die;
}
yourls_do_action('auth_successful');
/*
* The following code is a shim that helps users store passwords securely in config.php
* by storing a password hash and removing the plaintext.
*
* TODO: Remove this once real user management is implemented
*/
// Did we just fail at encrypting passwords ?
if (isset($_GET['dismiss']) && $_GET['dismiss'] == 'hasherror') {
yourls_update_option('defer_hashing_error', time() + 86400 * 7);
// now + 1 week
} else {
// Encrypt passwords that are clear text
if (!defined('YOURLS_NO_HASH_PASSWORD') && yourls_has_cleartext_passwords()) {
$hash = yourls_hash_passwords_now(YOURLS_CONFIGFILE);
if ($hash === true) {
// Hashing succesful. Remove flag from DB if any.
if (yourls_get_option('defer_hashing_error')) {
yourls_delete_option('defer_hashing_error');
}
} else {
// It failed, display message for first time or if last time was a week ago
if (time() > yourls_get_option('defer_hashing_error') or !yourls_get_option('defer_hashing_error')) {
$message = yourls_s('Could not auto-encrypt passwords. Error was: "%s".', $hash);
$message .= ' ';
$message .= yourls_s('<a href="%s">Get help</a>.', 'http://yourls.org/userpassword');
$message .= '</p><p>';
$message .= yourls_s('<a href="%s">Click here</a> to dismiss this message for one week.', '?dismiss=hasherror');
yourls_add_notice($message);
/**
* Verify YOURLS >= 1.7, passwords are hashed, and config file is writable
*
* @return bool
*/
function vva_change_password_verify_capabilities()
{
$error = FALSE;
if (version_compare(YOURLS_VERSION, '1.7', 'lt')) {
$error .= 'Error: This plugin requires YOURLS version 1.7 or greater<br />';
}
if (yourls_has_cleartext_passwords()) {
$error .= 'Error: This plugin requires stored passwords to be hashed<br />';
}
if (!is_readable(YOURLS_CONFIGFILE)) {
$error .= 'Error: Cannot read config file<br />';
}
if (!is_writable(YOURLS_CONFIGFILE)) {
$error .= 'Error: Cannot write config file<br />';
}
if ($error) {
echo '<p class="error">' . $error . '</p>';
return FALSE;
} else {
return TRUE;
}
}
