chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Attempt at renaming to ['password_encryption'] for more clarity

Browse Source
skala
Yannick Warnier 14 years ago
parent 9b3b70b13c
commit 096b8663dc
12 changed files with 46 additions and 47 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      main/admin/user_export.php
  2. 8
      main/auth/lostPassword.php
  3. 4
      main/auth/sso/sso.class.php
  4. 4
      main/inc/lib/main_api.lib.php
  5. 10
      main/inc/lib/usermanager.lib.php
  6. 2
      main/install/configuration.dist.php
  7. 7
      main/install/index.php
  8. 2
      main/user/user_add.php
  9. 40
      main/webservices/registration.soap.php
  10. 1
      tests/main/inc/lib/main_api.lib.test.php
  11. 2
      tests/main/inc/lib/usermanager.lib.test.php
  12. 2
      tests/test_webservices.php

9
main/admin/user_export.php
Unescape View File

@ -61,7 +61,7 @@ $form->setDefaults(array('file_type'=>'csv'));
if ($form->validate()) if ($form->validate())
{ {
global $userPasswordCrypted; global $_configuration;
$export = $form->exportValues(); $export = $form->exportValues();
$file_type = $export['file_type']; $file_type = $export['file_type'];
@ -72,7 +72,7 @@ if ($form->validate())
u.firstname AS FirstName, u.firstname AS FirstName,
u.email AS Email, u.email AS Email,
u.username AS UserName, u.username AS UserName,
".(($userPasswordCrypted!='none')?" ":"u.password AS Password, ")." ".(($_configuration['password_encryption']!='none')?" ":"u.password AS Password, ")."
u.auth_source AS AuthSource, u.auth_source AS AuthSource,
u.status AS Status, u.status AS Status,
u.official_code AS OfficialCode, u.official_code AS OfficialCode,
@ -99,9 +99,8 @@ if ($form->validate())
require_once (api_get_path(LIBRARY_PATH).'usermanager.lib.php'); require_once (api_get_path(LIBRARY_PATH).'usermanager.lib.php');
$data = array(); $data = array();
$extra_fields = Usermanager::get_extra_fields(0, 0, 5, 'ASC',false); $extra_fields = Usermanager::get_extra_fields(0, 0, 5, 'ASC',false);
if ($export['addcsvheader']=='1' AND $export['file_type']=='csv') if ($export['addcsvheader']=='1' AND $export['file_type']=='csv') {
{ if($_configuration['password_encryption']!='none') {
if($userPasswordCrypted!='none') {
$data[] = array('UserId', 'LastName', 'FirstName', 'Email', 'UserName', 'AuthSource', 'Status', 'OfficialCode', 'PhoneNumber'); $data[] = array('UserId', 'LastName', 'FirstName', 'Email', 'UserName', 'AuthSource', 'Status', 'OfficialCode', 'PhoneNumber');
} else { } else {
$data[] = array('UserId', 'LastName', 'FirstName', 'Email', 'UserName','Password', 'AuthSource', 'Status', 'OfficialCode', 'PhoneNumber'); $data[] = array('UserId', 'LastName', 'FirstName', 'Email', 'UserName','Password', 'AuthSource', 'Status', 'OfficialCode', 'PhoneNumber');

8
main/auth/lostPassword.php
Unescape View File

@ -27,7 +27,9 @@ require_once api_get_path(LIBRARY_PATH).'mail.lib.inc.php';
require_once api_get_path(LIBRARY_PATH).'custompages.lib.php'; require_once api_get_path(LIBRARY_PATH).'custompages.lib.php';
// Custom pages // Custom pages
// Had to move the form handling in here, because otherwise there would already be some display output. // Had to move the form handling in here, because otherwise there would
// already be some display output.
global $_configuration;
if (api_get_setting('use_custom_pages') == 'true') { if (api_get_setting('use_custom_pages') == 'true') {
if (isset ($_POST['user']) && isset ($_POST['email'])) { if (isset ($_POST['user']) && isset ($_POST['email'])) {
$user = $_POST['user']; $user = $_POST['user'];
@ -58,7 +60,7 @@ if (api_get_setting('use_custom_pages') == 'true') {
$by_username = true; // single user (valid user + email) $by_username = true; // single user (valid user + email)
$user = Database::fetch_array($result); $user = Database::fetch_array($result);
} }
if ($userPasswordCrypted != 'none') { if ($_configuration['password_encryption'] != 'none') {
Login::handle_encrypted_password($user, $by_username); Login::handle_encrypted_password($user, $by_username);
} else { } else {
Login::send_password_to_user($user, $by_username); Login::send_password_to_user($user, $by_username);
@ -131,7 +133,7 @@ if (isset ($_GET['reset']) && isset ($_GET['id'])) {
$by_username = true; $by_username = true;
$users = Database::store_result($result); $users = Database::store_result($result);
foreach( $users as $user ) { foreach( $users as $user ) {
if ($userPasswordCrypted != 'none') { if ($_configuration['password_encryption'] != 'none') {
Login::handle_encrypted_password($user, $by_username); Login::handle_encrypted_password($user, $by_username);
} else { } else {
Login::send_password_to_user($user, $by_username); Login::send_password_to_user($user, $by_username);

4
main/auth/sso/sso.class.php
Unescape View File

@ -52,7 +52,7 @@ class sso {
* @return bool Return the loginFailed variable value to local.inc.php * @return bool Return the loginFailed variable value to local.inc.php
*/ */
public function check_user() { public function check_user() {
global $_user, $userPasswordCrypted, $_configuration; global $_user, $_configuration;
$loginFailed = false; $loginFailed = false;
//change the way we recover the cookie depending on how it is formed //change the way we recover the cookie depending on how it is formed
$sso = $this->decode_cookie($_GET['sso_cookie']); $sso = $this->decode_cookie($_GET['sso_cookie']);
@ -68,7 +68,7 @@ class sso {
//Check the user's password //Check the user's password
if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) {
// Make sure password is encrypted with md5 // Make sure password is encrypted with md5
if (!$userPasswordCrypted) { if (!$_configuration['password_encryption']) {
$uData['password'] = md5($uData['password']); $uData['password'] = md5($uData['password']);
} }
//the authentification of this user is managed by Chamilo itself //the authentification of this user is managed by Chamilo itself

4
main/inc/lib/main_api.lib.php
Unescape View File

@ -4669,8 +4669,8 @@ function api_is_in_group($group_id = null, $course_code = null) {
*/ */
function api_get_encrypted_password($password, $salt = '') { function api_get_encrypted_password($password, $salt = '') {
global $userPasswordCrypted; global $_configuration;
switch ($userPasswordCrypted){ switch ($_configuration['password_encryption']){
case 'md5': case 'md5':
return empty($salt) ? md5($password) : md5($password.$salt); return empty($salt) ? md5($password) : md5($password.$salt);
case 'sha1': case 'sha1':

10
main/inc/lib/usermanager.lib.php
Unescape View File

@ -75,7 +75,7 @@ class UserManager {
* it stores the error message in global $api_failureList * it stores the error message in global $api_failureList
*/ */
public static function create_user($firstName, $lastName, $status, $email, $loginName, $password, $official_code = '', $language = '', $phone = '', $picture_uri = '', $auth_source = PLATFORM_AUTH_SOURCE, $expiration_date = '0000-00-00 00:00:00', $active = 1, $hr_dept_id = 0, $extra = null, $encrypt_method = '') { public static function create_user($firstName, $lastName, $status, $email, $loginName, $password, $official_code = '', $language = '', $phone = '', $picture_uri = '', $auth_source = PLATFORM_AUTH_SOURCE, $expiration_date = '0000-00-00 00:00:00', $active = 1, $hr_dept_id = 0, $extra = null, $encrypt_method = '') {
global $_user, $userPasswordCrypted; global $_user, $_configuration;
$firstName = Security::remove_XSS($firstName); $firstName = Security::remove_XSS($firstName);
$lastName = Security::remove_XSS($lastName); $lastName = Security::remove_XSS($lastName);
@ -104,7 +104,7 @@ class UserManager {
if ($encrypt_method == '') { if ($encrypt_method == '') {
$password = api_get_encrypted_password($password); $password = api_get_encrypted_password($password);
} else { } else {
if ($userPasswordCrypted === $encrypt_method ) { if ($_configuration['password_encryption'] === $encrypt_method ) {
if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) { if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
return api_set_failure('encrypt_method invalid'); return api_set_failure('encrypt_method invalid');
} else if ($encrypt_method == 'sha1' && !preg_match('/^[A-Fa-f0-9]{40}$/', $password)) { } else if ($encrypt_method == 'sha1' && !preg_match('/^[A-Fa-f0-9]{40}$/', $password)) {
@ -114,7 +114,6 @@ class UserManager {
return api_set_failure('encrypt_method invalid'); return api_set_failure('encrypt_method invalid');
} }
} }
//$password = ($userPasswordCrypted ? md5($password) : $password);
//@todo replace this date with the api_get_utc_date function big problem with users that are already registered //@todo replace this date with the api_get_utc_date function big problem with users that are already registered
$current_date = date('Y-m-d H:i:s', time()); $current_date = date('Y-m-d H:i:s', time());
$sql = "INSERT INTO $table_user $sql = "INSERT INTO $table_user
@ -341,7 +340,7 @@ class UserManager {
* @return boolean true if the user information was updated * @return boolean true if the user information was updated
*/ */
public static function update_user($user_id, $firstname, $lastname, $username, $password = null, $auth_source = null, $email, $status, $official_code, $phone, $picture_uri, $expiration_date, $active, $creator_id = null, $hr_dept_id = 0, $extra = null, $language = 'english', $encrypt_method = '') { public static function update_user($user_id, $firstname, $lastname, $username, $password = null, $auth_source = null, $email, $status, $official_code, $phone, $picture_uri, $expiration_date, $active, $creator_id = null, $hr_dept_id = 0, $extra = null, $language = 'english', $encrypt_method = '') {
global $userPasswordCrypted; global $_configuration;
if ($user_id != strval(intval($user_id))) return false; if ($user_id != strval(intval($user_id))) return false;
if ($user_id === false) return false; if ($user_id === false) return false;
$table_user = Database :: get_main_table(TABLE_MAIN_USER); $table_user = Database :: get_main_table(TABLE_MAIN_USER);
@ -359,11 +358,10 @@ class UserManager {
username='".Database::escape_string($username)."', username='".Database::escape_string($username)."',
language='".Database::escape_string($language)."',"; language='".Database::escape_string($language)."',";
if (!is_null($password)) { if (!is_null($password)) {
//$password = $userPasswordCrypted ? md5($password) : $password;
if($encrypt_method == '') { if($encrypt_method == '') {
$password = api_get_encrypted_password($password); $password = api_get_encrypted_password($password);
} else { } else {
if ($userPasswordCrypted === $encrypt_method ) { if ($_configuration['password_encryption'] === $encrypt_method ) {
if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) { if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
return api_set_failure('encrypt_method invalid'); return api_set_failure('encrypt_method invalid');
} else if ($encrypt_method == 'sha1' && !preg_match('/^[A-Fa-f0-9]{40}$/', $password)) { } else if ($encrypt_method == 'sha1' && !preg_match('/^[A-Fa-f0-9]{40}$/', $password)) {

2
main/install/configuration.dist.php
Unescape View File

@ -119,7 +119,7 @@ $_configuration['verbose_backup'] = false;
// security word for password recovery // security word for password recovery
$_configuration['security_key'] = '{SECURITY_KEY}'; $_configuration['security_key'] = '{SECURITY_KEY}';
// Hash function method // Hash function method
$userPasswordCrypted = '{ENCRYPT_PASSWORD}'; $_configuration['password_encryption'] = '{ENCRYPT_PASSWORD}';
// You may have to restart your web server if you change this // You may have to restart your web server if you change this
$storeSessionInDb = false; $storeSessionInDb = false;
// Session lifetime // Session lifetime

7
main/install/index.php
Unescape View File

@ -584,6 +584,9 @@ if ($_POST['step2']) {
if (in_array($my_old_version, $update_from_version_6)) { //for version 1.6 if (in_array($my_old_version, $update_from_version_6)) { //for version 1.6
$urlForm = get_config_param('rootWeb'); $urlForm = get_config_param('rootWeb');
$encryptPassForm = get_config_param('userPasswordCrypted'); $encryptPassForm = get_config_param('userPasswordCrypted');
if (empty($encryptPassForm)) {
$encryptPassForm = get_config_param('password_encryption');
}
// Managing the $encryptPassForm // Managing the $encryptPassForm
if ($encryptPassForm == '1') { if ($encryptPassForm == '1') {
$encryptPassForm = 'sha1'; $encryptPassForm = 'sha1';
@ -726,9 +729,9 @@ if ($_POST['step2']) {
if (empty($my_old_version)) { $my_old_version = '1.8.6.2'; } //we guess if (empty($my_old_version)) { $my_old_version = '1.8.6.2'; } //we guess
$_configuration['main_database'] = $dbNameForm; $_configuration['main_database'] = $dbNameForm;
//$urlAppendPath = get_config_param('urlAppend'); //$urlAppendPath = get_config_param('urlAppend');
error_log('Starting migration process from '.$my_old_version.' ('.time().')', 0); error_log('Starting migration process from '.$my_old_version.' ('.time().')', 0);
if ($userPasswordCrypted == '1') { if ($userPasswordCrypted == '1') {
$userPasswordCrypted = 'md5'; $userPasswordCrypted = 'md5';
} elseif ($userPasswordCrypted == '0') { } elseif ($userPasswordCrypted == '0') {
$userPasswordCrypted = 'none'; $userPasswordCrypted = 'none';

2
main/user/user_add.php
Unescape View File

@ -115,8 +115,6 @@ if($register) {
if ($_cid) $platformStatus = STUDENT; // course registrartion context... if ($_cid) $platformStatus = STUDENT; // course registrartion context...
else $platformStatus = $platformStatus; // admin section of the platform context... else $platformStatus = $platformStatus; // admin section of the platform context...
//if ($userPasswordCrypted) $pw = md5($password_form);
//else $pw = $password_form;
$pw = api_get_encrypted_password($password_form); $pw = api_get_encrypted_password($password_form);
$result = Database::query("INSERT INTO $tbl_user $result = Database::query("INSERT INTO $tbl_user
SET lastname = '$lastname_form', SET lastname = '$lastname_form',

40
main/webservices/registration.soap.php
Unescape View File

@ -143,7 +143,7 @@ $server->register('WSCreateUsers', // method name
// Define the method WSCreateUsers // Define the method WSCreateUsers
function WSCreateUsers($params) { function WSCreateUsers($params) {
global $_user, $userPasswordCrypted, $_configuration; global $_user, $_configuration;
if(!WSHelperVerifyKey($params)) { if(!WSHelperVerifyKey($params)) {
return -1; return -1;
@ -197,7 +197,7 @@ function WSCreateUsers($params) {
firstname='".Database::escape_string($firstName)."', firstname='".Database::escape_string($firstName)."',
username='".Database::escape_string($loginName)."',"; username='".Database::escape_string($loginName)."',";
if (!is_null($password)) { if (!is_null($password)) {
$password = $userPasswordCrypted ? api_get_encrypted_password($password) : $password; $password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
$sql .= " password='".Database::escape_string($password)."',"; $sql .= " password='".Database::escape_string($password)."',";
} }
if (!is_null($auth_source)) { if (!is_null($auth_source)) {
@ -243,7 +243,7 @@ function WSCreateUsers($params) {
} }
} }
$password = ($userPasswordCrypted ? api_get_encrypted_password($password) : $password); $password = ($_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password);
$sql = "INSERT INTO $table_user $sql = "INSERT INTO $table_user
SET lastname = '".Database::escape_string(trim($lastName))."', SET lastname = '".Database::escape_string(trim($lastName))."',
firstname = '".Database::escape_string(trim($firstName))."', firstname = '".Database::escape_string(trim($firstName))."',
@ -353,7 +353,7 @@ $server->register('WSCreateUser', // method name
// Define the method WSCreateUser // Define the method WSCreateUser
function WSCreateUser($params) { function WSCreateUser($params) {
global $_user, $userPasswordCrypted, $_configuration; global $_user, $_configuration;
if(!WSHelperVerifyKey($params)) { if(!WSHelperVerifyKey($params)) {
return -1; return -1;
@ -400,7 +400,7 @@ function WSCreateUser($params) {
firstname='".Database::escape_string($firstName)."', firstname='".Database::escape_string($firstName)."',
username='".Database::escape_string($loginName)."',"; username='".Database::escape_string($loginName)."',";
if (!is_null($password)) { if (!is_null($password)) {
$password = $userPasswordCrypted ? api_get_encrypted_password($password) : $password; $password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
$sql .= " password='".Database::escape_string($password)."',"; $sql .= " password='".Database::escape_string($password)."',";
} }
if (!is_null($auth_source)) { if (!is_null($auth_source)) {
@ -443,7 +443,7 @@ function WSCreateUser($params) {
} }
} }
$password = ($userPasswordCrypted ? api_get_encrypted_password($password) : $password); $password = ($_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password);
$sql = "INSERT INTO $table_user $sql = "INSERT INTO $table_user
SET lastname = '".Database::escape_string(trim($lastName))."', SET lastname = '".Database::escape_string(trim($lastName))."',
firstname = '".Database::escape_string(trim($firstName))."', firstname = '".Database::escape_string(trim($firstName))."',
@ -592,7 +592,7 @@ $server->register('WSCreateUsersPasswordCrypted', // method name
// Define the method WSCreateUsersPasswordCrypted // Define the method WSCreateUsersPasswordCrypted
function WSCreateUsersPasswordCrypted($params) { function WSCreateUsersPasswordCrypted($params) {
global $_user, $userPasswordCrypted, $_configuration; global $_user, $_configuration;
if(!WSHelperVerifyKey($params)) { if(!WSHelperVerifyKey($params)) {
return -1; return -1;
@ -633,7 +633,7 @@ function WSCreateUsersPasswordCrypted($params) {
$extra_list = $user_param['extra']; $extra_list = $user_param['extra'];
$salt = ''; $salt = '';
if ($userPasswordCrypted === $encrypt_method ) { if ($_configuration['password_encryption'] === $encrypt_method ) {
if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) { if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
$msg = "Encryption $encrypt_method is invalid"; $msg = "Encryption $encrypt_method is invalid";
$results[] = $msg; $results[] = $msg;
@ -837,7 +837,7 @@ $server->register('WSCreateUserPasswordCrypted', // method name
// Define the method WSCreateUserPasswordCrypted // Define the method WSCreateUserPasswordCrypted
function WSCreateUserPasswordCrypted($params) { function WSCreateUserPasswordCrypted($params) {
global $_user, $userPasswordCrypted, $_configuration, $debug; global $_user, $_configuration, $debug;
if (!WSHelperVerifyKey($params)) { if (!WSHelperVerifyKey($params)) {
return -1; return -1;
@ -871,7 +871,7 @@ function WSCreateUserPasswordCrypted($params) {
$extra_list = $params['extra']; $extra_list = $params['extra'];
$salt = ''; $salt = '';
if ($userPasswordCrypted === $encrypt_method ) { if ($_configuration['password_encryption'] === $encrypt_method ) {
if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) { if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
$msg = "Encryption $encrypt_method is invalid"; $msg = "Encryption $encrypt_method is invalid";
return $msg; return $msg;
@ -1086,7 +1086,7 @@ $server->register('WSEditUserCredentials', // method name
// Define the method WSEditUser // Define the method WSEditUser
function WSEditUserCredentials($params) { function WSEditUserCredentials($params) {
global $userPasswordCrypted; global $_configuration;
if(!WSHelperVerifyKey($params)) { if(!WSHelperVerifyKey($params)) {
return -1; return -1;
@ -1129,7 +1129,7 @@ function WSEditUserCredentials($params) {
$sql = "UPDATE $table_user SET $sql = "UPDATE $table_user SET
username='".Database::escape_string($username)."'"; username='".Database::escape_string($username)."'";
if (!is_null($password)) { if (!is_null($password)) {
$password = $userPasswordCrypted ? api_get_encrypted_password($password) : $password; $password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
$sql .= ", password='".Database::escape_string($password)."' "; $sql .= ", password='".Database::escape_string($password)."' ";
} }
$sql .= " WHERE user_id='$user_id'"; $sql .= " WHERE user_id='$user_id'";
@ -1175,7 +1175,7 @@ $server->register('WSEditUsers', // method name
// Define the method WSEditUsers // Define the method WSEditUsers
function WSEditUsers($params) { function WSEditUsers($params) {
global $userPasswordCrypted; global $_configuration;
if(!WSHelperVerifyKey($params)) { if(!WSHelperVerifyKey($params)) {
return -1; return -1;
@ -1245,7 +1245,7 @@ function WSEditUsers($params) {
firstname='".Database::escape_string($firstname)."', firstname='".Database::escape_string($firstname)."',
username='".Database::escape_string($username)."',"; username='".Database::escape_string($username)."',";
if (!is_null($password)) { if (!is_null($password)) {
$password = $userPasswordCrypted ? api_get_encrypted_password($password) : $password; $password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
$sql .= " password='".Database::escape_string($password)."',"; $sql .= " password='".Database::escape_string($password)."',";
} }
if (!is_null($auth_source)) { if (!is_null($auth_source)) {
@ -1326,7 +1326,7 @@ $server->register('WSEditUser', // method name
// Define the method WSEditUser // Define the method WSEditUser
function WSEditUser($params) { function WSEditUser($params) {
global $userPasswordCrypted; global $_configuration;
if(!WSHelperVerifyKey($params)) { if(!WSHelperVerifyKey($params)) {
return -1; return -1;
@ -1386,7 +1386,7 @@ function WSEditUser($params) {
firstname='".Database::escape_string($firstname)."', firstname='".Database::escape_string($firstname)."',
username='".Database::escape_string($username)."',"; username='".Database::escape_string($username)."',";
if (!is_null($password)) { if (!is_null($password)) {
$password = $userPasswordCrypted ? api_get_encrypted_password($password) : $password; $password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
$sql .= " password='".Database::escape_string($password)."',"; $sql .= " password='".Database::escape_string($password)."',";
} }
if (!is_null($auth_source)) { if (!is_null($auth_source)) {
@ -1504,7 +1504,7 @@ $server->register('WSEditUsersPasswordCrypted', // method name
// Define the method WSEditUsersPasswordCrypted // Define the method WSEditUsersPasswordCrypted
function WSEditUsersPasswordCrypted($params) { function WSEditUsersPasswordCrypted($params) {
global $userPasswordCrypted, $userPasswordCrypted; global $_configuration;
if(!WSHelperVerifyKey($params)) { if(!WSHelperVerifyKey($params)) {
return -1; return -1;
@ -1546,7 +1546,7 @@ function WSEditUsersPasswordCrypted($params) {
$password = $user_param['password']; $password = $user_param['password'];
$encrypt_method = $user_param['encrypt_method']; $encrypt_method = $user_param['encrypt_method'];
if ($userPasswordCrypted === $encrypt_method ) { if ($_configuration['password_encryption'] === $encrypt_method ) {
if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) { if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
$msg = "Encryption $encrypt_method is invalid"; $msg = "Encryption $encrypt_method is invalid";
$results[] = $msg; $results[] = $msg;
@ -1682,7 +1682,7 @@ $server->register('WSEditUserPasswordCrypted', // method name
// Define the method WSEditUserPasswordCrypted // Define the method WSEditUserPasswordCrypted
function WSEditUserPasswordCrypted($params) { function WSEditUserPasswordCrypted($params) {
global $userPasswordCrypted, $userPasswordCrypted; global $_configuration;
if(!WSHelperVerifyKey($params)) { if(!WSHelperVerifyKey($params)) {
return -1; return -1;
@ -1715,7 +1715,7 @@ function WSEditUserPasswordCrypted($params) {
$password = $params['password']; $password = $params['password'];
$encrypt_method = $params['encrypt_method']; $encrypt_method = $params['encrypt_method'];
if ($userPasswordCrypted === $encrypt_method ) { if ($_configuration['password_encryption'] === $encrypt_method ) {
if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) { if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
$msg = "Encryption $encrypt_method is invalid"; $msg = "Encryption $encrypt_method is invalid";
return $msg; return $msg;

1
tests/main/inc/lib/main_api.lib.test.php
Unescape View File

@ -787,7 +787,6 @@ class TestMainApi extends UnitTestCase {
} }
function testApiGetEncryptedPassword(){ function testApiGetEncryptedPassword(){
global $userPasswordCrypted;
$pass= array ('password'=> '2222'); $pass= array ('password'=> '2222');
$res=api_get_encrypted_password($pass['password'],null); $res=api_get_encrypted_password($pass['password'],null);
$this->assertTrue($res); $this->assertTrue($res);

2
tests/main/inc/lib/usermanager.lib.test.php
Unescape View File

@ -18,7 +18,7 @@ class TestUserManager extends UnitTestCase {
$language='english'; $language='english';
$phone = ''; $phone = '';
$picture_uri =''; $picture_uri ='';
global $_user, $userPasswordCrypted; global $_user;
ob_start(); ob_start();
$res= ob_get_contents(); $res= ob_get_contents();
UserManager::create_user($firstName, $lastName, $status, $email, $loginName, $password, $official_code, $language, $phone, $picture_uri); UserManager::create_user($firstName, $lastName, $status, $email, $loginName, $password, $official_code, $language, $phone, $picture_uri);

2
tests/test_webservices.php
Unescape View File

@ -23,7 +23,7 @@ class TestSoapWebService extends UnitTestCase {
$security_key = $configuration['security_key']; $security_key = $configuration['security_key'];
$ip_address = '::1'; $ip_address = '::1';
$this->_secret_key = sha1($ip_address.$security_key); $this->_secret_key = sha1($ip_address.$security_key);
$this->_encrypt_method = $GLOBALS['userPasswordCrypted']; $this->_encrypt_method = $configuration['password_encryption'];
$this->_client = new SoapClient($configuration['root_web'].'main/webservices/soap.php?wsdl'); $this->_client = new SoapClient($configuration['root_web'].'main/webservices/soap.php?wsdl');
} }

Write Preview
Loading…
Cancel
Save