From: x2001corpet <x2001corpet@839d8a87-29fc-0310-9880-83ba4fa771e5>
Date: Thu, 22 Jun 2006 23:06:12 +0000 (+0000)
Subject: n'envoie plus le hash du mot de passe directement quand on change de mot de passe
X-Git-Tag: xorg/0.9.10~34
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=9deb52b6e324bb69442bc33d537dbcb7d77949a6;p=platal.git

n'envoie plus le hash du mot de passe directement quand on change de mot de passe

git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@336 839d8a87-29fc-0310-9880-83ba4fa771e5
---

diff --git a/ChangeLog b/ChangeLog
index 7e23025..3726897 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@ VERSION 0.9.10                                                         Juin 2006
 
 New :
 
+    * Core :
+        - Tighten security when changing password.                          -Car
+
     * Documentation :
         - Display ChangeLog in site.                                        -Car
         - Bounty: link bug reports from Changelog.                          -MC
diff --git a/htdocs/javascript/motdepasse.js b/htdocs/javascript/motdepasse.js
index c996dc8..9aac631 100644
--- a/htdocs/javascript/motdepasse.js
+++ b/htdocs/javascript/motdepasse.js
@@ -33,8 +33,16 @@ function EnCryptedResponse() {
             return false;
         exit;
     }
-    str = hash_encrypt(document.forms.changepass.nouveau.value);
+    
+    old_pass = hash_encrypt(document.forms.changepass.ancien.value);
+    
+    str = old_pass + ":" +
+        document.forms.changepass.challenge.value;
+    document.forms.changepass2.response.value = hash_encrypt(str);
+
+    str = hash_xor(hash_encrypt(document.forms.changepass.nouveau.value), old_pass);
     document.forms.changepass2.response2.value = str;
+    
     alert ("Le mot de passe que tu as rentré va être chiffré avant de nous parvenir par Internet ! Ainsi il ne circulera pas en clair.");
     document.forms.changepass2.submit();
     return true;
diff --git a/htdocs/motdepasse.php b/htdocs/motdepasse.php
index df9c8b4..1f79fb8 100644
--- a/htdocs/motdepasse.php
+++ b/htdocs/motdepasse.php
@@ -21,9 +21,17 @@
 
 require_once('xorg.inc.php');
 
-if (Env::has('response2'))  {
+if (Post::has('response2'))  {
     require_once('secure_hash.inc.php');
-    $_SESSION['password'] = $password = Post::get('response2');
+    if (hash_encrypt($_SESSION['password'].":".$_SESSION['session']->challenge) != Post::get('response')) {
+        new_skinned_page('motdepasse.tpl', AUTH_MDP);
+        $page->addJsLink('javascript/motdepasse.js');
+        $page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
+        $page->trig('Ancien mot de passe erronné');
+        $page->run();
+    }
+    $password = hash_xor(Post::get('response2'), $_SESSION['password']);
+    $_SESSION['password'] = $password;
     
     $globals->xdb->execute('UPDATE auth_user_md5 SET password={?} WHERE user_id={?}', $password, Session::getInt('uid'));
     
diff --git a/templates/motdepasse.tpl b/templates/motdepasse.tpl
index 22a272d..f189d31 100644
--- a/templates/motdepasse.tpl
+++ b/templates/motdepasse.tpl
@@ -44,6 +44,15 @@
     </tr>
     <tr>
       <td class="titre">
+        Ancien mot de passe :
+      </td>
+      <td>
+        <input type="hidden" name="challenge" value="{$smarty.session.session->challenge}" />
+        <input type="password" size="10" maxlength="10" name="ancien" />
+      </td>
+    </tr>
+    <tr>
+      <td class="titre">
         Nouveau mot de passe :
       </td>
       <td>
@@ -67,6 +76,7 @@
 </form>
 <form action="{$smarty.server.REQUEST_URI}" method="post" id="changepass2">
 <p>
+<input type="hidden" name="response"  value="" />
 <input type="hidden" name="response2"  value="" />
 </p>
 </form>