Coding style (new password hash code)

0605eb99 · Scott · b29c7635 · 0605eb99 · 0605eb99 · 0605eb99
Commit 0605eb99 authored Jan 23, 2016 by Scott
5 changed files
--- a/qa-include/db/install.php
+++ b/qa-include/db/install.php
@@ -1460,13 +1460,13 @@
 					break;
-			//	Up to here: Version 1.8 alpha
 				case 62:
-						qa_db_upgrade_query('ALTER TABLE ^users ADD COLUMN passhash '.$definitions['users']['passhash'].' AFTER passcheck');
+					// add column to qa_users to handle new bcrypt passwords
-						qa_db_upgrade_query($locktablesquery);
+					qa_db_upgrade_query('ALTER TABLE ^users ADD COLUMN passhash '.$definitions['users']['passhash'].' AFTER passcheck');
-						break;
+					qa_db_upgrade_query($locktablesquery);
+					break;
+			//	Up to here: Version 1.8 alpha
 			}
 			qa_db_set_db_version($newversion);

--- a/qa-include/db/users.php
+++ b/qa-include/db/users.php
@@ -44,22 +44,22 @@
 	{
 		require_once QA_INCLUDE_DIR.'util/string.php';
-		if(!qa_php_version_below('5.3.7')){
+		if (!qa_php_version_below('5.3.7')) {
 			qa_db_query_sub(
 				'INSERT INTO ^users (created, createip, email, passhash, level, handle, loggedin, loginip) '.
 				'VALUES (NOW(), COALESCE(INET_ATON($), 0), $, $, #, $, NOW(), COALESCE(INET_ATON($), 0))',
 				$ip, $email, isset($password) ? password_hash($password, PASSWORD_BCRYPT) : null, (int)$level, $handle, $ip
 			);
 		} else {
-			$salt=isset($password) ? qa_random_alphanum(16) : null;
+			$salt = isset($password) ? qa_random_alphanum(16) : null;
 			qa_db_query_sub(
 				'INSERT INTO ^users (created, createip, email, passsalt, passcheck, level, handle, loggedin, loginip) '.
 				'VALUES (NOW(), COALESCE(INET_ATON($), 0), $, $, UNHEX($), #, $, NOW(), COALESCE(INET_ATON($), 0))',
 				$ip, $email, $salt, isset($password) ? qa_db_calc_passcheck($password, $salt) : null, (int)$level, $handle, $ip
 			);
 		}
 		return qa_db_last_insert_id();
 	}
@@ -163,13 +163,13 @@
 		require_once QA_INCLUDE_DIR.'util/string.php';
-		if(!qa_php_version_below('5.3.7')){
+		if (!qa_php_version_below('5.3.7')) {
 			qa_db_query_sub(
 				'UPDATE ^users SET passhash=$, passsalt=NULL, passcheck=NULL WHERE userid=$',
 				password_hash($password, PASSWORD_BCRYPT), $userid
 			);
 		} else {
-			$salt=qa_random_alphanum(16);
+			$salt = qa_random_alphanum(16);
 			qa_db_query_sub(
 				'UPDATE ^users SET passsalt=$, passcheck=UNHEX($) WHERE userid=$',

--- a/qa-include/pages/account.php
+++ b/qa-include/pages/account.php
@@ -37,7 +37,7 @@
 	if (QA_FINAL_EXTERNAL_USERS)
 		qa_fatal_error('User accounts are handled by external code');
-	$userid=qa_get_logged_in_userid();
+	$userid = qa_get_logged_in_userid();
 	if (!isset($userid))
 		qa_redirect('login');
@@ -52,14 +52,15 @@
 		qa_db_userfields_selectspec()
 	);
-	$changehandle=qa_opt('allow_change_usernames') || ((!$userpoints['qposts']) && (!$userpoints['aposts']) && (!$userpoints['cposts']));
+	$changehandle = qa_opt('allow_change_usernames') || (!$userpoints['qposts'] && !$userpoints['aposts'] && !$userpoints['cposts']);
-	$doconfirms=qa_opt('confirm_user_emails') && ($useraccount['level']<QA_USER_LEVEL_EXPERT);
+	$doconfirms = qa_opt('confirm_user_emails') && $useraccount['level'] < QA_USER_LEVEL_EXPERT;
-	$isconfirmed=($useraccount['flags'] & QA_USER_FLAGS_EMAIL_CONFIRMED) ? true : false;
+	$isconfirmed = ($useraccount['flags'] & QA_USER_FLAGS_EMAIL_CONFIRMED) ? true : false;
-	if(!qa_php_version_below('5.3.7')){
-		$haspasswordold=isset($useraccount['passsalt']) && isset($useraccount['passcheck']);
+	if (!qa_php_version_below('5.3.7')) {
-		$haspassword=isset($useraccount['passhash']);
+		$haspasswordold = isset($useraccount['passsalt']) && isset($useraccount['passcheck']);
+		$haspassword = isset($useraccount['passhash']);
 	} else {
-		$haspassword=isset($useraccount['passsalt']) && isset($useraccount['passcheck']);
+		$haspassword = isset($useraccount['passsalt']) && isset($useraccount['passcheck']);
 	}
 	$permit_error = qa_user_permit_error();
 	$isblocked = $permit_error !== false;
@@ -209,16 +210,18 @@
 			else {
 				$errors = array();
-				if(!qa_php_version_below('5.3.7')){
+				if (!qa_php_version_below('5.3.7')) {
 					if (
-					($haspasswordold && (strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck']))) ||
+						($haspasswordold && (strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck']))) ||
-					(!$haspasswordold && $haspassword && !password_verify($inoldpassword,$useraccount['passhash']))
+						(!$haspasswordold && $haspassword && !password_verify($inoldpassword,$useraccount['passhash']))
-					)
+					) {
 						$errors['oldpassword'] = qa_lang('users/password_wrong');
+					}
 				} else {
-					if ($haspassword && (strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck'])))
+					if ($haspassword && (strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck']))) {
 						$errors['oldpassword'] = qa_lang('users/password_wrong');
+					}
 				}
 				$useraccount['password'] = $inoldpassword;

--- a/qa-include/pages/login.php
+++ b/qa-include/pages/login.php
@@ -67,47 +67,50 @@
 				if (count($matchusers)==1) { // if matches more than one (should be impossible), don't log in
 					$inuserid=$matchusers[0];
 					$userinfo=qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true));
-					if(!qa_php_version_below('5.3.7')){
+					if (!qa_php_version_below('5.3.7')) {
 						$haspassword=isset($userinfo['passhash']);
 						$haspasswordold=isset($userinfo['passsalt']) && isset($userinfo['passcheck']);
 						if (
-						($haspasswordold && strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) ||
+							($haspasswordold && strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) ||
-						($haspassword && password_verify($inpassword,$userinfo['passhash']))
+							($haspassword && password_verify($inpassword,$userinfo['passhash']))
-						){ // login and redirect
+						) {
+							// login and redirect
 							require_once QA_INCLUDE_DIR.'app/users.php';
 							// upgrade password or rehash, when options like the cost parameter changed
-							if($haspasswordold || password_needs_rehash($userinfo['passhash'], PASSWORD_BCRYPT)) qa_db_user_set_password($inuserid, $inpassword);
+							if ($haspasswordold || password_needs_rehash($userinfo['passhash'], PASSWORD_BCRYPT)) {
+								qa_db_user_set_password($inuserid, $inpassword);
+							}
 							qa_set_logged_in_user($inuserid, $userinfo['handle'], !empty($inremember));
 							$topath=qa_get('to');
 							if (isset($topath))
 								qa_redirect_raw(qa_path_to_root().$topath); // path already provided as URL fragment
 							elseif ($passwordsent)
 								qa_redirect('account');
 							else
 								qa_redirect('');
 						} else
 							$errors['password']=qa_lang('users/password_wrong');
 					} else {
 						if (strtolower(qa_db_calc_passcheck($inpassword, $userinfo['passsalt'])) == strtolower($userinfo['passcheck'])) { // login and redirect
 							require_once QA_INCLUDE_DIR.'app/users.php';
 							qa_set_logged_in_user($inuserid, $userinfo['handle'], !empty($inremember));
 							$topath=qa_get('to');
 							if (isset($topath))
 								qa_redirect_raw(qa_path_to_root().$topath); // path already provided as URL fragment
 							elseif ($passwordsent)
 								qa_redirect('account');
 							else
 								qa_redirect('');
 						} else
 							$errors['password']=qa_lang('users/password_wrong');
 					}

--- a/qa-include/qa-base.php
+++ b/qa-include/qa-base.php
@@ -77,7 +77,9 @@
 	qa_load_plugin_files();
 	qa_load_override_files();
-	if(!qa_php_version_below('5.3.7')) require_once QA_INCLUDE_DIR.'vendor/password_compat.php';
+	if (!qa_php_version_below('5.3.7')) {
+		require_once QA_INCLUDE_DIR.'vendor/password_compat.php';
+	}
 	require_once QA_INCLUDE_DIR.'qa-db.php';
 	qa_db_allow_connect();