Feature/blowfish

README.md

@@ -76,8 +76,6 @@ Change your config main:
             'user'=>array(
                 // enable cookie-based authentication
                 'class' => 'WebUser',
-                'allowAutoLogin'=>true,
-                'loginUrl' => array('/user/login'),
             ),
         #...
         ),

UserModule.php

@@ -160,24 +160,22 @@ public static function t($str='',$params=array(),$dic='user') {
 	/**
 	 * @return hash string.
 	 */
-	public static function encrypting($string="",$salt=null) {
+	public static function encrypting($string="",$salt="") {
 		$hash = Yii::app()->getModule('user')->hash;
 
 		switch($hash)
 		{
 			case "md5":
-				return md5($string);
+				return md5($string.$salt);
 			case "sha1":
-				return sha1($string);
+				return sha1($string.$salt);
 			case "blowfish":
 				if(!$salt) {
-					Yii::import('user.extensions.Randomness.Randomness');
-					$salt = Randomness::blowfishSalt();
+					$salt = User::blowfishSalt();
 				}
 				return crypt($string,$salt);
 			default:
-				return hash($hash,$string);
-
+				return hash($hash,$string.$salt);
 		}
 	}
 
@@ -228,7 +226,7 @@ public static function getAdmins() {
 	}
 
 	/**
-	 * Send mail method
+	 * Send to user mail
 	 */
 	public static function sendMail($email,$subject,$message) {
     	$adminEmail = Yii::app()->params['adminEmail'];
@@ -237,6 +235,16 @@ public static function sendMail($email,$subject,$message) {
 	    $message = str_replace("\n.", "\n..", $message);
 	    return mail($email,'=?UTF-8?B?'.base64_encode($subject).'?=',$message,$headers);
 	}
+
+    /**
+     * Send to user mail
+     */
+    public function sendMailToUser($user_id,$subject,$message,$from='') {
+        $user = User::model()->findbyPk($user_id);
+        if (!$from) $from = Yii::app()->params['adminEmail'];
+        $headers="From: ".$from."\r\nReply-To: ".Yii::app()->params['adminEmail'];
+        return mail($user->email,'=?UTF-8?B?'.base64_encode($subject).'?=',$message,$headers);
+    }
 
 	/**
 	 * Return safe user data.
@@ -248,7 +256,7 @@ public static function user($id=0,$clearCache=false) {
             $id = Yii::app()->user->id;
 		if ($id) {
             if (!isset(self::$_users[$id])||$clearCache)
-                self::$_users[$id] = User::model()->with(array('profile'))->findbyPk($id);
+                self::$_users[$id] = User::model()->with(array('profile'))->findByPk($id);
 			return self::$_users[$id];
         } else return false;
 	}

components/UWfile.php

@@ -25,14 +25,15 @@ public function init() {
 				'file'=>array(
 					'allowEmpty'=>array('','false','true'),
 					'maxFiles'=>'',
-					'maxSize'=>'',
-					'minSize'=>'',
-					'tooLarge'=>'',
-					'tooMany'=>'',
-					'tooSmall'=>'',
-					'types'=>'',
-					'wrongType'=>'',
-				),
+                    'maxSize'=>'',
+                    'minSize'=>'',
+                    'tooLarge'=>'',
+                    'tooMany'=>'',
+                    'tooSmall'=>'',
+                    'types'=>'',
+                    'wrongType'=>'',
+                    'safe'=>array('true','false'),
+                ),
 			),
 		);
 	}

components/UWjuidate.php

@@ -26,17 +26,6 @@ public function init() {
 		);
 	}
 
-	/**
-	 * @param $value
-	 * @param $model
-	 * @param $field_varname
-	 * @return string
-	 */
-	public function setAttributes($value,$model,$field_varname) {
-		if ($value=='0000-00-00') $value = '';
-		return $value;
-	}
-
 	/**
 	 * @param $model - profile model
 	 * @param $field - profile fields model item

components/UserIdentity.php

@@ -27,14 +27,18 @@ public function authenticate()
 			$user=User::model()->notsafe()->findByAttributes(array('username'=>$this->username));
 		}
 
-		if($user===null)
+		if($user===null) {
 			if (strpos($this->username,"@")) {
 				$this->errorCode=self::ERROR_EMAIL_INVALID;
 			} else {
 				$this->errorCode=self::ERROR_USERNAME_INVALID;
 			}
-		//Extra password parameter is for blowfish crypt
-		else if(Yii::app()->getModule('user')->encrypting($this->password,$user->password)!==$user->password)
+			return false;
+		}
+
+		$salt = (Yii::app()->getModule('user')->hash == 'blowfish')? $user->password : $user->salt;
+
+		if(Yii::app()->getModule('user')->encrypting($this->password, $salt)!==$user->password)
 			$this->errorCode=self::ERROR_PASSWORD_INVALID;
 		else if($user->status==0&&Yii::app()->getModule('user')->loginNotActiv==false)
 			$this->errorCode=self::ERROR_STATUS_NOTACTIV;
@@ -44,6 +48,13 @@ public function authenticate()
 			$this->_id=$user->id;
 			$this->username=$user->username;
 			$this->errorCode=self::ERROR_NONE;
+
+			//when user has no salt, let's be generous and give him some.
+			if(empty($user->salt)) {
+				$user->salt = User::getNewSalt();
+				$user->password = Yii::app()->getModule('user')->encrypting($this->password, $user->salt);
+				$user->save();
+			}
 		}
 
 		return !$this->errorCode;

components/WebUser.php

@@ -3,6 +3,19 @@
 class WebUser extends CWebUser
 {
 
+    /**
+     * @var boolean whether to enable cookie-based login. Defaults to false.
+     */
+    public $allowAutoLogin=true;
+    /**
+     * @var string|array the URL for login. If using array, the first element should be
+     * the route to the login action, and the rest name-value pairs are GET parameters
+     * to construct the login URL (e.g. array('/site/login')). If this property is null,
+     * a 403 HTTP exception will be raised instead.
+     * @see CController::createUrl
+     */
+    public $loginUrl=array('/user/login');
+
     public function getRole()
     {
         return $this->getState('__role');
@@ -34,7 +47,10 @@ protected function afterLogin($fromCookie)
 	}
 
     public function updateSession() {
-        $user = Yii::app()->getModule('user')->user($this->id);
+		$user = Yii::app()->getModule('user')->user($this->id);
+		if(!$user)
+			return;
+        $this->name = $user->username;
         $userAttributes = CMap::mergeArray(array(
                                                 'email'=>$user->email,
                                                 'username'=>$user->username,

controllers/ActivationController.php

@@ -8,21 +8,15 @@ class ActivationController extends Controller
 	/**
 	 * Activation user account
 	 */
-	public function actionActivation () {
-		$email = $_GET['email'];
-		$activkey = $_GET['activkey'];
-		if ($email&&$activkey) {
-			$find = User::model()->notsafe()->findByAttributes(array('email'=>$email));
-			if (isset($find)&&$find->status) {
-			    $this->render('/user/message',array('title'=>UserModule::t("User activation"),'content'=>UserModule::t("You account is active.")));
-			} elseif(isset($find->activkey) && ($find->activkey==$activkey)) {
-				$find->activkey = UserModule::encrypting(microtime());
-				$find->status = 1;
-				$find->save();
-			    $this->render('/user/message',array('title'=>UserModule::t("User activation"),'content'=>UserModule::t("You account is activated.")));
-			} else {
-			    $this->render('/user/message',array('title'=>UserModule::t("User activation"),'content'=>UserModule::t("Incorrect activation URL.")));
-			}
+	public function actionActivation ($email, $activkey) {
+		$find = User::model()->notsafe()->findByAttributes(array('email'=>$email));
+		if (isset($find)&&$find->status) {
+			$this->render('/user/message',array('title'=>UserModule::t("User activation"),'content'=>UserModule::t("You account is active.")));
+		} elseif(isset($find->activkey) && ($find->activkey==$activkey)) {
+			$find->activkey = UserModule::encrypting(microtime());
+			$find->status = 1;
+			$find->save();
+			$this->render('/user/message',array('title'=>UserModule::t("User activation"),'content'=>UserModule::t("You account is activated.")));
 		} else {
 			$this->render('/user/message',array('title'=>UserModule::t("User activation"),'content'=>UserModule::t("Incorrect activation URL.")));
 		}

controllers/AdminController.php

@@ -64,6 +64,7 @@ public function actionAdmin()
 	public function actionView()
 	{
 		$model = $this->loadModel();
+		$model->password = '';
 		$this->render('view',array(
 			'model'=>$model,
 		));
@@ -85,7 +86,8 @@ public function actionCreate()
 			$profile->attributes=$_POST['Profile'];
 			$profile->user_id=0;
 			if($model->validate()&&$profile->validate()) {
-				$model->password=Yii::app()->controller->module->encrypting($model->password);
+				$model->salt = User::getNewSalt();
+				$model->password=Yii::app()->controller->module->encrypting($model->password,$model->salt);
 				if($model->save()) {
 					$profile->user_id=$model->id;
 					$profile->save();
@@ -116,16 +118,21 @@ public function actionUpdate()
 
 			if($model->validate()&&$profile->validate()) {
 				$old_password = User::model()->notsafe()->findByPk($model->id);
-				if ($old_password->password!=$model->password) {
-					$model->password=Yii::app()->controller->module->encrypting($model->password);
+				$old_salt = $old_password->salt;
+				$old_password = $old_password->password;
+				if (isset($_POST['User']['password']) && $old_password != Yii::app()->controller->module->encrypting($model->password,$old_salt)) {
+					$model->salt = User::getNewSalt();
+					$model->password=Yii::app()->controller->module->encrypting($model->password,$model->salt);
 					$model->activkey=Yii::app()->controller->module->encrypting(microtime().$model->password);
+				} else {
+					unset($model->password); 
 				}
 				$model->save();
 				$profile->save();
 				$this->redirect(array('view','id'=>$model->id));
 			} else $profile->validate();
 		}
-
+		$model->password = '';
 		$this->render('update',array(
 			'model'=>$model,
 			'profile'=>$profile,

controllers/LoginController.php

@@ -17,8 +17,8 @@ public function actionLogin()
 				$model->attributes=$_POST['UserLogin'];
 				// validate user input and redirect to previous page if valid
 				if($model->validate()) {
-					$this->lastViset();
-					if (Yii::app()->getBaseUrl()."/index.php" === Yii::app()->user->returnUrl)
+					$this->lastVisit();
+					if (Yii::app()->user->returnUrl=='/index.php')
 						$this->redirect(Yii::app()->controller->module->returnUrl);
 					else
 						$this->redirect(Yii::app()->user->returnUrl);
@@ -31,9 +31,9 @@ public function actionLogin()
 			$this->redirect(Yii::app()->controller->module->returnUrl);
 	}
 
-	private function lastViset() {
+	private function lastVisit() {
 		$lastVisit = User::model()->notsafe()->findByPk(Yii::app()->user->id);
-		$lastVisit->lastvisit = time();
+		$lastVisit->lastvisit_at = date('Y-m-d H:i:s');
 		$lastVisit->save();
 	}
 

controllers/ProfileController.php

@@ -46,7 +46,6 @@ public function actionEdit()
 			if($model->validate()&&$profile->validate()) {
 				$model->save();
 				$profile->save();
-                Yii::app()->user->updateSession();
 				Yii::app()->user->setFlash('profileMessage',UserModule::t("Changes is saved."));
 				$this->redirect(array('/user/profile'));
 			} else $profile->validate();
@@ -76,8 +75,9 @@ public function actionChangepassword() {
 					$model->attributes=$_POST['UserChangePassword'];
 					if($model->validate()) {
 						$new_password = User::model()->notsafe()->findbyPk(Yii::app()->user->id);
-						$new_password->password = UserModule::encrypting($model->password);
-						$new_password->activkey=UserModule::encrypting(microtime().$model->password);
+						$new_password->salt = User::getNewSalt();
+						$new_password->password = UserModule::encrypting($model->password,$new_password->salt);
+						$new_password->activkey = UserModule::encrypting(microtime().$model->password);
 						$new_password->save();
 						Yii::app()->user->setFlash('profileMessage',UserModule::t("New password is saved."));
 						$this->redirect(array("profile"));