website logo
Auteur
avatar
Nicolas2

Forum » » Road map développement » » Implémentation nouveau process de cryptage


Posté : 19-03-2021 19:57 icone du post

virer tous ce qui concerne hashkey

mainfile.php


function newPassBcrypt($pass, $dbpass, $uname, $connexion) {
global $NPDS_Prefix;
if (password_verify($pass, $dbpass) or strcmp($pass, $dbpass)==0 ) {
$AlgoCrypt = PASSWORD_BCRYPT;
$min_ms = 250;
$options = ['cost' => getOptimalBcryptCostParameter($pass, $AlgoCrypt, $min_ms)];
$hashpass = password_hash($pass, $AlgoCrypt, $options);
$newPass = crypt($pass, $hashpass);

if ($connexion === 'user') {
if(!password_verify($newPass, $dbpass) or strcmp($pass, $dbpass)!=0 ) {
sql_query("UPDATE ".$NPDS_Prefix."users SET pass='$newPass' WHERE uname='$uname'");
}

$result = sql_query("SELECT pass FROM ".$NPDS_Prefix."users WHERE uname = '$uname'");
if (sql_num_rows($result)==1)
$setinfo = sql_fetch_assoc($result);

$dbpass = $setinfo['pass'];
} elseif ($connexion === 'admin') {
if(!password_verify($newPass, $dbpass) or strcmp($pass, $dbpass)!=0 ) {
sql_query("UPDATE ".$NPDS_Prefix."authors SET pwd='$newPass' WHERE aid='$uname'");
}

$result = sql_query("SELECT pwd FROM ".$NPDS_Prefix."authors WHERE aid = '$uname'");
if (sql_num_rows($result)==1)
$setinfo = sql_fetch_assoc($result);

$dbpass = $setinfo['pwd'];
}
}

return array($newPass, $dbpass);
}


user/login()


function login($uname, $pass) {
global $NPDS_Prefix, $setinfo;

$result = sql_query("SELECT pass, uid, uname, storynum, umode, uorder, thold, noscore, ublockon, theme, commentmax, user_langue FROM ".$NPDS_Prefix."users WHERE uname = '$uname'");
if (sql_num_rows($result)==1) {
$setinfo = sql_fetch_assoc($result);
$result = sql_query("SELECT open FROM ".$NPDS_Prefix."users_status WHERE uid='".$setinfo['uid']."'");
list($open_user) = sql_fetch_row($result);
if ($open_user==0) {
Header("Location: user.php?stop=99");
return;
}
$dbpass = $setinfo['pass'];
$pass = utf8_decode($pass);

list($newpass, $newdbpass) = newPassBcrypt($pass, $dbpass, $uname, 'user');

if(password_verify(urldecode($pass), $dbpass)
or password_verify($pass, $newdbpass)
)
docookie($setinfo['uid'], $setinfo['uname'], $newdbpass, $setinfo['storynum'], $setinfo['umode'], $setinfo['uorder'], $setinfo['thold'], $setinfo['noscore'], $setinfo['ublockon'], $setinfo['theme'], $setinfo['commentmax'], $setinfo['user_langue']);
else {
Header("Location: user.php?stop=1");
return;
}

$ip = getip();
$result = sql_query("SELECT * FROM ".$NPDS_Prefix."session WHERE host_addr='$ip' AND guest='1'");
if (sql_num_rows($result)==1)
sql_query("DELETE FROM ".$NPDS_Prefix."session WHERE host_addr='$ip' AND guest='1'");

Header("Location: index.php");
} else
Header("Location: user.php?stop=1");
}


auth.inc.php


if ((isset($aid)) and (isset($pwd)) and ($op == 'login')) {
if ($aid!='' and $pwd!='') {
$result=sql_query("SELECT pwd FROM ".$NPDS_Prefix."authors WHERE aid='$aid'");
if (sql_num_rows($result)==1) {
$setinfo = sql_fetch_assoc($result);
$dbpass = $setinfo['pwd'];

list($newpass, $newdbpass) = newPassBcrypt($pwd, $dbpass, $aid, 'admin');

if(password_verify($pwd, $dbpass)
or password_verify($pwd, $newdbpass)
) {
$admin = base_64_encode("$aid:".md5($newdbpass));
if ($admin_cook_duration<=0)
$admin_cook_duration=1;
$timeX=time()+(3600*$admin_cook_duration);
setcookie('admin',$admin,$timeX);
setcookie('adm_exp',$timeX,$timeX);
} else
Admin_Alert("Passwd not in DB#1 : $aid");
}
}
}


Fin
 Message édité par : Nicolas2 / 19-03-2021 20:17
 Message édité par : Nicolas2 / 19-03-2021 21:30
 Message édité par : Nicolas2 / 19-03-2021 21:58

Cet article provient de Labo JPB-PHR 2015-2024
https://labo.infocapagde.com/viewtopic.php?topic=1120&forum=21