On 10/15/03 10:27 AM, "Adam Pogorzelski" <[EMAIL PROTECTED]> wrote:
> I have such a problem. I have users in mysql database, and few so called > multilogin users. These multilogins have simple passwords created by > username, for example ppp/ppp. Problem is, that i need to authenticate > these combination as the same user: > ppp/ppp, PPP/PPP, ppp/PPP, PPP/ppp. > For now i am including to one Handler two authby's config files, > one with normal AuthSelect, and second with Authselect 'select > ucase(PASSWORD)'. Seems like it's more work than it's worth. You have some options... Add the directive in Radiator to ignore the case of passwords. So that "PaSSwoRD" would match "PASSWORD". You can also rewrite the username with a regex to force the username to lowercase before handling it in an authby.. > Because i have many Handlers, and for each Handler is two configs, i want > to minimize all configuration. > So my question is: is it possible to put in AuthBy clause two AuthSelect's ? > Similiar to AuthByPolicy ? For what reason if you just "IgnoreCase" on the password... ? > ps. I may be wrong, but does Radiator isn't sql injection aware ? > Sat Oct 11 06:51:57 2003: ERR: do failed for 'insert into radauthlog > values (1065847917,'~}#','[EMAIL PROTECTED]'} }4',1,'No such > user','DNIS','CLID')': You have an error in your SQL syntax near '} > }4',1,'No such user','DNIS','CLID')' at line 1 > S Tell Radiator what characters are valid in Usernames and you won't see this... ie: UsernameCharset [EMAIL PROTECTED] Or you could do something like: RewriteUsername s/[EMAIL PROTECTED]/\?/g Which strips out any bogus characters we don't except and replaces they with a "?" Which should be SQL friendly... -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 Mac OS X. Because making Unix user-friendly is easier than debugging Windows. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
