phpsecurityadm-devel Mailing List for SecurityAdmin for PHP (Page 3)
Brought to you by:
koivi
Menu
▾
▴
phpsecurityadm-devel — Developer's mailing list for phpSecurityAdm
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
(9) |
Apr
|
May
(18) |
Jun
(5) |
Jul
(3) |
Aug
(16) |
Sep
|
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Albert L. <al...@pl...> - 2003-03-19 21:43:12
|
Nope, I'll try it out later today or tomorrow. I can take it from here I just wanted to get your input on structure strategy. There is still a bunch of little things to do but won't take long and are easy decisions. For now I'll just drop in the code and commit it to get the ball moving. > Did you have a chance to test the code? As I said, I'm not sure the > queries are correct, but they should give you an idea. |
|
From: Justin K. <ju...@ko...> - 2003-03-19 21:21:27
|
Albert Lash wrote:
> Hello PSA Developers,
>
> The password recovery schema has been put in the psa.schema.xml cvs file.
>
> In generating the code for making this happen, where should the code go? In
> the class.phpSecurityAdmin.php file?
Yes, that is where it would need to go. {Man, I like using e-mail so
much more than forums...}
> Here's what Justin came up with today (thanks dude):
>
> <?php
> /*
> * setUserChallenge()
> *
> * Edit or add a user's personal password question/answer challenge
> pair
> *
> * @param $uid The username of the user to set the challenge for.
> * @param $ar An associative array in the form of
> array('question'=>$USERS_QUESTION,'answer'=>$USERS_ANSWER)
> * @result Returns TRUE or FALSE and sets WARNING and ERROR strings.
> */
> function setUserChallenge($uid,$ar){
> $this->ERROR=array();
> $this->WARNING=array();
>
> if(!isset($ar['question']) || !isset($ar['answer'])){
> // either no question or no answer
> $this->ERROR[]=sprintf(_("You must provide a question and answer
> in order to set the password recovery challenge for user %s"),$uid);
> return FALSE;
> }
> // Make sure the user exists in qa table
> $q='SELECT pst_challenge.question, pst_users.hash FROM
> pst_challenge, pst_users WHERE pst_users.id='.
> $this->db->GetTextFieldValue($uid).' AND
> pst_challenge.id=pst_users.hash';
> $result=$this->db->Query($q);
> if(!$result){
> $this->WARNING[]=sprintf(_("Unable to set %s's password recovery
> challenge."),$uid);
> $this->ERROR[]=$this->db->Error();
> return FALSE;
> }else if($this->db->NumberOfRows($result)){
> $q='UPDATE pst_challenge SET question =
> '.$this->db->GetTextFieldValue($ar['question']).', answer = '.
> $this->db->GetTextFieldValue($ar['answer']).' WHERE id = '.
>
> $this->db->GetTextFieldValue($this->db->FetchResult($result,0,1));
> $result=$this->db->Query($q);
> if(!$result && !$this->db->NumberOfRows($result)){
> $this->WARNING[]=sprintf(_("Unable to set %s's password
> recovery challenge."),$uid);
> $this->ERROR[]=$this->db->Error();
> return FALSE;
> }
> return TRUE;
> }else{
> $q='INSERT INTO pst_challenge SET question =
> '.$this->db->GetTextFieldValue($ar['question']).', answer = '.
> $this->db->GetTextFieldValue($ar['answer']).', id = '.
>
> $this->db->GetTextFieldValue($this->db->FetchResult($result,0,1));
> $result=$this->db->Query($q);
> if(!$result && !$this->db->NumberOfRows($result)){
> $this->WARNING[]=sprintf(_("Unable to set %s's password
> recovery challenge."),$uid);
> $this->ERROR[]=$this->db->Error();
> return FALSE;
> }
> return TRUE;
> }
> } // setUserChallenge
>
> /*
> * getUserChallenge()
> *
> * Retreive a user's personal password question/answer challenge pair
> *
> * @param $uid The username of the user to set the challenge for.
> * @param $ar An associative array in the form of
> array('question'=>$USERS_QUESTION, 'answer'=>$USERS_ANSWER, 'hash'=>$QA_ID)
> * which is set by the function.
> * @result Returns TRUE or FALSE and sets WARNING and ERROR strings.
> */
> function getUserChallenge($uid, &$ar){
> $this->ERROR=array();
> $this->WARNING=array();
>
> $q='SELECT pst_challenge.question, pst_challenge.answer,
> pst_users.hash FROM pst_challenge, pst_users WHERE pst_users.id='.
> $this->db->GetTextFieldValue($uid).' AND
> pst_challenge.id=pst_users.hash';
> $result=$this->db->Query($q);
> if(!$result){
> $this->WARNING[]=sprintf(_("Unable to get %s's password recovery
> challenge."),$uid);
> $this->ERROR[]=$this->db->Error();
> return FALSE;
> }
> $ar['question']=$this->db->FetchResult($result,0,0);
> $ar['answer']=$this->db->FetchResult($result,0,1);
> $ar['hash']=$this->db->FetchResult($result,0,2);
> return TRUE;
> } // getUserChallenge
> ?>
Did you have a chance to test the code? As I said, I'm not sure the
queries are correct, but they should give you an idea.
NOTE:
---------------------
When replying to the list, you have to use "Reply-All", or your message
will only go to the sender (which in some cases you might want).
|
|
From: Albert L. <al...@pl...> - 2003-03-19 21:13:07
|
Hello PSA Developers,
The password recovery schema has been put in the psa.schema.xml cvs file.
In generating the code for making this happen, where should the code go? In
the class.phpSecurityAdmin.php file?
Here's what Justin came up with today (thanks dude):
<?php
/*
* setUserChallenge()
*
* Edit or add a user's personal password question/answer challenge
pair
*
* @param $uid The username of the user to set the challenge for.
* @param $ar An associative array in the form of
array('question'=>$USERS_QUESTION,'answer'=>$USERS_ANSWER)
* @result Returns TRUE or FALSE and sets WARNING and ERROR strings.
*/
function setUserChallenge($uid,$ar){
$this->ERROR=array();
$this->WARNING=array();
if(!isset($ar['question']) || !isset($ar['answer'])){
// either no question or no answer
$this->ERROR[]=sprintf(_("You must provide a question and answer
in order to set the password recovery challenge for user %s"),$uid);
return FALSE;
}
// Make sure the user exists in qa table
$q='SELECT pst_challenge.question, pst_users.hash FROM
pst_challenge, pst_users WHERE pst_users.id='.
$this->db->GetTextFieldValue($uid).' AND
pst_challenge.id=pst_users.hash';
$result=$this->db->Query($q);
if(!$result){
$this->WARNING[]=sprintf(_("Unable to set %s's password recovery
challenge."),$uid);
$this->ERROR[]=$this->db->Error();
return FALSE;
}else if($this->db->NumberOfRows($result)){
$q='UPDATE pst_challenge SET question =
'.$this->db->GetTextFieldValue($ar['question']).', answer = '.
$this->db->GetTextFieldValue($ar['answer']).' WHERE id = '.
$this->db->GetTextFieldValue($this->db->FetchResult($result,0,1));
$result=$this->db->Query($q);
if(!$result && !$this->db->NumberOfRows($result)){
$this->WARNING[]=sprintf(_("Unable to set %s's password
recovery challenge."),$uid);
$this->ERROR[]=$this->db->Error();
return FALSE;
}
return TRUE;
}else{
$q='INSERT INTO pst_challenge SET question =
'.$this->db->GetTextFieldValue($ar['question']).', answer = '.
$this->db->GetTextFieldValue($ar['answer']).', id = '.
$this->db->GetTextFieldValue($this->db->FetchResult($result,0,1));
$result=$this->db->Query($q);
if(!$result && !$this->db->NumberOfRows($result)){
$this->WARNING[]=sprintf(_("Unable to set %s's password
recovery challenge."),$uid);
$this->ERROR[]=$this->db->Error();
return FALSE;
}
return TRUE;
}
} // setUserChallenge
/*
* getUserChallenge()
*
* Retreive a user's personal password question/answer challenge pair
*
* @param $uid The username of the user to set the challenge for.
* @param $ar An associative array in the form of
array('question'=>$USERS_QUESTION, 'answer'=>$USERS_ANSWER, 'hash'=>$QA_ID)
* which is set by the function.
* @result Returns TRUE or FALSE and sets WARNING and ERROR strings.
*/
function getUserChallenge($uid, &$ar){
$this->ERROR=array();
$this->WARNING=array();
$q='SELECT pst_challenge.question, pst_challenge.answer,
pst_users.hash FROM pst_challenge, pst_users WHERE pst_users.id='.
$this->db->GetTextFieldValue($uid).' AND
pst_challenge.id=pst_users.hash';
$result=$this->db->Query($q);
if(!$result){
$this->WARNING[]=sprintf(_("Unable to get %s's password recovery
challenge."),$uid);
$this->ERROR[]=$this->db->Error();
return FALSE;
}
$ar['question']=$this->db->FetchResult($result,0,0);
$ar['answer']=$this->db->FetchResult($result,0,1);
$ar['hash']=$this->db->FetchResult($result,0,2);
return TRUE;
} // getUserChallenge
?>
|
