alibaba / phpwind Goto Github PK

View Code? Open in Web Editor NEW

106.0 12.0 45.0 9.44 MB

Rediscover the community.

License: Other

ApacheConf 0.01% HTML 17.03% PHP 58.37% CSS 5.22% JavaScript 14.03% ActionScript 5.35%

phpwind's Introduction

phpwind

安装步骤

解压下载的安装包;
上传upload文件夹中的文件到对应网站根目录;
执行安装文件：您的域名/install.php

bug提交

http://www.phpwind.net/thread-htm-fid-54.html

发展建议

http://www.phpwind.net/thread-htm-fid-39.html

关于移动版

http://www.phpwind.net/read/3418959

常见错误

pdo_mysql未安装

解决方法：修改本地php.ini配置，以Win下的php为例，找到;extension=php_pdo_mysql.dll ;extension=php_pdo.dll 去除前面的分号“;”。重启apache或php-fpm服务即可。

phpwind's People

Contributors

Stargazers

Watchers

Forkers

cloudxtreme tempbottle icloudkit lxllinux chendong0444 smartfire zjsxwc qistang xty88645 xiaolin2843 fork-from-others hu19891110 boonya-alibaba itbirds guoyu07 doswhy ccsgao gechong 542774114 snzmnrdn aihua madhawa meisen2008 awayqu webzuolink literaryprogrammer riasl ttys3 92admin shaoqi input01 ajunlonglive nftstudio a1198457636 charygao puwei0000 hudul youwopro hamzone eminlin mychenliang gityuncode arthur4ires gholamgerami ren-maomao

phpwind's Issues

English translation

So i'm freely to do a english supported version of this site, if the main devs accepts it.

If so i will fix a official site for the english copy and would like to have some who knows this language to join up so they can help with translation :)

I saw that phpwind is opensource and free now so i wonder if any english version will be available? if not maybe you guys should consider on making one? since then alot more people that does not understand standard language will be able to use phpwind as one of their choice of free forum software :)

高版本PHP环境运行到/install.php?a=data无法运行

src/windid/service/base/WindidUtility.php 93行
if (!isset($exts[$imageInfo[2]])) continue; 是什么意思

Insecure Password Storage Using MD5 Hash Algorithm in ThreadController.php

Summary:

I found a security vulnerability in PHPWind's source code in the file \phpwind\upload\src\applications\native\controller\ThreadController.php. The code uses the MD5 hash algorithm to store user passwords, which is considered insecure.

Vulnerability Description:

MD5 is an outdated and cryptographically insecure hashing algorithm. It is susceptible to brute-force attacks and collisions, which means attackers can easily reverse-engineer MD5 hashes to retrieve plaintext passwords.

if ($pwforum->foruminfo['password']) {//设置了版块访问密码
            if (!$this->loginUser->isExists()) {
//                $this->forwardAction('u/login/run', array('backurl' => WindUrlHelper::createUrl('bbs/cate/run', array('fid' => $fid))));
                $this->showError('该版块为加密版块您需要先登录才能访问！');
            } else if(!isset($_GET['password'])||empty($_GET['password'])){//提示输入密码
                $data = array('page_info'=>array(),'user_info'=>array('uid'=>$this->uid,'isjoin'=>$forum_isjoin,'forum_login'=>0),'forum_info'=>'','threads_list'=>array());
                $this->setOutput($data,'data');
                $this->showMessage('NATIVE:data.success');
            }elseif (Pw::getPwdCode($pwforum->foruminfo['password']) != Pw::getPwdCode(**md5($_GET['password']))**) {//密码错误
//                $this->forwardAction('bbs/forum/password', array('fid' => $fid));
                $data = array('page_info'=>array(),'user_info'=>array('uid'=>$this->uid,'isjoin'=>$forum_isjoin,'forum_login'=>1),'forum_info'=>'','threads_list'=>array());
                $this->setOutput($data,'data');
                $this->showMessage('NATIVE:data.success');
            } 
        }

Impact:

This vulnerability exposes user passwords to potential compromise and puts the security of the entire PHPWind application at risk.

Recommendation:

I recommend updating the password storage mechanism to use a more secure hashing algorithm such as bcrypt, Argon2, or at least SHA-256 with a salt. These algorithms provide better protection against brute-force and collision attacks.

Additional Information:

The issue is present in the ThreadController.php file in the source code of PHPWind.

Looking forward to your feedback.

Thank you and I'm a German traveler and lover of open source tools :)