From 1ceb1e3a24a445d1df5e19d6893c5297321b3605 Mon Sep 17 00:00:00 2001 From: Kevin Reed Date: Tue, 13 Mar 2018 16:49:14 -0500 Subject: [PATCH] web: Fix style incompatibilities --- html/inc/user_util.inc | 2 +- html/ops/login_action.php | 18 ++++++++---------- html/user/am_set_info.php | 2 +- html/user/create_account.php | 2 +- html/user/edit_email_action.php | 6 +++--- html/user/edit_passwd_action.php | 4 ++-- html/user/login_action.php | 20 +++++++++----------- html/user/lookup_account.php | 24 +++++++++++------------- 8 files changed, 36 insertions(+), 42 deletions(-) diff --git a/html/inc/user_util.inc b/html/inc/user_util.inc index dcdb6ac3c5..59f9f2ff2e 100644 --- a/html/inc/user_util.inc +++ b/html/inc/user_util.inc @@ -69,7 +69,7 @@ function make_user( $email_addr = BoincDb::escape_string($email_addr); $name = sanitize_tags($name); $name = BoincDb::escape_string($name); - $database_passwd_hash = password_hash( $passwd_hash, PASSWORD_DEFAULT); + $database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT); $country = BoincDb::escape_string($country); $postal_code = sanitize_tags(BoincDb::escape_string($postal_code)); diff --git a/html/ops/login_action.php b/html/ops/login_action.php index 1fc82687a1..e18fa47c09 100644 --- a/html/ops/login_action.php +++ b/html/ops/login_action.php @@ -24,11 +24,9 @@ require_once("../inc/email.inc"); require_once("../inc/user.inc"); require_once("../inc/password.php"); -function do_passwd_rehash($user,$passwd_hash) { - $database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT); - $result = $user->update( - "passwd_hash='$database_passwd_hash'" - ); +function do_passwd_rehash($user, $passwd_hash) { + $database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT); + $result = $user->update(" passwd_hash='$database_passwd_hash' "); } // check for email/password case @@ -42,16 +40,16 @@ if ($email_addr && $passwd) { admin_error_page("No account found with email address $email_addr"); } $passwd_hash = md5($passwd.$email_addr); - if ( password_verify($passwd_hash,$user->passwd_hash) ) { + if (password_verify($passwd_hash, $user->passwd_hash)) { // on valid login, rehash password if necessary to upgrade hash overtime // as the defaults change. - if ( password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT) ) { - do_passwd_rehash($user,$passwd_hash); + if (password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT)) { + do_passwd_rehash($user, $passwd_hash); } - } else if ( $passwd_hash == $user->passwd_hash ) { + } else if ($passwd_hash == $user->passwd_hash) { // if password is the legacy md5 hash, then rehash to update to // a more secure hash - do_passwd_rehash($user,$passwd_hash); + do_passwd_rehash($user, $passwd_hash); } else { admin_error_page("Login failed"); } diff --git a/html/user/am_set_info.php b/html/user/am_set_info.php index 602ab41460..0c28762be3 100644 --- a/html/user/am_set_info.php +++ b/html/user/am_set_info.php @@ -177,7 +177,7 @@ if ($email_addr && $email_addr!=$user->email_addr) { $query .= " email_addr='$email_addr', "; } if ($password_hash) { - $database_passwd_hash = password_hash($password_hash , PASSWORD_DEFAULT); + $database_passwd_hash = password_hash($password_hash, PASSWORD_DEFAULT); $query .= " passwd_hash='$database_passwd_hash', "; } diff --git a/html/user/create_account.php b/html/user/create_account.php index 65fcecb542..3ba6aaab67 100644 --- a/html/user/create_account.php +++ b/html/user/create_account.php @@ -70,7 +70,7 @@ if (strlen($passwd_hash) != 32) { $user = BoincUser::lookup_email_addr($email_addr); if ($user) { - if ($user->passwd_hash != $passwd_hash && !password_verify($passwd_hash,$user->passwd_hash)) { + if ($user->passwd_hash != $passwd_hash && !password_verify($passwd_hash, $user->passwd_hash)) { xml_error(ERR_DB_NOT_UNIQUE); } else { $authenticator = $user->authenticator; diff --git a/html/user/edit_email_action.php b/html/user/edit_email_action.php index 7445bba430..1c706a1e85 100644 --- a/html/user/edit_email_action.php +++ b/html/user/edit_email_action.php @@ -47,15 +47,15 @@ if (!is_valid_email_addr($email_addr)) { // deal with the case where user hasn't set passwd // (i.e. passwd is account key) // - if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash,$user->passwd_hash)) { + if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash, $user->passwd_hash)) { $passwd = $user->authenticator; $passwd_hash = md5($passwd.$user->email_addr); } - if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash,$user->passwd_hash)) { + if ($passwd_hash != $user->passwd_hash && !password_verify($passwd_hash, $user->passwd_hash)) { echo tra("Invalid password."); } else { $passwd_hash = md5($passwd.$email_addr); - $database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT ); + $database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT); $email_addr = BoincDb::escape_string($email_addr); $result = $user->update( "email_addr='$email_addr', passwd_hash='$database_passwd_hash', email_validated=0" diff --git a/html/user/edit_passwd_action.php b/html/user/edit_passwd_action.php index f06d3a222c..ddae5ac65e 100644 --- a/html/user/edit_passwd_action.php +++ b/html/user/edit_passwd_action.php @@ -46,8 +46,8 @@ if (strlen($passwd) < $min_passwd_length) { } $passwd_hash = md5($passwd.$user->email_addr); -$database_passwd_hash = password_hash( $passwd_hash, PASSWORD_DEFAULT); -$result = $user->update("passwd_hash='$database_passwd_hash'"); +$database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT); +$result = $user->update(" passwd_hash='$database_passwd_hash' "); if (!$result) { error_page(tra("We can't update your password due to a database problem. Please try again later.")); } diff --git a/html/user/login_action.php b/html/user/login_action.php index 0348f5d95d..3f2a1457d3 100644 --- a/html/user/login_action.php +++ b/html/user/login_action.php @@ -32,11 +32,9 @@ require_once("../inc/password.php"); check_get_args(array("id", "t", "h", "key")); -function do_passwd_rehash($user,$passwd_hash) { - $database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT); - $result = $user->update( - "passwd_hash='$database_passwd_hash'" - ); +function do_passwd_rehash($user, $passwd_hash) { + $database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT); + $result = $user->update(" passwd_hash='$database_passwd_hash' "); } // login with email addr / passwd @@ -57,18 +55,18 @@ function login_with_email($email_addr, $passwd, $next_url, $perm) { error_page("This account has been administratively disabled."); } // allow authenticator as password - if ($passwd != $user->authenticator ) { + if ($passwd != $user->authenticator) { $passwd_hash = md5($passwd.$email_addr); - if ( password_verify($passwd_hash,$user->passwd_hash) ) { + if (password_verify($passwd_hash, $user->passwd_hash)) { // on valid login, rehash password if necessary to upgrade hash overtime // as the defaults change. - if ( password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT) ) { - do_passwd_rehash($user,$passwd_hash); + if (password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT)) { + do_passwd_rehash($user, $passwd_hash); } - } else if ( $passwd_hash == $user->passwd_hash ) { + } else if ($passwd_hash == $user->passwd_hash) { // if password is the legacy md5 hash, then rehash to update to // a more secure hash - do_passwd_rehash($user,$passwd_hash); + do_passwd_rehash($user, $passwd_hash); } else { sleep(LOGIN_FAIL_SLEEP_SEC); page_head("Password incorrect"); diff --git a/html/user/lookup_account.php b/html/user/lookup_account.php index 9c32c076b0..d003a8be36 100644 --- a/html/user/lookup_account.php +++ b/html/user/lookup_account.php @@ -25,11 +25,9 @@ require_once("../inc/xml.inc"); require_once("../inc/ldap.inc"); require_once("../inc/password.php"); -function do_passwd_rehash($user,$passwd_hash) { - $database_passwd_hash = password_hash($passwd_hash , PASSWORD_DEFAULT); - $result = $user->update( - "passwd_hash='$database_passwd_hash'" - ); +function do_passwd_rehash($user, $passwd_hash) { + $database_passwd_hash = password_hash($passwd_hash, PASSWORD_DEFAULT); + $result = $user->update(" passwd_hash='$database_passwd_hash' "); } xml_header(); @@ -80,21 +78,21 @@ if (LDAP_HOST && $ldap_auth) { // if no password set, set password to account key // if (!strlen($user->passwd_hash)) { - $user->passwd_hash = password_hash($auth_hash , PASSWORD_DEFAULT); - $user->update("passwd_hash='$user->passwd_hash'"); + $user->passwd_hash = password_hash($auth_hash, PASSWORD_DEFAULT); + $user->update(" passwd_hash='$user->passwd_hash' "); } - if ( password_verify($passwd_hash,$user->passwd_hash) ) { + if (password_verify($passwd_hash, $user->passwd_hash)) { // on valid login, rehash password if necessary to upgrade hash overtime // as the defaults change. - if ( password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT) ) { - do_passwd_rehash($user,$passwd_hash); + if (password_needs_rehash($user->passwd_hash, PASSWORD_DEFAULT)) { + do_passwd_rehash($user, $passwd_hash); } - } else if ( $passwd_hash == $user->passwd_hash ) { + } else if ($passwd_hash == $user->passwd_hash) { // if password is the legacy md5 hash, then rehash to update to // a more secure hash - do_passwd_rehash($user,$passwd_hash); - } else if ( $auth_hash == $passwd_hash ) { + do_passwd_rehash($user, $passwd_hash); + } else if ($auth_hash == $passwd_hash) { // if the passed hash matches the auth hash, then allow it } else { // if none of the above match, the password is invalid