Skip to content
Permalink
Browse files

Use Utils::password_hash instead of Random::hash

  • Loading branch information...
beaver-dev committed Apr 12, 2016
1 parent 965e555 commit 7caf2373bc5d8e5cf5c47e106532f385273dd0e1
@@ -40,8 +40,7 @@ public function login($req, $res, $args)
$user = ModelAuth::get_user_from_name($form_username);
$form_password_hash = Random::hash($form_password); // Will result in a SHA-1 hash
if ($user && !empty($user->password) && $user->password == $form_password_hash) {
if ($user && !empty($user->password) && Utils::password_verify($form_password, $user->password)) {
if ($user->group_id == ForumEnv::get('FEATHER_UNVERIFIED')) {
ModelAuth::update_group($user->id, ForumSettings::get('o_default_user_group'));
if (!Container::get('cache')->isCached('users_info')) {
@@ -376,4 +376,30 @@ public static function hash_equals($a, $b)
return $result === 0;
}
/**
* Hash a user password using BCRYPT
* Replaces old sha1 password hashing verification
* Requires PHP >= 5.5
*
* @param string $password User password
* @return string Hashed password
*/
public static function password_hash(string $password)
{
return password_hash($password, PASSWORD_DEFAULT);
}
/**
* Compare an inputed password with the one in database for a user
* Requires PHP >= 5.5
*
* @param string $password Inputed password
* @param string $hash Password stored in database
* @return bool Do the passwords match ?
*/
public static function password_verify(string $password, string $hash)
{
return password_verify($password, $hash);
}
}
@@ -12,6 +12,7 @@
use FeatherBB\Core\Database as DB;
use FeatherBB\Core\Random;
use FeatherBB\Core\Utils;
use FeatherBB\Core\Url;
use Firebase\JWT\JWT;
class Auth
@@ -90,7 +91,7 @@ public static function set_last_visit($user_id, $last_visit)
public static function set_new_password($pass, $key, $user_id)
{
$query['update'] = array(
'activate_string' => Random::hash($pass),
'activate_string' => Utils::password_hash($pass),
'activate_key' => $key,
'last_email_sent' => time(),
);
@@ -107,7 +108,7 @@ public static function generate_jwt($user, $expire)
{
$issuedAt = time();
$tokenId = base64_encode(Random::key(32));
$serverName = Config::get('serverName');
$serverName = Url::base_static();
/*
* Create the token as an array
@@ -220,7 +220,7 @@ class Install
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`group_id` int(10) unsigned NOT NULL DEFAULT '3',
`username` varchar(200) NOT NULL DEFAULT '',
`password` varchar(40) NOT NULL DEFAULT '',
`password` char(72) NOT NULL DEFAULT '',
`email` varchar(80) NOT NULL DEFAULT '',
`title` varchar(50) DEFAULT NULL,
`realname` varchar(40) DEFAULT NULL,
@@ -419,7 +419,7 @@ public static function load_admin_user(array $data)
return $user = array(
'group_id' => 1,
'username' => $data['username'],
'password' => Random::hash($data['password']),
'password' => Utils::password_hash($data['password']),
'email' => $data['email'],
'language' => $data['default_lang'],
'style' => $data['default_style'],
@@ -103,7 +103,7 @@ public function change_pass($id)
$authorized = false;
if (!empty($cur_user['password'])) {
$old_password_hash = Random::hash($old_password);
$old_password_hash = Utils::password_hash($old_password);
if ($cur_user['password'] == $old_password_hash || User::get()->is_admmod) {
$authorized = true;
@@ -114,7 +114,7 @@ public function change_pass($id)
throw new Error(__('Wrong pass'), 403);
}
$new_password_hash = Random::hash($new_password1);
$new_password_hash = Utils::password_hash($new_password1);
$update_password = DB::for_table('users')
->where('id', $id)
@@ -192,7 +192,7 @@ public function change_email($id)
} elseif (Request::isPost()) {
Container::get('hooks')->fire('model.profile.change_email_post');
if (!Utils::hash_equals(Random::hash(Input::post('req_password')), User::get()->password)) {
if (!Utils::password_verify(Input::post('req_password'), User::get()->password)) {
throw new Error(__('Wrong pass'));
}
@@ -130,7 +130,7 @@ public function insert_user($user)
$now = time();
$intial_group_id = (ForumSettings::get('o_regs_verify') == '0') ? ForumSettings::get('o_default_user_group') : ForumEnv::get('FEATHER_UNVERIFIED');
$password_hash = Random::hash($user['password1']);
$password_hash = Utils::password_hash($user['password1']);
// Add the user
$user_data = array(

0 comments on commit 7caf237

Please sign in to comment.
You can’t perform that action at this time.