From 4244050f540dd6c76d80cf8f6a06c82e2abc2e57 Mon Sep 17 00:00:00 2001 From: "m.fu" Date: Sat, 27 Jun 2009 12:41:12 +0000 Subject: Fixed #437852 by fasdalf@fasdalf.ru : name change is detected and handled properly --- CHANGELOG.txt | 2 +- HTPasswdSync.module | 45 ++++++++++++++++++++++----------------------- README.txt | 16 ++++++++++------ 3 files changed, 33 insertions(+), 30 deletions(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index f48efeb..7dc8153 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -8,7 +8,7 @@ Fixed #437844 by fasdalf@fasdalf.ru : error when deleting one user Fixed #503726 by m.fu: group file no longer contain disabled users Added #503720 by m.fu : option to overwrite htpasswd Fixed #503724 by m.fu : validation of username, must be htpasswd compatible - +Fixed #437852 by fasdalf@fasdalf.ru : name change is detected and handled properly v1.1 bug fix release Fixed #409406 by fasdalf@fasdalf.ru : remove comma in htgroup file diff --git a/HTPasswdSync.module b/HTPasswdSync.module index 61ad54d..a77fb3b 100644 --- a/HTPasswdSync.module +++ b/HTPasswdSync.module @@ -2,6 +2,9 @@ // $Id$ /* * $Log$ + * Revision 1.1.2.4 2009/06/27 12:41:12 mfu + * Fixed #437852 by fasdalf@fasdalf.ru : name change is detected and handled properly + * * Revision 1.1.2.3 2009/06/27 07:22:52 mfu * Fixed #503718 by m.fu : htpassword corruption when enabling/disabling user * Fixed #437904 by fasdalf@fasdalf.ru : group file not generated properly, @@ -230,7 +233,6 @@ //get all users $res = db_query('SELECT username, passwd FROM {htpasswdsync_passwd}, {users} WHERE name=username and status = 1'); while ($r = db_fetch_object($res)) { - firep($r, "htpaswdsync_updatepasswd -- user/pass"); if ($r->passwd == "****DELETED") { unset($passwords[$r->username]); } @@ -252,18 +254,26 @@ */ function _htpasswdsync_update($edit, $account) { - if (isset($edit["pass"])) { - // update with the $account information received - // password crypted with the standard crypt (not MD5) function - $user = $account->name; + if (isset($edit["pass"]) && $edit["pass"] <> "") { + // update with the $account information received + // password crypted with the standard crypt (not MD5) function + $user = $account->name; $pass = _htpasswdsync_crypt($edit['pass']); $passwds[$user] = $pass; //update table db_query("DELETE FROM {htpasswdsync_passwd} WHERE username = '%s'", $user); db_query("INSERT INTO {htpasswdsync_passwd} (username, passwd) VALUES('%s', '%s')", $user, $pass); - _htpasswdsync_updatepasswd(); - _htpasswdsync_updategroup(); + _htpasswdsync_commit_to_htpasswd(); + } + if (isset($edit['name']) && $edit['name'] <> $account->name) { + // we are changing username + $r = db_query("SELECT username,passwd from {htpasswdsync_passwd} WHERE username = '%s'", $account->name); + $user = db_fetch_object($r); + db_query("DELETE FROM {htpasswdsync_passwd} WHERE username = '%s'", $user->username); + db_query("DELETE FROM {htpasswdsync_passwd} WHERE username = '%s'", $edit['name']); + db_query("INSERT INTO {htpasswdsync_passwd} (username, passwd) VALUES('%s', '%s')", $edit['name'], $user->passwd); + _htpasswdsync_commit_to_htpasswd(); } } @@ -286,7 +296,6 @@ function _htpasswdsync_commit_to_htpasswd() { * @return */ function _htpasswdsync_delete_user($username) { - firep ($username, "_htpasswdsync_delete_user(username)"); db_query("DELETE FROM {htpasswdsync_passwd} WHERE username = '%s'", $username); db_query("INSERT INTO {htpasswdsync_passwd} (username, passwd) VALUES('%s', '%s')", $username, "****DELETED"); } @@ -299,8 +308,6 @@ function _htpasswdsync_delete_user($username) { * @return */ function _htpasswdsync_delete($account) { - firep ($account, "_htpasswdsync_delete(account)"); - if (isset($account['accounts'])) { foreach ($account['accounts'] as $a) { $r = db_query("SELECT name FROM {users} WHERE uid = %d", $a); @@ -311,9 +318,8 @@ function _htpasswdsync_delete($account) { elseif (isset($account['_account'])) { _htpasswdsync_delete_user($user->name); } - _htpasswdsync_updatepasswd(); - _htpasswdsync_updategroup(); - } + _htpasswdsync_commit_to_htpasswd(); +} /** * Validate user form input @@ -322,7 +328,7 @@ function _htpasswdsync_delete($account) { * @param $edit field submited * @return none */ -function _htpasswdsync_validate($edit) { +function _htpasswdsync_validate($edit, $account) { if (isset($edit['name'])) { if (ereg('[ :\t]', $edit['name'])) { form_set_error('htpasswdsync', @@ -359,14 +365,6 @@ function htpasswdsync_perm() { * Implementation of hook_user() */ function htpasswdsync_user($op, &$edit, &$account, $category = NULL) { - firep($op, "htpaswdsync_user hook -- op"); - firep($edit, "htpaswdsync_user hook -- edit"); - firep($account, "htpaswdsync_user hook -- account"); - #firep($_htpasswdsync_debugfile); - ## drupal_set_message('
' . $op . '
' . print_r($edit, TRUE) . '
' . print_r($account, TRUE) . '
'); - ##drupal_set_message('' . $op . ''); - ##db_query("INSERT INTO log (a) VALUES('%s')", $op); - switch ($op) { case "delete": _htpasswdsync_delete($edit); @@ -381,7 +379,7 @@ function htpasswdsync_user($op, &$edit, &$account, $category = NULL) { _htpasswdsync_commit_to_htpasswd(); break; case "validate": - _htpasswdsync_validate($edit); + _htpasswdsync_validate($edit, $account); break; } } // function htpasswdsync_user() @@ -532,6 +530,7 @@ function htpasswdsync_requirements($phase) { function htpasswdsync_cron() { $time = variable_get('htpasswdsync_cron_time', 0); + $res = db_query('DELETE FROM {htpasswdsync_passwd} WHERE username NOT IN (SELECT name from {users})'); _htpasswdsync_updatepasswd(); _htpasswdsync_updategroup(); variable_set('htpasswdsync_cron_time', time()); diff --git a/README.txt b/README.txt index 4bdf410..4c3f293 100644 --- a/README.txt +++ b/README.txt @@ -11,14 +11,13 @@ For a full description of the module, visit the project page: To submit bug reports and feature suggestions, or to track changes: http://drupal.org/project/issues/htpasswdsync -The way password are encrypted it only compatible with *nix version of Apache. - - -- REQUIREMENTS -- The syncrhonization only happen on password change. Hence, this module shall be installed before any user creation. +You need to run the cron.php job on a regular basis to ensure old users are +properly cleaned up. -- INSTALLATION -- @@ -47,15 +46,20 @@ installed before any user creation. Crypt works only on Un*x platforms. SHA-1 shall work on bother Windows based systems and Un*xes. - WARNING: changing this value only change the way new or updated password. + WARNING: changing this value only change the way new or updated password + are hashed. You will need to request you users to all change their password - if you want to migrate from only hash to another. + if you want to migrate from one hash to another. - roles The roles you want to export in the htgroup file. - + - overwrite + + Activate if you want to overwrite your htpassword file. I left inactive + htpasswdsync will try its best to keep old entries, but will only try. + -- CUSTOMIZATION -- None. -- cgit v1.2.3