openrat-cms

commit 635f14443ecbfdf3d7c7f2644fcc1963f02f9425
parent b40ea13df935b8a573e84bc9eedaad81595b18ff
Author: Jan Dankert <devnull@localhost>
Date:   Sun,  5 Nov 2017 00:30:14 +0100

Beim Login das Kennwort neu hashen, sofern es einen besseren Hash-Algorhythmus gibt. Setzen des Zeitpunktes des Logins.

Diffstat:
action/LoginAction.class.php
 | 
50
+++++++++++++++++++++++++++++++++-----------------
model/User.class.php
 | 
33
++++++++++++++++++++++++++++++---

2 files changed, 63 insertions(+), 20 deletions(-)
diff --git a/action/LoginAction.class.php b/action/LoginAction.class.php
@@ -148,7 +148,9 @@ class LoginAction extends Action
 				
 				// Das neue Kennwort ist gesetzt, die Anmeldung ist also doch noch gelungen. 
 				$ok = true;
-				$mustChangePassword = false;
+				$mustChangePassword = false;
+				
+				$pw = $pw1;
 			}
 		}
 		
@@ -158,13 +160,19 @@ class LoginAction extends Action
 			// Login war erfolgreich!
 			$user->load();
 			$user->setCurrent();
-			Logger::info( 'login successful' );
+			
+			if ($user->passwordAlgo != Password::bestAlgoAvailable() )
+    			// Re-Hash the password with a better hash algo.
+			    $user->setPassword($pw);
+			
+			
+			Logger::info( "login successful for {$user->name} from IP $ip" );
 
 			return true;
 		}
 		else
 		{
-			Logger::info( "login for user $name failed" );
+			Logger::info( "login failed for user {$user->name} from IP $ip" );
 
 			return false;
 		}
@@ -929,7 +937,13 @@ class LoginAction extends Action
 				// Benutzer über den Benutzernamen laden.
 				$user = User::loadWithName($loginName);
 				$user->loginModuleName = $lastModule;
-				Session::setUser($user);
+// 				Session::setUser($user);
+                $user->setCurrent();
+                
+                if ($user->passwordAlgo != Password::bestAlgoAvailable() )
+                    // Re-Hash the password with a better hash algo.
+                    $user->setPassword($loginPassword);
+                
 			}
 			catch( ObjectNotFoundException $ex )
 			{
@@ -954,35 +968,37 @@ class LoginAction extends Action
 		}
 		
 		
+	    $ip = getenv("REMOTE_ADDR");
 		
 		if	( !$loginOk )
 		{
 			// Anmeldung nicht erfolgreich
 			sleep(3);
-			Logger::debug("Login failed for user '$loginName'");
-			
-			if	( $mustChangePassword )
-			{
-				// Anmeldung gescheitert, Benutzer muss Kennwort ?ndern.
+			Logger::debug("Login failed for user '$loginName' from IP $ip");
+			
+			if	( $mustChangePassword )
+			{
+				// Anmeldung gescheitert, Benutzer muss Kennwort ?ndern.
 				$this->addNotice('user',$loginName,'LOGIN_FAILED_MUSTCHANGEPASSWORD','error' );
 				$this->addValidationError('password1','');
 				$this->addValidationError('password2','');
-			}
+			}
 			else
-			{
+			{
 				// Anmeldung gescheitert.
 				$this->addNotice('user',$loginName,'LOGIN_FAILED','error',array('name'=>$loginName) );
-				$this->addValidationError('login_name'    ,'');
+				$this->addValidationError('login_name'    ,'');
 				$this->addValidationError('login_password','');
 			}
 
-			
-			//$this->callSubAction('login');
-			return;
+			
+			//$this->callSubAction('login');
+			return;
 		}
-		else
+		else
 		{
-			Logger::debug("Login successful for user '$loginName'");
+		    
+			Logger::debug("Login successful for user '$loginName' from IP $ip");
 
 			$this->checkGroups( $user, $groups );	
 
diff --git a/model/User.class.php b/model/User.class.php
@@ -41,6 +41,17 @@ class User extends ModelBase
 	var $projects  = array();
 	var $rights;
 	var $loginDate = 0;
+
+	var $language;
+	var $timezone;
+	var $pwExpires;
+	var $lastLogin;
+	var $otpSecret;
+	var $hotp     ;
+	var $hotpCount;
+	var $totp     ;
+	
+	
 	
 	var $mustChangePassword = false;
 	var $groups = null;
@@ -93,12 +104,27 @@ class User extends ModelBase
 	/**
 	  * Benutzer als aktiven Benutzer in die Session schreiben.
 	  */
-	function setCurrent()
+	public function setCurrent()
 	{
 		$this->loadProjects();
 		$this->loginDate = time();
 
 		Session::setUser( $this );
+		
+	    $db = db_connection();
+	    
+	    $sql = $db->sql( <<<SQL
+                     UPDATE {{user}}
+	                 SET last_login={time}
+	                 WHERE id={userid}
+SQL
+	        );
+	    $sql->setInt( 'time'  ,time() );
+	    $sql->setInt( 'userid',$this->userid  );
+	    
+	    // Datenbankabfrage ausfuehren
+	    $sql->query( $sql );
+	
 	}
 
 
@@ -296,12 +322,13 @@ SQL
 		$this->desc      = $row['descr'   ];
 		$this->language  = $row['language'];
 		$this->timezone  = $row['timezone'];
-		$this->pwExpires = $row['password_expires'];
 		$this->lastLogin = $row['last_login'];
 		$this->otpSecret = $row['otp_secret'];
 		$this->hotp      = $row['hotp'];
 		$this->hotpCount = $row['hotp_counter'];
 		$this->totp      = $row['totp'];
+		$this->passwordExpires = $row['password_expires'];
+		$this->passwordAlgo    = $row['password_algo'];
 		
 		if	( $this->fullname == '' )
 			$this->fullname = $this->name;
@@ -543,7 +570,7 @@ SQL
 			$sql->setInt('expires',$expire);
 		
 		$sql->setInt   ('algo'    ,$algo                                                  );
-		$sql->setString('password',Password::hash($this->pepperPassword($password)),$algo );
+		$sql->setString('password',Password::hash($this->pepperPassword($password),$algo) );
 		$sql->setInt   ('userid'  ,$this->userid  );
 
 		$sql->query( $sql );