diff --git a/htdocs/adherents/class/adherent.class.php b/htdocs/adherents/class/adherent.class.php
index 48f9a089747..d88d9a0facb 100644
--- a/htdocs/adherents/class/adherent.class.php
+++ b/htdocs/adherents/class/adherent.class.php
@@ -759,9 +759,8 @@ class Adherent extends CommonObject
// Cryptage mot de passe
if ($isencrypted)
{
- // Crypte avec systeme encodage par defaut du PHP
- //$sqlpass = crypt($password, makesalt());
- $password_indatabase = md5($password);
+ // Encryption
+ $password_indatabase = dol_hash($password);
}
else
{
@@ -1400,7 +1399,7 @@ class Adherent extends CommonObject
defined('ADHERENT_SPIP_PASS') && ADHERENT_SPIP_PASS != '' &&
defined('ADHERENT_SPIP_DB') && ADHERENT_SPIP_DB != ''
){
- $mdpass=md5($this->pass);
+ $mdpass=dol_hash($this->pass);
$htpass=crypt($this->pass,makesalt());
$query = "INSERT INTO spip_auteurs (nom, email, login, pass, htpass, alea_futur, statut) VALUES(\"".$this->prenom." ".$this->nom."\",\"".$this->email."\",\"".$this->login."\",\"$mdpass\",\"$htpass\",FLOOR(32000*RAND()),\"1comite\")";
// $mydb=new Db('mysql',ADHERENT_SPIP_SERVEUR,ADHERENT_SPIP_USER,ADHERENT_SPIP_PASS,ADHERENT_SPIP_DB);
diff --git a/htdocs/admin/security.php b/htdocs/admin/security.php
index 454239eb02b..8399c46a34b 100644
--- a/htdocs/admin/security.php
+++ b/htdocs/admin/security.php
@@ -74,10 +74,10 @@ if ($_GET["action"] == 'activate_encrypt')
while ($i < $numrows)
{
$obj=$db->fetch_object($resql);
- if (md5($obj->pass))
+ if (dol_hash($obj->pass))
{
$sql = "UPDATE ".MAIN_DB_PREFIX."user";
- $sql.= " SET pass_crypted = '".md5($obj->pass)."', pass = NULL";
+ $sql.= " SET pass_crypted = '".dol_hash($obj->pass)."', pass = NULL";
$sql.= " WHERE rowid=".$obj->rowid;
//print $sql;
diff --git a/htdocs/core/class/html.form.class.php b/htdocs/core/class/html.form.class.php
index a3598631489..e9a2241021a 100644
--- a/htdocs/core/class/html.form.class.php
+++ b/htdocs/core/class/html.form.class.php
@@ -3476,7 +3476,7 @@ class Form
{
global $dolibarr_main_url_root;
$ret.='';
- $ret.='.'?s='.$width.'&d='.urlencode( dol_buildpath('/theme/common/nophoto.jpg',2) ).' "Photo Gravatar.com - email '.$email.'")
';
+ $ret.='.'?s='.$width.'&d='.urlencode( dol_buildpath('/theme/common/nophoto.jpg',2) ).' "Photo Gravatar.com - email '.$email.'")
';
}
else
{
diff --git a/htdocs/core/class/rssparser.class.php b/htdocs/core/class/rssparser.class.php
index fbe033ec3a6..22bd31910dc 100755
--- a/htdocs/core/class/rssparser.class.php
+++ b/htdocs/core/class/rssparser.class.php
@@ -90,7 +90,7 @@ class RssParser
}
$this->_urlRSS = $urlRSS;
- $newpathofdestfile=$cachedir.'/'.md5($this->_urlRSS);
+ $newpathofdestfile=$cachedir.'/'.dol_hash($this->_urlRSS);
$newmask='0644';
//dol_syslog("RssPArser::parser parse url=".$urlRSS." => cache file=".$newpathofdestfile);
diff --git a/htdocs/core/class/smtps.class.php b/htdocs/core/class/smtps.class.php
index f4a8c4008a8..e38891a236e 100755
--- a/htdocs/core/class/smtps.class.php
+++ b/htdocs/core/class/smtps.class.php
@@ -1932,7 +1932,7 @@ class SMTPs
$this->_msgContent[$strType]['data'] = $strContent;
if ( $this->getMD5flag() )
- $this->_msgContent[$strType]['md5'] = md5($strContent);
+ $this->_msgContent[$strType]['md5'] = dol_hash($strContent);
//}
}
@@ -2114,7 +2114,7 @@ class SMTPs
$this->_msgContent['attachment'][$strFileName]['data'] = $strContent;
if ( $this->getMD5flag() )
- $this->_msgContent['attachment'][$strFileName]['md5'] = md5($strContent);
+ $this->_msgContent['attachment'][$strFileName]['md5'] = dol_hash($strContent);
}
}
@@ -2144,7 +2144,7 @@ class SMTPs
$this->_msgContent['image'][$strImageName]['data'] = $strContent;
if ( $this->getMD5flag() )
- $this->_msgContent['image'][$strFileName]['md5'] = md5($strContent);
+ $this->_msgContent['image'][$strFileName]['md5'] = dol_hash($strContent);
}
}
// END DOL_CHANGE LDR
@@ -2519,6 +2519,9 @@ class SMTPs
/**
* $Log: smtps.class.php,v $
+ * Revision 1.2 2011/09/06 06:53:53 hregis
+ * Fix: use dol_hash instead md5 php function
+ *
* Revision 1.1 2011/09/03 00:14:27 eldy
* Doxygen
*
diff --git a/htdocs/core/class/translate.class.php b/htdocs/core/class/translate.class.php
index f1f707a658f..cf969c828ac 100644
--- a/htdocs/core/class/translate.class.php
+++ b/htdocs/core/class/translate.class.php
@@ -216,7 +216,7 @@ class Translate {
// Using a memcached server
if (! empty($conf->memcached->enabled) && ! empty($conf->global->MEMCACHED_SERVER))
{
- $usecachekey=$newdomain.'_'.$langofdir.'_'.md5($file_lang); // Should not contains special chars
+ $usecachekey=$newdomain.'_'.$langofdir.'_'.dol_hash($file_lang); // Should not contains special chars
}
// Using cache with shmop. Speed gain: 40ms - Memory overusage: 200ko (Size of session cache file)
else if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x02))
diff --git a/htdocs/includes/login/functions_dolibarr.php b/htdocs/includes/login/functions_dolibarr.php
index f328846d1be..28c93cc7319 100644
--- a/htdocs/includes/login/functions_dolibarr.php
+++ b/htdocs/includes/login/functions_dolibarr.php
@@ -71,7 +71,7 @@ function check_user_password_dolibarr($usertotest,$passwordtotest,$entitytotest=
// Check crypted password according to crypt algorithm
if ($cryptType == 'md5')
{
- if (md5($passtyped) == $passcrypted)
+ if (dol_hash($passtyped) == $passcrypted)
{
$passok=true;
dol_syslog("functions_dolibarr::check_user_password_dolibarr Authentification ok - ".$cryptType." of pass is ok");
diff --git a/htdocs/lib/CMailFile.class.php b/htdocs/lib/CMailFile.class.php
index 307c2f7391c..9c2a1059e91 100644
--- a/htdocs/lib/CMailFile.class.php
+++ b/htdocs/lib/CMailFile.class.php
@@ -107,13 +107,13 @@ class CMailFile
//if (preg_match('/^mac/i',PHP_OS)) $this->eol="\r";
// On defini mixed_boundary
- $this->mixed_boundary = md5(uniqid("dolibarr1"));
+ $this->mixed_boundary = dol_hash(uniqid("dolibarr1"));
// On defini related_boundary
- $this->related_boundary = md5(uniqid("dolibarr2"));
+ $this->related_boundary = dol_hash(uniqid("dolibarr2"));
// On defini alternative_boundary
- $this->alternative_boundary = md5(uniqid("dolibarr3"));
+ $this->alternative_boundary = dol_hash(uniqid("dolibarr3"));
// If ending method not defined
if (empty($conf->global->MAIN_MAIL_SENDMODE)) $conf->global->MAIN_MAIL_SENDMODE='mail';
@@ -884,7 +884,7 @@ class CMailFile
$this->html_images[$i]["content_type"] = $this->image_types[$ext];
// cid
- $this->html_images[$i]["cid"] = md5(uniqid(time()));
+ $this->html_images[$i]["cid"] = dol_hash(uniqid(time()));
$this->html = preg_replace("/src=\"$src\"|src='$src'/i", "src=\"cid:".$this->html_images[$i]["cid"]."\"", $this->html);
}
$i++;
diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php
index c5f2144ce8c..7d6fc9f3fd1 100644
--- a/htdocs/lib/functions.lib.php
+++ b/htdocs/lib/functions.lib.php
@@ -92,7 +92,7 @@ function GETPOST($paramname,$check='',$method=0)
*/
function dol_getprefix()
{
- return md5($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
+ return dol_hash($_SERVER["SERVER_NAME"].$_SERVER["DOCUMENT_ROOT"].DOL_DOCUMENT_ROOT.DOL_URL_ROOT);
}
/**
diff --git a/htdocs/lib/security.lib.php b/htdocs/lib/security.lib.php
index 5054ab389b5..a5f3f787fbf 100644
--- a/htdocs/lib/security.lib.php
+++ b/htdocs/lib/security.lib.php
@@ -467,9 +467,10 @@ function getRandomPassword($generic=false)
* Returns a hash of a string
* @param chain String to hash
* @param type Type of hash (0:md5, 1:sha1, 2:sha1+md5)
+ * @param salt Salt
* @return hash hash of string
*/
-function dol_hash($chain,$type=0)
+function dol_hash($chain,$type=0,$salt='')
{
if ($type == 1) return sha1($chain);
else if ($type == 2) return sha1(md5($chain));
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index c98166657f9..d3d8c9169a0 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -244,7 +244,7 @@ if ((! empty($conf->global->MAIN_VERSION_LAST_UPGRADE) && ($conf->global->MAIN_V
// Creation of a token against CSRF vulnerabilities
if (! defined('NOTOKENRENEWAL'))
{
- $token = md5(uniqid(mt_rand(),TRUE)); // Genere un hash d'un nombre aleatoire
+ $token = dol_hash(uniqid(mt_rand(),TRUE)); // Genere un hash d'un nombre aleatoire
// roulement des jetons car cree a chaque appel
if (isset($_SESSION['newtoken'])) $_SESSION['token'] = $_SESSION['newtoken'];
$_SESSION['newtoken'] = $token;
diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php
index 19bc77bea58..00a70f7d66c 100644
--- a/htdocs/user/class/user.class.php
+++ b/htdocs/user/class/user.class.php
@@ -1041,7 +1041,7 @@ class User extends CommonObject
$this->phenix_login = trim($this->phenix_login);
if ($this->phenix_pass != $this->phenix_pass_crypted)
{
- $this->phenix_pass = md5(trim($this->phenix_pass));
+ $this->phenix_pass = dol_hash(trim($this->phenix_pass));
}
$this->admin = $this->admin?$this->admin:0;
@@ -1243,7 +1243,7 @@ class User extends CommonObject
}
// Crypte avec md5
- $password_crypted = md5($password);
+ $password_crypted = dol_hash($password);
// Mise a jour
if (! $changelater)
@@ -1409,7 +1409,7 @@ class User extends CommonObject
$mesg.= $langs->trans("Password")." : $password\n\n";
$mesg.= "\n";
$mesg.= "You must click on the folowing link to validate its change.\n";
- $url = $urlwithouturlroot.DOL_URL_ROOT.'/user/passwordforgotten.php?action=validatenewpassword&username='.$this->login."&passwordmd5=".md5($password);
+ $url = $urlwithouturlroot.DOL_URL_ROOT.'/user/passwordforgotten.php?action=validatenewpassword&username='.$this->login."&passwordmd5=".dol_hash($password);
$mesg.= $url."\n\n";
$mesg.= "If you didn't ask anything, just forget this email\n\n";
dol_syslog("User::send_password url=".$url);
diff --git a/htdocs/user/passwordforgotten.php b/htdocs/user/passwordforgotten.php
index 3265ebade77..b3842455938 100644
--- a/htdocs/user/passwordforgotten.php
+++ b/htdocs/user/passwordforgotten.php
@@ -64,7 +64,7 @@ if ($action == 'validatenewpassword' && $username && $passwordmd5)
}
else
{
- if (md5($edituser->pass_temp) == $passwordmd5)
+ if (dol_hash($edituser->pass_temp) == $passwordmd5)
{
$newpassword=$edituser->setPassword($user,$edituser->pass_temp,0);
dol_syslog("passwordforgotten.php new password for user->id=".$edituser->id." validated in database");