diff -Nur -x png moodle_orig/auth/db/auth.php moodle/auth/db/auth.php
--- moodle_orig/auth/db/auth.php 2008-08-25 18:17:45.000000000 -0600
+++ moodle/auth/db/auth.php 2009-09-15 09:33:24.000000000 -0600
@@ -83,31 +83,41 @@
} else {
// normal case: use external db for passwords
- if ($this->config->passtype === 'md5') { // Re-format password accordingly
- $extpassword = md5($extpassword);
- } else if ($this->config->passtype === 'sha1') {
- $extpassword = sha1($extpassword);
- }
-
- $rs = $authdb->Execute("SELECT * FROM {$this->config->table}
- WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."'
- AND {$this->config->fieldpass} = '".$this->ext_addslashes($extpassword)."' ");
+ $rs = $authdb->Execute("SELECT {$this->config->fieldpass} FROM {$this->config->table}
+ WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."' ");
+// AND {$this->config->fieldpass} = '".$this->ext_addslashes($extpassword)."' ");
if (!$rs) {
$authdb->Close();
print_error('auth_dbcantconnect','auth');
return false;
}
- if (!$rs->EOF) {
- $rs->Close();
- $authdb->Close();
- return true;
- } else {
+ if ($rs->EOF) {
$rs->Close();
$authdb->Close();
return false;
}
+ $fields_obj = rs_fetch_record($rs);
+ $stored_password = $textlib->convert($fields_obj->{$this->config->fieldpass}, $this->config->extencoding, 'utf-8');
+
+ $rs->Close();
+ $authdb->Close();
+
+ if ($this->config->passtype === 'md5') { // Re-format password accordingly
+ $extpassword = md5($extpassword);
+ } else if ($this->config->passtype === 'sha1') {
+ $extpassword = sha1($extpassword);
+ } else if ($this->config->passtype === 'salt') {
+ $extpassword = crypt($extpassword, $stored_password);
+ }
+
+// print "stored_password $stored_password extpassword: $extpassword
\n";
+ if (strcmp($extpassword, $stored_password) == 0) {
+ return true;
+ }
+
+ return false;
}
}
diff -Nur -x png moodle_orig/auth/db/config.html moodle/auth/db/config.html
--- moodle_orig/auth/db/config.html 2007-04-20 20:01:11.000000000 -0600
+++ moodle/auth/db/config.html 2009-09-15 08:39:23.000000000 -0600
@@ -191,6 +191,7 @@
$passtype["plaintext"] = get_string("plaintext", "auth");
$passtype["md5"] = get_string("md5", "auth");
$passtype["sha1"] = get_string("sha1", "auth");
+ $passtype["salt"] = get_string("salt", "auth");
$passtype["internal"] = get_string("internal", "auth");
choose_from_menu($passtype, "passtype", $config->passtype, "");
diff -Nur -x png moodle_orig/lang/en_utf8/auth.php moodle/lang/en_utf8/auth.php
--- moodle_orig/lang/en_utf8/auth.php 2009-03-30 08:59:28.000000000 -0600
+++ moodle/lang/en_utf8/auth.php 2009-09-15 08:57:07.000000000 -0600
@@ -396,6 +396,7 @@
$string['nopasswordchangeforced'] ='You cannot proceed without changing your password, however there is no available page for changing it. Please contact your Moodle Administrator.';
$string['passwordhandling'] = 'Password field handling';
$string['plaintext'] = 'Plain text';
+$string['salt'] = 'Salted Crypt';
$string['selfregistration'] = 'Self registration';
$string['selfregistration_help'] = 'If an authentication plugin, such as email-based self-registration, is selected, then it enables potential users to register themselves and create accounts. This results in the possibility of spammers creating accounts in order to use forum posts, blog entries etc. for spam. To avoid this risk, self-registration should be disabled or limited by Allowed email domains setting.';
$string['sha1'] = 'SHA-1 hash';