Commit Graph

97 Commits

Author SHA1 Message Date
Klaus Tachtler
7226cea874
#170 - issue - openssl 3.0 patch (#176)
* Updated README with info on PLA v2

* Fix broken git command in readme - closes #124

* #170 - issue - openssl 3.0 patch

Co-authored-by: Deon George <deon@leenooks.net>
2023-01-20 20:06:44 +11:00
Benjamin Renard
43bac58990 Add support of argon2i & argon2id password hash types
Closes pull-request #158
2022-08-05 10:49:10 +10:00
Patrick Monnerat
9488fe2ed7 Avoid passing a null value to PHP functions where another type is expected.
PHP 8.1 deprecates this feature.

Closes pull-request #149 and closes #150
2022-08-05 10:48:56 +10:00
Patrick Monnerat
f129579f45 Adapt app_error_handler() to PHP 8.
In an '@ error suppression context, PHP 8 error_reporting() no longer
returns 0 but an error mask of errors that cannot be supressed and
passes the effective error number to the error handler (instead of 0).

Adapt the test in a compatible way.
2022-08-05 10:48:56 +10:00
Patrick Monnerat
3a75a32100 Mandatory function arguments must be listed before optional ones.
PHP 8 deprecates the ability to have
	function whatever($arg1, $arg2='something', $arg3)

This commit reorders arguments of functions set_cached_item() and
draw_jpeg_photo() to meet this new requirement.
2022-08-05 10:48:56 +10:00
EtienneBarbier
a8c9abe22b Add option to list available password types - closes #143 2021-12-10 15:56:58 +11:00
Bert Van de Poel
1c7340ce48 Correct incorrent mixing of tabs and spaces.
All code (including code originating from the blowfish PR) now correctly use tabs. Spaces are only used for alignment in comments where necessary.
2021-12-10 15:18:26 +11:00
Bert Van de Poel
24ce5d5833 Replace salt function with a more modern, cryptographically secure pseudo-random method
Set minimum PHP version to 7.0.0 for random_bytes
2021-12-10 15:18:18 +11:00
Bert Van de Poel
fe3798f8ec Modernize sha1 and md5 password hash and check functions: remove unnecessary pack, no longer use very old fallbacks, and use random_salt 2021-12-10 15:18:09 +11:00
Bert Van de Poel
1a09e4ff3c Modernize sha512 hash code: replace openssl_digest with the generic hash function, remove check no longer necessary in minimum version 2021-12-10 15:18:01 +11:00
Bert Van de Poel
bc1691f5d2 Add hash support for ssha512 2021-12-10 15:17:54 +11:00
Bert Van de Poel
54bb4743aa Add hash support for salted and non-salted sha256 and sha384 (therefore adding full support for all hashes in the sha2 openLDAP module) 2021-12-10 15:17:43 +11:00
Gurvinder Dadyala
bdfd68c3b6
Added Bcrypt support (#116)
* Set minimum PHP version to 5.5.0| Bcrypt Support
* Added Bcrypt hash support
* Update Install.md
2020-08-30 21:58:50 +10:00
Armin Leuprecht
fb437b037e
Decode plainpassword before check (#115)
When the user's password contains HTML special chars
the password check would always fail if the
the given plainpassword is not decoded first.
2020-08-30 21:57:40 +10:00
Bennet Bleßmann
34d4f20222
Fixes usage of deprecated array/string access syntax. (#97)
PHP 7.4 Compatibility.
2020-08-30 21:56:25 +10:00
Genaro Contreras Gutierrez
cbdc0dacd6
Auth Form wiht Google reCAPTCHA (#87)
* reCaptcha config

* config reCaptcha

* check reCAPTCHA

* add reCAPTCHA to form login

* config attributes for reCAPTCHA

* Function to verify request with reCAPTCHA

* doc reCaptcha
2020-02-20 09:04:20 +11:00
Genaro Contreras Gutierrez
c87571f6b7
Fix error and set by default to preventXSS 2019-07-31 08:21:14 -07:00
Genaro Contreras Gutierrez
0b10c30c79
other usage of function preventXSS
Other example of usage:
preventXSS(get_request('cmd','REQUEST'))

Additionally, the $ preventXSS parameter of the get_request function can set the default to true and in the specific fields set the parameter to false
2019-07-30 08:49:41 -07:00
Genaro Contreras Gutierrez
c22c98c463
update get_request when an error occurs
Example to use to prevent XSS attack from get_request

get_request('cmd','REQUEST',false,null,true)
2019-07-30 08:44:10 -07:00
Genaro Contreras Gutierrez
25cbb26e1d
update function get_request to preventXSS
The XSS prevent function was created and used
2019-07-30 08:38:14 -07:00
Genaro Contreras Gutierrez
08c21fe7ca
Prevent XSS attack since function get_request
The $preventXSS parameter was added to the get_request function to avoid XSS attacks.
It was not set by default as $preventXSS=true, because it can affect fields such as passwords.

Using "htmlspecialchars" and "addslashes" functions of PHP.
2019-07-30 08:29:17 -07:00
Deon George
3c0ca27477 Remove SF branding 2019-04-21 23:37:10 +10:00
Deon George
e37b498de1 PHP 7.2 compatibility fixes - closes #64 2019-04-19 22:48:22 +10:00
Deon George
c494078550 Closes pull request #22 and fixes #18 - preg_replace_callback changes 2019-04-19 20:08:53 +10:00
Deon George
49ef60f26b
Merge pull request #62 from spagu/patch-1
Fix php7.2 errors for function __autoload and create_function as they were deprecated.
2019-04-18 12:31:49 +10:00
Deon George
aa11e318ec
Merge pull request #60 from NHellFire/php7.1
Use OpenSSL for blowfish when available (fixes #58)
2019-04-18 12:16:08 +10:00
Michael
7569423f11
Update functions.php
Since openLDAP >=2.1.2,ldap_explode_dn turns unprintable chars (in the ASCII sense, UTF8 encoded) into \<hexcode>.
2018-07-17 19:59:11 +08:00
spagu
884cce1475
Update functions.php 2018-04-19 11:10:12 +01:00
NHellFire
53e005c1f4 Use OpenSSL for blowfish when available (fixes #58) 2018-02-11 07:22:36 +00:00
Deon George
708bc5ed83 Merge pull request #37 from mr-GreyWolf/patch-1
Update functions.php
2016-10-30 16:53:05 +08:00
Paweł Tomulik
ee9034f24c add support for SHA-256 and SHA-512 via crypt(3) 2016-10-08 21:24:33 +02:00
mr-GreyWolf
599d55700d Update functions.php 2016-03-30 23:07:02 +04:00
jsdevel
0491916d90 Changing the sourceforge logo to be protocol relative.
* This allows the browser to resolve the URL against the protocol the user used, not what a reverse proxy used.
2015-12-05 23:02:11 -07:00
Mohamad Elrashidin Bin Sajeli
b082cf1742 Changed preg_replace to preg_replace callback 2014-05-08 20:40:57 +08:00
Mohamad Elrashidin Bin Sajeli
e673df3ba8 Changed password_hash to pla_password_hash 2014-05-08 20:22:30 +08:00
Deon George
2f70eb41b3 SF Bug #3510114 - Unable to check passwords when samba hashes are in lowercase 2012-09-05 21:25:50 +10:00
Jean-Philippe Ghibaudo
21959715c3 SF Feature #3509651 - Add support for SHA512 with OpenLDAP 2012-09-01 11:31:38 +10:00
Deon George
4089ffa9fe SF Bug #3392644 - Cannot authenticate if password starts or ends with spaces 2011-10-06 10:40:41 +11:00
Deon George
76e6dad13e SF Bug #3417184 - PHP Code Injection Vulnerability 2011-10-06 09:03:20 +11:00
Deon George
07827304b7 SF Bug #3355732 - Cosmetic issue in functions.php -> get_icon() 2011-07-07 23:12:23 +10:00
Deon George
afa4a95b37 Fix SASL implementation - enabled GSSAPI 2011-06-20 20:34:55 +10:00
Deon George
1121dd01df SF Feature #2879726 - sort the server select list 2011-04-29 14:08:07 +10:00
Dmitry Bakshaev
775e6f40d4 SF Feature #2900545 - blowfish using mcrypt 2011-04-29 13:31:17 +10:00
Deon George
e083f5f8b5 SF Feature #2931999 - Upload file and view for "picture" fields 2011-04-29 13:25:57 +10:00
Deon George
c97d4afe17 SF Feature #3108047 - Add support for smbk5pwd overlay K5KEY "encryption" type 2011-04-29 13:04:44 +10:00
Deon George
b6500224d3 Minor cosmetic updates 2011-04-28 11:53:40 +10:00
Deon George
bf8ac5306e SF Bug #3139097 - Argument for PickList sorting does not work 2011-04-27 23:27:31 +10:00
Deon George
9e9960bc3d SF Bug #3003779 - Unable to check password for NT and LN samba hashed 2011-04-27 21:53:47 +10:00
Deon George
4cf6b17ba3 SF Bug #3141226 - Password change/encrypted upon modification 2011-04-27 17:28:45 +10:00
Deon George
aa8a353c38 SF Bug #2997552 - Unable to verify password using SMD5 scheme 2011-04-26 11:27:32 +10:00