die; } yourls_do_action('auth_successful'); /* * The following code is a shim that helps users store passwords securely in config.php * by storing a password hash and removing the plaintext. * * TODO: Remove this once real user management is implemented */ // Did we just fail at encrypting passwords ? if (isset($_GET['dismiss']) && $_GET['dismiss'] == 'hasherror') { yourls_update_option('defer_hashing_error', time() + 86400 * 7); // now + 1 week } else { // Encrypt passwords that are clear text if (!defined('YOURLS_NO_HASH_PASSWORD') && yourls_has_cleartext_passwords()) { $hash = yourls_hash_passwords_now(YOURLS_CONFIGFILE); if ($hash === true) { // Hashing succesful. Remove flag from DB if any. if (yourls_get_option('defer_hashing_error')) { yourls_delete_option('defer_hashing_error'); } } else { // It failed, display message for first time or if last time was a week ago if (time() > yourls_get_option('defer_hashing_error') or !yourls_get_option('defer_hashing_error')) { $message = yourls_s('Could not auto-encrypt passwords. Error was: "%s".', $hash); $message .= ' '; $message .= yourls_s('<a href="%s">Get help</a>.', 'http://yourls.org/userpassword'); $message .= '</p><p>'; $message .= yourls_s('<a href="%s">Click here</a> to dismiss this message for one week.', '?dismiss=hasherror'); yourls_add_notice($message);
/** * Verify YOURLS >= 1.7, passwords are hashed, and config file is writable * * @return bool */ function vva_change_password_verify_capabilities() { $error = FALSE; if (version_compare(YOURLS_VERSION, '1.7', 'lt')) { $error .= 'Error: This plugin requires YOURLS version 1.7 or greater<br />'; } if (yourls_has_cleartext_passwords()) { $error .= 'Error: This plugin requires stored passwords to be hashed<br />'; } if (!is_readable(YOURLS_CONFIGFILE)) { $error .= 'Error: Cannot read config file<br />'; } if (!is_writable(YOURLS_CONFIGFILE)) { $error .= 'Error: Cannot write config file<br />'; } if ($error) { echo '<p class="error">' . $error . '</p>'; return FALSE; } else { return TRUE; } }