improved password generating method (salt + SHA-256)
This commit is contained in:
@@ -144,7 +144,7 @@ class AdminController extends Controller
|
||||
$av = $user_info['avatar']; //if new avatar is not set
|
||||
|
||||
if ($_POST['passwd'] != '')
|
||||
$this->getModel('UsersModel')->changeUserPassword($_GET['id'], sha1($_POST['passwd']));
|
||||
$this->getModel('UsersModel')->changeUserPassword($_GET['id'], $user_info['nick'], $_POST['passwd']);
|
||||
|
||||
$this->getModel('UsersModel')->changeUserRank($_GET['id'], $_POST['user_rank']);
|
||||
$this->getModel('UsersModel')->updateUserProfile($_GET['id'], $_POST['nick'], $_POST['email'], $_POST['location'], $_POST['signature'], $av);
|
||||
|
||||
@@ -39,6 +39,7 @@ class MainController extends Controller
|
||||
public function main()
|
||||
{
|
||||
$this->loadDependencies();
|
||||
$this->loadModel('UsersModel');
|
||||
$this->getView('MainView')->main();
|
||||
}
|
||||
|
||||
@@ -538,7 +539,7 @@ class MainController extends Controller
|
||||
|
||||
if ($_POST['email'] != $user_info['email'] || $_POST['passwd'] != '')
|
||||
{
|
||||
if (sha1($_POST['passwd_old']) != $user_info['password'])
|
||||
if ($this->getModel('UsersModel')->generatePasswordHash($user_info['nick'], $_POST['passwd_old']) != $user_info['password'])
|
||||
$msg .= 'Old password is incorrect!<br>';
|
||||
}
|
||||
if ($_POST['passwd'] != '')
|
||||
@@ -590,7 +591,7 @@ class MainController extends Controller
|
||||
$av = $user_info['avatar']; //if new avatar is not set
|
||||
|
||||
if ($_POST['passwd'] != '')
|
||||
$this->getModel('UsersModel')->changeUserPassword($this->getModel('SessionModel')->getID(), sha1($_POST['passwd']));
|
||||
$this->getModel('UsersModel')->changeUserPassword($this->getModel('SessionModel')->getID(), $user_info['nick'], $_POST['passwd']);
|
||||
|
||||
$this->getModel('UsersModel')->updateUserProfile($this->getModel('SessionModel')->getID(), '', $_POST['email'], $_POST['location'], $_POST['signature'], $av);
|
||||
$this->getView('MainView')->forum_message('Your profile has changed.', buildURL('index.php?mode=viewprofile&id='.$this->getModel('SessionModel')->getID()));
|
||||
@@ -627,6 +628,7 @@ class MainController extends Controller
|
||||
{
|
||||
$this->loadDependencies();
|
||||
$this->loadModel('BansModel');
|
||||
$this->loadModel('UsersModel');
|
||||
|
||||
if ($this->getModel('SessionModel')->isLogged())
|
||||
$this->forward(buildURL('index.php'));
|
||||
@@ -636,7 +638,7 @@ class MainController extends Controller
|
||||
{
|
||||
//secure pools
|
||||
$_POST['nick'] = trim(strip_tags($this->db->real_escape_string($_POST['nick'])));
|
||||
$_POST['passwd'] = sha1(trim(strip_tags($this->db->real_escape_string($_POST['passwd']))));
|
||||
$_POST['passwd'] = $this->getModel('UsersModel')->generatePasswordHash($_POST['nick'], trim(strip_tags($this->db->real_escape_string($_POST['passwd']))));
|
||||
|
||||
$userinfo = $this->getModel('SessionModel')->tryGetUser($_POST['nick'], $_POST['passwd']);
|
||||
|
||||
@@ -700,7 +702,7 @@ class MainController extends Controller
|
||||
|
||||
if ($msg == '')
|
||||
{
|
||||
$this->getModel('UsersModel')->createNewUser($_POST['nick'], sha1($_POST['passwd']), $_POST['email']);
|
||||
$this->getModel('UsersModel')->createNewUser($_POST['nick'], $_POST['passwd'], $_POST['email']);
|
||||
$this->getView('MainView')->forum_message('Your account has created. Log in to write new posts.', buildURL('index.php'), 3);
|
||||
$lockv = true;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user