From fe8646d7ef7910dc50a7a39ff3754afdd5d92a0b Mon Sep 17 00:00:00 2001 From: Angel Fernando Quiroz Campos Date: Sun, 5 Jul 2015 22:38:21 -0500 Subject: [PATCH 1/2] Fix valid user for web service - refs #7338 --- main/inc/lib/webservices/WebService.class.php | 25 +++---------------- 1 file changed, 4 insertions(+), 21 deletions(-) diff --git a/main/inc/lib/webservices/WebService.class.php b/main/inc/lib/webservices/WebService.class.php index 114b2e69df..c3f8122512 100644 --- a/main/inc/lib/webservices/WebService.class.php +++ b/main/inc/lib/webservices/WebService.class.php @@ -45,28 +45,11 @@ abstract class WebService return false; } - $userTable = Database::get_main_table(TABLE_MAIN_USER); + $user = UserManager::getRepository()->findOneBy([ + 'username' => $username + ]); - $whereConditions = array( - "username = '?' " => $username, - "AND password = '?'" => sha1($password) - ); - - $conditions = array( - 'where' => $whereConditions - ); - - $table = Database::select('count(1) as qty', $userTable, $conditions); - - if ($table != false) { - $row = current($table); - - if ($row['qty'] > 0) { - return true; - } - } - - return false; + return UserManager::isPasswordValid($password, $user); } } From 8220115c70968e779d4a9fe5f4f52b3743320a17 Mon Sep 17 00:00:00 2001 From: Angel Fernando Quiroz Campos Date: Sun, 5 Jul 2015 23:58:27 -0500 Subject: [PATCH 2/2] Fix valid user password when username doesn't exists - refs #7338 --- main/inc/lib/webservices/WebService.class.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/main/inc/lib/webservices/WebService.class.php b/main/inc/lib/webservices/WebService.class.php index c3f8122512..fc6efb2d10 100644 --- a/main/inc/lib/webservices/WebService.class.php +++ b/main/inc/lib/webservices/WebService.class.php @@ -49,6 +49,10 @@ abstract class WebService 'username' => $username ]); + if (empty($user)) { + return false; + } + return UserManager::isPasswordValid($password, $user); }