Refactoring: Simplified debugging and updating of password hashing

philippK-de · Jan 5, 2017 · ce50c22 · ce50c22
1 parent 2849b13
commit ce50c22
Showing 1 changed file with 16 additions and 4 deletions.
diff --git a/include/class.user.php b/include/class.user.php
@@ -26,10 +26,10 @@ class user {
     function add($name, $email, $company, $pass, $locale = "", $tags = "", $rate = 0.0)
     {
         global $conn,$mylog;
-        $pass = sha1($pass);
+        $hash = $this->hash($pass);
 
         $ins1Stmt = $conn->prepare("INSERT INTO user (name,email,company,pass,locale,tags,rate) VALUES (?, ?, ?, ?, ?, ?, ?)");
-        $ins1 = $ins1Stmt->execute(array($name, $email, $company, $pass, $locale, $tags, $rate));
+        $ins1 = $ins1Stmt->execute(array($name, $email, $company, $hash, $locale, $tags, $rate));
 
         if ($ins1) {
             $insid = $conn->lastInsertId();
@@ -274,6 +274,18 @@ function getAvatar($id)
         }
     }
 
+    /**
+     * Returns a hash of the password.
+     *
+     * @param $password
+     * @return string
+     */
+    function hash($password) {
+        $hashedPassword = sha1($password);
+
+        return $hashedPassword;
+    }
+
     /**
      * Log a user in
      *
@@ -289,9 +301,9 @@ function login($user, $pass)
             return false;
         }
         $user = $conn->quote($user);
-        $pass = sha1($pass);
+        $hash = $this->hash($pass);
 
-        $sel1 = $conn->query("SELECT ID,name,locale,lastlogin,gender FROM user WHERE (name = $user OR email = $user) AND pass = '$pass'");
+        $sel1 = $conn->query("SELECT ID,name,locale,lastlogin,gender FROM user WHERE (name = $user OR email = $user) AND pass = '$hash'");
         $chk = $sel1->fetch();
         if ($chk["ID"] != "") {
             $rolesobj = new roles();