auth: reusable functions for password verification

Page to change passwords will need to run the same code.

diff --git a/auth.inc.php b/auth.inc.php
index 94f0dcc8547f190d5758e7fdad1881a56ce72717..fd11b1353a1dfe1feaa82dc81bad675cc714a9ea 100644 (file)
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -1,4 +1,19 @@
 <?php
+function login_password_verify($input, $test)
+{
+       if (substr($test, 0, 1) != '$') {
+               # plaintext match for uncrypted passwords
+               return $input === $test;
+       }
+       return password_verify($input, $test);
+}
+
+function login_setcookie()
+{
+       global $User;
+       return setcookie('login', $User['auth'], 0, '/');
+}
+
 function login($inuser, $inpass = NULL)
 {
        if (empty($inuser)) return;
@@ -16,12 +31,7 @@ function login($inuser, $inpass = NULL)
        # verify password
        $authhash = md5($usertest);
        if (isset($inpass)) {
-               if (substr($usertest, 0, 1) == '$') {
-                       if (!password_verify($inpass, $usertest)) return;
-               }
-               else {
-                       if ($inpass !== $usertest) return;
-               }
+               if (!login_password_verify($inpass, $usertest)) return;
        }
        else {
                if ($inauth !== $authhash) return;

diff --git a/login.php b/login.php
index f7b0b103a327e719a6d93045297435b88c4377b1..1c7dfe0c2c5f6878fe893235887be4848611cdda 100644 (file)
--- a/login.php
+++ b/login.php
@@ -3,7 +3,7 @@ $message = NULL;
 
 if (isset($_POST['login'])) {
        if ($User = login($_POST['login'], $_POST['pass'])) {
-               setcookie('login', $User['auth'], 0, '/');
+               login_setcookie();
        }
        else {
                $message = 'Ongeldige gebruikersnaam of wachtwoord.';