[evolvis-commits] r7933: Fixed the "can't login as admin if admin's unix_pw is empty" problem . ↵
mirabilos at evolvis.org
mirabilos at evolvis.org
Thu Feb 24 15:53:17 CET 2011
Author: mirabilos
Date: 2011-02-24 15:53:17 +0100 (Thu, 24 Feb 2011)
New Revision: 7933
Modified:
trunk/gforge_base/evolvisforge-5.1/gforge/common/include/session.php
trunk/gforge_base/evolvisforge-5.1/gforge/debian/changelog
Log:
Fixed the "can't login as admin if admin's unix_pw is empty" problem.
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/include/session.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/include/session.php 2011-02-24 14:53:16 UTC (rev 7932)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/include/session.php 2011-02-24 14:53:17 UTC (rev 7933)
@@ -11,6 +11,8 @@
*
*/
+require_once('common/include/account.php');
+
/**
* A User object if user is logged in
*
@@ -189,7 +191,7 @@
// This one has clearly typed a bas passwd
$feedback=$Language->getText('session','invalidpasswd');
return false;
- }
+ }
// User exists, (crypt) unix_pw matches
// Update the (MD5) user_pw and retry authentication
// It should work, except for status errors
@@ -205,14 +207,25 @@
$usr = db_fetch_array($res);
if (crypt ($passwd, $usr['unix_pw']) != $usr['unix_pw']) {
- // The (crypt) unix_pw does not patch
- // Invalidate (MD5) user_pw, refuse authentication
- $res = db_query ("UPDATE users
- SET user_pw='OUT OF DATE'
- WHERE user_id='".$usr['user_id']."'
- ");
- $feedback=$Language->getText('session','invalidpasswd');
- return false;
+ // The (crypt) unix_pw does not match
+ if ($usr['unix_pw'] == '') {
+ // Empty unix_pw, we'll take the MD5 as authoritative
+ // Update the (crypt) unix_pw and retry authentication
+ // It should work, except for status errors
+ $res = db_query ("UPDATE users
+ SET unix_pw='" . account_genunixpw($passwd) . "'
+ WHERE user_id='".$usr['user_id']."'
+ ");
+ return session_login_valid($loginname, $passwd, $allowpending) ;
+ } else {
+ // Invalidate (MD5) user_pw, refuse authentication
+ $res = db_query ("UPDATE users
+ SET user_pw='OUT OF DATE'
+ WHERE user_id='".$usr['user_id']."'
+ ");
+ $feedback='Invalid Password Or User Name';
+ return false;
+ }
}
// Yay. The provided password matches both fields in the database.
Modified: trunk/gforge_base/evolvisforge-5.1/gforge/debian/changelog
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/debian/changelog 2011-02-24 14:53:16 UTC (rev 7932)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/debian/changelog 2011-02-24 14:53:17 UTC (rev 7933)
@@ -102,9 +102,11 @@
field is now unix_pw, even for authenticating web sessions. We keep
user_pw for better performance when looking up the user entry in the
database, but it is just a cached value that is recomputed from the
- unix_pw when needed. This allows for better integration with existing
- systems (for instance, if you want to inject some existing accounts
- into the database...).
+ unix_pw when possible (except when said unix_pw is empty, in which
+ case user_pw is the reference, and unix_pw is recomputed when
+ possible). This allows for better integration with existing systems
+ (for instance, if you want to inject some existing accounts into the
+ database...).
* [Roland] A little i18n in the user's homepage.
* [Christian] added James Michael DuPont proposed files from
http://introspector.sourceforge.net/sfexport.tgz . This means 2 files:
@@ -121,7 +123,7 @@
generate artifact stats
* [Christian] more i18n in account management
- -- Christian Bayle <bayle at debian.org> Tue, 12 Nov 2002 02:36:53 +0100
+ -- Roland Mas <lolando at debian.org> Tue, 12 Nov 2002 13:20:41 +0100
sourceforge (2.6-0+13) experimental; urgency=low
More information about the evolvis-commits
mailing list