X-Git-Url: https://git-public.kairo.at/?p=authserver.git;a=blobdiff_plain;f=authsystem.inc.php;h=17818efe758d995d3eb47660401461f02ec97a02;hp=2c98f6dd46ccf1d8f53a0ad023801b1b0c3ee841;hb=c4e0aceb5d9e9076effd75de03f4588b65329740;hpb=558e9862bdf09a65cb41c76569cdb3f4021fa356

diff --git a/authsystem.inc.php b/authsystem.inc.php
index 2c98f6d..17818ef 100644
--- a/authsystem.inc.php
+++ b/authsystem.inc.php
@@ -3,6 +3,13 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this file,
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+/*
+  Some resources for how to store passwords:
+  - https://blog.mozilla.org/webdev/2012/06/08/lets-talk-about-password-storage/
+  - https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines
+  oauth-server-php: https://bshaffer.github.io/oauth2-server-php-docs/cookbook
+*/
+
 // error reporting (for testing)
 ini_set('display_errors', 1); error_reporting(E_ALL);
 
@@ -35,6 +42,7 @@ CREATE TABLE `auth_sessions` (
  `logged_in` BOOLEAN NOT NULL DEFAULT FALSE ,
  `time_created` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
  `time_expire` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
+ `saved_redirect` VARCHAR(255) NOT NULL DEFAULT '' ,
  PRIMARY KEY (`id`),
  INDEX (`sesskey`),
  INDEX (`time_expire`)
@@ -45,6 +53,7 @@ CREATE TABLE `auth_users` (
  `pwdhash` VARCHAR(255) NOT NULL ,
  `status` ENUM('unverified','ok') NOT NULL DEFAULT 'unverified' ,
  `verify_hash` VARCHAR(150) NULL DEFAULT NULL ,
+ `group_id` MEDIUMINT UNSIGNED DEFAULT '0' ,
  PRIMARY KEY (`id`),
  UNIQUE (`email`)
 );