Changeset 437


Ignore:
Timestamp:
Oct 13, 2012, 1:02:07 PM (12 years ago)
Author:
chronos
Message:
  • Upraveno: Obsluha chyb obnovena a převedena na modul.
Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/error.php

    r323 r437  
    11<?php
    22
    3 function CustomErrorHandler($Number, $Message, $Filename, $LineNumber, $Variables)
     3class ErrorHandler extends Module
    44{
     5  function Init()
     6  {
     7    set_error_handler(array($this, 'Handle'));
     8  }
     9 
     10  function Handle($Number, $Message, $Filename, $LineNumber, $Variables)
     11  {
    512  global $Config;
    613 
     
    5158    }
    5259    $Error .= "\n";
     60   
     61    $this->System->Modules['Log']->NewRecord('Error', 'Log', $Error);   
     62   
    5363    //if($Config['Web']['ErrorLogFile'] != '')
    5464      //error_log($Error, 3, $Config['Web']['ErrorLogFile']);
    55           // Pošli mi zprávu (pokud je to kritická chyba)
    56       //mail($Config['Web']['AdminEmail'], $Config['Web']['Title'].' - Chybové hlášení', $Error);
    57           // Show error message
    58           if($Config['Web']['ShowPHPError'] == true)
    59           {
     65        // Pošli mi zprávu (pokud je to kritická chyba)
     66        //mail($Config['Web']['AdminEmail'], $Config['Web']['Title'].' - Chybové hlášení', $Error);
     67        // Show error message
     68        if($Config['Web']['ShowPHPError'] == true)
     69        {
    6070            echo('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head>'."\n".
    6171      '<meta http-equiv="Content-Language" content="cs">'."\n".
     
    6373      'Došlo k vnitřní chybě!<br/> O chybě byl uvědoměn správce webu a chybu brzy odstraní.<br/><br/>');
    6474          echo('<pre>'.$Error.'</pre><br/>');                   // V případě ladění chybu i zobraz
    65       echo('</body></html>');
    66           }
     75          echo('</body></html>');
     76        }
    6777    if((E_ERROR | E_PARSE) & $Number) die();
     78  }
    6879  }
    6980}
    7081
    71 set_error_handler('CustomErrorHandler');
    72 
    7382?>
  • trunk/global.php

    r430 r437  
    55if(file_exists($ConfigFileName)) include_once($ConfigFileName);
    66  else die('Nenalezen konfigurační soubor '.$ConfigFileName.'!');
     7include_once('module.php');
    78include_once('database.php');
    8 //include('error.php');
     9include_once('error.php');
    910include_once('code.php');
    1011include_once('Mail.php');
    11 include_once('module.php');
    1212include_once('forms.php');
    1313include_once('page.php');
     
    230230  $System->Database = &$Database;
    231231  $System->AddModule(new Log());
     232  $System->AddModule(new ErrorHandler());
     233  $System->Modules['ErrorHandler']->Init();
    232234  $System->AddModule(new User());
    233235  if(isset($_SERVER['REMOTE_ADDR'])) $System->Modules['User']->Check();
  • trunk/index.php

    r430 r437  
    195195      if($_GET['Action'] == 'UserRegisterConfirm')
    196196      {
    197         $Output .= $this->SystemMessage('Potvrzení registrace', $this->System->Modules['User']->RegisterConfirm($_GET['User'], $_GET['H']));
     197        $Output .= $this->SystemMessage('Potvrzení registrace',
     198          $this->System->Modules['User']->RegisterConfirm($_GET['User'], $_GET['H']));
    198199      } else
    199200      if($_GET['Action'] == 'PasswordRecovery')
  • trunk/sql/updates/436.sql

    r436 r437  
    66ALTER TABLE `News` ADD FOREIGN KEY ( `User` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
    77
     8ALTER TABLE `User` ADD `Salt` VARCHAR( 255 ) NOT NULL AFTER `Password` ;
     9UPDATE `User` SET `Salt` = SHA1(RAND());
     10UPDATE `User` SET `Password`=SHA1(CONCAT(`Password`, `Salt`));
    811
    9 ALTER TABLE `User`
    10 ADD `TimeCreate` DATETIME NULL ,
    11 ADD `UserCreate` INT NULL ,
    12 ADD `TimeModify` DATETIME NULL ,
    13 ADD `UserModify` INT NULL ,
    14 ADD `TimeDelete` DATETIME NULL ,
    15 ADD `UserDelete` INT NULL;
    16 UPDATE `User` SET TimeCreate=NOW(), UserCreate=1;
    17 ALTER TABLE `User` ADD INDEX ( `UserCreate` ) ;
    18 ALTER TABLE `User` ADD INDEX ( `UserModify` ) ;
    19 ALTER TABLE `User` ADD INDEX ( `UserDelete` ) ;
    20 ALTER TABLE `User` ADD FOREIGN KEY ( `UserCreate` ) REFERENCES `User` (`Id`) ON DELETE SET NULL ON UPDATE SET NULL ;
    21 ALTER TABLE `User` ADD FOREIGN KEY ( `UserModify` ) REFERENCES `User` (`Id`) ON DELETE SET NULL ON UPDATE SET NULL ;
    22 ALTER TABLE `User` ADD FOREIGN KEY ( `UserDelete` ) REFERENCES `User` (`Id`) ON DELETE SET NULL ON UPDATE SET NULL ;
    23 
    24 ALTER TABLE `Subject`
    25 ADD `TimeCreate` DATETIME NULL ,
    26 ADD `UserCreate` INT NULL ,
    27 ADD `TimeModify` DATETIME NULL ,
    28 ADD `UserModify` INT NULL ,
    29 ADD `TimeDelete` DATETIME NULL ,
    30 ADD `UserDelete` INT NULL;
    31 UPDATE `Subject` SET TimeCreate=NOW(), UserCreate=1;
    32 ALTER TABLE `Subject` ADD INDEX ( `UserCreate` ) ;
    33 ALTER TABLE `Subject` ADD INDEX ( `UserModify` ) ;
    34 ALTER TABLE `Subject` ADD INDEX ( `UserDelete` ) ;
    35 ALTER TABLE `Subject` ADD FOREIGN KEY ( `UserCreate` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
    36 ALTER TABLE `Subject` ADD FOREIGN KEY ( `UserModify` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
    37 ALTER TABLE `Subject` ADD FOREIGN KEY ( `UserDelete` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
    38 
    39 ALTER TABLE `Member`
    40 ADD `TimeCreate` DATETIME NULL ,
    41 ADD `UserCreate` INT NULL ,
    42 ADD `TimeModify` DATETIME NULL ,
    43 ADD `UserModify` INT NULL ,
    44 ADD `TimeDelete` DATETIME NULL ,
    45 ADD `UserDelete` INT NULL;
    46 UPDATE `Member` SET TimeCreate=NOW(), UserCreate=1;
    47 ALTER TABLE `Member` ADD INDEX ( `UserCreate` ) ;
    48 ALTER TABLE `Member` ADD INDEX ( `UserModify` ) ;
    49 ALTER TABLE `Member` ADD INDEX ( `UserDelete` ) ;
    50 ALTER TABLE `Member` ADD FOREIGN KEY ( `UserCreate` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
    51 ALTER TABLE `Member` ADD FOREIGN KEY ( `UserModify` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
    52 ALTER TABLE `Member` ADD FOREIGN KEY ( `UserDelete` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
    53 
    54 ALTER TABLE `Country`
    55 ADD `TimeCreate` DATETIME NULL ,
    56 ADD `UserCreate` INT NULL ,
    57 ADD `TimeModify` DATETIME NULL ,
    58 ADD `UserModify` INT NULL ,
    59 ADD `TimeDelete` DATETIME NULL ,
    60 ADD `UserDelete` INT NULL;
    61 UPDATE `Country` SET TimeCreate=NOW(), UserCreate=1;
    62 ALTER TABLE `Country` ADD INDEX ( `UserCreate` ) ;
    63 ALTER TABLE `Country` ADD INDEX ( `UserModify` ) ;
    64 ALTER TABLE `Country` ADD INDEX ( `UserDelete` ) ;
    65 ALTER TABLE `Country` ADD FOREIGN KEY ( `UserCreate` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
    66 ALTER TABLE `Country` ADD FOREIGN KEY ( `UserModify` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
    67 ALTER TABLE `Country` ADD FOREIGN KEY ( `UserDelete` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
    68 
     12ALTER TABLE `Log` CHANGE `Value` `Value` TEXT CHARACTER SET utf8 COLLATE utf8_czech_ci NOT NULL DEFAULT '';
  • trunk/user.php

    r428 r437  
    2626define('USER_EVENT_OPTIONS_CHANGED', 4);
    2727
     28class PasswordHash
     29{
     30  function Hash($Password, $Salt)
     31  {
     32    return(sha1(sha1($Password).$Salt));
     33  }
     34 
     35  function Verify($Password, $Salt, $StoredHash)
     36  {
     37    return($this->Hash($Password, $Salt) == $StoredHash);
     38  }
     39 
     40  function GetSalt()
     41  {
     42    mt_srand(microtime(true)*100000 + memory_get_usage(true));
     43    return sha1(uniqid(mt_rand(), true));
     44  }
     45}
     46
    2847class User extends Module
    2948{
     
    3756  var $PermissionGroupCache = array();
    3857  var $PermissionGroupCacheOp = array();
     58  /** @var Password */
     59  var $PasswordHash;
     60 
     61  function __construct()
     62  {
     63    $this->PasswordHash = new PasswordHash();
     64  }
    3965
    4066  function Check()
     
    4773      // Refresh time of last access
    4874      $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('ActivityTime' => 'NOW()'));
    49     } else $this->Database->insert('UserOnline', array('SessionId' => $SID, 'User' => $this->AnonymousUserId, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()', 'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()), 'ScriptName' => $_SERVER['PHP_SELF']));
     75    } else $this->Database->insert('UserOnline', array('SessionId' => $SID,
     76      'User' => $this->AnonymousUserId, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()',
     77      'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()),
     78      'ScriptName' => $_SERVER['PHP_SELF']));
    5079    //echo($this->Database->LastQuery);
    5180
     
    99128          else
    100129          {
    101             $this->Database->insert('User', array('Name' => $Name, 'Login' => $Login, 'Password' => sha1($Password), 'Email' => $Email, 'RegistrationTime' => 'NOW()', 'Locked' => 1, 'PhoneNumber' => $PhoneNumber, 'ICQ' => $ICQ));
     130            $PasswordHash = new PasswordHash();
     131            $Salt = $PasswordHash->GetSalt();
     132            $this->Database->insert('User', array('Name' => $Name, 'Login' => $Login,
     133              'Password' => $PasswordHash->Hash($Password, $Salt), 'Salt' => $Salt,
     134              'Email' => $Email, 'RegistrationTime' => 'NOW()',
     135              'Locked' => 1, 'PhoneNumber' => $PhoneNumber, 'ICQ' => $ICQ));
    102136            $UserId = $this->Database->insert_id;
    103                         $this->Database->insert('PermissionUserAssignment', array('User' => $UserId, 'GroupOrOperation' => 2, 'Type' => 'Group'));
     137            $this->Database->insert('PermissionUserAssignment', array('User' => $UserId,
     138              'AssignedGroup' => 2));
    104139         
    105             $Subject = FromUTF8('Registrace nového účtu', 'iso2');
    106             $Message = 'Provedli jste registraci nového účtu na serveru <a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder']."</a>.<br>\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br><br>\n\nVáš účet je: ".$Login."\n<br>Pro dokončení registrace klikněte na tento odkaz: ".'<a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='.$UserId.'&H='.sha1($Password).'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='.$UserId.'&H='.sha1($Password).'</a>.'."\n<br> \n\n<br><br>Na tento email neodpovídejte.";
    107             $AdditionalHeaders = "To: ".$Name." <".$Email.">\n"."From: ".FromUTF8($Config['Web']['Title'], 'iso2')." <noreplay@zdechov.net>\n"."MIME-Version: 1.0\n"."Content-type: text/html; charset=utf-8";
    108             mail($Email, $Subject, $Message, $AdditionalHeaders);
     140            $NewPassword = substr(sha1(strtoupper($Login)), 0, 7);
     141           
     142            $Mail = new Mail();
     143            $Mail->Subject = 'Registrace nového účtu';
     144            $Mail->AddBody('Provedli jste registraci nového účtu na serveru <a href="http://'.
     145              $Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.
     146              $Config['Web']['Host'].$Config['Web']['RootFolder'].
     147              "</a>.<br>\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br><br>\n\nVáš účet je: ".
     148              $Login."\n<br>Pro dokončení registrace klikněte na tento odkaz: ".'<a href="http://'.
     149              $Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='.
     150              $UserId.'&H='.$NewPassword.'">http://'.$Config['Web']['Host'].
     151              $Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='.
     152              $UserId.'&H='.$NewPassword.'</a>.'."\n<br> \n\n<br><br>Na tento email neodpovídejte.", 'text/html');
     153            $Mail->AddTo($Email, $Name);
     154            $Mail->From = $Config['Web']['Title'].' <noreplay@zdechov.net>';
     155            $Mail->Send();
     156           
    109157            $Result = USER_REGISTRATED;
    110158            $this->System->Modules['Log']->NewRecord('User', 'NewRegistration', $Login);
     
    122170    {
    123171      $Row = $DbResult->fetch_array();
    124       if($Hash == $Row['Password'])
     172      $NewPassword = substr(sha1(strtoupper($Row['Login'])), 0, 7);
     173      if($Hash == $NewPassword)
    125174      {
    126175        $this->Database->update('User', 'Id='.$Row['Id'], array('Locked' => 0));
    127176        $Output = USER_REGISTRATION_CONFIRMED;
    128         $this->System->Modules['Log']->NewRecord('User', 'RegisterConfirm', 'Login='.$Row['Login'].', Id='.$Row['Id']);
     177        $this->System->Modules['Log']->NewRecord('User', 'RegisterConfirm', 'Login='.
     178          $Row['Login'].', Id='.$Row['Id']);
    129179      } else $Output = PASSWORDS_UNMATCHED;
    130180    } else $Output = USER_NOT_FOUND;
     
    139189    {
    140190      $Row = $Query->fetch_assoc();
    141       if($Row['Password'] != sha1($Password)) $Result = BAD_PASSWORD;
     191      $PasswordHash = new PasswordHash();
     192      if(!$PasswordHash->Verify($Password, $Row['Salt'], $Row['Password'])) $Result = BAD_PASSWORD;
    142193      else if($Row['Locked'] == 1) $Result = ACCOUNT_LOCKED;
    143194      else
     
    284335    global $Config;
    285336
    286     $DbResult = $this->Database->select('User', 'Name, Id, Email, Password', '`Login`="'.$Login.'" AND `Email`="'.$Email.'"');
     337    $DbResult = $this->Database->select('User', 'Login, Name, Id, Email, Password', '`Login`="'.$Login.'" AND `Email`="'.$Email.'"');
    287338    if($DbResult->num_rows > 0)
    288339    {
     
    290341      $NewPassword = substr(sha1(strtoupper($Row['Login'])), 0, 7);
    291342
    292       $Subject = 'Obnova hesla';
    293       $Message = 'Požádali jste o zaslání nového hesla na serveru <a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder']."</a>.<br />\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br /><br />\n\nVaše nové heslo k účtu ".$Row['Login']." je: ".$NewPassword."\n<br>Pro aktivaci tohoto hesla klikněte na ".'<a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=PasswordRecoveryConfirm&User='.$Row['Id'].'&H='.$Row['Password'].'&P='.$NewPassword.'">tento odkaz</a>.'."\n<br /> Po přihlášení si prosím změňte heslo na nové.\n\n<br><br>Na tento email neodpovídejte.";
    294       $AdditionalHeaders = "To: ".$Row['Name']." <".$Row['Email'].">\n"."From: ".FromUTF8($Config['Web']['Title'], 'iso2')." <noreplay@zdechov.net>\n"."MIME-Version: 1.0\n"."Content-type: text/html; charset=utf-8";
    295       mail($Row['Email'], $Subject, $Message, $AdditionalHeaders);
     343      $Mail = new Mail();
     344      $Mail->Subject = 'Obnova hesla';
     345      $Mail->From = $Config['Web']['Title'].' <noreplay@zdechov.net>';
     346      $Mail->Recipients[] = $Row['Email'];
     347      $Mail->AddBody('Požádali jste o zaslání nového hesla na serveru <a href="http://'.
     348        $Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.
     349        $Config['Web']['Host'].$Config['Web']['RootFolder'].
     350        "</a>.<br />\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br /><br />\n\nVaše nové heslo k účtu ".
     351        $Row['Login']." je: ".$NewPassword."\n<br>Pro aktivaci tohoto hesla klikněte na ".'<a href="http://'.
     352        $Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=PasswordRecoveryConfirm&User='.
     353        $Row['Id'].'&H='.$Row['Password'].'&P='.$NewPassword.'">tento odkaz</a>.'."\n<br /> Po přihlášení si prosím změňte heslo na nové.\n\n<br><br>Na tento email neodpovídejte.", 'text/html');
     354      $Mail->Send();
     355     
    296356      $Output = USER_PASSWORD_RECOVERY_SUCCESS;
    297357      $this->System->Modules['Log']->NewRecord('User', 'PasswordRecoveryRequest', 'Login='.$Login.',Email='.$Email);
     
    309369      if(($NewPassword == $NewPassword2) and ($Hash == $Row['Password']))
    310370      {
    311         $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => sha1($NewPassword), 'Locked' => 0));
     371        $PasswordHash = new PasswordHast();
     372        $Salt = $PasswordHash->GetSalt();
     373        $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => $PasswordHash->Hash($NewPassword, $Salt),
     374          'Salt' => $Salt, 'Locked' => 0));
    312375        $Output = USER_PASSWORD_RECOVERY_CONFIRMED;
    313376        $this->System->Modules['Log']->NewRecord('User', 'PasswordRecoveryConfirm', 'Login='.$Row['Login']);
Note: See TracChangeset for help on using the changeset viewer.