From cd239847ede955290338c1385094faff7b55eccf Mon Sep 17 00:00:00 2001 From: Krombel Date: Tue, 6 Mar 2018 18:25:20 +0100 Subject: [PATCH] fix: Do not publish the secret password of register_bot --- database.php | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/database.php b/database.php index caf241a..d191e82 100644 --- a/database.php +++ b/database.php @@ -1,4 +1,4 @@ -userRegistered("register_bot")) { $password = $this->addUser("Register", "Bot", "register_bot", $config["register_email"]); $config["register_password"] = $password; - $myfile = fopen("config.json", "w"); + $myfile = fopen(dirname(__FILE__) . "/config.json", "w"); fwrite($myfile, json_encode($config, JSON_PRETTY_PRINT)); fclose($myfile); } @@ -101,28 +101,28 @@ class mxDatabase function setRegistrationStateVerify($state, $token) { $sql = "UPDATE registrations SET state = " . $state . ' WHERE verify_token = "' . $token . '";'; - + return $this->db->exec($sql); } function setRegistrationStateById($state, $id) { $sql = "UPDATE registrations SET state = " . $state . ' WHERE id = "' . $id . '";'; - + return $this->db->exec($sql); } function setRegistrationStateAdmin($state, $token) { $sql = "UPDATE registrations SET state = " . $state . ' WHERE admin_token = "' . $token . '";'; - + return $this->db->exec($sql); } function setRegistrationState($state, $token) { $sql = "UPDATE registrations SET state = " . $state . " WHERE verify_token = \"" . $token . '" OR admin_token = "' . $token . '";'; - + return $this->db->exec($sql); } @@ -152,7 +152,7 @@ class mxDatabase * @param note Note the user typed in to give a hint * @param email E-Mail-Adress which will be stored into the database. * This will be send to the server on first login - * + * * @return ["verify_token"] */ function addRegistration($first_name, $last_name, $username, $note, $email) { @@ -164,7 +164,7 @@ class mxDatabase require_once("language.php"); throw new Exception($language["USERNAME_REGISTERED"] . " (registered)"); } - + $verify_token = bin2hex(random_bytes(16)); $admin_token = bin2hex(random_bytes(16)); @@ -180,7 +180,7 @@ class mxDatabase /** * Gets the user for the verify_admin page. - * + * * @return ArrayOfUser|NULL Array with "first_name, last_name, username, note and email" * as members */ @@ -205,7 +205,7 @@ class mxDatabase /** * Gets the user when it opens the page to verify its mail - * + * * @return ArrayOfUser|NULL Array with "first_name, last_name, note, email and admin_token" * as members */ @@ -253,11 +253,11 @@ class mxDatabase * @param username the future localpart of that user * @param email E-Mail-Adress which will be stored into the database. * This will be send to the server on first login - * + * * @return password|NULL with member password as this method generates a * password and saves that into the database * NULL when failed - * + * */ function addUser($first_name, $last_name, $username, $email) { // check if user already exists and abort in that case @@ -272,7 +272,7 @@ class mxDatabase $sql = "INSERT INTO logins (first_name, last_name, localpart, password_hash, email) VALUES " . '("' . $first_name.'","' . $last_name . '","' . $username . '","' . $password_hash . '","' . $email . '")'; - + if ($this->db->exec($sql)) { return $password; }