Merge branch 'master' of github.com:gebhardtdasense/system
This commit is contained in:
commit
3c01d35787
@ -43,8 +43,44 @@ class Security {
|
|||||||
return ($advancedResult ? $result->next() : self::REGISTER_OK);
|
return ($advancedResult ? $result->next() : self::REGISTER_OK);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public static function changePassword(\SYSTEM\DB\DBInfo $dbinfo, $username, $password_sha_old, $password_sha_new){
|
||||||
|
|
||||||
|
$con = new \SYSTEM\DB\Connection($dbinfo);
|
||||||
|
if(\SYSTEM\system::isSystemDbInfoPG()){
|
||||||
|
$result = $con->prepare('',
|
||||||
|
'SELECT id FROM '.\SYSTEM\DBD\UserTable::NAME_PG.
|
||||||
|
' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower($1)'.
|
||||||
|
' AND '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2;',
|
||||||
|
array($username, $password_sha_old) );
|
||||||
|
|
||||||
|
}else{
|
||||||
|
return 'MySQL Query not implemented!';
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
$row = $result->next();
|
||||||
|
if(!$row){
|
||||||
|
return 0; // old password wrong
|
||||||
|
}
|
||||||
|
|
||||||
|
$userID = $row['id'];
|
||||||
|
if(\SYSTEM\system::isSystemDbInfoPG()){
|
||||||
|
$result = $con->prepare('',
|
||||||
|
'UPDATE '.\SYSTEM\DBD\UserTable::NAME_PG.
|
||||||
|
' SET "password_sha" = $1 WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2;',
|
||||||
|
array($password_sha_new, $userID) );
|
||||||
|
}else{
|
||||||
|
return 'MySQL Query not implemented!';
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
public static function login(\SYSTEM\DB\DBInfo $dbinfo, $username, $password_sha, $password_md5, $locale=NULL, $advancedResult=false){
|
public static function login(\SYSTEM\DB\DBInfo $dbinfo, $username, $password_sha, $password_md5, $locale=NULL, $advancedResult=false, $password_sha_new=NULL){
|
||||||
self::startSession();
|
self::startSession();
|
||||||
|
|
||||||
if(!isset($password_sha)){
|
if(!isset($password_sha)){
|
||||||
@ -58,8 +94,9 @@ class Security {
|
|||||||
$result = $con->prepare('loginAccountStmt',
|
$result = $con->prepare('loginAccountStmt',
|
||||||
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_PG.
|
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_PG.
|
||||||
' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower($1)'.
|
' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower($1)'.
|
||||||
' AND ('.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2 OR '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_MD5.' = $3 );',
|
' AND ('.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2 OR
|
||||||
array($username, $password_sha, $password_md5) );
|
'.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $3 OR '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_MD5.' = $4 );',
|
||||||
|
array($username, $password_sha, $password_sha_new, $password_md5) );
|
||||||
} else {
|
} else {
|
||||||
$result = $con->prepare('loginAccountStmt',
|
$result = $con->prepare('loginAccountStmt',
|
||||||
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_MYS.
|
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_MYS.
|
||||||
@ -72,8 +109,9 @@ class Security {
|
|||||||
$result = $con->prepare('loginAccountStmtSHA',
|
$result = $con->prepare('loginAccountStmtSHA',
|
||||||
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_PG.
|
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_PG.
|
||||||
' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower($1)'.
|
' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower($1)'.
|
||||||
' AND '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2;',
|
' AND '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2 OR
|
||||||
array($username, $password_sha) );
|
'.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $3 ;',
|
||||||
|
array($username, $password_sha, $password_sha_new) );
|
||||||
} else {
|
} else {
|
||||||
$result = $con->prepare('loginAccountStmtSHA',
|
$result = $con->prepare('loginAccountStmtSHA',
|
||||||
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_MYS.
|
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_MYS.
|
||||||
@ -95,11 +133,18 @@ class Security {
|
|||||||
$_SESSION['user'] = NULL;
|
$_SESSION['user'] = NULL;
|
||||||
return self::LOGIN_FAIL;}
|
return self::LOGIN_FAIL;}
|
||||||
|
|
||||||
// set password_sha if it is empty
|
// set password_sha if it is empty or if it length is < 40 -> SHA1 Androidappbugfix
|
||||||
if(!$row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA]){
|
if(!$row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA] ||strlen($row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA]) < 40){
|
||||||
|
|
||||||
|
if($password_sha_new != NULL){
|
||||||
|
$pw = $password_sha_new;
|
||||||
|
}else{
|
||||||
|
$pw = $password_sha;
|
||||||
|
}
|
||||||
|
|
||||||
$res = $con->prepare( 'updatePasswordSHAStmt',
|
$res = $con->prepare( 'updatePasswordSHAStmt',
|
||||||
'UPDATE '.\SYSTEM\DBD\UserTable::NAME.' SET '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $1 WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.';',
|
'UPDATE '.\SYSTEM\DBD\UserTable::NAME_PG.' SET '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $1 WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.';',
|
||||||
array($password_sha,$row[\SYSTEM\DBD\UserTable::FIELD_ID]));
|
array($pw,$row[\SYSTEM\DBD\UserTable::FIELD_ID]));
|
||||||
$res = $res->next();
|
$res = $res->next();
|
||||||
$row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA] = $res[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA];
|
$row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA] = $res[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA];
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user