I've just ported blowfish.c into blowfish.php.
A lot of thanks to Bruce Schneier and Paul Kocher.
Although I know mcrypt module supports variety encryption-decryption, there are many php environment without mcrypt.
Thus, I think that this is a MUST class for CMS.
This is an advance hint...
In XOOPS >= 2.0.10JP and 2.2.x , `weight` is assigned in header.php.
(`weight` is not assigned in older XOOPS 2.0.x even with 2.0.13)
This means that you can fully controll the orders of center parts by changing their weights.
Now, I've made a theme has such a feature.
You can download from here.
http://www.peak.ne.jp/xoops/md/mydownloads/singlefile.php?cid=3&lid=57
This theme is based on matchan's "KIHON1" which was made for our book "Customizing XOOPS".
I'm appreciated if this feature is included in many themes
AUTO-LOGIN V3 is a little safer than V2.
V3 stores user's password as md5 encoded with time limitation.
If cookie is stolen by someone, he can't login after auto-login expiration.
This means that short expiration makes your site a little bit safer.
This hack is applied now.
$_COOKIE['autologin_pass'] of V3 is incompatible with V2.
Thus, you as a user enabling auto-login have to log-in manually once.
I've gotten the mumps yesterday.
High temperature and pain of cheek make me mad.
I'm sorry that I can't support at all while a week or two weeks.
This is a serious report about almost version of XOOPS.
A missing of single quotation makes a big hole.
(I shall never write the details like POC)
I think it's EMERGENCY for users using XOOPS < 2.0.10-1JP or 2.0.12.
You can fix it easily with any version of XOOPS.
- Open class/criteria.php
- go to line 342
- find the function named render()
- remove like this
/**
* Make a sql condition string
*
* @return string
**/
function render() {
if ( is_numeric($this->value) || in_array(strtoupper($this->operator), array('IN', 'NOT IN'))) {
$value = $this->value;
} else {
if ( '' === ($value = trim($this->value)) ) {
return '';
}
if ( (substr($value, 0, 1) != '`') && (substr($value, -1) != '`') ) {
$value = "'$value'";
}
}
$clause = (!empty($this->prefix) ? "{$this->prefix}." : "") . $this->column;
if ( !empty($this->function) ) {
$clause = sprintf($this->function, $clause);
}
$clause .= " {$this->operator} $value";
return $clause;
}