85f8c61e80
Fix for Setting of IV length for AEAD mode failed - closes #183
2023-04-02 00:36:15 +11:00
Deon George
ef8d0ce94c
Fix mistake in patch #176 as identified in #170
2023-02-15 17:33:47 +11:00
Eric Lavault
15cc6f5382
Issue #165 Proper check for memory_limit config ( #180 )
...
* fix #165 : Handle shorthand notation for PHP memory_limit check
* fix config default memory threshold.
2023-02-15 17:24:19 +11:00
Klaus Tachtler
7226cea874
#170 - issue - openssl 3.0 patch ( #176 )
...
* Updated README with info on PLA v2
* Fix broken git command in readme - closes #124
* #170 - issue - openssl 3.0 patch
Co-authored-by: Deon George <deon@leenooks.net>
2023-01-20 20:06:44 +11:00
Benjamin Renard
43bac58990
Add support of argon2i & argon2id password hash types
...
Closes pull-request #158
2022-08-05 10:49:10 +10:00
Patrick Monnerat
9488fe2ed7
Avoid passing a null value to PHP functions where another type is expected.
...
PHP 8.1 deprecates this feature.
Closes pull-request #149 and closes #150
2022-08-05 10:48:56 +10:00
Patrick Monnerat
f129579f45
Adapt app_error_handler() to PHP 8.
...
In an '@ error suppression context, PHP 8 error_reporting() no longer
returns 0 but an error mask of errors that cannot be supressed and
passes the effective error number to the error handler (instead of 0).
Adapt the test in a compatible way.
2022-08-05 10:48:56 +10:00
Patrick Monnerat
3a75a32100
Mandatory function arguments must be listed before optional ones.
...
PHP 8 deprecates the ability to have
function whatever($arg1, $arg2='something', $arg3)
This commit reorders arguments of functions set_cached_item() and
draw_jpeg_photo() to meet this new requirement.
2022-08-05 10:48:56 +10:00
EtienneBarbier
a8c9abe22b
Add option to list available password types - closes #143
2021-12-10 15:56:58 +11:00
Bert Van de Poel
1c7340ce48
Correct incorrent mixing of tabs and spaces.
...
All code (including code originating from the blowfish PR) now correctly use tabs. Spaces are only used for alignment in comments where necessary.
2021-12-10 15:18:26 +11:00
Bert Van de Poel
24ce5d5833
Replace salt function with a more modern, cryptographically secure pseudo-random method
...
Set minimum PHP version to 7.0.0 for random_bytes
2021-12-10 15:18:18 +11:00
Bert Van de Poel
fe3798f8ec
Modernize sha1 and md5 password hash and check functions: remove unnecessary pack, no longer use very old fallbacks, and use random_salt
2021-12-10 15:18:09 +11:00
Bert Van de Poel
1a09e4ff3c
Modernize sha512 hash code: replace openssl_digest with the generic hash function, remove check no longer necessary in minimum version
2021-12-10 15:18:01 +11:00
Bert Van de Poel
bc1691f5d2
Add hash support for ssha512
2021-12-10 15:17:54 +11:00
Bert Van de Poel
54bb4743aa
Add hash support for salted and non-salted sha256 and sha384 (therefore adding full support for all hashes in the sha2 openLDAP module)
2021-12-10 15:17:43 +11:00
Gurvinder Dadyala
bdfd68c3b6
Added Bcrypt support ( #116 )
...
* Set minimum PHP version to 5.5.0| Bcrypt Support
* Added Bcrypt hash support
* Update Install.md
2020-08-30 21:58:50 +10:00
Armin Leuprecht
fb437b037e
Decode plainpassword before check ( #115 )
...
When the user's password contains HTML special chars
the password check would always fail if the
the given plainpassword is not decoded first.
2020-08-30 21:57:40 +10:00
Bennet Bleßmann
34d4f20222
Fixes usage of deprecated array/string access syntax. ( #97 )
...
PHP 7.4 Compatibility.
2020-08-30 21:56:25 +10:00
Genaro Contreras Gutierrez
cbdc0dacd6
Auth Form wiht Google reCAPTCHA ( #87 )
...
* reCaptcha config
* config reCaptcha
* check reCAPTCHA
* add reCAPTCHA to form login
* config attributes for reCAPTCHA
* Function to verify request with reCAPTCHA
* doc reCaptcha
2020-02-20 09:04:20 +11:00
Genaro Contreras Gutierrez
c87571f6b7
Fix error and set by default to preventXSS
2019-07-31 08:21:14 -07:00
Genaro Contreras Gutierrez
0b10c30c79
other usage of function preventXSS
...
Other example of usage:
preventXSS(get_request('cmd','REQUEST'))
Additionally, the $ preventXSS parameter of the get_request function can set the default to true and in the specific fields set the parameter to false
2019-07-30 08:49:41 -07:00
Genaro Contreras Gutierrez
c22c98c463
update get_request when an error occurs
...
Example to use to prevent XSS attack from get_request
get_request('cmd','REQUEST',false,null,true)
2019-07-30 08:44:10 -07:00
Genaro Contreras Gutierrez
25cbb26e1d
update function get_request to preventXSS
...
The XSS prevent function was created and used
2019-07-30 08:38:14 -07:00
Genaro Contreras Gutierrez
08c21fe7ca
Prevent XSS attack since function get_request
...
The $preventXSS parameter was added to the get_request function to avoid XSS attacks.
It was not set by default as $preventXSS=true, because it can affect fields such as passwords.
Using "htmlspecialchars" and "addslashes" functions of PHP.
2019-07-30 08:29:17 -07:00
Deon George
3c0ca27477
Remove SF branding
2019-04-21 23:37:10 +10:00
Deon George
e37b498de1
PHP 7.2 compatibility fixes - closes #64
2019-04-19 22:48:22 +10:00
Deon George
c494078550
Closes pull request #22 and fixes #18 - preg_replace_callback changes
2019-04-19 20:08:53 +10:00
Deon George
49ef60f26b
Merge pull request #62 from spagu/patch-1
...
Fix php7.2 errors for function __autoload and create_function as they were deprecated.
2019-04-18 12:31:49 +10:00
Deon George
aa11e318ec
Merge pull request #60 from NHellFire/php7.1
...
Use OpenSSL for blowfish when available (fixes #58 )
2019-04-18 12:16:08 +10:00
Michael
7569423f11
Update functions.php
...
Since openLDAP >=2.1.2,ldap_explode_dn turns unprintable chars (in the ASCII sense, UTF8 encoded) into \<hexcode>.
2018-07-17 19:59:11 +08:00
spagu
884cce1475
Update functions.php
2018-04-19 11:10:12 +01:00
NHellFire
53e005c1f4
Use OpenSSL for blowfish when available ( fixes #58 )
2018-02-11 07:22:36 +00:00
Deon George
708bc5ed83
Merge pull request #37 from mr-GreyWolf/patch-1
...
Update functions.php
2016-10-30 16:53:05 +08:00
Paweł Tomulik
ee9034f24c
add support for SHA-256 and SHA-512 via crypt(3)
2016-10-08 21:24:33 +02:00
mr-GreyWolf
599d55700d
Update functions.php
2016-03-30 23:07:02 +04:00
jsdevel
0491916d90
Changing the sourceforge logo to be protocol relative.
...
* This allows the browser to resolve the URL against the protocol the user used, not what a reverse proxy used.
2015-12-05 23:02:11 -07:00
Mohamad Elrashidin Bin Sajeli
b082cf1742
Changed preg_replace to preg_replace callback
2014-05-08 20:40:57 +08:00
Mohamad Elrashidin Bin Sajeli
e673df3ba8
Changed password_hash to pla_password_hash
2014-05-08 20:22:30 +08:00
Deon George
2f70eb41b3
SF Bug #3510114 - Unable to check passwords when samba hashes are in lowercase
2012-09-05 21:25:50 +10:00
Jean-Philippe Ghibaudo
21959715c3
SF Feature #3509651 - Add support for SHA512 with OpenLDAP
2012-09-01 11:31:38 +10:00
Deon George
4089ffa9fe
SF Bug #3392644 - Cannot authenticate if password starts or ends with spaces
2011-10-06 10:40:41 +11:00
Deon George
76e6dad13e
SF Bug #3417184 - PHP Code Injection Vulnerability
2011-10-06 09:03:20 +11:00
Deon George
07827304b7
SF Bug #3355732 - Cosmetic issue in functions.php -> get_icon()
2011-07-07 23:12:23 +10:00
Deon George
afa4a95b37
Fix SASL implementation - enabled GSSAPI
2011-06-20 20:34:55 +10:00
Deon George
1121dd01df
SF Feature #2879726 - sort the server select list
2011-04-29 14:08:07 +10:00
Dmitry Bakshaev
775e6f40d4
SF Feature #2900545 - blowfish using mcrypt
2011-04-29 13:31:17 +10:00
Deon George
e083f5f8b5
SF Feature #2931999 - Upload file and view for "picture" fields
2011-04-29 13:25:57 +10:00
Deon George
c97d4afe17
SF Feature #3108047 - Add support for smbk5pwd overlay K5KEY "encryption" type
2011-04-29 13:04:44 +10:00
Deon George
b6500224d3
Minor cosmetic updates
2011-04-28 11:53:40 +10:00
Deon George
bf8ac5306e
SF Bug #3139097 - Argument for PickList sorting does not work
2011-04-27 23:27:31 +10:00