Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
531 Commits 1 Branch 0 Tags
Commit Graph

6 Commits

Author SHA1 Message Date
azett
f265b22b0b Fix for #59: Updated password hash algorithm from md5 to bcrypt (via password_hash() function). Thanks a lot, @axelhahn! 
In detail: Added function io_delete_file(). Removed system_hashsalt_save(). Added password hash update mechanics to user_login().
 2020-12-19 14:02:27 +01:00
real_nowhereman
0d6ef5c515 using wp cookie-safe redirect; this should be hopefully 'free' (= shouldn't have drawbacks) 2008-03-17 20:27:00 +00:00
real_nowhereman
f5bd65f529 the choice between 2 hashing algos was preventing maximum portability (if the target platform lacked the optional algorithm, while the install platform had it you couldn't login anymore): I've chosen salted md5, which is probably easier to find (well, I tested on 2 servers and they both lacked the other one: I was MAD): the salt is however very long, and once created you can edit it and reinstall again to make it even stronger 2008-02-20 17:53:09 +00:00
real_nowhereman
c0642e4f0f huge security commit, this should be an almost hassle-free hash salt: the salt is created on setup and then STORED in fp-content/config/hashsalt.conf.php 
(you can change the name of the file from defaults.php); 

as salt is based on the path on the server, if you had to move to another directory or to another server, then you wouldn't be able to login anymore and you had to reinstall, now this shouldn't be needed anymore; moreover as this is now safe in a file we can add additional security by
* concatenating the default paths+random blog id to another random number, which is not written anywhere else
* changing the contents with your very own salt string: then re-run setup and overwrite your old user: the hashsalt won't be overwritten (this needs testing)
 2008-02-10 14:20:09 +00:00
real_nowhereman
725a70f1d0 finally moved from simple md5 to salted wp_hash ; please remember to REINSTALL and OVERWRITE your old user in order to be able to login ! 2008-01-01 09:34:41 +00:00
real_nowhereman
a68630bf35 First revision of FlatPress Crescendo+1 ( 0.703+n :) ) 2007-10-30 10:30:07 +00:00