Skip to content
This repository
  • 5 commits
  • 19 files changed
  • 0 comments
  • 2 contributors
2  datas/cache/templates/index.html
... ...
@@ -0,0 +1,2 @@
  1
+<h1>Forbidden</h1>
  2
+<!-- No directory listing available -->
2  datas/config-sample.php
@@ -27,6 +27,8 @@
27 27
 // ========================
28 28
 
29 29
 $cfg['mainurl'] = 'http://localhost';
  30
+$cfg['site_id'] = 'Some unique string specific to your site';
  31
+$cfg['secret_key'] = 'Secret key used for authentication, make it unique and keep in secret!';
30 32
 
31 33
 // ========================
32 34
 // Default skin and default language
7  plugins/passrecover/passrecover.php
@@ -116,7 +116,12 @@ function sed_randompass()
116 116
 
117 117
 		$validationkey = md5(microtime());
118 118
 		$newpass = sed_randompass();
119  
-		$sql = sed_sql_query("UPDATE $db_users SET user_password='".md5($newpass)."', user_lostpass='$validationkey' WHERE user_id='$ruserid'");
  119
+		$ruserpass = array();
  120
+		$ruserpass['user_passsalt'] = sed_unique(16);
  121
+		$ruserpass['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc'];
  122
+		$ruserpass['user_password'] = sed_hash($newpass, $ruserpass['user_passsalt'], $ruserpass['user_passfunc']);
  123
+		$ruserpass['user_lostpass'] = $validationkey;
  124
+		sed_sql_update($db_users, "user_id=$ruserid", $ruserpass);
120 125
 
121 126
 		$rsubject = $cfg['maintitle']." - ".$L['plu_title'];
122 127
 		$rbody = $L['Hi']." ".$rusername.",\n\n".$L['plu_email2']."\n\n".$newpass. "\n\n".$L['aut_contactadmin'];
1  plugins/tags/lang/tags.en.lang.php
@@ -41,6 +41,7 @@
41 41
 $L['cfg_order'] = array('Cloud output order &mdash; alphabetical, descending frequency or random');
42 42
 $L['cfg_pages'] = array('Enable tags in pages');
43 43
 $L['cfg_perpage'] = array('Tags displayed per page in standalone cloud, 0 is all at once');
  44
+$L['cfg_sort'] = array('Default sorting column for tag search results');
44 45
 $L['cfg_title'] = array('Capitalize first letters of keywords');
45 46
 $L['cfg_translit'] = array('Transliterate tags in URLs');
46 47
 
1  plugins/tags/lang/tags.ru.lang.php
@@ -47,6 +47,7 @@
47 47
 $L['cfg_order'] = array('Сортировка облака тегов','по алфавиту, по убыванию частотности, случайным образом');
48 48
 $L['cfg_pages'] = array('Включить теги для страниц');
49 49
 $L['cfg_perpage'] = array('Тегов на странице в облаке всех тегов, 0 - все теги сразу');
  50
+$L['cfg_sort'] = array('Сортировка по умолчанию в результатах поиска по тегам');
50 51
 $L['cfg_title'] = array('Первые буквы тегов прописными');
51 52
 $L['cfg_translit'] = array('Транслитерировать теги в URL-адресах');
52 53
 
4  plugins/tags/tags.php
@@ -39,6 +39,10 @@
39 39
 
40 40
 // Sorting order
41 41
 $o = sed_import('order', 'P', 'ALP');
  42
+if (empty($o))
  43
+{
  44
+	$o = mb_strtolower($cfg['plugin']['tags']['sort']);
  45
+}
42 46
 $tag_order = '';
43 47
 $tag_orders = array('Title', 'Date', 'Category');
44 48
 foreach ($tag_orders as $order)
7  plugins/tags/tags.setup.php
@@ -4,10 +4,10 @@
4 4
 Code=tags
5 5
 Name=Tags
6 6
 Description=Basic Tags implementation
7  
-Version=0.0.6
8  
-Date=2009-jun-28
  7
+Version=0.6.24
  8
+Date=2012-07-30
9 9
 Author=Trustmaster
10  
-Copyright=All rights reserved (c) 2008-2009, Vladimir Sibirov.
  10
+Copyright=All rights reserved (c) 2008-2012, Vladimir Sibirov.
11 11
 Notes=BSD License.
12 12
 SQL=
13 13
 Auth_guests=R
@@ -29,6 +29,7 @@
29 29
 more=10:radio::1:Show 'All tags' link in tag clouds
30 30
 perpage=11:string::0:Tags displayed per page in standalone cloud, 0 is all at once
31 31
 index=12:select:pages,forums,all:pages:Index page tag cloud area
  32
+sort=31:select:ID,Title,Date,Category:ID:Default sorting column for tag search results
32 33
 [END_SED_EXTPLUGIN_CONFIG]
33 34
 ==================== */
34 35
 
6  sql/cotonti-install.sql
@@ -320,6 +320,7 @@ INSERT INTO `sed_config` (`config_owner`, `config_cat`, `config_order`, `config_
320 320
 ('core', 'main', '20', 'shieldzhammer', 2, '25', '', ''),
321 321
 ('core', 'main', '30', 'jquery', 3, '1', '', ''),
322 322
 ('core', 'main', '31', 'turnajax', 3, '1', '1', ''),
  323
+('core', 'main', '42', 'hashfunc', 1, 'sha256', '',''),
323 324
 ('core', 'parser', '10', 'parser_custom', 3, '0', '', ''),
324 325
 ('core', 'parser', '10', 'parser_cache', 3, '1', '', ''),
325 326
 ('core', 'parser', '10', 'parser_disable', 3, '0', '', ''),
@@ -493,6 +494,7 @@ INSERT INTO `sed_config` (`config_owner`, `config_cat`, `config_order`, `config_
493 494
 ('plug', 'tags', '9', 'lim_index', 1, '0', '', ' Limit of tags in a cloud displayed on index, 0 is unlimited'),
494 495
 ('plug', 'tags', '10', 'more', 3, '1', '', 'Show All Tags link in tag clouds'),
495 496
 ('plug', 'tags', '12', 'index', 2, 'pages', 'pages,forums,all', 'Index page tag cloud area'),
  497
+('plug', 'tags', '31', 'sort', 2, 'ID', 'ID,Title,Date,Category', 'Default sorting column for tag search results'),
496 498
 ('core', 'comments', '03', 'expand_comments', 3, '1', '', ''),
497 499
 ('core', 'ratings', '02', 'ratings_allowchange', 3, '0', '', ''),
498 500
 ('core', 'comments', '04', 'maxcommentsperpage', 2, '15', '', ''),
@@ -977,7 +979,9 @@ CREATE TABLE `sed_users` (
977 979
   `user_id` int(11) unsigned NOT NULL auto_increment,
978 980
   `user_banexpire` int(11) default '0',
979 981
   `user_name` varchar(100) collate utf8_unicode_ci NOT NULL,
980  
-  `user_password` varchar(32) collate utf8_unicode_ci NOT NULL default '',
  982
+  `user_password` varchar(224) collate utf8_unicode_ci NOT NULL default '',
  983
+  `user_passfunc` VARCHAR(32) NOT NULL default 'sha256',
  984
+  `user_passsalt` VARCHAR(16) NOT NULL default '',
981 985
   `user_maingrp` int(11) NOT NULL default '4',
982 986
   `user_country` char(2) collate utf8_unicode_ci NOT NULL default '',
983 987
   `user_text` text collate utf8_unicode_ci NOT NULL,
9  sql/patch-0.6.23-0.6.24.sql
... ...
@@ -0,0 +1,9 @@
  1
+ALTER TABLE `sed_users` MODIFY `user_password` varchar(224) collate utf8_unicode_ci NOT NULL default '';
  2
+ALTER TABLE `sed_users` ADD `user_passfunc` VARCHAR(32) NOT NULL default 'sha256';
  3
+ALTER TABLE `sed_users` ADD `user_passsalt` VARCHAR(16) NOT NULL default '';
  4
+
  5
+UPDATE `sed_users` SET `user_passfunc` = 'md5';
  6
+
  7
+INSERT INTO `sed_config` (`config_owner`, `config_cat`, `config_order`, `config_name`, `config_type`, `config_value`, `config_default`, `config_text`) VALUES
  8
+('core', 'main', '42', 'hashfunc', 1, 'sha256', '',''),
  9
+('plug', 'tags', '31', 'sort', 2, 'ID', 'ID,Title,Date,Category', 'Default sorting column for tag search results');
10  system/common.php
@@ -51,7 +51,7 @@ function sed_disable_mqgpc(&$value, $key)
51 51
 }
52 52
 
53 53
 // Mbstring options
54  
-mb_internal_encoding($cfg['charset']);
  54
+mb_internal_encoding('UTF-8');
55 55
 
56 56
 /* ======== Extra settings (the other presets are in functions.php) ======== */
57 57
 
@@ -226,14 +226,14 @@ function sed_disable_mqgpc(&$value, $key)
226 226
 {
227 227
 	$u = empty($_SESSION[$site_id]) ? explode(':', base64_decode($_COOKIE[$site_id])) : explode(':', base64_decode($_SESSION[$site_id]));
228 228
 	$u_id = (int) sed_import($u[0], 'D', 'INT');
229  
-	$u_sid = sed_sql_prep($u[1]);
  229
+	$u_sid = $u[1];
230 230
 	if ($u_id > 0)
231 231
 	{
232  
-		$sql = sed_sql_query("SELECT * FROM $db_users WHERE user_id = $u_id AND user_sid = '$u_sid'");
233  
-
  232
+		$sql = sed_sql_query("SELECT * FROM $db_users WHERE user_id = $u_id");
234 233
 		if ($row = sed_sql_fetcharray($sql))
235 234
 		{
236  
-			if ($row['user_maingrp'] > 3
  235
+			if ($u_sid == hash_hmac('sha1', $row['user_sid'], $cfg['secret_key'])
  236
+				&& $row['user_maingrp'] > 3
237 237
 				&& ($cfg['ipcheck'] == FALSE || $row['user_lastip'] == $usr['ip'])
238 238
 				&& $row['user_sidtime'] + $cfg['cookielifetime'] > $sys['now_offset'])
239 239
 			{
2  system/core/admin/admin.hits.inc.php
@@ -37,7 +37,7 @@
37 37
 if($f == 'year' || $f == 'month')
38 38
 {
39 39
     $adminpath[] = array(sed_url('admin', 'm=hits&f='.$f.'&v='.$v), "(".$v.")");
40  
-    $sql = sed_sql_query("SELECT * FROM $db_stats WHERE stat_name LIKE '$v%' ORDER BY stat_name DESC");
  40
+    $sql = sed_sql_query("SELECT * FROM $db_stats WHERE stat_name LIKE '".sed_sql_prep($v)."%' ORDER BY stat_name DESC");
41 41
 
42 42
     while($row = sed_sql_fetcharray($sql))
43 43
     {
14  system/core/users/users.auth.inc.php
@@ -34,7 +34,7 @@
34 34
 	/* ===== */
35 35
 
36 36
 	$rusername = sed_import('rusername','P','TXT', 100, TRUE);
37  
-	$rpassword = sed_import('rpassword','P','PSW', 16, TRUE);
  37
+	$rpassword = sed_import('rpassword','P','TXT', 16, TRUE);
38 38
 	$rcookiettl = sed_import('rcookiettl', 'P', 'INT');
39 39
 	$rremember = sed_import('rremember', 'P', 'BOL');
40 40
 	if(empty($rremember) && $rcookiettl > 0 || $cfg['forcerememberme'])
@@ -46,6 +46,15 @@
46 46
 	$login_param = preg_match('#^[\w\p{L}][\.\w\p{L}\-]*@[\w\p{L}\.\-]+\.[\w\p{L}]+$#u', $rusername) ?
47 47
 		'user_email' : 'user_name';
48 48
 
  49
+	// Load salt and algo from db
  50
+	$sql = sed_sql_query("SELECT user_passsalt, user_passfunc FROM $db_users WHERE $login_param='".sed_sql_prep($rusername)."'");
  51
+	if (sed_sql_numrows($sql) == 1)
  52
+	{
  53
+		$hash_params = sed_sql_fetchassoc($sql);
  54
+		$rmdpass = sed_hash($rpassword, $hash_params['user_passsalt'], $hash_params['user_passfunc']);
  55
+		unset($hash_params);
  56
+	}
  57
+
49 58
 	/**
50 59
 	 * Sets user selection criteria for authentication. Override this string in your plugin
51 60
 	 * hooking into users.auth.check.query to provide other authentication methods.
@@ -108,6 +117,9 @@
108 117
 
109 118
 		sed_sql_query("UPDATE $db_users SET user_lastip='{$usr['ip']}', user_lastlog = {$sys['now_offset']}, user_logcount = user_logcount + 1, user_token = '$token' $update_sid WHERE user_id={$row['user_id']}");
110 119
 
  120
+		// Hash the sid once more so it can't be faked even if you  know user_sid
  121
+		$sid = hash_hmac('sha1', $sid, $cfg['secret_key']);
  122
+
111 123
 		$u = base64_encode($ruserid.':'.$sid);
112 124
 
113 125
 		if($rremember)
19  system/core/users/users.edit.inc.php
@@ -110,7 +110,7 @@
110 110
 		$ruserextrafields[] = $import;
111 111
 		$urr['user_'.$row[ 'field_name']] = $import;
112 112
 	}
113  
-	
  113
+
114 114
 	if ($ruserdelete)
115 115
 	{
116 116
 		if ($sys['user_istopadmin'] && !$sys['edited_istopadmin'])
@@ -138,7 +138,18 @@
138 138
 
139 139
 	if (empty($error_string))
140 140
 	{
141  
-		$ruserpassword = (mb_strlen($rusernewpass)>0) ? md5($rusernewpass) : $urr['user_password'];
  141
+		if (mb_strlen($rusernewpass) > 0)
  142
+		{
  143
+			$ruser['user_passsalt'] = sed_unique(16);
  144
+			$ruser['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc'];
  145
+			$ruser['user_password'] = sed_hash($rusernewpass, $ruser['user_passsalt'], $ruser['user_passfunc']);
  146
+		}
  147
+		else
  148
+		{
  149
+			$ruser['user_password'] = $urr['user_password'];
  150
+			$ruser['user_passsalt'] = $urr['user_passsalt'];
  151
+			$ruser['user_passfunc'] = $urr['user_passfunc'];
  152
+		}
142 153
 
143 154
 		if ($rusername=='')
144 155
 		{ $rusername = $urr['user_name']; }
@@ -192,7 +203,9 @@
192 203
 		$ssql = "UPDATE $db_users SET
193 204
 			user_banexpire='$rbanexpire',
194 205
 			user_name='".sed_sql_prep($rusername)."',
195  
-			user_password='".sed_sql_prep($ruserpassword)."',
  206
+			user_password='".sed_sql_prep($ruser['user_password'])."',
  207
+			user_passsalt='".sed_sql_prep($ruser['user_passsalt'])."',
  208
+			user_passfunc='".sed_sql_prep($ruser['user_passfunc'])."',
196 209
 			user_country='".sed_sql_prep($rusercountry)."',
197 210
 			user_text='".sed_sql_prep($rusertext)."',
198 211
 			user_avatar='".sed_sql_prep($ruseravatar)."',
4  system/core/users/users.logout.inc.php
@@ -41,11 +41,11 @@
41 41
 	sed_sql_query("UPDATE $db_users SET user_lastvisit = {$sys['now_offset']} WHERE user_id = " . $usr['id']);
42 42
 	sed_sql_query("DELETE FROM $db_online WHERE online_ip='{$usr['ip']}'");
43 43
 
44  
-	$all = cot_import('all', 'G', 'BOL');
  44
+	$all = sed_import('all', 'G', 'BOL');
45 45
 	if ($all)
46 46
 	{
47 47
 		// Log out on all devices
48  
-		$db->update($db_users, array('user_sid' => ''), "user_id = " . $usr['id']);
  48
+		sed_sql_query("UPDATE $db_users SET user_sid = '' WHERE user_id = " . $usr['id']);
49 49
 	}
50 50
 
51 51
 	sed_uriredir_redirect(empty($redirect) ? sed_url('index') : base64_decode($redirect));
21  system/core/users/users.register.inc.php
@@ -112,7 +112,10 @@
112 112
 		else
113 113
 		{ $defgroup = ($cfg['regnoactivation']) ? 4 : 2; }
114 114
 
115  
-		$mdpass = md5($rpassword1);
  115
+		$ruser['user_passsalt'] = sed_unique(16);
  116
+		$ruser['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc'];
  117
+		$ruser['user_password'] = sed_hash($rpassword1, $ruser['user_passsalt'], $ruser['user_passfunc']);
  118
+
116 119
 		if ($rmonth=='x' || $rday=='x' || $ryear=='x' || empty($rmonth) || empty($rday) || empty($ryear))
117 120
 		{
118 121
 			$ruserbirthdate = '0000-00-00';
@@ -144,6 +147,8 @@
144 147
 		$ssql = "INSERT into $db_users
145 148
 			(user_name,
146 149
 			user_password,
  150
+			user_passsalt,
  151
+			user_passfunc,
147 152
 			user_maingrp,
148 153
 			user_country,
149 154
 			user_location,
@@ -169,7 +174,9 @@
169 174
 			user_lastip)
170 175
 			VALUES
171 176
 			('".sed_sql_prep($rusername)."',
172  
-			'$mdpass',
  177
+			'".sed_sql_prep($ruser['user_password'])."',
  178
+			'".sed_sql_prep($ruser['user_passsalt'])."',
  179
+			'".sed_sql_prep($ruser['user_passfunc'])."',
173 180
 			".(int)$defgroup.",
174 181
 			'".sed_sql_prep($rcountry)."',
175 182
 			'".sed_sql_prep($rlocation)."',
@@ -250,7 +257,7 @@
250 257
 
251 258
 	if ($row = sed_sql_fetcharray($sql))
252 259
 	{
253  
-	
  260
+
254 261
 		if ($row['user_maingrp'] == 2)
255 262
 		{
256 263
 
@@ -307,10 +314,10 @@
307 314
 $timezonelist = array ('-12', '-11', '-10', '-09', '-08', '-07', '-06', '-05', '-04', '-03',  '-03.5', '-02', '-01', '+00', '+01', '+02', '+03', '+03.5', '+04', '+04.5', '+05', '+05.5', '+06', '+07', '+08', '+09', '+09.5', '+10', '+11', '+12');
308 315
 
309 316
 $form_timezone = "<select name=\"rtimezone\" size=\"1\">";
310  
-foreach($timezonelist as $x) 
311  
-{ 
312  
-	$f = (float) $x; 
313  
-	$selected = ($f==$rtimezone) ? "selected=\"selected\"" : ''; 
  317
+foreach($timezonelist as $x)
  318
+{
  319
+	$f = (float) $x;
  320
+	$selected = ($f==$rtimezone) ? "selected=\"selected\"" : '';
314 321
 	$form_timezone .= "<option value=\"$f\" $selected>GMT ".$x."</option>";
315 322
 }
316 323
 $form_timezone .= "</select> ".$usr['gmttime']." / ".date($cfg['dateformat'], $sys['now_offset'] + $usr['timezone']*3600)." ".$usr['timetext'];
1  system/functions.admin.php
@@ -261,6 +261,7 @@ function sed_loadconfigmap()
261 261
     $result[] = array ('main', '29', 'redirbkonlogout', 3, '0', ''); // N-0.6.1
262 262
     $result[] = array ('main', '30', 'jquery', 3, '1', '');
263 263
     $result[] = array ('main', '31', 'turnajax', 3, '1', '');
  264
+    $result[] = array ('main', '42', 'hashfunc', 1, 'sha256', '');
264 265
     $result[] = array ('parser', '10', 'parser_cache', 3, '1', '');
265 266
     $result[] = array ('parser', '10', 'parser_custom', 3, '0', '');
266 267
     $result[] = array ('parser', '10', 'parser_disable', 3, '0', '');
90  system/functions.php
@@ -3,7 +3,7 @@
3 3
  * Main function library.
4 4
  *
5 5
  * @package Cotonti
6  
- * @version 0.6.23
  6
+ * @version 0.6.24
7 7
  * @author Neocrome, Cotonti Team
8 8
  * @copyright Copyright (c) 2008-2011 Cotonti Team
9 9
  * @license BSD License
@@ -37,8 +37,8 @@
37 37
 //unset ($warnings, $moremetas, $morejavascript, $error_string,  $sed_cat, $sed_smilies, $sed_acc, $sed_catacc, $sed_rights, $sed_config, $sql_config, $sed_usersonline, $sed_plugins, $sed_groups, $rsedition, $rseditiop, $rseditios, $tcount, $qcount)
38 38
 
39 39
 $cfg['svnrevision'] = '$Rev$'; //DO NOT MODIFY this is set by SVN automatically
40  
-$cfg['version'] = '0.6.23';
41  
-$cfg['dbversion'] = '0.6.23';
  40
+$cfg['version'] = '0.6.24';
  41
+$cfg['dbversion'] = '0.6.24';
42 42
 
43 43
 if($cfg['customfuncs'])
44 44
 {
@@ -56,6 +56,11 @@
56 56
 }
57 57
 
58 58
 /**
  59
+ * Registry for hash functions
  60
+ */
  61
+$sed_hash_funcs = array('md5', 'sha1', 'sha256');
  62
+
  63
+/**
59 64
  * Strips everything but alphanumeric, hyphens and underscores
60 65
  *
61 66
  * @param string $text Input
@@ -1169,7 +1174,7 @@ function sed_build_extrafields($rowname, $tpl_tag, $extrafields, $data=array(),
1169 1174
 		isset($L[$rowname.'_'.$row['field_name'].'_title']) ? $t->assign($tpl_tag.'_'.strtoupper($row['field_name']).'_TITLE', $L[$rowname.'_'.$row['field_name'].'_title']) : $t->assign($tpl_tag.'_'.strtoupper($row['field_name']).'_TITLE', $row['field_description']);
1170 1175
 		$t1 = $tpl_tag.'_'.strtoupper($row['field_name']);
1171 1176
 		$t2 = $row['field_html'];
1172  
-		switch($row['field_type']) 
  1177
+		switch($row['field_type'])
1173 1178
 		{
1174 1179
 			case "input":
1175 1180
 				$t2 = str_replace('<input ','<input name="'.$importrowname.$row['field_name'].'" ', $t2);
@@ -1206,10 +1211,10 @@ function sed_build_extrafields($rowname, $tpl_tag, $extrafields, $data=array(),
1206 1211
 					{
1207 1212
 						$var_text = (!empty($L[$rowname.'_'.$row['field_name'].'_'.$var])) ? $L[$rowname.'_'.$row['field_name'].'_'.$var] : $var;
1208 1213
 						$sel = ($var == $data[$rowname.'_'.$row['field_name']]) ? ' checked="checked"' : '';
1209  
-						$buttons .= str_replace('/>', 'value="'.$var.'"'.$sel.' />'.$var_text.'&nbsp;&nbsp;', $t2);	
  1214
+						$buttons .= str_replace('/>', 'value="'.$var.'"'.$sel.' />'.$var_text.'&nbsp;&nbsp;', $t2);
1210 1215
 					}
1211 1216
 				$t2 = $buttons;
1212  
-			break;		
  1217
+			break;
1213 1218
 		}
1214 1219
 		$return_arr[$t1] = $t2;
1215 1220
 	}
@@ -2073,6 +2078,75 @@ function sed_check_xp()
2073 2078
 }
2074 2079
 
2075 2080
 /**
  2081
+ * Hashes a value with given salt and specified hash algo.
  2082
+ *
  2083
+ * @global array  $sed_hash_func
  2084
+ * @param  string $data Data to be hash-protected
  2085
+ * @param  string $salt Hashing salt, usually a random value
  2086
+ * @param  string $algo Hashing algo name, must be registered in $sed_hash_funcs
  2087
+ * @return string       Hashed value
  2088
+ */
  2089
+function sed_hash($data, $salt = '', $algo = 'sha256')
  2090
+{
  2091
+	global $cfg, $sed_hash_funcs;
  2092
+	if (isset($cfg['hashsalt']) && !empty($cfg['hashsalt']))
  2093
+	{
  2094
+		// Extra salt for extremely secure sites
  2095
+		$salt .= $cfg['hashsalt'];
  2096
+	}
  2097
+	$func = (in_array($algo, $sed_hash_funcs) && function_exists('sed_hash_' . $algo)) ? 'sed_hash_' . $algo : 'sed_hash_sha256';
  2098
+	return $func($data, $salt);
  2099
+}
  2100
+
  2101
+/**
  2102
+ * Returns the list of available hash algos for use with configs.
  2103
+ *
  2104
+ * @global array $sed_hash_func
  2105
+ * @return array
  2106
+ */
  2107
+function sed_hash_funcs()
  2108
+{
  2109
+	global $sed_hash_funcs;
  2110
+	return $sed_hash_funcs;
  2111
+}
  2112
+
  2113
+/**
  2114
+ * Simple MD5 hash wrapper. Old passwords use this func.
  2115
+ *
  2116
+ * @param  string $data Data to be hashed
  2117
+ * @param  string $salt Hashing salt, usually a random value
  2118
+ * @return string       MD5 hash of the data
  2119
+ */
  2120
+function sed_hash_md5($data, $salt)
  2121
+{
  2122
+	return md5($data . $salt);
  2123
+}
  2124
+
  2125
+/**
  2126
+ * SHA1 hash func for use with sed_hash().
  2127
+ *
  2128
+ * @param  string $data Data to be hashed
  2129
+ * @param  string $salt Hashing salt, usually a random value
  2130
+ * @return string       SHA1 hash of the data
  2131
+ */
  2132
+function sed_hash_sha1($data, $salt)
  2133
+{
  2134
+	return hash('sha1', $data . $salt);
  2135
+}
  2136
+
  2137
+/**
  2138
+ * SHA256 hash func for use with sed_hash(). Default since Cotonti 0.9.11.
  2139
+ *
  2140
+ * @param  string $data Data to be hashed
  2141
+ * @param  string $salt Hashing salt, usually a random value
  2142
+ * @return string       SHA256 hash of the data
  2143
+ */
  2144
+function sed_hash_sha256($data, $salt)
  2145
+{
  2146
+	return hash('sha256', $data . $salt);
  2147
+}
  2148
+
  2149
+/**
2076 2150
  * Truncates a post and makes sure parsing is correct
2077 2151
  *
2078 2152
  * @param string $text Post text
@@ -4644,7 +4718,7 @@ function sed_load_urltrans()
4644 4718
  * Splits a query string into keys and values array. In comparison with built-in
4645 4719
  * parse_str() function, this doesn't apply addslashes and urldecode to parameters
4646 4720
  * and does not support arrays and complex parameters.
4647  
- * 
  4721
+ *
4648 4722
  * @param string $str Query string
4649 4723
  * @return array
4650 4724
  */
@@ -5127,7 +5201,7 @@ function sed_extrafield_update($sql_table, $oldname, $name, $type, $html, $varia
5127 5201
 	if ($description != $field['field_description'])
5128 5202
 		$extf['description'] = $description;
5129 5203
 	$step1 = sed_sql_update($db_extra_fields, "field_name = '$oldname' AND field_location='$sql_table'", $extf, 'field_') == 1;
5130  
-	
  5204
+
5131 5205
 	if (!$alter) return $step1;
5132 5206
 
5133 5207
 	switch ($type)
1  system/lang/en/admin.lang.php
@@ -82,6 +82,7 @@
82 82
 $L['cfg_devmode'] = array('Debugging mode', 'Don\'t let this enabled on live sites');
83 83
 $L['cfg_disablehitstats'] = array('Disable hit statistics', 'Referers and hits per day');
84 84
 $L['cfg_gzip'] = array('Gzip', 'Gzip compression of the HTML output');
  85
+$L['cfg_hashfunc'] = array('Default hash function', 'Used to hash passwords');
85 86
 $L['cfg_hostip'] = array('Server IP', 'The IP of the server, optional.');
86 87
 $L['cfg_jquery'] = array('Enable jQuery', '');	// New in N-0.0.1
87 88
 $L['cfg_maintenance'] = array('Maintenance mode', 'Let only authorized personel access to site');	// New in N-0.0.2
1  system/lang/ru/admin.lang.php
@@ -82,6 +82,7 @@
82 82
 $L['cfg_devmode'] = array('Режим отладки', 'Только для отладки под localhost');
83 83
 $L['cfg_disablehitstats'] = array('Отключить статистику', 'Рефереры и хиты за день');
84 84
 $L['cfg_gzip'] = array('Gzip', 'Gzip-сжатие для исходящего HTML-кода');
  85
+$L['cfg_hashfunc'] = array('Функция хеширования по умолчанию', 'Используется для хеширования паролей');
85 86
 $L['cfg_hostip'] = array('IP-адрес сервера', 'Необязательно');
86 87
 $L['cfg_jquery'] = array('Включить jQuery', ' ');	// New in N-0.0.1
87 88
 $L['cfg_maintenance'] = array('Режим обслуживания', 'Доступа к сайту разрешен только администраторам'); // New in N-0.0.2

No commit comments for this range

Something went wrong with that request. Please try again.