| | |
|---|
| | | $db = $rcmail->get_dbh(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if ($err = $db->is_error()) |
|---|
| | | if ($db->is_error()) { |
|---|
| | | return PASSWORD_ERROR; |
|---|
| | | } |
|---|
| | | |
|---|
| | | // crypted password |
|---|
| | | if (strpos($sql, '%c') !== FALSE) { |
|---|
| | |
|---|
| | | $len = 2; |
|---|
| | | break; |
|---|
| | | case 'blowfish': |
|---|
| | | $len = 22; |
|---|
| | | $salt_hashindicator = '$2a$'; |
|---|
| | | $cost = (int) $rcmail->config->get('password_blowfish_cost'); |
|---|
| | | $cost = $cost < 4 || $cost > 31 ? 12 : $cost; |
|---|
| | | $len = 22; |
|---|
| | | $salt_hashindicator = sprintf('$2a$%02d$', $cost); |
|---|
| | | break; |
|---|
| | | case 'sha256': |
|---|
| | | $len = 16; |
|---|
| | |
|---|
| | | |
|---|
| | | if (!$db->is_error()) { |
|---|
| | | if (strtolower(substr(trim($sql),0,6)) == 'select') { |
|---|
| | | if ($result = $db->fetch_array($res)) |
|---|
| | | if ($db->fetch_array($res)) |
|---|
| | | return PASSWORD_SUCCESS; |
|---|
| | | } else { |
|---|
| | | // This is the good case: 1 row updated |
|---|
