Changeset:
        e22d901a86e9
        
https://sourceforge.net/p/mrbs/hg-code/ci/e22d901a86e9ee0e992a6e13010356fa049782b7
Author:
        John Beranek <jbera...@users.sourceforge.net>
Date:
        Tue Sep 20 19:10:58 2016 +0100
Log message:

Added 'password_hash' support to the 'db_ext' auth scheme, and also
fixed a syntax error I introduced on the PDO branch.

diffstat:

 web/auth/auth_db_ext.inc   |  13 +++++++++----
 web/systemdefaults.inc.php |   4 +++-
 2 files changed, 12 insertions(+), 5 deletions(-)

diffs (51 lines):

diff -r 43da4a3a5e46 -r e22d901a86e9 web/auth/auth_db_ext.inc
--- a/web/auth/auth_db_ext.inc  Mon Sep 19 08:08:23 2016 +0100
+++ b/web/auth/auth_db_ext.inc  Tue Sep 20 19:10:58 2016 +0100
@@ -9,9 +9,7 @@
 *
 *   Notes           To use this authentication scheme, set in config.inc.php:
 *         $auth["type"]  = "db_ext";
-*                   Assumes passwords are stored in the other table in
-*                   plaintext, authValidateUser() will need to be changed if
-*                   the password is stored differently.
+*                   Supports passwords stored in a variety of formats.
 *
 *   History
 *    Available in the source control system
@@ -116,6 +114,13 @@
         }
         break;
 
+      case 'password_hash':
+        if (password_verify($pass, $row[0]))
+        {
+          $retval = 1;
+        }
+        break;
+
       default:
         // Otherwise assume plaintext
 
@@ -255,7 +260,7 @@
                                                        $sql_params) . "
              LIMIT 1";
 
-  $r = sql_query($query, $sql_params), $conn);
+  $r = sql_query($query, $sql_params, $conn);
   
   if ($r === FALSE)
   {
diff -r 43da4a3a5e46 -r e22d901a86e9 web/systemdefaults.inc.php
--- a/web/systemdefaults.inc.php        Mon Sep 19 08:08:23 2016 +0100
+++ b/web/systemdefaults.inc.php        Tue Sep 20 19:10:58 2016 +0100
@@ -742,7 +742,9 @@
 $auth['db_ext']['column_name_username'] = 'name';
 $auth['db_ext']['column_name_password'] = 'password';
 $auth['db_ext']['column_name_email'] = 'email';
-// Either 'md5', 'sha1', 'crypt' or 'plaintext'
+// Below is an example if you want to put the MRBS user level in the DB
+//$auth['db_ext']['column_name_level'] = 'mrbs_level';
+// Either 'password_hash' (from PHP 5.5.0), 'md5', 'sha1', 'crypt' or 
'plaintext'
 $auth['db_ext']['password_format'] = 'md5';
 
 // 'auth_ldap' configuration settings

------------------------------------------------------------------------------
_______________________________________________
Mrbs-commits mailing list
Mrbs-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mrbs-commits

Reply via email to