taiosBlockadePPLassyPadnaviNQABugsQTronsssnakessstacoemtronserver

Català-Valencià - Catalan中文 - Chinese (Simplified)中文 - Chinese (Traditional)Česky - CzechDansk - DanishNederlands - DutchEnglish - EnglishSuomi - FinnishFrançais - FrenchDeutsch - Germanעברית - Hebrewहिंदी - HindiMagyar - HungarianBahasa Indonesia - IndonesianItaliano - Italian日本語 - Japanese한국어 - Koreanमराठी - MarathiNorsk - NorwegianPolski - PolishPortuguês - PortuguesePortuguês - Portuguese (Brazil)Русский - RussianSlovenčina - SlovakSlovenščina - SlovenianEspañol - SpanishSvenska - SwedishTürkçe - TurkishOëzbekcha - Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → / @ 505

  → / @ 509

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Ignore whitespace Rev 505 → Rev 509

/register-do.php
44,8 → 44,8
$salt = $username . "horses";
$args = array(2, $username, $page->saltAndBurn($password, $salt), $salt, $email, $name, 0);
$page->query("INSERT INTO Users (AccessID, Username, Password, Salt, EmailAddress, Name, ChallengeID) VALUES (?, ?, ?, ?, ?, ?, ?)", $args);
$args = array(2, $username, $page->saltAndBurn($password, $salt), $salt, $email, $name, $page->rndString(), 0);
$page->query("INSERT INTO Users (AccessID, Username, Password, Salt, EmailAddress, Name, CSRFToken, ChallengeID) VALUES (?, ?, ?, ?, ?, ?, ?, ?)", $args);
$page->redirect('login.php');

/_taios.php
359,6 → 359,7
$user->salt = $row['Salt'];
$user->emailAddress = $row['EmailAddress'];
$user->name = $row['Name'];
$user->csrftoken = $row['CSRFToken'];
$user->challengeID = $row['ChallengeID'];
return $user;
475,6 → 476,33
return sha1($salt . $pass);
}
function rndString($len = 8) {
$chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZlolphp';
$clen = strlen($characters);
$res = '';
for ($i = $len - 1; $i >= 0; $i--) {
$res .= $chars[rand(0, clen - 1)];
}
return $res;
}
function getCRSFToken($id) {
$token = $this->rndString();
$this->query("UPDATE USERS Set CSRFToken = ? WHERE ID = ?", array($token, $id));
return $token;
}
function checkCRSFToken($id, $token) {
$user = $this->getUserByID($id);
if ($token !== $user->csrftoken) {
die("a death");
}
$this->getCRSFToken($id); // change to something else so we can't re-use it
}
function getGetID() {
$id = $_GET['id'];
if (empty($id)) {
504,6 → 532,7
public $salt;
public $emailAddress;
public $name;
public $csrftoken;
public $challengeID;
}

/install.sql
12,6 → 12,7
EmailAddress TEXT,
Name TEXT,
Salt TEXT,
CSRFToken TEXT,
ChallengeID INT,
PRIMARY KEY(ID)
);

/admin/account-do.php
19,7 → 19,7
}
if (!empty($password)) {
$salt = $user->name . "sheeps";
$salt = $user->username . "sheeps";
$page->query("UPDATE Users SET Password = ?, Salt = ? WHERE ID = ?", array($page->saltAndBurn($password, $salt), $salt, $userID));
}