/admin/account-do.php |
---|
19,7 → 19,8 |
} |
if (!empty($password)) { |
$page->query("UPDATE Users SET Password = ? WHERE ID = ?", array(sha1($password), $userID)); |
$salt = $user->name + "sheeps"; |
$page->query("UPDATE Users SET Password = ?, Salt = ? WHERE ID = ?", array($page->saltAndBurn($password, $salt), $salt, $userID)); |
} |
if (!empty($email)) { |
/admin/all-accounts.php |
---|
17,7 → 17,7 |
write('<td class="bold">ID</td>'); |
write('<td class="bold">AccessID</td>'); |
write('<td class="bold">Username</td>'); |
write('<td class="bold">SHA1 Password</td>'); |
write('<td class="bold">Salt and Burned Password</td>'); |
write('<td class="bold">Name</td>'); |
write('<td class="bold">Email Address</td>'); |
write('<td class="bold">Challenge ID</td>'); |
/_taios.php |
---|
142,7 → 142,7 |
write('</p><br />'); |
} |
$ids = $this->findIDs('BlogPosts', 'WHERE ParentID="' . $id . '"'); |
$ids = $this->findIDs('BlogPosts', 'WHERE ParentID=?', array($id)); |
for ($i = 0; $i < count($ids); $i++) |
{ |
write('<div class="indent">'); |
186,6 → 186,7 |
'/\[b\](.+?)\[\/b\]/is', |
'/\[i\](.+?)\[\/i\]/is', |
'/\[u\](.+?)\[\/u\]/is', |
'/\[s\](.+?)\[\/s\]/is', |
'/\[url\](.+?)\[\/url\]/is', |
'/\[w\](.+?)\[\/w\]/is', |
'/\[url=(?:")?(.+?)(?:")?\](.+?)\[\/url\]/is', |
203,6 → 204,7 |
'<b>$1</b>', |
'<i>$1</i>', |
'<u>$1</u>', |
'<del>$1</del>', |
'<a href="$1">$1</a>', |
'<a href="/wiki/index.php?page=$1">$1</a>', |
'<a href="$1">$2</a>', |
354,6 → 356,7 |
$user->accessID = $row['AccessID']; |
$user->username = $row['Username']; |
$user->password = $row['Password']; |
$user->salt = $row['Salt']; |
$user->emailAddress = $row['EmailAddress']; |
$user->name = $row['Name']; |
$user->challengeID = $row['ChallengeID']; |
468,6 → 471,10 |
$this->query("DELETE FROM BlogPosts WHERE ID = ?", array($id)); |
} |
function saltAndBurn($pass, $salt) { |
return sha1($salt . $pass); |
} |
function getGetID() { |
$id = $_GET['id']; |
if (empty($id)) { |
494,6 → 501,7 |
public $accessID; |
public $username; |
public $password; |
public $salt; |
public $emailAddress; |
public $name; |
/login-do.php |
---|
23,7 → 23,7 |
} |
$user = $page->getUserByUsername($username); |
if (!$user || $user->password != sha1($password)) |
if (!$user || $user->password !== $page->saltAndBurn($password, $user->salt)) |
{ |
$page->redirect('login.php?error=Incorrect Username or Password&oldurl=' . urlencode($redirurl)); |
} |
/install.sql |
---|
11,6 → 11,7 |
Password TEXT, |
EmailAddress TEXT, |
Name TEXT, |
Salt TEXT, |
ChallengeID INT, |
PRIMARY KEY(ID) |
); |
/register-do.php |
---|
42,9 → 42,11 |
$page->redirect('register.php?error=Incorrect reCAPTCHA response'); |
} |
$args = array(2, $username, sha1($password), $email, $name, 0); |
$page->query("INSERT INTO Users (AccessID, Username, Password, EmailAddress, Name, ChallengeID) VALUES (?, ?, ?, ?, ?, ?)", $args); |
$salt = $username + "horses"; |
$args = array(2, $username, $page->saltAndBurn($password, $salt), $salt, $email, $name, 0); |
$page->query("INSERT INTO Users (AccessID, Username, Password, Salt, EmailAddress, Name, ChallengeID) VALUES (?, ?, ?, ?, ?, ?, ?)", $args); |
$page->redirect('login.php'); |
?> |
/wiki/index.php |
---|
8,7 → 8,21 |
} |
require '../_taios.php'; |
if (get_magic_quotes_gpc()) { |
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); |
while (list($key, $val) = each($process)) { |
foreach ($val as $k => $v) { |
unset($process[$key][$k]); |
if (is_array($v)) { |
$process[$key][stripslashes($k)] = $v; |
$process[] = &$process[$key][stripslashes($k)]; |
} else { |
$process[$key][stripslashes($k)] = stripslashes($v); |
} |
} |
} |
unset($process); |
} |
$pageName = $_GET['page']; |
if (empty($pageName)) |
{ |
15,7 → 29,7 |
$pageName = 'Index'; |
} |
$page = new Taios_Page('Wiki - ' . $pageName, '../'); |
$page = new Taios_Page('Wiki · ' . $pageName, '../'); |
if (isset($_GET['random'])) |
{ |
/wiki/edit.php |
---|
1,7 → 1,21 |
<?php |
require '../_taios.php'; |
if (get_magic_quotes_gpc()) { |
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); |
while (list($key, $val) = each($process)) { |
foreach ($val as $k => $v) { |
unset($process[$key][$k]); |
if (is_array($v)) { |
$process[$key][stripslashes($k)] = $v; |
$process[] = &$process[$key][stripslashes($k)]; |
} else { |
$process[$key][stripslashes($k)] = stripslashes($v); |
} |
} |
} |
unset($process); |
} |
$pageName = $_GET['page']; |
if (empty($pageName)) |
{ |
/blog/post.php |
---|
9,6 → 9,8 |
$page->redirect('index.php'); |
} |
$page->title = 'Blog Post · ' . $page->getBlogPost($page->getGetID())->title; |
$page->drawHeader(); |
$page->drawBlogCategoriesMenu(); |
$page->drawMiddle(); |
/_config.dummy.php |
---|
0,0 → 1,9 |
<?php |
define('MYSQL_HOST', 'localhost'); |
define('MYSQL_USER', 'taios'); |
define('MYSQL_PASSWORD', 'dummy'); |
define('RECAPTCHA_PUBLICKEY', 'dummy'); |
define('RECAPTCHA_PRIVATEKEY', 'dummy'); |
?> |