mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-01-17 20:58:30 +01:00
Code Issues Releases Wiki Activity

Stronger passwords on default install, when methods available.

Browse Source
This commit is contained in:
Cameron 2016-06-07 17:18:18 -07:00
parent 3dbcf5e802
commit cb0621f5d7
3 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
e107_handlers/user_handler.php
View File

@ -175,6 +175,11 @@ class UserHandler
$force = $this->preferred;
}
if(($force == PASSWORD_E107_PHP) && $this->passwordAPI === false)
{
$force = PASSWORD_E107_SALT; // fallback.
}
switch ($force)
{
case PASSWORD_E107_MD5 :
@ -185,10 +190,7 @@ class UserHandler
break;
case PASSWORD_E107_PHP :
if($this->passwordAPI)
{
return password_hash($password, PASSWORD_DEFAULT);
}
return password_hash($password, PASSWORD_DEFAULT);
break;
}

2
e107_themes/voux/install/install.xml
View File

@ -495,7 +495,7 @@
<item>
<field name="link_id">11</field>
<field name="link_name">About</field>
<field name="link_url">about</field>
<field name="link_url">page.php?id=1</field>
<field name="link_description"></field>
<field name="link_button"></field>
<field name="link_category">1</field>

5
install.php
View File

@ -1557,8 +1557,11 @@ if($this->pdo == true)
$this->logLine('Core prefs set to install choices');
// Create the admin user - replacing any that may be been included in the XML.
$us = e107::getUserSession();
$hash = $us->HashPassword($this->previous_steps['admin']['password'],$this->previous_steps['admin']['user'],PASSWORD_E107_PHP);
$ip = $_SERVER['REMOTE_ADDR'];
$userp = "1, '{$this->previous_steps['admin']['display']}', '{$this->previous_steps['admin']['user']}', '', '".md5($this->previous_steps['admin']['password'])."', '', '{$this->previous_steps['admin']['email']}', '', '', 0, ".time().", 0, 0, 0, 0, 0, '{$ip}', 0, '', 0, 1, '', '', '0', '', ".time().", ''";
$userp = "1, '{$this->previous_steps['admin']['display']}', '{$this->previous_steps['admin']['user']}', '', '".$hash."', '', '{$this->previous_steps['admin']['email']}', '', '', 0, ".time().", 0, 0, 0, 0, 0, '{$ip}', 0, '', 0, 1, '', '', '0', '', ".time().", ''";
$qry = "REPLACE INTO {$this->previous_steps['mysql']['prefix']}user VALUES ({$userp})";
$this->dbqry("REPLACE INTO {$this->previous_steps['mysql']['prefix']}user VALUES ({$userp})" );
$this->logLine('Admin user created');