php is able to compare password

diff --git a/www/gessql.php b/www/gessql.php
index aed6b8c0f85a50265702f10ebe4238666331a769..bec3ae4dafebe03092b0c571d64b37ec684fe604 100644 (file)
--- a/www/gessql.php
+++ b/www/gessql.php
@@ -38,12 +38,18 @@ while ($proceed==true) {
         $phase=999;     //user unknown, trouble trouble
         }
       break;
-    case 2      :       //extracting user crypted password
-      rou_alert(0,"$OPEP, JMPDBG dbpass=$dbpass");
-      break;
-    case 3      :       //compare crypted password adn given password
+    case 2      :       //'computing' crypted password
+      $idpass=$dbpass;
+      $ptr=strrchr($idpass,'$');
+      if ($ptr!=NULL) 
+        $idpass=substr($idpass,0,strlen($idpass)-strlen($ptr)+1);
+      $coded=crypt($password,$idpass);
+      if (strcmp($dbpass,$coded)!=0) {
+        rou_alert(0,"$OPEP, user=<$logname> wrong password=<$password>");
+        $phase=999;     //bad password 
+        }
       break;
-    case 4      :       //everything fine
+    case 3      :       //everything fine
       $random=(string)rand(0,9999999); 
       $uniqid=uniqid("",true);
       $delay=time()+(24*3600);
@@ -83,7 +89,7 @@ $cookie=htmlspecialchars($cookie);
 $phase=0;
 $proceed=true;
 while ($proceed==true) {
-  rou_alert(0,"$OPEP, JMPDBG phase=$phase");
+  //rou_alert(0,"$OPEP, JMPDBG phase=$phase");
   switch ($phase) {
     case 0      :       //do we have a cookie
       if ($cookie==NULL)

diff --git a/www/mailleur.php b/www/mailleur.php
index 237da88aa8710c369f255e7fd544270a3908f8f5..7177caf46f919083f9f9ab21d81ba4156db4c705 100644 (file)
--- a/www/mailleur.php
+++ b/www/mailleur.php
@@ -16,7 +16,6 @@ function body($logname)
 {
 global $isadmin;
 
-rou_alert(0,"JMPDBG admin=$admin");
 $footer=footer(getenv("APPNAME"));
 $cook=$_COOKIE[getenv("APPNAME")];