1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2008 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
/**
* This helper provides a common around the user management functions.
*
* @author Tim Almdal <public@timalmdal.com>
*
*/
class user {
/**
* Return the form for creating / modifying users.
*/
public static function get_edit_form($user) {
$form = new Forge(
url::site("users/{$user->id}?_method=put"), "", "post", array("id" => "gUserForm"));
$group = $form->group(_("User Info"));
$group->input("name") ->label(_("Name")) ->id("gName") ->value($user->name);
$group->input("display_name") ->label(_("Display Name")) ->id("gDisplayName") ->value($user->display_name);
$group->password("password") ->label(_("Password")) ->id("gPassword");
$group->input("email") ->label(_("Email")) ->id("gEmail") ->value($user->email);
$group->submit(_("Modify"));
$form->add_rules_from($user);
return $form;
}
/**
* Is the password provided correct?
*
* @param user User Model
* @param string $password a plaintext password
* @return boolean true if the password is correct
*/
public static function is_correct_password($user, $password) {
$valid = $user->password;
$salt = substr($valid, 0, 4);
/* Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: */
$guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
if (!strcmp($guess, $valid)) {
return true;
}
/* Passwords with <&"> created by G2 prior to 2.1 were hashed with entities */
$sanitizedPassword = html::specialchars($password, false);
$guess = (strlen($valid) == 32) ? md5($sanitizedPassword)
: ($salt . md5($salt . $sanitizedPassword));
if (!strcmp($guess, $valid)) {
return true;
}
/* Also support hashes generated by phpass for interoperability with other applications */
if (strlen($valid) == 34) {
$hashGenerator = new PasswordHash(10, true);
return $hashGenerator->CheckPassword($password, $valid);
}
return false;
}
/**
* Create the hashed passwords.
* @param string $password a plaintext password
* @return string hashed password
*/
public static function hash_password($password) {
return user::_md5Salt($password);
}
/**
* Perform the post authentication processing
* @param object $user the user object.
*/
public static function login($user) {
$user->login_count += 1;
$user->last_login = time();
$user->save();
Session::instance()->set('user', $user);
}
/**
* Create a hashed password using md5 plus salt.
* @param string $password plaintext password
* @param string $salt (optional) salt or hash containing salt (randomly generated if omitted)
* @return string hashed password
*/
private static function _md5Salt($password, $salt='') {
if (empty($salt)) {
for ($i = 0; $i < 4; $i++) {
$char = mt_rand(48, 109);
$char += ($char > 90) ? 13 : ($char > 57) ? 7 : 0;
$salt .= chr($char);
}
} else {
$salt = substr($salt, 0, 4);
}
return $salt . md5($salt . $password);
}
}
|
