function checkCredentials() { $app =& Dataface_Application::getInstance(); if (!$this->authEnabled) { return true; } if (isset($this->delegate) and method_exists($this->delegate, 'checkCredentials')) { return $this->delegate->checkCredentials(); } else { // The user is attempting to log in. $creds = $this->getCredentials(); if (!isset($creds['UserName']) || !isset($creds['Password'])) { // The user did not submit a username of password for login.. trigger error. //trigger_error("Username or Password Not specified", E_USER_ERROR); return false; } import('Dataface/Serializer.php'); $serializer = new Dataface_Serializer($this->usersTable); //$res = mysql_query( $sql = "SELECT `" . $this->usernameColumn . "` FROM `" . $this->usersTable . "`\n\t\t\t\t WHERE `" . $this->usernameColumn . "`='" . addslashes($serializer->serialize($this->usernameColumn, $creds['UserName'])) . "'\n\t\t\t\t AND `" . $this->passwordColumn . "`=" . $serializer->encrypt($this->passwordColumn, "'" . addslashes($serializer->serialize($this->passwordColumn, $creds['Password'])) . "'"); $res = mysql_query($sql, $app->db()); if (!$res) { trigger_error(mysql_error($app->db()), E_USER_ERROR); } if (mysql_num_rows($res) === 0) { return false; } $found = false; while ($row = mysql_fetch_row($res)) { if (strcmp($row[0], $creds['UserName']) === 0) { $found = true; break; } } @mysql_free_result($res); return $found; } }
/** * Wraps the value inside a mysql function to encrypt the input (if the 'crypt') * attribute is selected. */ function encrypt($fieldname, $value = null) { if (!isset($value)) { echo Dataface_Error::printStackTrace(); } if (strpos($fieldname, '.') !== false) { // This is a related field. $table =& $this->_table->getTableTableForField($fieldname); list($relname, $fieldname) = explode('.', $fieldname); $serializer = new Dataface_Serializer($table->tablename); $out = $serializer->encrypt($fieldname, $value); return $out; } $field = $this->_table->getField($fieldname); if (PEAR::isError($field)) { echo $field->getMessage(); echo Dataface_Error::printStackTrace(); exit; } if (isset($field['encryption'])) { switch (strtolower($field['encryption'])) { case 'md5': return 'MD5(' . $value . ')'; case 'password': return 'PASSWORD(' . $value . ')'; case 'sha1': return 'SHA1(' . $value . ')'; case 'encrypt': return 'ENCRYPT(' . $value . ')'; case 'aes_encrypt': return 'AES_ENCRYPT(' . $value . ',\'' . addslashes($field['aes_key']) . '\')'; } } return $value; }
/** * Wraps the value inside a mysql function to encrypt the input (if the 'crypt') * attribute is selected. */ function encrypt($fieldname, $value = null) { if (!isset($value)) { $value = ''; } if (strpos($fieldname, '.') !== false) { // This is a related field. $table =& $this->_table->getTableTableForField($fieldname); list($relname, $fieldname) = explode('.', $fieldname); $serializer = new Dataface_Serializer($table->tablename); $out = $serializer->encrypt($fieldname, $value); return $out; } $field = $this->_table->getField($fieldname); if (PEAR::isError($field)) { error_log($field->getMessage() . "\n" . implode("\n", $field->getBacktrace())); throw new Exception("Failed to encrypt field {$fieldname}. See error log for details.", E_USER_ERROR); } if (isset($field['encryption'])) { switch (strtolower($field['encryption'])) { case 'md5': return 'MD5(' . $value . ')'; case 'password': return 'PASSWORD(' . $value . ')'; case 'sha1': return 'SHA1(' . $value . ')'; case 'encrypt': return 'ENCRYPT(' . $value . ')'; case 'aes_encrypt': return 'AES_ENCRYPT(' . $value . ',\'' . addslashes($field['aes_key']) . '\')'; } } return $value; }