["password"]) == true) {
$query = mysql_query("SELECT * FROM ofirst_members WHERE user='" . $_POST["login"] . "';");
! if(mysql_errno() == 0) {
$user = mysql_fetch_object($query);
if(mysql_num_rows($query) == 1) {
if(cryptpassword($_POST["password"], $encryption, $user->password) == $user->password) {
session_register("authcode");
! $_SESSION["authcode"] = rand(1,50000000);
$aquery = mysql_query("UPDATE ofirst_members SET authcode='" . $_SESSION["authcode"] . "' WHERE user='" . $_POST["login"] . "';");
session_write_close();
***************
*** 93,103 ****
unset($user);
}
}
}
! if(mysql_errno() == 0) {
!
! } else {
// There was an error, check if it's because they didn't create the
// members table.
--- 110,119 ----
unset($user);
}
+ }
}
}
! if(mysql_errno() != 0) {
// There was an error, check if it's because they didn't create the
// members table.
|
