Dotclear

Dotclear News » Archives » January 2018

2018 Jan 27

Dotclear 2.13.1

A small update that fixes two annoying bugs in the theme editor (when syntax coloration is enabled) and with the traditional Dotclear editor, in XHTML mode.

2018 Jan 13

Dotclear 2.13

Some few words:

  • PHP 5.5+ mandatory as a more secure system has been implemented for passwords stored in the database, system which needs at least this version of PHP
  • Informations displayed on dashboard, as Dotclear updates or news, are now fetch from Dotclear server in asynchronous way, so no more dashboard blocked by a ghost server!
  • A new driver for MySQL databases encoded with UTF8-mb4
  • Some bugs fixed
  • Some refinements in administrative UX

Enjoy!


Note for users and administrator:

The new encryption system for password does not require any migration procedure. This will be done only once at the very next user authentication.

Notes for developers:

The new password system implies two backward incompatibilities:

  1. The function checkPassword() (/inc/core/class.dc.auth.php) requires now a non encrypted password (usually form field contents) rather than an encrypted form.
    So you now have to use $core->auth->checkPassword($_POST['your_pwd']) rather than $core->auth->checkPassword($core->auth->crypt($_POST['your_pwd'])).

  2. The function crypt() (/inc/core/class.dc.auth.php) no more give the same results with the same parameter. If you need an "old fashion" encrypted password, you have to use cryptLegacy() function (same file).

If you need a unique UID/key, use http::browserUID(DC_MASTER_KEY.$core->auth->userID().$core->auth->cryptLegacy($core->auth->userID())) (may be refined in future).

Sites map