From: Patrick Canterino Date: Fri, 29 May 2026 13:35:41 +0000 (+0200) Subject: Prefixed SHA256 password hashes X-Git-Tag: 4.7.2~10^2~2 X-Git-Url: https://git.p6c8.net/jirafeau/jirafeau.git/commitdiff_plain/84021524193bc4ac717bc06f901c5cd80fc5f0c8?ds=inline Prefixed SHA256 password hashes This way we can identify them and still compare to legacy MD5 hashes --- diff --git a/f.php b/f.php index f0a3d12..25f6be3 100644 --- a/f.php +++ b/f.php @@ -171,7 +171,10 @@ if (!empty($link['key'])) { require(JIRAFEAU_ROOT.'lib/template/footer.php'); exit; } else { - if (hash_equals($link['key'], hash('sha256', $_POST['key']))) { + if (strpos($link['key'], '[SHA256]') == 0 && hash_equals(substr($link['key'], 8), hash('sha256', $_POST['key']))) { + $password_challenged = true; + } + elseif (hash_equals($link['key'], md5($_POST['key']))) { $password_challenged = true; } else { sleep(2); diff --git a/lib/functions.php b/lib/functions.php index bb0d251..9ea7351 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -544,7 +544,7 @@ function jirafeau_add_file($file, $one_time_download, $key, $time, $ip, $crypt, /* hash password or empty. */ $password = ''; if (!empty($key)) { - $password = hash('sha256', $key); + $password = '[SHA256]'.hash('sha256', $key); } /* create link file */ @@ -1091,7 +1091,7 @@ function jirafeau_async_init($filename, $type, $one_time, $key, $time, $ip) /* sha256 password or empty */ $password = ''; if (!empty($key)) { - $password = hash('sha256', $key); + $password = '[SHA256]'.hash('sha256', $key); } /* Store information. */