Master

index.php

@@ -149,14 +149,35 @@
 //
 $_CONFIG['require_login'] = false;
 
+// Whether store the passwords as sha256-hashes or not.
+// It's bad practice to store passwords in plain text.
+// If set to true, you shuld add the passwords-hashes instead of the passwords,
+// in 'users' below.
+//$_CONFIG['hash_psw'] = false;
+//$_CONFIG['hash_psw'] = true;
+
+// Default: $_CONFIG['hash_psw'] = false;
+
+$_CONFIG['hash_psw'] = false;
+
 //
 // Usernames and passwords for restricting access to the page.
 // The format is: array(username, password, status)
+
 // Status can be either "user" or "admin". User can read the page, admin can upload and delete.
 // For example: $_CONFIG['users'] = array(array("username1", "password1", "user"), array("username2", "password2", "admin"));
 // You can also keep require_login=false and specify an admin.
 // That way everyone can see the page but username and password are needed for uploading.
-// For example: $_CONFIG['users'] = array(array("username", "password", "admin"));
+// For example: $_CONFIG['users'] = array(array("username", "sha256 of password", "admin"));
+
+// It's bad practice to store passwords in plain text.
+// You'd better use sha256-hashes for example:
+//$_CONFIG['users'] = array(array("admin", "secret", "admin"), 
+//		array("test", "password", "user")); // may be replaced by:
+//$_CONFIG['users'] = array(array("admin", "2bb80d537b1da3e38bd30361aa855686bde0eacd7162fef6a25fe97bf527a25b", "admin"), 
+//		array("test", "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8", "user"));
+// N.B. set hash_psw = true above
+
 // Default: $_CONFIG['users'] = array();
 //
 $_CONFIG['users'] = array();
@@ -860,22 +881,35 @@
 $_TRANSLATIONS["sv"] = array(
 	"file_name" => "Filnamn",
 	"size" => "Storlek",
-	"last_changed" => "Senast andrad",
+	"last_changed" => "Senast ändrad",
 	"total_used_space" => "Totalt upptaget utrymme",
 	"free_space" => "Ledigt utrymme",
-	"password" => "Losenord",
+	"password" => "Lösenord",
 	"upload" => "Ladda upp",
 	"failed_upload" => "Fel vid uppladdning av fil!",
 	"failed_move" => "Fel vid flytt av fil till mapp!",
-	"wrong_password" => "Fel losenord",
+	"wrong_password" => "Fel lösenord",
 	"make_directory" => "Ny mapp",
 	"new_dir_failed" => "Fel vid skapande av mapp",
-	"chmod_dir_failed" => "Fel vid andring av mappens egenskaper",
+	"chmod_dir_failed" => "Fel vid ändring av mappens egenskaper",
 	"unable_to_read_dir" => "Kan inte lasa den filen",
 	"location" => "Plats",
-	"root" => "Hem"
+	"root" => "Hem",
+	"log_file_permission_error" => "Scriptet har inte behörighet att skriva till loggfilen.",
+	"upload_not_allowed" => "Skriptets konfiguration tillåter inte uppladdning till denna katalog.",
+	"upload_dir_not_writable" => "Denna katalog har inte behörigheter för att skriva.",
+	"mobile_version" => "Mobilvisning",
+	"standard_version" => "Standardvisning",
+	"page_load_time" => "Sidan laddades på %.2f ms",
+	"wrong_pass" => "Fel användarnamn eller lösenord",
+	"username" => "Användarnamn",
+	"log_in" => "Logga in",
+	"upload_type_not_allowed" => "Denna filtyp är det inte tillåtet att ladda upp.",
+	"del" => "Ta bort",
+	"log_out" => "Logga ut"
 );
 
+
 // Turkish
 $_TRANSLATIONS["tr"] = array(
 	"file_name" => "Dosya Adı",
@@ -1931,23 +1965,32 @@ public static function init()
 				}
 				header( "Location: ".$addr.$param);
 			}
-			else
-				$encodeExplorer->setErrorString("wrong_pass");
+			else $encodeExplorer->setErrorString("wrong_pass");
 		}
 	}
 
 	public static function isUser($userName, $userPass)
 	{
 		foreach(EncodeExplorer::getConfig("users") as $user)
 		{
-			if($user[1] == $userPass)
+
+			if (EncodeExplorer::getConfig('hash_psw') == true)
+			{
+			$key = hash(sha256, $userPass, $raw_output = false);
+			}
+			else
+			$key = $userPass;
+
+			//if($user[1] == $userPass)
+			if($user[1] == $key)
 			{
 				if(strlen($userName) == 0 || $userName == $user[0])
 				{
 					return true;
 				}
 			}
 		}
+
 		return false;
 	}