From e42cb01978ee09272f12f7911168aa0825bfc742 Mon Sep 17 00:00:00 2001 From: Oldperl <44996956+oldperl@users.noreply.github.com> Date: Thu, 9 Mar 2017 17:20:28 +0000 Subject: [PATCH] fixes for releasetool --- conlib/db_mysqli.inc | 24 +-- conlib/db_sql_abstract.inc | 9 + conlib/local.php | 353 ++++++++++++++++--------------------- 3 files changed, 177 insertions(+), 209 deletions(-) diff --git a/conlib/db_mysqli.inc b/conlib/db_mysqli.inc index ae21dc1..aa1c2fd 100644 --- a/conlib/db_mysqli.inc +++ b/conlib/db_mysqli.inc @@ -378,13 +378,15 @@ class DB_Sql extends DB_Sql_Abstract { // made this IF due to performance (one if is faster than $count if's) for ($i = 0; $i < $count; $i ++) { $finfo = mysqli_fetch_field($id); - $res[$i]['table'] = $finfo->table; - $res[$i]['name'] = $finfo->name; - $res[$i]['type'] = $this->_aDataTypes[$finfo->type]; - $res[$i]['len'] = $finfo->max_length; - $res[$i]['flags'] = $finfo->flags; - if ($full) { - $res['meta'][$res[$i]['name']] = $i; + if (is_object($finfo)) { + $res[$i]['table'] = $finfo->table; + $res[$i]['name'] = $finfo->name; + $res[$i]['type'] = $this->_aDataTypes[$finfo->type]; + $res[$i]['len'] = $finfo->max_length; + $res[$i]['flags'] = $finfo->flags; + if ($full) { + $res['meta'][$res[$i]['name']] = $i; + } } } if ($full) { @@ -395,7 +397,8 @@ class DB_Sql extends DB_Sql_Abstract { if ($table) { mysqli_free_result($id); } - return $res; + + return (count($res) > 0) ? $res : FALSE; } /** @@ -493,8 +496,9 @@ class DB_Sql extends DB_Sql_Abstract { $oCharSet = mysqli_get_charset($this->Link_ID); return $oCharSet->charset; } - + public function getClientInfo() { return mysqli_get_client_info(); } -} \ No newline at end of file + +} diff --git a/conlib/db_sql_abstract.inc b/conlib/db_sql_abstract.inc index 8ea766e..bba6b66 100644 --- a/conlib/db_sql_abstract.inc +++ b/conlib/db_sql_abstract.inc @@ -465,6 +465,15 @@ abstract class DB_Sql_Abstract { * @return array Depends on used database and on parameter $full */ public function metadata($table = '', $full = false) { + if(empty($table)) { + $aMeta = $this->_metaData(NULL, true); + if(is_array($aMeta) && isset($aMeta[0]['table'])) { + $table = $aMeta[0]['table']; + } else { + return FALSE; + } + } + $key = (string) $this->Database . '_' . $table . '_' . (($full) ? '1' : '0'); if (!isset(self::$_metaCache[$key])) { diff --git a/conlib/local.php b/conlib/local.php index 22d1145..d4db501 100644 --- a/conlib/local.php +++ b/conlib/local.php @@ -1,4 +1,5 @@ query("SET NAMES 'utf8'"); } - /** * Fetches the next recordset from result set * * @param bool */ - public function next_record() - { + public function next_record() { global $cCurrentModule; // FIXME For what reason is NoRecord used??? $this->NoRecord = false; @@ -99,7 +95,6 @@ class DB_ConLite extends DB_Sql return parent::next_record(); } - /** * Returns the metada of passed table * @@ -108,22 +103,13 @@ class DB_ConLite extends DB_Sql * or false in case of an error * @deprecated Use db drivers toArray() method instead */ - public function copyResultToArray($sTable = '') - { - global $cachemeta; + public function copyResultToArray($sTable = '') { $aValues = array(); - if ($sTable != '') { - if (array_key_exists($sTable, $cachemeta)) { - $aMetadata = $cachemeta[$sTable]; - } else { - $cachemeta[$sTable] = $this->metadata($sTable); - $aMetadata = $cachemeta[$sTable]; - } - } else { - $aMetadata = $this->metadata($sTable); - } + + $aMetadata = $this->metadata($sTable); + if (!is_array($aMetadata) || count($aMetadata) == 0) { return false; @@ -135,6 +121,7 @@ class DB_ConLite extends DB_Sql return $aValues; } + } /** @@ -143,7 +130,7 @@ class DB_ConLite extends DB_Sql * @deprecated since version 2.0.0, use DB_ConLite instead */ class DB_Contenido extends DB_ConLite { - + /** * * @deprecated since version 2.0.0 @@ -152,11 +139,11 @@ class DB_Contenido extends DB_ConLite { public function __construct(array $options = array()) { parent::__construct($options); } + } +class Contenido_CT_Sql extends CT_Sql { -class Contenido_CT_Sql extends CT_Sql -{ /** * Database class name * @var string @@ -169,8 +156,7 @@ class Contenido_CT_Sql extends CT_Sql */ public $database_table = ''; - public function __construct() - { + public function __construct() { global $cfg; $this->database_table = $cfg['tab']['phplib_active_sessions']; } @@ -189,36 +175,34 @@ class Contenido_CT_Sql extends CT_Sql * @param string $str The value to store * @return bool */ - public function ac_store($id, $name, $str) - { + public function ac_store($id, $name, $str) { switch ($this->encoding_mode) { case 'slashes': $str = addslashes($name . ':' . $str); - break; + break; case 'base64': default: $str = base64_encode($name . ':' . $str); } $name = addslashes($name); - $now = date('YmdHis', time()); + $now = date('YmdHis', time()); $iquery = sprintf( - "REPLACE INTO %s (sid, name, val, changed) VALUES ('%s', '%s', '%s', '%s')", - $this->database_table, $id, $name, $str, $now + "REPLACE INTO %s (sid, name, val, changed) VALUES ('%s', '%s', '%s', '%s')", $this->database_table, $id, $name, $str, $now ); return ($this->db->query($iquery)) ? true : false; } -} +} /** * Implements the interface class for storing session data to disk using file * session container of phplib. */ -class Contenido_CT_File extends CT_File -{ +class Contenido_CT_File extends CT_File { + /** * The maximum length for one line in session file. * @var int @@ -233,8 +217,7 @@ class Contenido_CT_File extends CT_File * * @author Holger Librenz */ - public function __construct() - { + public function __construct() { global $cfg; if (isset($cfg['session_line_length']) && !empty($cfg['session_line_length'])) { @@ -253,11 +236,10 @@ class Contenido_CT_File extends CT_File * @param string $sName * @return mixed */ - public function ac_get_value($sId, $sName) - { + public function ac_get_value($sId, $sName) { if (file_exists($this->file_path . "$sId$sName")) { $f = fopen($this->file_path . "$sId$sName", 'r'); - if ($f<0) { + if ($f < 0) { return ''; } @@ -269,16 +251,16 @@ class Contenido_CT_File extends CT_File return ''; } } + } -class Contenido_CT_Shm extends CT_Shm -{ - public function __construct() - { +class Contenido_CT_Shm extends CT_Shm { + + public function __construct() { $this->ac_start(); } -} +} /** * Contenido session container, uses PHP's session implementation. @@ -292,34 +274,33 @@ class Contenido_CT_Shm extends CT_Shm * * @author Murat Purc */ -class Contenido_CT_Session extends CT_Session -{ - public function __construct() - { +class Contenido_CT_Session extends CT_Session { + + public function __construct() { $this->ac_start(array( - 'namespace' => 'contenido_ct_session_ns', - 'session.hash_function' => '1', // use sha-1 function - 'session.hash_bits_per_character' => '5', // and set 5 character to achieve 32 chars + 'namespace' => 'contenido_ct_session_ns', + 'session.hash_function' => '1', // use sha-1 function + 'session.hash_bits_per_character' => '5', // and set 5 character to achieve 32 chars # 'session.save_path' => 'your path', # 'session.name' => 'your session name', # 'session.gc_maxlifetime' => 'your lifetime in seconds', )); } + } -class Contenido_Session extends Session -{ - public $classname = 'Contenido_Session'; - public $cookiename = 'contenido'; ## defaults to classname - public $magic = '934ComeOnEileen'; ## ID seed - public $mode = 'get'; ## We propagate session IDs with cookies - public $fallback_mode = 'cookie'; - public $lifetime = 0; ## 0 = do session cookies, else minutes - public $that_class = 'Contenido_CT_Sql'; ## name of data storage container - public $gc_probability = 5; +class Contenido_Session extends Session { - public function __construct() - { + public $classname = 'Contenido_Session'; + public $cookiename = 'contenido'; ## defaults to classname + public $magic = '934ComeOnEileen'; ## ID seed + public $mode = 'get'; ## We propagate session IDs with cookies + public $fallback_mode = 'cookie'; + public $lifetime = 0; ## 0 = do session cookies, else minutes + public $that_class = 'Contenido_CT_Sql'; ## name of data storage container + public $gc_probability = 5; + + public function __construct() { global $cfg; $sFallback = 'sql'; @@ -327,7 +308,7 @@ class Contenido_Session extends Session $sStorageContainer = strtolower($cfg['session_container']); - if (class_exists ($sClassPrefix . ucfirst($sStorageContainer))) { + if (class_exists($sClassPrefix . ucfirst($sStorageContainer))) { $sClass = $sClassPrefix . ucfirst($sStorageContainer); } else { $sClass = $sClassPrefix . ucfirst($sFallback); @@ -336,33 +317,31 @@ class Contenido_Session extends Session $this->that_class = $sClass; } - public function delete() - { + public function delete() { $oCol = new InUseCollection(); $oCol->removeSessionMarks($this->id); parent::delete(); } + } +class Contenido_Frontend_Session extends Session { -class Contenido_Frontend_Session extends Session -{ - public $classname = 'Contenido_Frontend_Session'; - public $cookiename = 'sid'; ## defaults to classname - public $magic = 'Phillipip'; ## ID seed - public $mode = 'cookie'; ## We propagate session IDs with cookies - public $fallback_mode = 'cookie'; - public $lifetime = 0; ## 0 = do session cookies, else minutes - public $that_class = 'Contenido_CT_Sql'; ## name of data storage container + public $classname = 'Contenido_Frontend_Session'; + public $cookiename = 'sid'; ## defaults to classname + public $magic = 'Phillipip'; ## ID seed + public $mode = 'cookie'; ## We propagate session IDs with cookies + public $fallback_mode = 'cookie'; + public $lifetime = 0; ## 0 = do session cookies, else minutes + public $that_class = 'Contenido_CT_Sql'; ## name of data storage container public $gc_probability = 5; - public function __construct() - { + public function __construct() { global $load_lang, $load_client, $cfg; $this->cookiename = 'sid_' . $load_client . '_' . $load_lang; - $this->setExpires(time()+3600); + $this->setExpires(time() + 3600); // added 2007-10-11, H. Librenz // bugfix (found by dodger77): we need alternative session containers @@ -380,23 +359,22 @@ class Contenido_Frontend_Session extends Session $this->that_class = $sClass; } + } -class Contenido_Auth extends Auth -{ - public $classname = 'Contenido_Auth'; - public $lifetime = 15; +class Contenido_Auth extends Auth { + + public $classname = 'Contenido_Auth'; + public $lifetime = 15; public $database_class = 'DB_Contenido'; public $database_table = 'con_phplib_auth_user'; - public function auth_loginform() - { + public function auth_loginform() { global $sess, $_PHPLIB; include($_PHPLIB['libdir'] . 'loginform.ihtml'); } - public function auth_validatelogin() - { + public function auth_validatelogin() { global $username, $password; if ($password == '') { @@ -405,15 +383,14 @@ class Contenido_Auth extends Auth if (isset($username)) { $this->auth['uname'] = $username; ## This provides access for 'loginform.ihtml' - } elseif ($this->nobody){ ## provides for 'default login cancel' + } elseif ($this->nobody) { ## provides for 'default login cancel' $uid = $this->auth['uname'] = $this->auth['uid'] = 'nobody'; return $uid; } $uid = false; $this->db->query( - sprintf("SELECT user_id, perms FROM %s WHERE username = '%s' AND password = '%s'", - $this->database_table, addslashes($username), addslashes($password)) + sprintf("SELECT user_id, perms FROM %s WHERE username = '%s' AND password = '%s'", $this->database_table, addslashes($username), addslashes($password)) ); while ($this->db->next_record()) { @@ -422,33 +399,31 @@ class Contenido_Auth extends Auth } return $uid; } + } +class Contenido_Default_Auth extends Contenido_Auth { -class Contenido_Default_Auth extends Contenido_Auth -{ public $classname = 'Contenido_Default_Auth'; - public $lifetime = 1; - public $nobody = true; + public $lifetime = 1; + public $nobody = true; - public function auth_loginform() - { + public function auth_loginform() { global $sess, $_PHPLIB; include($_PHPLIB['libdir'] . 'defloginform.ihtml'); } + } +class Contenido_Challenge_Auth extends Auth { -class Contenido_Challenge_Auth extends Auth -{ - public $classname = 'Contenido_Challenge_Auth'; - public $lifetime = 1; - public $magic = 'Simsalabim'; ## Challenge seed + public $classname = 'Contenido_Challenge_Auth'; + public $lifetime = 1; + public $magic = 'Simsalabim'; ## Challenge seed public $database_class = 'DB_Contenido'; public $database_table = 'con_phplib_auth_user'; - public function auth_loginform() - { + public function auth_loginform() { global $sess, $challenge, $_PHPLIB; $challenge = md5(uniqid($this->magic)); @@ -457,8 +432,7 @@ class Contenido_Challenge_Auth extends Auth include($_PHPLIB['libdir'] . 'crloginform.ihtml'); } - public function auth_validatelogin() - { + public function auth_validatelogin() { global $username, $password, $challenge, $response, $timestamp; if ($password == '') { @@ -476,14 +450,13 @@ class Contenido_Challenge_Auth extends Auth return false; } $this->db->query( - sprintf("SELECT user_id, perms, password FROM %s WHERE username = '%s'", - $this->database_table, addslashes($username)) + sprintf("SELECT user_id, perms, password FROM %s WHERE username = '%s'", $this->database_table, addslashes($username)) ); while ($this->db->next_record()) { - $uid = $this->db->f('user_id'); - $perm = $this->db->f('perms'); - $pass = $this->db->f('password'); + $uid = $this->db->f('user_id'); + $perm = $this->db->f('perms'); + $pass = $this->db->f('password'); } $exspected_response = md5("$username:$pass:$challenge"); @@ -505,6 +478,7 @@ class Contenido_Challenge_Auth extends Auth return $uid; } } + } ## @@ -512,18 +486,17 @@ class Contenido_Challenge_Auth extends Auth ## than cleartext in database ## Author: Jim Zajkowski -class Contenido_Challenge_Crypt_Auth extends Auth -{ - public $classname = 'Contenido_Challenge_Crypt_Auth'; - public $lifetime = 15; - public $magic = 'Frrobo123xxica'; ## Challenge seed +class Contenido_Challenge_Crypt_Auth extends Auth { + + public $classname = 'Contenido_Challenge_Crypt_Auth'; + public $lifetime = 15; + public $magic = 'Frrobo123xxica'; ## Challenge seed public $database_class = 'DB_Contenido'; public $database_table = ''; - public $group_table = ''; - public $member_table = ''; + public $group_table = ''; + public $member_table = ''; - public function __construct() - { + public function __construct() { global $cfg; $this->database_table = $cfg['tab']['phplib_auth_user_md5']; $this->group_table = $cfg['tab']['groups']; @@ -535,8 +508,7 @@ class Contenido_Challenge_Crypt_Auth extends Auth } } - public function auth_loginform() - { + public function auth_loginform() { global $sess, $challenge, $_PHPLIB, $cfg; $challenge = md5(uniqid($this->magic)); @@ -545,30 +517,29 @@ class Contenido_Challenge_Crypt_Auth extends Auth include($cfg['path']['contenido'] . 'main.loginform.php'); } - public function auth_loglogin($uid) - { + public function auth_loglogin($uid) { global $cfg, $client, $lang, $auth, $sess, $saveLoginTime; - $perm = new Contenido_Perm(); + $perm = new Contenido_Perm(); $timestamp = date('Y-m-d H:i:s'); - $idcatart = '0'; + $idcatart = '0'; /* Find the first accessible client and language for the user */ // All the needed information should be available in clients_lang - but the previous code was designed with a // reference to the clients table. Maybe fail-safe technology, who knows... $sql = 'SELECT tblClientsLang.idclient, tblClientsLang.idlang FROM ' . - $cfg['tab']['clients'] . ' AS tblClients, ' . $cfg['tab']['clients_lang'] . ' AS tblClientsLang ' . - 'WHERE tblClients.idclient = tblClientsLang.idclient ORDER BY idclient ASC, idlang ASC'; + $cfg['tab']['clients'] . ' AS tblClients, ' . $cfg['tab']['clients_lang'] . ' AS tblClientsLang ' . + 'WHERE tblClients.idclient = tblClientsLang.idclient ORDER BY idclient ASC, idlang ASC'; $this->db->query($sql); $bFound = false; while ($this->db->next_record() && !$bFound) { $iTmpClient = $this->db->f('idclient'); - $iTmpLang = $this->db->f('idlang'); + $iTmpLang = $this->db->f('idlang'); if ($perm->have_perm_client_lang($iTmpClient, $iTmpLang)) { $client = $iTmpClient; - $lang = $iTmpLang; + $lang = $iTmpLang; $bFound = true; } } @@ -577,10 +548,10 @@ class Contenido_Challenge_Crypt_Auth extends Auth // SECURITY FIX $sql = "SELECT idcatart FROM - ". $cfg['tab']['cat_art'] ." + " . $cfg['tab']['cat_art'] . " WHERE - idcat = '".Contenido_Security::toInteger($idcat)."' AND - idart = '".Contenido_Security::toInteger($idart)."'"; + idcat = '" . Contenido_Security::toInteger($idcat) . "' AND + idart = '" . Contenido_Security::toInteger($idart) . "'"; $this->db->query($sql); $this->db->next_record(); @@ -591,16 +562,16 @@ class Contenido_Challenge_Crypt_Auth extends Auth return; } - $idaction = $perm->getIDForAction('login'); - $lastentry = $this->db->nextid($cfg['tab']['actionlog']); + $idaction = $perm->getIDForAction('login'); + $lastentry = $this->db->nextid($cfg['tab']['actionlog']); $sql = "INSERT INTO - ". $cfg['tab']['actionlog']." + " . $cfg['tab']['actionlog'] . " SET idlog = $lastentry, user_id = '" . $uid . "', - idclient = '".Contenido_Security::toInteger($client)."', - idlang = '".Contenido_Security::toInteger($lang)."', + idclient = '" . Contenido_Security::toInteger($client) . "', + idlang = '" . Contenido_Security::toInteger($lang) . "', idaction = $idaction, idcatart = $idcatart, logtimestamp = '$timestamp'"; @@ -610,8 +581,7 @@ class Contenido_Challenge_Crypt_Auth extends Auth $saveLoginTime = true; } - public function auth_validatelogin() - { + public function auth_validatelogin() { global $username, $password, $challenge, $response, $formtimestamp, $auth_handlers; $gperm = array(); @@ -620,7 +590,7 @@ class Contenido_Challenge_Crypt_Auth extends Auth return false; } - if (($formtimestamp + (60*15)) < time()) { + if (($formtimestamp + (60 * 15)) < time()) { return false; } @@ -631,24 +601,22 @@ class Contenido_Challenge_Crypt_Auth extends Auth return $uid; } - $uid = false; + $uid = false; $perm = false; $pass = false; $sDate = date('Y-m-d'); $this->db->query(sprintf("SELECT user_id, perms, password FROM %s WHERE username = '%s' AND - (valid_from <= '".$sDate."' OR valid_from = '0000-00-00' OR valid_from is NULL) AND - (valid_to >= '".$sDate."' OR valid_to = '0000-00-00' OR valid_to is NULL)", - $this->database_table, - Contenido_Security::escapeDB($username, $this->db) + (valid_from <= '" . $sDate . "' OR valid_from = '0000-00-00' OR valid_from is NULL) AND + (valid_to >= '" . $sDate . "' OR valid_to = '0000-00-00' OR valid_to is NULL)", $this->database_table, Contenido_Security::escapeDB($username, $this->db) )); $sMaintenanceMode = getSystemProperty('maintenance', 'mode'); - while($this->db->next_record()) { - $uid = $this->db->f('user_id'); - $perm = $this->db->f('perms'); - $pass = $this->db->f('password'); ## Password is stored as a md5 hash + while ($this->db->next_record()) { + $uid = $this->db->f('user_id'); + $perm = $this->db->f('perms'); + $pass = $this->db->f('password'); ## Password is stored as a md5 hash $bInMaintenance = false; if ($sMaintenanceMode == 'enabled') { @@ -681,11 +649,8 @@ class Contenido_Challenge_Crypt_Auth extends Auth sleep(5); return false; } else { - $this->db->query(sprintf("SELECT a.group_id AS group_id, a.perms AS perms ". - "FROM %s AS a, %s AS b WHERE a.group_id = b.group_id AND b.user_id = '%s'", - $this->group_table, - $this->member_table, - $uid + $this->db->query(sprintf("SELECT a.group_id AS group_id, a.perms AS perms " . + "FROM %s AS a, %s AS b WHERE a.group_id = b.group_id AND b.user_id = '%s'", $this->group_table, $this->member_table, $uid )); if ($perm != '') { @@ -697,7 +662,7 @@ class Contenido_Challenge_Crypt_Auth extends Auth } if (is_array($gperm)) { - $perm = implode(',',$gperm); + $perm = implode(',', $gperm); } if ($response == '') { ## True when JS is disabled @@ -723,22 +688,22 @@ class Contenido_Challenge_Crypt_Auth extends Auth } } } + } -class Contenido_Frontend_Challenge_Crypt_Auth extends Auth -{ - public $classname = 'Contenido_Frontend_Challenge_Crypt_Auth'; - public $lifetime = 15; - public $magic = 'Frrobo123xxica'; ## Challenge seed +class Contenido_Frontend_Challenge_Crypt_Auth extends Auth { + + public $classname = 'Contenido_Frontend_Challenge_Crypt_Auth'; + public $lifetime = 15; + public $magic = 'Frrobo123xxica'; ## Challenge seed public $database_class = 'DB_Contenido'; public $database_table = ''; public $fe_database_table = ''; - public $group_table = ''; - public $member_table = ''; - public $nobody = true; + public $group_table = ''; + public $member_table = ''; + public $nobody = true; - public function __construct() - { + public function __construct() { global $cfg; $this->database_table = $cfg['tab']['phplib_auth_user_md5']; $this->fe_database_table = $cfg['tab']['frontendusers']; @@ -746,8 +711,7 @@ class Contenido_Frontend_Challenge_Crypt_Auth extends Auth $this->member_table = $cfg['tab']['groupmembers']; } - public function auth_preauth() - { + public function auth_preauth() { global $password; if ($password == '') { @@ -759,23 +723,21 @@ class Contenido_Frontend_Challenge_Crypt_Auth extends Auth return $this->auth_validatelogin(); } - public function auth_loginform() - { + public function auth_loginform() { global $sess, $challenge, $_PHPLIB, $client, $cfgClient; $challenge = md5(uniqid($this->magic)); $sess->register('challenge'); - include($cfgClient[$client]['path']['frontend'].'front_crcloginform.inc.php'); + include($cfgClient[$client]['path']['frontend'] . 'front_crcloginform.inc.php'); } - public function auth_validatelogin() - { + public function auth_validatelogin() { global $username, $password, $challenge, $response, $auth_handlers, $client; - $client = (int)$client; + $client = (int) $client; - if(isset($username)) { + if (isset($username)) { $this->auth['uname'] = $username; ## This provides access for 'loginform.ihtml' } else if ($this->nobody) { ## provides for 'default login cancel' $uid = $this->auth['uname'] = $this->auth['uid'] = 'nobody'; @@ -785,33 +747,29 @@ class Contenido_Frontend_Challenge_Crypt_Auth extends Auth $uid = false; /* Authentification via frontend users */ - $this->db->query(sprintf("SELECT idfrontenduser, password FROM %s WHERE username = '%s' AND idclient='$client' AND active='1'", - $this->fe_database_table, - Contenido_Security::escapeDB(urlencode($username), $this->db) + $this->db->query(sprintf("SELECT idfrontenduser, password FROM %s WHERE username = '%s' AND idclient='$client' AND active='1'", $this->fe_database_table, Contenido_Security::escapeDB(urlencode($username), $this->db) )); if ($this->db->next_record()) { - $uid = $this->db->f('idfrontenduser'); + $uid = $this->db->f('idfrontenduser'); $perm = 'frontend'; $pass = $this->db->f('password'); } if ($uid == false) { /* Authentification via backend users */ - $this->db->query(sprintf("SELECT user_id, perms, password FROM %s WHERE username = '%s'", - $this->database_table, - Contenido_Security::escapeDB($username, $this->db) )); + $this->db->query(sprintf("SELECT user_id, perms, password FROM %s WHERE username = '%s'", $this->database_table, Contenido_Security::escapeDB($username, $this->db))); - while($this->db->next_record()) { - $uid = $this->db->f('user_id'); - $perm = $this->db->f('perms'); - $pass = $this->db->f('password'); ## Password is stored as a md5 hash + while ($this->db->next_record()) { + $uid = $this->db->f('user_id'); + $perm = $this->db->f('perms'); + $pass = $this->db->f('password'); ## Password is stored as a md5 hash if (is_array($auth_handlers)) { if (array_key_exists($pass, $auth_handlers)) { $success = call_user_func($auth_handlers[$pass], $username, $password); if ($success) { - $uid = md5($username); + $uid = md5($username); $pass = md5($password); } } @@ -819,17 +777,14 @@ class Contenido_Frontend_Challenge_Crypt_Auth extends Auth } if ($uid !== false) { - $this->db->query(sprintf("SELECT a.group_id AS group_id, a.perms AS perms ". - "FROM %s AS a, %s AS b WHERE a.group_id = b.group_id AND ". - "b.user_id = '%s'", - $this->group_table, - $this->member_table, - $uid + $this->db->query(sprintf("SELECT a.group_id AS group_id, a.perms AS perms " . + "FROM %s AS a, %s AS b WHERE a.group_id = b.group_id AND " . + "b.user_id = '%s'", $this->group_table, $this->member_table, $uid )); /* Deactivated: Backend user would be sysadmin when logged on as frontend user - * (and perms would be checked), see http://www.contenido.org/forum/viewtopic.php?p=85666#85666 - $perm = 'sysadmin'; */ + * (and perms would be checked), see http://www.contenido.org/forum/viewtopic.php?p=85666#85666 + $perm = 'sysadmin'; */ if ($perm != '') { $gperm[] = $perm; } @@ -839,7 +794,7 @@ class Contenido_Frontend_Challenge_Crypt_Auth extends Auth } if (is_array($gperm)) { - $perm = implode(',',$gperm); + $perm = implode(',', $gperm); } } } @@ -869,13 +824,13 @@ class Contenido_Frontend_Challenge_Crypt_Auth extends Auth } } } + } /** * Registers an external auth handler */ -function register_auth_handler($aHandlers) -{ +function register_auth_handler($aHandlers) { global $auth_handlers; if (!is_array($auth_handlers)) {