Change user verification keys. Verification key is now an md5 hash

of a random number, as suggested in the php manual. This number is stashed in the database, in the new verify_key column in the users table. Rename the functions that generate and get the keys, and move from defs.php3 to dbdefs.php3, since they're now DB operations.

Change user verification keys. Verification key is now an md5 hash
of a random number, as suggested in the php manual. This number is stashed in the database, in the new verify_key column in the users table. Rename the functions that generate and get the keys, and move from defs.php3 to dbdefs.php3, since they're now DB operations.
a4e8ca5b · Robert Ricci · 0063513f · a4e8ca5b · a4e8ca5b · a4e8ca5b
Commit a4e8ca5b authored Oct 01, 2002 by Robert Ricci
--- a/sql/database-create.sql
+++ b/sql/database-create.sql
@@ -990,6 +990,7 @@ CREATE TABLE users (
  emulab_pubkey text,
  home_pubkey text,
  adminoff tinyint(4) default '0',
+  verify_key varchar(32) default NULL,
  PRIMARY KEY  (uid),
  KEY unix_uid (unix_uid)
 ) TYPE=MyISAM;

--- a/www/dbdefs.php3.in
+++ b/www/dbdefs.php3.in
@@ -1161,6 +1161,30 @@ function TBHasSerialConsole($node_id) {
    return mysql_num_rows($query_result);
 }

+#
+# Generate a verification key, and stash it in the database
+#
+function TBGenVerificationKey($name) {
+    $key = md5(uniqid(rand(),1));
+    DBQueryFatal("update users set verify_key='$key' where uid='$name'");
+    return $key;
+}
+
+#
+# Get a verification key from the database
+#
+function TBGetVerificationKey($name) {
+    $query_result =
+	DBQueryFatal("select verify_key from users where uid='$name'");
+
+    if (mysql_num_rows($query_result) == 0) {
+	# Can we signal error somehow?
+	return "";
+    }
+    $row   = mysql_fetch_array($query_result);
+    return $row[verify_key];
+}
+
 #
 # DB Interface.
 #

--- a/www/defs.php3.in
+++ b/www/defs.php3.in
@@ -54,13 +54,6 @@ $TBMAILADDR     = "<a href=\"mailto:$TBMAILADDR_OPS\">
 #
 include("dbdefs.php3");

-#
-# Generate the KEY from a name
-#
-function GENKEY ($name) {
-    return crypt("TB_"."$name"."_USR", strlen($name) + 13);
-}
-
 #
 # Wrap up the mail function so we can prepend a tag to the subject
 # line that indicates what testbed. Useful when multiple testbed

--- a/www/joinproject.php3
+++ b/www/joinproject.php3
@@ -583,7 +583,7 @@ if (! $returning) {
        "'$encoding', NULL, 'newuser', ".
 	"date_add(now(), interval 1 year), now())");

-    $key = GENKEY($joining_uid);
+    $key = TBGenVerificationKey($joining_uid);

    TBMAIL("$usr_name '$joining_uid' <$usr_email>",
      "Your New User Key",

--- a/www/newproject.php3
+++ b/www/newproject.php3
@@ -836,7 +836,7 @@ if (! $returning) {
 	 "'$usr_phone', '$encoding', NULL, 'newuser', ".
 	 "date_add(now(), interval 1 year), now())");

-    $key = GENKEY($proj_head_uid);
+    $key = TBGenVerificationKey($proj_head_uid);

    TBMAIL("$usr_name '$proj_head_uid' <$usr_email>",
      "Your New User Key",

--- a/www/verifyusr.php3
+++ b/www/verifyusr.php3
@@ -49,7 +49,7 @@ if (! strcmp($status, TBDB_USERSTATUS_ACTIVE) ||
 # The user is logged in, so all we need to do is confirm the key.
 # Make sure it matches.
 #
-$keymatch = GENKEY($uid);
+$keymatch = TBGetVerificationKey($uid);

 if (strcmp($key, $keymatch)) {
    USERERROR("The given key \"$key\" is incorrect. ".