From bcce2625a8cb0b630d945c6849014049869e10ce Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Tue, 27 Nov 2018 12:01:36 +0100
Subject: Implemented AuthController for login

* Moved /login functionality to AuthController
* Refactored password handling logic to use the Authenticator
---
 includes/sys_auth.php | 68 ---------------------------------------------------
 1 file changed, 68 deletions(-)

(limited to 'includes/sys_auth.php')

diff --git a/includes/sys_auth.php b/includes/sys_auth.php
index 520b13eb..f0485495 100644
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@@ -1,74 +1,6 @@
 <?php
 
 use Engelsystem\Database\DB;
-use Engelsystem\Models\User\User;
-
-/**
- * generate a salt (random string) of arbitrary length suitable for the use with crypt()
- *
- * @param int $length
- * @return string
- */
-function generate_salt($length = 16)
-{
-    $alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
-    $salt = '';
-    for ($i = 0; $i < $length; $i++) {
-        $salt .= $alphabet[rand(0, strlen($alphabet) - 1)];
-    }
-    return $salt;
-}
-
-/**
- * set the password of a user
- *
- * @param int    $uid
- * @param string $password
- */
-function set_password($uid, $password)
-{
-    $user = User::find($uid);
-    $user->password = crypt($password, config('crypt_alg') . '$' . generate_salt(16) . '$');
-    $user->save();
-}
-
-/**
- * verify a password given a precomputed salt.
- * if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically
- *
- * @param string $password
- * @param string $salt
- * @param int    $uid
- * @return bool
- */
-function verify_password($password, $salt, $uid = null)
-{
-    $crypt_alg = config('crypt_alg');
-    $correct = false;
-    if (substr($salt, 0, 1) == '$') {
-        // new-style crypt()
-        $correct = crypt($password, $salt) == $salt;
-    } elseif (substr($salt, 0, 7) == '{crypt}') {
-        // old-style crypt() with DES and static salt - not used anymore
-        $correct = crypt($password, '77') == $salt;
-    } elseif (strlen($salt) == 32) {
-        // old-style md5 without salt - not used anymore
-        $correct = md5($password) == $salt;
-    }
-
-    if ($correct && substr($salt, 0, strlen($crypt_alg)) != $crypt_alg && intval($uid)) {
-        // this password is stored in another format than we want it to be.
-        // let's update it!
-        // we duplicate the query from the above set_password() function to have the extra safety of checking
-        // the old hash
-        $user = User::find($uid);
-        if ($user->password == $salt) {
-            $user->password = crypt($password, $crypt_alg . '$' . generate_salt() . '$');
-            $user->save();
-        }
-    }
-    return $correct;
-}
 
 /**
  * @param int $user_id
-- 
cgit v1.2.3-54-g00ecf