diff options
| author | Simon Rettberg | 2015-03-04 18:43:06 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2015-03-04 18:43:06 +0100 |
| commit | 7b17223904214024018f626715926fa729941d3c (patch) | |
| tree | 6d9fd93915726600ed6c430d1e2e64af87528ef1 /inc | |
| parent | Third Commit (diff) | |
| download | bwlp-webadmin-7b17223904214024018f626715926fa729941d3c.tar.gz bwlp-webadmin-7b17223904214024018f626715926fa729941d3c.tar.xz bwlp-webadmin-7b17223904214024018f626715926fa729941d3c.zip | |
Fourth Commit
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/crypto.inc.php | 29 | ||||
| -rw-r--r-- | inc/user.inc.php | 43 |
2 files changed, 68 insertions, 4 deletions
diff --git a/inc/crypto.inc.php b/inc/crypto.inc.php new file mode 100644 index 0000000..56f5073 --- /dev/null +++ b/inc/crypto.inc.php @@ -0,0 +1,29 @@ +<?php + +class Crypto +{ + + /** + * Hash given string using crypt's $6$, + * which translates to ~130 bit salt + * and 5000 rounds of hashing with SHA-512. + */ + public static function hash6($password) + { + $salt = substr(str_replace('+', '.', base64_encode(pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand()))), 0, 16); + $hash = crypt($password, '$6$' . $salt); + if (strlen($hash) < 60) Util::traceError('Error hashing password using SHA-512'); + return $hash; + } + + /** + * Check if the given password matches the given cryp hash. + * Useful for checking a hashed password. + */ + public static function verify($password, $hash) + { + return crypt($password, $hash) === $hash; + } + +} + diff --git a/inc/user.inc.php b/inc/user.inc.php index 496857e..ef29003 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -46,6 +46,13 @@ class User return (int)self::$user['userid']; } + public static function getMail() + { + if (!isset(self::$user['email'])) + return false; + return self::$user['email']; + } + public static function getName() { if (!self::isLoggedIn()) @@ -115,8 +122,9 @@ class User if (Session::getUid() === false) return false; // Try user from local DB - self::$user = Database::queryFirst('SELECT userid, shibid, login, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid())); - return self::$user !== false; + self::$user = Database::queryFirst('SELECT userid, shibid, login, organizationid AS organization, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid())); + self::$isInDb = self::$user !== false; + return self::$isInDb; } // Try bwIDM etc. if (!$hasSession) { @@ -190,12 +198,35 @@ class User } } + public static function updatePassword($pass) + { + if (!self::isLoggedIn() || self::$isShib || !self::$isInDb) + return false; + $pw = Crypto::hash6($pass); + $ret = Database::exec('UPDATE user SET password = :pass WHERE userid = :user LIMIT 1', array( + 'pass' => $pw, + 'user' => self::getId() + )); + return $ret == 1; + } + + + public static function updateMail($mail) + { + if (!self::isLoggedIn() || self::$isShib || !self::$isInDb) + return false; + $ret = Database::exec('UPDATE user SET email = :mail WHERE userid = :user LIMIT 1', array( + 'mail' => $mail, + 'user' => self::getId() + )); + return $ret == 1 || $mail === self::get('email'); + } public static function login($user, $pass) { $ret = Database::queryFirst('SELECT userid, password FROM user WHERE login = :user LIMIT 1', array(':user' => $user)); if ($ret === false) return false; - if (!Crypto::verify($pass, $ret['passwd'])) + if (!Crypto::verify($pass, $ret['password'])) return false; Session::create(); Session::setUid($ret['userid']); @@ -212,7 +243,11 @@ class User @setcookie($name, '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); } Session::delete(); - Header('Location: ?do=Logout&noredirect=yes'); + if (self::$isShib) { + Header('Location: ?do=Logout&noredirect=yes'); + } else { + Header('Location: ?do=Main'); + } exit(0); } |