Revision 1930
Added by darkviper over 11 years ago
branches/2.8.x/CHANGELOG | ||
---|---|---|
11 | 11 |
! = Update/Change |
12 | 12 |
=============================================================================== |
13 | 13 |
|
14 |
09 Jul-2013 Build 1930 Werner v.d.Decken(DarkViper) |
|
15 |
! implement class Password and activate it |
|
14 | 16 |
21 Jun-2013 Build 1929 Werner v.d.Decken(DarkViper) |
15 | 17 |
! added new method to class Translate. it gives posibility to handle translations with additional replacements. |
16 | 18 |
20 Jun-2013 Build 1928 Werner v.d.Decken(DarkViper) |
branches/2.8.x/wb/upgrade-script.php | ||
---|---|---|
577 | 577 |
|
578 | 578 |
$aDebugMessage[] = (db_update_key_value( 'settings', $cfg ) ? " $OK<br />" : " $FAIL!<br />"); |
579 | 579 |
|
580 |
/********************************************************** |
|
581 |
* - Adding password settings to settings table |
|
582 |
*/ |
|
583 |
$aDebugMessage[] = "<span>Adding/updating password settings to settings table</span>"; |
|
584 |
$cfg = array(); |
|
585 |
$cfg['password_crypt_loops'] = (defined('PASSWORD_CRYPT_LOOPS') ? PASSWORD_CRYPT_LOOPS : '12'); |
|
586 |
$cfg['password_hash_type'] = (defined('PASSWORD_HASH_TYPES') ? PASSWORD_HASH_TYPES : 'false'); |
|
587 |
$cfg['password_length'] = (defined('PASSWORD_LENGTH') ? PASSWORD_LENGTH : '10'); |
|
588 |
$cfg['password_use_types'] = (defined('PASSWORD_USE_TYPES') ? PASSWORD_USE_TYPES : (int)0xFFFF); |
|
589 |
$aDebugMessage[] = (db_update_key_value( 'settings', $cfg ) ? " $OK<br />" : " $FAIL!<br />"); |
|
590 |
|
|
580 | 591 |
if($bDebugModus) { |
581 | 592 |
echo implode(PHP_EOL,$aDebugMessage); |
582 | 593 |
} |
branches/2.8.x/wb/include/phpass/PasswordHash.php | ||
---|---|---|
27 | 27 |
*/ |
28 | 28 |
|
29 | 29 |
class PasswordHash { |
30 |
private $itoa64;
|
|
31 |
private $itoa64BlowFish;
|
|
32 |
private $iteration_count_log2;
|
|
33 |
private $portable_hashes;
|
|
34 |
private $random_state;
|
|
30 |
protected $itoa64;
|
|
31 |
protected $itoa64BlowFish;
|
|
32 |
protected $random_state;
|
|
33 |
protected $iteration_count_log2;
|
|
34 |
protected $portable_hashes;
|
|
35 | 35 |
|
36 | 36 |
public function __construct($iteration_count_log2, $portable_hashes) |
37 | 37 |
{ |
... | ... | |
154 | 154 |
*/ |
155 | 155 |
private function gensalt_sha($input, $sType = 'SHA512') |
156 | 156 |
{ |
157 |
$iType = ($sType === 'SHA512') ? 6 : (($sType === 'SHA256') ? 5 : 6); |
|
158 |
$iIterations = pow(2, $this->iteration_count_log2); |
|
159 |
$iIterations = min(max($iIterations, 10000), 999999999); |
|
157 |
$iType = ($sType === 'SHA256' ? 5 : 6); |
|
158 |
$iIterations = min(max(pow(2, $this->iteration_count_log2), 10000), 999999999); |
|
160 | 159 |
$output = '$'.(string)$iType.'$rounds='.(string)$iIterations.'$'; |
161 | 160 |
$output .= $this->encode64($input, 16); |
162 | 161 |
return $output; |
branches/2.8.x/wb/admin/interface/version.php | ||
---|---|---|
51 | 51 |
|
52 | 52 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
53 | 53 |
if(!defined('VERSION')) define('VERSION', '2.8.3'); |
54 |
if(!defined('REVISION')) define('REVISION', '1929');
|
|
54 |
if(!defined('REVISION')) define('REVISION', '1930');
|
|
55 | 55 |
if(!defined('SP')) define('SP', ''); |
branches/2.8.x/wb/framework/initialize.php | ||
---|---|---|
341 | 341 |
'WbOldStyle', |
342 | 342 |
(DEBUG ? Translate::CACHE_DISABLED|Translate::KEEP_MISSING : 0) |
343 | 343 |
); |
344 |
$oPass = Password::getInstance(); |
|
345 |
if(defined('PASSWORD_CRYPT_LOOPS')) { $oPass->setIteration(PASSWORD_CRYPT_LOOPS); } |
|
346 |
if(defined('PASSWORD_HASH_TYPES')) { $oPass->setIteration(PASSWORD_HASH_TYPES); } |
|
344 | 347 |
// *** END OF FILE *********************************************************************** |
345 | 348 |
|
branches/2.8.x/wb/framework/Password.php | ||
---|---|---|
31 | 31 |
* ISTeam changes: added SHA-256, SHA-512 (2012/10/27 Werner v.d. Decken) |
32 | 32 |
*/ |
33 | 33 |
|
34 |
// backwardcompatibility for PHP 5.2.2 + WB2.8.x |
|
35 | 34 |
if(!class_exists('PasswordHash')) { |
36 |
include(dirname(dirname(__FILE__)).'/include/phpass/PasswordHash.php');
|
|
35 |
include(dirname(dirname(__FILE__)).'/include/phpass/PasswordHash.php'); |
|
37 | 36 |
} |
38 | 37 |
|
39 |
|
|
40 | 38 |
class Password extends PasswordHash |
41 |
//class Password extends vendors\phpass\PasswordHash |
|
42 | 39 |
{ |
43 | 40 |
|
44 |
const CRYPT_LOOPS_MIN = 6; // minimum numbers of loops is 2^6 (64) very, very quick
|
|
41 |
const CRYPT_LOOPS_MIN = 6; // minimum numbers of loops is 2^6 (64) very quick but unsecure
|
|
45 | 42 |
const CRYPT_LOOPS_MAX = 31; // maximum numbers of loops is 2^31 (2,147,483,648) extremely slow |
46 | 43 |
const CRYPT_LOOPS_DEFAULT = 12; // default numbers of loopf is 2^12 (4096) a good average |
47 | 44 |
|
48 | 45 |
const HASH_TYPE_PORTABLE = true; // use MD5 only |
49 |
const HASH_TYPE_AUTO = false; // select highest available crypting methode |
|
46 |
const HASH_TYPE_AUTO = false; // select highest available crypting methode (default)
|
|
50 | 47 |
|
51 | 48 |
const PW_LENGTH_MIN = 6; |
52 | 49 |
const PW_LENGTH_MAX = 100; |
... | ... | |
58 | 55 |
const PW_USE_SPECIAL = 0x0008; // use special chars |
59 | 56 |
const PW_USE_ALL = 0xFFFF; // use all possibilities |
60 | 57 |
|
58 |
/** holds the active singleton instance */ |
|
59 |
private static $_oInstance = null; |
|
60 |
|
|
61 |
protected $oHashMethods = null; |
|
62 |
protected $iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT; |
|
63 |
protected $bPortableHashes = self::HASH_TYPE_AUTO; |
|
64 |
|
|
61 | 65 |
/** |
62 |
* |
|
63 |
* @param int number of iterations as exponent of 2 (must be between 4 and 31) |
|
64 |
* @param bool TRUE = use MD5 only | FALSE = automatic |
|
66 |
* constructor |
|
65 | 67 |
*/ |
66 |
public function __construct($iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT, $bPortableHashes = self::HASH_TYPE_AUTO)
|
|
68 |
protected function __construct()
|
|
67 | 69 |
{ |
68 |
parent::__construct($iIterationCountLog2, $bPortableHashes);
|
|
70 |
parent::__construct(self::CRYPT_LOOPS_DEFAULT, self::HASH_TYPE_AUTO);
|
|
69 | 71 |
} |
70 | 72 |
/** |
73 |
* dissable cloning |
|
74 |
*/ |
|
75 |
private function __clone() { |
|
76 |
; |
|
77 |
} |
|
78 |
/** |
|
79 |
* get current instance or create new one |
|
80 |
* @return Password |
|
81 |
*/ |
|
82 |
public static function getInstance() |
|
83 |
{ |
|
84 |
if( is_null(self::$_oInstance) ) { |
|
85 |
$c = __CLASS__; |
|
86 |
self::$_oInstance = new $c; |
|
87 |
self::$_oInstance->setIteration(self::CRYPT_LOOPS_DEFAULT); |
|
88 |
self::$_oInstance->setHashType(self::HASH_TYPE_AUTO); |
|
89 |
} |
|
90 |
return self::$oInstance; |
|
91 |
} |
|
92 |
/** |
|
93 |
* set the number of iterations |
|
94 |
* @param int $iIterationCountLog2 number of iterations defined as the exponent to basic 2 |
|
95 |
*/ |
|
96 |
public function setIteration($iIterationCountLog2 = self::CRYPT_LOOPS_DEFAULT) |
|
97 |
{ |
|
98 |
$this->iteration_count_log2 = min(max($iIterationCountLog2, self::CRYPT_LOOPS_MIN), self::CRYPT_LOOPS_MAX); |
|
99 |
} |
|
100 |
/** |
|
101 |
* set type of hash generation |
|
102 |
* @param bool $bPortableHashes |
|
103 |
* @description HASH_TYPE_AUTO will choose the higest available algorithm to create a hash (default)<br /> |
|
104 |
* Attention: it's possible that high level generated hashes from PHP>=5.3 are not validable under PHP<5.3!!<br /> |
|
105 |
* HASH_TYPE_PORTABLE choose MD5 hashing with salt and n iterations |
|
106 |
*/ |
|
107 |
public function setHashType($bPortableHashes = self::HASH_TYPE_AUTO) |
|
108 |
{ |
|
109 |
if(version_compare('5.3', PHP_VERSION, '<')) { |
|
110 |
$this->portable_hashes = self::HASH_TYPE_PORTABLE; |
|
111 |
}else { |
|
112 |
$this->portable_hashes = (boolean)$bPortableHashes; |
|
113 |
} |
|
114 |
} |
|
115 |
/** |
|
71 | 116 |
* make hash from password |
72 | 117 |
* @param string password to hash |
73 | 118 |
* @return string generated hash. Null if failed. |
... | ... | |
97 | 142 |
*/ |
98 | 143 |
public static function isValid($sPassword) |
99 | 144 |
{ |
145 |
/** @todo extend blacklist with additional utf8 codes */ |
|
100 | 146 |
$sBlackList = '\"\'\,\;\<\>\?\\\{\|\}\~ ' |
101 | 147 |
. '\x00-\x20\x22\x27\x2c\x3b\x3c\x3e\x3f\x5c\x7b-\x7f\xff'; |
102 | 148 |
$bRetval = !preg_match('/['.$sBlackList.']/si', $sPassword); |
branches/2.8.x/wb/install/save.php | ||
---|---|---|
471 | 471 |
|
472 | 472 |
require(ADMIN_PATH.'/interface/version.php'); |
473 | 473 |
|
474 |
$settings_rows= "INSERT INTO `".TABLE_PREFIX."settings` " |
|
475 |
." (setting_id, name, value) VALUES " |
|
476 |
." ( 1, 'wb_version', '".VERSION."')," |
|
477 |
." ( 2, 'website_title', '$website_title')," |
|
478 |
." ( 3, 'website_description', '')," |
|
479 |
." ( 4, 'website_keywords', '')," |
|
480 |
." ( 5, 'website_header', '')," |
|
481 |
." ( 6, 'website_footer', '')," |
|
482 |
." ( 7, 'wysiwyg_style', 'font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;')," |
|
483 |
." ( 8, 'rename_files_on_upload', 'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt')," |
|
484 |
." ( 9, 'er_level', '0')," |
|
485 |
." (10, 'default_language', '$default_language')," |
|
486 |
." (11, 'app_name', 'wb_$session_rand')," |
|
487 |
." (12, 'sec_anchor', 'Sec')," |
|
488 |
." (13, 'default_timezone', '$default_timezone')," |
|
489 |
." (14, 'default_date_format', 'Y-m-d')," |
|
490 |
." (15, 'default_time_format', 'h:i A')," |
|
491 |
." (16, 'redirect_timer', '1500')," |
|
492 |
." (17, 'home_folders', 'true')," |
|
493 |
." (18, 'warn_page_leave', '1')," |
|
494 |
." (19, 'default_template', 'round')," |
|
495 |
." (20, 'default_theme', 'wb_theme')," |
|
496 |
." (21, 'default_charset', 'utf-8')," |
|
497 |
." (22, 'multiple_menus', 'true')," |
|
498 |
." (23, 'page_level_limit', '6')," |
|
499 |
." (24, 'intro_page', 'false')," |
|
500 |
." (25, 'page_trash', 'inline')," |
|
501 |
." (26, 'homepage_redirection', 'false')," |
|
502 |
." (27, 'page_languages', 'true')," |
|
503 |
." (28, 'wysiwyg_editor', 'fckeditor')," |
|
504 |
." (29, 'manage_sections', 'true')," |
|
505 |
." (30, 'section_blocks', 'false')," |
|
506 |
." (31, 'smart_login', 'false')," |
|
507 |
." (32, 'frontend_login', 'false')," |
|
508 |
." (33, 'frontend_signup', 'false')," |
|
509 |
." (34, 'search', 'public')," |
|
510 |
." (35, 'page_extension', '.php')," |
|
511 |
." (36, 'page_spacer', '-')," |
|
512 |
." (37, 'pages_directory', '/pages')," |
|
513 |
." (38, 'rename_files_on_upload', 'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt')," |
|
514 |
." (39, 'media_directory', '/media')," |
|
515 |
." (40, 'operating_system', '$operating_system')," |
|
516 |
." (41, 'string_file_mode', '$file_mode')," |
|
517 |
." (42, 'string_dir_mode', '$dir_mode')," |
|
518 |
." (43, 'wbmailer_routine', 'phpmail')," |
|
519 |
." (44, 'server_email', '$admin_email')," |
|
520 |
." (45, 'wbmailer_default_sendername', 'WebsiteBaker Mailer')," |
|
521 |
." (46, 'wbmailer_smtp_host', '')," |
|
522 |
." (47, 'wbmailer_smtp_auth', '')," |
|
523 |
." (48, 'wbmailer_smtp_username', '')," |
|
524 |
." (49, 'wbmailer_smtp_password', '')," |
|
525 |
." (50, 'fingerprint_with_ip_octets', '2')," |
|
526 |
." (51, 'secure_form_module', '')," |
|
527 |
." (52, 'mediasettings', '')," |
|
528 |
." (53, 'wb_revision', '".REVISION."')," |
|
529 |
." (54, 'wb_sp', '".SP."')," |
|
530 |
." (55, 'page_icon_dir', '/templates/*/title_images')," |
|
531 |
." (56, 'dev_infos', 'false')," |
|
532 |
." (57, 'groups_updated', '".time()."')," |
|
533 |
." (58, 'wbmail_signature', '')," |
|
534 |
." (59, 'confirmed_registration', '1')," |
|
535 |
." (60, 'page_extendet', 'true')," |
|
536 |
." (62, 'system_locked', '0')"; |
|
474 |
$sql = 'INSERT INTO `'.TABLE_PREFIX.'settings` (`name`, `value`) VALUES ' |
|
475 |
. '(\'wb_version\', \''.VERSION.'\'), ' |
|
476 |
. '(\'website_title\', \''.$website_title.'\'), ' |
|
477 |
. '(\'website_description\', \'\'), ' |
|
478 |
. '(\'website_keywords\', \'\'), ' |
|
479 |
. '(\'website_header\', \'\'), ' |
|
480 |
. '(\'website_footer\', \'\'), ' |
|
481 |
. '(\'wysiwyg_style\', \'font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px;\'), ' |
|
482 |
. '(\'rename_files_on_upload\', \'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt\'), ' |
|
483 |
. '(\'er_level\', \'0\'), ' |
|
484 |
. '(\'default_language\', \''.$default_language.'\'), ' |
|
485 |
. '(\'app_name\', \'wb_'.$session_rand.'\'), ' |
|
486 |
. '(\'sec_anchor\', \'Sec\'), ' |
|
487 |
. '(\'default_timezone\', \''.$default_timezone.'\'), ' |
|
488 |
. '(\'default_date_format\', \'Y-m-d\'), ' |
|
489 |
. '(\'default_time_format\', \'h:i A\'), ' |
|
490 |
. '(\'redirect_timer\', \'1500\'), ' |
|
491 |
. '(\'home_folders\', \'true\'), ' |
|
492 |
. '(\'warn_page_leave\', \'1\'), ' |
|
493 |
. '(\'default_template\', \'round\'), ' |
|
494 |
. '(\'default_theme\', \'wb_theme\'), ' |
|
495 |
. '(\'default_charset\', \'utf-8\'), ' |
|
496 |
. '(\'multiple_menus\', \'true\'), ' |
|
497 |
. '(\'page_level_limit\', \'6\'), ' |
|
498 |
. '(\'intro_page\', \'false\'), ' |
|
499 |
. '(\'page_trash\', \'inline\'), ' |
|
500 |
. '(\'homepage_redirection\', \'false\'), ' |
|
501 |
. '(\'page_languages\', \'true\'), ' |
|
502 |
. '(\'wysiwyg_editor\', \'fckeditor\'), ' |
|
503 |
. '(\'manage_sections\', \'true\'), ' |
|
504 |
. '(\'section_blocks\', \'false\'), ' |
|
505 |
. '(\'smart_login\', \'false\'), ' |
|
506 |
. '(\'frontend_login\', \'false\'), ' |
|
507 |
. '(\'frontend_signup\', \'false\'), ' |
|
508 |
. '(\'search\', \'public\'), ' |
|
509 |
. '(\'page_extension\', \'.php\'), ' |
|
510 |
. '(\'page_spacer\', \'-\'), ' |
|
511 |
. '(\'pages_directory\', \'/pages\'), ' |
|
512 |
. '(\'rename_files_on_upload\', \'ph.*?,cgi,pl,pm,exe,com,bat,pif,cmd,src,asp,aspx,js,txt\'), ' |
|
513 |
. '(\'media_directory\', \'/media\'), ' |
|
514 |
. '(\'operating_system\', \''.$operating_system.'\'), ' |
|
515 |
. '(\'string_file_mode\', \''.$file_mode.'\'), ' |
|
516 |
. '(\'string_dir_mode\', \''.$dir_mode.'\'), ' |
|
517 |
. '(\'wbmailer_routine\', \'phpmail\'), ' |
|
518 |
. '(\'server_email\', \''.$admin_email.'\'), ' |
|
519 |
. '(\'wbmailer_default_sendername\', \'WebsiteBaker Mailer\'), ' |
|
520 |
. '(\'wbmailer_smtp_host\', \'\'), ' |
|
521 |
. '(\'wbmailer_smtp_auth\', \'\'), ' |
|
522 |
. '(\'wbmailer_smtp_username\', \'\'), ' |
|
523 |
. '(\'wbmailer_smtp_password\', \'\'), ' |
|
524 |
. '(\'fingerprint_with_ip_octets\', \'2\'), ' |
|
525 |
. '(\'secure_form_module\', \'\'), ' |
|
526 |
. '(\'mediasettings\', \'\'), ' |
|
527 |
. '(\'wb_revision\', \''.REVISION.'\'), ' |
|
528 |
. '(\'wb_sp\', \''.SP.'\'), ' |
|
529 |
. '(\'page_icon_dir\', \'/templates/*/title_images\'), ' |
|
530 |
. '(\'dev_infos\', \'false\'), ' |
|
531 |
. '(\'groups_updated\', \''.time().'\'), ' |
|
532 |
. '(\'wbmail_signature\', \'\'), ' |
|
533 |
. '(\'confirmed_registration\', \'1\'), ' |
|
534 |
. '(\'page_extendet\', \'true\'), ' |
|
535 |
. '(\'system_locked\', \'0\'), ' |
|
536 |
. '(\'password_crypt_loops\', \'12\'), ' |
|
537 |
. '(\'password_hash_type\', \'false\'), ' |
|
538 |
. '(\'password_length\', \'10\'), ' |
|
539 |
. '(\'password_use_types\', \''.(int)0xFFFF.'\') ' |
|
540 |
. ''; |
|
537 | 541 |
if(!$database->query($settings_rows)) { set_error($database->get_error()); } |
538 | 542 |
|
539 | 543 |
// Admin group |
540 |
$full_system_permissions = 'access,addons,admintools,admintools_view,groups,groups_add,groups_delete,groups_modify,groups_view,'; |
|
541 |
$full_system_permissions .= 'languages,languages_install,languages_uninstall,languages_view,media,media_create,media_delete,media_rename,media_upload,media_view,'; |
|
542 |
$full_system_permissions .= 'modules,modules_advanced,modules_install,modules_uninstall,modules_view,pages,pages_add,pages_add_l0,pages_delete,pages_intro,pages_modify,pages_settings,pages_view,'; |
|
543 |
$full_system_permissions .= 'preferences,preferences_view,settings,settings_advanced,settings_basic,settings_view,templates,templates_install,templates_uninstall,templates_view,users,users_add,users_delete,users_modify,users_view'; |
|
544 |
$insert_admin_group = "INSERT INTO `".TABLE_PREFIX."groups` VALUES ('1', 'Administrators', '$full_system_permissions', '', '')"; |
|
545 |
if(!$database->query($insert_admin_group)) { set_error($database->get_error()); } |
|
544 |
$full_system_permissions = 'access,addons,admintools,admintools_view,groups,groups_add,groups_delete,' |
|
545 |
. 'groups_modify,groups_view,languages,languages_install,languages_uninstall,' |
|
546 |
. 'languages_view,media,media_create,media_delete,media_rename,media_upload,' |
|
547 |
. 'media_view,modules,modules_advanced,modules_install,modules_uninstall,' |
|
548 |
. 'modules_view,pages,pages_add,pages_add_l0,pages_delete,pages_intro,' |
|
549 |
. 'pages_modify,pages_settings,pages_view,preferences,preferences_view,' |
|
550 |
. 'settings,settings_advanced,settings_basic,settings_view,templates,' |
|
551 |
. 'templates_install,templates_uninstall,templates_view,users,users_add,' |
|
552 |
. 'users_delete,users_modify,users_view'; |
|
553 |
$sql = 'INSERT INTO `'.TABLE_PREFIX.'groups` ' |
|
554 |
. 'SET `group_id` =1,' |
|
555 |
. '`name`=\'Administrators\',' |
|
556 |
. '`system_permissions`=\''.$full_system_permissions.'\',' |
|
557 |
. '`module_permissions`=\'\',' |
|
558 |
. '`template_permissions`=\'\''; |
|
559 |
if(!$database->query($sql)) { set_error($database->get_error()); } |
|
546 | 560 |
|
547 | 561 |
// Admin user |
548 | 562 |
$insert_admin_user = "INSERT INTO `".TABLE_PREFIX."users` VALUES (1, 1, '1', 1, '$admin_username', '".md5($admin_password)."', '', 0, '', 0, 'Administrator', '$admin_email', $default_timezone, '', '', '$default_language', '', 0, '');"; |
Also available in: Unified diff
implement class Password and activate it (not implemented for use yet)