diff -Naur raduser-2.11-downloaded/admin/newuser.php raduser/admin/newuser.php --- raduser-2.11-downloaded/admin/newuser.php 2005-01-29 16:52:05.134713720 +0600 +++ raduser/admin/newuser.php 2005-01-28 14:24:11.468520000 +0600 @@ -61,11 +61,21 @@ $username = sanitize_variable($_REQUEST['username']); $password = sanitize_variable($_REQUEST['password']); + if($user_password_function == 1) + { + $query = "insert into users SET + userName = '$username', + userPassword = password('$password'), + userStatus =1"; // switch back to 0 + } + else + { + $query = "insert into users SET + userName = '$username', + userPassword = md5('$password'), + userStatus =1"; // switch back to 0 - $query = "insert into users SET - userName = '$username', - userPassword = password('$password'), - userStatus =1"; // switch back to 0 + } db_query($query,$con); diff -Naur raduser-2.11-downloaded/inc/config.php raduser/inc/config.php --- raduser-2.11-downloaded/inc/config.php 2005-01-29 16:52:05.138713112 +0600 +++ raduser/inc/config.php 2005-01-28 14:24:11.468520000 +0600 @@ -5,6 +5,9 @@ */ $db_server = "localhost"; +/** + * postgres or mysql? + */ $db_type = "pgsql"; /** @@ -126,5 +129,10 @@ '; //$session_save = 'db'; - + +/** + * set this to 1, if you want to use the password() function to encrypt the + * user's passwords instead of the md5() function when using a mysql db. + */ +$user_password_function=0; ?> diff -Naur raduser-2.11-downloaded/members/common.php raduser/members/common.php --- raduser-2.11-downloaded/members/common.php 2005-01-29 16:52:05.140712808 +0600 +++ raduser/members/common.php 2005-01-28 14:24:11.468520000 +0600 @@ -398,9 +398,16 @@ function change_password($userId,$password) { - global $con; + global $con,$user_password_function; $password = addslashes($password); - $query = "UPDATE users set userPassword= password('$password') WHERE userId=$userId"; + if($user_password_function == 1) + { + $query = "UPDATE users set userPassword= password('$password') WHERE userId=$userId"; + } + else + { + $query = "UPDATE users set userPassword= md5('$password') WHERE userId=$userId"; + } $result = db_query($query); return mysql_errno(); @@ -464,9 +471,19 @@ */ function is_valid($user,$password) { - $query = "SELECT userId FROM users WHERE + global $user_password_function; + + + if($user_password_function == 1) + { + $query = "SELECT userId FROM users WHERE userName = '$user' and userPassword = password('$password') and userStatus > 0"; - + } + else + { + $query = "SELECT userId FROM users WHERE + userName = '$user' and userPassword = md5('$password') and userStatus > 0"; + } $result = db_query($query); error_log(mysql_error()); diff -Naur raduser-2.11-downloaded/members/reminder.php raduser/members/reminder.php --- raduser-2.11-downloaded/members/reminder.php 2005-01-29 16:52:05.142712504 +0600 +++ raduser/members/reminder.php 2005-01-28 14:24:11.468520000 +0600 @@ -27,7 +27,16 @@ function reset_password($newPass, $userName) { - $query = "update users set userPassword = password('$newPass') where username='$userName'"; + global $user_password_function; + + if($user_password_function == 1) + { + $query = "update users set userPassword = password('$newPass') where username='$userName'"; + } + else + { + $query = "update users set userPassword = md5('$newPass') where username='$userName'"; + } $result = db_query($query); return mysql_errno(); } diff -Naur raduser-2.11-downloaded/members/signup.php raduser/members/signup.php --- raduser-2.11-downloaded/members/signup.php 2005-01-29 16:52:05.143712352 +0600 +++ raduser/members/signup.php 2005-01-28 14:24:11.468520000 +0600 @@ -75,11 +75,22 @@ $userStatus = ($validate_email == 0) ? 1 : 0; - - $query = "insert into users SET - userName = '$username', - userPassword = password('$password'), - userStatus =$userStatus"; + + if($user_password_function == 1) + { + $query = "insert into users SET + userName = '$username', + userPassword = password('$password'), + userStatus =$userStatus"; + } + else + { + $query = "insert into users SET + userName = '$username', + userPassword = md5('$password'), + userStatus =$userStatus"; + } + db_query($query,$con);