From: Florent Bruneau Date: Mon, 22 Dec 2008 10:42:41 +0000 (+0100) Subject: Merge commit 'origin/fusionax' into account X-Git-Tag: xorg/1.0.0~332^2~479 X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=55d55de87a79b7a703be4ef2b6295a1277ad9875;p=platal.git Merge commit 'origin/fusionax' into account Conflicts: classes/xorgsession.php modules/register.php Signed-off-by: Florent Bruneau --- 55d55de87a79b7a703be4ef2b6295a1277ad9875 diff --cc classes/xorgsession.php index 0335cb1,a163ee5..406ab2a --- a/classes/xorgsession.php +++ b/classes/xorgsession.php @@@ -70,15 -71,42 +70,20 @@@ class XorgSession extends PlSessio private function checkPassword($uname, $login, $response, $login_type) { - $res = XDB::query('SELECT u.user_id, u.password - FROM auth_user_md5 AS u - INNER JOIN aliases AS a ON (a.id = u.user_id AND type != \'homonyme\') - WHERE a.' . $login_type . ' = {?} AND u.perms IN(\'admin\', \'user\')', + $res = XDB::query('SELECT a.uid, a.password + FROM accounts AS a + INNER JOIN aliases AS l ON (l.id = a.uid AND l.type != \'homonyme\') + WHERE l.' . $login_type . ' = {?} AND a.state = \'active\'', $login); if (list($uid, $password) = $res->fetchOneRow()) { - require_once 'secure_hash.inc.php'; - $expected_response = hash_encrypt("$uname:$password:" . S::v('challenge')); - if ($response != $expected_response && Env::has('xorpass') - && !preg_match('/^0*$/', Env::v('xorpass'))) { - $new_password = hash_xor(Env::v('xorpass'), $password); - $expected_response = hash_encrypt("$uname:$new_password:" . S::v('challenge')); - if ($response == $expected_response) { - XDB::execute('UPDATE auth_user_md5 - SET password = {?} - WHERE user_id = {?}', - $new_password, $uid); - - // Update the GoogleApps password as well, if required. - global $globals; - if ($globals->mailstorage->googleapps_domain) { - require_once 'googleapps.inc.php'; - $user = User::getSilent($uid); - $account = new GoogleAppsAccount($user); - if ($account->active() && $account->sync_password) { - $account->set_password($new_password); - } - } - } - } + $expected_response = sha1("$uname:$password:" . S::v('challenge')); + /* XXX: Deprecates len(password) > 10 conversion */ if ($response != $expected_response) { + if (!S::logged()) { + Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide'); + } else { + Platal::page()->trigError('Mot de passe invalide'); + } S::logger($uid)->log('auth_fail', 'bad password'); return null; } @@@ -314,6 -331,29 +314,28 @@@ $n = select_notifs(false, S::i('uid'), S::v('watch_last'), false); S::set('notifs', $n->numRows()); } + + public function setAccessCookie($replace = false, $log = true) { + if (S::has('suid') || ($replace && !Cookie::blank('access'))) { + return; + } - require_once('secure_hash.inc.php'); - Cookie::set('access', hash_encrypt(S::v('password')), 300, true); ++ Cookie::set('access', sha1(S::v('password')), 300, true); + if ($log) { + S::logger()->log('cookie_on'); + } + } + + public function killAccessCookie($log = true) { + Cookie::kill('access'); + if ($log) { + S::logger()->log('cookie_off'); + } + } + + public function killLoginFormCookies() { + Cookie::kill('uid'); + Cookie::kill('domain'); + } } // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: