diff options
| author | Horus3 | 2014-03-12 02:50:30 +0100 |
|---|---|---|
| committer | Horus3 | 2014-03-12 02:50:30 +0100 |
| commit | 8970954933ecf4b5c842027faa7c52f85cc25fe2 (patch) | |
| tree | e502119b624197871550d72d55c2e9a9f2a4f05b /www/setup.php | |
| parent | 0148c370ea13ee0469bd67260cf8c9fe9c97677d (diff) | |
| download | files.iamfabulous.de-8970954933ecf4b5c842027faa7c52f85cc25fe2.tar.gz | |
Structure in functions. Stronger hash algorith for password safety, also pepper.
Diffstat (limited to 'www/setup.php')
| -rw-r--r-- | www/setup.php | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/www/setup.php b/www/setup.php index 01867eb..1effda5 100644 --- a/www/setup.php +++ b/www/setup.php @@ -1,6 +1,9 @@ <? -/*Sets up the database with the necessary tables. Add ?drop to drop _everything_*/ +/* + Sets up the database with the necessary tables. Add ?drop to drop _everything_! + Don't forget to create a individual pepper in ../database/pepper.txt first! +*/ $db = new SQLite3("../database/sqlite.db"); @@ -26,25 +29,24 @@ if($bool){ } else { $cleartext_password="password"; $email="admin@iamfabulous.de"; - $salt = uniqid(mt_rand(), true); - $password = "$salt"."$cleartext_password"; - $hash_password = md5($password); - for($i=0;$i<15000;$i++) - $hash_password = md5($hash_password); - + $pepper = file_get_contents("../database/pepper.txt"); + $password = $cleartext_password . $pepper; + + $hash_password = password_hash($password, PASSWORD_DEFAULT); if($db->exec(" BEGIN TRANSACTION; - CREATE TABLE IF NOT EXISTS user (id INTEGER PRIMARY KEY, name TEXT UIQUE, salt TEXT, password TEXT, email TEXT UNIQUE, invites INTEGER, senpai INTEGER, key TEXT, status INTEGER, register TEXT); - INSERT INTO user (id, name, senpai, key, status, invites, salt, password, email, register) VALUES (NULL, 'admin', 0, '11111', 1, 5, '$salt', '$hash_password', '$email', (SELECT datetime()) ); + CREATE TABLE IF NOT EXISTS user (id INTEGER PRIMARY KEY, name TEXT UIQUE, password TEXT, email TEXT UNIQUE, invites INTEGER, senpai INTEGER, key TEXT, status INTEGER, register TEXT); + INSERT INTO user (id, name, senpai, key, status, invites, password, email, register) VALUES (NULL, 'admin', 0, '11111', 1, 5, '" . $hash_password . "', '" . $email . "', (SELECT datetime()) ); CREATE TABLE IF NOT EXISTS files (id INTEGER PRIMARY KEY, parent INTEGER, owner INTEGER, name TEXT, folder TEXT, mime TEXT, size INTEGER, share TEXT, hash TEXT, FOREIGN KEY(owner) REFERENCES user(id)); + INSERT INTO files (id, parent, owner, name, folder, size, share, hash) VALUES (NULL, 0, 1, '/', 'DIRECTORY', 0, 'HIDDEN', ''); CREATE TABLE IF NOT EXISTS log (id INTEGER PRIMARY KEY, user INTEGER, login TEXT, FOREIGN KEY(user) REFERENCES user(id)); COMMIT;") ) { echo "Success!"; } else { echo "Failure! :( <br>"; - echo "Salt: $salt, password: $hash_password"; + echo "Your password: $hash_password"; } } // INSERT INT0 user (id, name, salt, password, status, invites, email, senpai, key) VALUES (NULL, 'admin', '$salt', '$hash_password', 1, 5, 'admin@iamfabulous.de', 0, '11111'); |