stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-20 11:29:24 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
e0efdee8b2a2ba2ee1b86cfb2b7863a88877c00e
gallery3/modules/user/helpers/user.php
Jozef Selesi 3ebb751cda First iteration of REST controller refactoring. RESTful controllers that refer to collections should now have plural names and there should be only one controller per resource. Updated existing classes that implement REST_Controller. The routing now works like this: 
GET    /controller    -> controller::_index()
POST   /controller    -> controller::_create()
GET    /controller/id -> controller::_show()
PUT    /controller/id -> controller::_update()
DELETE /controller/id -> controller::_delete()
GET    /form/edit/controller/resource_id -> controller::_form()
GET    /form/add/controller/data         -> controller::_form()
2008-11-18 08:28:32 +00:00

118 lines
3.9 KiB
PHP
Raw Blame History

<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2008 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
/**
* This helper provides a common around the user management functions.
*
* @author Tim Almdal <public@timalmdal.com>
*
*/
class user {
/**
* Return the form for creating / modifying users.
*/
public static function get_edit_form($user) {
$form = new Forge(
url::site("users/{$user->id}?_method=put"), "", "post", array("id" => "gUserForm"));
$group = $form->group(_("User Info"));
$group->input("name") ->label(_("Name")) ->id("gName") ->value($user->name);
$group->input("display_name") ->label(_("Display Name")) ->id("gDisplayName") ->value($user->display_name);
$group->password("password") ->label(_("Password")) ->id("gPassword");
$group->input("email") ->label(_("Email")) ->id("gEmail") ->value($user->email);
$group->submit(_("Modify"));
$form->add_rules_from($user);
return $form;
}
/**
* Is the password provided correct?
*
* @param user User Model
* @param string $password a plaintext password
* @return boolean true if the password is correct
*/
public static function is_correct_password($user, $password) {
$valid = $user->password;
$salt = substr($valid, 0, 4);
/* Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: */
$guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password));
if (!strcmp($guess, $valid)) {
return true;
}
/* Passwords with <&"> created by G2 prior to 2.1 were hashed with entities */
$sanitizedPassword = html::specialchars($password, false);
$guess = (strlen($valid) == 32) ? md5($sanitizedPassword)
: ($salt . md5($salt . $sanitizedPassword));
if (!strcmp($guess, $valid)) {
return true;
}
/* Also support hashes generated by phpass for interoperability with other applications */
if (strlen($valid) == 34) {
$hashGenerator = new PasswordHash(10, true);
return $hashGenerator->CheckPassword($password, $valid);
}
return false;
}
/**
* Create the hashed passwords.
* @param string $password a plaintext password
* @return string hashed password
*/
public static function hash_password($password) {
return user::_md5Salt($password);
}
/**
* Perform the post authentication processing
* @param object $user the user object.
*/
public static function login($user) {
$user->login_count += 1;
$user->last_login = time();
$user->save();
Session::instance()->set('user', $user);
}
/**
* Create a hashed password using md5 plus salt.
* @param string $password plaintext password
* @param string $salt (optional) salt or hash containing salt (randomly generated if omitted)
* @return string hashed password
*/
private static function _md5Salt($password, $salt='') {
if (empty($salt)) {
for ($i = 0; $i < 4; $i++) {
$char = mt_rand(48, 109);
$char += ($char > 90) ? 13 : ($char > 57) ? 7 : 0;
$salt .= chr($char);
}
} else {
$salt = substr($salt, 0, 4);
}
return $salt . md5($salt . $password);
}
}
Reference in New Issue View Git Blame Copy Permalink