Changeset 33 for trunk/actions

Timestamp:

09/03/05 22:42:52 (7 years ago)

Author:

alexx

Message:

• Auth: Remove MySQL PASSWORD hashing method to hash password, replace by MD5 hashing, add code to make a smooth transition between hashing method
• XML engine: Fix a trivial recent bug in dotnode-xml.php
• Robots: fix a bug in crontab script robots/launch_robots.sh (add cd dirname $0)
• CSS: Add max_width to image in blog (work on Mozilla/*, Opera but not good on Safari (no proportional resizing), of course, that doesn't work on IE)
• DB: changing DB structure !!!

  ALTER TABLE `user` ADD `passwd_md5` CHAR( 32 ) NOT NULL AFTER `passwd` ;
  ALTER TABLE `user` CHANGE `passwd` `passwd` VARCHAR( 42 ) NULL ;
  ALTER TABLE `dntp_translator` ADD `passwd_md5` CHAR( 32 ) NOT NULL AFTER `passwd` ;
  ALTER TABLE `dntp_translator` CHANGE `passwd` `passwd` VARCHAR( 42 ) NULL ;
  

Location:

trunk/actions

Files:

• login.action.php (modified) (1 diff)
• my/password/record.action.php (modified) (1 diff)
• my/register_translator.action.php (modified) (1 diff)
• register.action.php (modified) (1 diff)

trunk/actions/login.action.php

@@ -26 +26 @@
 if( $_POST['login'] && $_POST['passwd'])
 {
-        $values = array( $_POST['login'], $_POST['passwd'] );
+        $user =& $db->getRow('SELECT id, login, fname, lname, nick, status, passwd FROM user WHERE login=? AND (passwd_md5=? OR passwd=OLD_PASSWORD(?))', array( $_POST['login'], md5($_POST['passwd']), $_POST['passwd']));
 
-        $user =& $db->getRow('SELECT id, login, fname, lname, nick, status FROM user WHERE login=? AND passwd=PASSWORD(?)', $values);
-        if( $user )
+        if( $user['id'] )
         {
+                // If success with old password hashing method, update new passwd_md5 field
+                if(!is_null($user['passwd']))
+                        $db->query('UPDATE user SET passwd_md5=?, passwd=NULL WHERE id=?', array(md5($_POST['passwd']), $user['id']));
+        
                 session_destroy();
                 session_set_save_handler ('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');

trunk/actions/my/password/record.action.php

@@ -23 +23 @@
  ******************** http://opensource.ikse.net/projects/dotnode ***/
 
-$nb = $db->getOne('SELECT COUNT(id) FROM user WHERE id=? AND passwd=PASSWORD(?)', array($_SESSION['my_id'], $_POST['oldpasswd']));
-//print_r($nb);
+$nb = $db->getOne('SELECT COUNT(id) FROM user WHERE id=? AND passwd_md5=?', array($_SESSION['my_id'], md5($_POST['oldpasswd'])));
+
 if($nb == 1 || isset($_SESSION['old_password']))
 {
         if($_POST['passwd1'] == $_POST['passwd2'] && strlen($_POST['passwd1']) >3)
         {
-                $db->query('UPDATE user SET passwd=PASSWORD(?) WHERE id=?', array($_POST['passwd1'], $_SESSION['my_id']) );
+                $db->query('UPDATE user SET passwd_md5=? WHERE id=?', array(md5($_POST['passwd1']), $_SESSION['my_id']) );
                 header('Location: /my');
         }

trunk/actions/my/register_translator.action.php

@@ -23 +23 @@
  ******************** http://opensource.ikse.net/projects/dotnode ***/
 
-$passwd = $db->getOne('SELECT passwd FROM user WHERE id=?', array($_SESSION['my_id']));
+$passwd = $db->getOne('SELECT passwd_md5 FROM user WHERE id=?', array($_SESSION['my_id']));
 $data = array(
         'id_dotnode' => $_SESSION['my_id'],
         'login' => $_SESSION['my_login'],
-        'passwd' => $passwd,
+        'passwd_md5' => $passwd,
         'comment' => stripslashes($_POST['comment']),
         'status' => 'waiting',

trunk/actions/register.action.php

@@ -39 +39 @@
                                 'id'            => $_SESSION['my_id'],
                                 'login'         => $login,
-                                'passwd'        => $db->getOne('SELECT PASSWORD(?)', array($_POST['passwd'])),
+                                'passwd_md5'    => md5($_POST['passwd']),
                                 'fname'         => $_SESSION['my_fname'],
                                 'lname'         => $_SESSION['my_lname'],