do not allow empty passwords

[syp.git] / inc / db / mysql.php

diff --git a/inc/db/mysql.php b/inc/db/mysql.php
index 043e86d7818b853cd84951f4ae1ec9352e8cd5cf..83836074c05a219b4cc8b033d1b9afe6c5ec573a 100644 (file)
--- a/inc/db/mysql.php
+++ b/inc/db/mysql.php
@@ -54,14 +54,22 @@ class mysqlConnection implements anydbConnection {
         $this->_execute_query ($query);
     }
 
-    public function setpwd ($user_name, $pwd) {
+    public function user_exists ($user_name) {
         $usrname_escaped = mysql_real_escape_string ($user_name);
         $query = sprintf ("SELECT COUNT(*) FROM %susers WHERE name LIKE '%s';",
                         $this->dbprefix, $usrname_escaped);
         $res = mysql_fetch_array ($this->_execute_query ($query), MYSQL_NUM);
-        if ($res [0] == 1) {
+        return ($res [0] == 1);
+    }
+
+    public function setpwd ($user_name, $pwd) {
+        if (strlen ($pwd) == 0) {
+            throw new Exception (anydbConnection::err_query);
+        }
+        $usrname_escaped = mysql_real_escape_string ($user_name);
+        if ($this->user_exists ($user_name)) {
             $query = sprintf ("UPDATE %susers SET pwd='%s' WHERE name like '%s';", 
-                               $this->dbprefix, md5 ($pwd), $usrname_escaped);
+                    $this->dbprefix, md5 ($pwd), $usrname_escaped);
         } else {
             $query = sprintf ("INSERT INTO %susers VALUES ('%s', '%s');", 
                                $this->dbprefix, $usrname_escaped, md5 ($pwd));