/ - Diff - WB 2.08.x - Tracking

     ! = Update/Change
     ===============================================================================
 Jul-2013 Build 1930 Werner v.d.Decken(DarkViper)
     ! implement class Password and activate it
 Jun-2013 Build 1929 Werner v.d.Decken(DarkViper)
     ! added new method to class Translate. it gives posibility to handle translations with additional replacements.
 Jun-2013 Build 1928 Werner v.d.Decken(DarkViper)

         $aDebugMessage[] = (db_update_key_value( 'settings', $cfg ) ? " $OK<br />" : " $FAIL!<br />");
     	/**********************************************************
     	 *  - Adding password settings to settings table
     	 */
     	$aDebugMessage[] = "<span>Adding/updating password settings to settings table</span>";
     	$cfg = array();
     	$cfg['password_crypt_loops'] = (defined('PASSWORD_CRYPT_LOOPS') ? PASSWORD_CRYPT_LOOPS : '12');
     	$cfg['password_hash_type'] = (defined('PASSWORD_HASH_TYPES') ? PASSWORD_HASH_TYPES : 'false');
     	$cfg['password_length'] = (defined('PASSWORD_LENGTH') ? PASSWORD_LENGTH : '10');
     	$cfg['password_use_types'] = (defined('PASSWORD_USE_TYPES') ? PASSWORD_USE_TYPES : (int)0xFFFF);
         $aDebugMessage[] = (db_update_key_value( 'settings', $cfg ) ? " $OK<br />" : " $FAIL!<br />");
     if($bDebugModus) {
         echo implode(PHP_EOL,$aDebugMessage);
+    }

      */
     class PasswordHash {
     	private $itoa64;
     	private $itoa64BlowFish;
     	private $iteration_count_log2;
     	private $portable_hashes;
     	private $random_state;
     	protected $itoa64;
     	protected $itoa64BlowFish;
     	protected $random_state;
     	protected $iteration_count_log2;
     	protected $portable_hashes;
     	public function __construct($iteration_count_log2, $portable_hashes)
+    	{
-...
      */
     	private function gensalt_sha($input, $sType = 'SHA512')
+    	{
     		$iType = ($sType === 'SHA512') ? 6 : (($sType === 'SHA256') ? 5 : 6);
     		$iIterations = pow(2, $this->iteration_count_log2);
     		$iIterations = min(max($iIterations, 10000), 999999999);
     		$iType = ($sType === 'SHA256' ? 5 : 6);
     		$iIterations = min(max(pow(2, $this->iteration_count_log2), 10000), 999999999);
     		$output = '$'.(string)$iType.'$rounds='.(string)$iIterations.'$';
     		$output .= $this->encode64($input, 16);
     		return $output;

branches/2.8.x/wb/admin/interface/version.php
51	51
52	52	// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)
53	53	if(!defined('VERSION')) define('VERSION', '2.8.3');
54		if(!defined('REVISION')) define('REVISION', '1929');
	54	if(!defined('REVISION')) define('REVISION', '1930');
55	55	if(!defined('SP')) define('SP', '');

     										 'WbOldStyle',
     										 (DEBUG ? Translate::CACHE_DISABLED|Translate::KEEP_MISSING : 0)
     										);
     	$oPass = Password::getInstance();
     	if(defined('PASSWORD_CRYPT_LOOPS')) { $oPass->setIteration(PASSWORD_CRYPT_LOOPS); }
     	if(defined('PASSWORD_HASH_TYPES'))  { $oPass->setIteration(PASSWORD_HASH_TYPES); }
     // *** END OF FILE ***********************************************************************

      *               ISTeam changes: added SHA-256, SHA-512 (2012/10/27 Werner v.d. Decken)
      */
     // backwardcompatibility for PHP 5.2.2 + WB2.8.x
     if(!class_exists('PasswordHash')) {
     	include(dirname(dirname(__FILE__)).'/include/phpass/PasswordHash.php');
     	include(dirname(dirname(__FILE__)).'/include/phpass/PasswordHash.php');
+    }
     class Password extends PasswordHash
     //class Password extends vendors\phpass\PasswordHash
+    {
     	const CRYPT_LOOPS_MIN     =  6;  // minimum numbers of loops is 2^6 (64) very, very quick
     	const CRYPT_LOOPS_MIN     =  6;  // minimum numbers of loops is 2^6 (64) very quick but unsecure
     	const CRYPT_LOOPS_MAX     = 31;  // maximum numbers of loops is 2^31 (2,147,483,648) extremely slow
     	const CRYPT_LOOPS_DEFAULT = 12;  // default numbers of loopf is 2^12 (4096) a good average
     	const HASH_TYPE_PORTABLE  = true;  // use MD5 only
     	const HASH_TYPE_AUTO      = false; // select highest available crypting methode
     	const HASH_TYPE_AUTO      = false; // select highest available crypting methode (default)
     	const PW_LENGTH_MIN       =   6;
     	const PW_LENGTH_MAX       = 100;
-...
     	const PW_USE_SPECIAL      = 0x0008; // use special chars
     	const PW_USE_ALL          = 0xFFFF; // use all possibilities
     	/** holds the active singleton instance */
     	private static $_oInstance     = null;
     	protected $oHashMethods        = null;
     	protected $iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT;
     	protected $bPortableHashes     = self::HASH_TYPE_AUTO;
     /**
+     *
      * @param int number of iterations as exponent of 2 (must be between 4 and 31)
      * @param bool TRUE = use MD5 only | FALSE = automatic
      * constructor
      */
     	public function __construct($iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT, $bPortableHashes = self::HASH_TYPE_AUTO)
     	protected function __construct()
+    	{
     		parent::__construct($iIterationCountLog2, $bPortableHashes);
     		parent::__construct(self::CRYPT_LOOPS_DEFAULT, self::HASH_TYPE_AUTO);
+    	}
     /**
      * dissable cloning
      */
     	private function __clone() {
+    		;
+    	}
     /**
      * get current instance or create new one
      * @return Password
      */
     	public static function getInstance()
+    	{
     		if( is_null(self::$_oInstance) ) {
                 $c = __CLASS__;
                 self::$_oInstance = new $c;
     			self::$_oInstance->setIteration(self::CRYPT_LOOPS_DEFAULT);
     			self::$_oInstance->setHashType(self::HASH_TYPE_AUTO);
+    		}
     		return self::$oInstance;
+    	}
     /**
      * set the number of iterations
      * @param int $iIterationCountLog2 number of iterations defined as the exponent to basic 2
      */
     	public function setIteration($iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT)
+    	{
     		$this->iteration_count_log2 = min(max($iIterationCountLog2, self::CRYPT_LOOPS_MIN), self::CRYPT_LOOPS_MAX);
+    	}
     /**
      * set type of hash generation
      * @param bool $bPortableHashes
      * @description HASH_TYPE_AUTO will choose the higest available algorithm to create a hash (default)<br />
      *              Attention: it's possible that high level generated hashes from PHP>=5.3 are not validable under PHP<5.3!!<br />
      *              HASH_TYPE_PORTABLE choose MD5 hashing with salt and n iterations
      */
     	public function setHashType($bPortableHashes = self::HASH_TYPE_AUTO)
+    	{
     		if(version_compare('5.3', PHP_VERSION, '<')) {
     			$this->portable_hashes = self::HASH_TYPE_PORTABLE;
     		}else {
     			$this->portable_hashes = (boolean)$bPortableHashes;
+    		}
+    	}
     /**
      * make hash from password
      * @param string password to hash
      * @return string generated hash. Null if failed.
-...
      */
     	public static function isValid($sPassword)
+    	{
     /** @todo extend blacklist with additional utf8 codes */
     		$sBlackList = '\"\'\,\;\<\>\?\\\{\|\}\~ '
     		            . '\x00-\x20\x22\x27\x2c\x3b\x3c\x3e\x3f\x5c\x7b-\x7f\xff';
     		$bRetval = !preg_match('/['.$sBlackList.']/si', $sPassword);

     	require(ADMIN_PATH.'/interface/version.php');
     	$settings_rows=	"INSERT INTO `".TABLE_PREFIX."settings` "
     	." (setting_id, name, value) VALUES "
     	." ( 1, 'wb_version', '".VERSION."'),"
     	." ( 2, 'website_title', '$website_title'),"
     	." ( 3, 'website_description', ''),"
     	." ( 4, 'website_keywords', ''),"
     	." ( 5, 'website_header', ''),"
     	." ( 6, 'website_footer', ''),"
     	." ( 7, 'wysiwyg_style', 'font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;'),"
     	." ( 8, 'rename_files_on_upload', 'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt'),"
     	." ( 9, 'er_level', '0'),"
     	." (10, 'default_language', '$default_language'),"
     	." (11, 'app_name', 'wb_$session_rand'),"
     	." (12, 'sec_anchor', 'Sec'),"
     	." (13, 'default_timezone', '$default_timezone'),"
     	." (14, 'default_date_format', 'Y-m-d'),"
     	." (15, 'default_time_format', 'h:i A'),"
     	." (16, 'redirect_timer', '1500'),"
     	." (17, 'home_folders', 'true'),"
     	." (18, 'warn_page_leave', '1'),"
     	." (19, 'default_template', 'round'),"
     	." (20, 'default_theme', 'wb_theme'),"
     	." (21, 'default_charset', 'utf-8'),"
     	." (22, 'multiple_menus', 'true'),"
     	." (23, 'page_level_limit', '6'),"
     	." (24, 'intro_page', 'false'),"
     	." (25, 'page_trash', 'inline'),"
     	." (26, 'homepage_redirection', 'false'),"
     	." (27, 'page_languages', 'true'),"
     	." (28, 'wysiwyg_editor', 'fckeditor'),"
     	." (29, 'manage_sections', 'true'),"
     	." (30, 'section_blocks', 'false'),"
     	." (31, 'smart_login', 'false'),"
     	." (32, 'frontend_login', 'false'),"
     	." (33, 'frontend_signup', 'false'),"
     	." (34, 'search', 'public'),"
     	." (35, 'page_extension', '.php'),"
     	." (36, 'page_spacer', '-'),"
     	." (37, 'pages_directory', '/pages'),"
     	." (38, 'rename_files_on_upload', 'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt'),"
     	." (39, 'media_directory', '/media'),"
     	." (40, 'operating_system', '$operating_system'),"
     	." (41, 'string_file_mode', '$file_mode'),"
     	." (42, 'string_dir_mode', '$dir_mode'),"
     	." (43, 'wbmailer_routine', 'phpmail'),"
     	." (44, 'server_email', '$admin_email'),"
     	." (45, 'wbmailer_default_sendername', 'WebsiteBaker Mailer'),"
     	." (46, 'wbmailer_smtp_host', ''),"
     	." (47, 'wbmailer_smtp_auth', ''),"
     	." (48, 'wbmailer_smtp_username', ''),"
     	." (49, 'wbmailer_smtp_password', ''),"
     	." (50, 'fingerprint_with_ip_octets', '2'),"
     	." (51, 'secure_form_module', ''),"
     	." (52, 'mediasettings', ''),"
     	." (53, 'wb_revision', '".REVISION."'),"
      	." (54, 'wb_sp', '".SP."'),"
     	." (55, 'page_icon_dir', '/templates/*/title_images'),"
     	." (56, 'dev_infos', 'false'),"
     	." (57, 'groups_updated', '".time()."'),"
     	." (58, 'wbmail_signature', ''),"
     	." (59, 'confirmed_registration', '1'),"
     	." (60, 'page_extendet', 'true'),"
     	." (62, 'system_locked', '0')";
     	$sql = 'INSERT INTO `'.TABLE_PREFIX.'settings` (`name`, `value`) VALUES '
     	     . '(\'wb_version\', \''.VERSION.'\'), '
     	     . '(\'website_title\', \''.$website_title.'\'), '
     	     . '(\'website_description\', \'\'), '
     	     . '(\'website_keywords\', \'\'), '
     	     . '(\'website_header\', \'\'), '
     	     . '(\'website_footer\', \'\'), '
     	     . '(\'wysiwyg_style\', \'font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;\'), '
     	     . '(\'rename_files_on_upload\', \'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt\'), '
     	     . '(\'er_level\', \'0\'), '
     	     . '(\'default_language\', \''.$default_language.'\'), '
     	     . '(\'app_name\', \'wb_'.$session_rand.'\'), '
     	     . '(\'sec_anchor\', \'Sec\'), '
     	     . '(\'default_timezone\', \''.$default_timezone.'\'), '
     	     . '(\'default_date_format\', \'Y-m-d\'), '
     	     . '(\'default_time_format\', \'h:i A\'), '
     	     . '(\'redirect_timer\', \'1500\'), '
     	     . '(\'home_folders\', \'true\'), '
     	     . '(\'warn_page_leave\', \'1\'), '
     	     . '(\'default_template\', \'round\'), '
     	     . '(\'default_theme\', \'wb_theme\'), '
     	     . '(\'default_charset\', \'utf-8\'), '
     	     . '(\'multiple_menus\', \'true\'), '
     	     . '(\'page_level_limit\', \'6\'), '
     	     . '(\'intro_page\', \'false\'), '
     	     . '(\'page_trash\', \'inline\'), '
     	     . '(\'homepage_redirection\', \'false\'), '
     	     . '(\'page_languages\', \'true\'), '
     	     . '(\'wysiwyg_editor\', \'fckeditor\'), '
     	     . '(\'manage_sections\', \'true\'), '
     	     . '(\'section_blocks\', \'false\'), '
     	     . '(\'smart_login\', \'false\'), '
     	     . '(\'frontend_login\', \'false\'), '
     	     . '(\'frontend_signup\', \'false\'), '
     	     . '(\'search\', \'public\'), '
     	     . '(\'page_extension\', \'.php\'), '
     	     . '(\'page_spacer\', \'-\'), '
     	     . '(\'pages_directory\', \'/pages\'), '
     	     . '(\'rename_files_on_upload\', \'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt\'), '
     	     . '(\'media_directory\', \'/media\'), '
     	     . '(\'operating_system\', \''.$operating_system.'\'), '
     	     . '(\'string_file_mode\', \''.$file_mode.'\'), '
     	     . '(\'string_dir_mode\', \''.$dir_mode.'\'), '
     	     . '(\'wbmailer_routine\', \'phpmail\'), '
     	     . '(\'server_email\', \''.$admin_email.'\'), '
     	     . '(\'wbmailer_default_sendername\', \'WebsiteBaker Mailer\'), '
     	     . '(\'wbmailer_smtp_host\', \'\'), '
     	     . '(\'wbmailer_smtp_auth\', \'\'), '
     	     . '(\'wbmailer_smtp_username\', \'\'), '
     	     . '(\'wbmailer_smtp_password\', \'\'), '
     	     . '(\'fingerprint_with_ip_octets\', \'2\'), '
     	     . '(\'secure_form_module\', \'\'), '
     	     . '(\'mediasettings\', \'\'), '
     	     . '(\'wb_revision\', \''.REVISION.'\'), '
      	     . '(\'wb_sp\', \''.SP.'\'), '
     	     . '(\'page_icon_dir\', \'/templates/*/title_images\'), '
     	     . '(\'dev_infos\', \'false\'), '
     	     . '(\'groups_updated\', \''.time().'\'), '
     	     . '(\'wbmail_signature\', \'\'), '
     	     . '(\'confirmed_registration\', \'1\'), '
     	     . '(\'page_extendet\', \'true\'), '
     	     . '(\'system_locked\', \'0\'), '
     	     . '(\'password_crypt_loops\', \'12\'), '
     	     . '(\'password_hash_type\', \'false\'), '
     	     . '(\'password_length\', \'10\'), '
     		 . '(\'password_use_types\', \''.(int)0xFFFF.'\') '
     	     . '';
     	if(!$database->query($settings_rows)) { set_error($database->get_error()); }
     	// Admin group
     	$full_system_permissions  = 'access,addons,admintools,admintools_view,groups,groups_add,groups_delete,groups_modify,groups_view,';
     	$full_system_permissions .= 'languages,languages_install,languages_uninstall,languages_view,media,media_create,media_delete,media_rename,media_upload,media_view,';
     	$full_system_permissions .= 'modules,modules_advanced,modules_install,modules_uninstall,modules_view,pages,pages_add,pages_add_l0,pages_delete,pages_intro,pages_modify,pages_settings,pages_view,';
     	$full_system_permissions .= 'preferences,preferences_view,settings,settings_advanced,settings_basic,settings_view,templates,templates_install,templates_uninstall,templates_view,users,users_add,users_delete,users_modify,users_view';
     	$insert_admin_group = "INSERT INTO `".TABLE_PREFIX."groups` VALUES ('1', 'Administrators', '$full_system_permissions', '', '')";
     	if(!$database->query($insert_admin_group)) { set_error($database->get_error()); }
     	$full_system_permissions  = 'access,addons,admintools,admintools_view,groups,groups_add,groups_delete,'
     	                          . 'groups_modify,groups_view,languages,languages_install,languages_uninstall,'
     	                          . 'languages_view,media,media_create,media_delete,media_rename,media_upload,'
     	                          . 'media_view,modules,modules_advanced,modules_install,modules_uninstall,'
     	                          . 'modules_view,pages,pages_add,pages_add_l0,pages_delete,pages_intro,'
     	                          . 'pages_modify,pages_settings,pages_view,preferences,preferences_view,'
     	                          . 'settings,settings_advanced,settings_basic,settings_view,templates,'
     	                          . 'templates_install,templates_uninstall,templates_view,users,users_add,'
     	                          . 'users_delete,users_modify,users_view';
     	$sql = 'INSERT INTO `'.TABLE_PREFIX.'groups` '
     	     . 'SET `group_id` =1,'
     	     .     '`name`=\'Administrators\','
     		 .     '`system_permissions`=\''.$full_system_permissions.'\','
     		 .     '`module_permissions`=\'\','
     		 .     '`template_permissions`=\'\'';
     	if(!$database->query($sql)) { set_error($database->get_error()); }
     // Admin user
     	$insert_admin_user = "INSERT INTO `".TABLE_PREFIX."users` VALUES (1, 1, '1', 1, '$admin_username', '".md5($admin_password)."', '', 0, '', 0, 'Administrator', '$admin_email', $default_timezone, '', '', '$default_language', '', 0, '');";

Project

General

Profile

WB 2.08.x

Revision 1930

Added by darkviper over 11 years ago