webcraftmedia/system
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

possibility to change password_sha

Browse Source
This commit is contained in:
scholzDaSense 2013-07-12 13:34:42 +02:00
parent 71d1bb1b53
commit af08b72795
1 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
security/Security.php
View File

@ -80,7 +80,7 @@ class Security {
public static function login(\SYSTEM\DB\DBInfo $dbinfo, $username, $password_sha, $password_md5, $locale=NULL, $advancedResult=false){ public static function login(\SYSTEM\DB\DBInfo $dbinfo, $username, $password_sha, $password_md5, $locale=NULL, $advancedResult=false, $password_sha_new=NULL){
self::startSession(); self::startSession();
if(!isset($password_sha)){ if(!isset($password_sha)){
@ -94,8 +94,9 @@ class Security {
$result = $con->prepare('loginAccountStmt', $result = $con->prepare('loginAccountStmt',
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_PG. 'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_PG.
' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower($1)'. ' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower($1)'.
' AND ('.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2 OR '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_MD5.' = $3 );', ' AND ('.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2 OR
array($username, $password_sha, $password_md5) ); '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $3 OR '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_MD5.' = $4 );',
array($username, $password_sha, $password_sha_new, $password_md5) );
} else { } else {
$result = $con->prepare('loginAccountStmt', $result = $con->prepare('loginAccountStmt',
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_MYS. 'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_MYS.
@ -108,8 +109,9 @@ class Security {
$result = $con->prepare('loginAccountStmtSHA', $result = $con->prepare('loginAccountStmtSHA',
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_PG. 'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_PG.
' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower($1)'. ' WHERE lower('.\SYSTEM\DBD\UserTable::FIELD_USERNAME.') LIKE lower($1)'.
' AND '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2;', ' AND '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $2 OR
array($username, $password_sha) ); '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $3 ;',
array($username, $password_sha, $password_sha_new) );
} else { } else {
$result = $con->prepare('loginAccountStmtSHA', $result = $con->prepare('loginAccountStmtSHA',
'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_MYS. 'SELECT * FROM '.\SYSTEM\DBD\UserTable::NAME_MYS.
@ -131,11 +133,18 @@ class Security {
$_SESSION['user'] = NULL; $_SESSION['user'] = NULL;
return self::LOGIN_FAIL;} return self::LOGIN_FAIL;}
// set password_sha if it is empty // set password_sha if it is empty or if it length is < 40 -> SHA1 Androidappbugfix
if(!$row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA]){ if(!$row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA] ||strlen($row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA]) < 40){
if($password_sha_new != NULL){
$pw = $password_sha_new;
}else{
$pw = $password_sha;
}
$res = $con->prepare( 'updatePasswordSHAStmt', $res = $con->prepare( 'updatePasswordSHAStmt',
'UPDATE '.\SYSTEM\DBD\UserTable::NAME.' SET '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $1 WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.';', 'UPDATE '.\SYSTEM\DBD\UserTable::NAME_PG.' SET '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.' = $1 WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2'.' RETURNING '.\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA.';',
array($password_sha,$row[\SYSTEM\DBD\UserTable::FIELD_ID])); array($pw,$row[\SYSTEM\DBD\UserTable::FIELD_ID]));
$res = $res->next(); $res = $res->next();
$row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA] = $res[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA]; $row[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA] = $res[\SYSTEM\DBD\UserTable::FIELD_PASSWORD_SHA];
} }