PSR-2 formatting

author: Bot <bot@myigel.name> 2017-01-02 03:57:23 +0100
committer: Igor Scheller <igor.scheller@igorshp.de> 2017-01-02 03:57:23 +0100
commit: 7313e15ce8236e19331fb6639a3a5b97c8f06ecd (patch)
tree: 399e5eaa403d6dd5993ca8fb6f2162319d2ed2e1 /includes/sys_auth.php
parent: b839e401062b294292fdcbd7e30b79bc149fab6f (diff)
1 files changed, 57 insertions, 52 deletions
diff --git a/includes/sys_auth.php b/includes/sys_auth.php
index 7a1dd4b7..8070d4cf 100644
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@@ -3,21 +3,22 @@
 /**
  *  Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien
  */
-function load_auth() {
-  global $user, $privileges;
+function load_auth()
+{
+    global $user, $privileges;
   
-  $user = null;
-  if (isset($_SESSION['uid'])) {
-    $user = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_SESSION['uid']) . "' LIMIT 1");
-    if (count($user) > 0) {
-      // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
+    $user = null;
+    if (isset($_SESSION['uid'])) {
+        $user = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_SESSION['uid']) . "' LIMIT 1");
+        if (count($user) > 0) {
+            // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten
       list($user) = $user;
-      sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;");
-      $privileges = privileges_for_user($user['UID']);
-      return;
+            sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;");
+            $privileges = privileges_for_user($user['UID']);
+            return;
+        }
+        unset($_SESSION['uid']);
     }
-    unset($_SESSION['uid']);
-  }
   
   // guest privileges
   $privileges = privileges_for_group(- 1);
@@ -26,66 +27,70 @@ function load_auth() {
 /**
  * generate a salt (random string) of arbitrary length suitable for the use with crypt()
  */
-function generate_salt($length = 16) {
-  $alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-  $salt = "";
-  for ($i = 0; $i < $length; $i ++) {
-    $salt .= $alphabet[rand(0, strlen($alphabet) - 1)];
-  }
-  return $salt;
+function generate_salt($length = 16)
+{
+    $alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+    $salt = "";
+    for ($i = 0; $i < $length; $i ++) {
+        $salt .= $alphabet[rand(0, strlen($alphabet) - 1)];
+    }
+    return $salt;
 }
 
 /**
  * set the password of a user
  */
-function set_password($uid, $password) {
-  global $crypt_alg;
-  $result = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, $crypt_alg . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1");
-  if ($result === false) {
-    engelsystem_error('Unable to update password.');
-  }
-  return $result;
+function set_password($uid, $password)
+{
+    global $crypt_alg;
+    $result = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, $crypt_alg . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1");
+    if ($result === false) {
+        engelsystem_error('Unable to update password.');
+    }
+    return $result;
 }
 
 /**
  * verify a password given a precomputed salt.
  * if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically
  */
-function verify_password($password, $salt, $uid = false) {
-  global $crypt_alg;
-  $correct = false;
-  if (substr($salt, 0, 1) == '$') { // new-style crypt()
+function verify_password($password, $salt, $uid = false)
+{
+    global $crypt_alg;
+    $correct = false;
+    if (substr($salt, 0, 1) == '$') { // new-style crypt()
     $correct = crypt($password, $salt) == $salt;
-  } elseif (substr($salt, 0, 7) == '{crypt}') { // old-style crypt() with DES and static salt - not used anymore
+    } elseif (substr($salt, 0, 7) == '{crypt}') { // old-style crypt() with DES and static salt - not used anymore
     $correct = crypt($password, '77') == $salt;
-  } elseif (strlen($salt) == 32) { // old-style md5 without salt - not used anymore
+    } elseif (strlen($salt) == 32) { // old-style md5 without salt - not used anymore
     $correct = md5($password) == $salt;
-  }
+    }
 
-  if ($correct && substr($salt, 0, strlen($crypt_alg)) != $crypt_alg && $uid) {
-    // this password is stored in another format than we want it to be.
+    if ($correct && substr($salt, 0, strlen($crypt_alg)) != $crypt_alg && $uid) {
+        // this password is stored in another format than we want it to be.
     // let's update it!
     // we duplicate the query from the above set_password() function to have the extra safety of checking the old hash
     sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, $crypt_alg . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1");
-  }
-  return $correct;
+    }
+    return $correct;
 }
 
-function privileges_for_user($user_id) {
-  $privileges = [];
-  $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`='" . sql_escape($user_id) . "'");
-  foreach ($user_privs as $user_priv) {
-    $privileges[] = $user_priv['name'];
-  }
-  return $privileges;
+function privileges_for_user($user_id)
+{
+    $privileges = [];
+    $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`='" . sql_escape($user_id) . "'");
+    foreach ($user_privs as $user_priv) {
+        $privileges[] = $user_priv['name'];
+    }
+    return $privileges;
 }
 
-function privileges_for_group($group_id) {
-  $privileges = [];
-  $groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`='" . sql_escape($group_id) . "'");
-  foreach ($groups_privs as $guest_priv) {
-    $privileges[] = $guest_priv['name'];
-  }
-  return $privileges;
+function privileges_for_group($group_id)
+{
+    $privileges = [];
+    $groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`='" . sql_escape($group_id) . "'");
+    foreach ($groups_privs as $guest_priv) {
+        $privileges[] = $guest_priv['name'];
+    }
+    return $privileges;
 }
-?>
author	Bot <bot@myigel.name>	2017-01-02 03:57:23 +0100
committer	Igor Scheller <igor.scheller@igorshp.de>	2017-01-02 03:57:23 +0100
commit	7313e15ce8236e19331fb6639a3a5b97c8f06ecd (patch)
tree	399e5eaa403d6dd5993ca8fb6f2162319d2ed2e1 /includes/sys_auth.php
parent	b839e401062b294292fdcbd7e30b79bc149fab6f (diff)