[dev] Patch for framework: Auth/sql.php

Fri Jan 30 04:08:23 PST 2004

Hi List,

I noticed that if 'showencryption' is set, the encryption type is appended
to the password field.  However Auth/sql.php::_comparePasswords() thinks
that it is prepended instead.

This little patch converts (eg) '|^{crypt}|' to '|{crypt}$|'

Tested on crypt.

Richard



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

######################################################################
This e-mail (and any attachments) is confidential and may contain personal
views which are not the views of Nottingham City Council unless specifically
stated. If you have received it in error, please delete it from your system,
do not use, copy or disclose the information in any way nor act in reliance
on it and notify the sender immediately. Please note that Nottingham City
Council monitors e-mails sent or received. Further communication will
signify your consent to this.
######################################################################
-------------- next part --------------
RCS file: /repository/framework/Auth/Auth/sql.php,v
retrieving revision 1.57
diff -u -r1.57 sql.php

--- sql.php     28 Jan 2004 00:34:00 -0000      1.57
+++ sql.php     30 Jan 2004 11:57:10 -0000
@@ -366,24 +366,24 @@
         switch ($this->_params['encryption']) {
         case 'crypt':
         case 'crypt-des':
-            $encrypted = preg_replace('|^{crypt}|', '', $encrypted);
+            $encrypted = preg_replace('|{crypt}$|', '', $encrypted);
             return $encrypted == crypt($plaintext, substr($encrypted, 0, 2));

         case 'crypt-md5':
-            $encrypted = preg_replace('|^{crypt}|', '', $encrypted);
+            $encrypted = preg_replace('|{crypt}$|', '', $encrypted);
             return $encrypted == crypt($plaintext, substr($encrypted, 0, 12));

         case 'crypt-blowfish':
-            $encrypted = preg_replace('|^{crypt}|', '', $encrypted);
+            $encrypted = preg_replace('|{crypt}$|', '', $encrypted);
             return $encrypted == crypt($plaintext, substr($encrypted, 0, 16));

         case 'ssha':
-            $encrypted = preg_replace('|^{SSHA}|', '', $encrypted);
+            $encrypted = preg_replace('|{SSHA}$|', '', $encrypted);
             $salt = substr($encrypted, -20);
             return $encrypted == base64_encode(mhash(MHASH_SHA1, $plaintext . $salt) . $salt);

         case 'smd5':
-            $encrypted = preg_replace('|^{SMD5}|', '', $encrypted);
+            $encrypted = preg_replace('|{SMD5}$|', '', $encrypted);
             $salt = substr($encrypted, -16);
             return $encrypted == base64_encode(mhash(MHASH_SMD5, $plaintext . $salt) . $salt);
