From 42ee9defc8cd47d809d5627779f9d9c867032238 Mon Sep 17 00:00:00 2001
From: andi <andi@splitbrain.org>
Date: Sat, 14 May 2005 21:22:08 +0200
Subject: variuous auth_mysql fixes

This patch adds mor flexibility and security to the mysql_auth backend.
You now can omit the getgroupid and addusergroup configs if you don't need
them. The default groupname is available in addusergroup and adduser now, too.
Last but not least calls to addslashes were added to avoid SQL injection.

darcs-hash:20050514192208-9977f-d970834ca68a896e725c4911639a311217dee792.gz
---
 inc/auth_mysql.php | 60 ++++++++++++++++++++++++++++++++++--------------------
 1 file changed, 38 insertions(+), 22 deletions(-)

(limited to 'inc')

diff --git a/inc/auth_mysql.php b/inc/auth_mysql.php
index 0bd6c0a8e..758fe3b77 100644
--- a/inc/auth_mysql.php
+++ b/inc/auth_mysql.php
@@ -134,33 +134,49 @@ function auth_createUser($user,$pass,$name,$mail){
   global $conf;
   $cnf = $conf['auth']['mysql'];
   
+  //check if user exists
   $info = auth_getUserData($user);
   if ($info != false) return false;
+ 
+  //get groupid of default group
+  if($cnf['getgroupid']){
+    $sql    = str_replace('%g',addslashes($conf['defaultgroup']),$cnf['getgroupid']);
+    $result = auth_mysql_runsql($sql);
+    if($result === false) return null;
+    if (count($result) == 1){
+      $gid = $result[0]['gid'];
+    }else{
+      msg("MySQL: Couldn't find the default group",-1);
+      return null;
+    }
+  }
   
-  $sql    = str_replace('%g',$conf['defaultgroup'],$cnf['getgroupid']);
-  $result = auth_mysql_runsql($sql);
-  
-  if (count($result) == 1) {
-    $gid  = $result[0]['gid'];
-    
-    $sql  = str_replace('%u',$user,$cnf['adduser']);
-    $sql  = str_replace('%p',auth_cryptPassword($pass),$sql);
-    $sql  = str_replace('%n',$name,$sql);
-    $sql  = str_replace('%e',$mail,$sql);
-    $uid  = auth_mysql_runsql($sql);
-    
-    if ($uid != 0) { 
-      $sql  = str_replace('%uid',$uid,$cnf['addusergroup']);
-      $sql  = str_replace('%gid',$gid,$sql);
-      auth_mysql_runsql($sql);
-      return $pass;
-    } else
-      msg("Registering of the new user '$user' failed!", -1);
+  //prepare the insert 
+  $sql = str_replace('%u'  ,addslashes($user),$cnf['adduser']);
+  $sql = str_replace('%p'  ,addslashes(auth_cryptPassword($pass)),$sql);
+  $sql = str_replace('%n'  ,addslashes($name),$sql);
+  $sql = str_replace('%e'  ,addslashes($mail),$sql);
+  $sql = str_replace('%gid',addslashes($gid),$sql);
+  $sql = str_replace('%g'  ,addslashes($conf['defaultgroup']),$sql);
 
-  } else
-    msg("The default group is not cleanly defined in the database!", -1);
+  //do the insert
+  $uid  = auth_mysql_runsql($sql);
+  if($uid == 0){
+    msg("Registering of the new user '$user' failed!", -1);
+    return null;
+  }
+
+  //add to default group  
+  if ($cnf['addusergroup']) {
+    $sql = str_replace('%uid',addslashes($uid),$cnf['addusergroup']);
+    $sql = str_replace('%u'  ,addslashes($user),$sql);
+    $sql = str_replace('%gid',addslashes($gid),$sql);
+    $sql = str_replace('%g'  ,addslashes($conf['defaultgroup']),$sql);
+    $result = auth_mysql_runsql($sql);
+    if($result === false) msg("MySQL: couldn't add user to the default group");
+  }
 
-  return null;
+  return $pass;
 }
     
 //Setup VIM: ex: et ts=2 enc=utf-8 :
-- 
cgit v1.2.3