|
|
@ -4,6 +4,8 @@ |
|
|
|
* Copyright (c) 2010-2013 Tinyboard Development Group |
|
|
|
*/ |
|
|
|
|
|
|
|
use Vichan\Functions\Net; |
|
|
|
|
|
|
|
defined('TINYBOARD') or exit; |
|
|
|
|
|
|
|
// create a hash/salt pair for validate logins |
|
|
@ -37,12 +39,6 @@ function mkhash($username, $password, $salt = false) { |
|
|
|
return $hash; |
|
|
|
} |
|
|
|
|
|
|
|
function crypt_password_old($password) { |
|
|
|
$salt = generate_salt(); |
|
|
|
$password = hash('sha256', $salt . sha1($password)); |
|
|
|
return array($salt, $password); |
|
|
|
} |
|
|
|
|
|
|
|
function crypt_password($password) { |
|
|
|
global $config; |
|
|
|
// `salt` database field is reused as a version value. We don't want it to be 0. |
|
|
@ -69,12 +65,6 @@ function test_password($password, $salt, $test) { |
|
|
|
} |
|
|
|
|
|
|
|
function generate_salt() { |
|
|
|
// mcrypt_create_iv() was deprecated in PHP 7.1.0, only use it if we're below that version number. |
|
|
|
if (PHP_VERSION_ID < 70100) { |
|
|
|
// 128 bits of entropy |
|
|
|
return strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.'); |
|
|
|
} |
|
|
|
// Otherwise, use random_bytes() |
|
|
|
return strtr(base64_encode(random_bytes(16)), '+', '.'); |
|
|
|
} |
|
|
|
|
|
|
@ -117,19 +107,22 @@ function setCookies() { |
|
|
|
if (!$mod) |
|
|
|
error('setCookies() was called for a non-moderator!'); |
|
|
|
|
|
|
|
$is_https = Net\is_connection_secure(); |
|
|
|
|
|
|
|
setcookie($config['cookies']['mod'], |
|
|
|
$mod['username'] . // username |
|
|
|
':' . |
|
|
|
$mod['hash'][0] . // password |
|
|
|
':' . |
|
|
|
$mod['hash'][1], // salt |
|
|
|
time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', $config['cookies']['httponly']); |
|
|
|
time() + $config['cookies']['expire'], $config['cookies']['jail'] ? $config['cookies']['path'] : '/', null, $is_https, $config['cookies']['httponly']); |
|
|
|
} |
|
|
|
|
|
|
|
function destroyCookies() { |
|
|
|
global $config; |
|
|
|
$is_https = Net\is_connection_secure(); |
|
|
|
// Delete the cookies |
|
|
|
setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); |
|
|
|
setcookie($config['cookies']['mod'], 'deleted', time() - $config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path'] : '/', null, $is_https, true); |
|
|
|
} |
|
|
|
|
|
|
|
function modLog($action, $_board=null) { |
|
|
@ -186,6 +179,7 @@ function make_secure_link_token($uri) { |
|
|
|
|
|
|
|
function check_login($prompt = false) { |
|
|
|
global $config, $mod; |
|
|
|
|
|
|
|
// Validate session |
|
|
|
if (isset($_COOKIE[$config['cookies']['mod']])) { |
|
|
|
// Should be username:hash:salt |
|
|
|