1 |
dashley |
35 |
<?php
|
2 |
|
|
//$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/phplib/passwdx.inc,v 1.2 2006/10/28 23:11:36 dashley Exp $
|
3 |
|
|
//********************************************************************************
|
4 |
|
|
//Copyright (C) 2006 David T. Ashley
|
5 |
|
|
//********************************************************************************
|
6 |
|
|
//This program or source file is free software; you can redistribute it and/or
|
7 |
|
|
//modify it under the terms of the GNU General Public License as published by
|
8 |
|
|
//the Free Software Foundation; either version 2 of the License, or (at your
|
9 |
|
|
//option) any later version.
|
10 |
|
|
//
|
11 |
|
|
//This program or source file is distributed in the hope that it will
|
12 |
|
|
//be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
|
13 |
|
|
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
14 |
|
|
//GNU General Public License for more details.
|
15 |
|
|
//
|
16 |
|
|
//You may have received a copy of the GNU General Public License
|
17 |
|
|
//along with this program; if not, write to the Free Software
|
18 |
|
|
//Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
19 |
|
|
//********************************************************************************
|
20 |
|
|
//Dave Ashley, 04/06
|
21 |
|
|
//
|
22 |
|
|
//This source file provides the code to deal with the manipulation of
|
23 |
|
|
//passwords.
|
24 |
|
|
//
|
25 |
|
|
require_once("passwd.inc");
|
26 |
|
|
require_once("strfunc.inc");
|
27 |
|
|
//
|
28 |
|
|
//--------------------------------------------------------------------------------
|
29 |
|
|
//Parses a field that is purported to be a password entered for the purpose
|
30 |
|
|
//of validating an operation. Returns any warnings, errors, status, etc.
|
31 |
|
|
//
|
32 |
|
|
function PASSWD_operation_validate_a(
|
33 |
|
|
$passwd_in, //Password in.
|
34 |
|
|
$userinfo_in, //Associative array of user information.
|
35 |
|
|
&$validated_out, //TRUE if password validates, FALSE otherwise.
|
36 |
|
|
&$forced_logout_out, //TRUE if should force a logout, FALSE otherwise.
|
37 |
|
|
&$errors_out, //Errors are added to the array.
|
38 |
|
|
&$warnings_out //Warnings are added to the array.
|
39 |
|
|
)
|
40 |
|
|
{
|
41 |
|
|
//Force password to a string.
|
42 |
|
|
$passwd_in = (string)$passwd_in;
|
43 |
|
|
|
44 |
|
|
//Forcibly trim the password down to the allowed characters.
|
45 |
|
|
$passwd_in = STRFUNC_force_into_subset($passwd_in, PASSWD_ALLOWED_CHARS);
|
46 |
|
|
|
47 |
|
|
//Trim blanks from both sides of the password.
|
48 |
|
|
$passwd_in = Trim($passwd_in);
|
49 |
|
|
|
50 |
|
|
//If the password is empty, this represents an omission (rather than a forced logout).
|
51 |
|
|
if (strlen($passwd_in) == 0)
|
52 |
|
|
{
|
53 |
|
|
$errors_out[] = "A password must be supplied in order to complete this operation.";
|
54 |
|
|
$validated_out = FALSE;
|
55 |
|
|
$forced_logout_out = FALSE;
|
56 |
|
|
}
|
57 |
|
|
//Try to validate the password.
|
58 |
|
|
else if (PASSWD_pwd_hash_auth($userinfo_in["pwhash"], $passwd_in))
|
59 |
|
|
{
|
60 |
|
|
//The password has successfully validated.
|
61 |
|
|
$validated_out = TRUE;
|
62 |
|
|
$forced_logout_out = FALSE;
|
63 |
|
|
}
|
64 |
|
|
else
|
65 |
|
|
{
|
66 |
|
|
//Validation has failed.
|
67 |
|
|
$validated_out = FALSE;
|
68 |
|
|
$forced_logout_out = TRUE;
|
69 |
|
|
}
|
70 |
|
|
}
|
71 |
|
|
//
|
72 |
|
|
//--------------------------------------------------------------------------------
|
73 |
|
|
?>
|