преди 10 години · d1d080131a
--- a/example.ini.php
+++ b/example.ini.php
@@ -1,9 +1,9 @@
 
				 ; <?php die("Access denied"); ?>
			
 
				 [general]
			
 
				 title = "iCauseFX"
			
 
				-password = "$5$rounds=10000$2lXstBi0yrcJd7vH$9SBM7jW1XAlS67mNpEKolliHvz57UPgPv65nJIBpgI2"
			
 
				+password = "$2y$10$97IH4rsp6fb.p5KIFfjVH.xZuFtghq5h.cKV4VuKQPhZCQdmJzeMS"
			
 
				 useicons = "true"
			
 
				-tabcoloractive = "#000000"
			
 
				+tabcoloractive = "#ffffff"
			
 
				 fontcoloractive = "#F44343"
			
 
				 tabshadowactive = "#808080"
			
 
				 tabcolor = "#ffffff"
			
--- a/settings.php
+++ b/settings.php
@@ -46,10 +46,8 @@ $configfile = 'settings.ini.php';
 
				 //Password crap
			
 
				 if(array_key_exists('category-0', $_POST) == true){
			
 
				     foreach ($config as $keyname => $section) { if(($keyname == "general")) { $nopass = $section["password"]; } }
			
 
				-    $salt = substr(str_replace('+','.',base64_encode(md5(mt_rand(), true))),0,16);
			
 
				-    $rounds = 10000;
			
 
				     if(empty($_POST["password-0"])){ $_POST["password-0"] = $nopass;}
			
 
				-    if(strlen($_POST["password-0"]) < 50){ $_POST["password-0"] = crypt($_POST["password-0"], sprintf('$5$rounds=%d$%s$', $rounds, $salt)); }
			
 
				+    if(strlen($_POST["password-0"]) < 50){ $_POST["password-0"] = password_hash($_POST["password-0"], PASSWORD_DEFAULT); }
			
 
				     //password crap      
			
 
				     
			
 
				     //Cookies anyone?
			
--- a/setup.php
+++ b/setup.php
@@ -41,10 +41,7 @@ foreach ($config as $keyname => $section) {
 
				 
			
 
				 $pass = isset( $_POST["pass"] ) ? $_POST["pass"] : "none" ;
			
 
				 
			
 
				-$parts = explode('$', $hash_pass);
			
 
				-$test_hash = crypt($pass, sprintf('$%s$%s$%s$', $parts[1], $parts[2], $parts[3]));
			
 
				-
			
 
				-if(($action == "write" && $hash_pass == $test_hash)){ 
			
 
				+if(($action == "write" && password_verify($pass, $hash_pass))){ 
			
 
				     setcookie("logged", $hash_pass, time() + (86400 * 7), "/");
			
 
				     $error = "You got it dude!";
			
 
				     echo "<!DOCTYPE html>";
			
@@ -55,7 +52,7 @@ if(($action == "write" && $hash_pass == $test_hash)){
 
				     echo "<body></body></html>";
			
 
				 }
			
 
				 
			
 
				-if(isset( $_POST["pass"] ) && ($hash_pass !== $test_hash)){
			
 
				+if(isset( $_POST["pass"] ) && (!password_verify($pass, $hash_pass))){
			
 
				     $error = "Wrong Password!";
			
 
				 }
			
 
				     
			
@@ -70,7 +67,7 @@ if($_COOKIE["logged"] == $hash_pass){
 
				     
			
 
				 }
			
 
				 
			
 
				-if($hash_pass !== $test_hash){
			
 
				+if(!password_verify($pass, $hash_pass)){
			
 
				 
			
 
				     echo "<link rel='stylesheet prefetch' href='https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css'>";
			
 
				     echo "<center><B>Please Login to Contiune<br/><br/>";