[SUCS Devel] [Git][sucssite/sucs-site][sucs-site] 8 commits: Delete Using the SUCS Tools.txt

Imran Hussain (@imranh) imranh at sucs.org
Thu Dec 23 12:04:56 GMT 2021



Imran Hussain pushed to branch sucs-site at sucssite / sucs-site


Commits:
153f56fe by Tom Lake at 2019-12-04T10:10:54+00:00
Delete Using the SUCS Tools.txt
- - - - -
cedf7a7e by Tom Lake at 2019-12-04T10:17:50+00:00
Merge branch 'master' into 'beta'

Push to Beta: Delete Using the SUCS Tools.txt

See merge request sucssite/sucs-site!121
- - - - -
c977f70e by Imran Hussain at 2021-12-23T11:46:24+00:00
Use node:current image
- - - - -
9e43fafb by Imran Hussain at 2021-12-23T11:50:55+00:00
Merge branch 'fix-ci' into 'master'

Use node:current image

See merge request sucssite/sucs-site!124
- - - - -
dcc4902a by Imran Hussain at 2021-12-23T11:57:34+00:00
Sha512 passwords

- - - - -
99f489ed by Imran Hussain at 2021-12-23T11:57:35+00:00
Merge branch 'sha512-passwords' into 'master'

Sha512 passwords

See merge request sucssite/sucs-site!123
- - - - -
340ab515 by Imran Hussain at 2021-12-23T11:59:43+00:00
Merge branch 'master' into 'beta'

Master to beta

See merge request sucssite/sucs-site!125
- - - - -
3d7a5da3 by Imran Hussain at 2021-12-23T12:04:52+00:00
Merge branch 'beta' into 'sucs-site'

Beta to live!

See merge request sucssite/sucs-site!126
- - - - -


3 changed files:

- .gitlab-ci.yml
- components/options.php
- lib/member_functions.php


Changes:

=====================================
.gitlab-ci.yml
=====================================
@@ -22,15 +22,8 @@ php-syntax-check:
 
 js-syntax-check:
   stage: test
+  image: node:current
   script:
-   - apt-get clean
-   - apt-get update
-#   - apt-get install -y nodejs
-#   - ln -s /usr/bin/nodejs /usr/bin/node
-   - apt-get install -y curl gnupg
-   - curl -sL https://deb.nodesource.com/setup_8.x | bash -
-   - apt-get install -y nodejs
-   - apt-get install -y npm
    - npm install -g jshint        
    - find htdocs/js/ -name *.js ! -name jquery* | xargs -n 1 jshint --verbose
 
@@ -52,4 +45,4 @@ deploy-live:
    - curl https://sucs.org/pull.php
   only:
    - sucs-site
-  environment: live
\ No newline at end of file
+  environment: live


=====================================
components/options.php
=====================================
@@ -5,6 +5,8 @@ require_once("../lib/validation.php");
 require_once("Net/MAC.php");
 include_once("../lib/date.php");
 
+// password hash, renewal functions
+include_once("../lib/member_functions.php");
 
 // Some Constants
 // These could possibly be moved somewhere saner?
@@ -47,7 +49,7 @@ function changePassword($oldpass, $newpass1, $newpass2)
 
     // if everything looks OK, attempt to make the change
     $success = ldap_mod_replace($ldap, "uid=" . $session->username . ",ou=People,dc=sucs,dc=org",
-        array('userpassword' => "{SHA}" . base64_encode(pack("H*", sha1($newpass1)))));
+        array('userpassword' => "{CRYPT}" . cryptPassword($newpass1)));
 
     ldap_close($ldap);
     return $success;
@@ -214,7 +216,6 @@ function updateRenew()
         return FALSE;
     }
 
-    include_once("../lib/member_functions.php");
     renew_membership($member['username']);
     $sucsDB->Execute("update signup set activated=NOW(), username=? where id=?", array($member['username'], $signup['id']));
     return TRUE;


=====================================
lib/member_functions.php
=====================================
@@ -29,6 +29,19 @@ function make_password($length = 8)
     return $password;
 }
 
+// https://stackoverflow.com/a/44428794
+function cryptPassword($password, $salt = "", $rounds = 5000)
+{
+        if ($salt == "") {
+                // Generate random salt
+                $salt = substr(bin2hex(openssl_random_pseudo_bytes(16)),0,16);
+        }
+        // $6$ specifies SHA512
+        $hash = crypt($password, sprintf('$6$rounds=%d$%s$', $rounds, $salt));
+
+        return $hash;
+}
+
 function generateUid()
 {
 
@@ -63,7 +76,7 @@ function generateLdif($uid, $password, $type, $realname, $username)
     // explode the realname
     $nameexplode = explode(' ', trim($realname));
     // hash the password
-    $ldappassword = "{SHA}" . base64_encode(pack("H*", sha1($password)));
+    $ldappassword = "{CRYPT}" . cryptPassword($password);
     // compile ldif
     $ldif = "dn: uid=" . $username . ",ou=People,dc=sucs,dc=org\n";
     $ldif .= "uid: " . $username . "\n";



View it on GitLab: https://projects.sucs.org/sucssite/sucs-site/-/compare/4dd52a81f21edb67b3bf787697d94e77bbba222b...3d7a5da3b902b0b2434e99064408402a968b6f42

-- 
View it on GitLab: https://projects.sucs.org/sucssite/sucs-site/-/compare/4dd52a81f21edb67b3bf787697d94e77bbba222b...3d7a5da3b902b0b2434e99064408402a968b6f42
You're receiving this email because of your account on projects.sucs.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sucs.org/pipermail/devel/attachments/20211223/73b2d20e/attachment-0001.html>


More information about the Devel mailing list