Fixed "Constant already defined" notice
Added more ugly global variables
This commit is contained in:
parent
5e850171e2
commit
1f8d1eb4bb
|
@ -22,12 +22,12 @@ $LETZTES_AUSTRAGEN = 3;
|
||||||
// Falls ein Benutzerpasswort in einem anderen Format gespeichert ist,
|
// Falls ein Benutzerpasswort in einem anderen Format gespeichert ist,
|
||||||
// wird es bei der ersten Benutzung des Klartext-Passworts in das neue Format
|
// wird es bei der ersten Benutzung des Klartext-Passworts in das neue Format
|
||||||
// konvertiert.
|
// konvertiert.
|
||||||
// define('CRYPT_ALG', '$1'); // MD5
|
// $crypt_alg = '$1'; // MD5
|
||||||
// define('CRYPT_ALG', '$2y$13'); // Blowfish
|
// $crypt_alg = '$2y$13'; // Blowfish
|
||||||
// define('CRYPT_ALG', '$5$rounds=5000'); // SHA-256
|
// $crypt_alg = '$5$rounds=5000'; // SHA-256
|
||||||
// define('CRYPT_ALG', '$6$rounds=5000'); // SHA-512
|
$crypt_alg = '$6$rounds=5000'; // SHA-512
|
||||||
|
|
||||||
// define('MIN_PASSWORD_LENGTH', 8);
|
$min_password_length = 8;
|
||||||
|
|
||||||
// Wenn Engel beim Registrieren oder in ihrem Profil eine T-Shirt Größe angeben sollen, auf true setzen:
|
// Wenn Engel beim Registrieren oder in ihrem Profil eine T-Shirt Größe angeben sollen, auf true setzen:
|
||||||
$enable_tshirt_size = true;
|
$enable_tshirt_size = true;
|
||||||
|
|
|
@ -211,6 +211,7 @@ function users_list_controller() {
|
||||||
* Second step of password recovery: set a new password using the token link from email
|
* Second step of password recovery: set a new password using the token link from email
|
||||||
*/
|
*/
|
||||||
function user_password_recovery_set_new_controller() {
|
function user_password_recovery_set_new_controller() {
|
||||||
|
global $min_password_length;
|
||||||
$user_source = User_by_password_recovery_token($_REQUEST['token']);
|
$user_source = User_by_password_recovery_token($_REQUEST['token']);
|
||||||
if ($user_source == null) {
|
if ($user_source == null) {
|
||||||
error(_("Token is not correct."));
|
error(_("Token is not correct."));
|
||||||
|
@ -219,8 +220,8 @@ function user_password_recovery_set_new_controller() {
|
||||||
|
|
||||||
if (isset($_REQUEST['submit'])) {
|
if (isset($_REQUEST['submit'])) {
|
||||||
$valid = true;
|
$valid = true;
|
||||||
|
|
||||||
if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
|
if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) {
|
||||||
if ($_REQUEST['password'] != $_REQUEST['password2']) {
|
if ($_REQUEST['password'] != $_REQUEST['password2']) {
|
||||||
$valid = false;
|
$valid = false;
|
||||||
error(_("Your passwords don't match."));
|
error(_("Your passwords don't match."));
|
||||||
|
|
|
@ -68,9 +68,6 @@ if (file_exists(realpath(__DIR__ . '/../config/config.php'))) {
|
||||||
require_once realpath(__DIR__ . '/../config/config.php');
|
require_once realpath(__DIR__ . '/../config/config.php');
|
||||||
}
|
}
|
||||||
|
|
||||||
defined('CRYPT_ALG') || define('CRYPT_ALG', '$6$rounds=5000'); // SHA-512
|
|
||||||
defined('MIN_PASSWORD_LENGTH') || define('MIN_PASSWORD_LENGTH', 8);
|
|
||||||
|
|
||||||
if ($maintenance_mode) {
|
if ($maintenance_mode) {
|
||||||
echo file_get_contents(__DIR__ . '/../public/maintenance.html');
|
echo file_get_contents(__DIR__ . '/../public/maintenance.html');
|
||||||
die();
|
die();
|
||||||
|
|
|
@ -14,7 +14,7 @@ function logout_title() {
|
||||||
|
|
||||||
// Engel registrieren
|
// Engel registrieren
|
||||||
function guest_register() {
|
function guest_register() {
|
||||||
global $tshirt_sizes, $enable_tshirt_size, $default_theme, $user;
|
global $tshirt_sizes, $enable_tshirt_size, $default_theme, $user, $min_password_length;
|
||||||
|
|
||||||
$event_config = EventConfig();
|
$event_config = EventConfig();
|
||||||
|
|
||||||
|
@ -96,14 +96,14 @@ function guest_register() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
|
if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) {
|
||||||
if ($_REQUEST['password'] != $_REQUEST['password2']) {
|
if ($_REQUEST['password'] != $_REQUEST['password2']) {
|
||||||
$valid = false;
|
$valid = false;
|
||||||
$msg .= error(_("Your passwords don't match."), true);
|
$msg .= error(_("Your passwords don't match."), true);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$valid = false;
|
$valid = false;
|
||||||
$msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true);
|
$msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), $min_password_length), true);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_REQUEST['planned_arrival_date'])) {
|
if (isset($_REQUEST['planned_arrival_date'])) {
|
||||||
|
|
|
@ -88,9 +88,10 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) {
|
||||||
* The user
|
* The user
|
||||||
*/
|
*/
|
||||||
function user_settings_password($user_source) {
|
function user_settings_password($user_source) {
|
||||||
|
global $min_password_length;
|
||||||
if (! isset($_REQUEST['password']) || ! verify_password($_REQUEST['password'], $user_source['Passwort'], $user_source['UID'])) {
|
if (! isset($_REQUEST['password']) || ! verify_password($_REQUEST['password'], $user_source['Passwort'], $user_source['UID'])) {
|
||||||
error(_("-> not OK. Please try again."));
|
error(_("-> not OK. Please try again."));
|
||||||
} elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) {
|
} elseif (strlen($_REQUEST['new_password']) < $min_password_length) {
|
||||||
error(_("Your password is to short (please use at least 6 characters)."));
|
error(_("Your password is to short (please use at least 6 characters)."));
|
||||||
} elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) {
|
} elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) {
|
||||||
error(_("Your passwords don't match."));
|
error(_("Your passwords don't match."));
|
||||||
|
|
|
@ -39,7 +39,8 @@ function generate_salt($length = 16) {
|
||||||
* set the password of a user
|
* set the password of a user
|
||||||
*/
|
*/
|
||||||
function set_password($uid, $password) {
|
function set_password($uid, $password) {
|
||||||
$result = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1");
|
global $crypt_alg;
|
||||||
|
$result = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, $crypt_alg . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1");
|
||||||
if ($result === false) {
|
if ($result === false) {
|
||||||
engelsystem_error('Unable to update password.');
|
engelsystem_error('Unable to update password.');
|
||||||
}
|
}
|
||||||
|
@ -51,6 +52,7 @@ function set_password($uid, $password) {
|
||||||
* if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically
|
* if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically
|
||||||
*/
|
*/
|
||||||
function verify_password($password, $salt, $uid = false) {
|
function verify_password($password, $salt, $uid = false) {
|
||||||
|
global $crypt_alg;
|
||||||
$correct = false;
|
$correct = false;
|
||||||
if (substr($salt, 0, 1) == '$') { // new-style crypt()
|
if (substr($salt, 0, 1) == '$') { // new-style crypt()
|
||||||
$correct = crypt($password, $salt) == $salt;
|
$correct = crypt($password, $salt) == $salt;
|
||||||
|
@ -59,12 +61,12 @@ function verify_password($password, $salt, $uid = false) {
|
||||||
} elseif (strlen($salt) == 32) { // old-style md5 without salt - not used anymore
|
} elseif (strlen($salt) == 32) { // old-style md5 without salt - not used anymore
|
||||||
$correct = md5($password) == $salt;
|
$correct = md5($password) == $salt;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) {
|
if ($correct && substr($salt, 0, strlen($crypt_alg)) != $crypt_alg && $uid) {
|
||||||
// this password is stored in another format than we want it to be.
|
// this password is stored in another format than we want it to be.
|
||||||
// let's update it!
|
// let's update it!
|
||||||
// we duplicate the query from the above set_password() function to have the extra safety of checking the old hash
|
// we duplicate the query from the above set_password() function to have the extra safety of checking the old hash
|
||||||
sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1");
|
sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, $crypt_alg . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1");
|
||||||
}
|
}
|
||||||
return $correct;
|
return $correct;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue