From 626e020eb764fdd0fdfe50aa4f9cf48860fe2c1c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Fri, 16 May 2008 22:41:13 +0000 Subject: [PATCH] New re-hashing of passords while login should work now --- inc/modules/admin.php | 32 +++++++++++++------------------- inc/modules/admin/admin-inc.php | 31 +++++++++++++++++++++++++++++-- 2 files changed, 42 insertions(+), 21 deletions(-) diff --git a/inc/modules/admin.php b/inc/modules/admin.php index ad94f73f26..cb73fecea0 100644 --- a/inc/modules/admin.php +++ b/inc/modules/admin.php @@ -161,27 +161,21 @@ if (!isBooleanConstantAndTrue('admin_registered')) { switch ($ret) { case "done": // Admin and password are okay, so we log in now - // Try to register the session variables - if ((set_session("admin_md5", generatePassString(generateHash($_POST['pass'], __SALT)))) && (set_session("admin_login", $_POST['login'])) && (set_session("admin_last", time())) && (set_session("admin_to", $_POST['timeout']))) { - // Construct URL and redirect - $URL = URL."/modules.php?module=admin&"; - - // Rewrite overview module - if ($GLOBALS['what'] == "overview") { - $GLOBALS['action'] = GET_ACTION($GLOBALS['module'], $GLOBALS['what']); - } - - // Add data to URL - if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what']; - elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action']; - elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area']; + // Construct URL and redirect + $URL = URL."/modules.php?module=admin&"; - // Load URL - LOAD_URL($URL); - } else { - OUTPUT_HTML("".ADMIN_LOGIN_FAILED.""); - ADD_FATAL(CANNOT_REGISTER_SESS); + // Rewrite overview module + if ($GLOBALS['what'] == "overview") { + $GLOBALS['action'] = GET_ACTION($GLOBALS['module'], $GLOBALS['what']); } + + // Add data to URL + if (!empty($GLOBALS['what'])) $URL .= "what=".$GLOBALS['what']; + elseif (!empty($GLOBALS['action'])) $URL .= "action=".$GLOBALS['action']; + elseif (!empty($_GET['area'])) $URL .= "area=".$_GET['area']; + + // Load URL + LOAD_URL($URL); break; case "404": // Administrator login not found diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php index ed245b5394..4d3cde5ab7 100644 --- a/inc/modules/admin/admin-inc.php +++ b/inc/modules/admin/admin-inc.php @@ -97,6 +97,9 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) // Check if password is same if (($ret == "pass") && ($pass == generateHash($password, $salt)) && (!empty($salt))) { + // Change the passord hash here + $pass = generateHash($password); + // Update password $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_admins SET password='%s' WHERE login='%s' LIMIT 1", array($pass, $admin_login), __FILE__, __LINE__); @@ -106,15 +109,39 @@ function CHECK_ADMIN_LOGIN ($admin_login, $password) if ($cacheInstance->cache_file("admins", true)) $cacheInstance->cache_destroy(); } - // Password matches! - $ret = "done"; + // Login has failed by default... ;-) + $ret = "failed"; + + // Password matches so login here + if (LOGIN_ADMIN($admin_login, $pass)) { + // All done now + $ret = "done"; + } } elseif ((empty($salt)) && ($ret == "pass")) { // Something bad went wrong $ret = "failed"; } + + // Return the result return $ret; } +// Try to login the admin by setting some session/cookie variables +function LOGIN_ADMIN ($adminLogin, $passHash) { + // Now set all session variables and return the result + return ( + ( + set_session("admin_md5", generatePassString($passHash)) + ) && ( + set_session("admin_login", $adminLogin) + ) && ( + set_session("admin_last", time()) + ) && ( + set_session("admin_to", $_POST['timeout']) + ) + ); +} + // Only be executed on cookie checking function CHECK_ADMIN_COOKIES ($admin_login, $password) { global $cacheArray, $_CONFIG; -- 2.30.2