Bug 255 - Improved user password handling.
git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@1823 e3e1d417-86f3-4887-817a-d78f3d33393f
This commit is contained in:
stan
parent
b19d36cb49
commit
91f92b3291
|
|
@ -1535,10 +1535,12 @@ if ( isset($action) )
|
|||
$types = array();
|
||||
$changes = getFormChanges( $db_user, $new_user, $types );
|
||||
|
||||
if ( $new_user['Password'] )
|
||||
$changes['Password'] = "Password = password('".$new_user['Password']."')";
|
||||
else
|
||||
unset( $changes['Password'] );
|
||||
if ( count( $changes ) )
|
||||
{
|
||||
if ( $changes['Password'] )
|
||||
$changes['Password'] = "Password = password('".$new_user['Password']."')";
|
||||
if ( $uid > 0 )
|
||||
{
|
||||
$sql = "update Users set ".implode( ", ", $changes )." where Id = '$uid'";
|
||||
|
|
@ -1550,13 +1552,13 @@ if ( isset($action) )
|
|||
$result = mysql_query( $sql );
|
||||
if ( !$result )
|
||||
die( mysql_error() );
|
||||
$view = 'none';
|
||||
$refresh_parent = true;
|
||||
if ( $db_user['Username'] == $user['Username'] )
|
||||
{
|
||||
userLogin( $db_user['Username'], $db_user['Password'] );
|
||||
}
|
||||
}
|
||||
$view = 'none';
|
||||
}
|
||||
elseif ( $action == "state" )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -37,13 +37,24 @@ function userLogin( $username, $password="" )
|
|||
global $_SESSION, $_SERVER;
|
||||
}
|
||||
|
||||
if ( ZM_AUTH_TYPE == "builtin" )
|
||||
if ( version_compare( phpversion(), "4.3.0", "<") )
|
||||
{
|
||||
$sql = "select * from Users where Username = '".mysql_escape_string($username)."' and Password = password('".mysql_escape_string($password)."') and Enabled = 1";
|
||||
$mysql_username = mysql_escape_string($username);
|
||||
$mysql_password = mysql_escape_string($password);
|
||||
}
|
||||
else
|
||||
{
|
||||
$sql = "select * from Users where Username = '".mysql_escape_string($username)."' and Enabled = 1";
|
||||
$mysql_username = mysql_real_escape_string($username);
|
||||
$mysql_password = mysql_real_escape_string($password);
|
||||
}
|
||||
|
||||
if ( ZM_AUTH_TYPE == "builtin" )
|
||||
{
|
||||
$sql = "select * from Users where Username = '$mysql_username' and Password = password('$mysql_password') and Enabled = 1";
|
||||
}
|
||||
else
|
||||
{
|
||||
$sql = "select * from Users where Username = '$mysql_username' and Enabled = 1";
|
||||
}
|
||||
$result = mysql_query( $sql );
|
||||
if ( !$result )
|
||||
|
|
|
|||
|
|
@ -65,11 +65,7 @@ function validateForm(form)
|
|||
{
|
||||
errors[errors.length] = "You must supply a username";
|
||||
}
|
||||
if ( !form.elements['new_user[Password]'].value )
|
||||
{
|
||||
errors[errors.length] = "You must supply a password";
|
||||
}
|
||||
else
|
||||
if ( form.elements['new_user[Password]'].value )
|
||||
{
|
||||
if ( !form.conf_password.value )
|
||||
{
|
||||
|
|
@ -80,6 +76,17 @@ function validateForm(form)
|
|||
errors[errors.length] = "The new and confirm passwords are different";
|
||||
}
|
||||
}
|
||||
<?php
|
||||
if ( !$new_user['Password'] )
|
||||
{
|
||||
?>
|
||||
else
|
||||
{
|
||||
errors[errors.length] = "You must supply a password";
|
||||
}
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
if ( errors.length )
|
||||
{
|
||||
alert( errors.join( "\n" ) );
|
||||
|
|
@ -104,8 +111,8 @@ function closeWindow()
|
|||
<input type="hidden" name="action" value="user">
|
||||
<input type="hidden" name="uid" value="<?= $uid ?>">
|
||||
<tr><td align="right" class="text"><?= $zmSlangUsername ?></td><td align="left" class="text"><input type="text" name="new_user[Username]" value="<?= $new_user['Username'] ?>" size="16" class="form"></td></tr>
|
||||
<tr><td align="right" class="text"><?= $zmSlangNewPassword ?></td><td align="left" class="text"><input type="password" name="new_user[Password]" value="<?= $new_user['Password'] ?>" size="16" class="form"></td></tr>
|
||||
<tr><td align="right" class="text"><?= $zmSlangConfirmPassword ?></td><td align="left" class="text"><input type="password" name="conf_password" value="<?= $new_user['Password'] ?>" size="16" class="form"></td></tr>
|
||||
<tr><td align="right" class="text"><?= $zmSlangNewPassword ?></td><td align="left" class="text"><input type="password" name="new_user[Password]" value="" size="16" class="form"></td></tr>
|
||||
<tr><td align="right" class="text"><?= $zmSlangConfirmPassword ?></td><td align="left" class="text"><input type="password" name="conf_password" value="" size="16" class="form"></td></tr>
|
||||
<tr><td align="right" class="text"><?= $zmSlangLanguage ?></td><td align="left" class="text"><?= buildSelect( "new_user[Language]", $langs ) ?></td></tr>
|
||||
<tr><td align="right" class="text"><?= $zmSlangEnabled ?></td><td align="left" class="text"><?= buildSelect( "new_user[Enabled]", $yesno ) ?></td></tr>
|
||||
<tr><td align="right" class="text"><?= $zmSlangStream ?></td><td align="left" class="text"><?= buildSelect( "new_user[Stream]", $nv ) ?></td></tr>
|
||||
|
|
|
|||
Loading…
Reference in New Issue