Permalink
Browse files

Use flux_ prefix for new password functions

  • Loading branch information...
franzliedke committed Jan 2, 2019
1 parent f4aa754 commit 1314cde6c52cdff33aa1fda995237ad81a1f7d7d
Showing with 16 additions and 16 deletions.
  1. +8 −8 include/functions.php
  2. +1 −1 install.php
  3. +3 −3 login.php
  4. +3 −3 profile.php
  5. +1 −1 register.php
@@ -155,7 +155,7 @@ function authenticate_user($user, $password, $password_is_hash = false)
$pun_user = $db->fetch_assoc($result);
$is_password_authorized = hash_equals($password, $pun_user['password']);
$is_hash_authorized = pun_password_verify($password, $pun_user['password']);
$is_hash_authorized = flux_password_verify($password, $pun_user['password']);
if (!isset($pun_user['id']) ||
($password_is_hash && !$is_password_authorized ||
@@ -1097,7 +1097,7 @@ function validate_redirect($redirect_url, $fallback_url)
// using a secure password hashing algorithm, if available
// As of PHP 7.2, this is BLOWFISH.
//
function pun_password_hash($pass)
function flux_password_hash($pass)
{
global $password_hash_cost;
@@ -1112,9 +1112,9 @@ function pun_password_hash($pass)
//
// Verify that $pass and $hash match
// This supports any password hashing algorithm
// used by pun_password_hash
// used by flux_password_hash
//
function pun_password_verify($pass, $hash)
function flux_password_verify($pass, $hash)
{
if (!empty($hash) && $hash[0] !== '$')
return hash_equals(pun_hash($pass), $hash);
@@ -1125,10 +1125,10 @@ function pun_password_verify($pass, $hash)
//
// Verify that $pass and $hash match
// This supports any password hashing algorithm
// used by pun_password_hash, but is also
// used by flux_password_hash, but is also
// backwards-compatible with older versions of this software.
//
function pun_password_verify_legacy($pass, $hash, $salt = null)
function flux_password_verify_legacy($pass, $hash, $salt = null)
{
// MD5 from 1.2
if (strlen($hash) < 40)
@@ -1143,14 +1143,14 @@ function pun_password_verify_legacy($pass, $hash, $salt = null)
return hash_equals(sha1($pass), $hash);
// Support current password standard
return pun_password_verify($pass, $hash);
return flux_password_verify($pass, $hash);
}
//
// Check if $hash is outdated and needs to be rehashed
//
function pun_password_needs_rehash($hash)
function flux_password_needs_rehash($hash)
{
global $password_hash_cost;
@@ -1492,7 +1492,7 @@ function process_form(the_form)
$db->query('INSERT INTO '.$db_prefix.'users (group_id, username, password, email) VALUES(3, \''.$db->escape($lang_install['Guest']).'\', \''.$db->escape($lang_install['Guest']).'\', \''.$db->escape($lang_install['Guest']).'\')')
or error('Unable to add guest user. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
$db->query('INSERT INTO '.$db_prefix.'users (group_id, username, password, email, language, style, num_posts, last_post, registered, registration_ip, last_visit) VALUES(1, \''.$db->escape($username).'\', \''.$db->escape(pun_password_hash($password1)).'\', \''.$email.'\', \''.$db->escape($default_lang).'\', \''.$db->escape($default_style).'\', 1, '.$now.', '.$now.', \''.$db->escape(get_remote_address()).'\', '.$now.')')
$db->query('INSERT INTO '.$db_prefix.'users (group_id, username, password, email, language, style, num_posts, last_post, registered, registration_ip, last_visit) VALUES(1, \''.$db->escape($username).'\', \''.$db->escape(flux_password_hash($password1)).'\', \''.$email.'\', \''.$db->escape($default_lang).'\', \''.$db->escape($default_style).'\', 1, '.$now.', '.$now.', \''.$db->escape(get_remote_address()).'\', '.$now.')')
or error('Unable to add administrator user. Please check your configuration and try again', __FILE__, __LINE__, $db->error());
// Enable/disable avatars depending on file_uploads setting in PHP configuration
@@ -41,13 +41,13 @@
// this allows the cookie token to reflect the new hash
$user_password = $cur_user['password'];
if (pun_password_verify_legacy($form_password, $user_password, $cur_user['salt']))
if (flux_password_verify_legacy($form_password, $user_password, $cur_user['salt']))
{
$authorized = true;
if (!empty($cur_user['salt']) || pun_password_needs_rehash($user_password))
if (!empty($cur_user['salt']) || flux_password_needs_rehash($user_password))
{
$user_password = pun_password_hash($form_password);
$user_password = flux_password_hash($form_password);
$db->query('UPDATE '.$db->prefix.'users SET salt=NULL, password=\''.$db->escape($user_password).'\' WHERE id='.$cur_user['id']) or error('Unable to update user password', __FILE__, __LINE__, $db->error());
}
}
@@ -102,14 +102,14 @@
{
$old_password_hash = pun_hash($old_password);
if (pun_password_verify($old_password, $cur_user['password']) || $pun_user['is_admmod'])
if (flux_password_verify($old_password, $cur_user['password']) || $pun_user['is_admmod'])
$authorized = true;
}
if (!$authorized)
message($lang_profile['Wrong pass']);
$new_password_hash = pun_password_hash($new_password1);
$new_password_hash = flux_password_hash($new_password1);
$db->query('UPDATE '.$db->prefix.'users SET password=\''.$db->escape($new_password_hash).'\''.(!empty($cur_user['salt']) ? ', salt=NULL' : '').' WHERE id='.$id) or error('Unable to update password', __FILE__, __LINE__, $db->error());
@@ -193,7 +193,7 @@
}
else if (isset($_POST['form_sent']))
{
if (!pun_password_verify($_POST['req_password'], $pun_user['password']))
if (!flux_password_verify($_POST['req_password'], $pun_user['password']))
message($lang_profile['Wrong pass']);
// Make sure they got here from the site
@@ -157,7 +157,7 @@
$now = time();
$intial_group_id = ($pun_config['o_regs_verify'] == '0') ? $pun_config['o_default_user_group'] : PUN_UNVERIFIED;
$password_hash = pun_password_hash($password1);
$password_hash = flux_password_hash($password1);
// Add the user
$db->query('INSERT INTO '.$db->prefix.'users (username, group_id, password, email, email_setting, timezone, dst, language, style, registered, registration_ip, last_visit) VALUES(\''.$db->escape($username).'\', '.$intial_group_id.', \''.$db->escape($password_hash).'\', \''.$db->escape($email1).'\', '.$email_setting.', '.$timezone.' , '.$dst.', \''.$db->escape($language).'\', \''.$pun_config['o_default_style'].'\', '.$now.', \''.$db->escape(get_remote_address()).'\', '.$now.')') or error('Unable to create user', __FILE__, __LINE__, $db->error());

0 comments on commit 1314cde

Please sign in to comment.