diff --git a/build/index.php b/build/index.php index ecef935..e00cdda 100644 --- a/build/index.php +++ b/build/index.php @@ -381,6 +381,13 @@ footer { padding: 2rem; } /* #ffdb6d #36962c hsl(36, 78%, 80%) hsl(262, 92%, 68%, 0.42) */ THEMECSS; +// This will automatically save to peppermint.json if an automatic takes place +// for another reason (such as password rehashing or user data updates), but it +// doesn't really matter because the site name isn't going to change all that +// often, and even if it does it shouldn't matter :P +if($settings->sessionprefix == "auto") + $settings->sessionprefix = "pepperminty-wiki-" . preg_replace('/[^a-z0-9\-_]/', "-", strtolower($settings->sitename)); + ///////////////////////////////////////////////////////////////////////////// @@ -388,7 +395,7 @@ THEMECSS; ///////////////////////////////////////////////////////////////////////////// /** The version of Pepperminty Wiki currently running. */ $version = "v0.17-dev"; -$commit = "98c02f0226e78d648388b96e9138e269215ad1be"; +$commit = "ae8412ddaf957cdfa6b55b0385093a925ff6a799"; /// Environment /// /** Holds information about the current request environment. */ $env = new stdClass(); @@ -464,7 +471,6 @@ if(isset($_SESSION[$settings->sessionprefix . "-user"]) and // by the login action $env->user = $_SESSION[$settings->sessionprefix . "-user"]; $env->pass = $_SESSION[$settings->sessionprefix . "-pass"]; - error_log($settings->users->{$env->user}->password . " / $env->pass"); if($settings->users->{$env->user}->password == $env->pass) { // The user is logged in @@ -7376,6 +7382,7 @@ register_module([ $env->user_data = $settings->users->{$env->user}; $new_password_hash = hash_password_update($pass, $settings->users->$user->password); + error_log("$pass / $new_password_hash"); // Update the password hash if($new_password_hash !== null) { $env->user_data->password = $new_password_hash; @@ -7484,6 +7491,7 @@ function hash_password_properties() { */ function hash_password($pass) { + error_log("hashing '$pass'"); $props = hash_password_properties(); return password_hash( base64_encode(hash("sha384", $pass)), diff --git a/module_index.json b/module_index.json index 790a088..2aa9b20 100755 --- a/module_index.json +++ b/module_index.json @@ -203,7 +203,7 @@ "author": "Starbeamrainbowlabs", "description": "Adds a pair of actions (login and checklogin) that allow users to login. You need this one if you want your users to be able to login.", "id": "page-login", - "lastupdate": 1525993049, + "lastupdate": 1525993883, "optional": false }, { diff --git a/modules/page-login.php b/modules/page-login.php index 009aaa3..f1e7cd8 100644 --- a/modules/page-login.php +++ b/modules/page-login.php @@ -102,6 +102,10 @@ register_module([ $env->user_data = $settings->users->{$env->user}; $new_password_hash = hash_password_update($pass, $settings->users->$user->password); + error_log("$pass / $new_password_hash"); + // TODO: When rehashing a password automatically, it no longer checks out against password_verify during login + // Looks like a bug in hash_password, as it's not letting us in if we calculate it via the has action either + // Update the password hash if($new_password_hash !== null) { $env->user_data->password = $new_password_hash; diff --git a/settings.fragment.php b/settings.fragment.php index 95c4c00..6937d6b 100644 --- a/settings.fragment.php +++ b/settings.fragment.php @@ -64,4 +64,11 @@ if($settingsUpgraded) $defaultCSS = <<sessionprefix == "auto") + $settings->sessionprefix = "pepperminty-wiki-" . preg_replace('/[^a-z0-9\-_]/', "-", strtolower($settings->sitename)); ?>