Hashing the password early
This commit is contained in:
Antonin
parent
e20ac74f0b
commit
79133ef70e
|
|
@ -58,10 +58,10 @@ class Form
|
|||
public $use_password;
|
||||
|
||||
/**
|
||||
* The password needed to access the poll, if $use_password is set to true
|
||||
* The password needed to access the poll, hashed. Only used if $use_password is set to true
|
||||
* @var string
|
||||
*/
|
||||
public $password;
|
||||
public $password_hash;
|
||||
|
||||
/**
|
||||
* If true, the polls results will be also visible for those without password
|
||||
|
|
|
|||
|
|
@ -11,12 +11,12 @@ class PollRepository extends AbstractRepository {
|
|||
parent::__construct($connect);
|
||||
}
|
||||
|
||||
public function insertPoll($poll_id, $admin_poll_id, $form, $password_hash, $results_publicly_visible) {
|
||||
public function insertPoll($poll_id, $admin_poll_id, $form) {
|
||||
$sql = 'INSERT INTO `' . Utils::table('poll') . '`
|
||||
(id, admin_id, title, description, admin_name, admin_mail, end_date, format, editable, receiveNewVotes, receiveNewComments, hidden, password_hash, results_publicly_visible)
|
||||
VALUES (?,?,?,?,?,?,FROM_UNIXTIME(?),?,?,?,?,?,?,?)';
|
||||
$prepared = $this->prepare($sql);
|
||||
$prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable, $form->receiveNewVotes, $form->receiveNewComments, $form->hidden, $password_hash, $results_publicly_visible));
|
||||
$prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable, $form->receiveNewVotes, $form->receiveNewComments, $form->hidden, $form->password_hash, $form->results_publicly_visible));
|
||||
}
|
||||
|
||||
function findById($poll_id) {
|
||||
|
|
|
|||
|
|
@ -22,7 +22,6 @@ use Framadate\Form;
|
|||
use Framadate\FramaDB;
|
||||
use Framadate\Utils;
|
||||
use Framadate\Security\Token;
|
||||
use Framadate\Security\PasswordHasher;
|
||||
use Framadate\Repositories\RepositoryFactory;
|
||||
|
||||
class PollService {
|
||||
|
|
@ -112,18 +111,9 @@ class PollService {
|
|||
} while ($this->pollRepository->existsById($poll_id));
|
||||
$admin_poll_id = $poll_id . $this->random(8);
|
||||
|
||||
// Password hash, if needed
|
||||
if ($form->use_password) {
|
||||
$password_hash = PasswordHasher::hash($form->password);
|
||||
$results_publicly_visible = $form->results_publicly_visible;
|
||||
} else {
|
||||
$password_hash = null;
|
||||
$results_publicly_visible = null;
|
||||
}
|
||||
|
||||
// Insert poll + slots
|
||||
$this->pollRepository->beginTransaction();
|
||||
$this->pollRepository->insertPoll($poll_id, $admin_poll_id, $form, $password_hash, $results_publicly_visible);
|
||||
$this->pollRepository->insertPoll($poll_id, $admin_poll_id, $form);
|
||||
$this->slotRepository->insertSlots($poll_id, $form->getChoices());
|
||||
$this->pollRepository->commit();
|
||||
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ use Framadate\Form;
|
|||
use Framadate\Services\InputService;
|
||||
use Framadate\Editable;
|
||||
use Framadate\Utils;
|
||||
use Framadate\Security\PasswordHasher;
|
||||
|
||||
include_once __DIR__ . '/app/inc/init.php';
|
||||
|
||||
|
|
@ -83,7 +84,6 @@ if ($goToStep2) {
|
|||
$_SESSION['form']->receiveNewComments = $receiveNewComments;
|
||||
$_SESSION['form']->hidden = $hidden;
|
||||
$_SESSION['form']->use_password = ($use_password !== null);
|
||||
$_SESSION['form']->password = $password;
|
||||
$_SESSION['form']->results_publicly_visible = ($results_publicly_visible !== null);
|
||||
|
||||
|
||||
|
|
@ -123,6 +123,14 @@ if ($goToStep2) {
|
|||
if ($title && $name && $email_OK && !$error_on_title && !$error_on_description && !$error_on_name
|
||||
&& !$error_on_password && !$error_on_password_repeat) {
|
||||
|
||||
// If no errors, we hash the password if needed
|
||||
if ($_SESSION['form']->use_password) {
|
||||
$_SESSION['form']->password_hash = PasswordHasher::hash($password);
|
||||
} else {
|
||||
$_SESSION['form']->password_hash = null;
|
||||
$_SESSION['form']->results_publicly_visible = null;
|
||||
}
|
||||
|
||||
if ($goToStep2 == 'date') {
|
||||
header('Location:create_date_poll.php');
|
||||
exit();
|
||||
|
|
@ -244,7 +252,6 @@ $smarty->assign('poll_receiveNewComments', Utils::fromPostOrDefault('receiveNewC
|
|||
$smarty->assign('poll_hidden', Utils::fromPostOrDefault('hidden', $_SESSION['form']->hidden));
|
||||
$smarty->assign('poll_use_password', Utils::fromPostOrDefault('use_password', $_SESSION['form']->use_password));
|
||||
$smarty->assign('poll_results_publicly_visible', Utils::fromPostOrDefault('results_publicly_visible', $_SESSION['form']->results_publicly_visible));
|
||||
$smarty->assign('poll_password', Utils::fromPostOrDefault('password', $_SESSION['form']->password));
|
||||
$smarty->assign('form', $_SESSION['form']);
|
||||
|
||||
$smarty->display('create_poll.tpl');
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user