Fixed "Constant already defined" notice

Added more ugly global variables

5 files changed, 14 insertions, 13 deletions

diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php
index 64f725de..3825af7c 100644
--- a/includes/controller/users_controller.php
+++ b/includes/controller/users_controller.php
@@ -211,6 +211,7 @@ function users_list_controller() {
  * Second step of password recovery: set a new password using the token link from email
  */
 function user_password_recovery_set_new_controller() {
+  global $min_password_length;
   $user_source = User_by_password_recovery_token($_REQUEST['token']);
   if ($user_source == null) {
     error(_("Token is not correct."));
@@ -219,8 +220,8 @@ function user_password_recovery_set_new_controller() {
   
   if (isset($_REQUEST['submit'])) {
     $valid = true;
-    
-    if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
+
+    if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) {
       if ($_REQUEST['password'] != $_REQUEST['password2']) {
         $valid = false;
         error(_("Your passwords don't match."));
diff --git a/includes/engelsystem_provider.php b/includes/engelsystem_provider.php
index ef9cee15..595af9f9 100644
--- a/includes/engelsystem_provider.php
+++ b/includes/engelsystem_provider.php
@@ -68,9 +68,6 @@ if (file_exists(realpath(__DIR__ . '/../config/config.php'))) {
   require_once realpath(__DIR__ . '/../config/config.php');
 }
 
-defined('CRYPT_ALG') || define('CRYPT_ALG', '$6$rounds=5000'); // SHA-512
-defined('MIN_PASSWORD_LENGTH') || define('MIN_PASSWORD_LENGTH', 8);
-
 if ($maintenance_mode) {
   echo file_get_contents(__DIR__ . '/../public/maintenance.html');
   die();
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index a4934be3..54abe5ca 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -14,7 +14,7 @@ function logout_title() {
 
 // Engel registrieren
 function guest_register() {
-  global $tshirt_sizes, $enable_tshirt_size, $default_theme, $user;
+  global $tshirt_sizes, $enable_tshirt_size, $default_theme, $user, $min_password_length;
   
   $event_config = EventConfig();
   
@@ -96,14 +96,14 @@ function guest_register() {
       }
     }
     
-    if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
+    if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) {
       if ($_REQUEST['password'] != $_REQUEST['password2']) {
         $valid = false;
         $msg .= error(_("Your passwords don't match."), true);
       }
     } else {
       $valid = false;
-      $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true);
+      $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), $min_password_length), true);
     }
     
     if (isset($_REQUEST['planned_arrival_date'])) {
diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php
index a147b437..e776320f 100644
--- a/includes/pages/user_settings.php
+++ b/includes/pages/user_settings.php
@@ -88,9 +88,10 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) {
  *          The user
  */
 function user_settings_password($user_source) {
+  global $min_password_length;
   if (! isset($_REQUEST['password']) || ! verify_password($_REQUEST['password'], $user_source['Passwort'], $user_source['UID'])) {
     error(_("-> not OK. Please try again."));
-  } elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) {
+  } elseif (strlen($_REQUEST['new_password']) < $min_password_length) {
     error(_("Your password is to short (please use at least 6 characters)."));
   } elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) {
     error(_("Your passwords don't match."));
diff --git a/includes/sys_auth.php b/includes/sys_auth.php
index 135e49e3..7a1dd4b7 100644
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@@ -39,7 +39,8 @@ function generate_salt($length = 16) {
  * set the password of a user
  */
 function set_password($uid, $password) {
-  $result = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1");
+  global $crypt_alg;
+  $result = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, $crypt_alg . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1");
   if ($result === false) {
     engelsystem_error('Unable to update password.');
   }
@@ -51,6 +52,7 @@ function set_password($uid, $password) {
  * if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically
  */
 function verify_password($password, $salt, $uid = false) {
+  global $crypt_alg;
   $correct = false;
   if (substr($salt, 0, 1) == '$') { // new-style crypt()
     $correct = crypt($password, $salt) == $salt;
@@ -59,12 +61,12 @@ function verify_password($password, $salt, $uid = false) {
   } elseif (strlen($salt) == 32) { // old-style md5 without salt - not used anymore
     $correct = md5($password) == $salt;
   }
-  
-  if ($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) {
+
+  if ($correct && substr($salt, 0, strlen($crypt_alg)) != $crypt_alg && $uid) {
     // this password is stored in another format than we want it to be.
     // let's update it!
     // we duplicate the query from the above set_password() function to have the extra safety of checking the old hash
-    sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1");
+    sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, $crypt_alg . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1");
   }
   return $correct;
 }