[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 07/09: Critical : password issue
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 07/09: Critical : password issue |
Date: |
Mon, 17 Jan 2022 14:58:30 -0500 (EST) |
sparkyx pushed a commit to branch devel
in repository noalyss.
commit 35500e74483ccad5d23b3e392ef97cc341a33f21
Author: sparkyx <danydb@noalyss.eu>
AuthorDate: Thu Jan 6 10:12:48 2022 +0100
Critical : password issue
---
include/class/user.class.php | 27 +++++++++++++++++++--------
sql/upgrade.sql | 1 -
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/include/class/user.class.php b/include/class/user.class.php
index e1f9bec0..6bd612b5 100644
--- a/include/class/user.class.php
+++ b/include/class/user.class.php
@@ -34,7 +34,7 @@ class User
{
var $id; //!< in account_repository , ac_users.use_id
- var $pass; //!< password
+
var $db; //!< database connx
var $admin; //!< is or is not admin
var $valid; //!< is or is not valid
@@ -60,7 +60,16 @@ class User
$this->load();
}
}
-
+ /**
+ * @brief check the password and user
+ */
+ function can_connect()
+ {
+ $cn=new \Database();
+ $can_connect=$cn->get_value("select count(*) from ac_users where
use_login=$1 and use_pass=$2",
+ [$this->login,$this->password]);
+ return $can_connect;
+ }
/**
* @brief connect the user and set the $_SESSION variables if not set
thanks the $_REQUEST
*/
@@ -71,7 +80,7 @@ class User
$http=new \HttpInput();
$user_login=$http->request("p_user", "string", "");
$user_password=$http->request("p_pass", "string", "");
-
+
if ($user_login!=""&&$user_password!="")
{
$_SESSION[SESSION_KEY."g_user"]=$user_login;
@@ -101,13 +110,14 @@ class User
}
$this->login=$_SESSION[SESSION_KEY."g_user"];
$this->password=$_SESSION[SESSION_KEY.'g_pass'];
+
$this->id=-1;
$this->lang=(isset($_SESSION[SESSION_KEY.'g_lang']))?$_SESSION[SESSION_KEY.'g_lang']:'fr_FR.utf8';
$this->access_mode=$_SESSION[SESSION_KEY."access_mode"];
+ $cn=new Database();
- if ($this->load()==-1)
+ if ($this->can_connect() == 0 || $this->load()==-1 )
{
- $cn=new Database();
echo '<h2 class="error">'._('Utilisateur ou mot de passe
incorrect').'</h2>';
$sql="insert into audit_connect
(ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
$cn->exec_sql($sql,
@@ -311,7 +321,7 @@ class User
/* * \brief load data from database.
* if this->id == -1, it is unknown so we have to retrieve it
from the database by the login
- * return -1 if nothing is found
+ * return -1 if nothing is found or the use_id
*/
function load()
@@ -351,6 +361,7 @@ class User
$this->admin=$row['use_admin'];
$this->password=$row['use_pass'];
$this->email=$row['use_email'];
+ return $this->id;
}
function save()
@@ -415,7 +426,7 @@ class User
}
$sql="insert into audit_connect
(ac_user,ac_ip,ac_module,ac_url,ac_state) values ($1,$2,$3,$4,$5)";
- if ($res==0)
+ if ($res==0 || $this->can_connect() == 0)
{
$cn->exec_sql($sql,
array($_SESSION[SESSION_KEY.'g_user'],
$_SERVER["REMOTE_ADDR"],
@@ -637,7 +648,7 @@ class User
function isAdmin()
{
$this->admin=0;
- $pass5=md5($this->password);
+ $pass5=$this->password;
$sql="select count(*) from ac_users where use_login=$1
and use_active=1 and use_admin=1 ";
diff --git a/sql/upgrade.sql b/sql/upgrade.sql
index 510baa99..e69de29b 100644
--- a/sql/upgrade.sql
+++ b/sql/upgrade.sql
@@ -1 +0,0 @@
-select * from v_quant_detail vqd where jr_id=6462;
\ No newline at end of file
- [Noalyss-commit] [noalyss] branch devel updated (82808d24 -> 55f9dd9a), Dany De Bontridder, 2022/01/17
- [Noalyss-commit] [noalyss] 05/09: PHPUNIT : adapt test, Dany De Bontridder, 2022/01/17
- [Noalyss-commit] [noalyss] 06/09: Fix bug for Reconcilied, Dany De Bontridder, 2022/01/17
- [Noalyss-commit] [noalyss] 02/09: Bug #2118 Manage User problem, Dany De Bontridder, 2022/01/17
- [Noalyss-commit] [noalyss] 03/09: New #0002117: Lettrage : montre l'opération liée, Dany De Bontridder, 2022/01/17
- [Noalyss-commit] [noalyss] 07/09: Critical : password issue,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 08/09: Adapt to security change, Dany De Bontridder, 2022/01/17
- [Noalyss-commit] [noalyss] 09/09: Task #0002126: Fiche : amélioration, Dany De Bontridder, 2022/01/17
- [Noalyss-commit] [noalyss] 04/09: Give error with PHPUNIT, Dany De Bontridder, 2022/01/17
- [Noalyss-commit] [noalyss] 01/09: TVA : cannot load when tva_id is empty, Dany De Bontridder, 2022/01/17