| /login-do.php |
|---|
| 23,7 → 23,7 |
| } |
| $user = $page->getUserByUsername($username); |
| if (!$user || $user->password !== sha1($password)) |
| if (!$user || $user->password !== $page->saltAndBurn($password, $user->salt)) |
| { |
| $page->redirect('login.php?error=Incorrect Username or Password&oldurl=' . urlencode($redirurl)); |
| } |
| /_taios.php |
|---|
| 356,6 → 356,7 |
| $user->accessID = $row['AccessID']; |
| $user->username = $row['Username']; |
| $user->password = $row['Password']; |
| $user->salt = $row['Salt']; |
| $user->emailAddress = $row['EmailAddress']; |
| $user->name = $row['Name']; |
| $user->challengeID = $row['ChallengeID']; |
| 470,6 → 471,10 |
| $this->query("DELETE FROM BlogPosts WHERE ID = ?", array($id)); |
| } |
| function saltAndBurn($pass, $salt) { |
| return sha1($salt + $pass); |
| } |
| function getGetID() { |
| $id = $_GET['id']; |
| if (empty($id)) { |
| /install.sql |
|---|
| 11,6 → 11,7 |
| Password TEXT, |
| EmailAddress TEXT, |
| Name TEXT, |
| Salt TEXT, |
| ChallengeID INT, |
| PRIMARY KEY(ID) |
| ); |
| /register-do.php |
|---|
| 42,9 → 42,11 |
| $page->redirect('register.php?error=Incorrect reCAPTCHA response'); |
| } |
| $args = array(2, $username, sha1($password), $email, $name, 0); |
| $page->query("INSERT INTO Users (AccessID, Username, Password, EmailAddress, Name, ChallengeID) VALUES (?, ?, ?, ?, ?, ?)", $args); |
| $salt = $username + "horses"; |
| $args = array(2, $username, $page->saltAndBurn($password, $salt), $salt, $email, $name, 0); |
| $page->query("INSERT INTO Users (AccessID, Username, Password, Salt, EmailAddress, Name, ChallengeID) VALUES (?, ?, ?, ?, ?, ?, ?)", $args); |
| $page->redirect('login.php'); |
| ?> |