Fix password md5 show

igorkov · Post by **igorkov** » Tue Oct 28, 2014 3:31 pm

Sample:
http://wondercms.com/labs/06beta/password

This is not good, because md5 not strong algorithm, and can be brutеforce.

For fix it (and other system pages):

Code: Select all

$denypages = array("copyright", "description", "keywords", "menu", "password", "subside", "themeSelect", "title");

And before content load in "case 'page'":

Code: Select all

if(!is_loggedin() and in_array($c[$key], $denypages)){
	header('HTTP/1.1 404 Not Found');
	$c['content'] = $d['new_page']['visitor'];
}
else
{
	$c['content'] = @file_get_contents("files/".$c[$key]);
	... etc ...
}

igorkov · Post by **igorkov** » Thu Dec 11, 2014 7:39 pm

And next link:

Code: Select all

http://wondercms.com/labs/06beta/js/editInplace.php?hook=../files/password

Also must be fixed.

igorkov · Post by **igorkov** » Thu Jan 22, 2015 12:08 pm

For fix hook problem in file editInplace.php, change:

Code: Select all

<?php if(isset($_REQUEST['hook']))include($_REQUEST['hook']); ?>

to:

Code: Select all

<?php session_start();if(is_loggedin() and isset($_REQUEST['hook'])){include($_REQUEST['hook']);}else{echo"ERROR";} 
function is_loggedin(){if(isset($_SESSION['l'])) return true; return false;} ?>

WonderCMS community

Fix password md5 show

Fix password md5 show

Re: Fix password md5 show

Re: Fix password md5 show