X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Ffunctions.php;h=cb784575d783fc344077c3db9d8d78cbe1964433;hp=344d99eea479c71257f3f5e8d65aa1f0cef259fc;hb=4681b437e331256dc70663f130ce2de57a03d099;hpb=521ac3b392846c6ccef44c19cc82d63c47432297
diff --git a/include/functions.php b/include/functions.php
index 344d99e..cb78457 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -46,20 +46,20 @@ function config_check()
if(!isset($ADMIN_EMAIL))
{
output_header();
- echo "
Setup not completed
";
- echo "You need to set \$ADMIN_EMAIL in config.php. ".
- "If something goes wrong an email will be send to this address.";
+ echo 'Setup not completed
';
+ echo 'You need to set $ADMIN_EMAIL in config.php. '.
+ 'If something goes wrong an email will be send to this address.';
output_footer();
exit();
}
if(!isset($DB_work))
{
output_header();
- echo "Setup not completed
";
- echo "You need to set \$DB_work in config.php. ".
- "If this is set to anything else than 0, the game will be suspended and one can work safely on the database. ".
- "A message will be displayed that it will probably take about N minutes, with N being the number \$DB_work is set to. ".
- "The default should be 0 for the game to work.";
+ echo 'Setup not completed
';
+ echo 'You need to set $DB_work in config.php. '.
+ 'If this is set to anything else than 0, the game will be suspended and one can work safely on the database. '.
+ 'A message will be displayed that it will probably take about N minutes, with N being the number $DB_work is set to. '.
+ 'The default should be 0 for the game to work.';
output_footer();
exit();
}
@@ -1650,4 +1650,53 @@ function get_user_token($userid)
return $token;
}
+function verify_password($email, $password)
+{
+ /* verify password, if old password has length 32 assume it's an old md5, else use new password scheme */
+ /* return 0 if verified, else return error code
+ * 1 can't find email
+ * 2 can't calculate correct hash
+ * 3 misc error
+ */
+
+ /* check user email by getting his id */
+ $userid = DB_get_userid('email',$email);
+ if(!$userid)
+ return 1;
+
+ /* test for temporary passwords, only valid for one date (tested in the DB) */
+ $tmppasswd = md5($password);
+ if(DB_check_recovery_passwords($tmppasswd,$email))
+ return 0;
+
+ /* get saved password */
+ $existingpassword = DB_get_passwd_by_userid($userid);
+
+ if(strlen($existingpassword)==32) /* old password type */
+ {
+ if ($existingpassword == md5($password))
+ {
+ /* update password to new crypt version */
+ // create a password hash using the crypt function, need php 5.3 for this
+ // create and random salt
+ $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
+ // hash incoming password using 12 rounds of blowfish
+ $hash = crypt($password, '$2y$12$' . $salt);
+ if(strlen($hash)>13)
+ DB_query("UPDATE User SET password='$hash' where id='$userid'");
+ else
+ return 2;
+
+ return 0;
+ }
+ }
+ else
+ {
+ if ($existingpassword == crypt($password, $existingpassword))
+ return 0;
+ };
+
+ return 3;
+}
+
?>