Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: use dol_hash instead md5 php function

Browse Source
This commit is contained in:
Regis Houssin
2011-09-06 06:53:52 +00:00
parent e13c8a3fde
commit ac4bcfb583
13 changed files with 27 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
htdocs/adherents/class/adherent.class.php
View File

@@ -759,9 +759,8 @@ class Adherent extends CommonObject
// Cryptage mot de passe // Cryptage mot de passe
if ($isencrypted) if ($isencrypted)
{ {
// Crypte avec systeme encodage par defaut du PHP // Encryption
//$sqlpass = crypt($password, makesalt()); $password_indatabase = dol_hash($password);
$password_indatabase = md5($password);
} }
else else
{ {
@@ -1400,7 +1399,7 @@ class Adherent extends CommonObject
defined('ADHERENT_SPIP_PASS') && ADHERENT_SPIP_PASS != '' && defined('ADHERENT_SPIP_PASS') && ADHERENT_SPIP_PASS != '' &&
defined('ADHERENT_SPIP_DB') && ADHERENT_SPIP_DB != '' defined('ADHERENT_SPIP_DB') && ADHERENT_SPIP_DB != ''
){ ){
$mdpass=md5($this->pass); $mdpass=dol_hash($this->pass);
$htpass=crypt($this->pass,makesalt()); $htpass=crypt($this->pass,makesalt());
$query = "INSERT INTO spip_auteurs (nom, email, login, pass, htpass, alea_futur, statut) VALUES(\"".$this->prenom." ".$this->nom."\",\"".$this->email."\",\"".$this->login."\",\"$mdpass\",\"$htpass\",FLOOR(32000*RAND()),\"1comite\")"; $query = "INSERT INTO spip_auteurs (nom, email, login, pass, htpass, alea_futur, statut) VALUES(\"".$this->prenom." ".$this->nom."\",\"".$this->email."\",\"".$this->login."\",\"$mdpass\",\"$htpass\",FLOOR(32000*RAND()),\"1comite\")";
// $mydb=new Db('mysql',ADHERENT_SPIP_SERVEUR,ADHERENT_SPIP_USER,ADHERENT_SPIP_PASS,ADHERENT_SPIP_DB); // $mydb=new Db('mysql',ADHERENT_SPIP_SERVEUR,ADHERENT_SPIP_USER,ADHERENT_SPIP_PASS,ADHERENT_SPIP_DB);

4
htdocs/admin/security.php
View File

@@ -74,10 +74,10 @@ if ($_GET["action"] == 'activate_encrypt')
while ($i < $numrows) while ($i < $numrows)
{ {
$obj=$db->fetch_object($resql); $obj=$db->fetch_object($resql);
if (md5($obj->pass)) if (dol_hash($obj->pass))
{ {
$sql = "UPDATE ".MAIN_DB_PREFIX."user"; $sql = "UPDATE ".MAIN_DB_PREFIX."user";
$sql.= " SET pass_crypted = '".md5($obj->pass)."', pass = NULL"; $sql.= " SET pass_crypted = '".dol_hash($obj->pass)."', pass = NULL";
$sql.= " WHERE rowid=".$obj->rowid; $sql.= " WHERE rowid=".$obj->rowid;
//print $sql; //print $sql;

2
htdocs/core/class/html.form.class.php
View File

@@ -3476,7 +3476,7 @@ class Form
{ {
global $dolibarr_main_url_root; global $dolibarr_main_url_root;
$ret.='<!-- Put link to gravatar -->'; $ret.='<!-- Put link to gravatar -->';
$ret.='<img alt="Photo found on Gravatar" title="Photo Gravatar.com - email '.$email.'" border="0" width="'.$width.'" src="http://www.gravatar.com/avatar/'.md5($email).'?s='.$width.'&d='.urlencode( dol_buildpath('/theme/common/nophoto.jpg',2) ).'">'; $ret.='<img alt="Photo found on Gravatar" title="Photo Gravatar.com - email '.$email.'" border="0" width="'.$width.'" src="http://www.gravatar.com/avatar/'.dol_hash($email).'?s='.$width.'&d='.urlencode( dol_buildpath('/theme/common/nophoto.jpg',2) ).'">';
} }
else else
{ {

2
htdocs/core/class/rssparser.class.php
View File

@@ -90,7 +90,7 @@ class RssParser
} }
$this->_urlRSS = $urlRSS; $this->_urlRSS = $urlRSS;
$newpathofdestfile=$cachedir.'/'.md5($this->_urlRSS); $newpathofdestfile=$cachedir.'/'.dol_hash($this->_urlRSS);
$newmask='0644'; $newmask='0644';
//dol_syslog("RssPArser::parser parse url=".$urlRSS." => cache file=".$newpathofdestfile); //dol_syslog("RssPArser::parser parse url=".$urlRSS." => cache file=".$newpathofdestfile);

9
htdocs/core/class/smtps.class.php
View File

@@ -1932,7 +1932,7 @@ class SMTPs
$this->_msgContent[$strType]['data'] = $strContent; $this->_msgContent[$strType]['data'] = $strContent;
if ( $this->getMD5flag() ) if ( $this->getMD5flag() )
$this->_msgContent[$strType]['md5'] = md5($strContent); $this->_msgContent[$strType]['md5'] = dol_hash($strContent);
//} //}
} }
@@ -2114,7 +2114,7 @@ class SMTPs
$this->_msgContent['attachment'][$strFileName]['data'] = $strContent; $this->_msgContent['attachment'][$strFileName]['data'] = $strContent;
if ( $this->getMD5flag() ) if ( $this->getMD5flag() )
$this->_msgContent['attachment'][$strFileName]['md5'] = md5($strContent); $this->_msgContent['attachment'][$strFileName]['md5'] = dol_hash($strContent);
} }
} }
@@ -2144,7 +2144,7 @@ class SMTPs
$this->_msgContent['image'][$strImageName]['data'] = $strContent; $this->_msgContent['image'][$strImageName]['data'] = $strContent;
if ( $this->getMD5flag() ) if ( $this->getMD5flag() )
$this->_msgContent['image'][$strFileName]['md5'] = md5($strContent); $this->_msgContent['image'][$strFileName]['md5'] = dol_hash($strContent);
} }
} }
// END DOL_CHANGE LDR // END DOL_CHANGE LDR
@@ -2519,6 +2519,9 @@ class SMTPs
/** /**
* $Log: smtps.class.php,v $ * $Log: smtps.class.php,v $
* Revision 1.2 2011/09/06 06:53:53 hregis
* Fix: use dol_hash instead md5 php function
*
* Revision 1.1 2011/09/03 00:14:27 eldy * Revision 1.1 2011/09/03 00:14:27 eldy
* Doxygen * Doxygen
* *

2
htdocs/core/class/translate.class.php
View File

@@ -216,7 +216,7 @@ class Translate {
// Using a memcached server // Using a memcached server
if (! empty($conf->memcached->enabled) && ! empty($conf->global->MEMCACHED_SERVER)) if (! empty($conf->memcached->enabled) && ! empty($conf->global->MEMCACHED_SERVER))
{ {
$usecachekey=$newdomain.'_'.$langofdir.'_'.md5($file_lang); // Should not contains special chars $usecachekey=$newdomain.'_'.$langofdir.'_'.dol_hash($file_lang); // Should not contains special chars
} }
// Using cache with shmop. Speed gain: 40ms - Memory overusage: 200ko (Size of session cache file) // Using cache with shmop. Speed gain: 40ms - Memory overusage: 200ko (Size of session cache file)
else if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x02)) else if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x02))

2
htdocs/includes/login/functions_dolibarr.php
View File

@@ -71,7 +71,7 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=
// Check crypted password according to crypt algorithm // Check crypted password according to crypt algorithm
if ($cryptType == 'md5') if ($cryptType == 'md5')
{ {
if (md5($passtyped) == $passcrypted) if (dol_hash($passtyped) == $passcrypted)
{ {
$passok=true; $passok=true;
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - ".$cryptType." of pass is ok"); dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - ".$cryptType." of pass is ok");

8
htdocs/lib/CMailFile.class.php
View File

@@ -107,13 +107,13 @@ class CMailFile
//if (preg_match('/^mac/i',PHP_OS)) $this->eol="\r"; //if (preg_match('/^mac/i',PHP_OS)) $this->eol="\r";
// On defini mixed_boundary // On defini mixed_boundary
$this->mixed_boundary = md5(uniqid("dolibarr1")); $this->mixed_boundary = dol_hash(uniqid("dolibarr1"));
// On defini related_boundary // On defini related_boundary
$this->related_boundary = md5(uniqid("dolibarr2")); $this->related_boundary = dol_hash(uniqid("dolibarr2"));
// On defini alternative_boundary // On defini alternative_boundary
$this->alternative_boundary = md5(uniqid("dolibarr3")); $this->alternative_boundary = dol_hash(uniqid("dolibarr3"));
// If ending method not defined // If ending method not defined
if (empty($conf->global->MAIN_MAIL_SENDMODE)) $conf->global->MAIN_MAIL_SENDMODE='mail'; if (empty($conf->global->MAIN_MAIL_SENDMODE)) $conf->global->MAIN_MAIL_SENDMODE='mail';
@@ -884,7 +884,7 @@ class CMailFile
$this->html_images[$i]["content_type"] = $this->image_types[$ext]; $this->html_images[$i]["content_type"] = $this->image_types[$ext];
// cid // cid
$this->html_images[$i]["cid"] = md5(uniqid(time())); $this->html_images[$i]["cid"] = dol_hash(uniqid(time()));
$this->html = preg_replace("/src=\"$src\"|src='$src'/i", "src=\"cid:".$this->html_images[$i]["cid"]."\"", $this->html); $this->html = preg_replace("/src=\"$src\"|src='$src'/i", "src=\"cid:".$this->html_images[$i]["cid"]."\"", $this->html);
} }
$i++; $i++;

2
htdocs/lib/functions.lib.php
View File

@@ -92,7 +92,7 @@ function GETPOST($paramname,$check='',$method=0)
*/ */
function dol_getprefix() function dol_getprefix()
{ {
return md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT); return dol_hash($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
} }
/** /**

3
htdocs/lib/security.lib.php
View File

@@ -467,9 +467,10 @@ function getRandomPassword($generic=false)
* Returns a hash of a string * Returns a hash of a string
* @param chain String to hash * @param chain String to hash
* @param type Type of hash (0:md5, 1:sha1, 2:sha1+md5) * @param type Type of hash (0:md5, 1:sha1, 2:sha1+md5)
* @param salt Salt
* @return hash hash of string * @return hash hash of string
*/ */
function dol_hash($chain,$type=0) function dol_hash($chain,$type=0,$salt='')
{ {
if ($type == 1) return sha1($chain); if ($type == 1) return sha1($chain);
else if ($type == 2) return sha1(md5($chain)); else if ($type == 2) return sha1(md5($chain));

2
htdocs/main.inc.php
View File

@@ -244,7 +244,7 @@ if ((! empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && ($conf->global->MAIN_V
// Creation of a token against CSRF vulnerabilities // Creation of a token against CSRF vulnerabilities
if (! defined('NOTOKENRENEWAL')) if (! defined('NOTOKENRENEWAL'))
{ {
$token = md5(uniqid(mt_rand(),TRUE)); // Genere un hash d'un nombre aleatoire $token = dol_hash(uniqid(mt_rand(),TRUE)); // Genere un hash d'un nombre aleatoire
// roulement des jetons car cree a chaque appel // roulement des jetons car cree a chaque appel
if (isset($_SESSION['newtoken'])) $_SESSION['token'] = $_SESSION['newtoken']; if (isset($_SESSION['newtoken'])) $_SESSION['token'] = $_SESSION['newtoken'];
$_SESSION['newtoken'] = $token; $_SESSION['newtoken'] = $token;

6
htdocs/user/class/user.class.php
View File

@@ -1041,7 +1041,7 @@ class User extends CommonObject
$this->phenix_login = trim($this->phenix_login); $this->phenix_login = trim($this->phenix_login);
if ($this->phenix_pass != $this->phenix_pass_crypted) if ($this->phenix_pass != $this->phenix_pass_crypted)
{ {
$this->phenix_pass = md5(trim($this->phenix_pass)); $this->phenix_pass = dol_hash(trim($this->phenix_pass));
} }
$this->admin = $this->admin?$this->admin:0; $this->admin = $this->admin?$this->admin:0;
@@ -1243,7 +1243,7 @@ class User extends CommonObject
} }
// Crypte avec md5 // Crypte avec md5
$password_crypted = md5($password); $password_crypted = dol_hash($password);
// Mise a jour // Mise a jour
if (! $changelater) if (! $changelater)
@@ -1409,7 +1409,7 @@ class User extends CommonObject
$mesg.= $langs->trans("Password")." : $password\n\n"; $mesg.= $langs->trans("Password")." : $password\n\n";
$mesg.= "\n"; $mesg.= "\n";
$mesg.= "You must click on the folowing link to validate its change.\n"; $mesg.= "You must click on the folowing link to validate its change.\n";
$url = $urlwithouturlroot.DOL_URL_ROOT.'/user/passwordforgotten.php?action=validatenewpassword&username='.$this->login."&passwordmd5=".md5($password); $url = $urlwithouturlroot.DOL_URL_ROOT.'/user/passwordforgotten.php?action=validatenewpassword&username='.$this->login."&passwordmd5=".dol_hash($password);
$mesg.= $url."\n\n"; $mesg.= $url."\n\n";
$mesg.= "If you didn't ask anything, just forget this email\n\n"; $mesg.= "If you didn't ask anything, just forget this email\n\n";
dol_syslog("User::send_password url=".$url); dol_syslog("User::send_password url=".$url);

2
htdocs/user/passwordforgotten.php
View File

@@ -64,7 +64,7 @@ if ($action == 'validatenewpassword' && $username && $passwordmd5)
} }
else else
{ {
if (md5($edituser->pass_temp) == $passwordmd5) if (dol_hash($edituser->pass_temp) == $passwordmd5)
{ {
$newpassword=$edituser->setPassword($user,$edituser->pass_temp,0); $newpassword=$edituser->setPassword($user,$edituser->pass_temp,0);
dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database"); dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");