From 10e0d7f99a6c6f1fa9f64b5eed31d3c178171d6e Mon Sep 17 00:00:00 2001
From: Matthias Grimm <matthiasgrimm@users.sourceforge.net>
Date: Thu, 10 Nov 2005 18:38:12 +0100
Subject: MySQL OO auth module bug fix

This patch fixes some bugs in the MySQL OO auth module
regarding modifying user data.

darcs-hash:20051110173812-4145d-384877de723b568ccc456f42738a8a5e012fb84d.gz
---
 inc/auth/mysql.class.php | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

(limited to 'inc/auth/mysql.class.php')

diff --git a/inc/auth/mysql.class.php b/inc/auth/mysql.class.php
index ff126a0ec..ad9d532d3 100644
--- a/inc/auth/mysql.class.php
+++ b/inc/auth/mysql.class.php
@@ -130,6 +130,7 @@ class auth_mysql extends auth_basic {
           $grps = array($this->defaultgroup);
  
         $this->lockTables("WRITE");
+        $pwd = $this->cnf['encryptPass'] ? $pwd : auth_cryptPassword($pwd);
         $rc = $this->addUser($user,$pwd,$name,$mail,$grps);
         $this->unlockTables();
         $this->closeDB();
@@ -163,8 +164,11 @@ class auth_mysql extends auth_basic {
       if($this->openDB()) {
         $this->lockTables("WRITE");
         if (($info = $this->getUserInfo($user)) !== false) {
-          foreach ($changes as $field => $value)
+          foreach ($changes as $field => $value) {
+            if ($field == 'pass' && !$this->cnf['encryptPass'])
+               $value = auth_cryptPassword($value);
             $info[$field] = $value;  // update user record
+          }
 
           $rc = $this->delUser($user);   // remove user from database
           if ($rc)
@@ -430,7 +434,7 @@ class auth_mysql extends auth_basic {
      * 'false'.
      *
      * @param  $user  nick of the user
-     * @param  $pwd   clear text password
+     * @param  $pwd   encrypted password
      * @param  $name  full name of the user
      * @param  $mail  email address
      * @param  $grps  array of groups the user should become member of
@@ -442,9 +446,8 @@ class auth_mysql extends auth_basic {
      */
     function addUser($user,$pwd,$name,$mail,$grps){
       if($this->dbcon && is_array($grps)) {
-        $_pwd = $this->cnf['encryptPass'] ? $pwd : auth_cryptPassword($pwd);
         $sql = str_replace('%u'  ,addslashes($user),$this->cnf['addUser']);
-        $sql = str_replace('%p'  ,addslashes($_pwd),$sql);
+        $sql = str_replace('%p'  ,addslashes($pwd),$sql);
         $sql = str_replace('%n'  ,addslashes($name),$sql);
         $sql = str_replace('%e'  ,addslashes($mail),$sql);  
         $uid = $this->modifyDB($sql);
@@ -556,9 +559,8 @@ class auth_mysql extends auth_basic {
     function openDB() {
       global $lang;
       
-      if ($this->dbcon == 0) {
+      if (!$this->dbcon) {
         $con = @mysql_connect ($this->cnf['server'], $this->cnf['user'], $this->cnf['password']);   
-
         if ($con) {
           if ((mysql_select_db($this->cnf['database'], $con))) {
             $this->dbcon = $con; 
-- 
cgit v1.2.3