projects
/
misc
/
kostenrechnung
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
a8acfd9
)
Improved handling of passwords (encrypt upon storage, clear when fetched)
author
Joey Schulze
<joey@infodrom.org>
Thu, 25 Feb 2010 21:35:37 +0000
(22:35 +0100)
committer
Joey Schulze
<joey@infodrom.org>
Thu, 25 Feb 2010 21:35:37 +0000
(22:35 +0100)
ajax/ajax.php
patch
|
blob
|
history
diff --git
a/ajax/ajax.php
b/ajax/ajax.php
index
f095f92
..
014b213
100644
(file)
--- a/
ajax/ajax.php
+++ b/
ajax/ajax.php
@@
-21,6
+21,8
@@
function fetch($mask)
foreach ($mask['edit'] as $field => $info)
if ($info['type'] == 'boolean')
$row[$field] = $row[$field]?true:false;
foreach ($mask['edit'] as $field => $info)
if ($info['type'] == 'boolean')
$row[$field] = $row[$field]?true:false;
+ elseif ($info['type'] == 'passwd')
+ $row[$field] = '';
elseif (array_key_exists('format', $info))
$row[$field] = sprintf($info['format'], $row[$field]);
elseif (array_key_exists('format', $info))
$row[$field] = sprintf($info['format'], $row[$field]);
@@
-64,6
+66,9
@@
function save($mask)
$update[] = sprintf("%s=%d", $field, $_POST[$field] == 'on'?1:0);
} elseif ($info['type'] == 'number') {
$update[] = sprintf("%s=%d", $field, $_POST[$field]);
$update[] = sprintf("%s=%d", $field, $_POST[$field] == 'on'?1:0);
} elseif ($info['type'] == 'number') {
$update[] = sprintf("%s=%d", $field, $_POST[$field]);
+ } elseif ($info['type'] == 'passwd') {
+ if (!empty($_POST[$field]))
+ $update[] = sprintf("%s='%s'", $field, pg_escape_string(passwd($_SESSION['sys']['login'],$_POST[$field])));
} else {
$update[] = sprintf("%s='%s'", $field, pg_escape_string($_POST[$field]));
}
} else {
$update[] = sprintf("%s='%s'", $field, pg_escape_string($_POST[$field]));
}
@@
-95,6
+100,11
@@
function insert($mask)
} elseif ($info['type'] == 'number') {
$fields[] = $field;
$values[] = intval($_POST[$field]);
} elseif ($info['type'] == 'number') {
$fields[] = $field;
$values[] = intval($_POST[$field]);
+ } elseif ($info['type'] == 'passwd') {
+ if (!empty($_POST[$field])) {
+ $fields[] = $field;
+ $values[] = sprintf("'%s'", pg_escape_string(passwd($_SESSION['sys']['login'],$_POST[$field])));
+ }
} else {
$fields[] = $field;
$values[] = sprintf("'%s'", pg_escape_string($_POST[$field]));
} else {
$fields[] = $field;
$values[] = sprintf("'%s'", pg_escape_string($_POST[$field]));