From 098df83ba6a5fb7ea03cb9dfc9f6eca82397fe27 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 23 Jan 2012 12:20:09 +0400 Subject: [PATCH] fix various password-change related functions --- classes/pref_prefs.php | 49 +++++++++++++++++++++++++----------------- classes/pref_users.php | 22 ++++++++++++------- register.php | 9 ++++---- 3 files changed, 48 insertions(+), 32 deletions(-) diff --git a/classes/pref_prefs.php b/classes/pref_prefs.php index 03e39caa5..175566d8c 100644 --- a/classes/pref_prefs.php +++ b/classes/pref_prefs.php @@ -28,34 +28,43 @@ class Pref_Prefs extends Protected_Handler { return; } - $old_pw_hash1 = encrypt_password($old_pw); - $old_pw_hash2 = encrypt_password($old_pw, $_SESSION["name"]); - $new_pw_hash = encrypt_password($new_pw, $_SESSION["name"]); + $result = db_query($this->link, "SELECT salt FROM ttrss_users WHERE + id = " . $_SESSION['uid']); - $active_uid = $_SESSION["uid"]; + $salt = db_fetch_result($result, 0, "salt"); - if ($old_pw && $new_pw) { + if (!$salt) { + $old_pw_hash1 = encrypt_password($old_pw); + $old_pw_hash2 = encrypt_password($old_pw, $_SESSION["name"]); - $login = db_escape_string($_SERVER['PHP_AUTH_USER']); + $query = "SELECT id FROM ttrss_users WHERE + id = ".$_SESSION['uid']." AND (pwd_hash = '$old_pw_hash1' OR + pwd_hash = '$old_pw_hash2')"; - $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE - id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR - pwd_hash = '$old_pw_hash2')"); + } else { + $old_pw_hash = encrypt_password($old_pw, $salt, true); - if (db_num_rows($result) == 1) { - db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash' - WHERE id = '$active_uid'"); - - $_SESSION["pwd_hash"] = $new_pw_hash; - - print __("Password has been changed."); - } else { - print "ERROR: ".__('Old password is incorrect.'); - } + $query = "SELECT id FROM ttrss_users WHERE + id = ".$_SESSION['uid']." AND pwd_hash = '$old_pw_hash'"; } - return; + $result = db_query($this->link, $query); + if (db_num_rows($result) == 1) { + + $new_salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250); + $new_pw_hash = encrypt_password($new_pw, $new_salt, true); + + db_query($this->link, "UPDATE ttrss_users SET + pwd_hash = '$new_pw_hash', salt = '$new_salt' + WHERE id = ".$_SESSION['uid']); + + $_SESSION["pwd_hash"] = $new_pw_hash; + + print __("Password has been changed."); + } else { + print "ERROR: ".__('Old password is incorrect.'); + } } function saveconfig() { diff --git a/classes/pref_users.php b/classes/pref_users.php index fe32ce14c..975b41f5c 100644 --- a/classes/pref_users.php +++ b/classes/pref_users.php @@ -206,8 +206,9 @@ class Pref_Users extends Protected_Handler { $password = db_escape_string(trim($_REQUEST["password"])); if ($password) { - $pwd_hash = encrypt_password($password, $login); - $pass_query_part = "pwd_hash = '$pwd_hash', "; + $salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250); + $pwd_hash = encrypt_password($password, $salt, true); + $pass_query_part = "pwd_hash = '$pwd_hash', salt = '$salt',"; } else { $pass_query_part = ""; } @@ -233,7 +234,8 @@ class Pref_Users extends Protected_Handler { $login = db_escape_string(trim($_REQUEST["login"])); $tmp_user_pwd = make_password(8); - $pwd_hash = encrypt_password($tmp_user_pwd, $login); + $salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250); + $pwd_hash = encrypt_password($tmp_user_pwd, $salt, true); $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login'"); @@ -241,8 +243,8 @@ class Pref_Users extends Protected_Handler { if (db_num_rows($result) == 0) { db_query($this->link, "INSERT INTO ttrss_users - (login,pwd_hash,access_level,last_login,created) - VALUES ('$login', '$pwd_hash', 0, null, NOW())"); + (login,pwd_hash,access_level,last_login,created, salt) + VALUES ('$login', '$pwd_hash', 0, null, NOW(), '$salt')"); $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE @@ -276,10 +278,14 @@ class Pref_Users extends Protected_Handler { $login = db_fetch_result($result, 0, "login"); $email = db_fetch_result($result, 0, "email"); - $tmp_user_pwd = make_password(8); - $pwd_hash = encrypt_password($tmp_user_pwd, $login); + $salt = db_fetch_result($result, 0, "salt"); - db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash' + $new_salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250); + $tmp_user_pwd = make_password(8); + + $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true); + + db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt' WHERE id = '$uid'"); print T_sprintf("Changed password of user %s diff --git a/register.php b/register.php index 4107a2eac..e75c1c94c 100644 --- a/register.php +++ b/register.php @@ -4,7 +4,7 @@ // 1) templates/register_notice.txt - displayed above the registration form // 2) register_expire_do.php - contains user expiration queries when necessary - set_include_path(get_include_path() . PATH_SEPARATOR . + set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . "/include"); require_once 'lib/phpmailer/class.phpmailer.php'; @@ -270,11 +270,12 @@ $password = make_password(); - $pwd_hash = encrypt_password($password, $login); + $salt = substr(bin2hex(openssl_random_pseudo_bytes(125)), 0, 250); + $pwd_hash = encrypt_password($password, $salt, true); db_query($link, "INSERT INTO ttrss_users - (login,pwd_hash,access_level,last_login, email, created) - VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW())"); + (login,pwd_hash,access_level,last_login, email, created, salt) + VALUES ('$login', '$pwd_hash', 0, null, '$email', NOW(), '$salt')"); $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login' AND pwd_hash = '$pwd_hash'");