Changed user hash
This commit is contained in:
parent
71570c700f
commit
b6c726bad5
@ -118,7 +118,8 @@ class Request {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if($this->loginRequired || !empty($this->requiredGroup)) {
|
// TODO: Check this!
|
||||||
|
if($this->externalCall && ($this->loginRequired || !empty($this->requiredGroup))) {
|
||||||
$apiKeyAuthorized = false;
|
$apiKeyAuthorized = false;
|
||||||
if(isset($values['api_key']) && $this->apiKeyAllowed) {
|
if(isset($values['api_key']) && $this->apiKeyAllowed) {
|
||||||
$apiKey = $values['api_key'];
|
$apiKey = $values['api_key'];
|
||||||
|
@ -44,10 +44,9 @@ namespace Api {
|
|||||||
|
|
||||||
protected function insertUser($username, $email, $password) {
|
protected function insertUser($username, $email, $password) {
|
||||||
$sql = $this->user->getSQL();
|
$sql = $this->user->getSQL();
|
||||||
$salt = generateRandomString(16);
|
$hash = $this->hashPassword($password);
|
||||||
$hash = $this->hashPassword($password, $salt);
|
$res = $sql->insert("User", array("name", "password", "email"))
|
||||||
$res = $sql->insert("User", array("name", "password", "salt", "email"))
|
->addRow($username, $hash, $email)
|
||||||
->addRow($username, $hash, $salt, $email)
|
|
||||||
->returning("uid")
|
->returning("uid")
|
||||||
->execute();
|
->execute();
|
||||||
|
|
||||||
@ -61,9 +60,8 @@ namespace Api {
|
|||||||
return $this->success;
|
return $this->success;
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: replace this with crypt() in the future
|
protected function hashPassword($password) {
|
||||||
protected function hashPassword($password, $salt) {
|
return password_hash($password, PASSWORD_BCRYPT);
|
||||||
return hash('sha256', $password . $salt);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function checkToken($token) {
|
protected function checkToken($token) {
|
||||||
@ -135,17 +133,27 @@ namespace Api\User {
|
|||||||
|
|
||||||
$username = $this->getParam('username');
|
$username = $this->getParam('username');
|
||||||
$email = $this->getParam('email');
|
$email = $this->getParam('email');
|
||||||
|
$password = $this->getParam('password');
|
||||||
|
$confirmPassword = $this->getParam('confirmPassword');
|
||||||
|
|
||||||
|
if(strlen($username) < 5 || strlen($username) > 32) {
|
||||||
|
return $this->createError("The username should be between 5 and 32 characters long");
|
||||||
|
} else if(strcmp($password, $confirmPassword) !== 0) {
|
||||||
|
return $this->createError("The given passwords do not match");
|
||||||
|
} else if(strlen($password) < 6) {
|
||||||
|
return $this->createError("The password should be at least 6 characters long");
|
||||||
|
}
|
||||||
|
|
||||||
if (!$this->userExists($username, $email)) {
|
if (!$this->userExists($username, $email)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$password = $this->getParam('password');
|
$id = $this->insertUser($username, $email, $password);
|
||||||
$confirmPassword = $this->getParam('confirmPassword');
|
if ($this->success) {
|
||||||
if ($password !== $confirmPassword) {
|
$this->result["userId"] = $id;
|
||||||
return $this->createError("The given passwords do not match.");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->insertUser($username, $email, $password) !== FALSE;
|
return $this->success;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -405,7 +413,7 @@ If the invitation was not intended, you can simply ignore this email.<br><br><a
|
|||||||
$stayLoggedIn = $this->getParam('stayLoggedIn');
|
$stayLoggedIn = $this->getParam('stayLoggedIn');
|
||||||
|
|
||||||
$sql = $this->user->getSQL();
|
$sql = $this->user->getSQL();
|
||||||
$res = $sql->select("User.uid", "User.password", "User.salt")
|
$res = $sql->select("User.uid", "User.password")
|
||||||
->from("User")
|
->from("User")
|
||||||
->where(new Compare("User.name", $username))
|
->where(new Compare("User.name", $username))
|
||||||
->execute();
|
->execute();
|
||||||
@ -418,10 +426,8 @@ If the invitation was not intended, you can simply ignore this email.<br><br><a
|
|||||||
return $this->wrongCredentials();
|
return $this->wrongCredentials();
|
||||||
} else {
|
} else {
|
||||||
$row = $res[0];
|
$row = $res[0];
|
||||||
$salt = $row['salt'];
|
|
||||||
$uid = $row['uid'];
|
$uid = $row['uid'];
|
||||||
$hash = $this->hashPassword($password, $salt);
|
if (password_verify($password, $row['password'])) {
|
||||||
if ($hash === $row['password']) {
|
|
||||||
if (!($this->success = $this->user->createSession($uid, $stayLoggedIn))) {
|
if (!($this->success = $this->user->createSession($uid, $stayLoggedIn))) {
|
||||||
return $this->createError("Error creating Session: " . $sql->getLastError());
|
return $this->createError("Error creating Session: " . $sql->getLastError());
|
||||||
} else {
|
} else {
|
||||||
@ -620,7 +626,7 @@ If the registration was not intended, you can simply ignore this email.<br><br><
|
|||||||
|
|
||||||
if ($usernameChanged) $query->set("name", $username);
|
if ($usernameChanged) $query->set("name", $username);
|
||||||
if ($emailChanged) $query->set("email", $email);
|
if ($emailChanged) $query->set("email", $email);
|
||||||
if (!is_null($password)) $query->set("password", $this->hashPassword($password, $user[0]["salt"]));
|
if (!is_null($password)) $query->set("password", $this->hashPassword($password));
|
||||||
|
|
||||||
$query->where(new Compare("User.uid", $id));
|
$query->where(new Compare("User.uid", $id));
|
||||||
$res = $query->execute();
|
$res = $query->execute();
|
||||||
|
@ -28,8 +28,7 @@ class CreateDatabase {
|
|||||||
->addSerial("uid")
|
->addSerial("uid")
|
||||||
->addString("email", 64, true)
|
->addString("email", 64, true)
|
||||||
->addString("name", 32)
|
->addString("name", 32)
|
||||||
->addString("salt", 16)
|
->addString("password", 128)
|
||||||
->addString("password", 64)
|
|
||||||
->addInt("language_id", true, 1)
|
->addInt("language_id", true, 1)
|
||||||
->addDateTime("registered_at", false, $sql->currentTimestamp())
|
->addDateTime("registered_at", false, $sql->currentTimestamp())
|
||||||
->primaryKey("uid")
|
->primaryKey("uid")
|
||||||
|
@ -313,33 +313,24 @@ namespace Documents\Install {
|
|||||||
if(!$success) {
|
if(!$success) {
|
||||||
$msg = "Please fill out the following inputs:<br>" .
|
$msg = "Please fill out the following inputs:<br>" .
|
||||||
$this->createUnorderedList($missingInputs);
|
$this->createUnorderedList($missingInputs);
|
||||||
} else if(strlen($username) < 5 || strlen($username) > 32) {
|
|
||||||
$msg = "The username should be between 5 and 32 characters long";
|
|
||||||
$success = false;
|
|
||||||
} else if(strcmp($password, $confirmPassword) !== 0) {
|
|
||||||
$msg = "The given passwords do not match";
|
|
||||||
$success = false;
|
|
||||||
} else if(strlen($password) < 6) {
|
|
||||||
$msg = "The password should be at least 6 characters long";
|
|
||||||
$success = false;
|
|
||||||
} else if($email && Parameter::parseType($email) !== Parameter::TYPE_EMAIL) {
|
|
||||||
$msg = "Invalid email address";
|
|
||||||
$success = false;
|
|
||||||
} else {
|
} else {
|
||||||
$salt = generateRandomString(16);
|
|
||||||
$hash = hash('sha256', $password . $salt);
|
|
||||||
$sql = $user->getSQL();
|
$sql = $user->getSQL();
|
||||||
|
$req = new \Api\User\Create($user);
|
||||||
|
$success = $req->execute(array(
|
||||||
|
'username' => $username,
|
||||||
|
'email' => $email,
|
||||||
|
'password' => $password,
|
||||||
|
'confirmPassword' => $confirmPassword,
|
||||||
|
));
|
||||||
|
|
||||||
$success = $sql->insert("User", array("name", "salt", "password", "email"))
|
$msg = $req->getLastError();
|
||||||
->addRow($username, $salt, $hash, $email)
|
if ($success) {
|
||||||
->returning("uid")
|
$success = $sql->insert("UserGroup", array("group_id", "user_id"))
|
||||||
->execute()
|
->addRow(USER_GROUP_ADMIN, $req->getResult()["userId"])
|
||||||
&& $sql->insert("UserGroup", array("group_id", "user_id"))
|
|
||||||
->addRow(USER_GROUP_ADMIN, $sql->getLastInsertId())
|
|
||||||
->execute();
|
->execute();
|
||||||
|
|
||||||
$msg = $sql->getLastError();
|
$msg = $sql->getLastError();
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return array("msg" => $msg, "success" => $success);
|
return array("msg" => $msg, "success" => $success);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user