flash/sakura
flash/sakura
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

killed legacy

Browse source
This commit is contained in:
flash 2015-08-10 04:01:07 +02:00
parent 7a2ffdd191
commit 34c983b87f
7 changed files with 25 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -13,14 +13,6 @@ I'll write a more descriptive readme once it's in a stable state.
ServerAlias www.[site url] ServerAlias www.[site url]
</VirtualHost> </VirtualHost>
<VirtualHost *:80 *:443>
DocumentRoot [local path]/content
ServerName content.[site url]
Header unset Cookie
Header unset Set-Cookie
</VirtualHost>
<VirtualHost *:80 *:443> <VirtualHost *:80 *:443>
DocumentRoot [local path]/api DocumentRoot [local path]/api
ServerName api.[site url] ServerName api.[site url]

4
_sakura/changelog.json
View file

@ -1683,6 +1683,10 @@
{ {
"type": "FIX", "type": "FIX",
"change": "Attempt to fix error while trying to get the old avatar name." "change": "Attempt to fix error while trying to get the old avatar name."
},
{
"type": "REM",
"change": "Removed legacy password hash support, if your account still uses this method request a password reset email."
} }
] ]

7
_sakura/components/Main.php
View file

@ -260,13 +260,6 @@ class Main {
} }
// Legacy password hashing to be able to validate passwords from users on the old backend.
public static function legacyPasswordHash($data) {
return hash('sha512', strrev(hash('sha512', $data)));
}
// Cleaning strings // Cleaning strings
public static function cleanString($string, $lower = false, $nospecial = false) { public static function cleanString($string, $lower = false, $nospecial = false) {

18
_sakura/components/Users.php
View file

@ -116,27 +116,27 @@ class Users {
$user = self::getUser($uid); $user = self::getUser($uid);
// Validate password // Validate password
if($user['password_algo'] == 'nologin') { // Disable logging in to an account switch($user['password_algo']) {
// Abyssing
case 'nologin':
return [0, 'NO_LOGIN']; return [0, 'NO_LOGIN'];
} elseif($user['password_algo'] == 'legacy') { // Shitty legacy method of sha512(strrev(sha512())) // Default hashing method
default:
if(Main::legacyPasswordHash($password) != $user['password_hash'])
return [0, 'INCORRECT_PASSWORD'];
} else { // PBKDF2 hashing
if(!Hashing::validate_password($password, [ if(!Hashing::validate_password($password, [
$user['password_algo'], $user['password_algo'],
$user['password_iter'], $user['password_iter'],
$user['password_salt'], $user['password_salt'],
$user['password_hash'] $user['password_hash']
])) ])) {
return [0, 'INCORRECT_PASSWORD', $user['password_chan']]; return [0, 'INCORRECT_PASSWORD', $user['password_chan']];
} }
}
// Check if the user has the required privs to log in // Check if the user has the required privs to log in
if(Permissions::check('SITE', 'DEACTIVATED', $user['id'], 1)) if(Permissions::check('SITE', 'DEACTIVATED', $user['id'], 1))
return [0, 'NOT_ALLOWED']; return [0, 'NOT_ALLOWED'];

10
_sakura/templates/broomcloset/global/header.tpl
View file

@ -9,7 +9,7 @@
<meta http-equiv="refresh" content="3; URL={{ page.redirect }}" /> <meta http-equiv="refresh" content="3; URL={{ page.redirect }}" />
{% endif %} {% endif %}
<!-- CSS --> <!-- CSS -->
<link rel="stylesheet" type="text/css" href="//{{ sakura.urls.content }}/global.css" /> <link rel="stylesheet" type="text/css" href="//{{ sakura.content_path }}/global.css" />
<link rel="stylesheet" type="text/css" href="{{ sakura.resources }}/css/manage.css" /> <link rel="stylesheet" type="text/css" href="{{ sakura.resources }}/css/manage.css" />
<link rel="stylesheet" type="text/css" href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" /> <link rel="stylesheet" type="text/css" href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" />
<!-- JS --> <!-- JS -->
@ -27,19 +27,19 @@
<div class="nav"> <div class="nav">
<div class="menu" id="siteNav"> <div class="menu" id="siteNav">
<div style="color: {{ user.colour }};">{{ user.data.username }}</div> <div style="color: {{ user.colour }};">{{ user.data.username }}</div>
<a href="//{{ sakura.urls.main }}/">Return to Site Index</a> <a href="/">Return to Site Index</a>
<a href="//{{ sakura.urls.main }}/logout?mode=logout&time={{ php.time }}&session={{ php.sessionid }}&redirect=//{{ sakura.urls.main }}/">Logout</a> <a href="/logout?mode=logout&amp;time={{ php.time }}&amp;session={{ php.sessionid }}&amp;redirect=/">Logout</a>
</div> </div>
<div class="menu" id="pageNav"> <div class="menu" id="pageNav">
<div>Navigation</div> <div>Navigation</div>
{% for short,page in page.pages %} {% for short,page in page.pages %}
<a href="//{{ sakura.urls.main }}/manage/{{ short }}/">{{ page.desc }}</a> <a href="/manage/{{ short }}/">{{ page.desc }}</a>
{% endfor %} {% endfor %}
</div> </div>
<div class="menu" id="subNav"> <div class="menu" id="subNav">
<div>{{ page.pages[page.activepage].desc }}</div> <div>{{ page.pages[page.activepage].desc }}</div>
{% for short,sub in page.pages[page.activepage].subs %} {% for short,sub in page.pages[page.activepage].subs %}
<a href="//{{ sakura.urls.main }}/manage/{{ page.activepage }}/{{ short }}/">{{ sub.desc }}</a> <a href="/manage/{{ page.activepage }}/{{ short }}/">{{ sub.desc }}</a>
{% endfor %} {% endfor %}
</div> </div>
</div> </div>

29
_sakura/templates/yuuno/main/legacypasswordchange.tpl
View file

@ -1,29 +0,0 @@
{% include 'global/header.tpl' %}
<div class="content news settings">
<div class="head">Changing Password</div>
<div class="settings-explanation">
Because of a change in the way Flashii handles authentication you are required to change your password.
</div>
<form method="post" action="/authenticate" id="passwordForm">
<input type="hidden" name="redirect" value="//iihsalf.net/" />
<input type="hidden" name="session" value="{{ php.sessionid }}" />
<input type="hidden" name="time" value="{{ php.time }}" />
<input type="hidden" name="mode" value="legacypw" />
<div class="profile-field">
<div><h2>Old Password</h2></div>
<div style="text-align: center;"><input type="password" name="oldpw" placeholder="Your current password for verification" class="inputStyling" /></div>
</div>
<div class="profile-field">
<div><h2>New Password</h2></div>
<div style="text-align: center;"><input type="password" name="newpw" placeholder="Your new password, can be the same but that's not a good idea" class="inputStyling" /></div>
</div>
<div class="profile-field">
<div><h2>Verify Password</h2></div>
<div style="text-align: center;"><input type="password" name="verpw" placeholder="Your new password again to make sure you didn't typo anything" class="inputStyling" /></div>
</div>
<div class="profile-save">
<input type="submit" value="Save" name="submit" class="inputStyling" /> <input type="reset" value="Reset" name="reset" class="inputStyling" />
</div>
</form>
</div>
{% include 'global/footer.tpl' %}

42
main/authenticate.php
View file

@ -53,7 +53,7 @@ if(isset($_REQUEST['mode'])) {
// Login check // Login check
if(Users::checkLogin()) { if(Users::checkLogin()) {
if(!in_array($_REQUEST['mode'], ['logout', 'legacypw'])) { if(!in_array($_REQUEST['mode'], ['logout'])) {
$continue = false; $continue = false;
// Add page specific things // Add page specific things
@ -86,32 +86,6 @@ if(isset($_REQUEST['mode'])) {
break; break;
case 'legacypw':
// Attempt change
$legacypass = Users::changeLegacy($_REQUEST['oldpw'], $_REQUEST['newpw'], $_REQUEST['verpw']);
// Array containing "human understandable" messages
$messages = [
'USER_NOT_LOGIN' => 'What are you doing, you\'re not even logged in. GO AWAY!',
'INCORRECT_PASSWORD' => 'The password you entered was invalid.',
'NOT_ALLOWED' => 'Your account does not have the required permissions to change your password.',
'NO_LOGIN' => 'Logging into this account is disabled.',
'PASS_TOO_SHIT' => 'Your password is too weak, try adding some special characters.',
'PASS_NOT_MATCH' => 'Passwords do not match.',
'SUCCESS' => 'Successfully changed your password, you may now continue.'
];
// Add page specific things
$renderData['page'] = [
'title' => 'Change Password',
'redirect' => '/',
'message' => $messages[$legacypass[1]],
'success' => $legacypass[0]
];
break;
case 'changepassword': case 'changepassword':
// Attempt change // Attempt change
@ -200,14 +174,13 @@ if(isset($_REQUEST['mode'])) {
'INCORRECT_PASSWORD' => 'The password you entered was invalid.', 'INCORRECT_PASSWORD' => 'The password you entered was invalid.',
'NOT_ALLOWED' => 'Your account does not have the required permissions to log in.', 'NOT_ALLOWED' => 'Your account does not have the required permissions to log in.',
'NO_LOGIN' => 'Logging into this account is disabled.', 'NO_LOGIN' => 'Logging into this account is disabled.',
'LEGACY_SUCCESS' => 'Login successful! Taking you to the password changing page...',
'LOGIN_SUCESS' => 'Login successful!' 'LOGIN_SUCESS' => 'Login successful!'
]; ];
// Add page specific things // Add page specific things
$renderData['page'] = [ $renderData['page'] = [
'title' => 'Login', 'title' => 'Login',
'redirect' => ($login[1] == 'LEGACY_SUCCESS' ? '/authenticate?legacy=true' : ($login[0] ? $_REQUEST['redirect'] : '/authenticate')), 'redirect' => $login[0] ? $_REQUEST['redirect'] : '/authenticate',
'message' => $messages[$login[1]], 'message' => $messages[$login[1]],
'success' => $login[0] 'success' => $login[0]
]; ];
@ -326,17 +299,6 @@ $renderData['auth'] = [
// Check if the user is already logged in // Check if the user is already logged in
if(Users::checkLogin()) { if(Users::checkLogin()) {
// If password forgot things are set display password forget thing
if(isset($_REQUEST['legacy']) && $_REQUEST['legacy'] && Users::getUser(Session::$userId)['password_algo'] == 'legacy') {
$renderData['page']['title'] = 'Changing Password';
$renderData['auth']['changingPass'] = true;
print Templates::render('main/legacypasswordchange.tpl', $renderData);
exit;
}
// Add page specific things // Add page specific things
$renderData['page'] = [ $renderData['page'] = [
'title' => 'Authentication', 'title' => 'Authentication',