From c5a9c71a1fbade72f35b5d39c5f71380436e96ce Mon Sep 17 00:00:00 2001 From: vincent-peugnet Date: Fri, 11 Jan 2019 14:13:50 +0100 Subject: password hash option retro compatible --- app/class/controlleruser.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'app/class/controlleruser.php') diff --git a/app/class/controlleruser.php b/app/class/controlleruser.php index 2b32993..8240d55 100644 --- a/app/class/controlleruser.php +++ b/app/class/controlleruser.php @@ -23,9 +23,12 @@ class Controlleruser extends Controller $user = new User($_POST); if(empty($user->id()) || $this->usermanager->get($user)) { $this->routedirectget('user', ['error' => 'wrong_id']); - } elseif(empty($user->password()) || $this->usermanager->passwordexist($user->password())) { + } elseif(empty($user->password()) || $this->usermanager->passwordexist($user->password()) || !$user->validpassword()) { $this->routedirectget('user', ['error' => 'change_password']); } else { + if($user->passwordhashed()) { + $user->hashpassword(); + } $this->usermanager->add($user); $this->routedirect('user'); } @@ -62,13 +65,16 @@ class Controlleruser extends Controller $userupdate->hydrate($_POST); if(empty($userupdate->id())) { $this->routedirectget('user', ['error' => 'wrong_id']); - } elseif (!empty($_POST['password']) && (empty($userupdate->password()) || $this->usermanager->passwordexist($userupdate->password()))) { - $this->routedirectget('user', ['error' => 'change_password']); + } elseif (!empty($_POST['password']) && (empty($userupdate->password()) || $this->usermanager->passwordexist($userupdate->password()) || !$userupdate->validpassword())) { + $this->routedirectget('user', ['error' => 'password_unvalid']); } elseif (empty($userupdate->level())) { $this->routedirectget('user', ['error' => 'wrong_level']); } elseif ($user->level() === 10 && $userupdate->level() !== 10 && $this->user->id() === $user->id()) { $this->routedirectget('user', ['error' => 'cant_edit_yourself']); } else { + if($userupdate->passwordhashed() && !$user->passwordhashed()) { + $userupdate->hashpassword(); + } $this->usermanager->add($userupdate); $this->routedirect('user'); } -- cgit v1.2.3 From b361e2e5d5bdb6cc6256d50f8292c910fc4d3de0 Mon Sep 17 00:00:00 2001 From: vincent-peugnet Date: Fri, 11 Jan 2019 18:09:55 +0100 Subject: user hash fix update --- app/class/controlleruser.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'app/class/controlleruser.php') diff --git a/app/class/controlleruser.php b/app/class/controlleruser.php index 8240d55..65fb2bc 100644 --- a/app/class/controlleruser.php +++ b/app/class/controlleruser.php @@ -72,6 +72,9 @@ class Controlleruser extends Controller } elseif ($user->level() === 10 && $userupdate->level() !== 10 && $this->user->id() === $user->id()) { $this->routedirectget('user', ['error' => 'cant_edit_yourself']); } else { + if($userupdate->password() !== $user->password() && $user->passwordhashed()) { + $userupdate->setpasswordhashed(false); + } if($userupdate->passwordhashed() && !$user->passwordhashed()) { $userupdate->hashpassword(); } -- cgit v1.2.3