sbrl-github/Pepperminty-Wiki
sbrl-github
/
Pepperminty-Wiki
mirror of https://github.com/sbrl/Pepperminty-Wiki.git
1
0
Fork 0
Code

Restrict new hidden hash-cost-test action to moderators or better

This commit is contained in:
Starbeamrainbowlabs 2018-09-30 14:50:35 +01:00
parent 57ec8b82b5
commit 197d065266
Signed by: sbrl
GPG Key ID: 1BE5172E637709C2
3 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
build/index.php
View File

@ -407,7 +407,7 @@ if($settings->sessionprefix == "auto")
///////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////
/** The version of Pepperminty Wiki currently running. */ /** The version of Pepperminty Wiki currently running. */
$version = "v0.17-beta1"; $version = "v0.17-beta1";
$commit = "1a11c84e1dd0104e1cc9dc44eaaa737982165f4c"; $commit = "57ec8b82b52fb5bc70c8268649676de1fbb5e625";
/// Environment /// /// Environment ///
/** Holds information about the current request environment. */ /** Holds information about the current request environment. */
$env = new stdClass(); $env = new stdClass();
@ -8017,8 +8017,15 @@ register_module([
}); });
add_action("hash-cost-test", function() { add_action("hash-cost-test", function() {
global $env;
header("content-type: text/plain"); header("content-type: text/plain");
if(!$env->is_logged_in || !$env->is_admin) {
http_response_code(401);
exit("Error: Only moderators are allowed to use this action.");
}
$time_compute = microtime(true); $time_compute = microtime(true);
$cost = hash_password_compute_cost(); $cost = hash_password_compute_cost();
$time_compute = (microtime(true) - $time_compute)*1000; $time_compute = (microtime(true) - $time_compute)*1000;

2
module_index.json
View File

@ -212,7 +212,7 @@
"author": "Starbeamrainbowlabs", "author": "Starbeamrainbowlabs",
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.", "description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
"id": "page-login", "id": "page-login",
"lastupdate": 1538314946, "lastupdate": 1538315378,
"optional": false "optional": false
}, },
{ {

7
modules/page-login.php
View File

@ -151,8 +151,15 @@ register_module([
}); });
add_action("hash-cost-test", function() { add_action("hash-cost-test", function() {
global $env;
header("content-type: text/plain"); header("content-type: text/plain");
if(!$env->is_logged_in || !$env->is_admin) {
http_response_code(401);
exit("Error: Only moderators are allowed to use this action.");
}
$time_compute = microtime(true); $time_compute = microtime(true);
$cost = hash_password_compute_cost(); $cost = hash_password_compute_cost();
$time_compute = (microtime(true) - $time_compute)*1000; $time_compute = (microtime(true) - $time_compute)*1000;