mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-03 13:17:24 +02:00
Code Issues Releases Wiki Activity

Automatic password rehashing added to admin login page.

Browse Source
This commit is contained in:
Cameron
2020-02-22 11:45:35 -08:00
parent d23c65b30c
commit aa9753a174
3 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
e107_admin/auth.php
View File

@@ -143,6 +143,7 @@ else
} }
// require_once (e_HANDLER.'user_handler.php'); // require_once (e_HANDLER.'user_handler.php');
/** @var array $row */
$row = $authresult = $obj->authcheck($_POST['authname'], $_POST['authpass'], varset($_POST['hashchallenge'], '')); $row = $authresult = $obj->authcheck($_POST['authname'], $_POST['authpass'], varset($_POST['hashchallenge'], ''));
if ($row[0] == "authfail") if ($row[0] == "authfail")
@@ -155,6 +156,14 @@ else
} }
else else
{ {
$reHashedPass = e107::getUserSession()->rehashPassword($row,$_POST['authpass']);
if($reHashedPass !==false)
{
e107::getLog()->add('ADMINPW_02', '', E_LOG_INFORMATIVE, '', LOG_TO_ADMIN, $row);
$row['user_password'] = $reHashedPass;
}
$cookieval = $row['user_id'].".".md5($row['user_password']); $cookieval = $row['user_id'].".".md5($row['user_password']);
// $sql->db_Select("user", "*", "user_name='".$tp -> toDB($_POST['authname'])."'"); // $sql->db_Select("user", "*", "user_name='".$tp -> toDB($_POST['authname'])."'");
@@ -197,6 +206,9 @@ else
// --- // ---
e107::getEvent()->trigger("login", $edata_li); e107::getEvent()->trigger("login", $edata_li);
e107::getRedirect()->redirect(e_ADMIN_ABS.'admin.php'); e107::getRedirect()->redirect(e_ADMIN_ABS.'admin.php');
//echo "<script type='text/javascript'>document.location.href='admin.php'</script>\n"; //echo "<script type='text/javascript'>document.location.href='admin.php'</script>\n";
} }

2
e107_handlers/user_handler.php
View File

@@ -304,7 +304,7 @@ class UserHandler
* If necessary, rehash the user password to the currently set algorythm and updated database. . * If necessary, rehash the user password to the currently set algorythm and updated database. .
* @param array $user - user fields. required: user_id, user_loginname, user_password * @param array $user - user fields. required: user_id, user_loginname, user_password
* @param string $password - plain text password. * @param string $password - plain text password.
* @return bool|str returns new password hash on success or false. * @return bool|string returns new password hash on success or false.
*/ */
public function rehashPassword($user, $password) public function rehashPassword($user, $password)
{ {

2
e107_languages/English/admin/lan_log_messages.php
View File

@@ -213,7 +213,7 @@ define("LAN_AL_WELCOME_05", "");
// Admin Password // Admin Password
//--------------- //---------------
define("LAN_AL_ADMINPW_01", "Admin password changed"); define("LAN_AL_ADMINPW_01", "Admin password changed");
define("LAN_AL_ADMINPW_02", "Admin password rehashed");
// Banners Admin // Banners Admin
//-------------- //--------------