8 年前 · e8a790394c
--- a/SE/se-lib/User.php
+++ b/SE/se-lib/User.php
@@ -385,6 +385,13 @@ class User {
 
				 
			
 
				 		if ($ldap != null && $ldap->isConnected()) {
			
 
				 			$user = self::loginByLDAP($login, $pass);
			
 
				+
			
 
				+			if ($user) { // user logged in by ldap - update password hash in db
			
 
				+				DB::getPDO()->update('ADMIN_USERS', 'ID', $user->ID, [
			
 
				+					'ADM_PASSWD_AES' => hash('sha512', $pass), // Mysql: SHA2('{$pass}', 512)
			
 
				+				]);
			
 
				+			}
			
 
				+
			
 
				 		} else {
			
 
				 			$user = self::loginByDB($login, $pass);
			
 
				 		}
			
@@ -490,13 +497,14 @@ class User {
 
				 		$user->ADM_NAME = $ldapUser['cn'];
			
 
				 		$user->OTHER_INFO = $ldapUser['mail'];
			
 
				 
			
 
				-		$sqlLogin = DB::getPDO()->quote($user->ADM_ACCOUNT, PDO::PARAM_STR);
			
 
				 		$rawUser = DB::getPDO()->fetchFirst("
			
 
				 			select u.*
			
 
				 			from ADMIN_USERS u
			
 
				-			where u.ADM_ACCOUNT = {$sqlLogin}
			
 
				+			where u.ADM_ACCOUNT = :login
			
 
				 				and u.A_STATUS in('WAITING', 'NORMAL')
			
 
				-		");
			
 
				+		", [
			
 
				+			':login' => $user->ADM_ACCOUNT,
			
 
				+		]);
			
 
				 		if (!$rawUser) throw new Exception("Wystąpiły błędy podczas próby logowania. Brak użytkownika w bazie danych.");
			
 
				 		$user->ID = $rawUser['ID'];
			
 
				 		$user->ADM_TECH_WORKER = $rawUser['ADM_TECH_WORKER'];
			
@@ -513,16 +521,31 @@ class User {
 
				 	}
			
 
				 
			
 
				 	public static function loginByDB($login, $pass) {
			
 
				-		$sqlLogin = DB::getPDO()->quote($login, PDO::PARAM_STR);
			
 
				-		$sqlPass = DB::getPDO()->quote($pass, PDO::PARAM_STR);
			
 
				 		$rawUser = DB::getPDO()->fetchFirst("
			
 
				 			select u.*
			
 
				 			from ADMIN_USERS u
			
 
				-			where u.ADM_ACCOUNT = {$sqlLogin}
			
 
				-				and ( u.ADM_PASSWD = {$sqlPass} or u.ADM_PASSWD = md5({$sqlPass}) )
			
 
				+			where u.ADM_ACCOUNT = :login
			
 
				+				and u.ADM_PASSWD_AES = :pass_hash
			
 
				 				and u.A_STATUS in('WAITING', 'NORMAL')
			
 
				-		");
			
 
				+		", [
			
 
				+			':login' => $login,
			
 
				+			':pass_hash' => hash('sha512', $pass),
			
 
				+		]);
			
 
				+		if (!$rawUser) { // TODO: error log - change password for user
			
 
				+			error_log("TODO: update password hash for user '{$login}'");
			
 
				+			$rawUser = DB::getPDO()->fetchFirst("
			
 
				+				select u.*
			
 
				+				from ADMIN_USERS u
			
 
				+				where u.ADM_ACCOUNT = :login
			
 
				+					and ( u.ADM_PASSWD = :pass or u.ADM_PASSWD = md5( :pass ) )
			
 
				+					and u.A_STATUS in('WAITING', 'NORMAL')
			
 
				+			", [
			
 
				+				':login' => $login,
			
 
				+				':pass' => $pass,
			
 
				+			]);
			
 
				+		}
			
 
				 		if (!$rawUser) throw new Exception("Proszę podać poprawny login i hasło!");
			
 
				+		$user = new stdClass();
			
 
				 		$user->ID = $rawUser['ID'];
			
 
				 		$user->ADM_TECH_WORKER = $rawUser['ADM_TECH_WORKER'];
			
 
				 		$user->ADM_COMPANY = $rawUser['ADM_COMPANY'];