145
|
145
|
|
}
|
146
|
146
|
|
|
147
|
147
|
|
/**
|
148
|
|
- |
* Check user login credentials for old user accounts.
|
149
|
|
- |
* This is a temporary function used to login users with the same
|
150
|
|
- |
* credentials from the previous version of freepost.
|
151
|
|
- |
*
|
152
|
|
- |
* How it works: first a user is tested with check_user_credentials().
|
153
|
|
- |
* If that fails, this function is called (with the same user/password
|
154
|
|
- |
* combination). If the password match, it means that's a user logging in
|
155
|
|
- |
* with the old credentials. What we do then, is to update the database
|
156
|
|
- |
* with the new password/salt.
|
157
|
|
- |
*
|
158
|
|
- |
* @return NULL if bad credentials, otherwise return the user
|
159
|
|
- |
*/
|
160
|
|
- |
function check_user_old_credentials ($username, $password)
|
161
|
|
- |
{
|
162
|
|
- |
try {
|
163
|
|
- |
|
164
|
|
- |
$this->database->beginTransaction();
|
165
|
|
- |
|
166
|
|
- |
$user = NULL;
|
167
|
|
- |
|
168
|
|
- |
if (is_null ($this->database))
|
169
|
|
- |
return $user;
|
170
|
|
- |
|
171
|
|
- |
// Check if the old credentials are valid
|
172
|
|
- |
$query = $this->database->prepare (
|
173
|
|
- |
'SELECT * ' .
|
174
|
|
- |
'FROM `user`' .
|
175
|
|
- |
'WHERE ' .
|
176
|
|
- |
'`username` = ? AND ' .
|
177
|
|
- |
'`salt` = "" AND ' .
|
178
|
|
- |
'`password` = SHA2(?, 512) AND ' .
|
179
|
|
- |
'`isActive` = 1');
|
180
|
|
- |
|
181
|
|
- |
$query->execute (array ($username, $password));
|
182
|
|
- |
|
183
|
|
- |
$user_is_valid = $query->rowCount() > 0;
|
184
|
|
- |
|
185
|
|
- |
/* The old credentials are OK, now we update with a new
|
186
|
|
- |
* hash/salt to update users with the new freepost!
|
187
|
|
- |
*/
|
188
|
|
- |
if ($user_is_valid)
|
189
|
|
- |
{
|
190
|
|
- |
// Create a salt for user password
|
191
|
|
- |
$salt = self::get_random_string (16);
|
192
|
|
- |
|
193
|
|
- |
$query = $this->database->prepare (
|
194
|
|
- |
'UPDATE `user`' .
|
195
|
|
- |
'SET `password` = SHA2(?, 512), `salt` = ? ' .
|
196
|
|
- |
'WHERE `username` = ?');
|
197
|
|
- |
|
198
|
|
- |
$query->execute (array ($password . $salt, $salt, $username));
|
199
|
|
- |
|
200
|
|
- |
$user = self::get_user ($username);
|
201
|
|
- |
}
|
202
|
|
- |
|
203
|
|
- |
$this->database->commit ();
|
204
|
|
- |
|
205
|
|
- |
return $user;
|
206
|
|
- |
|
207
|
|
- |
} catch(PDOException $ex) {
|
208
|
|
- |
|
209
|
|
- |
$this->database->rollBack();
|
210
|
|
- |
|
211
|
|
- |
return NULL;
|
212
|
|
- |
|
213
|
|
- |
}
|
214
|
|
- |
}
|
215
|
|
- |
|
216
|
|
- |
/**
|
217
|
148
|
|
* Retrieve a post
|
218
|
149
|
|
*/
|
219
|
150
|
|
function get_post ($hash_id)
|