From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Sun, 7 Dec 2008 17:30:24 +0000 (+0100)
Subject: Authentication uses the 'accounts' table.
X-Git-Tag: xorg/1.0.0~332^2~490
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=c67ba12a32394f2abe6947a4258e5960a3a45cdf;p=platal.git

Authentication uses the 'accounts' table.

Removes references to secure_hash.inc.php.

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---

diff --git a/classes/xorgsession.php b/classes/xorgsession.php
index aa57647..baeb28b 100644
--- a/classes/xorgsession.php
+++ b/classes/xorgsession.php
@@ -51,14 +51,13 @@ class XorgSession extends PlSession
             return -1;
         }
 
-        $res = XDB::query('SELECT  user_id, password
-                             FROM  auth_user_md5
-                            WHERE  user_id = {?} AND perms IN(\'admin\', \'user\')',
+        $res = XDB::query('SELECT  uid, password
+                             FROM  accounts
+                            WHERE  uid = {?} AND state = \'active\'',
                          Cookie::i('ORGuid'));
         if ($res->numRows() != 0) {
             list($uid, $password) = $res->fetchOneRow();
-            require_once 'secure_hash.inc.php';
-            $expected_value = hash_encrypt($password);
+            $expected_value = sha1($password);
             if ($expected_value == Cookie::v('ORGaccess')) {
                 S::set('auth_by_cookie', $uid);
                 return 0;
@@ -71,36 +70,14 @@ class XorgSession extends PlSession
 
     private function checkPassword($uname, $login, $response, $login_type)
     {
-        $res = XDB::query('SELECT  u.user_id, u.password
-                             FROM  auth_user_md5 AS u
-                       INNER JOIN  aliases       AS a ON (a.id = u.user_id AND type != \'homonyme\')
-                             WHERE  a.' . $login_type . ' = {?} AND u.perms IN(\'admin\', \'user\')',
+        $res = XDB::query('SELECT  a.uid, a.password
+                             FROM  accounts AS a
+                       INNER JOIN  aliases  AS l ON (l.id = a.uid AND l.type != \'homonyme\')
+                            WHERE  l.' . $login_type . ' = {?} AND a.state = \'active\'',
                           $login);
         if (list($uid, $password) = $res->fetchOneRow()) {
-            require_once 'secure_hash.inc.php';
-            $expected_response = hash_encrypt("$uname:$password:" . S::v('challenge'));
-            if ($response != $expected_response && Env::has('xorpass')
-                && !preg_match('/^0*$/', Env::v('xorpass'))) {
-                $new_password = hash_xor(Env::v('xorpass'), $password);
-                $expected_response = hash_encrypt("$uname:$new_password:" . S::v('challenge'));
-                if ($response == $expected_response) {
-                    XDB::execute('UPDATE  auth_user_md5
-                                     SET  password = {?}
-                                   WHERE  user_id = {?}',
-                                 $new_password, $uid);
-
-                    // Update the GoogleApps password as well, if required.
-                    global $globals;
-                    if ($globals->mailstorage->googleapps_domain) {
-                        require_once 'googleapps.inc.php';
-                        $user = User::getSilent($uid);
-                        $account = new GoogleAppsAccount($user);
-                        if ($account->active() && $account->sync_password) {
-                            $account->set_password($new_password);
-                        }
-                    }
-                }
-            }
+            $expected_response = sha1("$uname:$password:" . S::v('challenge'));
+            /* XXX: Deprecates len(password) > 10 conversion */
             if ($response != $expected_response) {
                 S::logger($uid)->log('auth_fail', 'bad password');
                 return null;
@@ -203,6 +180,7 @@ class XorgSession extends PlSession
         unset($_SESSION['log']);
 
         // Retrieves main user properties.
+        /** XXX Move needed informations to account tables */
         $res  = XDB::query("SELECT  u.user_id AS uid, u.hruid, prenom, prenom_ini, nom, nom_ini, nom_usage, perms, promo, promo_sortie,
                                     matricule, password, FIND_IN_SET('femme', u.flags) AS femme,
                                     q.core_mail_fmt AS mail_fmt, UNIX_TIMESTAMP(q.banana_last) AS banana_last, q.watch_last, q.core_rss_hash,
@@ -232,7 +210,7 @@ class XorgSession extends PlSession
             setcookie('ORGuid', $uid, (time() + 25920000), '/', '', 0);
 
             if (S::i('auth_by_cookie') == $uid || Post::v('remember', 'false') == 'true') {
-                $cookie = hash_encrypt($sess['password']);
+                $cookie = sha1($sess['password']);
                 setcookie('ORGaccess', $cookie, (time() + 25920000), '/', '', 0);
                 if ($logger && S::i('auth_by_cookie') != $uid) {
                     $logger->log("cookie_on");
@@ -281,11 +259,11 @@ class XorgSession extends PlSession
 
     public function tokenAuth($login, $token)
     {
-        $res = XDB::query('SELECT  u.hruid
-                             FROM  aliases         AS a
-                       INNER JOIN  auth_user_md5   AS u ON (a.id = u.user_id AND u.perms IN ("admin", "user"))
-                       INNER JOIN  auth_user_quick AS q ON (a.id = q.user_id AND q.core_rss_hash = {?})
-                            WHERE  a.alias = {?} AND a.type != "homonyme"', $token, $login);
+        $res = XDB::query('SELECT  a.hruid
+                             FROM  aliases  AS l
+                       INNER JOIN  accounts AS a ON (l.id = a.uid AND a.state = \'active\')
+                            WHERE  a.token = {?} AND l.alias = {?} AND l.type != \'homonyme\'',
+                           $token, $login);
         if ($res->numRows() == 1) {
             $data = $res->fetchOneAssoc();
             return new User($data['hruid'], $data);
@@ -311,10 +289,10 @@ class XorgSession extends PlSession
     {
         if (S::logged() && (!S::has('skin') || S::has('suid'))) {
             $uid = S::v('uid');
-            $res = XDB::query("SELECT  skin_tpl
-                                 FROM  auth_user_quick AS a
-                           INNER JOIN  skins           AS s ON a.skin = s.id
-                                WHERE  user_id = {?} AND skin_tpl != ''", $uid);
+            $res = XDB::query('SELECT  skin_tpl
+                                 FROM  accounts AS a
+                           INNER JOIN  skins    AS s on (a.skin = s.id)
+                                WHERE  a.uid = {?} AND skin_tpl != \'\'', S::i('uid'));
             S::set('skin', $res->fetchOneCell());
         }
     }
diff --git a/include/marketing.inc.php b/include/marketing.inc.php
index d488843..785335a 100644
--- a/include/marketing.inc.php
+++ b/include/marketing.inc.php
@@ -202,10 +202,9 @@ class Marketing
             return false;
         }
 
-        require_once('secure_hash.inc.php');
         $hash     = rand_url_id(12);
         $pass     = rand_pass();
-        $pass_encrypted = hash_encrypt($pass);
+        $pass_encrypted = sha1($pass);
         $fdate    = strftime('%d %B %Y', strtotime($date));
 
         $mymail = new PlMailer('marketing/relance.mail.tpl');
diff --git a/include/secure_hash.inc.php b/include/secure_hash.inc.php
deleted file mode 100644
index 52a62cf..0000000
--- a/include/secure_hash.inc.php
+++ /dev/null
@@ -1,41 +0,0 @@
-<?php
-/***************************************************************************
- *  Copyright (C) 2003-2008 Polytechnique.org                              *
- *  http://opensource.polytechnique.org/                                   *
- *                                                                         *
- *  This program is free software; you can redistribute it and/or modify   *
- *  it under the terms of the GNU General Public License as published by   *
- *  the Free Software Foundation; either version 2 of the License, or      *
- *  (at your option) any later version.                                    *
- *                                                                         *
- *  This program is distributed in the hope that it will be useful,        *
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
- *  GNU General Public License for more details.                           *
- *                                                                         *
- *  You should have received a copy of the GNU General Public License      *
- *  along with this program; if not, write to the Free Software            *
- *  Foundation, Inc.,                                                      *
- *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
- ***************************************************************************/
-
-function hash_encrypt($s) {
-    return sha1($s);
-}
-
-function hash_xor($a, $b) {
-    $c = "";
-    $i = strlen($a);
-    $j = strlen($b);
-    if ($i < $j) {
-        $d = $a; $a = $b; $b = $d;
-        $k = $i; $i = $j; $j = $k;
-    }
-    for ($k = 0; $k < $j; $k++)
-        $c .= dechex(hexdec($a{$k}) ^ hexdec($b{$k}));
-    for (; $k < $i; $k++)
-        $c .= $a{$k};
-    return $c;
-}
-// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
-?>
diff --git a/modules/admin.php b/modules/admin.php
index 6d42c02..2752532 100644
--- a/modules/admin.php
+++ b/modules/admin.php
@@ -517,8 +517,7 @@ class AdminModule extends PLModule
                 // Profile edition.
                 case "u_edit":
                     // Loads new values from environment.
-                    require_once('secure_hash.inc.php');
-                    $pass_encrypted = Env::v('newpass_clair') != "********" ? hash_encrypt(Env::v('newpass_clair')) : Env::v('passw');
+                    $pass_encrypted = Env::v('newpass_clair') != "********" ? sha1(Env::v('newpass_clair')) : Env::v('passw');
                     $naiss    = Env::v('naissanceN');
                     $deces    = Env::v('decesN');
                     $perms    = Env::v('permsN');
diff --git a/modules/platal.php b/modules/platal.php
index 1249335..a99ef87 100644
--- a/modules/platal.php
+++ b/modules/platal.php
@@ -209,7 +209,6 @@ class PlatalModule extends PLModule
         global $globals;
 
         if (Post::has('response2'))  {
-            require_once 'secure_hash.inc.php';
             S::assert_xsrf_token();
 
             $_SESSION['password'] = $password = Post::v('response2');
@@ -233,7 +232,7 @@ class PlatalModule extends PLModule
             S::logger()->log('passwd', '');
 
             if (Cookie::v('ORGaccess')) {
-                setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
+                setcookie('ORGaccess', sha1($password), (time()+25920000), '/', '' ,0);
             }
 
             $page->changeTpl('platal/motdepasse.success.tpl');
diff --git a/modules/register.php b/modules/register.php
index f77841c..ab88a94 100644
--- a/modules/register.php
+++ b/modules/register.php
@@ -444,8 +444,7 @@ class RegisterModule extends PLModule
             S::logger()->log('passwd', '');
 
             if (Cookie::v('ORGaccess')) {
-                require_once('secure_hash.inc.php');
-                setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
+                setcookie('ORGaccess', sha1($password), (time()+25920000), '/', '' ,0);
             }
 
             $page->assign('mdpok', true);
diff --git a/modules/register/register.inc.php b/modules/register/register.inc.php
index 2de1530..5c07183 100644
--- a/modules/register/register.inc.php
+++ b/modules/register/register.inc.php
@@ -225,10 +225,9 @@ function finish_ins($sub_state)
 {
     global $globals;
     extract($sub_state);
-    require_once('secure_hash.inc.php');
 
     $pass     = rand_pass();
-    $pass_encrypted = hash_encrypt($pass);
+    $pass_encrypted = sha1($pass);
     $hash     = rand_url_id(12);
 
     XDB::execute('UPDATE auth_user_md5 SET last_known_email={?} WHERE matricule = {?}', $email, $mat);
diff --git a/upgrade/account/00_account.sql b/upgrade/account/00_account.sql
index 94013bb..241cb8d 100644
--- a/upgrade/account/00_account.sql
+++ b/upgrade/account/00_account.sql
@@ -10,6 +10,7 @@ CREATE TABLE accounts (
 
   # Access
   password char(40) default null,
+  token varchar(32) default null,
   registration_date datetime not null,
 
   # Administrative tools
@@ -25,7 +26,7 @@ CREATE TABLE accounts (
 
   primary key uid (uid),
   unique key hruid (hruid),
-  key name (name),
+  key full_name (full_name),
   key state (state),
   key type (type)
 );
diff --git a/upgrade/account/01_account_insertion.sql b/upgrade/account/01_account_insertion.sql
index 2673de8..53dc24b 100644
--- a/upgrade/account/01_account_insertion.sql
+++ b/upgrade/account/01_account_insertion.sql
@@ -6,6 +6,7 @@ insert into accounts
             perms = 'admin' AS is_admin,
             IF(perms = 'admin' or perms = 'user', 'active', perms) AS state,
             IF(LENGTH(password) = 40, password, NULL) AS password,
+            IF(LENGTH(q.core_rss_hash) > 0, q.core_rss_hash, NULL) AS token,
             date_ins AS registration_date,
             IF(FIND_IN_SET('watch', flags), 'watch', '') AS flags,
             IF(LENGTH(comment) > 0, comment, NULL) AS comment,