diff options
author | Mike Mason <ms13sp@gmail.com> | 2008-01-29 21:00:05 +0000 |
---|---|---|
committer | Mike Mason <ms13sp@gmail.com> | 2008-01-29 21:00:05 +0000 |
commit | 51821a9b89c2e79a683dcd4ff29b3ffc2921d2e2 (patch) | |
tree | 5eb3ee2707ad3300850d3495cddf01e5017f8c25 /lib/authenticator-plaintext.lua | |
parent | f03106343fdacd4caedfa4315a8cd75ab27a84ac (diff) | |
download | acf-core-51821a9b89c2e79a683dcd4ff29b3ffc2921d2e2.tar.bz2 acf-core-51821a9b89c2e79a683dcd4ff29b3ffc2921d2e2.tar.xz |
Updated changes hopefully meeting most of the security checks/validation items in nangel's list
git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@662 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'lib/authenticator-plaintext.lua')
-rw-r--r-- | lib/authenticator-plaintext.lua | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/lib/authenticator-plaintext.lua b/lib/authenticator-plaintext.lua index 8466ed3..af2ab87 100644 --- a/lib/authenticator-plaintext.lua +++ b/lib/authenticator-plaintext.lua @@ -60,25 +60,28 @@ end -- This function returns true or false, and -- if false: the reason for failure authenticate = function ( self, userid, password ) - password = password or "" - userid = userid or "" - - local t = pvt.parse_authfile(self.conf.confdir .. "/passwd") - - if t == false then - return false, "password file is missing" - else - local id = pvt.get_id (userid, t) - if id == false then - return false, "Userid not found" - end - if id.password ~= password then - return false, "Invalid password" + password = password or "" + userid = userid or "" + + local t = pvt.parse_authfile(self.conf.confdir .. "/passwd") + + if t == false then + return false, "password file is missing" + else + if userid ~= nil then + local id = pvt.get_id (userid, t) + if id == false or id == nil then + return false, "Userid not found" + end + if id.password ~= password then + return false, "Invalid password" + end + else + return false + end + return true end - end - return true - end - +end -- This function returns the username and roles -- or false on an error |