mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-31 20:00:37 +02:00
Code Issues Releases Wiki Activity

Automatic password rehashing added to admin login page.

Browse Source
This commit is contained in:
Cameron
2020-02-22 11:45:35 -08:00
parent d23c65b30c
commit aa9753a174
3 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
e107_admin/auth.php
View File

@@ -143,6 +143,7 @@ else
}
// require_once (e_HANDLER.'user_handler.php');
/** @var array $row */
$row = $authresult = $obj->authcheck($_POST['authname'], $_POST['authpass'], varset($_POST['hashchallenge'], ''));
if ($row[0] == "authfail")
@@ -155,6 +156,14 @@ else
}
else
{
$reHashedPass = e107::getUserSession()->rehashPassword($row,$_POST['authpass']);
if($reHashedPass !==false)
{
e107::getLog()->add('ADMINPW_02', '', E_LOG_INFORMATIVE, '', LOG_TO_ADMIN, $row);
$row['user_password'] = $reHashedPass;
}
$cookieval = $row['user_id'].".".md5($row['user_password']);
// $sql->db_Select("user", "*", "user_name='".$tp -> toDB($_POST['authname'])."'");
@@ -197,6 +206,9 @@ else
// ---
e107::getEvent()->trigger("login", $edata_li);
e107::getRedirect()->redirect(e_ADMIN_ABS.'admin.php');
//echo "<script type='text/javascript'>document.location.href='admin.php'</script>\n";
}