Changeset 3036:7ed4286c8013 for inc/core/class.dc.auth.php

Timestamp:

07/03/15 17:03:26 (10 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Centralizes crypt function of pwd in class.Dotclear.auth.php, closes #1923

File:

• inc/core/class.dc.auth.php (modified) (5 diffs)

inc/core/class.dc.auth.php

@@ -121 +121 @@
           if ($pwd != '')
           {
-               if (crypt::hmac(DC_MASTER_KEY,$pwd) != $rs->user_pwd) {
+               if ($this->crypt($pwd) != $rs->user_pwd) {
                     sleep(rand(2,5));
                     return false;
@@ -165 +165 @@
 
      /**
+      * This method crypt given string (password, session_id, …).
+      *
+      * @param string $pwd string to be crypted
+      * @return string crypted value
+      */
+     public function crypt($pwd)
+     {
+          return crypt::hmac(DC_MASTER_KEY,$pwd);
+     }
+
+     /**
      * This method only check current user password.
      *
@@ -290 +301 @@
           $code =
           pack('a32',$this->userID()).
-          pack('H*',crypt::hmac(DC_MASTER_KEY,$this->getInfo('user_pwd')));
+          pack('H*',$this->crypt($this->getInfo('user_pwd')));
           return bin2hex($code);
      }
@@ -317 +328 @@
           }
 
-          if (crypt::hmac(DC_MASTER_KEY,$rs->user_pwd) != $pwd) {
+          if ($this->crypt($rs->user_pwd) != $pwd) {
                return false;
           }
@@ -594 +605 @@
 
           $cur = $this->con->openCursor($this->user_table);
-          $cur->user_pwd = crypt::hmac(DC_MASTER_KEY,$new_pass);
+          $cur->user_pwd = $this->crypt($new_pass);
           $cur->user_recover_key = null;