From 86fd054b3eeea2d7bc5912ccc900aedac8128543 Mon Sep 17 00:00:00 2001 From: goofygoblin <30272821+goofygoblin@users.noreply.github.com> Date: Tue, 18 Jul 2017 22:45:35 +0100 Subject: [PATCH 1/8] Update password hashing Update password hashing to used php's password_hash() function. --- upload/catalog/model/account/customer.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/upload/catalog/model/account/customer.php b/upload/catalog/model/account/customer.php index 4d74bab39a8..8b17afe4a06 100644 --- a/upload/catalog/model/account/customer.php +++ b/upload/catalog/model/account/customer.php @@ -27,7 +27,7 @@ public function editCustomer($customer_id, $data) { } public function editPassword($email, $password) { - $this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($password)))) . "', code = '' WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'"); + $this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '', password = '" . $this->db->escape(password_hash($data['password'], PASSWORD_DEFAULT)) . "', code = '' WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'"); } public function editAddressId($customer_id, $address_id) { @@ -149,4 +149,4 @@ public function getAffiliateByTracking($tracking) { return $query->row; } -} \ No newline at end of file +} From f991a387525ff79be25828168c5215d920a40bc9 Mon Sep 17 00:00:00 2001 From: goofygoblin <30272821+goofygoblin@users.noreply.github.com> Date: Wed, 26 Jul 2017 19:35:38 +0100 Subject: [PATCH 2/8] Update customer.php --- upload/catalog/model/account/customer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upload/catalog/model/account/customer.php b/upload/catalog/model/account/customer.php index 8b17afe4a06..87eba3111bf 100644 --- a/upload/catalog/model/account/customer.php +++ b/upload/catalog/model/account/customer.php @@ -11,7 +11,7 @@ public function addCustomer($data) { $customer_group_info = $this->model_account_customer_group->getCustomerGroup($customer_group_id); - $this->db->query("INSERT INTO " . DB_PREFIX . "customer SET customer_group_id = '" . (int)$customer_group_id . "', store_id = '" . (int)$this->config->get('config_store_id') . "', language_id = '" . (int)$this->config->get('config_language_id') . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', custom_field = '" . $this->db->escape(isset($data['custom_field']['account']) ? json_encode($data['custom_field']['account']) : '') . "', salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "', newsletter = '" . (isset($data['newsletter']) ? (int)$data['newsletter'] : 0) . "', ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', status = '" . (int)!$customer_group_info['approval'] . "', date_added = NOW()"); + $this->db->query("INSERT INTO " . DB_PREFIX . "customer SET customer_group_id = '" . (int)$customer_group_id . "', store_id = '" . (int)$this->config->get('config_store_id') . "', language_id = '" . (int)$this->config->get('config_language_id') . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', custom_field = '" . $this->db->escape(isset($data['custom_field']['account']) ? json_encode($data['custom_field']['account']) : '') . "', salt = '', password = '" . $this->db->escape(password_hash($data['password'], PASSWORD_DEFAULT)) . "', newsletter = '" . (isset($data['newsletter']) ? (int)$data['newsletter'] : 0) . "', ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', status = '" . (int)!$customer_group_info['approval'] . "', date_added = NOW()"); $customer_id = $this->db->getLastId(); From 7f423a29fd71dcee23516d2e3da4c42c6c0d3184 Mon Sep 17 00:00:00 2001 From: goofygoblin <30272821+goofygoblin@users.noreply.github.com> Date: Wed, 26 Jul 2017 20:13:52 +0100 Subject: [PATCH 3/8] Update customer.php --- upload/system/library/cart/customer.php | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/upload/system/library/cart/customer.php b/upload/system/library/cart/customer.php index c3de558f2b5..b040b3de361 100644 --- a/upload/system/library/cart/customer.php +++ b/upload/system/library/cart/customer.php @@ -43,13 +43,22 @@ public function __construct($registry) { } public function login($email, $password, $override = false) { - if ($override) { - $customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "' AND status = '1'"); - } else { - $customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "' AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '" . $this->db->escape(md5($password)) . "') AND status = '1'"); - } + $customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "' AND status = '1'"); if ($customer_query->num_rows) { + + if (!$override) { + if (password_verify($password, $customer_query->row['password'])) { + if (password_needs_rehash($password_hashed, PASSWORD_DEFAULT)) { + $new_password_hashed = password_hash($password, PASSWORD_DEFAULT); + } + } elseif ($customer_query->row['password'] == sha1($customer_query->row['salt'] . sha1($customer_query->row['salt'] . sha1($password))) || $customer_query->row['password'] == md5($password)) { + $new_password_hashed = password_hash($password, PASSWORD_DEFAULT); + } else { + return false; + } + } + $this->session->data['customer_id'] = $customer_query->row['customer_id']; $this->customer_id = $customer_query->row['customer_id']; @@ -60,8 +69,8 @@ public function login($email, $password, $override = false) { $this->telephone = $customer_query->row['telephone']; $this->newsletter = $customer_query->row['newsletter']; $this->address_id = $customer_query->row['address_id']; - - $this->db->query("UPDATE " . DB_PREFIX . "customer SET language_id = '" . (int)$this->config->get('config_language_id') . "', ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "' WHERE customer_id = '" . (int)$this->customer_id . "'"); + + $this->db->query("UPDATE " . DB_PREFIX . "customer SET " . ((isset($new_password_hashed)) ? "salt = '', password = '" . $new_password_hashed . "', " : "") . "language_id = '" . (int)$this->config->get('config_language_id') . "', ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "' WHERE customer_id = '" . (int)$this->customer_id . "'"); return true; } else { From c083ee1f258d1188689943138ca1dc3dde855a3c Mon Sep 17 00:00:00 2001 From: goofygoblin <30272821+goofygoblin@users.noreply.github.com> Date: Wed, 26 Jul 2017 20:17:17 +0100 Subject: [PATCH 4/8] Update opencart.sql --- upload/install/opencart.sql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/upload/install/opencart.sql b/upload/install/opencart.sql index bc80b07c1d7..aee4a8b335f 100644 --- a/upload/install/opencart.sql +++ b/upload/install/opencart.sql @@ -973,7 +973,7 @@ CREATE TABLE `oc_customer` ( `email` varchar(96) NOT NULL, `telephone` varchar(32) NOT NULL, `fax` varchar(32) NOT NULL, - `password` varchar(40) NOT NULL, + `password` varchar(255) NOT NULL, `salt` varchar(9) NOT NULL, `cart` text, `wishlist` text, @@ -3708,7 +3708,7 @@ CREATE TABLE `oc_user` ( `user_id` int(11) NOT NULL AUTO_INCREMENT, `user_group_id` int(11) NOT NULL, `username` varchar(20) NOT NULL, - `password` varchar(40) NOT NULL, + `password` varchar(255) NOT NULL, `salt` varchar(9) NOT NULL, `firstname` varchar(32) NOT NULL, `lastname` varchar(32) NOT NULL, From 0bc8a19f6766fa3c4d2f6809bd74bef4474814cd Mon Sep 17 00:00:00 2001 From: goofygoblin <30272821+goofygoblin@users.noreply.github.com> Date: Wed, 26 Jul 2017 20:25:32 +0100 Subject: [PATCH 5/8] Update user.php --- upload/admin/model/user/user.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/upload/admin/model/user/user.php b/upload/admin/model/user/user.php index ccaa4c0392e..5343b6f0763 100644 --- a/upload/admin/model/user/user.php +++ b/upload/admin/model/user/user.php @@ -1,7 +1,7 @@ db->query("INSERT INTO `" . DB_PREFIX . "user` SET username = '" . $this->db->escape($data['username']) . "', user_group_id = '" . (int)$data['user_group_id'] . "', salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', image = '" . $this->db->escape($data['image']) . "', status = '" . (int)$data['status'] . "', date_added = NOW()"); + $this->db->query("INSERT INTO `" . DB_PREFIX . "user` SET username = '" . $this->db->escape($data['username']) . "', user_group_id = '" . (int)$data['user_group_id'] . "', salt = '', password = '" . $this->db->escape(password_hash($data['password'], PASSWORD_DEFAULT)) . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', image = '" . $this->db->escape($data['image']) . "', status = '" . (int)$data['status'] . "', date_added = NOW()"); return $this->db->getLastId(); } @@ -10,12 +10,12 @@ public function editUser($user_id, $data) { $this->db->query("UPDATE `" . DB_PREFIX . "user` SET username = '" . $this->db->escape($data['username']) . "', user_group_id = '" . (int)$data['user_group_id'] . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', image = '" . $this->db->escape($data['image']) . "', status = '" . (int)$data['status'] . "' WHERE user_id = '" . (int)$user_id . "'"); if ($data['password']) { - $this->db->query("UPDATE `" . DB_PREFIX . "user` SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "' WHERE user_id = '" . (int)$user_id . "'"); + $this->db->query("UPDATE `" . DB_PREFIX . "user` SET salt = '', password = '" . $this->db->escape(password_hash($data['password'], PASSWORD_DEFAULT)) . "' WHERE user_id = '" . (int)$user_id . "'"); } } public function editPassword($user_id, $password) { - $this->db->query("UPDATE `" . DB_PREFIX . "user` SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($password)))) . "', code = '' WHERE user_id = '" . (int)$user_id . "'"); + $this->db->query("UPDATE `" . DB_PREFIX . "user` SET salt = '', password = '" . $this->db->escape(password_hash($password, PASSWORD_DEFAULT)) . "', code = '' WHERE user_id = '" . (int)$user_id . "'"); } public function editCode($email, $code) { @@ -105,4 +105,4 @@ public function getTotalUsersByEmail($email) { return $query->row['total']; } -} \ No newline at end of file +} From 4e093a73a1b743fb551ad63fa60a3dab3452460d Mon Sep 17 00:00:00 2001 From: goofygoblin <30272821+goofygoblin@users.noreply.github.com> Date: Wed, 26 Jul 2017 20:47:51 +0100 Subject: [PATCH 6/8] Update user.php --- upload/system/library/cart/user.php | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/upload/system/library/cart/user.php b/upload/system/library/cart/user.php index ca1d09ec1f3..0740e119615 100644 --- a/upload/system/library/cart/user.php +++ b/upload/system/library/cart/user.php @@ -37,14 +37,29 @@ public function __construct($registry) { } public function login($username, $password) { - $user_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "user WHERE username = '" . $this->db->escape($username) . "' AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '" . $this->db->escape(md5($password)) . "') AND status = '1'"); + $user_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "user WHERE username = '" . $this->db->escape($username) . "' AND status = '1'"); if ($user_query->num_rows) { + + if (password_verify($password, $user_query->row['password'])) { + if (password_needs_rehash($password_hashed, PASSWORD_DEFAULT)) { + $new_password_hashed = password_hash($password, PASSWORD_DEFAULT); + } + } elseif ($user_query->row['password'] == sha1($user_query->row['salt'] . sha1($user_query->row['salt'] . sha1($password))) || $user_query->row['password'] == md5($password)) { + $new_password_hashed = password_hash($password, PASSWORD_DEFAULT); + } else { + return false; + } + $this->session->data['user_id'] = $user_query->row['user_id']; $this->user_id = $user_query->row['user_id']; $this->username = $user_query->row['username']; $this->user_group_id = $user_query->row['user_group_id']; + + if (isset($new_password_hashed)) { + $this->db->query("UPDATE " . DB_PREFIX . "user SET salt = '', password = '" . $this->db->escape($new_password_hashed) . "' WHERE user_id = '" . (int)$this->user_id . "'"); + } $user_group_query = $this->db->query("SELECT permission FROM " . DB_PREFIX . "user_group WHERE user_group_id = '" . (int)$user_query->row['user_group_id'] . "'"); @@ -92,4 +107,4 @@ public function getUserName() { public function getGroupId() { return $this->user_group_id; } -} \ No newline at end of file +} From 6d67ce7292bfe1c8c19af316b7f7810c4a21e615 Mon Sep 17 00:00:00 2001 From: goofygoblin <30272821+goofygoblin@users.noreply.github.com> Date: Wed, 26 Jul 2017 20:48:39 +0100 Subject: [PATCH 7/8] Update customer.php --- upload/system/library/cart/customer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/upload/system/library/cart/customer.php b/upload/system/library/cart/customer.php index b040b3de361..a9334772135 100644 --- a/upload/system/library/cart/customer.php +++ b/upload/system/library/cart/customer.php @@ -70,7 +70,7 @@ public function login($email, $password, $override = false) { $this->newsletter = $customer_query->row['newsletter']; $this->address_id = $customer_query->row['address_id']; - $this->db->query("UPDATE " . DB_PREFIX . "customer SET " . ((isset($new_password_hashed)) ? "salt = '', password = '" . $new_password_hashed . "', " : "") . "language_id = '" . (int)$this->config->get('config_language_id') . "', ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "' WHERE customer_id = '" . (int)$this->customer_id . "'"); + $this->db->query("UPDATE " . DB_PREFIX . "customer SET " . ((isset($new_password_hashed)) ? "salt = '', password = '" . $this->db->escape($new_password_hashed) . "', " : "") . "language_id = '" . (int)$this->config->get('config_language_id') . "', ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "' WHERE customer_id = '" . (int)$this->customer_id . "'"); return true; } else { From 5ec84d4cb035ef3c4af691042eb35458eccdd764 Mon Sep 17 00:00:00 2001 From: goofygoblin <30272821+goofygoblin@users.noreply.github.com> Date: Wed, 26 Jul 2017 20:53:24 +0100 Subject: [PATCH 8/8] Update customer.php --- upload/admin/model/customer/customer.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/upload/admin/model/customer/customer.php b/upload/admin/model/customer/customer.php index f1eab7deb16..2aa28df211b 100644 --- a/upload/admin/model/customer/customer.php +++ b/upload/admin/model/customer/customer.php @@ -1,7 +1,7 @@ db->query("INSERT INTO " . DB_PREFIX . "customer SET customer_group_id = '" . (int)$data['customer_group_id'] . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', custom_field = '" . $this->db->escape(isset($data['custom_field']) ? json_encode($data['custom_field']) : json_encode(array())) . "', newsletter = '" . (int)$data['newsletter'] . "', salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "', status = '" . (int)$data['status'] . "', safe = '" . (int)$data['safe'] . "', date_added = NOW()"); + $this->db->query("INSERT INTO " . DB_PREFIX . "customer SET customer_group_id = '" . (int)$data['customer_group_id'] . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', custom_field = '" . $this->db->escape(isset($data['custom_field']) ? json_encode($data['custom_field']) : json_encode(array())) . "', newsletter = '" . (int)$data['newsletter'] . "', salt = '', password = '" . $this->db->escape(password_hash($data['password'], PASSWORD_DEFAULT)) . "', status = '" . (int)$data['status'] . "', safe = '" . (int)$data['safe'] . "', date_added = NOW()"); $customer_id = $this->db->getLastId(); @@ -28,7 +28,7 @@ public function editCustomer($customer_id, $data) { $this->db->query("UPDATE " . DB_PREFIX . "customer SET customer_group_id = '" . (int)$data['customer_group_id'] . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', custom_field = '" . $this->db->escape(isset($data['custom_field']) ? json_encode($data['custom_field']) : json_encode(array())) . "', newsletter = '" . (int)$data['newsletter'] . "', status = '" . (int)$data['status'] . "', safe = '" . (int)$data['safe'] . "' WHERE customer_id = '" . (int)$customer_id . "'"); if ($data['password']) { - $this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "' WHERE customer_id = '" . (int)$customer_id . "'"); + $this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '', password = '" . $this->db->escape(password_hash($data['password'], PASSWORD_DEFAULT)) . "' WHERE customer_id = '" . (int)$customer_id . "'"); } $this->db->query("DELETE FROM " . DB_PREFIX . "address WHERE customer_id = '" . (int)$customer_id . "'");