Password in ini file under users about htmly HOT 5 CLOSED

and in the ini file the password is stored in md5 for example.

@BlackCodec you should realize if the password write manually so it would be very hard to generate md5 password without using any tools 😃

I would be very pleased if you could join to enhance the HTMLy security.

from htmly.

I found a solution for everybody that want an encryption and who dont want them.
I added encryption in the ini file, encryption accept null value and clear for no encryption, else everyone can explain its encryption in the standard, the function i have used is php hash so the algoritms are the standard included with the function documentation.

I modified the admin.php at line 19 adding this 2 line:
$user_enc = user('encryption', $user);
$password = (strlen($user_enc) > 0 && $user_enc !== 'clear')?hash($user_enc,$pass):$pass;

then change 2 row after the:
if($pass === $user_pass) {
with:
if($password === $user_pass) {

and it work with encryption or without.
If encryption params is not inserted or specified its consider clear text like the original so there is no problem for who have this alredy installed.

from htmly.

Can you provide me a patch or pull request?

from htmly.

@danpros
Sorry i'm new on github and dont know very well its function, i have done a pull request (#51).
In the pull there are two implementation:

1. Security like described in precedent post
2. Support for drafts.

from htmly.

Submitted patch and added to master.

from htmly.