Changeset 3231:bf7f869cfed9
- Timestamp:
- 03/25/16 12:43:18 (9 years ago)
- Branch:
- default
- Files:
-
- 5 edited
-
inc/core/class.dc.auth.php (modified) (2 diffs)
-
inc/core/class.dc.core.php (modified) (1 diff)
-
inc/dbschema/db-schema.php (modified) (16 diffs)
-
inc/prepend.php (modified) (1 diff)
-
plugins/antispam/inc/lib.dc.antispam.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
inc/core/class.dc.auth.php
r3036 r3231 172 172 public function crypt($pwd) 173 173 { 174 return crypt::hmac(DC_MASTER_KEY,$pwd );174 return crypt::hmac(DC_MASTER_KEY,$pwd,DC_CRYPT_ALGO); 175 175 } 176 176 … … 310 310 311 311 $user_id = trim(@pack('a32',substr($code,0,32))); 312 $pwd = @unpack('H 40hex',substr($code,32,40));312 $pwd = @unpack('H*hex',substr($code,32)); 313 313 314 314 if ($user_id === false || $pwd === false) { -
inc/core/class.dc.core.php
r3230 r3231 198 198 public function checkNonce($secret) 199 199 { 200 // 40 alphanumeric characters min 200 201 if (!preg_match('/^([0-9a-f]{40,})$/i',$secret)) { 201 202 return false; -
inc/dbschema/db-schema.php
r2566 r3231 19 19 -------------------------------------------------------- */ 20 20 $_s->blog 21 ->blog_id ('varchar', 32,false)22 ->blog_uid ('varchar', 32,false)23 ->blog_creadt ('timestamp', 0,false, 'now()')24 ->blog_upddt ('timestamp', 0,false, 'now()')25 ->blog_url ('varchar',255, false)26 ->blog_name ('varchar',255, false)27 ->blog_desc ('text', 0,true)28 ->blog_status ('smallint', 0,false, 1)21 ->blog_id ('varchar', 32, false) 22 ->blog_uid ('varchar', 32, false) 23 ->blog_creadt ('timestamp', 0, false, 'now()') 24 ->blog_upddt ('timestamp', 0, false, 'now()') 25 ->blog_url ('varchar', 255, false) 26 ->blog_name ('varchar', 255, false) 27 ->blog_desc ('text', 0, true) 28 ->blog_status ('smallint', 0, false, 1) 29 29 30 30 ->primary('pk_blog','blog_id') … … 32 32 33 33 $_s->category 34 ->cat_id ('bigint', 0,false)35 ->blog_id ('varchar', 32,false)36 ->cat_title ('varchar',255, false)37 ->cat_url ('varchar',255, false)38 ->cat_desc ('text', 0,true)39 ->cat_position ('integer', 0,true, 0)40 ->cat_lft ('integer', 0,true)41 ->cat_rgt ('integer', 0,true)34 ->cat_id ('bigint', 0, false) 35 ->blog_id ('varchar', 32, false) 36 ->cat_title ('varchar', 255, false) 37 ->cat_url ('varchar', 255, false) 38 ->cat_desc ('text', 0, true) 39 ->cat_position ('integer', 0, true, 0) 40 ->cat_lft ('integer', 0, true) 41 ->cat_rgt ('integer', 0, true) 42 42 43 43 ->primary('pk_category','cat_id') … … 47 47 48 48 $_s->session 49 ->ses_id ('varchar', 40,false)50 ->ses_time ('integer', 0,false, 0)51 ->ses_start ('integer', 0,false, 0)52 ->ses_value ('text', 0,false)49 ->ses_id ('varchar', 40, false) 50 ->ses_time ('integer', 0, false, 0) 51 ->ses_start ('integer', 0, false, 0) 52 ->ses_value ('text', 0, false) 53 53 54 54 ->primary('pk_session','ses_id') … … 56 56 57 57 $_s->setting 58 ->setting_id ('varchar',255, false)59 ->blog_id ('varchar', 32,true)60 ->setting_ns ('varchar', 32,false, "'system'")61 ->setting_value ('text', 0,true, null)62 ->setting_type ('varchar', 8,false, "'string'")63 ->setting_label ('text', 0,true)58 ->setting_id ('varchar', 255, false) 59 ->blog_id ('varchar', 32, true) 60 ->setting_ns ('varchar', 32, false, "'system'") 61 ->setting_value ('text', 0, true, null) 62 ->setting_type ('varchar', 8, false, "'string'") 63 ->setting_label ('text', 0, true) 64 64 65 65 ->unique('uk_setting','setting_ns','setting_id','blog_id') … … 67 67 68 68 $_s->user 69 ->user_id ('varchar', 32,false)70 ->user_super ('smallint', 0,true)71 ->user_status ('smallint', 0,false, 1)72 ->user_pwd ('varchar', 40, false)73 ->user_change_pwd ('smallint', 0,false, 0)74 ->user_recover_key ('varchar', 32,true, null)75 ->user_name ('varchar',255, true, null)76 ->user_firstname ('varchar',255, true, null)77 ->user_displayname ('varchar',255, true, null)78 ->user_email ('varchar',255, true, null)79 ->user_url ('varchar',255, true, null)80 ->user_desc ('text', 0,true)81 ->user_default_blog ('varchar', 32,true, null)82 ->user_options ('text', 0,true)83 ->user_lang ('varchar', 5,true, null)84 ->user_tz ('varchar',128, false, "'UTC'")85 ->user_post_status ('smallint', 0,false, -2)86 ->user_creadt ('timestamp', 0,false, 'now()')87 ->user_upddt ('timestamp', 0,false, 'now()')69 ->user_id ('varchar', 32, false) 70 ->user_super ('smallint', 0, true) 71 ->user_status ('smallint', 0, false, 1) 72 ->user_pwd ('varchar', 255, false) 73 ->user_change_pwd ('smallint', 0, false, 0) 74 ->user_recover_key ('varchar', 32, true, null) 75 ->user_name ('varchar', 255, true, null) 76 ->user_firstname ('varchar', 255, true, null) 77 ->user_displayname ('varchar', 255, true, null) 78 ->user_email ('varchar', 255, true, null) 79 ->user_url ('varchar', 255, true, null) 80 ->user_desc ('text', 0, true) 81 ->user_default_blog ('varchar', 32, true, null) 82 ->user_options ('text', 0, true) 83 ->user_lang ('varchar', 5, true, null) 84 ->user_tz ('varchar', 128, false, "'UTC'") 85 ->user_post_status ('smallint', 0, false, -2) 86 ->user_creadt ('timestamp', 0, false, 'now()') 87 ->user_upddt ('timestamp', 0, false, 'now()') 88 88 89 89 ->primary('pk_user','user_id') … … 91 91 92 92 $_s->permissions 93 ->user_id ('varchar', 32,false)94 ->blog_id ('varchar', 32,false)95 ->permissions ('text', 0,true)93 ->user_id ('varchar', 32, false) 94 ->blog_id ('varchar', 32, false) 95 ->permissions ('text', 0, true) 96 96 97 97 ->primary('pk_permissions','user_id','blog_id') … … 99 99 100 100 $_s->post 101 ->post_id ('bigint', 0,false)102 ->blog_id ('varchar', 32,false)103 ->user_id ('varchar', 32,false)104 ->cat_id ('bigint', 0,true)105 ->post_dt ('timestamp', 0, false, 'now()')106 ->post_tz ('varchar', 128, false, "'UTC'")107 ->post_creadt ('timestamp', 0, false, 'now()')108 ->post_upddt ('timestamp', 0, false, 'now()')109 ->post_password ('varchar', 32,true, null)110 ->post_type ('varchar', 32,false, "'post'")111 ->post_format ('varchar', 32,false, "'xhtml'")112 ->post_url ('varchar',255, false)113 ->post_lang ('varchar', 5,true, null)114 ->post_title ('varchar', 255, true, null)115 ->post_excerpt ('text', 0, true, null)116 ->post_excerpt_xhtml ('text', 0, true, null)117 ->post_content ('text', 0, true, null)118 ->post_content_xhtml ('text', 0, false)119 ->post_notes ('text', 0, true, null)120 ->post_meta ('text', 0,true, null)121 ->post_words ('text', 0, true, null)122 ->post_status ('smallint', 0, false, 0)123 ->post_selected ('smallint', 0,false, 0)124 ->post_position ('integer', 0,false, 0)125 ->post_open_comment ('smallint', 0, false, 0)126 ->post_open_tb ('smallint', 0, false, 0)127 ->nb_comment ('integer', 0,false, 0)128 ->nb_trackback ('integer', 0,false, 0)101 ->post_id ('bigint', 0, false) 102 ->blog_id ('varchar', 32, false) 103 ->user_id ('varchar', 32, false) 104 ->cat_id ('bigint', 0, true) 105 ->post_dt ('timestamp', 0, false, 'now()') 106 ->post_tz ('varchar', 128, false, "'UTC'") 107 ->post_creadt ('timestamp', 0, false, 'now()') 108 ->post_upddt ('timestamp', 0, false, 'now()') 109 ->post_password ('varchar', 32, true, null) 110 ->post_type ('varchar', 32, false, "'post'") 111 ->post_format ('varchar', 32, false, "'xhtml'") 112 ->post_url ('varchar', 255, false) 113 ->post_lang ('varchar', 5, true, null) 114 ->post_title ('varchar', 255, true, null) 115 ->post_excerpt ('text', 0, true, null) 116 ->post_excerpt_xhtml ('text', 0, true, null) 117 ->post_content ('text', 0, true, null) 118 ->post_content_xhtml ('text', 0, false) 119 ->post_notes ('text', 0, true, null) 120 ->post_meta ('text', 0, true, null) 121 ->post_words ('text', 0, true, null) 122 ->post_status ('smallint', 0, false, 0) 123 ->post_selected ('smallint', 0, false, 0) 124 ->post_position ('integer', 0, false, 0) 125 ->post_open_comment ('smallint', 0, false, 0) 126 ->post_open_tb ('smallint', 0, false, 0) 127 ->nb_comment ('integer', 0, false, 0) 128 ->nb_trackback ('integer', 0, false, 0) 129 129 130 130 ->primary('pk_post','post_id') … … 134 134 135 135 $_s->media 136 ->media_id ('bigint', 0,false)137 ->user_id ('varchar', 32,false)138 ->media_path ('varchar',255, false)139 ->media_title ('varchar',255, false)140 ->media_file ('varchar',255, false)141 ->media_dir ('varchar',255, false, "'.'")142 ->media_meta ('text', 0,true, null)143 ->media_dt ('timestamp', 0,false, 'now()')144 ->media_creadt ('timestamp', 0,false, 'now()')145 ->media_upddt ('timestamp', 0,false, 'now()')146 ->media_private ('smallint', 0,false, 0)136 ->media_id ('bigint', 0, false) 137 ->user_id ('varchar', 32, false) 138 ->media_path ('varchar', 255, false) 139 ->media_title ('varchar', 255, false) 140 ->media_file ('varchar', 255, false) 141 ->media_dir ('varchar', 255, false, "'.'") 142 ->media_meta ('text', 0, true, null) 143 ->media_dt ('timestamp', 0, false, 'now()') 144 ->media_creadt ('timestamp', 0, false, 'now()') 145 ->media_upddt ('timestamp', 0, false, 'now()') 146 ->media_private ('smallint', 0, false, 0) 147 147 148 148 ->primary('pk_media','media_id') … … 150 150 151 151 $_s->post_media 152 ->media_id ('bigint', 0,false)153 ->post_id ('bigint', 0,false)154 ->link_type ('varchar', 32,false, "'attachment'")152 ->media_id ('bigint', 0, false) 153 ->post_id ('bigint', 0, false) 154 ->link_type ('varchar', 32, false, "'attachment'") 155 155 156 156 ->primary('pk_post_media','media_id','post_id','link_type') … … 158 158 159 159 $_s->log 160 ->log_id ('bigint', 0,false)161 ->user_id ('varchar', 32,true)162 ->blog_id ('varchar', 32,true)163 ->log_table ('varchar',255, false)164 ->log_dt ('timestamp', 0,false, 'now()')165 ->log_ip ('varchar', 39,false)166 ->log_msg ('text', 0,true, null)160 ->log_id ('bigint', 0, false) 161 ->user_id ('varchar', 32, true) 162 ->blog_id ('varchar', 32, true) 163 ->log_table ('varchar', 255, false) 164 ->log_dt ('timestamp', 0, false, 'now()') 165 ->log_ip ('varchar', 39, false) 166 ->log_msg ('text', 0, true, null) 167 167 168 168 ->primary('pk_log','log_id') … … 170 170 171 171 $_s->version 172 ->module ('varchar', 64,false)173 ->version ('varchar', 32,false)172 ->module ('varchar', 64, false) 173 ->version ('varchar', 32, false) 174 174 175 175 ->primary('pk_version','module') … … 177 177 178 178 $_s->ping 179 ->post_id ('bigint', 0,false)180 ->ping_url ('varchar',255, false)181 ->ping_dt ('timestamp', 0,false, 'now()')179 ->post_id ('bigint', 0, false) 180 ->ping_url ('varchar', 255, false) 181 ->ping_dt ('timestamp', 0, false, 'now()') 182 182 183 183 ->primary('pk_ping','post_id','ping_url') … … 185 185 186 186 $_s->comment 187 ->comment_id ('bigint', 0,false)188 ->post_id ('bigint', 0,false)189 ->comment_dt ('timestamp', 0, false, 'now()')190 ->comment_tz ('varchar', 128, false, "'UTC'")191 ->comment_upddt ('timestamp', 0,false, 'now()')192 ->comment_author ('varchar', 255, true, null)193 ->comment_email ('varchar',255, true, null)194 ->comment_site ('varchar', 255, true, null)195 ->comment_content ('text', 0, true)196 ->comment_words ('text', 0,true, null)197 ->comment_ip ('varchar', 39,true, null)198 ->comment_status ('smallint', 0, true, 0)199 ->comment_spam_status ('varchar', 128, true, 0)200 ->comment_spam_filter ('varchar', 32,true, null)201 ->comment_trackback ('smallint', 0, false, 0)187 ->comment_id ('bigint', 0, false) 188 ->post_id ('bigint', 0, false) 189 ->comment_dt ('timestamp', 0, false, 'now()') 190 ->comment_tz ('varchar', 128, false, "'UTC'") 191 ->comment_upddt ('timestamp', 0, false, 'now()') 192 ->comment_author ('varchar', 255, true, null) 193 ->comment_email ('varchar', 255, true, null) 194 ->comment_site ('varchar', 255, true, null) 195 ->comment_content ('text', 0, true) 196 ->comment_words ('text', 0, true, null) 197 ->comment_ip ('varchar', 39, true, null) 198 ->comment_status ('smallint', 0, true, 0) 199 ->comment_spam_status ('varchar', 128, true, 0) 200 ->comment_spam_filter ('varchar', 32, true, null) 201 ->comment_trackback ('smallint', 0, false, 0) 202 202 203 203 ->primary('pk_comment','comment_id') … … 205 205 206 206 $_s->meta 207 ->meta_id ('varchar',255, false)208 ->meta_type ('varchar', 64,false)209 ->post_id ('bigint', 0,false)207 ->meta_id ('varchar', 255, false) 208 ->meta_type ('varchar', 64, false) 209 ->post_id ('bigint', 0, false) 210 210 211 211 ->primary('pk_meta','meta_id','meta_type','post_id') … … 213 213 214 214 $_s->pref 215 ->pref_id ('varchar',255, false)216 ->user_id ('varchar', 32,true)217 ->pref_ws ('varchar', 32,false, "'system'")218 ->pref_value ('text', 0,true, null)219 ->pref_type ('varchar', 8,false, "'string'")220 ->pref_label ('text', 0,true)215 ->pref_id ('varchar', 255, false) 216 ->user_id ('varchar', 32, true) 217 ->pref_ws ('varchar', 32, false, "'system'") 218 ->pref_value ('text', 0, true, null) 219 ->pref_type ('varchar', 8, false, "'string'") 220 ->pref_label ('text', 0, true) 221 221 222 222 ->unique('uk_pref','pref_ws','pref_id','user_id') … … 228 228 $_s->category->index ('idx_category_cat_lft_blog_id', 'btree', 'blog_id', 'cat_lft'); 229 229 $_s->category->index ('idx_category_cat_rgt_blog_id', 'btree', 'blog_id', 'cat_rgt'); 230 $_s->setting->index ('idx_setting_blog_id', 'btree', 'blog_id');231 $_s->user->index ('idx_user_user_default_blog', 'btree', 'user_default_blog');232 $_s->permissions->index ('idx_permissions_blog_id', 'btree', 'blog_id');233 $_s->post->index ('idx_post_cat_id', 'btree', 'cat_id');234 $_s->post->index ('idx_post_user_id', 'btree', 'user_id');235 $_s->post->index ('idx_post_blog_id', 'btree', 'blog_id');236 $_s->media->index ('idx_media_user_id', 'btree', 'user_id');237 $_s->post_media->index ('idx_post_media_post_id', 'btree', 'post_id');238 $_s->post_media->index ('idx_post_media_media_id', 'btree', 'media_id');239 $_s->log->index ('idx_log_user_id','btree', 'user_id');240 $_s->comment->index ('idx_comment_post_id', 'btree', 'post_id');241 $_s->meta->index ('idx_meta_post_id', 'btree','post_id');242 $_s->meta->index ('idx_meta_meta_type', 'btree','meta_type');243 $_s->pref->index ('idx_pref_user_id', 'btree', 'user_id');230 $_s->setting->index ('idx_setting_blog_id', 'btree', 'blog_id'); 231 $_s->user->index ('idx_user_user_default_blog', 'btree', 'user_default_blog'); 232 $_s->permissions->index ('idx_permissions_blog_id', 'btree', 'blog_id'); 233 $_s->post->index ('idx_post_cat_id', 'btree', 'cat_id'); 234 $_s->post->index ('idx_post_user_id', 'btree', 'user_id'); 235 $_s->post->index ('idx_post_blog_id', 'btree', 'blog_id'); 236 $_s->media->index ('idx_media_user_id', 'btree', 'user_id'); 237 $_s->post_media->index ('idx_post_media_post_id', 'btree', 'post_id'); 238 $_s->post_media->index ('idx_post_media_media_id', 'btree', 'media_id'); 239 $_s->log->index ('idx_log_user_id', 'btree', 'user_id'); 240 $_s->comment->index ('idx_comment_post_id', 'btree', 'post_id'); 241 $_s->meta->index ('idx_meta_post_id', 'btree', 'post_id'); 242 $_s->meta->index ('idx_meta_meta_type', 'btree', 'meta_type'); 243 $_s->pref->index ('idx_pref_user_id', 'btree', 'user_id'); 244 244 245 245 /* Performance indexes 246 246 -------------------------------------------------------- */ 247 247 $_s->comment->index ('idx_comment_post_id_dt_status', 'btree', 'post_id', 'comment_dt', 'comment_status'); 248 $_s->post->index ('idx_post_post_dt', 'btree', 'post_dt');249 $_s->post->index ('idx_post_post_dt_post_id', 'btree', 'post_dt', 'post_id');250 $_s->post->index ('idx_blog_post_post_dt_post_id', 'btree', 'blog_id', 'post_dt','post_id');251 $_s->post->index ('idx_blog_post_post_status', 'btree', 'blog_id', 'post_status');252 $_s->blog->index ('idx_blog_blog_upddt', 'btree', 'blog_upddt');253 $_s->user->index ('idx_user_user_super', 'btree', 'user_super');248 $_s->post->index ('idx_post_post_dt', 'btree', 'post_dt'); 249 $_s->post->index ('idx_post_post_dt_post_id', 'btree', 'post_dt', 'post_id'); 250 $_s->post->index ('idx_blog_post_post_dt_post_id', 'btree', 'blog_id', 'post_dt', 'post_id'); 251 $_s->post->index ('idx_blog_post_post_status', 'btree', 'blog_id', 'post_status'); 252 $_s->blog->index ('idx_blog_blog_upddt', 'btree', 'blog_upddt'); 253 $_s->user->index ('idx_user_user_super', 'btree', 'user_super'); 254 254 255 255 /* Foreign keys -
inc/prepend.php
r3195 r3231 191 191 } 192 192 193 if (!defined('DC_CRYPT_ALGO')) { 194 define('DC_CRYPT_ALGO','sha1'); // As in Dotclear 2.9 and previous 195 } else { 196 // Check length of cryptographic algorithm result and exit if less than 40 characters long 197 if (strlen(crypt::hmac(DC_MASTER_KEY,DC_VENDOR_NAME,DC_CRYPT_ALGO)) < 40) { 198 if (!defined('DC_CONTEXT_ADMIN')) { 199 exit('Site temporarily unavailable'); 200 } else { 201 exit(DC_CRYPT_ALGO.' cryptographic algorithm configured is not strong enough, please change it.'); 202 } 203 } 204 } 205 193 206 l10n::init(); 194 207 -
plugins/antispam/inc/lib.dc.antispam.php
r3036 r3231 143 143 144 144 $user_id = trim(@pack('a32',substr($code,0,32))); 145 $pwd = @unpack('H 40hex',substr($code,32,40));145 $pwd = @unpack('H*hex',substr($code,32)); 146 146 147 147 if ($user_id === false || $pwd === false) {
Note: See TracChangeset
for help on using the changeset viewer.