[geeklog-cvs] Geeklog-1.x/public_html users.php, 1.159, 1.160 usersettings.php, 1.166, 1.167
Dirk Haun
dhaun at qs1489.pair.com
Sun Dec 9 13:05:41 EST 2007
Update of /cvsroot/geeklog/Geeklog-1.x/public_html
In directory qs1489.pair.com:/tmp/cvs-serv36406/public_html
Modified Files:
users.php usersettings.php
Log Message:
New function SEC_encryptPassword() to get all the direct calls to md5() out of the core code and give us a chance to switch to some other encryption method in the future.
Index: usersettings.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/usersettings.php,v
retrieving revision 1.166
retrieving revision 1.167
diff -C2 -d -r1.166 -r1.167
*** usersettings.php 25 Nov 2007 09:15:00 -0000 1.166
--- usersettings.php 9 Dec 2007 18:05:39 -0000 1.167
***************
*** 263,269 ****
// to change the password, email address, or cookie timeout,
// we need the user's current password
! if (empty ($_POST['old_passwd']) ||
! (md5 ($_POST['old_passwd']) != $_USER['passwd'])) {
! return COM_refresh ($_CONF['site_url']
. '/usersettings.php?mode=edit&msg=84');
}
--- 263,269 ----
// to change the password, email address, or cookie timeout,
// we need the user's current password
! if (empty($_POST['old_passwd']) ||
! (SEC_encryptPassword($_POST['old_passwd']) != $_USER['passwd'])) {
! return COM_refresh($_CONF['site_url']
. '/usersettings.php?mode=edit&msg=84');
}
***************
*** 927,932 ****
if (!empty ($A['passwd']) || ($A['email'] != $_USER['email']) ||
($A['cooktime'] != $_USER['cookietimeout'])) {
! if (empty ($A['old_passwd']) ||
! (md5 ($A['old_passwd']) != $_USER['passwd'])) {
return COM_refresh ($_CONF['site_url']
--- 927,932 ----
if (!empty ($A['passwd']) || ($A['email'] != $_USER['email']) ||
($A['cooktime'] != $_USER['cookietimeout'])) {
! if (empty($A['old_passwd']) ||
! (SEC_encryptPassword($A['old_passwd']) != $_USER['passwd'])) {
return COM_refresh ($_CONF['site_url']
***************
*** 935,939 ****
}
! // no need to filter the password as it's md5 encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = COM_applyFilter ($A['new_username']);
--- 935,939 ----
}
! // no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = COM_applyFilter ($A['new_username']);
***************
*** 971,980 ****
}
! if (!empty ($A['passwd'])) {
! if (($A['passwd'] == $A['passwd_conf'])
! AND (md5 ($A['old_passwd']) == $_USER['passwd'])) {
! $passwd = md5 ($A['passwd']);
! DB_change($_TABLES['users'], 'passwd',
! "$passwd", "uid", $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
--- 971,980 ----
}
! if (!empty($A['passwd'])) {
! if (($A['passwd'] == $A['passwd_conf']) &&
! (SEC_encryptPassword($A['old_passwd']) == $_USER['passwd'])) {
! $passwd = SEC_encryptPassword($A['passwd']);
! DB_change($_TABLES['users'], 'passwd', "$passwd",
! "uid", $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
***************
*** 982,996 ****
$cooktime = -1000;
}
! setcookie ($_CONF['cookie_password'], $passwd, time() + $cooktime,
! $_CONF['cookie_path'], $_CONF['cookiedomain'],
! $_CONF['cookiesecure']);
! }
! elseif (md5 ($A['old_passwd']) != $_USER['passwd']) {
! return COM_refresh ($_CONF['site_url']
! . '/usersettings.php?mode=edit&msg=68');
! }
! elseif ($A['passwd'] != $A['passwd_conf']) {
! return COM_refresh ($_CONF['site_url']
! . '/usersettings.php?mode=edit&msg=67');
}
}
--- 982,994 ----
$cooktime = -1000;
}
! setcookie($_CONF['cookie_password'], $passwd, time() + $cooktime,
! $_CONF['cookie_path'], $_CONF['cookiedomain'],
! $_CONF['cookiesecure']);
! } elseif (SEC_encryptPassword($A['old_passwd']) != $_USER['passwd']) {
! return COM_refresh ($_CONF['site_url']
! . '/usersettings.php?mode=edit&msg=68');
! } elseif ($A['passwd'] != $A['passwd_conf']) {
! return COM_refresh ($_CONF['site_url']
! . '/usersettings.php?mode=edit&msg=67');
}
}
Index: users.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/users.php,v
retrieving revision 1.159
retrieving revision 1.160
diff -C2 -d -r1.159 -r1.160
*** users.php 25 Nov 2007 06:55:07 -0000 1.159
--- users.php 9 Dec 2007 18:05:39 -0000 1.160
***************
*** 907,911 ****
array ($uid, $reqid));
if ($valid == 1) {
! $passwd = md5 ($_POST['passwd']);
DB_change ($_TABLES['users'], 'passwd', "$passwd",
"uid", $uid);
--- 907,911 ----
array ($uid, $reqid));
if ($valid == 1) {
! $passwd = SEC_encryptPassword($_POST['passwd']);
DB_change ($_TABLES['users'], 'passwd', "$passwd",
"uid", $uid);
***************
*** 1097,1103 ****
time() + $cooktime, $_CONF['cookie_path'],
$_CONF['cookiedomain'], $_CONF['cookiesecure']);
! setcookie ($_CONF['cookie_password'], md5 ($passwd),
! time() + $cooktime, $_CONF['cookie_path'],
! $_CONF['cookiedomain'], $_CONF['cookiesecure']);
}
} else {
--- 1097,1104 ----
time() + $cooktime, $_CONF['cookie_path'],
$_CONF['cookiedomain'], $_CONF['cookiesecure']);
! setcookie ($_CONF['cookie_password'],
! SEC_encryptPassword($passwd), time() + $cooktime,
! $_CONF['cookie_path'], $_CONF['cookiedomain'],
! $_CONF['cookiesecure']);
}
} else {
More information about the geeklog-cvs
mailing list