Browse Source

Add use_sha3 option to settings in light of recent developments with sha256

pull/116/head
Starbeamrainbowlabs 5 years ago
parent
commit
293f9e94f0
6 changed files with 1802 additions and 1742 deletions
  1. +1764
    -1734
      build/index.php
  2. +3
    -3
      module_index.json
  3. +3
    -1
      modules/action-hash.php
  4. +26
    -3
      modules/page-login.php
  5. +5
    -0
      settings.fragment.php
  6. +1
    -1
      start-server.sh

+ 1764
- 1734
build/index.php
File diff suppressed because it is too large
View File


+ 3
- 3
module_index.json View File

@ -5,7 +5,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds a utility action (that anyone can use) called hash that hashes a given string. Useful when changing a user's password.",
"id": "action-hash",
"lastupdate": 1432497591,
"lastupdate": 1444478036,
"optional": false
},
{
@ -100,11 +100,11 @@
},
{
"name": "Login",
"version": "0.6",
"version": "0.7",
"author": "Starbeamrainbowlabs",
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
"id": "page-login",
"lastupdate": 1442928221,
"lastupdate": 1444477827,
"optional": false
},
{


+ 3
- 1
modules/action-hash.php View File

@ -7,6 +7,8 @@ register_module([
"id" => "action-hash",
"code" => function() {
add_action("hash", function() {
global $settings;
if(!isset($_GET["string"]))
{
http_response_code(422);
@ -15,7 +17,7 @@ register_module([
}
else
{
exit(page_renderer::render_main("Hashed string", "<p><code>" . $_GET["string"] . "</code> → <code>" . hash("sha256", $_GET["string"]) . "</code></p>"));
exit(page_renderer::render_main("Hashed string", "<p>Algorithm: " . ($settings->use_sha3 ? "sha3" : "sha256") . "</p>\n<p><code>" . $_GET["string"] . "</code> → <code>" . hash_password($_GET["string"]) . "</code></p>"));
}
});
}


+ 26
- 3
modules/page-login.php View File

@ -1,7 +1,7 @@
<?php
register_module([
"name" => "Login",
"version" => "0.6",
"version" => "0.7",
"author" => "Starbeamrainbowlabs",
"description" => "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
"id" => "page-login",
@ -49,12 +49,12 @@ register_module([
//the user wants to log in
$user = $_POST["user"];
$pass = $_POST["pass"];
if($settings->users[$user] == hash("sha256", $pass))
if($settings->users[$user] == hash_password($pass))
{
$env->is_logged_in = true;
$expiretime = time() + 60*60*24*30; //30 days from now
$_SESSION["$settings->sessionprefix-user"] = $user;
$_SESSION["$settings->sessionprefix-pass"] = hash("sha256", $pass);
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
//redirect to wherever the user was going
http_response_code(302);
@ -80,4 +80,27 @@ register_module([
});
}
]);
/*
* @summary Hashes the given password according to the current settings defined
* in $settings.
*
* @param $pass {string} The password to hash.
*
* @returns {string} The hashed password. Uses sha3 if $settings->use_sha3 is
* enabled, or sha256 otherwise.
*/
function hash_password($pass)
{
global $settings;
if($settings->use_sha3)
{
return sha3($pass, 256);
}
else
{
return hash("sha256", $pass);
}
}
?>

+ 5
- 0
settings.fragment.php View File

@ -90,6 +90,11 @@ $settings->users = [
"user" => "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34" //cheese
];
// Whether to use the new sha3 hashing algorithm that was standardised on the
// 8th August 2015. Only works if you have strawbrary's sha3 extension
// installed. Get it here: https://github.com/strawbrary/php-sha3
$settings->use_sha3 = false;
// An array of usernames that are administrators. Administrators can delete and
// move pages.
$settings->admins = [ "admin" ];


+ 1
- 1
start-server.sh View File

@ -1,4 +1,4 @@
#!/usr/bin/env bash
php -S [::]:35623 -t build &
sensible-browser [::]:35623
sensible-browser [::]:35623

Loading…
Cancel
Save