Fix PHP Warning on user login
While at it, I also extracted the hash function into it's own getHash method. This will allow easy changes to hashing for string in the future. Fixes #382
This commit is contained in:
Sebastian Grewe
parent
346d9656d8
commit
9b81d48e72
@ -26,6 +26,9 @@ class User {
|
||||
public function getError() {
|
||||
return $this->sError;
|
||||
}
|
||||
private function getHash($string) {
|
||||
return hash('sha256', $string.$this->salt);
|
||||
}
|
||||
public function getUserName($id) {
|
||||
return $this->getSingle($id, 'username', 'id');
|
||||
}
|
||||
@ -68,7 +71,7 @@ class User {
|
||||
return $this->updateSingle($id, $field);
|
||||
}
|
||||
public function setUserToken($id) {
|
||||
$field = array('name' => 'token', 'type' => 's', 'value' => hash('sha256', $id.time().$this->salt));
|
||||
$field = array('name' => 'token', 'type' => 's', 'value' => setHash($id.time()));
|
||||
return $this->updateSingle($id, $field);
|
||||
}
|
||||
public function setUserFailed($id, $value) {
|
||||
@ -135,7 +138,7 @@ class User {
|
||||
$this->debug->append("STA " . __METHOD__, 4);
|
||||
$this->debug->append("Confirming PIN for $userId and pin $pin", 2);
|
||||
$stmt = $this->mysqli->prepare("SELECT pin FROM $this->table WHERE id=? AND pin=? LIMIT 1");
|
||||
$pin_hash = hash('sha256', $pin.$this->salt);
|
||||
$pin_hash = $this->getHash($pin);
|
||||
$stmt->bind_param('is', $userId, $pin_hash);
|
||||
$stmt->execute();
|
||||
$stmt->bind_result($row_pin);
|
||||
@ -254,8 +257,8 @@ class User {
|
||||
$this->setErrorMessage( 'New password is too short, please use more than 8 chars' );
|
||||
return false;
|
||||
}
|
||||
$current = hash('sha256', $current.$this->salt);
|
||||
$new = hash('sha256', $new1.$this->salt);
|
||||
$current = $this->getHash($current);
|
||||
$new = $this->getHash($new1);
|
||||
$stmt = $this->mysqli->prepare("UPDATE $this->table SET pass = ? WHERE ( id = ? AND pass = ? )");
|
||||
if ($this->checkStmt($stmt)) {
|
||||
$stmt->bind_param('sis', $new, $userID, $current);
|
||||
@ -345,9 +348,10 @@ class User {
|
||||
private function checkUserPassword($username, $password) {
|
||||
$this->debug->append("STA " . __METHOD__, 4);
|
||||
$user = array();
|
||||
$password_hash = $this->getHash($password);
|
||||
$stmt = $this->mysqli->prepare("SELECT username, id, is_admin FROM $this->table WHERE username=? AND pass=? LIMIT 1");
|
||||
if ($this->checkStmt($stmt)) {
|
||||
$stmt->bind_param('ss', $username, hash('sha256', $password.$this->salt));
|
||||
$stmt->bind_param('ss', $username, $password_hash);
|
||||
$stmt->execute();
|
||||
$stmt->bind_result($row_username, $row_id, $row_admin);
|
||||
$stmt->fetch();
|
||||
@ -468,9 +472,9 @@ class User {
|
||||
}
|
||||
|
||||
// Create hashed strings using original string and salt
|
||||
$password_hash = hash('sha256', $password1.$this->salt);
|
||||
$pin_hash = hash('sha256', $pin.$this->salt);
|
||||
$apikey_hash = hash('sha256', $username.$this->salt);
|
||||
$password_hash = $this->getHash($password1);
|
||||
$pin_hash = $this->getHash($pin);
|
||||
$apikey_hash = $this->getHash($username);
|
||||
|
||||
if ($this->checkStmt($stmt) && $stmt->bind_param('sssss', $username, $password_hash, $email1, $pin_hash, $apikey_hash)) {
|
||||
if (!$stmt->execute()) {
|
||||
@ -502,9 +506,9 @@ class User {
|
||||
$this->setErrorMessage( 'New password is too short, please use more than 8 chars' );
|
||||
return false;
|
||||
}
|
||||
$new = hash('sha256', $new1.$this->salt);
|
||||
$new_hash = $this->getHash($new1);
|
||||
$stmt = $this->mysqli->prepare("UPDATE $this->table SET pass = ?, token = NULL WHERE id = ? AND token = ?");
|
||||
if ($this->checkStmt($stmt) && $stmt->bind_param('sis', $new, $id, $token) && $stmt->execute() && $stmt->affected_rows === 1) {
|
||||
if ($this->checkStmt($stmt) && $stmt->bind_param('sis', $new_hash, $id, $token) && $stmt->execute() && $stmt->affected_rows === 1) {
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user