X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Ffunctions.php;h=cb784575d783fc344077c3db9d8d78cbe1964433;hp=344d99eea479c71257f3f5e8d65aa1f0cef259fc;hb=4681b437e331256dc70663f130ce2de57a03d099;hpb=521ac3b392846c6ccef44c19cc82d63c47432297

diff --git a/include/functions.php b/include/functions.php
index 344d99e..cb78457 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -46,20 +46,20 @@ function config_check()
   if(!isset($ADMIN_EMAIL))
     {
       output_header();
-      echo "<h1>Setup not completed</h1>";
-      echo "You need to set \$ADMIN_EMAIL in config.php. ".
-	"If something goes wrong an email will be send to this address.";
+      echo '<h1>Setup not completed</h1>';
+      echo 'You need to set $ADMIN_EMAIL in config.php. '.
+	'If something goes wrong an email will be send to this address.';
       output_footer();
       exit();
     }
   if(!isset($DB_work))
     {
       output_header();
-      echo "<h1>Setup not completed</h1>";
-      echo "You need to set \$DB_work in config.php. ".
-	"If this is set to anything else than 0, the game will be suspended and one can work safely on the database. ".
-	"A message will be displayed that it will probably take about N minutes, with N being the number \$DB_work is set to. ".
-	"The default should be 0 for the game to work.";
+      echo '<h1>Setup not completed</h1>';
+      echo 'You need to set $DB_work in config.php. '.
+	'If this is set to anything else than 0, the game will be suspended and one can work safely on the database. '.
+	'A message will be displayed that it will probably take about N minutes, with N being the number $DB_work is set to. '.
+	'The default should be 0 for the game to work.';
       output_footer();
       exit();
     }
@@ -1650,4 +1650,53 @@ function get_user_token($userid)
   return $token;
 }
 
+function verify_password($email, $password)
+{
+  /* verify password, if old password has length 32 assume it's an old md5, else use new password scheme */
+  /* return 0 if verified, else return error code
+   *        1 can't find email
+   *        2 can't calculate correct hash
+   *        3 misc error
+   */
+
+  /* check user email by getting his id */
+  $userid = DB_get_userid('email',$email);
+  if(!$userid)
+    return 1;
+
+  /* test for temporary passwords, only valid for one date (tested in the DB) */
+  $tmppasswd = md5($password);
+  if(DB_check_recovery_passwords($tmppasswd,$email))
+    return 0;
+
+  /* get saved password */
+  $existingpassword =  DB_get_passwd_by_userid($userid);
+
+  if(strlen($existingpassword)==32) /* old password type */
+    {
+      if ($existingpassword == md5($password))
+	{
+	  /* update password to new crypt version */
+	  // create a password hash using the crypt function, need php 5.3 for this
+	  // create and random salt
+	  $salt = substr(str_replace('+', '.', base64_encode(sha1(microtime(true), true))), 0, 22);
+	  // hash incoming password using 12 rounds of blowfish
+	  $hash = crypt($password, '$2y$12$' . $salt);
+	  if(strlen($hash)>13)
+	    DB_query("UPDATE User SET password='$hash' where id='$userid'");
+	  else
+	    return 2;
+
+	  return 0;
+	}
+    }
+  else
+    {
+      if ($existingpassword == crypt($password, $existingpassword))
+	return 0;
+    };
+
+  return 3;
+}
+
 ?>