mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-12-22 13:45:02 +00:00
Add use_sha3 option to settings in light of recent developments with sha256
This commit is contained in:
parent
839de3f063
commit
293f9e94f0
6 changed files with 1790 additions and 1730 deletions
3474
build/index.php
3474
build/index.php
File diff suppressed because it is too large
Load diff
|
@ -5,7 +5,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a utility action (that anyone can use) called hash that hashes a given string. Useful when changing a user's password.",
|
||||
"id": "action-hash",
|
||||
"lastupdate": 1432497591,
|
||||
"lastupdate": 1444478036,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
@ -100,11 +100,11 @@
|
|||
},
|
||||
{
|
||||
"name": "Login",
|
||||
"version": "0.6",
|
||||
"version": "0.7",
|
||||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
|
||||
"id": "page-login",
|
||||
"lastupdate": 1442928221,
|
||||
"lastupdate": 1444477827,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
|
|
@ -7,6 +7,8 @@ register_module([
|
|||
"id" => "action-hash",
|
||||
"code" => function() {
|
||||
add_action("hash", function() {
|
||||
global $settings;
|
||||
|
||||
if(!isset($_GET["string"]))
|
||||
{
|
||||
http_response_code(422);
|
||||
|
@ -15,7 +17,7 @@ register_module([
|
|||
}
|
||||
else
|
||||
{
|
||||
exit(page_renderer::render_main("Hashed string", "<p><code>" . $_GET["string"] . "</code> → <code>" . hash("sha256", $_GET["string"]) . "</code></p>"));
|
||||
exit(page_renderer::render_main("Hashed string", "<p>Algorithm: " . ($settings->use_sha3 ? "sha3" : "sha256") . "</p>\n<p><code>" . $_GET["string"] . "</code> → <code>" . hash_password($_GET["string"]) . "</code></p>"));
|
||||
}
|
||||
});
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
register_module([
|
||||
"name" => "Login",
|
||||
"version" => "0.6",
|
||||
"version" => "0.7",
|
||||
"author" => "Starbeamrainbowlabs",
|
||||
"description" => "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
|
||||
"id" => "page-login",
|
||||
|
@ -49,12 +49,12 @@ register_module([
|
|||
//the user wants to log in
|
||||
$user = $_POST["user"];
|
||||
$pass = $_POST["pass"];
|
||||
if($settings->users[$user] == hash("sha256", $pass))
|
||||
if($settings->users[$user] == hash_password($pass))
|
||||
{
|
||||
$env->is_logged_in = true;
|
||||
$expiretime = time() + 60*60*24*30; //30 days from now
|
||||
$_SESSION["$settings->sessionprefix-user"] = $user;
|
||||
$_SESSION["$settings->sessionprefix-pass"] = hash("sha256", $pass);
|
||||
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
|
||||
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
|
||||
//redirect to wherever the user was going
|
||||
http_response_code(302);
|
||||
|
@ -80,4 +80,27 @@ register_module([
|
|||
});
|
||||
}
|
||||
]);
|
||||
|
||||
/*
|
||||
* @summary Hashes the given password according to the current settings defined
|
||||
* in $settings.
|
||||
*
|
||||
* @param $pass {string} The password to hash.
|
||||
*
|
||||
* @returns {string} The hashed password. Uses sha3 if $settings->use_sha3 is
|
||||
* enabled, or sha256 otherwise.
|
||||
*/
|
||||
function hash_password($pass)
|
||||
{
|
||||
global $settings;
|
||||
if($settings->use_sha3)
|
||||
{
|
||||
return sha3($pass, 256);
|
||||
}
|
||||
else
|
||||
{
|
||||
return hash("sha256", $pass);
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
@ -90,6 +90,11 @@ $settings->users = [
|
|||
"user" => "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34" //cheese
|
||||
];
|
||||
|
||||
// Whether to use the new sha3 hashing algorithm that was standardised on the
|
||||
// 8th August 2015. Only works if you have strawbrary's sha3 extension
|
||||
// installed. Get it here: https://github.com/strawbrary/php-sha3
|
||||
$settings->use_sha3 = false;
|
||||
|
||||
// An array of usernames that are administrators. Administrators can delete and
|
||||
// move pages.
|
||||
$settings->admins = [ "admin" ];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/env bash
|
||||
php -S [::]:35623 -t build &
|
||||
|
||||
sensible-browser [::]:35623
|
||||
sensible-browser [::]:35623
|
||||
|
|
Loading…
Reference in a new issue