Merge pull request #4640 from MrPetovan/task/4604-add-password-exposed-check
Add password exposed check
This commit is contained in:
commit
046046e0c4
|
@ -15,6 +15,8 @@
|
||||||
"require": {
|
"require": {
|
||||||
"php": ">5.6",
|
"php": ">5.6",
|
||||||
"ext-xml": "*",
|
"ext-xml": "*",
|
||||||
|
"asika/simple-console": "^1.0",
|
||||||
|
"divineomega/password_exposed": "^2.4",
|
||||||
"ezyang/htmlpurifier": "~4.7.0",
|
"ezyang/htmlpurifier": "~4.7.0",
|
||||||
"league/html-to-markdown": "~4.4.1",
|
"league/html-to-markdown": "~4.4.1",
|
||||||
"lightopenid/lightopenid": "dev-master",
|
"lightopenid/lightopenid": "dev-master",
|
||||||
|
@ -24,7 +26,6 @@
|
||||||
"pear/Text_LanguageDetect": "1.*",
|
"pear/Text_LanguageDetect": "1.*",
|
||||||
"pear/Text_Highlighter": "dev-master",
|
"pear/Text_Highlighter": "dev-master",
|
||||||
"smarty/smarty": "^3.1",
|
"smarty/smarty": "^3.1",
|
||||||
"asika/simple-console": "^1.0",
|
|
||||||
"fxp/composer-asset-plugin": "~1.3",
|
"fxp/composer-asset-plugin": "~1.3",
|
||||||
"bower-asset/base64": "^1.0",
|
"bower-asset/base64": "^1.0",
|
||||||
"bower-asset/Chart-js": "^2.7",
|
"bower-asset/Chart-js": "^2.7",
|
||||||
|
|
619
composer.lock
generated
619
composer.lock
generated
|
@ -4,7 +4,7 @@
|
||||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
|
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
|
||||||
"This file is @generated automatically"
|
"This file is @generated automatically"
|
||||||
],
|
],
|
||||||
"content-hash": "6a87e56bade65fa14f5f74e74109b66f",
|
"content-hash": "7d90cfe4354cd5ca36b74a3ecc471eeb",
|
||||||
"packages": [
|
"packages": [
|
||||||
{
|
{
|
||||||
"name": "asika/simple-console",
|
"name": "asika/simple-console",
|
||||||
|
@ -133,6 +133,54 @@
|
||||||
"description": "Minimalistic but perfect custom scrollbar plugin",
|
"description": "Minimalistic but perfect custom scrollbar plugin",
|
||||||
"time": "2017-01-10T01:04:09+00:00"
|
"time": "2017-01-10T01:04:09+00:00"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "divineomega/password_exposed",
|
||||||
|
"version": "v2.4.0",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/DivineOmega/password_exposed.git",
|
||||||
|
"reference": "7e26898a280662529b3e5e472b16fcbda167ffce"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/DivineOmega/password_exposed/zipball/7e26898a280662529b3e5e472b16fcbda167ffce",
|
||||||
|
"reference": "7e26898a280662529b3e5e472b16fcbda167ffce",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"guzzlehttp/guzzle": "^6.3",
|
||||||
|
"paragonie/certainty": "^1",
|
||||||
|
"php": ">=5.6",
|
||||||
|
"rapidwebltd/rw-file-cache-psr-6": "^1.0"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"fzaninotto/faker": "^1.7",
|
||||||
|
"phpunit/phpunit": "^5.7",
|
||||||
|
"satooshi/php-coveralls": "^2.0",
|
||||||
|
"vimeo/psalm": "^1"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"DivineOmega\\PasswordExposed\\": "src/"
|
||||||
|
},
|
||||||
|
"files": [
|
||||||
|
"src/PasswordExposedFunction.php"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"LGPL-3.0-only"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Jordan Hall",
|
||||||
|
"email": "jordan@hall05.co.uk"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "This PHP package provides a `password_exposed` helper function, that uses the haveibeenpwned.com API to check if a password has been exposed in a data breach.",
|
||||||
|
"time": "2018-03-14T09:17:40+00:00"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "ezyang/htmlpurifier",
|
"name": "ezyang/htmlpurifier",
|
||||||
"version": "v4.7.0",
|
"version": "v4.7.0",
|
||||||
|
@ -236,6 +284,187 @@
|
||||||
],
|
],
|
||||||
"time": "2017-10-20T06:53:56+00:00"
|
"time": "2017-10-20T06:53:56+00:00"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "guzzlehttp/guzzle",
|
||||||
|
"version": "6.3.0",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/guzzle/guzzle.git",
|
||||||
|
"reference": "f4db5a78a5ea468d4831de7f0bf9d9415e348699"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/guzzle/guzzle/zipball/f4db5a78a5ea468d4831de7f0bf9d9415e348699",
|
||||||
|
"reference": "f4db5a78a5ea468d4831de7f0bf9d9415e348699",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"guzzlehttp/promises": "^1.0",
|
||||||
|
"guzzlehttp/psr7": "^1.4",
|
||||||
|
"php": ">=5.5"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"ext-curl": "*",
|
||||||
|
"phpunit/phpunit": "^4.0 || ^5.0",
|
||||||
|
"psr/log": "^1.0"
|
||||||
|
},
|
||||||
|
"suggest": {
|
||||||
|
"psr/log": "Required for using the Log middleware"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"extra": {
|
||||||
|
"branch-alias": {
|
||||||
|
"dev-master": "6.2-dev"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"autoload": {
|
||||||
|
"files": [
|
||||||
|
"src/functions_include.php"
|
||||||
|
],
|
||||||
|
"psr-4": {
|
||||||
|
"GuzzleHttp\\": "src/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Michael Dowling",
|
||||||
|
"email": "mtdowling@gmail.com",
|
||||||
|
"homepage": "https://github.com/mtdowling"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "Guzzle is a PHP HTTP client library",
|
||||||
|
"homepage": "http://guzzlephp.org/",
|
||||||
|
"keywords": [
|
||||||
|
"client",
|
||||||
|
"curl",
|
||||||
|
"framework",
|
||||||
|
"http",
|
||||||
|
"http client",
|
||||||
|
"rest",
|
||||||
|
"web service"
|
||||||
|
],
|
||||||
|
"time": "2017-06-22T18:50:49+00:00"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "guzzlehttp/promises",
|
||||||
|
"version": "v1.3.1",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/guzzle/promises.git",
|
||||||
|
"reference": "a59da6cf61d80060647ff4d3eb2c03a2bc694646"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/guzzle/promises/zipball/a59da6cf61d80060647ff4d3eb2c03a2bc694646",
|
||||||
|
"reference": "a59da6cf61d80060647ff4d3eb2c03a2bc694646",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"php": ">=5.5.0"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"phpunit/phpunit": "^4.0"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"extra": {
|
||||||
|
"branch-alias": {
|
||||||
|
"dev-master": "1.4-dev"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"GuzzleHttp\\Promise\\": "src/"
|
||||||
|
},
|
||||||
|
"files": [
|
||||||
|
"src/functions_include.php"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Michael Dowling",
|
||||||
|
"email": "mtdowling@gmail.com",
|
||||||
|
"homepage": "https://github.com/mtdowling"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "Guzzle promises library",
|
||||||
|
"keywords": [
|
||||||
|
"promise"
|
||||||
|
],
|
||||||
|
"time": "2016-12-20T10:07:11+00:00"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "guzzlehttp/psr7",
|
||||||
|
"version": "1.4.2",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/guzzle/psr7.git",
|
||||||
|
"reference": "f5b8a8512e2b58b0071a7280e39f14f72e05d87c"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/guzzle/psr7/zipball/f5b8a8512e2b58b0071a7280e39f14f72e05d87c",
|
||||||
|
"reference": "f5b8a8512e2b58b0071a7280e39f14f72e05d87c",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"php": ">=5.4.0",
|
||||||
|
"psr/http-message": "~1.0"
|
||||||
|
},
|
||||||
|
"provide": {
|
||||||
|
"psr/http-message-implementation": "1.0"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"phpunit/phpunit": "~4.0"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"extra": {
|
||||||
|
"branch-alias": {
|
||||||
|
"dev-master": "1.4-dev"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"GuzzleHttp\\Psr7\\": "src/"
|
||||||
|
},
|
||||||
|
"files": [
|
||||||
|
"src/functions_include.php"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Michael Dowling",
|
||||||
|
"email": "mtdowling@gmail.com",
|
||||||
|
"homepage": "https://github.com/mtdowling"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "Tobias Schultze",
|
||||||
|
"homepage": "https://github.com/Tobion"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "PSR-7 message implementation that also provides common utility methods",
|
||||||
|
"keywords": [
|
||||||
|
"http",
|
||||||
|
"message",
|
||||||
|
"request",
|
||||||
|
"response",
|
||||||
|
"stream",
|
||||||
|
"uri",
|
||||||
|
"url"
|
||||||
|
],
|
||||||
|
"time": "2017-03-20T17:10:46+00:00"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "league/html-to-markdown",
|
"name": "league/html-to-markdown",
|
||||||
"version": "4.4.1",
|
"version": "4.4.1",
|
||||||
|
@ -970,6 +1199,128 @@
|
||||||
"homepage": "https://github.com/kartik-v/php-date-formatter",
|
"homepage": "https://github.com/kartik-v/php-date-formatter",
|
||||||
"time": "2016-02-18T15:15:55+00:00"
|
"time": "2016-02-18T15:15:55+00:00"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "paragonie/certainty",
|
||||||
|
"version": "v1.0.2",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/paragonie/certainty.git",
|
||||||
|
"reference": "a2d14f5b0b85c58329dee248d77d34e7e1202a32"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/paragonie/certainty/zipball/a2d14f5b0b85c58329dee248d77d34e7e1202a32",
|
||||||
|
"reference": "a2d14f5b0b85c58329dee248d77d34e7e1202a32",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"guzzlehttp/guzzle": "^6",
|
||||||
|
"paragonie/constant_time_encoding": "^1|^2",
|
||||||
|
"paragonie/sodium_compat": "^1.6",
|
||||||
|
"php": "^5.6|^7"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"phpunit/phpunit": "^5|^6",
|
||||||
|
"vimeo/psalm": "^1"
|
||||||
|
},
|
||||||
|
"bin": [
|
||||||
|
"bin/certainty-cert-symlink"
|
||||||
|
],
|
||||||
|
"type": "library",
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"ParagonIE\\Certainty\\": "src/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"ISC"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Paragon Initiative Enterprises",
|
||||||
|
"email": "security@paragonie.com",
|
||||||
|
"homepage": "https://paragonie.com"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "Up-to-date, verifiable repository for Certificate Authorities",
|
||||||
|
"keywords": [
|
||||||
|
"CA-Cert",
|
||||||
|
"Ed25519",
|
||||||
|
"Public-Key Infractructure",
|
||||||
|
"ca",
|
||||||
|
"ca-cert.pem",
|
||||||
|
"cacert",
|
||||||
|
"cacert.pem",
|
||||||
|
"certificate authority",
|
||||||
|
"pki",
|
||||||
|
"ssl",
|
||||||
|
"tls"
|
||||||
|
],
|
||||||
|
"time": "2018-03-12T18:34:23+00:00"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "paragonie/constant_time_encoding",
|
||||||
|
"version": "v2.2.2",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/paragonie/constant_time_encoding.git",
|
||||||
|
"reference": "eccf915f45f911bfb189d1d1638d940ec6ee6e33"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/eccf915f45f911bfb189d1d1638d940ec6ee6e33",
|
||||||
|
"reference": "eccf915f45f911bfb189d1d1638d940ec6ee6e33",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"php": "^7"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"phpunit/phpunit": "^6|^7",
|
||||||
|
"vimeo/psalm": "^1"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"ParagonIE\\ConstantTime\\": "src/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Paragon Initiative Enterprises",
|
||||||
|
"email": "security@paragonie.com",
|
||||||
|
"homepage": "https://paragonie.com",
|
||||||
|
"role": "Maintainer"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "Steve 'Sc00bz' Thomas",
|
||||||
|
"email": "steve@tobtu.com",
|
||||||
|
"homepage": "https://www.tobtu.com",
|
||||||
|
"role": "Original Developer"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "Constant-time Implementations of RFC 4648 Encoding (Base-64, Base-32, Base-16)",
|
||||||
|
"keywords": [
|
||||||
|
"base16",
|
||||||
|
"base32",
|
||||||
|
"base32_decode",
|
||||||
|
"base32_encode",
|
||||||
|
"base64",
|
||||||
|
"base64_decode",
|
||||||
|
"base64_encode",
|
||||||
|
"bin2hex",
|
||||||
|
"encoding",
|
||||||
|
"hex",
|
||||||
|
"hex2bin",
|
||||||
|
"rfc4648"
|
||||||
|
],
|
||||||
|
"time": "2018-03-10T19:47:49+00:00"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "paragonie/random_compat",
|
"name": "paragonie/random_compat",
|
||||||
"version": "v2.0.11",
|
"version": "v2.0.11",
|
||||||
|
@ -1018,6 +1369,88 @@
|
||||||
],
|
],
|
||||||
"time": "2017-09-27T21:40:39+00:00"
|
"time": "2017-09-27T21:40:39+00:00"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "paragonie/sodium_compat",
|
||||||
|
"version": "v1.6.0",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/paragonie/sodium_compat.git",
|
||||||
|
"reference": "1f6e5682eff4a5a6a394b14331a1904f1740e432"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/paragonie/sodium_compat/zipball/1f6e5682eff4a5a6a394b14331a1904f1740e432",
|
||||||
|
"reference": "1f6e5682eff4a5a6a394b14331a1904f1740e432",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"paragonie/random_compat": "^1|^2",
|
||||||
|
"php": "^5.2.4|^5.3|^5.4|^5.5|^5.6|^7"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"phpunit/phpunit": "^3|^4|^5"
|
||||||
|
},
|
||||||
|
"suggest": {
|
||||||
|
"ext-libsodium": "PHP < 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security.",
|
||||||
|
"ext-sodium": "PHP >= 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security."
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"autoload": {
|
||||||
|
"files": [
|
||||||
|
"autoload.php"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"ISC"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Paragon Initiative Enterprises",
|
||||||
|
"email": "security@paragonie.com"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "Frank Denis",
|
||||||
|
"email": "jedisct1@pureftpd.org"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "Pure PHP implementation of libsodium; uses the PHP extension if it exists",
|
||||||
|
"keywords": [
|
||||||
|
"Authentication",
|
||||||
|
"BLAKE2b",
|
||||||
|
"ChaCha20",
|
||||||
|
"ChaCha20-Poly1305",
|
||||||
|
"Chapoly",
|
||||||
|
"Curve25519",
|
||||||
|
"Ed25519",
|
||||||
|
"EdDSA",
|
||||||
|
"Edwards-curve Digital Signature Algorithm",
|
||||||
|
"Elliptic Curve Diffie-Hellman",
|
||||||
|
"Poly1305",
|
||||||
|
"Pure-PHP cryptography",
|
||||||
|
"RFC 7748",
|
||||||
|
"RFC 8032",
|
||||||
|
"Salpoly",
|
||||||
|
"Salsa20",
|
||||||
|
"X25519",
|
||||||
|
"XChaCha20-Poly1305",
|
||||||
|
"XSalsa20-Poly1305",
|
||||||
|
"Xchacha20",
|
||||||
|
"Xsalsa20",
|
||||||
|
"aead",
|
||||||
|
"cryptography",
|
||||||
|
"ecdh",
|
||||||
|
"elliptic curve",
|
||||||
|
"elliptic curve cryptography",
|
||||||
|
"encryption",
|
||||||
|
"libsodium",
|
||||||
|
"php",
|
||||||
|
"public-key cryptography",
|
||||||
|
"secret-key cryptography",
|
||||||
|
"side-channel resistant"
|
||||||
|
],
|
||||||
|
"time": "2018-02-15T05:50:20+00:00"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "pear/console_getopt",
|
"name": "pear/console_getopt",
|
||||||
"version": "v1.4.1",
|
"version": "v1.4.1",
|
||||||
|
@ -1260,6 +1693,190 @@
|
||||||
"homepage": "http://pear.php.net/package/Text_LanguageDetect",
|
"homepage": "http://pear.php.net/package/Text_LanguageDetect",
|
||||||
"time": "2017-03-02T16:14:08+00:00"
|
"time": "2017-03-02T16:14:08+00:00"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "psr/cache",
|
||||||
|
"version": "1.0.1",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/php-fig/cache.git",
|
||||||
|
"reference": "d11b50ad223250cf17b86e38383413f5a6764bf8"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/php-fig/cache/zipball/d11b50ad223250cf17b86e38383413f5a6764bf8",
|
||||||
|
"reference": "d11b50ad223250cf17b86e38383413f5a6764bf8",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"php": ">=5.3.0"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"extra": {
|
||||||
|
"branch-alias": {
|
||||||
|
"dev-master": "1.0.x-dev"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"Psr\\Cache\\": "src/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "PHP-FIG",
|
||||||
|
"homepage": "http://www.php-fig.org/"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "Common interface for caching libraries",
|
||||||
|
"keywords": [
|
||||||
|
"cache",
|
||||||
|
"psr",
|
||||||
|
"psr-6"
|
||||||
|
],
|
||||||
|
"time": "2016-08-06T20:24:11+00:00"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "psr/http-message",
|
||||||
|
"version": "1.0.1",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/php-fig/http-message.git",
|
||||||
|
"reference": "f6561bf28d520154e4b0ec72be95418abe6d9363"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/php-fig/http-message/zipball/f6561bf28d520154e4b0ec72be95418abe6d9363",
|
||||||
|
"reference": "f6561bf28d520154e4b0ec72be95418abe6d9363",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"php": ">=5.3.0"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"extra": {
|
||||||
|
"branch-alias": {
|
||||||
|
"dev-master": "1.0.x-dev"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"Psr\\Http\\Message\\": "src/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "PHP-FIG",
|
||||||
|
"homepage": "http://www.php-fig.org/"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "Common interface for HTTP messages",
|
||||||
|
"homepage": "https://github.com/php-fig/http-message",
|
||||||
|
"keywords": [
|
||||||
|
"http",
|
||||||
|
"http-message",
|
||||||
|
"psr",
|
||||||
|
"psr-7",
|
||||||
|
"request",
|
||||||
|
"response"
|
||||||
|
],
|
||||||
|
"time": "2016-08-06T14:39:51+00:00"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "rapidwebltd/rw-file-cache",
|
||||||
|
"version": "v1.2.5",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/rapidwebltd/RW-File-Cache.git",
|
||||||
|
"reference": "4a1d5aaefa6ffafec8e2d60787f12bcd9890977e"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/rapidwebltd/RW-File-Cache/zipball/4a1d5aaefa6ffafec8e2d60787f12bcd9890977e",
|
||||||
|
"reference": "4a1d5aaefa6ffafec8e2d60787f12bcd9890977e",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"php": ">=5.2.1"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"phpunit/phpunit": "^5.7"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"extra": {
|
||||||
|
"branch-alias": {
|
||||||
|
"dev-master": "1.0-dev"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"rapidweb\\RWFileCache\\": "src/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"LGPL-3.0-only"
|
||||||
|
],
|
||||||
|
"description": "RW File Cache is a PHP File-based Caching Library. Its syntax is designed to closely resemble the PHP memcache extension.",
|
||||||
|
"homepage": "https://github.com/rapidwebltd/RW-File-Cache",
|
||||||
|
"keywords": [
|
||||||
|
"cache",
|
||||||
|
"caching",
|
||||||
|
"caching library",
|
||||||
|
"file cache",
|
||||||
|
"library",
|
||||||
|
"php"
|
||||||
|
],
|
||||||
|
"time": "2018-01-23T17:20:58+00:00"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "rapidwebltd/rw-file-cache-psr-6",
|
||||||
|
"version": "v1.0.0",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/rapidwebltd/RW-File-Cache-PSR-6.git",
|
||||||
|
"reference": "b74ea201d4c964f0e6db0fb036d1ab28a570df66"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/rapidwebltd/RW-File-Cache-PSR-6/zipball/b74ea201d4c964f0e6db0fb036d1ab28a570df66",
|
||||||
|
"reference": "b74ea201d4c964f0e6db0fb036d1ab28a570df66",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"psr/cache": "^1.0",
|
||||||
|
"rapidwebltd/rw-file-cache": "^1.2.3"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"cache/integration-tests": "^0.16.0",
|
||||||
|
"phpunit/phpunit": "^5.7"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"rapidweb\\RWFileCachePSR6\\": "src/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"LGPL-3.0-only"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Jordan Hall",
|
||||||
|
"email": "jordan.hall@rapidweb.biz"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "PSR-6 adapter for RW File Cache",
|
||||||
|
"time": "2018-01-30T19:13:45+00:00"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "smarty/smarty",
|
"name": "smarty/smarty",
|
||||||
"version": "v3.1.31",
|
"version": "v3.1.31",
|
||||||
|
|
|
@ -41,6 +41,7 @@ Example: To set the automatic database cleanup process add this line to your .ht
|
||||||
* **diaspora_test** (Boolean) - For development only. Disables the message transfer.
|
* **diaspora_test** (Boolean) - For development only. Disables the message transfer.
|
||||||
* **disable_email_validation** (Boolean) - Disables the check if a mail address is in a valid format and can be resolved via DNS.
|
* **disable_email_validation** (Boolean) - Disables the check if a mail address is in a valid format and can be resolved via DNS.
|
||||||
* **disable_url_validation** (Boolean) - Disables the DNS lookup of an URL.
|
* **disable_url_validation** (Boolean) - Disables the DNS lookup of an URL.
|
||||||
|
* **disable_password_exposed** (Boolean) - Disable the exposition check against the remote haveibeenpwned API on password change. Default value is false.
|
||||||
* **dlogfile - location of the developer log file
|
* **dlogfile - location of the developer log file
|
||||||
* **dlogip - restricts develop log writes to requests originating from this IP address
|
* **dlogip - restricts develop log writes to requests originating from this IP address
|
||||||
* **frontend_worker_timeout** - Value in minutes after we think that a frontend task was killed by the webserver. Default value is 10.
|
* **frontend_worker_timeout** - Value in minutes after we think that a frontend task was killed by the webserver. Default value is 10.
|
||||||
|
|
|
@ -388,13 +388,18 @@ function settings_post(App $a)
|
||||||
if (!x($newpass) || !x($confirm)) {
|
if (!x($newpass) || !x($confirm)) {
|
||||||
notice(L10n::t('Empty passwords are not allowed. Password unchanged.') . EOL);
|
notice(L10n::t('Empty passwords are not allowed. Password unchanged.') . EOL);
|
||||||
$err = true;
|
$err = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// check if the old password was supplied correctly before changing it to the new value
|
if (!Config::get('system', 'disable_password_exposed', false) && User::isPasswordExposed($newpass)) {
|
||||||
if (!User::authenticate(intval(local_user()), $_POST['opassword'])) {
|
notice(L10n::t('The new password has been exposed in a public data dump, please choose another.') . EOL);
|
||||||
notice(L10n::t('Wrong password.') . EOL);
|
$err = true;
|
||||||
$err = true;
|
}
|
||||||
}
|
|
||||||
|
// check if the old password was supplied correctly before changing it to the new value
|
||||||
|
if (!User::authenticate(intval(local_user()), $_POST['opassword'])) {
|
||||||
|
notice(L10n::t('Wrong password.') . EOL);
|
||||||
|
$err = true;
|
||||||
|
}
|
||||||
|
|
||||||
if (!$err) {
|
if (!$err) {
|
||||||
$result = User::updatePassword(local_user(), $newpass);
|
$result = User::updatePassword(local_user(), $newpass);
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
*/
|
*/
|
||||||
namespace Friendica\Model;
|
namespace Friendica\Model;
|
||||||
|
|
||||||
|
use DivineOmega\PasswordExposed\PasswordStatus;
|
||||||
use Friendica\Core\Addon;
|
use Friendica\Core\Addon;
|
||||||
use Friendica\Core\Config;
|
use Friendica\Core\Config;
|
||||||
use Friendica\Core\L10n;
|
use Friendica\Core\L10n;
|
||||||
|
@ -22,6 +23,7 @@ use Friendica\Util\Network;
|
||||||
use dba;
|
use dba;
|
||||||
use Exception;
|
use Exception;
|
||||||
use LightOpenID;
|
use LightOpenID;
|
||||||
|
use function password_exposed;
|
||||||
|
|
||||||
require_once 'boot.php';
|
require_once 'boot.php';
|
||||||
require_once 'include/dba.php';
|
require_once 'include/dba.php';
|
||||||
|
@ -101,7 +103,7 @@ class User
|
||||||
* @param string $password
|
* @param string $password
|
||||||
* @return int|boolean
|
* @return int|boolean
|
||||||
* @deprecated since version 3.6
|
* @deprecated since version 3.6
|
||||||
* @see Friendica\Model\User::getIdFromPasswordAuthentication()
|
* @see User::getIdFromPasswordAuthentication()
|
||||||
*/
|
*/
|
||||||
public static function authenticate($user_info, $password)
|
public static function authenticate($user_info, $password)
|
||||||
{
|
{
|
||||||
|
@ -216,6 +218,17 @@ class User
|
||||||
return autoname(6) . mt_rand(100, 9999);
|
return autoname(6) . mt_rand(100, 9999);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks if the provided plaintext password has been exposed or not
|
||||||
|
*
|
||||||
|
* @param string $password
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public static function isPasswordExposed($password)
|
||||||
|
{
|
||||||
|
return password_exposed($password) === PasswordStatus::EXPOSED;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Legacy hashing function, kept for password migration purposes
|
* Legacy hashing function, kept for password migration purposes
|
||||||
*
|
*
|
||||||
|
|
Loading…
Reference in a new issue