/login-do.php |
---|
23,7 → 23,7 |
} |
$user = $page->getUserByUsername($username); |
if (!$user || $user->password !== sha1($password)) |
if (!$user || $user->password !== $page->saltAndBurn($password, $user->salt)) |
{ |
$page->redirect('login.php?error=Incorrect Username or Password&oldurl=' . urlencode($redirurl)); |
} |
/_taios.php |
---|
356,6 → 356,7 |
$user->accessID = $row['AccessID']; |
$user->username = $row['Username']; |
$user->password = $row['Password']; |
$user->salt = $row['Salt']; |
$user->emailAddress = $row['EmailAddress']; |
$user->name = $row['Name']; |
$user->challengeID = $row['ChallengeID']; |
470,6 → 471,10 |
$this->query("DELETE FROM BlogPosts WHERE ID = ?", array($id)); |
} |
function saltAndBurn($pass, $salt) { |
return sha1($salt + $pass); |
} |
function getGetID() { |
$id = $_GET['id']; |
if (empty($id)) { |
/install.sql |
---|
11,6 → 11,7 |
Password TEXT, |
EmailAddress TEXT, |
Name TEXT, |
Salt TEXT, |
ChallengeID INT, |
PRIMARY KEY(ID) |
); |
/register-do.php |
---|
42,9 → 42,11 |
$page->redirect('register.php?error=Incorrect reCAPTCHA response'); |
} |
$args = array(2, $username, sha1($password), $email, $name, 0); |
$page->query("INSERT INTO Users (AccessID, Username, Password, EmailAddress, Name, ChallengeID) VALUES (?, ?, ?, ?, ?, ?)", $args); |
$salt = $username + "horses"; |
$args = array(2, $username, $page->saltAndBurn($password, $salt), $salt, $email, $name, 0); |
$page->query("INSERT INTO Users (AccessID, Username, Password, Salt, EmailAddress, Name, ChallengeID) VALUES (?, ?, ?, ?, ?, ?, ?)", $args); |
$page->redirect('login.php'); |
?> |