diff --git a/REVISION.md b/REVISION.md index cedd4f5..51d3c46 100644 --- a/REVISION.md +++ b/REVISION.md @@ -8,6 +8,7 @@ Revision history v0.7.0.x (latest) ------------------------------------- +* Support for password hashes using `text`, `md5` and `hash`, fix #77. * Using `CWhitelist` for checking hotlinking to images, fix #88. * Added mode for `test` which enables logging verbose mode to file, fix #97. * Improved codestyle and added `phpcs.xml` to start using phpcs to check code style, fix #95. diff --git a/webroot/img.php b/webroot/img.php index 0cc7ab9..9b862ad 100644 --- a/webroot/img.php +++ b/webroot/img.php @@ -229,20 +229,27 @@ if ($defaultTimezone) { */ $pwdConfig = getConfig('password', false); $pwdAlways = getConfig('password_always', false); +$pwdType = getConfig('password_type', 'text'); $pwd = get(array('password', 'pwd'), null); // Check if passwords match, if configured to use passwords -$passwordMatch = null; -if ($pwdAlways) { - - $passwordMatch = ($pwdConfig === $pwd); - if (!$passwordMatch) { - errorPage("Password required and does not match or exists."); +$passwordMatch = false; +if ($pwd) { + switch($pwdType) { + case 'md5': + $passwordMatch = ($pwdConfig === md5($pwd)); + break; + case 'hash': + $passwordMatch = password_verify($pwd, $pwdConfig); + break; + case 'text': + $passwordMatch = ($pwdConfig === $pwd); + break; } +} -} elseif ($pwdConfig && $pwd) { - - $passwordMatch = ($pwdConfig === $pwd); +if ($pwdAlways && $passwordMatch !== true) { + errorPage("Password required and does not match or exists."); } verbose("password match = $passwordMatch"); diff --git a/webroot/img_config.php b/webroot/img_config.php index 2e0ddc4..ffb3e66 100644 --- a/webroot/img_config.php +++ b/webroot/img_config.php @@ -51,12 +51,19 @@ return array( * Passwords are only used together with the options for remote download * and aliasing. * + * Create a passwords like this, depending on the type used: + * text: 'my_password' + * md5: md5('my_password') + * hash: password_hash('my_password', PASSWORD_DEFAULT) + * * Default values. - * password: false // as in do not use password - * password_always: false // do not always require password, + * password_always: false // do not always require password, + * password: false // as in do not use password + * password_type: 'text' // use plain password, not encoded, */ - //'password' => false, // "secret-password", //'password_always' => false, // always require password, + //'password' => false, // "secret-password", + //'password_type' => 'text', // supports 'text', 'md5', 'hash', diff --git a/webroot/imgd.php b/webroot/imgd.php index 585287b..2666c6c 100644 --- a/webroot/imgd.php +++ b/webroot/imgd.php @@ -3322,20 +3322,27 @@ if ($defaultTimezone) { */ $pwdConfig = getConfig('password', false); $pwdAlways = getConfig('password_always', false); +$pwdType = getConfig('password_type', 'text'); $pwd = get(array('password', 'pwd'), null); // Check if passwords match, if configured to use passwords -$passwordMatch = null; -if ($pwdAlways) { - - $passwordMatch = ($pwdConfig === $pwd); - if (!$passwordMatch) { - errorPage("Password required and does not match or exists."); +$passwordMatch = false; +if ($pwd) { + switch($pwdType) { + case 'md5': + $passwordMatch = ($pwdConfig === md5($pwd)); + break; + case 'hash': + $passwordMatch = password_verify($pwd, $pwdConfig); + break; + case 'text': + $passwordMatch = ($pwdConfig === $pwd); + break; } +} -} elseif ($pwdConfig && $pwd) { - - $passwordMatch = ($pwdConfig === $pwd); +if ($pwdAlways && $passwordMatch !== true) { + errorPage("Password required and does not match or exists."); } verbose("password match = $passwordMatch"); diff --git a/webroot/imgp.php b/webroot/imgp.php index 4a762b5..ea92abb 100644 --- a/webroot/imgp.php +++ b/webroot/imgp.php @@ -3322,20 +3322,27 @@ if ($defaultTimezone) { */ $pwdConfig = getConfig('password', false); $pwdAlways = getConfig('password_always', false); +$pwdType = getConfig('password_type', 'text'); $pwd = get(array('password', 'pwd'), null); // Check if passwords match, if configured to use passwords -$passwordMatch = null; -if ($pwdAlways) { - - $passwordMatch = ($pwdConfig === $pwd); - if (!$passwordMatch) { - errorPage("Password required and does not match or exists."); +$passwordMatch = false; +if ($pwd) { + switch($pwdType) { + case 'md5': + $passwordMatch = ($pwdConfig === md5($pwd)); + break; + case 'hash': + $passwordMatch = password_verify($pwd, $pwdConfig); + break; + case 'text': + $passwordMatch = ($pwdConfig === $pwd); + break; } +} -} elseif ($pwdConfig && $pwd) { - - $passwordMatch = ($pwdConfig === $pwd); +if ($pwdAlways && $passwordMatch !== true) { + errorPage("Password required and does not match or exists."); } verbose("password match = $passwordMatch"); diff --git a/webroot/imgs.php b/webroot/imgs.php index 585287b..2666c6c 100644 --- a/webroot/imgs.php +++ b/webroot/imgs.php @@ -3322,20 +3322,27 @@ if ($defaultTimezone) { */ $pwdConfig = getConfig('password', false); $pwdAlways = getConfig('password_always', false); +$pwdType = getConfig('password_type', 'text'); $pwd = get(array('password', 'pwd'), null); // Check if passwords match, if configured to use passwords -$passwordMatch = null; -if ($pwdAlways) { - - $passwordMatch = ($pwdConfig === $pwd); - if (!$passwordMatch) { - errorPage("Password required and does not match or exists."); +$passwordMatch = false; +if ($pwd) { + switch($pwdType) { + case 'md5': + $passwordMatch = ($pwdConfig === md5($pwd)); + break; + case 'hash': + $passwordMatch = password_verify($pwd, $pwdConfig); + break; + case 'text': + $passwordMatch = ($pwdConfig === $pwd); + break; } +} -} elseif ($pwdConfig && $pwd) { - - $passwordMatch = ($pwdConfig === $pwd); +if ($pwdAlways && $passwordMatch !== true) { + errorPage("Password required and does not match or exists."); } verbose("password match = $passwordMatch");