Changeset 228
- Timestamp:
- Jan 10, 2007 8:15:41 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
tags/2.0.2/lib/Auth_SQL.inc.php
r223 r228 730 730 $user_id = isset($user_id) ? $user_id : $this->getVal('user_id'); 731 731 732 // Get old password. 733 $qid = DB::query(" 734 SELECT userpass 735 FROM " . $this->_params['db_table'] . " 736 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "' 737 "); 738 if (!list($old_encrypted_password) = mysql_fetch_row($qid)) { 739 App::logMsg(sprintf('Cannot set password for nonexistant user_id %s', $user_id), LOG_NOTICE, __FILE__, __LINE__); 740 return false; 741 } 742 743 // Compare old with new to ensure we're actually *changing* the password. 744 $encrypted_password = $this->encryptPassword($password); 745 if ($old_encrypted_password == $encrypted_password) { 746 App::logMsg(sprintf('Not setting password: new is the same as old.', null), LOG_INFO, __FILE__, __LINE__); 747 return false; 748 } 749 732 750 // Issue the password change query. 733 751 DB::query(" 734 752 UPDATE " . $this->_params['db_table'] . " 735 SET userpass = '" . DB::escapeString($ this->encryptPassword($password)) . "'753 SET userpass = '" . DB::escapeString($encrypted_password) . "' 736 754 WHERE " . $this->_params['db_primary_key'] . " = '" . DB::escapeString($user_id) . "' 737 755 "); 738 756 739 757 if (mysql_affected_rows(DB::getDBH()) != 1) { 740 App::logMsg(sprintf('setPassword failed to update password for user %s', $user_id), LOG_NOTICE, __FILE__, __LINE__); 741 } 758 App::logMsg(sprintf('Failed to update password for user %s', $user_id), LOG_WARNING, __FILE__, __LINE__); 759 return false; 760 } 761 762 return true; 742 763 } 743 764
Note: See TracChangeset
for help on using the changeset viewer.