webcraftmedia/system
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:gebhardtdasense/system

Browse Source
This commit is contained in:
Ulf Gebhardt 2013-07-24 18:22:08 +02:00
commit 3c01d35787
1 changed files with 54 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
security/Security.php
View File

@ -44,7 +44,43 @@ class Security {
}
public static function login(\SYSTEM\DB\DBInfo $dbinfo, $username, $password_sha, $password_md5, $locale=NULL, $advancedResult=false){
public static function changePassword(\SYSTEM\DB\DBInfo $dbinfo, $username, $password_sha_old, $password_sha_new){
$con = new \SYSTEM\DB\Connection($dbinfo);
if(\SYSTEM\system::isSystemDbInfoPG()){
$result = $con->prepare('',
'SELECT id FROM '.\SYSTEM\DBD\UserTable::NAME_PG.
' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower($1)'.
' AND '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2;',
array($username, $password_sha_old) );
}else{
return 'MySQL Query not implemented!';
}
$row = $result->next();
if(!$row){
return 0; // old password wrong
}
$userID = $row['id'];
if(\SYSTEM\system::isSystemDbInfoPG()){
$result = $con->prepare('',
'UPDATE '.\SYSTEM\DBD\UserTable::NAME_PG.
' SET "password_sha" = $1 WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2;',
array($password_sha_new, $userID) );
}else{
return 'MySQL Query not implemented!';
}
return 1;
}
public static function login(\SYSTEM\DB\DBInfo $dbinfo, $username, $password_sha, $password_md5, $locale=NULL, $advancedResult=false, $password_sha_new=NULL){
self::startSession();
if(!isset($password_sha)){
@ -58,8 +94,9 @@ class Security {
$result = $con->prepare('loginAccountStmt',
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_PG.
' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower($1)'.
' AND ('.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2 OR '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_MD5.' = $3 );',
array($username, $password_sha, $password_md5) );
' AND ('.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2 OR
'.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $3 OR '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_MD5.' = $4 );',
array($username, $password_sha, $password_sha_new, $password_md5) );
} else {
$result = $con->prepare('loginAccountStmt',
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_MYS.
@ -72,8 +109,9 @@ class Security {
$result = $con->prepare('loginAccountStmtSHA',
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_PG.
' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower($1)'.
' AND '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2;',
array($username, $password_sha) );
' AND '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2 OR
'.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $3 ;',
array($username, $password_sha, $password_sha_new) );
} else {
$result = $con->prepare('loginAccountStmtSHA',
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_MYS.
@ -95,11 +133,18 @@ class Security {
$_SESSION['user'] = NULL;
return self::LOGIN_FAIL;}
// set password_sha if it is empty
if(!$row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA]){
// set password_sha if it is empty or if it length is < 40 -> SHA1 Androidappbugfix
if(!$row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA] ||strlen($row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA]) < 40){
if($password_sha_new != NULL){
$pw = $password_sha_new;
}else{
$pw = $password_sha;
}
$res = $con->prepare( 'updatePasswordSHAStmt',
'UPDATE '.\SYSTEM\DBD\UserTable::NAME.' SET '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $1 WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.';',
array($password_sha,$row[\SYSTEM\DBD\UserTable::FIELD_ID]));
'UPDATE '.\SYSTEM\DBD\UserTable::NAME_PG.' SET '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $1 WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.';',
array($pw,$row[\SYSTEM\DBD\UserTable::FIELD_ID]));
$res = $res->next();
$row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA] = $res[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA];
}