admin/quick-n-dirty
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hash poster passwords

Browse Source
This commit is contained in:
fowr
2024-06-20 10:11:47 -03:00
parent 021e20f373
commit fff9b88c6d
6 changed files with 38 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
post.php
View File

@@ -364,10 +364,11 @@ if (isset($_POST['delete'])) {
if (!isset($_POST['board'], $_POST['password']))
error($config['error']['bot']);
$password = &$_POST['password'];
if ($password == '')
if (empty($_POST['password'])){
error($config['error']['invalidpassword']);
}
$password = hashPassword($_POST['password']);
$delete = array();
foreach ($_POST as $post => $value) {
@@ -415,10 +416,11 @@ if (isset($_POST['delete'])) {
error(sprintf($config['error']['delete_too_late'], until($post['time'] + $config['max_delete_time'])));
}
if ($password != '' && $post['password'] != $password && (!$thread || $thread['password'] != $password))
if (!hash_equals($post['password'], $password) && (!$thread || !hash_equals($thread['password'], $password))) {
error($config['error']['invalidpassword']);
}
if ($post['time'] > time() - $config['delete_time'] && (!$thread || $thread['password'] != $password)) {
if ($post['time'] > time() - $config['delete_time'] && (!$thread || !hash_equals($thread['password'], $password))) {
error(sprintf($config['error']['delete_too_soon'], until($post['time'] + $config['delete_time'])));
}
@@ -767,7 +769,7 @@ if (isset($_POST['delete'])) {
$post['subject'] = $_POST['subject'];
$post['email'] = str_replace(' ', '%20', htmlspecialchars($_POST['email']));
$post['body'] = $_POST['body'];
$post['password'] = $_POST['password'];
$post['password'] = hashPassword($_POST['password']);
$post['has_file'] = (!isset($post['embed']) && (($post['op'] && !isset($post['no_longer_require_an_image_for_op']) && $config['force_image_op']) || count($_FILES) > 0));
if (!$dropped_post) {
@@ -920,8 +922,6 @@ if (isset($_POST['delete'])) {
error($config['error']['toolong_body']);
if (!$mod && substr_count($post['body'], "\n") >= $config['maximum_lines'])
error($config['error']['toomanylines']);
if (mb_strlen($post['password']) > 20)
error(sprintf($config['error']['toolong'], 'password'));
}
wordfilters($post['body']);