cvs: pearweb /public_html rest-login.php: msg#00221

cellog          Fri Jun 22 02:50:47 2007 UTC

  Modified files:              
    /pearweb/public_html        rest-login.php 
  Log:
  use https in example
  allow specifying karma required for valid login
  require registered user to be valid
  remove ability to tell if a user exists
  
http://cvs.php.net/viewvc.cgi/pearweb/public_html/rest-login.php?r1=1.3&r2=1.4&diff_format=u
Index: pearweb/public_html/rest-login.php
diff -u pearweb/public_html/rest-login.php:1.3 
pearweb/public_html/rest-login.php:1.4
--- pearweb/public_html/rest-login.php:1.3      Thu Jun 21 05:00:20 2007
+++ pearweb/public_html/rest-login.php  Fri Jun 22 02:50:47 2007
@@ -15,7 +15,7 @@
  * $user = 'username';
  * $password = 'password';
  * 
- * $salt = file_get_contents('http://pear.php.net/rest-login.php/getsalt');
+ * $salt = file_get_contents('https://pear.php.net/rest-login.php/getsalt');
  * $cookies = array_values(preg_grep('/Set-Cookie:/', $http_response_header));
  * preg_match('/PHPSESSID=(.+); /', $cookies[0], $session);
  * $pass = md5($salt . md5($password));
@@ -25,7 +25,7 @@
  *     'content' => http_build_query(array('username' => $user, 'password' => 
$pass))
  * ));
  * $context = stream_context_create($opts);
- * var_dump(file_get_contents('http://pear.php.net/rest-login.php/validate', 
false, $context));
+ * var_dump(file_get_contents('https://pear.php.net/rest-login.php/validate', 
false, $context));
  * ?>
  * </code>
  * @author Gregory Beaver <cellog@xxxxxxx>
@@ -53,6 +53,11 @@
         if (!isset($_POST['username']) || !isset($_POST['password'])) {
             die('2 Invalid Remote Login');
         }
+        $user = $dbh->getOne('SELECT handle from users WHERE handle=?',
+            array($_POST['username']));
+        if (!$user) {
+            die('7 Invalid Username or Password');
+        }
         $pass = $dbh->getOne('SELECT password from users WHERE handle=?',
             array($_POST['username']));
         if (!$pass) {
@@ -61,6 +66,24 @@
         if (md5($salt . $pass) != $_POST['password']) {
             die('7 Invalid Username or Password');
         }
+        if (!$dbh->getOne('SELECT registered from users WHERE handle=? and 
registered=1',
+              array($_POST['username']))) {
+            die('7 Insufficient priveleges');
+        }
+        if (isset($_POST['karma'])) {
+            if (strpos($_POST['karma'], ',')) {
+                $karma = explode(',', $_POST['karma']);
+            } else {
+                $karma = array($_POST['karma']);
+            }
+            foreach ($karma as $level) {
+                if ($level == $dbh->getOne('SELECT level from karma WHERE 
user=? and level=?',
+                      array($_POST['username'], $level))) {
+                    die('8 Login OK');
+                }
+            }
+            die('7 Insufficient priveleges');
+        }
         die('8 Login OK');
         break;
 }
\ No newline at end of file

-- 
PEAR CVS Mailing List (http://pear.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Previous by Date:	cvs: pearweb / package-index.xml, Greg Beaver
Next by Date:	cvs: CVSROOT / avail /pear avail, Derick Rethans
Previous by Thread:	Re: [PEAR-CORE] Re: [PEAR-CVS] cvs: pearweb /public_html rest-login.php, Gregory Beaver
Next by Thread:	cvs: CVSROOT / avail /pear avail, Derick Rethans
Indexes:	[Date] [Thread] [Top] [All Lists]

<Prev in Thread]	Current Thread	[Next in Thread>