fix auth login
This commit is contained in:
20
inc/auth.php
20
inc/auth.php
@@ -46,7 +46,7 @@ class Auth extends PhpObject
|
||||
$asUser = $this->getUserFromToken($sToken);
|
||||
if($asUser['success'])
|
||||
{
|
||||
if(self::CheckPassword($asUser['http_pass'], $asUser['pass']))
|
||||
if(self::checkPassword($asUser['http_pass'], $asUser['pass']))
|
||||
{
|
||||
$this->setUserId($asUser[Db::getId(MyThoughts::USER_TABLE)]);
|
||||
$this->resetAuthCookie($this->getUserId());
|
||||
@@ -86,12 +86,13 @@ class Auth extends PhpObject
|
||||
{
|
||||
$asResult['username'] = addslashes(strstr($sToken, self::TOKEN_SEP, true));
|
||||
$asResult['http_pass'] = substr(strstr($sToken, self::TOKEN_SEP), strlen(self::TOKEN_SEP));
|
||||
|
||||
if($asResult['username']!='' && $asResult['http_pass']!='')
|
||||
{
|
||||
$asUser = $this->oDb->selectRow(MyThoughts::USER_TABLE, array(Db::getText(MyThoughts::USER_TABLE)=>$asResult['username']));
|
||||
$asUser = $this->oDb->selectRow(MyThoughts::USER_TABLE, array("MD5(".Db::getText(MyThoughts::USER_TABLE).")"=>$asResult['username']));
|
||||
if(!empty($asUser))
|
||||
{
|
||||
$asResult = $asUser;
|
||||
$asResult += $asUser;
|
||||
$bSuccess = true;
|
||||
}
|
||||
else
|
||||
@@ -135,7 +136,7 @@ class Auth extends PhpObject
|
||||
|
||||
public function addUser($sUserName, $sNickName, $sPass, $bLogMeIn=false)
|
||||
{
|
||||
$sPass = self::HashPassword($sPass);
|
||||
$sPass = self::hashPassword($sPass);
|
||||
$bExist = $this->oDb->pingValue(MyThoughts::USER_TABLE, array(Db::getText(MyThoughts::USER_TABLE)=>$sUserName));
|
||||
if($bExist) return -1;
|
||||
else
|
||||
@@ -166,7 +167,7 @@ class Auth extends PhpObject
|
||||
$asUsers = $this->oDb->selectRows($asInfo);
|
||||
foreach($asUsers as $asUser)
|
||||
{
|
||||
$sToken = self::HashPassword(self::getLoginToken($asUser[$sUserTextCol]));
|
||||
$sToken = self::hashPassword($asUser[$sUserTextCol]);
|
||||
$this->oDb->updateRow(MyThoughts::USER_TABLE, array(Db::getId(MyThoughts::USER_TABLE)=>$asUser[$sUserIdCol]), array('pass'=>$sToken));
|
||||
}
|
||||
}
|
||||
@@ -184,14 +185,13 @@ class Auth extends PhpObject
|
||||
{
|
||||
$sNewPass = self::getAuthCookie($iUserId);
|
||||
$iTimeLimit = time() + 60 * 60 * 24 * 30;
|
||||
//mysqli_query($con, "UPDATE EMPLOYEE SET COOKIE = '".addslashes($sNewPass)."' WHERE ID = ".$iUserId);
|
||||
$this->oDb->updateRow(MyThoughts::USER_TABLE, array(Db::getId(MyThoughts::USER_TABLE)=>$iUserId), array("cookie"=>$sNewPass));
|
||||
setcookie(self::USER_COOKIE_PASS, $iUserId.self::TOKEN_SEP.$sNewPass, $iTimeLimit);
|
||||
}
|
||||
|
||||
private static function getAuthCookie()
|
||||
{
|
||||
return self::HashPassword
|
||||
return self::hashPassword
|
||||
(
|
||||
$_SERVER['HTTP_USER_AGENT'].
|
||||
$_SERVER['REMOTE_ADDR'].
|
||||
@@ -202,12 +202,12 @@ class Auth extends PhpObject
|
||||
);
|
||||
}
|
||||
|
||||
private static function HashPassword($sPass)
|
||||
private static function hashPassword($sPass)
|
||||
{
|
||||
return password_hash($sPass, self::ALGO, array('cost'=>self::COST));
|
||||
return password_hash(self::getLoginToken($sPass), self::ALGO, array('cost'=>self::COST));
|
||||
}
|
||||
|
||||
private static function CheckPassword($sPass, $sHash)
|
||||
private static function checkPassword($sPass, $sHash)
|
||||
{
|
||||
return password_verify($sPass, $sHash);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user