diff --git a/README.md b/README.md index d3799a9..d67b1d9 100644 --- a/README.md +++ b/README.md @@ -13,14 +13,6 @@ I'll write a more descriptive readme once it's in a stable state. ServerAlias www.[site url] - - DocumentRoot [local path]/content - ServerName content.[site url] - - Header unset Cookie - Header unset Set-Cookie - - DocumentRoot [local path]/api ServerName api.[site url] diff --git a/_sakura/changelog.json b/_sakura/changelog.json index 7f36c47..34d7f28 100644 --- a/_sakura/changelog.json +++ b/_sakura/changelog.json @@ -1683,6 +1683,10 @@ { "type": "FIX", "change": "Attempt to fix error while trying to get the old avatar name." + }, + { + "type": "REM", + "change": "Removed legacy password hash support, if your account still uses this method request a password reset email." } ] diff --git a/_sakura/components/Main.php b/_sakura/components/Main.php index 50d61c8..d67491e 100644 --- a/_sakura/components/Main.php +++ b/_sakura/components/Main.php @@ -260,13 +260,6 @@ class Main { } - // Legacy password hashing to be able to validate passwords from users on the old backend. - public static function legacyPasswordHash($data) { - - return hash('sha512', strrev(hash('sha512', $data))); - - } - // Cleaning strings public static function cleanString($string, $lower = false, $nospecial = false) { diff --git a/_sakura/components/Users.php b/_sakura/components/Users.php index b1c899d..fda8fed 100644 --- a/_sakura/components/Users.php +++ b/_sakura/components/Users.php @@ -116,24 +116,24 @@ class Users { $user = self::getUser($uid); // Validate password - if($user['password_algo'] == 'nologin') { // Disable logging in to an account + switch($user['password_algo']) { - return [0, 'NO_LOGIN']; + // Abyssing + case 'nologin': + return [0, 'NO_LOGIN']; - } elseif($user['password_algo'] == 'legacy') { // Shitty legacy method of sha512(strrev(sha512())) + // Default hashing method + default: + if(!Hashing::validate_password($password, [ + $user['password_algo'], + $user['password_iter'], + $user['password_salt'], + $user['password_hash'] + ])) { - if(Main::legacyPasswordHash($password) != $user['password_hash']) - return [0, 'INCORRECT_PASSWORD']; + return [0, 'INCORRECT_PASSWORD', $user['password_chan']]; - } else { // PBKDF2 hashing - - if(!Hashing::validate_password($password, [ - $user['password_algo'], - $user['password_iter'], - $user['password_salt'], - $user['password_hash'] - ])) - return [0, 'INCORRECT_PASSWORD', $user['password_chan']]; + } } diff --git a/_sakura/templates/broomcloset/global/header.tpl b/_sakura/templates/broomcloset/global/header.tpl index 765c5a6..1051f39 100644 --- a/_sakura/templates/broomcloset/global/header.tpl +++ b/_sakura/templates/broomcloset/global/header.tpl @@ -9,7 +9,7 @@ {% endif %} - + @@ -27,19 +27,19 @@
diff --git a/_sakura/templates/yuuno/main/legacypasswordchange.tpl b/_sakura/templates/yuuno/main/legacypasswordchange.tpl deleted file mode 100644 index f80c0e1..0000000 --- a/_sakura/templates/yuuno/main/legacypasswordchange.tpl +++ /dev/null @@ -1,29 +0,0 @@ -{% include 'global/header.tpl' %} -
-
Changing Password
-
- Because of a change in the way Flashii handles authentication you are required to change your password. -
-
- - - - -
-

Old Password

-
-
-
-

New Password

-
-
-
-

Verify Password

-
-
-
- -
-
-
-{% include 'global/footer.tpl' %} diff --git a/main/authenticate.php b/main/authenticate.php index 301d6a1..5e14492 100644 --- a/main/authenticate.php +++ b/main/authenticate.php @@ -53,7 +53,7 @@ if(isset($_REQUEST['mode'])) { // Login check if(Users::checkLogin()) { - if(!in_array($_REQUEST['mode'], ['logout', 'legacypw'])) { + if(!in_array($_REQUEST['mode'], ['logout'])) { $continue = false; // Add page specific things @@ -86,32 +86,6 @@ if(isset($_REQUEST['mode'])) { break; - case 'legacypw': - - // Attempt change - $legacypass = Users::changeLegacy($_REQUEST['oldpw'], $_REQUEST['newpw'], $_REQUEST['verpw']); - - // Array containing "human understandable" messages - $messages = [ - 'USER_NOT_LOGIN' => 'What are you doing, you\'re not even logged in. GO AWAY!', - 'INCORRECT_PASSWORD' => 'The password you entered was invalid.', - 'NOT_ALLOWED' => 'Your account does not have the required permissions to change your password.', - 'NO_LOGIN' => 'Logging into this account is disabled.', - 'PASS_TOO_SHIT' => 'Your password is too weak, try adding some special characters.', - 'PASS_NOT_MATCH' => 'Passwords do not match.', - 'SUCCESS' => 'Successfully changed your password, you may now continue.' - ]; - - // Add page specific things - $renderData['page'] = [ - 'title' => 'Change Password', - 'redirect' => '/', - 'message' => $messages[$legacypass[1]], - 'success' => $legacypass[0] - ]; - - break; - case 'changepassword': // Attempt change @@ -200,14 +174,13 @@ if(isset($_REQUEST['mode'])) { 'INCORRECT_PASSWORD' => 'The password you entered was invalid.', 'NOT_ALLOWED' => 'Your account does not have the required permissions to log in.', 'NO_LOGIN' => 'Logging into this account is disabled.', - 'LEGACY_SUCCESS' => 'Login successful! Taking you to the password changing page...', 'LOGIN_SUCESS' => 'Login successful!' ]; // Add page specific things $renderData['page'] = [ 'title' => 'Login', - 'redirect' => ($login[1] == 'LEGACY_SUCCESS' ? '/authenticate?legacy=true' : ($login[0] ? $_REQUEST['redirect'] : '/authenticate')), + 'redirect' => $login[0] ? $_REQUEST['redirect'] : '/authenticate', 'message' => $messages[$login[1]], 'success' => $login[0] ]; @@ -326,17 +299,6 @@ $renderData['auth'] = [ // Check if the user is already logged in if(Users::checkLogin()) { - // If password forgot things are set display password forget thing - if(isset($_REQUEST['legacy']) && $_REQUEST['legacy'] && Users::getUser(Session::$userId)['password_algo'] == 'legacy') { - - $renderData['page']['title'] = 'Changing Password'; - $renderData['auth']['changingPass'] = true; - - print Templates::render('main/legacypasswordchange.tpl', $renderData); - exit; - - } - // Add page specific things $renderData['page'] = [ 'title' => 'Authentication',