git.ucc.asn.au
/
matches
/
MCTX3420.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
Merge remote-tracking branch 'upstream/master' into dilatometer
[matches/MCTX3420.git]
/
testing
/
MCTXWeb
/
public_html
/
users
/
models
/
funcs.php
diff --git
a/testing/MCTXWeb/public_html/users/models/funcs.php
b/testing/MCTXWeb/public_html/users/models/funcs.php
index
021f3a0
..
a3a9928
100644
(file)
--- a/
testing/MCTXWeb/public_html/users/models/funcs.php
+++ b/
testing/MCTXWeb/public_html/users/models/funcs.php
@@
-71,14
+71,23
@@
function generateHash($plainText, $salt = null)
{
\r
if ($salt === null)
\r
{
\r
- $salt = substr(md5(uniqid(rand(), true)), 0, 25);
\r
+ //$salt = substr(md5(uniqid(rand(), true)), 0, 25); // Original UserCake
\r
+ $random = file_get_contents("/dev/urandom", false, null, 0, 25); // Get random number
\r
+ $salt = '$6$'.bin2hex($random).'$'; // Make hex salt
\r
+
\r
}
\r
- else
\r
- {
\r
- $salt = substr($salt, 0, 25);
\r
- }
\r
-
\r
- return $salt . sha1($salt . $plainText);
\r
+ //return $salt . sha1($salt . $plainText); // Original UserCake
\r
+ return crypt($plainText, $salt);
\r
+}
\r
+
\r
+/**
\r
+ * Generates a random password for emailing to new users.
\r
+ * User should be asked to change the password.
\r
+ */
\r
+function generatePassword()
\r
+{
\r
+ $random = file_get_contents("/dev/urandom", false, null, 0, 25);
\r
+ return bin2hex($random);
\r
}
\r
\r
//Checks if an email is valid
\r
@@
-145,31
+154,59
@@
function resultBlock($errors,$successes){
//Error block
\r
if(count($errors) > 0)
\r
{
\r
- echo "<div id='error'>
\r
- <a href='#' onclick=\"showHide('error');\">[X]</a>
\r
- <ul>";
\r
+ echo "<div id='result' class='fail'>";
\r
+
\r
foreach($errors as $error)
\r
{
\r
- echo "<
li>".$error."</li
>";
\r
+ echo "<
p>".$error."</p
>";
\r
}
\r
- echo "</ul>";
\r
echo "</div>";
\r
}
\r
//Success block
\r
if(count($successes) > 0)
\r
{
\r
- echo "<div id='success'>
\r
- <a href='#' onclick=\"showHide('success');\">[X]</a>
\r
- <ul>";
\r
+ echo "<div id='success'>";
\r
foreach($successes as $success)
\r
{
\r
-
echo "<li
>".$success."</li>";
\r
+
echo "<p
>".$success."</li>";
\r
}
\r
- echo "</ul>";
\r
echo "</div>";
\r
}
\r
}
\r
\r
+function notificationBlock($errors, $successes) {
\r
+ if (count($errors) > 0 || count($successes) > 0)
\r
+ {
\r
+ echo '
\r
+ <div class="widget dismiss-container">
\r
+ <div class="dismiss right">
\r
+ <a href="#">Dismiss</a>
\r
+ </div>
\r
+
\r
+ <div class="title large">Notifications</div>
\r
+ ';
\r
+
\r
+ foreach ($errors as $error)
\r
+ {
\r
+ echo '<p class="fail">'.$error.'</p>';
\r
+ }
\r
+
\r
+ foreach ($successes as $success)
\r
+ {
\r
+ echo '<p>'.$success.'</p>';
\r
+ }
\r
+
\r
+ echo '
\r
+ </div>
\r
+ <script type="text/javascript">
\r
+ $(".dismiss").click(function() {
\r
+ $(".dismiss-container").css("display", "none");
\r
+ })
\r
+ </script>
\r
+ ';
\r
+ }
\r
+}
\r
+
\r
//Completely sanitizes text
\r
function sanitize($str)
\r
{
\r
@@
-276,6
+313,70
@@
function emailUsernameLinked($email,$username)
}
\r
}
\r
\r
+function permissionNameToId($permission)
\r
+{
\r
+ global $mysqli,$db_table_prefix;
\r
+ $stmt = $mysqli->prepare("SELECT id
\r
+ FROM ".$db_table_prefix."permissions
\r
+ WHERE
\r
+ name = ?
\r
+ LIMIT 1");
\r
+ $stmt->bind_param("s", $permission);
\r
+ $stmt->execute();
\r
+ $stmt->bind_result($id);
\r
+
\r
+ while ($stmt->fetch()){
\r
+ $perm_id = $id;
\r
+ }
\r
+ $stmt->close();
\r
+
\r
+ return $perm_id;
\r
+}
\r
+
\r
+function fetchAllUsersWithPerm($perm_name)
\r
+{
\r
+ global $mysqli,$db_table_prefix;
\r
+
\r
+ $perm_id = permissionNameToId($perm_name);
\r
+ $stmt = $mysqli->prepare("SELECT
\r
+ p1.id
\r
+ FROM ".$db_table_prefix."users p1
\r
+ WHERE EXISTS (SELECT * FROM ".$db_table_prefix."user_permission_matches
\r
+ WHERE user_id=p1.id AND permission_id=?)"
\r
+ );
\r
+ $stmt->bind_param("i", $perm_id);
\r
+ $stmt->execute();
\r
+ $stmt->bind_result($id);
\r
+
\r
+ while ($stmt->fetch()){
\r
+ $row[] = $id;
\r
+ }
\r
+ $stmt->close();
\r
+ return ($row);
\r
+}
\r
+
\r
+function fetchAllUsersWithoutPerm($perm_name)
\r
+{
\r
+ global $mysqli,$db_table_prefix;
\r
+
\r
+ $perm_id = permissionNameToId($perm_name);
\r
+ $stmt = $mysqli->prepare("SELECT
\r
+ p1.id
\r
+ FROM ".$db_table_prefix."users p1
\r
+ WHERE NOT EXISTS (SELECT * FROM ".$db_table_prefix."user_permission_matches
\r
+ WHERE user_id=p1.id AND permission_id=?)"
\r
+ );
\r
+ $stmt->bind_param("i", $perm_id);
\r
+ $stmt->execute();
\r
+ $stmt->bind_result($id);
\r
+
\r
+ while ($stmt->fetch()){
\r
+ $row[] = $id;
\r
+ }
\r
+ $stmt->close();
\r
+ return ($row);
\r
+}
\r
+
\r
//Retrieve information for all users
\r
function fetchAllUsers()
\r
{
\r
@@
-304,6
+405,27
@@
function fetchAllUsers()
return ($row);
\r
}
\r
\r
+//Yeah usercake... Fetches the user id from username
\r
+function fetchUserId($username)
\r
+{
\r
+ global $mysqli,$db_table_prefix;
\r
+ $stmt = $mysqli->prepare("SELECT
\r
+ id
\r
+ FROM ".$db_table_prefix."users
\r
+ WHERE
\r
+ user_name = ?
\r
+ LIMIT 1");
\r
+ $stmt->bind_param("s", $username);
\r
+
\r
+ $stmt->execute();
\r
+ $stmt->bind_result($id);
\r
+ while ($stmt->fetch()){
\r
+ $user_id = $id;
\r
+ }
\r
+ $stmt->close();
\r
+ return $user_id;
\r
+}
\r
+
\r
//Retrieve complete user information by username, token or ID
\r
function fetchUserDetails($username=NULL,$token=NULL, $id=NULL)
\r
{
\r
@@
-1176,7
+1298,7
@@
function securePage($uri){
return true;
\r
}
\r
else {
\r
- header("Location:
account
.php");
\r
+ header("Location:
index
.php");
\r
return false;
\r
}
\r
}
\r
UCC
git Repository :: git.ucc.asn.au