OSDN > Find Software > newbbs > SCM > git > newbbs > Commit

newbbs
Fork

newbbs: Commit

password が少し良くなりました
運用可能なレベルでしょうか
セキュアには対応していません

--- a/Unit1.dfm

+++ b/Unit1.dfm

		@@ -82,9 +82,10 @@ object DataModule1: TDataModule1
82	82	FieldName = 'DATE'
83	83	Origin = '"DATE"'
84	84	end
85		- object FDTable2PASS: TStringField
	85	+ object FDTable2PASS: TWideStringField
86	86	FieldName = 'PASS'
87	87	Origin = 'PASS'
	88	+ FixedChar = True
88	89	Size = 40
89	90	end
90	91	end

--- a/Unit1.pas

+++ b/Unit1.pas

		@@ -40,9 +40,9 @@ type
40	40	FDTable3MENTE: TBooleanField;
41	41	FDTable3INFO: TIntegerField;
42	42	FDTable3COUNT: TIntegerField;
43		- FDTable2PASS: TStringField;
44	43	FDTable4ID: TIntegerField;
45	44	FDTable3PASSWORD: TWideStringField;
	45	+ FDTable2PASS: TWideStringField;
46	46	private
47	47	{ Private 宣言 }
48	48	public

--- a/WebModuleUnit1.dfm

+++ b/WebModuleUnit1.dfm

		@@ -1339,7 +1339,7 @@ object TWebModule1: TTWebModule1
1339	1339	' <tr><td>'
1340	1340
1341	1341	' <label><p>'#12497#12473#12527#12540#12489'</p><input name="password" type="passwo' +
1342		- 'rd" placeholder="'#21066#38500#29992'">'
	1342	+ 'rd" placeholder="'#21066#38500#29992'" value=<#pass>>'
1343	1343
1344	1344	' </label> / <input type="checkbox" name="show" value="t' +
1345	1345	'rue" <#check>><p>'#12503#12524#12499#12517#12540'</p>'

--- a/WebModuleUnit1.pas

+++ b/WebModuleUnit1.pas

		@@ -3,8 +3,7 @@ unit WebModuleUnit1;
3	3	interface
4	4
5	5	uses System.SysUtils, System.Classes, Web.HTTPApp, Web.DSProd, Web.HTTPProd,
6		- Web.DBWeb, System.Variants, System.NetEncoding, System.RegularExpressions,
7		- IdHashSHA, IdGlobal;
	6	+ Web.DBWeb, System.Variants, System.NetEncoding, System.RegularExpressions;
8	7
9	8	type
10	9	TTWebModule1 = class(TWebModule)

		@@ -106,7 +105,7 @@ implementation
106	105
107	106	{ %CLASSGROUP 'Vcl.Controls.TControl' }
108	107
109		-uses Unit1;
	108	+uses Unit1, IdHashSHA, IdGlobal, IdHash, IdHashMessageDigest;
110	109
111	110	{$R *.dfm}
112	111

		@@ -203,17 +202,15 @@ begin
203	202	end;
204	203
205	204	function TTWebModule1.hash(str: string): string;
206		-var
207		- s: TIdHashSHA512;
208	205	begin
209		- s := TIdHashSHA512.Create;
210		- try
211		- result := s.HashStringAsHex(str, IndyTextEncoding_UTF8);
212		- finally;
213		- s.Free;
	206	+ with TIdHashSHA1.Create do
	207	+ begin
	208	+ try
	209	+ result := HashStringAsHex(str);
	210	+ finally
	211	+ Free;
	212	+ end;
214	213	end;
215		- if result = '' then
216		- result := 'admin';
217	214	end;
218	215
219	216	procedure TTWebModule1.headerHTMLTag(Sender: TObject; Tag: TTag;

		@@ -232,7 +229,9 @@ begin
232	229	else if TagString = 'preview' then
233	230	ReplaceText := Request.ContentFields.Values['preview']
234	231	else if TagString = 'raw' then
235		- ReplaceText := Request.ContentFields.Values['raw'];
	232	+ ReplaceText := Request.ContentFields.Values['raw']
	233	+ else if TagString = 'pass' then
	234	+ ReplaceText := Request.ContentFields.Values['password'];
236	235	end;
237	236
238	237	procedure TTWebModule1.indexHTMLTag(Sender: TObject; Tag: TTag;

		@@ -572,16 +571,25 @@ end;
572	571
573	572	procedure TTWebModule1.TWebModule1adminsetAction(Sender: TObject;
574	573	Request: TWebRequest; Response: TWebResponse; var Handled: Boolean);
	574	+var
	575	+ s: string;
575	576	begin
	577	+ s := hash(Request.ContentFields.Values['pass']);
576	578	with DataModule1.FDTable3 do
577	579	begin
578	580	Edit;
579	581	FieldByName('mente').AsBoolean := Request.ContentFields.Values
580	582	['mente'] = 'on';
581		- FieldByName('password').AsString :=
582		- hash(Request.ContentFields.Values['pass']);
	583	+ FieldByName('password').AsString := s;
583	584	Post;
584	585	end;
	586	+ with Response.Cookies.Add do
	587	+ begin
	588	+ Name := 'user';
	589	+ Value := s;
	590	+ Expires := Now + 14;
	591	+ end;
	592	+ Request.CookieFields.Values['user'] := s;
585	593	TWebModule1adminAction(nil, Request, Response, Handled);
586	594	end;
587	595