Hashing the password early

This commit is contained in:
Antonin 2015-04-09 18:18:05 +02:00
parent e20ac74f0b
commit 79133ef70e
4 changed files with 14 additions and 17 deletions

View File

@ -58,10 +58,10 @@ class Form
public $use_password;
/**
* The password needed to access the poll, if $use_password is set to true
* The password needed to access the poll, hashed. Only used if $use_password is set to true
* @var string
*/
public $password;
public $password_hash;
/**
* If true, the polls results will be also visible for those without password

View File

@ -11,12 +11,12 @@ class PollRepository extends AbstractRepository {
parent::__construct($connect);
}
public function insertPoll($poll_id, $admin_poll_id, $form, $password_hash, $results_publicly_visible) {
public function insertPoll($poll_id, $admin_poll_id, $form) {
$sql = 'INSERT INTO `' . Utils::table('poll') . '`
(id, admin_id, title, description, admin_name, admin_mail, end_date, format, editable, receiveNewVotes, receiveNewComments, hidden, password_hash, results_publicly_visible)
VALUES (?,?,?,?,?,?,FROM_UNIXTIME(?),?,?,?,?,?,?,?)';
$prepared = $this->prepare($sql);
$prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable, $form->receiveNewVotes, $form->receiveNewComments, $form->hidden, $password_hash, $results_publicly_visible));
$prepared->execute(array($poll_id, $admin_poll_id, $form->title, $form->description, $form->admin_name, $form->admin_mail, $form->end_date, $form->format, $form->editable, $form->receiveNewVotes, $form->receiveNewComments, $form->hidden, $form->password_hash, $form->results_publicly_visible));
}
function findById($poll_id) {

View File

@ -22,7 +22,6 @@ use Framadate\Form;
use Framadate\FramaDB;
use Framadate\Utils;
use Framadate\Security\Token;
use Framadate\Security\PasswordHasher;
use Framadate\Repositories\RepositoryFactory;
class PollService {
@ -112,18 +111,9 @@ class PollService {
} while ($this->pollRepository->existsById($poll_id));
$admin_poll_id = $poll_id . $this->random(8);
// Password hash, if needed
if ($form->use_password) {
$password_hash = PasswordHasher::hash($form->password);
$results_publicly_visible = $form->results_publicly_visible;
} else {
$password_hash = null;
$results_publicly_visible = null;
}
// Insert poll + slots
$this->pollRepository->beginTransaction();
$this->pollRepository->insertPoll($poll_id, $admin_poll_id, $form, $password_hash, $results_publicly_visible);
$this->pollRepository->insertPoll($poll_id, $admin_poll_id, $form);
$this->slotRepository->insertSlots($poll_id, $form->getChoices());
$this->pollRepository->commit();

View File

@ -21,6 +21,7 @@ use Framadate\Form;
use Framadate\Services\InputService;
use Framadate\Editable;
use Framadate\Utils;
use Framadate\Security\PasswordHasher;
include_once __DIR__ . '/app/inc/init.php';
@ -83,7 +84,6 @@ if ($goToStep2) {
$_SESSION['form']->receiveNewComments = $receiveNewComments;
$_SESSION['form']->hidden = $hidden;
$_SESSION['form']->use_password = ($use_password !== null);
$_SESSION['form']->password = $password;
$_SESSION['form']->results_publicly_visible = ($results_publicly_visible !== null);
@ -123,6 +123,14 @@ if ($goToStep2) {
if ($title && $name && $email_OK && !$error_on_title && !$error_on_description && !$error_on_name
&& !$error_on_password && !$error_on_password_repeat) {
// If no errors, we hash the password if needed
if ($_SESSION['form']->use_password) {
$_SESSION['form']->password_hash = PasswordHasher::hash($password);
} else {
$_SESSION['form']->password_hash = null;
$_SESSION['form']->results_publicly_visible = null;
}
if ($goToStep2 == 'date') {
header('Location:create_date_poll.php');
exit();
@ -244,7 +252,6 @@ $smarty->assign('poll_receiveNewComments', Utils::fromPostOrDefault('receiveNewC
$smarty->assign('poll_hidden', Utils::fromPostOrDefault('hidden', $_SESSION['form']->hidden));
$smarty->assign('poll_use_password', Utils::fromPostOrDefault('use_password', $_SESSION['form']->use_password));
$smarty->assign('poll_results_publicly_visible', Utils::fromPostOrDefault('results_publicly_visible', $_SESSION['form']->results_publicly_visible));
$smarty->assign('poll_password', Utils::fromPostOrDefault('password', $_SESSION['form']->password));
$smarty->assign('form', $_SESSION['form']);
$smarty->display('create_poll.tpl');