function auth($user, $pass, $args)
{
$r = $db_pw = false;
$dsn = access_query("authanydb", 0);
$col_login = access_query("authanydblogincolumn", 0) or $col_login = "******";
$col_pass = access_query("authanydbpasswordcolumn", 0) or $col_pass = "******";
$desc = parse_url($dsn);
$desc["database"] = strtok($desc["path"], "/");
$table = strtok("/");
$dsn = substr($dsn, 0, strrpos($dsn, "/"));
if (function_exists("newadoconnection") && ($db = NewAdoConnection($desc["scheme"])) && $db->connect($desc["host"], $desc["user"], $desc["pass"], $desc["database"])) {
$user = $db->qstr($user);
$SQL = "SELECT {$col_pass} FROM {$table} WHERE {$col_login}={$user}";
if ($row = $db->GetRow($SQL)) {
$db_pw = $row[0];
}
$db->Close();
} elseif (class_exists("DB")) {
$db = DB::connect($dsn);
$user = $db->quoteString($user);
$SQL = "SELECT {$col_pass} FROM {$table} WHERE {$col_login}='{$user}'";
if ($row = $db->getRow($SQL)) {
$db_pw = $row[0];
}
} elseif (function_exists("dbx_connect") && ($db = dbx_connect($desc["scheme"], $desc["host"], $desc["database"], $desc["user"], $desc["pass"]))) {
$user = dbx_escape_string($db, $user);
$SQL = "SELECT {$col_pass} FROM {$table} WHERE {$col_login}='{$user}'";
if ($result = dbx_query($db, $SQL)) {
$db_pw = $result->data[0][0];
}
dbx_close($db);
} else {
techo("mod_auth_anydb: no database interface used (db auth problem?)", NW_EL_WARNING);
return $r = false;
}
$r = strlen($db_pw) && strlen($pass) && ($db_pw == $pass or $db_pw == crypt($pass, substr($db_pw, 0, 2)) or $db_pw == md5($pass));
return $r;
}
/**
* Read string data from database
*/
function read($table, $fields, $where = '')
{
if (count($fields) > 0) {
// Query table for data
$query = 'SELECT `' . dbx_escape_string($this->handle, implode('`,`', $fields)) . '` FROM `' . dbx_escape_string($this->handle, $table) . '`;';
if (isset($where) && !empty($where) && $where != '') {
// Fetch only some
$query = 'SELECT `' . dbx_escape_string($this->handle, implode('`,`', $fields)) . '` FROM `' . dbx_escape_string($this->handle, $table) . '` WHERE ' . dbx_escape_string($this->handle, $where) . ';';
}
echo "[QUERY]: {$query}\n";
$result = dbx_query($this->handle, $query);
if (!is_object($result)) {
die("Error performing READ query.<br />\nError returned: " . dbx_error($this->handle) . "\n");
}
} else {
die("Please select at least one field to read!\n");
}
return $result;
}
function anydb_escape_string($s, $db = "")
{
$db = anydb_handle($db);
$type = anydb_type($db);
if ($type == ANYDB_PEAR) {
$s = $db->quoteString($s);
} elseif ($type == ANYDB_ADO) {
$s = $db->qStr($s);
if ($s[0] = "'") {
$s = substr($s, 1, strlen($s) - 2);
}
} elseif ($type == ANYDB_DBX) {
$s = dbx_escape_string($db, (string) $s);
} elseif ($type == ANYDB_PG) {
$s = pg_escape_string((string) $s);
} elseif ($type == ANYDB_MY) {
$s = mysql_escape_string((string) $s);
} else {
$s = addslashes($s);
}
return $s;
}
/**
* Escape a string so it may be inserted into a query. If SQL statements are being built up and passed using db_query then it is essential that this is used for security reasons. Otherwise, the abstraction layer deals with the situation.
*
* @param string The string
* @return string The escaped string
*/
function db_escape_string($string)
{
global $LAST_SELECT_DB;
if (is_null($LAST_SELECT_DB)) {
return addslashes($string);
}
return dbx_escape_string($LAST_SELECT_DB, $string);
}
