From e329441a4f5397037a446c96e53f27cc85ab4545 Mon Sep 17 00:00:00 2001
From: Mzhelskiy Maxim <rus.engine@gmail.com>
Date: Sat, 28 Jan 2017 20:14:33 +0700
Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D1=80=D0=B0=D0=B1=D0=BE=D1=82?=
 =?UTF-8?q?=D0=BA=D0=B0=20=D0=B0=D0=B2=D1=82=D0=BE=D1=80=D0=B8=D0=B7=D0=B0?=
 =?UTF-8?q?=D1=86=D0=B8=D0=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../classes/actions/ActionAuth.class.php      |  7 ++--
 .../classes/actions/ActionSettings.class.php  |  4 +--
 .../classes/modules/user/User.class.php       | 34 +++++++++++++++++++
 .../modules/user/entity/User.entity.class.php | 11 ++++++
 4 files changed, 50 insertions(+), 6 deletions(-)

diff --git a/application/classes/actions/ActionAuth.class.php b/application/classes/actions/ActionAuth.class.php
index b6f86d12..502b8868 100644
--- a/application/classes/actions/ActionAuth.class.php
+++ b/application/classes/actions/ActionAuth.class.php
@@ -113,8 +113,7 @@ class ActionAuth extends Action
                 /**
                  * Сверяем хеши паролей и проверяем активен ли юзер
                  */
-
-                if ($oUser->getPassword() == func_encrypt(getRequest('password'))) {
+                if ($this->User_VerifyAccessAuth($oUser) and $oUser->verifyPassword(getRequest('password'))) {
                     if (!$oUser->getActivate()) {
                         $this->Message_AddErrorSingle($this->Lang_Get('auth.login.notices.error_not_activated',
                             array('reactivation_path' => Router::GetPath('auth/reactivation'))));
@@ -236,7 +235,7 @@ class ActionAuth extends Action
             if ($oReminder = $this->User_GetReminderByCode($this->GetParam(0))) {
                 if (!$oReminder->getIsUsed() and strtotime($oReminder->getDateExpire()) > time() and $oUser = $this->User_GetUserById($oReminder->getUserId())) {
                     $sNewPassword = func_generator(7);
-                    $oUser->setPassword(func_encrypt($sNewPassword));
+                    $oUser->setPassword($this->User_MakeHashPassword($sNewPassword));
                     if ($this->User_Update($oUser)) {
                         $oReminder->setDateUsed(date("Y-m-d H:i:s"));
                         $oReminder->setIsUsed(1);
@@ -383,7 +382,7 @@ class ActionAuth extends Action
          */
         if ($oUser->_Validate()) {
             $this->Hook_Run('registration_validate_after', array('oUser' => $oUser));
-            $oUser->setPassword(func_encrypt($oUser->getPassword()));
+            $oUser->setPassword($this->User_MakeHashPassword($oUser->getPassword()));
             if ($this->User_Add($oUser)) {
                 $this->Hook_Run('registration_after', array('oUser' => $oUser));
                 /**
diff --git a/application/classes/actions/ActionSettings.class.php b/application/classes/actions/ActionSettings.class.php
index d66f3d8b..7c8de3b3 100644
--- a/application/classes/actions/ActionSettings.class.php
+++ b/application/classes/actions/ActionSettings.class.php
@@ -459,8 +459,8 @@ class ActionSettings extends Action
             if (getRequestStr('password', '') != '') {
                 if (func_check(getRequestStr('password'), 'password', 5)) {
                     if (getRequestStr('password') == getRequestStr('password_confirm')) {
-                        if (func_encrypt(getRequestStr('password_now')) == $this->oUserCurrent->getPassword()) {
-                            $this->oUserCurrent->setPassword(func_encrypt(getRequestStr('password')));
+                        if ($this->oUserCurrent->verifyPassword(getRequestStr('password_now'))) {
+                            $this->oUserCurrent->setPassword($this->User_MakeHashPassword(getRequestStr('password')));
                         } else {
                             $bError = true;
                             $this->Message_AddError($this->Lang_Get('user.settings.account.fields.password.notices.error'),
diff --git a/application/classes/modules/user/User.class.php b/application/classes/modules/user/User.class.php
index f0e05a5a..d9ecfe79 100644
--- a/application/classes/modules/user/User.class.php
+++ b/application/classes/modules/user/User.class.php
@@ -1951,4 +1951,38 @@ class ModuleUser extends Module
             )
         );
     }
+
+    /**
+     * Генерация хеша пароля
+     *
+     * @param $sPassword
+     * @return string
+     */
+    public function MakeHashPassword($sPassword)
+    {
+        return func_encrypt($sPassword);
+    }
+
+    /**
+     * Проверка пароля
+     *
+     * @param $sPassword
+     * @param $sHash
+     * @return string
+     */
+    public function VerifyPassword($sPassword, $sHash)
+    {
+        return $this->MakeHashPassword($sPassword) == $sHash;
+    }
+
+    /**
+     * Проверка доступа к авторизации
+     *
+     * @param $oUser
+     * @return bool
+     */
+    public function VerifyAccessAuth($oUser)
+    {
+        return true;
+    }
 }
\ No newline at end of file
diff --git a/application/classes/modules/user/entity/User.entity.class.php b/application/classes/modules/user/entity/User.entity.class.php
index 907a5a1e..2896b232 100644
--- a/application/classes/modules/user/entity/User.entity.class.php
+++ b/application/classes/modules/user/entity/User.entity.class.php
@@ -646,6 +646,17 @@ class ModuleUser_EntityUser extends Entity
         return false;
     }
 
+    /**
+     * Проверка пароля
+     *
+     * @param $sPassword
+     * @return string
+     */
+    public function verifyPassword($sPassword)
+    {
+        return $this->User_VerifyPassword($sPassword, $this->getPassword());
+    }
+
 
     /**
      * Устанавливает ID пользователя