From 9fe6ae8c095ea218281f040b1eb8bd856de02f62 Mon Sep 17 00:00:00 2001 From: matthiasgrimm Date: Fri, 13 May 2005 20:26:19 +0200 Subject: hash support for auth_mysql This patch adds support for different hash algorithms to auth_mysql. The SQL queries must be modified too and please keep an eye on the password field width in your users database. Some hash values need much more space than the good old md5 algorithm. darcs-hash:20050513182619-7ef76-a363c735e34f18b0f2b88be48a1b261e4b50fab3.gz --- inc/auth_mysql.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'inc') diff --git a/inc/auth_mysql.php b/inc/auth_mysql.php index ac835ae17..0bd6c0a8e 100644 --- a/inc/auth_mysql.php +++ b/inc/auth_mysql.php @@ -61,6 +61,7 @@ function auth_mysql_runsql($sql_string) { * the right group * * @author Andreas Gohr + * @author Matthias Grimm * @return bool */ function auth_checkPass($user,$pass){ @@ -69,9 +70,13 @@ function auth_checkPass($user,$pass){ $sql = str_replace('%u',addslashes($user),$cnf['passcheck']); $sql = str_replace('%g',addslashes($conf['defaultgroup']),$sql); - $sql = str_replace('%p',addslashes($pass),$sql); $result = auth_mysql_runsql($sql); - return(count($result)); + + if(count($result)){ + return(auth_verifyPassword($pass,$result[0]['pass'])); + }else{ + return(false); + } } /** @@ -139,7 +144,7 @@ function auth_createUser($user,$pass,$name,$mail){ $gid = $result[0]['gid']; $sql = str_replace('%u',$user,$cnf['adduser']); - $sql = str_replace('%p',$pass,$sql); + $sql = str_replace('%p',auth_cryptPassword($pass),$sql); $sql = str_replace('%n',$name,$sql); $sql = str_replace('%e',$mail,$sql); $uid = auth_mysql_runsql($sql); -- cgit v1.2.3