Example #1
0
 function UpdateSQL(&$rs, $where = "")
 {
     $sql = "UPDATE " . $this->UpdateTable . " SET ";
     foreach ($rs as $name => $value) {
         if (!isset($this->fields[$name])) {
             continue;
         }
         if (EW_ENCRYPTED_PASSWORD && $name == 'pass') {
             $value = EW_CASE_SENSITIVE_PASSWORD ? ew_EncryptPassword($value) : ew_EncryptPassword(strtolower($value));
         }
         $sql .= $this->fields[$name]->FldExpression . "=";
         $sql .= ew_QuotedValue($value, $this->fields[$name]->FldDataType) . ",";
     }
     while (substr($sql, -1) == ",") {
         $sql = substr($sql, 0, -1);
     }
     $filter = $this->CurrentFilter;
     ew_AddFilter($filter, $where);
     if ($filter != "") {
         $sql .= " WHERE " . $filter;
     }
     return $sql;
 }
Example #2
0
function ew_ComparePassword($pwd, $input)
{
    @(list($crypt, $salt) = explode(":", $pwd, 2));
    if (EW_CASE_SENSITIVE_PASSWORD) {
        if (EW_ENCRYPTED_PASSWORD) {
            return $pwd == ew_EncryptPassword($input, @$salt);
        } else {
            return $pwd == $input;
        }
    } else {
        if (EW_ENCRYPTED_PASSWORD) {
            return $pwd == ew_EncryptPassword(strtolower($input), @$salt);
        } else {
            return strtolower($pwd) == strtolower($input);
        }
    }
}
Example #3
0
function ew_ComparePassword($pwd, $input, $encrypted = FALSE)
{
    if ($encrypted) {
        return $pwd == $input;
    }
    if (preg_match('/^\\$[HP]\\$/', $pwd)) {
        // phpass
        include "passwordhash.php";
        $ar = json_decode(EW_PHPASS_ITERATION_COUNT_LOG2);
        if (is_array($ar)) {
            foreach ($ar as $i) {
                $hasher = new PasswordHash($i, TRUE);
                if ($hasher->CheckPassword($input, $pwd)) {
                    return TRUE;
                }
            }
            return FALSE;
        }
    } elseif (strpos($pwd, ':') !== FALSE) {
        // <hashedstring>:<salt>
        @(list($crypt, $salt) = explode(":", $pwd, 2));
        return $pwd == ew_EncryptPassword($input, $salt);
    } else {
        if (EW_CASE_SENSITIVE_PASSWORD) {
            if (EW_ENCRYPTED_PASSWORD) {
                return $pwd == ew_EncryptPassword($input);
            } else {
                return $pwd == $input;
            }
        } else {
            if (EW_ENCRYPTED_PASSWORD) {
                return $pwd == ew_EncryptPassword(strtolower($input));
            } else {
                return strtolower($pwd) == strtolower($input);
            }
        }
    }
}
Example #4
0
function ew_ComparePassword($pwd, $input)
{
    if (preg_match('/^\\$[HP]\\$/', $pwd)) {
        // phpass
        include "passwordhash.php";
        $hasher = new PasswordHash(10, TRUE);
        return $hasher->CheckPassword($input, $pwd);
    } elseif (strpos($pwd, ':') !== FALSE) {
        // <hashedstring>:<salt>
        @(list($crypt, $salt) = explode(":", $pwd, 2));
        return $pwd == ew_EncryptPassword($input, $salt);
    } else {
        if (EW_CASE_SENSITIVE_PASSWORD) {
            if (EW_ENCRYPTED_PASSWORD) {
                return $pwd == ew_EncryptPassword($input);
            } else {
                return $pwd == $input;
            }
        } else {
            if (EW_ENCRYPTED_PASSWORD) {
                return $pwd == ew_EncryptPassword(strtolower($input));
            } else {
                return strtolower($pwd) == strtolower($input);
            }
        }
    }
}
Example #5
0
 function WriteAuditTrailOnEdit(&$rsold, &$rsnew)
 {
     if (!$this->AuditTrailOnEdit) {
         return;
     }
     $table = 'usuario';
     // Get key value
     $key = "";
     if ($key != "") {
         $key .= $GLOBALS["EW_COMPOSITE_KEY_SEPARATOR"];
     }
     $key .= $rsold['id'];
     // Write Audit Trail
     $dt = ew_StdCurrentDateTime();
     $id = ew_ScriptName();
     $usr = CurrentUserID();
     foreach (array_keys($rsnew) as $fldname) {
         if ($this->fields[$fldname]->FldDataType != EW_DATATYPE_BLOB) {
             // Ignore BLOB fields
             if ($this->fields[$fldname]->FldDataType == EW_DATATYPE_DATE) {
                 // DateTime field
                 $modified = ew_FormatDateTime($rsold[$fldname], 0) != ew_FormatDateTime($rsnew[$fldname], 0);
             } else {
                 $modified = !ew_CompareValue($rsold[$fldname], $rsnew[$fldname]);
             }
             if ($modified) {
                 if ($this->fields[$fldname]->FldDataType == EW_DATATYPE_MEMO) {
                     // Memo field
                     if (EW_AUDIT_TRAIL_TO_DATABASE) {
                         $oldvalue = $rsold[$fldname];
                         $newvalue = $rsnew[$fldname];
                     } else {
                         $oldvalue = "[MEMO]";
                         $newvalue = "[MEMO]";
                     }
                 } elseif ($this->fields[$fldname]->FldDataType == EW_DATATYPE_XML) {
                     // XML field
                     $oldvalue = "[XML]";
                     $newvalue = "[XML]";
                 } else {
                     $oldvalue = $rsold[$fldname];
                     $newvalue = $rsnew[$fldname];
                 }
                 if (!EW_ENCRYPTED_PASSWORD && $fldname == 'contrasenia') {
                     $oldvalue = ew_EncryptPassword($oldvalue);
                     $newvalue = ew_EncryptPassword($newvalue);
                 }
                 ew_WriteAuditTrail("log", $dt, $id, $usr, "U", $table, $fldname, $key, $oldvalue, $newvalue);
             }
         }
     }
 }
Example #6
0
 function WriteAuditTrailOnAdd(&$rs)
 {
     if (!$this->AuditTrailOnAdd) {
         return;
     }
     $table = 'usuario';
     // Get key value
     $key = "";
     if ($key != "") {
         $key .= $GLOBALS["EW_COMPOSITE_KEY_SEPARATOR"];
     }
     $key .= $rs['id'];
     // Write Audit Trail
     $dt = ew_StdCurrentDateTime();
     $id = ew_ScriptName();
     $usr = CurrentUserID();
     foreach (array_keys($rs) as $fldname) {
         if ($this->fields[$fldname]->FldDataType != EW_DATATYPE_BLOB) {
             // Ignore BLOB fields
             if ($this->fields[$fldname]->FldDataType == EW_DATATYPE_MEMO) {
                 if (EW_AUDIT_TRAIL_TO_DATABASE) {
                     $newvalue = $rs[$fldname];
                 } else {
                     $newvalue = "[MEMO]";
                 }
                 // Memo Field
             } elseif ($this->fields[$fldname]->FldDataType == EW_DATATYPE_XML) {
                 $newvalue = "[XML]";
                 // XML Field
             } else {
                 $newvalue = $rs[$fldname];
             }
             if (!EW_ENCRYPTED_PASSWORD && $fldname == 'contrasenia') {
                 $newvalue = ew_EncryptPassword($newvalue);
             }
             ew_WriteAuditTrail("log", $dt, $id, $usr, "A", $table, $fldname, $key, "", $newvalue);
         }
     }
 }