mirror of https://github.com/BOINC/boinc.git
web: Fix style incompatibilities
This commit is contained in:
Kevin Reed
parent
ea6f2c35ac
commit
1ceb1e3a24
|
|
@ -69,7 +69,7 @@ function make_user(
|
|||
$email_addr = BoincDb::escape_string($email_addr);
|
||||
$name = sanitize_tags($name);
|
||||
$name = BoincDb::escape_string($name);
|
||||
$database_passwd_hash = password_hash( $passwd_hash, PASSWORD_DEFAULT);
|
||||
$database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT);
|
||||
|
||||
$country = BoincDb::escape_string($country);
|
||||
$postal_code = sanitize_tags(BoincDb::escape_string($postal_code));
|
||||
|
|
|
|||
|
|
@ -24,11 +24,9 @@ require_once("../inc/email.inc");
|
|||
require_once("../inc/user.inc");
|
||||
require_once("../inc/password.php");
|
||||
|
||||
function do_passwd_rehash($user,$passwd_hash) {
|
||||
$database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT);
|
||||
$result = $user->update(
|
||||
"passwd_hash='$database_passwd_hash'"
|
||||
);
|
||||
function do_passwd_rehash($user, $passwd_hash) {
|
||||
$database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT);
|
||||
$result = $user->update(" passwd_hash='$database_passwd_hash' ");
|
||||
}
|
||||
|
||||
// check for email/password case
|
||||
|
|
@ -42,16 +40,16 @@ if ($email_addr && $passwd) {
|
|||
admin_error_page("No account found with email address $email_addr");
|
||||
}
|
||||
$passwd_hash = md5($passwd.$email_addr);
|
||||
if ( password_verify($passwd_hash,$user->passwd_hash) ) {
|
||||
if (password_verify($passwd_hash, $user->passwd_hash)) {
|
||||
// on valid login, rehash password if necessary to upgrade hash overtime
|
||||
// as the defaults change.
|
||||
if ( password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT) ) {
|
||||
do_passwd_rehash($user,$passwd_hash);
|
||||
if (password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT)) {
|
||||
do_passwd_rehash($user, $passwd_hash);
|
||||
}
|
||||
} else if ( $passwd_hash == $user->passwd_hash ) {
|
||||
} else if ($passwd_hash == $user->passwd_hash) {
|
||||
// if password is the legacy md5 hash, then rehash to update to
|
||||
// a more secure hash
|
||||
do_passwd_rehash($user,$passwd_hash);
|
||||
do_passwd_rehash($user, $passwd_hash);
|
||||
} else {
|
||||
admin_error_page("Login failed");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -177,7 +177,7 @@ if ($email_addr && $email_addr!=$user->email_addr) {
|
|||
$query .= " email_addr='$email_addr', ";
|
||||
}
|
||||
if ($password_hash) {
|
||||
$database_passwd_hash = password_hash($password_hash , PASSWORD_DEFAULT);
|
||||
$database_passwd_hash = password_hash($password_hash, PASSWORD_DEFAULT);
|
||||
$query .= " passwd_hash='$database_passwd_hash', ";
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ if (strlen($passwd_hash) != 32) {
|
|||
|
||||
$user = BoincUser::lookup_email_addr($email_addr);
|
||||
if ($user) {
|
||||
if ($user->passwd_hash != $passwd_hash && !password_verify($passwd_hash,$user->passwd_hash)) {
|
||||
if ($user->passwd_hash != $passwd_hash && !password_verify($passwd_hash, $user->passwd_hash)) {
|
||||
xml_error(ERR_DB_NOT_UNIQUE);
|
||||
} else {
|
||||
$authenticator = $user->authenticator;
|
||||
|
|
|
|||
|
|
@ -47,15 +47,15 @@ if (!is_valid_email_addr($email_addr)) {
|
|||
// deal with the case where user hasn't set passwd
|
||||
// (i.e. passwd is account key)
|
||||
//
|
||||
if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash,$user->passwd_hash)) {
|
||||
if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash, $user->passwd_hash)) {
|
||||
$passwd = $user->authenticator;
|
||||
$passwd_hash = md5($passwd.$user->email_addr);
|
||||
}
|
||||
if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash,$user->passwd_hash)) {
|
||||
if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash, $user->passwd_hash)) {
|
||||
echo tra("Invalid password.");
|
||||
} else {
|
||||
$passwd_hash = md5($passwd.$email_addr);
|
||||
$database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT );
|
||||
$database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT);
|
||||
$email_addr = BoincDb::escape_string($email_addr);
|
||||
$result = $user->update(
|
||||
"email_addr='$email_addr', passwd_hash='$database_passwd_hash', email_validated=0"
|
||||
|
|
|
|||
|
|
@ -46,8 +46,8 @@ if (strlen($passwd) < $min_passwd_length) {
|
|||
}
|
||||
|
||||
$passwd_hash = md5($passwd.$user->email_addr);
|
||||
$database_passwd_hash = password_hash( $passwd_hash, PASSWORD_DEFAULT);
|
||||
$result = $user->update("passwd_hash='$database_passwd_hash'");
|
||||
$database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT);
|
||||
$result = $user->update(" passwd_hash='$database_passwd_hash' ");
|
||||
if (!$result) {
|
||||
error_page(tra("We can't update your password due to a database problem. Please try again later."));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,11 +32,9 @@ require_once("../inc/password.php");
|
|||
|
||||
check_get_args(array("id", "t", "h", "key"));
|
||||
|
||||
function do_passwd_rehash($user,$passwd_hash) {
|
||||
$database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT);
|
||||
$result = $user->update(
|
||||
"passwd_hash='$database_passwd_hash'"
|
||||
);
|
||||
function do_passwd_rehash($user, $passwd_hash) {
|
||||
$database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT);
|
||||
$result = $user->update(" passwd_hash='$database_passwd_hash' ");
|
||||
}
|
||||
|
||||
// login with email addr / passwd
|
||||
|
|
@ -57,18 +55,18 @@ function login_with_email($email_addr, $passwd, $next_url, $perm) {
|
|||
error_page("This account has been administratively disabled.");
|
||||
}
|
||||
// allow authenticator as password
|
||||
if ($passwd != $user->authenticator ) {
|
||||
if ($passwd != $user->authenticator) {
|
||||
$passwd_hash = md5($passwd.$email_addr);
|
||||
if ( password_verify($passwd_hash,$user->passwd_hash) ) {
|
||||
if (password_verify($passwd_hash, $user->passwd_hash)) {
|
||||
// on valid login, rehash password if necessary to upgrade hash overtime
|
||||
// as the defaults change.
|
||||
if ( password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT) ) {
|
||||
do_passwd_rehash($user,$passwd_hash);
|
||||
if (password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT)) {
|
||||
do_passwd_rehash($user, $passwd_hash);
|
||||
}
|
||||
} else if ( $passwd_hash == $user->passwd_hash ) {
|
||||
} else if ($passwd_hash == $user->passwd_hash) {
|
||||
// if password is the legacy md5 hash, then rehash to update to
|
||||
// a more secure hash
|
||||
do_passwd_rehash($user,$passwd_hash);
|
||||
do_passwd_rehash($user, $passwd_hash);
|
||||
} else {
|
||||
sleep(LOGIN_FAIL_SLEEP_SEC);
|
||||
page_head("Password incorrect");
|
||||
|
|
|
|||
|
|
@ -25,11 +25,9 @@ require_once("../inc/xml.inc");
|
|||
require_once("../inc/ldap.inc");
|
||||
require_once("../inc/password.php");
|
||||
|
||||
function do_passwd_rehash($user,$passwd_hash) {
|
||||
$database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT);
|
||||
$result = $user->update(
|
||||
"passwd_hash='$database_passwd_hash'"
|
||||
);
|
||||
function do_passwd_rehash($user, $passwd_hash) {
|
||||
$database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT);
|
||||
$result = $user->update(" passwd_hash='$database_passwd_hash' ");
|
||||
}
|
||||
|
||||
xml_header();
|
||||
|
|
@ -80,21 +78,21 @@ if (LDAP_HOST && $ldap_auth) {
|
|||
// if no password set, set password to account key
|
||||
//
|
||||
if (!strlen($user->passwd_hash)) {
|
||||
$user->passwd_hash = password_hash($auth_hash , PASSWORD_DEFAULT);
|
||||
$user->update("passwd_hash='$user->passwd_hash'");
|
||||
$user->passwd_hash = password_hash($auth_hash, PASSWORD_DEFAULT);
|
||||
$user->update(" passwd_hash='$user->passwd_hash' ");
|
||||
}
|
||||
|
||||
if ( password_verify($passwd_hash,$user->passwd_hash) ) {
|
||||
if (password_verify($passwd_hash, $user->passwd_hash)) {
|
||||
// on valid login, rehash password if necessary to upgrade hash overtime
|
||||
// as the defaults change.
|
||||
if ( password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT) ) {
|
||||
do_passwd_rehash($user,$passwd_hash);
|
||||
if (password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT)) {
|
||||
do_passwd_rehash($user, $passwd_hash);
|
||||
}
|
||||
} else if ( $passwd_hash == $user->passwd_hash ) {
|
||||
} else if ($passwd_hash == $user->passwd_hash) {
|
||||
// if password is the legacy md5 hash, then rehash to update to
|
||||
// a more secure hash
|
||||
do_passwd_rehash($user,$passwd_hash);
|
||||
} else if ( $auth_hash == $passwd_hash ) {
|
||||
do_passwd_rehash($user, $passwd_hash);
|
||||
} else if ($auth_hash == $passwd_hash) {
|
||||
// if the passed hash matches the auth hash, then allow it
|
||||
} else {
|
||||
// if none of the above match, the password is invalid
|
||||
|
|
|
|||
Loading…
Reference in New Issue