Changeset 437 for trunk/user.php
- Timestamp:
- Oct 13, 2012, 1:02:07 PM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/user.php
r428 r437 26 26 define('USER_EVENT_OPTIONS_CHANGED', 4); 27 27 28 class PasswordHash 29 { 30 function Hash($Password, $Salt) 31 { 32 return(sha1(sha1($Password).$Salt)); 33 } 34 35 function Verify($Password, $Salt, $StoredHash) 36 { 37 return($this->Hash($Password, $Salt) == $StoredHash); 38 } 39 40 function GetSalt() 41 { 42 mt_srand(microtime(true)*100000 + memory_get_usage(true)); 43 return sha1(uniqid(mt_rand(), true)); 44 } 45 } 46 28 47 class User extends Module 29 48 { … … 37 56 var $PermissionGroupCache = array(); 38 57 var $PermissionGroupCacheOp = array(); 58 /** @var Password */ 59 var $PasswordHash; 60 61 function __construct() 62 { 63 $this->PasswordHash = new PasswordHash(); 64 } 39 65 40 66 function Check() … … 47 73 // Refresh time of last access 48 74 $this->Database->update('UserOnline', 'SessionId="'.$SID.'"', array('ActivityTime' => 'NOW()')); 49 } else $this->Database->insert('UserOnline', array('SessionId' => $SID, 'User' => $this->AnonymousUserId, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()', 'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()), 'ScriptName' => $_SERVER['PHP_SELF'])); 75 } else $this->Database->insert('UserOnline', array('SessionId' => $SID, 76 'User' => $this->AnonymousUserId, 'LoginTime' => 'NOW()', 'ActivityTime' => 'NOW()', 77 'IpAddress' => GetRemoteAddress(), 'HostName' => gethostbyaddr(GetRemoteAddress()), 78 'ScriptName' => $_SERVER['PHP_SELF'])); 50 79 //echo($this->Database->LastQuery); 51 80 … … 99 128 else 100 129 { 101 $this->Database->insert('User', array('Name' => $Name, 'Login' => $Login, 'Password' => sha1($Password), 'Email' => $Email, 'RegistrationTime' => 'NOW()', 'Locked' => 1, 'PhoneNumber' => $PhoneNumber, 'ICQ' => $ICQ)); 130 $PasswordHash = new PasswordHash(); 131 $Salt = $PasswordHash->GetSalt(); 132 $this->Database->insert('User', array('Name' => $Name, 'Login' => $Login, 133 'Password' => $PasswordHash->Hash($Password, $Salt), 'Salt' => $Salt, 134 'Email' => $Email, 'RegistrationTime' => 'NOW()', 135 'Locked' => 1, 'PhoneNumber' => $PhoneNumber, 'ICQ' => $ICQ)); 102 136 $UserId = $this->Database->insert_id; 103 $this->Database->insert('PermissionUserAssignment', array('User' => $UserId, 'GroupOrOperation' => 2, 'Type' => 'Group')); 137 $this->Database->insert('PermissionUserAssignment', array('User' => $UserId, 138 'AssignedGroup' => 2)); 104 139 105 $Subject = FromUTF8('Registrace nového účtu', 'iso2'); 106 $Message = 'Provedli jste registraci nového účtu na serveru <a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder']."</a>.<br>\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br><br>\n\nVáš účet je: ".$Login."\n<br>Pro dokončení registrace klikněte na tento odkaz: ".'<a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='.$UserId.'&H='.sha1($Password).'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='.$UserId.'&H='.sha1($Password).'</a>.'."\n<br> \n\n<br><br>Na tento email neodpovídejte."; 107 $AdditionalHeaders = "To: ".$Name." <".$Email.">\n"."From: ".FromUTF8($Config['Web']['Title'], 'iso2')." <noreplay@zdechov.net>\n"."MIME-Version: 1.0\n"."Content-type: text/html; charset=utf-8"; 108 mail($Email, $Subject, $Message, $AdditionalHeaders); 140 $NewPassword = substr(sha1(strtoupper($Login)), 0, 7); 141 142 $Mail = new Mail(); 143 $Mail->Subject = 'Registrace nového účtu'; 144 $Mail->AddBody('Provedli jste registraci nového účtu na serveru <a href="http://'. 145 $Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'. 146 $Config['Web']['Host'].$Config['Web']['RootFolder']. 147 "</a>.<br>\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br><br>\n\nVáš účet je: ". 148 $Login."\n<br>Pro dokončení registrace klikněte na tento odkaz: ".'<a href="http://'. 149 $Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='. 150 $UserId.'&H='.$NewPassword.'">http://'.$Config['Web']['Host']. 151 $Config['Web']['RootFolder'].'/?Action=UserRegisterConfirm&User='. 152 $UserId.'&H='.$NewPassword.'</a>.'."\n<br> \n\n<br><br>Na tento email neodpovídejte.", 'text/html'); 153 $Mail->AddTo($Email, $Name); 154 $Mail->From = $Config['Web']['Title'].' <noreplay@zdechov.net>'; 155 $Mail->Send(); 156 109 157 $Result = USER_REGISTRATED; 110 158 $this->System->Modules['Log']->NewRecord('User', 'NewRegistration', $Login); … … 122 170 { 123 171 $Row = $DbResult->fetch_array(); 124 if($Hash == $Row['Password']) 172 $NewPassword = substr(sha1(strtoupper($Row['Login'])), 0, 7); 173 if($Hash == $NewPassword) 125 174 { 126 175 $this->Database->update('User', 'Id='.$Row['Id'], array('Locked' => 0)); 127 176 $Output = USER_REGISTRATION_CONFIRMED; 128 $this->System->Modules['Log']->NewRecord('User', 'RegisterConfirm', 'Login='.$Row['Login'].', Id='.$Row['Id']); 177 $this->System->Modules['Log']->NewRecord('User', 'RegisterConfirm', 'Login='. 178 $Row['Login'].', Id='.$Row['Id']); 129 179 } else $Output = PASSWORDS_UNMATCHED; 130 180 } else $Output = USER_NOT_FOUND; … … 139 189 { 140 190 $Row = $Query->fetch_assoc(); 141 if($Row['Password'] != sha1($Password)) $Result = BAD_PASSWORD; 191 $PasswordHash = new PasswordHash(); 192 if(!$PasswordHash->Verify($Password, $Row['Salt'], $Row['Password'])) $Result = BAD_PASSWORD; 142 193 else if($Row['Locked'] == 1) $Result = ACCOUNT_LOCKED; 143 194 else … … 284 335 global $Config; 285 336 286 $DbResult = $this->Database->select('User', ' Name, Id, Email, Password', '`Login`="'.$Login.'" AND `Email`="'.$Email.'"');337 $DbResult = $this->Database->select('User', 'Login, Name, Id, Email, Password', '`Login`="'.$Login.'" AND `Email`="'.$Email.'"'); 287 338 if($DbResult->num_rows > 0) 288 339 { … … 290 341 $NewPassword = substr(sha1(strtoupper($Row['Login'])), 0, 7); 291 342 292 $Subject = 'Obnova hesla'; 293 $Message = 'Požádali jste o zaslání nového hesla na serveru <a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'.$Config['Web']['Host'].$Config['Web']['RootFolder']."</a>.<br />\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br /><br />\n\nVaše nové heslo k účtu ".$Row['Login']." je: ".$NewPassword."\n<br>Pro aktivaci tohoto hesla klikněte na ".'<a href="http://'.$Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=PasswordRecoveryConfirm&User='.$Row['Id'].'&H='.$Row['Password'].'&P='.$NewPassword.'">tento odkaz</a>.'."\n<br /> Po přihlášení si prosím změňte heslo na nové.\n\n<br><br>Na tento email neodpovídejte."; 294 $AdditionalHeaders = "To: ".$Row['Name']." <".$Row['Email'].">\n"."From: ".FromUTF8($Config['Web']['Title'], 'iso2')." <noreplay@zdechov.net>\n"."MIME-Version: 1.0\n"."Content-type: text/html; charset=utf-8"; 295 mail($Row['Email'], $Subject, $Message, $AdditionalHeaders); 343 $Mail = new Mail(); 344 $Mail->Subject = 'Obnova hesla'; 345 $Mail->From = $Config['Web']['Title'].' <noreplay@zdechov.net>'; 346 $Mail->Recipients[] = $Row['Email']; 347 $Mail->AddBody('Požádali jste o zaslání nového hesla na serveru <a href="http://'. 348 $Config['Web']['Host'].$Config['Web']['RootFolder'].'">http://'. 349 $Config['Web']['Host'].$Config['Web']['RootFolder']. 350 "</a>.<br />\nPokud jste tak neučinili, měli by jste tento email ignorovat.<br /><br />\n\nVaše nové heslo k účtu ". 351 $Row['Login']." je: ".$NewPassword."\n<br>Pro aktivaci tohoto hesla klikněte na ".'<a href="http://'. 352 $Config['Web']['Host'].$Config['Web']['RootFolder'].'/?Action=PasswordRecoveryConfirm&User='. 353 $Row['Id'].'&H='.$Row['Password'].'&P='.$NewPassword.'">tento odkaz</a>.'."\n<br /> Po přihlášení si prosím změňte heslo na nové.\n\n<br><br>Na tento email neodpovídejte.", 'text/html'); 354 $Mail->Send(); 355 296 356 $Output = USER_PASSWORD_RECOVERY_SUCCESS; 297 357 $this->System->Modules['Log']->NewRecord('User', 'PasswordRecoveryRequest', 'Login='.$Login.',Email='.$Email); … … 309 369 if(($NewPassword == $NewPassword2) and ($Hash == $Row['Password'])) 310 370 { 311 $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => sha1($NewPassword), 'Locked' => 0)); 371 $PasswordHash = new PasswordHast(); 372 $Salt = $PasswordHash->GetSalt(); 373 $this->Database->update('User', 'Id='.$Row['Id'], array('Password' => $PasswordHash->Hash($NewPassword, $Salt), 374 'Salt' => $Salt, 'Locked' => 0)); 312 375 $Output = USER_PASSWORD_RECOVERY_CONFIRMED; 313 376 $this->System->Modules['Log']->NewRecord('User', 'PasswordRecoveryConfirm', 'Login='.$Row['Login']);
Note:
See TracChangeset
for help on using the changeset viewer.