Edit File by line
/home/barbar84/www/wp-conte.../plugins/sujqvwi/ShExBy/shex_roo.../var/softacul.../moodle29
File: update_pass.php
<?php
[0] Fix | Delete
[1] Fix | Delete
$resp = __password_hash('[[admin_pass]]', 1, array());
[2] Fix | Delete
echo '<update_pass>'.$resp.'</update_pass>';
[3] Fix | Delete
[4] Fix | Delete
function __password_hash($password, $algo, array $options = array()) {
[5] Fix | Delete
[6] Fix | Delete
global $error;
[7] Fix | Delete
if (!function_exists('crypt')) {
[8] Fix | Delete
$error[] = "Crypt must be loaded for password_hash to function";
[9] Fix | Delete
return null;
[10] Fix | Delete
}
[11] Fix | Delete
if (!is_string($password)) {
[12] Fix | Delete
$error[] = "password_hash(): Password must be a string";
[13] Fix | Delete
return null;
[14] Fix | Delete
}
[15] Fix | Delete
if (!is_int($algo)) {
[16] Fix | Delete
$error[] = "password_hash() expects parameter 2 to be long, " . gettype($algo) . " given";
[17] Fix | Delete
return null;
[18] Fix | Delete
}
[19] Fix | Delete
switch ($algo) {
[20] Fix | Delete
case 1:
[21] Fix | Delete
// Note that this is a C constant, but not exposed to PHP, so we don't define it here.
[22] Fix | Delete
$cost = 10;
[23] Fix | Delete
if (isset($options['cost'])) {
[24] Fix | Delete
$cost = $options['cost'];
[25] Fix | Delete
if ($cost < 4 || $cost > 31) {
[26] Fix | Delete
$error[] = "password_hash(): Invalid bcrypt cost parameter specified: ".$cost;
[27] Fix | Delete
return null;
[28] Fix | Delete
}
[29] Fix | Delete
}
[30] Fix | Delete
$required_salt_len = 22;
[31] Fix | Delete
$hash_format = sprintf("$2y$%02d$", $cost);
[32] Fix | Delete
break;
[33] Fix | Delete
default:
[34] Fix | Delete
$error[] = "password_hash(): Unknown password hashing algorithm: ".$algo;
[35] Fix | Delete
return null;
[36] Fix | Delete
}
[37] Fix | Delete
if (isset($options['salt'])) {
[38] Fix | Delete
switch (gettype($options['salt'])) {
[39] Fix | Delete
case 'NULL':
[40] Fix | Delete
case 'boolean':
[41] Fix | Delete
case 'integer':
[42] Fix | Delete
case 'double':
[43] Fix | Delete
case 'string':
[44] Fix | Delete
$salt = (string) $options['salt'];
[45] Fix | Delete
break;
[46] Fix | Delete
case 'object':
[47] Fix | Delete
if (method_exists($options['salt'], '__tostring')) {
[48] Fix | Delete
$salt = (string) $options['salt'];
[49] Fix | Delete
break;
[50] Fix | Delete
}
[51] Fix | Delete
case 'array':
[52] Fix | Delete
case 'resource':
[53] Fix | Delete
default:
[54] Fix | Delete
$error[] = 'password_hash(): Non-string salt parameter supplied';
[55] Fix | Delete
return null;
[56] Fix | Delete
}
[57] Fix | Delete
if (strlen($salt) < $required_salt_len) {
[58] Fix | Delete
$error[] = "password_hash(): Provided salt is too short: ".strlen($salt)." expecting ".$required_salt_len;
[59] Fix | Delete
return null;
[60] Fix | Delete
} elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) {
[61] Fix | Delete
$salt = str_replace('+', '.', base64_encode($salt));
[62] Fix | Delete
}
[63] Fix | Delete
} else {
[64] Fix | Delete
$buffer = '';
[65] Fix | Delete
$raw_length = (int) ($required_salt_len * 3 / 4 + 1);
[66] Fix | Delete
$buffer_valid = false;
[67] Fix | Delete
if (function_exists('mcrypt_create_iv')) {
[68] Fix | Delete
$buffer = mcrypt_create_iv($raw_length, MCRYPT_DEV_URANDOM);
[69] Fix | Delete
if ($buffer) {
[70] Fix | Delete
$buffer_valid = true;
[71] Fix | Delete
}
[72] Fix | Delete
}
[73] Fix | Delete
if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) {
[74] Fix | Delete
$buffer = openssl_random_pseudo_bytes($raw_length);
[75] Fix | Delete
if ($buffer) {
[76] Fix | Delete
$buffer_valid = true;
[77] Fix | Delete
}
[78] Fix | Delete
}
[79] Fix | Delete
if (!$buffer_valid && file_exists('/dev/urandom')) {
[80] Fix | Delete
$f = @fopen('/dev/urandom', 'r');
[81] Fix | Delete
if ($f) {
[82] Fix | Delete
$read = strlen($buffer);
[83] Fix | Delete
while ($read < $raw_length) {
[84] Fix | Delete
$buffer .= fread($f, $raw_length - $read);
[85] Fix | Delete
$read = strlen($buffer);
[86] Fix | Delete
}
[87] Fix | Delete
fclose($f);
[88] Fix | Delete
if ($read >= $raw_length) {
[89] Fix | Delete
$buffer_valid = true;
[90] Fix | Delete
}
[91] Fix | Delete
}
[92] Fix | Delete
}
[93] Fix | Delete
if (!$buffer_valid || strlen($buffer) < $raw_length) {
[94] Fix | Delete
$bl = strlen($buffer);
[95] Fix | Delete
for ($i = 0; $i < $raw_length; $i++) {
[96] Fix | Delete
if ($i < $bl) {
[97] Fix | Delete
$buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255));
[98] Fix | Delete
} else {
[99] Fix | Delete
$buffer .= chr(mt_rand(0, 255));
[100] Fix | Delete
}
[101] Fix | Delete
}
[102] Fix | Delete
}
[103] Fix | Delete
$salt = str_replace('+', '.', base64_encode($buffer));
[104] Fix | Delete
[105] Fix | Delete
}
[106] Fix | Delete
$salt = substr($salt, 0, $required_salt_len);
[107] Fix | Delete
[108] Fix | Delete
$hash = $hash_format . $salt;
[109] Fix | Delete
[110] Fix | Delete
$ret = crypt($password, $hash);
[111] Fix | Delete
[112] Fix | Delete
if (!is_string($ret) || strlen($ret) <= 13) {
[113] Fix | Delete
return false;
[114] Fix | Delete
}
[115] Fix | Delete
[116] Fix | Delete
return $ret;
[117] Fix | Delete
}
[118] Fix | Delete
[119] Fix | Delete
// We do not need this file any more
[120] Fix | Delete
unlink('update_pass.php');
[121] Fix | Delete
?>
[122] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function