hash support for auth_mysql

This patch adds support for different hash algorithms to auth_mysql.
The SQL queries must be modified too and please keep an eye on the
password field width in your users database. Some hash values need
much more space than the good old md5 algorithm.

darcs-hash:20050513182619-7ef76-a363c735e34f18b0f2b88be48a1b261e4b50fab3.gz

1 files changed, 8 insertions, 3 deletions

diff --git a/inc/auth_mysql.php b/inc/auth_mysql.php
index ac835ae17..0bd6c0a8e 100644
--- a/inc/auth_mysql.php
+++ b/inc/auth_mysql.php
@@ -61,6 +61,7 @@ function auth_mysql_runsql($sql_string) {
  * the right group
  *
  * @author  Andreas Gohr <andi@splitbrain.org>
+ * @author  Matthias Grimm <matthiasgrimm@users.sourceforge.net>
  * @return  bool
  */
 function auth_checkPass($user,$pass){
@@ -69,9 +70,13 @@ function auth_checkPass($user,$pass){
 
   $sql    = str_replace('%u',addslashes($user),$cnf['passcheck']);
   $sql    = str_replace('%g',addslashes($conf['defaultgroup']),$sql);
-  $sql    = str_replace('%p',addslashes($pass),$sql);
   $result = auth_mysql_runsql($sql);
-  return(count($result));
+  
+  if(count($result)){
+    return(auth_verifyPassword($pass,$result[0]['pass']));
+  }else{
+    return(false);
+  }
 }
 
 /**
@@ -139,7 +144,7 @@ function auth_createUser($user,$pass,$name,$mail){
     $gid  = $result[0]['gid'];
     
     $sql  = str_replace('%u',$user,$cnf['adduser']);
-    $sql  = str_replace('%p',$pass,$sql);
+    $sql  = str_replace('%p',auth_cryptPassword($pass),$sql);
     $sql  = str_replace('%n',$name,$sql);
     $sql  = str_replace('%e',$mail,$sql);
     $uid  = auth_mysql_runsql($sql);