Chapril/date.chapril.org-framadate
Chapril/date.chapril.org-framadate
24
1
Fork 0
Code Issues Pull Requests Releases Activity

Hashing the password early

Browse Source
This commit is contained in:
Antonin 2015-04-09 18:18:05 +02:00
parent e20ac74f0b
commit 79133ef70e
4 changed files with 14 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/classes/Framadate/Form.php
View File

@ -58,10 +58,10 @@ class Form
public $use_password; public $use_password;
/** /**
* The password needed to access the poll, if $use_password is set to true * The password needed to access the poll, hashed. Only used if $use_password is set to true
* @var string * @var string
*/ */
public $password; public $password_hash;
/** /**
* If true, the polls results will be also visible for those without password * If true, the polls results will be also visible for those without password

4
app/classes/Framadate/Repositories/PollRepository.php
View File

@ -11,12 +11,12 @@ class PollRepository extends AbstractRepository {
parent::__construct($connect); parent::__construct($connect);
} }
public function insertPoll($poll_id, $admin_poll_id, $form, $password_hash, $results_publicly_visible) { public function insertPoll($poll_id, $admin_poll_id, $form) {
$sql = 'INSERT INTO `' . Utils::table('poll') . '` $sql = 'INSERT INTO `' . Utils::table('poll') . '`
(id, admin_id, title, description, admin_name, admin_mail, end_date, format, editable, receiveNewVotes, receiveNewComments, hidden, password_hash, results_publicly_visible) (id, admin_id, title, description, admin_name, admin_mail, end_date, format, editable, receiveNewVotes, receiveNewComments, hidden, password_hash, results_publicly_visible)
VALUES (?,?,?,?,?,?,FROM_UNIXTIME(?),?,?,?,?,?,?,?)'; VALUES (?,?,?,?,?,?,FROM_UNIXTIME(?),?,?,?,?,?,?,?)';
$prepared = $this->prepare($sql); $prepared = $this->prepare($sql);
$prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable, $form->receiveNewVotes, $form->receiveNewComments, $form->hidden, $password_hash, $results_publicly_visible)); $prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable, $form->receiveNewVotes, $form->receiveNewComments, $form->hidden, $form->password_hash, $form->results_publicly_visible));
} }
function findById($poll_id) { function findById($poll_id) {

12
app/classes/Framadate/Services/PollService.php
View File

@ -22,7 +22,6 @@ use Framadate\Form;
use Framadate\FramaDB; use Framadate\FramaDB;
use Framadate\Utils; use Framadate\Utils;
use Framadate\Security\Token; use Framadate\Security\Token;
use Framadate\Security\PasswordHasher;
use Framadate\Repositories\RepositoryFactory; use Framadate\Repositories\RepositoryFactory;
class PollService { class PollService {
@ -112,18 +111,9 @@ class PollService {
} while ($this->pollRepository->existsById($poll_id)); } while ($this->pollRepository->existsById($poll_id));
$admin_poll_id = $poll_id . $this->random(8); $admin_poll_id = $poll_id . $this->random(8);
// Password hash, if needed
if ($form->use_password) {
$password_hash = PasswordHasher::hash($form->password);
$results_publicly_visible = $form->results_publicly_visible;
} else {
$password_hash = null;
$results_publicly_visible = null;
}
// Insert poll + slots // Insert poll + slots
$this->pollRepository->beginTransaction(); $this->pollRepository->beginTransaction();
$this->pollRepository->insertPoll($poll_id, $admin_poll_id, $form, $password_hash, $results_publicly_visible); $this->pollRepository->insertPoll($poll_id, $admin_poll_id, $form);
$this->slotRepository->insertSlots($poll_id, $form->getChoices()); $this->slotRepository->insertSlots($poll_id, $form->getChoices());
$this->pollRepository->commit(); $this->pollRepository->commit();

11
create_poll.php
View File

@ -21,6 +21,7 @@ use Framadate\Form;
use Framadate\Services\InputService; use Framadate\Services\InputService;
use Framadate\Editable; use Framadate\Editable;
use Framadate\Utils; use Framadate\Utils;
use Framadate\Security\PasswordHasher;
include_once __DIR__ . '/app/inc/init.php'; include_once __DIR__ . '/app/inc/init.php';
@ -83,7 +84,6 @@ if ($goToStep2) {
$_SESSION['form']->receiveNewComments = $receiveNewComments; $_SESSION['form']->receiveNewComments = $receiveNewComments;
$_SESSION['form']->hidden = $hidden; $_SESSION['form']->hidden = $hidden;
$_SESSION['form']->use_password = ($use_password !== null); $_SESSION['form']->use_password = ($use_password !== null);
$_SESSION['form']->password = $password;
$_SESSION['form']->results_publicly_visible = ($results_publicly_visible !== null); $_SESSION['form']->results_publicly_visible = ($results_publicly_visible !== null);
@ -123,6 +123,14 @@ if ($goToStep2) {
if ($title && $name && $email_OK && !$error_on_title && !$error_on_description && !$error_on_name if ($title && $name && $email_OK && !$error_on_title && !$error_on_description && !$error_on_name
&& !$error_on_password && !$error_on_password_repeat) { && !$error_on_password && !$error_on_password_repeat) {
// If no errors, we hash the password if needed
if ($_SESSION['form']->use_password) {
$_SESSION['form']->password_hash = PasswordHasher::hash($password);
} else {
$_SESSION['form']->password_hash = null;
$_SESSION['form']->results_publicly_visible = null;
}
if ($goToStep2 == 'date') { if ($goToStep2 == 'date') {
header('Location:create_date_poll.php'); header('Location:create_date_poll.php');
exit(); exit();
@ -244,7 +252,6 @@ $smarty->assign('poll_receiveNewComments', Utils::fromPostOrDefault('receiveNewC
$smarty->assign('poll_hidden', Utils::fromPostOrDefault('hidden', $_SESSION['form']->hidden)); $smarty->assign('poll_hidden', Utils::fromPostOrDefault('hidden', $_SESSION['form']->hidden));
$smarty->assign('poll_use_password', Utils::fromPostOrDefault('use_password', $_SESSION['form']->use_password)); $smarty->assign('poll_use_password', Utils::fromPostOrDefault('use_password', $_SESSION['form']->use_password));
$smarty->assign('poll_results_publicly_visible', Utils::fromPostOrDefault('results_publicly_visible', $_SESSION['form']->results_publicly_visible)); $smarty->assign('poll_results_publicly_visible', Utils::fromPostOrDefault('results_publicly_visible', $_SESSION['form']->results_publicly_visible));
$smarty->assign('poll_password', Utils::fromPostOrDefault('password', $_SESSION['form']->password));
$smarty->assign('form', $_SESSION['form']); $smarty->assign('form', $_SESSION['form']);
$smarty->display('create_poll.tpl'); $smarty->display('create_poll.tpl');