From c484c1e7374e0b21930c1d6094292cb8f895bd6b Mon Sep 17 00:00:00 2001 From: flashwave Date: Mon, 1 Aug 2016 22:57:10 +0200 Subject: [PATCH] Revert "an attempt at something" This reverts commit 20d7d4b9b627ce51d5312b5d0fbdf3b21207565c. --- app/Controllers/AuthController.php | 15 +++++-- app/Controllers/MetaController.php | 5 --- .../Settings/AdvancedController.php | 2 +- app/Notification.php | 8 ++-- app/User.php | 45 +++++++++---------- utility.php | 19 -------- 6 files changed, 39 insertions(+), 55 deletions(-) diff --git a/app/Controllers/AuthController.php b/app/Controllers/AuthController.php index 938f102..059ac5d 100644 --- a/app/Controllers/AuthController.php +++ b/app/Controllers/AuthController.php @@ -124,7 +124,7 @@ class AuthController extends Controller return Template::render('global/information'); } - if ($user->passwordExpired()) { + if (strlen($user->password) < 1) { $message = 'Your password expired.'; $redirect = Router::route('auth.resetpassword'); Template::vars(compact('message', 'redirect')); @@ -132,7 +132,7 @@ class AuthController extends Controller return Template::render('global/information'); } - if (!$user->verifyPassword($password)) { + if (!password_verify($password, $user->password)) { $this->touchRateLimit($user->id); $message = 'The password you entered was invalid.'; Template::vars(compact('message', 'redirect')); @@ -552,7 +552,16 @@ class AuthController extends Controller return Template::render('global/information'); } - $user->setPassword($password); + // Hash the password + $password = password_hash($password, PASSWORD_BCRYPT); + + // Update the user + DB::table('users') + ->where('user_id', $user->id) + ->update([ + 'password' => $password, + 'password_chan' => time(), + ]); $message = "Changed your password! You may now log in."; $redirect = Router::route('auth.login'); diff --git a/app/Controllers/MetaController.php b/app/Controllers/MetaController.php index ae19a08..70b33d3 100644 --- a/app/Controllers/MetaController.php +++ b/app/Controllers/MetaController.php @@ -12,7 +12,6 @@ use Sakura\DB; use Sakura\News\Category; use Sakura\Template; use Sakura\User; -use Sakura\UserTest; /** * Meta page controllers (sections that aren't big enough to warrant a dedicated controller). @@ -29,10 +28,6 @@ class MetaController extends Controller */ public function index() { - $test = new UserTest(1); - - echo $test->country(true); - // Get the newest user $newestUserId = DB::table('users') ->whereNotIn('rank_main', [config('rank.banned'), config('rank.inactive')]) diff --git a/app/Controllers/Settings/AdvancedController.php b/app/Controllers/Settings/AdvancedController.php index 8b9ed85..4a49eac 100644 --- a/app/Controllers/Settings/AdvancedController.php +++ b/app/Controllers/Settings/AdvancedController.php @@ -114,7 +114,7 @@ class AdvancedController extends Controller } // Check password - if (!ActiveUser::$user->passwordVerify($password)) { + if (!password_verify($password, ActiveUser::$user->password)) { $message = "Your password was invalid!"; Template::vars(compact('redirect', 'message')); return Template::render('global/information'); diff --git a/app/Notification.php b/app/Notification.php index d619324..68d0387 100644 --- a/app/Notification.php +++ b/app/Notification.php @@ -36,15 +36,15 @@ class Notification if ($data) { $data = $data[0]; - $this->id = intval($data->alert_id); - $this->user = intval($data->user_id); - $this->time = intval($data->alert_timestamp); + $this->id = $data->alert_id; + $this->user = $data->user_id; + $this->time = $data->alert_timestamp; $this->read = intval($data->alert_read) !== 0; $this->title = $data->alert_title; $this->text = $data->alert_text; $this->link = $data->alert_link; $this->image = $data->alert_img; - $this->timeout = intval($data->alert_timeout); + $this->timeout = $data->alert_timeout; } } diff --git a/app/User.php b/app/User.php index e39d27d..b57bd91 100644 --- a/app/User.php +++ b/app/User.php @@ -45,7 +45,28 @@ class User * * @var string */ - public $password = ''; + public $passwordHash = ''; + + /** + * The user's password salt. + * + * @var string + */ + public $passwordSalt = ''; + + /** + * The user's password algorithm. + * + * @var string + */ + public $passwordAlgo = 'disabled'; + + /** + * The password iterations. + * + * @var int + */ + public $passwordIter = 0; /** * UNIX timestamp of last time the password was changed. @@ -1098,28 +1119,6 @@ class User ]); } - /** - * Check if password expired - * - * @return bool - */ - public function passwordExpired() - { - return strlen($this->password) < 1; - } - - /** - * Verify the user's password - * - * @param string $password - * - * @return bool - */ - public function verifyPassword($password) - { - return password_verify($password, $this->password); - } - /** * Get all the notifications for this user. * diff --git a/utility.php b/utility.php index ed1ae43..c6747df 100644 --- a/utility.php +++ b/utility.php @@ -41,25 +41,6 @@ function view($name, $vars = []) return Template::render($name); } -// Convert camel case to snake case -function camel_to_snake($text) -{ - return ltrim(strtolower(preg_replace('#[A-Z]#', '_$0', $text)), '_'); -} - -// Convert snake case to camel case -function snake_to_camel($text) -{ - $split = explode('_', $text); - $name = array_shift($split); - - foreach ($split as $part) { - $name .= ucfirst($part); - } - - return $name; -} - function clean_string($string, $lower = false, $noSpecial = false, $replaceSpecial = '') { // Run common sanitisation function over string