diff options
Diffstat (limited to 'includes/pages')
| -rw-r--r-- | includes/pages/admin_user.php | 2 | ||||
| -rw-r--r-- | includes/pages/guest_login.php | 11 | ||||
| -rw-r--r-- | includes/pages/user_settings.php | 30 |
3 files changed, 15 insertions, 28 deletions
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 3c26062b..d9f5d749 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -240,7 +240,7 @@ function admin_user() { case 'change_pw' : if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { - sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + set_password($id, $_REQUEST['new_pw']); $html .= success("Passwort neu gesetzt.", true); } else { $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true); diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index c75327de..db479388 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -71,10 +71,8 @@ function guest_register() { } } - if (isset ($_REQUEST['password']) && strlen($_REQUEST['password']) >= 6) { - if ($_REQUEST['password'] == $_REQUEST['password2']) { - $password_hash = PassCrypt($_REQUEST['password']); - } else { + if (isset ($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { + if ($_REQUEST['password'] != $_REQUEST['password2']) { $ok = false; $msg .= error(Get_Text("makeuser_error_password1"), true); } @@ -112,9 +110,10 @@ function guest_register() { "', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) . "', `Passwort`='" . sql_escape($password_hash) . "', `kommentar`='" . sql_escape($comment) . "', `Hometown`='" . sql_escape($hometown) . "', `CreateDate`=NOW(), `Sprache`='" . sql_escape($_SESSION["Sprache"]) . "'"); - // Assign user-group + // Assign user-group and set password $user_id = sql_id(); sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($user_id) . ", `group_id`=-2"); + set_password($user_id, $_REQUEST['password']); // Assign angel-types foreach ($selected_angel_types as $selected_angel_type_id) @@ -176,7 +175,7 @@ function guest_login() { if (count($login_user) > 0) { $login_user = $login_user[0]; if (isset ($_REQUEST['password'])) { - if ($login_user['Passwort'] != PassCrypt($_REQUEST['password'])) { + if (!verify_password($_REQUEST['password'], $login_user['Passwort'], $login_user['UID'])) { $ok = false; $msg .= error(Get_Text("pub_index_pass_no_ok"), true); } diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index 5ea4af27..cfeb38cf 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -114,29 +114,17 @@ function user_settings() { elseif (isset ($_REQUEST['submit_password'])) { $ok = true; - if (!isset ($_REQUEST['password']) || $user['Passwort'] != PassCrypt($_REQUEST['password'])) { - $ok = false; + if (!isset ($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID'])) $msg .= error(Get_Text(30), true); - } - - if (isset ($_REQUEST['new_password']) && strlen($_REQUEST['new_password']) >= 6) { - if ($_REQUEST['new_password'] == $_REQUEST['new_password2']) { - $password_hash = PassCrypt($_REQUEST['new_password']); - } else { - $ok = false; - $msg .= error(Get_Text("makeuser_error_password1"), true); - } - } else { - $ok = false; - $msg .= error(Get_Text("makeuser_error_password2"), true); - } - - if ($ok) { - sql_query("UPDATE `User` SET `Passwort`='" . sql_escape($password_hash) . "' WHERE `UID`=" . sql_escape($user['UID'])); - + elseif (strlen($_REQUEST['new_password']) <= MIN_PASSWORD_LENGTH) + $msg .= error(Get_Text("makeuser_error_password2")); + elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) + $msg .= error(Get_Text("makeuser_error_password1"), true); + elseif(set_password($user['UID'], $_REQUEST['new_password'])) success("Password saved."); - redirect(page_link_to('user_settings')); - } + else + error("Failed setting password."); + redirect(page_link_to('user_settings')); } elseif (isset ($_REQUEST['submit_theme'])) { $ok = true; |