commit 635f14443ecbfdf3d7c7f2644fcc1963f02f9425
parent b40ea13df935b8a573e84bc9eedaad81595b18ff
Author: Jan Dankert <devnull@localhost>
Date: Sun, 5 Nov 2017 00:30:14 +0100
Beim Login das Kennwort neu hashen, sofern es einen besseren Hash-Algorhythmus gibt. Setzen des Zeitpunktes des Logins.
Diffstat:
2 files changed, 63 insertions(+), 20 deletions(-)
diff --git a/action/LoginAction.class.php b/action/LoginAction.class.php
@@ -148,7 +148,9 @@ class LoginAction extends Action
// Das neue Kennwort ist gesetzt, die Anmeldung ist also doch noch gelungen.
$ok = true;
- $mustChangePassword = false;
+ $mustChangePassword = false;
+
+ $pw = $pw1;
}
}
@@ -158,13 +160,19 @@ class LoginAction extends Action
// Login war erfolgreich!
$user->load();
$user->setCurrent();
- Logger::info( 'login successful' );
+
+ if ($user->passwordAlgo != Password::bestAlgoAvailable() )
+ // Re-Hash the password with a better hash algo.
+ $user->setPassword($pw);
+
+
+ Logger::info( "login successful for {$user->name} from IP $ip" );
return true;
}
else
{
- Logger::info( "login for user $name failed" );
+ Logger::info( "login failed for user {$user->name} from IP $ip" );
return false;
}
@@ -929,7 +937,13 @@ class LoginAction extends Action
// Benutzer über den Benutzernamen laden.
$user = User::loadWithName($loginName);
$user->loginModuleName = $lastModule;
- Session::setUser($user);
+// Session::setUser($user);
+ $user->setCurrent();
+
+ if ($user->passwordAlgo != Password::bestAlgoAvailable() )
+ // Re-Hash the password with a better hash algo.
+ $user->setPassword($loginPassword);
+
}
catch( ObjectNotFoundException $ex )
{
@@ -954,35 +968,37 @@ class LoginAction extends Action
}
+ $ip = getenv("REMOTE_ADDR");
if ( !$loginOk )
{
// Anmeldung nicht erfolgreich
sleep(3);
- Logger::debug("Login failed for user '$loginName'");
-
- if ( $mustChangePassword )
- {
- // Anmeldung gescheitert, Benutzer muss Kennwort ?ndern.
+ Logger::debug("Login failed for user '$loginName' from IP $ip");
+
+ if ( $mustChangePassword )
+ {
+ // Anmeldung gescheitert, Benutzer muss Kennwort ?ndern.
$this->addNotice('user',$loginName,'LOGIN_FAILED_MUSTCHANGEPASSWORD','error' );
$this->addValidationError('password1','');
$this->addValidationError('password2','');
- }
+ }
else
- {
+ {
// Anmeldung gescheitert.
$this->addNotice('user',$loginName,'LOGIN_FAILED','error',array('name'=>$loginName) );
- $this->addValidationError('login_name' ,'');
+ $this->addValidationError('login_name' ,'');
$this->addValidationError('login_password','');
}
-
- //$this->callSubAction('login');
- return;
+
+ //$this->callSubAction('login');
+ return;
}
- else
+ else
{
- Logger::debug("Login successful for user '$loginName'");
+
+ Logger::debug("Login successful for user '$loginName' from IP $ip");
$this->checkGroups( $user, $groups );
diff --git a/model/User.class.php b/model/User.class.php
@@ -41,6 +41,17 @@ class User extends ModelBase
var $projects = array();
var $rights;
var $loginDate = 0;
+
+ var $language;
+ var $timezone;
+ var $pwExpires;
+ var $lastLogin;
+ var $otpSecret;
+ var $hotp ;
+ var $hotpCount;
+ var $totp ;
+
+
var $mustChangePassword = false;
var $groups = null;
@@ -93,12 +104,27 @@ class User extends ModelBase
/**
* Benutzer als aktiven Benutzer in die Session schreiben.
*/
- function setCurrent()
+ public function setCurrent()
{
$this->loadProjects();
$this->loginDate = time();
Session::setUser( $this );
+
+ $db = db_connection();
+
+ $sql = $db->sql( <<<SQL
+ UPDATE {{user}}
+ SET last_login={time}
+ WHERE id={userid}
+SQL
+ );
+ $sql->setInt( 'time' ,time() );
+ $sql->setInt( 'userid',$this->userid );
+
+ // Datenbankabfrage ausfuehren
+ $sql->query( $sql );
+
}
@@ -296,12 +322,13 @@ SQL
$this->desc = $row['descr' ];
$this->language = $row['language'];
$this->timezone = $row['timezone'];
- $this->pwExpires = $row['password_expires'];
$this->lastLogin = $row['last_login'];
$this->otpSecret = $row['otp_secret'];
$this->hotp = $row['hotp'];
$this->hotpCount = $row['hotp_counter'];
$this->totp = $row['totp'];
+ $this->passwordExpires = $row['password_expires'];
+ $this->passwordAlgo = $row['password_algo'];
if ( $this->fullname == '' )
$this->fullname = $this->name;
@@ -543,7 +570,7 @@ SQL
$sql->setInt('expires',$expire);
$sql->setInt ('algo' ,$algo );
- $sql->setString('password',Password::hash($this->pepperPassword($password)),$algo );
+ $sql->setString('password',Password::hash($this->pepperPassword($password),$algo) );
$sql->setInt ('userid' ,$this->userid );
$sql->query( $sql );