azhurb · June 27, 2012 14:46
diff --git a/Improved_authorization_(issue_#931).patch b/Improved_authorization_(issue_#931).patch
 Index: server/tools/auth_simple.php
 IDEA additional info:
 Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
 <+>UTF-8
 ===================================================================
 --- server/tools/auth_simple.php	(revision 3059)
 +++ server/tools/auth_simple.php	(revision )
 @@ -10,7 +10,12 @@
 $login    = $_REQUEST['login'];
 $password = $_REQUEST['password'];
 
 -$user = Mysql::getInstance()->from('users')->where(array('login' => $login, 'password' => $password, 'mac' => ''))->get()->first();
 +$possible_user = Mysql::getInstance()->from('users')->where(array('login' => $login, 'mac' => ''))->get()->first();
 +
 +if ((strlen($possible_user['password']) == 32 && md5(md5($password).$possible_user['id']) == $possible_user['password'])
 +    || (strlen($possible_user['password']) < 32 && $password == $possible_user['password'])){
 +    $user = $possible_user;
 +}
 
 if (empty($user)){
     echo error("User not exist or login-password mismatch");
 \ No newline at end of file
 Index: server/lib/stb.class.php
 IDEA additional info:
 Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
 <+>UTF-8
 ===================================================================
 --- server/lib/stb.class.php	(revision 3102)
 +++ server/lib/stb.class.php	(revision )
 @@ -354,9 +354,16 @@
             }
         }
 
 -        return Mysql::getInstance()->insert('users', $data)->insert_id();
 +        $user_id = Mysql::getInstance()->insert('users', $data)->insert_id();
 +
 +        if ($user_id && !empty($data['password'])){
 +            $password = md5(md5($data['password']).$user_id);
 +            Mysql::getInstance()->update('users', array('password' => $password), array('id' => $user_id));
 -    }
 -    
 +        }
 +
 +        return $user_id;
 +    }
 +    
     private function initProfile($login = null, $password = null){
 
         if (empty($login)){
 @@ -375,8 +382,7 @@
                     'mac'  => $this->mac,
                     'name' => substr($this->mac, 12, 16)),
                 array(
 -                     'login'    => $login,
 -                     'password' => $password));
 +                     'login' => $login));
 
             $uid = intval(Mysql::getInstance()->from('users')->where(array('mac' => $this->mac))->get()->first('id'));
         }
 \ No newline at end of file
	Index: server/tools/auth_simple.php
	IDEA additional info:
	Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
	<+>UTF-8
	===================================================================
	--- server/tools/auth_simple.php (revision 3059)
	+++ server/tools/auth_simple.php (revision )
	@@ -10,7 +10,12 @@
	$login = $_REQUEST['login'];
	$password = $_REQUEST['password'];

	-$user = Mysql::getInstance()->from('users')->where(array('login' => $login, 'password' => $password, 'mac' => ''))->get()->first();
	+$possible_user = Mysql::getInstance()->from('users')->where(array('login' => $login, 'mac' => ''))->get()->first();
	+
	+if ((strlen($possible_user['password']) == 32 && md5(md5($password).$possible_user['id']) == $possible_user['password'])
	+ \|\| (strlen($possible_user['password']) < 32 && $password == $possible_user['password'])){
	+ $user = $possible_user;
	+}

	if (empty($user)){
	echo error("User not exist or login-password mismatch");
	\ No newline at end of file
	Index: server/lib/stb.class.php
	IDEA additional info:
	Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
	<+>UTF-8
	===================================================================
	--- server/lib/stb.class.php (revision 3102)
	+++ server/lib/stb.class.php (revision )
	@@ -354,9 +354,16 @@
	}
	}

	- return Mysql::getInstance()->insert('users', $data)->insert_id();
	+ $user_id = Mysql::getInstance()->insert('users', $data)->insert_id();
	+
	+ if ($user_id && !empty($data['password'])){
	+ $password = md5(md5($data['password']).$user_id);
	+ Mysql::getInstance()->update('users', array('password' => $password), array('id' => $user_id));
	- }
	-
	+ }
	+
	+ return $user_id;
	+ }
	+
	private function initProfile($login = null, $password = null){

	if (empty($login)){
	@@ -375,8 +382,7 @@
	'mac' => $this->mac,
	'name' => substr($this->mac, 12, 16)),
	array(
	- 'login' => $login,
	- 'password' => $password));
	+ 'login' => $login));

	$uid = intval(Mysql::getInstance()->from('users')->where(array('mac' => $this->mac))->get()->first('id'));
	}
	\ No newline at end of file
No results found