gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-14 13:42:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

use new functions seed_pass_hash() and seed_pass_verify()

Browse Source
This commit is contained in:
Uwe Steinmann 2020-07-30 10:57:29 +02:00
parent f655060ca4
commit 9c2dae9d44
4 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
inc/inc.ClassDbAuthentication.php
View File

@ -58,7 +58,7 @@ class SeedDMS_DbAuthentication extends SeedDMS_Authentication {
// Check if password matches (if not a guest user) // Check if password matches (if not a guest user)
// Assume that the password has been sent via HTTP POST. It would be careless // Assume that the password has been sent via HTTP POST. It would be careless
// (and dangerous) for passwords to be sent via GET. // (and dangerous) for passwords to be sent via GET.
if (md5($password) != $user->getPwd()) { if (!seed_pass_verify($password, $user->getPwd())) {
/* if counting of login failures is turned on, then increment its value */ /* if counting of login failures is turned on, then increment its value */
if($settings->_loginFailure) { if($settings->_loginFailure) {
$failures = $user->addLoginFailure(); $failures = $user->addLoginFailure();

2
op/op.ChangePassword.php
View File

@ -54,7 +54,7 @@ if (empty($newpassword) || empty($newpasswordrepeat) || $newpassword != $newpass
$user = $dms->checkPasswordRequest($hash); $user = $dms->checkPasswordRequest($hash);
if($user) { if($user) {
$user->setPwd(md5($newpassword)); $user->setPwd(seed_pass_hash($newpassword));
$dms->deletePasswordRequest($hash); $dms->deletePasswordRequest($hash);
header('Location: ../out/out.Login.php'); header('Location: ../out/out.Login.php');
exit; exit;

14
op/op.EditUserData.php
View File

@ -46,7 +46,7 @@ if(isset($_POST["theme"]))
$mytheme = $_POST["theme"]; $mytheme = $_POST["theme"];
$current_pwd = $_POST["currentpwd"]; $current_pwd = $_POST["currentpwd"];
if($user->getPwd() != md5($current_pwd)) { if(!seed_pass_verify($current_pwd, $user->getPwd())) {
UI::exitError(getMLText("edit_user_details"),getMLText("password_wrong")); UI::exitError(getMLText("edit_user_details"),getMLText("password_wrong"));
} }
@ -61,14 +61,14 @@ if (isset($_POST["pwd"]) && ($_POST["pwd"] != "")) {
if ($current_pwd == $_POST["pwd"]) // history doesn't have the initial pw stored yet if ($current_pwd == $_POST["pwd"]) // history doesn't have the initial pw stored yet
UI::exitError(getMLText("set_password"),getMLText("password_already_used")); UI::exitError(getMLText("set_password"),getMLText("password_already_used"));
$phm = new SeedDMS_PasswordHistoryManager($db); $phm = new SeedDMS_PasswordHistoryManager($db);
$oldpwd = $phm->search($user, md5($_POST["pwd"])); $oldpwd = $phm->search($user, seed_pass_hash($_POST["pwd"]));
if($oldpwd) { if($oldpwd) {
UI::exitError(getMLText("set_password"),getMLText("password_already_used")); UI::exitError(getMLText("set_password"),getMLText("password_already_used"));
} else { } else {
$phm->add($user, md5($_POST["pwd"])); $phm->add($user, seed_pass_hash($_POST["pwd"]));
} }
} }
$user->setPwd(md5($_POST["pwd"])); $user->setPwd(seed_pass_hash($_POST["pwd"]));
$user->setPwdExpiration(date('Y-m-d H:i:s', time()+$settings->_passwordExpiration*86400)); $user->setPwdExpiration(date('Y-m-d H:i:s', time()+$settings->_passwordExpiration*86400));
} else { } else {
UI::exitError(getMLText("set_password"),getMLText("password_strength_insuffient")); UI::exitError(getMLText("set_password"),getMLText("password_strength_insuffient"));
@ -76,14 +76,14 @@ if (isset($_POST["pwd"]) && ($_POST["pwd"] != "")) {
} else { } else {
if($settings->_passwordHistory > 0) { if($settings->_passwordHistory > 0) {
$phm = new SeedDMS_PasswordHistoryManager($db); $phm = new SeedDMS_PasswordHistoryManager($db);
$oldpwd = $phm->search($user, md5($_POST["pwd"])); $oldpwd = $phm->search($user, seed_pass_hash($_POST["pwd"]));
if($oldpwd) { if($oldpwd) {
UI::exitError(getMLText("set_password"),getMLText("password_already_used")); UI::exitError(getMLText("set_password"),getMLText("password_already_used"));
} else { } else {
$phm->add($user, md5($_POST["pwd"])); $phm->add($user, seed_pass_hash($_POST["pwd"]));
} }
} }
$user->setPwd(md5($_POST["pwd"])); $user->setPwd(seed_pass_hash($_POST["pwd"]));
$user->setPwdExpiration(date('Y-m-d H:i:s', time()+$settings->_passwordExpiration*86400)); $user->setPwdExpiration(date('Y-m-d H:i:s', time()+$settings->_passwordExpiration*86400));
} }
} }

4
op/op.UsrMgr.php
View File

@ -68,7 +68,7 @@ if ($action == "adduser") {
UI::exitError(getMLText("admin_tools"),getMLText("user_exists")); UI::exitError(getMLText("admin_tools"),getMLText("user_exists"));
} }
$newUser = $dms->addUser($login, md5($pwd), $name, $email, $settings->_language, $settings->_theme, $comment, $role, $isHidden, $isDisabled, $pwdexpiration, $quota, $homefolder); $newUser = $dms->addUser($login, seed_pass_hash($pwd), $name, $email, $settings->_language, $settings->_theme, $comment, $role, $isHidden, $isDisabled, $pwdexpiration, $quota, $homefolder);
if ($newUser) { if ($newUser) {
/* Set user image if uploaded */ /* Set user image if uploaded */
@ -367,7 +367,7 @@ else if ($action == "edituser") {
$editedUser->setPwd(''); $editedUser->setPwd('');
} else { } else {
if (isset($pwd) && ($pwd != "")) { if (isset($pwd) && ($pwd != "")) {
$editedUser->setPwd(md5($pwd)); $editedUser->setPwd(seed_pass_hash($pwd));
} }
} }
if ($editedUser->getFullName() != $name) if ($editedUser->getFullName() != $name)