Update of /cvsroot/phpslash/phpslash-ft/class
In directory usw-pr-cvs1:/tmp/cvs-serv3993/phpslash-ft/class
Modified Files:
Author.class slashAuthCR.class
Log Message:
store password as md5
Index: Author.class
===================================================================
RCS file: /cvsroot/phpslash/phpslash-ft/class/Author.class,v
retrieving revision 1.14
retrieving revision 1.15
diff -C2 -d -r1.14 -r1.15
*** Author.class 2001/12/17 22:42:37 1.14
--- Author.class 2002/01/23 00:15:22 1.15
***************
*** 109,116 ****
return false;
}
- if ($ary[password] == "") {
- error("There is no password in Author.class::saveAuthor");
- return false;
- }
if (!is_array($ary[permission]) or (count($ary[permission]) < 1)) {
error("You need to select some permissions in Author.class::saveAuthor");
--- 109,112 ----
***************
*** 134,138 ****
$joined_perms = join(',',$ary[permission]);
if ($this->db->next_record()) {
! $q = "UPDATE psl_author
SET author_name = '$ary[author_name]',
author_realname = '$ary[author_realname]',
--- 130,144 ----
$joined_perms = join(',',$ary[permission]);
if ($this->db->next_record()) {
! if ($ary[password] == "") {
! $q = "UPDATE psl_author
! SET author_name = '$ary[author_name]',
! author_realname = '$ary[author_realname]',
! url = '$ary[url]',
! email = '$ary[email]',
! quote = '$ary[quote]',
! perms = '$joined_perms'
! WHERE author_id = '$ary[author_id]'";
! } else {
! $q = "UPDATE psl_author
SET author_name = '$ary[author_name]',
author_realname = '$ary[author_realname]',
***************
*** 140,147 ****
email = '$ary[email]',
quote = '$ary[quote]',
! password = '$ary[password]',
perms = '$joined_perms'
WHERE author_id = '$ary[author_id]'";
} else {
$ary[author_id] = generateID("psl_author_seq");
--- 146,160 ----
email = '$ary[email]',
quote = '$ary[quote]',
! password = MD5('$ary[author_name]:$ary[password]'),
perms = '$joined_perms'
WHERE author_id = '$ary[author_id]'";
+ }
} else {
+
+ if ($ary[password] == "") {
+ error("There is no password in Author.class::saveAuthor");
+ return false;
+ }
+
$ary[author_id] = generateID("psl_author_seq");
***************
*** 162,166 ****
'$ary[email]',
'$ary[quote]',
! '$ary[password]',
'$ary[seclev]',
'$joined_perms')";
--- 175,179 ----
'$ary[email]',
'$ary[quote]',
! MD5('$ary[author_name]:$ary[password]'),
'$ary[seclev]',
'$joined_perms')";
***************
*** 313,317 ****
URL => $this->db->f("url"),
QUOTE => $this->db->f("quote"),
! PASSWORD => $this->db->f("password"),
SECLEV => $this->db->f("seclev"),
COUNT => $count,
--- 326,330 ----
URL => $this->db->f("url"),
QUOTE => $this->db->f("quote"),
! // PASSWORD => $this->db->f("password"),
SECLEV => $this->db->f("seclev"),
COUNT => $count,
Index: slashAuthCR.class
===================================================================
RCS file: /cvsroot/phpslash/phpslash-ft/class/slashAuthCR.class,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** slashAuthCR.class 2001/10/08 16:47:09 1.1
--- slashAuthCR.class 2002/01/23 00:15:22 1.2
***************
*** 92,110 ****
$this->auth["uid"] = $this->db->Record["author_id"];
$this->auth["uname"] = $this->db->Record["author_name"];
! $md5_pw = md5($this->db->Record[password]);
! $expected_response = md5("$username:$md5_pw:$challenge");
## True when JS is disabled
if ($response == "") {
! if ($this->db->Record["password"] != $password) {
! $this->auth["error"] = "Your password is invalid.<br>Please try again.";
! return false;
! } else {
! $this->auth["perm"] = $this->db->Record["perms"];
! return $uid;
! }
}
!
! ## Response is set, JS is enabled
if ($expected_response != $response) {
$this->auth["error"] = "Either your username or password are invalid.<br>Please try again.";
--- 92,108 ----
$this->auth["uid"] = $this->db->Record["author_id"];
$this->auth["uname"] = $this->db->Record["author_name"];
! $md5_pw = $this->db->Record[password]; // this is the raw MD5ed user/pass combo
! $expected_response = md5("$md5_pw:$challenge");
## True when JS is disabled
if ($response == "") {
! $md5_pw_net = md5("$username:$password");
! $response = md5("$md5_pw_net:$challenge");
}
!
! ## drop password for safety
! $password='';
!
! ## Response is set, JS might be enabled...
if ($expected_response != $response) {
$this->auth["error"] = "Either your username or password are invalid.<br>Please try again.";
|
