Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patch cycle: BCrypt, CI 3.1.3 #41

Open
wants to merge 16 commits into
base: master
Choose a base branch
from
Open

Patch cycle: BCrypt, CI 3.1.3 #41

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
1794734
Move from SHA1 to Bcrypt. Some PSR2 formatting fixes. Remove enabled …
absalomedia May 4, 2016
1b33b37
Patch to CI 3.0.6
absalomedia May 17, 2016
bf13bb1
Installer to CI 3.0.6
absalomedia May 17, 2016
fcd3f4c
CI Config 3.0.6 installer patch
absalomedia May 17, 2016
44a6e9e
CI 3.0.6 database installer fix
absalomedia May 17, 2016
3ca1684
Better CI 3.0.6 base negotiation
absalomedia May 17, 2016
423f3c0
CI 3.0.6 fix trailing slash route
absalomedia May 17, 2016
492e84c
Keep frontend routing right
absalomedia May 17, 2016
6fcb250
Strongly type base variable. PSR2 format
absalomedia May 22, 2016
a0b3987
Update gitignore
absalomedia Jan 20, 2017
b725f5e
Editor config
absalomedia Jan 20, 2017
22fa8a1
CI 3.1.3 System directory
absalomedia Jan 20, 2017
e867149
3.1.3 Application directories
absalomedia Jan 20, 2017
f900ae1
3.1.3 Admin Controller patch
absalomedia Jan 23, 2017
629b8e6
Better hash for admin password
absalomedia Feb 7, 2017
31cbb32
Remove MCrypt & SHA1 dependencies
absalomedia Feb 14, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Move from SHA1 to Bcrypt. Some PSR2 formatting fixes. Remove enabled … 
…grouping
  • Loading branch information
@absalomedia
absalomedia committed May 4, 2016
commit 179473460979103172b09bfa87850f3ca72f6be8
567 changes: 192 additions & 375 deletions application/core/GoCart.php
View file
Open in desktop

Large diffs are not rendered by default.

134 changes: 47 additions & 87 deletions application/libraries/Auth.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
<?php if (! defined('BASEPATH')) {
exit('No direct script access allowed');
}

class Auth
{
public function check_access($access, $defaultRedirect=false, $redirect = false)
public function check_access($access, $defaultRedirect = false, $redirect = false)
{
/*
we could store this in the session, but by accessing it this way
Expand All @@ -20,30 +22,20 @@ public function check_access($access, $defaultRedirect=false, $redirect = false)

//result should be an object I was getting odd errors in relation to the object.
//if $result is an array then the problem is present.
if(!$result || is_array($result))
{
if (!$result || is_array($result)) {
$this->logout();
return false;
}
// echo $result->access;
if ($access)
{
if ($access == $result->access)
{
if ($access) {
if ($access == $result->access) {
return true;
}
else
{
if ($redirect)
{
} else {
if ($redirect) {
redirect($redirect);
}
elseif($defaultRedirect)
{
} elseif ($defaultRedirect) {
redirect('admin');
}
else
{
} else {
return false;
}
}
Expand All @@ -66,68 +58,57 @@ public function isLoggedIn($redirect = false, $defaultRedirect = true)

$admin = CI::session()->userdata('admin');

if (!$admin)
{
//check the cookie
if(isset($_COOKIE['GoCartAdmin']))
{
//the cookie is there, lets log the customer back in.
if($_COOKIE['GoCartAdmin'])
{
if (!$admin) {
//check the cookie
if (isset($_COOKIE['GoCartAdmin'])) {
//the cookie is there, lets log the customer back in.
if ($_COOKIE['GoCartAdmin']) {
$result = CI::db()->select('*, sha1(username+password) as hash')->get('admin')->row_array();
if($result)
{
//unset these 2 fields
if ($result) {
//unset these 2 fields
unset($result['password']);
unset($result['hash']);

CI::session()->set_userdata(['admin'=>$result]);

if ($redirect)
{
if ($redirect) {
CI::session()->set_flashdata('redirect', $redirect);
}

if ($defaultRedirect)
{
if ($defaultRedirect) {
redirect(CI::uri()->uri_string());
}
}
}
}

if($redirect && $defaultRedirect)
redirect('admin/login');
if ($redirect && $defaultRedirect) {
redirect('admin/login');
}

return false;
}
else
{
} else {
return true;
}
}
/*
this function does the logging in.
*/
public function login_admin($username, $password, $remember=false)
public function login_admin($username, $password, $remember = false)
{
// make sure the username doesn't go into the query as false or 0
if(!$username)
{
if (!$username) {
return false;
}

CI::db()->select('*');
CI::db()->where('username', $username);
CI::db()->where('password', sha1($password));
CI::db()->limit(1);
$result = CI::db()->get('admin');
$result = $result->row_array();

if (sizeof($result) > 0)
{
if($remember)
{
if (password_verify($password, $result['password']) == true && sizeof($result) > 0) {
if ($remember) {
//generate a remember cookie
$loginCred = sha1($username.$result['password']);
$this->generateCookie($loginCred, strtotime('+6 months')); //remember the user for 6 months
Expand All @@ -141,9 +122,7 @@ public function login_admin($username, $password, $remember=false)
CI::session()->set_userdata(['admin'=>$result]);

return true;
}
else
{
} else {
return false;
}
}
Expand All @@ -169,21 +148,18 @@ public function logout()
public function resetPassword($username)
{
$admin = $this->getAdminByUsername($username);
if ($admin)
{
if ($admin) {
CI::load()->helper('string');
CI::load()->library('email');

$newPassword = random_string('alnum', 8);
$admin['password'] = sha1($newPassword);
$admin['password'] = password_hash($newPassword, PASSWORD_DEFAULT);
$this->save($admin);

\GoCart\Emails::resetPassword($newPassword,$admin['email']);
\GoCart\Emails::resetPassword($newPassword, $admin['email']);

return true;
}
else
{
} else {
return false;
}
}
Expand All @@ -200,12 +176,9 @@ private function getAdminByUsername($username)
$result = CI::db()->get('admin');
$result = $result->row_array();

if (sizeof($result) > 0)
{
return $result;
}
else
{
if (sizeof($result) > 0) {
return $result;
} else {
return false;
}
}
Expand All @@ -215,13 +188,10 @@ private function getAdminByUsername($username)
*/
public function save($admin)
{
if ($admin['id'])
{
if ($admin['id']) {
CI::db()->where('id', $admin['id']);
CI::db()->update('admin', $admin);
}
else
{
} else {
CI::db()->insert('admin', $admin);
}
}
Expand Down Expand Up @@ -263,51 +233,41 @@ public function checkId($str)
CI::db()->where('id', $str);
$count = CI::db()->count_all_results();

if ($count > 0)
{
if ($count > 0) {
return true;
}
else
{
} else {
return false;
}
}

public function check_username($str, $id=false)
public function check_username($str, $id = false)
{
CI::db()->select('username');
CI::db()->from('admin');
CI::db()->where('username', $str);
if ($id)
{
if ($id) {
CI::db()->where('id !=', $id);
}
$count = CI::db()->count_all_results();

if ($count > 0)
{
if ($count > 0) {
return true;
}
else
{
} else {
return false;
}
}

public function delete($id)
{
if ($this->checkId($id))
{
if ($this->checkId($id)) {
$admin = $this->getAdmin($id);
CI::db()->where('id', $id);
CI::db()->limit(1);
CI::db()->delete('admin');

return $admin->firstname.' '.$admin->lastname.' has been removed.';
}
else
{
} else {
return 'The admin could not be found.';
}
}
}
}
Loading