mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-22 04:23:01 +00:00
Add use_sha3 option to settings in light of recent developments with sha256
This commit is contained in:
parent
839de3f063
commit
293f9e94f0
6 changed files with 1790 additions and 1730 deletions
|
|
@ -89,10 +89,15 @@ $settings->subpages_display_depth = 3;
|
|||
// sha256. Put one user / password on each line, remembering the comma at the
|
||||
// end. The last user in the list doesn't need a comma after their details though.
|
||||
$settings->users = [
|
||||
"admin" => "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8", //password
|
||||
"user" => "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34" //cheese
|
||||
"admin" => "c0067d4af4e87f00dbac63b6156828237059172d1bbeac67427345d6a9fda484", //password
|
||||
"user" => "dc0d2411a751cb3c5d80a1abc51b2f44b6f10e7c4742296998444a19a2b43197" //cheese
|
||||
];
|
||||
|
||||
// Whether to use the new sha3 hashing algorithm that was standardised on the
|
||||
// 8th August 2015. Only works if you have strawbrary's sha3 extension
|
||||
// installed. Get it here: https://github.com/strawbrary/php-sha3
|
||||
$settings->use_sha3 = true;
|
||||
|
||||
// An array of usernames that are administrators. Administrators can delete and
|
||||
// move pages.
|
||||
$settings->admins = [ "admin" ];
|
||||
|
|
@ -911,6 +916,8 @@ register_module([
|
|||
"id" => "action-hash",
|
||||
"code" => function() {
|
||||
add_action("hash", function() {
|
||||
global $settings;
|
||||
|
||||
if(!isset($_GET["string"]))
|
||||
{
|
||||
http_response_code(422);
|
||||
|
|
@ -919,7 +926,7 @@ register_module([
|
|||
}
|
||||
else
|
||||
{
|
||||
exit(page_renderer::render_main("Hashed string", "<p><code>" . $_GET["string"] . "</code> → <code>" . hash("sha256", $_GET["string"] . "</code></p>")));
|
||||
exit(page_renderer::render_main("Hashed string", "<p>Algorithm: " . ($settings->use_sha3 ? "sha3" : "sha256") . "</p>\n<p><code>" . $_GET["string"] . "</code> → <code>" . hash_password($_GET["string"]) . "</code></p>"));
|
||||
}
|
||||
});
|
||||
}
|
||||
|
|
@ -1610,7 +1617,7 @@ register_module([
|
|||
|
||||
register_module([
|
||||
"name" => "Login",
|
||||
"version" => "0.6",
|
||||
"version" => "0.7",
|
||||
"author" => "Starbeamrainbowlabs",
|
||||
"description" => "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
|
||||
"id" => "page-login",
|
||||
|
|
@ -1658,12 +1665,12 @@ register_module([
|
|||
//the user wants to log in
|
||||
$user = $_POST["user"];
|
||||
$pass = $_POST["pass"];
|
||||
if($settings->users[$user] == hash("sha256", $pass))
|
||||
if($settings->users[$user] == hash_password($pass))
|
||||
{
|
||||
$env->is_logged_in = true;
|
||||
$expiretime = time() + 60*60*24*30; //30 days from now
|
||||
$_SESSION["$settings->sessionprefix-user"] = $user;
|
||||
$_SESSION["$settings->sessionprefix-pass"] = hash("sha256", $pass);
|
||||
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
|
||||
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
|
||||
//redirect to wherever the user was going
|
||||
http_response_code(302);
|
||||
|
|
@ -1690,6 +1697,29 @@ register_module([
|
|||
}
|
||||
]);
|
||||
|
||||
/*
|
||||
* @summary Hashes the given password according to the current settings defined
|
||||
* in $settings.
|
||||
*
|
||||
* @param $pass {string} The password to hash.
|
||||
*
|
||||
* @returns {string} The hashed password. Uses sha3 if $settings->use_sha3 is
|
||||
* enabled, or sha256 otherwise.
|
||||
*/
|
||||
function hash_password($pass)
|
||||
{
|
||||
global $settings;
|
||||
if($settings->use_sha3)
|
||||
{
|
||||
return sha3($pass, 256);
|
||||
}
|
||||
else
|
||||
{
|
||||
return hash("sha256", $pass);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
register_module([
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a utility action (that anyone can use) called hash that hashes a given string. Useful when changing a user's password.",
|
||||
"id": "action-hash",
|
||||
"lastupdate": 1432497591,
|
||||
"lastupdate": 1444478036,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
|
@ -100,11 +100,11 @@
|
|||
},
|
||||
{
|
||||
"name": "Login",
|
||||
"version": "0.6",
|
||||
"version": "0.7",
|
||||
"author": "Starbeamrainbowlabs",
|
||||
"description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
|
||||
"id": "page-login",
|
||||
"lastupdate": 1442928221,
|
||||
"lastupdate": 1444477827,
|
||||
"optional": false
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -7,6 +7,8 @@ register_module([
|
|||
"id" => "action-hash",
|
||||
"code" => function() {
|
||||
add_action("hash", function() {
|
||||
global $settings;
|
||||
|
||||
if(!isset($_GET["string"]))
|
||||
{
|
||||
http_response_code(422);
|
||||
|
|
@ -15,7 +17,7 @@ register_module([
|
|||
}
|
||||
else
|
||||
{
|
||||
exit(page_renderer::render_main("Hashed string", "<p><code>" . $_GET["string"] . "</code> → <code>" . hash("sha256", $_GET["string"]) . "</code></p>"));
|
||||
exit(page_renderer::render_main("Hashed string", "<p>Algorithm: " . ($settings->use_sha3 ? "sha3" : "sha256") . "</p>\n<p><code>" . $_GET["string"] . "</code> → <code>" . hash_password($_GET["string"]) . "</code></p>"));
|
||||
}
|
||||
});
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
register_module([
|
||||
"name" => "Login",
|
||||
"version" => "0.6",
|
||||
"version" => "0.7",
|
||||
"author" => "Starbeamrainbowlabs",
|
||||
"description" => "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.",
|
||||
"id" => "page-login",
|
||||
|
|
@ -49,12 +49,12 @@ register_module([
|
|||
//the user wants to log in
|
||||
$user = $_POST["user"];
|
||||
$pass = $_POST["pass"];
|
||||
if($settings->users[$user] == hash("sha256", $pass))
|
||||
if($settings->users[$user] == hash_password($pass))
|
||||
{
|
||||
$env->is_logged_in = true;
|
||||
$expiretime = time() + 60*60*24*30; //30 days from now
|
||||
$_SESSION["$settings->sessionprefix-user"] = $user;
|
||||
$_SESSION["$settings->sessionprefix-pass"] = hash("sha256", $pass);
|
||||
$_SESSION["$settings->sessionprefix-pass"] = hash_password($pass);
|
||||
$_SESSION["$settings->sessionprefix-expiretime"] = $expiretime;
|
||||
//redirect to wherever the user was going
|
||||
http_response_code(302);
|
||||
|
|
@ -80,4 +80,27 @@ register_module([
|
|||
});
|
||||
}
|
||||
]);
|
||||
|
||||
/*
|
||||
* @summary Hashes the given password according to the current settings defined
|
||||
* in $settings.
|
||||
*
|
||||
* @param $pass {string} The password to hash.
|
||||
*
|
||||
* @returns {string} The hashed password. Uses sha3 if $settings->use_sha3 is
|
||||
* enabled, or sha256 otherwise.
|
||||
*/
|
||||
function hash_password($pass)
|
||||
{
|
||||
global $settings;
|
||||
if($settings->use_sha3)
|
||||
{
|
||||
return sha3($pass, 256);
|
||||
}
|
||||
else
|
||||
{
|
||||
return hash("sha256", $pass);
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -90,6 +90,11 @@ $settings->users = [
|
|||
"user" => "873ac9ffea4dd04fa719e8920cd6938f0c23cd678af330939cff53c3d2855f34" //cheese
|
||||
];
|
||||
|
||||
// Whether to use the new sha3 hashing algorithm that was standardised on the
|
||||
// 8th August 2015. Only works if you have strawbrary's sha3 extension
|
||||
// installed. Get it here: https://github.com/strawbrary/php-sha3
|
||||
$settings->use_sha3 = false;
|
||||
|
||||
// An array of usernames that are administrators. Administrators can delete and
|
||||
// move pages.
|
||||
$settings->admins = [ "admin" ];
|
||||
|
|
|
|||
Loading…
Reference in a new issue