Remove user_password class and move the functionality into the user helper class

author: Tim Almdal <tnalmdal@shaw.ca> 2008-11-12 15:53:39 +0000
committer: Tim Almdal <tnalmdal@shaw.ca> 2008-11-12 15:53:39 +0000
commit: 2019e9a931ffde9b2358241aa1844b4a826a76f9 (patch)
tree: a28cbdc0eb4f323895b87c0cd3d6c714ad83fa9c /modules
parent: 56dcb953b0b1fa9d47d6c1dd0f1f60a07ac98433 (diff)
6 files changed, 62 insertions, 98 deletions
diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
index 25e2abea..e6f10ec8 100644
--- a/modules/user/controllers/login.php
+++ b/modules/user/controllers/login.php
@@ -25,11 +25,11 @@ class Login_Controller extends Controller {
 
     if ($form->validate()) {
       // Load the user
-      $user = ORM::factory("user")->where("display_name", $form->username->value)->find();
+      $user = ORM::factory("user")->where("name", $form->username->value)->find();
       if (!$user->loaded) {
         $form->error_message = "Invalid username or password";
       } else {
-        if (user_password::is_correct_password($user,$form->password->value)) {
+        if (user::is_correct_password($user,$form->password->value)) {
           user::login($user);
           url::redirect("user/success.html");
         } else {
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
index e522f016..aec058d6 100644
--- a/modules/user/helpers/user.php
+++ b/modules/user/helpers/user.php
@@ -25,19 +25,66 @@
  *
  */
 class user {
+
   /**
-   * Function to determine if the user has logged in.
-   * @param $user(optional) Defaults to null, if specified will compare against the user in the 
-   *                        session.
-   * @returns boolean   true if logged in
+   * Is the password provided correct?
+   *
+   * @param user User Model
+   * @param string $password a plaintext password
+   * @return boolean true if the password is correct
    */
-  public static function is_logged_in($user=null) {
-    $session_user = Session::instance()->get("user", null);
-    $logged_in = false;
-    if (!empty($session_user)) {
-      $logged_in = !empty($user) && $session_user === $user;
+  public static function is_correct_password($user, $password) {
+    $valid = $user->password;
+
+    $salt = substr($valid, 0, 4);
+    /* Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: */
+    $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
+    if (!strcmp($guess, $valid)) {
+      return true;
+    }
+
+    /* Passwords with <&"> created by G2 prior to 2.1 were hashed with entities */
+    $sanitizedPassword = html::specialchars($password, false);
+    $guess = (strlen($valid) == 32) ? md5($sanitizedPassword)
+          : ($salt . md5($salt . $sanitizedPassword));
+    if (!strcmp($guess, $valid)) {
+      return true;
     }
 
-    return $logged_in;
+    /* Also support hashes generated by phpass for interoperability with other applications */
+    if (strlen($valid) == 34) {
+      $hashGenerator = new PasswordHash(10, true);
+      return $hashGenerator->CheckPassword($password, $valid);
+    }
+
+    return false;
+  }
+
+  /**
+   * Create the hashed passwords.
+   * @param string $password a plaintext password
+   * @return string hashed password
+   */
+  public static function hash_password($password) {
+    return user::_md5Salt($password);
+  }
+
+  /**
+   * Create a hashed password using md5 plus salt.
+   * @param string $password plaintext password
+   * @param string $salt (optional) salt or hash containing salt (randomly generated if omitted)
+   * @return string hashed password
+   */
+  private static function _md5Salt($password, $salt='') {
+    if (empty($salt)) {
+      for ($i = 0; $i < 4; $i++) {
+        $char = mt_rand(48, 109);
+        $char += ($char > 90) ? 13 : ($char > 57) ? 7 : 0;
+        $salt .= chr($char);
+      }
+    } else {
+      $salt = substr($salt, 0, 4);
+    }
+    return $salt . md5($salt . $password);
   }
 }
 \ No newline at end of file
diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php
index 391915a3..77d10899 100644
--- a/modules/user/helpers/user_installer.php
+++ b/modules/user/helpers/user_installer.php
@@ -65,7 +65,7 @@ class user_installer {
       $user_module->version = 1;
       $user_module->save();
 
-      $user = ORM::factory("user")->where("display_name", "admin")->find();
+      $user = ORM::factory("user")->where("name", "admin")->find();
       $user->name = "admin";
       $user->display_name = "Gallery Administrator";
       $user->password = "admin";
diff --git a/modules/user/helpers/user_password.php b/modules/user/helpers/user_password.php
deleted file mode 100644
index 45de5bef..00000000
--- a/modules/user/helpers/user_password.php
+++ /dev/null
@@ -1,83 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2008 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class user_password {
-
-  /**
-   * Is the password provided correct?
-   *
-   * @param user User Model
-   * @param string $password a plaintext password
-   * @return boolean true if the password is correct
-   */
-  public static function is_correct_password($user, $password) {
-    $valid = $user->password;
-
-    $salt = substr($valid, 0, 4);
-    /* Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: */
-    $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
-    if (!strcmp($guess, $valid)) {
-      return true;
-    }
-
-    /* Passwords with <&"> created by G2 prior to 2.1 were hashed with entities */
-    $sanitizedPassword = html::specialchars($password, false);
-    $guess = (strlen($valid) == 32) ? md5($sanitizedPassword)
-          : ($salt . md5($salt . $sanitizedPassword));
-    if (!strcmp($guess, $valid)) {
-      return true;
-    }
-
-    /* Also support hashes generated by phpass for interoperability with other applications */
-    if (strlen($valid) == 34) {
-      $hashGenerator = new PasswordHash(10, true);
-      return $hashGenerator->CheckPassword($password, $valid);
-    }
-
-    return false;
-  }
-
-  /**
-   * Create the hashed passwords.
-   * @param string $password a plaintext password
-   * @return string hashed password
-   */
-  public static function hash_password($password) {
-    return user_password::_md5Salt($password);
-  }
-
-  /**
-   * Create a hashed password using md5 plus salt.
-   * @param string $password plaintext password
-   * @param string $salt (optional) salt or hash containing salt (randomly generated if omitted)
-   * @return string hashed password
-   */
-  private static function _md5Salt($password, $salt='') {
-    if (empty($salt)) {
-      for ($i = 0; $i < 4; $i++) {
-        $char = mt_rand(48, 109);
-        $char += ($char > 90) ? 13 : ($char > 57) ? 7 : 0;
-        $salt .= chr($char);
-      }
-    } else {
-      $salt = substr($salt, 0, 4);
-    }
-    return $salt . md5($salt . $password);
-  }
-}
diff --git a/modules/user/models/user.php b/modules/user/models/user.php
index d02d0ae0..feab3f42 100644
--- a/modules/user/models/user.php
+++ b/modules/user/models/user.php
@@ -23,7 +23,7 @@ class User_Model extends ORM {
   public function __set($column, $value) {
     switch ($column) {
       case "password":
-        $value = user_password::hash_password($value);
+        $value = user::hash_password($value);
         break;
     }
     parent::__set($column, $value);
diff --git a/modules/user/tests/User_Installer_Test.php b/modules/user/tests/User_Installer_Test.php
index 4ececd98..c7b6afbe 100644
--- a/modules/user/tests/User_Installer_Test.php
+++ b/modules/user/tests/User_Installer_Test.php
@@ -27,7 +27,7 @@ class User_Installer_Test extends Unit_Test_Case {
     $user = ORM::factory("user", 1);
     $this->assert_equal("Gallery Administrator", $user->display_name);
     $this->assert_equal("admin", $user->name);
-    $this->assert_true(user_password::is_correct_password($user, "admin"));
+    $this->assert_true(user::is_correct_password($user, "admin"));
 
     $this->assert_equal(
       array("administrator", "registered"),
author	Tim Almdal <tnalmdal@shaw.ca>	2008-11-12 15:53:39 +0000
committer	Tim Almdal <tnalmdal@shaw.ca>	2008-11-12 15:53:39 +0000
commit	2019e9a931ffde9b2358241aa1844b4a826a76f9 (patch)
tree	a28cbdc0eb4f323895b87c0cd3d6c714ad83fa9c /modules
parent	56dcb953b0b1fa9d47d6c1dd0f1f60a07ac98433 (diff)