mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-27 21:58:52 +00:00
[feature/passwords] Use passwords manager service instead of functions
The old functions phpbb_hash() and phpbb_check_hash() have been replaced with the passwords manager service in all front-end related files. The phpBB2 converter and the release_3_0_5_rc1 migration file have not been changed. The same applies to the security/hash_test that still tests the function phpbb_check_hash(). This will however make sure that the old function still works. PHPBB3-11610
This commit is contained in:
Marc Alexander
parent
e674313559
commit
61f60d395a
5 changed files with 26 additions and 11 deletions
|
|
@ -926,7 +926,7 @@ class acp_forums
|
|||
*/
|
||||
function update_forum_data(&$forum_data)
|
||||
{
|
||||
global $db, $user, $cache, $phpbb_root_path, $phpbb_dispatcher;
|
||||
global $db, $user, $cache, $phpbb_root_path, $phpbb_container, $phpbb_dispatcher;
|
||||
|
||||
$errors = array();
|
||||
|
||||
|
|
@ -1030,7 +1030,10 @@ class acp_forums
|
|||
}
|
||||
else
|
||||
{
|
||||
$forum_data_sql['forum_password'] = phpbb_hash($forum_data_sql['forum_password']);
|
||||
// Instantiate passwords manager
|
||||
$passwords_manager = $phpbb_container->get('passwords.manager');
|
||||
|
||||
$forum_data_sql['forum_password'] = $passwords_manager->hash($forum_data_sql['forum_password']);
|
||||
}
|
||||
unset($forum_data_sql['forum_password_unset']);
|
||||
|
||||
|
|
|
|||
|
|
@ -821,9 +821,12 @@ class acp_users
|
|||
$error[] = 'FORM_INVALID';
|
||||
}
|
||||
|
||||
// Instantiate passwords manager
|
||||
$passwords_manager = $phpbb_container->get('passwords.manager');
|
||||
|
||||
// Which updates do we need to do?
|
||||
$update_username = ($user_row['username'] != $data['username']) ? $data['username'] : false;
|
||||
$update_password = ($data['new_password'] && !phpbb_check_hash($data['new_password'], $user_row['user_password'])) ? true : false;
|
||||
$update_password = ($data['new_password'] && !$passwords_manager->check($data['new_password'], $user_row['user_password'])) ? true : false;
|
||||
$update_email = ($data['email'] != $user_row['user_email']) ? $data['email'] : false;
|
||||
|
||||
if (!sizeof($error))
|
||||
|
|
@ -907,7 +910,7 @@ class acp_users
|
|||
if ($update_password)
|
||||
{
|
||||
$sql_ary += array(
|
||||
'user_password' => phpbb_hash($data['new_password']),
|
||||
'user_password' => $passwords_manager->hash($data['new_password']),
|
||||
'user_passchg' => time(),
|
||||
'user_pass_convert' => 0,
|
||||
);
|
||||
|
|
|
|||
|
|
@ -82,13 +82,16 @@ class ucp_profile
|
|||
$error[] = ($data['password_confirm']) ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY';
|
||||
}
|
||||
|
||||
// Instantiate passwords manager
|
||||
$passwords_manager = $phpbb_container->get('passwords.manager');
|
||||
|
||||
// Only check the new password against the previous password if there have been no errors
|
||||
if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && phpbb_check_hash($data['new_password'], $user->data['user_password']))
|
||||
if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && $passwords_manager->check($data['new_password'], $user->data['user_password']))
|
||||
{
|
||||
$error[] = 'SAME_PASSWORD_ERROR';
|
||||
}
|
||||
|
||||
if (!phpbb_check_hash($data['cur_password'], $user->data['user_password']))
|
||||
if (!$passwords_manager->check($data['cur_password'], $user->data['user_password']))
|
||||
{
|
||||
$error[] = ($data['cur_password']) ? 'CUR_PASSWORD_ERROR' : 'CUR_PASSWORD_EMPTY';
|
||||
}
|
||||
|
|
@ -105,7 +108,7 @@ class ucp_profile
|
|||
'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
|
||||
'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
|
||||
'user_email_hash' => ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'],
|
||||
'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? phpbb_hash($data['new_password']) : $user->data['user_password'],
|
||||
'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'],
|
||||
'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0,
|
||||
);
|
||||
|
||||
|
|
@ -114,7 +117,7 @@ class ucp_profile
|
|||
add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']);
|
||||
}
|
||||
|
||||
if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !phpbb_check_hash($data['new_password'], $user->data['user_password']))
|
||||
if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password']))
|
||||
{
|
||||
$user->reset_login_keys();
|
||||
add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']);
|
||||
|
|
|
|||
|
|
@ -294,9 +294,12 @@ class ucp_register
|
|||
$user_inactive_time = 0;
|
||||
}
|
||||
|
||||
// Instantiate passwords manager
|
||||
$passwords_manager = $phpbb_container->get('passwords.manager');
|
||||
|
||||
$user_row = array(
|
||||
'username' => $data['username'],
|
||||
'user_password' => phpbb_hash($data['new_password']),
|
||||
'user_password' => $passwords_manager->hash($data['new_password']),
|
||||
'user_email' => $data['email'],
|
||||
'group_id' => (int) $group_id,
|
||||
'user_timezone' => $data['tz'],
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ class ucp_remind
|
|||
function main($id, $mode)
|
||||
{
|
||||
global $config, $phpbb_root_path, $phpEx;
|
||||
global $db, $user, $auth, $template;
|
||||
global $db, $user, $auth, $template, $phpbb_container;;
|
||||
|
||||
if (!$config['allow_password_reset'])
|
||||
{
|
||||
|
|
@ -88,8 +88,11 @@ class ucp_remind
|
|||
// For the activation key a random length between 6 and 10 will do.
|
||||
$user_actkey = gen_rand_string(mt_rand(6, 10));
|
||||
|
||||
// Instantiate passwords manager
|
||||
$passwords_manager = $phpbb_container->get('passwords.manager');
|
||||
|
||||
$sql = 'UPDATE ' . USERS_TABLE . "
|
||||
SET user_newpasswd = '" . $db->sql_escape(phpbb_hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'
|
||||
SET user_newpasswd = '" . $db->sql_escape($passwords_manager->hash($user_password)) . "', user_actkey = '" . $db->sql_escape($user_actkey) . "'
|
||||
WHERE user_id = " . $user_row['user_id'];
|
||||
$db->sql_query($sql);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue