redid the password references commit
This commit is contained in:
parent
c484c1e737
commit
be6e44df25
3 changed files with 30 additions and 37 deletions
|
|
@ -94,8 +94,8 @@ class AuthController extends Controller
|
||||||
$redirect = Router::route('auth.login');
|
$redirect = Router::route('auth.login');
|
||||||
|
|
||||||
// Get request variables
|
// Get request variables
|
||||||
$username = isset($_REQUEST['username']) ? $_REQUEST['username'] : null;
|
$username = $_REQUEST['username'] ?? null;
|
||||||
$password = isset($_REQUEST['password']) ? $_REQUEST['password'] : null;
|
$password = $_REQUEST['password'] ?? null;
|
||||||
$remember = isset($_REQUEST['remember']);
|
$remember = isset($_REQUEST['remember']);
|
||||||
|
|
||||||
// Check if we haven't hit the rate limit
|
// Check if we haven't hit the rate limit
|
||||||
|
|
@ -124,7 +124,7 @@ class AuthController extends Controller
|
||||||
return Template::render('global/information');
|
return Template::render('global/information');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (strlen($user->password) < 1) {
|
if ($user->passwordExpired()) {
|
||||||
$message = 'Your password expired.';
|
$message = 'Your password expired.';
|
||||||
$redirect = Router::route('auth.resetpassword');
|
$redirect = Router::route('auth.resetpassword');
|
||||||
Template::vars(compact('message', 'redirect'));
|
Template::vars(compact('message', 'redirect'));
|
||||||
|
|
@ -132,7 +132,7 @@ class AuthController extends Controller
|
||||||
return Template::render('global/information');
|
return Template::render('global/information');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!password_verify($password, $user->password)) {
|
if (!$user->verifyPassword($password)) {
|
||||||
$this->touchRateLimit($user->id);
|
$this->touchRateLimit($user->id);
|
||||||
$message = 'The password you entered was invalid.';
|
$message = 'The password you entered was invalid.';
|
||||||
Template::vars(compact('message', 'redirect'));
|
Template::vars(compact('message', 'redirect'));
|
||||||
|
|
@ -552,16 +552,7 @@ class AuthController extends Controller
|
||||||
return Template::render('global/information');
|
return Template::render('global/information');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Hash the password
|
$user->setPassword($password);
|
||||||
$password = password_hash($password, PASSWORD_BCRYPT);
|
|
||||||
|
|
||||||
// Update the user
|
|
||||||
DB::table('users')
|
|
||||||
->where('user_id', $user->id)
|
|
||||||
->update([
|
|
||||||
'password' => $password,
|
|
||||||
'password_chan' => time(),
|
|
||||||
]);
|
|
||||||
|
|
||||||
$message = "Changed your password! You may now log in.";
|
$message = "Changed your password! You may now log in.";
|
||||||
$redirect = Router::route('auth.login');
|
$redirect = Router::route('auth.login');
|
||||||
|
|
|
||||||
|
|
@ -114,7 +114,7 @@ class AdvancedController extends Controller
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check password
|
// Check password
|
||||||
if (!password_verify($password, ActiveUser::$user->password)) {
|
if (!ActiveUser::$user->verifyPassword($password)) {
|
||||||
$message = "Your password was invalid!";
|
$message = "Your password was invalid!";
|
||||||
Template::vars(compact('redirect', 'message'));
|
Template::vars(compact('redirect', 'message'));
|
||||||
return Template::render('global/information');
|
return Template::render('global/information');
|
||||||
|
|
|
||||||
46
app/User.php
46
app/User.php
|
|
@ -45,28 +45,7 @@ class User
|
||||||
*
|
*
|
||||||
* @var string
|
* @var string
|
||||||
*/
|
*/
|
||||||
public $passwordHash = '';
|
public $password = '';
|
||||||
|
|
||||||
/**
|
|
||||||
* The user's password salt.
|
|
||||||
*
|
|
||||||
* @var string
|
|
||||||
*/
|
|
||||||
public $passwordSalt = '';
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The user's password algorithm.
|
|
||||||
*
|
|
||||||
* @var string
|
|
||||||
*/
|
|
||||||
public $passwordAlgo = 'disabled';
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The password iterations.
|
|
||||||
*
|
|
||||||
* @var int
|
|
||||||
*/
|
|
||||||
public $passwordIter = 0;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* UNIX timestamp of last time the password was changed.
|
* UNIX timestamp of last time the password was changed.
|
||||||
|
|
@ -306,6 +285,7 @@ class User
|
||||||
$this->username = $userRow->username;
|
$this->username = $userRow->username;
|
||||||
$this->usernameClean = $userRow->username_clean;
|
$this->usernameClean = $userRow->username_clean;
|
||||||
$this->password = $userRow->password;
|
$this->password = $userRow->password;
|
||||||
|
$this->passwordChan = $userRow->passwordChan;
|
||||||
$this->email = $userRow->email;
|
$this->email = $userRow->email;
|
||||||
$this->mainRankId = $userRow->rank_main;
|
$this->mainRankId = $userRow->rank_main;
|
||||||
$this->colour = $userRow->user_colour;
|
$this->colour = $userRow->user_colour;
|
||||||
|
|
@ -1119,6 +1099,28 @@ class User
|
||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if password expired
|
||||||
|
*
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function passwordExpired()
|
||||||
|
{
|
||||||
|
return strlen($this->password) < 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Verify the user's password
|
||||||
|
*
|
||||||
|
* @param string $password
|
||||||
|
*
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function verifyPassword($password)
|
||||||
|
{
|
||||||
|
return password_verify($password, $this->password);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get all the notifications for this user.
|
* Get all the notifications for this user.
|
||||||
*
|
*
|
||||||
|
|
|
||||||
Reference in a new issue