mirror_html/h5ai
1
0
Fork 0
mirror of https://github.com/lrsjng/h5ai.git synced 2025-08-29 15:59:58 +02:00
Code Issues Projects Releases Wiki Activity

Change hash algo to sha512.

Browse Source
This commit is contained in:
Lars Jung
2015-05-06 14:12:17 +02:00
parent 1975715dbd
commit 90d337a51f
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/_h5ai/server/php/config.php
View File

@@ -1,8 +1,8 @@
<?php
/*********************************************************************
SHA1 hash of the info page password, the preset password is the
SHA512 hash of the info page password, the preset password is the
empty string. You might change it to keep this information private.
Online hash generator: http://www.sha1.cz/
Online hash generator: http://md5hashing.net/hashing/sha512
*********************************************************************/
define("PASSHASH", "da39a3ee5e6b4b0d3255bfef95601890afd80709");
define("PASSHASH", "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e");

2
src/_h5ai/server/php/inc/class-api.php
View File

@@ -25,7 +25,7 @@ class Api {
private function on_login() {
$pass = Util::get_request_param("pass");
$_SESSION[AS_ADMIN_SESSION_KEY] = sha1($pass) === PASSHASH;
$_SESSION[AS_ADMIN_SESSION_KEY] = strcasecmp(hash("sha512", $pass), PASSHASH) === 0;
Util::json_exit(["asAdmin" => $_SESSION[AS_ADMIN_SESSION_KEY]]);
}

2
src/_h5ai/server/php/inc/class-bootstrap.php
View File

@@ -55,7 +55,7 @@ class Bootstrap {
session_start();
define("AS_ADMIN_SESSION_KEY", "__H5AI_AS_ADMIN__");
define("AS_ADMIN", isset($_SESSION[AS_ADMIN_SESSION_KEY]) && $_SESSION[AS_ADMIN_SESSION_KEY] === true);
define("HAS_CUSTOM_PASSHASH", PASSHASH !== "da39a3ee5e6b4b0d3255bfef95601890afd80709");
define("HAS_CUSTOM_PASSHASH", strcasecmp(PASSHASH, "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e") !== 0);
}