Subversion Repositories taios

Compare Revisions

Ignore whitespace Rev 496 → Rev 509

/register-do.php
42,9 → 42,11
$page->redirect('register.php?error=Incorrect reCAPTCHA response');
}
 
$args = array(2, $username, sha1($password), $email, $name, 0);
$page->query("INSERT INTO Users (AccessID, Username, Password, EmailAddress, Name, ChallengeID) VALUES (?, ?, ?, ?, ?, ?)", $args);
$salt = $username . "horses";
 
$args = array(2, $username, $page->saltAndBurn($password, $salt), $salt, $email, $name, $page->rndString(), 0);
$page->query("INSERT INTO Users (AccessID, Username, Password, Salt, EmailAddress, Name, CSRFToken, ChallengeID) VALUES (?, ?, ?, ?, ?, ?, ?, ?)", $args);
 
$page->redirect('login.php');
 
?>
/_taios.php
142,7 → 142,7
write('</p><br />');
}
 
$ids = $this->findIDs('BlogPosts', 'WHERE ParentID="' . $id . '"');
$ids = $this->findIDs('BlogPosts', 'WHERE ParentID=?', array($id));
for ($i = 0; $i < count($ids); $i++)
{
write('<div class="indent">');
356,8 → 356,10
$user->accessID = $row['AccessID'];
$user->username = $row['Username'];
$user->password = $row['Password'];
$user->salt = $row['Salt'];
$user->emailAddress = $row['EmailAddress'];
$user->name = $row['Name'];
$user->csrftoken = $row['CSRFToken'];
$user->challengeID = $row['ChallengeID'];
return $user;
470,6 → 472,37
$this->query("DELETE FROM BlogPosts WHERE ID = ?", array($id));
}
 
function saltAndBurn($pass, $salt) {
return sha1($salt . $pass);
}
 
function rndString($len = 8) {
$chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZlolphp';
$clen = strlen($characters);
 
$res = '';
for ($i = $len - 1; $i >= 0; $i--) {
$res .= $chars[rand(0, clen - 1)];
}
 
return $res;
}
 
function getCRSFToken($id) {
$token = $this->rndString();
$this->query("UPDATE USERS Set CSRFToken = ? WHERE ID = ?", array($token, $id));
return $token;
}
 
function checkCRSFToken($id, $token) {
$user = $this->getUserByID($id);
if ($token !== $user->csrftoken) {
die("a death");
}
 
$this->getCRSFToken($id); // change to something else so we can't re-use it
}
 
function getGetID() {
$id = $_GET['id'];
if (empty($id)) {
496,8 → 529,10
public $accessID;
public $username;
public $password;
public $salt;
public $emailAddress;
public $name;
public $csrftoken;
 
public $challengeID;
}
/install.sql
11,6 → 11,8
Password TEXT,
EmailAddress TEXT,
Name TEXT,
Salt TEXT,
CSRFToken TEXT,
ChallengeID INT,
PRIMARY KEY(ID)
);
/admin/account-do.php
19,7 → 19,8
}
if (!empty($password)) {
$page->query("UPDATE Users SET Password = ? WHERE ID = ?", array(sha1($password), $userID));
$salt = $user->username . "sheeps";
$page->query("UPDATE Users SET Password = ?, Salt = ? WHERE ID = ?", array($page->saltAndBurn($password, $salt), $salt, $userID));
}
if (!empty($email)) {
/admin/all-accounts.php
17,7 → 17,7
write('<td class="bold">ID</td>');
write('<td class="bold">AccessID</td>');
write('<td class="bold">Username</td>');
write('<td class="bold">SHA1 Password</td>');
write('<td class="bold">Salt and Burned Password</td>');
write('<td class="bold">Name</td>');
write('<td class="bold">Email Address</td>');
write('<td class="bold">Challenge ID</td>');
/login-do.php
23,7 → 23,7
}
 
$user = $page->getUserByUsername($username);
if (!$user || $user->password !== sha1($password))
if (!$user || $user->password !== $page->saltAndBurn($password, $user->salt))
{
$page->redirect('login.php?error=Incorrect Username or Password&oldurl=' . urlencode($redirurl));
}
/wiki/index.php
29,7 → 29,7
$pageName = 'Index';
}
 
$page = new Taios_Page('Wiki - ' . $pageName, '../');
$page = new Taios_Page('Wiki &middot; ' . $pageName, '../');
 
if (isset($_GET['random']))
{
/blog/post.php
9,6 → 9,8
$page->redirect('index.php');
}
 
$page->title = 'Blog Post &middot; ' . $page->getBlogPost($page->getGetID())->title;
 
$page->drawHeader();
$page->drawBlogCategoriesMenu();
$page->drawMiddle();