Issue 1892 Adding sha1 hash function for password of member.

git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.0@10565 201d5d3c-b55e-5fd7-737f-ddc643e51545
2026-01-21 20:29:57 +09:00 · 2012-04-17 04:38:09 +00:00 · 2012-04-17 04:38:09 +00:00 · 22f700e8ac
commit 22f700e8ac
parent 4566d43b38
3 changed files with 62 additions and 7 deletions
--- a/modules/member/member.class.php
+++ b/modules/member/member.class.php
@ -6,6 +6,8 @@
     **/
    class member extends ModuleObject {

+		var $useSha1 = false;
+
        /**
         * @brief constructor
         **/
--- a/modules/member/member.controller.php
+++ b/modules/member/member.controller.php
@ -721,7 +721,7 @@
 			$columnList = array('member_srl', 'password');
            $member_info = $oMemberModel->getMemberInfoByMemberSrl($member_srl, 0, $columnList);
            // Verify the cuttent password
-            if(!$oMemberModel->isValidPassword($member_info->password, $current_password)) return new Object(-1, 'invalid_password');
+            if(!$oMemberModel->isValidPassword($member_info->password, $current_password, $member_srl)) return new Object(-1, 'invalid_password');

            // Check if a new password is as same as the previous password
            if ($current_password == $password) return new Object(-1, 'invalid_new_password');
@ -1531,7 +1531,7 @@
 		    if(!$user_id || strtolower($this->memberInfo->user_id) != strtolower($user_id)) return new Object(-1, 'invalid_user_id');
 	    }
            // Password Check
-            if($password && !$oMemberModel->isValidPassword($this->memberInfo->password, $password)) return new Object(-1, 'invalid_password');
+            if($password && !$oMemberModel->isValidPassword($this->memberInfo->password, $password, $this->memberInfo->member_srl)) return new Object(-1, 'invalid_password');
            // If denied == 'Y', notify
            if($this->memberInfo->denied == 'Y') {
                $args->member_srl = $this->memberInfo->member_srl;
@ -1944,7 +1944,23 @@
            	$cache_key = 'object:'.$args->member_srl;
            	$oCacheHandler->delete($cache_key);
            }
-            $args->password = md5($args->password);
+
+			if($args->password)
+			{
+				if($this->useSha1 && function_exists('sha1'))
+				{
+					$args->password = md5(sha1(md5($args->password)));
+				}
+				else
+				{
+					$args->password = md5($args->password);
+				}
+			}
+			else if($args->hashed_password)
+			{
+				$args->password = $args->hashed_password;
+			}
+
            return executeQuery('member.updateMemberPassword', $args);
        }

--- a/modules/member/member.model.php
+++ b/modules/member/member.model.php
@ -710,19 +710,56 @@
        /**
         * @brief Compare plain text password to the password saved in DB
         **/
-        function isValidPassword($hashed_password, $password_text) {
+        function isValidPassword($hashed_password, $password_text, $member_srl=null) {
            // False if no password in entered
            if(!$password_text) return false;
+
+			$isSha1 = ($useSha1 && function_exists('sha1'));
+
            // Return true if the user input is equal to md5 hash value
-            if($hashed_password == md5($password_text)) return true;
+            if($hashed_password == md5($password_text)){
+				if($isSha1 && $member_srl > 0)
+				{
+					$args = new stdClass();
+					$args->member_srl = $member_srl;
+					$args->hashed_password = md5(sha1(md5($password_text)));
+					$oMemberController = &getController('member');
+					$oMemberController->updateMemberPassword($args);
+				}
+				return true;
+			}
+
            // Return true if the user input is equal to the value of mysql_pre4_hash_password
-            if(mysql_pre4_hash_password($password_text) == $hashed_password) return true;
+            if(mysql_pre4_hash_password($password_text) == $hashed_password){
+				if($isSha1 && $member_srl > 0)
+				{
+					$args = new stdClass();
+					$args->member_srl = $member_srl;
+					$args->hashed_password = md5(sha1(md5($password_text)));
+					$oMemberController = &getController('member');
+					$oMemberController->updateMemberPassword($args);
+				}
+				return true;
+			}
+				
            // Verify the password by using old_password if the current db is MySQL. If correct, return true.
            if(substr(Context::getDBType(),0,5)=='mysql') {
                $oDB = &DB::getInstance();
-                if($oDB->isValidOldPassword($password_text, $hashed_password)) return true;
+                if($oDB->isValidOldPassword($password_text, $hashed_password)){
+					if($isSha1 && $member_srl > 0)
+					{
+						$args = new stdClass();
+						$args->member_srl = $member_srl;
+						$args->hashed_password = md5(sha1(md5($password_text)));
+						$oMemberController = &getController('member');
+						$oMemberController->updateMemberPassword($args);
+					}
+					return true;
+				}
            }

+			if($isSha1 && $hashed_password == md5(sha1(md5($password_text)))) return true;
+
            return false;
        }