mirror of
https://github.com/WhatCD/Gazelle.git
synced 2024-12-13 02:46:30 +00:00
Empty commit
This commit is contained in:
parent
0d916b01d7
commit
44eae4c414
@ -54,6 +54,7 @@ if (!empty($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 80) {
|
||||
}
|
||||
|
||||
// Site settings
|
||||
define('CRYPT_HASH_PREFIX', '$2y$07$'); // Crypt salt prefix for hash settings. See http://php.net/crypt for details
|
||||
define('DEBUG_MODE', false); //Set to false if you dont want everyone to see debug information, can be overriden with 'site_debug'
|
||||
define('OPEN_REGISTRATION', true); //Set to false to disable open regirstration, true to allow anyone to register
|
||||
define('USER_LIMIT', 5000); //The maximum number of users the site can have, 0 for no limit
|
||||
|
@ -16,7 +16,7 @@
|
||||
if(isset($_REQUEST['info_hash']) && isset($_REQUEST['peer_id'])) { die('d14:failure reason40:Invalid .torrent, try downloading again.e'); }
|
||||
|
||||
require(SERVER_ROOT.'/classes/class_proxies.php');
|
||||
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && proxyCheck($_SERVER['REMOTE_ADDR'])) {
|
||||
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && proxyCheck($_SERVER['REMOTE_ADDR']) && filter_var($_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
|
||||
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
||||
}
|
||||
|
||||
@ -1185,11 +1185,87 @@ function make_secret($Length = 32) {
|
||||
}
|
||||
*/
|
||||
|
||||
// Password hashes, feel free to make your own algorithm here
|
||||
/**
|
||||
* Create a password hash. This method is deprecated and
|
||||
* should not be used to create new passwords
|
||||
*
|
||||
* @param $Str password
|
||||
* @param $Secret salt
|
||||
* @return password hash
|
||||
*/
|
||||
function make_hash($Str,$Secret) {
|
||||
return sha1(md5($Secret).$Str.sha1($Secret).SITE_SALT);
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify a password against a password hash
|
||||
*
|
||||
* @param $Password password
|
||||
* @param $Hash password hash
|
||||
* @param $Secret salt - Only used if the hash was created
|
||||
* with the deprecated make_hash() method
|
||||
* @return true on correct password
|
||||
*/
|
||||
function check_password($Password, $Hash, $Secret='') {
|
||||
if(!$Password || !$Hash) {
|
||||
return false;
|
||||
}
|
||||
if(is_crypt_hash($Hash)) {
|
||||
return crypt($Password, $Hash) == $Hash;
|
||||
} elseif($Secret) {
|
||||
return make_hash($Password, $Secret) == $Hash;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Test if a given hash is a crypt hash
|
||||
*
|
||||
* @param $Hash password hash
|
||||
* @return true if hash is a crypt hash
|
||||
*/
|
||||
function is_crypt_hash($Hash) {
|
||||
return preg_match('/\$\d[axy]?\$/', substr($Hash, 0, 4));
|
||||
}
|
||||
|
||||
/**
|
||||
* Create salted crypt hash for a given string with
|
||||
* settings specified in CRYPT_HASH_PREFIX
|
||||
*
|
||||
* @param $Str string to hash
|
||||
* @return salted crypt hash
|
||||
*/
|
||||
function make_crypt_hash($Str) {
|
||||
$Salt = CRYPT_HASH_PREFIX.gen_crypt_salt().'$';
|
||||
return crypt($Str, $Salt);
|
||||
}
|
||||
|
||||
/**
|
||||
* Create salt string for eksblowfish hashing. If /dev/urandom cannot be read,
|
||||
* fall back to an unsecure method based on mt_rand(). The last character needs
|
||||
* a special case as it must be either '.', 'O', 'e', or 'u'.
|
||||
*
|
||||
* @return salt suitable for eksblowfish hashing
|
||||
*/
|
||||
function gen_crypt_salt() {
|
||||
$Salt = '';
|
||||
$Chars = "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
||||
$Numchars = strlen($Chars) - 1;
|
||||
if($Handle = @fopen('/dev/urandom', 'r')) {
|
||||
$Bytes = fread($Handle, 22);
|
||||
for($i = 0; $i < 21; $i++) {
|
||||
$Salt .= $Chars[ord($Bytes[$i]) & $Numchars];
|
||||
}
|
||||
$Salt[$i] = $Chars[(ord($Bytes[$i]) & 3) << 4];
|
||||
} else {
|
||||
for($i = 0; $i < 21; $i++) {
|
||||
$Salt .= $Chars[mt_rand(0, $Numchars)];
|
||||
}
|
||||
$Salt[$i] = $Chars[mt_rand(0, 3) << 4];
|
||||
}
|
||||
return $Salt;
|
||||
}
|
||||
|
||||
/*
|
||||
Returns a username string for display
|
||||
$Class and $Title can be omitted for an abbreviated version
|
||||
|
@ -53,12 +53,10 @@
|
||||
$Err=$Validate->ValidateForm($_REQUEST);
|
||||
if ($Err=='') {
|
||||
// Form validates without error, set new secret and password.
|
||||
$Secret=make_secret();
|
||||
$DB->query("UPDATE
|
||||
users_main AS m,
|
||||
users_info AS i
|
||||
SET m.PassHash='".db_string(make_hash($_REQUEST['password'],$Secret))."',
|
||||
m.Secret='".db_string($Secret)."',
|
||||
SET m.PassHash='".db_string(make_crypt_hash($_REQUEST['password']))."',
|
||||
i.ResetKey='',
|
||||
i.ResetExpires='0000-00-00 00:00:00'
|
||||
WHERE m.ID='".db_string($UserID)."'
|
||||
@ -237,7 +235,11 @@ function log_attempt($UserID) {
|
||||
AND Username<>''");
|
||||
list($UserID,$PermissionID,$CustomPermissions,$PassHash,$Secret,$Enabled)=$DB->next_record(MYSQLI_NUM, array(2));
|
||||
if (strtotime($BannedUntil)<time()) {
|
||||
if ($UserID && $PassHash==make_hash($_POST['password'],$Secret)) {
|
||||
if ($UserID && check_password($_POST['password'], $PassHash, $Secret)) {
|
||||
if (!is_crypt_hash($PassHash)) {
|
||||
$CryptHash = make_crypt_hash($_POST['password']);
|
||||
$DB->query("UPDATE users_main SET passhash = '".db_string($CryptHash)."' WHERE ID = $UserID");
|
||||
}
|
||||
if ($Enabled == 1) {
|
||||
$SessionID = make_secret();
|
||||
$Cookie = $Enc->encrypt($Enc->encrypt($SessionID.'|~|'.$UserID));
|
||||
|
@ -66,7 +66,6 @@
|
||||
}
|
||||
|
||||
if(!$Err) {
|
||||
$Secret=make_secret();
|
||||
$torrent_pass=make_secret();
|
||||
|
||||
//Previously SELECT COUNT(ID) FROM users_main, which is a lot slower.
|
||||
@ -86,8 +85,8 @@
|
||||
|
||||
|
||||
$DB->query("INSERT INTO users_main
|
||||
(Username,Email,PassHash,Secret,torrent_pass,IP,PermissionID,Enabled,Invites,Uploaded,ipcc) VALUES
|
||||
('".db_string(trim($_POST['username']))."','".db_string($_POST['email'])."','".db_string(make_hash($_POST['password'],$Secret))."','".db_string($Secret)."','".db_string($torrent_pass)."','".db_string($_SERVER['REMOTE_ADDR'])."','".$Class."','".$Enabled."','".STARTING_INVITES."', '524288000', '$ipcc')");
|
||||
(Username,Email,PassHash,torrent_pass,IP,PermissionID,Enabled,Invites,Uploaded,ipcc) VALUES
|
||||
('".db_string(trim($_POST['username']))."','".db_string($_POST['email'])."','".db_string(make_crypt_hash($_POST['password']))."','".db_string($torrent_pass)."','".db_string($_SERVER['REMOTE_ADDR'])."','".$Class."','".$Enabled."','".STARTING_INVITES."', '524288000', '$ipcc')");
|
||||
|
||||
$UserID = $DB->inserted_id();
|
||||
|
||||
|
@ -22,7 +22,7 @@
|
||||
$torrent_pass=make_secret();
|
||||
|
||||
//Create the account
|
||||
$DB->query("INSERT INTO users_main (Username,Email,PassHash,Secret,torrent_pass,Enabled,PermissionID, Language) VALUES ('".db_string($Username)."','".db_string($Email)."','".db_string(make_hash($Password, $Secret))."','".db_string($Secret)."','".db_string($torrent_pass)."','1','".USER."', 'en')");
|
||||
$DB->query("INSERT INTO users_main (Username,Email,PassHash,torrent_pass,Enabled,PermissionID, Language) VALUES ('".db_string($Username)."','".db_string($Email)."','".db_string(make_crypt_hash($Password))."','".db_string($torrent_pass)."','1','".USER."', 'en')");
|
||||
|
||||
//Increment site user count
|
||||
$Cache->increment('stats_user_count');
|
||||
|
@ -130,7 +130,7 @@
|
||||
if(!check_perms('users_edit_profiles')) { // Non-admins have to authenticate to change email
|
||||
$DB->query("SELECT PassHash,Secret FROM users_main WHERE ID='".db_string($UserID)."'");
|
||||
list($PassHash,$Secret)=$DB->next_record();
|
||||
if ($PassHash!=make_hash($_POST['cur_pass'],$Secret)) {
|
||||
if(!check_password($_POST['cur_pass'], $PassHash, $Secret)) {
|
||||
$Err = "You did not enter the correct password.";
|
||||
}
|
||||
}
|
||||
@ -159,7 +159,7 @@
|
||||
$DB->query("SELECT PassHash,Secret FROM users_main WHERE ID='".db_string($UserID)."'");
|
||||
list($PassHash,$Secret)=$DB->next_record();
|
||||
|
||||
if ($PassHash == make_hash($_POST['cur_pass'],$Secret)) {
|
||||
if (check_password($_POST['cur_pass'], $PassHash, $Secret)) {
|
||||
if ($_POST['new_pass_1'] && $_POST['new_pass_2']) {
|
||||
$ResetPassword = true;
|
||||
}
|
||||
@ -258,9 +258,8 @@
|
||||
|
||||
if($ResetPassword) {
|
||||
$ChangerIP = db_string($LoggedUser['IP']);
|
||||
$Secret=make_secret();
|
||||
$PassHash=make_hash($_POST['new_pass_1'],$Secret);
|
||||
$SQL.=",m.Secret='".db_string($Secret)."',m.PassHash='".db_string($PassHash)."'";
|
||||
$PassHash=make_crypt_hash($_POST['new_pass_1']);
|
||||
$SQL.=",m.PassHash='".db_string($PassHash)."'";
|
||||
$DB->query("INSERT INTO users_history_passwords
|
||||
(UserID, ChangerIP, ChangeTime) VALUES
|
||||
('$UserID', '$ChangerIP', '".sqltime()."')");
|
||||
|
@ -32,7 +32,7 @@
|
||||
$Visible = (isset($_POST['Visible']))? 1 : 0;
|
||||
$Invites = (int)$_POST['Invites'];
|
||||
$SupportFor = db_string($_POST['SupportFor']);
|
||||
$Pass = db_string($_POST['ChangePassword']);
|
||||
$Pass = $_POST['ChangePassword'];
|
||||
$Warned = (isset($_POST['Warned']))? 1 : 0;
|
||||
$Logs095 = (int)$_POST['095logs'];
|
||||
if(isset($_POST['Uploaded']) && isset($_POST['Downloaded'])) {
|
||||
@ -624,9 +624,7 @@
|
||||
}
|
||||
|
||||
if ($Pass && check_perms('users_edit_password')) {
|
||||
$Secret=make_secret();
|
||||
$UpdateSet[]="Secret='$Secret'";
|
||||
$UpdateSet[]="PassHash='".db_string(make_hash($Pass,$Secret))."'";
|
||||
$UpdateSet[]="PassHash='".db_string(make_crypt_hash($Pass))."'";
|
||||
$EditSummary[]='password reset';
|
||||
|
||||
$Cache->delete_value('user_info_'.$UserID);
|
||||
|
Loading…
Reference in New Issue
Block a user