ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bug 255 - Improved user password handling. 

git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@1823 e3e1d417-86f3-4887-817a-d78f3d33393f
This commit is contained in:
stan 2006-01-15 17:35:53 +00:00
parent b19d36cb49
commit 91f92b3291
3 changed files with 33 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
web/zm_actions.php
View File

@ -1535,10 +1535,12 @@ if ( isset($action) )
$types = array(); $types = array();
$changes = getFormChanges( $db_user, $new_user, $types ); $changes = getFormChanges( $db_user, $new_user, $types );
if ( $new_user['Password'] )
$changes['Password'] = "Password = password('".$new_user['Password']."')";
else
unset( $changes['Password'] );
if ( count( $changes ) ) if ( count( $changes ) )
{ {
if ( $changes['Password'] )
$changes['Password'] = "Password = password('".$new_user['Password']."')";
if ( $uid > 0 ) if ( $uid > 0 )
{ {
$sql = "update Users set ".implode( ", ", $changes )." where Id = '$uid'"; $sql = "update Users set ".implode( ", ", $changes )." where Id = '$uid'";
@ -1550,13 +1552,13 @@ if ( isset($action) )
$result = mysql_query( $sql ); $result = mysql_query( $sql );
if ( !$result ) if ( !$result )
die( mysql_error() ); die( mysql_error() );
$view = 'none';
$refresh_parent = true; $refresh_parent = true;
if ( $db_user['Username'] == $user['Username'] ) if ( $db_user['Username'] == $user['Username'] )
{ {
userLogin( $db_user['Username'], $db_user['Password'] ); userLogin( $db_user['Username'], $db_user['Password'] );
} }
} }
$view = 'none';
} }
elseif ( $action == "state" ) elseif ( $action == "state" )
{ {

17
web/zm_funcs.php
View File

@ -37,13 +37,24 @@ function userLogin( $username, $password="" )
global $_SESSION, $_SERVER; global $_SESSION, $_SERVER;
} }
if ( ZM_AUTH_TYPE == "builtin" ) if ( version_compare( phpversion(), "4.3.0", "<") )
{ {
$sql = "select * from Users where Username = '".mysql_escape_string($username)."' and Password = password('".mysql_escape_string($password)."') and Enabled = 1"; $mysql_username = mysql_escape_string($username);
$mysql_password = mysql_escape_string($password);
} }
else else
{ {
$sql = "select * from Users where Username = '".mysql_escape_string($username)."' and Enabled = 1"; $mysql_username = mysql_real_escape_string($username);
$mysql_password = mysql_real_escape_string($password);
}
if ( ZM_AUTH_TYPE == "builtin" )
{
$sql = "select * from Users where Username = '$mysql_username' and Password = password('$mysql_password') and Enabled = 1";
}
else
{
$sql = "select * from Users where Username = '$mysql_username' and Enabled = 1";
} }
$result = mysql_query( $sql ); $result = mysql_query( $sql );
if ( !$result ) if ( !$result )

21
web/zm_html_view_user.php
View File

@ -65,11 +65,7 @@ function validateForm(form)
{ {
errors[errors.length] = "You must supply a username"; errors[errors.length] = "You must supply a username";
} }
if ( !form.elements['new_user[Password]'].value ) if ( form.elements['new_user[Password]'].value )
{
errors[errors.length] = "You must supply a password";
}
else
{ {
if ( !form.conf_password.value ) if ( !form.conf_password.value )
{ {
@ -80,6 +76,17 @@ function validateForm(form)
errors[errors.length] = "The new and confirm passwords are different"; errors[errors.length] = "The new and confirm passwords are different";
} }
} }
<?php
if ( !$new_user['Password'] )
{
?>
else
{
errors[errors.length] = "You must supply a password";
}
<?php
}
?>
if ( errors.length ) if ( errors.length )
{ {
alert( errors.join( "\n" ) ); alert( errors.join( "\n" ) );
@ -104,8 +111,8 @@ function closeWindow()
<input type="hidden" name="action" value="user"> <input type="hidden" name="action" value="user">
<input type="hidden" name="uid" value="<?= $uid ?>"> <input type="hidden" name="uid" value="<?= $uid ?>">
<tr><td align="right" class="text"><?= $zmSlangUsername ?></td><td align="left" class="text"><input type="text" name="new_user[Username]" value="<?= $new_user['Username'] ?>" size="16" class="form"></td></tr> <tr><td align="right" class="text"><?= $zmSlangUsername ?></td><td align="left" class="text"><input type="text" name="new_user[Username]" value="<?= $new_user['Username'] ?>" size="16" class="form"></td></tr>
<tr><td align="right" class="text"><?= $zmSlangNewPassword ?></td><td align="left" class="text"><input type="password" name="new_user[Password]" value="<?= $new_user['Password'] ?>" size="16" class="form"></td></tr> <tr><td align="right" class="text"><?= $zmSlangNewPassword ?></td><td align="left" class="text"><input type="password" name="new_user[Password]" value="" size="16" class="form"></td></tr>
<tr><td align="right" class="text"><?= $zmSlangConfirmPassword ?></td><td align="left" class="text"><input type="password" name="conf_password" value="<?= $new_user['Password'] ?>" size="16" class="form"></td></tr> <tr><td align="right" class="text"><?= $zmSlangConfirmPassword ?></td><td align="left" class="text"><input type="password" name="conf_password" value="" size="16" class="form"></td></tr>
<tr><td align="right" class="text"><?= $zmSlangLanguage ?></td><td align="left" class="text"><?= buildSelect( "new_user[Language]", $langs ) ?></td></tr> <tr><td align="right" class="text"><?= $zmSlangLanguage ?></td><td align="left" class="text"><?= buildSelect( "new_user[Language]", $langs ) ?></td></tr>
<tr><td align="right" class="text"><?= $zmSlangEnabled ?></td><td align="left" class="text"><?= buildSelect( "new_user[Enabled]", $yesno ) ?></td></tr> <tr><td align="right" class="text"><?= $zmSlangEnabled ?></td><td align="left" class="text"><?= buildSelect( "new_user[Enabled]", $yesno ) ?></td></tr>
<tr><td align="right" class="text"><?= $zmSlangStream ?></td><td align="left" class="text"><?= buildSelect( "new_user[Stream]", $nv ) ?></td></tr> <tr><td align="right" class="text"><?= $zmSlangStream ?></td><td align="left" class="text"><?= buildSelect( "new_user[Stream]", $nv ) ?></td></tr>