Commit a4e8ca5b authored by Robert Ricci's avatar Robert Ricci

Change user verification keys. Verification key is now an md5 hash

of a random number, as suggested in the php manual. This number
is stashed in the database, in the new verify_key column in the
users table.

Rename the functions that generate and get the keys, and move from
defs.php3 to dbdefs.php3, since they're now DB operations.
parent 0063513f
......@@ -990,6 +990,7 @@ CREATE TABLE users (
emulab_pubkey text,
home_pubkey text,
adminoff tinyint(4) default '0',
verify_key varchar(32) default NULL,
PRIMARY KEY (uid),
KEY unix_uid (unix_uid)
) TYPE=MyISAM;
......
......@@ -1161,6 +1161,30 @@ function TBHasSerialConsole($node_id) {
return mysql_num_rows($query_result);
}
#
# Generate a verification key, and stash it in the database
#
function TBGenVerificationKey($name) {
$key = md5(uniqid(rand(),1));
DBQueryFatal("update users set verify_key='$key' where uid='$name'");
return $key;
}
#
# Get a verification key from the database
#
function TBGetVerificationKey($name) {
$query_result =
DBQueryFatal("select verify_key from users where uid='$name'");
if (mysql_num_rows($query_result) == 0) {
# Can we signal error somehow?
return "";
}
$row = mysql_fetch_array($query_result);
return $row[verify_key];
}
#
# DB Interface.
#
......
......@@ -54,13 +54,6 @@ $TBMAILADDR = "<a href=\"mailto:$TBMAILADDR_OPS\">
#
include("dbdefs.php3");
#
# Generate the KEY from a name
#
function GENKEY ($name) {
return crypt("TB_"."$name"."_USR", strlen($name) + 13);
}
#
# Wrap up the mail function so we can prepend a tag to the subject
# line that indicates what testbed. Useful when multiple testbed
......
......@@ -583,7 +583,7 @@ if (! $returning) {
"'$encoding', NULL, 'newuser', ".
"date_add(now(), interval 1 year), now())");
$key = GENKEY($joining_uid);
$key = TBGenVerificationKey($joining_uid);
TBMAIL("$usr_name '$joining_uid' <$usr_email>",
"Your New User Key",
......
......@@ -836,7 +836,7 @@ if (! $returning) {
"'$usr_phone', '$encoding', NULL, 'newuser', ".
"date_add(now(), interval 1 year), now())");
$key = GENKEY($proj_head_uid);
$key = TBGenVerificationKey($proj_head_uid);
TBMAIL("$usr_name '$proj_head_uid' <$usr_email>",
"Your New User Key",
......
......@@ -49,7 +49,7 @@ if (! strcmp($status, TBDB_USERSTATUS_ACTIVE) ||
# The user is logged in, so all we need to do is confirm the key.
# Make sure it matches.
#
$keymatch = GENKEY($uid);
$keymatch = TBGetVerificationKey($uid);
if (strcmp($key, $keymatch)) {
USERERROR("The given key \"$key\" is incorrect. ".
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment