Implementacja zmiany hasła w bazie (dla debiana/non-ldap)

SE/changePassword.php

@@ -0,0 +1,2 @@
+<?php
+header('Location: index.php?_route=ChangePassword');

SE/se-lib/Route/ChangePassword.php

@@ -0,0 +1,171 @@
+<?php
+
+Lib::loadClass('RouteBase');
+
+class Route_ChangePassword extends RouteBase {
+
+	public function handleAuth() {
+		if (!User::logged()) {
+			User::authByRequest();
+		}
+	}
+
+	public function defaultAction() {
+		SE_Layout::gora();
+		try {
+			$action = V::get('action', 'showForm', $_POST);
+			switch ($action) {
+				case "showForm":
+					self::showForm();
+					break;
+				case "changePassword":
+					self::changePassword();
+					break;
+				default:
+					throw new Exception("Błąd formularza");
+			}
+		} catch (Exception $e) {
+			SE_Layout::alert('danger', $e->getMessage());
+		}
+		SE_Layout::dol();
+	}
+
+	private static function showForm() {
+?>
+<div class="container">
+  <div class="row">
+    <div class="col-sm-12 text-center">
+      <h2>Zmiana hasła</h2>
+    </div>
+  </div>
+  <form method="post" id="passwordForm">
+    <div class="row">
+      <div class="col-sm-6 col-sm-offset-3">
+        <div style="height:0px; overflow:hidden;">
+          <input type="text" name="fake_safari_username">
+          <input type="password" name="fake_safari_password">
+        </div>
+        <input type="password" class="input-lg form-control" name="oldPass" id="oldPass" placeholder="Stare hasło">
+      </div>
+    </div>
+    <div class="row">
+      <div class="col-sm-6 col-sm-offset-3">
+        <br/>
+        <input type="password" class="input-lg form-control" name="newPass" id="newPass" placeholder="Nowe hasło">
+        <div class="row">
+          <div class="col-sm-6">
+            <span id="8char" class="glyphicon glyphicon-remove" style="color:#FF0004;"></span> 8 znaków długości<br>
+            <span id="ucase" class="glyphicon glyphicon-remove" style="color:#FF0004;"></span> Jedna duża litera
+          </div>
+          <div class="col-sm-6">
+            <span id="lcase" class="glyphicon glyphicon-remove" style="color:#FF0004;"></span> Jedna mała litera<br>
+            <span id="num" class="glyphicon glyphicon-remove" style="color:#FF0004;"></span> Jedna cyfra
+          </div>
+        </div>
+        <input type="password" class="input-lg form-control" name="newPassConfirm" id="newPassConfirm" placeholder="Powtórz nowe hasło">
+        <div class="row">
+          <div class="col-sm-12">
+            <span id="pwmatch" class="glyphicon glyphicon-remove" style="color:#FF0004;"></span> Zgodność nowego hasła
+          </div>
+        </div>
+        <br/>
+        <button type="submit" id="submit" name="action" value="changePassword" class="col-xs-12 btn btn-primary btn-load btn-lg" disabled>Zmień hasło</button>
+      </div>
+    </div>
+  </form>
+</div>
+<script language="JavaScript">
+<!--
+$("input[type=password]").keyup(function(){
+    var ucase = new RegExp("[A-Z]+");
+	var lcase = new RegExp("[a-z]+");
+	var num = new RegExp("[0-9]+");
+	ok = 0;
+
+	if($("#oldPass").val().length > 0){
+		ok++;
+	}
+	
+	if($("#newPass").val().length >= 8){
+		$("#8char").removeClass("glyphicon-remove");
+		$("#8char").addClass("glyphicon-ok");
+		$("#8char").css("color","#00A41E");
+		ok++;
+	}else{
+		$("#8char").removeClass("glyphicon-ok");
+		$("#8char").addClass("glyphicon-remove");
+		$("#8char").css("color","#FF0004");
+	}
+	
+	if(ucase.test($("#newPass").val())){
+		$("#ucase").removeClass("glyphicon-remove");
+		$("#ucase").addClass("glyphicon-ok");
+		$("#ucase").css("color","#00A41E");
+		ok++;
+	}else{
+		$("#ucase").removeClass("glyphicon-ok");
+		$("#ucase").addClass("glyphicon-remove");
+		$("#ucase").css("color","#FF0004");
+	}
+	
+	if(lcase.test($("#newPass").val())){
+		$("#lcase").removeClass("glyphicon-remove");
+		$("#lcase").addClass("glyphicon-ok");
+		$("#lcase").css("color","#00A41E");
+		ok++;
+	}else{
+		$("#lcase").removeClass("glyphicon-ok");
+		$("#lcase").addClass("glyphicon-remove");
+		$("#lcase").css("color","#FF0004");
+	}
+	
+	if(num.test($("#newPass").val())){
+		$("#num").removeClass("glyphicon-remove");
+		$("#num").addClass("glyphicon-ok");
+		$("#num").css("color","#00A41E");
+		ok++;
+	}else{
+		$("#num").removeClass("glyphicon-ok");
+		$("#num").addClass("glyphicon-remove");
+		$("#num").css("color","#FF0004");
+	}
+	
+	if(($("#newPass").val() == $("#newPassConfirm").val()) && ($("#newPass").val().length > 0)){
+		$("#pwmatch").removeClass("glyphicon-remove");
+		$("#pwmatch").addClass("glyphicon-ok");
+		$("#pwmatch").css("color","#00A41E");
+		ok++;
+	}else{
+		$("#pwmatch").removeClass("glyphicon-ok");
+		$("#pwmatch").addClass("glyphicon-remove");
+		$("#pwmatch").css("color","#FF0004");
+	}
+
+	if(ok == 6) {
+		document.getElementById('submit').disabled = false;
+	}else{
+		document.getElementById('submit').disabled = true;
+	}
+});
+-->
+</script>
+<?php
+	}
+
+	private function changePassword() {
+		$oldPass = V::get('oldPass', '', $_POST);
+		$newPass = V::get('newPass', '', $_POST);
+		$newPassConfirm = V::get('newPassConfirm', '', $_POST);
+		if (!($oldPass && $newPass && ($newPass == $newPassConfirm))) throw new Exception("Błąd formularza");
+
+		try {
+			$result = User::changePasswordDB($oldPass, $newPass);
+			if ($result) SE_Layout::alert('success', "Pomyślnie zmieniono hasło");
+			else SE_Layout::alert('warning', "Nie zmieniono hasła");
+		} catch (Exception $e) {
+			SE_Layout::alert('danger', $e->getMessage());
+			self::showForm();
+		}
+	}
+
+}

SE/se-lib/User.php

@@ -538,6 +538,7 @@ class User {
 				from ADMIN_USERS u
 				where u.ADM_ACCOUNT = :login
 					and ( u.ADM_PASSWD = :pass or u.ADM_PASSWD = md5( :pass ) )
+					and u.ADM_PASSWD != ''
 					and u.A_STATUS in('WAITING', 'NORMAL')
 			", [
 				':login' => $login,
@@ -608,7 +609,7 @@ class User {
 		return false;
 	}
 
-	public static function changePasswd($oldPass, $newPass) {
+	public static function changePasswd($oldPass, $newPass) { //TODO chyba nieuzywane - Bzyk @ 2018-02-15
 		$db = DB::getDB();
 		$newPass = $db->_($newPass);
 		$oldPass = $db->_($oldPass);
@@ -624,6 +625,25 @@ class User {
 		return ($db->affected_rows() > 0);
 	}
 
+	public static function changePasswordDB($oldPass, $newPass) {
+		if (!is_string($newPass)) throw new Exception("Błąd parametru");
+		if (strlen($newPass) < 8) throw new Exception("Hasło zbyt krótkie (min. 8 znaków)"); // TODO regex 1 mala litera, 1 mala litera, 1 cyfra, min. 8 znakow
+		if (!self::logged()) throw new Exception("Użytkownik niezalogwany");
+
+		try {
+			if (!($user = self::loginByDB())) return false;
+		} catch (Exception $e) {
+			throw new Exception("Błędne hasło");
+		}
+
+		$affected = DB::getPDO()->update('ADMIN_USERS', 'ID', $user->ID, [
+			'ADM_PASSWD' => '',
+			'ADM_PASSWD_AES' => hash('sha512', $newPass), // Mysql: SHA2('{$pass}', 512)
+		]);
+		$affected = 1;
+		return ($affected > 0);
+	}
+
 	/**
 	 * Check user access.
 	 * @param string $name