Centralize password hashing in Model\User
This commit is contained in:
parent
b1e3d09533
commit
209c43ebbc
3 changed files with 57 additions and 15 deletions
|
@ -7,6 +7,7 @@
|
||||||
use Friendica\App;
|
use Friendica\App;
|
||||||
use Friendica\Core\System;
|
use Friendica\Core\System;
|
||||||
use Friendica\Database\DBM;
|
use Friendica\Database\DBM;
|
||||||
|
use Friendica\Model\User;
|
||||||
|
|
||||||
require_once 'include/boot.php';
|
require_once 'include/boot.php';
|
||||||
require_once 'include/enotify.php';
|
require_once 'include/enotify.php';
|
||||||
|
@ -84,10 +85,8 @@ function lostpass_content(App $a)
|
||||||
return $o;
|
return $o;
|
||||||
}
|
}
|
||||||
|
|
||||||
$new_password = autoname(6) . mt_rand(100, 9999);
|
$new_password = User::generateNewPassword();
|
||||||
$new_password_encoded = hash('whirlpool', $new_password);
|
$result = User::updatePassword($user['uid'], $new_password);
|
||||||
|
|
||||||
$result = dba::update('user', ['password' => $new_password_encoded, 'pwdreset' => ''], ['uid' => $user['uid']]);
|
|
||||||
if (DBM::is_result($result)) {
|
if (DBM::is_result($result)) {
|
||||||
$tpl = get_markup_template('pwdreset.tpl');
|
$tpl = get_markup_template('pwdreset.tpl');
|
||||||
$o .= replace_macros($tpl,
|
$o .= replace_macros($tpl,
|
||||||
|
|
|
@ -2,14 +2,15 @@
|
||||||
/**
|
/**
|
||||||
* @file mod/settings.php
|
* @file mod/settings.php
|
||||||
*/
|
*/
|
||||||
|
|
||||||
use Friendica\App;
|
use Friendica\App;
|
||||||
use Friendica\Content\Feature;
|
use Friendica\Content\Feature;
|
||||||
use Friendica\Content\Nav;
|
use Friendica\Content\Nav;
|
||||||
use Friendica\Core\Addon;
|
use Friendica\Core\Addon;
|
||||||
use Friendica\Core\System;
|
|
||||||
use Friendica\Core\Worker;
|
|
||||||
use Friendica\Core\Config;
|
use Friendica\Core\Config;
|
||||||
use Friendica\Core\PConfig;
|
use Friendica\Core\PConfig;
|
||||||
|
use Friendica\Core\System;
|
||||||
|
use Friendica\Core\Worker;
|
||||||
use Friendica\Database\DBM;
|
use Friendica\Database\DBM;
|
||||||
use Friendica\Model\GContact;
|
use Friendica\Model\GContact;
|
||||||
use Friendica\Model\Group;
|
use Friendica\Model\Group;
|
||||||
|
@ -391,12 +392,8 @@ function settings_post(App $a)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$err) {
|
if (!$err) {
|
||||||
$password = hash('whirlpool', $newpass);
|
$result = User::updatePassword(local_user(), $newpass);
|
||||||
$r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d",
|
if (DBM::is_result($result)) {
|
||||||
dbesc($password),
|
|
||||||
intval(local_user())
|
|
||||||
);
|
|
||||||
if (DBM::is_result($r)) {
|
|
||||||
info(t('Password changed.') . EOL);
|
info(t('Password changed.') . EOL);
|
||||||
} else {
|
} else {
|
||||||
notice(t('Password update failed. Please try again.') . EOL);
|
notice(t('Password update failed. Please try again.') . EOL);
|
||||||
|
|
|
@ -142,7 +142,7 @@ class User
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
$password_hashed = hash('whirlpool', $password);
|
$password_hashed = self::hashPassword($password);
|
||||||
|
|
||||||
if ($password_hashed !== $user['password']) {
|
if ($password_hashed !== $user['password']) {
|
||||||
return false;
|
return false;
|
||||||
|
@ -151,6 +151,52 @@ class User
|
||||||
return $user['uid'];
|
return $user['uid'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Generates a human-readable random password
|
||||||
|
*
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
public static function generateNewPassword()
|
||||||
|
{
|
||||||
|
return autoname(6) . mt_rand(100, 9999);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Global user password hashing function
|
||||||
|
*
|
||||||
|
* @param string $password
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
private static function hashPassword($password)
|
||||||
|
{
|
||||||
|
return hash('whirlpool', $password);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Updates a user row with a new plaintext password
|
||||||
|
*
|
||||||
|
* @param int $uid
|
||||||
|
* @param string $password
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public static function updatePassword($uid, $password)
|
||||||
|
{
|
||||||
|
return self::updatePasswordHashed($uid, self::hashPassword($password));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Updates a user row with a new hashed password.
|
||||||
|
* Empties the password reset token field just in case.
|
||||||
|
*
|
||||||
|
* @param int $uid
|
||||||
|
* @param string $pasword_hashed
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
private static function updatePasswordHashed($uid, $pasword_hashed)
|
||||||
|
{
|
||||||
|
return dba::update('user', ['password' => $pasword_hashed, 'pwdreset' => ''], ['uid' => $uid]);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Catch-all user creation function
|
* @brief Catch-all user creation function
|
||||||
*
|
*
|
||||||
|
@ -290,8 +336,8 @@ class User
|
||||||
throw new Exception(t('Nickname is already registered. Please choose another.'));
|
throw new Exception(t('Nickname is already registered. Please choose another.'));
|
||||||
}
|
}
|
||||||
|
|
||||||
$new_password = strlen($password) ? $password : autoname(6) . mt_rand(100, 9999);
|
$new_password = strlen($password) ? $password : User::generateNewPassword();
|
||||||
$new_password_encoded = hash('whirlpool', $new_password);
|
$new_password_encoded = self::hashPassword($new_password);
|
||||||
|
|
||||||
$return['password'] = $new_password;
|
$return['password'] = $new_password;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue