openrat-cms

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs
commit 2ab7d7ad9cc43b59935a40b2f481b823840aff98
parent ffdc8fd9f6afa78c45c6ee8c259c2116c56661ce
Author: Jan Dankert <devnull@localhost>
Date:   Wed, 12 Dec 2018 22:53:04 +0100

Methoden als statisch markieren, wenn diese so aufgerufen werden.

Diffstat:

modules/cms-core/auth/InternalAuth.class.php | 4+---


modules/cms-core/model/User.class.php | 23+++++++++++++----------


2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/modules/cms-core/auth/InternalAuth.class.php b/modules/cms-core/auth/InternalAuth.class.php
@@ -19,10 +19,8 @@ class InternalAuth implements Auth
 	 */
 	function login( $username, $password,$token )
 	{
-		$db = db_connection();
-		
 		// Lesen des Benutzers aus der DB-Tabelle
-		$sql = $db->sql( <<<SQL
+		$sql = db()->sql( <<<SQL
 SELECT * FROM {{user}}
  WHERE name={name}
 SQL
diff --git a/modules/cms-core/model/User.class.php b/modules/cms-core/model/User.class.php
@@ -82,13 +82,15 @@ class User extends ModelBase
 	}
 
 
-	// Lesen Benutzer aus der Datenbank
-	function getAllUsers()
+    /**
+     * Get all users.
+     *
+     * @return array with user objects
+     */
+	public static function getAllUsers()
 	{
 		$list = array();
-		$db = db_connection();
-
-		$sql = $db->sql( 'SELECT * '.
+		$sql = db()->sql( 'SELECT * '.
 		                '  FROM {{user}}'.
 		                '  ORDER BY name' );
 
@@ -584,7 +586,7 @@ SQL
 			$sql->setInt('expires',$expire);
 		
 		$sql->setInt   ('algo'    ,$algo                                                  );
-		$sql->setString('password',Password::hash($this->pepperPassword($password),$algo) );
+		$sql->setString('password',Password::hash(User::pepperPassword($password),$algo) );
 		$sql->setInt   ('userid'  ,$this->userid  );
 
 		$sql->query();
@@ -895,7 +897,7 @@ SQL
 		$row_user = $sql->getRow();
 		
 		// Pruefen ob Kennwort mit Datenbank uebereinstimmt.
-		return Password::check($this->pepperPassword($password),$row_user['password_hash'],$row_user['password_algo']);
+		return Password::check(User::pepperPassword($password),$row_user['password_hash'],$row_user['password_algo']);
 	}
 	
 	
@@ -938,10 +940,11 @@ SQL
 	 * @param Kennwort
 	 * @return Das gepfefferte Kennwort
 	 */
-	public function pepperPassword( $pass )
+	public static function pepperPassword( $pass )
 	{
-		global $conf;
-		return $conf['security']['password']['pepper'].$pass;
+		$salt = Conf()->subset('security')->subset('password')->get('pepper');
+
+		return $salt.$pass;
 	}