From: Joey Schulze <joey@infodrom.org>
Date: Thu, 25 Feb 2010 21:35:37 +0000 (+0100)
Subject: Improved handling of passwords (encrypt upon storage, clear when fetched)
X-Git-Tag: 2010-06-02_customer~207
X-Git-Url: https://git.infodrom.org/?p=misc%2Fkostenrechnung;a=commitdiff_plain;h=de9e940505c38dd8e255bbaeec07ca12c5768e55

Improved handling of passwords (encrypt upon storage, clear when fetched)
---

diff --git a/ajax/ajax.php b/ajax/ajax.php
index f095f92..014b213 100644
--- a/ajax/ajax.php
+++ b/ajax/ajax.php
@@ -21,6 +21,8 @@ function fetch($mask)
   foreach ($mask['edit'] as $field => $info)
     if ($info['type'] == 'boolean')
       $row[$field] = $row[$field]?true:false;
+    elseif ($info['type'] == 'passwd')
+      $row[$field] = '';
     elseif (array_key_exists('format', $info))
       $row[$field] = sprintf($info['format'], $row[$field]);
 
@@ -64,6 +66,9 @@ function save($mask)
       $update[] = sprintf("%s=%d", $field, $_POST[$field] == 'on'?1:0);
     } elseif ($info['type'] == 'number') {
       $update[] = sprintf("%s=%d", $field, $_POST[$field]);
+    } elseif ($info['type'] == 'passwd') {
+      if (!empty($_POST[$field]))
+	$update[] = sprintf("%s='%s'", $field, pg_escape_string(passwd($_SESSION['sys']['login'],$_POST[$field])));
     } else {
       $update[] = sprintf("%s='%s'", $field, pg_escape_string($_POST[$field]));
     }
@@ -95,6 +100,11 @@ function insert($mask)
     } elseif ($info['type'] == 'number') {
       $fields[] = $field;
       $values[] = intval($_POST[$field]);
+    } elseif ($info['type'] == 'passwd') {
+      if (!empty($_POST[$field])) {
+	$fields[] = $field;
+	$values[] = sprintf("'%s'", pg_escape_string(passwd($_SESSION['sys']['login'],$_POST[$field])));
+      }
     } else {
       $fields[] = $field;
       $values[] = sprintf("'%s'", pg_escape_string($_POST[$field]));