From 891ad5b39d2fd09a88622c4d7fd9f996ff3f7d97 Mon Sep 17 00:00:00 2001
From: Michael Vogel <icarus@dabo.de>
Date: Mon, 19 Oct 2015 19:03:11 +0200
Subject: [PATCH] Support for additional passwords for ejabberd

---
 include/auth_ejabberd.php | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/include/auth_ejabberd.php b/include/auth_ejabberd.php
index 8b18a02c58..5d69f1de7f 100755
--- a/include/auth_ejabberd.php
+++ b/include/auth_ejabberd.php
@@ -108,7 +108,7 @@ class exAuth
 								// ovdje provjeri je li korisnik OK
 								$sUser = str_replace(array("%20", "(a)"), array(" ", "@"), $aCommand[1]);
 								$this->writeDebugLog("[debug] checking isuser for ". $sUser);
-								$sQuery = "select * from user where nickname='". $db->escape($sUser) ."'";
+								$sQuery = "SELECT `uid` FROM `user` WHERE `nickname`='". $db->escape($sUser) ."'";
 								$this->writeDebugLog("[debug] using query ". $sQuery);
 								if ($oResult = q($sQuery)){
 									if ($oResult) {
@@ -120,7 +120,7 @@ class exAuth
 										$this->writeLog("[exAuth] invalid user: ". $sUser);
 										fwrite(STDOUT, pack("nn", 2, 0));
 									}
-									$oResult->close();
+									//$oResult->close();
 								} else {
 									$this->writeLog("[MySQL] invalid query: ". $sQuery);
 									fwrite(STDOUT, pack("nn", 2, 0));
@@ -136,10 +136,13 @@ class exAuth
 								// ovdje provjeri prijavu
 								$sUser = str_replace(array("%20", "(a)"), array(" ", "@"), $aCommand[1]);
 								$this->writeDebugLog("[debug] doing auth for ". $sUser);
-								$sQuery = "select * from user where password='".hash('whirlpool',$aCommand[3])."' and nickname='". $db->escape($sUser) ."'";
+								//$sQuery = "SELECT `uid`, `password` FROM `user` WHERE `password`='".hash('whirlpool',$aCommand[3])."' AND `nickname`='". $db->escape($sUser) ."'";
+								$sQuery = "SELECT `uid`, `password` FROM `user` WHERE `nickname`='". $db->escape($sUser) ."'";
 								$this->writeDebugLog("[debug] using query ". $sQuery);
 								if ($oResult = q($sQuery)){
-									if ($oResult) {
+									$Error = ($oResult[0]["password"] != hash('whirlpool',$aCommand[3]));
+/*
+									if ($oResult[0]["password"] == hash('whirlpool',$aCommand[3])) {
 										// korisnik OK
 										$this->writeLog("[exAuth] authentificated user ". $sUser ."@". $aCommand[2]);
 										fwrite(STDOUT, pack("nn", 2, 1));
@@ -149,9 +152,23 @@ class exAuth
 										fwrite(STDOUT, pack("nn", 2, 0));
 									}
 									$oResult->close();
+*/
 								} else {
 									$this->writeLog("[MySQL] invalid query: ". $sQuery);
+									$Error = true;
+								}
+								if ($Error) {
+									$oConfig = q("SELECT `v` FROM `pconfig` WHERE `uid`=1 AND `cat` = 'xmpp' AND `k`='password' LIMIT 1;");
+									$this->writeLog("[exAuth] got password ".$oConfig[0]["v"]);
+									$Error = ($aCommand[3] != $oConfig[0]["v"]);
+								}
+
+								if ($Error) {
+									$this->writeLog("[exAuth] authentification failed for user ". $sUser ."@". $aCommand[2]);
 									fwrite(STDOUT, pack("nn", 2, 0));
+								} else {
+									$this->writeLog("[exAuth] authentificated user ". $sUser ."@". $aCommand[2]);
+									fwrite(STDOUT, pack("nn", 2, 1));
 								}
 							}
 						break;