From 153f56fe7fc809a59e8a3c476d72d5d172279037 Mon Sep 17 00:00:00 2001 From: Tom Lake Date: Wed, 4 Dec 2019 10:10:54 +0000 Subject: [PATCH 1/3] Delete Using the SUCS Tools.txt --- .../SUCS Services/Using the SUCS Tools.txt | 32 ------------------- 1 file changed, 32 deletions(-) delete mode 100644 static/Knowledge/Help/SUCS Services/Using the SUCS Tools.txt diff --git a/static/Knowledge/Help/SUCS Services/Using the SUCS Tools.txt b/static/Knowledge/Help/SUCS Services/Using the SUCS Tools.txt deleted file mode 100644 index fc77bd7..0000000 --- a/static/Knowledge/Help/SUCS Services/Using the SUCS Tools.txt +++ /dev/null @@ -1,32 +0,0 @@ -

We have put together a set of tools to make it easier to access SUCS services from your own computer. Note that you don't have to use the SUCS Tools to use our services - they're just a time-saving way to do so. The tools consist of the following:

- - - -

For more information about the services, click on the links.

- -

Downloading and installing the tools

-

There are two versions of the tools. Which one you need depends on which operating system you use - Windows or Mac OS X. If you use Linux, you probably already have an SSH and a VNC client installed and so don't need the SUCS Tools.

- - -

Windows

-
    -
  1. Download SUCS Tools for Windows
    2. -
  2. Once the file has downloaded, double-click on it to start installing the SUCS Tools. A dialog box might appear telling you that "the publisher could not be verified." This is because we haven't paid for a digital certificate to sign the file with. Click "Run" to start the installation.
    3. -
  3. Follow the instructions provided by the installer.
    4. -
-

When the installation has completed, you can access the SUCS Tools via Start > All Programs > SUCS Tools.

- -

Mac OS X

-
    -
  1. Download SUCS Tools for Mac OS X
    2. -
  2. Once the file has downloaded, it might automatically open (it depends which browser you use). If it doesn't, double click on the file to mount the disk image.
    3. -
  3. Drag the SUCS folder to the Applications shortcut to install the tools.
    4. -
-

When the files have finished copying, you will find the SUCS Tools in your Applications folder.

\ No newline at end of file -- GitLab From c977f70e7963dcb15169e47a30a595a655c4b4d5 Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Thu, 23 Dec 2021 11:46:24 +0000 Subject: [PATCH 2/3] Use node:current image --- .gitlab-ci.yml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 99e3403..5ecf4aa 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -22,15 +22,8 @@ php-syntax-check: js-syntax-check: stage: test + image: node:current script: - - apt-get clean - - apt-get update -# - apt-get install -y nodejs -# - ln -s /usr/bin/nodejs /usr/bin/node - - apt-get install -y curl gnupg - - curl -sL https://deb.nodesource.com/setup_8.x | bash - - - apt-get install -y nodejs - - apt-get install -y npm - npm install -g jshint - find htdocs/js/ -name *.js ! -name jquery* | xargs -n 1 jshint --verbose @@ -52,4 +45,4 @@ deploy-live: - curl https://sucs.org/pull.php only: - sucs-site - environment: live \ No newline at end of file + environment: live -- GitLab From dcc4902a33c91b247a2b2b5f57b0445e9aafed48 Mon Sep 17 00:00:00 2001 From: Imran Hussain Date: Thu, 23 Dec 2021 11:57:34 +0000 Subject: [PATCH 3/3] Sha512 passwords --- components/options.php | 5 +++-- lib/member_functions.php | 15 ++++++++++++++- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/components/options.php b/components/options.php index 851d431..db0ac5d 100644 --- a/components/options.php +++ b/components/options.php @@ -5,6 +5,8 @@ require_once("../lib/validation.php"); require_once("Net/MAC.php"); include_once("../lib/date.php"); +// password hash, renewal functions +include_once("../lib/member_functions.php"); // Some Constants // These could possibly be moved somewhere saner? @@ -47,7 +49,7 @@ function changePassword($oldpass, $newpass1, $newpass2) // if everything looks OK, attempt to make the change $success = ldap_mod_replace($ldap, "uid=" . $session->username . ",ou=People,dc=sucs,dc=org", - array('userpassword' => "{SHA}" . base64_encode(pack("H*", sha1($newpass1))))); + array('userpassword' => "{CRYPT}" . cryptPassword($newpass1))); ldap_close($ldap); return $success; @@ -214,7 +216,6 @@ function updateRenew() return FALSE; } - include_once("../lib/member_functions.php"); renew_membership($member['username']); $sucsDB->Execute("update signup set activated=NOW(), username=? where id=?", array($member['username'], $signup['id'])); return TRUE; diff --git a/lib/member_functions.php b/lib/member_functions.php index 412f486..75dbd8e 100644 --- a/lib/member_functions.php +++ b/lib/member_functions.php @@ -29,6 +29,19 @@ function make_password($length = 8) return $password; } +// https://stackoverflow.com/a/44428794 +function cryptPassword($password, $salt = "", $rounds = 5000) +{ + if ($salt == "") { + // Generate random salt + $salt = substr(bin2hex(openssl_random_pseudo_bytes(16)),0,16); + } + // $6$ specifies SHA512 + $hash = crypt($password, sprintf('$6$rounds=%d$%s$', $rounds, $salt)); + + return $hash; +} + function generateUid() { @@ -63,7 +76,7 @@ function generateLdif($uid, $password, $type, $realname, $username) // explode the realname $nameexplode = explode(' ', trim($realname)); // hash the password - $ldappassword = "{SHA}" . base64_encode(pack("H*", sha1($password))); + $ldappassword = "{CRYPT}" . cryptPassword($password); // compile ldif $ldif = "dn: uid=" . $username . ",ou=People,dc=sucs,dc=org\n"; $ldif .= "uid: " . $username . "\n"; -- GitLab