forked from leftypol/leftypol
hash poster passwords
This commit is contained in:
fowr
parent
c7bb61f2ff
commit
8b2f002582
6 changed files with 33 additions and 5 deletions
|
|
@ -200,6 +200,9 @@
|
||||||
// Used to salt secure tripcodes ("##trip") and poster IDs (if enabled).
|
// Used to salt secure tripcodes ("##trip") and poster IDs (if enabled).
|
||||||
$config['secure_trip_salt'] = ')(*&^%$#@!98765432190zyxwvutsrqponmlkjihgfedcba';
|
$config['secure_trip_salt'] = ')(*&^%$#@!98765432190zyxwvutsrqponmlkjihgfedcba';
|
||||||
|
|
||||||
|
// Used to salt poster passwords.
|
||||||
|
$config['secure_password_salt'] = 'wKJSb7M5SyzMcFWD2gPO3j2RYUSO9B789!@#$%^&*()';
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* ====================
|
* ====================
|
||||||
* Flood/spam settings
|
* Flood/spam settings
|
||||||
|
|
|
||||||
|
|
@ -3082,3 +3082,8 @@ function strategy_first($fun, $array) {
|
||||||
return array('defer');
|
return array('defer');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function hashPassword($password) {
|
||||||
|
global $config;
|
||||||
|
return hash('sha3-256', $password . $config['secure_password_salt']);
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -881,6 +881,7 @@ if ($step == 0) {
|
||||||
|
|
||||||
$config['cookies']['salt'] = substr(base64_encode(sha1(rand())), 0, 30);
|
$config['cookies']['salt'] = substr(base64_encode(sha1(rand())), 0, 30);
|
||||||
$config['secure_trip_salt'] = substr(base64_encode(sha1(rand())), 0, 30);
|
$config['secure_trip_salt'] = substr(base64_encode(sha1(rand())), 0, 30);
|
||||||
|
$config['secure_password_salt'] = substr(base64_encode(sha1(rand())), 0, 30);
|
||||||
|
|
||||||
echo Element('page.html', array(
|
echo Element('page.html', array(
|
||||||
'body' => Element('installer/config.html', array(
|
'body' => Element('installer/config.html', array(
|
||||||
|
|
|
||||||
9
post.php
9
post.php
|
|
@ -530,10 +530,12 @@ function handle_delete(Context $ctx)
|
||||||
|
|
||||||
$password = &$_POST['password'];
|
$password = &$_POST['password'];
|
||||||
|
|
||||||
if ($password == '') {
|
if (empty($password)) {
|
||||||
error($config['error']['invalidpassword']);
|
error($config['error']['invalidpassword']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$password = hashPassword($_POST['password']);
|
||||||
|
|
||||||
$delete = [];
|
$delete = [];
|
||||||
foreach ($_POST as $post => $value) {
|
foreach ($_POST as $post => $value) {
|
||||||
if (preg_match('/^delete_(\d+)$/', $post, $m)) {
|
if (preg_match('/^delete_(\d+)$/', $post, $m)) {
|
||||||
|
|
@ -1013,7 +1015,7 @@ function handle_post(Context $ctx)
|
||||||
$post['subject'] = $_POST['subject'];
|
$post['subject'] = $_POST['subject'];
|
||||||
$post['email'] = str_replace(' ', '%20', htmlspecialchars($_POST['email']));
|
$post['email'] = str_replace(' ', '%20', htmlspecialchars($_POST['email']));
|
||||||
$post['body'] = $_POST['body'];
|
$post['body'] = $_POST['body'];
|
||||||
$post['password'] = $_POST['password'];
|
$post['password'] = hashPassword($_POST['password']);
|
||||||
$post['has_file'] = (!isset($post['embed']) && (($post['op'] && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || count($_FILES) > 0));
|
$post['has_file'] = (!isset($post['embed']) && (($post['op'] && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || count($_FILES) > 0));
|
||||||
|
|
||||||
if (!$dropped_post) {
|
if (!$dropped_post) {
|
||||||
|
|
@ -1204,9 +1206,6 @@ function handle_post(Context $ctx)
|
||||||
error($config['error']['toolong_body']);
|
error($config['error']['toolong_body']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (mb_strlen($post['password']) > 20) {
|
|
||||||
error(sprintf($config['error']['toolong'], 'password'));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
wordfilters($post['body']);
|
wordfilters($post['body']);
|
||||||
|
|
|
||||||
|
|
@ -88,6 +88,9 @@
|
||||||
<label for="secure_trip_salt">Secure trip (##) salt:</label>
|
<label for="secure_trip_salt">Secure trip (##) salt:</label>
|
||||||
<input type="text" id="secure_trip_salt" name="secure_trip_salt" value="{{ config.secure_trip_salt }}" size="40">
|
<input type="text" id="secure_trip_salt" name="secure_trip_salt" value="{{ config.secure_trip_salt }}" size="40">
|
||||||
|
|
||||||
|
<label for="secure_password_salt">Poster password salt:</label>
|
||||||
|
<input type="text" id="secure_password_salt" name="secure_password_salt" value="{{ config.secure_password_salt }}" size="40">
|
||||||
|
|
||||||
<label for="more">Additional configuration:</label>
|
<label for="more">Additional configuration:</label>
|
||||||
<textarea id="more" name="more">{{ more }}</textarea>
|
<textarea id="more" name="more">{{ more }}</textarea>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
|
|
|
||||||
17
tools/hash-passwords.php
Normal file
17
tools/hash-passwords.php
Normal file
|
|
@ -0,0 +1,17 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
require_once dirname(__FILE__) . '/inc/cli.php';
|
||||||
|
|
||||||
|
$boards = listBoards();
|
||||||
|
foreach ($boards as &$_board) {
|
||||||
|
query(sprintf('ALTER TABLE ``posts_%s`` MODIFY `password` varchar(64) DEFAULT NULL;', $_board['uri'])) or error(db_error());
|
||||||
|
$query = prepare(sprintf("SELECT DISTINCT `password` FROM ``posts_%s``", $_board['uri']));
|
||||||
|
$query->execute() or error(db_error($query));
|
||||||
|
|
||||||
|
while($entry = $query->fetch(PDO::FETCH_ASSOC)) {
|
||||||
|
$update_query = prepare(sprintf("UPDATE ``posts_%s`` SET `password` = :password WHERE `password` = :password_org", $_board['uri']));
|
||||||
|
$update_query->bindValue(':password', hashPassword($entry['password']));
|
||||||
|
$update_query->bindValue(':password_org', $entry['password']);
|
||||||
|
$update_query->execute() or error(db_error());
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue