* Change password hashing to sha1

shino · shino · commit 97f132688ce8 · 2009-01-26T19:01:13.000Z
* Fix big typo in some classes (forgot 'new' before Exception !) * No utf8_bin in mysql schemas git-svn-id: http://svn.gna.org/svn/nevertable/trunk@113 8c9cce2d-531c-0410-91e8-f72d6ccfd7b9
diff --git a/classes/class.auth.php b/classes/class.auth.php
@@ -43,11 +43,11 @@ function SessionBegin()
 	{
       $cookiedata = unserialize(stripslashes($_COOKIE[$config["cookie_name"]]));
       if ($cookiedata["auto"] && !isset($_SESSION['user_logged']))
-        $this->Perform($cookiedata["user"], $cookiedata["md5"], true, false);
+        $this->Perform($cookiedata["user"], $cookiedata["sha1"], true, false);
 	}
   }
 
-  function Perform($login, $passwd, $md5_passwd=false, $cookie=false)
+  function Perform($login, $passwd, $sha1_passwd=false, $cookie=false)
   {
       global $config;
 
@@ -67,8 +67,8 @@ function Perform($login, $passwd, $md5_passwd=false, $cookie=false)
       }
       $val = $this->db->FetchArray($res);
       
-      if (!$md5_passwd)
-        $passwd = md5($passwd);  
+      if (!$sha1_passwd)
+        $passwd = Auth::Hash($passwd);  
        
       if($passwd == $val['passwd'])
       { 
@@ -84,7 +84,7 @@ function Perform($login, $passwd, $md5_passwd=false, $cookie=false)
           /* create cookie */
           $cookiedata["auto"] = true;
           $cookiedata["user"] = $_SESSION['user_pseudo'];
-          $cookiedata["md5"]  = $val['passwd'];
+          $cookiedata["sha1"]  = $val['passwd'];
        	  setcookie($config["cookie_name"], serialize($cookiedata), time()+$config["cookie_expire"], $config["cookie_path"], $config["cookie_domain"], false);
         }
         return true;
@@ -111,6 +111,10 @@ function CloseSession()
     setcookie($config["cookie_name"], serialize($cookiedata), time()+$config["cookie_expire"], $config["cookie_path"], $config["cookie_domain"], false);
   }
 
+  static function Hash($v)
+  {
+  	return sha1($v);
+  }
   static function Check($level)
   {
     return (isset($level) && isset($_SESSION['user_logged']) && $_SESSION['user_logged']
diff --git a/classes/class.comment.php b/classes/class.comment.php
@@ -178,7 +178,7 @@ function GetFields()
     function SetError($error)
     {
       $this->error = $error;
-      throw Exception($this->error);
+      throw new Exception($this->error);
     }
     
     function GetError()
diff --git a/classes/class.map.php b/classes/class.map.php
@@ -146,7 +146,7 @@ function SetFields($fields)
     function SetError($error)
     {
       $this->error = $error;
-      throw Exception($this->error);
+      throw new Exception($this->error);
     }
     
     function GetError()
diff --git a/classes/class.record.php b/classes/class.record.php
@@ -348,7 +348,7 @@ function _UpdateUserStats()
     function SetError($error)
     {
       $this->error = $error;
-      throw Exception($this->error);
+      throw new Exception($this->error);
     }
     
     function GetError()
diff --git a/classes/class.replay.php b/classes/class.replay.php
@@ -195,7 +195,7 @@ function IsGoalReached()
     function SetError($error)
     {
       $this->error = $error;
-      throw Exception($this->error);
+      throw new Exception($this->error);
     }
     
     function GetError()
diff --git a/classes/class.set.php b/classes/class.set.php
@@ -204,7 +204,7 @@ function SetFields($fields)
     function SetError($error)
     {
       $this->error = $error;
-      throw Exception($this->error);
+      throw new Exception($this->error);
     }
     
     function GetError()
diff --git a/classes/class.smilies.php b/classes/class.smilies.php
@@ -96,7 +96,7 @@ function IsLoad()
   function SetError($error)
   {
     $this->error = $error;
-   // throw Exception($this->error);
+   // throw new Exception($this->error);
   }
     
   function GetError()
diff --git a/classes/class.tag.tagboard.php b/classes/class.tag.tagboard.php
@@ -167,7 +167,7 @@ function Purge($id)
   function SetError($error)
   {
     $this->error = $error;
-    throw Exception($this->error);
+    throw new Exception($this->error);
   }
     
   function GetError()
diff --git a/classes/class.user.php b/classes/class.user.php
@@ -445,7 +445,7 @@ function _CleanFields()
     function SetError($error)
     {
       $this->error = $error;
-      throw Exception($this->error);
+      throw new Exception($this->error);
     }
     
     function GetError()
diff --git a/forgot.php b/forgot.php
@@ -57,7 +57,7 @@
   if (!isset($val['id']))
     exit;
   $table->db->NewQuery("UPDATE",  "users");
-  $table->db->UpdateSet(array("passwd" => md5($newpass)));
+  $table->db->UpdateSet(array("passwd" => Auth::Hash($newpass)));
   $table->db->Where("id", $val['id']);
   $table->db->Limit(1);
   $table->db->Query();
diff --git a/install/nevertable_db_schemas.sql b/install/nevertable_db_schemas.sql
@@ -33,7 +33,7 @@ CREATE TABLE `nvrtbl_com` (
 -- 
 
 CREATE TABLE `nvrtbl_conf` (
-  `conf_name` varchar(255) character set utf8 collate utf8_bin NOT NULL default '',
+  `conf_name` varchar(255) NOT NULL default '',
   `conf_value` text,
   `conf_desc` text,
   PRIMARY KEY  (`conf_name`)
@@ -129,19 +129,19 @@ CREATE TABLE `nvrtbl_users` (
   `id` int(11) NOT NULL auto_increment,
   `level` tinyint(4) NOT NULL default '0',
   `pseudo` varchar(32) NOT NULL default '',
-  `passwd` varchar(32) NOT NULL default '',
+  `passwd` varchar(40) NOT NULL default '',
   `email` varchar(255) NOT NULL default '',
   `user_limit` smallint(6) NOT NULL default '0',
   `user_comments_limit` smallint(6) NOT NULL,
   `user_sidebar_comments` smallint(6) NOT NULL default '0',
   `user_sidebar_comlength` smallint(6) NOT NULL default '0',
   `user_sort` tinyint(4) NOT NULL default '0',
-  `user_theme` varchar(40) character set utf8 collate utf8_bin NOT NULL default '',
+  `user_theme` varchar(40) NOT NULL default '',
   `user_lang` varchar(2) NOT NULL default 'en',
-  `user_avatar` varchar(40) character set utf8 collate utf8_bin NOT NULL default '',
+  `user_avatar` varchar(40) NOT NULL default '',
   `user_speech` text NOT NULL,
-  `user_localisation` varchar(40) character set utf8 collate utf8_bin NOT NULL default '',
-  `user_web` varchar(80) character set utf8 collate utf8_bin NOT NULL default '',
+  `user_localisation` varchar(40) NOT NULL default '',
+  `user_web` varchar(80) NOT NULL default '',
   `stat_total_records` int(11) NOT NULL default '0',
   `stat_best_records` int(11) NOT NULL default '0',
   `stat_comments` int(11) NOT NULL default '0',
diff --git a/profile.php b/profile.php
@@ -136,7 +136,7 @@ function CheckLimitsInfo($args)
     else
     {
       //mise � jour du nouveau mot de passe
-      $user->SetFields(array('passwd' => md5($args['passwd1'])));
+      $user->SetFields(array('passwd' => Auth::Hash($args['passwd1'])));
       $user->Update();
     }
   }
diff --git a/register.php b/register.php
@@ -93,7 +93,7 @@
   //protection
   $fields = array(
       'pseudo' => addslashes($args['pseudo']),
-      'passwd' => md5($args['passwd1']),
+      'passwd' => Auth::Hash($args['passwd1']),
       'email' => addslashes($args['email']),
       'level' => $level,
       'user_theme' => 'default',

Original file line number	Diff line number	Diff line change
`@@ -43,11 +43,11 @@ function SessionBegin()`
`43`	`43`	`{`
`44`	`44`	`$cookiedata = unserialize(stripslashes($_COOKIE[$config["cookie_name"]]));`
`45`	`45`	`if ($cookiedata["auto"] && !isset($_SESSION['user_logged']))`
`46`		`- $this->Perform($cookiedata["user"], $cookiedata["md5"], true, false);`
	`46`	`+ $this->Perform($cookiedata["user"], $cookiedata["sha1"], true, false);`
`47`	`47`	`}`
`48`	`48`	`}`
`49`	`49`
`50`		`- function Perform($login, $passwd, $md5_passwd=false, $cookie=false)`
	`50`	`+ function Perform($login, $passwd, $sha1_passwd=false, $cookie=false)`
`51`	`51`	`{`
`52`	`52`	`global $config;`
`53`	`53`
`@@ -67,8 +67,8 @@ function Perform($login, $passwd, $md5_passwd=false, $cookie=false)`
`67`	`67`	`}`
`68`	`68`	`$val = $this->db->FetchArray($res);`
`69`	`69`
`70`		`- if (!$md5_passwd)`
`71`		`- $passwd = md5($passwd);`
	`70`	`+ if (!$sha1_passwd)`
	`71`	`+ $passwd = Auth::Hash($passwd);`
`72`	`72`
`73`	`73`	`if($passwd == $val['passwd'])`
`74`	`74`	`{`
`@@ -84,7 +84,7 @@ function Perform($login, $passwd, $md5_passwd=false, $cookie=false)`
`84`	`84`	`/* create cookie */`
`85`	`85`	`$cookiedata["auto"] = true;`
`86`	`86`	`$cookiedata["user"] = $_SESSION['user_pseudo'];`
`87`		`- $cookiedata["md5"] = $val['passwd'];`
	`87`	`+ $cookiedata["sha1"] = $val['passwd'];`
`88`	`88`	`setcookie($config["cookie_name"], serialize($cookiedata), time()+$config["cookie_expire"], $config["cookie_path"], $config["cookie_domain"], false);`
`89`	`89`	`}`
`90`	`90`	`return true;`
`@@ -111,6 +111,10 @@ function CloseSession()`
`111`	`111`	`setcookie($config["cookie_name"], serialize($cookiedata), time()+$config["cookie_expire"], $config["cookie_path"], $config["cookie_domain"], false);`
`112`	`112`	`}`
`113`	`113`
	`114`	`+ static function Hash($v)`
	`115`	`+ {`
	`116`	`+ return sha1($v);`
	`117`	`+ }`
`114`	`118`	`static function Check($level)`
`115`	`119`	`{`
`116`	`120`	`return (isset($level) && isset($_SESSION['user_logged']) && $_SESSION['user_logged']`
Original file line number	Diff line number	Diff line change
`@@ -178,7 +178,7 @@ function GetFields()`
`178`	`178`	`function SetError($error)`
`179`	`179`	`{`
`180`	`180`	`$this->error = $error;`
`181`		`- throw Exception($this->error);`
	`181`	`+ throw new Exception($this->error);`
`182`	`182`	`}`
`183`	`183`
`184`	`184`	`function GetError()`
Original file line number	Diff line number	Diff line change
`@@ -146,7 +146,7 @@ function SetFields($fields)`
`146`	`146`	`function SetError($error)`
`147`	`147`	`{`
`148`	`148`	`$this->error = $error;`
`149`		`- throw Exception($this->error);`
	`149`	`+ throw new Exception($this->error);`
`150`	`150`	`}`
`151`	`151`
`152`	`152`	`function GetError()`
Original file line number	Diff line number	Diff line change
`@@ -348,7 +348,7 @@ function _UpdateUserStats()`
`348`	`348`	`function SetError($error)`
`349`	`349`	`{`
`350`	`350`	`$this->error = $error;`
`351`		`- throw Exception($this->error);`
	`351`	`+ throw new Exception($this->error);`
`352`	`352`	`}`
`353`	`353`
`354`	`354`	`function GetError()`
Original file line number	Diff line number	Diff line change
`@@ -195,7 +195,7 @@ function IsGoalReached()`
`195`	`195`	`function SetError($error)`
`196`	`196`	`{`
`197`	`197`	`$this->error = $error;`
`198`		`- throw Exception($this->error);`
	`198`	`+ throw new Exception($this->error);`
`199`	`199`	`}`
`200`	`200`
`201`	`201`	`function GetError()`
Original file line number	Diff line number	Diff line change
`@@ -204,7 +204,7 @@ function SetFields($fields)`
`204`	`204`	`function SetError($error)`
`205`	`205`	`{`
`206`	`206`	`$this->error = $error;`
`207`		`- throw Exception($this->error);`
	`207`	`+ throw new Exception($this->error);`
`208`	`208`	`}`
`209`	`209`
`210`	`210`	`function GetError()`
Original file line number	Diff line number	Diff line change
`@@ -96,7 +96,7 @@ function IsLoad()`
`96`	`96`	`function SetError($error)`
`97`	`97`	`{`
`98`	`98`	`$this->error = $error;`
`99`		`- // throw Exception($this->error);`
	`99`	`+ // throw new Exception($this->error);`
`100`	`100`	`}`
`101`	`101`
`102`	`102`	`function GetError()`
Original file line number	Diff line number	Diff line change
`@@ -167,7 +167,7 @@ function Purge($id)`
`167`	`167`	`function SetError($error)`
`168`	`168`	`{`
`169`	`169`	`$this->error = $error;`
`170`		`- throw Exception($this->error);`
	`170`	`+ throw new Exception($this->error);`
`171`	`171`	`}`
`172`	`172`
`173`	`173`	`function GetError()`
Original file line number	Diff line number	Diff line change
`@@ -445,7 +445,7 @@ function _CleanFields()`
`445`	`445`	`function SetError($error)`
`446`	`446`	`{`
`447`	`447`	`$this->error = $error;`
`448`		`- throw Exception($this->error);`
	`448`	`+ throw new Exception($this->error);`
`449`	`449`	`}`
`450`	`450`
`451`	`451`	`function GetError()`