Changeset 126
- Timestamp:
- May 24, 2006 6:07:38 AM (18 years ago)
- Location:
- tags/2.0.1
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
tags/2.0.1/lib/App.inc.php
r108 r126 16 16 define('MSG_NOTICE', 4); 17 17 define('MSG_SUCCESS', 8); 18 define('MSG_ALL', MSG_SUCCESS | MSG_NOTICE | MSG_WARNING | MSG_ERROR); 18 19 19 20 require_once dirname(__FILE__) . '/Utilities.inc.php'; … … 1106 1107 function sslOff() 1107 1108 { 1109 if (!isset($this) || !is_a($this, 'App') && !is_subclass_of($this, 'App')) { 1110 $this =& App::getInstance(); 1111 } 1112 1108 1113 if ('' != getenv('HTTPS')) { 1109 1114 $this->dieURL('http://' . getenv('HTTP_HOST') . getenv('REQUEST_URI'), null, true); -
tags/2.0.1/lib/Auth_SQL.inc.php
r111 r126 251 251 WHERE " . $this->_params['db_primary_key'] . " = '" . $this->getVal('user_id') . "' 252 252 "); 253 $_SESSION[ '_auth_file'] = array('authenticated' => false);253 $_SESSION[$this->_sess] = array('authenticated' => false); 254 254 } 255 255 … … 300 300 $this->initDB(); 301 301 302 // Query DB for user matching credentials. 303 // FIXME: Cannot compare crypt style passwords this way. 304 $qid = DB::query(" 305 SELECT *, " . $this->_params['db_primary_key'] . " AS user_id 306 FROM " . $this->_params['db_table'] . " 307 WHERE " . $this->_params['db_username_column'] . " = '" . DB::escapeString($username) . "' 308 AND BINARY userpass = '" . DB::escapeString($this->encryptPassword($password)) . "' 309 "); 302 switch ($this->_params['encryption_type']) { 303 case AUTH_ENCRYPT_CRYPT : 304 // Query DB for user matching credentials. Compare cyphertext with salted-encrypted password. 305 $qid = DB::query(" 306 SELECT *, " . $this->_params['db_primary_key'] . " AS user_id 307 FROM " . $this->_params['db_table'] . " 308 WHERE " . $this->_params['db_username_column'] . " = '" . DB::escapeString($username) . "' 309 AND BINARY userpass = ENCRYPT('" . DB::escapeString($password) . "', LEFT(userpass, 2))) 310 "); 311 break; 312 case AUTH_ENCRYPT_PLAINTEXT : 313 case AUTH_ENCRYPT_MD5 : 314 case AUTH_ENCRYPT_SHA1 : 315 default : 316 // Query DB for user matching credentials. Directly compare cyphertext with result from encryptPassword(). 317 $qid = DB::query(" 318 SELECT *, " . $this->_params['db_primary_key'] . " AS user_id 319 FROM " . $this->_params['db_table'] . " 320 WHERE " . $this->_params['db_username_column'] . " = '" . DB::escapeString($username) . "' 321 AND BINARY userpass = '" . DB::escapeString($this->encryptPassword($password)) . "' 322 "); 323 break; 324 } 310 325 311 326 // Return user data if found. … … 528 543 $expire_reasons[] = 'idle_timeout expired'; 529 544 } 530 if ($_SESSION[ '_auth_file']['remote_ip'] != getRemoteAddr() && !$user_in_trusted_network) {545 if ($_SESSION[$this->_sess]['remote_ip'] != getRemoteAddr() && !$user_in_trusted_network) { 531 546 $expire_reasons[] = sprintf('remote_ip not matched (%s != %s)', $_SESSION[$this->_sess]['remote_ip'], getRemoteAddr()); 532 547 } … … 682 697 * 683 698 */ 684 function encryptPassword($password )699 function encryptPassword($password, $salt=null) 685 700 { 686 701 switch ($this->_params['encryption_type']) { … … 690 705 691 706 case AUTH_ENCRYPT_CRYPT : 692 return crypt($password); 707 // If comparing clear-text password with encrypted text, provide encrypted text as the salt. 708 return isset($salt) ? crypt($password, substr($salt, 0, 2)) : crypt($password); 693 709 break; 694 710 … … 720 736 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "' 721 737 "); 738 739 if (mysql_affected_rows(DB::getDBH()) != 1) { 740 App::logMsg(sprintf('setPassword failed to update password for user %s', $user_id), LOG_NOTICE, __FILE__, __LINE__); 741 } 722 742 } 723 743 -
tags/2.0.1/lib/Email.inc.php
r114 r126 281 281 if (mail($final_to, $this->_params['subject'], $final_body, $final_headers, $envelope_sender_header)) { 282 282 App::logMsg(sprintf('Email successfully sent to %s', $final_to), LOG_DEBUG, __FILE__, __LINE__); 283 return true 283 return true; 284 284 } else { 285 285 App::logMsg(sprintf('Email failure with parameters: %s, %s, %s, %s', $final_to, $this->_params['subject'], str_replace("\r\n", '\r\n', $final_headers), $envelope_sender_header), LOG_NOTICE, __FILE__, __LINE__); -
tags/2.0.1/tests/Auth_FileTest.php
r42 r126 23 23 require dirname(__FILE__) . '/_config.inc.php'; 24 24 require_once '../lib/Auth_File.inc.php'; 25 $this->Auth_File =& new Auth_File(array('htpasswd_file' => dirname(__FILE__) . '/_test_htpasswd')); 25 $this->Auth_File =& new Auth_File('test'); 26 $this->Auth_File->setParam(array('htpasswd_file' => dirname(__FILE__) . '/_test_htpasswd')); 26 27 } 27 28 … … 44 45 $result = $this->Auth_File->login('testuser', 'testpass'); 45 46 $this->assertTrue($result, 'testuser login failed.'); 46 $this->assertTrue($_SESSION['_auth ']['authenticated'], 'testuser authentication not found in session.');47 $this->assertTrue($_SESSION['_auth_test']['authenticated'], 'testuser authentication not found in session.'); 47 48 } 48 49 … … 51 52 $result = $this->Auth_File->login('testuser', 'testpass'); 52 53 $this->Auth_File->clearauth(); 53 $this->assertFalse($_SESSION['_auth ']['authenticated'], 'testuser authentication not false in session.');54 $this->assertFalse($_SESSION['_auth_test']['authenticated'], 'testuser authentication not false in session.'); 54 55 } 55 56 -
tags/2.0.1/tests/Auth_SQLTest.php
r42 r126 29 29 'db_login_table' => 'test_login_tbl', 30 30 'login_url' => '/login.php', 31 'blocking' => true 31 'blocking' => true, 32 'encryption_type' => AUTH_ENCRYPT_SHA1, 32 33 )); 33 34 … … 46 47 ) VALUES ( 47 48 'testuser', 48 md5('testpass'),49 '" . $this->Auth_SQL->encryptpassword('testpass') . "', 49 50 'John', 50 51 'Doe', … … 185 186 function test_encryptpassword() 186 187 { 188 $this->Auth_SQL->setParam(array('encryption_type' => AUTH_ENCRYPT_MD5)); 187 189 $result = $this->Auth_SQL->encryptpassword('123'); 188 190 $this->assertEquals('202cb962ac59075b964b07152d234b70', $result); 191 192 $this->Auth_SQL->setParam(array('encryption_type' => AUTH_ENCRYPT_SHA1)); 193 $result = $this->Auth_SQL->encryptpassword('123'); 194 $this->assertEquals('40bd001563085fc35165329ea1ff5c5ecbdbbeef', $result); 195 196 $this->Auth_SQL->setParam(array('encryption_type' => AUTH_ENCRYPT_PLAINTEXT)); 197 $result = $this->Auth_SQL->encryptpassword('123'); 198 $this->assertEquals('123', $result); 199 200 $this->Auth_SQL->setParam(array('encryption_type' => AUTH_ENCRYPT_CRYPT)); 201 $result = $this->Auth_SQL->encryptpassword('123', 'saltstring'); 202 $this->assertEquals('saEZ6MlWYV9nQ', $result); 189 203 } 190 204 … … 197 211 "); 198 212 list($pass) = mysql_fetch_row($qid); 199 $this->assertEquals(' 202cb962ac59075b964b07152d234b70', $pass);213 $this->assertEquals('40bd001563085fc35165329ea1ff5c5ecbdbbeef', $pass); 200 214 } 201 215 -
tags/2.0.1/tests/RecordLockTest.php
r42 r126 49 49 ) VALUES ( 50 50 'testuser', 51 md5('testpass'),51 '" . $this->Auth_SQL->encryptpassword('testpass') . "', 52 52 'John', 53 53 'Doe', … … 56 56 ) 57 57 "); 58 $this->Auth_SQL->login('testuser', 'testpass'); 58 if (!$this->Auth_SQL->login('testuser', 'testpass')) { 59 trigger_error('Test user not logged in.', E_USER_WARNING); 60 } 59 61 60 62 $this->RecordLock =& RecordLock::getInstance($this->Auth_SQL); -
tags/2.0.1/tests/_config.inc.php
r43 r126 29 29 'log_screen_priority' => LOG_WARNING, 30 30 'error_reporting' => E_ALL, 31 'signing_key' => 'atestsaltkey', 31 32 )); 32 33 -
tags/2.0.1/tests/run_tests.sh
r53 r126 7 7 for foo in *Test.php; 8 8 do 9 /usr/local/bin/php$foo;9 php4 $foo; 10 10 done;
Note: See TracChangeset
for help on using the changeset viewer.