source: trunk/password.php @ 19139

Last change on this file since 19139 was 18889, checked in by plg, 12 years ago

feature 2727: improve password security with the use of PasswordHash class.
This class performs salt and multiple iterations. Already used in Wordpress,
Drupal, phpBB and many other web applications.

$confpass_convert is replaced by $confpassword_hash + $confpassword_verify

  • Property svn:eol-style set to LF
File size: 10.5 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based photo gallery                                    |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2012 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24// +-----------------------------------------------------------------------+
25// |                           initialization                              |
26// +-----------------------------------------------------------------------+
27
28define('PHPWG_ROOT_PATH','./');
29include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
30include_once(PHPWG_ROOT_PATH.'include/functions_mail.inc.php');
31
32// +-----------------------------------------------------------------------+
33// | Check Access and exit when user status is not ok                      |
34// +-----------------------------------------------------------------------+
35
36check_status(ACCESS_FREE);
37
38trigger_action('loc_begin_password');
39
40// +-----------------------------------------------------------------------+
41// | Functions                                                             |
42// +-----------------------------------------------------------------------+
43
44/**
45 * checks the validity of input parameters, fills $page['errors'] and
46 * $page['infos'] and send an email with confirmation link
47 *
48 * @return bool (true if email was sent, false otherwise)
49 */
50function process_password_request()
51{
52  global $page, $conf;
53 
54  if (empty($_POST['username_or_email']))
55  {
56    array_push($page['errors'], l10n('Invalid username or email'));
57    return false;
58  }
59 
60  $user_id = get_userid_by_email($_POST['username_or_email']);
61   
62  if (!is_numeric($user_id))
63  {
64    $user_id = get_userid($_POST['username_or_email']);
65  }
66
67  if (!is_numeric($user_id))
68  {
69    array_push($page['errors'], l10n('Invalid username or email'));
70    return false;
71  }
72
73  $userdata = getuserdata($user_id, false);
74
75  // password request is not possible for guest/generic users
76  $status = $userdata['status'];
77  if (is_a_guest($status) or is_generic($status))
78  {
79    array_push($page['errors'], l10n('Password reset is not allowed for this user'));
80    return false;
81  }
82
83  if (empty($userdata['email']))
84  {
85    array_push(
86      $page['errors'],
87      sprintf(
88        l10n('User "%s" has no email address, password reset is not possible'),
89        $userdata['username']
90        )
91      );
92    return false;
93  }
94
95  if (empty($userdata['activation_key']))
96  {
97    $activation_key = get_user_activation_key();
98
99    single_update(
100      USER_INFOS_TABLE,
101      array('activation_key' => $activation_key),
102      array('user_id' => $user_id)
103      );
104
105    $userdata['activation_key'] = $activation_key;
106  }
107
108  set_make_full_url();
109 
110  $message = l10n('Someone requested that the password be reset for the following user account:') . "\r\n\r\n";
111  $message.= sprintf(
112    l10n('Username "%s" on gallery %s'),
113    $userdata['username'],
114    get_gallery_home_url()
115    );
116  $message.= "\r\n\r\n";
117  $message.= l10n('To reset your password, visit the following address:') . "\r\n";
118  $message.= get_gallery_home_url().'/password.php?key='.$userdata['activation_key']."\r\n\r\n";
119  $message.= l10n('If this was a mistake, just ignore this email and nothing will happen.')."\r\n";
120
121  unset_make_full_url();
122
123  $message = trigger_event('render_lost_password_mail_content', $message);
124
125  $email_params = array(
126    'subject' => '['.$conf['gallery_title'].'] '.l10n('Password Reset'),
127    'content' => $message,
128    'email_format' => 'text/plain',
129    );
130
131  if (pwg_mail($userdata['email'], $email_params))
132  {
133    array_push($page['infos'], l10n('Check your email for the confirmation link'));
134    return true;
135  }
136  else
137  {
138    array_push($page['errors'], l10n('Error sending email'));
139    return false;
140  }
141}
142
143/**
144 *  checks the activation key: does it match the expected pattern? is it
145 *  linked to a user? is this user allowed to reset his password?
146 *
147 * @return mixed (user_id if OK, false otherwise)
148 */
149function check_password_reset_key($key)
150{
151  global $page;
152 
153  if (!preg_match('/^[a-z0-9]{20}$/i', $key))
154  {
155    array_push($page['errors'], l10n('Invalid key'));
156    return false;
157  }
158
159  $query = '
160SELECT
161    user_id,
162    status
163  FROM '.USER_INFOS_TABLE.'
164  WHERE activation_key = \''.$key.'\'
165;';
166  $result = pwg_query($query);
167
168  if (pwg_db_num_rows($result) == 0)
169  {
170    array_push($page['errors'], l10n('Invalid key'));
171    return false;
172  }
173 
174  $userdata = pwg_db_fetch_assoc($result);
175
176  if (is_a_guest($userdata['status']) or is_generic($userdata['status']))
177  {
178    array_push($page['errors'], l10n('Password reset is not allowed for this user'));
179    return false;
180  }
181
182  return $userdata['user_id'];
183}
184
185/**
186 * checks the passwords, checks that user is allowed to reset his password,
187 * update password, fills $page['errors'] and $page['infos'].
188 *
189 * @return bool (true if password was reset, false otherwise)
190 */
191function reset_password()
192{
193  global $page, $user, $conf;
194
195  if ($_POST['use_new_pwd'] != $_POST['passwordConf'])
196  {
197    array_push($page['errors'], l10n('The passwords do not match'));
198    return false;
199  }
200
201  if (isset($_GET['key']))
202  {
203    $user_id = check_password_reset_key($_GET['key']);
204    if (!is_numeric($user_id))
205    {
206      array_push($page['errors'], l10n('Invalid key'));
207      return false;
208    }
209  }
210  else
211  {
212    // we check the currently logged in user
213    if (is_a_guest() or is_generic())
214    {
215      array_push($page['errors'], l10n('Password reset is not allowed for this user'));
216      return false;
217    }
218
219    $user_id = $user['id'];
220  }
221   
222  single_update(
223    USERS_TABLE,
224    array($conf['user_fields']['password'] => $conf['password_hash']($_POST['use_new_pwd'])),
225    array($conf['user_fields']['id'] => $user_id)
226    );
227
228  array_push($page['infos'], l10n('Your password has been reset'));
229
230  if (isset($_GET['key']))
231  {
232    array_push($page['infos'], '<a href="'.get_root_url().'identification.php">'.l10n('Login').'</a>');
233  }
234  else
235  {
236    array_push($page['infos'], '<a href="'.get_gallery_home_url().'">'.l10n('Return to home page').'</a>');
237  }
238
239  return true;
240}
241
242// +-----------------------------------------------------------------------+
243// | Process form                                                          |
244// +-----------------------------------------------------------------------+
245if (isset($_POST['submit']))
246{
247  check_pwg_token();
248 
249  if ('lost' == $_GET['action'])
250  {
251    if (process_password_request())
252    {
253      $page['action'] = 'none';
254    }
255  }
256
257  if ('reset' == $_GET['action'])
258  {
259    if (reset_password())
260    {
261      $page['action'] = 'none';
262    }
263  }
264}
265
266// +-----------------------------------------------------------------------+
267// | key and action                                                        |
268// +-----------------------------------------------------------------------+
269
270// a connected user can't reset the password from a mail
271if (isset($_GET['key']) and !is_a_guest())
272{
273  unset($_GET['key']);
274}
275
276if (isset($_GET['key']))
277{
278  $user_id = check_password_reset_key($_GET['key']);
279  if (is_numeric($user_id))
280  {
281    $userdata = getuserdata($user_id, false);
282    $page['username'] = $userdata['username'];
283    $template->assign('key', $_GET['key']);
284
285    if (!isset($page['action']))
286    {
287      $page['action'] = 'reset';
288    }
289  }
290  else
291  {
292    $page['action'] = 'none';
293  }
294}
295
296if (!isset($page['action']))
297{
298  if (!isset($_GET['action']))
299  {
300    $page['action'] = 'lost';
301  }
302  elseif (in_array($_GET['action'], array('lost', 'reset', 'none')))
303  {
304    $page['action'] = $_GET['action'];
305  }
306}
307
308if ('reset' == $page['action'] and !isset($_GET['key']) and (is_a_guest() or is_generic()))
309{
310  redirect(get_gallery_home_url());
311}
312
313if ('lost' == $page['action'] and !is_a_guest())
314{
315  redirect(get_gallery_home_url());
316}
317
318// +-----------------------------------------------------------------------+
319// | template initialization                                               |
320// +-----------------------------------------------------------------------+
321
322$title = l10n('Password Reset');
323if ('lost' == $page['action'])
324{
325  $title = l10n('Forgot your password?');
326
327  if (isset($_POST['username_or_email']))
328  {
329    $template->assign('username_or_email', htmlspecialchars(stripslashes($_POST['username_or_email'])));
330  }
331}
332
333$page['body_id'] = 'thePasswordPage';
334
335$template->set_filenames(array('password'=>'password.tpl'));
336$template->assign(
337  array(
338    'title' => $title,
339    'form_action'=> get_root_url().'password.php',
340    'action' => $page['action'],
341    'username' => isset($page['username']) ? $page['username'] : $user['username'],
342    'PWG_TOKEN' => get_pwg_token(),
343    )
344  );
345
346
347// include menubar
348$themeconf = $template->get_template_vars('themeconf');
349if (!isset($themeconf['hide_menu_on']) OR !in_array('thePasswordPage', $themeconf['hide_menu_on']))
350{
351  include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
352}
353
354// +-----------------------------------------------------------------------+
355// |                           html code display                           |
356// +-----------------------------------------------------------------------+
357
358include(PHPWG_ROOT_PATH.'include/page_header.php');
359trigger_action('loc_end_password');
360include(PHPWG_ROOT_PATH.'include/page_messages.php');
361$template->pparse('password');
362include(PHPWG_ROOT_PATH.'include/page_tail.php');
363
364?>
Note: See TracBrowser for help on using the repository browser.