'AuthUserMySQL', with 'mysql' => 'AuthUserDatabase', */ # # Original authuser_dbase.php Release History # =============== # # v.0.1 July, 2005 - Private release # v.0.2 May 31, 3006 - Semi-public release. # v.1.0 ---- -, 2006 - Initial public release. # * I am trying to implement multiple-table support # * Cleaning up for easier use on various sites. # v.1.0.01 July 25, 2006 by akc - fixed 3 typos # v.1.0.02 Aug 03, 2006 by akc - working at last /************************** Edits by Crisses (XES) Purpose: create a stand-alone PmWiki->MySQL authentication system. postgresql support may be added back in. ******************** Installation ******************** Add table to a database. Suggested MySQL, used in this example: CREATE TABLE `pmwiki_users` ( `id` int(11) NOT NULL auto_increment, `username` varchar(30) NOT NULL default '', `password` varchar(60) default NULL, `validatecode` varchar(60) default NULL, `signupdate` date default NULL, `email` varchar(60) default NULL, `validatefield` tinyint(1) default '0', PRIMARY KEY (`id`), UNIQUE KEY `username` (`username`) ) ENGINE=MyISAM AUTO_INCREMENT=24 DEFAULT CHARSET=utf8 Add to config.php: // Set up database settings before calling scripts $AUDBaseDBase = array( 'host' => 'localhost', 'db' => 'pmwiki', 'user' => 'pmwiki_dbase_user', 'password' => 'myPmWikiP@ssW0rd' ); // Must be before the xes_authuser_dbase.php call $AUDBaseTable = array( 'user_table' => 'pmwiki_users', 'user_field' => 'username', 'email' => 'email', 'pw_field' => 'password', 'validate_code' => 'validatecode', 'validate_field' => 'validatefield', 'date_joined' => 'signupdate', ); // Must come before authuser.php call include_once ('cookbook/xes_authuser_dbase.php'); // Must come before authuser.php call $AuthUserFunctions = array('mysql' => 'AuthUserDatabase'); // Must come after the other items! include_once('scripts/authuser.php'); Edit Site.AuthUser and add the following line: mysql: required for AuthUserDatabase See "Usage" (below) for registration forms. ******************** Usage ******************** create sign-up page in Wiki. You can split the forms out to multiple pages if desired: (:messages:) (:title Account Management Page:) (:if !authid:) !!!User Login (:input form {$PageUrl}:) (:input hidden action login:) || Name:||(:input text authid:) || || Password:||(:input password authpw:) || || ||(:input submit value="OK" class="inputbutton":) || (:input end:) ----- (:div style='text-align:justify; float:left; valign:top; width:48%; padding-right:2%;padding-bottom:5px;':) !!!New User Registration (:input form method=post action={$PageUrl} :) (:input hidden name=xes_AuthUser value=addnew:) (:input hidden name=xes_returnUrl value={$PageUrl} :) || Username:||(:input text xes_username size=20:) || || Password:||(:input password xes_password size=20:) || || Repeat Password:||(:input password xes_dupepassword:) || || Email:||(:input text name=xes_email value="email" size=20:) || || ||(:input submit name=post value="New" accesskey=g:) || (:input end:) (:divend:) (:div style='text-align:justify; valign:top; float:left; width:48%; padding-right:2%;padding-bottom:5px;':) !!! Change Password Request An email with a new validation code will be sent to you. (:input form method=post action={$PageUrl} :) (:input hidden name=xes_AuthUser value=reregister:) (:input hidden name=xes_returnUrl value={$PageUrl} :) || Username:||(:input text name=xes_username size=20:) || || Email:||(:input text name=xes_email size=20:) || || New Password:||(:input password xes_newpassword:)|| || Repeat Password:||(:input password xes_dupepassword:)|| || ||(:input submit name=post value="Change" accesskey=g:) || (:input end:) (:divend:) [[<<]] ---- (:ifend:) (:if authid:) You are authenticated as '''{$Author}'''. [[{$FullName}?action=logout | Logout]] !!!Update User Information Change your email address and/or password. (:input form method=post action={$PageUrl} :) (:input hidden name=xes_AuthUser value=update:) (:input hidden name=xes_returnUrl value={$PageUrl} :) || Username:||(:input text name=xes_username size=20:) || || Current Password:||(:input text name=xes_oldpassword size=20:) || || New Password:||(:input text name=xes_newpassword size=20:) (optional) || || Repeat New Password:||(:input password xes_dupepassword:) || || New Email:||(:input text name=xes_newemail size=20:) (optional) || || ||(:input submit name=post value="Go" accesskey=g:) || (:input end:) (:ifend:) Hints & Tips - Put the config.php information AFTER setting $WikiTitle so the emails are automatically configured to say your wiki name ******************** Release History ******************** 0.1.2 2006-10-5 Security Fix 0.1 2006-09-20 Initial xes_authuser_dbase.php beta release - tested only with Triad form - postgresql support definitely broken - some mysql hacks need cleaning up!! - it miraculously works in any case - probably needs to be double-checked on security - nearly everything loops back to the original page, so everything on one page works best ToDo: - Internationalization broken for email body -- needs fixing - Consider adding username to the validation link & query -- valcodes COULD be duped - Warn if using PGSQL that it's broken? - Eventually add in email notice regarding new user registration to admin option - Allow password length, username length, etc. validation - cleaner SQL and database transactioning? **************************/ SDV($AUDBaseEncryption, 'md5'); SDV($AUDBaseDBase, array( 'host' => 'localhost', 'db' => 'pmwiki', 'user' => 'pmwiki_user', 'password' => 'sample', ) ); SDV($AUDBaseConditional, ''); SDV($AUDBaseEngine, 'mysql'); // Criss altered table SDV($AUDBaseTable, array( 'user_table' => 'pmwiki_users', 'user_field' => 'username', 'email' => 'email', 'pw_field' => 'password', 'validate_code' => 'validatecode', 'validate_field' => 'validatefield', 'date_joined' => 'signupdate' ) ); SDV($xAUDBaseValidationCodeLength, 15); SDV($xAUDBaseMsgs, array( "invalid_register_link" => "$[There has been an error in processing your change request. Please check the link in your email or contact the site administrator for assistance.]", "form_error" => "$[There has been an error in form processing. Please alert the admin.]", "user_not_found" => "

$[No user with that name and password found. Please register or try again].

", "email_taken" => "

$[That email is already in our database. If you've forgotten your password, please use the Change Password Request form].

", "addnew_loggedin" => "

$[You are already logged in as a valid user. Please use your current account or log out to create a new account.].

", "username_taken" => "

$[That username is already taken. Please enter another username.]

", "email_invalid" => "

$[Email address appears invalid. Please check the email address or notify the administrator.]

", "update_invalid" => "

$[Username and current password are required. You must also include either a new email address or new password.]

", "password_invalid" => "

$[The old password you entered does not match the password we have on file. Please try again.]

", "user_not_validated" => "

$[I'm sorry, your account isn't validated. Please change details in your account after you've validated your account. Please check your email.]

", "validation_error" => "

$[There was a problem validating your account. Please contact the site administrator.]

", "email_sent" => "$[An email has been sent to you. Please find the email and click on the validation link.]", "password_mismatch" => "$[Your password and it's duplicate don't match. Please-reenter your new password twice.]", "updates_done" => "$[Your information has been updated. Thank you.]", "email_subject" => "$WikiTitle sign-up validation link", "email_msg" => "\nThank you for signing up to $WikiTitle.\n\nPlease click on the following link to complete your registration:\n", "validation_done" => "

$[Thank you for validating.]

" ) ); /********************/ // Criss add-ins /*******************/ //Program Logic // debug statement //xes_sms ($_REQUEST) ; // Debug function function xes_sms($text,$switch=0){ global $MessagesFmt; if ($switch == true || is_array($text)) { $MessagesFmt[] = "
" . print_r($text, true) . "
\n"; } else { $MessagesFmt[] = $text . "
\n"; } } // logic only runs for xes_AuthUser actions if (isset($_REQUEST['xes_AuthUser'])) { foreach($_POST as $key=>$value) xAUDBaseslashmysql($_POST[$key]); // validate & fix visitor-entered post variables: if (($_POST['xes_AuthUser'] == "addnew") && (xAUDBaseFixPosts() === false)) {return false; } else { xAUDBaseFixPosts(0); } switch ($_REQUEST['xes_AuthUser']) { case "addnew": if ($_POST['xes_AuthUser'] == "addnew") xes_AuthUserProcessAddnew(); break; case "update": if ($_POST['xes_AuthUser'] == "update") xes_AuthUserProcessUpdate(); break; case "validate": if ($_GET['xes_AuthUser'] == "validate") xes_AuthUserProcessValidate(); break; case "reregister": if ($_POST['xes_AuthUser'] == "reregister") { xes_AuthUserProcessReRegister(); } else { xes_AuthUserCompleteReRegister(); } break; default: xes_AuthUserFormExit('form_error'); return false; break; } } function xes_AuthUserCompleteReRegister(){ global $AUDBaseTable, $AUDBaseEngine, $AUDBaseEncryption; // validate "xcode" as 32 hexidecimal characters in length $password_valid = preg_match('/^[A-Fa-f0-9]{32}$/', $_GET['xcode']); if (!$password_valid) { xes_AuthUserFormExit('invalid_reregister_link'); return false; } #----------------------------------- # Query Preparation $u = $AUDBaseTable['user_field']; $p = $AUDBaseTable['pw_field']; $t = $AUDBaseTable['user_table']; $e = $AUDBaseTable['email']; $v = $AUDBaseTable['validate_code']; $vf = $AUDBaseTable['validate_field']; // check username & validation code. $ask = "SELECT count(*) as `EXISTS` FROM $t WHERE $u='$_GET[username]' AND $v='$_GET[valcode]'"; $answer = xes_AuthUserQuery($ask); if ($answer === true) { //If valid, then update table with password. $ask = "UPDATE $t SET $v=NULL, $vf='1', $p='$_GET[xcode]' WHERE $u='$_GET[username]'"; $answer = xes_AuthUserQuery($ask, 2); if ($answer >= 1) { xes_AuthUserFormExit('validation_done'); } else { xes_AuthUserFormExit('validation_error'); } } } // case-sensitive string comparison -> compare passwords given? function xAUDBaseComparePasswords($first, $second) { // This function compares two passwords to make sure they're the same, and if not, returns false $result = strcmp($first, $second) ; if ($result != 0) return false; return true; } function xes_AuthUserProcessReRegister () { global $AUDBaseTable, $AUDBaseEngine, $AUDBaseEncryption; #----------------------------------- # Query Preparation $u = $AUDBaseTable['user_field']; $p = $AUDBaseTable['pw_field']; $t = $AUDBaseTable['user_table']; $e = $AUDBaseTable['email']; $d = $AUDBaseTable['date_joined']; $v = $AUDBaseTable['validate_code']; // validate all user-entered data // entered passwords must match if ($_POST['xes_newpassword'] != '') { $p_answer = xAUDBaseComparePasswords($_POST['xes_newpassword'], $_POST['xes_dupepassword']); if (!$p_answer) { xes_AuthUserFormExit('password_mismatch'); return false; } } // validate user - username & email must match account $u_ask = "SELECT count(*) as `EXISTS` from $t where $u='$_POST[xes_username]' AND $e='$_POST[xes_email]'"; $u_answer = xes_AuthUserQuery($u_ask); if (!$u_answer) { xes_AuthUserFormExit('user_not_found'); return false; } // generate new validation code $vcode = xes_AuthUserValidateCode(); // update database with validation code $v_ask = "UPDATE $t SET $v='$vcode' WHERE $u='$_POST[xes_username]'"; $v_answer = xes_AuthUserQuery($v_ask, 2); // Send email if ($v_answer === 1) { xes_AuthUserEmailCode ($_POST['xes_username'], $email, $vcode, 1) ; xes_AuthUserFormExit('email_sent'); } } function xes_AuthUserProcessUpdate () { global $AUDBaseTable, $AUDBaseEngine; // Form validation // Check that there's info to process if (($_POST['xes_username'] == '') || ($_POST['xes_oldpassword'] == '') || ( ($_POST['xes_newpassword'] == '') && ($_POST['xes_newemail'] == '') ) ) { xes_AuthUserFormExit('update_invalid'); return false; } // entered passwords must match if ($_POST['xes_newpassword'] != '') { $p_answer = xAUDBaseComparePasswords($_POST['xes_newpassword'], $_POST['xes_dupepassword']); if (!$p_answer) { xes_AuthUserFormExit('password_mismatch'); return false; } } // Make sure user IS validated if updating record. if (!xes_AuthUserIsValidated($_POST['xes_username'])) { xes_AuthUserFormExit('user_not_validated'); return false; } // If we're going to be updating the email address, make sure it's valid if ($_POST['xes_newemail'] != '') { if (!xAUDBaseValidateEmail($_POST['xes_newemail'])) { xes_AuthUserFormExit('email_invalid'); return false; } } // Check user's password etc. using false as placeholders for unused values if (!AuthUserDatabase(false, $_POST['xes_username'], $_POST['xes_oldpassword'], false)) { xes_AuthUserFormExit('password_invalid'); return false; } if (($_POST['xes_newpassword'] != '') && (!(xAUDBaseComparePasswords($_POST['xes_newpassword'], $_POST['xes_dupepassword'])))) { xes_AuthUserFormExit('password_mismatch'); return false; } #----------------------------------- # Query Preparation $u = $AUDBaseTable['user_field']; $p = $AUDBaseTable['pw_field']; $t = $AUDBaseTable['user_table']; $e = $AUDBaseTable['email']; $d = $AUDBaseTable['date_joined']; // That should be enough validation -- time to update the records -- devise the update query $ask = "UPDATE $t SET "; if ($_POST['xes_newpassword'] != "") { // encrypt password using the format set by user or default global $AUDBaseEncryption; $crypt = $AUDBaseEncryption($_POST['xes_newpassword']); $ask .= "$p = '$crypt' " ; } if (($_POST['xes_newemail'] != "") && ($_POST['xes_newpassword'] != "") ) {$ask .= ", ";} if ($_POST['xes_newemail'] != "") { $ask .= "$e = '$_POST[xes_newemail]' " ;} $ask .= "WHERE $u='$_POST[xes_username]'"; $answer = xes_AuthUserQuery($ask, 2); // userfeedback if ($answer = 1) { xes_AuthUserFormExit('updates_done'); return true; } else { xes_AuthUserFormExit('form_error'); return false; } } // This function adds a new user to the database function xes_AuthUserProcessAddNew () { global $AUDBaseTable, $AUDBaseEngine, $AUDBaseEncryption; // Check this --> need to make sure user IS not(!) validated if adding a record. if (xes_AuthUserIsValidated($_POST['xes_username'])) {xes_AuthUserFormExit('addnew_loggedin'); return false;} // entered passwords must match if ($_POST['xes_password'] != '') { $p_answer = xAUDBaseComparePasswords($_POST['xes_password'], $_POST['xes_dupepassword']); if (!$p_answer) { xes_AuthUserFormExit('password_mismatch'); return false; } } else { xes_AuthUserFormExit('password_mismatch'); return false; } // Validate Email Address if (!xAUDBaseValidateEmail($_POST['xes_email'])) { xes_AuthUserFormExit('email_invalid'); return false;} #----------------------------------- # Query Preparation $u = $AUDBaseTable['user_field']; $p = $AUDBaseTable['pw_field']; $t = $AUDBaseTable['user_table']; $e = $AUDBaseTable['email']; $d = $AUDBaseTable['date_joined']; $v = $AUDBaseTable['validate_code']; // check whether requested email address exists $ask = "SELECT count(*) AS `EXISTS` FROM $t WHERE $e='$_POST[xes_email]'"; $eanswer = xes_AuthUserQuery ($ask); // if email exists, send error to browser if ($eanswer > 0) { xes_AuthUserFormExit ('email_taken'); } // check whether requested username exists $ask = "SELECT count(*) AS `EXISTS` FROM $t WHERE $u='$_POST[xes_username]'"; $uanswer = xes_AuthUserQuery ($ask); // if username exists, send error to browser, ask for new username if ($uanswer > 0) { xes_AuthUserFormExit ('username_taken'); } // if neither username or email exist, add user if ((!$uanswer) && (!$eanswer)) { global $xAUDBaseValidationCodeLength; // generate a random validation code $vcode = xes_AuthUserValidateCode($xAUDBaseValidationCodeLength); // encrypt password using the encryption format $crypt = $AUDBaseEncryption($_POST['xes_password']); // Add new user to database with validation code $ask = "INSERT INTO $t ($u, $e, $p, $v, $d) VALUES ('$_POST[xes_username]', '$_POST[xes_email]', '$crypt', '$vcode', NOW() )"; // run query, grab number of rows affected $answer = xes_AuthUserQuery($ask, 2); // Send out email with validation code // can check $answer, send email, and send message to browser if ($answer == 1) { xes_AuthUserEmailCode($_POST['xes_username'], $_POST['xes_email'], $vcode); xes_AuthUserFormExit('email_sent'); }; } } // This function sends out emails, whether for first validation or re-validation function xes_AuthUserEmailCode ($username, $email, $vcode, $revalidate=0) { global $xAUDBaseMsgs, $ScriptUrl, $pagename, $AUDBaseEncryption; // create validation URL if ($revalidate == 0) { $url = $ScriptUrl . "?n=$pagename&xes_username=$username&xes_AuthUser=validate&valcode=$vcode"; } else { $crypt = $AUDBaseEncryption($_POST['xes_newpassword']); $uencuser = urlencode($username); $url = $ScriptUrl . "?n=$pagename&xes_AuthUser=reregister&username=$uencuser&valcode=$vcode&xcode=$crypt"; } $body = $username . ": \n\n$xAUDBaseMsgs[email_msg]\n" . $url; //may want to add a from line later $from = ""; return (mail($email, $xAUDBaseMsgs['email_subject'], $body )); } // Protecting servers from SQL injections -- or at least trying // addslashes is not good enough -- strip the slashes and use the database's own method of escaping. function xAUDBaseFixPosts() { global $AUDBaseEngine; $slash = "xAUDBaseslash$AUDBaseEngine"; if (get_magic_quotes_gpc()) { foreach ($_POST as $key=>$value) { $_POST[$key]= trim(stripslashes($value)); } } $_POST['xes_username'] = $slash($_POST['xes_username']); $_POST['xes_email'] = $slash($_POST['xes_email']); } //Uses built-in mysql sql-injection protection mechanisms. Requires connection to mysql. function xAUDBaseslashmysql(&$value) { global $AUDBaseDBase; if (!isset($AUDBaseDBase['connect'])) {AuthUserConnectmysql();}; $value = mysql_real_escape_string($value,$AUDBaseDBase['connect']); return $value; } // Note that PGSQL is broken! This is more a placeholder for the proper function function xAUDBaseslashpgsql($value) { $value = pg_escape_string($value); } //Should check for valid email addresses including ones with abnormal but valid characters function xAUDBaseValidateEmail ($email) { // This may look like a rather loose email validator, but if you look at RFPs // for real valid email addresses, it's pretty scary what people can put in email // addresses and then there's .info, .name, .museum and a bunch of .com.au etc. // and oddest of all is name@[127.0.0.1] type addresses. $lastdot = strrpos($email, '.'); $amp = strrpos($email, '@'); $length = strlen($email); if ( ($lastdot === false) || (!(substr_count($email, '@')==1)) || ($amp === 0) || ($amp === false) || ($length === false) || (($lastdot - $amp) < 3) || (($length - $lastdot) < 3) ) { $return = false; } else { $return = true; } return $return; } // Quick check to see if the user has already validated their account function xes_AuthUserIsValidated ($username) { global $AUDBaseTable; #----------------------------------- # Query Preparation $u = $AUDBaseTable['user_field']; $t = $AUDBaseTable['user_table']; $vf = $AUDBaseTable['validate_field']; // return true/false on whether a user is validated -- no need to check password, etc. $ask = "select $vf as 'EXISTS' from $t where $u = '$username'"; $answer = xes_AuthUserQuery ($ask); return $answer; } // Customized query function based on pre-existing authuser_dbase.php's query/function format // Flags added to influence return values: previous functions only return boolean. function xes_AuthUserQuery ($ask, $flag=1) { global $AUDBaseEngine, $AUDBaseDBase; #----------------------------------- # Database Switch switch($AUDBaseEngine) { case 'mysql' : $answer = AuthUserMySQL($ask, $flag); break; case 'pgsql' : $answer = AuthUserPgSQL($ask); break; default : $answer = AuthUserMySQL($ask); break; } if ($flag == 2) {$answer = mysql_affected_rows($AUDBaseDBase['connect']);} return $answer; } // Process a request to validate the user - from link in email using GET values function xes_AuthUserProcessValidate () { global $AUDBaseTable; // Note: Consider adding username to the link & query -- valcodes COULD be duped #----------------------------------- # Query Preparation $u = $AUDBaseTable['user_field']; $t = $AUDBaseTable['user_table']; $v = $AUDBaseTable['validate_code']; $vf = $AUDBaseTable['validate_field']; $ask = "SELECT count(*) as `EXISTS` FROM $t WHERE $v ='$_GET[valcode]'"; $count = xes_AuthUserQuery($ask); if ($count == 1) { $ask = "UPDATE $t SET $v=NULL, $vf=1 WHERE $v ='$_GET[valcode]'"; $answer = xes_AuthUserQuery($ask, 2); if ($answer >= 1) { xes_AuthUserFormExit('validation_done'); } else { xes_AuthUserFormExit('validation_error'); } } } // Process errors and send them to the browser PmWiki-style function xes_AuthUserFormExit ($type) { global $MessagesFmt, $xAUDBaseMsgs; $MessagesFmt[] = $xAUDBaseMsgs[$type]; return true; } // Create random alphanumeric code function xes_AuthUserValidateCode ($length=20) { //Borrowed and hacked from Author: Peter Mugane Kionga-Kamau //http://www.pmkmedia.com //code found at http://codewalkers.com/seecode/279.html //"Modify at will." $from = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; for ($i=0; $i<$length; $i++) $key .= $from[(mt_rand(0,(strlen($from)-1)))]; return $key; } /*************************************************** // ORIGINAL AuthUserDatabase Functions -- mods noted ****************************************************/ function AuthUserDBaseError($t, $e) { $msg = array( 'query' => "Could not successfully run query (\$ask) from DB: ", 'dbase' => "Unable to select database \$AUDBaseDBase[db]: ", 'conn' => "Could not connect: ", ); die($msg[$t] . $e); } function AuthUserPgSQL($ask) { global $AUDBaseDBase; pg_connect( "host=$AUDBaseDBase[host] " . "dbname=$AUDBaseDBase[db] " . "user=$AUDBaseDBase[user] " . "password=$AUDBaseDBase[password]" ) or AuthUserDBaseError('conn',pg_last_error()); $result = pg_fetch_assoc($ask) or AuthUserDBaseError('query',mysql_error()); return ($result['authorized']); } function AuthUserConnectmysql() { global $AUDBaseDBase; $AUDBaseDBase['connect'] = mysql_connect( $AUDBaseDBase['host'], $AUDBaseDBase['user'], $AUDBaseDBase['password'] ) or AuthUserDBaseError('conn',mysql_error()); @mysql_select_db($AUDBaseDBase['db']) or AuthUserDBaseError('dbase',mysql_error()); } function AuthUserMySQL($ask, $type=1) { global $AUDBaseDBase; $AUDBaseDBase['connect'] = mysql_connect( $AUDBaseDBase['host'], $AUDBaseDBase['user'], $AUDBaseDBase['password'] ) or AuthUserDBaseError('conn',mysql_error()); @mysql_select_db($AUDBaseDBase['db']) or AuthUserDBaseError('dbase',mysql_error()); $result = mysql_query($ask) or AuthUserDBaseError('query',mysql_error()); if($type == 1 && (@mysql_num_rows($result) > 0)) { $row = mysql_fetch_array($result); return ($row['EXISTS']) ? true : false; } elseif (@mysql_num_rows($result) == 0) { return false; } elseif (@mysql_insert_id()) { return mysql_insert_id(); } } // Altered by Criss (XES) function AuthUserDatabase($pagename, $id, $pw, $pwlist) { global $AUDBaseTable, $AUDBaseEncryption, $AUDBaseConditional, $AUDBaseEngine; #----------------------------------- # Encryption Switch switch($AUDBaseEncryption) { case 'md5' : $pw = md5($pw); break; case 'sha1' : $pw = sha1($pw); break; default : $pw = md5($pw); break; } #----------------------------------- # Query Preparation $u = $AUDBaseTable['user_field']; $p = $AUDBaseTable['pw_field']; $t = $AUDBaseTable['user_table']; $vf = $AUDBaseTable['validate_field']; // Altered by Criss (XES) $w = $AUDBaseConditional; $n = $AUDBaseEncryption; // Query altered to include checking if user is validated, // also added explicit variable calls {} due to a debug $ask = "SELECT count(*) AS `EXISTS` FROM {$t} WHERE {$u}='{$id}' AND {$p}='{$pw}' AND {$vf}=1 {$w};"; #----------------------------------- # Database Switch switch($AUDBaseEngine) { case 'mysql' : $answer = AuthUserMySQL($ask); break; case 'pgsql' : $answer = AuthUserPgSQL($ask); break; default : $answer = AuthUserMySQL($ask); break; } return ($answer) ? true : false; return false; } // Original commented out form was part of original authuser_dbase.php #$AuthForm =<< # # # # # # # # #
Name:
Password:
# #
# # # #AUTHFORM; #$AuthPromptFmt = array(&$PageStartFmt, $AuthForm, &$PageEndFmt);