Menu
▾
▴
[Webnotes-cvs] webnotes/core access_api.php,1.3,1.4 user_api.php,1.4,1.5
|
From: <vb...@us...> - 2002-09-16 05:24:43
|
Update of /cvsroot/webnotes/webnotes/core
In directory usw-pr-cvs1:/tmp/cvs-serv5760/core
Modified Files:
access_api.php user_api.php
Log Message:
The change password form is now working.
Index: access_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/access_api.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- access_api.php 14 Sep 2002 06:22:03 -0000 1.3
+++ access_api.php 16 Sep 2002 05:24:40 -0000 1.4
@@ -9,23 +9,27 @@
# --------------------------------------------------------
### --------------------
- function password_match( $p_test_password, $p_password ) {
+ function access_encrypt_password( $p_password ) {
switch( config_get( 'auth_type' ) ) {
case AUTH_PLAIN:
- return ( strcmp( $p_test_password, $p_password ) == 0 );
+ return ( $p_password );
case AUTH_CRYPT:
$salt = substr( $p_password, 0, 2 );
- return ( crypt( $p_test_password, $salt ) == $p_password );
+ return ( crypt( $p_password, $salt ) );
- case AUTH_MD5:
- return ( md5( $p_test_password ) == $p_password );
+ case AUTH_MD5:
+ return ( md5( $p_password ) );
default:
# @@@@ Replace with proper error
echo "Invalid authentication type";
exit;
} // switchconfig_get()) {
+ }
+ ### --------------------
+ function password_match( $p_test_password, $p_password ) {
+ return ( access_encrypt_password( $p_test_password ) === $p_password );
}
### --------------------
function access_verify_login( $p_username, $p_password ) {
Index: user_api.php
===================================================================
RCS file: /cvsroot/webnotes/webnotes/core/user_api.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- user_api.php 15 Sep 2002 04:03:52 -0000 1.4
+++ user_api.php 16 Sep 2002 05:24:40 -0000 1.5
@@ -44,19 +44,58 @@
return $t_users_array;
}
### --------------------
- function user_change_password( $p_id, $p_old_password, $p_new_password, $p_verify_password = null ) {
- # @@@@ to be implemented
- #if ( $f_password == $f_password2 ) {
- # $f_password = crypt($f_password);
- # $query = "UPDATE $g_phpWN_user_table
- # SET password='$f_password'
- # WHERE id='$f_id'";
- # $result = db_query( $query );
- # $pass_change = 1;
- #} else {
- # # @@@@
- # echo "PASSWORDS DO NOT MATCH";
- # exit;
- #}
+ function user_get_info( $p_id ) {
+ global $g_phpWN_user_table;
+
+ $c_id = db_prepare_int( $p_id );
+
+ $query = "SELECT *
+ FROM $g_phpWN_user_table
+ WHERE id = $c_id";
+
+ $result = db_query( $query );
+ if ( false === $result ) {
+ echo 'User not found.<br />';
+ return false;
+ }
+
+ if ( $row = db_fetch_array( $result ) ) {
+ return ( $row );
+ }
+
+ return false;
+ }
+ ### --------------------
+ function user_change_password( $p_string_cookie_val, $p_old_password, $p_new_password, $p_verify_password = null ) {
+ global $g_phpWN_user_table;
+
+ $t_user = get_user_info_arr( $p_string_cookie_val );
+ if ( false === $t_user ) {
+ return false; ## error message printed by user_get_info().
+ }
+
+ if ( !access_verify_login( $t_user['username'], $p_old_password ) ) {
+ echo 'Original password is incorrect.<br />';
+ return false;
+ }
+
+ if ( ( $p_verify_password !== null ) && ( $p_verify_password != $p_new_password ) ) {
+ echo 'New and verify passwords do not match.<br />';
+ return false;
+ }
+
+ $t_password = access_encrypt_password( $p_new_password );
+ $c_password = db_prepare_string( $t_password );
+ $c_cookie_string = db_prepare_string( $p_string_cookie_val );
+
+ $query = "UPDATE $g_phpWN_user_table
+ SET password='$c_password'
+ WHERE cookie_string='$c_cookie_string'";
+ $result = db_query( $query );
+ if ( false === $result ) {
+ return false;
+ }
+
+ return true;
}
?>
|
