[evolvis-commits] r7933: Fixed the "can't login as admin if admin's unix_pw is empty" problem . ↵

mirabilos at evolvis.org mirabilos at evolvis.org
Thu Feb 24 15:53:17 CET 2011


Author: mirabilos
Date: 2011-02-24 15:53:17 +0100 (Thu, 24 Feb 2011)
New Revision: 7933

Modified:
   trunk/gforge_base/evolvisforge-5.1/gforge/common/include/session.php
   trunk/gforge_base/evolvisforge-5.1/gforge/debian/changelog
Log:
Fixed the "can't login as admin if admin's unix_pw is empty" problem.


Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/include/session.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/include/session.php	2011-02-24 14:53:16 UTC (rev 7932)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/include/session.php	2011-02-24 14:53:17 UTC (rev 7933)
@@ -11,6 +11,8 @@
   *
   */
 
+require_once('common/include/account.php');
+
 /**
  * A User object if user is logged in
  *
@@ -189,7 +191,7 @@
 				// This one has clearly typed a bas passwd
 				$feedback=$Language->getText('session','invalidpasswd');
 				return false;
-			} 
+			}
 			// User exists, (crypt) unix_pw matches
 			// Update the (MD5) user_pw and retry authentication
 			// It should work, except for status errors
@@ -205,14 +207,25 @@
 		$usr = db_fetch_array($res);
 
 		if (crypt ($passwd, $usr['unix_pw']) != $usr['unix_pw']) {
-			// The (crypt) unix_pw does not patch
-			// Invalidate (MD5) user_pw, refuse authentication
-			$res = db_query ("UPDATE users
-                                          SET user_pw='OUT OF DATE'
-                                          WHERE user_id='".$usr['user_id']."'
-                                          ");
-			$feedback=$Language->getText('session','invalidpasswd');
-			return false;
+			// The (crypt) unix_pw does not match
+			if ($usr['unix_pw'] == '') {
+				// Empty unix_pw, we'll take the MD5 as authoritative
+				// Update the (crypt) unix_pw and retry authentication
+				// It should work, except for status errors
+				$res = db_query ("UPDATE users
+                                                  SET unix_pw='" . account_genunixpw($passwd) . "'
+                                                  WHERE user_id='".$usr['user_id']."'
+                                                  ");
+				return session_login_valid($loginname, $passwd, $allowpending) ;
+			} else {
+				// Invalidate (MD5) user_pw, refuse authentication
+				$res = db_query ("UPDATE users
+                                                  SET user_pw='OUT OF DATE'
+                                                  WHERE user_id='".$usr['user_id']."'
+                                                  ");
+				$feedback='Invalid Password Or User Name';
+				return false;
+			}
 		}
 
 		// Yay.  The provided password matches both fields in the database.

Modified: trunk/gforge_base/evolvisforge-5.1/gforge/debian/changelog
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/debian/changelog	2011-02-24 14:53:16 UTC (rev 7932)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/debian/changelog	2011-02-24 14:53:17 UTC (rev 7933)
@@ -102,9 +102,11 @@
     field is now unix_pw, even for authenticating web sessions.  We keep
     user_pw for better performance when looking up the user entry in the
     database, but it is just a cached value that is recomputed from the
-    unix_pw when needed.  This allows for better integration with existing
-    systems (for instance, if you want to inject some existing accounts
-    into the database...).
+    unix_pw when possible (except when said unix_pw is empty, in which
+    case user_pw is the reference, and unix_pw is recomputed when
+    possible).  This allows for better integration with existing systems
+    (for instance, if you want to inject some existing accounts into the
+    database...).
   * [Roland] A little i18n in the user's homepage.
   * [Christian] added James Michael DuPont proposed files from
     http://introspector.sourceforge.net/sfexport.tgz . This means 2 files:
@@ -121,7 +123,7 @@
     generate artifact stats
   * [Christian] more i18n in account management 
 
- -- Christian Bayle <bayle at debian.org>  Tue, 12 Nov 2002 02:36:53 +0100
+ -- Roland Mas <lolando at debian.org>  Tue, 12 Nov 2002 13:20:41 +0100
 
 sourceforge (2.6-0+13) experimental; urgency=low
 



More information about the evolvis-commits mailing list