fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 10:41:40 +09:00
Code Issues Projects Releases Packages Wiki Activity

Update all references to old Password class

Browse source
This commit is contained in:
Kijin Sung 2016-03-13 23:39:31 +09:00
parent f4dc7e6b21
commit 9d6284faad
8 changed files with 53 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

6
common/framework/compat/configparser.php
View file

@ -151,9 +151,9 @@ class ConfigParser
}
// Create new crypto keys.
$config['crypto']['encryption_key'] = \Password::createSecureSalt(64, 'alnum');
$config['crypto']['authentication_key'] = \Password::createSecureSalt(64, 'alnum');
$config['crypto']['session_key'] = \Password::createSecureSalt(64, 'alnum');
$config['crypto']['encryption_key'] = \Rhymix\Framework\Security::getRandom(64, 'alnum');
$config['crypto']['authentication_key'] = \Rhymix\Framework\Security::getRandom(64, 'alnum');
$config['crypto']['session_key'] = \Rhymix\Framework\Security::getRandom(64, 'alnum');
// Convert language configuration.
if (isset($db_info->lang_type))

24
modules/file/file.controller.php
View file

@ -285,8 +285,7 @@ class fileController extends file
// Redirect to procFileOutput using file key
if(!isset($_SESSION['__XE_FILE_KEY__']) || !is_string($_SESSION['__XE_FILE_KEY__']) || strlen($_SESSION['__XE_FILE_KEY__']) != 32)
{
$random = new Password();
$_SESSION['__XE_FILE_KEY__'] = $random->createSecureSalt(32, 'hex');
$_SESSION['__XE_FILE_KEY__'] = Rhymix\Framework\Security::getRandom(32, 'hex');
}
$file_key_data = $file_obj->file_srl . $file_obj->file_size . $file_obj->uploaded_filename . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'];
$file_key = substr(hash_hmac('sha256', $file_key_data, $_SESSION['__XE_FILE_KEY__']), 0, 32);
@ -735,9 +734,6 @@ class fileController extends file
// Sanitize filename
$file_info['name'] = Rhymix\Framework\Security\FilenameFilter::clean($file_info['name']);
// Get random number generator
$random = new Password();
// Set upload path by checking if the attachement is an image or other kinds of file
if(preg_match("/\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)$/i", $file_info['name']))
{
@ -747,7 +743,7 @@ class fileController extends file
// change to random file name. because window php bug. window php is not recognize unicode character file name - by cherryfilter
$ext = substr(strrchr($file_info['name'],'.'),1);
//$_filename = preg_replace('/[#$&*?+%"\']/', '_', $file_info['name']);
$_filename = $random->createSecureSalt(32, 'hex').'.'.$ext;
$_filename = Rhymix\Framework\Security::getRandom(32, 'hex') . '.' . $ext;
$filename = $path.$_filename;
$idx = 1;
while(file_exists($filename))
@ -760,15 +756,12 @@ class fileController extends file
else
{
$path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl,3));
$filename = $path.$random->createSecureSalt(32, 'hex');
$filename = $path . Rhymix\Framework\Security::getRandom(32, 'hex');
$direct_download = 'N';
}
// Create a directory
if(!FileHandler::makeDir($path)) return new Object(-1,'msg_not_permitted_create');
// Get random number generator
$random = new Password();
// Move the file
if($manual_insert)
@ -776,7 +769,7 @@ class fileController extends file
@copy($file_info['tmp_name'], $filename);
if(!file_exists($filename))
{
$filename = $path.$random->createSecureSalt(32, 'hex').'.'.$ext;
$filename = $path . Rhymix\Framework\Security::getRandom(32, 'hex') . '.' . $ext;
@copy($file_info['tmp_name'], $filename);
}
}
@ -784,7 +777,7 @@ class fileController extends file
{
if(!@move_uploaded_file($file_info['tmp_name'], $filename))
{
$filename = $path.$random->createSecureSalt(32, 'hex').'.'.$ext;
$filename = $path . Rhymix\Framework\Security::getRandom(32, 'hex') . '.' . $ext;
if(!@move_uploaded_file($file_info['tmp_name'], $filename)) return new Object(-1,'msg_file_upload_error');
}
}
@ -803,7 +796,7 @@ class fileController extends file
$args->file_size = @filesize($filename);
$args->comment = NULL;
$args->member_srl = $member_srl;
$args->sid = $random->createSecureSalt(32, 'hex');
$args->sid = Rhymix\Framework\Security::getRandom(32, 'hex');
$output = executeQuery('file.insertFile', $args);
if(!$output->toBool()) return $output;
@ -978,13 +971,12 @@ class fileController extends file
if(preg_match("/\.(jpg|jpeg|gif|png|wmv|wma|mpg|mpeg|avi|swf|flv|mp1|mp2|mp3|mp4|asf|wav|asx|mid|midi|asf|mov|moov|qt|rm|ram|ra|rmm|m4v)$/i", $file_info->source_filename))
{
$path = sprintf("./files/attach/images/%s/%s/", $target_module_srl,$target_srl);
$new_file = $path.$file_info->source_filename;
$new_file = $path . $file_info->source_filename;
}
else
{
$path = sprintf("./files/attach/binaries/%s/%s/", $target_module_srl, $target_srl);
$random = new Password();
$new_file = $path.$random->createSecureSalt(32, 'hex');
$new_file = $path . Rhymix\Framework\Security::getRandom(32, 'hex');
}
// Pass if a target document to move is same
if($old_file == $new_file) continue;

2
modules/install/install.view.php
View file

@ -74,7 +74,7 @@ class installView extends install
function dispInstallCheckEnv()
{
// Create a temporary file for mod_rewrite check.
self::$rewriteCheckString = Password::createSecureSalt(32);
self::$rewriteCheckString = Rhymix\Framework\Security::getRandom(32);
FileHandler::writeFile(_XE_PATH_ . self::$rewriteCheckFilePath, self::$rewriteCheckString);;
// Check if the web server is nginx.

3
modules/member/member.admin.controller.php
View file

@ -166,8 +166,7 @@ class memberAdminController extends member
'update_nickname_log'
);
$oPassword = new Password();
if(!array_key_exists($args->password_hashing_algorithm, $oPassword->getSupportedAlgorithms()))
if(!array_key_exists($args->password_hashing_algorithm, Rhymix\Framework\Password::getSupportedAlgorithms()))
{
$args->password_hashing_algorithm = 'md5';
}

3
modules/member/member.admin.view.php
View file

@ -129,8 +129,7 @@ class memberAdminView extends member
*/
public function dispMemberAdminConfig()
{
$oPassword = new Password();
Context::set('password_hashing_algos', $oPassword->getSupportedAlgorithms());
Context::set('password_hashing_algos', Rhymix\Framework\Password::getSupportedAlgorithms());
$this->setTemplateFile('default_config');
}

3
modules/member/member.class.php
View file

@ -73,8 +73,7 @@ class member extends ModuleObject {
if(!$config->password_hashing_algorithm)
{
$oPassword = new Password();
$config->password_hashing_algorithm = $oPassword->getBestAlgorithm();
$config->password_hashing_algorithm = Rhymix\Framework\Password::getBestSupportedAlgorithm();
}
if(!$config->password_hashing_work_factor)
{

20
modules/member/member.controller.php
View file

@ -984,12 +984,11 @@ class memberController extends member
}
// Insert data into the authentication DB
$oPassword = new Password();
$args = new stdClass();
$args->user_id = $member_info->user_id;
$args->member_srl = $member_info->member_srl;
$args->new_password = $oPassword->createTemporaryPassword(8);
$args->auth_key = $oPassword->createSecureSalt(40);
$args->new_password = Rhymix\Framework\Password::getRandomPassword(8);
$args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
$args->is_register = 'N';
$output = executeQuery('member.insertAuthMail', $args);
@ -1093,8 +1092,7 @@ class memberController extends member
}
// Update to a temporary password and set change_password_date to 1
$oPassword = new Password();
$temp_password = $oPassword->createTemporaryPassword(8);
$temp_password = Rhymix\Framework\Password::getRandomPassword(8);
$args = new stdClass();
$args->member_srl = $member_srl;
@ -1323,12 +1321,11 @@ class memberController extends member
$this->_clearMemberCache($args->member_srl);
// generate new auth key
$oPassword = new Password();
$auth_args = new stdClass();
$auth_args->user_id = $memberInfo->user_id;
$auth_args->member_srl = $memberInfo->member_srl;
$auth_args->new_password = $memberInfo->password;
$auth_args->auth_key = $oPassword->createSecureSalt(40);
$auth_args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
$auth_args->is_register = 'Y';
$output = executeQuery('member.insertAuthMail', $auth_args);
@ -1813,8 +1810,7 @@ class memberController extends member
if($keep_signed)
{
// Key generate for auto login
$oPassword = new Password();
$random_key = $oPassword->createSecureSalt(32, 'hex');
$random_key = Rhymix\Framework\Security::getRandom(32, 'hex');
$extra_key = strtolower($user_id).$this->memberInfo->password.$_SERVER['HTTP_USER_AGENT'];
$extra_key = substr(hash_hmac('sha256', $extra_key, $random_key), 0, 32);
$autologin_args = new stdClass;
@ -2091,12 +2087,11 @@ class memberController extends member
if($args->denied == 'Y')
{
// Insert data into the authentication DB
$oPassword = new Password();
$auth_args = new stdClass();
$auth_args->user_id = $args->user_id;
$auth_args->member_srl = $args->member_srl;
$auth_args->new_password = $args->password;
$auth_args->auth_key = $oPassword->createSecureSalt(40);
$auth_args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
$auth_args->is_register = 'Y';
$output = executeQuery('member.insertAuthMail', $auth_args);
@ -2552,11 +2547,10 @@ class memberController extends member
}
unset($_SESSION['rechecked_password_step']);
$oPassword = new Password();
$auth_args = new stdClass();
$auth_args->user_id = $newEmail;
$auth_args->member_srl = $member_info->member_srl;
$auth_args->auth_key = $oPassword->createSecureSalt(40);
$auth_args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
$auth_args->new_password = 'XE_change_emaill_address';
$oDB = &DB::getInstance();

50
modules/member/member.model.php
View file

@ -1107,10 +1107,19 @@ class memberModel extends member
}
// Check the password
$oPassword = new Password();
$current_algorithm = $oPassword->checkAlgorithm($hashed_password);
$match = $oPassword->checkPassword($password_text, $hashed_password, $current_algorithm);
if(!$match)
$password_match = false;
$current_algorithm = false;
$possible_algorithms = Rhymix\Framework\Password::checkAlgorithm($hashed_password);
foreach ($possible_algorithms as $algorithm)
{
if (Rhymix\Framework\Password::checkPassword($password_text, $hashed_password, $algorithm))
{
$password_match = true;
$current_algorithm = $algorithm;
break;
}
}
if (!$password_match)
{
return false;
}
@ -1119,22 +1128,26 @@ class memberModel extends member
$config = $this->getMemberConfig();
if($member_srl > 0 && $config->password_hashing_auto_upgrade != 'N')
{
$need_upgrade = false;
if(!$need_upgrade)
$required_algorithm = Rhymix\Framework\Password::getDefaultAlgorithm();
if ($required_algorithm !== $current_algorithm)
{
$required_algorithm = $oPassword->getCurrentlySelectedAlgorithm();
if($required_algorithm !== $current_algorithm) $need_upgrade = true;
$need_upgrade = true;
}
else
{
$required_work_factor = Rhymix\Framework\Password::getWorkFactor();
$current_work_factor = Rhymix\Framework\Password::checkWorkFactor($hashed_password);
if ($current_work_factor !== false && $required_work_factor > $current_work_factor)
{
$need_upgrade = true;
}
else
{
$need_upgrade = false;
}
}
if(!$need_upgrade)
{
$required_work_factor = $oPassword->getWorkFactor();
$current_work_factor = $oPassword->checkWorkFactor($hashed_password);
if($current_work_factor !== false && $required_work_factor > $current_work_factor) $need_upgrade = true;
}
if($need_upgrade === true)
if ($need_upgrade)
{
$args = new stdClass();
$args->member_srl = $member_srl;
@ -1155,8 +1168,7 @@ class memberModel extends member
*/
function hashPassword($password_text, $algorithm = null)
{
$oPassword = new Password();
return $oPassword->createHash($password_text, $algorithm);
return Rhymix\Framework\Password::hashPassword($password_text, $algorithm);
}
function checkPasswordStrength($password, $strength)