forked from Wavyzz/dolibarr
Fix: use dol_hash instead md5 php function
This commit is contained in:
Regis Houssin
@@ -759,9 +759,8 @@ class Adherent extends CommonObject
|
||||
// Cryptage mot de passe
|
||||
if ($isencrypted)
|
||||
{
|
||||
// Crypte avec systeme encodage par defaut du PHP
|
||||
//$sqlpass = crypt($password, makesalt());
|
||||
$password_indatabase = md5($password);
|
||||
// Encryption
|
||||
$password_indatabase = dol_hash($password);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -1400,7 +1399,7 @@ class Adherent extends CommonObject
|
||||
defined('ADHERENT_SPIP_PASS') && ADHERENT_SPIP_PASS != '' &&
|
||||
defined('ADHERENT_SPIP_DB') && ADHERENT_SPIP_DB != ''
|
||||
){
|
||||
$mdpass=md5($this->pass);
|
||||
$mdpass=dol_hash($this->pass);
|
||||
$htpass=crypt($this->pass,makesalt());
|
||||
$query = "INSERT INTO spip_auteurs (nom, email, login, pass, htpass, alea_futur, statut) VALUES(\"".$this->prenom." ".$this->nom."\",\"".$this->email."\",\"".$this->login."\",\"$mdpass\",\"$htpass\",FLOOR(32000*RAND()),\"1comite\")";
|
||||
// $mydb=new Db('mysql',ADHERENT_SPIP_SERVEUR,ADHERENT_SPIP_USER,ADHERENT_SPIP_PASS,ADHERENT_SPIP_DB);
|
||||
|
||||
@@ -74,10 +74,10 @@ if ($_GET["action"] == 'activate_encrypt')
|
||||
while ($i < $numrows)
|
||||
{
|
||||
$obj=$db->fetch_object($resql);
|
||||
if (md5($obj->pass))
|
||||
if (dol_hash($obj->pass))
|
||||
{
|
||||
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
|
||||
$sql.= " SET pass_crypted = '".md5($obj->pass)."', pass = NULL";
|
||||
$sql.= " SET pass_crypted = '".dol_hash($obj->pass)."', pass = NULL";
|
||||
$sql.= " WHERE rowid=".$obj->rowid;
|
||||
//print $sql;
|
||||
|
||||
|
||||
@@ -3476,7 +3476,7 @@ class Form
|
||||
{
|
||||
global $dolibarr_main_url_root;
|
||||
$ret.='<!-- Put link to gravatar -->';
|
||||
$ret.='<img alt="Photo found on Gravatar" title="Photo Gravatar.com - email '.$email.'" border="0" width="'.$width.'" src="http://www.gravatar.com/avatar/'.md5($email).'?s='.$width.'&d='.urlencode( dol_buildpath('/theme/common/nophoto.jpg',2) ).'">';
|
||||
$ret.='<img alt="Photo found on Gravatar" title="Photo Gravatar.com - email '.$email.'" border="0" width="'.$width.'" src="http://www.gravatar.com/avatar/'.dol_hash($email).'?s='.$width.'&d='.urlencode( dol_buildpath('/theme/common/nophoto.jpg',2) ).'">';
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@@ -90,7 +90,7 @@ class RssParser
|
||||
}
|
||||
|
||||
$this->_urlRSS = $urlRSS;
|
||||
$newpathofdestfile=$cachedir.'/'.md5($this->_urlRSS);
|
||||
$newpathofdestfile=$cachedir.'/'.dol_hash($this->_urlRSS);
|
||||
$newmask='0644';
|
||||
|
||||
//dol_syslog("RssPArser::parser parse url=".$urlRSS." => cache file=".$newpathofdestfile);
|
||||
|
||||
@@ -1932,7 +1932,7 @@ class SMTPs
|
||||
$this->_msgContent[$strType]['data'] = $strContent;
|
||||
|
||||
if ( $this->getMD5flag() )
|
||||
$this->_msgContent[$strType]['md5'] = md5($strContent);
|
||||
$this->_msgContent[$strType]['md5'] = dol_hash($strContent);
|
||||
//}
|
||||
}
|
||||
|
||||
@@ -2114,7 +2114,7 @@ class SMTPs
|
||||
$this->_msgContent['attachment'][$strFileName]['data'] = $strContent;
|
||||
|
||||
if ( $this->getMD5flag() )
|
||||
$this->_msgContent['attachment'][$strFileName]['md5'] = md5($strContent);
|
||||
$this->_msgContent['attachment'][$strFileName]['md5'] = dol_hash($strContent);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2144,7 +2144,7 @@ class SMTPs
|
||||
$this->_msgContent['image'][$strImageName]['data'] = $strContent;
|
||||
|
||||
if ( $this->getMD5flag() )
|
||||
$this->_msgContent['image'][$strFileName]['md5'] = md5($strContent);
|
||||
$this->_msgContent['image'][$strFileName]['md5'] = dol_hash($strContent);
|
||||
}
|
||||
}
|
||||
// END DOL_CHANGE LDR
|
||||
@@ -2519,6 +2519,9 @@ class SMTPs
|
||||
|
||||
/**
|
||||
* $Log: smtps.class.php,v $
|
||||
* Revision 1.2 2011/09/06 06:53:53 hregis
|
||||
* Fix: use dol_hash instead md5 php function
|
||||
*
|
||||
* Revision 1.1 2011/09/03 00:14:27 eldy
|
||||
* Doxygen
|
||||
*
|
||||
|
||||
@@ -216,7 +216,7 @@ class Translate {
|
||||
// Using a memcached server
|
||||
if (! empty($conf->memcached->enabled) && ! empty($conf->global->MEMCACHED_SERVER))
|
||||
{
|
||||
$usecachekey=$newdomain.'_'.$langofdir.'_'.md5($file_lang); // Should not contains special chars
|
||||
$usecachekey=$newdomain.'_'.$langofdir.'_'.dol_hash($file_lang); // Should not contains special chars
|
||||
}
|
||||
// Using cache with shmop. Speed gain: 40ms - Memory overusage: 200ko (Size of session cache file)
|
||||
else if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x02))
|
||||
|
||||
@@ -71,7 +71,7 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=
|
||||
// Check crypted password according to crypt algorithm
|
||||
if ($cryptType == 'md5')
|
||||
{
|
||||
if (md5($passtyped) == $passcrypted)
|
||||
if (dol_hash($passtyped) == $passcrypted)
|
||||
{
|
||||
$passok=true;
|
||||
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - ".$cryptType." of pass is ok");
|
||||
|
||||
@@ -107,13 +107,13 @@ class CMailFile
|
||||
//if (preg_match('/^mac/i',PHP_OS)) $this->eol="\r";
|
||||
|
||||
// On defini mixed_boundary
|
||||
$this->mixed_boundary = md5(uniqid("dolibarr1"));
|
||||
$this->mixed_boundary = dol_hash(uniqid("dolibarr1"));
|
||||
|
||||
// On defini related_boundary
|
||||
$this->related_boundary = md5(uniqid("dolibarr2"));
|
||||
$this->related_boundary = dol_hash(uniqid("dolibarr2"));
|
||||
|
||||
// On defini alternative_boundary
|
||||
$this->alternative_boundary = md5(uniqid("dolibarr3"));
|
||||
$this->alternative_boundary = dol_hash(uniqid("dolibarr3"));
|
||||
|
||||
// If ending method not defined
|
||||
if (empty($conf->global->MAIN_MAIL_SENDMODE)) $conf->global->MAIN_MAIL_SENDMODE='mail';
|
||||
@@ -884,7 +884,7 @@ class CMailFile
|
||||
$this->html_images[$i]["content_type"] = $this->image_types[$ext];
|
||||
|
||||
// cid
|
||||
$this->html_images[$i]["cid"] = md5(uniqid(time()));
|
||||
$this->html_images[$i]["cid"] = dol_hash(uniqid(time()));
|
||||
$this->html = preg_replace("/src=\"$src\"|src='$src'/i", "src=\"cid:".$this->html_images[$i]["cid"]."\"", $this->html);
|
||||
}
|
||||
$i++;
|
||||
|
||||
@@ -92,7 +92,7 @@ function GETPOST($paramname,$check='',$method=0)
|
||||
*/
|
||||
function dol_getprefix()
|
||||
{
|
||||
return md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
|
||||
return dol_hash($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -467,9 +467,10 @@ function getRandomPassword($generic=false)
|
||||
* Returns a hash of a string
|
||||
* @param chain String to hash
|
||||
* @param type Type of hash (0:md5, 1:sha1, 2:sha1+md5)
|
||||
* @param salt Salt
|
||||
* @return hash hash of string
|
||||
*/
|
||||
function dol_hash($chain,$type=0)
|
||||
function dol_hash($chain,$type=0,$salt='')
|
||||
{
|
||||
if ($type == 1) return sha1($chain);
|
||||
else if ($type == 2) return sha1(md5($chain));
|
||||
|
||||
@@ -244,7 +244,7 @@ if ((! empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && ($conf->global->MAIN_V
|
||||
// Creation of a token against CSRF vulnerabilities
|
||||
if (! defined('NOTOKENRENEWAL'))
|
||||
{
|
||||
$token = md5(uniqid(mt_rand(),TRUE)); // Genere un hash d'un nombre aleatoire
|
||||
$token = dol_hash(uniqid(mt_rand(),TRUE)); // Genere un hash d'un nombre aleatoire
|
||||
// roulement des jetons car cree a chaque appel
|
||||
if (isset($_SESSION['newtoken'])) $_SESSION['token'] = $_SESSION['newtoken'];
|
||||
$_SESSION['newtoken'] = $token;
|
||||
|
||||
@@ -1041,7 +1041,7 @@ class User extends CommonObject
|
||||
$this->phenix_login = trim($this->phenix_login);
|
||||
if ($this->phenix_pass != $this->phenix_pass_crypted)
|
||||
{
|
||||
$this->phenix_pass = md5(trim($this->phenix_pass));
|
||||
$this->phenix_pass = dol_hash(trim($this->phenix_pass));
|
||||
}
|
||||
$this->admin = $this->admin?$this->admin:0;
|
||||
|
||||
@@ -1243,7 +1243,7 @@ class User extends CommonObject
|
||||
}
|
||||
|
||||
// Crypte avec md5
|
||||
$password_crypted = md5($password);
|
||||
$password_crypted = dol_hash($password);
|
||||
|
||||
// Mise a jour
|
||||
if (! $changelater)
|
||||
@@ -1409,7 +1409,7 @@ class User extends CommonObject
|
||||
$mesg.= $langs->trans("Password")." : $password\n\n";
|
||||
$mesg.= "\n";
|
||||
$mesg.= "You must click on the folowing link to validate its change.\n";
|
||||
$url = $urlwithouturlroot.DOL_URL_ROOT.'/user/passwordforgotten.php?action=validatenewpassword&username='.$this->login."&passwordmd5=".md5($password);
|
||||
$url = $urlwithouturlroot.DOL_URL_ROOT.'/user/passwordforgotten.php?action=validatenewpassword&username='.$this->login."&passwordmd5=".dol_hash($password);
|
||||
$mesg.= $url."\n\n";
|
||||
$mesg.= "If you didn't ask anything, just forget this email\n\n";
|
||||
dol_syslog("User::send_password url=".$url);
|
||||
|
||||
@@ -64,7 +64,7 @@ if ($action == 'validatenewpassword' && $username && $passwordmd5)
|
||||
}
|
||||
else
|
||||
{
|
||||
if (md5($edituser->pass_temp) == $passwordmd5)
|
||||
if (dol_hash($edituser->pass_temp) == $passwordmd5)
|
||||
{
|
||||
$newpassword=$edituser->setPassword($user,$edituser->pass_temp,0);
|
||||
dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");
|
||||
|
||||
Reference in New Issue
Block a user