Il y a actuellement 117 visiteur(s) et 0 membre(s) en ligne.
Devenez membre privilégié en cliquant ici
Pages vues depuis 20/04/2015 : 23 973 112
Updated Apr 17
Index du forum »» Road map développement »» Implémentation nouveau process de cryptage
function login($uname, $pass) {
global $NPDS_Prefix, $setinfo;
$result = sql_query("SELECT pass, hashkey, uid, uname, storynum, umode, uorder, thold, noscore, ublockon, theme, commentmax, user_langue FROM ".$NPDS_Prefix."users WHERE uname = '$uname'");
if (sql_num_rows($result)==1) {
$setinfo = sql_fetch_assoc($result);
$result = sql_query("SELECT open FROM ".$NPDS_Prefix."users_status WHERE uid='".$setinfo['uid']."'");
list($open_user) = sql_fetch_row($result);
if ($open_user==0) {
Header("Location: user.php?stop=99");
return;
}
$dbpass = $setinfo['pass'];
$pass = utf8_decode($pass);
if ( password_verify($pass, $dbpass) or (strcmp($dbpass, $pass)==0)) {
if(!$setinfo['hashkey']) {
$AlgoCrypt = PASSWORD_BCRYPT;
$min_ms = 250;
$options = ['cost' => getOptimalBcryptCostParameter($pass, $AlgoCrypt, $min_ms)];
$hashpass = password_hash($pass, $AlgoCrypt, $options);
$pass = crypt($pass, $hashpass);
sql_query("UPDATE ".$NPDS_Prefix."users SET pass='$pass', hashkey='1' WHERE uname='$uname'");
$result = sql_query("SELECT pass, hashkey, uid, uname, storynum, umode, uorder, thold, noscore, ublockon, theme, commentmax, user_langue FROM ".$NPDS_Prefix."users WHERE uname = '$uname'");
if (sql_num_rows($result)==1)
$setinfo = sql_fetch_assoc($result);
$dbpass = $setinfo['pass'];
$scryptPass = crypt($dbpass, $hashpass);
}
}
if(password_verify(urldecode($pass), $dbpass) or password_verify($pass, $dbpass))
$CryptpPWD = $dbpass;
elseif (password_verify($dbpass, $scryptPass) or strcmp($dbpass, $pass)==0)
$CryptpPWD = $pass;
else {
Header("Location: user.php?stop=1");
return;
}
docookie($setinfo['uid'], $setinfo['uname'], $CryptpPWD, $setinfo['storynum'], $setinfo['umode'], $setinfo['uorder'], $setinfo['thold'], $setinfo['noscore'], $setinfo['ublockon'], $setinfo['theme'], $setinfo['commentmax'], $setinfo['user_langue']);
$ip = getip();
$result = sql_query("SELECT * FROM ".$NPDS_Prefix."session WHERE host_addr='$ip' AND guest='1'");
if (sql_num_rows($result)==1)
sql_query("DELETE FROM ".$NPDS_Prefix."session WHERE host_addr='$ip' AND guest='1'");
Header("Location: index.php");
} else
Header("Location: user.php?stop=1");
}
if ((isset($aid)) and (isset($pwd)) and ($op == 'login')) {
if ($aid!='' and $pwd!='') {
$result=sql_query("SELECT pwd, hashkey FROM ".$NPDS_Prefix."authors WHERE aid='$aid'");
if (sql_num_rows($result)==1) {
$setinfo = sql_fetch_assoc($result);
$dbpass = $setinfo['pwd'];
$pwd = utf8_decode($pwd);
if ( password_verify($pwd, $dbpass) or (strcmp($dbpass, $pwd)==0)) {
if(!$setinfo['hashkey']) {
$AlgoCrypt = PASSWORD_BCRYPT;
$min_ms = 250;
$options = ['cost' => getOptimalBcryptCostParameter($pwd, $AlgoCrypt, $min_ms)];
$hashpass = password_hash($pwd, $AlgoCrypt, $options);
$pwd = crypt($pwd, $hashpass);
sql_query("UPDATE ".$NPDS_Prefix."authors SET pwd='$pwd', hashkey='1' WHERE aid='$aid'");
$result = sql_query("SELECT pwd, hashkey FROM ".$NPDS_Prefix."authors WHERE aid = '$aid'");
if (sql_num_rows($result)==1)
$setinfo = sql_fetch_assoc($result);
$dbpass = $setinfo['pwd'];
$scryptPass = crypt($dbpass, $hashpass);
}
}
if(password_verify($pwd, $dbpass))
$CryptpPWD = $dbpass;
elseif (password_verify($dbpass, $scryptPass) or strcmp($dbpass, $pwd)==0)
$CryptpPWD = $pwd;
else
Admin_Alert("Passwd not in DB#1 : $aid");
$admin = base_64_encode("$aid:".md5($CryptpPWD));
if ($admin_cook_duration<=0)
$admin_cook_duration=1;
$timeX=time()+(3600*$admin_cook_duration);
setcookie('admin',$admin,$timeX);
setcookie('adm_exp',$timeX,$timeX);
}
}
}