Skip to content

Commit

Permalink
security password and remember_me
Browse files Browse the repository at this point in the history
  • Loading branch information
@KeruyCRM
KeruyCRM committed Aug 23, 2022
1 parent e5e08cb commit 89bf626
Show file tree
Hide file tree
Showing 6 changed files with 97 additions and 19 deletions.
4 changes: 2 additions & 2 deletions app/controllers/main/users/change_password.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,14 +55,14 @@ public function change()
}

if (!$error) {
$hasher = new \Libs\PasswordHash(11, false);
//$hasher = new \Libs\PasswordHash(11, false);

/*$sql_data = [];
$sql_data['password'] = $hasher->HashPassword($password);
db_perform('app_entity_1', $sql_data, 'update', "id='" . db_input(\K::$fw->app_logged_users_id) . "'");*/

\K::model()->db_perform('app_entity_1', ['password' => $hasher->HashPassword($password)], [
\K::model()->db_perform('app_entity_1', ['password' => \K::security()->password_hash($password)], [
'id = ?',
\K::$fw->app_logged_users_id
]);
Expand Down
4 changes: 1 addition & 3 deletions app/controllers/set/install.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -320,9 +320,7 @@ private function _setSqlConfig()
$insert_query2,
[
':time' => time(),
':user_password' => \Libs\PasswordHash::instance(11, false)->HashPassword(
$this->f3->POST['user_password']
),
':user_password' => \K::security()->password_hash($this->f3->POST['user_password']),
':fields7' => $this->f3->POST['fields'][7],
':fields8' => $this->f3->POST['fields'][8],
':fields9' => $this->f3->POST['fields'][9],
Expand Down
63 changes: 63 additions & 0 deletions app/helpers/security.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,4 +130,67 @@ private function decrypt36($n, $key)
$decrypt = ((0x00FFFFFF & $n) << 8) + (((0xFF000000 & $n) >> 24) & 0x000000FF);
return $decrypt ^ crc32($key);
}

public function password_hash($password)
{
return password_hash($password, PASSWORD_DEFAULT);
}

public function password_verify($password, $hash, $user_id)
{
$rehash = false;

if ($this->isPasswordHash($hash)) {
$hasher = new \Libs\PasswordHash(11, false);
$verify = $hasher->CheckPassword($password, $hash);

if ($verify) {
$rehash = true;
}
} else {
$verify = password_verify($password, $hash);

if ($verify and $this->password_needs_rehash($hash)) {
$rehash = true;
}
}

if ($verify and $rehash) {
\K::model()->db_update('app_entity_1', ['password' => $this->password_hash($password)], [
'id = ?',
$user_id
]);
}

return $verify;
}

private function password_needs_rehash($hash)
{
return password_needs_rehash($hash, PASSWORD_DEFAULT);
}

private function isPasswordHash($hash)
{
$id = substr($hash, 0, 3);
return $id == '$P$';
}

public function getCookieHash($expires, $username, $password_hash)
{
return $expires . $this->_DELIMITER . hash_hmac(
'sha256',
$username . $this->_DELIMITER . $expires,
$password_hash
);
}

public function isRememberMe($hash, $username, $passwordHash)
{
$expires = rtrim(substr($hash, 0, -64), $this->_DELIMITER);

$passwordHashedGen = $this->getCookieHash($expires, $username, $passwordHash);

return hash_equals($hash, $passwordHashedGen);
}
}
1 change: 0 additions & 1 deletion app/libs/PasswordHash.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,6 @@ function __construct($iteration_count_log2, $portable_hashes)

function get_random_bytes($count)
{
//TODO refactor function to random_bytes
$output = '';

/*
Expand Down
43 changes: 30 additions & 13 deletions app/models/main/users/users.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -559,7 +559,10 @@ public static function get_users_access_schema($access_groups_id)
);*/

$access_info_query = \K::model()->db_fetch(
'app_entities_access', ['access_groups_id = ?', $access_groups_id],[],'entities_id,access_schema'
'app_entities_access',
['access_groups_id = ?', $access_groups_id],
[],
'entities_id,access_schema'
);//FIX

//while ($access_info = db_fetch_array($access_info_query)) {
Expand Down Expand Up @@ -872,10 +875,8 @@ static function set_client_id()
}
}

public static function login($username, $password, $remember_me, $password_hashed = null, $redirect_to = null)
public static function login($username, $password, $remember_me, $hash = null, $redirect_to = null)
{
//global $alerts, $_GET;

/*$user_query = db_query(
"select * from app_entity_1 where field_12='" . db_input(
$username
Expand All @@ -885,16 +886,16 @@ public static function login($username, $password, $remember_me, $password_hashe
$user = \K::model()->db_fetch_one(
'app_entity_1',
[
'field_12 = :field_12' . (isset($password_hashed) ? ' and password = :password' : ''),
'field_12 = :field_12',
':field_12' => $username
] + (isset($password_hashed) ? [':password' => $password_hashed] : [])
]
);

if ($user) {
if ($user['field_5'] == 1) {
$hasher = new \Libs\PasswordHash(11, false);
//$hasher = new \Libs\PasswordHash(11, false);

if (isset($password_hashed)) {
if (isset($hash) and \K::security()->isRememberMe($hash, $username, $user['password'])) {
\K::app_session_register('app_logged_users_id', $user['id']);

\Models\Main\Users\Users_login_log::success($username, $user['id']);
Expand All @@ -905,7 +906,8 @@ public static function login($username, $password, $remember_me, $password_hashe
} else {
\Helpers\Urls::redirect_to('main/dashboard');
}
} elseif ($hasher->CheckPassword($password, $user['password'])) {
//} elseif ($hasher->CheckPassword($password, $user['password'])) {
} elseif (\K::security()->password_verify($password, $user['password'], $user['id'])) {
\K::app_session_register('app_logged_users_id', $user['id']);

//login log
Expand All @@ -914,10 +916,25 @@ public static function login($username, $password, $remember_me, $password_hashe
}

if ($remember_me == 1) {
\K::cookieSet('app_remember_me', 1, 60 * 60 * 24 * 30);
\K::cookieSet('app_stay_logged', 1, 60 * 60 * 24 * 30);
\K::cookieSet('app_remember_user', base64_encode($user['field_12']), 60 * 60 * 24 * 30);
\K::cookieSet('app_remember_pass', base64_encode($user['password']), 60 * 60 * 24 * 30);
$expires = time() + \K::$fw->CFG_COOKIE_TIME_REMEMBER_ME;
$app_remember_pass = \K::security()->getCookieHash(
$expires,
$user['field_12'],
$user['password']
);

\K::cookieSet('app_remember_me', 1, \K::$fw->CFG_COOKIE_TIME_REMEMBER_ME);
\K::cookieSet('app_stay_logged', 1, \K::$fw->CFG_COOKIE_TIME_REMEMBER_ME);
\K::cookieSet(
'app_remember_user',
base64_encode($user['field_12']),
\K::$fw->CFG_COOKIE_TIME_REMEMBER_ME
);
\K::cookieSet(
'app_remember_pass',
base64_encode($app_remember_pass),
\K::$fw->CFG_COOKIE_TIME_REMEMBER_ME
);
} else {
\K::cookieClear('app_remember_me');
\K::cookieClear('app_stay_logged');
Expand Down
1 change: 1 addition & 0 deletions config/security.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,5 @@
'CFG_TOKEN_LENGTH' => 32,
'CFG_SESSION_CHECK_IP' => false,
'CFG_SESSION_CHECK_BROWSER' => true,
'CFG_COOKIE_TIME_REMEMBER_ME' => 60 * 60 * 24 * 30 //1 month in sec
]);

0 comments on commit 89bf626

Please sign in to comment.