franzz/mythoughts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix auth login

Browse Source
This commit is contained in:
Franzz
2018-11-28 22:52:06 +01:00
parent 714ec9f7b1
commit 8fea4b0b7c
1 changed files with 11 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
inc/auth.php
View File

@@ -46,7 +46,7 @@ class Auth extends PhpObject
$asUser = $this->getUserFromToken($sToken); $asUser = $this->getUserFromToken($sToken);
if($asUser['success']) if($asUser['success'])
{ {
if(self::CheckPassword($asUser['http_pass'], $asUser['pass'])) if(self::checkPassword($asUser['http_pass'], $asUser['pass']))
{ {
$this->setUserId($asUser[Db::getId(MyThoughts::USER_TABLE)]); $this->setUserId($asUser[Db::getId(MyThoughts::USER_TABLE)]);
$this->resetAuthCookie($this->getUserId()); $this->resetAuthCookie($this->getUserId());
@@ -86,12 +86,13 @@ class Auth extends PhpObject
{ {
$asResult['username'] = addslashes(strstr($sToken, self::TOKEN_SEP, true)); $asResult['username'] = addslashes(strstr($sToken, self::TOKEN_SEP, true));
$asResult['http_pass'] = substr(strstr($sToken, self::TOKEN_SEP), strlen(self::TOKEN_SEP)); $asResult['http_pass'] = substr(strstr($sToken, self::TOKEN_SEP), strlen(self::TOKEN_SEP));
if($asResult['username']!='' && $asResult['http_pass']!='') if($asResult['username']!='' && $asResult['http_pass']!='')
{ {
$asUser = $this->oDb->selectRow(MyThoughts::USER_TABLE, array(Db::getText(MyThoughts::USER_TABLE)=>$asResult['username'])); $asUser = $this->oDb->selectRow(MyThoughts::USER_TABLE, array("MD5(".Db::getText(MyThoughts::USER_TABLE).")"=>$asResult['username']));
if(!empty($asUser)) if(!empty($asUser))
{ {
$asResult = $asUser; $asResult += $asUser;
$bSuccess = true; $bSuccess = true;
} }
else else
@@ -135,7 +136,7 @@ class Auth extends PhpObject
public function addUser($sUserName, $sNickName, $sPass, $bLogMeIn=false) public function addUser($sUserName, $sNickName, $sPass, $bLogMeIn=false)
{ {
$sPass = self::HashPassword($sPass); $sPass = self::hashPassword($sPass);
$bExist = $this->oDb->pingValue(MyThoughts::USER_TABLE, array(Db::getText(MyThoughts::USER_TABLE)=>$sUserName)); $bExist = $this->oDb->pingValue(MyThoughts::USER_TABLE, array(Db::getText(MyThoughts::USER_TABLE)=>$sUserName));
if($bExist) return -1; if($bExist) return -1;
else else
@@ -166,7 +167,7 @@ class Auth extends PhpObject
$asUsers = $this->oDb->selectRows($asInfo); $asUsers = $this->oDb->selectRows($asInfo);
foreach($asUsers as $asUser) foreach($asUsers as $asUser)
{ {
$sToken = self::HashPassword(self::getLoginToken($asUser[$sUserTextCol])); $sToken = self::hashPassword($asUser[$sUserTextCol]);
$this->oDb->updateRow(MyThoughts::USER_TABLE, array(Db::getId(MyThoughts::USER_TABLE)=>$asUser[$sUserIdCol]), array('pass'=>$sToken)); $this->oDb->updateRow(MyThoughts::USER_TABLE, array(Db::getId(MyThoughts::USER_TABLE)=>$asUser[$sUserIdCol]), array('pass'=>$sToken));
} }
} }
@@ -184,14 +185,13 @@ class Auth extends PhpObject
{ {
$sNewPass = self::getAuthCookie($iUserId); $sNewPass = self::getAuthCookie($iUserId);
$iTimeLimit = time() + 60 * 60 * 24 * 30; $iTimeLimit = time() + 60 * 60 * 24 * 30;
//mysqli_query($con, "UPDATE EMPLOYEE SET COOKIE = '".addslashes($sNewPass)."' WHERE ID = ".$iUserId);
$this->oDb->updateRow(MyThoughts::USER_TABLE, array(Db::getId(MyThoughts::USER_TABLE)=>$iUserId), array("cookie"=>$sNewPass)); $this->oDb->updateRow(MyThoughts::USER_TABLE, array(Db::getId(MyThoughts::USER_TABLE)=>$iUserId), array("cookie"=>$sNewPass));
setcookie(self::USER_COOKIE_PASS, $iUserId.self::TOKEN_SEP.$sNewPass, $iTimeLimit); setcookie(self::USER_COOKIE_PASS, $iUserId.self::TOKEN_SEP.$sNewPass, $iTimeLimit);
} }
private static function getAuthCookie() private static function getAuthCookie()
{ {
return self::HashPassword return self::hashPassword
( (
$_SERVER['HTTP_USER_AGENT']. $_SERVER['HTTP_USER_AGENT'].
$_SERVER['REMOTE_ADDR']. $_SERVER['REMOTE_ADDR'].
@@ -202,12 +202,12 @@ class Auth extends PhpObject
); );
} }
private static function HashPassword($sPass) private static function hashPassword($sPass)
{ {
return password_hash($sPass, self::ALGO, array('cost'=>self::COST)); return password_hash(self::getLoginToken($sPass), self::ALGO, array('cost'=>self::COST));
} }
private static function CheckPassword($sPass, $sHash) private static function checkPassword($sPass, $sHash)
{ {
return password_verify($sPass, $sHash); return password_verify($sPass, $sHash);
} }