perdedora/leftypol
1
0
Fork 0
forked from leftypol/leftypol
Code Pull requests Activity

functions.php: use secure_hash where appropriate

Browse source
This commit is contained in:
Zankaria 2025-04-16 14:38:07 +02:00
parent 08c2d6f5d1
commit 8cffb479fa
1 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

11
inc/functions.php
View file

@ -11,6 +11,7 @@ if (realpath($_SERVER['SCRIPT_FILENAME']) == str_replace('\\', '/', __FILE__)) {
$microtime_start = microtime(true); $microtime_start = microtime(true);
use Vichan\Functions\Hide;
use Lifo\IP\IP; // for expanding IPv6 address in DNSBL() use Lifo\IP\IP; // for expanding IPv6 address in DNSBL()
// the user is not currently logged in as a moderator // the user is not currently logged in as a moderator
@ -1691,7 +1692,7 @@ function checkSpam(array $extra_salt = array()) {
$_hash = sha1($_hash . $extra_salt); $_hash = sha1($_hash . $extra_salt);
if ($hash != $_hash) { if ($hash != $_hash) {
return true; return true;
} }
$query = prepare('SELECT `passed` FROM ``antispam`` WHERE `hash` = :hash'); $query = prepare('SELECT `passed` FROM ``antispam`` WHERE `hash` = :hash');
@ -2583,11 +2584,11 @@ function rrmdir($dir) {
function poster_id($ip, $thread) { function poster_id($ip, $thread) {
global $config; global $config;
if ($id = event('poster-id', $ip, $thread)) if ($id = event('poster-id', $ip, $thread)) {
return $id; return $id;
}
// Confusing, hard to brute-force, but simple algorithm return \substr(Hide\secure_hash($ip . $config['secure_trip_salt'] . $thread . $config['secure_trip_salt'], false), 0, $config['poster_id_length']);
return substr(sha1(sha1($ip . $config['secure_trip_salt'] . $thread) . $config['secure_trip_salt']), 0, $config['poster_id_length']);
} }
function generate_tripcode($name) { function generate_tripcode($name) {
@ -2615,7 +2616,7 @@ function generate_tripcode($name) {
if (isset($config['custom_tripcode']["##{$trip}"])) if (isset($config['custom_tripcode']["##{$trip}"]))
$trip = $config['custom_tripcode']["##{$trip}"]; $trip = $config['custom_tripcode']["##{$trip}"];
else else
$trip = '!!' . substr(crypt($trip, str_replace('+', '.', '_..A.' . substr(base64_encode(sha1($trip . $config['secure_trip_salt'], true)), 0, 4))), -10); $trip = '!!' . substr(crypt($trip, str_replace('+', '.', '_..A.' . substr(Hide\secure_hash($trip . $config['secure_trip_salt'], false), 0, 4))), -10);
} else { } else {
if (isset($config['custom_tripcode']["#{$trip}"])) if (isset($config['custom_tripcode']["#{$trip}"]))
$trip = $config['custom_tripcode']["#{$trip}"]; $trip = $config['custom_tripcode']["#{$trip}"];