Context Navigation

source: trunk/phpgwapi/inc/class.auth_sql.inc.php @ 2

Revision 2, 11.0 KB checked in by niltonneto, 17 years ago (diff)
Removida todas as tags usadas pelo CVS ($Id, $Source). Primeira versão no CVS externo.
Property svn:eol-style set to `native` Property svn:executable set to ``*

Line
1	<?php
2	/**************************************************************************\
3	* eGroupWare API - Auth from SQL *
4	* This file written by Dan Kuykendall <seek3r@phpgroupware.org> *
5	* and Joseph Engo <jengo@phpgroupware.org> *
6	* Encryption types other than md5() added by *
7	* Miles Lott <milos@groupwhere.org> based on code from *
8	* http://www.thomas-alfeld.de/frank/ *
9	* Authentication based on SQL table *
10	* Copyright (C) 2000, 2001 Dan Kuykendall *
11	* ------------------------------------------------------------------------ *
12	* This library is free software; you can redistribute it and/or modify it *
13	* under the terms of the GNU Lesser General Public License as published by *
14	* the Free Software Foundation; either version 2.1 of the License, *
15	* or any later version. *
16	* This library is distributed in the hope that it will be useful, but *
17	* WITHOUT ANY WARRANTY; without even the implied warranty of *
18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
19	* See the GNU Lesser General Public License for more details. *
20	* You should have received a copy of the GNU Lesser General Public License *
21	* along with this library; if not, write to the Free Software Foundation, *
22	* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
23	\**************************************************************************/
24
25
26	class auth_
27	{
28	var $db = '';
29	var $previous_login = -1;
30
31	function auth_()
32	{
33	copyobj($GLOBALS['phpgw']->db,$this->db);
34	}
35
36	function authenticate($username, $passwd, $passwd_type)
37	{
38	if($passwd_type == 'text')
39	{
40	/* normal web form login */
41	$type = @$GLOBALS['phpgw_info']['server']['sql_encryption_type']
42	? strtolower($GLOBALS['phpgw_info']['server']['sql_encryption_type'])
43	: 'md5';
44	switch($type)
45	{
46	case 'smd5':
47	$this->db->query("SELECT account_lid,account_pwd FROM phpgw_accounts WHERE account_lid = '$username' AND "
48	. " account_type='u' AND "
49	. " account_status ='A'",__LINE__,__FILE__);
50	$this->db->next_record();
51
52	if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
53	{
54	if($this->db->f('account_lid') != $username)
55	{
56	return false;
57	}
58	}
59	if($this->db->f('account_pwd'))
60	{
61	return $this->smd5_compare($passwd,$this->db->f('account_pwd'));
62	}
63	break;
64	case 'sha':
65	$this->db->query("SELECT account_lid,account_pwd FROM phpgw_accounts WHERE account_lid = '$username' AND "
66	. " account_type='u' AND "
67	. " account_status ='A'",__LINE__,__FILE__);
68	$this->db->next_record();
69
70	if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
71	{
72	if($this->db->f('account_lid') != $username)
73	{
74	return false;
75	}
76	}
77	if($this->db->f('account_pwd'))
78	{
79	return $this->sha_compare($passwd,$this->db->f('account_pwd'));
80	}
81	break;
82	case 'ssha':
83	$this->db->query("SELECT account_lid,account_pwd FROM phpgw_accounts WHERE account_lid = '$username' AND "
84	. " account_type='u' AND "
85	. " account_status ='A'",__LINE__,__FILE__);
86	$this->db->next_record();
87
88	if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
89	{
90	if($this->db->f('account_lid') != $username)
91	{
92	return false;
93	}
94	}
95	if($this->db->f('account_pwd'))
96	{
97	return $this->ssha_compare($passwd,$this->db->f('account_pwd'));
98	}
99	break;
100	case 'md5_crypt':
101	case 'blowfish_crypt':
102	case 'ext_crypt':
103	case 'crypt':
104	$this->db->query("SELECT account_lid,account_pwd FROM phpgw_accounts WHERE account_lid = '$username' AND "
105	. " account_type='u' AND "
106	. " account_status ='A'",__LINE__,__FILE__);
107	$this->db->next_record();
108
109	if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
110	{
111	if($this->db->f('account_lid') != $username)
112	{
113	return false;
114	}
115	}
116	if($this->db->f('account_pwd'))
117	{
118	return $this->crypt_compare($passwd,$this->db->f('account_pwd'),$type);
119	}
120	break;
121	case 'md5':
122	default:
123	$this->db->query("SELECT * FROM phpgw_accounts WHERE account_lid = '$username' AND "
124	. " account_type='u' AND "
125	. "account_pwd='" . md5($passwd) . "' AND account_status ='A'",__LINE__,__FILE__);
126	$this->db->next_record();
127
128	if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
129	{
130	if($this->db->f('account_lid') != $username)
131	{
132	return false;
133	}
134	}
135	if($this->db->f('account_lid'))
136	{
137	$this->previous_login = $this->db->f('account_lastlogin');
138	return True;
139	}
140	else
141	{
142	return False;
143	}
144	break;
145	}
146	}
147	elseif($passwd_type == 'md5')
148	{
149	/* Where is this used? */
150	$this->db->query("SELECT * FROM phpgw_accounts WHERE account_lid = '$username' AND "
151	// . " account_type='u' AND "
152	. "account_pwd='" . $passwd . "' AND account_status ='A'",__LINE__,__FILE__);
153	$this->db->next_record();
154
155	if($GLOBALS['phpgw_info']['server']['case_sensitive_username'] == true)
156	{
157	if($this->db->f('account_lid') != $username)
158	{
159	return false;
160	}
161	}
162	if($this->db->f('account_lid'))
163	{
164	$this->previous_login = $this->db->f('account_lastlogin');
165	return True;
166	}
167	else
168	{
169	return False;
170	}
171	}
172	else
173	{
174	return False;
175	}
176	}
177
178	function change_password($old_passwd, $new_passwd, $account_id = '')
179	{
180	$admin = True;
181	// Don't allow password changes for other accounts when using XML-RPC
182	if(!$account_id \|\| $GLOBALS['phpgw_info']['flags']['currentapp'] == 'login')
183	{
184	$admin = False;
185	$account_id = $GLOBALS['phpgw_info']['user']['account_id'];
186	}
187	$encrypted_passwd = $this->encrypt_sql($new_passwd);
188
189	/* Grab configured type, or default to md5() (old method) */
190	$type = @$GLOBALS['phpgw_info']['server']['sql_encryption_type']
191	? strtolower($GLOBALS['phpgw_info']['server']['sql_encryption_type'])
192	: 'md5';
193	switch($type)
194	{
195	case 'smd5':
196	$this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id
197	. "' AND " // . " account_type='u' AND "
198	. " account_status ='A'",__LINE__,__FILE__);
199	$this->db->next_record();
200	if($this->db->f('account_pwd'))
201	{
202	if(!$admin)
203	{
204	/* Check the old_passwd to make sure this is legal */
205	if(!$this->smd5_compare($old_passwd,$this->db->f('account_pwd')))
206	{
207	return False;
208	}
209	}
210	/* old password ok, or admin called the function from
211	* the admin application (no old passwd available).
212	*/
213	return $this->_update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin,__FILE__);
214	}
215	return False;
216	case 'sha':
217	$this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id
218	. "' AND " // . " account_type='u' AND "
219	. " account_status ='A'",__LINE__,__FILE__);
220	$this->db->next_record();
221	if($this->db->f('account_pwd'))
222	{
223	if(!$admin)
224	{
225	/* Check the old_passwd to make sure this is legal */
226	if(!$this->sha_compare($old_passwd,$this->db->f('account_pwd')))
227	{
228	return False;
229	}
230	}
231	/* old password ok, or admin called the function from
232	* the admin application (no old passwd available).
233	*/
234	return $this->_update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin,__FILE__);
235	}
236	return False;
237	case 'ssha':
238	$this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id
239	. "' AND " // . " account_type='u' AND "
240	. " account_status ='A'",__LINE__,__FILE__);
241	$this->db->next_record();
242	if($this->db->f('account_pwd'))
243	{
244	if(!$admin)
245	{
246	/* Check the old_passwd to make sure this is legal */
247	if(!$this->ssha_compare($old_passwd,$this->db->f('account_pwd')))
248	{
249	return False;
250	}
251	}
252	/* old password ok, or admin called the function from
253	* the admin application (no old passwd available).
254	*/
255	return $this->_update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin,__FILE__);
256	}
257	return False;
258	case 'crypt':
259	case 'ext_crypt':
260	case 'md5_crypt':
261	case 'blowfish_crypt':
262	$this->db->query("SELECT account_pwd FROM phpgw_accounts WHERE account_id = '" . (int)$account_id
263	. "' AND " // . " account_type='u' AND "
264	. " account_status ='A'",__LINE__,__FILE__);
265	$this->db->next_record();
266	if($this->db->f('account_pwd'))
267	{
268	if(!$admin)
269	{
270	/* Check the old_passwd to make sure this is legal */
271	if(!$this->crypt_compare($old_passwd,$this->db->f('account_pwd'),$type))
272	{
273	return False;
274	}
275	}
276	/* old password ok, or admin called the function from
277	* the admin application (no old passwd available).
278	*/
279	return $this->_update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin,__FILE__);
280	}
281	return False;
282	case 'md5':
283	default:
284	$pwd_check = '';
285	if(!$admin)
286	{
287	$pwd_check = " AND account_pwd='" . $this->encrypt_sql($old_passwd) . "'";
288	}
289	$this->db->query("UPDATE phpgw_accounts SET account_pwd='" . $encrypted_passwd . "',"
290	. "account_lastpwd_change='" . time() . "' WHERE account_id='" . $account_id . "'" . $pwd_check,__LINE__,__FILE__);
291	$this->db->next_record();
292	if($this->db->affected_rows())
293	{
294	if(!$admin)
295	{
296	$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd);
297	}
298	return $encrypted_passwd;
299	}
300	else
301	{
302	return False;
303	}
304	}
305	}
306
307	function _update_passwd($encrypted_passwd,$new_passwd,$account_id,$admin=False,$file='')
308	{
309	/* This should only be called from this file */
310	if($file != PHPGW_API_INC . SEP . 'class.auth_sql.inc.php')
311	{
312	return False;
313	}
314	$this->db->query("UPDATE phpgw_accounts SET account_pwd='" . $encrypted_passwd . "',"
315	. "account_lastpwd_change='" . time()
316	. "' WHERE account_id=" . (int)$account_id,__LINE__,__FILE__);
317	$this->db->next_record();
318	if($this->db->affected_rows())
319	{
320	if(!$admin)
321	{
322	$GLOBALS['phpgw']->session->appsession('password','phpgwapi',$new_passwd);
323	}
324	return $encrypted_passwd;
325	}
326	else
327	{
328	return False;
329	}
330	}
331
332	function update_lastlogin($account_id, $ip)
333	{
334	$GLOBALS['phpgw']->db->query("UPDATE phpgw_accounts SET account_lastloginfrom='"
335	. "$ip', account_lastlogin='" . time()
336	. "' WHERE account_id='$account_id'",__LINE__,__FILE__);
337	}
338	}
339	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: