Hecht
/
agng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ported the password handling to use bcrypt instead of the old AES stuffz

Browse Source
main
hecht 10 years ago
parent 4500fa63c6
commit f34103ab5e
1 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File

25
ag/include/user.inc.php
Unescape Escape View File

@ -90,39 +90,42 @@ function checkCookiePassword($username, $password){
} }
function checkLoginPassword($username, $password){ function checkLoginPassword($username, $password){
// We should now use the BCRYPT algo to store passwords
$pw = encryptPassword($password);
$sql = 'SELECT SHA1(AES_ENCRYPT(\''.$password.'\',\''.$GLOBALS['PW_AES_KEY'].'\')) as encrypt_password, passwort from user where nickname = \''.$username.'\''; $sql = 'SELECT SHA1(AES_ENCRYPT(\''.$password.'\',\''.$GLOBALS['PW_AES_KEY'].'\')) as encrypt_password, passwort from user where nickname = \''.$username.'\'';
// echo $sql.'<br>'; // echo $sql.'<br>';
$row = mysql_fetch_assoc(mysql_query($sql)); $row = mysql_fetch_assoc(mysql_query($sql));
if($row){ if($row){
if($row['encrypt_password'] != $row['passwort'] && md5($password) == $row['passwort']){ if($row['passwort'] == $pw) {
return true; // already bcrypt based!
}
if($row['encrypt_password'] == $row['passwort'] || md5($password) == $row['passwort']){
setPassword($username, $password); setPassword($username, $password);
return true; return true;
} else{
return $row['encrypt_password'] == $row['passwort'];
} }
} else{
return false;
} }
return false;
} }
function setCookies($nick_name, $password){ function setCookies($nick_name, $password){
$pw = encryptPassword($password);
checkCookies($nick_name, $_COOKIE['yps']); checkCookies($nick_name, $_COOKIE['yps']);
$row = mysql_fetch_assoc(mysql_query('select SHA1(AES_ENCRYPT(\''.$password.'\',\''.$GLOBALS['PW_AES_KEY'].'\')) as pw'));
setcookie('name',$nick_name,time()+864000); setcookie('name',$nick_name,time()+864000);
setcookie('passwort',$row['pw'],time()+864000); setcookie('passwort',$pw,time()+864000);
setcookie('yps',$nick_name.','.md5($nick_name),time()+864000); setcookie('yps',$nick_name.','.md5($nick_name),time()+864000);
} }
function setPassword($username, $password){ function setPassword($username, $password){
$sql = 'UPDATE user set passwort = SHA1(AES_ENCRYPT(\''.$password.'\',\''.$GLOBALS['PW_AES_KEY'].'\')) where nickname = \''.$username.'\''; $pw = encryptPassword($password);
$sql = 'UPDATE user set passwort = \''.$pw.'\' where nickname = \''.$username.'\'';
// echo $sql.'<br>'; // echo $sql.'<br>';
mysql_query($sql); mysql_query($sql);
} }
function encryptPassword($password){ function encryptPassword($password){
$sql = 'SELECT SHA1(AES_ENCRYPT(\''.$password.'\',\''.$GLOBALS['PW_AES_KEY'].'\')) as pw'; $pw = password_hash($password, PASSWORD_BCRYPT, array('salt' => $GLOBALS['PW_AES_KEY']));
$result = mysql_fetch_assoc(mysql_query($sql)); return $pw;
return $result['pw'];
} }
function getUserMetaData($userid) { function getUserMetaData($userid) {

Write Preview
Loading…
Cancel
Save