Misterzym
/
CodeIgniter-Aauth
mirror of https://github.com/misterzym/CodeIgniter-Aauth.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

BCrypt/PHP's password_hash support 

- added config var `use_password_hash`
 - added config var `password_hash_algo`
 - added config var `password_hash_options`
 - added `verify_password()`
 - changed `login()` (changed pass check with new the function, added a little skip for pass recreation if password_hash is active)
 - changed `hash_password()`
 - added `sql/Aauth_v2_BCrypt.sql` with a working password if BCrypt is active
develop
REJack 9 years ago
parent
e4aa1f5bc7
commit
bd33c956a2
3 changed files with 211 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      application/config/aauth.php
  2. 34
      application/libraries/Aauth.php
  3. 177
      sql/Aauth_v2_BCrypt.sql

8
application/config/aauth.php
Unescape View File

@ -68,6 +68,9 @@ defined('BASEPATH') OR exit('No direct script access allowed');
| |
| ['hash'] Name of selected hashing algorithm (e.g. "md5", "sha256", "haval160,4", etc..) | ['hash'] Name of selected hashing algorithm (e.g. "md5", "sha256", "haval160,4", etc..)
| Please, run hash_algos() for know your all supported algorithms | Please, run hash_algos() for know your all supported algorithms
| ['use_password_hash'] True to use PHP's own password_hash() function with BCrypt, needs PHP5.5 or higher
| ['password_hash_algo'] password_hash algorithm ("PASSWORD_DEFAULT", "PASSWORD_BCRYPT")
| ['password_hash_options'] password_hash options array for details see http://php.net/manual/en/function.password-hash.php
| |
*/ */
$config_aauth = array(); $config_aauth = array();
@ -125,7 +128,10 @@ $config_aauth["default"] = array(
'verification_link' => '/account/verification/', 'verification_link' => '/account/verification/',
'reset_password_link' => '/account/reset_password/', 'reset_password_link' => '/account/reset_password/',
'hash' => 'sha256' 'hash' => 'sha256',
'use_password_hash' => false,
'password_hash_algo' => 'PASSWORD_DEFAULT',
'password_hash_options' => array()
); );
$config['aauth'] = $config_aauth['default']; $config['aauth'] = $config_aauth['default'];

34
application/libraries/Aauth.php
Unescape View File

@ -281,9 +281,6 @@ class Aauth {
$query = null; $query = null;
$query = $this->aauth_db->where($db_identifier, $identifier); $query = $this->aauth_db->where($db_identifier, $identifier);
// Database stores pasword hashed password
$query = $this->aauth_db->where('pass', $this->hash_password($pass, $user_id));
$query = $this->aauth_db->where('banned', 0); $query = $this->aauth_db->where('banned', 0);
$query = $this->aauth_db->get($this->config_vars['users']); $query = $this->aauth_db->get($this->config_vars['users']);
@ -291,7 +288,9 @@ class Aauth {
$row = $query->row(); $row = $query->row();
// if email and pass matches and not banned // if email and pass matches and not banned
if ( $query->num_rows() != 0 ) { $password = ($this->config_vars['use_password_hash'] ? $pass : $this->hash_password($pass, $row->id));
if ( $query->num_rows() != 0 && $this->verify_password($password, $row->pass) ) {
// If email and pass matches // If email and pass matches
// create session // create session
@ -762,7 +761,9 @@ class Aauth {
// Update to correct salted password // Update to correct salted password
$data = null; $data = null;
$data['pass'] = $this->hash_password($pass, $user_id); if( !$this->config_vars['use_password_hash']){
$data['pass'] = $this->hash_password($pass, $user_id);
}
$this->aauth_db->where('id', $user_id); $this->aauth_db->where('id', $user_id);
$this->aauth_db->update($this->config_vars['users'], $data); $this->aauth_db->update($this->config_vars['users'], $data);
@ -1157,9 +1158,28 @@ class Aauth {
* @return string Hashed password * @return string Hashed password
*/ */
function hash_password($pass, $userid) { function hash_password($pass, $userid) {
if($this->config_vars['use_password_hash']){
return password_hash($pass, $this->config_vars['password_hash_algo'], $this->config_vars['password_hash_options']);
}else{
$salt = md5($userid);
return hash($this->config_vars['hash'], $salt.$pass);
}
}
$salt = md5($userid); /**
return hash($this->config_vars['hash'], $salt.$pass); * Verify password
* Verfies the hashed password
* @param string $password Password
* @param string $hash Hashed Password
* @param string $user_id
* @return bool False or True
*/
function verify_password($password, $hash) {
if($this->config_vars['use_password_hash']){
return password_verify($password, $hash);
}else{
return ($password == $hash ? TRUE : FALSE);
}
} }
######################## ########################

177
sql/Aauth_v2_BCrypt.sql
Unescape View File

@ -0,0 +1,177 @@
/*
Aauth SQL Table Structure
*/
SET FOREIGN_KEY_CHECKS=0;
-- ----------------------------
-- Table structure for `aauth_groups`
-- ----------------------------
DROP TABLE IF EXISTS `aauth_groups`;
CREATE TABLE `aauth_groups` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(100),
`definition` text,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of aauth_groups
-- ----------------------------
INSERT INTO `aauth_groups` VALUES ('1', 'Admin', 'Super Admin Group');
INSERT INTO `aauth_groups` VALUES ('2', 'Public', 'Public Access Group');
INSERT INTO `aauth_groups` VALUES ('3', 'Default', 'Default Access Group');
-- ----------------------------
-- Table structure for `aauth_perms`
-- ----------------------------
DROP TABLE IF EXISTS `aauth_perms`;
CREATE TABLE `aauth_perms` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(100),
`definition` text,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of aauth_perms
-- ----------------------------
-- ----------------------------
-- Table structure for `aauth_perm_to_group`
-- ----------------------------
DROP TABLE IF EXISTS `aauth_perm_to_group`;
CREATE TABLE `aauth_perm_to_group` (
`perm_id` int(11) unsigned DEFAULT NULL,
`group_id` int(11) unsigned DEFAULT NULL,
PRIMARY KEY (`perm_id`,`group_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of aauth_perm_to_group
-- ----------------------------
-- ----------------------------
-- Table structure for `aauth_perm_to_user`
-- ----------------------------
DROP TABLE IF EXISTS `aauth_perm_to_user`;
CREATE TABLE `aauth_perm_to_user` (
`perm_id` int(11) unsigned DEFAULT NULL,
`user_id` int(11) unsigned DEFAULT NULL,
PRIMARY KEY (`perm_id`,`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of aauth_perm_to_user
-- ----------------------------
-- ----------------------------
-- Table structure for `aauth_pms`
-- ----------------------------
DROP TABLE IF EXISTS `aauth_pms`;
CREATE TABLE `aauth_pms` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`sender_id` int(11) unsigned NOT NULL,
`receiver_id` int(11) unsigned NOT NULL,
`title` varchar(255) NOT NULL,
`message` text,
`date_sent` datetime DEFAULT NULL,
`date_read` datetime DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `full_index` (`id`,`sender_id`,`receiver_id`,`date_read`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of aauth_pms
-- ----------------------------
-- ----------------------------
-- Table structure for `aauth_system_variables`
-- ----------------------------
DROP TABLE IF EXISTS `aauth_system_variables`;
CREATE TABLE `aauth_system_variables` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`data_key` varchar(100) NOT NULL,
`value` text,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of aauth_system_variables
-- ----------------------------
-- ----------------------------
-- Table structure for `aauth_users`
-- ----------------------------
DROP TABLE IF EXISTS `aauth_users`;
CREATE TABLE `aauth_users` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`email` varchar(100) COLLATE utf8_general_ci NOT NULL,
`pass` varchar(60) COLLATE utf8_general_ci NOT NULL,
`name` varchar(100) COLLATE utf8_general_ci,
`banned` tinyint(1) DEFAULT '0',
`last_login` datetime DEFAULT NULL,
`last_activity` datetime DEFAULT NULL,
`last_login_attempt` datetime DEFAULT NULL,
`forgot_exp` text COLLATE utf8_general_ci,
`remember_time` datetime DEFAULT NULL,
`remember_exp` text COLLATE utf8_general_ci,
`verification_code` text COLLATE utf8_general_ci,
`totp_secret` varchar(16) COLLATE utf8_general_ci DEFAULT NULL,
`ip_address` text COLLATE utf8_general_ci,
`login_attempts` int(11) DEFAULT '0',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci;
-- ----------------------------
-- Records of aauth_users
-- ----------------------------
INSERT INTO `aauth_users` VALUES ('1', 'admin@example.com', '$2y$10$h19Lblcr6amOIUL1TgYW2.VVZOhac/e1kHMgAwCubMTlYXZrL0wS2', 'Admin', '0', null, null, null, null, null, null, null, null, null, '0');
-- ----------------------------
-- Table structure for `aauth_user_to_group`
-- ----------------------------
DROP TABLE IF EXISTS `aauth_user_to_group`;
CREATE TABLE `aauth_user_to_group` (
`user_id` int(11) unsigned NOT NULL DEFAULT '0',
`group_id` int(11) unsigned NOT NULL DEFAULT '0',
PRIMARY KEY (`user_id`,`group_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of aauth_user_to_group
-- ----------------------------
INSERT INTO `aauth_user_to_group` VALUES ('1', '1');
INSERT INTO `aauth_user_to_group` VALUES ('1', '3');
-- ----------------------------
-- Table structure for `aauth_user_variables`
-- ----------------------------
DROP TABLE IF EXISTS `aauth_user_variables`;
CREATE TABLE `aauth_user_variables` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`user_id` int(11) unsigned NOT NULL,
`data_key` varchar(100) NOT NULL,
`value` text,
PRIMARY KEY (`id`),
KEY `user_id_index` (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of aauth_user_variables
-- ----------------------------
-- ----------------------------
-- Table structure for `aauth_perm_to_group`
-- ----------------------------
DROP TABLE IF EXISTS `aauth_group_to_group`;
CREATE TABLE `aauth_group_to_group` (
`group_id` int(11) unsigned DEFAULT NULL,
`subgroup_id` int(11) unsigned DEFAULT NULL,
PRIMARY KEY (`group_id`,`subgroup_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of aauth_perm_to_group
-- ----------------------------
Write Preview
Loading…
Cancel
Save