From 7b17223904214024018f626715926fa729941d3c Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 4 Mar 2015 18:43:06 +0100
Subject: Fourth Commit

---
 inc/crypto.inc.php | 29 +++++++++++++++++++++++++++++
 inc/user.inc.php   | 43 +++++++++++++++++++++++++++++++++++++++----
 2 files changed, 68 insertions(+), 4 deletions(-)
 create mode 100644 inc/crypto.inc.php

(limited to 'inc')

diff --git a/inc/crypto.inc.php b/inc/crypto.inc.php
new file mode 100644
index 0000000..56f5073
--- /dev/null
+++ b/inc/crypto.inc.php
@@ -0,0 +1,29 @@
+<?php
+
+class Crypto
+{
+
+	/**
+	 * Hash given string using crypt's $6$,
+	 * which translates to ~130 bit salt
+	 * and 5000 rounds of hashing with SHA-512.
+	 */
+	public static function hash6($password)
+	{
+		$salt = substr(str_replace('+', '.', base64_encode(pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand()))), 0, 16);
+		$hash = crypt($password, '$6$' . $salt);
+		if (strlen($hash) < 60) Util::traceError('Error hashing password using SHA-512');
+		return $hash;
+	}
+
+	/**
+	 * Check if the given password matches the given cryp hash.
+	 * Useful for checking a hashed password.
+	 */
+	public static function verify($password, $hash)
+	{
+		return crypt($password, $hash) === $hash;
+	}
+
+}
+
diff --git a/inc/user.inc.php b/inc/user.inc.php
index 496857e..ef29003 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -46,6 +46,13 @@ class User
 		return (int)self::$user['userid'];
 	}
 
+	public static function getMail()
+	{
+		if (!isset(self::$user['email']))
+			return false;
+		return self::$user['email'];
+	}
+
 	public static function getName()
 	{
 		if (!self::isLoggedIn())
@@ -115,8 +122,9 @@ class User
 			if (Session::getUid() === false)
 				return false;
 			// Try user from local DB
-			self::$user = Database::queryFirst('SELECT userid, shibid, login, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid()));
-			return self::$user !== false;
+			self::$user = Database::queryFirst('SELECT userid, shibid, login, organizationid AS organization, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid()));
+			self::$isInDb = self::$user !== false;
+			return self::$isInDb;
 		}
 		// Try bwIDM etc.
 		if (!$hasSession) {
@@ -190,12 +198,35 @@ class User
 		}
 	}
 
+	public static function updatePassword($pass)
+	{
+		if (!self::isLoggedIn() || self::$isShib || !self::$isInDb)
+			return false;
+		$pw = Crypto::hash6($pass);
+		$ret = Database::exec('UPDATE user SET password = :pass WHERE userid = :user LIMIT 1', array(
+			'pass' => $pw,
+			'user' => self::getId()
+		));
+		return $ret == 1;
+	}
+
+
+	public static function updateMail($mail)
+	{
+		if (!self::isLoggedIn() || self::$isShib || !self::$isInDb)
+			return false;
+		$ret = Database::exec('UPDATE user SET email = :mail WHERE userid = :user LIMIT 1', array(
+			'mail' => $mail,
+			'user' => self::getId()
+		));
+		return $ret == 1 || $mail === self::get('email');
+	}
 	public static function login($user, $pass)
 	{
 		$ret = Database::queryFirst('SELECT userid, password FROM user WHERE login = :user LIMIT 1', array(':user' => $user));
 		if ($ret === false)
 			return false;
-		if (!Crypto::verify($pass, $ret['passwd']))
+		if (!Crypto::verify($pass, $ret['password']))
 			return false;
 		Session::create();
 		Session::setUid($ret['userid']);
@@ -212,7 +243,11 @@ class User
 			@setcookie($name, '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
 		}
 		Session::delete();
-		Header('Location: ?do=Logout&noredirect=yes');
+		if (self::$isShib) {
+			Header('Location: ?do=Logout&noredirect=yes');
+		} else {
+			Header('Location: ?do=Main');
+		}
 		exit(0);
 	}
 
-- 
cgit v1.2.3-55-g7522