Home Explore Help
Register Sign In
Omnimaga
/
SMF2.1
mirror of [email protected]:Omnimaga/SMF2.1.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Added tokens to all the hashSomethingPassowrd

Signed-off-by: emanuele <[email protected]>
emanuele 12 years ago
parent
23cdbaf210
commit
452e91c4b8
2 changed files with 6 additions and 6 deletions
Split View Show Diff Stats
  1. 2 2
      Themes/default/Login.template.php
  2. 4 4
      Themes/default/scripts/script.js

+ 2 - 2
Themes/default/Login.template.php
View File 

@@ -91,7 +91,7 @@ function template_kick_guest()
 
 	// This isn't that much... just like normal login but with a message at the top.

 	echo '

 	<script type="text/javascript" src="', $settings['default_theme_url'], '/scripts/sha1.js"></script>

-	<form action="', $scripturl, '?action=login2" method="post" accept-charset="', $context['character_set'], '" name="frmLogin" id="frmLogin"', empty($context['disable_login_hashing']) ? ' onsubmit="hashLoginPassword(this, \'' . $context['session_id'] . '\');"' : '', '>

+	<form action="', $scripturl, '?action=login2" method="post" accept-charset="', $context['character_set'], '" name="frmLogin" id="frmLogin"', empty($context['disable_login_hashing']) ? ' onsubmit="hashLoginPassword(this, \'' . $context['session_id'] . '\', \'' . (!empty($context['login_token']) ? $context['login_token'] : '') . '\');"' : '', '>

 		<div class="tborder login">

 			<div class="cat_bar">

 				<h3 class="catbg">', $txt['warning'], '</h3>

@@ -204,7 +204,7 @@ function template_admin_login()
 
 	echo '

 <script type="text/javascript" src="', $settings['default_theme_url'], '/scripts/sha1.js"></script>

 

-<form action="', $scripturl, $context['get_data'], '" method="post" accept-charset="', $context['character_set'], '" name="frmLogin" id="frmLogin" onsubmit="hash', ucfirst($context['sessionCheckType']), 'Password(this, \'', $context['user']['username'], '\', \'', $context['session_id'], '\');">

+<form action="', $scripturl, $context['get_data'], '" method="post" accept-charset="', $context['character_set'], '" name="frmLogin" id="frmLogin" onsubmit="hash', ucfirst($context['sessionCheckType']), 'Password(this, \'', $context['user']['username'], '\', \'', $context['session_id'], '\', \'' . (!empty($context['login_token']) ? $context['login_token'] : '') . '\');">

 	<div class="tborder login" id="admin_login">

 		<div class="cat_bar">

 			<h3 class="catbg">

+ 4 - 4
Themes/default/scripts/script.js
View File 

@@ -691,7 +691,7 @@ function hashLoginPassword(doForm, cur_session_id, token)
 
 		doForm.passwrd.value = doForm.passwrd.value.replace(/./g, '*');
 
 }
 
 
-function hashAdminPassword(doForm, username, cur_session_id)
 
+function hashAdminPassword(doForm, username, cur_session_id, token)
 
 {
 
 	// Compatibility.
 
 	if (cur_session_id == null)
 
@@ -700,16 +700,16 @@ function hashAdminPassword(doForm, username, cur_session_id)
 
 	if (typeof(hex_sha1) == 'undefined')
 
 		return;
 
 
-	doForm.admin_hash_pass.value = hex_sha1(hex_sha1(username.php_to8bit().php_strtolower() + doForm.admin_pass.value.php_to8bit()) + cur_session_id);
 
+	doForm.admin_hash_pass.value = hex_sha1(hex_sha1(username.php_to8bit().php_strtolower() + doForm.admin_pass.value.php_to8bit()) + cur_session_id + token);
 
 	doForm.admin_pass.value = doForm.admin_pass.value.replace(/./g, '*');
 
 }
 
 
-function hashModeratePassword(doForm, username, cur_session_id)
 
+function hashModeratePassword(doForm, username, cur_session_id, token)
 
 {
 
 	if (typeof(hex_sha1) == 'undefined')
 
 		return;
 
 
-	doForm.moderate_hash_pass.value = hex_sha1(hex_sha1(username.php_to8bit().php_strtolower() + doForm.moderate_pass.value.php_to8bit()) + cur_session_id);
 
+	doForm.moderate_hash_pass.value = hex_sha1(hex_sha1(username.php_to8bit().php_strtolower() + doForm.moderate_pass.value.php_to8bit()) + cur_session_id + token);
 
 	doForm.moderate_pass.value = doForm.moderate_pass.value.replace(/./g, '*');
 
 }