harmacist/vichan
1
0
Fork 0
forked from GithubBackups/vichan
Code Pull Requests Activity

auth.php: trim

Browse Source
This commit is contained in:
Zankaria 2024-04-30 11:34:53 +02:00
parent 4cfb1ec576
commit 39ce0e7dfc
1 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
inc/mod/auth.php
View File

@ -9,14 +9,14 @@ defined('TINYBOARD') or exit;
// create a hash/salt pair for validate logins // create a hash/salt pair for validate logins
function mkhash($username, $password, $salt = false) { function mkhash($username, $password, $salt = false) {
global $config; global $config;
if (!$salt) { if (!$salt) {
// create some sort of salt for the hash // create some sort of salt for the hash
$salt = substr(base64_encode(sha1(rand() . time(), true) . $config['cookies']['salt']), 0, 15); $salt = substr(base64_encode(sha1(rand() . time(), true) . $config['cookies']['salt']), 0, 15);
$generated_salt = true; $generated_salt = true;
} }
// generate hash (method is not important as long as it's strong) // generate hash (method is not important as long as it's strong)
$hash = substr( $hash = substr(
base64_encode( base64_encode(
@ -30,7 +30,7 @@ function mkhash($username, $password, $salt = false) {
) )
), 0, 20 ), 0, 20
); );
if (isset($generated_salt)) if (isset($generated_salt))
return array($hash, $salt); return array($hash, $salt);
else else
@ -81,11 +81,11 @@ function generate_salt() {
function login($username, $password) { function login($username, $password) {
global $mod, $config; global $mod, $config;
$query = prepare("SELECT `id`, `type`, `boards`, `password`, `version` FROM ``mods`` WHERE BINARY `username` = :username"); $query = prepare("SELECT `id`, `type`, `boards`, `password`, `version` FROM ``mods`` WHERE BINARY `username` = :username");
$query->bindValue(':username', $username); $query->bindValue(':username', $username);
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
if ($user = $query->fetch(PDO::FETCH_ASSOC)) { if ($user = $query->fetch(PDO::FETCH_ASSOC)) {
list($version, $ok) = test_password($user['password'], $user['version'], $password); list($version, $ok) = test_password($user['password'], $user['version'], $password);
@ -109,7 +109,7 @@ function login($username, $password) {
); );
} }
} }
return false; return false;
} }
@ -117,10 +117,10 @@ function setCookies() {
global $mod, $config; global $mod, $config;
if (!$mod) if (!$mod)
error('setCookies() was called for a non-moderator!'); error('setCookies() was called for a non-moderator!');
setcookie($config['cookies']['mod'], setcookie($config['cookies']['mod'],
$mod['username'] . // username $mod['username'] . // username
':' . ':' .
$mod['hash'][0] . // password $mod['hash'][0] . // password
':' . ':' .
$mod['hash'][1], // salt $mod['hash'][1], // salt
@ -147,36 +147,36 @@ function modLog($action, $_board=null) {
else else
$query->bindValue(':board', null, PDO::PARAM_NULL); $query->bindValue(':board', null, PDO::PARAM_NULL);
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
if ($config['syslog']) if ($config['syslog'])
_syslog(LOG_INFO, '[mod/' . $mod['username'] . ']: ' . $action); _syslog(LOG_INFO, '[mod/' . $mod['username'] . ']: ' . $action);
} }
function create_pm_header() { function create_pm_header() {
global $mod, $config; global $mod, $config;
if ($config['cache']['enabled'] && ($header = cache::get('pm_unread_' . $mod['id'])) != false) { if ($config['cache']['enabled'] && ($header = cache::get('pm_unread_' . $mod['id'])) != false) {
if ($header === true) if ($header === true)
return false; return false;
return $header; return $header;
} }
$query = prepare("SELECT `id` FROM ``pms`` WHERE `to` = :id AND `unread` = 1"); $query = prepare("SELECT `id` FROM ``pms`` WHERE `to` = :id AND `unread` = 1");
$query->bindValue(':id', $mod['id'], PDO::PARAM_INT); $query->bindValue(':id', $mod['id'], PDO::PARAM_INT);
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
if ($pm = $query->fetch(PDO::FETCH_ASSOC)) if ($pm = $query->fetch(PDO::FETCH_ASSOC))
$header = array('id' => $pm['id'], 'waiting' => $query->rowCount() - 1); $header = array('id' => $pm['id'], 'waiting' => $query->rowCount() - 1);
else else
$header = true; $header = true;
if ($config['cache']['enabled']) if ($config['cache']['enabled'])
cache::set('pm_unread_' . $mod['id'], $header); cache::set('pm_unread_' . $mod['id'], $header);
if ($header === true) if ($header === true)
return false; return false;
return $header; return $header;
} }
@ -197,12 +197,12 @@ function check_login($prompt = false) {
if ($prompt) mod_login(); if ($prompt) mod_login();
exit; exit;
} }
$query = prepare("SELECT `id`, `type`, `boards`, `password` FROM ``mods`` WHERE `username` = :username"); $query = prepare("SELECT `id`, `type`, `boards`, `password` FROM ``mods`` WHERE `username` = :username");
$query->bindValue(':username', $cookie[0]); $query->bindValue(':username', $cookie[0]);
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
$user = $query->fetch(PDO::FETCH_ASSOC); $user = $query->fetch(PDO::FETCH_ASSOC);
// validate password hash // validate password hash
if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) { if ($cookie[1] !== mkhash($cookie[0], $user['password'], $cookie[2])) {
// Malformed cookies // Malformed cookies
@ -210,7 +210,7 @@ function check_login($prompt = false) {
if ($prompt) mod_login(); if ($prompt) mod_login();
exit; exit;
} }
$mod = array( $mod = array(
'id' => (int)$user['id'], 'id' => (int)$user['id'],
'type' => (int)$user['type'], 'type' => (int)$user['type'],