[geeklog-cvs] Geeklog-1.x/public_html/admin sectest.php, 1.12, 1.13 user.php, 1.198, 1.199
Dirk Haun
dhaun at qs1489.pair.com
Sun Dec 9 13:05:41 EST 2007
Update of /cvsroot/geeklog/Geeklog-1.x/public_html/admin
In directory qs1489.pair.com:/tmp/cvs-serv36406/public_html/admin
Modified Files:
sectest.php user.php
Log Message:
New function SEC_encryptPassword() to get all the direct calls to md5() out of the core code and give us a chance to switch to some other encryption method in the future.
Index: sectest.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/sectest.php,v
retrieving revision 1.12
retrieving revision 1.13
diff -C2 -d -r1.12 -r1.13
*** sectest.php 25 Nov 2007 06:58:55 -0000 1.12
--- sectest.php 9 Dec 2007 18:05:39 -0000 1.13
***************
*** 249,253 ****
$pwdRoot = 0;
$pwdUser = 0;
! $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE passwd='" . md5 ('password') . "'");
$numPwd = DB_numRows($result);
if ($numPwd > 0) {
--- 249,253 ----
$pwdRoot = 0;
$pwdUser = 0;
! $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE passwd='" . SEC_encryptPassword('password') . "'");
$numPwd = DB_numRows($result);
if ($numPwd > 0) {
Index: user.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/public_html/admin/user.php,v
retrieving revision 1.198
retrieving revision 1.199
diff -C2 -d -r1.198 -r1.199
*** user.php 25 Nov 2007 07:55:22 -0000 1.198
--- user.php 9 Dec 2007 18:05:39 -0000 1.199
***************
*** 3,7 ****
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
! // | Geeklog 1.4 |
// +---------------------------------------------------------------------------+
// | user.php |
--- 3,7 ----
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
! // | Geeklog 1.5 |
// +---------------------------------------------------------------------------+
// | user.php |
***************
*** 9,13 ****
// | Geeklog user administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2006 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
--- 9,13 ----
// | Geeklog user administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2007 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony AT tonybibbs DOT com |
***************
*** 492,496 ****
if (empty ($uid) || !empty ($passwd)) {
! $passwd = md5 ($passwd);
} else {
$passwd = DB_getItem ($_TABLES['users'], 'passwd', "uid = $uid");
--- 492,496 ----
if (empty ($uid) || !empty ($passwd)) {
! $passwd = SEC_encryptPassword($passwd);
} else {
$passwd = DB_getItem ($_TABLES['users'], 'passwd', "uid = $uid");
***************
*** 504,508 ****
$passwd = md5 ($passwd);
$passwd = substr ($passwd, 1, 8);
! $passwd = md5 ($passwd);
}
--- 504,508 ----
$passwd = md5 ($passwd);
$passwd = substr ($passwd, 1, 8);
! $passwd = SEC_encryptPassword($passwd);
}
More information about the geeklog-cvs
mailing list