From c8fbb3957aa46f31c21099d87ab80eb079563d2d Mon Sep 17 00:00:00 2001 From: Cameron Date: Fri, 10 Jun 2016 16:37:36 -0700 Subject: [PATCH] Display Password hash-type in Admin > Users. e_URL_LEGACY constant added when SEF URLs detected. --- e107_admin/users.php | 15 +++++++++++-- e107_handlers/magpie_rss.php | 2 +- e107_handlers/user_handler.php | 39 ++++++++++++++++++++++------------ index.php | 1 + 4 files changed, 41 insertions(+), 16 deletions(-) diff --git a/e107_admin/users.php b/e107_admin/users.php index 5f84477fa..112729a6a 100644 --- a/e107_admin/users.php +++ b/e107_admin/users.php @@ -29,7 +29,7 @@ e107::coreLan('date'); e107::css('inline', " - .label-status { width:100%; display:block; padding-bottom:5px; padding-top:5px } + .label-status, .label-password { width:100%; display:block; padding-bottom:5px; padding-top:5px } "); class users_admin extends e_admin_dispatcher @@ -2398,10 +2398,21 @@ class users_admin_form_ui extends e_admin_form_ui { if($mode == 'read') { - if(empty($curVal)) + if(empty($curval)) { return "No password!"; } + + // if(getperms('0')) + { + + $type = e107::getUserSession()->getHashType($curval, 'array'); + $num = $type[0]; + + $styles= array(0=>'label-danger',1=>'label-warning', 3=>'label-success'); + + return "".$type[1].""; + } } if($mode == 'write') { diff --git a/e107_handlers/magpie_rss.php b/e107_handlers/magpie_rss.php index 1ac56ab27..9ba25616f 100644 --- a/e107_handlers/magpie_rss.php +++ b/e107_handlers/magpie_rss.php @@ -92,7 +92,7 @@ class MagpieRSS { * source encoding. (caveat emptor) * */ - function MagpieRSS ($source, $output_encoding = CHARSET, + function __construct ($source, $output_encoding = CHARSET, $input_encoding=null, $detect_encoding = true) { # if PHP xml isn't compiled in, die diff --git a/e107_handlers/user_handler.php b/e107_handlers/user_handler.php index e85e3aed3..c595b8757 100644 --- a/e107_handlers/user_handler.php +++ b/e107_handlers/user_handler.php @@ -224,9 +224,9 @@ class UserHandler switch($type) { - case PASSWORD_E107_MD5: + case PASSWORD_E107_MD5:// && if (md5($password) !== $stored_hash) return PASSWORD_INVALID; - if ($this->preferred == PASSWORD_E107_MD5) return PASSWORD_VALID; + if ($this->preferred == PASSWORD_E107_MD5 && ($this->passwordOpts <= 1)) return PASSWORD_VALID; return $this->HashPassword($password); // Valid password, but non-preferred encoding; return the new hash break; @@ -288,35 +288,48 @@ class UserHandler /** * Detect Password Hash Algorythm type * @param string $hash - Password hash to analyse + * @param string $mode - (optional) set to 'text' for a plain-text description. * @return bool|int */ - public function getHashType($hash) + public function getHashType($hash, $mode='constant') { if(empty($hash)) { return false; } - if(($this->passwordOpts <= 1) && (strlen($hash) === 32)) - { - return PASSWORD_E107_MD5; - } + $num = false; + $name = ''; - if ((strlen($hash) === 35) && (substr($hash,0,3) == PASSWORD_E107_ID)) + if((strlen($hash) === 32)) { - return PASSWORD_E107_SALT; + $num = PASSWORD_E107_MD5; + $name = 'md5'; } - - if($this->passwordAPI) + elseif ((strlen($hash) === 35) && (substr($hash,0,3) == PASSWORD_E107_ID)) + { + $num = PASSWORD_E107_SALT; + $name = 'md5-salt'; + } + elseif($this->passwordAPI) { $info = password_get_info($hash); if(!empty($info['algo'])) { - return PASSWORD_E107_PHP; + $num = PASSWORD_E107_PHP; + $name = $info['algoName']; } } - return false; + if($mode == 'array' && !empty($name)) + { + return array($num,$name); + } + + return $num; + + + } diff --git a/index.php b/index.php index 432531b6e..38767a1e8 100644 --- a/index.php +++ b/index.php @@ -141,6 +141,7 @@ { define('e_CURRENT_PLUGIN', $plug); define('e_QUERY', $query); // do not add to e107_class.php + define('e_URL_LEGACY', $redirect); include_once($file); exit; }