Changeset 15 for trunk/lib/Auth_SQL.inc.php
- Timestamp:
- Nov 13, 2005 4:51:22 AM (19 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Auth_SQL.inc.php
r14 r15 123 123 } 124 124 125 // The minimal columns for a table compatable with the Auth_SQL class. 125 126 DB::query("CREATE TABLE IF NOT EXISTS " . $this->getParam('db_table') . " ( 126 127 " . $this->getParam('db_primary_key') . " smallint(11) NOT NULL auto_increment, … … 306 307 // Return user data if found. 307 308 if ($user_data = mysql_fetch_assoc($qid)) { 308 App::logMsg(sprintf('Authentication successful for user: %s', $username), LOG_DEBUG, __FILE__, __LINE__);309 App::logMsg(sprintf('Authentication successful for %s %s (%s)', $this->_auth, $user_data['user_id'], $username), LOG_DEBUG, __FILE__, __LINE__); 309 310 return $user_data; 310 311 } else { 311 App::logMsg(sprintf('Authentication failed for user: %s', $username), LOG_DEBUG, __FILE__, __LINE__);312 App::logMsg(sprintf('Authentication failed for %s %s (encrypted attempted password: %s)', $this->_auth, $username, $this->encryptPassword($password)), LOG_NOTICE, __FILE__, __LINE__); 312 313 return false; 313 314 } … … 352 353 if (!empty($user_data['blocked'])) { 353 354 354 App::logMsg(sprintf(' Login failed, blocked account. User: %s (%s) Reason: %s', $user_data['user_id'], $username, $user_data['blocked_reason']), LOG_NOTICE, __FILE__, __LINE__);355 App::logMsg(sprintf('%s %s (%s) login failed due to blocked account: %s', ucfirst($this->_auth), $this->getVal('user_id'), $this->getVal('username'), $this->getVal('blocked_reason')), LOG_NOTICE, __FILE__, __LINE__); 355 356 356 357 switch ($user_data['blocked_reason']) { … … 385 386 if ($this->getVal('abuse_warning_level') < $this->_params['login_abuse_warnings']) { 386 387 // Warn the user with a password reset. 387 $this->resetPassword(null, _("This is a security precaution. We have detected this account has been accessed from multiple computers simultaneously. It is against policy to share your login information with others. If further account abuse is detected youraccount will be blocked."));388 $this->resetPassword(null, _("This is a security precaution. We have detected this account has been accessed from multiple computers simultaneously. It is against policy to share login information with others. If further account abuse is detected this account will be blocked.")); 388 389 App::raiseMsg(_("Your password has been reset as a security precaution. Please check your email for more information."), MSG_NOTICE, __FILE__, __LINE__); 389 App::logMsg(sprintf('Account abuse detected for user %s from IP %s', $this->getVal('username'), $this->getVal('remote_ip')), LOG_WARNING, __FILE__, __LINE__);390 App::logMsg(sprintf('Account abuse detected for %s %s (%s) from IP %s', $this->_auth, $this->getVal('user_id'), $this->getVal('username'), $this->getVal('remote_ip')), LOG_WARNING, __FILE__, __LINE__); 390 391 } else { 391 392 // Block the account with the reason of account abuse. 392 393 $this->blockAccount(null, 'account abuse'); 393 394 App::raiseMsg(_("Your account has been blocked as a security precaution. Please contact us for more information."), MSG_NOTICE, __FILE__, __LINE__); 394 App::logMsg(sprintf('Account blocked for user %s from IP %s', $this->getVal('username'), $this->getVal('remote_ip')), LOG_ALERT, __FILE__, __LINE__);395 App::logMsg(sprintf('Account blocked for %s %s (%s) from IP %s', $this->_auth, $this->getVal('user_id'), $this->getVal('username'), $this->getVal('remote_ip')), LOG_ALERT, __FILE__, __LINE__); 395 396 } 396 397 // Increment user's warning level. … … 608 609 $this->initDB(); 609 610 610 $qid = DB::query("SELECT 1 FROM " . $this->_params['db_table'] . " WHERE " . $this->_params['db_username_column'] . " = '" . addslashes($username) . "'"); 611 $qid = DB::query(" 612 SELECT 1 613 FROM " . $this->_params['db_table'] . " 614 WHERE " . $this->_params['db_username_column'] . " = '" . addslashes($username) . "' 615 "); 611 616 return (mysql_num_rows($qid) > 0); 612 617 } … … 622 627 $this->initDB(); 623 628 624 $qid = DB::query("SELECT " . $this->_params['db_username_column'] . " FROM " . $this->_params['db_table'] . " WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "'"); 629 $qid = DB::query(" 630 SELECT " . $this->_params['db_username_column'] . " 631 FROM " . $this->_params['db_table'] . " 632 WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "' 633 "); 625 634 if (list($username) = mysql_fetch_row($qid)) { 626 635 return $username; … … 677 686 678 687 case AUTH_ENCRYPT_SHA1 : 679 if (function_exists('sha1')) { // Only in PHP 4.3.0+ 680 return sha1($password); 681 break; 682 } 688 return sha1($password); 689 break; 683 690 684 691 case AUTH_ENCRYPT_MD5 : … … 726 733 WHERE " . $this->_params['db_primary_key'] . " = '" . addslashes($user_id) . "' 727 734 "); 728 $user_data = mysql_fetch_assoc($qid); 735 if (!$user_data = mysql_fetch_assoc($qid)) { 736 App::logMsg(sprintf('Reset password failed. %s %s not found.', ucfirst($this->_auth), $user_id), LOG_NOTICE, __FILE__, __LINE__); 737 return false; 738 } 739 740 // Make sure user has an email on record. 741 if (!isset($user_data['email']) || '' == trim($user_data['email'])) { 742 App::logMsg(sprintf('Password reset but notification failed, no email address for %s %s (%s).', $this->_auth, $user_data[$this->_params['db_primary_key']], $user_data[$this->_params['db_username_column']]), LOG_NOTICE, __FILE__, __LINE__); 743 } 729 744 730 745 // Get new password. … … 755 770 EOF; 756 771 $email_body = wordwrap(sprintf($email_body, 757 $user_data[ 'username'],772 $user_data[$this->_params['db_username_column']], 758 773 App::getParam('site_name'), 759 774 $reason, 760 $user_data[ 'username'],775 $user_data[$this->_params['db_username_column']], 761 776 $password, 762 777 App::getParam('site_name'), … … 767 782 mail($user_data['email'], $email_subject, $email_body, sprintf("From: %s <%s>\r\n", App::getParam('site_name'), App::getParam('site_email')), App::getParam('envelope_sender_address')); 768 783 769 return array('username'=>$user_data['username'], 'userpass'=>$password); 784 return array( 785 'username' => $user_data[$this->_params['db_username_column']], 786 'userpass' => $password 787 ); 770 788 } 771 789
Note: See TracChangeset
for help on using the changeset viewer.