mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 14:00:31 +02:00
Code Issues Releases Wiki Activity

[feature/passwords] Use passwords manager service instead of functions

Browse Source 
The old functions phpbb_hash() and phpbb_check_hash() have been replaced with
the passwords manager service in all front-end related files. The phpBB2
converter and the release_3_0_5_rc1 migration file have not been changed.
The same applies to the security/hash_test that still tests the function
phpbb_check_hash(). This will however make sure that the old function
still works.

PHPBB3-11610
This commit is contained in:
Marc Alexander
2013-10-13 16:32:37 +02:00
parent e674313559
commit 61f60d395a
5 changed files with 26 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
phpBB/includes/ucp/ucp_profile.php
View File

@@ -82,13 +82,16 @@ class ucp_profile
$error[] = ($data['password_confirm']) ? 'NEW_PASSWORD_ERROR' : 'NEW_PASSWORD_CONFIRM_EMPTY';
}
// Instantiate passwords manager
$passwords_manager = $phpbb_container->get('passwords.manager');
// Only check the new password against the previous password if there have been no errors
if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && phpbb_check_hash($data['new_password'], $user->data['user_password']))
if (!sizeof($error) && $auth->acl_get('u_chgpasswd') && $data['new_password'] && $passwords_manager->check($data['new_password'], $user->data['user_password']))
{
$error[] = 'SAME_PASSWORD_ERROR';
}
if (!phpbb_check_hash($data['cur_password'], $user->data['user_password']))
if (!$passwords_manager->check($data['cur_password'], $user->data['user_password']))
{
$error[] = ($data['cur_password']) ? 'CUR_PASSWORD_ERROR' : 'CUR_PASSWORD_EMPTY';
}
@@ -105,7 +108,7 @@ class ucp_profile
'username_clean' => ($auth->acl_get('u_chgname') && $config['allow_namechange']) ? utf8_clean_string($data['username']) : $user->data['username_clean'],
'user_email' => ($auth->acl_get('u_chgemail')) ? $data['email'] : $user->data['user_email'],
'user_email_hash' => ($auth->acl_get('u_chgemail')) ? phpbb_email_hash($data['email']) : $user->data['user_email_hash'],
'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? phpbb_hash($data['new_password']) : $user->data['user_password'],
'user_password' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? $passwords_manager->hash($data['new_password']) : $user->data['user_password'],
'user_passchg' => ($auth->acl_get('u_chgpasswd') && $data['new_password']) ? time() : 0,
);
@@ -114,7 +117,7 @@ class ucp_profile
add_log('user', $user->data['user_id'], 'LOG_USER_UPDATE_NAME', $user->data['username'], $data['username']);
}
if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !phpbb_check_hash($data['new_password'], $user->data['user_password']))
if ($auth->acl_get('u_chgpasswd') && $data['new_password'] && !$passwords_manager->check($data['new_password'], $user->data['user_password']))
{
$user->reset_login_keys();
add_log('user', $user->data['user_id'], 'LOG_USER_NEW_PASSWORD', $data['username']);