- Timestamp:
- Oct 13, 2012, 1:02:07 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/error.php
r323 r437 1 1 <?php 2 2 3 function CustomErrorHandler($Number, $Message, $Filename, $LineNumber, $Variables) 3 class ErrorHandler extends Module 4 4 { 5 function Init() 6 { 7 set_error_handler(array($this, 'Handle')); 8 } 9 10 function Handle($Number, $Message, $Filename, $LineNumber, $Variables) 11 { 5 12 global $Config; 6 13 … … 51 58 } 52 59 $Error .= "\n"; 60 61 $this->System->Modules['Log']->NewRecord('Error', 'Log', $Error); 62 53 63 //if($Config['Web']['ErrorLogFile'] != '') 54 64 //error_log($Error, 3, $Config['Web']['ErrorLogFile']); 55 56 //mail($Config['Web']['AdminEmail'], $Config['Web']['Title'].' - Chybové hlášení', $Error);57 58 59 65 // Pošli mi zprávu (pokud je to kritická chyba) 66 //mail($Config['Web']['AdminEmail'], $Config['Web']['Title'].' - Chybové hlášení', $Error); 67 // Show error message 68 if($Config['Web']['ShowPHPError'] == true) 69 { 60 70 echo('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head>'."\n". 61 71 '<meta http-equiv="Content-Language" content="cs">'."\n". … … 63 73 'Došlo k vnitřní chybě!<br/> O chybě byl uvědoměn správce webu a chybu brzy odstraní.<br/><br/>'); 64 74 echo('<pre>'.$Error.'</pre><br/>'); // V případě ladění chybu i zobraz 65 echo('</body></html>');66 75 echo('</body></html>'); 76 } 67 77 if((E_ERROR | E_PARSE) & $Number) die(); 78 } 68 79 } 69 80 } 70 81 71 set_error_handler('CustomErrorHandler');72 73 82 ?> -
trunk/global.php
r430 r437 5 5 if(file_exists($ConfigFileName)) include_once($ConfigFileName); 6 6 else die('Nenalezen konfigurační soubor '.$ConfigFileName.'!'); 7 include_once('module.php'); 7 8 include_once('database.php'); 8 //include('error.php');9 include_once('error.php'); 9 10 include_once('code.php'); 10 11 include_once('Mail.php'); 11 include_once('module.php');12 12 include_once('forms.php'); 13 13 include_once('page.php'); … … 230 230 $System->Database = &$Database; 231 231 $System->AddModule(new Log()); 232 $System->AddModule(new ErrorHandler()); 233 $System->Modules['ErrorHandler']->Init(); 232 234 $System->AddModule(new User()); 233 235 if(isset($_SERVER['REMOTE_ADDR'])) $System->Modules['User']->Check(); -
trunk/index.php
r430 r437 195 195 if($_GET['Action'] == 'UserRegisterConfirm') 196 196 { 197 $Output .= $this->SystemMessage('Potvrzení registrace', $this->System->Modules['User']->RegisterConfirm($_GET['User'], $_GET['H'])); 197 $Output .= $this->SystemMessage('Potvrzení registrace', 198 $this->System->Modules['User']->RegisterConfirm($_GET['User'], $_GET['H'])); 198 199 } else 199 200 if($_GET['Action'] == 'PasswordRecovery') -
trunk/sql/updates/436.sql
r436 r437 6 6 ALTER TABLE `News` ADD FOREIGN KEY ( `User` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ; 7 7 8 ALTER TABLE `User` ADD `Salt` VARCHAR( 255 ) NOT NULL AFTER `Password` ; 9 UPDATE `User` SET `Salt` = SHA1(RAND()); 10 UPDATE `User` SET `Password`=SHA1(CONCAT(`Password`, `Salt`)); 8 11 9 ALTER TABLE `User` 10 ADD `TimeCreate` DATETIME NULL , 11 ADD `UserCreate` INT NULL , 12 ADD `TimeModify` DATETIME NULL , 13 ADD `UserModify` INT NULL , 14 ADD `TimeDelete` DATETIME NULL , 15 ADD `UserDelete` INT NULL; 16 UPDATE `User` SET TimeCreate=NOW(), UserCreate=1; 17 ALTER TABLE `User` ADD INDEX ( `UserCreate` ) ; 18 ALTER TABLE `User` ADD INDEX ( `UserModify` ) ; 19 ALTER TABLE `User` ADD INDEX ( `UserDelete` ) ; 20 ALTER TABLE `User` ADD FOREIGN KEY ( `UserCreate` ) REFERENCES `User` (`Id`) ON DELETE SET NULL ON UPDATE SET NULL ; 21 ALTER TABLE `User` ADD FOREIGN KEY ( `UserModify` ) REFERENCES `User` (`Id`) ON DELETE SET NULL ON UPDATE SET NULL ; 22 ALTER TABLE `User` ADD FOREIGN KEY ( `UserDelete` ) REFERENCES `User` (`Id`) ON DELETE SET NULL ON UPDATE SET NULL ; 23 24 ALTER TABLE `Subject` 25 ADD `TimeCreate` DATETIME NULL , 26 ADD `UserCreate` INT NULL , 27 ADD `TimeModify` DATETIME NULL , 28 ADD `UserModify` INT NULL , 29 ADD `TimeDelete` DATETIME NULL , 30 ADD `UserDelete` INT NULL; 31 UPDATE `Subject` SET TimeCreate=NOW(), UserCreate=1; 32 ALTER TABLE `Subject` ADD INDEX ( `UserCreate` ) ; 33 ALTER TABLE `Subject` ADD INDEX ( `UserModify` ) ; 34 ALTER TABLE `Subject` ADD INDEX ( `UserDelete` ) ; 35 ALTER TABLE `Subject` ADD FOREIGN KEY ( `UserCreate` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ; 36 ALTER TABLE `Subject` ADD FOREIGN KEY ( `UserModify` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ; 37 ALTER TABLE `Subject` ADD FOREIGN KEY ( `UserDelete` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ; 38 39 ALTER TABLE `Member` 40 ADD `TimeCreate` DATETIME NULL , 41 ADD `UserCreate` INT NULL , 42 ADD `TimeModify` DATETIME NULL , 43 ADD `UserModify` INT NULL , 44 ADD `TimeDelete` DATETIME NULL , 45 ADD `UserDelete` INT NULL; 46 UPDATE `Member` SET TimeCreate=NOW(), UserCreate=1; 47 ALTER TABLE `Member` ADD INDEX ( `UserCreate` ) ; 48 ALTER TABLE `Member` ADD INDEX ( `UserModify` ) ; 49 ALTER TABLE `Member` ADD INDEX ( `UserDelete` ) ; 50 ALTER TABLE `Member` ADD FOREIGN KEY ( `UserCreate` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ; 51 ALTER TABLE `Member` ADD FOREIGN KEY ( `UserModify` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ; 52 ALTER TABLE `Member` ADD FOREIGN KEY ( `UserDelete` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ; 53 54 ALTER TABLE `Country` 55 ADD `TimeCreate` DATETIME NULL , 56 ADD `UserCreate` INT NULL , 57 ADD `TimeModify` DATETIME NULL , 58 ADD `UserModify` INT NULL , 59 ADD `TimeDelete` DATETIME NULL , 60 ADD `UserDelete` INT NULL; 61 UPDATE `Country` SET TimeCreate=NOW(), UserCreate=1; 62 ALTER TABLE `Country` ADD INDEX ( `UserCreate` ) ; 63 ALTER TABLE `Country` ADD INDEX ( `UserModify` ) ; 64 ALTER TABLE `Country` ADD INDEX ( `UserDelete` ) ; 65 ALTER TABLE `Country` ADD FOREIGN KEY ( `UserCreate` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ; 66 ALTER TABLE `Country` ADD FOREIGN KEY ( `UserModify` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ; 67 ALTER TABLE `Country` ADD FOREIGN KEY ( `UserDelete` ) REFERENCES `User` (`Id`) ON DELETE RESTRICT ON UPDATE RESTRICT ; 68 12 ALTER TABLE `Log` CHANGE `Value` `Value` TEXT CHARACTER SET utf8 COLLATE utf8_czech_ci NOT NULL DEFAULT ''; -
trunk/user.php
r428 r437 26 26 define('USER_EVENT_OPTIONS_CHANGED', 4); 27 27 28 class PasswordHash 29 { 30 function Hash($Password, $Salt) 31 { 32 return(sha1(sha1($Password).$Salt)); 33 } 34 35 function Verify($Password, $Salt, $StoredHash) 36 { 37 return($this->Hash($Password, $Salt) == $StoredHash); 38 } 39 40 function GetSalt() 41 { 42 mt_srand(microtime(true)*100000 + memory_get_usage(true)); 43 return sha1(uniqid(mt_rand(), true)); 44 } 45 } 46 28 47 class User extends Module 29 48 { … … 37 56 var $PermissionGroupCache = array(); 38 57 var $PermissionGroupCacheOp = array(); 58 /** @var Password */ 59 var $PasswordHash; 60 61 function __construct() 62 { 63 $this->PasswordHash = new PasswordHash(); 64 } 39 65 40 66 function Check() … … 47 73 // Refresh time of last access 48 74 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('ActivityTime' => 'NOW()')); 49 } else $this->Database->insert('UserOnline', array('SessionId' => $SID, 'User' => $this->AnonymousUserId, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()', 'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()), 'ScriptName' => $_SERVER['PHP_SELF'])); 75 } else $this->Database->insert('UserOnline', array('SessionId' => $SID, 76 'User' => $this->AnonymousUserId, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()', 77 'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()), 78 'ScriptName' => $_SERVER['PHP_SELF'])); 50 79 //echo($this->Database->LastQuery); 51 80 … … 99 128 else 100 129 { 101 $this->Database->insert('User', array('Name' => $Name, 'Login' => $Login, 'Password' => sha1($Password), 'Email' => $Email, 'RegistrationTime' => 'NOW()', 'Locked' => 1, 'PhoneNumber' => $PhoneNumber, 'ICQ' => $ICQ)); 130 $PasswordHash = new PasswordHash(); 131 $Salt = $PasswordHash->GetSalt(); 132 $this->Database->insert('User', array('Name' => $Name, 'Login' => $Login, 133 'Password' => $PasswordHash->Hash($Password, $Salt), 'Salt' => $Salt, 134 'Email' => $Email, 'RegistrationTime' => 'NOW()', 135 'Locked' => 1, 'PhoneNumber' => $PhoneNumber, 'ICQ' => $ICQ)); 102 136 $UserId = $this->Database->insert_id; 103 $this->Database->insert('PermissionUserAssignment', array('User' => $UserId, 'GroupOrOperation' => 2, 'Type' => 'Group')); 137 $this->Database->insert('PermissionUserAssignment', array('User' => $UserId, 138 'AssignedGroup' => 2)); 104 139 105 $Subject = FromUTF8('Registrace nového účtu', 'iso2'); 106 $Message = 'Provedli jste registraci nového účtu na serveru <a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder']."</a>.<br>\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br><br>\n\nVáš účet je: ".$Login."\n<br>Pro dokončení registrace klikněte na tento odkaz: ".'<a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='.$UserId.'&H='.sha1($Password).'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='.$UserId.'&H='.sha1($Password).'</a>.'."\n<br> \n\n<br><br>Na tento email neodpovídejte."; 107 $AdditionalHeaders = "To: ".$Name." <".$Email.">\n"."From: ".FromUTF8($Config['Web']['Title'], 'iso2')." <noreplay@zdechov.net>\n"."MIME-Version: 1.0\n"."Content-type: text/html; charset=utf-8"; 108 mail($Email, $Subject, $Message, $AdditionalHeaders); 140 $NewPassword = substr(sha1(strtoupper($Login)), 0, 7); 141 142 $Mail = new Mail(); 143 $Mail->Subject = 'Registrace nového účtu'; 144 $Mail->AddBody('Provedli jste registraci nového účtu na serveru <a href="http://'. 145 $Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'. 146 $Config['Web']['Host'].$Config['Web']['RootFolder']. 147 "</a>.<br>\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br><br>\n\nVáš účet je: ". 148 $Login."\n<br>Pro dokončení registrace klikněte na tento odkaz: ".'<a href="http://'. 149 $Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='. 150 $UserId.'&H='.$NewPassword.'">http://'.$Config['Web']['Host']. 151 $Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='. 152 $UserId.'&H='.$NewPassword.'</a>.'."\n<br> \n\n<br><br>Na tento email neodpovídejte.", 'text/html'); 153 $Mail->AddTo($Email, $Name); 154 $Mail->From = $Config['Web']['Title'].' <noreplay@zdechov.net>'; 155 $Mail->Send(); 156 109 157 $Result = USER_REGISTRATED; 110 158 $this->System->Modules['Log']->NewRecord('User', 'NewRegistration', $Login); … … 122 170 { 123 171 $Row = $DbResult->fetch_array(); 124 if($Hash == $Row['Password']) 172 $NewPassword = substr(sha1(strtoupper($Row['Login'])), 0, 7); 173 if($Hash == $NewPassword) 125 174 { 126 175 $this->Database->update('User', 'Id='.$Row['Id'], array('Locked' => 0)); 127 176 $Output = USER_REGISTRATION_CONFIRMED; 128 $this->System->Modules['Log']->NewRecord('User', 'RegisterConfirm', 'Login='.$Row['Login'].', Id='.$Row['Id']); 177 $this->System->Modules['Log']->NewRecord('User', 'RegisterConfirm', 'Login='. 178 $Row['Login'].', Id='.$Row['Id']); 129 179 } else $Output = PASSWORDS_UNMATCHED; 130 180 } else $Output = USER_NOT_FOUND; … … 139 189 { 140 190 $Row = $Query->fetch_assoc(); 141 if($Row['Password'] != sha1($Password)) $Result = BAD_PASSWORD; 191 $PasswordHash = new PasswordHash(); 192 if(!$PasswordHash->Verify($Password, $Row['Salt'], $Row['Password'])) $Result = BAD_PASSWORD; 142 193 else if($Row['Locked'] == 1) $Result = ACCOUNT_LOCKED; 143 194 else … … 284 335 global $Config; 285 336 286 $DbResult = $this->Database->select('User', ' Name, Id, Email, Password', '`Login`="'.$Login.'" AND `Email`="'.$Email.'"');337 $DbResult = $this->Database->select('User', 'Login, Name, Id, Email, Password', '`Login`="'.$Login.'" AND `Email`="'.$Email.'"'); 287 338 if($DbResult->num_rows > 0) 288 339 { … … 290 341 $NewPassword = substr(sha1(strtoupper($Row['Login'])), 0, 7); 291 342 292 $Subject = 'Obnova hesla'; 293 $Message = 'Požádali jste o zaslání nového hesla na serveru <a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder']."</a>.<br />\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br /><br />\n\nVaše nové heslo k účtu ".$Row['Login']." je: ".$NewPassword."\n<br>Pro aktivaci tohoto hesla klikněte na ".'<a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=PasswordRecoveryConfirm&User='.$Row['Id'].'&H='.$Row['Password'].'&P='.$NewPassword.'">tento odkaz</a>.'."\n<br /> Po přihlášení si prosím změňte heslo na nové.\n\n<br><br>Na tento email neodpovídejte."; 294 $AdditionalHeaders = "To: ".$Row['Name']." <".$Row['Email'].">\n"."From: ".FromUTF8($Config['Web']['Title'], 'iso2')." <noreplay@zdechov.net>\n"."MIME-Version: 1.0\n"."Content-type: text/html; charset=utf-8"; 295 mail($Row['Email'], $Subject, $Message, $AdditionalHeaders); 343 $Mail = new Mail(); 344 $Mail->Subject = 'Obnova hesla'; 345 $Mail->From = $Config['Web']['Title'].' <noreplay@zdechov.net>'; 346 $Mail->Recipients[] = $Row['Email']; 347 $Mail->AddBody('Požádali jste o zaslání nového hesla na serveru <a href="http://'. 348 $Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'. 349 $Config['Web']['Host'].$Config['Web']['RootFolder']. 350 "</a>.<br />\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br /><br />\n\nVaše nové heslo k účtu ". 351 $Row['Login']." je: ".$NewPassword."\n<br>Pro aktivaci tohoto hesla klikněte na ".'<a href="http://'. 352 $Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=PasswordRecoveryConfirm&User='. 353 $Row['Id'].'&H='.$Row['Password'].'&P='.$NewPassword.'">tento odkaz</a>.'."\n<br /> Po přihlášení si prosím změňte heslo na nové.\n\n<br><br>Na tento email neodpovídejte.", 'text/html'); 354 $Mail->Send(); 355 296 356 $Output = USER_PASSWORD_RECOVERY_SUCCESS; 297 357 $this->System->Modules['Log']->NewRecord('User', 'PasswordRecoveryRequest', 'Login='.$Login.',Email='.$Email); … … 309 369 if(($NewPassword == $NewPassword2) and ($Hash == $Row['Password'])) 310 370 { 311 $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => sha1($NewPassword), 'Locked' => 0)); 371 $PasswordHash = new PasswordHast(); 372 $Salt = $PasswordHash->GetSalt(); 373 $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => $PasswordHash->Hash($NewPassword, $Salt), 374 'Salt' => $Salt, 'Locked' => 0)); 312 375 $Output = USER_PASSWORD_RECOVERY_CONFIRMED; 313 376 $this->System->Modules['Log']->NewRecord('User', 'PasswordRecoveryConfirm', 'Login='.$Row['Login']);
Note:
See TracChangeset
for help on using the changeset viewer.