tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2012-08-22 Miguel de Dios <miguel.dedios@artica.es> 

* include/api.php: cleaned source code style.
	
	* include/auth/mysql.php: fixed the access users in the api with or
	without no_login field set.




git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6904 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
mdtrooper 2012-08-22 15:11:44 +00:00
parent 4748c7b1f6
commit e77d6879a0
3 changed files with 44 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pandora_console/ChangeLog
View File

@ -1,3 +1,10 @@
2012-08-22 Miguel de Dios <miguel.dedios@artica.es>
* include/api.php: cleaned source code style.
* include/auth/mysql.php: fixed the access users in the api with or
without no_login field set.
2012-08-21 Miguel de Dios <miguel.dedios@artica.es> 2012-08-21 Miguel de Dios <miguel.dedios@artica.es>
* extras/pandoradb_migrate_4.0.x_to_5.0.postgreSQL.sql, * extras/pandoradb_migrate_4.0.x_to_5.0.postgreSQL.sql,

1
pandora_console/include/api.php
View File

@ -51,6 +51,7 @@ $no_login_msg = "";
if (isInACL($ipOrigin)) { if (isInACL($ipOrigin)) {
if(empty($apiPassword) || (!empty($apiPassword) && $api_password === $apiPassword)) { if(empty($apiPassword) || (!empty($apiPassword) && $api_password === $apiPassword)) {
$user_in_db = process_user_login($user, $password, true); $user_in_db = process_user_login($user, $password, true);
if ($user_in_db !== false) { if ($user_in_db !== false) {
$config['id_user'] = $user_in_db; $config['id_user'] = $user_in_db;
$correctLogin = true; $correctLogin = true;

51
pandora_console/include/auth/mysql.php
View File

@ -83,25 +83,46 @@ function process_user_login ($login, $pass, $api = false) {
// Connect to Database // Connect to Database
switch ($config["dbtype"]) { switch ($config["dbtype"]) {
case "mysql": case "mysql":
$sql = sprintf ("SELECT `id_user`, `password` if (!$api) {
FROM `tusuario` $sql = sprintf ("SELECT `id_user`, `password`
WHERE `id_user` = '%s' AND `not_login` = " . FROM `tusuario`
((int)$api) . " WHERE `id_user` = '%s' AND `not_login` = 0
AND `disabled` = 0", $login); AND `disabled` = 0", $login);
}
else {
$sql = sprintf ("SELECT `id_user`, `password`
FROM `tusuario`
WHERE `id_user` = '%s'
AND `disabled` = 0", $login);
}
break; break;
case "postgresql": case "postgresql":
$sql = sprintf ('SELECT "id_user", "password" if (!$api) {
FROM "tusuario" $sql = sprintf ('SELECT "id_user", "password"
WHERE "id_user" = \'%s\' AND "not_login" = ' . FROM "tusuario"
((int)$api) . ' WHERE "id_user" = \'%s\' AND "not_login" = 0
AND "disabled" = 0', $login); AND "disabled" = 0', $login);
}
else {
$sql = sprintf ('SELECT "id_user", "password"
FROM "tusuario"
WHERE "id_user" = \'%s\'
AND "disabled" = 0', $login);
}
break; break;
case "oracle": case "oracle":
$sql = sprintf ('SELECT id_user, password if (!$api) {
FROM tusuario $sql = sprintf ('SELECT id_user, password
WHERE id_user = \'%s\' AND not_login = ' . FROM tusuario
((int)$api) . ' WHERE id_user = \'%s\' AND not_login = 0
AND disabled = 0', $login); AND disabled = 0', $login);
}
else {
$sql = sprintf ('SELECT id_user, password
FROM tusuario
WHERE id_user = \'%s\'
AND disabled = 0', $login);
}
break; break;
} }
$row = db_get_row_sql ($sql); $row = db_get_row_sql ($sql);