Changeset 437

Timestamp:

Oct 13, 2012, 1:02:07 PM (12 years ago)

Author:

chronos

Message:

• Upraveno: Obsluha chyb obnovena a převedena na modul.

Location:

trunk

Files:

• error.php (modified) (3 diffs)
• global.php (modified) (2 diffs)
• index.php (modified) (1 diff)
• sql/updates/436.sql (modified) (1 diff)
• user.php (modified) (9 diffs)

trunk/error.php

@@ -1 +1 @@
 <?php
 
-function CustomErrorHandler($Number, $Message, $Filename, $LineNumber, $Variables)
+class ErrorHandler extends Module
 {
+  function Init()
+  {
+    set_error_handler(array($this, 'Handle'));
+  }
+  
+  function Handle($Number, $Message, $Filename, $LineNumber, $Variables)
+  {
   global $Config;
   
@@ -51 +58 @@
     }
     $Error .= "\n";
+    
+    $this->System->Modules['Log']->NewRecord('Error', 'Log', $Error);    
+    
     //if($Config['Web']['ErrorLogFile'] != '')
       //error_log($Error, 3, $Config['Web']['ErrorLogFile']);
-          // Pošli mi zprávu (pokud je to kritická chyba)
-      //mail($Config['Web']['AdminEmail'], $Config['Web']['Title'].' - Chybové hlášení', $Error);
-          // Show error message
-          if($Config['Web']['ShowPHPError'] == true)
-          {
+        // Pošli mi zprávu (pokud je to kritická chyba)
+        //mail($Config['Web']['AdminEmail'], $Config['Web']['Title'].' - Chybové hlášení', $Error);
+        // Show error message
+        if($Config['Web']['ShowPHPError'] == true)
+        {
             echo('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head>'."\n".
       '<meta http-equiv="Content-Language" content="cs">'."\n".
@@ -63 +73 @@
       'Došlo k vnitřní chybě!<br/> O chybě byl uvědoměn správce webu a chybu brzy odstraní.<br/><br/>');
           echo('<pre>'.$Error.'</pre><br/>');                   // V případě ladění chybu i zobraz
-      echo('</body></html>');
-          }
+          echo('</body></html>');
+        }
     if((E_ERROR | E_PARSE) & $Number) die(); 
+  }
   }
 }
 
-set_error_handler('CustomErrorHandler');
-
 ?>

trunk/global.php

@@ -5 +5 @@
 if(file_exists($ConfigFileName)) include_once($ConfigFileName);
   else die('Nenalezen konfigurační soubor '.$ConfigFileName.'!');
+include_once('module.php');
 include_once('database.php');
-//include('error.php');
+include_once('error.php');
 include_once('code.php');
 include_once('Mail.php');
-include_once('module.php');
 include_once('forms.php');
 include_once('page.php');
@@ -230 +230 @@
   $System->Database = &$Database;
   $System->AddModule(new Log());
+  $System->AddModule(new ErrorHandler());
+  $System->Modules['ErrorHandler']->Init();
   $System->AddModule(new User());
   if(isset($_SERVER['REMOTE_ADDR'])) $System->Modules['User']->Check();

trunk/index.php

@@ -195 +195 @@
       if($_GET['Action'] == 'UserRegisterConfirm')
       {
-        $Output .= $this->SystemMessage('Potvrzení registrace', $this->System->Modules['User']->RegisterConfirm($_GET['User'], $_GET['H']));
+        $Output .= $this->SystemMessage('Potvrzení registrace', 
+          $this->System->Modules['User']->RegisterConfirm($_GET['User'], $_GET['H']));
       } else
       if($_GET['Action'] == 'PasswordRecovery')

trunk/sql/updates/436.sql

@@ -6 +6 @@
 ALTER TABLE `News` ADD FOREIGN KEY ( `User` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
 
+ALTER TABLE `User` ADD `Salt` VARCHAR( 255 ) NOT NULL AFTER `Password` ;
+UPDATE `User` SET `Salt` = SHA1(RAND());
+UPDATE `User` SET `Password`=SHA1(CONCAT(`Password`, `Salt`));
 
-ALTER TABLE `User` 
-ADD `TimeCreate` DATETIME NULL ,
-ADD `UserCreate` INT NULL ,
-ADD `TimeModify` DATETIME NULL ,
-ADD `UserModify` INT NULL ,
-ADD `TimeDelete` DATETIME NULL ,
-ADD `UserDelete` INT NULL;
-UPDATE `User` SET TimeCreate=NOW(), UserCreate=1;
-ALTER TABLE `User` ADD INDEX ( `UserCreate` ) ;
-ALTER TABLE `User` ADD INDEX ( `UserModify` ) ;
-ALTER TABLE `User` ADD INDEX ( `UserDelete` ) ;
-ALTER TABLE `User` ADD FOREIGN KEY ( `UserCreate` ) REFERENCES `User` (`Id`) ON DELETE SET NULL ON UPDATE SET NULL ;
-ALTER TABLE `User` ADD FOREIGN KEY ( `UserModify` ) REFERENCES `User` (`Id`) ON DELETE SET NULL ON UPDATE SET NULL ;
-ALTER TABLE `User` ADD FOREIGN KEY ( `UserDelete` ) REFERENCES `User` (`Id`) ON DELETE SET NULL ON UPDATE SET NULL ;
-
-ALTER TABLE `Subject` 
-ADD `TimeCreate` DATETIME NULL ,
-ADD `UserCreate` INT NULL ,
-ADD `TimeModify` DATETIME NULL ,
-ADD `UserModify` INT NULL ,
-ADD `TimeDelete` DATETIME NULL ,
-ADD `UserDelete` INT NULL;
-UPDATE `Subject` SET TimeCreate=NOW(), UserCreate=1;
-ALTER TABLE `Subject` ADD INDEX ( `UserCreate` ) ;
-ALTER TABLE `Subject` ADD INDEX ( `UserModify` ) ;
-ALTER TABLE `Subject` ADD INDEX ( `UserDelete` ) ;
-ALTER TABLE `Subject` ADD FOREIGN KEY ( `UserCreate` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
-ALTER TABLE `Subject` ADD FOREIGN KEY ( `UserModify` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
-ALTER TABLE `Subject` ADD FOREIGN KEY ( `UserDelete` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
-
-ALTER TABLE `Member` 
-ADD `TimeCreate` DATETIME NULL ,
-ADD `UserCreate` INT NULL ,
-ADD `TimeModify` DATETIME NULL ,
-ADD `UserModify` INT NULL ,
-ADD `TimeDelete` DATETIME NULL ,
-ADD `UserDelete` INT NULL;
-UPDATE `Member` SET TimeCreate=NOW(), UserCreate=1;
-ALTER TABLE `Member` ADD INDEX ( `UserCreate` ) ;
-ALTER TABLE `Member` ADD INDEX ( `UserModify` ) ;
-ALTER TABLE `Member` ADD INDEX ( `UserDelete` ) ;
-ALTER TABLE `Member` ADD FOREIGN KEY ( `UserCreate` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
-ALTER TABLE `Member` ADD FOREIGN KEY ( `UserModify` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
-ALTER TABLE `Member` ADD FOREIGN KEY ( `UserDelete` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
-
-ALTER TABLE `Country` 
-ADD `TimeCreate` DATETIME NULL ,
-ADD `UserCreate` INT NULL ,
-ADD `TimeModify` DATETIME NULL ,
-ADD `UserModify` INT NULL ,
-ADD `TimeDelete` DATETIME NULL ,
-ADD `UserDelete` INT NULL;
-UPDATE `Country` SET TimeCreate=NOW(), UserCreate=1;
-ALTER TABLE `Country` ADD INDEX ( `UserCreate` ) ;
-ALTER TABLE `Country` ADD INDEX ( `UserModify` ) ;
-ALTER TABLE `Country` ADD INDEX ( `UserDelete` ) ;
-ALTER TABLE `Country` ADD FOREIGN KEY ( `UserCreate` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
-ALTER TABLE `Country` ADD FOREIGN KEY ( `UserModify` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
-ALTER TABLE `Country` ADD FOREIGN KEY ( `UserDelete` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ;
-
+ALTER TABLE `Log` CHANGE `Value` `Value` TEXT CHARACTER SET utf8 COLLATE utf8_czech_ci NOT NULL DEFAULT '';

trunk/user.php

@@ -26 +26 @@
 define('USER_EVENT_OPTIONS_CHANGED', 4);
 
+class PasswordHash
+{
+  function Hash($Password, $Salt)
+  {
+    return(sha1(sha1($Password).$Salt));
+  }
+  
+  function Verify($Password, $Salt, $StoredHash)
+  {
+    return($this->Hash($Password, $Salt) == $StoredHash);
+  }
+  
+  function GetSalt()
+  {
+    mt_srand(microtime(true)*100000 + memory_get_usage(true));
+    return sha1(uniqid(mt_rand(), true));
+  }
+}
+
 class User extends Module
 {
@@ -37 +56 @@
   var $PermissionGroupCache = array();
   var $PermissionGroupCacheOp = array();
+  /** @var Password */
+  var $PasswordHash;
+  
+  function __construct()
+  {
+    $this->PasswordHash = new PasswordHash();
+  }
 
   function Check()
@@ -47 +73 @@
       // Refresh time of last access
       $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('ActivityTime' => 'NOW()'));
-    } else $this->Database->insert('UserOnline', array('SessionId' => $SID, 'User' => $this->AnonymousUserId, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()', 'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()), 'ScriptName' => $_SERVER['PHP_SELF']));
+    } else $this->Database->insert('UserOnline', array('SessionId' => $SID, 
+      'User' => $this->AnonymousUserId, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()', 
+      'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()), 
+      'ScriptName' => $_SERVER['PHP_SELF']));
     //echo($this->Database->LastQuery);
 
@@ -99 +128 @@
           else
           {
-            $this->Database->insert('User', array('Name' => $Name, 'Login' => $Login, 'Password' => sha1($Password), 'Email' => $Email, 'RegistrationTime' => 'NOW()', 'Locked' => 1, 'PhoneNumber' => $PhoneNumber, 'ICQ' => $ICQ));
+            $PasswordHash = new PasswordHash();
+            $Salt = $PasswordHash->GetSalt();
+            $this->Database->insert('User', array('Name' => $Name, 'Login' => $Login, 
+              'Password' => $PasswordHash->Hash($Password, $Salt), 'Salt' => $Salt, 
+              'Email' => $Email, 'RegistrationTime' => 'NOW()', 
+              'Locked' => 1, 'PhoneNumber' => $PhoneNumber, 'ICQ' => $ICQ));
             $UserId = $this->Database->insert_id;
-                        $this->Database->insert('PermissionUserAssignment', array('User' => $UserId, 'GroupOrOperation' => 2, 'Type' => 'Group'));
+            $this->Database->insert('PermissionUserAssignment', array('User' => $UserId, 
+              'AssignedGroup' => 2));
           
-            $Subject = FromUTF8('Registrace nového účtu', 'iso2');
-            $Message = 'Provedli jste registraci nového účtu na serveru <a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder']."</a>.<br>\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br><br>\n\nVáš účet je: ".$Login."\n<br>Pro dokončení registrace klikněte na tento odkaz: ".'<a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='.$UserId.'&H='.sha1($Password).'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='.$UserId.'&H='.sha1($Password).'</a>.'."\n<br> \n\n<br><br>Na tento email neodpovídejte.";
-            $AdditionalHeaders = "To: ".$Name." <".$Email.">\n"."From: ".FromUTF8($Config['Web']['Title'], 'iso2')." <noreplay@zdechov.net>\n"."MIME-Version: 1.0\n"."Content-type: text/html; charset=utf-8";
-            mail($Email, $Subject, $Message, $AdditionalHeaders);
+            $NewPassword = substr(sha1(strtoupper($Login)), 0, 7);
+            
+            $Mail = new Mail();
+            $Mail->Subject = 'Registrace nového účtu';
+            $Mail->AddBody('Provedli jste registraci nového účtu na serveru <a href="http://'.
+              $Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.
+              $Config['Web']['Host'].$Config['Web']['RootFolder'].
+              "</a>.<br>\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br><br>\n\nVáš účet je: ".
+              $Login."\n<br>Pro dokončení registrace klikněte na tento odkaz: ".'<a href="http://'.
+              $Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='.
+              $UserId.'&H='.$NewPassword.'">http://'.$Config['Web']['Host'].
+              $Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='.
+              $UserId.'&H='.$NewPassword.'</a>.'."\n<br> \n\n<br><br>Na tento email neodpovídejte.", 'text/html');
+            $Mail->AddTo($Email, $Name);
+            $Mail->From = $Config['Web']['Title'].' <noreplay@zdechov.net>';
+            $Mail->Send();
+            
             $Result = USER_REGISTRATED;
             $this->System->Modules['Log']->NewRecord('User', 'NewRegistration', $Login);
@@ -122 +170 @@
     {
       $Row = $DbResult->fetch_array();
-      if($Hash == $Row['Password'])
+      $NewPassword = substr(sha1(strtoupper($Row['Login'])), 0, 7);
+      if($Hash == $NewPassword)
       {
         $this->Database->update('User', 'Id='.$Row['Id'], array('Locked' => 0));
         $Output = USER_REGISTRATION_CONFIRMED;
-        $this->System->Modules['Log']->NewRecord('User', 'RegisterConfirm', 'Login='.$Row['Login'].', Id='.$Row['Id']);
+        $this->System->Modules['Log']->NewRecord('User', 'RegisterConfirm', 'Login='.
+          $Row['Login'].', Id='.$Row['Id']);
       } else $Output = PASSWORDS_UNMATCHED;
     } else $Output = USER_NOT_FOUND;
@@ -139 +189 @@
     {
       $Row = $Query->fetch_assoc();
-      if($Row['Password'] != sha1($Password)) $Result = BAD_PASSWORD;
+      $PasswordHash = new PasswordHash();
+      if(!$PasswordHash->Verify($Password, $Row['Salt'], $Row['Password'])) $Result = BAD_PASSWORD;
       else if($Row['Locked'] == 1) $Result = ACCOUNT_LOCKED;
       else 
@@ -284 +335 @@
     global $Config;
 
-    $DbResult = $this->Database->select('User', 'Name, Id, Email, Password', '`Login`="'.$Login.'" AND `Email`="'.$Email.'"');
+    $DbResult = $this->Database->select('User', 'Login, Name, Id, Email, Password', '`Login`="'.$Login.'" AND `Email`="'.$Email.'"');
     if($DbResult->num_rows > 0)
     {
@@ -290 +341 @@
       $NewPassword = substr(sha1(strtoupper($Row['Login'])), 0, 7);
 
-      $Subject = 'Obnova hesla';
-      $Message = 'Požádali jste o zaslání nového hesla na serveru <a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder']."</a>.<br />\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br /><br />\n\nVaše nové heslo k účtu ".$Row['Login']." je: ".$NewPassword."\n<br>Pro aktivaci tohoto hesla klikněte na ".'<a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=PasswordRecoveryConfirm&User='.$Row['Id'].'&H='.$Row['Password'].'&P='.$NewPassword.'">tento odkaz</a>.'."\n<br /> Po přihlášení si prosím změňte heslo na nové.\n\n<br><br>Na tento email neodpovídejte.";
-      $AdditionalHeaders = "To: ".$Row['Name']." <".$Row['Email'].">\n"."From: ".FromUTF8($Config['Web']['Title'], 'iso2')." <noreplay@zdechov.net>\n"."MIME-Version: 1.0\n"."Content-type: text/html; charset=utf-8";
-      mail($Row['Email'], $Subject, $Message, $AdditionalHeaders);
+      $Mail = new Mail();
+      $Mail->Subject = 'Obnova hesla';
+      $Mail->From = $Config['Web']['Title'].' <noreplay@zdechov.net>';
+      $Mail->Recipients[] = $Row['Email'];
+      $Mail->AddBody('Požádali jste o zaslání nového hesla na serveru <a href="http://'.
+        $Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.
+        $Config['Web']['Host'].$Config['Web']['RootFolder'].
+        "</a>.<br />\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br /><br />\n\nVaše nové heslo k účtu ".
+        $Row['Login']." je: ".$NewPassword."\n<br>Pro aktivaci tohoto hesla klikněte na ".'<a href="http://'.
+        $Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=PasswordRecoveryConfirm&User='.
+        $Row['Id'].'&H='.$Row['Password'].'&P='.$NewPassword.'">tento odkaz</a>.'."\n<br /> Po přihlášení si prosím změňte heslo na nové.\n\n<br><br>Na tento email neodpovídejte.", 'text/html');
+      $Mail->Send();
+      
       $Output = USER_PASSWORD_RECOVERY_SUCCESS;
       $this->System->Modules['Log']->NewRecord('User', 'PasswordRecoveryRequest', 'Login='.$Login.',Email='.$Email);
@@ -309 +369 @@
       if(($NewPassword == $NewPassword2) and ($Hash == $Row['Password']))
       {
-        $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => sha1($NewPassword), 'Locked' => 0));
+        $PasswordHash = new PasswordHast();
+        $Salt = $PasswordHash->GetSalt();
+        $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => $PasswordHash->Hash($NewPassword, $Salt), 
+          'Salt' => $Salt, 'Locked' => 0));
         $Output = USER_PASSWORD_RECOVERY_CONFIRMED;
         $this->System->Modules['Log']->NewRecord('User', 'PasswordRecoveryConfirm', 'Login='.$Row['Login']);