Browse Source

Fix secure tripcode hardening

pull/40/head
Michael Foster 11 years ago
parent
commit
9cf6814776
  1. 3
      inc/functions.php

3
inc/functions.php

@ -1973,14 +1973,13 @@ function generate_tripcode($name) {
if (isset($config['custom_tripcode']["##{$trip}"]))
$trip = $config['custom_tripcode']["##{$trip}"];
else
$trip = '!!' . substr(crypt($trip, $salt . $config['secure_trip_salt']), -10);
$trip = '!!' . substr(crypt($trip, substr(base64_encode(sha1($trip . $config['secure_trip_salt'], true)), 0, 9)), -10);
} else {
if (isset($config['custom_tripcode']["#{$trip}"]))
$trip = $config['custom_tripcode']["#{$trip}"];
else
$trip = '!' . substr(crypt($trip, $salt), -10);
}
return array($name, $trip);
}

Loading…
Cancel
Save