mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-31 20:00:37 +02:00
Code Issues Releases Wiki Activity

Stronger passwords on default install, when methods available.

Browse Source
This commit is contained in:
Cameron
2016-06-07 17:18:18 -07:00
parent 3dbcf5e802
commit cb0621f5d7
3 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
e107_handlers/user_handler.php
View File

@@ -175,6 +175,11 @@ class UserHandler
$force = $this->preferred; $force = $this->preferred;
} }
if(($force == PASSWORD_E107_PHP) && $this->passwordAPI === false)
{
$force = PASSWORD_E107_SALT; // fallback.
}
switch ($force) switch ($force)
{ {
case PASSWORD_E107_MD5 : case PASSWORD_E107_MD5 :
@@ -185,10 +190,7 @@ class UserHandler
break; break;
case PASSWORD_E107_PHP : case PASSWORD_E107_PHP :
if($this->passwordAPI) return password_hash($password, PASSWORD_DEFAULT);
{
return password_hash($password, PASSWORD_DEFAULT);
}
break; break;
} }

2
e107_themes/voux/install/install.xml
View File

@@ -495,7 +495,7 @@
<item> <item>
<field name="link_id">11</field> <field name="link_id">11</field>
<field name="link_name">About</field> <field name="link_name">About</field>
<field name="link_url">about</field> <field name="link_url">page.php?id=1</field>
<field name="link_description"></field> <field name="link_description"></field>
<field name="link_button"></field> <field name="link_button"></field>
<field name="link_category">1</field> <field name="link_category">1</field>

5
install.php
View File

@@ -1557,8 +1557,11 @@ if($this->pdo == true)
$this->logLine('Core prefs set to install choices'); $this->logLine('Core prefs set to install choices');
// Create the admin user - replacing any that may be been included in the XML. // Create the admin user - replacing any that may be been included in the XML.
$us = e107::getUserSession();
$hash = $us->HashPassword($this->previous_steps['admin']['password'],$this->previous_steps['admin']['user'],PASSWORD_E107_PHP);
$ip = $_SERVER['REMOTE_ADDR']; $ip = $_SERVER['REMOTE_ADDR'];
$userp = "1, '{$this->previous_steps['admin']['display']}', '{$this->previous_steps['admin']['user']}', '', '".md5($this->previous_steps['admin']['password'])."', '', '{$this->previous_steps['admin']['email']}', '', '', 0, ".time().", 0, 0, 0, 0, 0, '{$ip}', 0, '', 0, 1, '', '', '0', '', ".time().", ''"; $userp = "1, '{$this->previous_steps['admin']['display']}', '{$this->previous_steps['admin']['user']}', '', '".$hash."', '', '{$this->previous_steps['admin']['email']}', '', '', 0, ".time().", 0, 0, 0, 0, 0, '{$ip}', 0, '', 0, 1, '', '', '0', '', ".time().", ''";
$qry = "REPLACE INTO {$this->previous_steps['mysql']['prefix']}user VALUES ({$userp})"; $qry = "REPLACE INTO {$this->previous_steps['mysql']['prefix']}user VALUES ({$userp})";
$this->dbqry("REPLACE INTO {$this->previous_steps['mysql']['prefix']}user VALUES ({$userp})" ); $this->dbqry("REPLACE INTO {$this->previous_steps['mysql']['prefix']}user VALUES ({$userp})" );
$this->logLine('Admin user created'); $this->logLine('Admin user created');