From 5e850171e2f323e0ac13df5f8e1c1d5046959a52 Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Sun, 1 Jan 2017 15:43:20 +0100 Subject: [PATCH 1/3] Fixed "Constant already defined" notice --- config/config.default.php | 6 +++--- includes/engelsystem_provider.php | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/config/config.default.php b/config/config.default.php index 64c43cfa..49530608 100644 --- a/config/config.default.php +++ b/config/config.default.php @@ -25,9 +25,9 @@ $LETZTES_AUSTRAGEN = 3; // define('CRYPT_ALG', '$1'); // MD5 // define('CRYPT_ALG', '$2y$13'); // Blowfish // define('CRYPT_ALG', '$5$rounds=5000'); // SHA-256 -define('CRYPT_ALG', '$6$rounds=5000'); // SHA-512 +// define('CRYPT_ALG', '$6$rounds=5000'); // SHA-512 -define('MIN_PASSWORD_LENGTH', 8); +// define('MIN_PASSWORD_LENGTH', 8); // Wenn Engel beim Registrieren oder in ihrem Profil eine T-Shirt Größe angeben sollen, auf true setzen: $enable_tshirt_size = true; @@ -64,6 +64,6 @@ $config = [ 'host' => "localhost", 'user' => "root", 'pw' => "", - 'db' => "engelsystem" + 'db' => "engelsystem" ]; ?> diff --git a/includes/engelsystem_provider.php b/includes/engelsystem_provider.php index 595af9f9..ef9cee15 100644 --- a/includes/engelsystem_provider.php +++ b/includes/engelsystem_provider.php @@ -68,6 +68,9 @@ if (file_exists(realpath(__DIR__ . '/../config/config.php'))) { require_once realpath(__DIR__ . '/../config/config.php'); } +defined('CRYPT_ALG') || define('CRYPT_ALG', '$6$rounds=5000'); // SHA-512 +defined('MIN_PASSWORD_LENGTH') || define('MIN_PASSWORD_LENGTH', 8); + if ($maintenance_mode) { echo file_get_contents(__DIR__ . '/../public/maintenance.html'); die(); From 1f8d1eb4bbe9a764fa69a2da936db7adbfb2941e Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Sun, 1 Jan 2017 18:49:43 +0100 Subject: [PATCH 2/3] Fixed "Constant already defined" notice Added more ugly global variables --- config/config.default.php | 10 +++++----- includes/controller/users_controller.php | 5 +++-- includes/engelsystem_provider.php | 3 --- includes/pages/guest_login.php | 6 +++--- includes/pages/user_settings.php | 3 ++- includes/sys_auth.php | 10 ++++++---- 6 files changed, 19 insertions(+), 18 deletions(-) diff --git a/config/config.default.php b/config/config.default.php index 49530608..0b268c12 100644 --- a/config/config.default.php +++ b/config/config.default.php @@ -22,12 +22,12 @@ $LETZTES_AUSTRAGEN = 3; // Falls ein Benutzerpasswort in einem anderen Format gespeichert ist, // wird es bei der ersten Benutzung des Klartext-Passworts in das neue Format // konvertiert. -// define('CRYPT_ALG', '$1'); // MD5 -// define('CRYPT_ALG', '$2y$13'); // Blowfish -// define('CRYPT_ALG', '$5$rounds=5000'); // SHA-256 -// define('CRYPT_ALG', '$6$rounds=5000'); // SHA-512 +// $crypt_alg = '$1'; // MD5 +// $crypt_alg = '$2y$13'; // Blowfish +// $crypt_alg = '$5$rounds=5000'; // SHA-256 +$crypt_alg = '$6$rounds=5000'; // SHA-512 -// define('MIN_PASSWORD_LENGTH', 8); +$min_password_length = 8; // Wenn Engel beim Registrieren oder in ihrem Profil eine T-Shirt Größe angeben sollen, auf true setzen: $enable_tshirt_size = true; diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 64f725de..3825af7c 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -211,6 +211,7 @@ function users_list_controller() { * Second step of password recovery: set a new password using the token link from email */ function user_password_recovery_set_new_controller() { + global $min_password_length; $user_source = User_by_password_recovery_token($_REQUEST['token']); if ($user_source == null) { error(_("Token is not correct.")); @@ -219,8 +220,8 @@ function user_password_recovery_set_new_controller() { if (isset($_REQUEST['submit'])) { $valid = true; - - if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { + + if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) { if ($_REQUEST['password'] != $_REQUEST['password2']) { $valid = false; error(_("Your passwords don't match.")); diff --git a/includes/engelsystem_provider.php b/includes/engelsystem_provider.php index ef9cee15..595af9f9 100644 --- a/includes/engelsystem_provider.php +++ b/includes/engelsystem_provider.php @@ -68,9 +68,6 @@ if (file_exists(realpath(__DIR__ . '/../config/config.php'))) { require_once realpath(__DIR__ . '/../config/config.php'); } -defined('CRYPT_ALG') || define('CRYPT_ALG', '$6$rounds=5000'); // SHA-512 -defined('MIN_PASSWORD_LENGTH') || define('MIN_PASSWORD_LENGTH', 8); - if ($maintenance_mode) { echo file_get_contents(__DIR__ . '/../public/maintenance.html'); die(); diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index a4934be3..54abe5ca 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -14,7 +14,7 @@ function logout_title() { // Engel registrieren function guest_register() { - global $tshirt_sizes, $enable_tshirt_size, $default_theme, $user; + global $tshirt_sizes, $enable_tshirt_size, $default_theme, $user, $min_password_length; $event_config = EventConfig(); @@ -96,14 +96,14 @@ function guest_register() { } } - if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { + if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) { if ($_REQUEST['password'] != $_REQUEST['password2']) { $valid = false; $msg .= error(_("Your passwords don't match."), true); } } else { $valid = false; - $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true); + $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), $min_password_length), true); } if (isset($_REQUEST['planned_arrival_date'])) { diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index a147b437..e776320f 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -88,9 +88,10 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) { * The user */ function user_settings_password($user_source) { + global $min_password_length; if (! isset($_REQUEST['password']) || ! verify_password($_REQUEST['password'], $user_source['Passwort'], $user_source['UID'])) { error(_("-> not OK. Please try again.")); - } elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) { + } elseif (strlen($_REQUEST['new_password']) < $min_password_length) { error(_("Your password is to short (please use at least 6 characters).")); } elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) { error(_("Your passwords don't match.")); diff --git a/includes/sys_auth.php b/includes/sys_auth.php index 135e49e3..7a1dd4b7 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -39,7 +39,8 @@ function generate_salt($length = 16) { * set the password of a user */ function set_password($uid, $password) { - $result = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1"); + global $crypt_alg; + $result = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, $crypt_alg . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1"); if ($result === false) { engelsystem_error('Unable to update password.'); } @@ -51,6 +52,7 @@ function set_password($uid, $password) { * if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically */ function verify_password($password, $salt, $uid = false) { + global $crypt_alg; $correct = false; if (substr($salt, 0, 1) == '$') { // new-style crypt() $correct = crypt($password, $salt) == $salt; @@ -59,12 +61,12 @@ function verify_password($password, $salt, $uid = false) { } elseif (strlen($salt) == 32) { // old-style md5 without salt - not used anymore $correct = md5($password) == $salt; } - - if ($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) { + + if ($correct && substr($salt, 0, strlen($crypt_alg)) != $crypt_alg && $uid) { // this password is stored in another format than we want it to be. // let's update it! // we duplicate the query from the above set_password() function to have the extra safety of checking the old hash - sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1"); + sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, $crypt_alg . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1"); } return $correct; } From 1f0ca24f5ce6c46c2901eb1478b8ab9258ff1700 Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Sun, 1 Jan 2017 19:49:59 +0100 Subject: [PATCH 3/3] Fix relative paths: missing / on internationalization --- includes/helper/internationalization_helper.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/includes/helper/internationalization_helper.php b/includes/helper/internationalization_helper.php index 7127bdee..a537ef3d 100644 --- a/includes/helper/internationalization_helper.php +++ b/includes/helper/internationalization_helper.php @@ -25,15 +25,15 @@ function locale_short() { */ function gettext_init() { global $locales, $default_locale; - - if (isset($_REQUEST['set_locale']) && in_array($_REQUEST['set_locale'], array_keys($locales))) { + + if (isset($_REQUEST['set_locale']) && isset($locales[$_REQUEST['set_locale']])) { $_SESSION['locale'] = $_REQUEST['set_locale']; } elseif (! isset($_SESSION['locale'])) { $_SESSION['locale'] = $default_locale; } - + gettext_locale(); - bindtextdomain('default', __DIR__ . '../../locale'); + bindtextdomain('default', realpath(__DIR__ . '/../../locale')); bind_textdomain_codeset('default', 'UTF-8'); textdomain('default'); }