1 |
<?php
|
2 |
//$Header: /hl/cvsroots/gpl01/gpl01/webprojs/fboprime/sw/phplib/passwdx.inc,v 1.2 2006/10/28 23:11:36 dashley Exp $
|
3 |
//********************************************************************************
|
4 |
//Copyright (C) 2006 David T. Ashley
|
5 |
//********************************************************************************
|
6 |
//This program or source file is free software; you can redistribute it and/or
|
7 |
//modify it under the terms of the GNU General Public License as published by
|
8 |
//the Free Software Foundation; either version 2 of the License, or (at your
|
9 |
//option) any later version.
|
10 |
//
|
11 |
//This program or source file is distributed in the hope that it will
|
12 |
//be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
|
13 |
//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
14 |
//GNU General Public License for more details.
|
15 |
//
|
16 |
//You may have received a copy of the GNU General Public License
|
17 |
//along with this program; if not, write to the Free Software
|
18 |
//Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
19 |
//********************************************************************************
|
20 |
//Dave Ashley, 04/06
|
21 |
//
|
22 |
//This source file provides the code to deal with the manipulation of
|
23 |
//passwords.
|
24 |
//
|
25 |
require_once("passwd.inc");
|
26 |
require_once("strfunc.inc");
|
27 |
//
|
28 |
//--------------------------------------------------------------------------------
|
29 |
//Parses a field that is purported to be a password entered for the purpose
|
30 |
//of validating an operation. Returns any warnings, errors, status, etc.
|
31 |
//
|
32 |
function PASSWD_operation_validate_a(
|
33 |
$passwd_in, //Password in.
|
34 |
$userinfo_in, //Associative array of user information.
|
35 |
&$validated_out, //TRUE if password validates, FALSE otherwise.
|
36 |
&$forced_logout_out, //TRUE if should force a logout, FALSE otherwise.
|
37 |
&$errors_out, //Errors are added to the array.
|
38 |
&$warnings_out //Warnings are added to the array.
|
39 |
)
|
40 |
{
|
41 |
//Force password to a string.
|
42 |
$passwd_in = (string)$passwd_in;
|
43 |
|
44 |
//Forcibly trim the password down to the allowed characters.
|
45 |
$passwd_in = STRFUNC_force_into_subset($passwd_in, PASSWD_ALLOWED_CHARS);
|
46 |
|
47 |
//Trim blanks from both sides of the password.
|
48 |
$passwd_in = Trim($passwd_in);
|
49 |
|
50 |
//If the password is empty, this represents an omission (rather than a forced logout).
|
51 |
if (strlen($passwd_in) == 0)
|
52 |
{
|
53 |
$errors_out[] = "A password must be supplied in order to complete this operation.";
|
54 |
$validated_out = FALSE;
|
55 |
$forced_logout_out = FALSE;
|
56 |
}
|
57 |
//Try to validate the password.
|
58 |
else if (PASSWD_pwd_hash_auth($userinfo_in["pwhash"], $passwd_in))
|
59 |
{
|
60 |
//The password has successfully validated.
|
61 |
$validated_out = TRUE;
|
62 |
$forced_logout_out = FALSE;
|
63 |
}
|
64 |
else
|
65 |
{
|
66 |
//Validation has failed.
|
67 |
$validated_out = FALSE;
|
68 |
$forced_logout_out = TRUE;
|
69 |
}
|
70 |
}
|
71 |
//
|
72 |
//--------------------------------------------------------------------------------
|
73 |
?>
|