From c48c80a5ddd6e430962ed92ca29edce6d76a6dbb Mon Sep 17 00:00:00 2001
From: Ben Klang <ben@alkaloid.net>
Date: Sat, 2 Jan 2010 13:07:50 -0500
Subject: [PATCH] Shout: Fixes to saving device information

* Fix password generation bug in Shout#genDeviceAuth()
* Shorten the generated auth ID for ease of use
* Ensure the device ID gets stored to the SQL backend if changed
---
 shout/lib/Driver/Sql.php | 27 ++++++++++++++-------------
 shout/lib/Shout.php      |  3 +--
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/shout/lib/Driver/Sql.php b/shout/lib/Driver/Sql.php
index 7bc69b845..5ee64686a 100644
--- a/shout/lib/Driver/Sql.php
+++ b/shout/lib/Driver/Sql.php
@@ -140,33 +140,34 @@ class Shout_Driver_Sql extends Shout_Driver
         // See getDevices() for an explanation of these conversions
         $details['alias'] = $details['name'];
         $details['name'] = $details['devid'];
+        unset($details['devid']);
         $details['mailbox'] .= '@' . $context;
 
+        // Prepare the SQL query and arguments
+        $args = array(
+            $details['name'],
+            $context,
+            $details['callerid'],
+            $details['mailbox'],
+            $details['password'],
+            $details['alias'],
+        );
         if (!empty($devid)) {
             // This is an edit
             $details['name'] = $details['devid'];
-            $sql = 'UPDATE %s SET accountcode = ?, callerid = ?, ' .
+            $sql = 'UPDATE %s SET name = ?, accountcode = ?, callerid = ?, ' .
                    'mailbox = ?, secret = ?, alias = ?, canreinvite = "no", ' .
                    'nat = "yes", type = "peer" WHERE name = ?';
+            $args[] = $devid;
         } else {
             // This is an add.  Generate a new unique ID and secret
-            $sql = 'INSERT INTO %s (accountcode, callerid, mailbox, ' .
-                   'secret, alias, name, canreinvite, nat, type) ' .
+            $sql = 'INSERT INTO %s (name, accountcode, callerid, mailbox, ' .
+                   'secret, alias, canreinvite, nat, type) ' .
                    'VALUES (?, ?, ?, ?, ?, ?, "no", "yes", "peer")';
 
         }
-
         $sql = sprintf($sql, $this->_params['table']);
 
-        $args = array(
-            $context,
-            $details['callerid'],
-            $details['mailbox'],
-            $details['password'],
-            $details['alias'],
-            $details['name'],
-        );
-
         $msg = 'SQL query in Shout_Driver_Sql#saveDevice(): ' . $sql;
         Horde::logMessage($msg, __FILE__, __LINE__, PEAR_LOG_DEBUG);
         $sth = $this->_write_db->prepare($sql);
diff --git a/shout/lib/Shout.php b/shout/lib/Shout.php
index bce4144a4..09edcb6b1 100644
--- a/shout/lib/Shout.php
+++ b/shout/lib/Shout.php
@@ -155,8 +155,7 @@ class Shout
      */
     static public function genDeviceAuth($context)
     {
-        $devid = uniqid($context);
-        $password = uudecode(md5(uniqid(mt_rand(), true)));
+        $devid = $context . substr(uniqid(), 6);
 
         // This simple password generation algorithm inspired by Jon Haworth
         // http://www.laughing-buddha.net/jon/php/password/
-- 
2.11.0