From: Harvie Date: Fri, 29 Oct 2010 20:07:39 +0000 (+0200) Subject: TODO: passwords, PATH_INFO X-Git-Url: https://git.harvie.cz/?a=commitdiff_plain;h=9f213be0e1d5e9ea05e5583d61788af5bd7ef4e6;p=mirrors%2FKyberia-bloodline.git TODO: passwords, PATH_INFO --- diff --git a/doc/TODO b/doc/TODO index 41b464c..4cb7450 100644 --- a/doc/TODO +++ b/doc/TODO @@ -2,6 +2,11 @@ - Registration process is not working (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords) + (We can use multiple hash algorithms (so we'll have backward DB compatibility): + {SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e + {SHA1}f67c52c4a27cf05c99e4f3f946d6500f045a4735 + 5b077a0ab90992d9763c5b120b22c9d7 + ) - Cron scripts are not executed (no automatic logouts, no K generation, ...) @@ -28,6 +33,8 @@ ( inc/eventz/upload_data_node.php => Shell injections in .zip handling, .jpg handling, "strange" filenames like .htacess (to allow listing of folder) +- Implement URL handling using PATH_INFO instead of mod_rewrite + - Refactor directory structure - Deprecated PHP features