Gah, bad syntax

[quix0rs-gnu-social.git] / plugins / AuthCrypt / AuthCryptPlugin.php

diff --git a/plugins/AuthCrypt/AuthCryptPlugin.php b/plugins/AuthCrypt/AuthCryptPlugin.php
index 26366879e6664827ad73d2fa35eb10fc01cf278c..62019aa015a0f7182c6fca11ea2e41dd73d712ca 100644 (file)
--- a/plugins/AuthCrypt/AuthCryptPlugin.php
+++ b/plugins/AuthCrypt/AuthCryptPlugin.php
@@ -44,12 +44,14 @@ class AuthCryptPlugin extends AuthenticationPlugin
 
     function checkPassword($username, $password)
     {
+        $username = Nickname::normalize($username);
+
         $user = User::getKV('nickname', $username);
         if (!($user instanceof User)) {
             return false;
         }
 
-        // crypt cuts the second parameter to its appropriate length based on hash scheme
+        // crypt understands what the salt part of $user->password is
         if ($user->password === crypt($password, $user->password)) {
             return $user;
         }
@@ -66,9 +68,23 @@ class AuthCryptPlugin extends AuthenticationPlugin
         return false;
     }
 
+    protected function cryptSalt($len=CRYPT_SALT_LENGTH)
+    {
+        $chars = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+        $salt  = '';
+
+        for ($i=0; $i<$len; $i++) {
+            $salt .= $chars{mt_rand(0, strlen($chars)-1)};
+        }
+
+        return $salt;
+    }
+
     // $oldpassword is already verified when calling this function... shouldn't this be private?!
     function changePassword($username, $oldpassword, $newpassword)
     {
+        $username = Nickname::normalize($username);
+
         if (!$this->password_changeable) {
             return false;
         }
@@ -87,25 +103,24 @@ class AuthCryptPlugin extends AuthenticationPlugin
     public function hashPassword($password, Profile $profile=null)
     {
         // A new, unique salt per new record stored...
-        // TODO: common_good_rand should be more diverse than hexdec
-        return crypt($password, $this->hash . common_good_rand(CRYPT_SALT_LENGTH));
+        return crypt($password, $this->hash . self::cryptSalt());
     }
 
     /*
      * EVENTS
      */
 
-    public function onStartChangePassword($user, $oldpassword, $newpassword)
+    public function onStartChangePassword(Profile $target, $oldpassword, $newpassword)
     {
-        if (!$this->checkPassword($user->nickname, $oldpassword)) {
+        if (!$this->checkPassword($target->getNickname(), $oldpassword)) {
             // if we ARE in overwrite mode, test password with common_check_user
-            if (!$this->overwrite || !common_check_user($user->nickname, $oldpassword)) {
+            if (!$this->overwrite || !common_check_user($target->getNickname(), $oldpassword)) {
                 // either we're not in overwrite mode, or the password was incorrect
                 return !$this->authoritative;
             }
             // oldpassword was apparently ok
         }
-        $changed = $this->changePassword($user->nickname, $oldpassword, $newpassword);
+        $changed = $this->changePassword($target->getNickname(), $oldpassword, $newpassword);
 
         return (!$changed && empty($this->authoritative));
     }
@@ -135,12 +150,12 @@ class AuthCryptPlugin extends AuthenticationPlugin
         return true;
     }
 
-    public function onPluginVersion(&$versions)
+    public function onPluginVersion(array &$versions)
     {
         $versions[] = array('name' => 'AuthCrypt',
-                            'version' => STATUSNET_VERSION,
+                            'version' => GNUSOCIAL_VERSION,
                             'author' => 'Mikael Nordfeldth',
-                            'homepage' => 'http://status.net/wiki/Plugin:AuthCrypt',
+                            'homepage' => 'https://git.gnu.io/gnu/gnu-social/tree/master/plugins/AuthCrypt',
                             'rawdescription' =>
                             // TRANS: Plugin description.
                             _m('Authentication and password hashing with crypt()'));