1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 04:23:01 +00:00

Update the user preferences to support the new password hashing system

This commit is contained in:
Starbeamrainbowlabs 2018-05-11 11:41:40 +01:00
parent 62dff18b4d
commit 4abe3ecc29
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
3 changed files with 25 additions and 14 deletions

View file

@ -395,7 +395,7 @@ if($settings->sessionprefix == "auto")
///////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////
/** The version of Pepperminty Wiki currently running. */ /** The version of Pepperminty Wiki currently running. */
$version = "v0.17-dev"; $version = "v0.17-dev";
$commit = "d5b37e3ec04759342e4e5f121fc9912c13af0cd7"; $commit = "62dff18b4d1785b1ff8544b0e554af0f8ce6ab92";
/// Environment /// /// Environment ///
/** Holds information about the current request environment. */ /** Holds information about the current request environment. */
$env = new stdClass(); $env = new stdClass();
@ -5613,9 +5613,9 @@ function errorimage($text, $target_size = null)
register_module([ register_module([
"name" => "User Preferences", "name" => "User Preferences",
"version" => "0.3.2", "version" => "0.3.3",
"author" => "Starbeamrainbowlabs", "author" => "Starbeamrainbowlabs",
"description" => "Adds a user preferences page, letting pople do things like change their email address and password.", "description" => "Adds a user preferences page, letting people do things like change their email address and password.",
"id" => "feature-user-preferences", "id" => "feature-user-preferences",
"code" => function() { "code" => function() {
global $env, $settings; global $env, $settings;
@ -5759,14 +5759,17 @@ register_module([
exit(page_renderer::render_main("Password mismatch - $settings->sitename", "<p>The new password you typed twice didn't match! <a href='javascript:history.back();'>Go back</a>.</p>")); exit(page_renderer::render_main("Password mismatch - $settings->sitename", "<p>The new password you typed twice didn't match! <a href='javascript:history.back();'>Go back</a>.</p>"));
} }
// Check the current password // Check the current password
if(hash_password($_POST["current-pass"]) !== $env->user_data->password) { if(!verify_password($_POST["current-pass"], $env->user_data->password)) {
exit(page_renderer::render_main("Password mismatch - $settings->sitename", "<p>Error: You typed your current password incorrectly! <a href='javascript:history.back();'>Go back</a>.</p>")); exit(page_renderer::render_main("Password mismatch - $settings->sitename", "<p>Error: You typed your current password incorrectly! <a href='javascript:history.back();'>Go back</a>.</p>"));
} }
// All's good! Go ahead and change the password. // All's good! Go ahead and change the password.
$env->user_data->password = hash_password($_POST["new-pass"]); $env->user_data->password = hash_password($_POST["new-pass"]);
// Save the userdata back to disk // Save the userdata back to disk
save_userdata(); if(!save_userdata()) {
http_response_code(503);
exit(page_renderer::render_main("Error Saving Password - $settings->sitename", "<p>While you entered your old password correctly, $settings->sitename encountered an error whilst saving your password to disk! Your password has not been changed. Please contact $settings->admindetails_name for assistance (you can find their email address at the bottom of this page)."));
}
http_response_code(307); http_response_code(307);
header("location: ?action=user-preferences&success=yes&operation=change-password"); header("location: ?action=user-preferences&success=yes&operation=change-password");
@ -7483,7 +7486,12 @@ function hash_password($pass) {
$props["options"] $props["options"]
); );
} }
/**
* Verifies a user's password against a pre-generated hash.
* @param string $pass The user's password.
* @param string $hash The hash to compare against.
* @return bool Whether the password matches the has or not.
*/
function verify_password($pass, $hash) { function verify_password($pass, $hash) {
$pass_transformed = base64_encode(hash("sha384", $pass)); $pass_transformed = base64_encode(hash("sha384", $pass));
return password_verify($pass_transformed, $hash); return password_verify($pass_transformed, $hash);

View file

@ -127,11 +127,11 @@
}, },
{ {
"name": "User Preferences", "name": "User Preferences",
"version": "0.3.2", "version": "0.3.3",
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a user preferences page, letting pople do things like change their email address and password.", "description": "Adds a user preferences page, letting people do things like change their email address and password.",
"id": "feature-user-preferences", "id": "feature-user-preferences",
"lastupdate": 1497799247, "lastupdate": 1526035213,
"optional": false "optional": false
}, },
{ {
@ -203,7 +203,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.", "description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
"id": "page-login", "id": "page-login",
"lastupdate": 1526034825, "lastupdate": 1526034977,
"optional": false "optional": false
}, },
{ {

View file

@ -1,9 +1,9 @@
<?php <?php
register_module([ register_module([
"name" => "User Preferences", "name" => "User Preferences",
"version" => "0.3.2", "version" => "0.3.3",
"author" => "Starbeamrainbowlabs", "author" => "Starbeamrainbowlabs",
"description" => "Adds a user preferences page, letting pople do things like change their email address and password.", "description" => "Adds a user preferences page, letting people do things like change their email address and password.",
"id" => "feature-user-preferences", "id" => "feature-user-preferences",
"code" => function() { "code" => function() {
global $env, $settings; global $env, $settings;
@ -147,14 +147,17 @@ register_module([
exit(page_renderer::render_main("Password mismatch - $settings->sitename", "<p>The new password you typed twice didn't match! <a href='javascript:history.back();'>Go back</a>.</p>")); exit(page_renderer::render_main("Password mismatch - $settings->sitename", "<p>The new password you typed twice didn't match! <a href='javascript:history.back();'>Go back</a>.</p>"));
} }
// Check the current password // Check the current password
if(hash_password($_POST["current-pass"]) !== $env->user_data->password) { if(!verify_password($_POST["current-pass"], $env->user_data->password)) {
exit(page_renderer::render_main("Password mismatch - $settings->sitename", "<p>Error: You typed your current password incorrectly! <a href='javascript:history.back();'>Go back</a>.</p>")); exit(page_renderer::render_main("Password mismatch - $settings->sitename", "<p>Error: You typed your current password incorrectly! <a href='javascript:history.back();'>Go back</a>.</p>"));
} }
// All's good! Go ahead and change the password. // All's good! Go ahead and change the password.
$env->user_data->password = hash_password($_POST["new-pass"]); $env->user_data->password = hash_password($_POST["new-pass"]);
// Save the userdata back to disk // Save the userdata back to disk
save_userdata(); if(!save_userdata()) {
http_response_code(503);
exit(page_renderer::render_main("Error Saving Password - $settings->sitename", "<p>While you entered your old password correctly, $settings->sitename encountered an error whilst saving your password to disk! Your password has not been changed. Please contact $settings->admindetails_name for assistance (you can find their email address at the bottom of this page)."));
}
http_response_code(307); http_response_code(307);
header("location: ?action=user-preferences&success=yes&operation=change-password"); header("location: ?action=user-preferences&success=yes&operation=change-password");