summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rw-r--r--includes/controller/users_controller.php13
-rw-r--r--includes/helper/email_helper.php3
-rw-r--r--includes/pages/admin_user.php2
-rw-r--r--includes/pages/guest_login.php119
-rw-r--r--includes/pages/user_settings.php5
-rw-r--r--includes/sys_auth.php68
-rw-r--r--includes/view/AngelTypes_view.php2
-rw-r--r--includes/view/User_view.php2
8 files changed, 15 insertions, 199 deletions
diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php
index 7c6bde02..214998dc 100644
--- a/includes/controller/users_controller.php
+++ b/includes/controller/users_controller.php
@@ -47,6 +47,7 @@ function users_controller()
function user_delete_controller()
{
$user = auth()->user();
+ $auth = auth();
$request = request();
if ($request->has('user_id')) {
@@ -68,14 +69,12 @@ function user_delete_controller()
if ($request->hasPostData('submit')) {
$valid = true;
- if (
- !(
+ if (!(
$request->has('password')
- && verify_password($request->postData('password'), $user->password, $user->id)
- )
- ) {
+ && $auth->verifyPassword($user, $request->postData('password'))
+ )) {
$valid = false;
- error(__('Your password is incorrect. Please try it again.'));
+ error(__('Your password is incorrect. Please try it again.'));
}
if ($valid) {
@@ -341,7 +340,7 @@ function user_password_recovery_set_new_controller()
}
if ($valid) {
- set_password($passwordReset->user->id, $request->postData('password'));
+ auth()->setPassword($passwordReset->user, $request->postData('password'));
success(__('Password saved.'));
$passwordReset->delete();
redirect(page_link_to('login'));
diff --git a/includes/helper/email_helper.php b/includes/helper/email_helper.php
index bad0d539..3012d5ce 100644
--- a/includes/helper/email_helper.php
+++ b/includes/helper/email_helper.php
@@ -1,5 +1,6 @@
<?php
+use Engelsystem\Helpers\Translation\Translator;
use Engelsystem\Mail\EngelsystemMailer;
use Engelsystem\Models\User\User;
use Psr\Log\LogLevel;
@@ -17,7 +18,7 @@ function engelsystem_email_to_user($recipientUser, $title, $message, $notIfItsMe
return true;
}
- /** @var \Engelsystem\Helpers\Translator $translator */
+ /** @var Translator $translator */
$translator = app()->get('translator');
$locale = $translator->getLocale();
diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php
index e6f94180..8482dea5 100644
--- a/includes/pages/admin_user.php
+++ b/includes/pages/admin_user.php
@@ -291,8 +291,8 @@ function admin_user()
$request->postData('new_pw') != ''
&& $request->postData('new_pw') == $request->postData('new_pw2')
) {
- set_password($user_id, $request->postData('new_pw'));
$user_source = User::find($user_id);
+ auth()->setPassword($user_source, $request->postData('new_pw'));
engelsystem_log('Set new password for ' . User_Nick_render($user_source, true));
$html .= success('Passwort neu gesetzt.', true);
} else {
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index d152a092..3bc10fc3 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -11,14 +11,6 @@ use Engelsystem\Models\User\User;
/**
* @return string
*/
-function login_title()
-{
- return __('Login');
-}
-
-/**
- * @return string
- */
function register_title()
{
return __('Register');
@@ -226,7 +218,7 @@ function guest_register()
// Assign user-group and set password
DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -20)', [$user->id]);
- set_password($user->id, $request->postData('password'));
+ auth()->setPassword($user, $request->postData('password'));
// Assign angel-types
$user_angel_types_info = [];
@@ -369,112 +361,3 @@ function entry_required()
{
return '<span class="text-info glyphicon glyphicon-warning-sign"></span>';
}
-
-/**
- * @return string
- */
-function guest_login()
-{
- $nick = '';
- $request = request();
- $session = session();
- $valid = true;
-
- $session->remove('uid');
-
- if ($request->hasPostData('submit')) {
- if ($request->has('nick') && !empty($request->input('nick'))) {
- $nickValidation = User_validate_Nick($request->input('nick'));
- $nick = $nickValidation->getValue();
- $login_user = User::whereName($nickValidation->getValue())->first();
- if ($login_user) {
- if ($request->has('password')) {
- if (!verify_password($request->postData('password'), $login_user->password, $login_user->id)) {
- $valid = false;
- error(__('Your password is incorrect. Please try it again.'));
- }
- } else {
- $valid = false;
- error(__('Please enter a password.'));
- }
- } else {
- $valid = false;
- error(__('No user was found with that Nickname. Please try again. If you are still having problems, ask a Dispatcher.'));
- }
- } else {
- $valid = false;
- error(__('Please enter a nickname.'));
- }
-
- if ($valid && $login_user) {
- $session->set('uid', $login_user->id);
- $session->set('locale', $login_user->settings->language);
-
- redirect(page_link_to(config('home_site')));
- }
- }
-
- return page([
- div('col-md-12', [
- div('row', [
- EventConfig_countdown_page()
- ]),
- div('row', [
- div('col-sm-6 col-sm-offset-3 col-md-4 col-md-offset-4', [
- div('panel panel-primary first', [
- div('panel-heading', [
- '<span class="icon-icon_angel"></span> ' . __('Login')
- ]),
- div('panel-body', [
- msg(),
- form([
- form_text_placeholder('nick', __('Nick'), $nick),
- form_password_placeholder('password', __('Password')),
- form_submit('submit', __('Login')),
- !$valid ? buttons([
- button(page_link_to('user_password_recovery'), __('I forgot my password'))
- ]) : ''
- ])
- ]),
- div('panel-footer', [
- glyph('info-sign') . __('Please note: You have to activate cookies!')
- ])
- ])
- ])
- ]),
- div('row', [
- div('col-sm-6 text-center', [
- heading(register_title(), 2),
- get_register_hint()
- ]),
- div('col-sm-6 text-center', [
- heading(__('What can I do?'), 2),
- '<p>' . __('Please read about the jobs you can do to help us.') . '</p>',
- buttons([
- button(
- page_link_to('angeltypes', ['action' => 'about']),
- __('Teams/Job description') . ' &raquo;'
- )
- ])
- ])
- ])
- ])
- ]);
-}
-
-/**
- * @return string
- */
-function get_register_hint()
-{
- if (auth()->can('register') && config('registration_enabled')) {
- return join('', [
- '<p>' . __('Please sign up, if you want to help us!') . '</p>',
- buttons([
- button(page_link_to('register'), register_title() . ' &raquo;')
- ])
- ]);
- }
-
- return error(__('Registration is disabled.'), true);
-}
diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php
index ae29e4d8..f6853191 100644
--- a/includes/pages/user_settings.php
+++ b/includes/pages/user_settings.php
@@ -101,9 +101,10 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes)
function user_settings_password($user_source)
{
$request = request();
+ $auth = auth();
if (
!$request->has('password')
- || !verify_password($request->postData('password'), $user_source->password, $user_source->id)
+ || !$auth->verifyPassword($user_source, $request->postData('password'))
) {
error(__('-> not OK. Please try again.'));
} elseif (strlen($request->postData('new_password')) < config('min_password_length')) {
@@ -111,7 +112,7 @@ function user_settings_password($user_source)
} elseif ($request->postData('new_password') != $request->postData('new_password2')) {
error(__('Your passwords don\'t match.'));
} else {
- set_password($user_source->id, $request->postData('new_password'));
+ $auth->setPassword($user_source, $request->postData('new_password'));
success(__('Password saved.'));
}
redirect(page_link_to('user_settings'));
diff --git a/includes/sys_auth.php b/includes/sys_auth.php
index 520b13eb..f0485495 100644
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@@ -1,74 +1,6 @@
<?php
use Engelsystem\Database\DB;
-use Engelsystem\Models\User\User;
-
-/**
- * generate a salt (random string) of arbitrary length suitable for the use with crypt()
- *
- * @param int $length
- * @return string
- */
-function generate_salt($length = 16)
-{
- $alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
- $salt = '';
- for ($i = 0; $i < $length; $i++) {
- $salt .= $alphabet[rand(0, strlen($alphabet) - 1)];
- }
- return $salt;
-}
-
-/**
- * set the password of a user
- *
- * @param int $uid
- * @param string $password
- */
-function set_password($uid, $password)
-{
- $user = User::find($uid);
- $user->password = crypt($password, config('crypt_alg') . '$' . generate_salt(16) . '$');
- $user->save();
-}
-
-/**
- * verify a password given a precomputed salt.
- * if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically
- *
- * @param string $password
- * @param string $salt
- * @param int $uid
- * @return bool
- */
-function verify_password($password, $salt, $uid = null)
-{
- $crypt_alg = config('crypt_alg');
- $correct = false;
- if (substr($salt, 0, 1) == '$') {
- // new-style crypt()
- $correct = crypt($password, $salt) == $salt;
- } elseif (substr($salt, 0, 7) == '{crypt}') {
- // old-style crypt() with DES and static salt - not used anymore
- $correct = crypt($password, '77') == $salt;
- } elseif (strlen($salt) == 32) {
- // old-style md5 without salt - not used anymore
- $correct = md5($password) == $salt;
- }
-
- if ($correct && substr($salt, 0, strlen($crypt_alg)) != $crypt_alg && intval($uid)) {
- // this password is stored in another format than we want it to be.
- // let's update it!
- // we duplicate the query from the above set_password() function to have the extra safety of checking
- // the old hash
- $user = User::find($uid);
- if ($user->password == $salt) {
- $user->password = crypt($password, $crypt_alg . '$' . generate_salt() . '$');
- $user->save();
- }
- }
- return $correct;
-}
/**
* @param int $user_id
diff --git a/includes/view/AngelTypes_view.php b/includes/view/AngelTypes_view.php
index f5434e8f..9f9bd736 100644
--- a/includes/view/AngelTypes_view.php
+++ b/includes/view/AngelTypes_view.php
@@ -578,7 +578,7 @@ function AngelTypes_about_view($angeltypes, $user_logged_in)
$buttons[] = button(page_link_to('register'), register_title());
}
- $buttons[] = button(page_link_to('login'), login_title());
+ $buttons[] = button(page_link_to('login'), __('Login'));
}
$faqUrl = config('faq_url');
diff --git a/includes/view/User_view.php b/includes/view/User_view.php
index 949bba87..21be0c9f 100644
--- a/includes/view/User_view.php
+++ b/includes/view/User_view.php
@@ -126,7 +126,7 @@ function User_registration_success_view($event_welcome_message)
div('col-md-4', [
'<h2>' . __('Login') . '</h2>',
form([
- form_text('nick', __('Nick'), ''),
+ form_text('login', __('Nick'), ''),
form_password('password', __('Password')),
form_submit('submit', __('Login')),
buttons([