Changeset 15 for trunk/lib/Auth_SQL.inc.php

Timestamp:

Nov 13, 2005 4:51:22 AM (19 years ago)

Author:

scdev

Message:

M trunk/tests/run_tests.sh
Now can run tests without being in tests dir.

M trunk/tests/_config.inc.php
No change

M trunk/tests/Auth_SQLTest.php
...

M trunk/lib/RecordVersion.inc.php
Removed debugging.

M trunk/lib/DB.inc.php
Added die on connect error only if db_die_on_failure is true.

M trunk/lib/DBSessionHandler.inc.php
Added more accurate error-checking.

M trunk/lib/FormValidator.inc.php
Fixed email regex bugs.

M trunk/lib/SpellCheck.inc.php
Integrated lots of bug fixes from UK update.

M trunk/lib/Auth_SQL.inc.php
Lots of minor bug fixes.

M trunk/lib/App.inc.php
A couple minor bug fixes.

File:

• trunk/lib/Auth_SQL.inc.php (modified) (10 diffs)

trunk/lib/Auth_SQL.inc.php

@@ -123 +123 @@
             }
 
+            // The minimal columns for a table compatable with the Auth_SQL class.
             DB::query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " (
                 " . $this->getParam('db_primary_key') . " smallint(11) NOT NULL auto_increment,
@@ -306 +307 @@
         // Return user data if found.
         if ($user_data = mysql_fetch_assoc($qid)) {
-            App::logMsg(sprintf('Authentication successful for user: %s', $username), LOG_DEBUG, __FILE__, __LINE__);
+            App::logMsg(sprintf('Authentication successful for %s %s (%s)', $this->_auth, $user_data['user_id'], $username), LOG_DEBUG, __FILE__, __LINE__);
             return $user_data;
         } else {
-            App::logMsg(sprintf('Authentication failed for user: %s', $username), LOG_DEBUG, __FILE__, __LINE__);
+            App::logMsg(sprintf('Authentication failed for %s %s (encrypted attempted password: %s)', $this->_auth, $username, $this->encryptPassword($password)), LOG_NOTICE, __FILE__, __LINE__);
             return false;
         }
@@ -352 +353 @@
             if (!empty($user_data['blocked'])) {
                 
-                App::logMsg(sprintf('Login failed, blocked account. User: %s (%s) Reason: %s', $user_data['user_id'], $username, $user_data['blocked_reason']), LOG_NOTICE, __FILE__, __LINE__);
+                App::logMsg(sprintf('%s %s (%s) login failed due to blocked account: %s', ucfirst($this->_auth), $this->getVal('user_id'), $this->getVal('username'), $this->getVal('blocked_reason')), LOG_NOTICE, __FILE__, __LINE__);
                 
                 switch ($user_data['blocked_reason']) {
@@ -385 +386 @@
                 if ($this->getVal('abuse_warning_level') < $this->_params['login_abuse_warnings']) {
                     // Warn the user with a password reset.
-                    $this->resetPassword(null, _("This is a security precaution. We have detected this account has been accessed from multiple computers simultaneously. It is against policy to share your login information with others. If further account abuse is detected your account will be blocked."));
+                    $this->resetPassword(null, _("This is a security precaution. We have detected this account has been accessed from multiple computers simultaneously. It is against policy to share login information with others. If further account abuse is detected this account will be blocked."));
                     App::raiseMsg(_("Your password has been reset as a security precaution. Please check your email for more information."), MSG_NOTICE, __FILE__, __LINE__);
-                    App::logMsg(sprintf('Account abuse detected for user %s from IP %s', $this->getVal('username'), $this->getVal('remote_ip')), LOG_WARNING, __FILE__, __LINE__);
+                    App::logMsg(sprintf('Account abuse detected for %s %s (%s) from IP %s', $this->_auth, $this->getVal('user_id'), $this->getVal('username'), $this->getVal('remote_ip')), LOG_WARNING, __FILE__, __LINE__);
                 } else {
                     // Block the account with the reason of account abuse.
                     $this->blockAccount(null, 'account abuse');
                     App::raiseMsg(_("Your account has been blocked as a security precaution. Please contact us for more information."), MSG_NOTICE, __FILE__, __LINE__);
-                    App::logMsg(sprintf('Account blocked for user %s from IP %s', $this->getVal('username'), $this->getVal('remote_ip')), LOG_ALERT, __FILE__, __LINE__);
+                    App::logMsg(sprintf('Account blocked for %s %s (%s) from IP %s', $this->_auth, $this->getVal('user_id'), $this->getVal('username'), $this->getVal('remote_ip')), LOG_ALERT, __FILE__, __LINE__);
                 }
                 // Increment user's warning level.
@@ -608 +609 @@
         $this->initDB();
         
-        $qid = DB::query("SELECT 1 FROM " . $this->_params['db_table'] . " WHERE " . $this->_params['db_username_column'] . " = '" . addslashes($username) . "'");
+        $qid = DB::query("
+            SELECT 1 
+            FROM " . $this->_params['db_table'] . "
+            WHERE " . $this->_params['db_username_column'] . " = '" . addslashes($username) . "'
+        ");
         return (mysql_num_rows($qid) > 0);
     }
@@ -622 +627 @@
         $this->initDB();
         
-        $qid = DB::query("SELECT " . $this->_params['db_username_column'] . " FROM " . $this->_params['db_table'] . " WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'");
+        $qid = DB::query("
+            SELECT " . $this->_params['db_username_column'] . "
+            FROM " . $this->_params['db_table'] . "
+            WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'
+        ");
         if (list($username) = mysql_fetch_row($qid)) {
             return $username;
@@ -677 +686 @@
             
         case AUTH_ENCRYPT_SHA1 :
-            if (function_exists('sha1')) { // Only in PHP 4.3.0+
-                return sha1($password);
-                break;
-            }
+            return sha1($password);
+            break;
             
         case AUTH_ENCRYPT_MD5 :
@@ -726 +733 @@
             WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'
         ");
-        $user_data = mysql_fetch_assoc($qid);
+        if (!$user_data = mysql_fetch_assoc($qid)) {
+            App::logMsg(sprintf('Reset password failed. %s %s not found.', ucfirst($this->_auth), $user_id), LOG_NOTICE, __FILE__, __LINE__);
+            return false;
+        }
+        
+        // Make sure user has an email on record.
+        if (!isset($user_data['email']) || '' == trim($user_data['email'])) {
+            App::logMsg(sprintf('Password reset but notification failed, no email address for %s %s (%s).', $this->_auth, $user_data[$this->_params['db_primary_key']], $user_data[$this->_params['db_username_column']]), LOG_NOTICE, __FILE__, __LINE__);
+        }
 
         // Get new password.
@@ -755 +770 @@
 EOF;
         $email_body = wordwrap(sprintf($email_body, 
-            $user_data['username'],
+            $user_data[$this->_params['db_username_column']],
             App::getParam('site_name'),
             $reason,
-            $user_data['username'],
+            $user_data[$this->_params['db_username_column']],
             $password,
             App::getParam('site_name'),
@@ -767 +782 @@
         mail($user_data['email'], $email_subject, $email_body, sprintf("From: %s <%s>\r\n", App::getParam('site_name'), App::getParam('site_email')), App::getParam('envelope_sender_address'));
     
-        return array('username'=>$user_data['username'], 'userpass'=>$password);
+        return array(
+            'username' => $user_data[$this->_params['db_username_column']], 
+            'userpass' => $password
+        );
     }