diff --git a/~dev_rating/application/views/base.twig b/~dev_rating/application/views/base.twig
index e4d51f6886fcc2506cd105514228282b2bccb4ac..06a6d19c1d197d399f60a9e0bfc83c71b89643d0 100644
--- a/~dev_rating/application/views/base.twig
+++ b/~dev_rating/application/views/base.twig
@@ -26,6 +26,7 @@
{{ HTML.script('media/js/profile.js')|raw }}
{{ HTML.script('media/js/messages.js')|raw }}
{{ HTML.script('media/js/jquery-plugins/jquery.placeholder.js')|raw }}
+ {{ HTML.script('media/js/jquery.sha1.js')|raw }}
<script>
$(function() {
$('input, textarea').placeholder();
diff --git a/~dev_rating/media/js/jquery.sha1.js b/~dev_rating/media/js/jquery.sha1.js
new file mode 100644
index 0000000000000000000000000000000000000000..b61400f10ffce774b86ee8fbf6453129e0d4354d
--- /dev/null
+++ b/~dev_rating/media/js/jquery.sha1.js
@@ -0,0 +1,169 @@
+/**
+ * jQuery SHA1 hash algorithm function
+ *
+ * <code>
+ * Calculate the sha1 hash of a String
+ * String $.sha1 ( String str )
+ * </code>
+ *
+ * Calculates the sha1 hash of str using the US Secure Hash Algorithm 1.
+ * SHA-1 the Secure Hash Algorithm (SHA) was developed by NIST and is specified in the Secure Hash Standard (SHS, FIPS 180).
+ * This script is used to process variable length message into a fixed-length output using the SHA-1 algorithm. It is fully compatible with UTF-8 encoding.
+ * If you plan using UTF-8 encoding in your project don't forget to set the page encoding to UTF-8 (Content-Type meta tag).
+ * This function orginally get from the WebToolkit and rewrite for using as the jQuery plugin.
+ *
+ * Example
+ * Code
+ * <code>
+ * $.sha1("I'm Persian.");
+ * </code>
+ * Result
+ * <code>
+ * "1d302f9dc925d62fc859055999d2052e274513ed"
+ * </code>
+ *
+ * @alias Muhammad Hussein Fattahizadeh < muhammad [AT] semnanweb [DOT] com >
+ * @link http://www.semnanweb.com/jquery-plugin/sha1.html
+ * @see http://www.webtoolkit.info/
+ * @license http://www.gnu.org/licenses/gpl.html [GNU General Public License]
+ * @param {jQuery} {sha1:function(string))
+ * @return string
+ */
+
+(function($){
+
+ var rotateLeft = function(lValue, iShiftBits) {
+ return (lValue << iShiftBits) | (lValue >>> (32 - iShiftBits));
+ }
+
+ var lsbHex = function(value) {
+ var string = "";
+ var i;
+ var vh;
+ var vl;
+ for(i = 0;i <= 6;i += 2) {
+ vh = (value>>>(i * 4 + 4))&0x0f;
+ vl = (value>>>(i*4))&0x0f;
+ string += vh.toString(16) + vl.toString(16);
+ }
+ return string;
+ };
+
+ var cvtHex = function(value) {
+ var string = "";
+ var i;
+ var v;
+ for(i = 7;i >= 0;i--) {
+ v = (value>>>(i * 4))&0x0f;
+ string += v.toString(16);
+ }
+ return string;
+ };
+
+ var uTF8Encode = function(string) {
+ string = string.replace(/\x0d\x0a/g, "\x0a");
+ var output = "";
+ for (var n = 0; n < string.length; n++) {
+ var c = string.charCodeAt(n);
+ if (c < 128) {
+ output += String.fromCharCode(c);
+ } else if ((c > 127) && (c < 2048)) {
+ output += String.fromCharCode((c >> 6) | 192);
+ output += String.fromCharCode((c & 63) | 128);
+ } else {
+ output += String.fromCharCode((c >> 12) | 224);
+ output += String.fromCharCode(((c >> 6) & 63) | 128);
+ output += String.fromCharCode((c & 63) | 128);
+ }
+ }
+ return output;
+ };
+
+ $.extend({
+ sha1: function(string) {
+ var blockstart;
+ var i, j;
+ var W = new Array(80);
+ var H0 = 0x67452301;
+ var H1 = 0xEFCDAB89;
+ var H2 = 0x98BADCFE;
+ var H3 = 0x10325476;
+ var H4 = 0xC3D2E1F0;
+ var A, B, C, D, E;
+ var tempValue;
+ string = uTF8Encode(string);
+ var stringLength = string.length;
+ var wordArray = new Array();
+ for(i = 0;i < stringLength - 3;i += 4) {
+ j = string.charCodeAt(i)<<24 | string.charCodeAt(i + 1)<<16 | string.charCodeAt(i + 2)<<8 | string.charCodeAt(i + 3);
+ wordArray.push(j);
+ }
+ switch(stringLength % 4) {
+ case 0:
+ i = 0x080000000;
+ break;
+ case 1:
+ i = string.charCodeAt(stringLength - 1)<<24 | 0x0800000;
+ break;
+ case 2:
+ i = string.charCodeAt(stringLength - 2)<<24 | string.charCodeAt(stringLength - 1)<<16 | 0x08000;
+ break;
+ case 3:
+ i = string.charCodeAt(stringLength - 3)<<24 | string.charCodeAt(stringLength - 2)<<16 | string.charCodeAt(stringLength - 1)<<8 | 0x80;
+ break;
+ }
+ wordArray.push(i);
+ while((wordArray.length % 16) != 14 ) wordArray.push(0);
+ wordArray.push(stringLength>>>29);
+ wordArray.push((stringLength<<3)&0x0ffffffff);
+ for(blockstart = 0;blockstart < wordArray.length;blockstart += 16) {
+ for(i = 0;i < 16;i++) W[i] = wordArray[blockstart+i];
+ for(i = 16;i <= 79;i++) W[i] = rotateLeft(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1);
+ A = H0;
+ B = H1;
+ C = H2;
+ D = H3;
+ E = H4;
+ for(i = 0;i <= 19;i++) {
+ tempValue = (rotateLeft(A, 5) + ((B&C) | (~B&D)) + E + W[i] + 0x5A827999) & 0x0ffffffff;
+ E = D;
+ D = C;
+ C = rotateLeft(B, 30);
+ B = A;
+ A = tempValue;
+ }
+ for(i = 20;i <= 39;i++) {
+ tempValue = (rotateLeft(A, 5) + (B ^ C ^ D) + E + W[i] + 0x6ED9EBA1) & 0x0ffffffff;
+ E = D;
+ D = C;
+ C = rotateLeft(B, 30);
+ B = A;
+ A = tempValue;
+ }
+ for(i = 40;i <= 59;i++) {
+ tempValue = (rotateLeft(A, 5) + ((B&C) | (B&D) | (C&D)) + E + W[i] + 0x8F1BBCDC) & 0x0ffffffff;
+ E = D;
+ D = C;
+ C = rotateLeft(B, 30);
+ B = A;
+ A = tempValue;
+ }
+ for(i = 60;i <= 79;i++) {
+ tempValue = (rotateLeft(A, 5) + (B ^ C ^ D) + E + W[i] + 0xCA62C1D6) & 0x0ffffffff;
+ E = D;
+ D = C;
+ C = rotateLeft(B, 30);
+ B = A;
+ A = tempValue;
+ }
+ H0 = (H0 + A) & 0x0ffffffff;
+ H1 = (H1 + B) & 0x0ffffffff;
+ H2 = (H2 + C) & 0x0ffffffff;
+ H3 = (H3 + D) & 0x0ffffffff;
+ H4 = (H4 + E) & 0x0ffffffff;
+ }
+ tempValue = cvtHex(H0) + cvtHex(H1) + cvtHex(H2) + cvtHex(H3) + cvtHex(H4);
+ return tempValue.toLowerCase();
+ }
+ });
+})(jQuery);
\ No newline at end of file
diff --git a/~dev_rating/media/js/rating.js b/~dev_rating/media/js/rating.js
index 9bf8372df2d11979fb10baa6d1405a4ef19dba3b..53a4a00664a396239750d0eb29218325f2814391 100644
--- a/~dev_rating/media/js/rating.js
+++ b/~dev_rating/media/js/rating.js
@@ -115,34 +115,41 @@ $(function() {
if (rateResult > 100) {
jThis.children("input").val(oldRate);
EventInspector_ShowMsg("Сумма баллов не может привышать 100", "error");
+ jThis.children("input").removeAttr("disabled");
}
else
{
if (newRate <= g_submoduleMaxRate)
{
- $.post(
- URLdir + "handler/rating/setRate",
- {
- "student": g_studentID,
- "submodule": g_submoduleID,
- "rate": newRate
- },
- function(data){
- data = $.parseJSON(data);
- if(data.success === true) {
- jThis.siblings(".RateResult").text(rateResult);
- EventInspector_ShowMsg("Балл добавлен/изменен", "success");
- }
- else EventInspector_ShowMsg("Не удалось добавить/изменить балл", "error");
- jThis.children("input").removeAttr("disabled");
+ $.ajax({
+ type: "POST",
+ url: URLdir + "handler/rating/setRate",
+ data: "student="+g_studentID+"&submodule="+g_submoduleID+"&rate="+newRate,
+ statusCode: {
+ 403: function() {
+ EventInspector_ShowMsg("Сессия истекла", "error");
+ jThis.children("input").val(oldRate);
+ jThis.children("input").removeAttr("disabled");
+ window.location.replace(URLdir);
+ },
+ 200: function(data) {
+ data = $.parseJSON(data);
+ if(data.success === true) {
+ jThis.siblings(".RateResult").text(rateResult);
+ EventInspector_ShowMsg("Балл добавлен/изменен", "success");
+ }
+ else EventInspector_ShowMsg("Не удалось добавить/изменить балл", "error");
+ jThis.children("input").removeAttr("disabled");
+ }
}
- );
+ });
}
else {
if (oldRate <= g_submoduleMaxRate)
jThis.children("input").val(oldRate);
else
jThis.children("input").val("0");
+
EventInspector_ShowMsg("Текущий балл превышает максимальный для данного модуля", "error");
jThis.children("input").removeAttr("disabled");
}
diff --git a/~dev_rating/media/js/settings.js b/~dev_rating/media/js/settings.js
index 4fc293497c66fb2feb2dc11c6cf450d915a7f90f..ce8831ea516c750d329b392cb7089f90a0f5515e 100644
--- a/~dev_rating/media/js/settings.js
+++ b/~dev_rating/media/js/settings.js
@@ -86,9 +86,9 @@ $(function() {
if (checkInput['confirmPass'] == true)
$.post(URLdir + 'handler/settings/changePassword',
{
- 'old_password': $('.inputCurrentPass').val(),
- 'password': $('.inputNewPass').val(),
- 'confirm_password': $('.inputРЎonfirmPass').val()
+ 'old_password': $.sha1($('.inputCurrentPass').val()),
+ 'password': $.sha1($('.inputNewPass').val()),
+ 'confirm_password': $.sha1($('.inputРЎonfirmPass').val())
},
function(data){
data = $.parseJSON(data);
diff --git a/~dev_rating/media/js/sign.js b/~dev_rating/media/js/sign.js
index bdfbc2b50e5c505ee96b418c5529772889b5a4ea..14b699137d91da2571e72419b6a8aa011a51181e 100644
--- a/~dev_rating/media/js/sign.js
+++ b/~dev_rating/media/js/sign.js
@@ -2,8 +2,7 @@ $(function()
{
$('#signin_b').click(function()
{
-
- $.post(URLdir + 'handler/sign/in', {'login': $('#login').val(), 'password': $('#password').val()},
+ $.post(URLdir + 'handler/sign/in', {'login': $('#login').val(), 'password': $.sha1($('#password').val())},
function(data)
{
data = $.parseJSON(data);
@@ -44,8 +43,8 @@ $(function()
{
$.post(URLdir + 'handler/sign/changePassword', {
- 'password': $('#password').val(),
- 'confirm_password': $('#confirm_password').val(),
+ 'password': $.sha1($('#password').val()),
+ 'confirm_password': $.sha1($('#confirm_password').val()),
'token': $('#token').val()
},
function(data)
@@ -80,8 +79,8 @@ $(function()
$.post(URLdir + 'handler/sign/up',
{'activation_code': $('#activation_code').val(),
'login': $('#login').val(),
- 'password': $('#password').val(),
- 'confirm_password': $('#confirm_password').val(),
+ 'password': $.sha1($('#password').val()),
+ 'confirm_password': $.sha1($('#confirm_password').val()),
'email': $('#email').val(),
'confirm_email': $('#confirm_email').val()},
function(data)
diff --git a/~dev_rating/modules/account/classes/Kohana/Account.php b/~dev_rating/modules/account/classes/Kohana/Account.php
index 2100a3726117f5bed267b0ff4f4c64730ebebf51..845111b456fb7685abb1a92fbb3a23489838b3da 100644
--- a/~dev_rating/modules/account/classes/Kohana/Account.php
+++ b/~dev_rating/modules/account/classes/Kohana/Account.php
@@ -91,7 +91,7 @@ class Kohana_Account {
private function checkTokenLifetime($creationDate)
{
$config = Kohana::$config->load('security.securityPolicy');
- return time() - $creationDate > $config['recoveryToken']['lifetime'];
+ return (time() - $creationDate) > $config['recoveryToken']['lifetime'];
}
@@ -180,7 +180,7 @@ class Kohana_Account {
public function changePassword($id, $newPassword)
{
- $response = $this->_model->changePassword($id, sha1($newPassword));
+ $response = $this->_model->changePassword($id, $newPassword);
return $response != -1;
}
diff --git a/~dev_rating/modules/account/classes/Kohana/User.php b/~dev_rating/modules/account/classes/Kohana/User.php
index d3ffb106315483fcf8cec7155a9a75b3ce89dc8f..135562dc6120eb9e7a4e4857aa687aebdb6c1ff7 100644
--- a/~dev_rating/modules/account/classes/Kohana/User.php
+++ b/~dev_rating/modules/account/classes/Kohana/User.php
@@ -8,7 +8,7 @@ class Kohana_User implements ArrayAccess {
protected $_model;
protected $_userInfo;
- const SESSION_LIFETIME = 900; //seconds
+ const SESSION_LIFETIME = 1800; //seconds
/**
* Вовзращает экземпляр класса (singleton-паттерн)
@@ -75,7 +75,7 @@ class Kohana_User implements ArrayAccess {
$isMail = Account::instance()->isMailExists($email);
if(!$isLogin && !$isMail)
{
- $id = $this->_model->activateAccount($login, sha1($password), $email, $code);
+ $id = $this->_model->activateAccount($login, $password, $email, $code);
$this->completeSignIn($id, $this->hash($password));
return array(true, 'ok');
}
@@ -101,7 +101,7 @@ class Kohana_User implements ArrayAccess {
* @return bool
*/
public function signIn($login, $password) {
- $id = $this->_model->checkAuth($login, sha1($password));
+ $id = $this->_model->checkAuth($login, $password);
if($id == -1)
return false;
else
@@ -187,7 +187,7 @@ class Kohana_User implements ArrayAccess {
{
if(!$this->checkPassword($old))
return FALSE;
- $this->_model->changePassword($this->offsetGet('ID'), sha1($new));
+ $this->_model->changePassword($this->offsetGet('ID'), $new);
$passhash = $this->hash($this->hash($new).$this->_config['hash_key']);
Cookie::set('userhash', $passhash);
$this->_session->set('PasswordHash', $passhash);