Fix secure tripcode hardening

This commit is contained in:
Michael Foster 2013-09-23 12:53:44 +10:00
parent 699279d84a
commit 9cf6814776

View File

@ -1973,14 +1973,13 @@ function generate_tripcode($name) {
if (isset($config['custom_tripcode']["##{$trip}"]))
$trip = $config['custom_tripcode']["##{$trip}"];
else
$trip = '!!' . substr(crypt($trip, $salt . $config['secure_trip_salt']), -10);
$trip = '!!' . substr(crypt($trip, substr(base64_encode(sha1($trip . $config['secure_trip_salt'], true)), 0, 9)), -10);
} else {
if (isset($config['custom_tripcode']["#{$trip}"]))
$trip = $config['custom_tripcode']["#{$trip}"];
else
$trip = '!' . substr(crypt($trip, $salt), -10);
}
return array($name, $trip);
}