require(JIRAFEAU_ROOT.'lib/template/footer.php');
exit;
} else {
- if (hash_equals($link['key'], md5($_POST['key']))) {
+ if (strpos($link['key'], '[SHA256]') == 0 && hash_equals(substr($link['key'], 8), hash('sha256', $_POST['key']))) {
+ $password_challenged = true;
+ } elseif (hash_equals($link['key'], md5($_POST['key']))) {
$password_challenged = true;
} else {
sleep(2);
/* hash password or empty. */
$password = '';
if (!empty($key)) {
- $password = md5($key);
+ $password = '[SHA256]' . hash('sha256', $key);
}
/* create link file */
$w_path = $p . $ref . '_data';
touch($w_path);
- /* md5 password or empty */
+ /* sha256 password or empty */
$password = '';
if (!empty($key)) {
- $password = md5($key);
+ $password = '[SHA256]' . hash('sha256', $key);
}
/* Store information. */
function jirafeau_admin_session_start()
{
$_SESSION['admin_auth'] = true;
- $_SESSION['admin_csrf'] = md5(uniqid(mt_rand(), true));
+ $_SESSION['admin_csrf'] = hash('sha256', uniqid(mt_rand(), true));
}
function jirafeau_session_end()
echo 'Error 9';
exit;
}
- if (strlen($link['key']) > 0 && md5($key) != $link['key']) {
+ if (strlen($link['key']) > 0 && hash('sha256', $key) != $link['key']) {
sleep(2);
echo 'Error 10';
exit;