From 2164ff00dd24d381e1d412ae248f486230b2019a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Sat, 4 May 2013 01:14:19 +0000 Subject: [PATCH] Since Wernis API 0.6-BETA SHA256 is the default now --- inc/extensions/ext-wernis.php | 11 +++++++++-- inc/functions.php | 16 ++++++++++++++++ inc/modules/admin/what-config_wernis.php | 2 +- inc/modules/member/what-wernis.php | 2 +- 4 files changed, 27 insertions(+), 4 deletions(-) diff --git a/inc/extensions/ext-wernis.php b/inc/extensions/ext-wernis.php index 82065ebefc..19a01bceeb 100644 --- a/inc/extensions/ext-wernis.php +++ b/inc/extensions/ext-wernis.php @@ -41,10 +41,10 @@ if (!defined('__SECURITY')) { } // END - if // Version of this extension -setThisExtensionVersion('0.0.5'); +setThisExtensionVersion('0.0.6'); // Version history array (add more with , '0.0.1' and so on) -setExtensionVersionHistory(array('0.0.0', '0.0.1', '0.0.2', '0.0.3', '0.0.4', '0.0.5')); +setExtensionVersionHistory(array('0.0.0', '0.0.1', '0.0.2', '0.0.3', '0.0.4', '0.0.5', '0.0.6')); switch (getExtensionMode()) { case 'setup': // Do stuff when installation is running @@ -152,6 +152,13 @@ INDEX (`userid`)", // Update notes setExtensionUpdateNotes("IN/OUT ersetzt mit WITHDRAW/PAYOUT."); break; + + case '0.0.6': // SQL queries for v0.0.6 + addExtensionChangeTableColumnSql('config', 'wernis_pass_md5', 'wernis_pass_md5', " VARCHAR(255) NOT NULL DEFAULT ''"); + + // Update notes + setExtensionUpdateNotes("Es wird seit API-Version 0.6-BETA SHA256 (hexadezimal kodiert) verwendet."); + break; } // END - switch break; diff --git a/inc/functions.php b/inc/functions.php index 9060a90193..ba5c096e12 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -2694,6 +2694,22 @@ function convertCharsetToUtf8 ($str, $charset) { return $str; } +// Hash string with SHA256 and encode it to hex +function hashSha256 ($str) { + /// Hash string + $hash = mhash(MHASH_SHA256, $str); + + // Encode it to hexadecimal + $hex = ''; + for ($i = 0; $i < strlen($hash); $i++) { + // Encode char to decimal, pad it with zero, add it + $hex .= padLeftZero(dechex(ord(substr($hash, $i, 1)))); + } // END - if + + // Return it + return $hex; +} + // ---------------------------------------------------------------------------- // "Translatation" functions for points_data table // ---------------------------------------------------------------------------- diff --git a/inc/modules/admin/what-config_wernis.php b/inc/modules/admin/what-config_wernis.php index 5651735376..74770402dc 100644 --- a/inc/modules/admin/what-config_wernis.php +++ b/inc/modules/admin/what-config_wernis.php @@ -55,7 +55,7 @@ if (isFormSent('save_config')) { } // END - if // Hash the password and remove clear-text - setPostRequestElement('wernis_pass_md5', md5(postRequestElement('wernis_pass'))); + setPostRequestElement('wernis_pass_md5', hashSha256(postRequestElement('wernis_pass'))); unsetPostRequestElement('wernis_pass'); // Save settings diff --git a/inc/modules/member/what-wernis.php b/inc/modules/member/what-wernis.php index 401e858571..eec5f13309 100644 --- a/inc/modules/member/what-wernis.php +++ b/inc/modules/member/what-wernis.php @@ -172,7 +172,7 @@ if ((isFormSent()) && (isGetRequestElementSet('do'))) { displayMessage('{--MEMBER_WERNIS_WITHDRAW_AMOUNT_SMALLER_MIN--}'); } else { // All is fine here so do the withdraw - $success = WERNIS_EXECUTE_WITHDRAW(postRequestElement('wernis_userid'), md5(postRequestElement('wds66_password')), postRequestElement('amount')); + $success = WERNIS_EXECUTE_WITHDRAW(postRequestElement('wernis_userid'), hashSha256(postRequestElement('wds66_password')), postRequestElement('amount')); if ($success === TRUE) { // Add it to this amount initReferralSystem(); -- 2.30.2