diff options
author | msquare <msquare@notrademark.de> | 2019-07-21 13:32:45 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-07-21 13:32:45 +0200 |
commit | d4d4b409b6fd96ca297af323936b8922d45b6eda (patch) | |
tree | 6c8efa1a1e429f3965820838796cb4b97cd2df11 /includes/sys_auth.php | |
parent | d5bf7fd065a5ea93dea9fd55e6ac225ee062a3db (diff) | |
parent | 51a3c6eb44a5dbdf9d7a3cfac678f0d29b0d3eef (diff) |
Merge pull request #622 from MyIgel/controllers
AuthController (login, logout), use templating, replaced gettext, input validation
Diffstat (limited to 'includes/sys_auth.php')
-rw-r--r-- | includes/sys_auth.php | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/includes/sys_auth.php b/includes/sys_auth.php index 520b13eb..f0485495 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -1,74 +1,6 @@ <?php use Engelsystem\Database\DB; -use Engelsystem\Models\User\User; - -/** - * generate a salt (random string) of arbitrary length suitable for the use with crypt() - * - * @param int $length - * @return string - */ -function generate_salt($length = 16) -{ - $alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'; - $salt = ''; - for ($i = 0; $i < $length; $i++) { - $salt .= $alphabet[rand(0, strlen($alphabet) - 1)]; - } - return $salt; -} - -/** - * set the password of a user - * - * @param int $uid - * @param string $password - */ -function set_password($uid, $password) -{ - $user = User::find($uid); - $user->password = crypt($password, config('crypt_alg') . '$' . generate_salt(16) . '$'); - $user->save(); -} - -/** - * verify a password given a precomputed salt. - * if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically - * - * @param string $password - * @param string $salt - * @param int $uid - * @return bool - */ -function verify_password($password, $salt, $uid = null) -{ - $crypt_alg = config('crypt_alg'); - $correct = false; - if (substr($salt, 0, 1) == '$') { - // new-style crypt() - $correct = crypt($password, $salt) == $salt; - } elseif (substr($salt, 0, 7) == '{crypt}') { - // old-style crypt() with DES and static salt - not used anymore - $correct = crypt($password, '77') == $salt; - } elseif (strlen($salt) == 32) { - // old-style md5 without salt - not used anymore - $correct = md5($password) == $salt; - } - - if ($correct && substr($salt, 0, strlen($crypt_alg)) != $crypt_alg && intval($uid)) { - // this password is stored in another format than we want it to be. - // let's update it! - // we duplicate the query from the above set_password() function to have the extra safety of checking - // the old hash - $user = User::find($uid); - if ($user->password == $salt) { - $user->password = crypt($password, $crypt_alg . '$' . generate_salt() . '$'); - $user->save(); - } - } - return $correct; -} /** * @param int $user_id |