Changeset 229
- Timestamp:
- Jan 10, 2007 8:31:32 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Auth_SQL.inc.php
r224 r229 805 805 $user_id = isset($user_id) ? $user_id : $this->get('user_id'); 806 806 807 // Get old password. 808 $qid = $db->query(" 809 SELECT userpass 810 FROM " . $this->_params['db_table'] . " 811 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 812 "); 813 if (!list($old_encrypted_password) = mysql_fetch_row($qid)) { 814 $app->logMsg(sprintf('Cannot set password for nonexistant user_id %s', $user_id), LOG_NOTICE, __FILE__, __LINE__); 815 return false; 816 } 817 818 // Compare old with new to ensure we're actually *changing* the password. 819 $encrypted_password = $this->encryptPassword($password); 820 if ($old_encrypted_password == $encrypted_password) { 821 $app->logMsg(sprintf('Not setting password: new is the same as old.', null), LOG_INFO, __FILE__, __LINE__); 822 return false; 823 } 824 807 825 // Issue the password change query. 808 826 $db->query(" 809 827 UPDATE " . $this->_params['db_table'] . " 810 SET userpass = '" . $db->escapeString($ this->encryptPassword($password)) . "'828 SET userpass = '" . $db->escapeString($encrypted_password) . "' 811 829 WHERE " . $this->_params['db_primary_key'] . " = '" . $db->escapeString($user_id) . "' 812 830 "); 813 831 814 832 if (mysql_affected_rows($db->getDBH()) != 1) { 815 $app->logMsg(sprintf('setPassword failed to update password for user %s', $user_id), LOG_NOTICE, __FILE__, __LINE__); 816 } 833 $app->logMsg(sprintf('Failed to update password for user %s', $user_id), LOG_WARNING, __FILE__, __LINE__); 834 return false; 835 } 836 837 return true; 817 838 } 818 839
Note: See TracChangeset
for help on using the changeset viewer.