| /blog/add-post.php |
|---|
| 21,6 → 21,8 |
| if (isset($_POST['post'])) |
| { |
| $page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']); |
| $title = $_POST['title']; |
| $content = $_POST['content']; |
| $parentID = $_POST['parentID']; |
| 78,6 → 80,7 |
| </tr> |
| <input type="hidden" name="post" value="yes" /> |
| <input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
| <?php |
| write('<input type="hidden" name="parentID" value="' . getParentID() . '" />'); |
| /blog/edit-post.php |
|---|
| 28,6 → 28,8 |
| $error = ''; |
| if (isset($_POST['id'])) { |
| $page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']); |
| $title = $_POST['title']; |
| $content = $_POST['content']; |
| $category = $_POST['category']; |
| 71,8 → 73,9 |
| <?php |
| write('<input type="hidden" name="id" value="' . $id . '" />'); |
| ?> |
| <input type="hidden" name="csrftoken" value=""<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
| <tr> |
| <tr> |
| <td class="bold"></td> |
| <td><input type="submit" value="Edit" /></td> |
| </tr> |
| /_taios.php |
|---|
| 356,8 → 356,10 |
| $user->accessID = $row['AccessID']; |
| $user->username = $row['Username']; |
| $user->password = $row['Password']; |
| $user->salt = $row['Salt']; |
| $user->emailAddress = $row['EmailAddress']; |
| $user->name = $row['Name']; |
| $user->csrftoken = $row['CSRFToken']; |
| $user->challengeID = $row['ChallengeID']; |
| return $user; |
| 470,6 → 472,37 |
| $this->query("DELETE FROM BlogPosts WHERE ID = ?", array($id)); |
| } |
| function saltAndBurn($pass, $salt) { |
| return sha1($salt . $pass); |
| } |
| function rndString($len = 8) { |
| $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZlolphp'; |
| $clen = strlen($characters); |
| $res = ''; |
| for ($i = $len - 1; $i >= 0; $i--) { |
| $res .= $chars[rand(0, clen - 1)]; |
| } |
| return $res; |
| } |
| function getCSRFToken($id) { |
| $token = $this->rndString(); |
| $this->query("UPDATE USERS Set CSRFToken = ? WHERE ID = ?", array($token, $id)); |
| return $token; |
| } |
| function checkCSRFToken($id, $token) { |
| $user = $this->getUserByID($id); |
| if ($token !== $user->csrftoken) { |
| die("a death"); |
| } |
| $this->getCSRFToken($id); // change to something else so we can't re-use it |
| } |
| function getGetID() { |
| $id = $_GET['id']; |
| if (empty($id)) { |
| 496,8 → 529,10 |
| public $accessID; |
| public $username; |
| public $password; |
| public $salt; |
| public $emailAddress; |
| public $name; |
| public $csrftoken; |
| public $challengeID; |
| } |
| /register-do.php |
|---|
| 42,9 → 42,11 |
| $page->redirect('register.php?error=Incorrect reCAPTCHA response'); |
| } |
| $args = array(2, $username, sha1($password), $email, $name, 0); |
| $page->query("INSERT INTO Users (AccessID, Username, Password, EmailAddress, Name, ChallengeID) VALUES (?, ?, ?, ?, ?, ?)", $args); |
| $salt = $username . "horses"; |
| $args = array(2, $username, $page->saltAndBurn($password, $salt), $salt, $email, $name, $page->rndString(), 0); |
| $page->query("INSERT INTO Users (AccessID, Username, Password, Salt, EmailAddress, Name, CSRFToken, ChallengeID) VALUES (?, ?, ?, ?, ?, ?, ?, ?)", $args); |
| $page->redirect('login.php'); |
| ?> |
| /install.sql |
|---|
| 11,6 → 11,8 |
| Password TEXT, |
| EmailAddress TEXT, |
| Name TEXT, |
| Salt TEXT, |
| CSRFToken TEXT, |
| ChallengeID INT, |
| PRIMARY KEY(ID) |
| ); |
| /admin/account-do.php |
|---|
| 19,7 → 19,8 |
| } |
| if (!empty($password)) { |
| $page->query("UPDATE Users SET Password = ? WHERE ID = ?", array(sha1($password), $userID)); |
| $salt = $user->username . "sheeps"; |
| $page->query("UPDATE Users SET Password = ?, Salt = ? WHERE ID = ?", array($page->saltAndBurn($password, $salt), $salt, $userID)); |
| } |
| if (!empty($email)) { |
| /admin/all-accounts.php |
|---|
| 17,7 → 17,7 |
| write('<td class="bold">ID</td>'); |
| write('<td class="bold">AccessID</td>'); |
| write('<td class="bold">Username</td>'); |
| write('<td class="bold">SHA1 Password</td>'); |
| write('<td class="bold">Salt and Burned Password</td>'); |
| write('<td class="bold">Name</td>'); |
| write('<td class="bold">Email Address</td>'); |
| write('<td class="bold">Challenge ID</td>'); |
| /login-do.php |
|---|
| 23,7 → 23,7 |
| } |
| $user = $page->getUserByUsername($username); |
| if (!$user || $user->password !== sha1($password)) |
| if (!$user || $user->password !== $page->saltAndBurn($password, $user->salt)) |
| { |
| $page->redirect('login.php?error=Incorrect Username or Password&oldurl=' . urlencode($redirurl)); |
| } |
| /wiki/index.php |
|---|
| 29,7 → 29,7 |
| $pageName = 'Index'; |
| } |
| $page = new Taios_Page('Wiki - ' . $pageName, '../'); |
| $page = new Taios_Page('Wiki · ' . $pageName, '../'); |
| if (isset($_GET['random'])) |
| { |