New re-hashing of passords while login should work now
authorRoland Häder <roland@mxchange.org>
Fri, 16 May 2008 22:41:13 +0000 (22:41 +0000)
committerRoland Häder <roland@mxchange.org>
Fri, 16 May 2008 22:41:13 +0000 (22:41 +0000)
inc/modules/admin.php
inc/modules/admin/admin-inc.php

index ad94f73..cb73fec 100644 (file)
@@ -161,27 +161,21 @@ if (!isBooleanConstantAndTrue('admin_registered')) {
                switch ($ret)
                {
                case "done": // Admin and password are okay, so we log in now
-                       // Try to register the session variables
-                       if ((set_session("admin_md5", generatePassString(generateHash($_POST['pass'], __SALT)))) && (set_session("admin_login", $_POST['login'])) && (set_session("admin_last", time())) && (set_session("admin_to", $_POST['timeout']))) {
-                               // Construct URL and redirect
-                               $URL = URL."/modules.php?module=admin&amp;";
-
-                               // Rewrite overview module
-                               if ($GLOBALS['what'] == "overview") {
-                                       $GLOBALS['action'] = GET_ACTION($GLOBALS['module'], $GLOBALS['what']);
-                               }
-
-                               // Add data to URL
-                               if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what'];
-                                elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action'];
-                                elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area'];
+                       // Construct URL and redirect
+                       $URL = URL."/modules.php?module=admin&amp;";
 
-                               // Load URL
-                               LOAD_URL($URL);
-                       } else {
-                               OUTPUT_HTML("<STRONG class=\"admin_fatal\">".ADMIN_LOGIN_FAILED."</STRONG>");
-                               ADD_FATAL(CANNOT_REGISTER_SESS);
+                       // Rewrite overview module
+                       if ($GLOBALS['what'] == "overview") {
+                               $GLOBALS['action'] = GET_ACTION($GLOBALS['module'], $GLOBALS['what']);
                        }
+
+                       // Add data to URL
+                       if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what'];
+                        elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action'];
+                        elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area'];
+
+                       // Load URL
+                       LOAD_URL($URL);
                        break;
 
                case "404": // Administrator login not found
index ed245b5..4d3cde5 100644 (file)
@@ -97,6 +97,9 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
 
        // Check if password is same
        if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt)))   {
+               // Change the passord hash here
+               $pass = generateHash($password);
+
                // Update password
                $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1",
                 array($pass, $admin_login), __FILE__, __LINE__);
@@ -106,15 +109,39 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password)
                        if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy();
                }
 
-               // Password matches!
-               $ret = "done";
+               // Login has failed by default... ;-)
+               $ret = "failed";
+
+               // Password matches so login here
+               if (LOGIN_ADMIN($admin_login, $pass)) {
+                       // All done now
+                       $ret = "done";
+               }
        } elseif ((empty($salt)) && ($ret == "pass")) {
                // Something bad went wrong
                $ret = "failed";
        }
+
+       // Return the result
        return $ret;
 }
 
+// Try to login the admin by setting some session/cookie variables
+function LOGIN_ADMIN ($adminLogin, $passHash) {
+       // Now set all session variables and return the result
+       return (
+               (
+                       set_session("admin_md5", generatePassString($passHash))
+               ) && (
+                       set_session("admin_login", $adminLogin)
+               ) && (
+                       set_session("admin_last", time())
+               ) && (
+                       set_session("admin_to", $_POST['timeout'])
+               )
+       );
+}
+
 // Only be executed on cookie checking
 function CHECK_ADMIN_COOKIES ($admin_login, $password) {
        global $cacheArray, $_CONFIG;