Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • osian/sucs-site
  • kais58/sucs-site
  • imranh/sucs-site
  • foshjedi2004/sucs-site
  • gigosaurus/sucs-site
  • matstn/sucs-site
  • ripp_/sucs-site
  • eggnog/sucs-site
  • sucssite/sucs-site
  • elbows/sucs-site
  • realitykiller/sucs-site
  • crox/sucs-site
  • vectre/sucs-site
  • welshbyte/sucs-site
  • paperclipman/sucs-site
15 results
Show changes
Commits on Source (8)
Hide whitespace changes
Inline Side-by-side
.gitlab-ci.yml
View file @ 3d7a5da3
...@@ -22,15 +22,8 @@ php-syntax-check: ...@@ -22,15 +22,8 @@ php-syntax-check:
js-syntax-check: js-syntax-check:
stage: test stage: test
image: node:current
script: script:
- apt-get clean
- apt-get update
# - apt-get install -y nodejs
# - ln -s /usr/bin/nodejs /usr/bin/node
- apt-get install -y curl gnupg
- curl -sL https://deb.nodesource.com/setup_8.x | bash -
- apt-get install -y nodejs
- apt-get install -y npm
- npm install -g jshint - npm install -g jshint
- find htdocs/js/ -name *.js ! -name jquery* | xargs -n 1 jshint --verbose - find htdocs/js/ -name *.js ! -name jquery* | xargs -n 1 jshint --verbose
...@@ -52,4 +45,4 @@ deploy-live: ...@@ -52,4 +45,4 @@ deploy-live:
- curl https://sucs.org/pull.php - curl https://sucs.org/pull.php
only: only:
- sucs-site - sucs-site
environment: live environment: live
\ No newline at end of file
components/options.php
View file @ 3d7a5da3
...@@ -5,6 +5,8 @@ require_once("../lib/validation.php"); ...@@ -5,6 +5,8 @@ require_once("../lib/validation.php");
require_once("Net/MAC.php"); require_once("Net/MAC.php");
include_once("../lib/date.php"); include_once("../lib/date.php");
// password hash, renewal functions
include_once("../lib/member_functions.php");
// Some Constants // Some Constants
// These could possibly be moved somewhere saner? // These could possibly be moved somewhere saner?
...@@ -47,7 +49,7 @@ function changePassword($oldpass, $newpass1, $newpass2) ...@@ -47,7 +49,7 @@ function changePassword($oldpass, $newpass1, $newpass2)
// if everything looks OK, attempt to make the change // if everything looks OK, attempt to make the change
$success = ldap_mod_replace($ldap, "uid=" . $session->username . ",ou=People,dc=sucs,dc=org", $success = ldap_mod_replace($ldap, "uid=" . $session->username . ",ou=People,dc=sucs,dc=org",
array('userpassword' => "{SHA}" . base64_encode(pack("H*", sha1($newpass1))))); array('userpassword' => "{CRYPT}" . cryptPassword($newpass1)));
ldap_close($ldap); ldap_close($ldap);
return $success; return $success;
...@@ -214,7 +216,6 @@ function updateRenew() ...@@ -214,7 +216,6 @@ function updateRenew()
return FALSE; return FALSE;
} }
include_once("../lib/member_functions.php");
renew_membership($member['username']); renew_membership($member['username']);
$sucsDB->Execute("update signup set activated=NOW(), username=? where id=?", array($member['username'], $signup['id'])); $sucsDB->Execute("update signup set activated=NOW(), username=? where id=?", array($member['username'], $signup['id']));
return TRUE; return TRUE;
......
lib/member_functions.php
View file @ 3d7a5da3
...@@ -29,6 +29,19 @@ function make_password($length = 8) ...@@ -29,6 +29,19 @@ function make_password($length = 8)
return $password; return $password;
} }
// https://stackoverflow.com/a/44428794
function cryptPassword($password, $salt = "", $rounds = 5000)
{
if ($salt == "") {
// Generate random salt
$salt = substr(bin2hex(openssl_random_pseudo_bytes(16)),0,16);
}
// $6$ specifies SHA512
$hash = crypt($password, sprintf('$6$rounds=%d$%s$', $rounds, $salt));
return $hash;
}
function generateUid() function generateUid()
{ {
...@@ -63,7 +76,7 @@ function generateLdif($uid, $password, $type, $realname, $username) ...@@ -63,7 +76,7 @@ function generateLdif($uid, $password, $type, $realname, $username)
// explode the realname // explode the realname
$nameexplode = explode(' ', trim($realname)); $nameexplode = explode(' ', trim($realname));
// hash the password // hash the password
$ldappassword = "{SHA}" . base64_encode(pack("H*", sha1($password))); $ldappassword = "{CRYPT}" . cryptPassword($password);
// compile ldif // compile ldif
$ldif = "dn: uid=" . $username . ",ou=People,dc=sucs,dc=org\n"; $ldif = "dn: uid=" . $username . ",ou=People,dc=sucs,dc=org\n";
$ldif .= "uid: " . $username . "\n"; $ldif .= "uid: " . $username . "\n";
......