RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix PHP Warning on user login

Browse Source 
While at it, I also extracted the hash function into it's own getHash
method. This will allow easy changes to hashing for string in the
future.

Fixes #382
This commit is contained in:
Sebastian Grewe 2013-07-05 22:56:22 +02:00
parent 346d9656d8
commit 9b81d48e72
1 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
public/include/classes/user.class.php
View File

@ -26,6 +26,9 @@ class User {
public function getError() { public function getError() {
return $this->sError; return $this->sError;
} }
private function getHash($string) {
return hash('sha256', $string.$this->salt);
}
public function getUserName($id) { public function getUserName($id) {
return $this->getSingle($id, 'username', 'id'); return $this->getSingle($id, 'username', 'id');
} }
@ -68,7 +71,7 @@ class User {
return $this->updateSingle($id, $field); return $this->updateSingle($id, $field);
} }
public function setUserToken($id) { public function setUserToken($id) {
$field = array('name' => 'token', 'type' => 's', 'value' => hash('sha256', $id.time().$this->salt)); $field = array('name' => 'token', 'type' => 's', 'value' => setHash($id.time()));
return $this->updateSingle($id, $field); return $this->updateSingle($id, $field);
} }
public function setUserFailed($id, $value) { public function setUserFailed($id, $value) {
@ -135,7 +138,7 @@ class User {
$this->debug->append("STA " . __METHOD__, 4); $this->debug->append("STA " . __METHOD__, 4);
$this->debug->append("Confirming PIN for $userId and pin $pin", 2); $this->debug->append("Confirming PIN for $userId and pin $pin", 2);
$stmt = $this->mysqli->prepare("SELECT pin FROM $this->table WHERE id=? AND pin=? LIMIT 1"); $stmt = $this->mysqli->prepare("SELECT pin FROM $this->table WHERE id=? AND pin=? LIMIT 1");
$pin_hash = hash('sha256', $pin.$this->salt); $pin_hash = $this->getHash($pin);
$stmt->bind_param('is', $userId, $pin_hash); $stmt->bind_param('is', $userId, $pin_hash);
$stmt->execute(); $stmt->execute();
$stmt->bind_result($row_pin); $stmt->bind_result($row_pin);
@ -254,8 +257,8 @@ class User {
$this->setErrorMessage( 'New password is too short, please use more than 8 chars' ); $this->setErrorMessage( 'New password is too short, please use more than 8 chars' );
return false; return false;
} }
$current = hash('sha256', $current.$this->salt); $current = $this->getHash($current);
$new = hash('sha256', $new1.$this->salt); $new = $this->getHash($new1);
$stmt = $this->mysqli->prepare("UPDATE $this->table SET pass = ? WHERE ( id = ? AND pass = ? )"); $stmt = $this->mysqli->prepare("UPDATE $this->table SET pass = ? WHERE ( id = ? AND pass = ? )");
if ($this->checkStmt($stmt)) { if ($this->checkStmt($stmt)) {
$stmt->bind_param('sis', $new, $userID, $current); $stmt->bind_param('sis', $new, $userID, $current);
@ -345,9 +348,10 @@ class User {
private function checkUserPassword($username, $password) { private function checkUserPassword($username, $password) {
$this->debug->append("STA " . __METHOD__, 4); $this->debug->append("STA " . __METHOD__, 4);
$user = array(); $user = array();
$password_hash = $this->getHash($password);
$stmt = $this->mysqli->prepare("SELECT username, id, is_admin FROM $this->table WHERE username=? AND pass=? LIMIT 1"); $stmt = $this->mysqli->prepare("SELECT username, id, is_admin FROM $this->table WHERE username=? AND pass=? LIMIT 1");
if ($this->checkStmt($stmt)) { if ($this->checkStmt($stmt)) {
$stmt->bind_param('ss', $username, hash('sha256', $password.$this->salt)); $stmt->bind_param('ss', $username, $password_hash);
$stmt->execute(); $stmt->execute();
$stmt->bind_result($row_username, $row_id, $row_admin); $stmt->bind_result($row_username, $row_id, $row_admin);
$stmt->fetch(); $stmt->fetch();
@ -468,9 +472,9 @@ class User {
} }
// Create hashed strings using original string and salt // Create hashed strings using original string and salt
$password_hash = hash('sha256', $password1.$this->salt); $password_hash = $this->getHash($password1);
$pin_hash = hash('sha256', $pin.$this->salt); $pin_hash = $this->getHash($pin);
$apikey_hash = hash('sha256', $username.$this->salt); $apikey_hash = $this->getHash($username);
if ($this->checkStmt($stmt) && $stmt->bind_param('sssss', $username, $password_hash, $email1, $pin_hash, $apikey_hash)) { if ($this->checkStmt($stmt) && $stmt->bind_param('sssss', $username, $password_hash, $email1, $pin_hash, $apikey_hash)) {
if (!$stmt->execute()) { if (!$stmt->execute()) {
@ -502,9 +506,9 @@ class User {
$this->setErrorMessage( 'New password is too short, please use more than 8 chars' ); $this->setErrorMessage( 'New password is too short, please use more than 8 chars' );
return false; return false;
} }
$new = hash('sha256', $new1.$this->salt); $new_hash = $this->getHash($new1);
$stmt = $this->mysqli->prepare("UPDATE $this->table SET pass = ?, token = NULL WHERE id = ? AND token = ?"); $stmt = $this->mysqli->prepare("UPDATE $this->table SET pass = ?, token = NULL WHERE id = ? AND token = ?");
if ($this->checkStmt($stmt) && $stmt->bind_param('sis', $new, $id, $token) && $stmt->execute() && $stmt->affected_rows === 1) { if ($this->checkStmt($stmt) && $stmt->bind_param('sis', $new_hash, $id, $token) && $stmt->execute() && $stmt->affected_rows === 1) {
return true; return true;
} }
} else { } else {