Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update password hashing to use PHP's password_hash() function #5798

Merged
merged 8 commits into from Jul 27, 2017
Merged

Update password hashing to use PHP's password_hash() function #5798

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
86fd054
Update password hashing
63BeetleSmurf Jul 18, 2017
f991a38
Update customer.php
63BeetleSmurf Jul 26, 2017
7f423a2
Update customer.php
63BeetleSmurf Jul 26, 2017
c083ee1
Update opencart.sql
63BeetleSmurf Jul 26, 2017
0bc8a19
Update user.php
63BeetleSmurf Jul 26, 2017
4e093a7
Update user.php
63BeetleSmurf Jul 26, 2017
6d67ce7
Update customer.php
63BeetleSmurf Jul 26, 2017
5ec84d4
Update customer.php
63BeetleSmurf Jul 26, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions upload/admin/model/customer/customer.php
View file
Open in desktop
@@ -1,7 +1,7 @@
<?php
class ModelCustomerCustomer extends Model {
public function addCustomer($data) {
$this->db->query("INSERT INTO " . DB_PREFIX . "customer SET customer_group_id = '" . (int)$data['customer_group_id'] . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', custom_field = '" . $this->db->escape(isset($data['custom_field']) ? json_encode($data['custom_field']) : json_encode(array())) . "', newsletter = '" . (int)$data['newsletter'] . "', salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "', status = '" . (int)$data['status'] . "', safe = '" . (int)$data['safe'] . "', date_added = NOW()");
$this->db->query("INSERT INTO " . DB_PREFIX . "customer SET customer_group_id = '" . (int)$data['customer_group_id'] . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', custom_field = '" . $this->db->escape(isset($data['custom_field']) ? json_encode($data['custom_field']) : json_encode(array())) . "', newsletter = '" . (int)$data['newsletter'] . "', salt = '', password = '" . $this->db->escape(password_hash($data['password'], PASSWORD_DEFAULT)) . "', status = '" . (int)$data['status'] . "', safe = '" . (int)$data['safe'] . "', date_added = NOW()");

$customer_id = $this->db->getLastId();

Expand All @@ -28,7 +28,7 @@ public function editCustomer($customer_id, $data) {
$this->db->query("UPDATE " . DB_PREFIX . "customer SET customer_group_id = '" . (int)$data['customer_group_id'] . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', custom_field = '" . $this->db->escape(isset($data['custom_field']) ? json_encode($data['custom_field']) : json_encode(array())) . "', newsletter = '" . (int)$data['newsletter'] . "', status = '" . (int)$data['status'] . "', safe = '" . (int)$data['safe'] . "' WHERE customer_id = '" . (int)$customer_id . "'");

if ($data['password']) {
$this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "' WHERE customer_id = '" . (int)$customer_id . "'");
$this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '', password = '" . $this->db->escape(password_hash($data['password'], PASSWORD_DEFAULT)) . "' WHERE customer_id = '" . (int)$customer_id . "'");
}

$this->db->query("DELETE FROM " . DB_PREFIX . "address WHERE customer_id = '" . (int)$customer_id . "'");
Expand Down
8 changes: 4 additions & 4 deletions upload/admin/model/user/user.php
View file
Open in desktop
@@ -1,7 +1,7 @@
<?php
class ModelUserUser extends Model {
public function addUser($data) {
$this->db->query("INSERT INTO `" . DB_PREFIX . "user` SET username = '" . $this->db->escape($data['username']) . "', user_group_id = '" . (int)$data['user_group_id'] . "', salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', image = '" . $this->db->escape($data['image']) . "', status = '" . (int)$data['status'] . "', date_added = NOW()");
$this->db->query("INSERT INTO `" . DB_PREFIX . "user` SET username = '" . $this->db->escape($data['username']) . "', user_group_id = '" . (int)$data['user_group_id'] . "', salt = '', password = '" . $this->db->escape(password_hash($data['password'], PASSWORD_DEFAULT)) . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', image = '" . $this->db->escape($data['image']) . "', status = '" . (int)$data['status'] . "', date_added = NOW()");

return $this->db->getLastId();
}
Expand All @@ -10,12 +10,12 @@ public function editUser($user_id, $data) {
$this->db->query("UPDATE `" . DB_PREFIX . "user` SET username = '" . $this->db->escape($data['username']) . "', user_group_id = '" . (int)$data['user_group_id'] . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', image = '" . $this->db->escape($data['image']) . "', status = '" . (int)$data['status'] . "' WHERE user_id = '" . (int)$user_id . "'");

if ($data['password']) {
$this->db->query("UPDATE `" . DB_PREFIX . "user` SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "' WHERE user_id = '" . (int)$user_id . "'");
$this->db->query("UPDATE `" . DB_PREFIX . "user` SET salt = '', password = '" . $this->db->escape(password_hash($data['password'], PASSWORD_DEFAULT)) . "' WHERE user_id = '" . (int)$user_id . "'");
}
}

public function editPassword($user_id, $password) {
$this->db->query("UPDATE `" . DB_PREFIX . "user` SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($password)))) . "', code = '' WHERE user_id = '" . (int)$user_id . "'");
$this->db->query("UPDATE `" . DB_PREFIX . "user` SET salt = '', password = '" . $this->db->escape(password_hash($password, PASSWORD_DEFAULT)) . "', code = '' WHERE user_id = '" . (int)$user_id . "'");
}

public function editCode($email, $code) {
Expand Down Expand Up @@ -105,4 +105,4 @@ public function getTotalUsersByEmail($email) {

return $query->row['total'];
}
}
}
6 changes: 3 additions & 3 deletions upload/catalog/model/account/customer.php
View file
Open in desktop
Expand Up @@ -11,7 +11,7 @@ public function addCustomer($data) {

$customer_group_info = $this->model_account_customer_group->getCustomerGroup($customer_group_id);

$this->db->query("INSERT INTO " . DB_PREFIX . "customer SET customer_group_id = '" . (int)$customer_group_id . "', store_id = '" . (int)$this->config->get('config_store_id') . "', language_id = '" . (int)$this->config->get('config_language_id') . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', custom_field = '" . $this->db->escape(isset($data['custom_field']['account']) ? json_encode($data['custom_field']['account']) : '') . "', salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "', newsletter = '" . (isset($data['newsletter']) ? (int)$data['newsletter'] : 0) . "', ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', status = '" . (int)!$customer_group_info['approval'] . "', date_added = NOW()");
$this->db->query("INSERT INTO " . DB_PREFIX . "customer SET customer_group_id = '" . (int)$customer_group_id . "', store_id = '" . (int)$this->config->get('config_store_id') . "', language_id = '" . (int)$this->config->get('config_language_id') . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', custom_field = '" . $this->db->escape(isset($data['custom_field']['account']) ? json_encode($data['custom_field']['account']) : '') . "', salt = '', password = '" . $this->db->escape(password_hash($data['password'], PASSWORD_DEFAULT)) . "', newsletter = '" . (isset($data['newsletter']) ? (int)$data['newsletter'] : 0) . "', ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', status = '" . (int)!$customer_group_info['approval'] . "', date_added = NOW()");

$customer_id = $this->db->getLastId();

Expand All @@ -27,7 +27,7 @@ public function editCustomer($customer_id, $data) {
}

public function editPassword($email, $password) {
$this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '" . $this->db->escape($salt = token(9)) . "', password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($password)))) . "', code = '' WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'");
$this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '', password = '" . $this->db->escape(password_hash($data['password'], PASSWORD_DEFAULT)) . "', code = '' WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'");
}

public function editAddressId($customer_id, $address_id) {
Expand Down Expand Up @@ -149,4 +149,4 @@ public function getAffiliateByTracking($tracking) {

return $query->row;
}
}
}
4 changes: 2 additions & 2 deletions upload/install/opencart.sql
View file
Open in desktop
Expand Up @@ -973,7 +973,7 @@ CREATE TABLE `oc_customer` (
`email` varchar(96) NOT NULL,
`telephone` varchar(32) NOT NULL,
`fax` varchar(32) NOT NULL,
`password` varchar(40) NOT NULL,
`password` varchar(255) NOT NULL,
`salt` varchar(9) NOT NULL,
`cart` text,
`wishlist` text,
Expand Down Expand Up @@ -3708,7 +3708,7 @@ CREATE TABLE `oc_user` (
`user_id` int(11) NOT NULL AUTO_INCREMENT,
`user_group_id` int(11) NOT NULL,
`username` varchar(20) NOT NULL,
`password` varchar(40) NOT NULL,
`password` varchar(255) NOT NULL,
`salt` varchar(9) NOT NULL,
`firstname` varchar(32) NOT NULL,
`lastname` varchar(32) NOT NULL,
Expand Down
23 changes: 16 additions & 7 deletions upload/system/library/cart/customer.php
View file
Open in desktop
Expand Up @@ -43,13 +43,22 @@ public function __construct($registry) {
}

public function login($email, $password, $override = false) {
if ($override) {
$customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "' AND status = '1'");
} else {
$customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "' AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '" . $this->db->escape(md5($password)) . "') AND status = '1'");
}
$customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "' AND status = '1'");

if ($customer_query->num_rows) {

if (!$override) {
if (password_verify($password, $customer_query->row['password'])) {
if (password_needs_rehash($password_hashed, PASSWORD_DEFAULT)) {
$new_password_hashed = password_hash($password, PASSWORD_DEFAULT);
}
} elseif ($customer_query->row['password'] == sha1($customer_query->row['salt'] . sha1($customer_query->row['salt'] . sha1($password))) || $customer_query->row['password'] == md5($password)) {
$new_password_hashed = password_hash($password, PASSWORD_DEFAULT);
} else {
return false;
}
}

$this->session->data['customer_id'] = $customer_query->row['customer_id'];

$this->customer_id = $customer_query->row['customer_id'];
Expand All @@ -60,8 +69,8 @@ public function login($email, $password, $override = false) {
$this->telephone = $customer_query->row['telephone'];
$this->newsletter = $customer_query->row['newsletter'];
$this->address_id = $customer_query->row['address_id'];
$this->db->query("UPDATE " . DB_PREFIX . "customer SET language_id = '" . (int)$this->config->get('config_language_id') . "', ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "' WHERE customer_id = '" . (int)$this->customer_id . "'");

$this->db->query("UPDATE " . DB_PREFIX . "customer SET " . ((isset($new_password_hashed)) ? "salt = '', password = '" . $this->db->escape($new_password_hashed) . "', " : "") . "language_id = '" . (int)$this->config->get('config_language_id') . "', ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "' WHERE customer_id = '" . (int)$this->customer_id . "'");

return true;
} else {
Expand Down
19 changes: 17 additions & 2 deletions upload/system/library/cart/user.php
View file
Open in desktop
Expand Up @@ -37,14 +37,29 @@ public function __construct($registry) {
}

public function login($username, $password) {
$user_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "user WHERE username = '" . $this->db->escape($username) . "' AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '" . $this->db->escape(md5($password)) . "') AND status = '1'");
$user_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "user WHERE username = '" . $this->db->escape($username) . "' AND status = '1'");

if ($user_query->num_rows) {

if (password_verify($password, $user_query->row['password'])) {
if (password_needs_rehash($password_hashed, PASSWORD_DEFAULT)) {
$new_password_hashed = password_hash($password, PASSWORD_DEFAULT);
}
} elseif ($user_query->row['password'] == sha1($user_query->row['salt'] . sha1($user_query->row['salt'] . sha1($password))) || $user_query->row['password'] == md5($password)) {
$new_password_hashed = password_hash($password, PASSWORD_DEFAULT);
} else {
return false;
}

$this->session->data['user_id'] = $user_query->row['user_id'];

$this->user_id = $user_query->row['user_id'];
$this->username = $user_query->row['username'];
$this->user_group_id = $user_query->row['user_group_id'];

if (isset($new_password_hashed)) {
$this->db->query("UPDATE " . DB_PREFIX . "user SET salt = '', password = '" . $this->db->escape($new_password_hashed) . "' WHERE user_id = '" . (int)$this->user_id . "'");
}

$user_group_query = $this->db->query("SELECT permission FROM " . DB_PREFIX . "user_group WHERE user_group_id = '" . (int)$user_query->row['user_group_id'] . "'");

Expand Down Expand Up @@ -92,4 +107,4 @@ public function getUserName() {
public function getGroupId() {
return $this->user_group_id;
}
}
}