Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
4e6463a849 | ||
|
|
5ad0419613 | ||
|
|
e23389a7f8 | ||
|
|
c21e194eaf |
@@ -1,4 +1,5 @@
|
||||
<?php
|
||||
|
||||
$DEBUG_ALL_OVERRIDE = 0; // set to 1 to debug on live/remote server locations
|
||||
$DEBUG_ALL = 1;
|
||||
$PRINT_ALL = 1;
|
||||
|
||||
@@ -69,8 +69,17 @@ class Login extends \CoreLibs\DB\IO
|
||||
private $logout; // logout button
|
||||
private $login_error; // login error code, can be matched to the array login_error_msg, which holds the string
|
||||
private $password_change = false; // if this is set to true, the user can change passwords
|
||||
private $password_change_ok = false; // password change was successful
|
||||
private $pw_change_deny_users = array (); // array of users for which the password change is forbidden
|
||||
|
||||
// if we have password change we need to define some rules
|
||||
private $password_min_length = 8;
|
||||
// can have several regexes, if nothing set, all is ok
|
||||
private $password_valid_chars = array (
|
||||
// '^(?=.*\d)(?=.*[A-Za-z])[0-9A-Za-z!@#$%]{8,}$',
|
||||
// '^(?.*(\pL)u)(?=.*(\pN)u)(?=.*([^\pL\pN])u).{8,}',
|
||||
);
|
||||
|
||||
// all possible login error conditions
|
||||
private $login_error_msg = array ();
|
||||
// this is an array holding all strings & templates passed from the outside (translation)
|
||||
@@ -229,6 +238,55 @@ class Login extends \CoreLibs\DB\IO
|
||||
parent::__destruct();
|
||||
}
|
||||
|
||||
// METHOD: loginPasswordCheck
|
||||
// PARAMS: hash, optional password, to override
|
||||
// RETURN: true or false
|
||||
// DESC : checks if password is valid, sets internal error login variable
|
||||
private function loginPasswordCheck($hash, $password = '')
|
||||
{
|
||||
$password_ok = false;
|
||||
if (!$password) {
|
||||
$password = $this->password;
|
||||
}
|
||||
if ((preg_match("/^\\$2(a|y)\\$/", $hash) && CRYPT_BLOWFISH != 1) ||
|
||||
(preg_match("/^\\$1\\$/", $hash) && CRYPT_MD5 != 1) ||
|
||||
(preg_match("/^\\$[0-9A-Za-z.]{12}$/", $hash) && CRYPT_STD_DES != 1)
|
||||
) {
|
||||
// this means password cannot be decrypted because of missing crypt methods
|
||||
$this->login_error = 9999;
|
||||
$password_ok = false;
|
||||
} elseif ((preg_match("/^\\$2(a)\\$/", $hash) ||
|
||||
// old password have $07$ so we check this
|
||||
(preg_match("/^\\$2(y)\\$/", $hash) && preg_match("/\\$07\\$/", $hash)) ||
|
||||
preg_match("/^\\$1\\$/", $hash) ||
|
||||
preg_match("/^\\$[0-9A-Za-z.]{12}$/", $hash)) &&
|
||||
!$this->verifyCryptString($password, $hash)
|
||||
) {
|
||||
// check passwword as crypted, $2a$ or $2y$ is blowfish start, $1$ is MD5 start, $\w{12} is standard DES
|
||||
// this is only for OLD $07$ password
|
||||
$this->login_error = 1011;
|
||||
$password_ok = false;
|
||||
} elseif (preg_match("/^\\$2y\\$/", $hash) &&
|
||||
!$this->passwordVerify($password, $hash)
|
||||
) {
|
||||
// this is the new password hash methid, is only $2y$
|
||||
$this->login_error = 1013;
|
||||
$password_ok = false;
|
||||
} elseif (!preg_match("/^\\$2(a|y)\\$/", $hash) &&
|
||||
!preg_match("/^\\$1\\$/", $hash) &&
|
||||
!preg_match("/^\\$[0-9A-Za-z.]{12}$/", $hash) &&
|
||||
$hash != $password
|
||||
) {
|
||||
// check old plain password, non case sensitive
|
||||
$this->login_error = 1012;
|
||||
$password_ok = false;
|
||||
} else {
|
||||
// all ok
|
||||
$password_ok = true;
|
||||
}
|
||||
return $password_ok;
|
||||
}
|
||||
|
||||
// METHOD: loginLoginUser
|
||||
// WAS : login_login_user
|
||||
// PARAMS: none
|
||||
@@ -285,27 +343,16 @@ class Login extends \CoreLibs\DB\IO
|
||||
} elseif ($res['locked']) {
|
||||
// user is locked, either set or auto set
|
||||
$this->login_error = 105;
|
||||
} elseif ((preg_match("/^\\$2(a|y)\\$/", $res['password']) && CRYPT_BLOWFISH != 1) ||
|
||||
(preg_match("/^\\$1\\$/", $res['password']) && CRYPT_MD5 != 1) ||
|
||||
(preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password']) && CRYPT_STD_DES != 1)
|
||||
) {
|
||||
// this means password cannot be decrypted because of missing crypt methods
|
||||
$this->login_error = 9999;
|
||||
} elseif ((preg_match("/^\\$2(a|y)\\$/", $res['password']) ||
|
||||
preg_match("/^\\$1\\$/", $res['password']) ||
|
||||
preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password'])) &&
|
||||
!$this->verifyCryptString($this->password, $res['password'])
|
||||
) {
|
||||
// check passwword as crypted, $2a$ or $2y$ is blowfish start, $1$ is MD5 start, $\w{12} is standard DES
|
||||
$this->login_error = 1011;
|
||||
} elseif (!preg_match("/^\\$2(a|y)\\$/", $res['password']) &&
|
||||
!preg_match("/^\\$1\\$/", $res['password']) &&
|
||||
!preg_match("/^\\$[0-9A-Za-z.]{12}$/", $res['password']) &&
|
||||
$res['password'] != $this->password
|
||||
) {
|
||||
// check old plain password, non case sensitive
|
||||
$this->login_error = 1012;
|
||||
} elseif (!$this->loginPasswordCheck($res['password'])) {
|
||||
// none to be set, set in login password check
|
||||
} else {
|
||||
// check if the current password is an invalid hash and do a rehash and set password
|
||||
// $this->debug('LOGIN', 'Hash: '.$res['password'].' -> VERIFY: '.($this->passwordVerify($this->password, $res['password']) ? 'OK' : 'FAIL').' => HASH: '.($this->passwordRehashCheck($res['password']) ? 'NEW NEEDED' : 'OK'));
|
||||
if ($this->passwordRehashCheck($res['password'])) {
|
||||
// update password hash to new one now
|
||||
$q = "UPDATE edit_user SET password = '".$this->dbEscapeString($this->passwordSet($this->password))."' WHERE edit_user_id = ".$res['edit_user_id'];
|
||||
$this->dbExec($q);
|
||||
}
|
||||
// normal user processing
|
||||
// set class var and session var
|
||||
$_SESSION["EUID"] = $this->euid = $res["edit_user_id"];
|
||||
@@ -548,6 +595,7 @@ class Login extends \CoreLibs\DB\IO
|
||||
$this->acl['admin'] = 1;
|
||||
$this->acl['base'] = 100;
|
||||
} else {
|
||||
$this->acl['admin'] = 0;
|
||||
// now go throw the flow and set the correct ACL
|
||||
// user > page > group
|
||||
// group ACL 0
|
||||
@@ -618,7 +666,7 @@ class Login extends \CoreLibs\DB\IO
|
||||
// set the full acl list too
|
||||
$this->acl['acl_list'] = $_SESSION['DEFAULT_ACL_LIST'];
|
||||
// debug
|
||||
// $this->debug('ACL', $this->print_ar($this->acl));
|
||||
// $this->debug('ACL', $this->print_ar($this->acl));
|
||||
}
|
||||
|
||||
// METHOD: loginCheckEditAccess
|
||||
@@ -635,6 +683,28 @@ class Login extends \CoreLibs\DB\IO
|
||||
}
|
||||
}
|
||||
|
||||
// METHOD: loginPasswordChangeValidPassword
|
||||
// PARAMS: the new password
|
||||
// RETURN: true or false
|
||||
// DESC : checks if the password is in a valid format
|
||||
private function loginPasswordChangeValidPassword($password)
|
||||
{
|
||||
$is_valid_password = true;
|
||||
// check for valid in regex arrays in list
|
||||
if (is_array($this->password_valid_chars)) {
|
||||
foreach ($this->password_valid_chars as $password_valid_chars) {
|
||||
if (!preg_match("/$password_valid_chars/", $password)) {
|
||||
$is_valid_password = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
// check for min length
|
||||
if (strlen($password) < $this->password_min_length) {
|
||||
$is_valid_password = false;
|
||||
}
|
||||
return $is_valid_password;
|
||||
}
|
||||
|
||||
// METHOD: loginPasswordChange
|
||||
// WAS : login_password_change
|
||||
// PARAMS: none
|
||||
@@ -646,7 +716,7 @@ class Login extends \CoreLibs\DB\IO
|
||||
$event = 'Password Change';
|
||||
// check that given username is NOT in the deny list, else silent skip (with error log)
|
||||
if (!in_array($this->pw_username, $this->pw_change_deny_users)) {
|
||||
if (!$this->pw_username || !$this->pw_password) {
|
||||
if (!$this->pw_username || !$this->pw_old_password) {
|
||||
$this->login_error = 200;
|
||||
$data = 'Missing username or old password.';
|
||||
}
|
||||
@@ -662,9 +732,9 @@ class Login extends \CoreLibs\DB\IO
|
||||
}
|
||||
// check old passwords match -> error
|
||||
if (!$this->login_error) {
|
||||
$q = "SELECT edit_user_id FROM edit_user WHERE enabled = 1 AND username = '".$this->dbEscapeString($this->pw_username)."' AND password = '".$this->dbEscapeString($this->pw_old_password)."'";
|
||||
list ($edit_user_id) = $this->dbReturnRow($q);
|
||||
if (!$edit_user_id) {
|
||||
$q = "SELECT edit_user_id, password FROM edit_user WHERE enabled = 1 AND username = '".$this->dbEscapeString($this->pw_username)."'";
|
||||
list ($edit_user_id, $old_password_hash) = $this->dbReturnRow($q);
|
||||
if (!$edit_user_id || !$this->loginPasswordCheck($old_password_hash, $this->pw_old_password)) {
|
||||
// old password wrong
|
||||
$this->login_error = 202;
|
||||
$data = 'The old password does not match';
|
||||
@@ -681,15 +751,23 @@ class Login extends \CoreLibs\DB\IO
|
||||
if (!$this->login_error) {
|
||||
if ($this->pw_new_password != $this->pw_new_password_confirm) {
|
||||
$this->login_error = 204;
|
||||
$data = 'The new passwords do not match: '.$this->pw_new_password.' == '.$this->pw_new_password_confirm;
|
||||
$data = 'The new passwords do not match';
|
||||
}
|
||||
}
|
||||
// password shall match to something in minimum length or form
|
||||
if (!$this->login_error) {
|
||||
if (!$this->loginPasswordChangeValidPassword($this->pw_new_password)) {
|
||||
$this->login_error = 205;
|
||||
$data = 'The new password string is not valid';
|
||||
}
|
||||
}
|
||||
// no error change this users password
|
||||
if (!$this->login_error) {
|
||||
// update the user (edit_user_id) with the new password
|
||||
$q = "UPDATE edit_user SET password = '".$this->dbEscapeString($this->cryptString($this->pw_new_password))."' WHERE edit_user_id = ".$edit_user_id;
|
||||
$q = "UPDATE edit_user SET password = '".$this->dbEscapeString($this->passwordSet($this->pw_new_password))."' WHERE edit_user_id = ".$edit_user_id;
|
||||
$this->dbExec($q);
|
||||
$data = 'Password change for user "'.$this->pw_username.'" from "'.$this->pw_old_password.'" to "'.$this->pw_new_password.'"';
|
||||
$data = 'Password change for user "'.$this->pw_username.'"';
|
||||
$this->password_change_ok = true;
|
||||
}
|
||||
} else {
|
||||
// illegal user error
|
||||
@@ -697,7 +775,7 @@ class Login extends \CoreLibs\DB\IO
|
||||
$data = 'Illegal user for password change: '.$this->pw_username;
|
||||
}
|
||||
// log this password change attempt
|
||||
$this->write_log($event, $data, $this->login_error, $pw_username, $pw_old_password);
|
||||
$this->writeLog($event, $data, $this->login_error, $this->pw_username);
|
||||
} // button pressed
|
||||
}
|
||||
|
||||
@@ -727,29 +805,43 @@ class Login extends \CoreLibs\DB\IO
|
||||
// pre change the data in the PASSWORD_CHANGE_DIV first
|
||||
foreach ($this->login_template['strings'] as $string => $data) {
|
||||
if ($data) {
|
||||
$html_string_password_change = str_replace("{".$string."}", $data, $html_string_password_change);
|
||||
$html_string_password_change = str_replace('{'.$string.'}', $data, $html_string_password_change);
|
||||
}
|
||||
}
|
||||
// print error messagae
|
||||
if ($this->login_error) {
|
||||
$html_string_password_change = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'<br>', $html_string_password_change);
|
||||
} else {
|
||||
$html_string_password_change = str_replace('{ERROR_MSG}', '<br>', $html_string_password_change);
|
||||
}
|
||||
// if pw change action, show the float again
|
||||
if ($this->change_password && !$this->password_change_ok) {
|
||||
$html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '<script language="JavaScript">ShowHideDiv(\'pw_change_div\');</script>', $html_string_password_change);
|
||||
} else {
|
||||
$html_string_password_change = str_replace('{PASSWORD_CHANGE_SHOW}', '', $html_string_password_change);
|
||||
}
|
||||
$this->login_template['strings']['PASSWORD_CHANGE_DIV'] = $html_string_password_change;
|
||||
}
|
||||
|
||||
// put in the logout redirect string
|
||||
if ($this->logout && $LOGOUT_TARGET) {
|
||||
$html_string = str_replace("{LOGOUT_TARGET}", '<meta http-equiv="refresh" content="0; URL='.$LOGOUT_TARGET.'">', $html_string);
|
||||
$html_string = str_replace('{LOGOUT_TARGET}', '<meta http-equiv="refresh" content="0; URL='.$LOGOUT_TARGET.'">', $html_string);
|
||||
} else {
|
||||
$html_string = str_replace("{LOGOUT_TARGET}", '', $html_string);
|
||||
$html_string = str_replace('{LOGOUT_TARGET}', '', $html_string);
|
||||
}
|
||||
|
||||
// print error messagae
|
||||
if ($this->login_error) {
|
||||
$html_string = str_replace("{ERROR_MSG}", $this->login_error_msg[$this->login_error]."<br>", $html_string);
|
||||
$html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[$this->login_error].'<br>', $html_string);
|
||||
} elseif ($this->password_change_ok && $this->password_change) {
|
||||
$html_string = str_replace('{ERROR_MSG}', $this->login_error_msg[300].'<br>', $html_string);
|
||||
} else {
|
||||
$html_string = str_replace("{ERROR_MSG}", "<br>", $html_string);
|
||||
$html_string = str_replace('{ERROR_MSG}', '<br>', $html_string);
|
||||
}
|
||||
|
||||
// create the replace array context
|
||||
foreach ($this->login_template['strings'] as $string => $data) {
|
||||
$html_string = str_replace("{".$string."}", $data, $html_string);
|
||||
$html_string = str_replace('{'.$string.'}', $data, $html_string);
|
||||
}
|
||||
|
||||
// return the created HTML here
|
||||
@@ -782,10 +874,10 @@ class Login extends \CoreLibs\DB\IO
|
||||
$q = "SELECT username, password FROM edit_user WHERE edit_user_id = ".$this->euid;
|
||||
list($username, $password) = $this->dbReturnRow($q);
|
||||
} // if euid is set, get username (or try)
|
||||
$this->writeLog($event, '', $this->login_error, $username, $password);
|
||||
$this->writeLog($event, '', $this->login_error, $username);
|
||||
} // write log under certain settings
|
||||
// now close DB connection
|
||||
// $this->error_msg = $this->_login();
|
||||
// $this->error_msg = $this->_login();
|
||||
if (!$this->permission_okay) {
|
||||
return false;
|
||||
} else {
|
||||
@@ -816,6 +908,7 @@ class Login extends \CoreLibs\DB\IO
|
||||
"1010" => $this->l->__("Fatal Error: <b>Login Failed - Wrong Username or Password</b>"), // user not found
|
||||
"1011" => $this->l->__("Fatal Error: <b>Login Failed - Wrong Username or Password</b>"), // blowfish password wrong
|
||||
"1012" => $this->l->__("Fatal Error: <b>Login Failed - Wrong Username or Password</b>"), // fallback md5 password wrong
|
||||
"1013" => $this->l->__("Fatal Error: <b>Login Failed - Wrong Username or Password</b>"), // new password_hash wrong
|
||||
"102" => $this->l->__("Fatal Error: <b>Login Failed - Please enter username and password</b>"),
|
||||
"103" => $this->l->__("Fatal Error: <b>You do not have the rights to access this Page</b>"),
|
||||
"104" => $this->l->__("Fatal Error: <b>Login Failed - User not enabled</b>"),
|
||||
@@ -826,6 +919,8 @@ class Login extends \CoreLibs\DB\IO
|
||||
"202" => $this->l->__("Fatal Error: <b>Password change - The old password is not correct</b>"),
|
||||
"203" => $this->l->__("Fatal Error: <b>Password change - Please fill out both new password fields</b>"),
|
||||
"204" => $this->l->__("Fatal Error: <b>Password change - The new passwords do not match</b>"),
|
||||
"205" => $this->l->__("Fatal Error: <b>Password change - The new password is not in a valid format</b>"), // we should also not here WHAT is valid
|
||||
"300" => $this->l->__("Success: <b>Password change successful</b>"), // for OK password change
|
||||
"9999" => $this->l->__("Fatal Error: <b>necessary crypt engine could not be found</b>. Login is impossible") // this is bad bad error
|
||||
);
|
||||
|
||||
@@ -852,6 +947,7 @@ class Login extends \CoreLibs\DB\IO
|
||||
<tr><td></td><td><input type="submit" name="change_password" value="{PASSWORD_CHANGE_BUTTON_VALUE}"><input type="button" name="pw_change" value="{CLOSE}" OnClick="ShowHideDiv('pw_change_div');"></td></tr>
|
||||
</table>
|
||||
</div>
|
||||
{PASSWORD_CHANGE_SHOW}
|
||||
EOM;
|
||||
} else {
|
||||
$strings = array_merge($strings, array (
|
||||
@@ -949,12 +1045,14 @@ EOM;
|
||||
// error -> if error, write error string (not enougth data, etc)
|
||||
// RETURN: none
|
||||
// DESC : writes detailed data into the edit user log table (keep log what user does)
|
||||
private function writeLog($event, $data, $error = "", $username = "", $password = "")
|
||||
private function writeLog($event, $data, $error = '', $username = '')
|
||||
{
|
||||
if ($this->login) {
|
||||
$this->action = 'Login';
|
||||
} elseif ($this->logout) {
|
||||
$this->action = 'Logout';
|
||||
} else {
|
||||
$this->action = '';
|
||||
}
|
||||
$_data_binary = array (
|
||||
'_SESSION' => $_SESSION,
|
||||
@@ -969,7 +1067,7 @@ EOM;
|
||||
$q .= "(username, password, euid, event_date, event, error, data, data_binary, page, ";
|
||||
$q .= "ip, user_agent, referer, script_name, query_string, server_name, http_host, http_accept, http_accept_charset, http_accept_encoding, session_id, ";
|
||||
$q .= "action, action_id, action_yes, action_flag, action_menu, action_loaded, action_value, action_error) ";
|
||||
$q .= "VALUES ('".$this->dbEscapeString($username)."', '".$this->dbEscapeString($password)."', ".(($this->euid) ? $this->euid : 'NULL').", ";
|
||||
$q .= "VALUES ('".$this->dbEscapeString($username)."', 'PASSWORD', ".(($this->euid) ? $this->euid : 'NULL').", ";
|
||||
$q .= "NOW(), '".$this->dbEscapeString($event)."', '".$this->dbEscapeString($error)."', '".$this->dbEscapeString($data)."', '".$data_binary."', '".$this->page_name."', ";
|
||||
foreach (array('REMOTE_ADDR', 'HTTP_USER_AGENT', 'HTTP_REFERER', 'SCRIPT_FILENAME', 'QUERY_STRING', 'SERVER_NAME', 'HTTP_HOST', 'HTTP_ACCEPT', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_ENCODING') as $server_code) {
|
||||
if (array_key_exists($server_code, $_SERVER)) {
|
||||
|
||||
@@ -148,12 +148,13 @@ class Basic
|
||||
// error char for the char conver
|
||||
public $mbErrorChar;
|
||||
|
||||
// crypt saslt prefix
|
||||
// [!!! DEPRECATED !!!] crypt saslt prefix
|
||||
public $cryptSaltPrefix = '';
|
||||
public $cryptSaltSuffix = '';
|
||||
public $cryptIterationCost = 7; // this is for staying backwards compatible with the old ones
|
||||
public $cryptSaltSize = 22; // default 22 chars for blowfish, 2 for STD DES, 8 for MD5,
|
||||
|
||||
// new better password management
|
||||
protected $password_options = array ();
|
||||
// session name
|
||||
private $session_name = '';
|
||||
private $session_id = '';
|
||||
@@ -340,8 +341,10 @@ class Basic
|
||||
$this->session_id = session_id();
|
||||
}
|
||||
|
||||
// init crypt settings
|
||||
// [!!! DEPRECATED !!!] init crypt settings
|
||||
$this->cryptInit();
|
||||
// new better password init
|
||||
$this->passwordInit();
|
||||
|
||||
// start logging running time
|
||||
$this->runningTime();
|
||||
@@ -1630,6 +1633,11 @@ class Basic
|
||||
return false;
|
||||
}
|
||||
|
||||
// [!!! DEPRECATED !!!]
|
||||
// ALL crypt* methids are DEPRECATED and SHALL NOT BE USED
|
||||
// use the new password* instead
|
||||
|
||||
// [!!! DEPRECATED !!!] -> passwordInit
|
||||
// METHOD: cryptInit
|
||||
// PARAMS: none
|
||||
// RETURN: none
|
||||
@@ -1676,6 +1684,7 @@ class Basic
|
||||
}
|
||||
}
|
||||
|
||||
// [!!! DEPRECATED !!!] -> not needed
|
||||
// METHOD: cryptSaltString
|
||||
// PARAMS: random string length, default is 22 (for blowfish crypt)
|
||||
// RETURN: random string
|
||||
@@ -1703,6 +1712,7 @@ class Basic
|
||||
return $salt_string;
|
||||
}
|
||||
|
||||
// [!!! DEPRECATED !!!] -> passwordSet
|
||||
// METHOD: cryptString
|
||||
// PARAMS: string to be crypted (one way)
|
||||
// RETURN: encrypted string
|
||||
@@ -1714,6 +1724,7 @@ class Basic
|
||||
return crypt($string, $this->cryptSaltPrefix.$this->cryptSaltString($this->cryptSaltSize).$this->cryptSaltSuffix);
|
||||
}
|
||||
|
||||
// [!!! DEPRECATED !!!] -> passwordVerify
|
||||
// METHOD: verifyCryptString
|
||||
// PARAMS: plain string (eg password)
|
||||
// full crypted string (from cryptString
|
||||
@@ -1729,6 +1740,61 @@ class Basic
|
||||
}
|
||||
}
|
||||
|
||||
// *** BETTER PASSWORD OPTIONS, must be used ***
|
||||
// METHOD: passwordInit
|
||||
// PARAMS: none
|
||||
// RETURN: none
|
||||
// DESC : inits the password options set
|
||||
// currently this is et empty, and the default options are used
|
||||
private function passwordInit()
|
||||
{
|
||||
// set default password cost: use default set automatically
|
||||
$this->password_options = array (
|
||||
// 'cost' => PASSWORD_BCRYPT_DEFAULT_COST
|
||||
);
|
||||
}
|
||||
|
||||
// METHOD: passwordSet
|
||||
// PARAMS: password
|
||||
// RETURN: hashed password
|
||||
// DESC : creates the password hash
|
||||
public function passwordSet($password)
|
||||
{
|
||||
// always use the PHP default for the password
|
||||
// password options ca be set in the password init, but should be kept as default
|
||||
return password_hash($password, PASSWORD_DEFAULT, $this->password_options);
|
||||
}
|
||||
|
||||
// METHOD: passwordVerify
|
||||
// PARAMS: password and hash
|
||||
// RETURN: true or false
|
||||
// DESC : checks if the entered password matches the hash
|
||||
public function passwordVerify($password, $hash)
|
||||
{
|
||||
if (password_verify($password, $hash)) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
// in case something strange, return false on default
|
||||
return false;
|
||||
}
|
||||
|
||||
// METHOD: passwordRehashCheck
|
||||
// PARAMS: hash
|
||||
// RETURN: true or false
|
||||
// DESC : checks if the password needs to be rehashed
|
||||
public function passwordRehashCheck($hash)
|
||||
{
|
||||
if (password_needs_rehash($hash, PASSWORD_DEFAULT, $this->password_options)) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
// in case of strange, force re-hash
|
||||
return true;
|
||||
}
|
||||
|
||||
// *** COLORS ***
|
||||
|
||||
// METHOD: hex2rgb
|
||||
|
||||
@@ -887,16 +887,16 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
|
||||
} // switch
|
||||
} // for each error to check
|
||||
} elseif ($value["mandatory"] &&
|
||||
(
|
||||
// for all "normal" fields
|
||||
($this->table_array[$key]["type"] != "password" && $this->table_array[$key]["type"] != "drop_down_db_input" && !$this->table_array[$key]["value"]) ||
|
||||
// for drop_down_db_input check if one of both fields filled
|
||||
($this->table_array[$key]["type"] == "drop_down_db_input" && !$this->table_array[$key]["input_value"] && !$this->table_array[$key]["value"]) ||
|
||||
// for password
|
||||
($this->table_array[$key]["type"] == "password" && !$this->table_array[$key]["value"] && !$this->table_array[$key]["HIDDEN_value"])
|
||||
)
|
||||
// main if end
|
||||
) {
|
||||
(
|
||||
// for all "normal" fields
|
||||
($this->table_array[$key]["type"] != "password" && $this->table_array[$key]["type"] != "drop_down_db_input" && !$this->table_array[$key]["value"]) ||
|
||||
// for drop_down_db_input check if one of both fields filled
|
||||
($this->table_array[$key]["type"] == "drop_down_db_input" && !$this->table_array[$key]["input_value"] && !$this->table_array[$key]["value"]) ||
|
||||
// for password
|
||||
($this->table_array[$key]["type"] == "password" && !$this->table_array[$key]["value"] && !$this->table_array[$key]["HIDDEN_value"])
|
||||
)
|
||||
// main if end
|
||||
) {
|
||||
// if mandatory && no input
|
||||
// $this->debug('form', "A: ".$this->table_array[$key]["type"]." -- ".$this->table_array[$key]["input_value"]." -- ".$this->table_array[$key]["value"]);
|
||||
if (!$this->table_array[$key]["value"] && $this->table_array[$key]["type"] != "binary") {
|
||||
@@ -1145,7 +1145,6 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
|
||||
// DESC : save a table, reference and all input fields
|
||||
public function formSaveTableArray($addslashes = 0)
|
||||
{
|
||||
// global $_FILES;
|
||||
// for drop_down_db_input check if text field is filled and if, if not yet in db ...
|
||||
// and upload files
|
||||
if (!is_array($this->table_array)) {
|
||||
@@ -1154,9 +1153,9 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
|
||||
reset($this->table_array);
|
||||
while (list($key, $value) = each($this->table_array)) {
|
||||
// drop_down_db with input + reference table
|
||||
//$this->debug('form', "A: ".$this->table_array[$key]["type"]." --- ".$this->table_array[$key]["input_value"]);
|
||||
// $this->debug('form', "A: ".$this->table_array[$key]["type"]." --- ".$this->table_array[$key]["input_value"]);
|
||||
if ($this->table_array[$key]["type"] == "drop_down_db_input" && $this->table_array[$key]["input_value"]) {
|
||||
//$this->debug('form', "HERE");
|
||||
// $this->debug('form', "HERE");
|
||||
// check if this text name already exists (lowercase compare)
|
||||
$q = "SELECT ".$this->table_array[$key]["pk_name"]." FROM ".$this->table_array[$key]["table_name"]." WHERE LCASE(".$this->table_array[$key]["input_name"].") = '".$this->db_escape_string(strtolower($this->table_array[$key]["input_value"]))."'";
|
||||
// if a where was given, add here
|
||||
@@ -1208,10 +1207,10 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
|
||||
// if smth in $$key_file -> save or overwrite
|
||||
// if smth in $key && $$key_delete && !$$key_file-> delte
|
||||
// if smth in $key, keep as is
|
||||
// $_file=$key."_file";
|
||||
// $_delete=$key."_delete";
|
||||
//$this->debug('form', "UF: ".$GLOBALS["_FILES"][$key."_file"]['name']);
|
||||
//$this->debug('form', "delete: ".$key."_delete => ".$GLOBALS[$key.'_delete']);
|
||||
// $_file=$key."_file";
|
||||
// $_delete=$key."_delete";
|
||||
// $this->debug('form', "UF: ".$GLOBALS["_FILES"][$key."_file"]['name']);
|
||||
// $this->debug('form', "delete: ".$key."_delete => ".$GLOBALS[$key.'_delete']);
|
||||
if ($GLOBALS["_FILES"][$key."_file"]['name']) {
|
||||
// check if dir exists
|
||||
if (is_dir($this->table_array[$key]["save_dir"])) {
|
||||
@@ -1240,11 +1239,11 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
|
||||
// for password crypt it as blowfish, or if not available MD5
|
||||
if ($this->table_array[$key]['type'] == 'password') {
|
||||
if ($this->table_array[$key]["value"]) {
|
||||
// password is stored in blowfish format, or in the format supported by this PHP version
|
||||
$this->table_array[$key]["value"] = $this->cryptString($this->table_array[$key]["value"]);
|
||||
// use the better new passwordSet instead of crypt based
|
||||
$this->table_array[$key]['value'] = $this->passwordSet($this->table_array[$key]['value']);
|
||||
$this->table_array[$key]["HIDDEN_value"] = $this->table_array[$key]["value"];
|
||||
} else {
|
||||
// $this->table_array[$key]["HIDDEN_value"] =
|
||||
// $this->table_array[$key]["HIDDEN_value"] =
|
||||
}
|
||||
}
|
||||
} // go through each field
|
||||
@@ -1287,14 +1286,14 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
|
||||
$max = count($_POST[$prfx.$key]);
|
||||
}
|
||||
}
|
||||
//$this->debug('edit_error', "MAX: $max");
|
||||
// $this->debug('edit_error', "MAX: $max");
|
||||
// check if there is a hidden key, update, else insert
|
||||
while (list($el_name, $data_array) = each($reference_array["elements"])) {
|
||||
// this is only for reference_data part, at least one of the text fields need to be set for writing
|
||||
$blow_write = array ();
|
||||
//$this->debug('edit_error_query', "QUERY: ".$this->print_ar($_POST));
|
||||
// $this->debug('edit_error_query', "QUERY: ".$this->print_ar($_POST));
|
||||
// go through all submitted data
|
||||
// for ($i = 0; $i < count($_POST[$el_name]); $i ++)
|
||||
// for ($i = 0; $i < count($_POST[$el_name]); $i ++)
|
||||
for ($i = 0; $i < $max; $i ++) {
|
||||
// if we have enable name & delete set, then only insert/update those which are flagged as active
|
||||
// check if mandatory field is set, if not set "do not write flag"
|
||||
@@ -1326,7 +1325,7 @@ class Generate extends \CoreLibs\DB\Extended\ArrayIO
|
||||
// write all data (insert/update) because I don't know until all are processed if it is insert or update
|
||||
// don't write primary key backup for update
|
||||
// for reference_data type, only write if at least one text type field is set
|
||||
//$this->debug('edit_error', "I: $i | EL Name: $prfx$el_name | Data: ".$_POST[$prfx.$el_name][$i]." | Type: ".$type[$i]." | PK: ".$data_array["pk_id"].", Block write: ".$block_write[$i]);
|
||||
// $this->debug('edit_error', "I: $i | EL Name: $prfx$el_name | Data: ".$_POST[$prfx.$el_name][$i]." | Type: ".$type[$i]." | PK: ".$data_array["pk_id"].", Block write: ".$block_write[$i]);
|
||||
// only add elements that are not PK or FK flaged
|
||||
if (!$data_array['pk_id'] && !$data_array['fk_id']) {
|
||||
// update data list
|
||||
|
||||
Reference in New Issue
Block a user