diff options
| author | vincent-peugnet <v.peugnet@free.fr> | 2020-04-10 15:33:49 +0200 |
|---|---|---|
| committer | vincent-peugnet <v.peugnet@free.fr> | 2020-04-10 15:33:49 +0200 |
| commit | 7503edafe206d9f16da4d12b6dea0458ca9c2432 (patch) | |
| tree | 9cb2e207dac95d4ffe49e5ef1c06ebfaefa8053e | |
| parent | def7a991b0112f906fccf802587e8bc6b19bae29 (diff) | |
| parent | c63a0228333e18fe2b1b84c29ab70af82698bdab (diff) | |
| download | wcms-7503edafe206d9f16da4d12b6dea0458ca9c2432.tar.gz wcms-7503edafe206d9f16da4d12b6dea0458ca9c2432.zip | |
Merge branch 'implement-password'
| -rw-r--r-- | app/class/Application.php | 2 | ||||
| -rw-r--r-- | app/class/Controllerconnect.php | 4 | ||||
| -rw-r--r-- | app/class/Controlleruser.php | 7 | ||||
| -rw-r--r-- | app/class/Model.php | 1 | ||||
| -rw-r--r-- | app/class/Modeluser.php | 27 | ||||
| -rw-r--r-- | app/class/User.php | 18 | ||||
| -rw-r--r-- | app/view/templates/backtopbar.php | 3 | ||||
| -rw-r--r-- | app/view/templates/connect.php | 4 | ||||
| -rw-r--r-- | app/view/templates/user.php | 21 |
9 files changed, 49 insertions, 38 deletions
diff --git a/app/class/Application.php b/app/class/Application.php index 4ddf37e..48d898c 100644 --- a/app/class/Application.php +++ b/app/class/Application.php @@ -129,7 +129,7 @@ class Application <h2> <label for="password">Your password</label> </h2> - <input type="password" name="userinit[password]" id="password" minlength="4" maxlength="64" required> + <input type="password" name="userinit[password]" id="password" minlength="<?= Wcms\Model::PASSWORD_MIN_LENGTH ?>" maxlength="<?= Wcms\Model::PASSWORD_MAX_LENGTH ?>" required> <p><i>Your user passworder as first administrator.</i></p> </div> <input type="submit" value="set"> diff --git a/app/class/Controllerconnect.php b/app/class/Controllerconnect.php index e9af86a..8555e92 100644 --- a/app/class/Controllerconnect.php +++ b/app/class/Controllerconnect.php @@ -36,8 +36,8 @@ class Controllerconnect extends Controller public function login($route, $id = null) { - if (isset($_POST['pass'])) { - $this->user = $this->usermanager->passwordcheck($_POST['pass']); + if (!empty($_POST['pass']) && !empty($_POST['user'])) { + $this->user = $this->usermanager->passwordcheck($_POST['user'], $_POST['pass']); if ($this->user != false) { if ($this->user->expiredate() === false || $this->user->level() === 10 || $this->user->expiredate('date') > $this->now) { $this->user->connectcounter(); diff --git a/app/class/Controlleruser.php b/app/class/Controlleruser.php index 0ec8092..1586679 100644 --- a/app/class/Controlleruser.php +++ b/app/class/Controlleruser.php @@ -33,6 +33,9 @@ class Controlleruser extends Controller if($this->user->iseditor()) { $user = $this->usermanager->get($this->user); $user->hydrate($_POST); + if ($_POST['passwordhash']) { + $user->hashpassword(); + } $this->usermanager->add($user); $this->routedirect('user'); } else { @@ -50,7 +53,7 @@ class Controlleruser extends Controller $user = new User($_POST); if(empty($user->id()) || $this->usermanager->get($user)) { $this->routedirectget('user', ['error' => 'wrong_id']); - } elseif(empty($user->password()) || $this->usermanager->passwordexist($user->password()) || !$user->validpassword()) { + } elseif(empty($user->password()) || !$user->validpassword()) { $this->routedirectget('user', ['error' => 'change_password']); } else { if($user->passwordhashed()) { @@ -102,7 +105,7 @@ class Controlleruser extends Controller $userupdate->hydrate($_POST); if(empty($userupdate->id())) { $this->routedirectget('user', ['error' => 'wrong_id']); - } elseif (!empty($_POST['password']) && (empty($userupdate->password()) || $this->usermanager->passwordexist($userupdate->password()) || !$userupdate->validpassword())) { + } elseif (!empty($_POST['password']) && (empty($userupdate->password()) || !$userupdate->validpassword())) { $this->routedirectget('user', ['error' => 'password_unvalid']); } elseif (empty($userupdate->level())) { $this->routedirectget('user', ['error' => 'wrong_level']); diff --git a/app/class/Model.php b/app/class/Model.php index 6a8f111..1d8d27a 100644 --- a/app/class/Model.php +++ b/app/class/Model.php @@ -88,7 +88,6 @@ abstract class Model const TEXT_ELEMENTS = ['header', 'nav', 'main', 'aside', 'footer']; const MAX_ID_LENGTH = 64; - const PASSWORD_HASH = true; const PASSWORD_MIN_LENGTH = 4; const PASSWORD_MAX_LENGTH = 32; diff --git a/app/class/Modeluser.php b/app/class/Modeluser.php index 9ee04ba..3f459b2 100644 --- a/app/class/Modeluser.php +++ b/app/class/Modeluser.php @@ -126,14 +126,15 @@ class Modeluser extends Modeldb /** * Check if the password is used, and return by who * + * @param string $userid user ID * @param string $pass password clear * - * @return mixed User or false + * @return User|bool User or false */ - public function passwordcheck(string $pass) + public function passwordcheck(string $userid, string $pass) { - $userdatalist = $this->getlister(); - foreach ($userdatalist as $user) { + $user = $this->get($userid); + if ($user !== false) { if ($user->passwordhashed()) { if (password_verify($pass, $user->password())) { return $user; @@ -141,29 +142,13 @@ class Modeluser extends Modeldb } else { if ($user->password() === $pass) { return $user; - } + } } } return false; } /** - * Return information if the password is already used or not - * - * @param string $pass password clear - * - * @return bool password exist or not - */ - public function passwordexist(string $pass) : bool - { - if ($this->passwordcheck($pass) !== false) { - return true; - } else { - return false; - } - } - - /** * @param User $user * * @return bool depending on success diff --git a/app/class/User.php b/app/class/User.php index b735309..518b096 100644 --- a/app/class/User.php +++ b/app/class/User.php @@ -208,11 +208,21 @@ class User extends Item - - public function hashpassword() + /** + * Hash the password and set `$passwordhashed` to true. + * + * @return bool true in cas of success, otherwise false. + */ + public function hashpassword() : bool { - $this->password = password_hash($this->password, PASSWORD_DEFAULT); - $this->passwordhashed = true; + $hashedpassword = password_hash($this->password, PASSWORD_DEFAULT); + if (!empty($hashedpassword)) { + $this->password = $hashedpassword; + $this->passwordhashed = true; + return true; + } else { + return false; + } } public function validpassword() diff --git a/app/view/templates/backtopbar.php b/app/view/templates/backtopbar.php index 0710c85..597ae6f 100644 --- a/app/view/templates/backtopbar.php +++ b/app/view/templates/backtopbar.php @@ -61,7 +61,8 @@ if($user->isadmin()) { <form action="<?= $this->url('log') ?>" method="post" id="connect"> -<input type="password" name="pass" id="loginpass" placeholder="password" autofocus> +<input type="text" name="user" id="loginuser" autofocus placeholder="user" > +<input type="password" name="pass" id="loginpass" placeholder="password" > <input type="hidden" name="route" value="home"> <input type="hidden" name="rememberme" value="0"> <input type="checkbox" name="rememberme" id="rememberme" value="1"> diff --git a/app/view/templates/connect.php b/app/view/templates/connect.php index 6fd5b14..7f10384 100644 --- a/app/view/templates/connect.php +++ b/app/view/templates/connect.php @@ -18,7 +18,9 @@ if(in_array($route, ['pageedit', 'pageread', 'pageread/', 'pageadd'])) { echo '<input type="hidden" name="id" value="'. $id .'">'; } ?> -<input type="password" name="pass" id="loginpass" placeholder="password" autofocus> +<form action="<?= $this->url('log') ?>" method="post" id="connect"> +<input type="text" name="user" id="loginuser" autofocus placeholder="user" > +<input type="password" name="pass" id="loginpass" placeholder="password" > <input type="hidden" name="rememberme" value="0"> <input type="checkbox" name="rememberme" id="rememberme" value="1"> <label for="rememberme">Remember me</label> diff --git a/app/view/templates/user.php b/app/view/templates/user.php index ca944fd..f77699d 100644 --- a/app/view/templates/user.php +++ b/app/view/templates/user.php @@ -1,4 +1,8 @@ -<?php $this->layout('layout', ['title' => 'user', 'stylesheets' => [$css . 'home.css']]) ?> +<?php + +use Wcms\Model; + +$this->layout('layout', ['title' => 'user', 'stylesheets' => [$css . 'home.css']]) ?> <?php $this->start('page') ?> @@ -37,7 +41,14 @@ <input type="number" name="cookie" value="<?= $getuser->cookie() ?>" id="cookie" min="0" max="365"> <label for="cookie">Cookie conservation time <i>(In days)</i></label> <p>When you tick the <em>remember-me</em> checkbox during login, you can choose how much time <strong>W</strong> will remember you.</p> - <input type="submit" value="submit"> + + <input type="password" name="password" id="password" minlength="<?= Wcms\Model::PASSWORD_MIN_LENGTH ?>" maxlength="<?= Wcms\Model::PASSWORD_MAX_LENGTH ?>"> + <label for="password">New password</label> + + <input type="hidden" name="passwordhash" value="1"> + + </br> + <input type="submit" value="update"> </p> </form> @@ -91,10 +102,10 @@ <tr> <form action="<?= $this->url('useradd') ?>" method="post"> <td> - <input type="text" name="id" maxlength="128" required> + <input type="text" name="id" maxlength="<?= Wcms\Model::MAX_ID_LENGTH ?>" required> </td> <td> - <input type="password" name="password" minlength="4" maxlength="64" required> + <input type="password" name="password" id="password" minlength="<?= Wcms\Model::PASSWORD_MIN_LENGTH ?>" maxlength="<?= Wcms\Model::PASSWORD_MAX_LENGTH ?>" required> </td> <td> @@ -140,7 +151,7 @@ </td> <td> - <input type="password" name="password" minlength="4" maxlength="64" > + <input type="password" name="password" minlength="<?= Wcms\Model::PASSWORD_MIN_LENGTH ?>" maxlength="<?= Wcms\Model::PASSWORD_MAX_LENGTH ?>" > </td> <td> |