openrat-cms

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs

commit 635f14443ecbfdf3d7c7f2644fcc1963f02f9425
parent b40ea13df935b8a573e84bc9eedaad81595b18ff
Author: Jan Dankert <devnull@localhost>
Date:   Sun,  5 Nov 2017 00:30:14 +0100

Beim Login das Kennwort neu hashen, sofern es einen besseren Hash-Algorhythmus gibt. Setzen des Zeitpunktes des Logins.

Diffstat:
action/LoginAction.class.php | 50+++++++++++++++++++++++++++++++++-----------------
model/User.class.php | 33++++++++++++++++++++++++++++++---
2 files changed, 63 insertions(+), 20 deletions(-)

diff --git a/action/LoginAction.class.php b/action/LoginAction.class.php @@ -148,7 +148,9 @@ class LoginAction extends Action // Das neue Kennwort ist gesetzt, die Anmeldung ist also doch noch gelungen. $ok = true; - $mustChangePassword = false; + $mustChangePassword = false; + + $pw = $pw1; } } @@ -158,13 +160,19 @@ class LoginAction extends Action // Login war erfolgreich! $user->load(); $user->setCurrent(); - Logger::info( 'login successful' ); + + if ($user->passwordAlgo != Password::bestAlgoAvailable() ) + // Re-Hash the password with a better hash algo. + $user->setPassword($pw); + + + Logger::info( "login successful for {$user->name} from IP $ip" ); return true; } else { - Logger::info( "login for user $name failed" ); + Logger::info( "login failed for user {$user->name} from IP $ip" ); return false; } @@ -929,7 +937,13 @@ class LoginAction extends Action // Benutzer ├╝ber den Benutzernamen laden. $user = User::loadWithName($loginName); $user->loginModuleName = $lastModule; - Session::setUser($user); +// Session::setUser($user); + $user->setCurrent(); + + if ($user->passwordAlgo != Password::bestAlgoAvailable() ) + // Re-Hash the password with a better hash algo. + $user->setPassword($loginPassword); + } catch( ObjectNotFoundException $ex ) { @@ -954,35 +968,37 @@ class LoginAction extends Action } + $ip = getenv("REMOTE_ADDR"); if ( !$loginOk ) { // Anmeldung nicht erfolgreich sleep(3); - Logger::debug("Login failed for user '$loginName'"); - - if ( $mustChangePassword ) - { - // Anmeldung gescheitert, Benutzer muss Kennwort ?ndern. + Logger::debug("Login failed for user '$loginName' from IP $ip"); + + if ( $mustChangePassword ) + { + // Anmeldung gescheitert, Benutzer muss Kennwort ?ndern. $this->addNotice('user',$loginName,'LOGIN_FAILED_MUSTCHANGEPASSWORD','error' ); $this->addValidationError('password1',''); $this->addValidationError('password2',''); - } + } else - { + { // Anmeldung gescheitert. $this->addNotice('user',$loginName,'LOGIN_FAILED','error',array('name'=>$loginName) ); - $this->addValidationError('login_name' ,''); + $this->addValidationError('login_name' ,''); $this->addValidationError('login_password',''); } - - //$this->callSubAction('login'); - return; + + //$this->callSubAction('login'); + return; } - else + else { - Logger::debug("Login successful for user '$loginName'"); + + Logger::debug("Login successful for user '$loginName' from IP $ip"); $this->checkGroups( $user, $groups ); diff --git a/model/User.class.php b/model/User.class.php @@ -41,6 +41,17 @@ class User extends ModelBase var $projects = array(); var $rights; var $loginDate = 0; + + var $language; + var $timezone; + var $pwExpires; + var $lastLogin; + var $otpSecret; + var $hotp ; + var $hotpCount; + var $totp ; + + var $mustChangePassword = false; var $groups = null; @@ -93,12 +104,27 @@ class User extends ModelBase /** * Benutzer als aktiven Benutzer in die Session schreiben. */ - function setCurrent() + public function setCurrent() { $this->loadProjects(); $this->loginDate = time(); Session::setUser( $this ); + + $db = db_connection(); + + $sql = $db->sql( <<<SQL + UPDATE {{user}} + SET last_login={time} + WHERE id={userid} +SQL + ); + $sql->setInt( 'time' ,time() ); + $sql->setInt( 'userid',$this->userid ); + + // Datenbankabfrage ausfuehren + $sql->query( $sql ); + } @@ -296,12 +322,13 @@ SQL $this->desc = $row['descr' ]; $this->language = $row['language']; $this->timezone = $row['timezone']; - $this->pwExpires = $row['password_expires']; $this->lastLogin = $row['last_login']; $this->otpSecret = $row['otp_secret']; $this->hotp = $row['hotp']; $this->hotpCount = $row['hotp_counter']; $this->totp = $row['totp']; + $this->passwordExpires = $row['password_expires']; + $this->passwordAlgo = $row['password_algo']; if ( $this->fullname == '' ) $this->fullname = $this->name; @@ -543,7 +570,7 @@ SQL $sql->setInt('expires',$expire); $sql->setInt ('algo' ,$algo ); - $sql->setString('password',Password::hash($this->pepperPassword($password)),$algo ); + $sql->setString('password',Password::hash($this->pepperPassword($password),$algo) ); $sql->setInt ('userid' ,$this->userid ); $sql->query( $sql );