fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-02 16:52:16 +09:00
Code Issues Projects Releases Packages Wiki Activity

Update all references to old Password class

Browse source
This commit is contained in:
Kijin Sung 2016-03-13 23:39:31 +09:00
parent f4dc7e6b21
commit 9d6284faad
8 changed files with 53 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

6
common/framework/compat/configparser.php
View file

@ -151,9 +151,9 @@ class ConfigParser
} }
// Create new crypto keys. // Create new crypto keys.
$config['crypto']['encryption_key'] = \Password::createSecureSalt(64, 'alnum'); $config['crypto']['encryption_key'] = \Rhymix\Framework\Security::getRandom(64, 'alnum');
$config['crypto']['authentication_key'] = \Password::createSecureSalt(64, 'alnum'); $config['crypto']['authentication_key'] = \Rhymix\Framework\Security::getRandom(64, 'alnum');
$config['crypto']['session_key'] = \Password::createSecureSalt(64, 'alnum'); $config['crypto']['session_key'] = \Rhymix\Framework\Security::getRandom(64, 'alnum');
// Convert language configuration. // Convert language configuration.
if (isset($db_info->lang_type)) if (isset($db_info->lang_type))

24
modules/file/file.controller.php
View file

@ -285,8 +285,7 @@ class fileController extends file
// Redirect to procFileOutput using file key // Redirect to procFileOutput using file key
if(!isset($_SESSION['__XE_FILE_KEY__']) || !is_string($_SESSION['__XE_FILE_KEY__']) || strlen($_SESSION['__XE_FILE_KEY__']) != 32) if(!isset($_SESSION['__XE_FILE_KEY__']) || !is_string($_SESSION['__XE_FILE_KEY__']) || strlen($_SESSION['__XE_FILE_KEY__']) != 32)
{ {
$random = new Password(); $_SESSION['__XE_FILE_KEY__'] = Rhymix\Framework\Security::getRandom(32, 'hex');
$_SESSION['__XE_FILE_KEY__'] = $random->createSecureSalt(32, 'hex');
} }
$file_key_data = $file_obj->file_srl . $file_obj->file_size . $file_obj->uploaded_filename . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT']; $file_key_data = $file_obj->file_srl . $file_obj->file_size . $file_obj->uploaded_filename . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'];
$file_key = substr(hash_hmac('sha256', $file_key_data, $_SESSION['__XE_FILE_KEY__']), 0, 32); $file_key = substr(hash_hmac('sha256', $file_key_data, $_SESSION['__XE_FILE_KEY__']), 0, 32);
@ -735,9 +734,6 @@ class fileController extends file
// Sanitize filename // Sanitize filename
$file_info['name'] = Rhymix\Framework\Security\FilenameFilter::clean($file_info['name']); $file_info['name'] = Rhymix\Framework\Security\FilenameFilter::clean($file_info['name']);
// Get random number generator
$random = new Password();
// Set upload path by checking if the attachement is an image or other kinds of file // Set upload path by checking if the attachement is an image or other kinds of file
if(preg_match("/\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)$/i", $file_info['name'])) if(preg_match("/\.(jpe?g|gif|png|wm[va]|mpe?g|avi|swf|flv|mp[1-4]|as[fx]|wav|midi?|moo?v|qt|r[am]{1,2}|m4v)$/i", $file_info['name']))
{ {
@ -747,7 +743,7 @@ class fileController extends file
// change to random file name. because window php bug. window php is not recognize unicode character file name - by cherryfilter // change to random file name. because window php bug. window php is not recognize unicode character file name - by cherryfilter
$ext = substr(strrchr($file_info['name'],'.'),1); $ext = substr(strrchr($file_info['name'],'.'),1);
//$_filename = preg_replace('/[#$&*?+%"\']/', '_', $file_info['name']); //$_filename = preg_replace('/[#$&*?+%"\']/', '_', $file_info['name']);
$_filename = $random->createSecureSalt(32, 'hex').'.'.$ext; $_filename = Rhymix\Framework\Security::getRandom(32, 'hex') . '.' . $ext;
$filename = $path.$_filename; $filename = $path.$_filename;
$idx = 1; $idx = 1;
while(file_exists($filename)) while(file_exists($filename))
@ -760,15 +756,12 @@ class fileController extends file
else else
{ {
$path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl,3)); $path = sprintf("./files/attach/binaries/%s/%s", $module_srl, getNumberingPath($upload_target_srl,3));
$filename = $path.$random->createSecureSalt(32, 'hex'); $filename = $path . Rhymix\Framework\Security::getRandom(32, 'hex');
$direct_download = 'N'; $direct_download = 'N';
} }
// Create a directory // Create a directory
if(!FileHandler::makeDir($path)) return new Object(-1,'msg_not_permitted_create'); if(!FileHandler::makeDir($path)) return new Object(-1,'msg_not_permitted_create');
// Get random number generator
$random = new Password();
// Move the file // Move the file
if($manual_insert) if($manual_insert)
@ -776,7 +769,7 @@ class fileController extends file
@copy($file_info['tmp_name'], $filename); @copy($file_info['tmp_name'], $filename);
if(!file_exists($filename)) if(!file_exists($filename))
{ {
$filename = $path.$random->createSecureSalt(32, 'hex').'.'.$ext; $filename = $path . Rhymix\Framework\Security::getRandom(32, 'hex') . '.' . $ext;
@copy($file_info['tmp_name'], $filename); @copy($file_info['tmp_name'], $filename);
} }
} }
@ -784,7 +777,7 @@ class fileController extends file
{ {
if(!@move_uploaded_file($file_info['tmp_name'], $filename)) if(!@move_uploaded_file($file_info['tmp_name'], $filename))
{ {
$filename = $path.$random->createSecureSalt(32, 'hex').'.'.$ext; $filename = $path . Rhymix\Framework\Security::getRandom(32, 'hex') . '.' . $ext;
if(!@move_uploaded_file($file_info['tmp_name'], $filename)) return new Object(-1,'msg_file_upload_error'); if(!@move_uploaded_file($file_info['tmp_name'], $filename)) return new Object(-1,'msg_file_upload_error');
} }
} }
@ -803,7 +796,7 @@ class fileController extends file
$args->file_size = @filesize($filename); $args->file_size = @filesize($filename);
$args->comment = NULL; $args->comment = NULL;
$args->member_srl = $member_srl; $args->member_srl = $member_srl;
$args->sid = $random->createSecureSalt(32, 'hex'); $args->sid = Rhymix\Framework\Security::getRandom(32, 'hex');
$output = executeQuery('file.insertFile', $args); $output = executeQuery('file.insertFile', $args);
if(!$output->toBool()) return $output; if(!$output->toBool()) return $output;
@ -978,13 +971,12 @@ class fileController extends file
if(preg_match("/\.(jpg|jpeg|gif|png|wmv|wma|mpg|mpeg|avi|swf|flv|mp1|mp2|mp3|mp4|asf|wav|asx|mid|midi|asf|mov|moov|qt|rm|ram|ra|rmm|m4v)$/i", $file_info->source_filename)) if(preg_match("/\.(jpg|jpeg|gif|png|wmv|wma|mpg|mpeg|avi|swf|flv|mp1|mp2|mp3|mp4|asf|wav|asx|mid|midi|asf|mov|moov|qt|rm|ram|ra|rmm|m4v)$/i", $file_info->source_filename))
{ {
$path = sprintf("./files/attach/images/%s/%s/", $target_module_srl,$target_srl); $path = sprintf("./files/attach/images/%s/%s/", $target_module_srl,$target_srl);
$new_file = $path.$file_info->source_filename; $new_file = $path . $file_info->source_filename;
} }
else else
{ {
$path = sprintf("./files/attach/binaries/%s/%s/", $target_module_srl, $target_srl); $path = sprintf("./files/attach/binaries/%s/%s/", $target_module_srl, $target_srl);
$random = new Password(); $new_file = $path . Rhymix\Framework\Security::getRandom(32, 'hex');
$new_file = $path.$random->createSecureSalt(32, 'hex');
} }
// Pass if a target document to move is same // Pass if a target document to move is same
if($old_file == $new_file) continue; if($old_file == $new_file) continue;

2
modules/install/install.view.php
View file

@ -74,7 +74,7 @@ class installView extends install
function dispInstallCheckEnv() function dispInstallCheckEnv()
{ {
// Create a temporary file for mod_rewrite check. // Create a temporary file for mod_rewrite check.
self::$rewriteCheckString = Password::createSecureSalt(32); self::$rewriteCheckString = Rhymix\Framework\Security::getRandom(32);
FileHandler::writeFile(_XE_PATH_ . self::$rewriteCheckFilePath, self::$rewriteCheckString);; FileHandler::writeFile(_XE_PATH_ . self::$rewriteCheckFilePath, self::$rewriteCheckString);;
// Check if the web server is nginx. // Check if the web server is nginx.

3
modules/member/member.admin.controller.php
View file

@ -166,8 +166,7 @@ class memberAdminController extends member
'update_nickname_log' 'update_nickname_log'
); );
$oPassword = new Password(); if(!array_key_exists($args->password_hashing_algorithm, Rhymix\Framework\Password::getSupportedAlgorithms()))
if(!array_key_exists($args->password_hashing_algorithm, $oPassword->getSupportedAlgorithms()))
{ {
$args->password_hashing_algorithm = 'md5'; $args->password_hashing_algorithm = 'md5';
} }

3
modules/member/member.admin.view.php
View file

@ -129,8 +129,7 @@ class memberAdminView extends member
*/ */
public function dispMemberAdminConfig() public function dispMemberAdminConfig()
{ {
$oPassword = new Password(); Context::set('password_hashing_algos', Rhymix\Framework\Password::getSupportedAlgorithms());
Context::set('password_hashing_algos', $oPassword->getSupportedAlgorithms());
$this->setTemplateFile('default_config'); $this->setTemplateFile('default_config');
} }

3
modules/member/member.class.php
View file

@ -73,8 +73,7 @@ class member extends ModuleObject {
if(!$config->password_hashing_algorithm) if(!$config->password_hashing_algorithm)
{ {
$oPassword = new Password(); $config->password_hashing_algorithm = Rhymix\Framework\Password::getBestSupportedAlgorithm();
$config->password_hashing_algorithm = $oPassword->getBestAlgorithm();
} }
if(!$config->password_hashing_work_factor) if(!$config->password_hashing_work_factor)
{ {

20
modules/member/member.controller.php
View file

@ -984,12 +984,11 @@ class memberController extends member
} }
// Insert data into the authentication DB // Insert data into the authentication DB
$oPassword = new Password();
$args = new stdClass(); $args = new stdClass();
$args->user_id = $member_info->user_id; $args->user_id = $member_info->user_id;
$args->member_srl = $member_info->member_srl; $args->member_srl = $member_info->member_srl;
$args->new_password = $oPassword->createTemporaryPassword(8); $args->new_password = Rhymix\Framework\Password::getRandomPassword(8);
$args->auth_key = $oPassword->createSecureSalt(40); $args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
$args->is_register = 'N'; $args->is_register = 'N';
$output = executeQuery('member.insertAuthMail', $args); $output = executeQuery('member.insertAuthMail', $args);
@ -1093,8 +1092,7 @@ class memberController extends member
} }
// Update to a temporary password and set change_password_date to 1 // Update to a temporary password and set change_password_date to 1
$oPassword = new Password(); $temp_password = Rhymix\Framework\Password::getRandomPassword(8);
$temp_password = $oPassword->createTemporaryPassword(8);
$args = new stdClass(); $args = new stdClass();
$args->member_srl = $member_srl; $args->member_srl = $member_srl;
@ -1323,12 +1321,11 @@ class memberController extends member
$this->_clearMemberCache($args->member_srl); $this->_clearMemberCache($args->member_srl);
// generate new auth key // generate new auth key
$oPassword = new Password();
$auth_args = new stdClass(); $auth_args = new stdClass();
$auth_args->user_id = $memberInfo->user_id; $auth_args->user_id = $memberInfo->user_id;
$auth_args->member_srl = $memberInfo->member_srl; $auth_args->member_srl = $memberInfo->member_srl;
$auth_args->new_password = $memberInfo->password; $auth_args->new_password = $memberInfo->password;
$auth_args->auth_key = $oPassword->createSecureSalt(40); $auth_args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
$auth_args->is_register = 'Y'; $auth_args->is_register = 'Y';
$output = executeQuery('member.insertAuthMail', $auth_args); $output = executeQuery('member.insertAuthMail', $auth_args);
@ -1813,8 +1810,7 @@ class memberController extends member
if($keep_signed) if($keep_signed)
{ {
// Key generate for auto login // Key generate for auto login
$oPassword = new Password(); $random_key = Rhymix\Framework\Security::getRandom(32, 'hex');
$random_key = $oPassword->createSecureSalt(32, 'hex');
$extra_key = strtolower($user_id).$this->memberInfo->password.$_SERVER['HTTP_USER_AGENT']; $extra_key = strtolower($user_id).$this->memberInfo->password.$_SERVER['HTTP_USER_AGENT'];
$extra_key = substr(hash_hmac('sha256', $extra_key, $random_key), 0, 32); $extra_key = substr(hash_hmac('sha256', $extra_key, $random_key), 0, 32);
$autologin_args = new stdClass; $autologin_args = new stdClass;
@ -2091,12 +2087,11 @@ class memberController extends member
if($args->denied == 'Y') if($args->denied == 'Y')
{ {
// Insert data into the authentication DB // Insert data into the authentication DB
$oPassword = new Password();
$auth_args = new stdClass(); $auth_args = new stdClass();
$auth_args->user_id = $args->user_id; $auth_args->user_id = $args->user_id;
$auth_args->member_srl = $args->member_srl; $auth_args->member_srl = $args->member_srl;
$auth_args->new_password = $args->password; $auth_args->new_password = $args->password;
$auth_args->auth_key = $oPassword->createSecureSalt(40); $auth_args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
$auth_args->is_register = 'Y'; $auth_args->is_register = 'Y';
$output = executeQuery('member.insertAuthMail', $auth_args); $output = executeQuery('member.insertAuthMail', $auth_args);
@ -2552,11 +2547,10 @@ class memberController extends member
} }
unset($_SESSION['rechecked_password_step']); unset($_SESSION['rechecked_password_step']);
$oPassword = new Password();
$auth_args = new stdClass(); $auth_args = new stdClass();
$auth_args->user_id = $newEmail; $auth_args->user_id = $newEmail;
$auth_args->member_srl = $member_info->member_srl; $auth_args->member_srl = $member_info->member_srl;
$auth_args->auth_key = $oPassword->createSecureSalt(40); $auth_args->auth_key = Rhymix\Framework\Security::getRandom(40, 'hex');
$auth_args->new_password = 'XE_change_emaill_address'; $auth_args->new_password = 'XE_change_emaill_address';
$oDB = &DB::getInstance(); $oDB = &DB::getInstance();

50
modules/member/member.model.php
View file

@ -1107,10 +1107,19 @@ class memberModel extends member
} }
// Check the password // Check the password
$oPassword = new Password(); $password_match = false;
$current_algorithm = $oPassword->checkAlgorithm($hashed_password); $current_algorithm = false;
$match = $oPassword->checkPassword($password_text, $hashed_password, $current_algorithm); $possible_algorithms = Rhymix\Framework\Password::checkAlgorithm($hashed_password);
if(!$match) foreach ($possible_algorithms as $algorithm)
{
if (Rhymix\Framework\Password::checkPassword($password_text, $hashed_password, $algorithm))
{
$password_match = true;
$current_algorithm = $algorithm;
break;
}
}
if (!$password_match)
{ {
return false; return false;
} }
@ -1119,22 +1128,26 @@ class memberModel extends member
$config = $this->getMemberConfig(); $config = $this->getMemberConfig();
if($member_srl > 0 && $config->password_hashing_auto_upgrade != 'N') if($member_srl > 0 && $config->password_hashing_auto_upgrade != 'N')
{ {
$need_upgrade = false; $required_algorithm = Rhymix\Framework\Password::getDefaultAlgorithm();
if ($required_algorithm !== $current_algorithm)
if(!$need_upgrade)
{ {
$required_algorithm = $oPassword->getCurrentlySelectedAlgorithm(); $need_upgrade = true;
if($required_algorithm !== $current_algorithm) $need_upgrade = true; }
else
{
$required_work_factor = Rhymix\Framework\Password::getWorkFactor();
$current_work_factor = Rhymix\Framework\Password::checkWorkFactor($hashed_password);
if ($current_work_factor !== false && $required_work_factor > $current_work_factor)
{
$need_upgrade = true;
}
else
{
$need_upgrade = false;
}
} }
if(!$need_upgrade) if ($need_upgrade)
{
$required_work_factor = $oPassword->getWorkFactor();
$current_work_factor = $oPassword->checkWorkFactor($hashed_password);
if($current_work_factor !== false && $required_work_factor > $current_work_factor) $need_upgrade = true;
}
if($need_upgrade === true)
{ {
$args = new stdClass(); $args = new stdClass();
$args->member_srl = $member_srl; $args->member_srl = $member_srl;
@ -1155,8 +1168,7 @@ class memberModel extends member
*/ */
function hashPassword($password_text, $algorithm = null) function hashPassword($password_text, $algorithm = null)
{ {
$oPassword = new Password(); return Rhymix\Framework\Password::hashPassword($password_text, $algorithm);
return $oPassword->createHash($password_text, $algorithm);
} }
function checkPasswordStrength($password, $strength) function checkPasswordStrength($password, $strength)