Commit: 14407c3afa171684c6b1792ea28553e4ec5da551 Author: Hannes Magnusson <bj...@mongodb.com> Wed, 11 Dec 2013 10:09:27 -0800 Parents: e8a33e3e16ec5296f472796f2a188a4bdb7ee2e9 Branches: master
Link: http://git.php.net/?p=web/master.git;a=commitdiff;h=14407c3afa171684c6b1792ea28553e4ec5da551 Log: Username verification is required by the wiki Changed paths: M fetch/cvsauth.php M include/cvs-auth.inc Diff: diff --git a/fetch/cvsauth.php b/fetch/cvsauth.php index 8860bb0..2c72aa4 100644 --- a/fetch/cvsauth.php +++ b/fetch/cvsauth.php @@ -80,6 +80,10 @@ if (!isset($_REQUEST['token']) || md5($_REQUEST['token']) != "73864a7c89d97a1336 exit_forbidden(E_UNKNOWN); } +if (!verify_username($username)) { + exit_forbidden(E_USERNAME); +} + if (!verify_password($username, $password)) { exit_forbidden(E_PASSWORD); } diff --git a/include/cvs-auth.inc b/include/cvs-auth.inc index a8a0ee0..eeca8b1 100644 --- a/include/cvs-auth.inc +++ b/include/cvs-auth.inc @@ -25,3 +25,17 @@ function verify_password($user, $pass) return false; } +function verify_username($user) { + mysql_connect("localhost","nobody","") + or die("unable to connect to database"); + mysql_select_db("phpmasterdb"); + + $username = escape($user); + $res = mysql_query("SELECT 1 FROM users WHERE cvsaccess AND username = '$username'"); + + if ($res && mysql_num_rows($res) == 1) { + return true; + } + + return false; +} -- PHP Webmaster List Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
