Bert Van de Poel
1a09e4ff3c
Modernize sha512 hash code: replace openssl_digest with the generic hash function, remove check no longer necessary in minimum version
2021-12-10 15:18:01 +11:00
Bert Van de Poel
bc1691f5d2
Add hash support for ssha512
2021-12-10 15:17:54 +11:00
Bert Van de Poel
54bb4743aa
Add hash support for salted and non-salted sha256 and sha384 (therefore adding full support for all hashes in the sha2 openLDAP module)
2021-12-10 15:17:43 +11:00
Gurvinder Dadyala
bdfd68c3b6
Added Bcrypt support ( #116 )
...
* Set minimum PHP version to 5.5.0| Bcrypt Support
* Added Bcrypt hash support
* Update Install.md
2020-08-30 21:58:50 +10:00
Armin Leuprecht
fb437b037e
Decode plainpassword before check ( #115 )
...
When the user's password contains HTML special chars
the password check would always fail if the
the given plainpassword is not decoded first.
2020-08-30 21:57:40 +10:00
Bennet Bleßmann
34d4f20222
Fixes usage of deprecated array/string access syntax. ( #97 )
...
PHP 7.4 Compatibility.
2020-08-30 21:56:25 +10:00
Genaro Contreras Gutierrez
cbdc0dacd6
Auth Form wiht Google reCAPTCHA ( #87 )
...
* reCaptcha config
* config reCaptcha
* check reCAPTCHA
* add reCAPTCHA to form login
* config attributes for reCAPTCHA
* Function to verify request with reCAPTCHA
* doc reCaptcha
2020-02-20 09:04:20 +11:00
Genaro Contreras Gutierrez
c87571f6b7
Fix error and set by default to preventXSS
2019-07-31 08:21:14 -07:00
Genaro Contreras Gutierrez
0b10c30c79
other usage of function preventXSS
...
Other example of usage:
preventXSS(get_request('cmd','REQUEST'))
Additionally, the $ preventXSS parameter of the get_request function can set the default to true and in the specific fields set the parameter to false
2019-07-30 08:49:41 -07:00
Genaro Contreras Gutierrez
c22c98c463
update get_request when an error occurs
...
Example to use to prevent XSS attack from get_request
get_request('cmd','REQUEST',false,null,true)
2019-07-30 08:44:10 -07:00
Genaro Contreras Gutierrez
25cbb26e1d
update function get_request to preventXSS
...
The XSS prevent function was created and used
2019-07-30 08:38:14 -07:00
Genaro Contreras Gutierrez
08c21fe7ca
Prevent XSS attack since function get_request
...
The $preventXSS parameter was added to the get_request function to avoid XSS attacks.
It was not set by default as $preventXSS=true, because it can affect fields such as passwords.
Using "htmlspecialchars" and "addslashes" functions of PHP.
2019-07-30 08:29:17 -07:00
Deon George
3c0ca27477
Remove SF branding
2019-04-21 23:37:10 +10:00
Deon George
e37b498de1
PHP 7.2 compatibility fixes - closes #64
2019-04-19 22:48:22 +10:00
Deon George
c494078550
Closes pull request #22 and fixes #18 - preg_replace_callback changes
2019-04-19 20:08:53 +10:00
Deon George
49ef60f26b
Merge pull request #62 from spagu/patch-1
...
Fix php7.2 errors for function __autoload and create_function as they were deprecated.
2019-04-18 12:31:49 +10:00
Deon George
aa11e318ec
Merge pull request #60 from NHellFire/php7.1
...
Use OpenSSL for blowfish when available (fixes #58 )
2019-04-18 12:16:08 +10:00
Michael
7569423f11
Update functions.php
...
Since openLDAP >=2.1.2,ldap_explode_dn turns unprintable chars (in the ASCII sense, UTF8 encoded) into \<hexcode>.
2018-07-17 19:59:11 +08:00
spagu
884cce1475
Update functions.php
2018-04-19 11:10:12 +01:00
NHellFire
53e005c1f4
Use OpenSSL for blowfish when available ( fixes #58 )
2018-02-11 07:22:36 +00:00
Deon George
708bc5ed83
Merge pull request #37 from mr-GreyWolf/patch-1
...
Update functions.php
2016-10-30 16:53:05 +08:00
Paweł Tomulik
ee9034f24c
add support for SHA-256 and SHA-512 via crypt(3)
2016-10-08 21:24:33 +02:00
mr-GreyWolf
599d55700d
Update functions.php
2016-03-30 23:07:02 +04:00
jsdevel
0491916d90
Changing the sourceforge logo to be protocol relative.
...
* This allows the browser to resolve the URL against the protocol the user used, not what a reverse proxy used.
2015-12-05 23:02:11 -07:00
Mohamad Elrashidin Bin Sajeli
b082cf1742
Changed preg_replace to preg_replace callback
2014-05-08 20:40:57 +08:00
Mohamad Elrashidin Bin Sajeli
e673df3ba8
Changed password_hash to pla_password_hash
2014-05-08 20:22:30 +08:00
Deon George
2f70eb41b3
SF Bug #3510114 - Unable to check passwords when samba hashes are in lowercase
2012-09-05 21:25:50 +10:00
Jean-Philippe Ghibaudo
21959715c3
SF Feature #3509651 - Add support for SHA512 with OpenLDAP
2012-09-01 11:31:38 +10:00
Deon George
4089ffa9fe
SF Bug #3392644 - Cannot authenticate if password starts or ends with spaces
2011-10-06 10:40:41 +11:00
Deon George
76e6dad13e
SF Bug #3417184 - PHP Code Injection Vulnerability
2011-10-06 09:03:20 +11:00
Deon George
07827304b7
SF Bug #3355732 - Cosmetic issue in functions.php -> get_icon()
2011-07-07 23:12:23 +10:00
Deon George
afa4a95b37
Fix SASL implementation - enabled GSSAPI
2011-06-20 20:34:55 +10:00
Deon George
1121dd01df
SF Feature #2879726 - sort the server select list
2011-04-29 14:08:07 +10:00
Dmitry Bakshaev
775e6f40d4
SF Feature #2900545 - blowfish using mcrypt
2011-04-29 13:31:17 +10:00
Deon George
e083f5f8b5
SF Feature #2931999 - Upload file and view for "picture" fields
2011-04-29 13:25:57 +10:00
Deon George
c97d4afe17
SF Feature #3108047 - Add support for smbk5pwd overlay K5KEY "encryption" type
2011-04-29 13:04:44 +10:00
Deon George
b6500224d3
Minor cosmetic updates
2011-04-28 11:53:40 +10:00
Deon George
bf8ac5306e
SF Bug #3139097 - Argument for PickList sorting does not work
2011-04-27 23:27:31 +10:00
Deon George
9e9960bc3d
SF Bug #3003779 - Unable to check password for NT and LN samba hashed
2011-04-27 21:53:47 +10:00
Deon George
4cf6b17ba3
SF Bug #3141226 - Password change/encrypted upon modification
2011-04-27 17:28:45 +10:00
Deon George
aa8a353c38
SF Bug #2997552 - Unable to verify password using SMD5 scheme
2011-04-26 11:27:32 +10:00
Deon George
2cf20fcf44
SF Bug #2981355 - rawurldecode killing complex passwords
2011-04-26 10:10:43 +10:00
Deon George
f9c56bc4ff
SF Bug #2997703 - SourceForge logo should load from HTTPS when using HTTPS
2010-11-16 20:27:37 +11:00
Deon George
6fdab2c308
SF Bug #2958613 - password_checker.php md5crypt explode() function bug
2010-11-16 20:21:38 +11:00
Deon George
c3a286cfee
SF Bug #3033924 - typo in fnctions.php breaking smd5
2010-11-16 20:06:39 +11:00
Deon George
7d17676fd7
Enabled create_base
2010-03-18 13:25:53 +11:00
Deon George
f713afc8d1
HTML Validation work
2010-03-15 09:37:35 +11:00
Deon George
0f782569e9
SF Bug #2969826 - XSS found in cmd.php
2010-03-14 23:57:16 +11:00
Deon George
2393c5d5e3
Trim _REQUEST vars mainly to avoid null terminated strings
2009-12-23 09:03:13 +11:00
Deon George
d4483f961f
SF Bug #2885907 - samba domain sid blank
2009-11-21 11:04:37 +11:00