PHP SecurityUtil::generatePasswordSalt Beispiele

Beispiel #1

Datei: SaveProfileController.class.php Projekt: astroChasqui/open-websoccer

 /**
  * (non-PHPdoc)
  * @see IActionController::executeAction()
  */
 public function executeAction($parameters)
 {
     $user = $this->_websoccer->getUser();
     $columns = array();
     // save new password
     if ($parameters["newpassword"] != null) {
         // always create new salt (in order to invalid old cookies)
         $salt = SecurityUtil::generatePasswordSalt();
         $hashedPassword = SecurityUtil::hashPassword($parameters["newpassword"], $salt);
         $columns["passwort_salt"] = $salt;
         $columns["passwort"] = $hashedPassword;
     }
     // handle new e-mail
     if ($parameters["newemail"] != null) {
         $activationKey = SecurityUtil::generatePassword();
         $columns["schluessel"] = $activationKey;
         $columns["status"] = 2;
         $columns["email"] = $parameters["newemail"];
         $user->email = $parameters["newemail"];
         // send e-mail
         $querystr = "key=" . $columns["schluessel"] . "&userid=" . $user->id;
         $tplparameters["activationlink"] = $this->_websoccer->getInternalActionUrl("activate", $querystr, "activate-user", TRUE);
         // send e-mail
         EmailHelper::sendSystemEmailFromTemplate($this->_websoccer, $this->_i18n, $user->email, $this->_i18n->getMessage("activation_changedemail_subject"), "changed_email_activation", $tplparameters);
         $this->_websoccer->addFrontMessage(new FrontMessage(MESSAGE_TYPE_WARNING, $this->_i18n->getMessage("profile_changedemail_message_title"), $this->_i18n->getMessage("profile_changedemail_message_content")));
     }
     $columns["name"] = $parameters["realname"];
     $columns["wohnort"] = $parameters["place"];
     $columns["land"] = $parameters["country"];
     $columns["beruf"] = $parameters["occupation"];
     $columns["interessen"] = $parameters["interests"];
     $columns["lieblingsverein"] = $parameters["favorite_club"];
     $columns["homepage"] = $parameters["homepage"];
     $columns["c_hideinonlinelist"] = $parameters["c_hideinonlinelist"];
     if ($parameters["birthday"]) {
         $dateObj = DateTime::createFromFormat($this->_websoccer->getConfig("date_format"), $parameters["birthday"]);
         $columns["geburtstag"] = $dateObj->format("Y-m-d");
     }
     // update record
     if (count($columns)) {
         $fromTable = $this->_websoccer->getConfig("db_prefix") . "_user";
         $whereCondition = "id = %d";
         $this->_db->queryUpdate($columns, $fromTable, $whereCondition, $user->id);
     }
     // success message
     $this->_websoccer->addFrontMessage(new FrontMessage(MESSAGE_TYPE_SUCCESS, $this->_i18n->getMessage("saved_message_title"), ""));
     return "profile";
 }

Beispiel #2

Datei: SendPasswordController.class.php Projekt: astroChasqui/open-websoccer

 public function executeAction($parameters)
 {
     if (!$this->_websoccer->getConfig("login_allow_sendingpassword")) {
         throw new Exception("Action is disabled.");
     }
     // check captcha
     if ($this->_websoccer->getConfig("register_use_captcha") && strlen($this->_websoccer->getConfig("register_captcha_publickey")) && strlen($this->_websoccer->getConfig("register_captcha_privatekey"))) {
         include_once BASE_FOLDER . "/lib/recaptcha/recaptchalib.php";
         $captchaResponse = recaptcha_check_answer($this->_websoccer->getConfig("register_captcha_privatekey"), $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
         if (!$captchaResponse->is_valid) {
             throw new Exception($this->_i18n->getMessage("registration_invalidcaptcha"));
         }
     }
     $email = $parameters["useremail"];
     $fromTable = $this->_websoccer->getConfig("db_prefix") . "_user";
     // get user
     $columns = "id, passwort_salt, passwort_neu_angefordert";
     $wherePart = "UPPER(email) = '%s' AND status = 1";
     $result = $this->_db->querySelect($columns, $fromTable, $wherePart, strtoupper($email));
     $userdata = $result->fetch_array();
     $result->free();
     if (!isset($userdata["id"])) {
         sleep(5);
         throw new Exception($this->_i18n->getMessage("forgot-password_email-not-found"));
     }
     $now = $this->_websoccer->getNowAsTimestamp();
     $timeBoundary = $now - 24 * 3600;
     if ($userdata["passwort_neu_angefordert"] > $timeBoundary) {
         throw new Exception($this->_i18n->getMessage("forgot-password_already-sent"));
     }
     // create new password
     $salt = $userdata["passwort_salt"];
     if (!strlen($salt)) {
         $salt = SecurityUtil::generatePasswordSalt();
     }
     $password = SecurityUtil::generatePassword();
     $hashedPassword = SecurityUtil::hashPassword($password, $salt);
     // update user
     $columns = array("passwort_salt" => $salt, "passwort_neu_angefordert" => $now, "passwort_neu" => $hashedPassword);
     $whereCondition = "id = %d";
     $parameter = $userdata["id"];
     $this->_db->queryUpdate($columns, $fromTable, $whereCondition, $parameter);
     $this->_sendEmail($email, $password);
     $this->_websoccer->addFrontMessage(new FrontMessage(MESSAGE_TYPE_SUCCESS, $this->_i18n->getMessage("forgot-password_message_title"), $this->_i18n->getMessage("forgot-password_message_content")));
     return "login";
 }

Beispiel #3

Datei: FormLoginController.class.php Projekt: astroChasqui/open-websoccer

 /**
  * (non-PHPdoc)
  * @see IActionController::executeAction()
  */
 public function executeAction($parameters)
 {
     $loginMethodClass = $this->_websoccer->getConfig("login_method");
     if (!class_exists($loginMethodClass)) {
         throw new Exception("Login method class does not exist: " . $loginMethodClass);
     }
     $loginMethod = new $loginMethodClass($this->_websoccer, $this->_db);
     // sign in with e-mail
     if ($this->_websoccer->getConfig("login_type") == "email") {
         $userId = $loginMethod->authenticateWithEmail($parameters["loginstr"], $parameters["loginpassword"]);
         // sign in with user name
     } else {
         $userId = $loginMethod->authenticateWithUsername($parameters["loginstr"], $parameters["loginpassword"]);
     }
     // sign in failed
     if (!$userId) {
         sleep(SLEEP_SECONDS_ON_FAILURE);
         throw new Exception($this->_i18n->getMessage("formlogin_invalid_data"));
     }
     SecurityUtil::loginFrontUserUsingApplicationSession($this->_websoccer, $userId);
     // "remember me"
     if (isset($parameters["rememberme"]) && $parameters["rememberme"] == 1) {
         $fromTable = $this->_websoccer->getConfig("db_prefix") . "_user";
         $whereCondition = "id = %d";
         $parameter = $userId;
         // get password salt
         $result = $this->_db->querySelect("passwort_salt", $fromTable, $whereCondition, $parameter);
         $saltinfo = $result->fetch_array();
         $result->free();
         $salt = $saltinfo["passwort_salt"];
         if (!strlen($salt)) {
             $salt = SecurityUtil::generatePasswordSalt();
         }
         $sessionToken = SecurityUtil::generateSessionToken($userId, $salt);
         $columns = array("tokenid" => $sessionToken, "passwort_salt" => $salt);
         $this->_db->queryUpdate($columns, $fromTable, $whereCondition, $parameter);
         CookieHelper::createCookie("user", $sessionToken, REMEMBERME_COOKIE_LIFETIME_DAYS);
     }
     return strlen($this->_websoccer->getUser()->username) ? "office" : "enter-username";
 }

Beispiel #4

Datei: index.php Projekt: astroChasqui/open-websoccer

function actionSaveUser()
{
    global $errors;
    global $messages;
    $requiredFields = array("name", "password", "email");
    foreach ($requiredFields as $requiredField) {
        if (!isset($_POST[$requiredField]) || !strlen($_POST[$requiredField])) {
            $errors[] = $messages["requires_value"] . ": " . $messages["label_" . $requiredField];
        }
    }
    if (count($errors)) {
        return "printCreateUserForm";
    }
    $salt = SecurityUtil::generatePasswordSalt();
    $password = SecurityUtil::hashPassword($_POST["password"], $salt);
    $columns["name"] = $_POST["name"];
    $columns["passwort"] = $password;
    $columns["passwort_salt"] = $salt;
    $columns["email"] = $_POST["email"];
    $columns["r_admin"] = "1";
    include CONFIGFILE;
    $db = DbConnection::getInstance();
    $db->connect($conf["db_host"], $conf["db_user"], $conf["db_passwort"], $conf["db_name"]);
    $db->queryInsert($columns, $conf["db_prefix"] . "_admin");
    return "printFinalPage";
}

Beispiel #5

Datei: profile.php Projekt: astroChasqui/open-websoccer

    if ($_POST['newpassword'] != $_POST['repeatpassword']) {
        $err[] = $i18n->getMessage("profile_validationerror_wrong_repeated_password");
    }
    if ($admin['r_demo']) {
        $err[] = $i18n->getMessage("validationerror_no_changes_as_demo");
    }
    if (isset($err)) {
        include "validationerror.inc.php";
    } else {
        echo "<h1>" . $mainTitle . " &raquo; " . $i18n->getMessage("subpage_save_title") . "</h1>";
        $fromTable = $conf['db_prefix'] . "_admin";
        $whereCondition = "id = %d";
        $parameter = $admin['id'];
        if ($_POST['newpassword']) {
            // create new salt
            if (!strlen($admin["passwort_salt"])) {
                $salt = SecurityUtil::generatePasswordSalt();
                $db->queryUpdate(array("passwort_salt" => $salt), $fromTable, $whereCondition, $parameter);
            } else {
                $salt = $admin["passwort_salt"];
            }
            $passwort = SecurityUtil::hashPassword(trim($_POST['newpassword']), $salt);
        } else {
            $passwort = $admin['passwort'];
        }
        $columns = array("passwort" => $passwort, "email" => $_POST['email'], "lang" => $_POST['language']);
        $db->queryUpdate($columns, $fromTable, $whereCondition, $parameter);
        echo createSuccessMessage($i18n->getMessage("alert_save_success"), "");
        echo "<p>&raquo; <a href=\"?site=" . $site . "\">" . $i18n->getMessage("back_label") . "</a></p>\n";
    }
}

Beispiel #6

Datei: RegisterFormController.class.php Projekt: astroChasqui/open-websoccer

 private function _createUser($parameters, $fromTable)
 {
     $dbcolumns = array();
     $dbcolumns["nick"] = $parameters["nick"];
     $dbcolumns["email"] = strtolower($parameters["email"]);
     $dbcolumns["passwort_salt"] = SecurityUtil::generatePasswordSalt();
     $dbcolumns["passwort"] = SecurityUtil::hashPassword($parameters["pswd"], $dbcolumns["passwort_salt"]);
     $dbcolumns["datum_anmeldung"] = $this->_websoccer->getNowAsTimestamp();
     $dbcolumns["schluessel"] = str_replace("&", "_", SecurityUtil::generatePassword());
     $dbcolumns["status"] = 2;
     $dbcolumns["lang"] = $this->_i18n->getCurrentLanguage();
     if ($this->_websoccer->getConfig("premium_initial_credit")) {
         $dbcolumns["premium_balance"] = $this->_websoccer->getConfig("premium_initial_credit");
     }
     $this->_db->queryInsert($dbcolumns, $fromTable);
     // get user id
     $columns = "id";
     $wherePart = "email = '%s'";
     $result = $this->_db->querySelect($columns, $fromTable, $wherePart, $dbcolumns["email"]);
     $newuser = $result->fetch_array();
     $result->free();
     $querystr = "key=" . $dbcolumns["schluessel"] . "&userid=" . $newuser["id"];
     $tplparameters["activationlink"] = $this->_websoccer->getInternalActionUrl("activate", $querystr, "activate-user", TRUE);
     // send e-mail
     EmailHelper::sendSystemEmailFromTemplate($this->_websoccer, $this->_i18n, $dbcolumns["email"], $this->_i18n->getMessage("activation_email_subject"), "useractivation", $tplparameters);
     // trigger plug-ins
     $event = new UserRegisteredEvent($this->_websoccer, $this->_db, $this->_i18n, $newuser["id"], $dbcolumns["nick"], $dbcolumns["email"]);
     PluginMediator::dispatchEvent($event);
 }