Changeset 3036:7ed4286c8013 for inc

Timestamp:

07/03/15 17:03:26 (10 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Centralizes crypt function of pwd in class.Dotclear.auth.php, closes #1923

Location:

inc

Files:

• admin/lib.moduleslist.php (modified) (2 diffs)
• core/class.dc.auth.php (modified) (5 diffs)
• core/class.dc.core.php (modified) (3 diffs)

inc/admin/lib.moduleslist.php

@@ -1172 +1172 @@
                || !empty($_POST['fetch_pkg']) && !empty($_POST['pkg_url']))
           {
-               if (empty($_POST['your_pwd']) || !$this->core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY, $_POST['your_pwd']))) {
+               if (empty($_POST['your_pwd']) || !$this->core->auth->checkPassword($this->core->auth->crypt($_POST['your_pwd']))) {
                     throw new Exception(__('Password verification failed'));
                }
@@ -1947 +1947 @@
                || !empty($_POST['fetch_pkg']) && !empty($_POST['pkg_url']))
           {
-               if (empty($_POST['your_pwd']) || !$this->core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY, $_POST['your_pwd']))) {
+               if (empty($_POST['your_pwd']) || !$this->core->auth->checkPassword($this->core->auth->crypt($_POST['your_pwd']))) {
                     throw new Exception(__('Password verification failed'));
                }

inc/core/class.dc.auth.php

@@ -121 +121 @@
           if ($pwd != '')
           {
-               if (crypt::hmac(DC_MASTER_KEY,$pwd) != $rs->user_pwd) {
+               if ($this->crypt($pwd) != $rs->user_pwd) {
                     sleep(rand(2,5));
                     return false;
@@ -165 +165 @@
 
      /**
+      * This method crypt given string (password, session_id, …).
+      *
+      * @param string $pwd string to be crypted
+      * @return string crypted value
+      */
+     public function crypt($pwd)
+     {
+          return crypt::hmac(DC_MASTER_KEY,$pwd);
+     }
+
+     /**
      * This method only check current user password.
      *
@@ -290 +301 @@
           $code =
           pack('a32',$this->userID()).
-          pack('H*',crypt::hmac(DC_MASTER_KEY,$this->getInfo('user_pwd')));
+          pack('H*',$this->crypt($this->getInfo('user_pwd')));
           return bin2hex($code);
      }
@@ -317 +328 @@
           }
 
-          if (crypt::hmac(DC_MASTER_KEY,$rs->user_pwd) != $pwd) {
+          if ($this->crypt($rs->user_pwd) != $pwd) {
                return false;
           }
@@ -594 +605 @@
 
           $cur = $this->con->openCursor($this->user_table);
-          $cur->user_pwd = crypt::hmac(DC_MASTER_KEY,$new_pass);
+          $cur->user_pwd = $this->crypt($new_pass);
           $cur->user_recover_key = null;
 

inc/core/class.dc.core.php

@@ -186 +186 @@
      public function getNonce()
      {
-          return crypt::hmac(DC_MASTER_KEY,session_id());
+          return $this->auth->crypt(session_id());
      }
 
@@ -195 +195 @@
           }
 
-          return $secret == crypt::hmac(DC_MASTER_KEY,session_id());
+          return $secret == $this->auth->crypt(session_id());
      }
 
@@ -847 +847 @@
                     throw new Exception(__('Password must contain at least 6 characters.'));
                }
-               $cur->user_pwd = crypt::hmac(DC_MASTER_KEY,$cur->user_pwd);
+               $cur->user_pwd = $this->auth->crypt($cur->user_pwd);
           }